0) ioctl$KVM_RUN(r0, 0xae80, 0x0) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) pipe(0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) close(r1) socket$inet(0x10, 0x0, 0x0) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) mkdir(&(0x7f0000000500)='./file1\x00', 0x0) write$binfmt_elf64(r2, &(0x7f0000000080)=ANY=[], 0xce024b8b) link(&(0x7f0000000240)='./file0\x00', &(0x7f0000000000)='./file1/file0\x00') rmdir(&(0x7f0000000140)='./file1\x00') utimes(&(0x7f00000000c0)='./file1\x00', 0x0) write$binfmt_misc(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0xfffffecc) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$KVM_NMI(r0, 0xae9a) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) 03:19:09 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000200)="6653070002053c27bc337600363925d86800278dcff47d010000805acf4f8f36460234432479aed75d492b415bcee00a06dc9d8e99adaf81dcfc6afd983f79e65199615607676f8f9fc0ebf8b0b16d6f2c59957ab364884b3c5d05692e664ebf68e6faa5", 0x64}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) socket$inet_icmp_raw(0x2, 0x3, 0x1) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) ptrace$cont(0x7, r0, 0x0, 0x0) 03:19:09 executing program 3: pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_aout(r1, &(0x7f0000000240)=ANY=[@ANYBLOB='\x00'], 0x1) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) r3 = socket$inet6(0xa, 0x3, 0x3a) setsockopt$inet6_opts(r3, 0x29, 0x36, &(0x7f0000000340)=ANY=[@ANYBLOB="ea004000000000008741c434b2e8307d0315ffceda5482427a7b209539e64169d6b720e7565e82e5b44f8ef95c9909647ed7e253afff279340ab298c7801345f241f79cc326a02efc217ad50019500cc9a7c1188ac76d800000000c3366939a939668f38b1ea16877e58c4f151f13af28dad8cf20191f300"/129], 0x8) connect$inet6(r3, &(0x7f00000000c0)={0xa, 0x0, 0x0, @mcast2, 0x4}, 0x1c) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = dup(r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) splice(r0, 0x0, r2, 0x0, 0x7fff, 0x0) 03:19:09 executing program 5: perf_event_open(&(0x7f0000000440)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) openat$vcs(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/vcs\x00', 0x440400, 0x0) ioctl$sock_netdev_private(0xffffffffffffffff, 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r0, 0xae80, 0x0) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) pipe(0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) close(r1) socket$inet(0x10, 0x0, 0x0) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) mkdir(&(0x7f0000000500)='./file1\x00', 0x0) write$binfmt_elf64(r2, &(0x7f0000000080)=ANY=[], 0xce024b8b) link(&(0x7f0000000240)='./file0\x00', &(0x7f0000000000)='./file1/file0\x00') rmdir(&(0x7f0000000140)='./file1\x00') utimes(&(0x7f00000000c0)='./file1\x00', 0x0) write$binfmt_misc(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0xfffffecc) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$KVM_NMI(r0, 0xae9a) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) 03:19:09 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x8}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) setsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x0, &(0x7f0000000300)={0x77359400}, 0x10) write(r3, &(0x7f0000000480)="b0a3cdef47f59ec515de0fcb5dfc761cf7120c4312b2054efdc0cf574f65329a05d03a24674b1d94d072b4bd702c576dc1d6e4fef97bdd899d359dadcfe32ba24fb1e152533e4df2c20324dda85d95c102000000d81d2b9bea7f9e468b3da19d62e9913b2f7cd488de25886811470818af91afd3bce1422670d6f2d054d8b16374e3617a22b1c70e7e3104b814e24e6e7b62256ae8faaae5f59f840c029418a34c", 0xffffff47) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) mkdir(&(0x7f0000002000)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0) symlink(&(0x7f00000001c0)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38//../file0/file0\x00', &(0x7f0000000340)='./file0\x00') socket$inet_tcp(0x2, 0x1, 0x0) open(&(0x7f0000000340)='./file0\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x2, 0x3}, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) truncate(&(0x7f0000000100)='./file0\x00', 0x0) unlink(&(0x7f0000000040)='./file0\x00') open(&(0x7f00000000c0)='./file0\x00', 0x3fd, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f0000000240)='nl80211\x00') 03:19:10 executing program 5: perf_event_open(&(0x7f0000000440)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) openat$vcs(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/vcs\x00', 0x440400, 0x0) ioctl$sock_netdev_private(0xffffffffffffffff, 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r0, 0xae80, 0x0) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) pipe(0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) close(r1) socket$inet(0x10, 0x0, 0x0) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) mkdir(&(0x7f0000000500)='./file1\x00', 0x0) write$binfmt_elf64(r2, &(0x7f0000000080)=ANY=[], 0xce024b8b) link(&(0x7f0000000240)='./file0\x00', &(0x7f0000000000)='./file1/file0\x00') rmdir(&(0x7f0000000140)='./file1\x00') utimes(&(0x7f00000000c0)='./file1\x00', 0x0) write$binfmt_misc(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0xfffffecc) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$KVM_NMI(r0, 0xae9a) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) [ 390.284939][ T820] attempt to access beyond end of device [ 390.290911][ T820] loop1: rw=1, want=3901, limit=63 [ 390.301895][ T820] attempt to access beyond end of device [ 390.307917][ T820] loop1: rw=1, want=5949, limit=63 [ 390.320047][ T820] attempt to access beyond end of device [ 390.326956][ T820] loop1: rw=1, want=8957, limit=63 [ 390.349524][ T820] attempt to access beyond end of device [ 390.355270][ T820] loop1: rw=1, want=12965, limit=63 [ 390.380160][ T820] attempt to access beyond end of device [ 390.385879][ T820] loop1: rw=1, want=20349, limit=63 [ 390.405409][ T820] attempt to access beyond end of device [ 390.411107][ T820] loop1: rw=1, want=24893, limit=63 [ 390.425602][ T820] attempt to access beyond end of device [ 390.431297][ T820] loop1: rw=1, want=28661, limit=63 [ 390.445628][ T820] attempt to access beyond end of device [ 390.451393][ T820] loop1: rw=1, want=33117, limit=63 [ 390.472788][ T820] attempt to access beyond end of device [ 390.478504][ T820] loop1: rw=1, want=41805, limit=63 03:19:12 executing program 2: signalfd4(0xffffffffffffffff, &(0x7f0000006000), 0x8, 0x0) r0 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, 0xffffffffffffffff, &(0x7f000001bff4)) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x3c) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r1, 0x0, 0x0) 03:19:12 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='sched\x00') preadv(r0, &(0x7f0000000380)=[{&(0x7f0000000240)=""/123, 0xfffffe65}], 0x1, 0x1000000) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0)='IPVS\x00') sendmsg$IPVS_CMD_FLUSH(r0, &(0x7f0000000500)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="00012bbd7000fcdbdf25114000ff06000f000400000008000900000001000800030004000000"], 0x38}, 0x1, 0x0, 0x0, 0x4000000}, 0x1) r2 = getpid() sched_setattr(r2, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) socket$inet6(0xa, 0x2, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x7e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r5 = open(&(0x7f0000000240)='./file0\x00', 0x880, 0x0) fchdir(r5) r6 = creat(&(0x7f0000000680)='./bus\x00', 0x0) ftruncate(r6, 0x800) lseek(r6, 0x0, 0x2) r7 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0) sendfile(r6, r7, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0x0) sendmsg$NL80211_CMD_START_SCHED_SCAN(0xffffffffffffffff, &(0x7f0000000440)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000400)={&(0x7f00000006c0)=ANY=[@ANYBLOB="6000000056f3257a4fcfe2f523d172e7d3ccf9f026b82608f14536009793803f9262155f95eda2f906e1adf01794d1dc50d9f94fa2755eb6a78e734497b5d45d20299029657b342cf5048b8df517b8262e43802b6f4fd08e4831281e6744113689ba928193e3524a7b5bb966519233661752defd54145cabdab0049aba08ea9b814907008c1d269b2644bfdc4b8dc013fb936339f53e", @ANYRES16=0x0, @ANYBLOB="007bb5bd7000ffdbdf254b0000000400ec000a000600bbbbbbbbbbbb00000800d20000000700000000eeaaa100000000006a00000008000000000000000800000001000000080000000800000008000000fa02038ea700000103e31f08a3aa2bc5ddfe963acf2808c9a935574177c8d8dc9a540181df1ed1e696607eb8de4875eb"], 0x60}, 0x1, 0x0, 0x0, 0x4080}, 0xa0) 03:19:12 executing program 5: perf_event_open(&(0x7f0000000440)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) openat$vcs(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/vcs\x00', 0x440400, 0x0) ioctl$sock_netdev_private(0xffffffffffffffff, 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r0, 0xae80, 0x0) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) pipe(0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) close(r1) write(0xffffffffffffffff, 0x0, 0x0) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) mkdir(&(0x7f0000000500)='./file1\x00', 0x0) write$binfmt_elf64(r2, &(0x7f0000000080)=ANY=[], 0xce024b8b) link(&(0x7f0000000240)='./file0\x00', &(0x7f0000000000)='./file1/file0\x00') rmdir(&(0x7f0000000140)='./file1\x00') utimes(&(0x7f00000000c0)='./file1\x00', 0x0) write$binfmt_misc(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0xfffffecc) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$KVM_NMI(r0, 0xae9a) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) 03:19:12 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x8}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) setsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x0, &(0x7f0000000300)={0x77359400}, 0x10) write(r3, &(0x7f0000000480)="b0a3cdef47f59ec515de0fcb5dfc761cf7120c4312b2054efdc0cf574f65329a05d03a24674b1d94d072b4bd702c576dc1d6e4fef97bdd899d359dadcfe32ba24fb1e152533e4df2c20324dda85d95c102000000d81d2b9bea7f9e468b3da19d62e9913b2f7cd488de25886811470818af91afd3bce1422670d6f2d054d8b16374e3617a22b1c70e7e3104b814e24e6e7b62256ae8faaae5f59f840c029418a34c", 0xffffff47) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) mkdir(&(0x7f0000002000)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0) symlink(&(0x7f00000001c0)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38//../file0/file0\x00', &(0x7f0000000340)='./file0\x00') socket$inet_tcp(0x2, 0x1, 0x0) open(&(0x7f0000000340)='./file0\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x2, 0x3}, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) truncate(&(0x7f0000000100)='./file0\x00', 0x0) unlink(&(0x7f0000000040)='./file0\x00') open(&(0x7f00000000c0)='./file0\x00', 0x3fd, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f0000000240)='nl80211\x00') 03:19:12 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x8}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) setsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x0, &(0x7f0000000300)={0x77359400}, 0x10) write(r3, &(0x7f0000000480)="b0a3cdef47f59ec515de0fcb5dfc761cf7120c4312b2054efdc0cf574f65329a05d03a24674b1d94d072b4bd702c576dc1d6e4fef97bdd899d359dadcfe32ba24fb1e152533e4df2c20324dda85d95c102000000d81d2b9bea7f9e468b3da19d62e9913b2f7cd488de25886811470818af91afd3bce1422670d6f2d054d8b16374e3617a22b1c70e7e3104b814e24e6e7b62256ae8faaae5f59f840c029418a34c", 0xffffff47) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) mkdir(&(0x7f0000002000)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0) symlink(&(0x7f00000001c0)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38//../file0/file0\x00', &(0x7f0000000340)='./file0\x00') socket$inet_tcp(0x2, 0x1, 0x0) open(&(0x7f0000000340)='./file0\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x2, 0x3}, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) truncate(&(0x7f0000000100)='./file0\x00', 0x0) unlink(&(0x7f0000000040)='./file0\x00') open(&(0x7f00000000c0)='./file0\x00', 0x3fd, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f0000000240)='nl80211\x00') [ 392.121388][ T27] audit: type=1804 audit(1583119152.121:127): pid=11095 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir486746795/syzkaller.S4NoXv/53/file0/bus" dev="loop1" ino=73 res=1 [ 392.392012][ T27] audit: type=1804 audit(1583119152.191:128): pid=11101 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir486746795/syzkaller.S4NoXv/53/file0/bus" dev="loop1" ino=73 res=1 03:19:12 executing program 5: perf_event_open(&(0x7f0000000440)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) openat$vcs(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/vcs\x00', 0x440400, 0x0) ioctl$sock_netdev_private(0xffffffffffffffff, 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r0, 0xae80, 0x0) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) pipe(0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) close(r1) write(0xffffffffffffffff, 0x0, 0x0) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) mkdir(&(0x7f0000000500)='./file1\x00', 0x0) write$binfmt_elf64(r2, &(0x7f0000000080)=ANY=[], 0xce024b8b) link(&(0x7f0000000240)='./file0\x00', &(0x7f0000000000)='./file1/file0\x00') rmdir(&(0x7f0000000140)='./file1\x00') utimes(&(0x7f00000000c0)='./file1\x00', 0x0) write$binfmt_misc(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0xfffffecc) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$KVM_NMI(r0, 0xae9a) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) 03:19:12 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000200)="6653070002053c27bc337600363925d86800278dcff47d010000805acf4f8f36460234432479aed75d492b415bcee00a06dc9d8e99adaf81dcfc6afd983f79e65199615607676f8f9fc0ebf8b0b16d6f2c59957ab364884b3c5d05692e664ebf68e6faa5", 0x64}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) socket$inet_icmp_raw(0x2, 0x3, 0x1) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) ptrace$cont(0x7, r0, 0x0, 0x0) 03:19:12 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='sched\x00') preadv(r0, &(0x7f0000000380)=[{&(0x7f0000000240)=""/123, 0xfffffe65}], 0x1, 0x1000000) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0)='IPVS\x00') sendmsg$IPVS_CMD_FLUSH(r0, &(0x7f0000000500)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="00012bbd7000fcdbdf25114000ff06000f000400000008000900000001000800030004000000"], 0x38}, 0x1, 0x0, 0x0, 0x4000000}, 0x1) r2 = getpid() sched_setattr(r2, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) socket$inet6(0xa, 0x2, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x7e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r5 = open(&(0x7f0000000240)='./file0\x00', 0x880, 0x0) fchdir(r5) r6 = creat(&(0x7f0000000680)='./bus\x00', 0x0) ftruncate(r6, 0x800) lseek(r6, 0x0, 0x2) r7 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0) sendfile(r6, r7, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0x0) sendmsg$NL80211_CMD_START_SCHED_SCAN(0xffffffffffffffff, &(0x7f0000000440)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000400)={&(0x7f00000006c0)=ANY=[@ANYBLOB="6000000056f3257a4fcfe2f523d172e7d3ccf9f026b82608f14536009793803f9262155f95eda2f906e1adf01794d1dc50d9f94fa2755eb6a78e734497b5d45d20299029657b342cf5048b8df517b8262e43802b6f4fd08e4831281e6744113689ba928193e3524a7b5bb966519233661752defd54145cabdab0049aba08ea9b814907008c1d269b2644bfdc4b8dc013fb936339f53e", @ANYRES16=0x0, @ANYBLOB="007bb5bd7000ffdbdf254b0000000400ec000a000600bbbbbbbbbbbb00000800d20000000700000000eeaaa100000000006a00000008000000000000000800000001000000080000000800000008000000fa02038ea700000103e31f08a3aa2bc5ddfe963acf2808c9a935574177c8d8dc9a540181df1ed1e696607eb8de4875eb"], 0x60}, 0x1, 0x0, 0x0, 0x4080}, 0xa0) 03:19:12 executing program 4: mknod$loop(&(0x7f0000000040)='./file0\x00', 0x6000, 0x0) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f0000000280)=ANY=[@ANYBLOB='./file0'], &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='ext4\x00', 0x0, 0x0) 03:19:12 executing program 5: perf_event_open(&(0x7f0000000440)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) openat$vcs(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/vcs\x00', 0x440400, 0x0) ioctl$sock_netdev_private(0xffffffffffffffff, 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r0, 0xae80, 0x0) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) pipe(0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) close(r1) write(0xffffffffffffffff, 0x0, 0x0) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) mkdir(&(0x7f0000000500)='./file1\x00', 0x0) write$binfmt_elf64(r2, &(0x7f0000000080)=ANY=[], 0xce024b8b) link(&(0x7f0000000240)='./file0\x00', &(0x7f0000000000)='./file1/file0\x00') rmdir(&(0x7f0000000140)='./file1\x00') utimes(&(0x7f00000000c0)='./file1\x00', 0x0) write$binfmt_misc(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0xfffffecc) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$KVM_NMI(r0, 0xae9a) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) 03:19:12 executing program 3: perf_event_open(&(0x7f0000000200)={0x2, 0xc4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fffffff, 0x834c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1001, 0x0, @perf_config_ext={0x10000, 0xfffffffffffffff8}, 0x0, 0x1, 0xfffffffc, 0x9, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x5, 0xffffffffffffffff, 0x2) socket(0x2000000000000010, 0x1000040000000003, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000640)) write$binfmt_elf64(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0xffdbc4c3) ioctl$MON_IOCT_RING_SIZE(0xffffffffffffffff, 0x9204, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x6}, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) pipe(&(0x7f0000000180)={0xffffffffffffffff}) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000200)="99245b2e6972731d959a35fdda251e35ceb8ee43918959f7dd7b24d017bea99bcdbbb8a6b67464cb73e2a641e8ca5f85c082b2f3692082a4a4ef49fe789ca3ca92403dc6143c", 0x46}], 0x1, 0x0) syz_open_dev$vcsn(0x0, 0x3, 0x0) syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3) dup(0xffffffffffffffff) r4 = dup(0xffffffffffffffff) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$DRM_IOCTL_RES_CTX(0xffffffffffffffff, 0xc0106426, &(0x7f0000000180)={0x3, &(0x7f0000000100)=[{0x0}, {}, {}]}) ioctl$DRM_IOCTL_GET_SAREA_CTX(0xffffffffffffffff, 0xc010641d, &(0x7f00000002c0)={r6, &(0x7f0000000240)=""/47}) ioctl$DRM_IOCTL_UNLOCK(r5, 0x4008642b, &(0x7f0000000180)={r6, 0x18}) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) pipe(&(0x7f0000000380)={0xffffffffffffffff}) ioctl$DRM_IOCTL_RES_CTX(0xffffffffffffffff, 0xc0106426, &(0x7f0000000180)={0x3, &(0x7f0000000100)=[{0x0}, {}, {}]}) ioctl$DRM_IOCTL_GET_SAREA_CTX(r8, 0xc010641d, &(0x7f00000002c0)={r9, &(0x7f0000000240)=""/47}) ioctl$DRM_IOCTL_UNLOCK(r7, 0x4008642b, &(0x7f0000000180)={r9, 0x18}) ioctl$PERF_EVENT_IOC_SET_FILTER(r7, 0x8b19, &(0x7f0000000980)='wlan1\x00\x0e\xd3UM\xe1\x04\xbeK\x19\xec\x02\x00\x03\x00\x00\xff\x00\x00\x00\x02\x01\xe5\xe8\",\x91\x91l\x9f\x19\x9e\x02\x00?\x00\xff\x8d\x00\x00\xf6\x00\xd4\xf2\xe7\xf9\x01\x06\x8c\xe2K\x04\xd9\xfd\xbd\x00\x1d})\xa0\xb1\xd2\xe4\x00\x00\x00\x00\x00\xa4]\xbb\x10F\xe4\xa8\xa8\x00\x00\x00\x00\xdfA\x83\xcdx\x90\x9a\x82\xc0)(4\xdf\bL\x7f\xff\xff\xffs\x18Z\xcc\x026\xf4\xb0\x9b@:HX\xe9\xe3\xe8\x05\xda\xce\xed\xa5\xb8<\x9d\x12\x19Z\xb3@o\xc7\xce\xec\x02:I\xf6\xcam\xbc (\x02z\x8eni)\xb5i\x0f\xc7\v\x9cz\xfa\x88\x87\xa2\xa8\xd9\x95:E\xfeO\xe7\xf8EX\xe3\xbcf\x02\x98P\x1a\x1f\x16\xb9\b\xa2\xb0\xb1\xc4vCh\x01\x00\xd7G0\x86C5\x9d\x17\xd1\x96g\x8d\xf4\x06i\xde<\xf3\xd9\x93M/\x1eQ\xba\xe7\x03\x9c\x9a\x1a\xde\b\xcaot\xeeKr\xb3\"\xa9\xef\xa2\xd8\x03_\xee=[o\xaa`\x93d\xff9\xfa\r\xbe\x16\xef\xf0\xfeThQ\xb8\xe8\xba7\xd0\xab.\x13L8V\x1d\xa0\x02y\xe4\x00\x8b\xcd\x1b\xe8#\xb4\xea@\x1b\xd0y\x02iE\xb30\xe8\xdb\xb1\xdb/e\xb3X\xe4Tr\xb4w\xba\xa9\xfe\x0f\xdcFc\xd0\x9f\x82\x9d\xae\x9cyQOT\xdc\x86\x82Q\xe0\xab\xc1w\x03;-^(\x02=\xf39#\x9a\xcd\xe0\xd8q\x9a\xcd\xdeAF,\x04\"\x84)O\x97\xf7\xfb\xa2N>\xcb\x9d\xc0\x810\x12\xcc@\x89\xf8F\x82\x88O\x03\xeb\xad\xc7\xee\x17\x1f\xaaX\xeeO\xb5\xcf\xff@\xc09[\xec>\xf1_\xfd\xeb\x1e\x83\xbb\xd7\xdb\xf8\x94\x9d\xdf\xcc\xd8F\x005\x03\x00\x00\x00\x00\x00\x00\x00\x97\x87}\x8e\x03\x8b\xbbU_\xa4\tG\xbdZWQ\xf2\x91\xcb\xbf\x06\x93N\xf61\x9ea\xc3\xfd\xca\x9e`[\xd4\xb2\xe1\xa2\xc6f\xf8\x0f\xbaDP\x91\x13H\n\xe5F*\xe8\an\xeb\x18\x80A\xfe\xc3\xb4pJ;\xaa\x84*_k\xea\x87x\xda\xe8\xf5+\x89\xdc\x19|:,\xb7b\xc9\x10\x8a\xbe\xc3\x15)\x80\xd0t`7\xed\xe4&\xe25\x98vW\xf1\xdcL=\xf7\xa9\x9b\xe6\x03W^t\'*b\x98:\x8aU\xe0\x99!E\x87@*C\x97|?\xff7\xca\xfc\xaa<\xc8L\xbf/9\x1df\x8c\xa6\x8f3\xcc@g\x80)\xf4\v\xcd\x98[Y\x04\xb6b\xff\x86\xdb\x7f\xb9\x10\xd9\x18j\x1d\x16p\xc3\x02\'\x8eY\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00_\xd8s\x1a\xc8\xf0z\xfc\xf6\xba*\xfar\xef\x98\xad\xaf\xb6r\xff\xfc\xcf\xebo\x8c\x05\x00\x00\x00\x00\x00\x00\x00\xca\x83\x88L\xf6\xa7\xf4|,\xdb\x85y\xfc\xad\xc6\xa0\x8aK\xb40\xfb\xc5\x85%\xc0\xa7\x81\xb5\xef\x9eehQ!\xe7\x0f\x96Ksx\xfc\x93\x84w\xae\xe9\x9f\xb2\v\x97n\x17\x9b,\xe5\xd8\xa4\x9c\x8f\xba\x8a_$\x95\xf1<\xe4zv\x83\xb2\xbad\x96\xeb0gl\x1f\a\x9a#D\xaa\xa6\x0e6\xf6H\xc7\x8f\xdan\xd8x\x89;\xaf\x1f\x8c\xb5wB\x97\xb6_\xcb\xd8L\x9d\xf5\xf8\xf3xvs\xc3\xf2\xf8\xe4!\xe7\x92\a6Q]r\x16\xa9O\x888\fm\xe7q\xc8\xc3\x90\xae\x8d\xc4e~\x9e\xdc\xbe\x00;\\6\xa9\"\xed\xfd\x95=Ge\xb5\xdd\xcf\xe8\x1b\f`\xf8\x83\xc5\xb0n\xa1\xfbRd\xee0\xdd\xe1\xe5\x06c\xe5\xc1!\xf5\xbb\xf21\xfd\x19&\x16\x85N\xf3\x9a\xbb\xf6\xc7\xc5\x10\xf5\xe1\x80\xa4w3Fd\xc0\xaa\x1b3\xc4\v7\xb1\xf7\x0f\x8b\xb7\xf5\xab2\xc8S\xfe\xb6\xfc\xee\xae0@\xb8e\x1a~\xd5&\v\nHm\x1cF\x83\x838_\xb1\x1d\xa63E`\xf6\x02\xac+\xbe\xb1\x12*\xfck#\x80\xd0\x84\x90\xd7^\xca\xee\x86\x8a\xa6)\x83\xf3\xb0\xa9Q\x95[\x91=') r10 = socket$inet6(0xa, 0x2, 0x0) getsockopt$sock_buf(r10, 0x1, 0x37, 0x0, &(0x7f0000000100)) r11 = socket$inet6(0xa, 0x0, 0x0) getsockopt$sock_buf(r11, 0x1, 0x37, 0x0, &(0x7f0000000100)) pipe(&(0x7f0000000380)={0xffffffffffffffff}) ioctl$DRM_IOCTL_RES_CTX(0xffffffffffffffff, 0xc0106426, &(0x7f0000000180)={0x3, &(0x7f0000000100)=[{0x0}, {}, {}]}) ioctl$DRM_IOCTL_GET_SAREA_CTX(r12, 0xc010641d, &(0x7f00000002c0)={r13, &(0x7f0000000240)=""/47}) recvmsg(r12, &(0x7f0000000740)={&(0x7f00000003c0)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @ipv4={[], [], @initdev}}}}, 0x80, &(0x7f0000000680)=[{&(0x7f0000000440)=""/245, 0xf5}, {&(0x7f0000000540)=""/251, 0xfb}, {&(0x7f0000000340)=""/36, 0x24}], 0x3, &(0x7f00000006c0)=""/94, 0x5e}, 0x40) getsockopt$sock_buf(r14, 0x1, 0x0, 0x0, 0x0) write$FUSE_DIRENT(0xffffffffffffffff, &(0x7f0000000d40)=ANY=[@ANYBLOB="2733c3037014d28ff75704506d0302000000000000f319dc891227c3294d58ca9356fc43060ea91ca33c8bffa0a822e43183c83778818f880100000400000018687cb7294413d9c3e80859ad88642f0fed26012576406fc69aac111fc134d3bda07e3ed73ea619f45e9b9381419250a95f971421783490631baabadbf92cd74d54c5e69b09b7020b73b563e822e5bf7505548efc206a0ad291310b134b1ce2edef3e69036235a7e1e12c5f3c034ad74069beeb66883551f3e405e90bf40434d51bf0e57fbe90edf384e8be507d90df4d98394070d960d52ca156fa9a2b471e23129a533395a555ad2b411dca52987828a10b2ab8d2cfb50f651ac95bd95d1f663be056088755c83f472328aff5efb4ff5d78cb3eccd6e4db9e773bcb68f791f1071de287a6f79fcff762226530ef9ec736efed75dca13f19ed457f1cabb15fc2d45f69e40a03af35c5d0591adfa33cc6d3a86cd02fc86c95e5ed79248408e122e41216020275da129d6516f1b9f36b3cfe373dd386f529c1d85c76fe5f41d2e4b43ea54b2bde556a780736fc71ffc1f40055393a302effeabc29a30635b0c8a7442ea2da11ba615153be9defa32abc6478888f7e63a7046188e4ffb0496caf4a28fa0e705811fdfafed1a7c406d920a62304c58659b3a4611f3704b0", @ANYRESDEC=r4, @ANYRESOCT, @ANYRES32], 0xc2) ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(0xffffffffffffffff, 0xc00c642e, &(0x7f00000001c0)={0x0, 0x0, 0xffffffffffffffff}) ioctl$DRM_IOCTL_GEM_FLINK(0xffffffffffffffff, 0xc008640a, &(0x7f00000000c0)={r15}) ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r16, 0xc00c642e, &(0x7f0000000300)) fcntl$setpipe(r2, 0x407, 0x0) r17 = creat(0x0, 0x1b) getresuid(&(0x7f0000000240), 0x0, 0x0) ioctl$DRM_IOCTL_GET_CLIENT(r17, 0xc0286405, 0x0) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) dup2(0xffffffffffffffff, 0xffffffffffffffff) clone(0xd48d24434713bd52, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 392.955229][ T7972] attempt to access beyond end of device [ 392.963651][ T7972] loop1: rw=1, want=4989, limit=63 [ 392.981982][ T7972] attempt to access beyond end of device [ 393.002470][ T7972] loop1: rw=1, want=7053, limit=63 [ 393.022952][ T7972] attempt to access beyond end of device [ 393.060150][ T7972] loop1: rw=1, want=9853, limit=63 [ 393.084346][ T7972] attempt to access beyond end of device [ 393.090274][ T7972] loop1: rw=1, want=13213, limit=63 [ 393.103642][ T7972] attempt to access beyond end of device [ 393.109539][ T7972] loop1: rw=1, want=16253, limit=63 [ 393.122790][ T7972] attempt to access beyond end of device [ 393.129037][ T7972] loop1: rw=1, want=18549, limit=63 03:19:13 executing program 5: perf_event_open(&(0x7f0000000440)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) openat$vcs(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/vcs\x00', 0x440400, 0x0) ioctl$sock_netdev_private(0xffffffffffffffff, 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r0, 0xae80, 0x0) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) pipe(0x0) socket$inet_udp(0x2, 0x2, 0x0) socket$inet(0x10, 0x0, 0x0) write(0xffffffffffffffff, 0x0, 0x0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) mkdir(&(0x7f0000000500)='./file1\x00', 0x0) write$binfmt_elf64(r1, &(0x7f0000000080)=ANY=[], 0xce024b8b) link(&(0x7f0000000240)='./file0\x00', &(0x7f0000000000)='./file1/file0\x00') rmdir(&(0x7f0000000140)='./file1\x00') utimes(&(0x7f00000000c0)='./file1\x00', 0x0) write$binfmt_misc(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0xfffffecc) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$KVM_NMI(r0, 0xae9a) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) [ 393.141164][ T7972] attempt to access beyond end of device [ 393.143428][ T2519] blk_update_request: I/O error, dev loop8, sector 2 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 393.153666][ T7972] loop1: rw=1, want=20629, limit=63 [ 393.158533][T11381] EXT4-fs (loop8): unable to read superblock [ 393.172352][ T7972] attempt to access beyond end of device [ 393.181699][ T7972] loop1: rw=1, want=22685, limit=63 [ 393.191638][ T2519] blk_update_request: I/O error, dev loop8, sector 2 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 393.192350][ T7972] attempt to access beyond end of device [ 393.203192][T11395] EXT4-fs (loop8): unable to read superblock [ 393.222182][ T7972] loop1: rw=1, want=24073, limit=63 [ 393.486443][ T27] audit: type=1804 audit(1583119153.491:129): pid=11539 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir486746795/syzkaller.S4NoXv/54/file0/bus" dev="loop1" ino=74 res=1 [ 393.565464][ T27] audit: type=1804 audit(1583119153.561:130): pid=11542 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir486746795/syzkaller.S4NoXv/54/file0/bus" dev="loop1" ino=74 res=1 [ 394.271307][ T820] attempt to access beyond end of device [ 394.277388][ T820] loop1: rw=1, want=4401, limit=63 [ 394.286762][ T820] attempt to access beyond end of device [ 394.292450][ T820] loop1: rw=1, want=6465, limit=63 [ 394.301649][ T820] attempt to access beyond end of device [ 394.307395][ T820] loop1: rw=1, want=8521, limit=63 [ 394.317675][ T820] attempt to access beyond end of device [ 394.323371][ T820] loop1: rw=1, want=11017, limit=63 [ 394.334984][ T820] attempt to access beyond end of device [ 394.340666][ T820] loop1: rw=1, want=14761, limit=63 [ 394.351553][ T820] attempt to access beyond end of device [ 394.357279][ T820] loop1: rw=1, want=16817, limit=63 [ 394.369941][ T820] attempt to access beyond end of device [ 394.375643][ T820] loop1: rw=1, want=20993, limit=63 [ 394.394760][ T820] attempt to access beyond end of device [ 394.400786][ T820] loop1: rw=1, want=29185, limit=63 [ 394.406391][ T0] NOHZ: local_softirq_pending 08 [ 394.414179][ T820] attempt to access beyond end of device [ 394.419896][ T820] loop1: rw=1, want=30613, limit=63 03:19:15 executing program 2: r0 = signalfd4(0xffffffffffffffff, &(0x7f0000006000), 0x8, 0x0) r1 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, 0x0) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, r2, 0x0, 0x0) tkill(r2, 0x3c) ptrace$setregs(0xd, r2, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r2, 0x0, 0x0) 03:19:15 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x8}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) setsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x0, &(0x7f0000000300)={0x77359400}, 0x10) write(r3, 0x0, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) mkdir(&(0x7f0000002000)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0) symlink(&(0x7f00000001c0)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38//../file0/file0\x00', &(0x7f0000000340)='./file0\x00') socket$inet_tcp(0x2, 0x1, 0x0) open(&(0x7f0000000340)='./file0\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x2, 0x3}, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) truncate(&(0x7f0000000100)='./file0\x00', 0x0) unlink(&(0x7f0000000040)='./file0\x00') open(&(0x7f00000000c0)='./file0\x00', 0x3fd, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f0000000240)='nl80211\x00') 03:19:15 executing program 5: perf_event_open(&(0x7f0000000440)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) openat$vcs(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/vcs\x00', 0x440400, 0x0) ioctl$sock_netdev_private(0xffffffffffffffff, 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r0, 0xae80, 0x0) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) pipe(0x0) socket$inet_udp(0x2, 0x2, 0x0) socket$inet(0x10, 0x0, 0x0) write(0xffffffffffffffff, 0x0, 0x0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) mkdir(&(0x7f0000000500)='./file1\x00', 0x0) write$binfmt_elf64(r1, &(0x7f0000000080)=ANY=[], 0xce024b8b) link(&(0x7f0000000240)='./file0\x00', &(0x7f0000000000)='./file1/file0\x00') rmdir(&(0x7f0000000140)='./file1\x00') utimes(&(0x7f00000000c0)='./file1\x00', 0x0) write$binfmt_misc(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0xfffffecc) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$KVM_NMI(r0, 0xae9a) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) 03:19:15 executing program 3: pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_misc(r1, &(0x7f0000000000)=ANY=[], 0xfffffecc) r2 = socket$netlink(0x10, 0x3, 0x0) ioctl(r2, 0x1000008912, &(0x7f0000000080)="08418330e91000105ab071") r3 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f00000006c0)=0x2000000000000001, 0x4) connect$inet(r3, &(0x7f00000000c0)={0x2, 0x0, @remote}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r3, 0x6, 0x1d, &(0x7f0000000080)={0x0, 0xc6dd, 0xf087}, 0x14) splice(r0, 0x0, r3, 0x0, 0x4ffe1, 0x2) 03:19:15 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='sched\x00') preadv(r0, &(0x7f0000000380)=[{&(0x7f0000000240)=""/123, 0xfffffe65}], 0x1, 0x1000000) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0)='IPVS\x00') sendmsg$IPVS_CMD_FLUSH(r0, &(0x7f0000000500)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="00012bbd7000fcdbdf25114000ff06000f000400000008000900000001000800030004000000"], 0x38}, 0x1, 0x0, 0x0, 0x4000000}, 0x1) r2 = getpid() sched_setattr(r2, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) socket$inet6(0xa, 0x2, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x7e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r5 = open(&(0x7f0000000240)='./file0\x00', 0x880, 0x0) fchdir(r5) r6 = creat(&(0x7f0000000680)='./bus\x00', 0x0) ftruncate(r6, 0x800) lseek(r6, 0x0, 0x2) r7 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0) sendfile(r6, r7, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0x0) sendmsg$NL80211_CMD_START_SCHED_SCAN(0xffffffffffffffff, &(0x7f0000000440)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000400)={&(0x7f00000006c0)=ANY=[@ANYBLOB="6000000056f3257a4fcfe2f523d172e7d3ccf9f026b82608f14536009793803f9262155f95eda2f906e1adf01794d1dc50d9f94fa2755eb6a78e734497b5d45d20299029657b342cf5048b8df517b8262e43802b6f4fd08e4831281e6744113689ba928193e3524a7b5bb966519233661752defd54145cabdab0049aba08ea9b814907008c1d269b2644bfdc4b8dc013fb936339f53e", @ANYRES16=0x0, @ANYBLOB="007bb5bd7000ffdbdf254b0000000400ec000a000600bbbbbbbbbbbb00000800d20000000700000000eeaaa100000000006a00000008000000000000000800000001000000080000000800000008000000fa02038ea700000103e31f08a3aa2bc5ddfe963acf2808c9a935574177c8d8dc9a540181df1ed1e696607eb8de4875eb"], 0x60}, 0x1, 0x0, 0x0, 0x4080}, 0xa0) [ 395.046887][ T0] NOHZ: local_softirq_pending 08 [ 395.209327][ T27] audit: type=1804 audit(1583119155.211:131): pid=11561 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir486746795/syzkaller.S4NoXv/55/file0/bus" dev="loop1" ino=75 res=1 03:19:15 executing program 5: perf_event_open(&(0x7f0000000440)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) openat$vcs(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/vcs\x00', 0x440400, 0x0) ioctl$sock_netdev_private(0xffffffffffffffff, 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r0, 0xae80, 0x0) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) pipe(0x0) socket$inet_udp(0x2, 0x2, 0x0) socket$inet(0x10, 0x0, 0x0) write(0xffffffffffffffff, 0x0, 0x0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) mkdir(&(0x7f0000000500)='./file1\x00', 0x0) write$binfmt_elf64(r1, &(0x7f0000000080)=ANY=[], 0xce024b8b) link(&(0x7f0000000240)='./file0\x00', &(0x7f0000000000)='./file1/file0\x00') rmdir(&(0x7f0000000140)='./file1\x00') utimes(&(0x7f00000000c0)='./file1\x00', 0x0) write$binfmt_misc(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0xfffffecc) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$KVM_NMI(r0, 0xae9a) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) [ 395.342262][ T27] audit: type=1804 audit(1583119155.281:132): pid=11625 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir486746795/syzkaller.S4NoXv/55/file0/bus" dev="loop1" ino=75 res=1 03:19:15 executing program 5: perf_event_open(&(0x7f0000000440)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) openat$vcs(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/vcs\x00', 0x440400, 0x0) ioctl$sock_netdev_private(0xffffffffffffffff, 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r0, 0xae80, 0x0) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) pipe(0x0) close(0xffffffffffffffff) socket$inet(0x10, 0x0, 0x0) write(0xffffffffffffffff, 0x0, 0x0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) mkdir(&(0x7f0000000500)='./file1\x00', 0x0) write$binfmt_elf64(r1, &(0x7f0000000080)=ANY=[], 0xce024b8b) link(&(0x7f0000000240)='./file0\x00', &(0x7f0000000000)='./file1/file0\x00') rmdir(&(0x7f0000000140)='./file1\x00') utimes(&(0x7f00000000c0)='./file1\x00', 0x0) write$binfmt_misc(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0xfffffecc) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$KVM_NMI(r0, 0xae9a) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) 03:19:15 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000200)="6653070002053c27bc337600363925d86800278dcff47d010000805acf4f8f36460234432479aed75d492b415bcee00a06dc9d8e99adaf81dcfc6afd983f79e65199615607676f8f9fc0ebf8b0b16d6f2c59957ab364884b3c5d05692e664ebf68e6faa5", 0x64}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) socket$inet_icmp_raw(0x2, 0x3, 0x1) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) ptrace$cont(0x7, r0, 0x0, 0x0) 03:19:15 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) ioctl(r0, 0x1000008912, &(0x7f0000000080)="08418330e91000105ab071") r1 = socket$inet6(0x10, 0x3, 0x4) sendto$inet6(r1, &(0x7f00000001c0)="4c00000012001f15b9409b849ac00a00a5784002000000000000030038c88cc055c5ac27a6c5b068d0bf46d323456536005ad94a461cdbfee9bdb9423523598451d1ec0cffc8792cd8000000", 0x4c, 0x0, 0x0, 0x0) 03:19:16 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='sched\x00') preadv(r0, &(0x7f0000000380)=[{&(0x7f0000000240)=""/123, 0xfffffe65}], 0x1, 0x1000000) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0)='IPVS\x00') sendmsg$IPVS_CMD_FLUSH(r0, &(0x7f0000000500)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="00012bbd7000fcdbdf25114000ff06000f000400000008000900000001000800030004000000"], 0x38}, 0x1, 0x0, 0x0, 0x4000000}, 0x1) r2 = getpid() sched_setattr(r2, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x7e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r5 = open(&(0x7f0000000240)='./file0\x00', 0x880, 0x0) fchdir(r5) r6 = creat(&(0x7f0000000680)='./bus\x00', 0x0) ftruncate(r6, 0x800) lseek(r6, 0x0, 0x2) r7 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0) sendfile(r6, r7, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0x0) sendmsg$NL80211_CMD_START_SCHED_SCAN(0xffffffffffffffff, &(0x7f0000000440)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000400)={&(0x7f00000006c0)=ANY=[@ANYBLOB="6000000056f3257a4fcfe2f523d172e7d3ccf9f026b82608f14536009793803f9262155f95eda2f906e1adf01794d1dc50d9f94fa2755eb6a78e734497b5d45d20299029657b342cf5048b8df517b8262e43802b6f4fd08e4831281e6744113689ba928193e3524a7b5bb966519233661752defd54145cabdab0049aba08ea9b814907008c1d269b2644bfdc4b8dc013fb936339f53e", @ANYRES16=0x0, @ANYBLOB="007bb5bd7000ffdbdf254b0000000400ec000a000600bbbbbbbbbbbb00000800d20000000700000000eeaaa100000000006a00000008000000000000000800000001000000080000000800000008000000fa02038ea700000103e31f08a3aa2bc5ddfe963acf2808c9a935574177c8d8dc9a540181df1ed1e696607eb8de4875eb"], 0x60}, 0x1, 0x0, 0x0, 0x4080}, 0xa0) 03:19:16 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x8}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) setsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x0, &(0x7f0000000300)={0x77359400}, 0x10) write(r3, 0x0, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) mkdir(&(0x7f0000002000)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0) symlink(&(0x7f00000001c0)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38//../file0/file0\x00', &(0x7f0000000340)='./file0\x00') socket$inet_tcp(0x2, 0x1, 0x0) open(&(0x7f0000000340)='./file0\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x2, 0x3}, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) truncate(&(0x7f0000000100)='./file0\x00', 0x0) unlink(&(0x7f0000000040)='./file0\x00') open(&(0x7f00000000c0)='./file0\x00', 0x3fd, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f0000000240)='nl80211\x00') [ 396.111311][ T820] attempt to access beyond end of device [ 396.123818][ T820] loop1: rw=1, want=3973, limit=63 [ 396.135320][ T820] attempt to access beyond end of device [ 396.141411][ T820] loop1: rw=1, want=6021, limit=63 [ 396.159737][ T820] attempt to access beyond end of device [ 396.171536][ T820] loop1: rw=1, want=8445, limit=63 [ 396.187028][ T820] attempt to access beyond end of device [ 396.192822][ T820] loop1: rw=1, want=12421, limit=63 03:19:16 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x8}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) setsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x0, &(0x7f0000000300)={0x77359400}, 0x10) write(r3, 0x0, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) mkdir(&(0x7f0000002000)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0) symlink(&(0x7f00000001c0)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38//../file0/file0\x00', &(0x7f0000000340)='./file0\x00') socket$inet_tcp(0x2, 0x1, 0x0) open(&(0x7f0000000340)='./file0\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x2, 0x3}, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) truncate(&(0x7f0000000100)='./file0\x00', 0x0) unlink(&(0x7f0000000040)='./file0\x00') open(&(0x7f00000000c0)='./file0\x00', 0x3fd, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f0000000240)='nl80211\x00') [ 396.213452][ T820] attempt to access beyond end of device [ 396.226053][ T820] loop1: rw=1, want=18005, limit=63 [ 396.252831][ T820] attempt to access beyond end of device [ 396.265249][ T820] loop1: rw=1, want=20429, limit=63 [ 396.311365][ T820] attempt to access beyond end of device [ 396.317080][ T820] loop1: rw=1, want=27421, limit=63 [ 396.353955][ T820] attempt to access beyond end of device [ 396.363614][ T820] loop1: rw=1, want=31421, limit=63 [ 396.627337][ T27] audit: type=1804 audit(1583119156.631:133): pid=11898 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir486746795/syzkaller.S4NoXv/56/file0/bus" dev="loop1" ino=76 res=1 [ 396.700626][ T27] audit: type=1804 audit(1583119156.701:134): pid=11901 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir486746795/syzkaller.S4NoXv/56/file0/bus" dev="loop1" ino=76 res=1 [ 397.431336][ T7] attempt to access beyond end of device [ 397.437196][ T7] loop1: rw=1, want=5097, limit=63 [ 397.447986][ T7] attempt to access beyond end of device [ 397.453632][ T7] loop1: rw=1, want=7425, limit=63 [ 397.463505][ T7] attempt to access beyond end of device [ 397.469210][ T7] loop1: rw=1, want=9545, limit=63 [ 397.479653][ T7] attempt to access beyond end of device [ 397.485291][ T7] loop1: rw=1, want=11593, limit=63 [ 397.495190][ T7] attempt to access beyond end of device [ 397.501114][ T7] loop1: rw=1, want=13849, limit=63 [ 397.513356][ T7] attempt to access beyond end of device [ 397.519076][ T7] loop1: rw=1, want=17545, limit=63 [ 397.537223][ T7] attempt to access beyond end of device [ 397.542879][ T7] loop1: rw=1, want=24017, limit=63 [ 397.558532][ T7] attempt to access beyond end of device [ 397.564196][ T7] loop1: rw=1, want=27725, limit=63 03:19:18 executing program 2: r0 = signalfd4(0xffffffffffffffff, &(0x7f0000006000), 0x8, 0x0) r1 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, 0x0) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, r2, 0x0, 0x0) tkill(r2, 0x3c) ptrace$setregs(0xd, r2, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r2, 0x0, 0x0) 03:19:18 executing program 5: perf_event_open(&(0x7f0000000440)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) openat$vcs(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/vcs\x00', 0x440400, 0x0) ioctl$sock_netdev_private(0xffffffffffffffff, 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r0, 0xae80, 0x0) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) pipe(0x0) close(0xffffffffffffffff) socket$inet(0x10, 0x0, 0x0) write(0xffffffffffffffff, 0x0, 0x0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) mkdir(&(0x7f0000000500)='./file1\x00', 0x0) write$binfmt_elf64(r1, &(0x7f0000000080)=ANY=[], 0xce024b8b) link(&(0x7f0000000240)='./file0\x00', &(0x7f0000000000)='./file1/file0\x00') rmdir(&(0x7f0000000140)='./file1\x00') utimes(&(0x7f00000000c0)='./file1\x00', 0x0) write$binfmt_misc(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0xfffffecc) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$KVM_NMI(r0, 0xae9a) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) 03:19:18 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x8}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) setsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x0, &(0x7f0000000300)={0x77359400}, 0x10) write(r3, 0x0, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) mkdir(&(0x7f0000002000)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0) symlink(&(0x7f00000001c0)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38//../file0/file0\x00', &(0x7f0000000340)='./file0\x00') socket$inet_tcp(0x2, 0x1, 0x0) open(&(0x7f0000000340)='./file0\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x2, 0x3}, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) truncate(&(0x7f0000000100)='./file0\x00', 0x0) unlink(&(0x7f0000000040)='./file0\x00') open(&(0x7f00000000c0)='./file0\x00', 0x3fd, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f0000000240)='nl80211\x00') 03:19:18 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='sched\x00') preadv(r0, &(0x7f0000000380)=[{&(0x7f0000000240)=""/123, 0xfffffe65}], 0x1, 0x1000000) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0)='IPVS\x00') sendmsg$IPVS_CMD_FLUSH(r0, &(0x7f0000000500)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="00012bbd7000fcdbdf25114000ff06000f000400000008000900000001000800030004000000"], 0x38}, 0x1, 0x0, 0x0, 0x4000000}, 0x1) r2 = getpid() sched_setattr(r2, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x7e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r5 = open(&(0x7f0000000240)='./file0\x00', 0x880, 0x0) fchdir(r5) r6 = creat(&(0x7f0000000680)='./bus\x00', 0x0) ftruncate(r6, 0x800) lseek(r6, 0x0, 0x2) r7 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0) sendfile(r6, r7, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0x0) sendmsg$NL80211_CMD_START_SCHED_SCAN(0xffffffffffffffff, &(0x7f0000000440)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000400)={&(0x7f00000006c0)=ANY=[@ANYBLOB="6000000056f3257a4fcfe2f523d172e7d3ccf9f026b82608f14536009793803f9262155f95eda2f906e1adf01794d1dc50d9f94fa2755eb6a78e734497b5d45d20299029657b342cf5048b8df517b8262e43802b6f4fd08e4831281e6744113689ba928193e3524a7b5bb966519233661752defd54145cabdab0049aba08ea9b814907008c1d269b2644bfdc4b8dc013fb936339f53e", @ANYRES16=0x0, @ANYBLOB="007bb5bd7000ffdbdf254b0000000400ec000a000600bbbbbbbbbbbb00000800d20000000700000000eeaaa100000000006a00000008000000000000000800000001000000080000000800000008000000fa02038ea700000103e31f08a3aa2bc5ddfe963acf2808c9a935574177c8d8dc9a540181df1ed1e696607eb8de4875eb"], 0x60}, 0x1, 0x0, 0x0, 0x4080}, 0xa0) 03:19:18 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x8}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) setsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x0, &(0x7f0000000300)={0x77359400}, 0x10) write(r3, 0x0, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) mkdir(&(0x7f0000002000)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0) symlink(&(0x7f00000001c0)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38//../file0/file0\x00', &(0x7f0000000340)='./file0\x00') socket$inet_tcp(0x2, 0x1, 0x0) open(&(0x7f0000000340)='./file0\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x2, 0x3}, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) truncate(&(0x7f0000000100)='./file0\x00', 0x0) unlink(&(0x7f0000000040)='./file0\x00') open(&(0x7f00000000c0)='./file0\x00', 0x3fd, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f0000000240)='nl80211\x00') [ 398.284101][ T27] audit: type=1804 audit(1583119158.281:135): pid=11919 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir486746795/syzkaller.S4NoXv/57/file0/bus" dev="loop1" ino=77 res=1 [ 398.499189][ T27] audit: type=1804 audit(1583119158.331:136): pid=11926 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir486746795/syzkaller.S4NoXv/57/file0/bus" dev="loop1" ino=77 res=1 03:19:18 executing program 5: perf_event_open(&(0x7f0000000440)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) openat$vcs(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/vcs\x00', 0x440400, 0x0) ioctl$sock_netdev_private(0xffffffffffffffff, 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r0, 0xae80, 0x0) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) pipe(0x0) close(0xffffffffffffffff) socket$inet(0x10, 0x0, 0x0) write(0xffffffffffffffff, 0x0, 0x0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) mkdir(&(0x7f0000000500)='./file1\x00', 0x0) write$binfmt_elf64(r1, &(0x7f0000000080)=ANY=[], 0xce024b8b) link(&(0x7f0000000240)='./file0\x00', &(0x7f0000000000)='./file1/file0\x00') rmdir(&(0x7f0000000140)='./file1\x00') utimes(&(0x7f00000000c0)='./file1\x00', 0x0) write$binfmt_misc(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0xfffffecc) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$KVM_NMI(r0, 0xae9a) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) 03:19:19 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000200)="6653070002053c27bc337600363925d86800278dcff47d010000805acf4f8f36460234432479aed75d492b415bcee00a06dc9d8e99adaf81dcfc6afd983f79e65199615607676f8f9fc0ebf8b0b16d6f2c59957ab364884b3c5d05692e664ebf68e6faa5", 0x64}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) r1 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ptrace$cont(0x7, r0, 0x0, 0x0) 03:19:19 executing program 5: perf_event_open(&(0x7f0000000440)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) openat$vcs(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/vcs\x00', 0x440400, 0x0) ioctl$sock_netdev_private(0xffffffffffffffff, 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r0, 0xae80, 0x0) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) close(r1) socket$inet(0x10, 0x0, 0x0) write(0xffffffffffffffff, 0x0, 0x0) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) mkdir(&(0x7f0000000500)='./file1\x00', 0x0) write$binfmt_elf64(r2, &(0x7f0000000080)=ANY=[], 0xce024b8b) link(&(0x7f0000000240)='./file0\x00', &(0x7f0000000000)='./file1/file0\x00') rmdir(&(0x7f0000000140)='./file1\x00') utimes(&(0x7f00000000c0)='./file1\x00', 0x0) write$binfmt_misc(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0xfffffecc) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$KVM_NMI(r0, 0xae9a) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) 03:19:19 executing program 3: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x7, &(0x7f0000000100)="f036ae2c5e0bcfe47bf070") preadv(r2, &(0x7f0000000180), 0x255, 0x0) setsockopt$inet_tcp_TLS_TX(r1, 0x6, 0x1, 0x0, 0x0) socket$inet(0x2, 0x0, 0x0) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) readv(0xffffffffffffffff, 0x0, 0x0) ioctl$FIDEDUPERANGE(0xffffffffffffffff, 0xc0189436, 0x0) socket(0x0, 0x0, 0x0) sendmmsg$alg(0xffffffffffffffff, 0x0, 0x0, 0x0) getsockopt$EBT_SO_GET_INIT_ENTRIES(0xffffffffffffffff, 0x0, 0x83, 0x0, 0x0) socket$netlink(0x10, 0x3, 0x0) ioctl(0xffffffffffffffff, 0x0, 0x0) getsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, 0x0, 0x0) getgid() getpid() getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, 0x0, 0x0) getgid() getuid() setsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, 0x0, 0x0) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, 0x0) getgid() bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x8350c852f33c37ad) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x0, 0x0, 0x0) socket(0x0, 0x0, 0x0) sendmmsg$alg(0xffffffffffffffff, 0x0, 0x0, 0x0) sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0) sendmsg$unix(0xffffffffffffffff, 0x0, 0x0) bind$inet6(r2, &(0x7f0000000000)={0xa, 0x8000002}, 0x1c) ioctl$sock_FIOSETOWN(0xffffffffffffffff, 0x8901, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x20000001, &(0x7f0000000280)={0xa, 0x2, 0x0, @loopback}, 0x1c) splice(r2, 0x0, r1, 0x0, 0x80000000, 0x0) sendto$packet(r2, &(0x7f0000000980)="2fbcf9aa1c55b57d1379798802406c34b371999e2de75bda5479f6ca86346bff2a3bd40f813d64f318936e2e717a19c501f4826da023c33cb261c53dfab11ce97917158ec2fe6ff05ecb96208390759bfd5d414ef20455c02c3015970c845697522a12c94d25e972b8cb2af594b7ec891bae42bd7f0968a197235704afbf950aca5777433bc30e35eafa1addc7be35dce3ef9b5897d3228d838f67f052124a481b0315cfc44e1edb8b0734fe9b66895e947348740f8a6174fd9d97af7ded1325919e4c4d24e1503b7507a75d9d504bc8dba6e40ae1c50804a2ca105fab06a91c613d77be09e78240b67b5e976e495f2664d6c99a4cdf5a770cb3dac7922c4b048db91b7a1a98897783408e2426687e768b72b6fd98b7406718670c4b4ec32393f3196e71044bec975ac33607085575bbb3938ee5fa270c4ba803622152f641f26bf26c92", 0x70f20060c5be8518, 0x4080041, 0x0, 0xffffffffffffff0e) 03:19:19 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='sched\x00') preadv(r0, &(0x7f0000000380)=[{&(0x7f0000000240)=""/123, 0xfffffe65}], 0x1, 0x1000000) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0)='IPVS\x00') sendmsg$IPVS_CMD_FLUSH(r0, &(0x7f0000000500)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="00012bbd7000fcdbdf25114000ff06000f000400000008000900000001000800030004000000"], 0x38}, 0x1, 0x0, 0x0, 0x4000000}, 0x1) r2 = getpid() sched_setattr(r2, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x7e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r5 = open(&(0x7f0000000240)='./file0\x00', 0x880, 0x0) fchdir(r5) r6 = creat(&(0x7f0000000680)='./bus\x00', 0x0) ftruncate(r6, 0x800) lseek(r6, 0x0, 0x2) r7 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0) sendfile(r6, r7, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0x0) sendmsg$NL80211_CMD_START_SCHED_SCAN(0xffffffffffffffff, &(0x7f0000000440)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000400)={&(0x7f00000006c0)=ANY=[@ANYBLOB="6000000056f3257a4fcfe2f523d172e7d3ccf9f026b82608f14536009793803f9262155f95eda2f906e1adf01794d1dc50d9f94fa2755eb6a78e734497b5d45d20299029657b342cf5048b8df517b8262e43802b6f4fd08e4831281e6744113689ba928193e3524a7b5bb966519233661752defd54145cabdab0049aba08ea9b814907008c1d269b2644bfdc4b8dc013fb936339f53e", @ANYRES16=0x0, @ANYBLOB="007bb5bd7000ffdbdf254b0000000400ec000a000600bbbbbbbbbbbb00000800d20000000700000000eeaaa100000000006a00000008000000000000000800000001000000080000000800000008000000fa02038ea700000103e31f08a3aa2bc5ddfe963acf2808c9a935574177c8d8dc9a540181df1ed1e696607eb8de4875eb"], 0x60}, 0x1, 0x0, 0x0, 0x4080}, 0xa0) 03:19:19 executing program 4: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x4) setsockopt$inet_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f00000000c0)={@in={{0x2, 0x0, @remote}}, 0x0, 0x0, 0x40, 0x0, "efacff0a1bd2c5ad321d84a1afdb62157ed8354ae3cfe34a610757ef4594721933f845eac5ee3cca23e3292f21e3ae55d64ea2e35a1aa12be64e479b1153e295f7c42d460f39e6a5b36ecce4045399e8"}, 0xd8) connect$inet(r0, &(0x7f0000000000)={0x2, 0x0, @remote}, 0x4e) r1 = socket$netlink(0x10, 0x3, 0x0) ioctl(r1, 0x1000008912, &(0x7f0000000080)="08418330e91000105ab071") setsockopt$inet_tcp_int(r0, 0x6, 0x4000000000013, &(0x7f0000000080), 0x4) [ 399.120526][ T7972] attempt to access beyond end of device [ 399.138355][ T7972] loop1: rw=1, want=2997, limit=63 03:19:19 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$netlink(r0, &(0x7f0000005a80)={0x0, 0x0, &(0x7f0000000300)=[{&(0x7f0000000600)={0x18, 0x1c, 0x1, 0x0, 0x0, "", [@nested={0x7, 0x0, 0x0, 0x1, [@generic='[8j']}]}, 0x18}], 0x1}, 0x0) [ 399.162809][ T7972] attempt to access beyond end of device [ 399.190420][ T7972] loop1: rw=1, want=5533, limit=63 [ 399.224187][ T7972] attempt to access beyond end of device [ 399.237993][ T7972] loop1: rw=1, want=8973, limit=63 [ 399.273629][ T7972] attempt to access beyond end of device [ 399.286637][ T7972] loop1: rw=1, want=11941, limit=63 [ 399.327436][ T7972] attempt to access beyond end of device [ 399.335705][ T7972] loop1: rw=1, want=15957, limit=63 [ 399.381335][ T7972] attempt to access beyond end of device [ 399.387083][ T7972] loop1: rw=1, want=20693, limit=63 [ 399.409499][ T7972] attempt to access beyond end of device [ 399.415323][ T7972] loop1: rw=1, want=23729, limit=63 [ 399.622686][ T27] audit: type=1804 audit(1583119159.621:137): pid=12266 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir486746795/syzkaller.S4NoXv/58/file0/bus" dev="loop1" ino=78 res=1 [ 399.719469][ T27] audit: type=1804 audit(1583119159.671:138): pid=12269 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir486746795/syzkaller.S4NoXv/58/file0/bus" dev="loop1" ino=78 res=1 [ 400.424459][ T7] attempt to access beyond end of device [ 400.430392][ T7] loop1: rw=1, want=4025, limit=63 [ 400.442155][ T7] attempt to access beyond end of device [ 400.447973][ T7] loop1: rw=1, want=6081, limit=63 [ 400.458443][ T7] attempt to access beyond end of device [ 400.464161][ T7] loop1: rw=1, want=8129, limit=63 [ 400.475975][ T7] attempt to access beyond end of device [ 400.481697][ T7] loop1: rw=1, want=10249, limit=63 [ 400.496076][ T7] attempt to access beyond end of device [ 400.501813][ T7] loop1: rw=1, want=14345, limit=63 [ 400.519595][ T7] attempt to access beyond end of device [ 400.525372][ T7] loop1: rw=1, want=19369, limit=63 [ 400.557654][ T7] attempt to access beyond end of device [ 400.563428][ T7] loop1: rw=1, want=31257, limit=63 03:19:21 executing program 2: r0 = signalfd4(0xffffffffffffffff, &(0x7f0000006000), 0x8, 0x0) r1 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, 0x0) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, r2, 0x0, 0x0) tkill(r2, 0x3c) ptrace$setregs(0xd, r2, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r2, 0x0, 0x0) 03:19:21 executing program 5: perf_event_open(&(0x7f0000000440)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) openat$vcs(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/vcs\x00', 0x440400, 0x0) ioctl$sock_netdev_private(0xffffffffffffffff, 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r0, 0xae80, 0x0) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) close(r1) socket$inet(0x10, 0x0, 0x0) write(0xffffffffffffffff, 0x0, 0x0) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) mkdir(&(0x7f0000000500)='./file1\x00', 0x0) write$binfmt_elf64(r2, &(0x7f0000000080)=ANY=[], 0xce024b8b) link(&(0x7f0000000240)='./file0\x00', &(0x7f0000000000)='./file1/file0\x00') rmdir(&(0x7f0000000140)='./file1\x00') utimes(&(0x7f00000000c0)='./file1\x00', 0x0) write$binfmt_misc(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0xfffffecc) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$KVM_NMI(r0, 0xae9a) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) 03:19:21 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) ioctl(r0, 0x1000008912, &(0x7f0000000600)="08418330e91000105ab071") r1 = socket(0x80000000000000a, 0x2, 0x0) setsockopt$inet6_group_source_req(r1, 0x29, 0x2e, &(0x7f0000000200)={0x1, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x0, @initdev={0xfe, 0x88, [], 0x0, 0x0}}}}, 0x108) r2 = socket(0x80000000000000a, 0x2, 0x0) setsockopt$inet6_group_source_req(r2, 0x29, 0x2e, &(0x7f0000000200)={0x1, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x0, @empty}}}, 0x108) 03:19:21 executing program 3: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x7, &(0x7f0000000100)="f036ae2c5e0bcfe47bf070") preadv(r2, &(0x7f0000000180), 0x255, 0x0) setsockopt$inet_tcp_TLS_TX(r1, 0x6, 0x1, 0x0, 0x0) socket$inet(0x2, 0x0, 0x0) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) readv(0xffffffffffffffff, 0x0, 0x0) ioctl$FIDEDUPERANGE(0xffffffffffffffff, 0xc0189436, 0x0) socket(0x0, 0x0, 0x0) sendmmsg$alg(0xffffffffffffffff, 0x0, 0x0, 0x0) getsockopt$EBT_SO_GET_INIT_ENTRIES(0xffffffffffffffff, 0x0, 0x83, 0x0, 0x0) socket$netlink(0x10, 0x3, 0x0) ioctl(0xffffffffffffffff, 0x0, 0x0) getsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, 0x0, 0x0) getgid() getpid() getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, 0x0, 0x0) getgid() getuid() setsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, 0x0, 0x0) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, 0x0) getgid() bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x8350c852f33c37ad) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x0, 0x0, 0x0) socket(0x0, 0x0, 0x0) sendmmsg$alg(0xffffffffffffffff, 0x0, 0x0, 0x0) sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0) sendmsg$unix(0xffffffffffffffff, 0x0, 0x0) bind$inet6(r2, &(0x7f0000000000)={0xa, 0x8000002}, 0x1c) ioctl$sock_FIOSETOWN(0xffffffffffffffff, 0x8901, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x20000001, &(0x7f0000000280)={0xa, 0x2, 0x0, @loopback}, 0x1c) splice(r2, 0x0, r1, 0x0, 0x80000000, 0x0) sendto$packet(r2, &(0x7f0000000980)="2fbcf9aa1c55b57d1379798802406c34b371999e2de75bda5479f6ca86346bff2a3bd40f813d64f318936e2e717a19c501f4826da023c33cb261c53dfab11ce97917158ec2fe6ff05ecb96208390759bfd5d414ef20455c02c3015970c845697522a12c94d25e972b8cb2af594b7ec891bae42bd7f0968a197235704afbf950aca5777433bc30e35eafa1addc7be35dce3ef9b5897d3228d838f67f052124a481b0315cfc44e1edb8b0734fe9b66895e947348740f8a6174fd9d97af7ded1325919e4c4d24e1503b7507a75d9d504bc8dba6e40ae1c50804a2ca105fab06a91c613d77be09e78240b67b5e976e495f2664d6c99a4cdf5a770cb3dac7922c4b048db91b7a1a98897783408e2426687e768b72b6fd98b7406718670c4b4ec32393f3196e71044bec975ac33607085575bbb3938ee5fa270c4ba803622152f641f26bf26c92", 0x70f20060c5be8518, 0x4080041, 0x0, 0xffffffffffffff0e) 03:19:21 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='sched\x00') preadv(r0, &(0x7f0000000380)=[{&(0x7f0000000240)=""/123, 0xfffffe65}], 0x1, 0x1000000) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0)='IPVS\x00') sendmsg$IPVS_CMD_FLUSH(r0, &(0x7f0000000500)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="00012bbd7000fcdbdf25114000ff06000f000400000008000900000001000800030004000000"], 0x38}, 0x1, 0x0, 0x0, 0x4000000}, 0x1) getpid() r2 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x7e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r5 = open(&(0x7f0000000240)='./file0\x00', 0x880, 0x0) fchdir(r5) r6 = creat(&(0x7f0000000680)='./bus\x00', 0x0) ftruncate(r6, 0x800) lseek(r6, 0x0, 0x2) r7 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0) sendfile(r6, r7, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0x0) sendmsg$NL80211_CMD_START_SCHED_SCAN(0xffffffffffffffff, &(0x7f0000000440)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000400)={&(0x7f00000006c0)=ANY=[@ANYBLOB="6000000056f3257a4fcfe2f523d172e7d3ccf9f026b82608f14536009793803f9262155f95eda2f906e1adf01794d1dc50d9f94fa2755eb6a78e734497b5d45d20299029657b342cf5048b8df517b8262e43802b6f4fd08e4831281e6744113689ba928193e3524a7b5bb966519233661752defd54145cabdab0049aba08ea9b814907008c1d269b2644bfdc4b8dc013fb936339f53e", @ANYRES16=0x0, @ANYBLOB="007bb5bd7000ffdbdf254b0000000400ec000a000600bbbbbbbbbbbb00000800d20000000700000000eeaaa100000000006a00000008000000000000000800000001000000080000000800000008000000fa02038ea700000103e31f08a3aa2bc5ddfe963acf2808c9a935574177c8d8dc9a540181df1ed1e696607eb8de4875eb"], 0x60}, 0x1, 0x0, 0x0, 0x4080}, 0xa0) 03:19:21 executing program 4: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x7, &(0x7f0000000100)="f036ae2c5e0bcfe47bf070") preadv(r2, &(0x7f0000000180), 0x255, 0x0) setsockopt$inet_tcp_TLS_TX(r1, 0x6, 0x1, 0x0, 0x0) socket$inet(0x2, 0x0, 0x0) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) readv(0xffffffffffffffff, 0x0, 0x0) ioctl$FIDEDUPERANGE(0xffffffffffffffff, 0xc0189436, 0x0) socket(0x0, 0x0, 0x0) sendmmsg$alg(0xffffffffffffffff, 0x0, 0x0, 0x0) getsockopt$EBT_SO_GET_INIT_ENTRIES(0xffffffffffffffff, 0x0, 0x83, 0x0, 0x0) socket$netlink(0x10, 0x3, 0x0) ioctl(0xffffffffffffffff, 0x0, 0x0) getsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, 0x0, 0x0) getgid() getpid() getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, 0x0, 0x0) getgid() getuid() setsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, 0x0, 0x0) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, 0x0) getgid() bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x8350c852f33c37ad) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x0, 0x0, 0x0) socket(0x0, 0x0, 0x0) sendmmsg$alg(0xffffffffffffffff, 0x0, 0x0, 0x0) sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0) sendmsg$unix(0xffffffffffffffff, 0x0, 0x0) bind$inet6(r2, &(0x7f0000000000)={0xa, 0x8000002}, 0x1c) ioctl$sock_FIOSETOWN(0xffffffffffffffff, 0x8901, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x20000001, &(0x7f0000000280)={0xa, 0x2, 0x0, @loopback}, 0x1c) splice(r2, 0x0, r1, 0x0, 0x80000000, 0x0) sendto$packet(r2, &(0x7f0000000980)="2fbcf9aa1c55b57d1379798802406c34b371999e2de75bda5479f6ca86346bff2a3bd40f813d64f318936e2e717a19c501f4826da023c33cb261c53dfab11ce97917158ec2fe6ff05ecb96208390759bfd5d414ef20455c02c3015970c845697522a12c94d25e972b8cb2af594b7ec891bae42bd7f0968a197235704afbf950aca5777433bc30e35eafa1addc7be35dce3ef9b5897d3228d838f67f052124a481b0315cfc44e1edb8b0734fe9b66895e947348740f8a6174fd9d97af7ded1325919e4c4d24e1503b7507a75d9d504bc8dba6e40ae1c50804a2ca105fab06a91c613d77be09e78240b67b5e976e495f2664d6c99a4cdf5a770cb3dac7922c4b048db91b7a1a98897783408e2426687e768b72b6fd98b7406718670c4b4ec32393f3196e71044bec975ac33607085575bbb3938ee5fa270c4ba803622152f641f26bf26c92", 0x70f20060c5be8518, 0x4080041, 0x0, 0xffffffffffffff0e) [ 401.445546][ T27] audit: type=1804 audit(1583119161.441:139): pid=12292 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir486746795/syzkaller.S4NoXv/59/file0/bus" dev="loop1" ino=79 res=1 [ 401.494812][ T27] audit: type=1804 audit(1583119161.491:140): pid=12396 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir486746795/syzkaller.S4NoXv/59/file0/bus" dev="loop1" ino=79 res=1 03:19:22 executing program 5: perf_event_open(&(0x7f0000000440)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) openat$vcs(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/vcs\x00', 0x440400, 0x0) ioctl$sock_netdev_private(0xffffffffffffffff, 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r0, 0xae80, 0x0) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) close(r1) socket$inet(0x10, 0x0, 0x0) write(0xffffffffffffffff, 0x0, 0x0) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) mkdir(&(0x7f0000000500)='./file1\x00', 0x0) write$binfmt_elf64(r2, &(0x7f0000000080)=ANY=[], 0xce024b8b) link(&(0x7f0000000240)='./file0\x00', &(0x7f0000000000)='./file1/file0\x00') rmdir(&(0x7f0000000140)='./file1\x00') utimes(&(0x7f00000000c0)='./file1\x00', 0x0) write$binfmt_misc(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0xfffffecc) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$KVM_NMI(r0, 0xae9a) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) 03:19:22 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000200)="6653070002053c27bc337600363925d86800278dcff47d010000805acf4f8f36460234432479aed75d492b415bcee00a06dc9d8e99adaf81dcfc6afd983f79e65199615607676f8f9fc0ebf8b0b16d6f2c59957ab364884b3c5d05692e664ebf68e6faa5", 0x64}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) r1 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ptrace$cont(0x7, r0, 0x0, 0x0) 03:19:22 executing program 3: prctl$PR_SVE_SET_VL(0x23, 0xd) 03:19:22 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) ioctl(r0, 0x1000008912, &(0x7f0000000080)="080db5050600000047b071") bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x10, 0x4, &(0x7f0000000000)=@framed={{0x18, 0xa}, [@call]}, &(0x7f00000000c0)='GPL\x00', 0x4, 0x1000, &(0x7f000062b000)=""/4096, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) 03:19:22 executing program 3: r0 = socket$inet(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x4) setsockopt$inet_opts(r0, 0x0, 0x4, &(0x7f0000000000)="8907040400", 0x5) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f00000000c0)='veth1_to_hsr\x00', 0x10) connect$inet(r0, &(0x7f0000000040)={0x2, 0x0, @broadcast}, 0x10) 03:19:22 executing program 4: r0 = socket$inet6(0xa, 0x80003, 0x6b) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000080)=ANY=[@ANYBLOB="7261770000000000000000000000000000000000000000000000000000000000c1030000030000002004000000000000800200000000000000000000800000005003000050030000500300005003000050030000030000000000000000000000fe8000000000000000000000000000bbff020000000000000000000000000001000000000000000000000000000000000000000000000000000000000000000076657468315f746f5f626f6e640000006e657470636930000000000000000000000000000000000000000000000000000000000000000000001d000000000000000000000000000000000000500280020000000001000000000000000000000000000000000000005001686173686c696d69740000000000000000000000000000000000000000027465616d5f736c6176655f310008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000080000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000fe18b61a000800000000000000000000000000005800686173686c696d697400000000000000000000000000000000000000000173797a6b616c6c657231000000000000000000000000000004000000000000000000000005000000a60000000000000000000000000000003000434f4e4e4d41524b00000000000000000000000000000000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000040000000000000000a800d0000000000000000000000000000000000000000000000000002800434c4153534946590000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a800d0000000000000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000000feffffff"], 0x1) syz_emit_ethernet(0x46, &(0x7f0000000500)={@local, @random="2e3323fafd4f", @void, {@ipv6={0x86dd, @dccp_packet={0x0, 0x6, "b4b4f1", 0x10, 0x21, 0x0, @local, @dev, {[], {{0x0, 0x0, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, "d8062d", 0x0, "29f451"}}}}}}}, 0x0) [ 402.238754][ T7972] attempt to access beyond end of device [ 402.244427][ T7972] loop1: rw=1, want=2421, limit=63 [ 402.279206][ T7972] attempt to access beyond end of device [ 402.285089][ T7972] loop1: rw=1, want=4477, limit=63 [ 402.323986][ T7972] attempt to access beyond end of device [ 402.335030][T12525] x_tables: ip6_tables: CLASSIFY target: used from hooks PREROUTING, but only usable from FORWARD/OUTPUT/POSTROUTING [ 402.358745][ T7972] loop1: rw=1, want=6541, limit=63 [ 402.372397][ T7972] attempt to access beyond end of device [ 402.379891][ T7972] loop1: rw=1, want=10293, limit=63 [ 402.399720][ T7972] attempt to access beyond end of device [ 402.425821][ T7972] loop1: rw=1, want=14389, limit=63 [ 402.456302][ T7972] attempt to access beyond end of device [ 402.461983][ T7972] loop1: rw=1, want=20705, limit=63 03:19:24 executing program 2: r0 = signalfd4(0xffffffffffffffff, &(0x7f0000006000), 0x8, 0x0) r1 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f000001bff4)) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, r2, 0x0, 0x0) tkill(r2, 0x3c) ptrace$setregs(0xd, r2, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r2, 0x0, 0x0) 03:19:24 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='sched\x00') preadv(r0, &(0x7f0000000380)=[{&(0x7f0000000240)=""/123, 0xfffffe65}], 0x1, 0x1000000) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0)='IPVS\x00') sendmsg$IPVS_CMD_FLUSH(r0, &(0x7f0000000500)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="00012bbd7000fcdbdf25114000ff06000f000400000008000900000001000800030004000000"], 0x38}, 0x1, 0x0, 0x0, 0x4000000}, 0x1) getpid() r2 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x7e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r5 = open(&(0x7f0000000240)='./file0\x00', 0x880, 0x0) fchdir(r5) r6 = creat(&(0x7f0000000680)='./bus\x00', 0x0) ftruncate(r6, 0x800) lseek(r6, 0x0, 0x2) r7 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0) sendfile(r6, r7, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0x0) sendmsg$NL80211_CMD_START_SCHED_SCAN(0xffffffffffffffff, &(0x7f0000000440)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000400)={&(0x7f00000006c0)=ANY=[@ANYBLOB="6000000056f3257a4fcfe2f523d172e7d3ccf9f026b82608f14536009793803f9262155f95eda2f906e1adf01794d1dc50d9f94fa2755eb6a78e734497b5d45d20299029657b342cf5048b8df517b8262e43802b6f4fd08e4831281e6744113689ba928193e3524a7b5bb966519233661752defd54145cabdab0049aba08ea9b814907008c1d269b2644bfdc4b8dc013fb936339f53e", @ANYRES16=0x0, @ANYBLOB="007bb5bd7000ffdbdf254b0000000400ec000a000600bbbbbbbbbbbb00000800d20000000700000000eeaaa100000000006a00000008000000000000000800000001000000080000000800000008000000fa02038ea700000103e31f08a3aa2bc5ddfe963acf2808c9a935574177c8d8dc9a540181df1ed1e696607eb8de4875eb"], 0x60}, 0x1, 0x0, 0x0, 0x4080}, 0xa0) 03:19:24 executing program 5: perf_event_open(&(0x7f0000000440)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) openat$vcs(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/vcs\x00', 0x440400, 0x0) ioctl$sock_netdev_private(0xffffffffffffffff, 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r0, 0xae80, 0x0) pipe(0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) close(r1) socket$inet(0x10, 0x0, 0x0) write(0xffffffffffffffff, 0x0, 0x0) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) mkdir(&(0x7f0000000500)='./file1\x00', 0x0) write$binfmt_elf64(r2, &(0x7f0000000080)=ANY=[], 0xce024b8b) link(&(0x7f0000000240)='./file0\x00', &(0x7f0000000000)='./file1/file0\x00') rmdir(&(0x7f0000000140)='./file1\x00') utimes(&(0x7f00000000c0)='./file1\x00', 0x0) write$binfmt_misc(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0xfffffecc) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$KVM_NMI(r0, 0xae9a) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) 03:19:24 executing program 3: pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) r3 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r3, &(0x7f0000000000)={0x2, 0x0, @local}, 0x10) connect$inet(r3, &(0x7f0000000340)={0x2, 0x0, @multicast2}, 0x10) r4 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r4, 0x107, 0x12, &(0x7f00000000c0), 0x4) write$binfmt_misc(r1, &(0x7f0000000080)=ANY=[@ANYRES16], 0x2) splice(r0, 0x0, r2, 0x0, 0x4ffe0, 0x0) 03:19:24 executing program 4: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f0000000000)=0x16c, 0x4) bind$inet(r0, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000000280)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000100), 0x4) socket$netlink(0x10, 0x3, 0x12) syz_genetlink_get_family_id$netlbl_unlabel(0x0) sendmsg$NLBL_UNLABEL_C_STATICLIST(0xffffffffffffffff, &(0x7f0000000380)={&(0x7f00000000c0), 0xc, &(0x7f00000001c0)={0x0}, 0x1, 0x0, 0x0, 0x800}, 0x0) recvmsg(r0, &(0x7f0000000240)={&(0x7f0000000040)=@nfc, 0x80, &(0x7f0000000180)=[{&(0x7f0000003ac0)=""/4096, 0xfffffeee}], 0x1, &(0x7f0000000200)=""/20, 0x5, 0x3e8}, 0x100) write$binfmt_elf64(r0, &(0x7f0000002300)=ANY=[@ANYRES64], 0x1000001bd) shutdown(r0, 0x1) 03:19:24 executing program 2: r0 = signalfd4(0xffffffffffffffff, &(0x7f0000006000), 0x8, 0x0) r1 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f000001bff4)) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, r2, 0x0, 0x0) tkill(r2, 0x3c) ptrace$setregs(0xd, r2, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r2, 0x0, 0x0) 03:19:24 executing program 3: r0 = socket$inet6(0xa, 0x40000080806, 0x0) bind$inet6(r0, &(0x7f000047b000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) listen(r0, 0x9) r1 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r1, &(0x7f0000419000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) close(r1) r2 = accept4(r0, 0x0, 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) recvfrom$inet(r2, 0x0, 0x0, 0x0, 0x0, 0x0) [ 404.699528][ T27] audit: type=1804 audit(1583119164.701:141): pid=12603 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir486746795/syzkaller.S4NoXv/60/file0/bus" dev="loop1" ino=80 res=1 [ 404.777152][ T27] audit: type=1804 audit(1583119164.761:142): pid=12658 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir486746795/syzkaller.S4NoXv/60/file0/bus" dev="loop1" ino=80 res=1 03:19:25 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000200)="6653070002053c27bc337600363925d86800278dcff47d010000805acf4f8f36460234432479aed75d492b415bcee00a06dc9d8e99adaf81dcfc6afd983f79e65199615607676f8f9fc0ebf8b0b16d6f2c59957ab364884b3c5d05692e664ebf68e6faa5", 0x64}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) r1 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ptrace$cont(0x7, r0, 0x0, 0x0) 03:19:25 executing program 2: r0 = signalfd4(0xffffffffffffffff, &(0x7f0000006000), 0x8, 0x0) r1 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f000001bff4)) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, r2, 0x0, 0x0) tkill(r2, 0x3c) ptrace$setregs(0xd, r2, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r2, 0x0, 0x0) 03:19:25 executing program 5: perf_event_open(&(0x7f0000000440)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) openat$vcs(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/vcs\x00', 0x440400, 0x0) ioctl$sock_netdev_private(0xffffffffffffffff, 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r0, 0xae80, 0x0) pipe(0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) close(r1) socket$inet(0x10, 0x0, 0x0) write(0xffffffffffffffff, 0x0, 0x0) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) mkdir(&(0x7f0000000500)='./file1\x00', 0x0) write$binfmt_elf64(r2, &(0x7f0000000080)=ANY=[], 0xce024b8b) link(&(0x7f0000000240)='./file0\x00', &(0x7f0000000000)='./file1/file0\x00') rmdir(&(0x7f0000000140)='./file1\x00') utimes(&(0x7f00000000c0)='./file1\x00', 0x0) write$binfmt_misc(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0xfffffecc) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$KVM_NMI(r0, 0xae9a) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) 03:19:25 executing program 3: r0 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket(0x840000000002, 0x3, 0xff) sendmmsg$inet(r1, &(0x7f0000000640)=[{{&(0x7f0000000000)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x27}}, 0x10, 0x0}}, {{&(0x7f0000000080)={0x2, 0x0, @loopback}, 0x10, 0x0}}], 0x2, 0x24056b96) 03:19:25 executing program 4: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f0000000000)=0x16c, 0x4) bind$inet(r0, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000000280)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000100), 0x4) socket$netlink(0x10, 0x3, 0x12) syz_genetlink_get_family_id$netlbl_unlabel(0x0) sendmsg$NLBL_UNLABEL_C_STATICLIST(0xffffffffffffffff, &(0x7f0000000380)={&(0x7f00000000c0), 0xc, &(0x7f00000001c0)={0x0}, 0x1, 0x0, 0x0, 0x800}, 0x0) recvmsg(r0, &(0x7f0000000240)={&(0x7f0000000040)=@nfc, 0x80, &(0x7f0000000180)=[{&(0x7f0000003ac0)=""/4096, 0xfffffeee}], 0x1, &(0x7f0000000200)=""/20, 0x5, 0x3e8}, 0x100) write$binfmt_elf64(r0, &(0x7f0000002300)=ANY=[@ANYRES64], 0x1000001bd) shutdown(r0, 0x1) 03:19:25 executing program 3: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000100)={0xffffffffffffffff}) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r2, &(0x7f0000003e00)={0x0, 0x0, &(0x7f0000003dc0)={&(0x7f0000000340)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x1405, 0x0, 0x0, {}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_DELTABLE={0x14, 0x2, 0xa, 0x5, 0x0, 0x0, {0xe}}], {0x14}}, 0x5c}}, 0x0) 03:19:25 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='sched\x00') preadv(r0, &(0x7f0000000380)=[{&(0x7f0000000240)=""/123, 0xfffffe65}], 0x1, 0x1000000) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0)='IPVS\x00') sendmsg$IPVS_CMD_FLUSH(r0, &(0x7f0000000500)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="00012bbd7000fcdbdf25114000ff06000f000400000008000900000001000800030004000000"], 0x38}, 0x1, 0x0, 0x0, 0x4000000}, 0x1) getpid() r2 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x7e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r5 = open(&(0x7f0000000240)='./file0\x00', 0x880, 0x0) fchdir(r5) r6 = creat(&(0x7f0000000680)='./bus\x00', 0x0) ftruncate(r6, 0x800) lseek(r6, 0x0, 0x2) r7 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0) sendfile(r6, r7, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0x0) sendmsg$NL80211_CMD_START_SCHED_SCAN(0xffffffffffffffff, &(0x7f0000000440)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000400)={&(0x7f00000006c0)=ANY=[@ANYBLOB="6000000056f3257a4fcfe2f523d172e7d3ccf9f026b82608f14536009793803f9262155f95eda2f906e1adf01794d1dc50d9f94fa2755eb6a78e734497b5d45d20299029657b342cf5048b8df517b8262e43802b6f4fd08e4831281e6744113689ba928193e3524a7b5bb966519233661752defd54145cabdab0049aba08ea9b814907008c1d269b2644bfdc4b8dc013fb936339f53e", @ANYRES16=0x0, @ANYBLOB="007bb5bd7000ffdbdf254b0000000400ec000a000600bbbbbbbbbbbb00000800d20000000700000000eeaaa100000000006a00000008000000000000000800000001000000080000000800000008000000fa02038ea700000103e31f08a3aa2bc5ddfe963acf2808c9a935574177c8d8dc9a540181df1ed1e696607eb8de4875eb"], 0x60}, 0x1, 0x0, 0x0, 0x4080}, 0xa0) 03:19:25 executing program 5: perf_event_open(&(0x7f0000000440)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) openat$vcs(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/vcs\x00', 0x440400, 0x0) ioctl$sock_netdev_private(0xffffffffffffffff, 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r0, 0xae80, 0x0) pipe(0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) close(r1) socket$inet(0x10, 0x0, 0x0) write(0xffffffffffffffff, 0x0, 0x0) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) mkdir(&(0x7f0000000500)='./file1\x00', 0x0) write$binfmt_elf64(r2, &(0x7f0000000080)=ANY=[], 0xce024b8b) link(&(0x7f0000000240)='./file0\x00', &(0x7f0000000000)='./file1/file0\x00') rmdir(&(0x7f0000000140)='./file1\x00') utimes(&(0x7f00000000c0)='./file1\x00', 0x0) write$binfmt_misc(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0xfffffecc) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$KVM_NMI(r0, 0xae9a) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) [ 405.382317][ T7954] attempt to access beyond end of device [ 405.403309][ T7954] loop1: rw=1, want=2833, limit=63 03:19:25 executing program 2: r0 = signalfd4(0xffffffffffffffff, &(0x7f0000006000), 0x8, 0x0) r1 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f000001bff4)) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() wait4(0x0, 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r2, 0x0, 0x0) tkill(r2, 0x3c) ptrace$setregs(0xd, r2, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r2, 0x0, 0x0) [ 405.431717][ T7954] attempt to access beyond end of device [ 405.450713][ T7954] loop1: rw=1, want=5369, limit=63 [ 405.484308][ T7954] attempt to access beyond end of device [ 405.494566][ T7954] loop1: rw=1, want=7417, limit=63 03:19:25 executing program 3: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000100)={0xffffffffffffffff}) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r2, &(0x7f0000003e00)={0x0, 0x0, &(0x7f0000003dc0)={&(0x7f0000000340)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x1405, 0x0, 0x0, {}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_DELTABLE={0x14, 0x2, 0xa, 0x5, 0x0, 0x0, {0xe}}], {0x14}}, 0x5c}}, 0x0) [ 405.529581][ T7954] attempt to access beyond end of device [ 405.540747][ T7954] loop1: rw=1, want=9465, limit=63 03:19:25 executing program 2: r0 = signalfd4(0xffffffffffffffff, &(0x7f0000006000), 0x8, 0x0) r1 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f000001bff4)) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() wait4(0x0, 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r2, 0x0, 0x0) tkill(r2, 0x3c) ptrace$setregs(0xd, r2, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r2, 0x0, 0x0) 03:19:25 executing program 4: sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000002c0)=ANY=[@ANYBLOB="640000001000050700"/20, @ANYRES32=0x0, @ANYBLOB="f70640150000000008000a002e0000003c0012000c00010069703667726500002c00020014000600c4e6f0e1be118746bbbf83fb842f5512140007003210e6b6cb33caba54dd554cc9cf730a75781fdb135d9f9385bd37ee646637d4f64f6e66ea89abe812d529b170410ca772d437de51ce9dad791f61d2aae16ede787945826df07d5276163cf848046f49c06685a41efea01341bd4991c28170c7f069542387e187de1ffa59c5e2a8198d54377853c4edaf9ec437f93245ecb72791ca05152614e3dfb7cac81b9a9e1321df74181788389091e966f5d6355fd24c696a8841b17c68f42ee559b8a567000800000000000000cba07c2e7af6f01537adebd8a4c0c65613ba7357bce41de828504abb58669c978009640517c4f7fe0bd10a651a868d2eb85b6362f6df26809997cb9fc01bfffa2536861ef4f0eb48e9265ba265acd0cc88359d60753e34c303bdd675f501b5081a69980e454a686c07827c832a7b75bacc5853eb25d33a9d0d4c4ff43467ae3741724cb524cc99dbbd6803f89a69aa9927586b89c7db26613284fff4922bd0abcb63dd118eb73b29fb2c6b75d3f1b0ec4278ba75b94cb0ef6dc174e4f25e13a465d70d75cb51143643ae524afecc"], 0x64}}, 0x0) r0 = socket(0x10, 0x800000000080002, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x900, 0x0, &(0x7f0000000100), 0xa, &(0x7f0000000100)}], 0x92492492492483d, 0x0) [ 405.571865][ T7954] attempt to access beyond end of device [ 405.600215][ T7954] loop1: rw=1, want=11513, limit=63 [ 405.622644][ T7954] attempt to access beyond end of device [ 405.675618][ T7954] loop1: rw=1, want=14545, limit=63 [ 405.711398][ T7954] attempt to access beyond end of device [ 405.728552][ T7954] loop1: rw=1, want=16733, limit=63 [ 406.060625][ T27] audit: type=1804 audit(1583119166.061:143): pid=12918 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir486746795/syzkaller.S4NoXv/61/file0/bus" dev="loop1" ino=81 res=1 [ 406.125838][ T27] audit: type=1804 audit(1583119166.121:144): pid=12921 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir486746795/syzkaller.S4NoXv/61/file0/bus" dev="loop1" ino=81 res=1 [ 406.796558][ T21] attempt to access beyond end of device [ 406.802221][ T21] loop1: rw=1, want=4141, limit=63 [ 406.812329][ T21] attempt to access beyond end of device [ 406.818046][ T21] loop1: rw=1, want=6189, limit=63 [ 406.827841][ T21] attempt to access beyond end of device [ 406.833484][ T21] loop1: rw=1, want=8245, limit=63 [ 406.842893][ T21] attempt to access beyond end of device [ 406.849098][ T21] loop1: rw=1, want=10293, limit=63 [ 406.860280][ T21] attempt to access beyond end of device [ 406.865956][ T21] loop1: rw=1, want=13381, limit=63 [ 406.878426][ T21] attempt to access beyond end of device [ 406.884122][ T21] loop1: rw=1, want=17477, limit=63 [ 406.897944][ T21] attempt to access beyond end of device [ 406.903598][ T21] loop1: rw=1, want=21573, limit=63 [ 406.920689][ T21] attempt to access beyond end of device [ 406.926444][ T21] loop1: rw=1, want=27733, limit=63 [ 406.938184][ T21] attempt to access beyond end of device [ 406.943947][ T21] loop1: rw=1, want=30265, limit=63 03:19:28 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000200)="6653070002053c27bc337600363925d86800278dcff47d010000805acf4f8f36460234432479aed75d492b415bcee00a06dc9d8e99adaf81dcfc6afd983f79e65199615607676f8f9fc0ebf8b0b16d6f2c59957ab364884b3c5d05692e664ebf68e6faa5", 0x64}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ptrace$cont(0x7, r0, 0x0, 0x0) 03:19:28 executing program 5: perf_event_open(&(0x7f0000000440)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) openat$vcs(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/vcs\x00', 0x440400, 0x0) ioctl$sock_netdev_private(0xffffffffffffffff, 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) pipe(0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) close(r1) socket$inet(0x10, 0x0, 0x0) write(0xffffffffffffffff, 0x0, 0x0) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) mkdir(&(0x7f0000000500)='./file1\x00', 0x0) write$binfmt_elf64(r2, &(0x7f0000000080)=ANY=[], 0xce024b8b) link(&(0x7f0000000240)='./file0\x00', &(0x7f0000000000)='./file1/file0\x00') rmdir(&(0x7f0000000140)='./file1\x00') utimes(&(0x7f00000000c0)='./file1\x00', 0x0) write$binfmt_misc(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0xfffffecc) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$KVM_NMI(r0, 0xae9a) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) 03:19:28 executing program 2: r0 = signalfd4(0xffffffffffffffff, &(0x7f0000006000), 0x8, 0x0) r1 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f000001bff4)) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() wait4(0x0, 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r2, 0x0, 0x0) tkill(r2, 0x3c) ptrace$setregs(0xd, r2, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r2, 0x0, 0x0) 03:19:28 executing program 3: perf_event_open(&(0x7f0000000300)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000000c0)}}, 0x0, 0xdfffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(0x0, 0x0, 0x5) write$binfmt_misc(r0, &(0x7f0000000a40)=ANY=[@ANYBLOB="5300000044a6aeabec2e1520000000000000001000fff64f17db9820000000003b08d4159c77e899ab4fcb86b35f03f7ff713b27e59aa144175dd106736d17c3f2c876c69995ed6bf30000000025da3f0f87ec6e1356000008004902a181baf9451cd873e9827045631b97a1f61352484b220b345fcb13ef3aecbdeca2dd16be16f805a80ded304b597cdcdc08"], 0x8d) ioprio_get$uid(0x3, 0x0) 03:19:28 executing program 4: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="000000000000000028001200090001007665746800000000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0000b20000100000"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r4, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000100)={0xffffffffffffffff}) r6 = fcntl$dupfd(r5, 0x0, r5) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x58, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {}, {0xf}}, [@filter_kind_options=@f_basic={{0xa, 0x1, 'basic\x00'}, {0x28, 0x2, [@TCA_BASIC_EMATCHES={0x24, 0x2, 0x0, 0x1, [@TCA_EMATCH_TREE_HDR={0x8, 0x1, {0x2e23}}, @TCA_EMATCH_TREE_LIST={0x18, 0x2, 0x0, 0x1, [@TCF_EM_CANID={0x14, 0x1, 0x0, 0x0, {{0x0, 0x7, 0x3}}}]}]}]}}]}, 0x58}}, 0x0) 03:19:28 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='sched\x00') preadv(r0, &(0x7f0000000380)=[{&(0x7f0000000240)=""/123, 0xfffffe65}], 0x1, 0x1000000) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0)='IPVS\x00') sendmsg$IPVS_CMD_FLUSH(r0, &(0x7f0000000500)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="00012bbd7000fcdbdf25114000ff06000f000400000008000900000001000800030004000000"], 0x38}, 0x1, 0x0, 0x0, 0x4000000}, 0x1) sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x7e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r5 = open(&(0x7f0000000240)='./file0\x00', 0x880, 0x0) fchdir(r5) r6 = creat(&(0x7f0000000680)='./bus\x00', 0x0) ftruncate(r6, 0x800) lseek(r6, 0x0, 0x2) r7 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0) sendfile(r6, r7, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0x0) sendmsg$NL80211_CMD_START_SCHED_SCAN(0xffffffffffffffff, &(0x7f0000000440)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000400)={&(0x7f00000006c0)=ANY=[@ANYBLOB="6000000056f3257a4fcfe2f523d172e7d3ccf9f026b82608f14536009793803f9262155f95eda2f906e1adf01794d1dc50d9f94fa2755eb6a78e734497b5d45d20299029657b342cf5048b8df517b8262e43802b6f4fd08e4831281e6744113689ba928193e3524a7b5bb966519233661752defd54145cabdab0049aba08ea9b814907008c1d269b2644bfdc4b8dc013fb936339f53e", @ANYRES16=0x0, @ANYBLOB="007bb5bd7000ffdbdf254b0000000400ec000a000600bbbbbbbbbbbb00000800d20000000700000000eeaaa100000000006a00000008000000000000000800000001000000080000000800000008000000fa02038ea700000103e31f08a3aa2bc5ddfe963acf2808c9a935574177c8d8dc9a540181df1ed1e696607eb8de4875eb"], 0x60}, 0x1, 0x0, 0x0, 0x4080}, 0xa0) 03:19:28 executing program 2: r0 = signalfd4(0xffffffffffffffff, &(0x7f0000006000), 0x8, 0x0) r1 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f000001bff4)) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0xffffffffffffffff, r2, 0x0, 0x0) tkill(r2, 0x3c) ptrace$setregs(0xd, r2, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r2, 0x0, 0x0) 03:19:28 executing program 3: 03:19:28 executing program 5: perf_event_open(&(0x7f0000000440)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) openat$vcs(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/vcs\x00', 0x440400, 0x0) ioctl$sock_netdev_private(0xffffffffffffffff, 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) pipe(0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) close(r1) socket$inet(0x10, 0x0, 0x0) write(0xffffffffffffffff, 0x0, 0x0) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) mkdir(&(0x7f0000000500)='./file1\x00', 0x0) write$binfmt_elf64(r2, &(0x7f0000000080)=ANY=[], 0xce024b8b) link(&(0x7f0000000240)='./file0\x00', &(0x7f0000000000)='./file1/file0\x00') rmdir(&(0x7f0000000140)='./file1\x00') utimes(&(0x7f00000000c0)='./file1\x00', 0x0) write$binfmt_misc(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0xfffffecc) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$KVM_NMI(r0, 0xae9a) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) 03:19:28 executing program 2: r0 = signalfd4(0xffffffffffffffff, &(0x7f0000006000), 0x8, 0x0) r1 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f000001bff4)) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0xffffffffffffffff, r2, 0x0, 0x0) tkill(r2, 0x3c) ptrace$setregs(0xd, r2, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r2, 0x0, 0x0) [ 408.490853][ T27] audit: type=1804 audit(1583119168.491:145): pid=12970 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir486746795/syzkaller.S4NoXv/62/file0/bus" dev="loop1" ino=82 res=1 03:19:28 executing program 4: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="000000000000000028001200090001007665746800000000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0000b20000100000"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r4, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000100)={0xffffffffffffffff}) r6 = fcntl$dupfd(r5, 0x0, r5) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x58, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {}, {0xf}}, [@filter_kind_options=@f_basic={{0xa, 0x1, 'basic\x00'}, {0x28, 0x2, [@TCA_BASIC_EMATCHES={0x24, 0x2, 0x0, 0x1, [@TCA_EMATCH_TREE_HDR={0x8, 0x1, {0x2e23}}, @TCA_EMATCH_TREE_LIST={0x18, 0x2, 0x0, 0x1, [@TCF_EM_CANID={0x14, 0x1, 0x0, 0x0, {{0x0, 0x7, 0x3}}}]}]}]}}]}, 0x58}}, 0x0) 03:19:28 executing program 3: [ 408.686020][ T27] audit: type=1804 audit(1583119168.681:146): pid=13062 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir486746795/syzkaller.S4NoXv/62/file0/bus" dev="loop1" ino=82 res=1 [ 409.174598][ T7954] attempt to access beyond end of device [ 409.180307][ T7954] loop1: rw=1, want=2777, limit=63 [ 409.191166][ T7954] attempt to access beyond end of device [ 409.196844][ T7954] loop1: rw=1, want=5513, limit=63 [ 409.209917][ T7954] attempt to access beyond end of device [ 409.215552][ T7954] loop1: rw=1, want=7561, limit=63 [ 409.224970][ T7954] attempt to access beyond end of device [ 409.230658][ T7954] loop1: rw=1, want=9617, limit=63 [ 409.240376][ T7954] attempt to access beyond end of device [ 409.246607][ T7954] loop1: rw=1, want=11665, limit=63 [ 409.254681][ T7954] attempt to access beyond end of device [ 409.260371][ T7954] loop1: rw=1, want=12933, limit=63 03:19:31 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000200)="6653070002053c27bc337600363925d86800278dcff47d010000805acf4f8f36460234432479aed75d492b415bcee00a06dc9d8e99adaf81dcfc6afd983f79e65199615607676f8f9fc0ebf8b0b16d6f2c59957ab364884b3c5d05692e664ebf68e6faa5", 0x64}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ptrace$cont(0x7, r0, 0x0, 0x0) 03:19:31 executing program 2: r0 = signalfd4(0xffffffffffffffff, &(0x7f0000006000), 0x8, 0x0) r1 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f000001bff4)) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0xffffffffffffffff, r2, 0x0, 0x0) tkill(r2, 0x3c) ptrace$setregs(0xd, r2, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r2, 0x0, 0x0) 03:19:31 executing program 3: 03:19:31 executing program 4: 03:19:31 executing program 5: perf_event_open(&(0x7f0000000440)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) openat$vcs(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/vcs\x00', 0x440400, 0x0) ioctl$sock_netdev_private(0xffffffffffffffff, 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) pipe(0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) close(r1) socket$inet(0x10, 0x0, 0x0) write(0xffffffffffffffff, 0x0, 0x0) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) mkdir(&(0x7f0000000500)='./file1\x00', 0x0) write$binfmt_elf64(r2, &(0x7f0000000080)=ANY=[], 0xce024b8b) link(&(0x7f0000000240)='./file0\x00', &(0x7f0000000000)='./file1/file0\x00') rmdir(&(0x7f0000000140)='./file1\x00') utimes(&(0x7f00000000c0)='./file1\x00', 0x0) write$binfmt_misc(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0xfffffecc) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$KVM_NMI(r0, 0xae9a) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) 03:19:31 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='sched\x00') preadv(r0, &(0x7f0000000380)=[{&(0x7f0000000240)=""/123, 0xfffffe65}], 0x1, 0x1000000) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0)='IPVS\x00') sendmsg$IPVS_CMD_FLUSH(r0, &(0x7f0000000500)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="00012bbd7000fcdbdf25114000ff06000f000400000008000900000001000800030004000000"], 0x38}, 0x1, 0x0, 0x0, 0x4000000}, 0x1) sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x7e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r5 = open(&(0x7f0000000240)='./file0\x00', 0x880, 0x0) fchdir(r5) r6 = creat(&(0x7f0000000680)='./bus\x00', 0x0) ftruncate(r6, 0x800) lseek(r6, 0x0, 0x2) r7 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0) sendfile(r6, r7, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0x0) sendmsg$NL80211_CMD_START_SCHED_SCAN(0xffffffffffffffff, &(0x7f0000000440)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000400)={&(0x7f00000006c0)=ANY=[@ANYBLOB="6000000056f3257a4fcfe2f523d172e7d3ccf9f026b82608f14536009793803f9262155f95eda2f906e1adf01794d1dc50d9f94fa2755eb6a78e734497b5d45d20299029657b342cf5048b8df517b8262e43802b6f4fd08e4831281e6744113689ba928193e3524a7b5bb966519233661752defd54145cabdab0049aba08ea9b814907008c1d269b2644bfdc4b8dc013fb936339f53e", @ANYRES16=0x0, @ANYBLOB="007bb5bd7000ffdbdf254b0000000400ec000a000600bbbbbbbbbbbb00000800d20000000700000000eeaaa100000000006a00000008000000000000000800000001000000080000000800000008000000fa02038ea700000103e31f08a3aa2bc5ddfe963acf2808c9a935574177c8d8dc9a540181df1ed1e696607eb8de4875eb"], 0x60}, 0x1, 0x0, 0x0, 0x4080}, 0xa0) 03:19:31 executing program 2: r0 = signalfd4(0xffffffffffffffff, &(0x7f0000006000), 0x8, 0x0) r1 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f000001bff4)) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, 0x0, 0x0, 0x0) tkill(r2, 0x3c) ptrace$setregs(0xd, r2, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r2, 0x0, 0x0) 03:19:31 executing program 4: 03:19:31 executing program 3: 03:19:31 executing program 2: r0 = signalfd4(0xffffffffffffffff, &(0x7f0000006000), 0x8, 0x0) r1 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f000001bff4)) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, 0x0, 0x0, 0x0) tkill(r2, 0x3c) ptrace$setregs(0xd, r2, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r2, 0x0, 0x0) 03:19:31 executing program 2: r0 = signalfd4(0xffffffffffffffff, &(0x7f0000006000), 0x8, 0x0) r1 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f000001bff4)) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, 0x0, 0x0, 0x0) tkill(r2, 0x3c) ptrace$setregs(0xd, r2, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r2, 0x0, 0x0) [ 411.619597][ T27] audit: type=1804 audit(1583119171.621:147): pid=13217 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir486746795/syzkaller.S4NoXv/63/file0/bus" dev="loop1" ino=83 res=1 03:19:31 executing program 2: r0 = signalfd4(0xffffffffffffffff, &(0x7f0000006000), 0x8, 0x0) r1 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f000001bff4)) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, r2, 0x0, 0x0) tkill(0x0, 0x3c) ptrace$setregs(0xd, r2, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r2, 0x0, 0x0) [ 411.694560][ T27] audit: type=1804 audit(1583119171.681:148): pid=13302 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir486746795/syzkaller.S4NoXv/63/file0/bus" dev="loop1" ino=83 res=1 03:19:34 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000200)="6653070002053c27bc337600363925d86800278dcff47d010000805acf4f8f36460234432479aed75d492b415bcee00a06dc9d8e99adaf81dcfc6afd983f79e65199615607676f8f9fc0ebf8b0b16d6f2c59957ab364884b3c5d05692e664ebf68e6faa5", 0x64}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ptrace$cont(0x7, r0, 0x0, 0x0) 03:19:34 executing program 5: perf_event_open(&(0x7f0000000440)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) openat$vcs(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/vcs\x00', 0x440400, 0x0) ioctl$sock_netdev_private(0xffffffffffffffff, 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$KVM_RUN(r0, 0xae80, 0x0) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) pipe(0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) close(r1) socket$inet(0x10, 0x0, 0x0) write(0xffffffffffffffff, 0x0, 0x0) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) mkdir(&(0x7f0000000500)='./file1\x00', 0x0) write$binfmt_elf64(r2, &(0x7f0000000080)=ANY=[], 0xce024b8b) link(&(0x7f0000000240)='./file0\x00', &(0x7f0000000000)='./file1/file0\x00') rmdir(&(0x7f0000000140)='./file1\x00') utimes(&(0x7f00000000c0)='./file1\x00', 0x0) write$binfmt_misc(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0xfffffecc) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$KVM_NMI(r0, 0xae9a) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) 03:19:34 executing program 3: 03:19:34 executing program 4: 03:19:34 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='sched\x00') preadv(r0, &(0x7f0000000380)=[{&(0x7f0000000240)=""/123, 0xfffffe65}], 0x1, 0x1000000) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0)='IPVS\x00') sendmsg$IPVS_CMD_FLUSH(r0, &(0x7f0000000500)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="00012bbd7000fcdbdf25114000ff06000f000400000008000900000001000800030004000000"], 0x38}, 0x1, 0x0, 0x0, 0x4000000}, 0x1) sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x7e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r5 = open(&(0x7f0000000240)='./file0\x00', 0x880, 0x0) fchdir(r5) r6 = creat(&(0x7f0000000680)='./bus\x00', 0x0) ftruncate(r6, 0x800) lseek(r6, 0x0, 0x2) r7 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0) sendfile(r6, r7, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0x0) sendmsg$NL80211_CMD_START_SCHED_SCAN(0xffffffffffffffff, &(0x7f0000000440)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000400)={&(0x7f00000006c0)=ANY=[@ANYBLOB="6000000056f3257a4fcfe2f523d172e7d3ccf9f026b82608f14536009793803f9262155f95eda2f906e1adf01794d1dc50d9f94fa2755eb6a78e734497b5d45d20299029657b342cf5048b8df517b8262e43802b6f4fd08e4831281e6744113689ba928193e3524a7b5bb966519233661752defd54145cabdab0049aba08ea9b814907008c1d269b2644bfdc4b8dc013fb936339f53e", @ANYRES16=0x0, @ANYBLOB="007bb5bd7000ffdbdf254b0000000400ec000a000600bbbbbbbbbbbb00000800d20000000700000000eeaaa100000000006a00000008000000000000000800000001000000080000000800000008000000fa02038ea700000103e31f08a3aa2bc5ddfe963acf2808c9a935574177c8d8dc9a540181df1ed1e696607eb8de4875eb"], 0x60}, 0x1, 0x0, 0x0, 0x4080}, 0xa0) 03:19:34 executing program 4: 03:19:34 executing program 3: [ 414.617142][ T27] audit: type=1804 audit(1583119174.611:149): pid=13325 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir486746795/syzkaller.S4NoXv/64/file0/bus" dev="loop1" ino=84 res=1 03:19:34 executing program 4: 03:19:34 executing program 5: perf_event_open(&(0x7f0000000440)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) openat$vcs(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/vcs\x00', 0x440400, 0x0) ioctl$sock_netdev_private(0xffffffffffffffff, 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$KVM_RUN(r0, 0xae80, 0x0) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) pipe(0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) close(r1) socket$inet(0x10, 0x0, 0x0) write(0xffffffffffffffff, 0x0, 0x0) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) mkdir(&(0x7f0000000500)='./file1\x00', 0x0) write$binfmt_elf64(r2, &(0x7f0000000080)=ANY=[], 0xce024b8b) link(&(0x7f0000000240)='./file0\x00', &(0x7f0000000000)='./file1/file0\x00') rmdir(&(0x7f0000000140)='./file1\x00') utimes(&(0x7f00000000c0)='./file1\x00', 0x0) write$binfmt_misc(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0xfffffecc) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$KVM_NMI(r0, 0xae9a) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) [ 414.712078][ T27] audit: type=1804 audit(1583119174.691:150): pid=13429 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir486746795/syzkaller.S4NoXv/64/file0/bus" dev="loop1" ino=84 res=1 03:19:34 executing program 3: 03:19:34 executing program 2: r0 = signalfd4(0xffffffffffffffff, &(0x7f0000006000), 0x8, 0x0) r1 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f000001bff4)) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, r2, 0x0, 0x0) tkill(0x0, 0x3c) ptrace$setregs(0xd, r2, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r2, 0x0, 0x0) 03:19:34 executing program 4: [ 415.345937][ T7954] attempt to access beyond end of device [ 415.351657][ T7954] loop1: rw=1, want=2777, limit=63 [ 415.361495][ T7954] attempt to access beyond end of device [ 415.367272][ T7954] loop1: rw=1, want=4841, limit=63 [ 415.376753][ T7954] attempt to access beyond end of device [ 415.382391][ T7954] loop1: rw=1, want=6913, limit=63 [ 415.392158][ T7954] attempt to access beyond end of device [ 415.397805][ T7954] loop1: rw=1, want=9169, limit=63 [ 415.407747][ T7954] attempt to access beyond end of device [ 415.413389][ T7954] loop1: rw=1, want=11217, limit=63 [ 415.421602][ T7954] attempt to access beyond end of device [ 415.427253][ T7954] loop1: rw=1, want=12497, limit=63 03:19:37 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000200)="6653070002053c27bc337600363925d86800278dcff47d010000805acf4f8f36460234432479aed75d492b415bcee00a06dc9d8e99adaf81dcfc6afd983f79e65199615607676f8f9fc0ebf8b0b16d6f2c59957ab364884b3c5d05692e664ebf68e6faa5", 0x64}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ptrace$cont(0x7, r0, 0x0, 0x0) 03:19:37 executing program 3: 03:19:37 executing program 4: 03:19:37 executing program 5: perf_event_open(&(0x7f0000000440)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) openat$vcs(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/vcs\x00', 0x440400, 0x0) ioctl$sock_netdev_private(0xffffffffffffffff, 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$KVM_RUN(r0, 0xae80, 0x0) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) pipe(0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) close(r1) socket$inet(0x10, 0x0, 0x0) write(0xffffffffffffffff, 0x0, 0x0) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) mkdir(&(0x7f0000000500)='./file1\x00', 0x0) write$binfmt_elf64(r2, &(0x7f0000000080)=ANY=[], 0xce024b8b) link(&(0x7f0000000240)='./file0\x00', &(0x7f0000000000)='./file1/file0\x00') rmdir(&(0x7f0000000140)='./file1\x00') utimes(&(0x7f00000000c0)='./file1\x00', 0x0) write$binfmt_misc(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0xfffffecc) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$KVM_NMI(r0, 0xae9a) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) 03:19:37 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='sched\x00') preadv(r0, &(0x7f0000000380)=[{&(0x7f0000000240)=""/123, 0xfffffe65}], 0x1, 0x1000000) syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0)='IPVS\x00') r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x7e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r5 = open(&(0x7f0000000240)='./file0\x00', 0x880, 0x0) fchdir(r5) r6 = creat(&(0x7f0000000680)='./bus\x00', 0x0) ftruncate(r6, 0x800) lseek(r6, 0x0, 0x2) r7 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0) sendfile(r6, r7, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0x0) sendmsg$NL80211_CMD_START_SCHED_SCAN(0xffffffffffffffff, &(0x7f0000000440)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000400)={&(0x7f00000006c0)=ANY=[@ANYBLOB="6000000056f3257a4fcfe2f523d172e7d3ccf9f026b82608f14536009793803f9262155f95eda2f906e1adf01794d1dc50d9f94fa2755eb6a78e734497b5d45d20299029657b342cf5048b8df517b8262e43802b6f4fd08e4831281e6744113689ba928193e3524a7b5bb966519233661752defd54145cabdab0049aba08ea9b814907008c1d269b2644bfdc4b8dc013fb936339f53e", @ANYRES16=0x0, @ANYBLOB="007bb5bd7000ffdbdf254b0000000400ec000a000600bbbbbbbbbbbb00000800d20000000700000000eeaaa100000000006a00000008000000000000000800000001000000080000000800000008000000fa02038ea700000103e31f08a3aa2bc5ddfe963acf2808c9a935574177c8d8dc9a540181df1ed1e696607eb8de4875eb"], 0x60}, 0x1, 0x0, 0x0, 0x4080}, 0xa0) 03:19:37 executing program 3: 03:19:37 executing program 4: [ 417.689025][ T27] audit: type=1804 audit(1583119177.691:151): pid=13635 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir486746795/syzkaller.S4NoXv/65/file0/bus" dev="loop1" ino=85 res=1 03:19:37 executing program 3: [ 417.833617][ T27] audit: type=1804 audit(1583119177.761:152): pid=13670 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir486746795/syzkaller.S4NoXv/65/file0/bus" dev="loop1" ino=85 res=1 03:19:37 executing program 4: 03:19:37 executing program 5: perf_event_open(&(0x7f0000000440)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) openat$vcs(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/vcs\x00', 0x440400, 0x0) ioctl$sock_netdev_private(0xffffffffffffffff, 0x0, 0x0) wait4(0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r0, 0xae80, 0x0) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) pipe(0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) close(r1) socket$inet(0x10, 0x0, 0x0) write(0xffffffffffffffff, 0x0, 0x0) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) mkdir(&(0x7f0000000500)='./file1\x00', 0x0) write$binfmt_elf64(r2, &(0x7f0000000080)=ANY=[], 0xce024b8b) link(&(0x7f0000000240)='./file0\x00', &(0x7f0000000000)='./file1/file0\x00') rmdir(&(0x7f0000000140)='./file1\x00') utimes(&(0x7f00000000c0)='./file1\x00', 0x0) write$binfmt_misc(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0xfffffecc) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$KVM_NMI(r0, 0xae9a) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) 03:19:38 executing program 2: r0 = signalfd4(0xffffffffffffffff, &(0x7f0000006000), 0x8, 0x0) r1 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f000001bff4)) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, r2, 0x0, 0x0) tkill(0x0, 0x3c) ptrace$setregs(0xd, r2, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r2, 0x0, 0x0) 03:19:38 executing program 3: [ 418.453455][ T7954] attempt to access beyond end of device [ 418.471513][ T7954] loop1: rw=1, want=3881, limit=63 [ 418.499557][ T7954] attempt to access beyond end of device [ 418.505226][ T7954] loop1: rw=1, want=5945, limit=63 [ 418.534895][ T7954] attempt to access beyond end of device [ 418.542922][ T7954] loop1: rw=1, want=8001, limit=63 [ 418.555392][ T7954] attempt to access beyond end of device [ 418.561215][ T7954] loop1: rw=1, want=10049, limit=63 [ 418.577360][ T7954] attempt to access beyond end of device [ 418.585096][ T7954] loop1: rw=1, want=13497, limit=63 [ 418.602367][ T7954] attempt to access beyond end of device [ 418.608058][ T7954] loop1: rw=1, want=17409, limit=63 [ 418.623585][ T7954] attempt to access beyond end of device [ 418.629262][ T7954] loop1: rw=1, want=21505, limit=63 [ 418.641885][ T7954] attempt to access beyond end of device [ 418.647599][ T7954] loop1: rw=1, want=23837, limit=63 03:19:40 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000200)="6653070002053c27bc337600363925d86800278dcff47d010000805acf4f8f36460234432479aed75d492b415bcee00a06dc9d8e99adaf81dcfc6afd983f79e65199615607676f8f9fc0ebf8b0b16d6f2c59957ab364884b3c5d05692e664ebf68e6faa5", 0x64}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ptrace$cont(0x7, r0, 0x0, 0x0) 03:19:40 executing program 4: 03:19:40 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='sched\x00') preadv(r0, &(0x7f0000000380)=[{&(0x7f0000000240)=""/123, 0xfffffe65}], 0x1, 0x1000000) syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0)='IPVS\x00') r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x7e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r5 = open(&(0x7f0000000240)='./file0\x00', 0x880, 0x0) fchdir(r5) r6 = creat(&(0x7f0000000680)='./bus\x00', 0x0) ftruncate(r6, 0x800) lseek(r6, 0x0, 0x2) r7 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0) sendfile(r6, r7, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0x0) sendmsg$NL80211_CMD_START_SCHED_SCAN(0xffffffffffffffff, &(0x7f0000000440)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000400)={&(0x7f00000006c0)=ANY=[@ANYBLOB="6000000056f3257a4fcfe2f523d172e7d3ccf9f026b82608f14536009793803f9262155f95eda2f906e1adf01794d1dc50d9f94fa2755eb6a78e734497b5d45d20299029657b342cf5048b8df517b8262e43802b6f4fd08e4831281e6744113689ba928193e3524a7b5bb966519233661752defd54145cabdab0049aba08ea9b814907008c1d269b2644bfdc4b8dc013fb936339f53e", @ANYRES16=0x0, @ANYBLOB="007bb5bd7000ffdbdf254b0000000400ec000a000600bbbbbbbbbbbb00000800d20000000700000000eeaaa100000000006a00000008000000000000000800000001000000080000000800000008000000fa02038ea700000103e31f08a3aa2bc5ddfe963acf2808c9a935574177c8d8dc9a540181df1ed1e696607eb8de4875eb"], 0x60}, 0x1, 0x0, 0x0, 0x4080}, 0xa0) 03:19:40 executing program 3: 03:19:40 executing program 2: r0 = signalfd4(0xffffffffffffffff, &(0x7f0000006000), 0x8, 0x0) r1 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f000001bff4)) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, r2, 0x0, 0x0) tkill(r2, 0x0) ptrace$setregs(0xd, r2, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r2, 0x0, 0x0) 03:19:40 executing program 5: perf_event_open(&(0x7f0000000440)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) openat$vcs(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/vcs\x00', 0x440400, 0x0) ioctl$sock_netdev_private(0xffffffffffffffff, 0x0, 0x0) wait4(0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r0, 0xae80, 0x0) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) pipe(0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) close(r1) socket$inet(0x10, 0x0, 0x0) write(0xffffffffffffffff, 0x0, 0x0) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) mkdir(&(0x7f0000000500)='./file1\x00', 0x0) write$binfmt_elf64(r2, &(0x7f0000000080)=ANY=[], 0xce024b8b) link(&(0x7f0000000240)='./file0\x00', &(0x7f0000000000)='./file1/file0\x00') rmdir(&(0x7f0000000140)='./file1\x00') utimes(&(0x7f00000000c0)='./file1\x00', 0x0) write$binfmt_misc(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0xfffffecc) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$KVM_NMI(r0, 0xae9a) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) 03:19:40 executing program 4: 03:19:40 executing program 3: [ 420.775369][ T27] audit: type=1804 audit(1583119180.771:153): pid=13856 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir486746795/syzkaller.S4NoXv/66/file0/bus" dev="loop1" ino=86 res=1 [ 420.829425][ T27] audit: type=1804 audit(1583119180.821:154): pid=13910 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir486746795/syzkaller.S4NoXv/66/file0/bus" dev="loop1" ino=86 res=1 03:19:40 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x100000008d}, 0x0) getpid() pipe(&(0x7f0000000100)) sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(0xffffffffffffffff, &(0x7f00000003c0)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x400c0800}, 0xc, &(0x7f00000002c0)={&(0x7f00000004c0)=ANY=[@ANYBLOB="63d7a6c0e8b58acfbad7e08db3f404e33eb03fd624b7c0e773c42a908de50c08b3235443a19680f015c200b5b50b2dc165dc1f55b7309a38588fa9d14c2db962f9c96fdd84b21419068621ea599c409b50db907b47098c9b7382b4eddff637b96209b1"], 0x1}}, 0x44894) dup2(0xffffffffffffffff, 0xffffffffffffffff) gettid() ptrace$PTRACE_SECCOMP_GET_METADATA(0x420d, 0x0, 0x10, &(0x7f00000000c0)) r0 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r0, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) ioctl$KDGETLED(0xffffffffffffffff, 0x4b31, 0x0) write(r2, &(0x7f0000000340), 0x41395527) open(&(0x7f000000fffa)='./bus\x00', 0x141042, 0x0) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) r3 = creat(&(0x7f0000000000)='./file0\x00', 0x100) ftruncate(r3, 0x3) r4 = openat(r3, &(0x7f0000000880)='./file0\x00', 0x6240c2, 0x0) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000900)='nl80211\x00') r6 = socket$packet(0x11, 0x3, 0x300) bind(0xffffffffffffffff, &(0x7f0000000140)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) setsockopt$packet_add_memb(r6, 0x107, 0x1, &(0x7f0000000040)={0x0, 0x1, 0x6, @local}, 0x10) sendmsg$NL80211_CMD_SET_MPATH(r4, &(0x7f0000000a00)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x10000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x10}, 0x4004) getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000000040)={0x0, @local, @local}, &(0x7f0000000080)=0xc) bind$packet(0xffffffffffffffff, &(0x7f0000000140)={0x11, 0x0, r7, 0x1, 0x0, 0x6, @remote}, 0x14) clock_gettime(0x0, &(0x7f0000003cc0)={0x0, 0x0}) recvmmsg(0xffffffffffffffff, &(0x7f0000003b00)=[{{&(0x7f0000000600)=@in={0x2, 0x0, @multicast1}, 0x80, &(0x7f0000000380)=[{&(0x7f0000000900)=""/177, 0xb1}], 0x1, &(0x7f00000009c0)=""/202, 0xca}, 0xcb4}, {{&(0x7f0000000740)=@can={0x1d, 0x0}, 0x80, &(0x7f0000000400)=[{&(0x7f0000000ac0)=""/228, 0xe4}], 0x1, &(0x7f0000000480)=""/20, 0x14}, 0x800}, {{0x0, 0x0, &(0x7f0000000e80)=[{&(0x7f0000000c40)=""/116, 0x74}, {&(0x7f0000000cc0)=""/211, 0xd3}, {&(0x7f0000000dc0)=""/168, 0xa8}], 0x3}}, {{&(0x7f0000000f80)=@ipx, 0x80, &(0x7f0000001100)=[{0x0}], 0x1, &(0x7f0000001140)=""/132, 0x84}, 0x2}, {{&(0x7f0000001200)=@xdp, 0x80, &(0x7f0000003400)=[{&(0x7f0000001280)=""/4096, 0x1000}, {&(0x7f0000002280)=""/134, 0x86}, {&(0x7f0000002340)=""/4096, 0x1000}, {&(0x7f0000003340)=""/19, 0x13}, {&(0x7f0000003380)}, {&(0x7f00000033c0)=""/23, 0x17}], 0x6, &(0x7f0000003480)=""/74, 0x4a}, 0x3}, {{&(0x7f0000003500)=@sco={0x1f, @none}, 0x80, 0x0, 0x0, &(0x7f0000003840)=""/181, 0xb5}}, {{&(0x7f0000003900)=@ethernet={0x0, @remote}, 0x80, &(0x7f0000003a40)=[{&(0x7f0000003980)=""/69, 0x45}, {0x0}], 0x2, &(0x7f0000003a80)=""/82, 0x52}}], 0x7, 0x100, &(0x7f0000003d00)={r8, r9+30000000}) getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000003380)={0x0, @local, @local}, &(0x7f0000000080)=0xc) bind$packet(0xffffffffffffffff, &(0x7f0000000140)={0x11, 0x0, r11, 0x1, 0x0, 0x6, @remote}, 0x14) r12 = syz_open_dev$usbmon(0x0, 0x0, 0x0) mmap(&(0x7f0000a05000/0x400000)=nil, 0x40031c, 0x0, 0x8012, r12, 0x0) ioctl$MON_IOCT_RING_SIZE(r12, 0x9204, 0xb0398) r13 = syz_open_dev$usbmon(&(0x7f00008be000)='/dev/usbmon#\x00', 0x0, 0x0) mmap(&(0x7f0000a05000/0x400000)=nil, 0x40031c, 0x0, 0x8012, r13, 0x0) ioctl$MON_IOCT_RING_SIZE(r13, 0x9204, 0xb0398) r14 = syz_open_dev$usbmon(&(0x7f00008be000)='/dev/usbmon#\x00', 0x0, 0x0) mmap(&(0x7f0000a05000/0x400000)=nil, 0x40031c, 0x0, 0x8012, r14, 0x0) ioctl$MON_IOCT_RING_SIZE(r14, 0x9204, 0x0) sendmsg$NL80211_CMD_GET_INTERFACE(0xffffffffffffffff, &(0x7f0000003dc0)={0x0, 0x0, &(0x7f0000003d80)={&(0x7f0000003e00)=ANY=[@ANYBLOB='4\x00', @ANYRES16=r5, @ANYPTR64=&(0x7f0000003d40)=ANY=[@ANYRES16, @ANYPTR=&(0x7f0000003ec0)=ANY=[@ANYPTR, @ANYRES16=0x0, @ANYBLOB="f463c91d140e4700b1044cb52d05b1790c0afab3c1c3c7662fd543a74c73a7cf4a255e23d7079ce58df612a2018e3b63a5e218336980494bf164250756f4d50174a66fbfb24753f82090b8c393da96db8186ab413db039e0c5bd76d858e3ff6c8c914e3f779a49828a0335d07af6747e25276e475d58c98681a946b5faabe2591b260e20dc185aa625c04cbb7d2be0f6ec2e63a7d2d77b963d67d0e4d9adb05df90d0a", @ANYRESHEX=r12, @ANYRES16=0x0, @ANYRES16=r13, @ANYRESOCT=r14, @ANYRES16]], @ANYRES32=r7, @ANYBLOB='\x00\x00\x00\x00', @ANYRES32=r10, @ANYBLOB="080001000100000008002115ad3933c81810ce82a293111a788b83c50688f2245460c0204e27d20fe7dc385a94dc69f9d18709dc645fa66cc483e4d587bd7b0d195866141be7be78fb4a7d76f5a054d84c7dabcdb2611c153b56", @ANYRES32=r11, @ANYBLOB], 0x9}, 0x1, 0x0, 0x0, 0x2000c881}, 0x1) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) request_key(&(0x7f0000000180)='dns_resolver\x00', &(0x7f00000001c0)={'syz', 0x0}, &(0x7f0000000340)='[\'eth1-#\x00', 0xffffffffffffffff) syz_mount_image$ext4(0x0, 0x0, 0x7, 0x1, &(0x7f00000007c0)=[{&(0x7f0000000680)="62f23e748cdfecc0d3bcb88248f9f8f8e8ba030000000000001dcdc6041c8d8a0957939950c15c7ac6360c7820e1d5957ba4167f17600b58767db91e29eb92a20f86dddfb0f8dda322d3ddeadba924051c7894f228f090746b1a55e851e7dcaae4d8411f6806d216b4f2e7eca231a30142ee9bb4bb5598a94336a99790d3b77dcda45483c1fb1194c56ddfddb587442754e6c815", 0xfffffd92, 0xb6}], 0x80000, 0x0) socket$inet(0x2, 0x0, 0x2) 03:19:40 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) pwritev(0xffffffffffffffff, &(0x7f0000000340)=[{&(0x7f0000000140)}], 0x1, 0x0) r4 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r4, &(0x7f0000000040)={0x2, 0x0, @remote}, 0x10) sendmmsg(r4, &(0x7f0000006d00), 0x800000000000237, 0x1ffffffe) setsockopt$inet_mreq(0xffffffffffffffff, 0x0, 0x4, 0x0, 0x0) 03:19:41 executing program 5: perf_event_open(&(0x7f0000000440)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) openat$vcs(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/vcs\x00', 0x440400, 0x0) ioctl$sock_netdev_private(0xffffffffffffffff, 0x0, 0x0) wait4(0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r0, 0xae80, 0x0) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) pipe(0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) close(r1) socket$inet(0x10, 0x0, 0x0) write(0xffffffffffffffff, 0x0, 0x0) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) mkdir(&(0x7f0000000500)='./file1\x00', 0x0) write$binfmt_elf64(r2, &(0x7f0000000080)=ANY=[], 0xce024b8b) link(&(0x7f0000000240)='./file0\x00', &(0x7f0000000000)='./file1/file0\x00') rmdir(&(0x7f0000000140)='./file1\x00') utimes(&(0x7f00000000c0)='./file1\x00', 0x0) write$binfmt_misc(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0xfffffecc) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$KVM_NMI(r0, 0xae9a) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) 03:19:41 executing program 5: perf_event_open(&(0x7f0000000440)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) openat$vcs(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/vcs\x00', 0x440400, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r0, 0xae80, 0x0) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) pipe(0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) close(r1) socket$inet(0x10, 0x0, 0x0) write(0xffffffffffffffff, 0x0, 0x0) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) mkdir(&(0x7f0000000500)='./file1\x00', 0x0) write$binfmt_elf64(r2, &(0x7f0000000080)=ANY=[], 0xce024b8b) link(&(0x7f0000000240)='./file0\x00', &(0x7f0000000000)='./file1/file0\x00') rmdir(&(0x7f0000000140)='./file1\x00') utimes(&(0x7f00000000c0)='./file1\x00', 0x0) write$binfmt_misc(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0xfffffecc) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$KVM_NMI(r0, 0xae9a) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) [ 421.533868][ T7954] attempt to access beyond end of device [ 421.548332][ T7954] loop1: rw=1, want=3753, limit=63 [ 421.579372][ T7954] attempt to access beyond end of device [ 421.585244][ T7954] loop1: rw=1, want=5809, limit=63 [ 421.599906][ T7954] attempt to access beyond end of device [ 421.606226][ T7954] loop1: rw=1, want=7873, limit=63 [ 421.620739][ T7954] attempt to access beyond end of device [ 421.626571][ T7954] loop1: rw=1, want=9921, limit=63 [ 421.641023][ T7954] attempt to access beyond end of device [ 421.646993][ T7954] loop1: rw=1, want=11969, limit=63 [ 421.660028][ T7954] attempt to access beyond end of device [ 421.666070][ T7954] loop1: rw=1, want=14353, limit=63 [ 421.682212][ T7954] attempt to access beyond end of device [ 421.688736][ T7954] loop1: rw=1, want=18217, limit=63 [ 421.717527][ T7954] attempt to access beyond end of device [ 421.723374][ T7954] loop1: rw=1, want=23329, limit=63 03:19:43 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000200)="6653070002053c27bc337600363925d86800278dcff47d010000805acf4f8f36460234432479aed75d492b415bcee00a06dc9d8e99adaf81dcfc6afd983f79e65199615607676f8f9fc0ebf8b0b16d6f2c59957ab364884b3c5d05692e664ebf68e6faa5", 0x64}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ptrace$cont(0x7, r0, 0x0, 0x0) 03:19:43 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='sched\x00') preadv(r0, &(0x7f0000000380)=[{&(0x7f0000000240)=""/123, 0xfffffe65}], 0x1, 0x1000000) syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0)='IPVS\x00') r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x7e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r5 = open(&(0x7f0000000240)='./file0\x00', 0x880, 0x0) fchdir(r5) r6 = creat(&(0x7f0000000680)='./bus\x00', 0x0) ftruncate(r6, 0x800) lseek(r6, 0x0, 0x2) r7 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0) sendfile(r6, r7, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0x0) sendmsg$NL80211_CMD_START_SCHED_SCAN(0xffffffffffffffff, &(0x7f0000000440)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000400)={&(0x7f00000006c0)=ANY=[@ANYBLOB="6000000056f3257a4fcfe2f523d172e7d3ccf9f026b82608f14536009793803f9262155f95eda2f906e1adf01794d1dc50d9f94fa2755eb6a78e734497b5d45d20299029657b342cf5048b8df517b8262e43802b6f4fd08e4831281e6744113689ba928193e3524a7b5bb966519233661752defd54145cabdab0049aba08ea9b814907008c1d269b2644bfdc4b8dc013fb936339f53e", @ANYRES16=0x0, @ANYBLOB="007bb5bd7000ffdbdf254b0000000400ec000a000600bbbbbbbbbbbb00000800d20000000700000000eeaaa100000000006a00000008000000000000000800000001000000080000000800000008000000fa02038ea700000103e31f08a3aa2bc5ddfe963acf2808c9a935574177c8d8dc9a540181df1ed1e696607eb8de4875eb"], 0x60}, 0x1, 0x0, 0x0, 0x4080}, 0xa0) 03:19:43 executing program 5: perf_event_open(&(0x7f0000000440)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) openat$vcs(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/vcs\x00', 0x440400, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r0, 0xae80, 0x0) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) pipe(0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) close(r1) socket$inet(0x10, 0x0, 0x0) write(0xffffffffffffffff, 0x0, 0x0) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) mkdir(&(0x7f0000000500)='./file1\x00', 0x0) write$binfmt_elf64(r2, &(0x7f0000000080)=ANY=[], 0xce024b8b) link(&(0x7f0000000240)='./file0\x00', &(0x7f0000000000)='./file1/file0\x00') rmdir(&(0x7f0000000140)='./file1\x00') utimes(&(0x7f00000000c0)='./file1\x00', 0x0) write$binfmt_misc(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0xfffffecc) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$KVM_NMI(r0, 0xae9a) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) 03:19:43 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x100000008d}, 0x0) getpid() pipe(&(0x7f0000000100)) sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(0xffffffffffffffff, &(0x7f00000003c0)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x400c0800}, 0xc, &(0x7f00000002c0)={&(0x7f00000004c0)=ANY=[@ANYBLOB="63d7a6c0e8b58acfbad7e08db3f404e33eb03fd624b7c0e773c42a908de50c08b3235443a19680f015c200b5b50b2dc165dc1f55b7309a38588fa9d14c2db962f9c96fdd84b21419068621ea599c409b50db907b47098c9b7382b4eddff637b96209b1"], 0x1}}, 0x44894) dup2(0xffffffffffffffff, 0xffffffffffffffff) gettid() ptrace$PTRACE_SECCOMP_GET_METADATA(0x420d, 0x0, 0x10, &(0x7f00000000c0)) r0 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r0, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) ioctl$KDGETLED(0xffffffffffffffff, 0x4b31, 0x0) write(r2, &(0x7f0000000340), 0x41395527) open(&(0x7f000000fffa)='./bus\x00', 0x141042, 0x0) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) r3 = creat(&(0x7f0000000000)='./file0\x00', 0x100) ftruncate(r3, 0x3) r4 = openat(r3, &(0x7f0000000880)='./file0\x00', 0x6240c2, 0x0) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000900)='nl80211\x00') r6 = socket$packet(0x11, 0x3, 0x300) bind(0xffffffffffffffff, &(0x7f0000000140)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) setsockopt$packet_add_memb(r6, 0x107, 0x1, &(0x7f0000000040)={0x0, 0x1, 0x6, @local}, 0x10) sendmsg$NL80211_CMD_SET_MPATH(r4, &(0x7f0000000a00)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x10000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x10}, 0x4004) getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000000040)={0x0, @local, @local}, &(0x7f0000000080)=0xc) bind$packet(0xffffffffffffffff, &(0x7f0000000140)={0x11, 0x0, r7, 0x1, 0x0, 0x6, @remote}, 0x14) clock_gettime(0x0, &(0x7f0000003cc0)={0x0, 0x0}) recvmmsg(0xffffffffffffffff, &(0x7f0000003b00)=[{{&(0x7f0000000600)=@in={0x2, 0x0, @multicast1}, 0x80, &(0x7f0000000380)=[{&(0x7f0000000900)=""/177, 0xb1}], 0x1, &(0x7f00000009c0)=""/202, 0xca}, 0xcb4}, {{&(0x7f0000000740)=@can={0x1d, 0x0}, 0x80, &(0x7f0000000400)=[{&(0x7f0000000ac0)=""/228, 0xe4}], 0x1, &(0x7f0000000480)=""/20, 0x14}, 0x800}, {{0x0, 0x0, &(0x7f0000000e80)=[{&(0x7f0000000c40)=""/116, 0x74}, {&(0x7f0000000cc0)=""/211, 0xd3}, {&(0x7f0000000dc0)=""/168, 0xa8}], 0x3}}, {{&(0x7f0000000f80)=@ipx, 0x80, &(0x7f0000001100)=[{0x0}], 0x1, &(0x7f0000001140)=""/132, 0x84}, 0x2}, {{&(0x7f0000001200)=@xdp, 0x80, &(0x7f0000003400)=[{&(0x7f0000001280)=""/4096, 0x1000}, {&(0x7f0000002280)=""/134, 0x86}, {&(0x7f0000002340)=""/4096, 0x1000}, {&(0x7f0000003340)=""/19, 0x13}, {&(0x7f0000003380)}, {&(0x7f00000033c0)=""/23, 0x17}], 0x6, &(0x7f0000003480)=""/74, 0x4a}, 0x3}, {{&(0x7f0000003500)=@sco={0x1f, @none}, 0x80, 0x0, 0x0, &(0x7f0000003840)=""/181, 0xb5}}, {{&(0x7f0000003900)=@ethernet={0x0, @remote}, 0x80, &(0x7f0000003a40)=[{&(0x7f0000003980)=""/69, 0x45}, {0x0}], 0x2, &(0x7f0000003a80)=""/82, 0x52}}], 0x7, 0x100, &(0x7f0000003d00)={r8, r9+30000000}) getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000003380)={0x0, @local, @local}, &(0x7f0000000080)=0xc) bind$packet(0xffffffffffffffff, &(0x7f0000000140)={0x11, 0x0, r11, 0x1, 0x0, 0x6, @remote}, 0x14) r12 = syz_open_dev$usbmon(0x0, 0x0, 0x0) mmap(&(0x7f0000a05000/0x400000)=nil, 0x40031c, 0x0, 0x8012, r12, 0x0) ioctl$MON_IOCT_RING_SIZE(r12, 0x9204, 0xb0398) r13 = syz_open_dev$usbmon(&(0x7f00008be000)='/dev/usbmon#\x00', 0x0, 0x0) mmap(&(0x7f0000a05000/0x400000)=nil, 0x40031c, 0x0, 0x8012, r13, 0x0) ioctl$MON_IOCT_RING_SIZE(r13, 0x9204, 0xb0398) r14 = syz_open_dev$usbmon(&(0x7f00008be000)='/dev/usbmon#\x00', 0x0, 0x0) mmap(&(0x7f0000a05000/0x400000)=nil, 0x40031c, 0x0, 0x8012, r14, 0x0) ioctl$MON_IOCT_RING_SIZE(r14, 0x9204, 0x0) sendmsg$NL80211_CMD_GET_INTERFACE(0xffffffffffffffff, &(0x7f0000003dc0)={0x0, 0x0, &(0x7f0000003d80)={&(0x7f0000003e00)=ANY=[@ANYBLOB='4\x00', @ANYRES16=r5, @ANYPTR64=&(0x7f0000003d40)=ANY=[@ANYRES16, @ANYPTR=&(0x7f0000003ec0)=ANY=[@ANYPTR, @ANYRES16=0x0, @ANYBLOB="f463c91d140e4700b1044cb52d05b1790c0afab3c1c3c7662fd543a74c73a7cf4a255e23d7079ce58df612a2018e3b63a5e218336980494bf164250756f4d50174a66fbfb24753f82090b8c393da96db8186ab413db039e0c5bd76d858e3ff6c8c914e3f779a49828a0335d07af6747e25276e475d58c98681a946b5faabe2591b260e20dc185aa625c04cbb7d2be0f6ec2e63a7d2d77b963d67d0e4d9adb05df90d0a", @ANYRESHEX=r12, @ANYRES16=0x0, @ANYRES16=r13, @ANYRESOCT=r14, @ANYRES16]], @ANYRES32=r7, @ANYBLOB='\x00\x00\x00\x00', @ANYRES32=r10, @ANYBLOB="080001000100000008002115ad3933c81810ce82a293111a788b83c50688f2245460c0204e27d20fe7dc385a94dc69f9d18709dc645fa66cc483e4d587bd7b0d195866141be7be78fb4a7d76f5a054d84c7dabcdb2611c153b56", @ANYRES32=r11, @ANYBLOB], 0x9}, 0x1, 0x0, 0x0, 0x2000c881}, 0x1) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) request_key(&(0x7f0000000180)='dns_resolver\x00', &(0x7f00000001c0)={'syz', 0x0}, &(0x7f0000000340)='[\'eth1-#\x00', 0xffffffffffffffff) syz_mount_image$ext4(0x0, 0x0, 0x7, 0x1, &(0x7f00000007c0)=[{&(0x7f0000000680)="62f23e748cdfecc0d3bcb88248f9f8f8e8ba030000000000001dcdc6041c8d8a0957939950c15c7ac6360c7820e1d5957ba4167f17600b58767db91e29eb92a20f86dddfb0f8dda322d3ddeadba924051c7894f228f090746b1a55e851e7dcaae4d8411f6806d216b4f2e7eca231a30142ee9bb4bb5598a94336a99790d3b77dcda45483c1fb1194c56ddfddb587442754e6c815", 0xfffffd92, 0xb6}], 0x80000, 0x0) socket$inet(0x2, 0x0, 0x2) 03:19:43 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) pwritev(0xffffffffffffffff, &(0x7f0000000340)=[{&(0x7f0000000140)}], 0x1, 0x0) r4 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r4, &(0x7f0000000040)={0x2, 0x0, @remote}, 0x10) sendmmsg(r4, &(0x7f0000006d00), 0x800000000000237, 0x1ffffffe) setsockopt$inet_mreq(0xffffffffffffffff, 0x0, 0x4, 0x0, 0x0) 03:19:43 executing program 2: r0 = signalfd4(0xffffffffffffffff, &(0x7f0000006000), 0x8, 0x0) r1 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f000001bff4)) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, r2, 0x0, 0x0) tkill(r2, 0x0) ptrace$setregs(0xd, r2, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r2, 0x0, 0x0) [ 423.872129][ T27] audit: type=1804 audit(1583119183.871:155): pid=14158 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir486746795/syzkaller.S4NoXv/67/file0/bus" dev="loop1" ino=87 res=1 [ 423.947199][ T27] audit: type=1804 audit(1583119183.941:156): pid=14250 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir486746795/syzkaller.S4NoXv/67/file0/bus" dev="loop1" ino=87 res=1 03:19:44 executing program 5: perf_event_open(&(0x7f0000000440)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) openat$vcs(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/vcs\x00', 0x440400, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r0, 0xae80, 0x0) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) pipe(0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) close(r1) socket$inet(0x10, 0x0, 0x0) write(0xffffffffffffffff, 0x0, 0x0) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) mkdir(&(0x7f0000000500)='./file1\x00', 0x0) write$binfmt_elf64(r2, &(0x7f0000000080)=ANY=[], 0xce024b8b) link(&(0x7f0000000240)='./file0\x00', &(0x7f0000000000)='./file1/file0\x00') rmdir(&(0x7f0000000140)='./file1\x00') utimes(&(0x7f00000000c0)='./file1\x00', 0x0) write$binfmt_misc(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0xfffffecc) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$KVM_NMI(r0, 0xae9a) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) 03:19:44 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x100000008d}, 0x0) getpid() pipe(&(0x7f0000000100)) sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(0xffffffffffffffff, &(0x7f00000003c0)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x400c0800}, 0xc, &(0x7f00000002c0)={&(0x7f00000004c0)=ANY=[@ANYBLOB="63d7a6c0e8b58acfbad7e08db3f404e33eb03fd624b7c0e773c42a908de50c08b3235443a19680f015c200b5b50b2dc165dc1f55b7309a38588fa9d14c2db962f9c96fdd84b21419068621ea599c409b50db907b47098c9b7382b4eddff637b96209b1"], 0x1}}, 0x44894) dup2(0xffffffffffffffff, 0xffffffffffffffff) gettid() ptrace$PTRACE_SECCOMP_GET_METADATA(0x420d, 0x0, 0x10, &(0x7f00000000c0)) r0 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r0, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) ioctl$KDGETLED(0xffffffffffffffff, 0x4b31, 0x0) write(r2, &(0x7f0000000340), 0x41395527) open(&(0x7f000000fffa)='./bus\x00', 0x141042, 0x0) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) r3 = creat(&(0x7f0000000000)='./file0\x00', 0x100) ftruncate(r3, 0x3) r4 = openat(r3, &(0x7f0000000880)='./file0\x00', 0x6240c2, 0x0) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000900)='nl80211\x00') r6 = socket$packet(0x11, 0x3, 0x300) bind(0xffffffffffffffff, &(0x7f0000000140)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) setsockopt$packet_add_memb(r6, 0x107, 0x1, &(0x7f0000000040)={0x0, 0x1, 0x6, @local}, 0x10) sendmsg$NL80211_CMD_SET_MPATH(r4, &(0x7f0000000a00)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x10000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x10}, 0x4004) getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000000040)={0x0, @local, @local}, &(0x7f0000000080)=0xc) bind$packet(0xffffffffffffffff, &(0x7f0000000140)={0x11, 0x0, r7, 0x1, 0x0, 0x6, @remote}, 0x14) clock_gettime(0x0, &(0x7f0000003cc0)={0x0, 0x0}) recvmmsg(0xffffffffffffffff, &(0x7f0000003b00)=[{{&(0x7f0000000600)=@in={0x2, 0x0, @multicast1}, 0x80, &(0x7f0000000380)=[{&(0x7f0000000900)=""/177, 0xb1}], 0x1, &(0x7f00000009c0)=""/202, 0xca}, 0xcb4}, {{&(0x7f0000000740)=@can={0x1d, 0x0}, 0x80, &(0x7f0000000400)=[{&(0x7f0000000ac0)=""/228, 0xe4}], 0x1, &(0x7f0000000480)=""/20, 0x14}, 0x800}, {{0x0, 0x0, &(0x7f0000000e80)=[{&(0x7f0000000c40)=""/116, 0x74}, {&(0x7f0000000cc0)=""/211, 0xd3}, {&(0x7f0000000dc0)=""/168, 0xa8}], 0x3}}, {{&(0x7f0000000f80)=@ipx, 0x80, &(0x7f0000001100)=[{0x0}], 0x1, &(0x7f0000001140)=""/132, 0x84}, 0x2}, {{&(0x7f0000001200)=@xdp, 0x80, &(0x7f0000003400)=[{&(0x7f0000001280)=""/4096, 0x1000}, {&(0x7f0000002280)=""/134, 0x86}, {&(0x7f0000002340)=""/4096, 0x1000}, {&(0x7f0000003340)=""/19, 0x13}, {&(0x7f0000003380)}, {&(0x7f00000033c0)=""/23, 0x17}], 0x6, &(0x7f0000003480)=""/74, 0x4a}, 0x3}, {{&(0x7f0000003500)=@sco={0x1f, @none}, 0x80, 0x0, 0x0, &(0x7f0000003840)=""/181, 0xb5}}, {{&(0x7f0000003900)=@ethernet={0x0, @remote}, 0x80, &(0x7f0000003a40)=[{&(0x7f0000003980)=""/69, 0x45}, {0x0}], 0x2, &(0x7f0000003a80)=""/82, 0x52}}], 0x7, 0x100, &(0x7f0000003d00)={r8, r9+30000000}) getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000003380)={0x0, @local, @local}, &(0x7f0000000080)=0xc) bind$packet(0xffffffffffffffff, &(0x7f0000000140)={0x11, 0x0, r11, 0x1, 0x0, 0x6, @remote}, 0x14) r12 = syz_open_dev$usbmon(0x0, 0x0, 0x0) mmap(&(0x7f0000a05000/0x400000)=nil, 0x40031c, 0x0, 0x8012, r12, 0x0) ioctl$MON_IOCT_RING_SIZE(r12, 0x9204, 0xb0398) r13 = syz_open_dev$usbmon(&(0x7f00008be000)='/dev/usbmon#\x00', 0x0, 0x0) mmap(&(0x7f0000a05000/0x400000)=nil, 0x40031c, 0x0, 0x8012, r13, 0x0) ioctl$MON_IOCT_RING_SIZE(r13, 0x9204, 0xb0398) r14 = syz_open_dev$usbmon(&(0x7f00008be000)='/dev/usbmon#\x00', 0x0, 0x0) mmap(&(0x7f0000a05000/0x400000)=nil, 0x40031c, 0x0, 0x8012, r14, 0x0) ioctl$MON_IOCT_RING_SIZE(r14, 0x9204, 0x0) sendmsg$NL80211_CMD_GET_INTERFACE(0xffffffffffffffff, &(0x7f0000003dc0)={0x0, 0x0, &(0x7f0000003d80)={&(0x7f0000003e00)=ANY=[@ANYBLOB='4\x00', @ANYRES16=r5, @ANYPTR64=&(0x7f0000003d40)=ANY=[@ANYRES16, @ANYPTR=&(0x7f0000003ec0)=ANY=[@ANYPTR, @ANYRES16=0x0, @ANYBLOB="f463c91d140e4700b1044cb52d05b1790c0afab3c1c3c7662fd543a74c73a7cf4a255e23d7079ce58df612a2018e3b63a5e218336980494bf164250756f4d50174a66fbfb24753f82090b8c393da96db8186ab413db039e0c5bd76d858e3ff6c8c914e3f779a49828a0335d07af6747e25276e475d58c98681a946b5faabe2591b260e20dc185aa625c04cbb7d2be0f6ec2e63a7d2d77b963d67d0e4d9adb05df90d0a", @ANYRESHEX=r12, @ANYRES16=0x0, @ANYRES16=r13, @ANYRESOCT=r14, @ANYRES16]], @ANYRES32=r7, @ANYBLOB='\x00\x00\x00\x00', @ANYRES32=r10, @ANYBLOB="080001000100000008002115ad3933c81810ce82a293111a788b83c50688f2245460c0204e27d20fe7dc385a94dc69f9d18709dc645fa66cc483e4d587bd7b0d195866141be7be78fb4a7d76f5a054d84c7dabcdb2611c153b56", @ANYRES32=r11, @ANYBLOB], 0x9}, 0x1, 0x0, 0x0, 0x2000c881}, 0x1) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) request_key(&(0x7f0000000180)='dns_resolver\x00', &(0x7f00000001c0)={'syz', 0x0}, &(0x7f0000000340)='[\'eth1-#\x00', 0xffffffffffffffff) syz_mount_image$ext4(0x0, 0x0, 0x7, 0x1, &(0x7f00000007c0)=[{&(0x7f0000000680)="62f23e748cdfecc0d3bcb88248f9f8f8e8ba030000000000001dcdc6041c8d8a0957939950c15c7ac6360c7820e1d5957ba4167f17600b58767db91e29eb92a20f86dddfb0f8dda322d3ddeadba924051c7894f228f090746b1a55e851e7dcaae4d8411f6806d216b4f2e7eca231a30142ee9bb4bb5598a94336a99790d3b77dcda45483c1fb1194c56ddfddb587442754e6c815", 0xfffffd92, 0xb6}], 0x80000, 0x0) socket$inet(0x2, 0x0, 0x2) 03:19:44 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='sched\x00') preadv(r0, &(0x7f0000000380)=[{&(0x7f0000000240)=""/123, 0xfffffe65}], 0x1, 0x1000000) sendmsg$IPVS_CMD_FLUSH(r0, &(0x7f0000000500)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16, @ANYBLOB="00012bbd7000fcdbdf25114000ff06000f000400000008000900000001000800030004000000"], 0x38}, 0x1, 0x0, 0x0, 0x4000000}, 0x1) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x7e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r5 = open(&(0x7f0000000240)='./file0\x00', 0x880, 0x0) fchdir(r5) r6 = creat(&(0x7f0000000680)='./bus\x00', 0x0) ftruncate(r6, 0x800) lseek(r6, 0x0, 0x2) r7 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0) sendfile(r6, r7, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0x0) sendmsg$NL80211_CMD_START_SCHED_SCAN(0xffffffffffffffff, &(0x7f0000000440)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000400)={&(0x7f00000006c0)=ANY=[@ANYBLOB="6000000056f3257a4fcfe2f523d172e7d3ccf9f026b82608f14536009793803f9262155f95eda2f906e1adf01794d1dc50d9f94fa2755eb6a78e734497b5d45d20299029657b342cf5048b8df517b8262e43802b6f4fd08e4831281e6744113689ba928193e3524a7b5bb966519233661752defd54145cabdab0049aba08ea9b814907008c1d269b2644bfdc4b8dc013fb936339f53e", @ANYRES16=0x0, @ANYBLOB="007bb5bd7000ffdbdf254b0000000400ec000a000600bbbbbbbbbbbb00000800d20000000700000000eeaaa100000000006a00000008000000000000000800000001000000080000000800000008000000fa02038ea700000103e31f08a3aa2bc5ddfe963acf2808c9a935574177c8d8dc9a540181df1ed1e696607eb8de4875eb"], 0x60}, 0x1, 0x0, 0x0, 0x4080}, 0xa0) 03:19:44 executing program 5: perf_event_open(&(0x7f0000000440)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$sock_netdev_private(0xffffffffffffffff, 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r0, 0xae80, 0x0) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) pipe(0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) close(r1) socket$inet(0x10, 0x0, 0x0) write(0xffffffffffffffff, 0x0, 0x0) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) mkdir(&(0x7f0000000500)='./file1\x00', 0x0) write$binfmt_elf64(r2, &(0x7f0000000080)=ANY=[], 0xce024b8b) link(&(0x7f0000000240)='./file0\x00', &(0x7f0000000000)='./file1/file0\x00') rmdir(&(0x7f0000000140)='./file1\x00') utimes(&(0x7f00000000c0)='./file1\x00', 0x0) write$binfmt_misc(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0xfffffecc) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$KVM_NMI(r0, 0xae9a) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) [ 424.602306][ T820] attempt to access beyond end of device [ 424.614458][ T820] loop1: rw=1, want=4809, limit=63 [ 424.641591][ T820] attempt to access beyond end of device [ 424.678066][ T820] loop1: rw=1, want=7145, limit=63 [ 424.706945][ T820] attempt to access beyond end of device [ 424.720535][ T820] loop1: rw=1, want=9193, limit=63 03:19:44 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x100000008d}, 0x0) getpid() pipe(&(0x7f0000000100)) sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(0xffffffffffffffff, &(0x7f00000003c0)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x400c0800}, 0xc, &(0x7f00000002c0)={&(0x7f00000004c0)=ANY=[@ANYBLOB="63d7a6c0e8b58acfbad7e08db3f404e33eb03fd624b7c0e773c42a908de50c08b3235443a19680f015c200b5b50b2dc165dc1f55b7309a38588fa9d14c2db962f9c96fdd84b21419068621ea599c409b50db907b47098c9b7382b4eddff637b96209b1"], 0x1}}, 0x44894) dup2(0xffffffffffffffff, 0xffffffffffffffff) gettid() ptrace$PTRACE_SECCOMP_GET_METADATA(0x420d, 0x0, 0x10, &(0x7f00000000c0)) r0 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r0, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) ioctl$KDGETLED(0xffffffffffffffff, 0x4b31, 0x0) write(r2, &(0x7f0000000340), 0x41395527) open(&(0x7f000000fffa)='./bus\x00', 0x141042, 0x0) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) r3 = creat(&(0x7f0000000000)='./file0\x00', 0x100) ftruncate(r3, 0x3) r4 = openat(r3, &(0x7f0000000880)='./file0\x00', 0x6240c2, 0x0) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000900)='nl80211\x00') r6 = socket$packet(0x11, 0x3, 0x300) bind(0xffffffffffffffff, &(0x7f0000000140)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) setsockopt$packet_add_memb(r6, 0x107, 0x1, &(0x7f0000000040)={0x0, 0x1, 0x6, @local}, 0x10) sendmsg$NL80211_CMD_SET_MPATH(r4, &(0x7f0000000a00)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x10000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x10}, 0x4004) getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000000040)={0x0, @local, @local}, &(0x7f0000000080)=0xc) bind$packet(0xffffffffffffffff, &(0x7f0000000140)={0x11, 0x0, r7, 0x1, 0x0, 0x6, @remote}, 0x14) clock_gettime(0x0, &(0x7f0000003cc0)={0x0, 0x0}) recvmmsg(0xffffffffffffffff, &(0x7f0000003b00)=[{{&(0x7f0000000600)=@in={0x2, 0x0, @multicast1}, 0x80, &(0x7f0000000380)=[{&(0x7f0000000900)=""/177, 0xb1}], 0x1, &(0x7f00000009c0)=""/202, 0xca}, 0xcb4}, {{&(0x7f0000000740)=@can={0x1d, 0x0}, 0x80, &(0x7f0000000400)=[{&(0x7f0000000ac0)=""/228, 0xe4}], 0x1, &(0x7f0000000480)=""/20, 0x14}, 0x800}, {{0x0, 0x0, &(0x7f0000000e80)=[{&(0x7f0000000c40)=""/116, 0x74}, {&(0x7f0000000cc0)=""/211, 0xd3}, {&(0x7f0000000dc0)=""/168, 0xa8}], 0x3}}, {{&(0x7f0000000f80)=@ipx, 0x80, &(0x7f0000001100)=[{0x0}], 0x1, &(0x7f0000001140)=""/132, 0x84}, 0x2}, {{&(0x7f0000001200)=@xdp, 0x80, &(0x7f0000003400)=[{&(0x7f0000001280)=""/4096, 0x1000}, {&(0x7f0000002280)=""/134, 0x86}, {&(0x7f0000002340)=""/4096, 0x1000}, {&(0x7f0000003340)=""/19, 0x13}, {&(0x7f0000003380)}, {&(0x7f00000033c0)=""/23, 0x17}], 0x6, &(0x7f0000003480)=""/74, 0x4a}, 0x3}, {{&(0x7f0000003500)=@sco={0x1f, @none}, 0x80, 0x0, 0x0, &(0x7f0000003840)=""/181, 0xb5}}, {{&(0x7f0000003900)=@ethernet={0x0, @remote}, 0x80, &(0x7f0000003a40)=[{&(0x7f0000003980)=""/69, 0x45}, {0x0}], 0x2, &(0x7f0000003a80)=""/82, 0x52}}], 0x7, 0x100, &(0x7f0000003d00)={r8, r9+30000000}) getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000003380)={0x0, @local, @local}, &(0x7f0000000080)=0xc) bind$packet(0xffffffffffffffff, &(0x7f0000000140)={0x11, 0x0, r11, 0x1, 0x0, 0x6, @remote}, 0x14) r12 = syz_open_dev$usbmon(0x0, 0x0, 0x0) mmap(&(0x7f0000a05000/0x400000)=nil, 0x40031c, 0x0, 0x8012, r12, 0x0) ioctl$MON_IOCT_RING_SIZE(r12, 0x9204, 0xb0398) r13 = syz_open_dev$usbmon(&(0x7f00008be000)='/dev/usbmon#\x00', 0x0, 0x0) mmap(&(0x7f0000a05000/0x400000)=nil, 0x40031c, 0x0, 0x8012, r13, 0x0) ioctl$MON_IOCT_RING_SIZE(r13, 0x9204, 0xb0398) r14 = syz_open_dev$usbmon(&(0x7f00008be000)='/dev/usbmon#\x00', 0x0, 0x0) mmap(&(0x7f0000a05000/0x400000)=nil, 0x40031c, 0x0, 0x8012, r14, 0x0) ioctl$MON_IOCT_RING_SIZE(r14, 0x9204, 0x0) sendmsg$NL80211_CMD_GET_INTERFACE(0xffffffffffffffff, &(0x7f0000003dc0)={0x0, 0x0, &(0x7f0000003d80)={&(0x7f0000003e00)=ANY=[@ANYBLOB='4\x00', @ANYRES16=r5, @ANYPTR64=&(0x7f0000003d40)=ANY=[@ANYRES16, @ANYPTR=&(0x7f0000003ec0)=ANY=[@ANYPTR, @ANYRES16=0x0, @ANYBLOB="f463c91d140e4700b1044cb52d05b1790c0afab3c1c3c7662fd543a74c73a7cf4a255e23d7079ce58df612a2018e3b63a5e218336980494bf164250756f4d50174a66fbfb24753f82090b8c393da96db8186ab413db039e0c5bd76d858e3ff6c8c914e3f779a49828a0335d07af6747e25276e475d58c98681a946b5faabe2591b260e20dc185aa625c04cbb7d2be0f6ec2e63a7d2d77b963d67d0e4d9adb05df90d0a", @ANYRESHEX=r12, @ANYRES16=0x0, @ANYRES16=r13, @ANYRESOCT=r14, @ANYRES16]], @ANYRES32=r7, @ANYBLOB='\x00\x00\x00\x00', @ANYRES32=r10, @ANYBLOB="080001000100000008002115ad3933c81810ce82a293111a788b83c50688f2245460c0204e27d20fe7dc385a94dc69f9d18709dc645fa66cc483e4d587bd7b0d195866141be7be78fb4a7d76f5a054d84c7dabcdb2611c153b56", @ANYRES32=r11, @ANYBLOB], 0x9}, 0x1, 0x0, 0x0, 0x2000c881}, 0x1) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) request_key(&(0x7f0000000180)='dns_resolver\x00', &(0x7f00000001c0)={'syz', 0x0}, &(0x7f0000000340)='[\'eth1-#\x00', 0xffffffffffffffff) syz_mount_image$ext4(0x0, 0x0, 0x7, 0x1, &(0x7f00000007c0)=[{&(0x7f0000000680)="62f23e748cdfecc0d3bcb88248f9f8f8e8ba030000000000001dcdc6041c8d8a0957939950c15c7ac6360c7820e1d5957ba4167f17600b58767db91e29eb92a20f86dddfb0f8dda322d3ddeadba924051c7894f228f090746b1a55e851e7dcaae4d8411f6806d216b4f2e7eca231a30142ee9bb4bb5598a94336a99790d3b77dcda45483c1fb1194c56ddfddb587442754e6c815", 0xfffffd92, 0xb6}], 0x80000, 0x0) socket$inet(0x2, 0x0, 0x2) [ 424.748924][ T820] attempt to access beyond end of device [ 424.761290][ T820] loop1: rw=1, want=13009, limit=63 03:19:44 executing program 5: perf_event_open(&(0x7f0000000440)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$sock_netdev_private(0xffffffffffffffff, 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r0, 0xae80, 0x0) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) pipe(0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) close(r1) socket$inet(0x10, 0x0, 0x0) write(0xffffffffffffffff, 0x0, 0x0) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) mkdir(&(0x7f0000000500)='./file1\x00', 0x0) write$binfmt_elf64(r2, &(0x7f0000000080)=ANY=[], 0xce024b8b) link(&(0x7f0000000240)='./file0\x00', &(0x7f0000000000)='./file1/file0\x00') rmdir(&(0x7f0000000140)='./file1\x00') utimes(&(0x7f00000000c0)='./file1\x00', 0x0) write$binfmt_misc(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0xfffffecc) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$KVM_NMI(r0, 0xae9a) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) [ 424.810319][ T820] attempt to access beyond end of device [ 424.828098][ T820] loop1: rw=1, want=18913, limit=63 [ 424.849832][ T820] attempt to access beyond end of device [ 424.879966][ T820] loop1: rw=1, want=20977, limit=63 [ 424.900602][ T820] attempt to access beyond end of device [ 424.936978][ T820] loop1: rw=1, want=22265, limit=63 [ 425.330962][ T27] audit: type=1804 audit(1583119185.331:157): pid=14608 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir486746795/syzkaller.S4NoXv/68/file0/bus" dev="loop1" ino=88 res=1 [ 425.412750][ T27] audit: type=1804 audit(1583119185.401:158): pid=14611 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir486746795/syzkaller.S4NoXv/68/file0/bus" dev="loop1" ino=88 res=1 [ 426.061963][ T21] attempt to access beyond end of device [ 426.067676][ T21] loop1: rw=1, want=4241, limit=63 [ 426.077730][ T21] attempt to access beyond end of device [ 426.083601][ T21] loop1: rw=1, want=6289, limit=63 [ 426.092911][ T21] attempt to access beyond end of device [ 426.098636][ T21] loop1: rw=1, want=8345, limit=63 [ 426.109127][ T21] attempt to access beyond end of device [ 426.114780][ T21] loop1: rw=1, want=10393, limit=63 [ 426.124561][ T21] attempt to access beyond end of device [ 426.130521][ T21] loop1: rw=1, want=12441, limit=63 [ 426.140585][ T21] attempt to access beyond end of device [ 426.146848][ T21] loop1: rw=1, want=14489, limit=63 [ 426.156418][ T21] attempt to access beyond end of device [ 426.162075][ T21] loop1: rw=1, want=16537, limit=63 [ 426.171566][ T21] attempt to access beyond end of device [ 426.177433][ T21] loop1: rw=1, want=18801, limit=63 [ 426.190230][ T21] attempt to access beyond end of device [ 426.195947][ T21] loop1: rw=1, want=22913, limit=63 [ 426.209903][ T21] attempt to access beyond end of device [ 426.215541][ T21] loop1: rw=1, want=27025, limit=63 [ 426.224696][ T21] attempt to access beyond end of device [ 426.230474][ T21] loop1: rw=1, want=27809, limit=63 03:19:46 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000200)="6653070002053c27bc337600363925d86800278dcff47d010000805acf4f8f36460234432479aed75d492b415bcee00a06dc9d8e99adaf81dcfc6afd983f79e65199615607676f8f9fc0ebf8b0b16d6f2c59957ab364884b3c5d05692e664ebf68e6faa5", 0x64}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ptrace$cont(0x7, r0, 0x0, 0x0) 03:19:46 executing program 5: perf_event_open(&(0x7f0000000440)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$sock_netdev_private(0xffffffffffffffff, 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r0, 0xae80, 0x0) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) pipe(0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) close(r1) socket$inet(0x10, 0x0, 0x0) write(0xffffffffffffffff, 0x0, 0x0) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) mkdir(&(0x7f0000000500)='./file1\x00', 0x0) write$binfmt_elf64(r2, &(0x7f0000000080)=ANY=[], 0xce024b8b) link(&(0x7f0000000240)='./file0\x00', &(0x7f0000000000)='./file1/file0\x00') rmdir(&(0x7f0000000140)='./file1\x00') utimes(&(0x7f00000000c0)='./file1\x00', 0x0) write$binfmt_misc(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0xfffffecc) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$KVM_NMI(r0, 0xae9a) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) 03:19:46 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x100000008d}, 0x0) getpid() pipe(&(0x7f0000000100)) sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(0xffffffffffffffff, &(0x7f00000003c0)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x400c0800}, 0xc, &(0x7f00000002c0)={&(0x7f00000004c0)=ANY=[@ANYBLOB="63d7a6c0e8b58acfbad7e08db3f404e33eb03fd624b7c0e773c42a908de50c08b3235443a19680f015c200b5b50b2dc165dc1f55b7309a38588fa9d14c2db962f9c96fdd84b21419068621ea599c409b50db907b47098c9b7382b4eddff637b96209b1"], 0x1}}, 0x44894) dup2(0xffffffffffffffff, 0xffffffffffffffff) gettid() ptrace$PTRACE_SECCOMP_GET_METADATA(0x420d, 0x0, 0x10, &(0x7f00000000c0)) r0 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r0, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) ioctl$KDGETLED(0xffffffffffffffff, 0x4b31, 0x0) write(r2, &(0x7f0000000340), 0x41395527) open(&(0x7f000000fffa)='./bus\x00', 0x141042, 0x0) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) r3 = creat(&(0x7f0000000000)='./file0\x00', 0x100) ftruncate(r3, 0x3) r4 = openat(r3, &(0x7f0000000880)='./file0\x00', 0x6240c2, 0x0) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000900)='nl80211\x00') r6 = socket$packet(0x11, 0x3, 0x300) bind(0xffffffffffffffff, &(0x7f0000000140)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) setsockopt$packet_add_memb(r6, 0x107, 0x1, &(0x7f0000000040)={0x0, 0x1, 0x6, @local}, 0x10) sendmsg$NL80211_CMD_SET_MPATH(r4, &(0x7f0000000a00)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x10000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x10}, 0x4004) getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000000040)={0x0, @local, @local}, &(0x7f0000000080)=0xc) bind$packet(0xffffffffffffffff, &(0x7f0000000140)={0x11, 0x0, r7, 0x1, 0x0, 0x6, @remote}, 0x14) clock_gettime(0x0, &(0x7f0000003cc0)={0x0, 0x0}) recvmmsg(0xffffffffffffffff, &(0x7f0000003b00)=[{{&(0x7f0000000600)=@in={0x2, 0x0, @multicast1}, 0x80, &(0x7f0000000380)=[{&(0x7f0000000900)=""/177, 0xb1}], 0x1, &(0x7f00000009c0)=""/202, 0xca}, 0xcb4}, {{&(0x7f0000000740)=@can={0x1d, 0x0}, 0x80, &(0x7f0000000400)=[{&(0x7f0000000ac0)=""/228, 0xe4}], 0x1, &(0x7f0000000480)=""/20, 0x14}, 0x800}, {{0x0, 0x0, &(0x7f0000000e80)=[{&(0x7f0000000c40)=""/116, 0x74}, {&(0x7f0000000cc0)=""/211, 0xd3}, {&(0x7f0000000dc0)=""/168, 0xa8}], 0x3}}, {{&(0x7f0000000f80)=@ipx, 0x80, &(0x7f0000001100)=[{0x0}], 0x1, &(0x7f0000001140)=""/132, 0x84}, 0x2}, {{&(0x7f0000001200)=@xdp, 0x80, &(0x7f0000003400)=[{&(0x7f0000001280)=""/4096, 0x1000}, {&(0x7f0000002280)=""/134, 0x86}, {&(0x7f0000002340)=""/4096, 0x1000}, {&(0x7f0000003340)=""/19, 0x13}, {&(0x7f0000003380)}, {&(0x7f00000033c0)=""/23, 0x17}], 0x6, &(0x7f0000003480)=""/74, 0x4a}, 0x3}, {{&(0x7f0000003500)=@sco={0x1f, @none}, 0x80, 0x0, 0x0, &(0x7f0000003840)=""/181, 0xb5}}, {{&(0x7f0000003900)=@ethernet={0x0, @remote}, 0x80, &(0x7f0000003a40)=[{&(0x7f0000003980)=""/69, 0x45}, {0x0}], 0x2, &(0x7f0000003a80)=""/82, 0x52}}], 0x7, 0x100, &(0x7f0000003d00)={r8, r9+30000000}) getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000003380)={0x0, @local, @local}, &(0x7f0000000080)=0xc) bind$packet(0xffffffffffffffff, &(0x7f0000000140)={0x11, 0x0, r11, 0x1, 0x0, 0x6, @remote}, 0x14) r12 = syz_open_dev$usbmon(0x0, 0x0, 0x0) mmap(&(0x7f0000a05000/0x400000)=nil, 0x40031c, 0x0, 0x8012, r12, 0x0) ioctl$MON_IOCT_RING_SIZE(r12, 0x9204, 0xb0398) r13 = syz_open_dev$usbmon(&(0x7f00008be000)='/dev/usbmon#\x00', 0x0, 0x0) mmap(&(0x7f0000a05000/0x400000)=nil, 0x40031c, 0x0, 0x8012, r13, 0x0) ioctl$MON_IOCT_RING_SIZE(r13, 0x9204, 0xb0398) r14 = syz_open_dev$usbmon(&(0x7f00008be000)='/dev/usbmon#\x00', 0x0, 0x0) mmap(&(0x7f0000a05000/0x400000)=nil, 0x40031c, 0x0, 0x8012, r14, 0x0) ioctl$MON_IOCT_RING_SIZE(r14, 0x9204, 0x0) sendmsg$NL80211_CMD_GET_INTERFACE(0xffffffffffffffff, &(0x7f0000003dc0)={0x0, 0x0, &(0x7f0000003d80)={&(0x7f0000003e00)=ANY=[@ANYBLOB='4\x00', @ANYRES16=r5, @ANYPTR64=&(0x7f0000003d40)=ANY=[@ANYRES16, @ANYPTR=&(0x7f0000003ec0)=ANY=[@ANYPTR, @ANYRES16=0x0, @ANYBLOB="f463c91d140e4700b1044cb52d05b1790c0afab3c1c3c7662fd543a74c73a7cf4a255e23d7079ce58df612a2018e3b63a5e218336980494bf164250756f4d50174a66fbfb24753f82090b8c393da96db8186ab413db039e0c5bd76d858e3ff6c8c914e3f779a49828a0335d07af6747e25276e475d58c98681a946b5faabe2591b260e20dc185aa625c04cbb7d2be0f6ec2e63a7d2d77b963d67d0e4d9adb05df90d0a", @ANYRESHEX=r12, @ANYRES16=0x0, @ANYRES16=r13, @ANYRESOCT=r14, @ANYRES16]], @ANYRES32=r7, @ANYBLOB='\x00\x00\x00\x00', @ANYRES32=r10, @ANYBLOB="080001000100000008002115ad3933c81810ce82a293111a788b83c50688f2245460c0204e27d20fe7dc385a94dc69f9d18709dc645fa66cc483e4d587bd7b0d195866141be7be78fb4a7d76f5a054d84c7dabcdb2611c153b56", @ANYRES32=r11, @ANYBLOB], 0x9}, 0x1, 0x0, 0x0, 0x2000c881}, 0x1) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) request_key(&(0x7f0000000180)='dns_resolver\x00', &(0x7f00000001c0)={'syz', 0x0}, &(0x7f0000000340)='[\'eth1-#\x00', 0xffffffffffffffff) syz_mount_image$ext4(0x0, 0x0, 0x7, 0x1, &(0x7f00000007c0)=[{&(0x7f0000000680)="62f23e748cdfecc0d3bcb88248f9f8f8e8ba030000000000001dcdc6041c8d8a0957939950c15c7ac6360c7820e1d5957ba4167f17600b58767db91e29eb92a20f86dddfb0f8dda322d3ddeadba924051c7894f228f090746b1a55e851e7dcaae4d8411f6806d216b4f2e7eca231a30142ee9bb4bb5598a94336a99790d3b77dcda45483c1fb1194c56ddfddb587442754e6c815", 0xfffffd92, 0xb6}], 0x80000, 0x0) socket$inet(0x2, 0x0, 0x2) 03:19:46 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x100000008d}, 0x0) getpid() pipe(&(0x7f0000000100)) sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(0xffffffffffffffff, &(0x7f00000003c0)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x400c0800}, 0xc, &(0x7f00000002c0)={&(0x7f00000004c0)=ANY=[@ANYBLOB="63d7a6c0e8b58acfbad7e08db3f404e33eb03fd624b7c0e773c42a908de50c08b3235443a19680f015c200b5b50b2dc165dc1f55b7309a38588fa9d14c2db962f9c96fdd84b21419068621ea599c409b50db907b47098c9b7382b4eddff637b96209b1"], 0x1}}, 0x44894) dup2(0xffffffffffffffff, 0xffffffffffffffff) gettid() ptrace$PTRACE_SECCOMP_GET_METADATA(0x420d, 0x0, 0x10, &(0x7f00000000c0)) r0 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r0, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) ioctl$KDGETLED(0xffffffffffffffff, 0x4b31, 0x0) write(r2, &(0x7f0000000340), 0x41395527) open(&(0x7f000000fffa)='./bus\x00', 0x141042, 0x0) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) r3 = creat(&(0x7f0000000000)='./file0\x00', 0x100) ftruncate(r3, 0x3) r4 = openat(r3, &(0x7f0000000880)='./file0\x00', 0x6240c2, 0x0) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000900)='nl80211\x00') r6 = socket$packet(0x11, 0x3, 0x300) bind(0xffffffffffffffff, &(0x7f0000000140)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) setsockopt$packet_add_memb(r6, 0x107, 0x1, &(0x7f0000000040)={0x0, 0x1, 0x6, @local}, 0x10) sendmsg$NL80211_CMD_SET_MPATH(r4, &(0x7f0000000a00)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x10000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x10}, 0x4004) getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000000040)={0x0, @local, @local}, &(0x7f0000000080)=0xc) bind$packet(0xffffffffffffffff, &(0x7f0000000140)={0x11, 0x0, r7, 0x1, 0x0, 0x6, @remote}, 0x14) clock_gettime(0x0, &(0x7f0000003cc0)={0x0, 0x0}) recvmmsg(0xffffffffffffffff, &(0x7f0000003b00)=[{{&(0x7f0000000600)=@in={0x2, 0x0, @multicast1}, 0x80, &(0x7f0000000380)=[{&(0x7f0000000900)=""/177, 0xb1}], 0x1, &(0x7f00000009c0)=""/202, 0xca}, 0xcb4}, {{&(0x7f0000000740)=@can={0x1d, 0x0}, 0x80, &(0x7f0000000400)=[{&(0x7f0000000ac0)=""/228, 0xe4}], 0x1, &(0x7f0000000480)=""/20, 0x14}, 0x800}, {{0x0, 0x0, &(0x7f0000000e80)=[{&(0x7f0000000c40)=""/116, 0x74}, {&(0x7f0000000cc0)=""/211, 0xd3}, {&(0x7f0000000dc0)=""/168, 0xa8}], 0x3}}, {{&(0x7f0000000f80)=@ipx, 0x80, &(0x7f0000001100)=[{0x0}], 0x1, &(0x7f0000001140)=""/132, 0x84}, 0x2}, {{&(0x7f0000001200)=@xdp, 0x80, &(0x7f0000003400)=[{&(0x7f0000001280)=""/4096, 0x1000}, {&(0x7f0000002280)=""/134, 0x86}, {&(0x7f0000002340)=""/4096, 0x1000}, {&(0x7f0000003340)=""/19, 0x13}, {&(0x7f0000003380)}, {&(0x7f00000033c0)=""/23, 0x17}], 0x6, &(0x7f0000003480)=""/74, 0x4a}, 0x3}, {{&(0x7f0000003500)=@sco={0x1f, @none}, 0x80, 0x0, 0x0, &(0x7f0000003840)=""/181, 0xb5}}, {{&(0x7f0000003900)=@ethernet={0x0, @remote}, 0x80, &(0x7f0000003a40)=[{&(0x7f0000003980)=""/69, 0x45}, {0x0}], 0x2, &(0x7f0000003a80)=""/82, 0x52}}], 0x7, 0x100, &(0x7f0000003d00)={r8, r9+30000000}) getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000003380)={0x0, @local, @local}, &(0x7f0000000080)=0xc) bind$packet(0xffffffffffffffff, &(0x7f0000000140)={0x11, 0x0, r11, 0x1, 0x0, 0x6, @remote}, 0x14) r12 = syz_open_dev$usbmon(0x0, 0x0, 0x0) mmap(&(0x7f0000a05000/0x400000)=nil, 0x40031c, 0x0, 0x8012, r12, 0x0) ioctl$MON_IOCT_RING_SIZE(r12, 0x9204, 0xb0398) r13 = syz_open_dev$usbmon(&(0x7f00008be000)='/dev/usbmon#\x00', 0x0, 0x0) mmap(&(0x7f0000a05000/0x400000)=nil, 0x40031c, 0x0, 0x8012, r13, 0x0) ioctl$MON_IOCT_RING_SIZE(r13, 0x9204, 0xb0398) r14 = syz_open_dev$usbmon(&(0x7f00008be000)='/dev/usbmon#\x00', 0x0, 0x0) mmap(&(0x7f0000a05000/0x400000)=nil, 0x40031c, 0x0, 0x8012, r14, 0x0) ioctl$MON_IOCT_RING_SIZE(r14, 0x9204, 0x0) sendmsg$NL80211_CMD_GET_INTERFACE(0xffffffffffffffff, &(0x7f0000003dc0)={0x0, 0x0, &(0x7f0000003d80)={&(0x7f0000003e00)=ANY=[@ANYBLOB='4\x00', @ANYRES16=r5, @ANYPTR64=&(0x7f0000003d40)=ANY=[@ANYRES16, @ANYPTR=&(0x7f0000003ec0)=ANY=[@ANYPTR, @ANYRES16=0x0, @ANYBLOB="f463c91d140e4700b1044cb52d05b1790c0afab3c1c3c7662fd543a74c73a7cf4a255e23d7079ce58df612a2018e3b63a5e218336980494bf164250756f4d50174a66fbfb24753f82090b8c393da96db8186ab413db039e0c5bd76d858e3ff6c8c914e3f779a49828a0335d07af6747e25276e475d58c98681a946b5faabe2591b260e20dc185aa625c04cbb7d2be0f6ec2e63a7d2d77b963d67d0e4d9adb05df90d0a", @ANYRESHEX=r12, @ANYRES16=0x0, @ANYRES16=r13, @ANYRESOCT=r14, @ANYRES16]], @ANYRES32=r7, @ANYBLOB='\x00\x00\x00\x00', @ANYRES32=r10, @ANYBLOB="080001000100000008002115ad3933c81810ce82a293111a788b83c50688f2245460c0204e27d20fe7dc385a94dc69f9d18709dc645fa66cc483e4d587bd7b0d195866141be7be78fb4a7d76f5a054d84c7dabcdb2611c153b56", @ANYRES32=r11, @ANYBLOB], 0x9}, 0x1, 0x0, 0x0, 0x2000c881}, 0x1) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) request_key(&(0x7f0000000180)='dns_resolver\x00', &(0x7f00000001c0)={'syz', 0x0}, &(0x7f0000000340)='[\'eth1-#\x00', 0xffffffffffffffff) syz_mount_image$ext4(0x0, 0x0, 0x7, 0x1, &(0x7f00000007c0)=[{&(0x7f0000000680)="62f23e748cdfecc0d3bcb88248f9f8f8e8ba030000000000001dcdc6041c8d8a0957939950c15c7ac6360c7820e1d5957ba4167f17600b58767db91e29eb92a20f86dddfb0f8dda322d3ddeadba924051c7894f228f090746b1a55e851e7dcaae4d8411f6806d216b4f2e7eca231a30142ee9bb4bb5598a94336a99790d3b77dcda45483c1fb1194c56ddfddb587442754e6c815", 0xfffffd92, 0xb6}], 0x80000, 0x0) socket$inet(0x2, 0x0, 0x2) 03:19:46 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='sched\x00') preadv(r0, &(0x7f0000000380)=[{&(0x7f0000000240)=""/123, 0xfffffe65}], 0x1, 0x1000000) sendmsg$IPVS_CMD_FLUSH(r0, &(0x7f0000000500)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16, @ANYBLOB="00012bbd7000fcdbdf25114000ff06000f000400000008000900000001000800030004000000"], 0x38}, 0x1, 0x0, 0x0, 0x4000000}, 0x1) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x7e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r5 = open(&(0x7f0000000240)='./file0\x00', 0x880, 0x0) fchdir(r5) r6 = creat(&(0x7f0000000680)='./bus\x00', 0x0) ftruncate(r6, 0x800) lseek(r6, 0x0, 0x2) r7 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0) sendfile(r6, r7, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0x0) sendmsg$NL80211_CMD_START_SCHED_SCAN(0xffffffffffffffff, &(0x7f0000000440)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000400)={&(0x7f00000006c0)=ANY=[@ANYBLOB="6000000056f3257a4fcfe2f523d172e7d3ccf9f026b82608f14536009793803f9262155f95eda2f906e1adf01794d1dc50d9f94fa2755eb6a78e734497b5d45d20299029657b342cf5048b8df517b8262e43802b6f4fd08e4831281e6744113689ba928193e3524a7b5bb966519233661752defd54145cabdab0049aba08ea9b814907008c1d269b2644bfdc4b8dc013fb936339f53e", @ANYRES16=0x0, @ANYBLOB="007bb5bd7000ffdbdf254b0000000400ec000a000600bbbbbbbbbbbb00000800d20000000700000000eeaaa100000000006a00000008000000000000000800000001000000080000000800000008000000fa02038ea700000103e31f08a3aa2bc5ddfe963acf2808c9a935574177c8d8dc9a540181df1ed1e696607eb8de4875eb"], 0x60}, 0x1, 0x0, 0x0, 0x4080}, 0xa0) 03:19:46 executing program 2: r0 = signalfd4(0xffffffffffffffff, &(0x7f0000006000), 0x8, 0x0) r1 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f000001bff4)) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, r2, 0x0, 0x0) tkill(r2, 0x0) ptrace$setregs(0xd, r2, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r2, 0x0, 0x0) [ 427.025848][ T27] audit: type=1804 audit(1583119186.961:159): pid=14717 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir486746795/syzkaller.S4NoXv/69/file0/bus" dev="loop1" ino=89 res=1 03:19:47 executing program 5: perf_event_open(&(0x7f0000000440)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) openat$vcs(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/vcs\x00', 0x440400, 0x0) ioctl$sock_netdev_private(0xffffffffffffffff, 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) pipe(0x0) r0 = socket$inet_udp(0x2, 0x2, 0x0) close(r0) socket$inet(0x10, 0x0, 0x0) write(0xffffffffffffffff, 0x0, 0x0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) mkdir(&(0x7f0000000500)='./file1\x00', 0x0) write$binfmt_elf64(r1, &(0x7f0000000080)=ANY=[], 0xce024b8b) link(&(0x7f0000000240)='./file0\x00', &(0x7f0000000000)='./file1/file0\x00') rmdir(&(0x7f0000000140)='./file1\x00') utimes(&(0x7f00000000c0)='./file1\x00', 0x0) write$binfmt_misc(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0xfffffecc) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$KVM_NMI(0xffffffffffffffff, 0xae9a) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) [ 427.522687][ T27] audit: type=1804 audit(1583119187.011:160): pid=14740 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir486746795/syzkaller.S4NoXv/69/file0/bus" dev="loop1" ino=89 res=1 03:19:47 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='sched\x00') preadv(r0, &(0x7f0000000380)=[{&(0x7f0000000240)=""/123, 0xfffffe65}], 0x1, 0x1000000) sendmsg$IPVS_CMD_FLUSH(r0, &(0x7f0000000500)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16, @ANYBLOB="00012bbd7000fcdbdf25114000ff06000f000400000008000900000001000800030004000000"], 0x38}, 0x1, 0x0, 0x0, 0x4000000}, 0x1) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x7e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r5 = open(&(0x7f0000000240)='./file0\x00', 0x880, 0x0) fchdir(r5) r6 = creat(&(0x7f0000000680)='./bus\x00', 0x0) ftruncate(r6, 0x800) lseek(r6, 0x0, 0x2) r7 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0) sendfile(r6, r7, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0x0) sendmsg$NL80211_CMD_START_SCHED_SCAN(0xffffffffffffffff, &(0x7f0000000440)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000400)={&(0x7f00000006c0)=ANY=[@ANYBLOB="6000000056f3257a4fcfe2f523d172e7d3ccf9f026b82608f14536009793803f9262155f95eda2f906e1adf01794d1dc50d9f94fa2755eb6a78e734497b5d45d20299029657b342cf5048b8df517b8262e43802b6f4fd08e4831281e6744113689ba928193e3524a7b5bb966519233661752defd54145cabdab0049aba08ea9b814907008c1d269b2644bfdc4b8dc013fb936339f53e", @ANYRES16=0x0, @ANYBLOB="007bb5bd7000ffdbdf254b0000000400ec000a000600bbbbbbbbbbbb00000800d20000000700000000eeaaa100000000006a00000008000000000000000800000001000000080000000800000008000000fa02038ea700000103e31f08a3aa2bc5ddfe963acf2808c9a935574177c8d8dc9a540181df1ed1e696607eb8de4875eb"], 0x60}, 0x1, 0x0, 0x0, 0x4080}, 0xa0) 03:19:47 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x100000008d}, 0x0) getpid() pipe(&(0x7f0000000100)) sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(0xffffffffffffffff, &(0x7f00000003c0)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x400c0800}, 0xc, &(0x7f00000002c0)={&(0x7f00000004c0)=ANY=[@ANYBLOB="63d7a6c0e8b58acfbad7e08db3f404e33eb03fd624b7c0e773c42a908de50c08b3235443a19680f015c200b5b50b2dc165dc1f55b7309a38588fa9d14c2db962f9c96fdd84b21419068621ea599c409b50db907b47098c9b7382b4eddff637b96209b1"], 0x1}}, 0x44894) dup2(0xffffffffffffffff, 0xffffffffffffffff) gettid() ptrace$PTRACE_SECCOMP_GET_METADATA(0x420d, 0x0, 0x10, &(0x7f00000000c0)) r0 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r0, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) ioctl$KDGETLED(0xffffffffffffffff, 0x4b31, 0x0) write(r2, &(0x7f0000000340), 0x41395527) open(&(0x7f000000fffa)='./bus\x00', 0x141042, 0x0) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) r3 = creat(&(0x7f0000000000)='./file0\x00', 0x100) ftruncate(r3, 0x3) r4 = openat(r3, &(0x7f0000000880)='./file0\x00', 0x6240c2, 0x0) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000900)='nl80211\x00') r6 = socket$packet(0x11, 0x3, 0x300) bind(0xffffffffffffffff, &(0x7f0000000140)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) setsockopt$packet_add_memb(r6, 0x107, 0x1, &(0x7f0000000040)={0x0, 0x1, 0x6, @local}, 0x10) sendmsg$NL80211_CMD_SET_MPATH(r4, &(0x7f0000000a00)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x10000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x10}, 0x4004) getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000000040)={0x0, @local, @local}, &(0x7f0000000080)=0xc) bind$packet(0xffffffffffffffff, &(0x7f0000000140)={0x11, 0x0, r7, 0x1, 0x0, 0x6, @remote}, 0x14) clock_gettime(0x0, &(0x7f0000003cc0)={0x0, 0x0}) recvmmsg(0xffffffffffffffff, &(0x7f0000003b00)=[{{&(0x7f0000000600)=@in={0x2, 0x0, @multicast1}, 0x80, &(0x7f0000000380)=[{&(0x7f0000000900)=""/177, 0xb1}], 0x1, &(0x7f00000009c0)=""/202, 0xca}, 0xcb4}, {{&(0x7f0000000740)=@can={0x1d, 0x0}, 0x80, &(0x7f0000000400)=[{&(0x7f0000000ac0)=""/228, 0xe4}], 0x1, &(0x7f0000000480)=""/20, 0x14}, 0x800}, {{0x0, 0x0, &(0x7f0000000e80)=[{&(0x7f0000000c40)=""/116, 0x74}, {&(0x7f0000000cc0)=""/211, 0xd3}, {&(0x7f0000000dc0)=""/168, 0xa8}], 0x3}}, {{&(0x7f0000000f80)=@ipx, 0x80, &(0x7f0000001100)=[{0x0}], 0x1, &(0x7f0000001140)=""/132, 0x84}, 0x2}, {{&(0x7f0000001200)=@xdp, 0x80, &(0x7f0000003400)=[{&(0x7f0000001280)=""/4096, 0x1000}, {&(0x7f0000002280)=""/134, 0x86}, {&(0x7f0000002340)=""/4096, 0x1000}, {&(0x7f0000003340)=""/19, 0x13}, {&(0x7f0000003380)}, {&(0x7f00000033c0)=""/23, 0x17}], 0x6, &(0x7f0000003480)=""/74, 0x4a}, 0x3}, {{&(0x7f0000003500)=@sco={0x1f, @none}, 0x80, 0x0, 0x0, &(0x7f0000003840)=""/181, 0xb5}}, {{&(0x7f0000003900)=@ethernet={0x0, @remote}, 0x80, &(0x7f0000003a40)=[{&(0x7f0000003980)=""/69, 0x45}, {0x0}], 0x2, &(0x7f0000003a80)=""/82, 0x52}}], 0x7, 0x100, &(0x7f0000003d00)={r8, r9+30000000}) getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000003380)={0x0, @local, @local}, &(0x7f0000000080)=0xc) bind$packet(0xffffffffffffffff, &(0x7f0000000140)={0x11, 0x0, r11, 0x1, 0x0, 0x6, @remote}, 0x14) r12 = syz_open_dev$usbmon(0x0, 0x0, 0x0) mmap(&(0x7f0000a05000/0x400000)=nil, 0x40031c, 0x0, 0x8012, r12, 0x0) ioctl$MON_IOCT_RING_SIZE(r12, 0x9204, 0xb0398) r13 = syz_open_dev$usbmon(&(0x7f00008be000)='/dev/usbmon#\x00', 0x0, 0x0) mmap(&(0x7f0000a05000/0x400000)=nil, 0x40031c, 0x0, 0x8012, r13, 0x0) ioctl$MON_IOCT_RING_SIZE(r13, 0x9204, 0xb0398) r14 = syz_open_dev$usbmon(&(0x7f00008be000)='/dev/usbmon#\x00', 0x0, 0x0) mmap(&(0x7f0000a05000/0x400000)=nil, 0x40031c, 0x0, 0x8012, r14, 0x0) ioctl$MON_IOCT_RING_SIZE(r14, 0x9204, 0x0) sendmsg$NL80211_CMD_GET_INTERFACE(0xffffffffffffffff, &(0x7f0000003dc0)={0x0, 0x0, &(0x7f0000003d80)={&(0x7f0000003e00)=ANY=[@ANYBLOB='4\x00', @ANYRES16=r5, @ANYPTR64=&(0x7f0000003d40)=ANY=[@ANYRES16, @ANYPTR=&(0x7f0000003ec0)=ANY=[@ANYPTR, @ANYRES16=0x0, @ANYBLOB="f463c91d140e4700b1044cb52d05b1790c0afab3c1c3c7662fd543a74c73a7cf4a255e23d7079ce58df612a2018e3b63a5e218336980494bf164250756f4d50174a66fbfb24753f82090b8c393da96db8186ab413db039e0c5bd76d858e3ff6c8c914e3f779a49828a0335d07af6747e25276e475d58c98681a946b5faabe2591b260e20dc185aa625c04cbb7d2be0f6ec2e63a7d2d77b963d67d0e4d9adb05df90d0a", @ANYRESHEX=r12, @ANYRES16=0x0, @ANYRES16=r13, @ANYRESOCT=r14, @ANYRES16]], @ANYRES32=r7, @ANYBLOB='\x00\x00\x00\x00', @ANYRES32=r10, @ANYBLOB="080001000100000008002115ad3933c81810ce82a293111a788b83c50688f2245460c0204e27d20fe7dc385a94dc69f9d18709dc645fa66cc483e4d587bd7b0d195866141be7be78fb4a7d76f5a054d84c7dabcdb2611c153b56", @ANYRES32=r11, @ANYBLOB], 0x9}, 0x1, 0x0, 0x0, 0x2000c881}, 0x1) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) request_key(&(0x7f0000000180)='dns_resolver\x00', &(0x7f00000001c0)={'syz', 0x0}, &(0x7f0000000340)='[\'eth1-#\x00', 0xffffffffffffffff) syz_mount_image$ext4(0x0, 0x0, 0x7, 0x1, &(0x7f00000007c0)=[{&(0x7f0000000680)="62f23e748cdfecc0d3bcb88248f9f8f8e8ba030000000000001dcdc6041c8d8a0957939950c15c7ac6360c7820e1d5957ba4167f17600b58767db91e29eb92a20f86dddfb0f8dda322d3ddeadba924051c7894f228f090746b1a55e851e7dcaae4d8411f6806d216b4f2e7eca231a30142ee9bb4bb5598a94336a99790d3b77dcda45483c1fb1194c56ddfddb587442754e6c815", 0xfffffd92, 0xb6}], 0x80000, 0x0) socket$inet(0x2, 0x0, 0x2) 03:19:47 executing program 5: perf_event_open(&(0x7f0000000440)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) openat$vcs(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/vcs\x00', 0x440400, 0x0) ioctl$sock_netdev_private(0xffffffffffffffff, 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) pipe(0x0) r0 = socket$inet_udp(0x2, 0x2, 0x0) close(r0) socket$inet(0x10, 0x0, 0x0) write(0xffffffffffffffff, 0x0, 0x0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) mkdir(&(0x7f0000000500)='./file1\x00', 0x0) write$binfmt_elf64(r1, &(0x7f0000000080)=ANY=[], 0xce024b8b) link(&(0x7f0000000240)='./file0\x00', &(0x7f0000000000)='./file1/file0\x00') rmdir(&(0x7f0000000140)='./file1\x00') utimes(&(0x7f00000000c0)='./file1\x00', 0x0) write$binfmt_misc(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0xfffffecc) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$KVM_NMI(0xffffffffffffffff, 0xae9a) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) 03:19:48 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) readv(0xffffffffffffffff, 0x0, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) ioctl$TUNSETNOCSUM(0xffffffffffffffff, 0x400454c8, 0x1) open(&(0x7f0000000180)='./file0\x00', 0x0, 0x48) pipe2(0x0, 0x80000) ioctl$IOC_PR_REGISTER(0xffffffffffffffff, 0x401870c8, &(0x7f00000001c0)={0x200, 0x5}) rt_sigaction(0x7, 0x0, 0x0, 0x0, 0x0) setxattr$security_capability(&(0x7f0000000100)='./file0\x00', 0x0, &(0x7f0000000240)=@v2={0x2000000, [{0x6b}, {0x0, 0x2}]}, 0x14, 0x0) creat(&(0x7f0000000000)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x80}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) perf_event_open(&(0x7f000000a000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x6d18af15637eebe9}, 0x8000000200036150, 0x800007b}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = creat(&(0x7f00000002c0)='./bus\x00', 0x0) syncfs(r4) writev(r4, &(0x7f0000000740)=[{&(0x7f0000000340)="162e37de0a50d74d9abcdf2d2815ba2586e61a8213a78ac2d2f71f2cd24f27dfcb304039d06cd7ef411f79d636b48b264aa3c78eb0167dc71f781f73119efdc42bbf0969b187410da1e620851bede8ac662c579a85fee0bfd7c8be6c8b1c0117d23c96bdfe47e6f549316bbc901e6926ac332e141f1a3a28a35d42e7f05fbf4a05fcbb", 0x83}, {&(0x7f0000000400)="76b22b7c6493608ea8d0fbbf650ac8dd22921c9d78e0a46c622ebbd3b5ca893b59c20d0a926165933984364de916de7e9f8ded541c", 0x35}, {&(0x7f0000000440)="71c92ce4b743736dfff33b53f086c2a227a2d99dfccc498f4219eaf73528d94882ccfe2f6288b3a7206cae693064021ee4545f296db4175bc64f74c9454599d3a513b6485088940d794f3778f051f80ba32ea02dd6a6", 0x56}, {&(0x7f00000004c0)="65b06d321b61112a0d4423243142ba63b76075", 0x13}, {&(0x7f0000000500)="6873c8a871f4f30293795ada20bd44e9e47e92836c61f512e867ca7ddbcadb6b9fa1a4de85c8eb64b9d7636426a5eb56038cf72b1ecd45dcef255e61f0b24d7f4cf4c4d34bef138d1654ad82088aa9adabd28bb33f40c86f0ed920caf1a65642da029070ec1b8b9c62671367bb195ceaf56e19a92ba762f29f6fa49a8bd6d0e46f378e17dea1585fd24dbe95bcc4300cfd3b9e1d1167b62f9d64b7767a315ed0c4fd5cddd9f6833ce1a15bddafe04f4aceda57", 0xb3}, {&(0x7f00000005c0)="fca929769f676bc09fea09b5271ef8ddf194b0afd5c67e33e10f0d17b36c336bee454a7f44fa26cd56d854c9c3fe058aa0c6c39611ce80e3c49272710cad129f8cf11c52aceeaecd81cb4dce0111e5f516d85f9851443e694a1b8c3abdcfe07d65631d8cabfbb79580ed517160c190eb83284a98a7e6fd9c397fb623b8d31564d23b3b0771204353ce00112813de46a0e0ec67b1f855811c84", 0x99}, {&(0x7f0000000680)="c0f51385c080650696ccfcdfc05d38d11d2f7bcef1deedd5f898e964b7f53f9e2d4f7955cd12de6f08f988", 0x2b}, {&(0x7f00000006c0)="d2a2d54600c52d61d35e476c58f762ede6870acbae9ba0a045c797ef0179554e7523e7d14c2686d069c60815b86221be900e0258996affb9b394cdd8414341ddf39ed6170dce62daccbb", 0x4a}], 0x8) mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000200)='ncpfs\x00', 0x200040, &(0x7f000000a000)) getsockopt$bt_rfcomm_RFCOMM_CONNINFO(0xffffffffffffffff, 0x12, 0x2, &(0x7f0000001200)=""/71, 0x0) [ 428.089955][ T27] audit: type=1804 audit(1583119188.091:161): pid=14877 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir486746795/syzkaller.S4NoXv/70/file0/bus" dev="loop1" ino=90 res=1 [ 428.225410][ T27] audit: type=1804 audit(1583119188.141:162): pid=14931 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir486746795/syzkaller.S4NoXv/70/file0/bus" dev="loop1" ino=90 res=1 03:19:48 executing program 5: perf_event_open(&(0x7f0000000440)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) openat$vcs(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/vcs\x00', 0x440400, 0x0) ioctl$sock_netdev_private(0xffffffffffffffff, 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) pipe(0x0) r0 = socket$inet_udp(0x2, 0x2, 0x0) close(r0) socket$inet(0x10, 0x0, 0x0) write(0xffffffffffffffff, 0x0, 0x0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) mkdir(&(0x7f0000000500)='./file1\x00', 0x0) write$binfmt_elf64(r1, &(0x7f0000000080)=ANY=[], 0xce024b8b) link(&(0x7f0000000240)='./file0\x00', &(0x7f0000000000)='./file1/file0\x00') rmdir(&(0x7f0000000140)='./file1\x00') utimes(&(0x7f00000000c0)='./file1\x00', 0x0) write$binfmt_misc(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0xfffffecc) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$KVM_NMI(0xffffffffffffffff, 0xae9a) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) [ 428.792402][ T820] attempt to access beyond end of device [ 428.805729][ T820] loop1: rw=1, want=3889, limit=63 [ 428.828653][ T820] attempt to access beyond end of device [ 428.834326][ T820] loop1: rw=1, want=5937, limit=63 [ 428.845406][ T820] attempt to access beyond end of device [ 428.871390][ T820] loop1: rw=1, want=7985, limit=63 [ 428.883106][ T820] attempt to access beyond end of device [ 428.889273][ T820] loop1: rw=1, want=10041, limit=63 [ 428.906625][ T820] attempt to access beyond end of device [ 428.912312][ T820] loop1: rw=1, want=12129, limit=63 [ 428.929020][ T820] attempt to access beyond end of device [ 428.934869][ T820] loop1: rw=1, want=16185, limit=63 [ 428.948534][ T820] attempt to access beyond end of device [ 428.954359][ T820] loop1: rw=1, want=20257, limit=63 [ 428.966836][ T820] attempt to access beyond end of device [ 428.972556][ T820] loop1: rw=1, want=23221, limit=63 03:19:49 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000200)="6653070002053c27bc337600363925d86800278dcff47d010000805acf4f8f36460234432479aed75d492b415bcee00a06dc9d8e99adaf81dcfc6afd983f79e65199615607676f8f9fc0ebf8b0b16d6f2c59957ab364884b3c5d05692e664ebf68e6faa5", 0x64}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ptrace$cont(0x7, r0, 0x0, 0x0) 03:19:49 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) readv(0xffffffffffffffff, 0x0, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) ioctl$TUNSETNOCSUM(0xffffffffffffffff, 0x400454c8, 0x1) open(&(0x7f0000000180)='./file0\x00', 0x0, 0x48) pipe2(0x0, 0x80000) ioctl$IOC_PR_REGISTER(0xffffffffffffffff, 0x401870c8, &(0x7f00000001c0)={0x200, 0x5}) rt_sigaction(0x7, 0x0, 0x0, 0x0, 0x0) setxattr$security_capability(&(0x7f0000000100)='./file0\x00', 0x0, &(0x7f0000000240)=@v2={0x2000000, [{0x6b}, {0x0, 0x2}]}, 0x14, 0x0) creat(&(0x7f0000000000)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x80}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) perf_event_open(&(0x7f000000a000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x6d18af15637eebe9}, 0x8000000200036150, 0x800007b}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = creat(&(0x7f00000002c0)='./bus\x00', 0x0) syncfs(r4) writev(r4, &(0x7f0000000740)=[{&(0x7f0000000340)="162e37de0a50d74d9abcdf2d2815ba2586e61a8213a78ac2d2f71f2cd24f27dfcb304039d06cd7ef411f79d636b48b264aa3c78eb0167dc71f781f73119efdc42bbf0969b187410da1e620851bede8ac662c579a85fee0bfd7c8be6c8b1c0117d23c96bdfe47e6f549316bbc901e6926ac332e141f1a3a28a35d42e7f05fbf4a05fcbb", 0x83}, {&(0x7f0000000400)="76b22b7c6493608ea8d0fbbf650ac8dd22921c9d78e0a46c622ebbd3b5ca893b59c20d0a926165933984364de916de7e9f8ded541c", 0x35}, {&(0x7f0000000440)="71c92ce4b743736dfff33b53f086c2a227a2d99dfccc498f4219eaf73528d94882ccfe2f6288b3a7206cae693064021ee4545f296db4175bc64f74c9454599d3a513b6485088940d794f3778f051f80ba32ea02dd6a6", 0x56}, {&(0x7f00000004c0)="65b06d321b61112a0d4423243142ba63b76075", 0x13}, {&(0x7f0000000500)="6873c8a871f4f30293795ada20bd44e9e47e92836c61f512e867ca7ddbcadb6b9fa1a4de85c8eb64b9d7636426a5eb56038cf72b1ecd45dcef255e61f0b24d7f4cf4c4d34bef138d1654ad82088aa9adabd28bb33f40c86f0ed920caf1a65642da029070ec1b8b9c62671367bb195ceaf56e19a92ba762f29f6fa49a8bd6d0e46f378e17dea1585fd24dbe95bcc4300cfd3b9e1d1167b62f9d64b7767a315ed0c4fd5cddd9f6833ce1a15bddafe04f4aceda57", 0xb3}, {&(0x7f00000005c0)="fca929769f676bc09fea09b5271ef8ddf194b0afd5c67e33e10f0d17b36c336bee454a7f44fa26cd56d854c9c3fe058aa0c6c39611ce80e3c49272710cad129f8cf11c52aceeaecd81cb4dce0111e5f516d85f9851443e694a1b8c3abdcfe07d65631d8cabfbb79580ed517160c190eb83284a98a7e6fd9c397fb623b8d31564d23b3b0771204353ce00112813de46a0e0ec67b1f855811c84", 0x99}, {&(0x7f0000000680)="c0f51385c080650696ccfcdfc05d38d11d2f7bcef1deedd5f898e964b7f53f9e2d4f7955cd12de6f08f988", 0x2b}, {&(0x7f00000006c0)="d2a2d54600c52d61d35e476c58f762ede6870acbae9ba0a045c797ef0179554e7523e7d14c2686d069c60815b86221be900e0258996affb9b394cdd8414341ddf39ed6170dce62daccbb", 0x4a}], 0x8) mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000200)='ncpfs\x00', 0x200040, &(0x7f000000a000)) getsockopt$bt_rfcomm_RFCOMM_CONNINFO(0xffffffffffffffff, 0x12, 0x2, &(0x7f0000001200)=""/71, 0x0) 03:19:49 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) readv(0xffffffffffffffff, 0x0, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) ioctl$TUNSETNOCSUM(0xffffffffffffffff, 0x400454c8, 0x1) open(&(0x7f0000000180)='./file0\x00', 0x0, 0x48) pipe2(0x0, 0x80000) ioctl$IOC_PR_REGISTER(0xffffffffffffffff, 0x401870c8, &(0x7f00000001c0)={0x200, 0x5}) rt_sigaction(0x7, 0x0, 0x0, 0x0, 0x0) setxattr$security_capability(&(0x7f0000000100)='./file0\x00', 0x0, &(0x7f0000000240)=@v2={0x2000000, [{0x6b}, {0x0, 0x2}]}, 0x14, 0x0) creat(&(0x7f0000000000)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x80}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) perf_event_open(&(0x7f000000a000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x6d18af15637eebe9}, 0x8000000200036150, 0x800007b}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = creat(&(0x7f00000002c0)='./bus\x00', 0x0) syncfs(r4) writev(r4, &(0x7f0000000740)=[{&(0x7f0000000340)="162e37de0a50d74d9abcdf2d2815ba2586e61a8213a78ac2d2f71f2cd24f27dfcb304039d06cd7ef411f79d636b48b264aa3c78eb0167dc71f781f73119efdc42bbf0969b187410da1e620851bede8ac662c579a85fee0bfd7c8be6c8b1c0117d23c96bdfe47e6f549316bbc901e6926ac332e141f1a3a28a35d42e7f05fbf4a05fcbb", 0x83}, {&(0x7f0000000400)="76b22b7c6493608ea8d0fbbf650ac8dd22921c9d78e0a46c622ebbd3b5ca893b59c20d0a926165933984364de916de7e9f8ded541c", 0x35}, {&(0x7f0000000440)="71c92ce4b743736dfff33b53f086c2a227a2d99dfccc498f4219eaf73528d94882ccfe2f6288b3a7206cae693064021ee4545f296db4175bc64f74c9454599d3a513b6485088940d794f3778f051f80ba32ea02dd6a6", 0x56}, {&(0x7f00000004c0)="65b06d321b61112a0d4423243142ba63b76075", 0x13}, {&(0x7f0000000500)="6873c8a871f4f30293795ada20bd44e9e47e92836c61f512e867ca7ddbcadb6b9fa1a4de85c8eb64b9d7636426a5eb56038cf72b1ecd45dcef255e61f0b24d7f4cf4c4d34bef138d1654ad82088aa9adabd28bb33f40c86f0ed920caf1a65642da029070ec1b8b9c62671367bb195ceaf56e19a92ba762f29f6fa49a8bd6d0e46f378e17dea1585fd24dbe95bcc4300cfd3b9e1d1167b62f9d64b7767a315ed0c4fd5cddd9f6833ce1a15bddafe04f4aceda57", 0xb3}, {&(0x7f00000005c0)="fca929769f676bc09fea09b5271ef8ddf194b0afd5c67e33e10f0d17b36c336bee454a7f44fa26cd56d854c9c3fe058aa0c6c39611ce80e3c49272710cad129f8cf11c52aceeaecd81cb4dce0111e5f516d85f9851443e694a1b8c3abdcfe07d65631d8cabfbb79580ed517160c190eb83284a98a7e6fd9c397fb623b8d31564d23b3b0771204353ce00112813de46a0e0ec67b1f855811c84", 0x99}, {&(0x7f0000000680)="c0f51385c080650696ccfcdfc05d38d11d2f7bcef1deedd5f898e964b7f53f9e2d4f7955cd12de6f08f988", 0x2b}, {&(0x7f00000006c0)="d2a2d54600c52d61d35e476c58f762ede6870acbae9ba0a045c797ef0179554e7523e7d14c2686d069c60815b86221be900e0258996affb9b394cdd8414341ddf39ed6170dce62daccbb", 0x4a}], 0x8) mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000200)='ncpfs\x00', 0x200040, &(0x7f000000a000)) getsockopt$bt_rfcomm_RFCOMM_CONNINFO(0xffffffffffffffff, 0x12, 0x2, &(0x7f0000001200)=""/71, 0x0) 03:19:49 executing program 2: r0 = signalfd4(0xffffffffffffffff, &(0x7f0000006000), 0x8, 0x0) r1 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f000001bff4)) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, r2, 0x0, 0x0) tkill(r2, 0x3c) ptrace$setregs(0xffffffffffffffff, r2, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r2, 0x0, 0x0) 03:19:49 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='sched\x00') r1 = syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0)='IPVS\x00') sendmsg$IPVS_CMD_FLUSH(r0, &(0x7f0000000500)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="00012bbd7000fcdbdf25114000ff06000f000400000008000900000001000800030004000000"], 0x38}, 0x1, 0x0, 0x0, 0x4000000}, 0x1) r2 = getpid() sched_setattr(r2, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r3 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r3, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r5, 0x407, 0x0) write(r5, &(0x7f0000000340), 0x41395527) vmsplice(r4, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x7e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r6 = open(&(0x7f0000000240)='./file0\x00', 0x880, 0x0) fchdir(r6) r7 = creat(&(0x7f0000000680)='./bus\x00', 0x0) ftruncate(r7, 0x800) lseek(r7, 0x0, 0x2) r8 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0) sendfile(r7, r8, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0x0) sendmsg$NL80211_CMD_START_SCHED_SCAN(0xffffffffffffffff, &(0x7f0000000440)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000400)={&(0x7f00000006c0)=ANY=[@ANYBLOB="6000000056f3257a4fcfe2f523d172e7d3ccf9f026b82608f14536009793803f9262155f95eda2f906e1adf01794d1dc50d9f94fa2755eb6a78e734497b5d45d20299029657b342cf5048b8df517b8262e43802b6f4fd08e4831281e6744113689ba928193e3524a7b5bb966519233661752defd54145cabdab0049aba08ea9b814907008c1d269b2644bfdc4b8dc013fb936339f53e", @ANYRES16=0x0, @ANYBLOB="007bb5bd7000ffdbdf254b0000000400ec000a000600bbbbbbbbbbbb00000800d20000000700000000eeaaa100000000006a00000008000000000000000800000001000000080000000800000008000000fa02038ea700000103e31f08a3aa2bc5ddfe963acf2808c9a935574177c8d8dc9a540181df1ed1e696607eb8de4875eb"], 0x60}, 0x1, 0x0, 0x0, 0x4080}, 0xa0) 03:19:49 executing program 5: perf_event_open(&(0x7f0000000440)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) openat$vcs(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/vcs\x00', 0x440400, 0x0) ioctl$sock_netdev_private(0xffffffffffffffff, 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r0, 0xae80, 0x0) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) pipe(0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) close(r1) socket$inet(0x10, 0x0, 0x0) write(0xffffffffffffffff, 0x0, 0x0) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) mkdir(&(0x7f0000000500)='./file1\x00', 0x0) write$binfmt_elf64(r2, &(0x7f0000000080)=ANY=[], 0xce024b8b) link(&(0x7f0000000240)='./file0\x00', &(0x7f0000000000)='./file1/file0\x00') rmdir(&(0x7f0000000140)='./file1\x00') utimes(&(0x7f00000000c0)='./file1\x00', 0x0) write$binfmt_misc(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0xfffffecc) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$KVM_NMI(r0, 0xae9a) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) 03:19:50 executing program 5: perf_event_open(&(0x7f0000000440)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) openat$vcs(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/vcs\x00', 0x440400, 0x0) ioctl$sock_netdev_private(0xffffffffffffffff, 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r0, 0xae80, 0x0) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) pipe(0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) close(r1) socket$inet(0x10, 0x0, 0x0) write(0xffffffffffffffff, 0x0, 0x0) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) mkdir(&(0x7f0000000500)='./file1\x00', 0x0) write$binfmt_elf64(r2, &(0x7f0000000080)=ANY=[], 0xce024b8b) link(&(0x7f0000000240)='./file0\x00', &(0x7f0000000000)='./file1/file0\x00') rmdir(&(0x7f0000000140)='./file1\x00') utimes(&(0x7f00000000c0)='./file1\x00', 0x0) write$binfmt_misc(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0xfffffecc) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$KVM_NMI(r0, 0xae9a) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) 03:19:50 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) readv(0xffffffffffffffff, 0x0, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) ioctl$TUNSETNOCSUM(0xffffffffffffffff, 0x400454c8, 0x1) open(&(0x7f0000000180)='./file0\x00', 0x0, 0x48) pipe2(0x0, 0x80000) ioctl$IOC_PR_REGISTER(0xffffffffffffffff, 0x401870c8, &(0x7f00000001c0)={0x200, 0x5}) rt_sigaction(0x7, 0x0, 0x0, 0x0, 0x0) setxattr$security_capability(&(0x7f0000000100)='./file0\x00', 0x0, &(0x7f0000000240)=@v2={0x2000000, [{0x6b}, {0x0, 0x2}]}, 0x14, 0x0) creat(&(0x7f0000000000)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x80}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) perf_event_open(&(0x7f000000a000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x6d18af15637eebe9}, 0x8000000200036150, 0x800007b}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = creat(&(0x7f00000002c0)='./bus\x00', 0x0) syncfs(r4) writev(r4, &(0x7f0000000740)=[{&(0x7f0000000340)="162e37de0a50d74d9abcdf2d2815ba2586e61a8213a78ac2d2f71f2cd24f27dfcb304039d06cd7ef411f79d636b48b264aa3c78eb0167dc71f781f73119efdc42bbf0969b187410da1e620851bede8ac662c579a85fee0bfd7c8be6c8b1c0117d23c96bdfe47e6f549316bbc901e6926ac332e141f1a3a28a35d42e7f05fbf4a05fcbb", 0x83}, {&(0x7f0000000400)="76b22b7c6493608ea8d0fbbf650ac8dd22921c9d78e0a46c622ebbd3b5ca893b59c20d0a926165933984364de916de7e9f8ded541c", 0x35}, {&(0x7f0000000440)="71c92ce4b743736dfff33b53f086c2a227a2d99dfccc498f4219eaf73528d94882ccfe2f6288b3a7206cae693064021ee4545f296db4175bc64f74c9454599d3a513b6485088940d794f3778f051f80ba32ea02dd6a6", 0x56}, {&(0x7f00000004c0)="65b06d321b61112a0d4423243142ba63b76075", 0x13}, {&(0x7f0000000500)="6873c8a871f4f30293795ada20bd44e9e47e92836c61f512e867ca7ddbcadb6b9fa1a4de85c8eb64b9d7636426a5eb56038cf72b1ecd45dcef255e61f0b24d7f4cf4c4d34bef138d1654ad82088aa9adabd28bb33f40c86f0ed920caf1a65642da029070ec1b8b9c62671367bb195ceaf56e19a92ba762f29f6fa49a8bd6d0e46f378e17dea1585fd24dbe95bcc4300cfd3b9e1d1167b62f9d64b7767a315ed0c4fd5cddd9f6833ce1a15bddafe04f4aceda57", 0xb3}, {&(0x7f00000005c0)="fca929769f676bc09fea09b5271ef8ddf194b0afd5c67e33e10f0d17b36c336bee454a7f44fa26cd56d854c9c3fe058aa0c6c39611ce80e3c49272710cad129f8cf11c52aceeaecd81cb4dce0111e5f516d85f9851443e694a1b8c3abdcfe07d65631d8cabfbb79580ed517160c190eb83284a98a7e6fd9c397fb623b8d31564d23b3b0771204353ce00112813de46a0e0ec67b1f855811c84", 0x99}, {&(0x7f0000000680)="c0f51385c080650696ccfcdfc05d38d11d2f7bcef1deedd5f898e964b7f53f9e2d4f7955cd12de6f08f988", 0x2b}, {&(0x7f00000006c0)="d2a2d54600c52d61d35e476c58f762ede6870acbae9ba0a045c797ef0179554e7523e7d14c2686d069c60815b86221be900e0258996affb9b394cdd8414341ddf39ed6170dce62daccbb", 0x4a}], 0x8) mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000200)='ncpfs\x00', 0x200040, &(0x7f000000a000)) getsockopt$bt_rfcomm_RFCOMM_CONNINFO(0xffffffffffffffff, 0x12, 0x2, &(0x7f0000001200)=""/71, 0x0) [ 430.062289][ T27] audit: type=1804 audit(1583119190.061:163): pid=15224 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir486746795/syzkaller.S4NoXv/71/file0/bus" dev="loop1" ino=91 res=1 [ 430.156294][ T27] audit: type=1804 audit(1583119190.111:164): pid=15228 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir486746795/syzkaller.S4NoXv/71/file0/bus" dev="loop1" ino=91 res=1 03:19:50 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x100000008d}, 0x0) r0 = getpid() pipe(&(0x7f0000000100)) sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(0xffffffffffffffff, &(0x7f00000003c0)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x400c0800}, 0xc, &(0x7f00000002c0)={&(0x7f00000004c0)=ANY=[@ANYBLOB="63d7a6c0e8b58acfbad7e08db3f404e33eb03fd624b7c0e773c42a908de50c08b3235443a19680f015c200b5b50b2dc165dc1f55b7309a38588fa9d14c2db962f9c96fdd84b21419068621ea599c409b50db907b47098c9b7382b4eddff637b96209b1"], 0x1}, 0x1, 0x0, 0x0, 0x40000}, 0x44894) sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) dup2(0xffffffffffffffff, 0xffffffffffffffff) r1 = gettid() ptrace$PTRACE_SECCOMP_GET_METADATA(0x420d, r1, 0x10, &(0x7f00000000c0)) r2 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) ioctl$KDGETLED(0xffffffffffffffff, 0x4b31, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) write(r4, &(0x7f0000000340), 0x41395527) open(&(0x7f000000fffa)='./bus\x00', 0x141042, 0x0) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) r5 = creat(&(0x7f0000000000)='./file0\x00', 0x100) ftruncate(r5, 0x3) r6 = openat(r5, &(0x7f0000000880)='./file0\x00', 0x6240c2, 0x10) r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000900)='nl80211\x00') r8 = socket$packet(0x11, 0x3, 0x300) r9 = socket(0x100000000011, 0x0, 0x0) bind(r9, 0x0, 0x0) getsockname$packet(r9, &(0x7f0000000040)={0x11, 0x0, 0x0}, &(0x7f00000001c0)=0x14) setsockopt$packet_add_memb(r8, 0x107, 0x1, &(0x7f0000000040)={r10, 0x1, 0x6, @local}, 0x10) sendmsg$NL80211_CMD_SET_MPATH(r6, &(0x7f0000000a00)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x10000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x10}, 0x4004) getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000000040)={0x0, @local, @local}, &(0x7f0000000080)=0xc) bind$packet(0xffffffffffffffff, &(0x7f0000000140)={0x11, 0x0, r11, 0x1, 0x0, 0x6, @remote}, 0x14) clock_gettime(0x0, &(0x7f0000003cc0)={0x0, 0x0}) recvmmsg(0xffffffffffffffff, &(0x7f0000003b00)=[{{&(0x7f0000000600)=@in={0x2, 0x0, @multicast1}, 0x80, &(0x7f0000000380)=[{&(0x7f0000000900)=""/177, 0xb1}], 0x1, &(0x7f00000009c0)=""/202, 0xca}, 0xcb4}, {{&(0x7f0000000740)=@can, 0x80, &(0x7f0000000400)=[{&(0x7f0000000ac0)=""/228, 0xe4}], 0x1, &(0x7f0000000480)=""/20, 0x14}, 0x800}, {{0x0, 0x0, &(0x7f0000000e80)=[{&(0x7f0000000c40)=""/116, 0x74}, {&(0x7f0000000cc0)=""/211, 0xd3}, {&(0x7f0000000dc0)=""/168, 0xa8}], 0x3}}, {{&(0x7f0000000f80)=@ipx, 0x80, &(0x7f0000001100)=[{0x0}], 0x1, &(0x7f0000001140)=""/132, 0x84}, 0x2}, {{&(0x7f0000001200)=@xdp, 0x80, &(0x7f0000003400)=[{&(0x7f0000001280)=""/4096, 0x1000}, {&(0x7f0000002280)=""/134, 0x86}, {&(0x7f0000002340)=""/4096, 0x1000}, {&(0x7f0000003340)=""/19, 0x13}, {&(0x7f0000003380)}, {&(0x7f00000033c0)=""/23, 0x17}], 0x6, &(0x7f0000003480)=""/74, 0x4a}, 0x3}, {{&(0x7f0000003500)=@sco={0x1f, @none}, 0x80, &(0x7f0000003800)=[{&(0x7f0000003580)=""/232, 0xe8}, {&(0x7f0000003680)=""/100, 0x64}, {&(0x7f0000003700)=""/132, 0x84}, {&(0x7f00000037c0)=""/25, 0x19}], 0x4, &(0x7f0000003840)=""/181, 0xb5}}, {{&(0x7f0000003900)=@ethernet={0x0, @remote}, 0x80, &(0x7f0000003a40)=[{&(0x7f0000003980)=""/69, 0x45}, {0x0}], 0x2, &(0x7f0000003a80)=""/82, 0x52}}], 0x7, 0x100, &(0x7f0000003d00)={r12, r13+30000000}) getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000003380)={0x0, @local, @local}, &(0x7f0000000080)=0xc) bind$packet(0xffffffffffffffff, &(0x7f0000000140)={0x11, 0x0, r14, 0x1, 0x0, 0x6, @remote}, 0x14) r15 = syz_open_dev$usbmon(0x0, 0x0, 0x0) mmap(&(0x7f0000a05000/0x400000)=nil, 0x40031c, 0x0, 0x8012, r15, 0x0) ioctl$MON_IOCT_RING_SIZE(r15, 0x9204, 0xb0398) r16 = syz_open_dev$usbmon(&(0x7f00008be000)='/dev/usbmon#\x00', 0x0, 0x0) mmap(&(0x7f0000a05000/0x400000)=nil, 0x40031c, 0x0, 0x8012, r16, 0x0) ioctl$MON_IOCT_RING_SIZE(r16, 0x9204, 0xb0398) r17 = syz_open_dev$usbmon(&(0x7f00008be000)='/dev/usbmon#\x00', 0x0, 0x0) mmap(&(0x7f0000a05000/0x400000)=nil, 0x40031c, 0x0, 0x8012, r17, 0x0) ioctl$MON_IOCT_RING_SIZE(r17, 0x9204, 0x0) sendmsg$NL80211_CMD_GET_INTERFACE(0xffffffffffffffff, &(0x7f0000003dc0)={0x0, 0x0, &(0x7f0000003d80)={&(0x7f0000003e00)=ANY=[@ANYBLOB='4\x00', @ANYRES16=r7, @ANYPTR64=&(0x7f0000003d40)=ANY=[@ANYRES16, @ANYPTR=&(0x7f0000003ec0)=ANY=[@ANYPTR, @ANYRES16=0x0, @ANYBLOB="f463c91d140e4700b1044cb52d05b1790c0afab3c1c3c7662fd543a74c73a7cf4a255e23d7079ce58df612a2018e3b63a5e218336980494bf164250756f4d50174a66fbfb24753f82090b8c393da96db8186ab413db039e0c5bd76d858e3ff6c8c914e3f779a49828a0335d07af6747e25276e475d58c98681a946b5faabe2591b260e20dc185aa625c04cbb7d2be0f6ec2e63a7d2d77b963d67d0e4d9adb05df90d0a", @ANYRESHEX=r15, @ANYRES16=0x0, @ANYRES16=r16, @ANYRESOCT=r17, @ANYRES16]], @ANYRES32=r11, @ANYBLOB='\x00\x00\x00\x00', @ANYRES32, @ANYBLOB="080001000100000008002115ad3933c81810ce82a293111a788b83c50688f2245460c0204e27d20fe7dc385a94dc69f9d18709dc645fa66cc483e4d587bd7b0d195866141be7be78fb4a7d76f5a054d84c7dabcdb2611c153b56539e66a4de00000000000000", @ANYRES32=r14, @ANYBLOB], 0x9}, 0x1, 0x0, 0x0, 0x2000c881}, 0x1) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) request_key(&(0x7f0000000180)='dns_resolver\x00', &(0x7f00000001c0)={'syz', 0x0}, &(0x7f0000000340)='[\'eth1-#\x00', 0xffffffffffffffff) syz_mount_image$ext4(0x0, 0x0, 0x7, 0x1, &(0x7f00000007c0)=[{&(0x7f0000000680)="62f23e748cdfecc0d3bcb88248f9f8f8e8ba030000000000001dcdc6041c8d8a0957939950c15c7ac6360c7820e1d5957ba4167f17600b58767db91e29eb92a20f86dddfb0f8dda322d3ddeadba924051c7894f228f090746b1a55e851e7dcaae4d8411f6806d216b4f2e7eca231a30142ee9bb4bb5598a94336a99790d3b77dcda45483c1fb1194c56ddfddb587442754e6c815", 0xfffffd92, 0xb6}], 0x80000, 0x0) 03:19:50 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) readv(0xffffffffffffffff, 0x0, 0x0) r0 = getpid() sched_setattr(r0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) setxattr$security_capability(&(0x7f0000000100)='./file0\x00', 0x0, &(0x7f0000000240)=@v2, 0x14, 0x0) r1 = creat(&(0x7f00000002c0)='./bus\x00', 0x0) syncfs(r1) writev(r1, 0x0, 0x0) mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000200)='ncpfs\x00', 0x200040, 0x0) getsockopt$bt_rfcomm_RFCOMM_CONNINFO(0xffffffffffffffff, 0x12, 0x2, &(0x7f0000001200)=""/71, 0x0) 03:19:50 executing program 5: perf_event_open(&(0x7f0000000440)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) openat$vcs(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/vcs\x00', 0x440400, 0x0) ioctl$sock_netdev_private(0xffffffffffffffff, 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r0, 0xae80, 0x0) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) pipe(0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) close(r1) socket$inet(0x10, 0x0, 0x0) write(0xffffffffffffffff, 0x0, 0x0) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) mkdir(&(0x7f0000000500)='./file1\x00', 0x0) write$binfmt_elf64(r2, &(0x7f0000000080)=ANY=[], 0xce024b8b) link(&(0x7f0000000240)='./file0\x00', &(0x7f0000000000)='./file1/file0\x00') rmdir(&(0x7f0000000140)='./file1\x00') utimes(&(0x7f00000000c0)='./file1\x00', 0x0) write$binfmt_misc(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0xfffffecc) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$KVM_NMI(r0, 0xae9a) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) 03:19:50 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='sched\x00') r1 = syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0)='IPVS\x00') sendmsg$IPVS_CMD_FLUSH(r0, &(0x7f0000000500)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="00012bbd7000fcdbdf25114000ff06000f000400000008000900000001000800030004000000"], 0x38}, 0x1, 0x0, 0x0, 0x4000000}, 0x1) r2 = getpid() sched_setattr(r2, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r3 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r3, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r5, 0x407, 0x0) write(r5, &(0x7f0000000340), 0x41395527) vmsplice(r4, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x7e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r6 = open(&(0x7f0000000240)='./file0\x00', 0x880, 0x0) fchdir(r6) r7 = creat(&(0x7f0000000680)='./bus\x00', 0x0) ftruncate(r7, 0x800) lseek(r7, 0x0, 0x2) r8 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0) sendfile(r7, r8, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0x0) sendmsg$NL80211_CMD_START_SCHED_SCAN(0xffffffffffffffff, &(0x7f0000000440)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000400)={&(0x7f00000006c0)=ANY=[@ANYBLOB="6000000056f3257a4fcfe2f523d172e7d3ccf9f026b82608f14536009793803f9262155f95eda2f906e1adf01794d1dc50d9f94fa2755eb6a78e734497b5d45d20299029657b342cf5048b8df517b8262e43802b6f4fd08e4831281e6744113689ba928193e3524a7b5bb966519233661752defd54145cabdab0049aba08ea9b814907008c1d269b2644bfdc4b8dc013fb936339f53e", @ANYRES16=0x0, @ANYBLOB="007bb5bd7000ffdbdf254b0000000400ec000a000600bbbbbbbbbbbb00000800d20000000700000000eeaaa100000000006a00000008000000000000000800000001000000080000000800000008000000fa02038ea700000103e31f08a3aa2bc5ddfe963acf2808c9a935574177c8d8dc9a540181df1ed1e696607eb8de4875eb"], 0x60}, 0x1, 0x0, 0x0, 0x4080}, 0xa0) 03:19:50 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) readv(0xffffffffffffffff, 0x0, 0x0) r0 = getpid() sched_setattr(r0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) setxattr$security_capability(&(0x7f0000000100)='./file0\x00', 0x0, &(0x7f0000000240)=@v2, 0x14, 0x0) r1 = creat(&(0x7f00000002c0)='./bus\x00', 0x0) syncfs(r1) writev(r1, 0x0, 0x0) mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000200)='ncpfs\x00', 0x200040, 0x0) getsockopt$bt_rfcomm_RFCOMM_CONNINFO(0xffffffffffffffff, 0x12, 0x2, &(0x7f0000001200)=""/71, 0x0) [ 430.800559][ T7954] attempt to access beyond end of device [ 430.862521][ T7954] loop1: rw=1, want=4161, limit=63 [ 430.912588][ T7954] attempt to access beyond end of device [ 430.944267][ T7954] loop1: rw=1, want=6209, limit=63 [ 430.991872][ T7954] attempt to access beyond end of device [ 431.000264][ T7954] loop1: rw=1, want=8257, limit=63 [ 431.010049][ T7954] attempt to access beyond end of device [ 431.015928][ T7954] loop1: rw=1, want=10305, limit=63 [ 431.025398][ T7954] attempt to access beyond end of device [ 431.031150][ T7954] loop1: rw=1, want=12353, limit=63 [ 431.040845][ T7954] attempt to access beyond end of device [ 431.047129][ T7954] loop1: rw=1, want=14401, limit=63 [ 431.059563][ T7954] attempt to access beyond end of device [ 431.065205][ T7954] loop1: rw=1, want=16449, limit=63 [ 431.074567][ T7954] attempt to access beyond end of device [ 431.080244][ T7954] loop1: rw=1, want=18497, limit=63 [ 431.090122][ T7954] attempt to access beyond end of device [ 431.095869][ T7954] loop1: rw=1, want=20577, limit=63 [ 431.106993][ T7954] attempt to access beyond end of device [ 431.112626][ T7954] loop1: rw=1, want=23857, limit=63 [ 431.121240][ T7954] attempt to access beyond end of device [ 431.126950][ T7954] loop1: rw=1, want=24597, limit=63 [ 431.356176][ T27] audit: type=1804 audit(1583119191.361:165): pid=15464 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir486746795/syzkaller.S4NoXv/72/file0/bus" dev="loop1" ino=92 res=1 [ 431.412047][ T27] audit: type=1804 audit(1583119191.401:166): pid=15467 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir486746795/syzkaller.S4NoXv/72/file0/bus" dev="loop1" ino=92 res=1 [ 432.092076][ T7972] attempt to access beyond end of device [ 432.097778][ T7972] loop1: rw=1, want=3649, limit=63 [ 432.108708][ T7972] attempt to access beyond end of device [ 432.114342][ T7972] loop1: rw=1, want=5697, limit=63 [ 432.123916][ T7972] attempt to access beyond end of device [ 432.129574][ T7972] loop1: rw=1, want=7745, limit=63 [ 432.139553][ T7972] attempt to access beyond end of device [ 432.145181][ T7972] loop1: rw=1, want=9793, limit=63 [ 432.154978][ T7972] attempt to access beyond end of device [ 432.160666][ T7972] loop1: rw=1, want=11841, limit=63 [ 432.170678][ T7972] attempt to access beyond end of device [ 432.176432][ T7972] loop1: rw=1, want=13897, limit=63 [ 432.185551][ T7972] attempt to access beyond end of device [ 432.191206][ T7972] loop1: rw=1, want=15945, limit=63 [ 432.201040][ T7972] attempt to access beyond end of device [ 432.206700][ T7972] loop1: rw=1, want=17993, limit=63 [ 432.215677][ T7972] attempt to access beyond end of device [ 432.221869][ T7972] loop1: rw=1, want=20041, limit=63 [ 432.233783][ T7972] attempt to access beyond end of device [ 432.239431][ T7972] loop1: rw=1, want=23937, limit=63 [ 432.252776][ T7972] attempt to access beyond end of device [ 432.258423][ T7972] loop1: rw=1, want=28065, limit=63 [ 432.268101][ T7972] attempt to access beyond end of device [ 432.273738][ T7972] loop1: rw=1, want=29365, limit=63 03:19:52 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000200)="6653070002053c27bc337600363925d86800278dcff47d010000805acf4f8f36460234432479aed75d492b415bcee00a06dc9d8e99adaf81dcfc6afd983f79e65199615607676f8f9fc0ebf8b0b16d6f2c59957ab364884b3c5d05692e664ebf68e6faa5", 0x64}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ptrace$cont(0x7, r0, 0x0, 0x0) 03:19:52 executing program 4: ioctl$KDGKBENT(0xffffffffffffffff, 0x4b46, &(0x7f00000001c0)) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x1) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41be, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = open(&(0x7f0000000000)='./file0\x00', 0x62000, 0x60) sendmsg$AUDIT_TTY_GET(r0, &(0x7f0000000180)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x10, 0x3f8, 0x4, 0x70bd29, 0x25dfdbfe, "", ["", "", "", "", ""]}, 0x10}, 0x1, 0x0, 0x0, 0x8001}, 0x0) sendmsg$TIPC_NL_MEDIA_GET(0xffffffffffffffff, 0x0, 0x0) syz_read_part_table(0xffffffffffffffff, 0x1, &(0x7f0000000280)=[{&(0x7f0000000000), 0x0, 0x1c0}]) ioctl$PERF_EVENT_IOC_SET_OUTPUT(0xffffffffffffffff, 0x2405, 0xffffffffffffffff) 03:19:52 executing program 5: openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) openat$vcs(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/vcs\x00', 0x440400, 0x0) ioctl$sock_netdev_private(0xffffffffffffffff, 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r0, 0xae80, 0x0) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) pipe(0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) close(r1) socket$inet(0x10, 0x0, 0x0) write(0xffffffffffffffff, 0x0, 0x0) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) mkdir(&(0x7f0000000500)='./file1\x00', 0x0) write$binfmt_elf64(r2, &(0x7f0000000080)=ANY=[], 0xce024b8b) link(&(0x7f0000000240)='./file0\x00', &(0x7f0000000000)='./file1/file0\x00') rmdir(&(0x7f0000000140)='./file1\x00') utimes(&(0x7f00000000c0)='./file1\x00', 0x0) write$binfmt_misc(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0xfffffecc) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$KVM_NMI(r0, 0xae9a) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) 03:19:52 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x100000008d}, 0x0) r0 = getpid() pipe(&(0x7f0000000100)) sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(0xffffffffffffffff, &(0x7f00000003c0)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x400c0800}, 0xc, &(0x7f00000002c0)={&(0x7f00000004c0)=ANY=[@ANYBLOB="63d7a6c0e8b58acfbad7e08db3f404e33eb03fd624b7c0e773c42a908de50c08b3235443a19680f015c200b5b50b2dc165dc1f55b7309a38588fa9d14c2db962f9c96fdd84b21419068621ea599c409b50db907b47098c9b7382b4eddff637b96209b1"], 0x1}, 0x1, 0x0, 0x0, 0x40000}, 0x44894) sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) dup2(0xffffffffffffffff, 0xffffffffffffffff) r1 = gettid() ptrace$PTRACE_SECCOMP_GET_METADATA(0x420d, r1, 0x10, &(0x7f00000000c0)) r2 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) ioctl$KDGETLED(0xffffffffffffffff, 0x4b31, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) write(r4, &(0x7f0000000340), 0x41395527) open(&(0x7f000000fffa)='./bus\x00', 0x141042, 0x0) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) r5 = creat(&(0x7f0000000000)='./file0\x00', 0x100) ftruncate(r5, 0x3) r6 = openat(r5, &(0x7f0000000880)='./file0\x00', 0x6240c2, 0x10) r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000900)='nl80211\x00') r8 = socket$packet(0x11, 0x3, 0x300) r9 = socket(0x100000000011, 0x0, 0x0) bind(r9, 0x0, 0x0) getsockname$packet(r9, &(0x7f0000000040)={0x11, 0x0, 0x0}, &(0x7f00000001c0)=0x14) setsockopt$packet_add_memb(r8, 0x107, 0x1, &(0x7f0000000040)={r10, 0x1, 0x6, @local}, 0x10) sendmsg$NL80211_CMD_SET_MPATH(r6, &(0x7f0000000a00)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x10000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x10}, 0x4004) getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000000040)={0x0, @local, @local}, &(0x7f0000000080)=0xc) bind$packet(0xffffffffffffffff, &(0x7f0000000140)={0x11, 0x0, r11, 0x1, 0x0, 0x6, @remote}, 0x14) clock_gettime(0x0, &(0x7f0000003cc0)={0x0, 0x0}) recvmmsg(0xffffffffffffffff, &(0x7f0000003b00)=[{{&(0x7f0000000600)=@in={0x2, 0x0, @multicast1}, 0x80, &(0x7f0000000380)=[{&(0x7f0000000900)=""/177, 0xb1}], 0x1, &(0x7f00000009c0)=""/202, 0xca}, 0xcb4}, {{&(0x7f0000000740)=@can, 0x80, &(0x7f0000000400)=[{&(0x7f0000000ac0)=""/228, 0xe4}], 0x1, &(0x7f0000000480)=""/20, 0x14}, 0x800}, {{0x0, 0x0, &(0x7f0000000e80)=[{&(0x7f0000000c40)=""/116, 0x74}, {&(0x7f0000000cc0)=""/211, 0xd3}, {&(0x7f0000000dc0)=""/168, 0xa8}], 0x3}}, {{&(0x7f0000000f80)=@ipx, 0x80, &(0x7f0000001100)=[{0x0}], 0x1, &(0x7f0000001140)=""/132, 0x84}, 0x2}, {{&(0x7f0000001200)=@xdp, 0x80, &(0x7f0000003400)=[{&(0x7f0000001280)=""/4096, 0x1000}, {&(0x7f0000002280)=""/134, 0x86}, {&(0x7f0000002340)=""/4096, 0x1000}, {&(0x7f0000003340)=""/19, 0x13}, {&(0x7f0000003380)}, {&(0x7f00000033c0)=""/23, 0x17}], 0x6, &(0x7f0000003480)=""/74, 0x4a}, 0x3}, {{&(0x7f0000003500)=@sco={0x1f, @none}, 0x80, &(0x7f0000003800)=[{&(0x7f0000003580)=""/232, 0xe8}, {&(0x7f0000003680)=""/100, 0x64}, {&(0x7f0000003700)=""/132, 0x84}, {&(0x7f00000037c0)=""/25, 0x19}], 0x4, &(0x7f0000003840)=""/181, 0xb5}}, {{&(0x7f0000003900)=@ethernet={0x0, @remote}, 0x80, &(0x7f0000003a40)=[{&(0x7f0000003980)=""/69, 0x45}, {0x0}], 0x2, &(0x7f0000003a80)=""/82, 0x52}}], 0x7, 0x100, &(0x7f0000003d00)={r12, r13+30000000}) getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000003380)={0x0, @local, @local}, &(0x7f0000000080)=0xc) bind$packet(0xffffffffffffffff, &(0x7f0000000140)={0x11, 0x0, r14, 0x1, 0x0, 0x6, @remote}, 0x14) r15 = syz_open_dev$usbmon(0x0, 0x0, 0x0) mmap(&(0x7f0000a05000/0x400000)=nil, 0x40031c, 0x0, 0x8012, r15, 0x0) ioctl$MON_IOCT_RING_SIZE(r15, 0x9204, 0xb0398) r16 = syz_open_dev$usbmon(&(0x7f00008be000)='/dev/usbmon#\x00', 0x0, 0x0) mmap(&(0x7f0000a05000/0x400000)=nil, 0x40031c, 0x0, 0x8012, r16, 0x0) ioctl$MON_IOCT_RING_SIZE(r16, 0x9204, 0xb0398) r17 = syz_open_dev$usbmon(&(0x7f00008be000)='/dev/usbmon#\x00', 0x0, 0x0) mmap(&(0x7f0000a05000/0x400000)=nil, 0x40031c, 0x0, 0x8012, r17, 0x0) ioctl$MON_IOCT_RING_SIZE(r17, 0x9204, 0x0) sendmsg$NL80211_CMD_GET_INTERFACE(0xffffffffffffffff, &(0x7f0000003dc0)={0x0, 0x0, &(0x7f0000003d80)={&(0x7f0000003e00)=ANY=[@ANYBLOB='4\x00', @ANYRES16=r7, @ANYPTR64=&(0x7f0000003d40)=ANY=[@ANYRES16, @ANYPTR=&(0x7f0000003ec0)=ANY=[@ANYPTR, @ANYRES16=0x0, @ANYBLOB="f463c91d140e4700b1044cb52d05b1790c0afab3c1c3c7662fd543a74c73a7cf4a255e23d7079ce58df612a2018e3b63a5e218336980494bf164250756f4d50174a66fbfb24753f82090b8c393da96db8186ab413db039e0c5bd76d858e3ff6c8c914e3f779a49828a0335d07af6747e25276e475d58c98681a946b5faabe2591b260e20dc185aa625c04cbb7d2be0f6ec2e63a7d2d77b963d67d0e4d9adb05df90d0a", @ANYRESHEX=r15, @ANYRES16=0x0, @ANYRES16=r16, @ANYRESOCT=r17, @ANYRES16]], @ANYRES32=r11, @ANYBLOB='\x00\x00\x00\x00', @ANYRES32, @ANYBLOB="080001000100000008002115ad3933c81810ce82a293111a788b83c50688f2245460c0204e27d20fe7dc385a94dc69f9d18709dc645fa66cc483e4d587bd7b0d195866141be7be78fb4a7d76f5a054d84c7dabcdb2611c153b56539e66a4de00000000000000", @ANYRES32=r14, @ANYBLOB], 0x9}, 0x1, 0x0, 0x0, 0x2000c881}, 0x1) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) request_key(&(0x7f0000000180)='dns_resolver\x00', &(0x7f00000001c0)={'syz', 0x0}, &(0x7f0000000340)='[\'eth1-#\x00', 0xffffffffffffffff) syz_mount_image$ext4(0x0, 0x0, 0x7, 0x1, &(0x7f00000007c0)=[{&(0x7f0000000680)="62f23e748cdfecc0d3bcb88248f9f8f8e8ba030000000000001dcdc6041c8d8a0957939950c15c7ac6360c7820e1d5957ba4167f17600b58767db91e29eb92a20f86dddfb0f8dda322d3ddeadba924051c7894f228f090746b1a55e851e7dcaae4d8411f6806d216b4f2e7eca231a30142ee9bb4bb5598a94336a99790d3b77dcda45483c1fb1194c56ddfddb587442754e6c815", 0xfffffd92, 0xb6}], 0x80000, 0x0) 03:19:52 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='sched\x00') r1 = syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0)='IPVS\x00') sendmsg$IPVS_CMD_FLUSH(r0, &(0x7f0000000500)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="00012bbd7000fcdbdf25114000ff06000f000400000008000900000001000800030004000000"], 0x38}, 0x1, 0x0, 0x0, 0x4000000}, 0x1) r2 = getpid() sched_setattr(r2, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r3 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r3, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r5, 0x407, 0x0) write(r5, &(0x7f0000000340), 0x41395527) vmsplice(r4, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x7e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r6 = open(&(0x7f0000000240)='./file0\x00', 0x880, 0x0) fchdir(r6) r7 = creat(&(0x7f0000000680)='./bus\x00', 0x0) ftruncate(r7, 0x800) lseek(r7, 0x0, 0x2) r8 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0) sendfile(r7, r8, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0x0) sendmsg$NL80211_CMD_START_SCHED_SCAN(0xffffffffffffffff, &(0x7f0000000440)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000400)={&(0x7f00000006c0)=ANY=[@ANYBLOB="6000000056f3257a4fcfe2f523d172e7d3ccf9f026b82608f14536009793803f9262155f95eda2f906e1adf01794d1dc50d9f94fa2755eb6a78e734497b5d45d20299029657b342cf5048b8df517b8262e43802b6f4fd08e4831281e6744113689ba928193e3524a7b5bb966519233661752defd54145cabdab0049aba08ea9b814907008c1d269b2644bfdc4b8dc013fb936339f53e", @ANYRES16=0x0, @ANYBLOB="007bb5bd7000ffdbdf254b0000000400ec000a000600bbbbbbbbbbbb00000800d20000000700000000eeaaa100000000006a00000008000000000000000800000001000000080000000800000008000000fa02038ea700000103e31f08a3aa2bc5ddfe963acf2808c9a935574177c8d8dc9a540181df1ed1e696607eb8de4875eb"], 0x60}, 0x1, 0x0, 0x0, 0x4080}, 0xa0) 03:19:52 executing program 2: r0 = signalfd4(0xffffffffffffffff, &(0x7f0000006000), 0x8, 0x0) r1 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f000001bff4)) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, r2, 0x0, 0x0) tkill(r2, 0x3c) ptrace$setregs(0xffffffffffffffff, r2, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r2, 0x0, 0x0) 03:19:53 executing program 4: ioctl$KDGKBENT(0xffffffffffffffff, 0x4b46, &(0x7f00000001c0)) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x1) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41be, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = open(&(0x7f0000000000)='./file0\x00', 0x62000, 0x60) sendmsg$AUDIT_TTY_GET(r0, &(0x7f0000000180)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x10, 0x3f8, 0x4, 0x70bd29, 0x25dfdbfe, "", ["", "", "", "", ""]}, 0x10}, 0x1, 0x0, 0x0, 0x8001}, 0x0) sendmsg$TIPC_NL_MEDIA_GET(0xffffffffffffffff, 0x0, 0x0) syz_read_part_table(0xffffffffffffffff, 0x1, &(0x7f0000000280)=[{&(0x7f0000000000), 0x0, 0x1c0}]) ioctl$PERF_EVENT_IOC_SET_OUTPUT(0xffffffffffffffff, 0x2405, 0xffffffffffffffff) [ 433.131862][ T27] audit: type=1804 audit(1583119193.131:167): pid=15507 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir486746795/syzkaller.S4NoXv/73/file0/bus" dev="loop1" ino=93 res=1 03:19:53 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x100000008d}, 0x0) r0 = getpid() pipe(&(0x7f0000000100)) sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(0xffffffffffffffff, &(0x7f00000003c0)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x400c0800}, 0xc, &(0x7f00000002c0)={&(0x7f00000004c0)=ANY=[@ANYBLOB="63d7a6c0e8b58acfbad7e08db3f404e33eb03fd624b7c0e773c42a908de50c08b3235443a19680f015c200b5b50b2dc165dc1f55b7309a38588fa9d14c2db962f9c96fdd84b21419068621ea599c409b50db907b47098c9b7382b4eddff637b96209b1"], 0x1}, 0x1, 0x0, 0x0, 0x40000}, 0x44894) sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) dup2(0xffffffffffffffff, 0xffffffffffffffff) r1 = gettid() ptrace$PTRACE_SECCOMP_GET_METADATA(0x420d, r1, 0x10, &(0x7f00000000c0)) r2 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) ioctl$KDGETLED(0xffffffffffffffff, 0x4b31, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) write(r4, &(0x7f0000000340), 0x41395527) open(&(0x7f000000fffa)='./bus\x00', 0x141042, 0x0) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) r5 = creat(&(0x7f0000000000)='./file0\x00', 0x100) ftruncate(r5, 0x3) r6 = openat(r5, &(0x7f0000000880)='./file0\x00', 0x6240c2, 0x10) r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000900)='nl80211\x00') r8 = socket$packet(0x11, 0x3, 0x300) r9 = socket(0x100000000011, 0x0, 0x0) bind(r9, 0x0, 0x0) getsockname$packet(r9, &(0x7f0000000040)={0x11, 0x0, 0x0}, &(0x7f00000001c0)=0x14) setsockopt$packet_add_memb(r8, 0x107, 0x1, &(0x7f0000000040)={r10, 0x1, 0x6, @local}, 0x10) sendmsg$NL80211_CMD_SET_MPATH(r6, &(0x7f0000000a00)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x10000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x10}, 0x4004) getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000000040)={0x0, @local, @local}, &(0x7f0000000080)=0xc) bind$packet(0xffffffffffffffff, &(0x7f0000000140)={0x11, 0x0, r11, 0x1, 0x0, 0x6, @remote}, 0x14) clock_gettime(0x0, &(0x7f0000003cc0)={0x0, 0x0}) recvmmsg(0xffffffffffffffff, &(0x7f0000003b00)=[{{&(0x7f0000000600)=@in={0x2, 0x0, @multicast1}, 0x80, &(0x7f0000000380)=[{&(0x7f0000000900)=""/177, 0xb1}], 0x1, &(0x7f00000009c0)=""/202, 0xca}, 0xcb4}, {{&(0x7f0000000740)=@can, 0x80, &(0x7f0000000400)=[{&(0x7f0000000ac0)=""/228, 0xe4}], 0x1, &(0x7f0000000480)=""/20, 0x14}, 0x800}, {{0x0, 0x0, &(0x7f0000000e80)=[{&(0x7f0000000c40)=""/116, 0x74}, {&(0x7f0000000cc0)=""/211, 0xd3}, {&(0x7f0000000dc0)=""/168, 0xa8}], 0x3}}, {{&(0x7f0000000f80)=@ipx, 0x80, &(0x7f0000001100)=[{0x0}], 0x1, &(0x7f0000001140)=""/132, 0x84}, 0x2}, {{&(0x7f0000001200)=@xdp, 0x80, &(0x7f0000003400)=[{&(0x7f0000001280)=""/4096, 0x1000}, {&(0x7f0000002280)=""/134, 0x86}, {&(0x7f0000002340)=""/4096, 0x1000}, {&(0x7f0000003340)=""/19, 0x13}, {&(0x7f0000003380)}, {&(0x7f00000033c0)=""/23, 0x17}], 0x6, &(0x7f0000003480)=""/74, 0x4a}, 0x3}, {{&(0x7f0000003500)=@sco={0x1f, @none}, 0x80, &(0x7f0000003800)=[{&(0x7f0000003580)=""/232, 0xe8}, {&(0x7f0000003680)=""/100, 0x64}, {&(0x7f0000003700)=""/132, 0x84}, {&(0x7f00000037c0)=""/25, 0x19}], 0x4, &(0x7f0000003840)=""/181, 0xb5}}, {{&(0x7f0000003900)=@ethernet={0x0, @remote}, 0x80, &(0x7f0000003a40)=[{&(0x7f0000003980)=""/69, 0x45}, {0x0}], 0x2, &(0x7f0000003a80)=""/82, 0x52}}], 0x7, 0x100, &(0x7f0000003d00)={r12, r13+30000000}) getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000003380)={0x0, @local, @local}, &(0x7f0000000080)=0xc) bind$packet(0xffffffffffffffff, &(0x7f0000000140)={0x11, 0x0, r14, 0x1, 0x0, 0x6, @remote}, 0x14) r15 = syz_open_dev$usbmon(0x0, 0x0, 0x0) mmap(&(0x7f0000a05000/0x400000)=nil, 0x40031c, 0x0, 0x8012, r15, 0x0) ioctl$MON_IOCT_RING_SIZE(r15, 0x9204, 0xb0398) r16 = syz_open_dev$usbmon(&(0x7f00008be000)='/dev/usbmon#\x00', 0x0, 0x0) mmap(&(0x7f0000a05000/0x400000)=nil, 0x40031c, 0x0, 0x8012, r16, 0x0) ioctl$MON_IOCT_RING_SIZE(r16, 0x9204, 0xb0398) r17 = syz_open_dev$usbmon(&(0x7f00008be000)='/dev/usbmon#\x00', 0x0, 0x0) mmap(&(0x7f0000a05000/0x400000)=nil, 0x40031c, 0x0, 0x8012, r17, 0x0) ioctl$MON_IOCT_RING_SIZE(r17, 0x9204, 0x0) sendmsg$NL80211_CMD_GET_INTERFACE(0xffffffffffffffff, &(0x7f0000003dc0)={0x0, 0x0, &(0x7f0000003d80)={&(0x7f0000003e00)=ANY=[@ANYBLOB='4\x00', @ANYRES16=r7, @ANYPTR64=&(0x7f0000003d40)=ANY=[@ANYRES16, @ANYPTR=&(0x7f0000003ec0)=ANY=[@ANYPTR, @ANYRES16=0x0, @ANYBLOB="f463c91d140e4700b1044cb52d05b1790c0afab3c1c3c7662fd543a74c73a7cf4a255e23d7079ce58df612a2018e3b63a5e218336980494bf164250756f4d50174a66fbfb24753f82090b8c393da96db8186ab413db039e0c5bd76d858e3ff6c8c914e3f779a49828a0335d07af6747e25276e475d58c98681a946b5faabe2591b260e20dc185aa625c04cbb7d2be0f6ec2e63a7d2d77b963d67d0e4d9adb05df90d0a", @ANYRESHEX=r15, @ANYRES16=0x0, @ANYRES16=r16, @ANYRESOCT=r17, @ANYRES16]], @ANYRES32=r11, @ANYBLOB='\x00\x00\x00\x00', @ANYRES32, @ANYBLOB="080001000100000008002115ad3933c81810ce82a293111a788b83c50688f2245460c0204e27d20fe7dc385a94dc69f9d18709dc645fa66cc483e4d587bd7b0d195866141be7be78fb4a7d76f5a054d84c7dabcdb2611c153b56539e66a4de00000000000000", @ANYRES32=r14, @ANYBLOB], 0x9}, 0x1, 0x0, 0x0, 0x2000c881}, 0x1) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) request_key(&(0x7f0000000180)='dns_resolver\x00', &(0x7f00000001c0)={'syz', 0x0}, &(0x7f0000000340)='[\'eth1-#\x00', 0xffffffffffffffff) syz_mount_image$ext4(0x0, 0x0, 0x7, 0x1, &(0x7f00000007c0)=[{&(0x7f0000000680)="62f23e748cdfecc0d3bcb88248f9f8f8e8ba030000000000001dcdc6041c8d8a0957939950c15c7ac6360c7820e1d5957ba4167f17600b58767db91e29eb92a20f86dddfb0f8dda322d3ddeadba924051c7894f228f090746b1a55e851e7dcaae4d8411f6806d216b4f2e7eca231a30142ee9bb4bb5598a94336a99790d3b77dcda45483c1fb1194c56ddfddb587442754e6c815", 0xfffffd92, 0xb6}], 0x80000, 0x0) 03:19:53 executing program 5: openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) openat$vcs(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/vcs\x00', 0x440400, 0x0) ioctl$sock_netdev_private(0xffffffffffffffff, 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r0, 0xae80, 0x0) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) pipe(0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) close(r1) socket$inet(0x10, 0x0, 0x0) write(0xffffffffffffffff, 0x0, 0x0) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) mkdir(&(0x7f0000000500)='./file1\x00', 0x0) write$binfmt_elf64(r2, &(0x7f0000000080)=ANY=[], 0xce024b8b) link(&(0x7f0000000240)='./file0\x00', &(0x7f0000000000)='./file1/file0\x00') rmdir(&(0x7f0000000140)='./file1\x00') utimes(&(0x7f00000000c0)='./file1\x00', 0x0) write$binfmt_misc(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0xfffffecc) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$KVM_NMI(r0, 0xae9a) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) [ 433.411681][ T27] audit: type=1804 audit(1583119193.201:168): pid=15574 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir486746795/syzkaller.S4NoXv/73/file0/bus" dev="loop1" ino=93 res=1 03:19:53 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) preadv(0xffffffffffffffff, &(0x7f0000000380)=[{&(0x7f0000000240)=""/123, 0xfffffe65}], 0x1, 0x1000000) r0 = syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0)='IPVS\x00') sendmsg$IPVS_CMD_FLUSH(0xffffffffffffffff, &(0x7f0000000500)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r0, @ANYBLOB="00012bbd7000fcdbdf25114000ff06000f000400000008000900000001000800030004000000"], 0x38}, 0x1, 0x0, 0x0, 0x4000000}, 0x1) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x7e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r5 = open(&(0x7f0000000240)='./file0\x00', 0x880, 0x0) fchdir(r5) r6 = creat(&(0x7f0000000680)='./bus\x00', 0x0) ftruncate(r6, 0x800) lseek(r6, 0x0, 0x2) r7 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0) sendfile(r6, r7, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0x0) sendmsg$NL80211_CMD_START_SCHED_SCAN(0xffffffffffffffff, &(0x7f0000000440)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000400)={&(0x7f00000006c0)=ANY=[@ANYBLOB="6000000056f3257a4fcfe2f523d172e7d3ccf9f026b82608f14536009793803f9262155f95eda2f906e1adf01794d1dc50d9f94fa2755eb6a78e734497b5d45d20299029657b342cf5048b8df517b8262e43802b6f4fd08e4831281e6744113689ba928193e3524a7b5bb966519233661752defd54145cabdab0049aba08ea9b814907008c1d269b2644bfdc4b8dc013fb936339f53e", @ANYRES16=0x0, @ANYBLOB="007bb5bd7000ffdbdf254b0000000400ec000a000600bbbbbbbbbbbb00000800d20000000700000000eeaaa100000000006a00000008000000000000000800000001000000080000000800000008000000fa02038ea700000103e31f08a3aa2bc5ddfe963acf2808c9a935574177c8d8dc9a540181df1ed1e696607eb8de4875eb"], 0x60}, 0x1, 0x0, 0x0, 0x4080}, 0xa0) [ 433.871413][ T7954] attempt to access beyond end of device [ 433.884066][ T7954] loop1: rw=1, want=3981, limit=63 [ 433.904601][ T7954] attempt to access beyond end of device [ 433.913527][ T7954] loop1: rw=1, want=6869, limit=63 03:19:53 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x100000008d}, 0x0) r0 = getpid() pipe(&(0x7f0000000100)) sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(0xffffffffffffffff, &(0x7f00000003c0)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x400c0800}, 0xc, &(0x7f00000002c0)={&(0x7f00000004c0)=ANY=[@ANYBLOB="63d7a6c0e8b58acfbad7e08db3f404e33eb03fd624b7c0e773c42a908de50c08b3235443a19680f015c200b5b50b2dc165dc1f55b7309a38588fa9d14c2db962f9c96fdd84b21419068621ea599c409b50db907b47098c9b7382b4eddff637b96209b1"], 0x1}, 0x1, 0x0, 0x0, 0x40000}, 0x44894) sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) dup2(0xffffffffffffffff, 0xffffffffffffffff) r1 = gettid() ptrace$PTRACE_SECCOMP_GET_METADATA(0x420d, r1, 0x10, &(0x7f00000000c0)) r2 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) ioctl$KDGETLED(0xffffffffffffffff, 0x4b31, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) write(r4, &(0x7f0000000340), 0x41395527) open(&(0x7f000000fffa)='./bus\x00', 0x141042, 0x0) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) r5 = creat(&(0x7f0000000000)='./file0\x00', 0x100) ftruncate(r5, 0x3) r6 = openat(r5, &(0x7f0000000880)='./file0\x00', 0x6240c2, 0x10) r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000900)='nl80211\x00') r8 = socket$packet(0x11, 0x3, 0x300) r9 = socket(0x100000000011, 0x0, 0x0) bind(r9, 0x0, 0x0) getsockname$packet(r9, &(0x7f0000000040)={0x11, 0x0, 0x0}, &(0x7f00000001c0)=0x14) setsockopt$packet_add_memb(r8, 0x107, 0x1, &(0x7f0000000040)={r10, 0x1, 0x6, @local}, 0x10) sendmsg$NL80211_CMD_SET_MPATH(r6, &(0x7f0000000a00)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x10000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x10}, 0x4004) getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000000040)={0x0, @local, @local}, &(0x7f0000000080)=0xc) bind$packet(0xffffffffffffffff, &(0x7f0000000140)={0x11, 0x0, r11, 0x1, 0x0, 0x6, @remote}, 0x14) clock_gettime(0x0, &(0x7f0000003cc0)={0x0, 0x0}) recvmmsg(0xffffffffffffffff, &(0x7f0000003b00)=[{{&(0x7f0000000600)=@in={0x2, 0x0, @multicast1}, 0x80, &(0x7f0000000380)=[{&(0x7f0000000900)=""/177, 0xb1}], 0x1, &(0x7f00000009c0)=""/202, 0xca}, 0xcb4}, {{&(0x7f0000000740)=@can, 0x80, &(0x7f0000000400)=[{&(0x7f0000000ac0)=""/228, 0xe4}], 0x1, &(0x7f0000000480)=""/20, 0x14}, 0x800}, {{0x0, 0x0, &(0x7f0000000e80)=[{&(0x7f0000000c40)=""/116, 0x74}, {&(0x7f0000000cc0)=""/211, 0xd3}, {&(0x7f0000000dc0)=""/168, 0xa8}], 0x3}}, {{&(0x7f0000000f80)=@ipx, 0x80, &(0x7f0000001100)=[{0x0}], 0x1, &(0x7f0000001140)=""/132, 0x84}, 0x2}, {{&(0x7f0000001200)=@xdp, 0x80, &(0x7f0000003400)=[{&(0x7f0000001280)=""/4096, 0x1000}, {&(0x7f0000002280)=""/134, 0x86}, {&(0x7f0000002340)=""/4096, 0x1000}, {&(0x7f0000003340)=""/19, 0x13}, {&(0x7f0000003380)}, {&(0x7f00000033c0)=""/23, 0x17}], 0x6, &(0x7f0000003480)=""/74, 0x4a}, 0x3}, {{&(0x7f0000003500)=@sco={0x1f, @none}, 0x80, &(0x7f0000003800)=[{&(0x7f0000003580)=""/232, 0xe8}, {&(0x7f0000003680)=""/100, 0x64}, {&(0x7f0000003700)=""/132, 0x84}, {&(0x7f00000037c0)=""/25, 0x19}], 0x4, &(0x7f0000003840)=""/181, 0xb5}}, {{&(0x7f0000003900)=@ethernet={0x0, @remote}, 0x80, &(0x7f0000003a40)=[{&(0x7f0000003980)=""/69, 0x45}, {0x0}], 0x2, &(0x7f0000003a80)=""/82, 0x52}}], 0x7, 0x100, &(0x7f0000003d00)={r12, r13+30000000}) getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000003380)={0x0, @local, @local}, &(0x7f0000000080)=0xc) bind$packet(0xffffffffffffffff, &(0x7f0000000140)={0x11, 0x0, r14, 0x1, 0x0, 0x6, @remote}, 0x14) r15 = syz_open_dev$usbmon(0x0, 0x0, 0x0) mmap(&(0x7f0000a05000/0x400000)=nil, 0x40031c, 0x0, 0x8012, r15, 0x0) ioctl$MON_IOCT_RING_SIZE(r15, 0x9204, 0xb0398) r16 = syz_open_dev$usbmon(&(0x7f00008be000)='/dev/usbmon#\x00', 0x0, 0x0) mmap(&(0x7f0000a05000/0x400000)=nil, 0x40031c, 0x0, 0x8012, r16, 0x0) ioctl$MON_IOCT_RING_SIZE(r16, 0x9204, 0xb0398) r17 = syz_open_dev$usbmon(&(0x7f00008be000)='/dev/usbmon#\x00', 0x0, 0x0) mmap(&(0x7f0000a05000/0x400000)=nil, 0x40031c, 0x0, 0x8012, r17, 0x0) ioctl$MON_IOCT_RING_SIZE(r17, 0x9204, 0x0) sendmsg$NL80211_CMD_GET_INTERFACE(0xffffffffffffffff, &(0x7f0000003dc0)={0x0, 0x0, &(0x7f0000003d80)={&(0x7f0000003e00)=ANY=[@ANYBLOB='4\x00', @ANYRES16=r7, @ANYPTR64=&(0x7f0000003d40)=ANY=[@ANYRES16, @ANYPTR=&(0x7f0000003ec0)=ANY=[@ANYPTR, @ANYRES16=0x0, @ANYBLOB="f463c91d140e4700b1044cb52d05b1790c0afab3c1c3c7662fd543a74c73a7cf4a255e23d7079ce58df612a2018e3b63a5e218336980494bf164250756f4d50174a66fbfb24753f82090b8c393da96db8186ab413db039e0c5bd76d858e3ff6c8c914e3f779a49828a0335d07af6747e25276e475d58c98681a946b5faabe2591b260e20dc185aa625c04cbb7d2be0f6ec2e63a7d2d77b963d67d0e4d9adb05df90d0a", @ANYRESHEX=r15, @ANYRES16=0x0, @ANYRES16=r16, @ANYRESOCT=r17, @ANYRES16]], @ANYRES32=r11, @ANYBLOB='\x00\x00\x00\x00', @ANYRES32, @ANYBLOB="080001000100000008002115ad3933c81810ce82a293111a788b83c50688f2245460c0204e27d20fe7dc385a94dc69f9d18709dc645fa66cc483e4d587bd7b0d195866141be7be78fb4a7d76f5a054d84c7dabcdb2611c153b56539e66a4de00000000000000", @ANYRES32=r14, @ANYBLOB], 0x9}, 0x1, 0x0, 0x0, 0x2000c881}, 0x1) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) request_key(&(0x7f0000000180)='dns_resolver\x00', &(0x7f00000001c0)={'syz', 0x0}, &(0x7f0000000340)='[\'eth1-#\x00', 0xffffffffffffffff) syz_mount_image$ext4(0x0, 0x0, 0x7, 0x1, &(0x7f00000007c0)=[{&(0x7f0000000680)="62f23e748cdfecc0d3bcb88248f9f8f8e8ba030000000000001dcdc6041c8d8a0957939950c15c7ac6360c7820e1d5957ba4167f17600b58767db91e29eb92a20f86dddfb0f8dda322d3ddeadba924051c7894f228f090746b1a55e851e7dcaae4d8411f6806d216b4f2e7eca231a30142ee9bb4bb5598a94336a99790d3b77dcda45483c1fb1194c56ddfddb587442754e6c815", 0xfffffd92, 0xb6}], 0x80000, 0x0) [ 433.946882][ T7954] attempt to access beyond end of device [ 433.963651][ T7954] loop1: rw=1, want=9277, limit=63 [ 433.991713][ T7954] attempt to access beyond end of device [ 434.004069][ T7954] loop1: rw=1, want=11325, limit=63 03:19:54 executing program 5: openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) openat$vcs(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/vcs\x00', 0x440400, 0x0) ioctl$sock_netdev_private(0xffffffffffffffff, 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r0, 0xae80, 0x0) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) pipe(0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) close(r1) socket$inet(0x10, 0x0, 0x0) write(0xffffffffffffffff, 0x0, 0x0) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) mkdir(&(0x7f0000000500)='./file1\x00', 0x0) write$binfmt_elf64(r2, &(0x7f0000000080)=ANY=[], 0xce024b8b) link(&(0x7f0000000240)='./file0\x00', &(0x7f0000000000)='./file1/file0\x00') rmdir(&(0x7f0000000140)='./file1\x00') utimes(&(0x7f00000000c0)='./file1\x00', 0x0) write$binfmt_misc(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0xfffffecc) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$KVM_NMI(r0, 0xae9a) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) [ 434.038076][ T7954] attempt to access beyond end of device [ 434.056070][ T7954] loop1: rw=1, want=13373, limit=63 [ 434.097024][ T7954] attempt to access beyond end of device [ 434.112711][ T7954] loop1: rw=1, want=15421, limit=63 [ 434.148225][ T7954] attempt to access beyond end of device [ 434.159517][ T7954] loop1: rw=1, want=17469, limit=63 [ 434.189211][ T7954] attempt to access beyond end of device [ 434.196465][ T7954] loop1: rw=1, want=19517, limit=63 [ 434.221772][ T7954] attempt to access beyond end of device [ 434.236420][ T7954] loop1: rw=1, want=23613, limit=63 [ 434.259202][ T7954] attempt to access beyond end of device [ 434.264881][ T7954] loop1: rw=1, want=26509, limit=63 [ 434.539034][ T27] audit: type=1804 audit(1583119194.541:169): pid=15837 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir486746795/syzkaller.S4NoXv/74/file0/bus" dev="loop1" ino=94 res=1 [ 434.621299][ T27] audit: type=1804 audit(1583119194.611:170): pid=15840 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir486746795/syzkaller.S4NoXv/74/file0/bus" dev="loop1" ino=94 res=1 [ 435.291075][ T7972] attempt to access beyond end of device [ 435.297918][ T7972] loop1: rw=1, want=4541, limit=63 [ 435.307567][ T7972] attempt to access beyond end of device [ 435.313242][ T7972] loop1: rw=1, want=6589, limit=63 [ 435.323763][ T7972] attempt to access beyond end of device [ 435.329459][ T7972] loop1: rw=1, want=8637, limit=63 [ 435.340046][ T7972] attempt to access beyond end of device [ 435.345720][ T7972] loop1: rw=1, want=10685, limit=63 [ 435.354963][ T7972] attempt to access beyond end of device [ 435.360667][ T7972] loop1: rw=1, want=12733, limit=63 [ 435.371459][ T7972] attempt to access beyond end of device [ 435.377152][ T7972] loop1: rw=1, want=14789, limit=63 [ 435.387343][ T7972] attempt to access beyond end of device [ 435.393005][ T7972] loop1: rw=1, want=16837, limit=63 [ 435.402213][ T7972] attempt to access beyond end of device [ 435.407947][ T7972] loop1: rw=1, want=18885, limit=63 [ 435.418267][ T7972] attempt to access beyond end of device [ 435.423912][ T7972] loop1: rw=1, want=21501, limit=63 [ 435.437906][ T7972] attempt to access beyond end of device [ 435.443730][ T7972] loop1: rw=1, want=25613, limit=63 [ 435.458010][ T7972] attempt to access beyond end of device [ 435.463778][ T7972] loop1: rw=1, want=29741, limit=63 [ 435.472298][ T7972] attempt to access beyond end of device [ 435.477967][ T7972] loop1: rw=1, want=30249, limit=63 03:19:56 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000200)="6653070002053c27bc337600363925d86800278dcff47d010000805acf4f8f36460234432479aed75d492b415bcee00a06dc9d8e99adaf81dcfc6afd983f79e65199615607676f8f9fc0ebf8b0b16d6f2c59957ab364884b3c5d05692e664ebf68e6faa5", 0x64}], 0x4, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ptrace$cont(0x7, r0, 0x0, 0x0) 03:19:56 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x100000008d}, 0x0) r0 = getpid() pipe(&(0x7f0000000100)) sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(0xffffffffffffffff, &(0x7f00000003c0)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x400c0800}, 0xc, &(0x7f00000002c0)={&(0x7f00000004c0)=ANY=[@ANYBLOB="63d7a6c0e8b58acfbad7e08db3f404e33eb03fd624b7c0e773c42a908de50c08b3235443a19680f015c200b5b50b2dc165dc1f55b7309a38588fa9d14c2db962f9c96fdd84b21419068621ea599c409b50db907b47098c9b7382b4eddff637b96209b1"], 0x1}, 0x1, 0x0, 0x0, 0x40000}, 0x44894) sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) dup2(0xffffffffffffffff, 0xffffffffffffffff) r1 = gettid() ptrace$PTRACE_SECCOMP_GET_METADATA(0x420d, r1, 0x10, &(0x7f00000000c0)) r2 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) ioctl$KDGETLED(0xffffffffffffffff, 0x4b31, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) write(r4, &(0x7f0000000340), 0x41395527) open(&(0x7f000000fffa)='./bus\x00', 0x141042, 0x0) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) r5 = creat(&(0x7f0000000000)='./file0\x00', 0x100) ftruncate(r5, 0x3) r6 = openat(r5, &(0x7f0000000880)='./file0\x00', 0x6240c2, 0x10) r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000900)='nl80211\x00') r8 = socket$packet(0x11, 0x3, 0x300) r9 = socket(0x100000000011, 0x0, 0x0) bind(r9, 0x0, 0x0) getsockname$packet(r9, &(0x7f0000000040)={0x11, 0x0, 0x0}, &(0x7f00000001c0)=0x14) setsockopt$packet_add_memb(r8, 0x107, 0x1, &(0x7f0000000040)={r10, 0x1, 0x6, @local}, 0x10) sendmsg$NL80211_CMD_SET_MPATH(r6, &(0x7f0000000a00)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x10000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x10}, 0x4004) getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000000040)={0x0, @local, @local}, &(0x7f0000000080)=0xc) bind$packet(0xffffffffffffffff, &(0x7f0000000140)={0x11, 0x0, r11, 0x1, 0x0, 0x6, @remote}, 0x14) clock_gettime(0x0, &(0x7f0000003cc0)={0x0, 0x0}) recvmmsg(0xffffffffffffffff, &(0x7f0000003b00)=[{{&(0x7f0000000600)=@in={0x2, 0x0, @multicast1}, 0x80, &(0x7f0000000380)=[{&(0x7f0000000900)=""/177, 0xb1}], 0x1, &(0x7f00000009c0)=""/202, 0xca}, 0xcb4}, {{&(0x7f0000000740)=@can, 0x80, &(0x7f0000000400)=[{&(0x7f0000000ac0)=""/228, 0xe4}], 0x1, &(0x7f0000000480)=""/20, 0x14}, 0x800}, {{0x0, 0x0, &(0x7f0000000e80)=[{&(0x7f0000000c40)=""/116, 0x74}, {&(0x7f0000000cc0)=""/211, 0xd3}, {&(0x7f0000000dc0)=""/168, 0xa8}], 0x3}}, {{&(0x7f0000000f80)=@ipx, 0x80, &(0x7f0000001100)=[{0x0}], 0x1, &(0x7f0000001140)=""/132, 0x84}, 0x2}, {{&(0x7f0000001200)=@xdp, 0x80, &(0x7f0000003400)=[{&(0x7f0000001280)=""/4096, 0x1000}, {&(0x7f0000002280)=""/134, 0x86}, {&(0x7f0000002340)=""/4096, 0x1000}, {&(0x7f0000003340)=""/19, 0x13}, {&(0x7f0000003380)}, {&(0x7f00000033c0)=""/23, 0x17}], 0x6, &(0x7f0000003480)=""/74, 0x4a}, 0x3}, {{&(0x7f0000003500)=@sco={0x1f, @none}, 0x80, &(0x7f0000003800)=[{&(0x7f0000003580)=""/232, 0xe8}, {&(0x7f0000003680)=""/100, 0x64}, {&(0x7f0000003700)=""/132, 0x84}, {&(0x7f00000037c0)=""/25, 0x19}], 0x4, &(0x7f0000003840)=""/181, 0xb5}}, {{&(0x7f0000003900)=@ethernet={0x0, @remote}, 0x80, &(0x7f0000003a40)=[{&(0x7f0000003980)=""/69, 0x45}, {0x0}], 0x2, &(0x7f0000003a80)=""/82, 0x52}}], 0x7, 0x100, &(0x7f0000003d00)={r12, r13+30000000}) getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000003380)={0x0, @local, @local}, &(0x7f0000000080)=0xc) bind$packet(0xffffffffffffffff, &(0x7f0000000140)={0x11, 0x0, r14, 0x1, 0x0, 0x6, @remote}, 0x14) r15 = syz_open_dev$usbmon(0x0, 0x0, 0x0) mmap(&(0x7f0000a05000/0x400000)=nil, 0x40031c, 0x0, 0x8012, r15, 0x0) ioctl$MON_IOCT_RING_SIZE(r15, 0x9204, 0xb0398) r16 = syz_open_dev$usbmon(&(0x7f00008be000)='/dev/usbmon#\x00', 0x0, 0x0) mmap(&(0x7f0000a05000/0x400000)=nil, 0x40031c, 0x0, 0x8012, r16, 0x0) ioctl$MON_IOCT_RING_SIZE(r16, 0x9204, 0xb0398) r17 = syz_open_dev$usbmon(&(0x7f00008be000)='/dev/usbmon#\x00', 0x0, 0x0) mmap(&(0x7f0000a05000/0x400000)=nil, 0x40031c, 0x0, 0x8012, r17, 0x0) ioctl$MON_IOCT_RING_SIZE(r17, 0x9204, 0x0) sendmsg$NL80211_CMD_GET_INTERFACE(0xffffffffffffffff, &(0x7f0000003dc0)={0x0, 0x0, &(0x7f0000003d80)={&(0x7f0000003e00)=ANY=[@ANYBLOB='4\x00', @ANYRES16=r7, @ANYPTR64=&(0x7f0000003d40)=ANY=[@ANYRES16, @ANYPTR=&(0x7f0000003ec0)=ANY=[@ANYPTR, @ANYRES16=0x0, @ANYBLOB="f463c91d140e4700b1044cb52d05b1790c0afab3c1c3c7662fd543a74c73a7cf4a255e23d7079ce58df612a2018e3b63a5e218336980494bf164250756f4d50174a66fbfb24753f82090b8c393da96db8186ab413db039e0c5bd76d858e3ff6c8c914e3f779a49828a0335d07af6747e25276e475d58c98681a946b5faabe2591b260e20dc185aa625c04cbb7d2be0f6ec2e63a7d2d77b963d67d0e4d9adb05df90d0a", @ANYRESHEX=r15, @ANYRES16=0x0, @ANYRES16=r16, @ANYRESOCT=r17, @ANYRES16]], @ANYRES32=r11, @ANYBLOB='\x00\x00\x00\x00', @ANYRES32, @ANYBLOB="080001000100000008002115ad3933c81810ce82a293111a788b83c50688f2245460c0204e27d20fe7dc385a94dc69f9d18709dc645fa66cc483e4d587bd7b0d195866141be7be78fb4a7d76f5a054d84c7dabcdb2611c153b56539e66a4de00000000000000", @ANYRES32=r14, @ANYBLOB], 0x9}, 0x1, 0x0, 0x0, 0x2000c881}, 0x1) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) request_key(&(0x7f0000000180)='dns_resolver\x00', &(0x7f00000001c0)={'syz', 0x0}, &(0x7f0000000340)='[\'eth1-#\x00', 0xffffffffffffffff) syz_mount_image$ext4(0x0, 0x0, 0x7, 0x1, &(0x7f00000007c0)=[{&(0x7f0000000680)="62f23e748cdfecc0d3bcb88248f9f8f8e8ba030000000000001dcdc6041c8d8a0957939950c15c7ac6360c7820e1d5957ba4167f17600b58767db91e29eb92a20f86dddfb0f8dda322d3ddeadba924051c7894f228f090746b1a55e851e7dcaae4d8411f6806d216b4f2e7eca231a30142ee9bb4bb5598a94336a99790d3b77dcda45483c1fb1194c56ddfddb587442754e6c815", 0xfffffd92, 0xb6}], 0x80000, 0x0) 03:19:56 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x100000008d}, 0x0) r0 = getpid() pipe(&(0x7f0000000100)) sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(0xffffffffffffffff, &(0x7f00000003c0)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x400c0800}, 0xc, &(0x7f00000002c0)={&(0x7f00000004c0)=ANY=[@ANYBLOB="63d7a6c0e8b58acfbad7e08db3f404e33eb03fd624b7c0e773c42a908de50c08b3235443a19680f015c200b5b50b2dc165dc1f55b7309a38588fa9d14c2db962f9c96fdd84b21419068621ea599c409b50db907b47098c9b7382b4eddff637b96209b1"], 0x1}, 0x1, 0x0, 0x0, 0x40000}, 0x44894) sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) dup2(0xffffffffffffffff, 0xffffffffffffffff) r1 = gettid() ptrace$PTRACE_SECCOMP_GET_METADATA(0x420d, r1, 0x10, &(0x7f00000000c0)) r2 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) ioctl$KDGETLED(0xffffffffffffffff, 0x4b31, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) write(r4, &(0x7f0000000340), 0x41395527) open(&(0x7f000000fffa)='./bus\x00', 0x141042, 0x0) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) r5 = creat(&(0x7f0000000000)='./file0\x00', 0x100) ftruncate(r5, 0x3) r6 = openat(r5, &(0x7f0000000880)='./file0\x00', 0x6240c2, 0x10) r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000900)='nl80211\x00') r8 = socket$packet(0x11, 0x3, 0x300) r9 = socket(0x100000000011, 0x0, 0x0) bind(r9, 0x0, 0x0) getsockname$packet(r9, &(0x7f0000000040)={0x11, 0x0, 0x0}, &(0x7f00000001c0)=0x14) setsockopt$packet_add_memb(r8, 0x107, 0x1, &(0x7f0000000040)={r10, 0x1, 0x6, @local}, 0x10) sendmsg$NL80211_CMD_SET_MPATH(r6, &(0x7f0000000a00)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x10000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x10}, 0x4004) getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000000040)={0x0, @local, @local}, &(0x7f0000000080)=0xc) bind$packet(0xffffffffffffffff, &(0x7f0000000140)={0x11, 0x0, r11, 0x1, 0x0, 0x6, @remote}, 0x14) clock_gettime(0x0, &(0x7f0000003cc0)={0x0, 0x0}) recvmmsg(0xffffffffffffffff, &(0x7f0000003b00)=[{{&(0x7f0000000600)=@in={0x2, 0x0, @multicast1}, 0x80, &(0x7f0000000380)=[{&(0x7f0000000900)=""/177, 0xb1}], 0x1, &(0x7f00000009c0)=""/202, 0xca}, 0xcb4}, {{&(0x7f0000000740)=@can, 0x80, &(0x7f0000000400)=[{&(0x7f0000000ac0)=""/228, 0xe4}], 0x1, &(0x7f0000000480)=""/20, 0x14}, 0x800}, {{0x0, 0x0, &(0x7f0000000e80)=[{&(0x7f0000000c40)=""/116, 0x74}, {&(0x7f0000000cc0)=""/211, 0xd3}, {&(0x7f0000000dc0)=""/168, 0xa8}], 0x3}}, {{&(0x7f0000000f80)=@ipx, 0x80, &(0x7f0000001100)=[{0x0}], 0x1, &(0x7f0000001140)=""/132, 0x84}, 0x2}, {{&(0x7f0000001200)=@xdp, 0x80, &(0x7f0000003400)=[{&(0x7f0000001280)=""/4096, 0x1000}, {&(0x7f0000002280)=""/134, 0x86}, {&(0x7f0000002340)=""/4096, 0x1000}, {&(0x7f0000003340)=""/19, 0x13}, {&(0x7f0000003380)}, {&(0x7f00000033c0)=""/23, 0x17}], 0x6, &(0x7f0000003480)=""/74, 0x4a}, 0x3}, {{&(0x7f0000003500)=@sco={0x1f, @none}, 0x80, &(0x7f0000003800)=[{&(0x7f0000003580)=""/232, 0xe8}, {&(0x7f0000003680)=""/100, 0x64}, {&(0x7f0000003700)=""/132, 0x84}, {&(0x7f00000037c0)=""/25, 0x19}], 0x4, &(0x7f0000003840)=""/181, 0xb5}}, {{&(0x7f0000003900)=@ethernet={0x0, @remote}, 0x80, &(0x7f0000003a40)=[{&(0x7f0000003980)=""/69, 0x45}, {0x0}], 0x2, &(0x7f0000003a80)=""/82, 0x52}}], 0x7, 0x100, &(0x7f0000003d00)={r12, r13+30000000}) getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000003380)={0x0, @local, @local}, &(0x7f0000000080)=0xc) bind$packet(0xffffffffffffffff, &(0x7f0000000140)={0x11, 0x0, r14, 0x1, 0x0, 0x6, @remote}, 0x14) r15 = syz_open_dev$usbmon(0x0, 0x0, 0x0) mmap(&(0x7f0000a05000/0x400000)=nil, 0x40031c, 0x0, 0x8012, r15, 0x0) ioctl$MON_IOCT_RING_SIZE(r15, 0x9204, 0xb0398) r16 = syz_open_dev$usbmon(&(0x7f00008be000)='/dev/usbmon#\x00', 0x0, 0x0) mmap(&(0x7f0000a05000/0x400000)=nil, 0x40031c, 0x0, 0x8012, r16, 0x0) ioctl$MON_IOCT_RING_SIZE(r16, 0x9204, 0xb0398) r17 = syz_open_dev$usbmon(&(0x7f00008be000)='/dev/usbmon#\x00', 0x0, 0x0) mmap(&(0x7f0000a05000/0x400000)=nil, 0x40031c, 0x0, 0x8012, r17, 0x0) ioctl$MON_IOCT_RING_SIZE(r17, 0x9204, 0x0) sendmsg$NL80211_CMD_GET_INTERFACE(0xffffffffffffffff, &(0x7f0000003dc0)={0x0, 0x0, &(0x7f0000003d80)={&(0x7f0000003e00)=ANY=[@ANYBLOB='4\x00', @ANYRES16=r7, @ANYPTR64=&(0x7f0000003d40)=ANY=[@ANYRES16, @ANYPTR=&(0x7f0000003ec0)=ANY=[@ANYPTR, @ANYRES16=0x0, @ANYBLOB="f463c91d140e4700b1044cb52d05b1790c0afab3c1c3c7662fd543a74c73a7cf4a255e23d7079ce58df612a2018e3b63a5e218336980494bf164250756f4d50174a66fbfb24753f82090b8c393da96db8186ab413db039e0c5bd76d858e3ff6c8c914e3f779a49828a0335d07af6747e25276e475d58c98681a946b5faabe2591b260e20dc185aa625c04cbb7d2be0f6ec2e63a7d2d77b963d67d0e4d9adb05df90d0a", @ANYRESHEX=r15, @ANYRES16=0x0, @ANYRES16=r16, @ANYRESOCT=r17, @ANYRES16]], @ANYRES32=r11, @ANYBLOB='\x00\x00\x00\x00', @ANYRES32, @ANYBLOB="080001000100000008002115ad3933c81810ce82a293111a788b83c50688f2245460c0204e27d20fe7dc385a94dc69f9d18709dc645fa66cc483e4d587bd7b0d195866141be7be78fb4a7d76f5a054d84c7dabcdb2611c153b56539e66a4de00000000000000", @ANYRES32=r14, @ANYBLOB], 0x9}, 0x1, 0x0, 0x0, 0x2000c881}, 0x1) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) request_key(&(0x7f0000000180)='dns_resolver\x00', &(0x7f00000001c0)={'syz', 0x0}, &(0x7f0000000340)='[\'eth1-#\x00', 0xffffffffffffffff) syz_mount_image$ext4(0x0, 0x0, 0x7, 0x1, &(0x7f00000007c0)=[{&(0x7f0000000680)="62f23e748cdfecc0d3bcb88248f9f8f8e8ba030000000000001dcdc6041c8d8a0957939950c15c7ac6360c7820e1d5957ba4167f17600b58767db91e29eb92a20f86dddfb0f8dda322d3ddeadba924051c7894f228f090746b1a55e851e7dcaae4d8411f6806d216b4f2e7eca231a30142ee9bb4bb5598a94336a99790d3b77dcda45483c1fb1194c56ddfddb587442754e6c815", 0xfffffd92, 0xb6}], 0x80000, 0x0) 03:19:56 executing program 5: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) openat$vcs(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/vcs\x00', 0x440400, 0x0) ioctl$sock_netdev_private(0xffffffffffffffff, 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r0, 0xae80, 0x0) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) pipe(0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) close(r1) socket$inet(0x10, 0x0, 0x0) write(0xffffffffffffffff, 0x0, 0x0) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) mkdir(&(0x7f0000000500)='./file1\x00', 0x0) write$binfmt_elf64(r2, &(0x7f0000000080)=ANY=[], 0xce024b8b) link(&(0x7f0000000240)='./file0\x00', &(0x7f0000000000)='./file1/file0\x00') rmdir(&(0x7f0000000140)='./file1\x00') utimes(&(0x7f00000000c0)='./file1\x00', 0x0) write$binfmt_misc(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0xfffffecc) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$KVM_NMI(r0, 0xae9a) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) 03:19:56 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) preadv(0xffffffffffffffff, &(0x7f0000000380)=[{&(0x7f0000000240)=""/123, 0xfffffe65}], 0x1, 0x1000000) r0 = syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0)='IPVS\x00') sendmsg$IPVS_CMD_FLUSH(0xffffffffffffffff, &(0x7f0000000500)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r0, @ANYBLOB="00012bbd7000fcdbdf25114000ff06000f000400000008000900000001000800030004000000"], 0x38}, 0x1, 0x0, 0x0, 0x4000000}, 0x1) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x7e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r5 = open(&(0x7f0000000240)='./file0\x00', 0x880, 0x0) fchdir(r5) r6 = creat(&(0x7f0000000680)='./bus\x00', 0x0) ftruncate(r6, 0x800) lseek(r6, 0x0, 0x2) r7 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0) sendfile(r6, r7, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0x0) sendmsg$NL80211_CMD_START_SCHED_SCAN(0xffffffffffffffff, &(0x7f0000000440)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000400)={&(0x7f00000006c0)=ANY=[@ANYBLOB="6000000056f3257a4fcfe2f523d172e7d3ccf9f026b82608f14536009793803f9262155f95eda2f906e1adf01794d1dc50d9f94fa2755eb6a78e734497b5d45d20299029657b342cf5048b8df517b8262e43802b6f4fd08e4831281e6744113689ba928193e3524a7b5bb966519233661752defd54145cabdab0049aba08ea9b814907008c1d269b2644bfdc4b8dc013fb936339f53e", @ANYRES16=0x0, @ANYBLOB="007bb5bd7000ffdbdf254b0000000400ec000a000600bbbbbbbbbbbb00000800d20000000700000000eeaaa100000000006a00000008000000000000000800000001000000080000000800000008000000fa02038ea700000103e31f08a3aa2bc5ddfe963acf2808c9a935574177c8d8dc9a540181df1ed1e696607eb8de4875eb"], 0x60}, 0x1, 0x0, 0x0, 0x4080}, 0xa0) 03:19:56 executing program 2: r0 = signalfd4(0xffffffffffffffff, &(0x7f0000006000), 0x8, 0x0) r1 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f000001bff4)) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, r2, 0x0, 0x0) tkill(r2, 0x3c) ptrace$setregs(0xffffffffffffffff, r2, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r2, 0x0, 0x0) 03:19:56 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000200)="6653070002053c27bc337600363925d86800278dcff47d010000805acf4f8f36460234432479aed75d492b415bcee00a06dc9d8e99adaf81dcfc6afd983f79e65199615607676f8f9fc0ebf8b0b16d6f2c59957ab364884b3c5d05692e664ebf68e6faa5", 0x64}], 0x4, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ptrace$cont(0x7, r0, 0x0, 0x0) 03:19:56 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000200)="6653070002053c27bc337600363925d86800278dcff47d010000805acf4f8f36460234432479aed75d492b415bcee00a06dc9d8e99adaf81dcfc6afd983f79e65199615607676f8f9fc0ebf8b0b16d6f2c59957ab364884b3c5d05692e664ebf68e6faa5", 0x64}], 0x4, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ptrace$cont(0x7, r0, 0x0, 0x0) [ 436.272902][ T27] audit: type=1804 audit(1583119196.271:171): pid=15952 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir486746795/syzkaller.S4NoXv/75/file0/bus" dev="loop1" ino=95 res=1 03:19:56 executing program 5: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) openat$vcs(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/vcs\x00', 0x440400, 0x0) ioctl$sock_netdev_private(0xffffffffffffffff, 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r0, 0xae80, 0x0) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) pipe(0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) close(r1) socket$inet(0x10, 0x0, 0x0) write(0xffffffffffffffff, 0x0, 0x0) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) mkdir(&(0x7f0000000500)='./file1\x00', 0x0) write$binfmt_elf64(r2, &(0x7f0000000080)=ANY=[], 0xce024b8b) link(&(0x7f0000000240)='./file0\x00', &(0x7f0000000000)='./file1/file0\x00') rmdir(&(0x7f0000000140)='./file1\x00') utimes(&(0x7f00000000c0)='./file1\x00', 0x0) write$binfmt_misc(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0xfffffecc) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$KVM_NMI(r0, 0xae9a) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) 03:19:56 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ptrace$cont(0x7, r0, 0x0, 0x0) [ 436.757002][ T27] audit: type=1804 audit(1583119196.341:172): pid=15974 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir486746795/syzkaller.S4NoXv/75/file0/bus" dev="loop1" ino=95 res=1 03:19:56 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x100000008d}, 0x0) r0 = getpid() pipe(&(0x7f0000000100)) sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(0xffffffffffffffff, &(0x7f00000003c0)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x400c0800}, 0xc, &(0x7f00000002c0)={&(0x7f00000004c0)=ANY=[@ANYBLOB="63d7a6c0e8b58acfbad7e08db3f404e33eb03fd624b7c0e773c42a908de50c08b3235443a19680f015c200b5b50b2dc165dc1f55b7309a38588fa9d14c2db962f9c96fdd84b21419068621ea599c409b50db907b47098c9b7382b4eddff637b96209b1"], 0x1}, 0x1, 0x0, 0x0, 0x40000}, 0x44894) sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) dup2(0xffffffffffffffff, 0xffffffffffffffff) r1 = gettid() ptrace$PTRACE_SECCOMP_GET_METADATA(0x420d, r1, 0x10, &(0x7f00000000c0)) r2 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) ioctl$KDGETLED(0xffffffffffffffff, 0x4b31, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) write(r4, &(0x7f0000000340), 0x41395527) open(&(0x7f000000fffa)='./bus\x00', 0x141042, 0x0) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) r5 = creat(&(0x7f0000000000)='./file0\x00', 0x100) ftruncate(r5, 0x3) r6 = openat(r5, &(0x7f0000000880)='./file0\x00', 0x6240c2, 0x10) r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000900)='nl80211\x00') r8 = socket$packet(0x11, 0x3, 0x300) r9 = socket(0x100000000011, 0x0, 0x0) bind(r9, 0x0, 0x0) getsockname$packet(r9, &(0x7f0000000040)={0x11, 0x0, 0x0}, &(0x7f00000001c0)=0x14) setsockopt$packet_add_memb(r8, 0x107, 0x1, &(0x7f0000000040)={r10, 0x1, 0x6, @local}, 0x10) sendmsg$NL80211_CMD_SET_MPATH(r6, &(0x7f0000000a00)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x10000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x10}, 0x4004) getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000000040)={0x0, @local, @local}, &(0x7f0000000080)=0xc) bind$packet(0xffffffffffffffff, &(0x7f0000000140)={0x11, 0x0, r11, 0x1, 0x0, 0x6, @remote}, 0x14) clock_gettime(0x0, &(0x7f0000003cc0)={0x0, 0x0}) recvmmsg(0xffffffffffffffff, &(0x7f0000003b00)=[{{&(0x7f0000000600)=@in={0x2, 0x0, @multicast1}, 0x80, &(0x7f0000000380)=[{&(0x7f0000000900)=""/177, 0xb1}], 0x1, &(0x7f00000009c0)=""/202, 0xca}, 0xcb4}, {{&(0x7f0000000740)=@can, 0x80, &(0x7f0000000400)=[{&(0x7f0000000ac0)=""/228, 0xe4}], 0x1, &(0x7f0000000480)=""/20, 0x14}, 0x800}, {{0x0, 0x0, &(0x7f0000000e80)=[{&(0x7f0000000c40)=""/116, 0x74}, {&(0x7f0000000cc0)=""/211, 0xd3}, {&(0x7f0000000dc0)=""/168, 0xa8}], 0x3}}, {{&(0x7f0000000f80)=@ipx, 0x80, &(0x7f0000001100)=[{0x0}], 0x1, &(0x7f0000001140)=""/132, 0x84}, 0x2}, {{&(0x7f0000001200)=@xdp, 0x80, &(0x7f0000003400)=[{&(0x7f0000001280)=""/4096, 0x1000}, {&(0x7f0000002280)=""/134, 0x86}, {&(0x7f0000002340)=""/4096, 0x1000}, {&(0x7f0000003340)=""/19, 0x13}, {&(0x7f0000003380)}, {&(0x7f00000033c0)=""/23, 0x17}], 0x6, &(0x7f0000003480)=""/74, 0x4a}, 0x3}, {{&(0x7f0000003500)=@sco={0x1f, @none}, 0x80, &(0x7f0000003800)=[{&(0x7f0000003580)=""/232, 0xe8}, {&(0x7f0000003680)=""/100, 0x64}, {&(0x7f0000003700)=""/132, 0x84}, {&(0x7f00000037c0)=""/25, 0x19}], 0x4, &(0x7f0000003840)=""/181, 0xb5}}, {{&(0x7f0000003900)=@ethernet={0x0, @remote}, 0x80, &(0x7f0000003a40)=[{&(0x7f0000003980)=""/69, 0x45}, {0x0}], 0x2, &(0x7f0000003a80)=""/82, 0x52}}], 0x7, 0x100, &(0x7f0000003d00)={r12, r13+30000000}) getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000003380)={0x0, @local, @local}, &(0x7f0000000080)=0xc) bind$packet(0xffffffffffffffff, &(0x7f0000000140)={0x11, 0x0, r14, 0x1, 0x0, 0x6, @remote}, 0x14) r15 = syz_open_dev$usbmon(0x0, 0x0, 0x0) mmap(&(0x7f0000a05000/0x400000)=nil, 0x40031c, 0x0, 0x8012, r15, 0x0) ioctl$MON_IOCT_RING_SIZE(r15, 0x9204, 0xb0398) r16 = syz_open_dev$usbmon(&(0x7f00008be000)='/dev/usbmon#\x00', 0x0, 0x0) mmap(&(0x7f0000a05000/0x400000)=nil, 0x40031c, 0x0, 0x8012, r16, 0x0) ioctl$MON_IOCT_RING_SIZE(r16, 0x9204, 0xb0398) r17 = syz_open_dev$usbmon(&(0x7f00008be000)='/dev/usbmon#\x00', 0x0, 0x0) mmap(&(0x7f0000a05000/0x400000)=nil, 0x40031c, 0x0, 0x8012, r17, 0x0) ioctl$MON_IOCT_RING_SIZE(r17, 0x9204, 0x0) sendmsg$NL80211_CMD_GET_INTERFACE(0xffffffffffffffff, &(0x7f0000003dc0)={0x0, 0x0, &(0x7f0000003d80)={&(0x7f0000003e00)=ANY=[@ANYBLOB='4\x00', @ANYRES16=r7, @ANYPTR64=&(0x7f0000003d40)=ANY=[@ANYRES16, @ANYPTR=&(0x7f0000003ec0)=ANY=[@ANYPTR, @ANYRES16=0x0, @ANYBLOB="f463c91d140e4700b1044cb52d05b1790c0afab3c1c3c7662fd543a74c73a7cf4a255e23d7079ce58df612a2018e3b63a5e218336980494bf164250756f4d50174a66fbfb24753f82090b8c393da96db8186ab413db039e0c5bd76d858e3ff6c8c914e3f779a49828a0335d07af6747e25276e475d58c98681a946b5faabe2591b260e20dc185aa625c04cbb7d2be0f6ec2e63a7d2d77b963d67d0e4d9adb05df90d0a", @ANYRESHEX=r15, @ANYRES16=0x0, @ANYRES16=r16, @ANYRESOCT=r17, @ANYRES16]], @ANYRES32=r11, @ANYBLOB='\x00\x00\x00\x00', @ANYRES32, @ANYBLOB="080001000100000008002115ad3933c81810ce82a293111a788b83c50688f2245460c0204e27d20fe7dc385a94dc69f9d18709dc645fa66cc483e4d587bd7b0d195866141be7be78fb4a7d76f5a054d84c7dabcdb2611c153b56539e66a4de00000000000000", @ANYRES32=r14, @ANYBLOB], 0x9}, 0x1, 0x0, 0x0, 0x2000c881}, 0x1) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) request_key(&(0x7f0000000180)='dns_resolver\x00', &(0x7f00000001c0)={'syz', 0x0}, &(0x7f0000000340)='[\'eth1-#\x00', 0xffffffffffffffff) syz_mount_image$ext4(0x0, 0x0, 0x7, 0x1, &(0x7f00000007c0)=[{&(0x7f0000000680)="62f23e748cdfecc0d3bcb88248f9f8f8e8ba030000000000001dcdc6041c8d8a0957939950c15c7ac6360c7820e1d5957ba4167f17600b58767db91e29eb92a20f86dddfb0f8dda322d3ddeadba924051c7894f228f090746b1a55e851e7dcaae4d8411f6806d216b4f2e7eca231a30142ee9bb4bb5598a94336a99790d3b77dcda45483c1fb1194c56ddfddb587442754e6c815", 0xfffffd92, 0xb6}], 0x80000, 0x0) 03:19:56 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x100000008d}, 0x0) r0 = getpid() pipe(&(0x7f0000000100)) sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(0xffffffffffffffff, &(0x7f00000003c0)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x400c0800}, 0xc, &(0x7f00000002c0)={&(0x7f00000004c0)=ANY=[@ANYBLOB="63d7a6c0e8b58acfbad7e08db3f404e33eb03fd624b7c0e773c42a908de50c08b3235443a19680f015c200b5b50b2dc165dc1f55b7309a38588fa9d14c2db962f9c96fdd84b21419068621ea599c409b50db907b47098c9b7382b4eddff637b96209b1"], 0x1}, 0x1, 0x0, 0x0, 0x40000}, 0x44894) sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) dup2(0xffffffffffffffff, 0xffffffffffffffff) r1 = gettid() ptrace$PTRACE_SECCOMP_GET_METADATA(0x420d, r1, 0x10, &(0x7f00000000c0)) r2 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) ioctl$KDGETLED(0xffffffffffffffff, 0x4b31, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) write(r4, &(0x7f0000000340), 0x41395527) open(&(0x7f000000fffa)='./bus\x00', 0x141042, 0x0) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) r5 = creat(&(0x7f0000000000)='./file0\x00', 0x100) ftruncate(r5, 0x3) r6 = openat(r5, &(0x7f0000000880)='./file0\x00', 0x6240c2, 0x10) r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000900)='nl80211\x00') r8 = socket$packet(0x11, 0x3, 0x300) r9 = socket(0x100000000011, 0x0, 0x0) bind(r9, 0x0, 0x0) getsockname$packet(r9, &(0x7f0000000040)={0x11, 0x0, 0x0}, &(0x7f00000001c0)=0x14) setsockopt$packet_add_memb(r8, 0x107, 0x1, &(0x7f0000000040)={r10, 0x1, 0x6, @local}, 0x10) sendmsg$NL80211_CMD_SET_MPATH(r6, &(0x7f0000000a00)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x10000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x10}, 0x4004) getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000000040)={0x0, @local, @local}, &(0x7f0000000080)=0xc) bind$packet(0xffffffffffffffff, &(0x7f0000000140)={0x11, 0x0, r11, 0x1, 0x0, 0x6, @remote}, 0x14) clock_gettime(0x0, &(0x7f0000003cc0)={0x0, 0x0}) recvmmsg(0xffffffffffffffff, &(0x7f0000003b00)=[{{&(0x7f0000000600)=@in={0x2, 0x0, @multicast1}, 0x80, &(0x7f0000000380)=[{&(0x7f0000000900)=""/177, 0xb1}], 0x1, &(0x7f00000009c0)=""/202, 0xca}, 0xcb4}, {{&(0x7f0000000740)=@can, 0x80, &(0x7f0000000400)=[{&(0x7f0000000ac0)=""/228, 0xe4}], 0x1, &(0x7f0000000480)=""/20, 0x14}, 0x800}, {{0x0, 0x0, &(0x7f0000000e80)=[{&(0x7f0000000c40)=""/116, 0x74}, {&(0x7f0000000cc0)=""/211, 0xd3}, {&(0x7f0000000dc0)=""/168, 0xa8}], 0x3}}, {{&(0x7f0000000f80)=@ipx, 0x80, &(0x7f0000001100)=[{0x0}], 0x1, &(0x7f0000001140)=""/132, 0x84}, 0x2}, {{&(0x7f0000001200)=@xdp, 0x80, &(0x7f0000003400)=[{&(0x7f0000001280)=""/4096, 0x1000}, {&(0x7f0000002280)=""/134, 0x86}, {&(0x7f0000002340)=""/4096, 0x1000}, {&(0x7f0000003340)=""/19, 0x13}, {&(0x7f0000003380)}, {&(0x7f00000033c0)=""/23, 0x17}], 0x6, &(0x7f0000003480)=""/74, 0x4a}, 0x3}, {{&(0x7f0000003500)=@sco={0x1f, @none}, 0x80, &(0x7f0000003800)=[{&(0x7f0000003580)=""/232, 0xe8}, {&(0x7f0000003680)=""/100, 0x64}, {&(0x7f0000003700)=""/132, 0x84}, {&(0x7f00000037c0)=""/25, 0x19}], 0x4, &(0x7f0000003840)=""/181, 0xb5}}, {{&(0x7f0000003900)=@ethernet={0x0, @remote}, 0x80, &(0x7f0000003a40)=[{&(0x7f0000003980)=""/69, 0x45}, {0x0}], 0x2, &(0x7f0000003a80)=""/82, 0x52}}], 0x7, 0x100, &(0x7f0000003d00)={r12, r13+30000000}) getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000003380)={0x0, @local, @local}, &(0x7f0000000080)=0xc) bind$packet(0xffffffffffffffff, &(0x7f0000000140)={0x11, 0x0, r14, 0x1, 0x0, 0x6, @remote}, 0x14) r15 = syz_open_dev$usbmon(0x0, 0x0, 0x0) mmap(&(0x7f0000a05000/0x400000)=nil, 0x40031c, 0x0, 0x8012, r15, 0x0) ioctl$MON_IOCT_RING_SIZE(r15, 0x9204, 0xb0398) r16 = syz_open_dev$usbmon(&(0x7f00008be000)='/dev/usbmon#\x00', 0x0, 0x0) mmap(&(0x7f0000a05000/0x400000)=nil, 0x40031c, 0x0, 0x8012, r16, 0x0) ioctl$MON_IOCT_RING_SIZE(r16, 0x9204, 0xb0398) r17 = syz_open_dev$usbmon(&(0x7f00008be000)='/dev/usbmon#\x00', 0x0, 0x0) mmap(&(0x7f0000a05000/0x400000)=nil, 0x40031c, 0x0, 0x8012, r17, 0x0) ioctl$MON_IOCT_RING_SIZE(r17, 0x9204, 0x0) sendmsg$NL80211_CMD_GET_INTERFACE(0xffffffffffffffff, &(0x7f0000003dc0)={0x0, 0x0, &(0x7f0000003d80)={&(0x7f0000003e00)=ANY=[@ANYBLOB='4\x00', @ANYRES16=r7, @ANYPTR64=&(0x7f0000003d40)=ANY=[@ANYRES16, @ANYPTR=&(0x7f0000003ec0)=ANY=[@ANYPTR, @ANYRES16=0x0, @ANYBLOB="f463c91d140e4700b1044cb52d05b1790c0afab3c1c3c7662fd543a74c73a7cf4a255e23d7079ce58df612a2018e3b63a5e218336980494bf164250756f4d50174a66fbfb24753f82090b8c393da96db8186ab413db039e0c5bd76d858e3ff6c8c914e3f779a49828a0335d07af6747e25276e475d58c98681a946b5faabe2591b260e20dc185aa625c04cbb7d2be0f6ec2e63a7d2d77b963d67d0e4d9adb05df90d0a", @ANYRESHEX=r15, @ANYRES16=0x0, @ANYRES16=r16, @ANYRESOCT=r17, @ANYRES16]], @ANYRES32=r11, @ANYBLOB='\x00\x00\x00\x00', @ANYRES32, @ANYBLOB="080001000100000008002115ad3933c81810ce82a293111a788b83c50688f2245460c0204e27d20fe7dc385a94dc69f9d18709dc645fa66cc483e4d587bd7b0d195866141be7be78fb4a7d76f5a054d84c7dabcdb2611c153b56539e66a4de00000000000000", @ANYRES32=r14, @ANYBLOB], 0x9}, 0x1, 0x0, 0x0, 0x2000c881}, 0x1) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) request_key(&(0x7f0000000180)='dns_resolver\x00', &(0x7f00000001c0)={'syz', 0x0}, &(0x7f0000000340)='[\'eth1-#\x00', 0xffffffffffffffff) syz_mount_image$ext4(0x0, 0x0, 0x7, 0x1, &(0x7f00000007c0)=[{&(0x7f0000000680)="62f23e748cdfecc0d3bcb88248f9f8f8e8ba030000000000001dcdc6041c8d8a0957939950c15c7ac6360c7820e1d5957ba4167f17600b58767db91e29eb92a20f86dddfb0f8dda322d3ddeadba924051c7894f228f090746b1a55e851e7dcaae4d8411f6806d216b4f2e7eca231a30142ee9bb4bb5598a94336a99790d3b77dcda45483c1fb1194c56ddfddb587442754e6c815", 0xfffffd92, 0xb6}], 0x80000, 0x0) 03:19:57 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) preadv(0xffffffffffffffff, &(0x7f0000000380)=[{&(0x7f0000000240)=""/123, 0xfffffe65}], 0x1, 0x1000000) r0 = syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0)='IPVS\x00') sendmsg$IPVS_CMD_FLUSH(0xffffffffffffffff, &(0x7f0000000500)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r0, @ANYBLOB="00012bbd7000fcdbdf25114000ff06000f000400000008000900000001000800030004000000"], 0x38}, 0x1, 0x0, 0x0, 0x4000000}, 0x1) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x7e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r5 = open(&(0x7f0000000240)='./file0\x00', 0x880, 0x0) fchdir(r5) r6 = creat(&(0x7f0000000680)='./bus\x00', 0x0) ftruncate(r6, 0x800) lseek(r6, 0x0, 0x2) r7 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0) sendfile(r6, r7, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0x0) sendmsg$NL80211_CMD_START_SCHED_SCAN(0xffffffffffffffff, &(0x7f0000000440)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000400)={&(0x7f00000006c0)=ANY=[@ANYBLOB="6000000056f3257a4fcfe2f523d172e7d3ccf9f026b82608f14536009793803f9262155f95eda2f906e1adf01794d1dc50d9f94fa2755eb6a78e734497b5d45d20299029657b342cf5048b8df517b8262e43802b6f4fd08e4831281e6744113689ba928193e3524a7b5bb966519233661752defd54145cabdab0049aba08ea9b814907008c1d269b2644bfdc4b8dc013fb936339f53e", @ANYRES16=0x0, @ANYBLOB="007bb5bd7000ffdbdf254b0000000400ec000a000600bbbbbbbbbbbb00000800d20000000700000000eeaaa100000000006a00000008000000000000000800000001000000080000000800000008000000fa02038ea700000103e31f08a3aa2bc5ddfe963acf2808c9a935574177c8d8dc9a540181df1ed1e696607eb8de4875eb"], 0x60}, 0x1, 0x0, 0x0, 0x4080}, 0xa0) 03:19:57 executing program 5: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) openat$vcs(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/vcs\x00', 0x440400, 0x0) ioctl$sock_netdev_private(0xffffffffffffffff, 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r0, 0xae80, 0x0) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) pipe(0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) close(r1) socket$inet(0x10, 0x0, 0x0) write(0xffffffffffffffff, 0x0, 0x0) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) mkdir(&(0x7f0000000500)='./file1\x00', 0x0) write$binfmt_elf64(r2, &(0x7f0000000080)=ANY=[], 0xce024b8b) link(&(0x7f0000000240)='./file0\x00', &(0x7f0000000000)='./file1/file0\x00') rmdir(&(0x7f0000000140)='./file1\x00') utimes(&(0x7f00000000c0)='./file1\x00', 0x0) write$binfmt_misc(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0xfffffecc) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$KVM_NMI(r0, 0xae9a) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) [ 437.017066][ T7954] attempt to access beyond end of device [ 437.044924][ T7954] loop1: rw=1, want=3761, limit=63 [ 437.080496][ T7954] attempt to access beyond end of device [ 437.106500][ T7954] loop1: rw=1, want=6337, limit=63 [ 437.140456][ T7954] attempt to access beyond end of device [ 437.149964][ T7954] loop1: rw=1, want=8649, limit=63 [ 437.164103][ T7954] attempt to access beyond end of device [ 437.170210][ T7954] loop1: rw=1, want=11297, limit=63 [ 437.187689][ T7954] attempt to access beyond end of device [ 437.235699][ T7954] loop1: rw=1, want=13441, limit=63 [ 437.282141][ T7954] attempt to access beyond end of device [ 437.294233][ T7954] loop1: rw=1, want=15969, limit=63 [ 437.322124][ T7954] attempt to access beyond end of device 03:19:57 executing program 5: perf_event_open(&(0x7f0000000440)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) openat$vcs(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/vcs\x00', 0x440400, 0x0) ioctl$sock_netdev_private(0xffffffffffffffff, 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r0, 0xae80, 0x0) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) pipe(0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) close(r1) socket$inet(0x10, 0x0, 0x0) write(0xffffffffffffffff, 0x0, 0x0) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) mkdir(&(0x7f0000000500)='./file1\x00', 0x0) write$binfmt_elf64(r2, &(0x7f0000000080)=ANY=[], 0xce024b8b) link(&(0x7f0000000240)='./file0\x00', &(0x7f0000000000)='./file1/file0\x00') rmdir(&(0x7f0000000140)='./file1\x00') utimes(&(0x7f00000000c0)='./file1\x00', 0x0) write$binfmt_misc(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0xfffffecc) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$KVM_NMI(r0, 0xae9a) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) [ 437.327955][ T7954] loop1: rw=1, want=19233, limit=63 [ 437.337365][ T7954] attempt to access beyond end of device [ 437.356550][ T7954] loop1: rw=1, want=19369, limit=63 03:19:57 executing program 5: perf_event_open(&(0x7f0000000440)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) openat$vcs(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/vcs\x00', 0x440400, 0x0) ioctl$sock_netdev_private(0xffffffffffffffff, 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r0, 0xae80, 0x0) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) pipe(0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) close(r1) socket$inet(0x10, 0x0, 0x0) write(0xffffffffffffffff, 0x0, 0x0) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) mkdir(&(0x7f0000000500)='./file1\x00', 0x0) write$binfmt_elf64(r2, &(0x7f0000000080)=ANY=[], 0xce024b8b) link(&(0x7f0000000240)='./file0\x00', &(0x7f0000000000)='./file1/file0\x00') rmdir(&(0x7f0000000140)='./file1\x00') utimes(&(0x7f00000000c0)='./file1\x00', 0x0) write$binfmt_misc(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0xfffffecc) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$KVM_NMI(r0, 0xae9a) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) [ 437.705143][ T27] audit: type=1804 audit(1583119197.701:173): pid=16322 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir486746795/syzkaller.S4NoXv/76/file0/bus" dev="loop1" ino=96 res=1 [ 437.782260][ T27] audit: type=1804 audit(1583119197.751:174): pid=16363 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir486746795/syzkaller.S4NoXv/76/file0/bus" dev="loop1" ino=96 res=1 03:19:57 executing program 5: perf_event_open(&(0x7f0000000440)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) openat$vcs(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/vcs\x00', 0x440400, 0x0) ioctl$sock_netdev_private(0xffffffffffffffff, 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r0, 0xae80, 0x0) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) pipe(0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) close(r1) socket$inet(0x10, 0x0, 0x0) write(0xffffffffffffffff, 0x0, 0x0) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) mkdir(&(0x7f0000000500)='./file1\x00', 0x0) write$binfmt_elf64(r2, &(0x7f0000000080)=ANY=[], 0xce024b8b) link(&(0x7f0000000240)='./file0\x00', &(0x7f0000000000)='./file1/file0\x00') rmdir(&(0x7f0000000140)='./file1\x00') utimes(&(0x7f00000000c0)='./file1\x00', 0x0) write$binfmt_misc(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0xfffffecc) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$KVM_NMI(r0, 0xae9a) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) [ 438.436295][ T7954] attempt to access beyond end of device [ 438.441997][ T7954] loop1: rw=1, want=2965, limit=63 [ 438.453268][ T7954] attempt to access beyond end of device [ 438.459325][ T7954] loop1: rw=1, want=5013, limit=63 [ 438.469652][ T7954] attempt to access beyond end of device [ 438.475289][ T7954] loop1: rw=1, want=7061, limit=63 [ 438.485033][ T7954] attempt to access beyond end of device [ 438.490749][ T7954] loop1: rw=1, want=9109, limit=63 [ 438.500769][ T7954] attempt to access beyond end of device [ 438.507086][ T7954] loop1: rw=1, want=11157, limit=63 [ 438.517461][ T7954] attempt to access beyond end of device [ 438.523242][ T7954] loop1: rw=1, want=13429, limit=63 [ 438.533948][ T7954] attempt to access beyond end of device [ 438.539645][ T7954] loop1: rw=1, want=16477, limit=63 [ 438.550580][ T7954] attempt to access beyond end of device [ 438.556288][ T7954] loop1: rw=1, want=18525, limit=63 [ 438.565568][ T7954] attempt to access beyond end of device [ 438.571980][ T7954] loop1: rw=1, want=20581, limit=63 [ 438.582193][ T7954] attempt to access beyond end of device [ 438.588047][ T7954] loop1: rw=1, want=23237, limit=63 [ 438.595201][ T7954] attempt to access beyond end of device [ 438.600913][ T7954] loop1: rw=1, want=23333, limit=63 03:19:59 executing program 2: r0 = signalfd4(0xffffffffffffffff, &(0x7f0000006000), 0x8, 0x0) r1 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f000001bff4)) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, r2, 0x0, 0x0) tkill(r2, 0x3c) ptrace$setregs(0xd, 0x0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r2, 0x0, 0x0) 03:19:59 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x100000008d}, 0x0) r0 = getpid() pipe(&(0x7f0000000100)) sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(0xffffffffffffffff, &(0x7f00000003c0)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x400c0800}, 0xc, &(0x7f00000002c0)={&(0x7f00000004c0)=ANY=[@ANYBLOB="63d7a6c0e8b58acfbad7e08db3f404e33eb03fd624b7c0e773c42a908de50c08b3235443a19680f015c200b5b50b2dc165dc1f55b7309a38588fa9d14c2db962f9c96fdd84b21419068621ea599c409b50db907b47098c9b7382b4eddff637b96209b1"], 0x1}, 0x1, 0x0, 0x0, 0x40000}, 0x44894) sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) dup2(0xffffffffffffffff, 0xffffffffffffffff) r1 = gettid() ptrace$PTRACE_SECCOMP_GET_METADATA(0x420d, r1, 0x10, &(0x7f00000000c0)) r2 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) ioctl$KDGETLED(0xffffffffffffffff, 0x4b31, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) write(r4, &(0x7f0000000340), 0x41395527) open(&(0x7f000000fffa)='./bus\x00', 0x141042, 0x0) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) r5 = creat(&(0x7f0000000000)='./file0\x00', 0x100) ftruncate(r5, 0x3) r6 = openat(r5, &(0x7f0000000880)='./file0\x00', 0x6240c2, 0x10) r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000900)='nl80211\x00') r8 = socket$packet(0x11, 0x3, 0x300) r9 = socket(0x100000000011, 0x0, 0x0) bind(r9, 0x0, 0x0) getsockname$packet(r9, &(0x7f0000000040)={0x11, 0x0, 0x0}, &(0x7f00000001c0)=0x14) setsockopt$packet_add_memb(r8, 0x107, 0x1, &(0x7f0000000040)={r10, 0x1, 0x6, @local}, 0x10) sendmsg$NL80211_CMD_SET_MPATH(r6, &(0x7f0000000a00)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x10000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x10}, 0x4004) getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000000040)={0x0, @local, @local}, &(0x7f0000000080)=0xc) bind$packet(0xffffffffffffffff, &(0x7f0000000140)={0x11, 0x0, r11, 0x1, 0x0, 0x6, @remote}, 0x14) clock_gettime(0x0, &(0x7f0000003cc0)={0x0, 0x0}) recvmmsg(0xffffffffffffffff, &(0x7f0000003b00)=[{{&(0x7f0000000600)=@in={0x2, 0x0, @multicast1}, 0x80, &(0x7f0000000380)=[{&(0x7f0000000900)=""/177, 0xb1}], 0x1, &(0x7f00000009c0)=""/202, 0xca}, 0xcb4}, {{&(0x7f0000000740)=@can, 0x80, &(0x7f0000000400)=[{&(0x7f0000000ac0)=""/228, 0xe4}], 0x1, &(0x7f0000000480)=""/20, 0x14}, 0x800}, {{0x0, 0x0, &(0x7f0000000e80)=[{&(0x7f0000000c40)=""/116, 0x74}, {&(0x7f0000000cc0)=""/211, 0xd3}, {&(0x7f0000000dc0)=""/168, 0xa8}], 0x3}}, {{&(0x7f0000000f80)=@ipx, 0x80, &(0x7f0000001100)=[{0x0}], 0x1, &(0x7f0000001140)=""/132, 0x84}, 0x2}, {{&(0x7f0000001200)=@xdp, 0x80, &(0x7f0000003400)=[{&(0x7f0000001280)=""/4096, 0x1000}, {&(0x7f0000002280)=""/134, 0x86}, {&(0x7f0000002340)=""/4096, 0x1000}, {&(0x7f0000003340)=""/19, 0x13}, {&(0x7f0000003380)}, {&(0x7f00000033c0)=""/23, 0x17}], 0x6, &(0x7f0000003480)=""/74, 0x4a}, 0x3}, {{&(0x7f0000003500)=@sco={0x1f, @none}, 0x80, &(0x7f0000003800)=[{&(0x7f0000003580)=""/232, 0xe8}, {&(0x7f0000003680)=""/100, 0x64}, {&(0x7f0000003700)=""/132, 0x84}, {&(0x7f00000037c0)=""/25, 0x19}], 0x4, &(0x7f0000003840)=""/181, 0xb5}}, {{&(0x7f0000003900)=@ethernet={0x0, @remote}, 0x80, &(0x7f0000003a40)=[{&(0x7f0000003980)=""/69, 0x45}, {0x0}], 0x2, &(0x7f0000003a80)=""/82, 0x52}}], 0x7, 0x100, &(0x7f0000003d00)={r12, r13+30000000}) getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000003380)={0x0, @local, @local}, &(0x7f0000000080)=0xc) bind$packet(0xffffffffffffffff, &(0x7f0000000140)={0x11, 0x0, r14, 0x1, 0x0, 0x6, @remote}, 0x14) r15 = syz_open_dev$usbmon(0x0, 0x0, 0x0) mmap(&(0x7f0000a05000/0x400000)=nil, 0x40031c, 0x0, 0x8012, r15, 0x0) ioctl$MON_IOCT_RING_SIZE(r15, 0x9204, 0xb0398) r16 = syz_open_dev$usbmon(&(0x7f00008be000)='/dev/usbmon#\x00', 0x0, 0x0) mmap(&(0x7f0000a05000/0x400000)=nil, 0x40031c, 0x0, 0x8012, r16, 0x0) ioctl$MON_IOCT_RING_SIZE(r16, 0x9204, 0xb0398) r17 = syz_open_dev$usbmon(&(0x7f00008be000)='/dev/usbmon#\x00', 0x0, 0x0) mmap(&(0x7f0000a05000/0x400000)=nil, 0x40031c, 0x0, 0x8012, r17, 0x0) ioctl$MON_IOCT_RING_SIZE(r17, 0x9204, 0x0) sendmsg$NL80211_CMD_GET_INTERFACE(0xffffffffffffffff, &(0x7f0000003dc0)={0x0, 0x0, &(0x7f0000003d80)={&(0x7f0000003e00)=ANY=[@ANYBLOB='4\x00', @ANYRES16=r7, @ANYPTR64=&(0x7f0000003d40)=ANY=[@ANYRES16, @ANYPTR=&(0x7f0000003ec0)=ANY=[@ANYPTR, @ANYRES16=0x0, @ANYBLOB="f463c91d140e4700b1044cb52d05b1790c0afab3c1c3c7662fd543a74c73a7cf4a255e23d7079ce58df612a2018e3b63a5e218336980494bf164250756f4d50174a66fbfb24753f82090b8c393da96db8186ab413db039e0c5bd76d858e3ff6c8c914e3f779a49828a0335d07af6747e25276e475d58c98681a946b5faabe2591b260e20dc185aa625c04cbb7d2be0f6ec2e63a7d2d77b963d67d0e4d9adb05df90d0a", @ANYRESHEX=r15, @ANYRES16=0x0, @ANYRES16=r16, @ANYRESOCT=r17, @ANYRES16]], @ANYRES32=r11, @ANYBLOB='\x00\x00\x00\x00', @ANYRES32, @ANYBLOB="080001000100000008002115ad3933c81810ce82a293111a788b83c50688f2245460c0204e27d20fe7dc385a94dc69f9d18709dc645fa66cc483e4d587bd7b0d195866141be7be78fb4a7d76f5a054d84c7dabcdb2611c153b56539e66a4de00000000000000", @ANYRES32=r14, @ANYBLOB], 0x9}, 0x1, 0x0, 0x0, 0x2000c881}, 0x1) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) request_key(&(0x7f0000000180)='dns_resolver\x00', &(0x7f00000001c0)={'syz', 0x0}, &(0x7f0000000340)='[\'eth1-#\x00', 0xffffffffffffffff) syz_mount_image$ext4(0x0, 0x0, 0x7, 0x1, &(0x7f00000007c0)=[{&(0x7f0000000680)="62f23e748cdfecc0d3bcb88248f9f8f8e8ba030000000000001dcdc6041c8d8a0957939950c15c7ac6360c7820e1d5957ba4167f17600b58767db91e29eb92a20f86dddfb0f8dda322d3ddeadba924051c7894f228f090746b1a55e851e7dcaae4d8411f6806d216b4f2e7eca231a30142ee9bb4bb5598a94336a99790d3b77dcda45483c1fb1194c56ddfddb587442754e6c815", 0xfffffd92, 0xb6}], 0x80000, 0x0) 03:19:59 executing program 4: r0 = syz_open_dev$video(&(0x7f0000000080)='/dev/video#\x00', 0xffff, 0x0) ioctl$VIDIOC_QUERY_DV_TIMINGS(r0, 0x80845663, 0x0) 03:19:59 executing program 1: r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='sched\x00') preadv(r0, &(0x7f0000000380)=[{&(0x7f0000000240)=""/123, 0xfffffe65}], 0x1, 0x1000000) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0)='IPVS\x00') sendmsg$IPVS_CMD_FLUSH(r0, &(0x7f0000000500)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="00012bbd7000fcdbdf25114000ff06000f000400000008000900000001000800030004000000"], 0x38}, 0x1, 0x0, 0x0, 0x4000000}, 0x1) r2 = getpid() sched_setattr(r2, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r3 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r3, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r5, 0x407, 0x0) write(r5, &(0x7f0000000340), 0x41395527) vmsplice(r4, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x7e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r6 = open(&(0x7f0000000240)='./file0\x00', 0x880, 0x0) fchdir(r6) r7 = creat(&(0x7f0000000680)='./bus\x00', 0x0) ftruncate(r7, 0x800) lseek(r7, 0x0, 0x2) r8 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0) sendfile(r7, r8, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0x0) sendmsg$NL80211_CMD_START_SCHED_SCAN(0xffffffffffffffff, &(0x7f0000000440)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000400)={&(0x7f00000006c0)=ANY=[@ANYBLOB="6000000056f3257a4fcfe2f523d172e7d3ccf9f026b82608f14536009793803f9262155f95eda2f906e1adf01794d1dc50d9f94fa2755eb6a78e734497b5d45d20299029657b342cf5048b8df517b8262e43802b6f4fd08e4831281e6744113689ba928193e3524a7b5bb966519233661752defd54145cabdab0049aba08ea9b814907008c1d269b2644bfdc4b8dc013fb936339f53e", @ANYRES16=0x0, @ANYBLOB="007bb5bd7000ffdbdf254b0000000400ec000a000600bbbbbbbbbbbb00000800d20000000700000000eeaaa100000000006a00000008000000000000000800000001000000080000000800000008000000fa02038ea700000103e31f08a3aa2bc5ddfe963acf2808c9a935574177c8d8dc9a540181df1ed1e696607eb8de4875eb"], 0x60}, 0x1, 0x0, 0x0, 0x4080}, 0xa0) [ 439.350613][ T27] audit: type=1804 audit(1583119199.351:175): pid=16546 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir486746795/syzkaller.S4NoXv/77/file0/bus" dev="loop1" ino=97 res=1 [ 439.422996][ T27] audit: type=1804 audit(1583119199.421:176): pid=16552 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir486746795/syzkaller.S4NoXv/77/file0/bus" dev="loop1" ino=97 res=1 03:19:59 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ptrace$cont(0x7, r0, 0x0, 0x0) 03:19:59 executing program 5: perf_event_open(&(0x7f0000000440)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) openat$vcs(0xffffffffffffff9c, 0x0, 0x440400, 0x0) ioctl$sock_netdev_private(0xffffffffffffffff, 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r0, 0xae80, 0x0) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) pipe(0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) close(r1) socket$inet(0x10, 0x0, 0x0) write(0xffffffffffffffff, 0x0, 0x0) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) mkdir(&(0x7f0000000500)='./file1\x00', 0x0) write$binfmt_elf64(r2, &(0x7f0000000080)=ANY=[], 0xce024b8b) link(&(0x7f0000000240)='./file0\x00', &(0x7f0000000000)='./file1/file0\x00') rmdir(&(0x7f0000000140)='./file1\x00') utimes(&(0x7f00000000c0)='./file1\x00', 0x0) write$binfmt_misc(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0xfffffecc) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$KVM_NMI(r0, 0xae9a) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) 03:19:59 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000640)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) keyctl$KEYCTL_PKEY_SIGN(0x1b, 0x0, 0x0, &(0x7f0000000280)="c57479747167575baa59ca9296bf2aa019cc4989ea9690e2b26d249b3dcf0bfc72fe8819faba20106fa86b4a4964d8318fb751510333278fa7222ce03d717f85cbdf956cde947cdc78b2e49e171510c034b7450b701a09697cb7a615174ac54de1dbf2919b17028e4eddaa082f616ae6d7", 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f000002f000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 03:19:59 executing program 3: r0 = syz_open_dev$video(&(0x7f0000000080)='/dev/video#\x00', 0xd, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = fcntl$dupfd(r2, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$VIDIOC_G_CTRL(r0, 0xc008561b, &(0x7f00000002c0)={0x7fffffff}) 03:20:00 executing program 3: bind$inet6(0xffffffffffffffff, 0x0, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) sendto$inet6(r0, 0x0, 0xfffffffffffffffd, 0x20000004, 0x0, 0x0) getpgid(0x0) getpid() perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) close(r1) socket(0x840000000002, 0x3, 0x6) connect$inet(r1, &(0x7f0000000040)={0x2, 0x0, @local}, 0x10) sendmmsg(r1, &(0x7f0000006d00), 0xffffffffffffff92, 0x1ffffffe) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup(r2) getsockname$packet(r3, 0x0, &(0x7f0000000140)) openat$pfkey(0xffffffffffffff9c, &(0x7f0000000100)='/proc/self/net/pfkey\x00', 0x800, 0x0) setsockopt$packet_buf(0xffffffffffffffff, 0x107, 0x0, &(0x7f0000000180), 0x0) setsockopt$inet_sctp_SCTP_RECVNXTINFO(r3, 0x84, 0x21, 0x0, 0x0) r4 = dup(0xffffffffffffffff) getsockname$packet(r4, 0x0, &(0x7f0000000140)) write$USERIO_CMD_SEND_INTERRUPT(0xffffffffffffffff, &(0x7f0000000080), 0x2) ioctl$KVM_CHECK_EXTENSION(0xffffffffffffffff, 0xae03, 0x2) 03:20:00 executing program 4: r0 = socket$inet6(0xa, 0x2, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r3, @ANYBLOB="000000000000000028001200090001007665746800000000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="8e1a00"], 0x48}}, 0x0) ioctl$sock_inet6_SIOCSIFADDR(r0, 0x8916, &(0x7f0000000080)={@empty, 0x0, r3}) 03:20:00 executing program 5: perf_event_open(&(0x7f0000000440)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) openat$vcs(0xffffffffffffff9c, 0x0, 0x440400, 0x0) ioctl$sock_netdev_private(0xffffffffffffffff, 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r0, 0xae80, 0x0) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) pipe(0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) close(r1) socket$inet(0x10, 0x0, 0x0) write(0xffffffffffffffff, 0x0, 0x0) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) mkdir(&(0x7f0000000500)='./file1\x00', 0x0) write$binfmt_elf64(r2, &(0x7f0000000080)=ANY=[], 0xce024b8b) link(&(0x7f0000000240)='./file0\x00', &(0x7f0000000000)='./file1/file0\x00') rmdir(&(0x7f0000000140)='./file1\x00') utimes(&(0x7f00000000c0)='./file1\x00', 0x0) write$binfmt_misc(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0xfffffecc) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$KVM_NMI(r0, 0xae9a) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) 03:20:00 executing program 1: r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='sched\x00') preadv(r0, &(0x7f0000000380)=[{&(0x7f0000000240)=""/123, 0xfffffe65}], 0x1, 0x1000000) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0)='IPVS\x00') sendmsg$IPVS_CMD_FLUSH(r0, &(0x7f0000000500)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="00012bbd7000fcdbdf25114000ff06000f000400000008000900000001000800030004000000"], 0x38}, 0x1, 0x0, 0x0, 0x4000000}, 0x1) r2 = getpid() sched_setattr(r2, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r3 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r3, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r5, 0x407, 0x0) write(r5, &(0x7f0000000340), 0x41395527) vmsplice(r4, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x7e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r6 = open(&(0x7f0000000240)='./file0\x00', 0x880, 0x0) fchdir(r6) r7 = creat(&(0x7f0000000680)='./bus\x00', 0x0) ftruncate(r7, 0x800) lseek(r7, 0x0, 0x2) r8 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0) sendfile(r7, r8, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0x0) sendmsg$NL80211_CMD_START_SCHED_SCAN(0xffffffffffffffff, &(0x7f0000000440)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000400)={&(0x7f00000006c0)=ANY=[@ANYBLOB="6000000056f3257a4fcfe2f523d172e7d3ccf9f026b82608f14536009793803f9262155f95eda2f906e1adf01794d1dc50d9f94fa2755eb6a78e734497b5d45d20299029657b342cf5048b8df517b8262e43802b6f4fd08e4831281e6744113689ba928193e3524a7b5bb966519233661752defd54145cabdab0049aba08ea9b814907008c1d269b2644bfdc4b8dc013fb936339f53e", @ANYRES16=0x0, @ANYBLOB="007bb5bd7000ffdbdf254b0000000400ec000a000600bbbbbbbbbbbb00000800d20000000700000000eeaaa100000000006a00000008000000000000000800000001000000080000000800000008000000fa02038ea700000103e31f08a3aa2bc5ddfe963acf2808c9a935574177c8d8dc9a540181df1ed1e696607eb8de4875eb"], 0x60}, 0x1, 0x0, 0x0, 0x4080}, 0xa0) 03:20:00 executing program 4: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) open(&(0x7f0000000440)='./file0\x00', 0x110000141042, 0x0) clone(0x4007fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(&(0x7f0000000480)=ANY=[@ANYBLOB="5b643a3a5d2c303a3a363a00e99cf1b8939885ccbb3c3aeead2e22c90fef072256e00e678290f5bb3b5d2fcf887ffa7f0ec00b74473a06025bf47b60a2f5011c60cf136440915a64b0491236a3645b3cb2bd14ffa33612ba463c419b694200b5a1c6aafda946ebf888518b9b1ad3e4a3b1caa195a69561039f6e107eafa89021a7503a9fc0b01542ab5bd2d23e04b258634bd754c9d2488ad379fadccbfda227bd28f64d155039b07f437c00"], &(0x7f00000000c0)='./file0\x00', &(0x7f0000000040)='ceph\x00', 0x0, 0x0) sendto$inet(r0, &(0x7f00000012c0), 0x0, 0x11, 0x0, 0x0) [ 440.152028][ T7972] attempt to access beyond end of device [ 440.183200][ T7972] loop1: rw=1, want=4557, limit=63 [ 440.227824][ T7972] attempt to access beyond end of device [ 440.235678][ T7972] loop1: rw=1, want=6613, limit=63 [ 440.247202][ T7972] attempt to access beyond end of device [ 440.252944][ T7972] loop1: rw=1, want=8661, limit=63 [ 440.274496][ T7972] attempt to access beyond end of device [ 440.284659][ T7972] loop1: rw=1, want=10709, limit=63 [ 440.304969][ T7972] attempt to access beyond end of device [ 440.321647][ T7972] loop1: rw=1, want=12757, limit=63 [ 440.359918][ T7972] attempt to access beyond end of device [ 440.369256][T16683] ceph: No mds server is up or the cluster is laggy [ 440.380286][ T7972] loop1: rw=1, want=14805, limit=63 [ 440.391749][ T7972] attempt to access beyond end of device [ 440.397514][ T7972] loop1: rw=1, want=16853, limit=63 [ 440.409205][ T7972] attempt to access beyond end of device [ 440.421948][ T7972] loop1: rw=1, want=18901, limit=63 [ 440.444622][ T7972] attempt to access beyond end of device [ 440.450489][ T7972] loop1: rw=1, want=20949, limit=63 [ 440.459301][ T7972] attempt to access beyond end of device [ 440.466111][ T7972] loop1: rw=1, want=22181, limit=63 [ 440.719666][ T27] audit: type=1804 audit(1583119200.721:177): pid=16795 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir486746795/syzkaller.S4NoXv/78/file0/bus" dev="loop1" ino=98 res=1 [ 440.796140][ T27] audit: type=1804 audit(1583119200.791:178): pid=16798 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir486746795/syzkaller.S4NoXv/78/file0/bus" dev="loop1" ino=98 res=1 [ 441.461944][ T820] attempt to access beyond end of device [ 441.467684][ T820] loop1: rw=1, want=4273, limit=63 [ 441.477430][ T820] attempt to access beyond end of device [ 441.483072][ T820] loop1: rw=1, want=6321, limit=63 [ 441.492578][ T820] attempt to access beyond end of device [ 441.498238][ T820] loop1: rw=1, want=8393, limit=63 [ 441.508071][ T820] attempt to access beyond end of device [ 441.513730][ T820] loop1: rw=1, want=10441, limit=63 [ 441.523253][ T820] attempt to access beyond end of device [ 441.529571][ T820] loop1: rw=1, want=12489, limit=63 [ 441.539475][ T820] attempt to access beyond end of device [ 441.545254][ T820] loop1: rw=1, want=14545, limit=63 [ 441.555339][ T820] attempt to access beyond end of device [ 441.561064][ T820] loop1: rw=1, want=16593, limit=63 [ 441.573929][ T820] attempt to access beyond end of device [ 441.579600][ T820] loop1: rw=1, want=18641, limit=63 [ 441.588939][ T820] attempt to access beyond end of device [ 441.594668][ T820] loop1: rw=1, want=20689, limit=63 [ 441.606734][ T820] attempt to access beyond end of device [ 441.612383][ T820] loop1: rw=1, want=24465, limit=63 [ 441.625140][ T820] attempt to access beyond end of device [ 441.630824][ T820] loop1: rw=1, want=28577, limit=63 [ 441.640586][ T820] attempt to access beyond end of device [ 441.646288][ T820] loop1: rw=1, want=28933, limit=63 03:20:02 executing program 2: r0 = signalfd4(0xffffffffffffffff, &(0x7f0000006000), 0x8, 0x0) r1 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f000001bff4)) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, r2, 0x0, 0x0) tkill(r2, 0x3c) ptrace$setregs(0xd, 0x0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r2, 0x0, 0x0) 03:20:02 executing program 3: bind$inet6(0xffffffffffffffff, 0x0, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) sendto$inet6(r0, 0x0, 0xfffffffffffffffd, 0x20000004, 0x0, 0x0) getpgid(0x0) getpid() perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) close(r1) socket(0x840000000002, 0x3, 0x6) connect$inet(r1, &(0x7f0000000040)={0x2, 0x0, @local}, 0x10) sendmmsg(r1, &(0x7f0000006d00), 0xffffffffffffff92, 0x1ffffffe) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup(r2) getsockname$packet(r3, 0x0, &(0x7f0000000140)) openat$pfkey(0xffffffffffffff9c, &(0x7f0000000100)='/proc/self/net/pfkey\x00', 0x800, 0x0) setsockopt$packet_buf(0xffffffffffffffff, 0x107, 0x0, &(0x7f0000000180), 0x0) setsockopt$inet_sctp_SCTP_RECVNXTINFO(r3, 0x84, 0x21, 0x0, 0x0) r4 = dup(0xffffffffffffffff) getsockname$packet(r4, 0x0, &(0x7f0000000140)) write$USERIO_CMD_SEND_INTERRUPT(0xffffffffffffffff, &(0x7f0000000080), 0x2) ioctl$KVM_CHECK_EXTENSION(0xffffffffffffffff, 0xae03, 0x2) 03:20:02 executing program 5: perf_event_open(&(0x7f0000000440)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) openat$vcs(0xffffffffffffff9c, 0x0, 0x440400, 0x0) ioctl$sock_netdev_private(0xffffffffffffffff, 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r0, 0xae80, 0x0) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) pipe(0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) close(r1) socket$inet(0x10, 0x0, 0x0) write(0xffffffffffffffff, 0x0, 0x0) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) mkdir(&(0x7f0000000500)='./file1\x00', 0x0) write$binfmt_elf64(r2, &(0x7f0000000080)=ANY=[], 0xce024b8b) link(&(0x7f0000000240)='./file0\x00', &(0x7f0000000000)='./file1/file0\x00') rmdir(&(0x7f0000000140)='./file1\x00') utimes(&(0x7f00000000c0)='./file1\x00', 0x0) write$binfmt_misc(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0xfffffecc) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$KVM_NMI(r0, 0xae9a) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) 03:20:02 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ptrace$cont(0x7, r0, 0x0, 0x0) 03:20:02 executing program 4: 03:20:02 executing program 1: r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='sched\x00') preadv(r0, &(0x7f0000000380)=[{&(0x7f0000000240)=""/123, 0xfffffe65}], 0x1, 0x1000000) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0)='IPVS\x00') sendmsg$IPVS_CMD_FLUSH(r0, &(0x7f0000000500)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="00012bbd7000fcdbdf25114000ff06000f000400000008000900000001000800030004000000"], 0x38}, 0x1, 0x0, 0x0, 0x4000000}, 0x1) r2 = getpid() sched_setattr(r2, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r3 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r3, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r5, 0x407, 0x0) write(r5, &(0x7f0000000340), 0x41395527) vmsplice(r4, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x7e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r6 = open(&(0x7f0000000240)='./file0\x00', 0x880, 0x0) fchdir(r6) r7 = creat(&(0x7f0000000680)='./bus\x00', 0x0) ftruncate(r7, 0x800) lseek(r7, 0x0, 0x2) r8 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0) sendfile(r7, r8, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0x0) sendmsg$NL80211_CMD_START_SCHED_SCAN(0xffffffffffffffff, &(0x7f0000000440)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000400)={&(0x7f00000006c0)=ANY=[@ANYBLOB="6000000056f3257a4fcfe2f523d172e7d3ccf9f026b82608f14536009793803f9262155f95eda2f906e1adf01794d1dc50d9f94fa2755eb6a78e734497b5d45d20299029657b342cf5048b8df517b8262e43802b6f4fd08e4831281e6744113689ba928193e3524a7b5bb966519233661752defd54145cabdab0049aba08ea9b814907008c1d269b2644bfdc4b8dc013fb936339f53e", @ANYRES16=0x0, @ANYBLOB="007bb5bd7000ffdbdf254b0000000400ec000a000600bbbbbbbbbbbb00000800d20000000700000000eeaaa100000000006a00000008000000000000000800000001000000080000000800000008000000fa02038ea700000103e31f08a3aa2bc5ddfe963acf2808c9a935574177c8d8dc9a540181df1ed1e696607eb8de4875eb"], 0x60}, 0x1, 0x0, 0x0, 0x4080}, 0xa0) 03:20:02 executing program 5: perf_event_open(&(0x7f0000000440)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) openat$vcs(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/vcs\x00', 0x0, 0x0) ioctl$sock_netdev_private(0xffffffffffffffff, 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r0, 0xae80, 0x0) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) pipe(0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) close(r1) socket$inet(0x10, 0x0, 0x0) write(0xffffffffffffffff, 0x0, 0x0) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) mkdir(&(0x7f0000000500)='./file1\x00', 0x0) write$binfmt_elf64(r2, &(0x7f0000000080)=ANY=[], 0xce024b8b) link(&(0x7f0000000240)='./file0\x00', &(0x7f0000000000)='./file1/file0\x00') rmdir(&(0x7f0000000140)='./file1\x00') utimes(&(0x7f00000000c0)='./file1\x00', 0x0) write$binfmt_misc(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0xfffffecc) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$KVM_NMI(r0, 0xae9a) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) 03:20:02 executing program 3: 03:20:03 executing program 4: 03:20:03 executing program 3: 03:20:03 executing program 5: perf_event_open(&(0x7f0000000440)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) openat$vcs(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/vcs\x00', 0x0, 0x0) ioctl$sock_netdev_private(0xffffffffffffffff, 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r0, 0xae80, 0x0) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) pipe(0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) close(r1) socket$inet(0x10, 0x0, 0x0) write(0xffffffffffffffff, 0x0, 0x0) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) mkdir(&(0x7f0000000500)='./file1\x00', 0x0) write$binfmt_elf64(r2, &(0x7f0000000080)=ANY=[], 0xce024b8b) link(&(0x7f0000000240)='./file0\x00', &(0x7f0000000000)='./file1/file0\x00') rmdir(&(0x7f0000000140)='./file1\x00') utimes(&(0x7f00000000c0)='./file1\x00', 0x0) write$binfmt_misc(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0xfffffecc) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$KVM_NMI(r0, 0xae9a) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) 03:20:03 executing program 3: [ 443.248110][ T27] audit: type=1804 audit(1583119203.251:179): pid=16977 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir486746795/syzkaller.S4NoXv/79/file0/bus" dev="loop1" ino=99 res=1 [ 443.319091][ T27] audit: type=1804 audit(1583119203.291:180): pid=16977 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir486746795/syzkaller.S4NoXv/79/file0/bus" dev="loop1" ino=99 res=1 03:20:05 executing program 2: r0 = signalfd4(0xffffffffffffffff, &(0x7f0000006000), 0x8, 0x0) r1 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f000001bff4)) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, r2, 0x0, 0x0) tkill(r2, 0x3c) ptrace$setregs(0xd, 0x0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r2, 0x0, 0x0) 03:20:05 executing program 4: 03:20:05 executing program 3: 03:20:06 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000200)="6653070002053c27bc337600363925d86800278dcff47d010000805acf4f8f36460234432479aed75d492b415bcee00a06dc9d8e99adaf81dcfc6afd983f79e65199615607676f8f9fc0ebf8b0b16d6f2c59957ab364884b3c5d05692e664ebf68e6faa5", 0x64}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ptrace$cont(0x7, r0, 0x0, 0x0) 03:20:06 executing program 5: perf_event_open(&(0x7f0000000440)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) openat$vcs(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/vcs\x00', 0x0, 0x0) ioctl$sock_netdev_private(0xffffffffffffffff, 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r0, 0xae80, 0x0) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) pipe(0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) close(r1) socket$inet(0x10, 0x0, 0x0) write(0xffffffffffffffff, 0x0, 0x0) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) mkdir(&(0x7f0000000500)='./file1\x00', 0x0) write$binfmt_elf64(r2, &(0x7f0000000080)=ANY=[], 0xce024b8b) link(&(0x7f0000000240)='./file0\x00', &(0x7f0000000000)='./file1/file0\x00') rmdir(&(0x7f0000000140)='./file1\x00') utimes(&(0x7f00000000c0)='./file1\x00', 0x0) write$binfmt_misc(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0xfffffecc) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$KVM_NMI(r0, 0xae9a) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) 03:20:06 executing program 1: prlimit64(0x0, 0x0, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='sched\x00') preadv(r0, &(0x7f0000000380)=[{&(0x7f0000000240)=""/123, 0xfffffe65}], 0x1, 0x1000000) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0)='IPVS\x00') sendmsg$IPVS_CMD_FLUSH(r0, &(0x7f0000000500)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="00012bbd7000fcdbdf25114000ff06000f000400000008000900000001000800030004000000"], 0x38}, 0x1, 0x0, 0x0, 0x4000000}, 0x1) r2 = getpid() sched_setattr(r2, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r3 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r3, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r5, 0x407, 0x0) write(r5, &(0x7f0000000340), 0x41395527) vmsplice(r4, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x7e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r6 = open(&(0x7f0000000240)='./file0\x00', 0x880, 0x0) fchdir(r6) r7 = creat(&(0x7f0000000680)='./bus\x00', 0x0) ftruncate(r7, 0x800) lseek(r7, 0x0, 0x2) r8 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0) sendfile(r7, r8, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0x0) sendmsg$NL80211_CMD_START_SCHED_SCAN(0xffffffffffffffff, &(0x7f0000000440)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000400)={&(0x7f00000006c0)=ANY=[@ANYBLOB="6000000056f3257a4fcfe2f523d172e7d3ccf9f026b82608f14536009793803f9262155f95eda2f906e1adf01794d1dc50d9f94fa2755eb6a78e734497b5d45d20299029657b342cf5048b8df517b8262e43802b6f4fd08e4831281e6744113689ba928193e3524a7b5bb966519233661752defd54145cabdab0049aba08ea9b814907008c1d269b2644bfdc4b8dc013fb936339f53e", @ANYRES16=0x0, @ANYBLOB="007bb5bd7000ffdbdf254b0000000400ec000a000600bbbbbbbbbbbb00000800d20000000700000000eeaaa100000000006a00000008000000000000000800000001000000080000000800000008000000fa02038ea700000103e31f08a3aa2bc5ddfe963acf2808c9a935574177c8d8dc9a540181df1ed1e696607eb8de4875eb"], 0x60}, 0x1, 0x0, 0x0, 0x4080}, 0xa0) 03:20:06 executing program 4: 03:20:06 executing program 3: 03:20:06 executing program 4: 03:20:06 executing program 3: 03:20:06 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000200)="6653070002053c27bc337600363925d86800278dcff47d010000805acf4f8f36460234432479aed75d492b415bcee00a06dc9d8e99adaf81dcfc6afd983f79e65199615607676f8f9fc0ebf8b0b16d6f2c59957ab364884b3c5d05692e664ebf68e6faa5", 0x64}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ptrace$cont(0x7, r0, 0x0, 0x0) 03:20:06 executing program 3: [ 446.373521][ T27] audit: type=1804 audit(1583119206.371:181): pid=17221 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir486746795/syzkaller.S4NoXv/80/file0/bus" dev="loop1" ino=100 res=1 [ 446.480471][ T27] audit: type=1804 audit(1583119206.431:182): pid=17275 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir486746795/syzkaller.S4NoXv/80/file0/bus" dev="loop1" ino=100 res=1 03:20:08 executing program 2: r0 = signalfd4(0xffffffffffffffff, &(0x7f0000006000), 0x8, 0x0) r1 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f000001bff4)) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, r2, 0x0, 0x0) tkill(r2, 0x3c) ptrace$setregs(0xd, r2, 0x0, 0x0) ptrace$cont(0x20, r2, 0x0, 0x0) 03:20:08 executing program 5: perf_event_open(&(0x7f0000000440)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) openat$vcs(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/vcs\x00', 0x440400, 0x0) ioctl$sock_netdev_private(0xffffffffffffffff, 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) pipe(0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) close(r1) socket$inet(0x10, 0x0, 0x0) write(0xffffffffffffffff, 0x0, 0x0) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) mkdir(&(0x7f0000000500)='./file1\x00', 0x0) write$binfmt_elf64(r2, &(0x7f0000000080)=ANY=[], 0xce024b8b) link(&(0x7f0000000240)='./file0\x00', &(0x7f0000000000)='./file1/file0\x00') rmdir(&(0x7f0000000140)='./file1\x00') utimes(&(0x7f00000000c0)='./file1\x00', 0x0) write$binfmt_misc(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0xfffffecc) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$KVM_NMI(r0, 0xae9a) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) 03:20:08 executing program 4: 03:20:08 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000200)="6653070002053c27bc337600363925d86800278dcff47d010000805acf4f8f36460234432479aed75d492b415bcee00a06dc9d8e99adaf81dcfc6afd983f79e65199615607676f8f9fc0ebf8b0b16d6f2c59957ab364884b3c5d05692e664ebf68e6faa5", 0x64}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ptrace$cont(0x7, r0, 0x0, 0x0) 03:20:08 executing program 3: 03:20:08 executing program 1: prlimit64(0x0, 0x0, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='sched\x00') preadv(r0, &(0x7f0000000380)=[{&(0x7f0000000240)=""/123, 0xfffffe65}], 0x1, 0x1000000) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0)='IPVS\x00') sendmsg$IPVS_CMD_FLUSH(r0, &(0x7f0000000500)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="00012bbd7000fcdbdf25114000ff06000f000400000008000900000001000800030004000000"], 0x38}, 0x1, 0x0, 0x0, 0x4000000}, 0x1) r2 = getpid() sched_setattr(r2, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r3 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r3, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r5, 0x407, 0x0) write(r5, &(0x7f0000000340), 0x41395527) vmsplice(r4, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x7e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r6 = open(&(0x7f0000000240)='./file0\x00', 0x880, 0x0) fchdir(r6) r7 = creat(&(0x7f0000000680)='./bus\x00', 0x0) ftruncate(r7, 0x800) lseek(r7, 0x0, 0x2) r8 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0) sendfile(r7, r8, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0x0) sendmsg$NL80211_CMD_START_SCHED_SCAN(0xffffffffffffffff, &(0x7f0000000440)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000400)={&(0x7f00000006c0)=ANY=[@ANYBLOB="6000000056f3257a4fcfe2f523d172e7d3ccf9f026b82608f14536009793803f9262155f95eda2f906e1adf01794d1dc50d9f94fa2755eb6a78e734497b5d45d20299029657b342cf5048b8df517b8262e43802b6f4fd08e4831281e6744113689ba928193e3524a7b5bb966519233661752defd54145cabdab0049aba08ea9b814907008c1d269b2644bfdc4b8dc013fb936339f53e", @ANYRES16=0x0, @ANYBLOB="007bb5bd7000ffdbdf254b0000000400ec000a000600bbbbbbbbbbbb00000800d20000000700000000eeaaa100000000006a00000008000000000000000800000001000000080000000800000008000000fa02038ea700000103e31f08a3aa2bc5ddfe963acf2808c9a935574177c8d8dc9a540181df1ed1e696607eb8de4875eb"], 0x60}, 0x1, 0x0, 0x0, 0x4080}, 0xa0) 03:20:08 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000200)="6653070002053c27bc337600363925d86800278dcff47d010000805acf4f8f36460234432479aed75d492b415bcee00a06dc9d8e99adaf81dcfc6afd983f79e65199615607676f8f9fc0ebf8b0b16d6f2c59957ab364884b3c5d05692e664ebf68e6faa5", 0x64}], 0x4, 0x0) ptrace$setopts(0x4206, 0x0, 0x0, 0x0) tkill(0x0, 0x3c) ptrace$cont(0x18, 0x0, 0x0, 0x0) ptrace$setregs(0xd, 0x0, 0x0, &(0x7f0000000080)) r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ptrace$cont(0x7, 0x0, 0x0, 0x0) 03:20:08 executing program 3: 03:20:08 executing program 4: 03:20:08 executing program 3: [ 448.639875][ T27] audit: type=1804 audit(1583119208.641:183): pid=17299 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir486746795/syzkaller.S4NoXv/81/file0/bus" dev="loop1" ino=101 res=1 03:20:08 executing program 4: [ 448.719640][ T27] audit: type=1804 audit(1583119208.721:184): pid=17409 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir486746795/syzkaller.S4NoXv/81/file0/bus" dev="loop1" ino=101 res=1 03:20:08 executing program 5: perf_event_open(&(0x7f0000000440)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) openat$vcs(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/vcs\x00', 0x440400, 0x0) ioctl$sock_netdev_private(0xffffffffffffffff, 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) pipe(0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) close(r1) socket$inet(0x10, 0x0, 0x0) write(0xffffffffffffffff, 0x0, 0x0) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) mkdir(&(0x7f0000000500)='./file1\x00', 0x0) write$binfmt_elf64(r2, &(0x7f0000000080)=ANY=[], 0xce024b8b) link(&(0x7f0000000240)='./file0\x00', &(0x7f0000000000)='./file1/file0\x00') rmdir(&(0x7f0000000140)='./file1\x00') utimes(&(0x7f00000000c0)='./file1\x00', 0x0) write$binfmt_misc(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0xfffffecc) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$KVM_NMI(r0, 0xae9a) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) [ 449.317281][ T7954] attempt to access beyond end of device [ 449.322955][ T7954] loop1: rw=1, want=3549, limit=63 [ 449.332556][ T7954] attempt to access beyond end of device [ 449.338248][ T7954] loop1: rw=1, want=5605, limit=63 [ 449.347898][ T7954] attempt to access beyond end of device [ 449.353553][ T7954] loop1: rw=1, want=7653, limit=63 [ 449.362796][ T7954] attempt to access beyond end of device [ 449.368490][ T7954] loop1: rw=1, want=9701, limit=63 [ 449.377359][ T7954] attempt to access beyond end of device [ 449.383041][ T7954] loop1: rw=1, want=11117, limit=63 03:20:11 executing program 2: r0 = signalfd4(0xffffffffffffffff, &(0x7f0000006000), 0x8, 0x0) r1 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f000001bff4)) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, r2, 0x0, 0x0) tkill(r2, 0x3c) ptrace$setregs(0xd, r2, 0x0, 0x0) ptrace$cont(0x20, r2, 0x0, 0x0) 03:20:11 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000200)="6653070002053c27bc337600363925d86800278dcff47d010000805acf4f8f36460234432479aed75d492b415bcee00a06dc9d8e99adaf81dcfc6afd983f79e65199615607676f8f9fc0ebf8b0b16d6f2c59957ab364884b3c5d05692e664ebf68e6faa5", 0x64}], 0x4, 0x0) ptrace$setopts(0x4206, 0x0, 0x0, 0x0) tkill(0x0, 0x3c) ptrace$cont(0x18, 0x0, 0x0, 0x0) ptrace$setregs(0xd, 0x0, 0x0, &(0x7f0000000080)) r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ptrace$cont(0x7, 0x0, 0x0, 0x0) 03:20:11 executing program 3: mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1, 0x11, 0xffffffffffffffff, 0xaf2e) 03:20:11 executing program 4: socket$nl_xfrm(0x10, 0x3, 0x6) r0 = socket$netlink(0x10, 0x3, 0x4) r1 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040)='devlink\x00') sendmsg$DEVLINK_CMD_PORT_GET(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000080)={0x64, r1, 0x1, 0x0, 0x0, {}, [{{@nsim={{0xe, 0x1, 'netdevsim\x00'}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8}}}, {{@nsim={{0xe, 0x1, 'netdevsim\x00'}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8}}}]}, 0x64}}, 0x0) 03:20:11 executing program 5: perf_event_open(&(0x7f0000000440)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) openat$vcs(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/vcs\x00', 0x440400, 0x0) ioctl$sock_netdev_private(0xffffffffffffffff, 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) pipe(0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) close(r1) socket$inet(0x10, 0x0, 0x0) write(0xffffffffffffffff, 0x0, 0x0) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) mkdir(&(0x7f0000000500)='./file1\x00', 0x0) write$binfmt_elf64(r2, &(0x7f0000000080)=ANY=[], 0xce024b8b) link(&(0x7f0000000240)='./file0\x00', &(0x7f0000000000)='./file1/file0\x00') rmdir(&(0x7f0000000140)='./file1\x00') utimes(&(0x7f00000000c0)='./file1\x00', 0x0) write$binfmt_misc(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0xfffffecc) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$KVM_NMI(r0, 0xae9a) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) 03:20:11 executing program 1: prlimit64(0x0, 0x0, 0x0, 0x0) r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='sched\x00') preadv(r0, &(0x7f0000000380)=[{&(0x7f0000000240)=""/123, 0xfffffe65}], 0x1, 0x1000000) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0)='IPVS\x00') sendmsg$IPVS_CMD_FLUSH(r0, &(0x7f0000000500)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="00012bbd7000fcdbdf25114000ff06000f000400000008000900000001000800030004000000"], 0x38}, 0x1, 0x0, 0x0, 0x4000000}, 0x1) r2 = getpid() sched_setattr(r2, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r3 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r3, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r5, 0x407, 0x0) write(r5, &(0x7f0000000340), 0x41395527) vmsplice(r4, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x7e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r6 = open(&(0x7f0000000240)='./file0\x00', 0x880, 0x0) fchdir(r6) r7 = creat(&(0x7f0000000680)='./bus\x00', 0x0) ftruncate(r7, 0x800) lseek(r7, 0x0, 0x2) r8 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0) sendfile(r7, r8, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0x0) sendmsg$NL80211_CMD_START_SCHED_SCAN(0xffffffffffffffff, &(0x7f0000000440)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000400)={&(0x7f00000006c0)=ANY=[@ANYBLOB="6000000056f3257a4fcfe2f523d172e7d3ccf9f026b82608f14536009793803f9262155f95eda2f906e1adf01794d1dc50d9f94fa2755eb6a78e734497b5d45d20299029657b342cf5048b8df517b8262e43802b6f4fd08e4831281e6744113689ba928193e3524a7b5bb966519233661752defd54145cabdab0049aba08ea9b814907008c1d269b2644bfdc4b8dc013fb936339f53e", @ANYRES16=0x0, @ANYBLOB="007bb5bd7000ffdbdf254b0000000400ec000a000600bbbbbbbbbbbb00000800d20000000700000000eeaaa100000000006a00000008000000000000000800000001000000080000000800000008000000fa02038ea700000103e31f08a3aa2bc5ddfe963acf2808c9a935574177c8d8dc9a540181df1ed1e696607eb8de4875eb"], 0x60}, 0x1, 0x0, 0x0, 0x4080}, 0xa0) 03:20:11 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000200)="6653070002053c27bc337600363925d86800278dcff47d010000805acf4f8f36460234432479aed75d492b415bcee00a06dc9d8e99adaf81dcfc6afd983f79e65199615607676f8f9fc0ebf8b0b16d6f2c59957ab364884b3c5d05692e664ebf68e6faa5", 0x64}], 0x4, 0x0) ptrace$setopts(0x4206, 0x0, 0x0, 0x0) tkill(0x0, 0x3c) ptrace$cont(0x18, 0x0, 0x0, 0x0) ptrace$setregs(0xd, 0x0, 0x0, &(0x7f0000000080)) r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ptrace$cont(0x7, 0x0, 0x0, 0x0) 03:20:11 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x4) r1 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040)='devlink\x00') sendmsg$DEVLINK_CMD_PORT_GET(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000080)={0x64, r1, 0x1, 0x0, 0x0, {}, [{{@nsim={{0xe, 0x1, 'netdevsim\x00'}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8}}}, {{@nsim={{0xe, 0x1, 'netdevsim\x00'}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8}}}]}, 0x64}}, 0x0) 03:20:11 executing program 4: r0 = syz_open_procfs(0x0, &(0x7f0000004d00)='net/netlink\x00') ioctl$BINDER_WRITE_READ(r0, 0x40049409, 0x0) 03:20:11 executing program 5: perf_event_open(&(0x7f0000000440)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) openat$vcs(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/vcs\x00', 0x440400, 0x0) ioctl$sock_netdev_private(0xffffffffffffffff, 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r0, 0xae80, 0x0) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) pipe(0x0) socket$inet_udp(0x2, 0x2, 0x0) close(0xffffffffffffffff) socket$inet(0x10, 0x0, 0x0) write(0xffffffffffffffff, 0x0, 0x0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) mkdir(&(0x7f0000000500)='./file1\x00', 0x0) write$binfmt_elf64(r1, &(0x7f0000000080)=ANY=[], 0xce024b8b) link(&(0x7f0000000240)='./file0\x00', &(0x7f0000000000)='./file1/file0\x00') rmdir(&(0x7f0000000140)='./file1\x00') utimes(&(0x7f00000000c0)='./file1\x00', 0x0) write$binfmt_misc(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0xfffffecc) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$KVM_NMI(r0, 0xae9a) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) [ 451.737253][ T27] audit: type=1804 audit(1583119211.741:185): pid=17617 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir486746795/syzkaller.S4NoXv/82/file0/bus" dev="loop1" ino=102 res=1 03:20:11 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000200)="6653070002053c27bc337600363925d86800278dcff47d010000805acf4f8f36460234432479aed75d492b415bcee00a06dc9d8e99adaf81dcfc6afd983f79e65199615607676f8f9fc0ebf8b0b16d6f2c59957ab364884b3c5d05692e664ebf68e6faa5", 0x64}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ptrace$cont(0x7, r0, 0x0, 0x0) 03:20:11 executing program 4: socket$packet(0x11, 0x0, 0x300) r0 = socket$inet6(0xa, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb), 0x0) perf_event_open(&(0x7f0000000140)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) fallocate(r1, 0x0, 0x0, 0x84003ff) write(0xffffffffffffffff, 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, 0x0) dup2(0xffffffffffffffff, 0xffffffffffffffff) read$usbmon(0xffffffffffffffff, &(0x7f0000000280)=""/85, 0x55) mmap(&(0x7f0000fff000/0x1000)=nil, 0x1000, 0x0, 0x10, 0xffffffffffffffff, 0x0) memfd_create(0x0, 0x0) socket$netlink(0x10, 0x3, 0x8000000004) r2 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) setsockopt$bt_l2cap_L2CAP_LM(r2, 0x6, 0x3, 0x0, 0x0) ioctl$EVIOCSKEYCODE(0xffffffffffffffff, 0x40084504, &(0x7f0000000080)=[0x2, 0x200]) ioctl$UI_BEGIN_FF_ERASE(r1, 0xc00c55ca, &(0x7f00000001c0)={0x1, 0x0, 0x7}) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) [ 451.881593][ T27] audit: type=1804 audit(1583119211.791:186): pid=17657 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir486746795/syzkaller.S4NoXv/82/file0/bus" dev="loop1" ino=102 res=1 03:20:14 executing program 5: perf_event_open(&(0x7f0000000440)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) openat$vcs(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/vcs\x00', 0x440400, 0x0) ioctl$sock_netdev_private(0xffffffffffffffff, 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r0, 0xae80, 0x0) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) pipe(0x0) socket$inet_udp(0x2, 0x2, 0x0) close(0xffffffffffffffff) socket$inet(0x10, 0x0, 0x0) write(0xffffffffffffffff, 0x0, 0x0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) mkdir(&(0x7f0000000500)='./file1\x00', 0x0) write$binfmt_elf64(r1, &(0x7f0000000080)=ANY=[], 0xce024b8b) link(&(0x7f0000000240)='./file0\x00', &(0x7f0000000000)='./file1/file0\x00') rmdir(&(0x7f0000000140)='./file1\x00') utimes(&(0x7f00000000c0)='./file1\x00', 0x0) write$binfmt_misc(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0xfffffecc) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$KVM_NMI(r0, 0xae9a) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) 03:20:14 executing program 2: r0 = signalfd4(0xffffffffffffffff, &(0x7f0000006000), 0x8, 0x0) r1 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f000001bff4)) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, r2, 0x0, 0x0) tkill(r2, 0x3c) ptrace$setregs(0xd, r2, 0x0, 0x0) ptrace$cont(0x20, r2, 0x0, 0x0) 03:20:14 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000200)="6653070002053c27bc337600363925d86800278dcff47d010000805acf4f8f36460234432479aed75d492b415bcee00a06dc9d8e99adaf81dcfc6afd983f79e65199615607676f8f9fc0ebf8b0b16d6f2c59957ab364884b3c5d05692e664ebf68e6faa5", 0x64}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ptrace$cont(0x7, r0, 0x0, 0x0) 03:20:14 executing program 3: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f000000c280)={&(0x7f0000000080)={{0x14}, [@NFT_MSG_NEWCHAIN={0x20, 0x3, 0xa, 0x201, 0x0, 0x0, {0x2}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14}}, 0x48}}, 0x0) 03:20:14 executing program 4: socket$packet(0x11, 0x0, 0x300) r0 = socket$inet6(0xa, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb), 0x0) perf_event_open(&(0x7f0000000140)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) fallocate(r1, 0x0, 0x0, 0x84003ff) write(0xffffffffffffffff, 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, 0x0) dup2(0xffffffffffffffff, 0xffffffffffffffff) read$usbmon(0xffffffffffffffff, &(0x7f0000000280)=""/85, 0x55) mmap(&(0x7f0000fff000/0x1000)=nil, 0x1000, 0x0, 0x10, 0xffffffffffffffff, 0x0) memfd_create(0x0, 0x0) socket$netlink(0x10, 0x3, 0x8000000004) r2 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) setsockopt$bt_l2cap_L2CAP_LM(r2, 0x6, 0x3, 0x0, 0x0) ioctl$EVIOCSKEYCODE(0xffffffffffffffff, 0x40084504, &(0x7f0000000080)=[0x2, 0x200]) ioctl$UI_BEGIN_FF_ERASE(r1, 0xc00c55ca, &(0x7f00000001c0)={0x1, 0x0, 0x7}) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) 03:20:14 executing program 1: prlimit64(0x0, 0x0, 0x0, 0x0) r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='sched\x00') preadv(r0, &(0x7f0000000380)=[{&(0x7f0000000240)=""/123, 0xfffffe65}], 0x1, 0x1000000) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0)='IPVS\x00') sendmsg$IPVS_CMD_FLUSH(r0, &(0x7f0000000500)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="00012bbd7000fcdbdf25114000ff06000f000400000008000900000001000800030004000000"], 0x38}, 0x1, 0x0, 0x0, 0x4000000}, 0x1) r2 = getpid() sched_setattr(r2, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r3 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r3, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r5, 0x407, 0x0) write(r5, &(0x7f0000000340), 0x41395527) vmsplice(r4, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x7e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r6 = open(&(0x7f0000000240)='./file0\x00', 0x880, 0x0) fchdir(r6) r7 = creat(&(0x7f0000000680)='./bus\x00', 0x0) ftruncate(r7, 0x800) lseek(r7, 0x0, 0x2) r8 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0) sendfile(r7, r8, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0x0) sendmsg$NL80211_CMD_START_SCHED_SCAN(0xffffffffffffffff, &(0x7f0000000440)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000400)={&(0x7f00000006c0)=ANY=[@ANYBLOB="6000000056f3257a4fcfe2f523d172e7d3ccf9f026b82608f14536009793803f9262155f95eda2f906e1adf01794d1dc50d9f94fa2755eb6a78e734497b5d45d20299029657b342cf5048b8df517b8262e43802b6f4fd08e4831281e6744113689ba928193e3524a7b5bb966519233661752defd54145cabdab0049aba08ea9b814907008c1d269b2644bfdc4b8dc013fb936339f53e", @ANYRES16=0x0, @ANYBLOB="007bb5bd7000ffdbdf254b0000000400ec000a000600bbbbbbbbbbbb00000800d20000000700000000eeaaa100000000006a00000008000000000000000800000001000000080000000800000008000000fa02038ea700000103e31f08a3aa2bc5ddfe963acf2808c9a935574177c8d8dc9a540181df1ed1e696607eb8de4875eb"], 0x60}, 0x1, 0x0, 0x0, 0x4080}, 0xa0) 03:20:14 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000200)="6653070002053c27bc337600363925d86800278dcff47d010000805acf4f8f36460234432479aed75d492b415bcee00a06dc9d8e99adaf81dcfc6afd983f79e65199615607676f8f9fc0ebf8b0b16d6f2c59957ab364884b3c5d05692e664ebf68e6faa5", 0x64}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ptrace$cont(0x7, r0, 0x0, 0x0) 03:20:14 executing program 3: socket$packet(0x11, 0x0, 0x300) r0 = socket$inet6(0xa, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb), 0x0) perf_event_open(&(0x7f0000000140)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) fallocate(r1, 0x0, 0x0, 0x84003ff) write(0xffffffffffffffff, 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, 0x0) dup2(0xffffffffffffffff, 0xffffffffffffffff) read$usbmon(0xffffffffffffffff, &(0x7f0000000280)=""/85, 0x55) mmap(&(0x7f0000fff000/0x1000)=nil, 0x1000, 0x0, 0x10, 0xffffffffffffffff, 0x0) memfd_create(0x0, 0x0) socket$netlink(0x10, 0x3, 0x8000000004) r2 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) setsockopt$bt_l2cap_L2CAP_LM(r2, 0x6, 0x3, 0x0, 0x0) ioctl$EVIOCSKEYCODE(0xffffffffffffffff, 0x40084504, &(0x7f0000000080)=[0x2, 0x200]) ioctl$UI_BEGIN_FF_ERASE(r1, 0xc00c55ca, &(0x7f00000001c0)={0x1, 0x0, 0x7}) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) 03:20:14 executing program 4: r0 = syz_init_net_socket$rose(0xb, 0x5, 0x0) ioctl$sock_rose_SIOCDELRT(r0, 0x89a0, &(0x7f0000000080)={@dev={0xbb, 0xbb, 0xbb, 0x1, 0x0}, 0x0, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @netrom={'nr', 0x0}, 0x0, [@remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @default, @null, @bcast, @bcast, @null, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @bcast]}) [ 454.869930][ T27] audit: type=1804 audit(1583119214.871:187): pid=17889 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir486746795/syzkaller.S4NoXv/83/file0/bus" dev="loop1" ino=103 res=1 03:20:15 executing program 4: r0 = syz_init_net_socket$rose(0xb, 0x5, 0x0) ioctl$sock_rose_SIOCDELRT(r0, 0x89a0, &(0x7f0000000080)={@dev={0xbb, 0xbb, 0xbb, 0x1, 0x0}, 0x0, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @netrom={'nr', 0x0}, 0x0, [@remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @default, @null, @bcast, @bcast, @null, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @bcast]}) 03:20:15 executing program 5: perf_event_open(&(0x7f0000000440)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) openat$vcs(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/vcs\x00', 0x440400, 0x0) ioctl$sock_netdev_private(0xffffffffffffffff, 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r0, 0xae80, 0x0) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) pipe(0x0) socket$inet_udp(0x2, 0x2, 0x0) close(0xffffffffffffffff) socket$inet(0x10, 0x0, 0x0) write(0xffffffffffffffff, 0x0, 0x0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) mkdir(&(0x7f0000000500)='./file1\x00', 0x0) write$binfmt_elf64(r1, &(0x7f0000000080)=ANY=[], 0xce024b8b) link(&(0x7f0000000240)='./file0\x00', &(0x7f0000000000)='./file1/file0\x00') rmdir(&(0x7f0000000140)='./file1\x00') utimes(&(0x7f00000000c0)='./file1\x00', 0x0) write$binfmt_misc(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0xfffffecc) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$KVM_NMI(r0, 0xae9a) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) [ 455.067236][ T27] audit: type=1804 audit(1583119214.991:188): pid=17901 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir486746795/syzkaller.S4NoXv/83/file0/bus" dev="loop1" ino=103 res=1 03:20:15 executing program 3: r0 = syz_init_net_socket$rose(0xb, 0x5, 0x0) ioctl$sock_rose_SIOCDELRT(r0, 0x890b, &(0x7f0000000080)={@dev={0xbb, 0xbb, 0xbb, 0x1, 0x0}, 0x0, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @netrom={'nr', 0x0}, 0x0, [@remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @default, @null, @bcast, @bcast, @null, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @bcast]}) 03:20:15 executing program 0: clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000200)="6653070002053c27bc337600363925d86800278dcff47d010000805acf4f8f36460234432479aed75d492b415bcee00a06dc9d8e99adaf81dcfc6afd983f79e65199615607676f8f9fc0ebf8b0b16d6f2c59957ab364884b3c5d05692e664ebf68e6faa5", 0x64}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ptrace$cont(0x7, r0, 0x0, 0x0) [ 456.486742][ T0] NOHZ: local_softirq_pending 08 03:20:17 executing program 2: r0 = signalfd4(0xffffffffffffffff, &(0x7f0000006000), 0x8, 0x0) r1 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f000001bff4)) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, r2, 0x0, 0x0) tkill(r2, 0x3c) ptrace$setregs(0xd, r2, 0x0, &(0x7f0000000080)) ptrace$cont(0xffffffffffffffff, r2, 0x0, 0x0) 03:20:17 executing program 4: r0 = syz_init_net_socket$rose(0xb, 0x5, 0x0) ioctl$sock_rose_SIOCDELRT(r0, 0x89a0, &(0x7f0000000080)={@dev={0xbb, 0xbb, 0xbb, 0x1, 0x0}, 0x0, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @netrom={'nr', 0x0}, 0x0, [@remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @default, @null, @bcast, @bcast, @null, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @bcast]}) 03:20:17 executing program 5: perf_event_open(&(0x7f0000000440)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) openat$vcs(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/vcs\x00', 0x440400, 0x0) ioctl$sock_netdev_private(0xffffffffffffffff, 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r0, 0xae80, 0x0) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) pipe(0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) close(r1) socket$inet(0x10, 0x0, 0x0) write(0xffffffffffffffff, 0x0, 0x0) r2 = creat(0x0, 0x0) mkdir(&(0x7f0000000500)='./file1\x00', 0x0) write$binfmt_elf64(r2, &(0x7f0000000080)=ANY=[], 0xce024b8b) link(&(0x7f0000000240)='./file0\x00', &(0x7f0000000000)='./file1/file0\x00') rmdir(&(0x7f0000000140)='./file1\x00') utimes(&(0x7f00000000c0)='./file1\x00', 0x0) write$binfmt_misc(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0xfffffecc) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$KVM_NMI(r0, 0xae9a) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) 03:20:17 executing program 3: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) write$tun(r0, 0x0, 0x0) 03:20:17 executing program 0: clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000200)="6653070002053c27bc337600363925d86800278dcff47d010000805acf4f8f36460234432479aed75d492b415bcee00a06dc9d8e99adaf81dcfc6afd983f79e65199615607676f8f9fc0ebf8b0b16d6f2c59957ab364884b3c5d05692e664ebf68e6faa5", 0x64}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ptrace$cont(0x7, r0, 0x0, 0x0) 03:20:17 executing program 1: prlimit64(0x0, 0x0, 0x0, 0x0) r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='sched\x00') preadv(r0, &(0x7f0000000380)=[{&(0x7f0000000240)=""/123, 0xfffffe65}], 0x1, 0x1000000) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0)='IPVS\x00') sendmsg$IPVS_CMD_FLUSH(r0, &(0x7f0000000500)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="00012bbd7000fcdbdf25114000ff06000f000400000008000900000001000800030004000000"], 0x38}, 0x1, 0x0, 0x0, 0x4000000}, 0x1) r2 = getpid() sched_setattr(r2, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r3 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r3, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r5, 0x407, 0x0) write(r5, &(0x7f0000000340), 0x41395527) vmsplice(r4, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x7e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r6 = open(&(0x7f0000000240)='./file0\x00', 0x880, 0x0) fchdir(r6) r7 = creat(&(0x7f0000000680)='./bus\x00', 0x0) ftruncate(r7, 0x800) lseek(r7, 0x0, 0x2) r8 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0) sendfile(r7, r8, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0x0) sendmsg$NL80211_CMD_START_SCHED_SCAN(0xffffffffffffffff, &(0x7f0000000440)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000400)={&(0x7f00000006c0)=ANY=[@ANYBLOB="6000000056f3257a4fcfe2f523d172e7d3ccf9f026b82608f14536009793803f9262155f95eda2f906e1adf01794d1dc50d9f94fa2755eb6a78e734497b5d45d20299029657b342cf5048b8df517b8262e43802b6f4fd08e4831281e6744113689ba928193e3524a7b5bb966519233661752defd54145cabdab0049aba08ea9b814907008c1d269b2644bfdc4b8dc013fb936339f53e", @ANYRES16=0x0, @ANYBLOB="007bb5bd7000ffdbdf254b0000000400ec000a000600bbbbbbbbbbbb00000800d20000000700000000eeaaa100000000006a00000008000000000000000800000001000000080000000800000008000000fa02038ea700000103e31f08a3aa2bc5ddfe963acf2808c9a935574177c8d8dc9a540181df1ed1e696607eb8de4875eb"], 0x60}, 0x1, 0x0, 0x0, 0x4080}, 0xa0) 03:20:17 executing program 0: clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000200)="6653070002053c27bc337600363925d86800278dcff47d010000805acf4f8f36460234432479aed75d492b415bcee00a06dc9d8e99adaf81dcfc6afd983f79e65199615607676f8f9fc0ebf8b0b16d6f2c59957ab364884b3c5d05692e664ebf68e6faa5", 0x64}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ptrace$cont(0x7, r0, 0x0, 0x0) [ 457.748618][T18040] ptrace attach of "/root/syz-executor.0"[18039] was attempted by "/root/syz-executor.0"[18040] 03:20:17 executing program 4: r0 = syz_init_net_socket$rose(0xb, 0x5, 0x0) ioctl$sock_rose_SIOCDELRT(r0, 0x89a0, &(0x7f0000000080)={@dev={0xbb, 0xbb, 0xbb, 0x1, 0x0}, 0x0, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @netrom={'nr', 0x0}, 0x0, [@remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @default, @null, @bcast, @bcast, @null, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @bcast]}) 03:20:17 executing program 3: r0 = open(&(0x7f0000000140)='./file0\x00', 0x40c2, 0x0) write$9p(r0, &(0x7f0000000800)="3b27a4b46ee92b4a59073c369a5e19f9db153c4fdbc76aa2a4bb9f3e5e1aa197a9e97d1016c01813792e50c2692c175aad715d110a892949ccc6e2e54c2d5c8f0b7932b69797f217168b0c1feb128ae34f0daf487a70b5c117acd43725fe17993634f1695dabd7f998cd55e9d5bd911e86aa7a4ad75a574bb9693dd6018b25d942a9544bca1ebb0e8d10c092cdcb85797673972099e4041aaf8d636f66cb1103ef2050ad28fabaed33d6927889d97f4b5ce0de71d3fd832980f4f088d0d824e20549b4bbd906ffa51ce9de54d779eb4de462faac20a3ab0ed9934373ca22cea5454f4c2a740cd461e39956bb5f98df2aebc60cf32623adbffbcc378fa7250b6a3fc863dadcf6d4f8b804bfe70f0796eee6218445dad2811dd6b540ff52efa2f167dd9c1b8b016268d37db430983fefc0645d20614c8df2eb0872c58e09664e672b0b6a9970fec199257e1c606ec3e364c66a0f4d258c74accd43b987c756d602fd8787fed3aa43fd8d84e9656d4a413fa9a423bc54b873583d6d497005e54712fafc71384988d80134fbf84f53fdd74b354848006b8b5b67e7cc5a472475d3ae545ca1fcf7628b873e31ba83a98a7ad5b0cfbe9711b517a9a1388ad0efa2a3b4e22152021d631b731e2e100a9831111db7acce948bb5deeea260463c140ac929e77c58402776caf85d4569a75dde2f64c4491508afb541ed9b2c81fc95c06706", 0x200) 03:20:17 executing program 5: perf_event_open(&(0x7f0000000440)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) openat$vcs(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/vcs\x00', 0x440400, 0x0) ioctl$sock_netdev_private(0xffffffffffffffff, 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r0, 0xae80, 0x0) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) pipe(0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) close(r1) socket$inet(0x10, 0x0, 0x0) write(0xffffffffffffffff, 0x0, 0x0) r2 = creat(0x0, 0x0) mkdir(&(0x7f0000000500)='./file1\x00', 0x0) write$binfmt_elf64(r2, &(0x7f0000000080)=ANY=[], 0xce024b8b) link(&(0x7f0000000240)='./file0\x00', &(0x7f0000000000)='./file1/file0\x00') rmdir(&(0x7f0000000140)='./file1\x00') utimes(&(0x7f00000000c0)='./file1\x00', 0x0) write$binfmt_misc(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0xfffffecc) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$KVM_NMI(r0, 0xae9a) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) [ 457.949271][ T27] audit: type=1800 audit(1583119217.951:189): pid=18157 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.3" name="file0" dev="sda1" ino=17384 res=0 03:20:18 executing program 3: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r0, &(0x7f0000000280)={0x2, 0x4e23, @broadcast}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) sendmsg$TIPC_NL_BEARER_ADD(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)={0x14}, 0x14}}, 0x0) writev(r0, &(0x7f0000000bc0)=[{&(0x7f0000001340)="83a15d3f300b93f0737fde29ed5ab6a63f07c8891c4cd3d41ffff7136b011fff477d56ddd308455ff218d7bfab83b8ef75d5065d03adb820d42e03b0cd5ee383835cb611a3c7ac10e5b649a6901211360409c6e612e28110b1b5ee515fccf8a1031d396ea7b27b787779d57a7e428cc441a8e3ef52f3b73e76b729f56cc4fc4ba98263817c50d83f7a174e7322512908dc04f0965019807f47716203dd7e4ed9cb7579fe30e47df7ec5b0d9bc3e0268c9d794c187b021aa6e8c3cff33bae2ba5a28bf09121649a3a6de389c710f95d7eed26dde32725c55c8034a270c74ab3c59074ce0e0e00e83349b1332f69ef1773bb4a95a6ee448de80216b80ad910546cb9d8cb26f5db729f9835ab1b3fbc5a8479f9161846a26c7b112a85d952b49ebeefde12bf14150d81f5c734c463b14fc0b6a739fe413fbbd79257fbee13405f6ce7892788f6b14f90c2ef788e73e54dcf049e835b7fc9db9bd7a424be964444531069e799d8032b3856bb3ef6f0d8e9c21ae48c58f4965817bf278ac948f4aae727e8241a2ab6781b8c5d58d7731cb13a264b82e84d811432c04d8c4f059fc7bf0bff0f10d6896ee714f76474787bf1c8704178320e7252d6f60a5839c82e782e08b1cf3c6d56a01e6cc70111385b408aecf4873d305a0754ed28440ebfce3d7bbd94bdebd6e945bd2b17dcf26379dfb2ec6bb2e1a61eeea342a987b91bb3ce5e0187013abc861463378caa6e4a2bee49d4e2d263389687a7c2cd2a7cf0893da319bb04f1f1bf7a91d7976e9551face2928293abb98986187edcdafd8fcd9130316730357da17be532e14438a796ef47e40edb0ed9c55610d2b8bd52de0e656d17162ddb36612b94f1ab6ce11194cea845bd9f204e5acd84a374dcfaaf80fd7313f71c25f613af54a3096e7364c01e420bd2e4628c7e3d64d4a900d253656a03596dd5c25affa91fae809f41d6216d5ccc8d2e522f258991f9c0248c341711df4e5aab020e48aebca50cb85d77c54f3b9d7eca12130249416d596bc6dd635a6e90d5075048d099a826b3c9c665fe8d71a7fad2a0e0456698d2f8e1ab970b153aa28656ae2c52415daff4f454b9a423f6bd74d9f7d3dd62cfd260780e51d76d191d5c474f4c7d2d1f58a4b953b754d072ac9f69f2b17b71cfbc6790736df04bf5e9df73848bc80ccab3820fd19c8134dce4eac1af19c67ffc169e71f1c9acedaae570b13a6c80ef5f942d6a715ea3b6bd0cb877b2456d38eca79a09020c5b70ada626d98071af32dcd116c12335b48cf8ed8786f039f1c1188a12c84fa76ab6dcbaae5b73cda1773983cc31f810b8326a5d31938dbef8b95699f0cc88a61a66ae635af6bbe251d90f0dadbf9389c2a3337d97103a5b63da1aaf2db95cdcc273c1ba2fb06cbd7a84021742d6d308a876fcc349038c385a23b5ad0f78ba10627a7e2198ebd0197723d7d8494029234627ac3eca197785518fb0be557890d7a1270481da68a0cd3ddf599c42719b8415d01bd855d01a54ecf27be1dcf5a540ab3c9c4bf87e275155d754712a26b6aafbeb7abca50d8de66aa240e54bfda18", 0x45c}], 0x1) 03:20:18 executing program 4: r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000540)='/dev/ppp\x00', 0x0, 0x0) ioctl$PPPIOCSMAXCID(r0, 0x40047451, 0x0) [ 458.055742][ T27] audit: type=1804 audit(1583119217.971:190): pid=18133 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir486746795/syzkaller.S4NoXv/84/file0/bus" dev="loop1" ino=104 res=1 [ 458.185076][ T27] audit: type=1804 audit(1583119218.041:191): pid=18161 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir486746795/syzkaller.S4NoXv/84/file0/bus" dev="loop1" ino=104 res=1 [ 458.416200][ T0] NOHZ: local_softirq_pending 08 [ 458.587634][ T7972] attempt to access beyond end of device [ 458.593360][ T7972] loop1: rw=1, want=2969, limit=63 [ 458.604100][ T7972] attempt to access beyond end of device [ 458.609784][ T7972] loop1: rw=1, want=5033, limit=63 [ 458.619517][ T7972] attempt to access beyond end of device [ 458.625186][ T7972] loop1: rw=1, want=7105, limit=63 [ 458.634731][ T7972] attempt to access beyond end of device [ 458.640403][ T7972] loop1: rw=1, want=9153, limit=63 [ 458.650482][ T7972] attempt to access beyond end of device [ 458.656185][ T7972] loop1: rw=1, want=11201, limit=63 [ 458.663354][ T7972] attempt to access beyond end of device [ 458.669055][ T7972] loop1: rw=1, want=11617, limit=63 03:20:20 executing program 2: r0 = signalfd4(0xffffffffffffffff, &(0x7f0000006000), 0x8, 0x0) r1 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f000001bff4)) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, r2, 0x0, 0x0) tkill(r2, 0x3c) ptrace$setregs(0xd, r2, 0x0, &(0x7f0000000080)) ptrace$cont(0xffffffffffffffff, r2, 0x0, 0x0) 03:20:20 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000200)="6653070002053c27bc337600363925d86800278dcff47d010000805acf4f8f36460234432479aed75d492b415bcee00a06dc9d8e99adaf81dcfc6afd983f79e65199615607676f8f9fc0ebf8b0b16d6f2c59957ab364884b3c5d05692e664ebf68e6faa5", 0x64}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ptrace$cont(0x7, r0, 0x0, 0x0) 03:20:20 executing program 4: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="000000000000000028001200090001007665746800000000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="00f8b200080800001028e6c467144d2fa813"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r4, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000a80)=@newtfilter={0x34, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {}, {0xfff1}}, [@filter_kind_options=@f_route={{0xa, 0x1, 'route\x00'}, {0x4}}]}, 0x34}}, 0x0) 03:20:20 executing program 3: r0 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r0, &(0x7f0000f13000)={0xa, 0xe22}, 0x1c) 03:20:20 executing program 5: perf_event_open(&(0x7f0000000440)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) openat$vcs(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/vcs\x00', 0x440400, 0x0) ioctl$sock_netdev_private(0xffffffffffffffff, 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r0, 0xae80, 0x0) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) pipe(0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) close(r1) socket$inet(0x10, 0x0, 0x0) write(0xffffffffffffffff, 0x0, 0x0) r2 = creat(0x0, 0x0) mkdir(&(0x7f0000000500)='./file1\x00', 0x0) write$binfmt_elf64(r2, &(0x7f0000000080)=ANY=[], 0xce024b8b) link(&(0x7f0000000240)='./file0\x00', &(0x7f0000000000)='./file1/file0\x00') rmdir(&(0x7f0000000140)='./file1\x00') utimes(&(0x7f00000000c0)='./file1\x00', 0x0) write$binfmt_misc(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0xfffffecc) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$KVM_NMI(r0, 0xae9a) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) 03:20:20 executing program 1: prlimit64(0x0, 0x0, &(0x7f0000000280)={0x0, 0x8d}, 0x0) r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='sched\x00') preadv(r0, &(0x7f0000000380)=[{&(0x7f0000000240)=""/123, 0xfffffe65}], 0x1, 0x1000000) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0)='IPVS\x00') sendmsg$IPVS_CMD_FLUSH(r0, &(0x7f0000000500)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="00012bbd7000fcdbdf25114000ff06000f000400000008000900000001000800030004000000"], 0x38}, 0x1, 0x0, 0x0, 0x4000000}, 0x1) r2 = getpid() sched_setattr(r2, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r3 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r3, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r5, 0x407, 0x0) write(r5, &(0x7f0000000340), 0x41395527) vmsplice(r4, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x7e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r6 = open(&(0x7f0000000240)='./file0\x00', 0x880, 0x0) fchdir(r6) r7 = creat(&(0x7f0000000680)='./bus\x00', 0x0) ftruncate(r7, 0x800) lseek(r7, 0x0, 0x2) r8 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0) sendfile(r7, r8, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0x0) sendmsg$NL80211_CMD_START_SCHED_SCAN(0xffffffffffffffff, &(0x7f0000000440)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000400)={&(0x7f00000006c0)=ANY=[@ANYBLOB="6000000056f3257a4fcfe2f523d172e7d3ccf9f026b82608f14536009793803f9262155f95eda2f906e1adf01794d1dc50d9f94fa2755eb6a78e734497b5d45d20299029657b342cf5048b8df517b8262e43802b6f4fd08e4831281e6744113689ba928193e3524a7b5bb966519233661752defd54145cabdab0049aba08ea9b814907008c1d269b2644bfdc4b8dc013fb936339f53e", @ANYRES16=0x0, @ANYBLOB="007bb5bd7000ffdbdf254b0000000400ec000a000600bbbbbbbbbbbb00000800d20000000700000000eeaaa100000000006a00000008000000000000000800000001000000080000000800000008000000fa02038ea700000103e31f08a3aa2bc5ddfe963acf2808c9a935574177c8d8dc9a540181df1ed1e696607eb8de4875eb"], 0x60}, 0x1, 0x0, 0x0, 0x4080}, 0xa0) 03:20:20 executing program 3: openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) openat$nvram(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nvram\x00', 0x0, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, 0x0, 0x0) 03:20:20 executing program 5: perf_event_open(&(0x7f0000000440)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) openat$vcs(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/vcs\x00', 0x440400, 0x0) ioctl$sock_netdev_private(0xffffffffffffffff, 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r0, 0xae80, 0x0) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) pipe(0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) close(r1) socket$inet(0x10, 0x0, 0x0) write(0xffffffffffffffff, 0x0, 0x0) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) mkdir(0x0, 0x0) write$binfmt_elf64(r2, &(0x7f0000000080)=ANY=[], 0xce024b8b) link(&(0x7f0000000240)='./file0\x00', &(0x7f0000000000)='./file1/file0\x00') rmdir(&(0x7f0000000140)='./file1\x00') utimes(&(0x7f00000000c0)='./file1\x00', 0x0) write$binfmt_misc(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0xfffffecc) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$KVM_NMI(r0, 0xae9a) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) 03:20:20 executing program 4: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000000340)={0x2, 0x0, @remote}, 0x10) ioctl$int_in(r0, 0x5421, &(0x7f0000000180)=0x7fff) sendto$inet(r0, 0x0, 0x0, 0x1000000020000000, &(0x7f0000000000)={0x2, 0x0, @empty}, 0x10) sendto$inet(r0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0) 03:20:20 executing program 1: prlimit64(0x0, 0x0, &(0x7f0000000280)={0x0, 0x8d}, 0x0) r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='sched\x00') preadv(r0, &(0x7f0000000380)=[{&(0x7f0000000240)=""/123, 0xfffffe65}], 0x1, 0x1000000) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0)='IPVS\x00') sendmsg$IPVS_CMD_FLUSH(r0, &(0x7f0000000500)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="00012bbd7000fcdbdf25114000ff06000f000400000008000900000001000800030004000000"], 0x38}, 0x1, 0x0, 0x0, 0x4000000}, 0x1) r2 = getpid() sched_setattr(r2, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r3 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r3, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r5, 0x407, 0x0) write(r5, &(0x7f0000000340), 0x41395527) vmsplice(r4, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x7e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r6 = open(&(0x7f0000000240)='./file0\x00', 0x880, 0x0) fchdir(r6) r7 = creat(&(0x7f0000000680)='./bus\x00', 0x0) ftruncate(r7, 0x800) lseek(r7, 0x0, 0x2) r8 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0) sendfile(r7, r8, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0x0) sendmsg$NL80211_CMD_START_SCHED_SCAN(0xffffffffffffffff, &(0x7f0000000440)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000400)={&(0x7f00000006c0)=ANY=[@ANYBLOB="6000000056f3257a4fcfe2f523d172e7d3ccf9f026b82608f14536009793803f9262155f95eda2f906e1adf01794d1dc50d9f94fa2755eb6a78e734497b5d45d20299029657b342cf5048b8df517b8262e43802b6f4fd08e4831281e6744113689ba928193e3524a7b5bb966519233661752defd54145cabdab0049aba08ea9b814907008c1d269b2644bfdc4b8dc013fb936339f53e", @ANYRES16=0x0, @ANYBLOB="007bb5bd7000ffdbdf254b0000000400ec000a000600bbbbbbbbbbbb00000800d20000000700000000eeaaa100000000006a00000008000000000000000800000001000000080000000800000008000000fa02038ea700000103e31f08a3aa2bc5ddfe963acf2808c9a935574177c8d8dc9a540181df1ed1e696607eb8de4875eb"], 0x60}, 0x1, 0x0, 0x0, 0x4080}, 0xa0) 03:20:21 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000200)="6653070002053c27bc337600363925d86800278dcff47d010000805acf4f8f36460234432479aed75d492b415bcee00a06dc9d8e99adaf81dcfc6afd983f79e65199615607676f8f9fc0ebf8b0b16d6f2c59957ab364884b3c5d05692e664ebf68e6faa5", 0x64}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ptrace$cont(0x7, r0, 0x0, 0x0) 03:20:21 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = creat(&(0x7f0000000040)='./bus\x00', 0x0) fallocate(r0, 0x0, 0x0, 0x1000100) r1 = open(&(0x7f0000000780)='./bus\x00', 0x14103e, 0x0) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x7ffffe, 0x4002011, r1, 0x0) 03:20:23 executing program 2: r0 = signalfd4(0xffffffffffffffff, &(0x7f0000006000), 0x8, 0x0) r1 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f000001bff4)) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, r2, 0x0, 0x0) tkill(r2, 0x3c) ptrace$setregs(0xd, r2, 0x0, &(0x7f0000000080)) ptrace$cont(0xffffffffffffffff, r2, 0x0, 0x0) 03:20:23 executing program 5: perf_event_open(&(0x7f0000000440)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) openat$vcs(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/vcs\x00', 0x440400, 0x0) ioctl$sock_netdev_private(0xffffffffffffffff, 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r0, 0xae80, 0x0) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) pipe(0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) close(r1) socket$inet(0x10, 0x0, 0x0) write(0xffffffffffffffff, 0x0, 0x0) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) mkdir(0x0, 0x0) write$binfmt_elf64(r2, &(0x7f0000000080)=ANY=[], 0xce024b8b) link(&(0x7f0000000240)='./file0\x00', &(0x7f0000000000)='./file1/file0\x00') rmdir(&(0x7f0000000140)='./file1\x00') utimes(&(0x7f00000000c0)='./file1\x00', 0x0) write$binfmt_misc(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0xfffffecc) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$KVM_NMI(r0, 0xae9a) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) 03:20:23 executing program 1: prlimit64(0x0, 0x0, &(0x7f0000000280)={0x0, 0x8d}, 0x0) r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='sched\x00') preadv(r0, &(0x7f0000000380)=[{&(0x7f0000000240)=""/123, 0xfffffe65}], 0x1, 0x1000000) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0)='IPVS\x00') sendmsg$IPVS_CMD_FLUSH(r0, &(0x7f0000000500)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="00012bbd7000fcdbdf25114000ff06000f000400000008000900000001000800030004000000"], 0x38}, 0x1, 0x0, 0x0, 0x4000000}, 0x1) r2 = getpid() sched_setattr(r2, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r3 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r3, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r5, 0x407, 0x0) write(r5, &(0x7f0000000340), 0x41395527) vmsplice(r4, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x7e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r6 = open(&(0x7f0000000240)='./file0\x00', 0x880, 0x0) fchdir(r6) r7 = creat(&(0x7f0000000680)='./bus\x00', 0x0) ftruncate(r7, 0x800) lseek(r7, 0x0, 0x2) r8 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0) sendfile(r7, r8, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0x0) sendmsg$NL80211_CMD_START_SCHED_SCAN(0xffffffffffffffff, &(0x7f0000000440)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000400)={&(0x7f00000006c0)=ANY=[@ANYBLOB="6000000056f3257a4fcfe2f523d172e7d3ccf9f026b82608f14536009793803f9262155f95eda2f906e1adf01794d1dc50d9f94fa2755eb6a78e734497b5d45d20299029657b342cf5048b8df517b8262e43802b6f4fd08e4831281e6744113689ba928193e3524a7b5bb966519233661752defd54145cabdab0049aba08ea9b814907008c1d269b2644bfdc4b8dc013fb936339f53e", @ANYRES16=0x0, @ANYBLOB="007bb5bd7000ffdbdf254b0000000400ec000a000600bbbbbbbbbbbb00000800d20000000700000000eeaaa100000000006a00000008000000000000000800000001000000080000000800000008000000fa02038ea700000103e31f08a3aa2bc5ddfe963acf2808c9a935574177c8d8dc9a540181df1ed1e696607eb8de4875eb"], 0x60}, 0x1, 0x0, 0x0, 0x4080}, 0xa0) 03:20:23 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000200)="6653070002053c27bc337600363925d86800278dcff47d010000805acf4f8f36460234432479aed75d492b415bcee00a06dc9d8e99adaf81dcfc6afd983f79e65199615607676f8f9fc0ebf8b0b16d6f2c59957ab364884b3c5d05692e664ebf68e6faa5", 0x64}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ptrace$cont(0x7, r0, 0x0, 0x0) 03:20:23 executing program 4: syz_mount_image$ext4(0x0, 0x0, 0x0, 0x1, &(0x7f00000007c0)=[{&(0x7f0000000580)="62f23e748cdfecc0d3bcb88248f9f8f8e87edc5637656d6e511dcdc6041c8d8a0957939950c15c7ac6360c7820e1d5957ba4167f17600b58767db91e29eb92a20f86dddfb0f8dda322d3ddeadba924051c7894f228f090746b1a55e851e7dcaae4d8411f6806d216b4f2e7eca231a301cc0c9bb4bb5598a94336a99790d3b77dcda45483c1fb1194c56ddfddb587442754e6", 0x92, 0x9}], 0x0, 0x0) chdir(&(0x7f0000000200)='./file0\x00') syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0xabb, &(0x7f0000000100)=[{&(0x7f00000000c0)="800000003804000019000300e60100006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x4db, 0x400}], 0x4801, 0x0) 03:20:23 executing program 3: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f000000c280)={&(0x7f0000000080)={{0x14}, [@NFT_MSG_NEWTABLE={0x14, 0x2, 0xa, 0x101}], {0x14}}, 0x3c}}, 0x0) 03:20:23 executing program 3: open(&(0x7f0000000040)='./file0\x00', 0x0, 0x0) open(&(0x7f0000000040)='./file0\x00', 0x0, 0x0) [ 463.958969][T18435] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock 03:20:24 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000200)="6653070002053c27bc337600363925d86800278dcff47d010000805acf4f8f36460234432479aed75d492b415bcee00a06dc9d8e99adaf81dcfc6afd983f79e65199615607676f8f9fc0ebf8b0b16d6f2c59957ab364884b3c5d05692e664ebf68e6faa5", 0x64}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ptrace$cont(0x7, r0, 0x0, 0x0) [ 463.999794][T18435] EXT4-fs (loop4): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock 03:20:24 executing program 5: perf_event_open(&(0x7f0000000440)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) openat$vcs(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/vcs\x00', 0x440400, 0x0) ioctl$sock_netdev_private(0xffffffffffffffff, 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r0, 0xae80, 0x0) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) pipe(0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) close(r1) socket$inet(0x10, 0x0, 0x0) write(0xffffffffffffffff, 0x0, 0x0) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) mkdir(0x0, 0x0) write$binfmt_elf64(r2, &(0x7f0000000080)=ANY=[], 0xce024b8b) link(&(0x7f0000000240)='./file0\x00', &(0x7f0000000000)='./file1/file0\x00') rmdir(&(0x7f0000000140)='./file1\x00') utimes(&(0x7f00000000c0)='./file1\x00', 0x0) write$binfmt_misc(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0xfffffecc) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$KVM_NMI(r0, 0xae9a) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) [ 464.055905][T18435] EXT4-fs (loop4): ext4_check_descriptors: Inode table for group 0 overlaps superblock [ 464.103878][T18435] EXT4-fs (loop4): corrupt root inode, run e2fsck [ 464.127569][T18435] EXT4-fs (loop4): mount failed 03:20:24 executing program 1: prlimit64(0x0, 0x0, &(0x7f0000000280)={0x9}, 0x0) r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='sched\x00') preadv(r0, &(0x7f0000000380)=[{&(0x7f0000000240)=""/123, 0xfffffe65}], 0x1, 0x1000000) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0)='IPVS\x00') sendmsg$IPVS_CMD_FLUSH(r0, &(0x7f0000000500)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="00012bbd7000fcdbdf25114000ff06000f000400000008000900000001000800030004000000"], 0x38}, 0x1, 0x0, 0x0, 0x4000000}, 0x1) r2 = getpid() sched_setattr(r2, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r3 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r3, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r5, 0x407, 0x0) write(r5, &(0x7f0000000340), 0x41395527) vmsplice(r4, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x7e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r6 = open(&(0x7f0000000240)='./file0\x00', 0x880, 0x0) fchdir(r6) r7 = creat(&(0x7f0000000680)='./bus\x00', 0x0) ftruncate(r7, 0x800) lseek(r7, 0x0, 0x2) r8 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0) sendfile(r7, r8, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0x0) sendmsg$NL80211_CMD_START_SCHED_SCAN(0xffffffffffffffff, &(0x7f0000000440)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000400)={&(0x7f00000006c0)=ANY=[@ANYBLOB="6000000056f3257a4fcfe2f523d172e7d3ccf9f026b82608f14536009793803f9262155f95eda2f906e1adf01794d1dc50d9f94fa2755eb6a78e734497b5d45d20299029657b342cf5048b8df517b8262e43802b6f4fd08e4831281e6744113689ba928193e3524a7b5bb966519233661752defd54145cabdab0049aba08ea9b814907008c1d269b2644bfdc4b8dc013fb936339f53e", @ANYRES16=0x0, @ANYBLOB="007bb5bd7000ffdbdf254b0000000400ec000a000600bbbbbbbbbbbb00000800d20000000700000000eeaaa100000000006a00000008000000000000000800000001000000080000000800000008000000fa02038ea700000103e31f08a3aa2bc5ddfe963acf2808c9a935574177c8d8dc9a540181df1ed1e696607eb8de4875eb"], 0x60}, 0x1, 0x0, 0x0, 0x4080}, 0xa0) 03:20:24 executing program 3: syz_open_procfs(0xffffffffffffffff, &(0x7f00000000c0)='mountinfo\x00') 03:20:24 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000200)="6653070002053c27bc337600363925d86800278dcff47d010000805acf4f8f36460234432479aed75d492b415bcee00a06dc9d8e99adaf81dcfc6afd983f79e65199615607676f8f9fc0ebf8b0b16d6f2c59957ab364884b3c5d05692e664ebf68e6faa5", 0x64}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ptrace$cont(0x7, r0, 0x0, 0x0) [ 464.429763][T18674] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 464.439681][ T27] audit: type=1804 audit(1583119224.441:192): pid=18683 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir486746795/syzkaller.S4NoXv/88/file0/bus" dev="loop1" ino=105 res=1 [ 464.504904][T18674] EXT4-fs (loop4): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock [ 464.515556][T18674] EXT4-fs (loop4): ext4_check_descriptors: Inode table for group 0 overlaps superblock [ 464.526144][T18674] EXT4-fs: failed to create workqueue [ 464.531778][T18674] EXT4-fs (loop4): mount failed [ 464.538347][ T27] audit: type=1804 audit(1583119224.491:193): pid=18687 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir486746795/syzkaller.S4NoXv/88/file0/bus" dev="loop1" ino=105 res=1 03:20:26 executing program 2: r0 = signalfd4(0xffffffffffffffff, &(0x7f0000006000), 0x8, 0x0) r1 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f000001bff4)) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, r2, 0x0, 0x0) tkill(r2, 0x3c) ptrace$setregs(0xd, r2, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, 0x0, 0x0, 0x0) 03:20:26 executing program 5: perf_event_open(&(0x7f0000000440)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) openat$vcs(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/vcs\x00', 0x440400, 0x0) ioctl$sock_netdev_private(0xffffffffffffffff, 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r0, 0xae80, 0x0) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) pipe(0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) close(r1) socket$inet(0x10, 0x0, 0x0) write(0xffffffffffffffff, 0x0, 0x0) creat(&(0x7f0000000080)='./file0\x00', 0x0) mkdir(&(0x7f0000000500)='./file1\x00', 0x0) write$binfmt_elf64(0xffffffffffffffff, &(0x7f0000000080)=ANY=[], 0xce024b8b) link(&(0x7f0000000240)='./file0\x00', &(0x7f0000000000)='./file1/file0\x00') rmdir(&(0x7f0000000140)='./file1\x00') utimes(&(0x7f00000000c0)='./file1\x00', 0x0) write$binfmt_misc(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0xfffffecc) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$KVM_NMI(r0, 0xae9a) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) 03:20:26 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r0, 0x4000000000000, 0x40, &(0x7f0000001280)=ANY=[@ANYBLOB="72617700000000000000000000000000000000000000000000000000000000000200000003000000580200000000000008010000000000000000000000000000c0010000c0010000c0010000c0010000c001000003"], 0x1) 03:20:26 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000200)="6653070002053c27bc337600363925d86800278dcff47d010000805acf4f8f36460234432479aed75d492b415bcee00a06dc9d8e99adaf81dcfc6afd983f79e65199615607676f8f9fc0ebf8b0b16d6f2c59957ab364884b3c5d05692e664ebf68e6faa5", 0x64}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ptrace$cont(0x7, r0, 0x0, 0x0) 03:20:26 executing program 4: syz_mount_image$ext4(0x0, 0x0, 0x0, 0x1, &(0x7f00000007c0)=[{&(0x7f0000000580)="62f23e748cdfecc0d3bcb88248f9f8f8e87edc5637656d6e511dcdc6041c8d8a0957939950c15c7ac6360c7820e1d5957ba4167f17600b58767db91e29eb92a20f86dddfb0f8dda322d3ddeadba924051c7894f228f090746b1a55e851e7dcaae4d8411f6806d216b4f2e7eca231a301cc0c9bb4bb5598a94336a99790d3b77dcda45483c1fb1194c56ddfddb587442754e6", 0x92, 0x9}], 0x0, 0x0) chdir(&(0x7f0000000200)='./file0\x00') syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0xabb, &(0x7f0000000100)=[{&(0x7f00000000c0)="800000003804000019000300e60100006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x4db, 0x400}], 0x4801, 0x0) 03:20:26 executing program 1: prlimit64(0x0, 0x0, &(0x7f0000000280)={0x9}, 0x0) r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='sched\x00') preadv(r0, &(0x7f0000000380)=[{&(0x7f0000000240)=""/123, 0xfffffe65}], 0x1, 0x1000000) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0)='IPVS\x00') sendmsg$IPVS_CMD_FLUSH(r0, &(0x7f0000000500)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="00012bbd7000fcdbdf25114000ff06000f000400000008000900000001000800030004000000"], 0x38}, 0x1, 0x0, 0x0, 0x4000000}, 0x1) r2 = getpid() sched_setattr(r2, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r3 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r3, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r5, 0x407, 0x0) write(r5, &(0x7f0000000340), 0x41395527) vmsplice(r4, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x7e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r6 = open(&(0x7f0000000240)='./file0\x00', 0x880, 0x0) fchdir(r6) r7 = creat(&(0x7f0000000680)='./bus\x00', 0x0) ftruncate(r7, 0x800) lseek(r7, 0x0, 0x2) r8 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0) sendfile(r7, r8, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0x0) sendmsg$NL80211_CMD_START_SCHED_SCAN(0xffffffffffffffff, &(0x7f0000000440)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000400)={&(0x7f00000006c0)=ANY=[@ANYBLOB="6000000056f3257a4fcfe2f523d172e7d3ccf9f026b82608f14536009793803f9262155f95eda2f906e1adf01794d1dc50d9f94fa2755eb6a78e734497b5d45d20299029657b342cf5048b8df517b8262e43802b6f4fd08e4831281e6744113689ba928193e3524a7b5bb966519233661752defd54145cabdab0049aba08ea9b814907008c1d269b2644bfdc4b8dc013fb936339f53e", @ANYRES16=0x0, @ANYBLOB="007bb5bd7000ffdbdf254b0000000400ec000a000600bbbbbbbbbbbb00000800d20000000700000000eeaaa100000000006a00000008000000000000000800000001000000080000000800000008000000fa02038ea700000103e31f08a3aa2bc5ddfe963acf2808c9a935574177c8d8dc9a540181df1ed1e696607eb8de4875eb"], 0x60}, 0x1, 0x0, 0x0, 0x4080}, 0xa0) 03:20:26 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ptrace$cont(0x7, r0, 0x0, 0x0) 03:20:26 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)) [ 467.010144][T18713] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 467.031561][T18713] EXT4-fs (loop4): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock [ 467.043125][T18713] EXT4-fs (loop4): ext4_check_descriptors: Inode table for group 0 overlaps superblock [ 467.078109][ T27] audit: type=1804 audit(1583119227.081:194): pid=18735 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir486746795/syzkaller.S4NoXv/89/file0/bus" dev="sda1" ino=17461 res=1 [ 467.119474][T18713] EXT4-fs (loop4): corrupt root inode, run e2fsck [ 467.127388][T18713] EXT4-fs (loop4): mount failed [ 467.146870][ T27] audit: type=1804 audit(1583119227.151:195): pid=18807 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir486746795/syzkaller.S4NoXv/89/file0/bus" dev="sda1" ino=17461 res=1 03:20:27 executing program 4: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r0, &(0x7f0000000280)={0x2, 0x4e23, @broadcast}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) writev(r0, &(0x7f0000000bc0)=[{&(0x7f0000001340)="83a15d3f300b93f0737fde29ed5ab6a63f07c8891c4cd3d41ffff7136b011fff477d56ddd308455ff218d7bfab83b8ef75d5065d03adb820d42e03b0cd5ee383835cb611a3c7ac10e5b649a6901211360409c6e612e28110b1b5ee515fccf8a1031d396ea7b27b787779d57a7e428cc441a8e3ef52f3b73e76b729f56cc4fc4ba98263817c50d83f7a174e7322512908dc04f0965019807f47716203dd7e4ed9cb7579fe30e47df7ec5b0d9bc3e0268c9d794c187b021aa6e8c3cff33bae2ba5a28bf09121649a3a6de389c710f95d7eed26dde32725c55c8034a270c74ab3c59074ce0e0e00e83349b1332f69ef1773bb4a95a6ee448de80216b80ad910546cb9d8cb26f5db729f9835ab1b3fbc5a8479f9161846a26c7b112a85d952b49ebeefde12bf14150d81f5c734c463b14fc0b6a739fe413fbbd79257fbee13405f6ce7892788f6b14f90c2ef788e73e54dcf049e835b7fc9db9bd7a424be964444531069e799d8032b3856bb3ef6f0d8e9c21ae48c58f4965817bf278ac948f4aae727e8241a2ab6781b8c5d58d7731cb13a264b82e84d811432c04d8c4f059fc7bf0bff0f10d6896ee714f76474787bf1c8704178320e7252d6f60a5839c82e782e08b1cf3c6d56a01e6cc70111385b408aecf4873d305a0754ed28440ebfce3d7bbd94bdebd6e945bd2b17dcf26379dfb2ec6bb2e1a61eeea342a987b91bb3ce5e0187013abc861463378caa6e4a2bee49d4e2d263389687a7c2cd2a7cf0893da319bb04f1f1bf7a91d7976e9551face2928293abb98986187edcdafd8fcd9130316730357da17be532e14438a796ef47e40edb0ed9c55610d2b8bd52de0e656d17162ddb36612b94f1ab6ce11194cea845bd9f204e5acd84a374dcfaaf80fd7313f71c25f613af54a3096e7364c01e420bd2e4628c7e3d64d4a900d253656a03596dd5c25affa91fae809f41d6216d5ccc8d2e522f258991f9c0248c341711df4e5aab020e48aebca50cb85d77c54f3b9d7eca12130249416d596bc6dd635a6e90d5075048d099a826b3c9c665fe8d71a7fad2a0e0456698d2f8e1ab970b153aa28656ae2c52415daff4f454b9a423f6bd74d9f7d3dd62cfd260780e51d76d191d5c474f4c7d2d1f58a4b953b754d072ac9f69f2b17b71cfbc6790736df04bf5e9df73848bc80ccab3820fd19c8134dce4eac1af19c67ffc169e71f1c9acedaae570b13a6c80ef5f942d6a715ea3b6bd0cb877b2456d38eca79a09020c5b70ada626d98071af32dcd116c12335b48cf8ed8786f039f1c1188a12c84fa76ab6dcbaae5b73cda1773983cc31f810b8326a5d31938dbef8b95699f0cc88a61a66ae635af6bbe251d90f0dadbf9389c2a3337d97103a5b63da1aaf2db95cdcc273c1ba2fb06cbd7a84021742d6d308a876fcc349038c385a23b5ad0f78ba10627a7e2198ebd0197723d7d8494029234627ac3eca197785518fb0be557890d7a1270481da68a0cd3ddf599c42719b8415d01bd855d01a54ecf27be1dcf5a540ab3c9c4bf87e275155d7547", 0x448}], 0x1) sendto$inet(r0, &(0x7f00000012c0)='\f', 0x1, 0x0, 0x0, 0x0) 03:20:27 executing program 5: perf_event_open(&(0x7f0000000440)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) openat$vcs(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/vcs\x00', 0x440400, 0x0) ioctl$sock_netdev_private(0xffffffffffffffff, 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r0, 0xae80, 0x0) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) pipe(0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) close(r1) socket$inet(0x10, 0x0, 0x0) write(0xffffffffffffffff, 0x0, 0x0) creat(&(0x7f0000000080)='./file0\x00', 0x0) mkdir(&(0x7f0000000500)='./file1\x00', 0x0) write$binfmt_elf64(0xffffffffffffffff, &(0x7f0000000080)=ANY=[], 0xce024b8b) link(&(0x7f0000000240)='./file0\x00', &(0x7f0000000000)='./file1/file0\x00') rmdir(&(0x7f0000000140)='./file1\x00') utimes(&(0x7f00000000c0)='./file1\x00', 0x0) write$binfmt_misc(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0xfffffecc) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$KVM_NMI(r0, 0xae9a) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) 03:20:27 executing program 3: socket$packet(0x11, 0x3, 0x300) socket$kcm(0x29, 0x0, 0x0) r0 = creat(&(0x7f0000000180)='./bus\x00', 0x0) io_setup(0x4, &(0x7f00000004c0)=0x0) io_submit(r1, 0x200002f1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x80000000000000, 0x1, 0x0, r0, &(0x7f0000000000), 0x377140be6b5ef4c7}]) socket(0x11, 0x0, 0x0) 03:20:27 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) 03:20:29 executing program 4: r0 = socket$inet_tcp(0x2, 0x1, 0x0) sendto$inet(r0, &(0x7f0000000380)="9d", 0x1, 0xfffffffffffffffe, 0x0, 0x0) 03:20:29 executing program 2: r0 = signalfd4(0xffffffffffffffff, &(0x7f0000006000), 0x8, 0x0) r1 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f000001bff4)) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, r2, 0x0, 0x0) tkill(r2, 0x3c) ptrace$setregs(0xd, r2, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, 0x0, 0x0, 0x0) 03:20:29 executing program 5: perf_event_open(&(0x7f0000000440)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) openat$vcs(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/vcs\x00', 0x440400, 0x0) ioctl$sock_netdev_private(0xffffffffffffffff, 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r0, 0xae80, 0x0) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) pipe(0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) close(r1) socket$inet(0x10, 0x0, 0x0) write(0xffffffffffffffff, 0x0, 0x0) creat(&(0x7f0000000080)='./file0\x00', 0x0) mkdir(&(0x7f0000000500)='./file1\x00', 0x0) write$binfmt_elf64(0xffffffffffffffff, &(0x7f0000000080)=ANY=[], 0xce024b8b) link(&(0x7f0000000240)='./file0\x00', &(0x7f0000000000)='./file1/file0\x00') rmdir(&(0x7f0000000140)='./file1\x00') utimes(&(0x7f00000000c0)='./file1\x00', 0x0) write$binfmt_misc(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0xfffffecc) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$KVM_NMI(r0, 0xae9a) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) 03:20:29 executing program 1: prlimit64(0x0, 0x0, &(0x7f0000000280)={0x9}, 0x0) r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='sched\x00') preadv(r0, &(0x7f0000000380)=[{&(0x7f0000000240)=""/123, 0xfffffe65}], 0x1, 0x1000000) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0)='IPVS\x00') sendmsg$IPVS_CMD_FLUSH(r0, &(0x7f0000000500)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="00012bbd7000fcdbdf25114000ff06000f000400000008000900000001000800030004000000"], 0x38}, 0x1, 0x0, 0x0, 0x4000000}, 0x1) r2 = getpid() sched_setattr(r2, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r3 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r3, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r5, 0x407, 0x0) write(r5, &(0x7f0000000340), 0x41395527) vmsplice(r4, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x7e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r6 = open(&(0x7f0000000240)='./file0\x00', 0x880, 0x0) fchdir(r6) r7 = creat(&(0x7f0000000680)='./bus\x00', 0x0) ftruncate(r7, 0x800) lseek(r7, 0x0, 0x2) r8 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0) sendfile(r7, r8, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0x0) sendmsg$NL80211_CMD_START_SCHED_SCAN(0xffffffffffffffff, &(0x7f0000000440)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000400)={&(0x7f00000006c0)=ANY=[@ANYBLOB="6000000056f3257a4fcfe2f523d172e7d3ccf9f026b82608f14536009793803f9262155f95eda2f906e1adf01794d1dc50d9f94fa2755eb6a78e734497b5d45d20299029657b342cf5048b8df517b8262e43802b6f4fd08e4831281e6744113689ba928193e3524a7b5bb966519233661752defd54145cabdab0049aba08ea9b814907008c1d269b2644bfdc4b8dc013fb936339f53e", @ANYRES16=0x0, @ANYBLOB="007bb5bd7000ffdbdf254b0000000400ec000a000600bbbbbbbbbbbb00000800d20000000700000000eeaaa100000000006a00000008000000000000000800000001000000080000000800000008000000fa02038ea700000103e31f08a3aa2bc5ddfe963acf2808c9a935574177c8d8dc9a540181df1ed1e696607eb8de4875eb"], 0x60}, 0x1, 0x0, 0x0, 0x4080}, 0xa0) 03:20:29 executing program 3: socket$packet(0x11, 0x3, 0x300) socket$kcm(0x29, 0x0, 0x0) r0 = creat(&(0x7f0000000180)='./bus\x00', 0x0) io_setup(0x4, &(0x7f00000004c0)=0x0) io_submit(r1, 0x200002f1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x80000000000000, 0x1, 0x0, r0, &(0x7f0000000000), 0x377140be6b5ef4c7}]) socket(0x11, 0x0, 0x0) 03:20:30 executing program 4: syz_emit_ethernet(0x76, &(0x7f0000000080)={@local, @remote, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "209200", 0x40, 0x6, 0x0, @remote, @local, {[], {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, {[@timestamp={0x8, 0xa}, @md5sig={0x13, 0x12, "435d33db0f58ebb2d9da815dcff964bd"}, @mptcp=@synack={0x1e, 0x10}]}}}}}}}}, 0x0) 03:20:30 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ptrace$cont(0x7, r0, 0x0, 0x0) 03:20:30 executing program 5: perf_event_open(&(0x7f0000000440)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) openat$vcs(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/vcs\x00', 0x440400, 0x0) ioctl$sock_netdev_private(0xffffffffffffffff, 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r0, 0xae80, 0x0) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) pipe(0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) close(r1) socket$inet(0x10, 0x0, 0x0) write(0xffffffffffffffff, 0x0, 0x0) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) mkdir(&(0x7f0000000500)='./file1\x00', 0x0) write$binfmt_elf64(r2, 0x0, 0x0) link(&(0x7f0000000240)='./file0\x00', &(0x7f0000000000)='./file1/file0\x00') rmdir(&(0x7f0000000140)='./file1\x00') utimes(&(0x7f00000000c0)='./file1\x00', 0x0) write$binfmt_misc(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0xfffffecc) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$KVM_NMI(r0, 0xae9a) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) [ 470.141920][ T27] audit: type=1804 audit(1583119230.141:196): pid=19074 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir486746795/syzkaller.S4NoXv/90/file0/bus" dev="loop1" ino=106 res=1 03:20:30 executing program 4: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r0, &(0x7f0000000280)={0x2, 0x4e23, @broadcast}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) writev(r0, &(0x7f0000000bc0)=[{&(0x7f0000001340)="83a15d3f300b93f0737fde29ed5ab6a63f07c8891c4cd3d41ffff7136b011fff477d56ddd308455ff218d7bfab83b8ef75d5065d03adb820d42e03b0cd5ee383835cb611a3c7ac10e5b649a6901211360409c6e612e28110b1b5ee515fccf8a1031d396ea7b27b787779d57a7e428cc441a8e3ef52f3b73e76b729f56cc4fc4ba98263817c50d83f7a174e7322512908dc04f0965019807f47716203dd7e4ed9cb7579fe30e47df7ec5b0d9bc3e0268c9d794c187b021aa6e8c3cff33bae2ba5a28bf09121649a3a6de389c710f95d7eed26dde32725c55c8034a270c74ab3c59074ce0e0e00e83349b1332f69ef1773bb4a95a6ee448de80216b80ad910546cb9d8cb26f5db729f9835ab1b3fbc5a8479f9161846a26c7b112a85d952b49ebeefde12bf14150d81f5c734c463b14fc0b6a739fe413fbbd79257fbee13405f6ce7892788f6b14f90c2ef788e73e54dcf049e835b7fc9db9bd7a424be964444531069e799d8032b3856bb3ef6f0d8e9c21ae48c58f4965817bf278ac948f4aae727e8241a2ab6781b8c5d58d7731cb13a264b82e84d811432c04d8c4f059fc7bf0bff0f10d6896ee714f76474787bf1c8704178320e7252d6f60a5839c82e782e08b1cf3c6d56a01e6cc70111385b408aecf4873d305a0754ed28440ebfce3d7bbd94bdebd6e945bd2b17dcf26379dfb2ec6bb2e1a61eeea342a987b91bb3ce5e0187013abc861463378caa6e4a2bee49d4e2d263389687a7c2cd2a7cf0893da319bb04f1f1bf7a91d7976e9551face2928293abb98986187edcdafd8fcd9130316730357da17be532e14438a796ef47e40edb0ed9c55610d2b8bd52de0e656d17162ddb36612b94f1ab6ce11194cea845bd9f204e5acd84a374dcfaaf80fd7313f71c25f613af54a3096e7364c01e420bd2e4628c7e3d64d4a900d253656a03596dd5c25affa91fae809f41d6216d5ccc8d2e522f258991f9c0248c341711df4e5aab020e48aebca50cb85d77c54f3b9d7eca12130249416d596bc6dd635a6e90d5075048d099a826b3c9c665fe8d71a7fad2a0e0456698d2f8e1ab970b153aa28656ae2c52415daff4f454b9a423f6bd74d9f7d3dd62cfd260780e51d76d191d5c474f4c7d2d1f58a4b953b754d072ac9f69f2b17b71cfbc6790736df04bf5e9df73848bc80ccab3820fd19c8134dce4eac1af19c67ffc169e71f1c9acedaae570b13a6c80ef5f942d6a715ea3b6bd0cb877b2456d38eca79a09020c5b70ada626d98071af32dcd116c12335b48cf8ed8786f039f1c1188a12c84fa76ab6dcbaae5b73cda1773983cc31f810b8326a5d31938dbef8b95699f0cc88a61a66ae635af6bbe251d90f0dadbf9389c2a3337d97103a5b63da1aaf2db95cdcc273c1ba2fb06cbd7a84021742d6d308a876fcc349038c385a23b5ad0f78ba10627a7e2198ebd0197723d7d8494029234627ac3ec", 0x411}], 0x1) sendto$inet(r0, &(0x7f00000012c0)="0c268a927f1f6588b967481241ba7860005cf65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95425a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0x4d, 0x0, 0x0, 0x0) [ 470.230892][ T27] audit: type=1804 audit(1583119230.211:197): pid=19074 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir486746795/syzkaller.S4NoXv/90/file0/bus" dev="loop1" ino=106 res=1 03:20:30 executing program 5: perf_event_open(&(0x7f0000000440)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) openat$vcs(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/vcs\x00', 0x440400, 0x0) ioctl$sock_netdev_private(0xffffffffffffffff, 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r0, 0xae80, 0x0) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) pipe(0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) close(r1) socket$inet(0x10, 0x0, 0x0) write(0xffffffffffffffff, 0x0, 0x0) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) mkdir(&(0x7f0000000500)='./file1\x00', 0x0) write$binfmt_elf64(r2, 0x0, 0x0) link(&(0x7f0000000240)='./file0\x00', &(0x7f0000000000)='./file1/file0\x00') rmdir(&(0x7f0000000140)='./file1\x00') utimes(&(0x7f00000000c0)='./file1\x00', 0x0) write$binfmt_misc(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0xfffffecc) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$KVM_NMI(r0, 0xae9a) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) 03:20:30 executing program 4: r0 = syz_open_procfs(0x0, &(0x7f0000004d00)='net/netlink\x00') ioctl$BINDER_WRITE_READ(r0, 0x40305828, 0x0) 03:20:30 executing program 4: r0 = socket(0x200000000000011, 0x4000000000080002, 0xdd86) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'ip6_vti0\x00', 0x0}) bind$packet(r0, &(0x7f0000000040)={0x11, 0x0, r1, 0x1, 0x0, 0x6, @local}, 0x14) 03:20:30 executing program 5: perf_event_open(&(0x7f0000000440)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) openat$vcs(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/vcs\x00', 0x440400, 0x0) ioctl$sock_netdev_private(0xffffffffffffffff, 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r0, 0xae80, 0x0) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) pipe(0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) close(r1) socket$inet(0x10, 0x0, 0x0) write(0xffffffffffffffff, 0x0, 0x0) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) mkdir(&(0x7f0000000500)='./file1\x00', 0x0) write$binfmt_elf64(r2, 0x0, 0x0) link(&(0x7f0000000240)='./file0\x00', &(0x7f0000000000)='./file1/file0\x00') rmdir(&(0x7f0000000140)='./file1\x00') utimes(&(0x7f00000000c0)='./file1\x00', 0x0) write$binfmt_misc(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0xfffffecc) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$KVM_NMI(r0, 0xae9a) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) 03:20:32 executing program 2: r0 = signalfd4(0xffffffffffffffff, &(0x7f0000006000), 0x8, 0x0) r1 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f000001bff4)) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, r2, 0x0, 0x0) tkill(r2, 0x3c) ptrace$setregs(0xd, r2, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, 0x0, 0x0, 0x0) 03:20:32 executing program 3: r0 = socket$inet(0x2, 0x801, 0x0) connect$inet(r0, &(0x7f00000002c0)={0x2, 0x0, @empty}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x0, 0x0, 0x0) 03:20:32 executing program 5: perf_event_open(&(0x7f0000000440)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) openat$vcs(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/vcs\x00', 0x440400, 0x0) ioctl$sock_netdev_private(0xffffffffffffffff, 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r0, 0xae80, 0x0) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) pipe(0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) close(r1) socket$inet(0x10, 0x0, 0x0) write(0xffffffffffffffff, 0x0, 0x0) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) mkdir(&(0x7f0000000500)='./file1\x00', 0x0) write$binfmt_elf64(r2, &(0x7f0000000080)=ANY=[], 0xce024b8b) link(0x0, &(0x7f0000000000)='./file1/file0\x00') rmdir(&(0x7f0000000140)='./file1\x00') utimes(&(0x7f00000000c0)='./file1\x00', 0x0) write$binfmt_misc(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0xfffffecc) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$KVM_NMI(r0, 0xae9a) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) 03:20:32 executing program 4: accept(0xffffffffffffffff, 0x0, 0x0) 03:20:32 executing program 1: prlimit64(0x0, 0x0, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = syz_open_procfs(0xffffffffffffffff, 0x0) preadv(r0, &(0x7f0000000380)=[{&(0x7f0000000240)=""/123, 0xfffffe65}], 0x1, 0x1000000) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0)='IPVS\x00') sendmsg$IPVS_CMD_FLUSH(r0, &(0x7f0000000500)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="00012bbd7000fcdbdf25114000ff06000f000400000008000900000001000800030004000000"], 0x38}, 0x1, 0x0, 0x0, 0x4000000}, 0x1) r2 = getpid() sched_setattr(r2, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r3 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r3, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r5, 0x407, 0x0) write(r5, &(0x7f0000000340), 0x41395527) vmsplice(r4, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x7e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r6 = open(&(0x7f0000000240)='./file0\x00', 0x880, 0x0) fchdir(r6) r7 = creat(&(0x7f0000000680)='./bus\x00', 0x0) ftruncate(r7, 0x800) lseek(r7, 0x0, 0x2) r8 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0) sendfile(r7, r8, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0x0) sendmsg$NL80211_CMD_START_SCHED_SCAN(0xffffffffffffffff, &(0x7f0000000440)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000400)={&(0x7f00000006c0)=ANY=[@ANYBLOB="6000000056f3257a4fcfe2f523d172e7d3ccf9f026b82608f14536009793803f9262155f95eda2f906e1adf01794d1dc50d9f94fa2755eb6a78e734497b5d45d20299029657b342cf5048b8df517b8262e43802b6f4fd08e4831281e6744113689ba928193e3524a7b5bb966519233661752defd54145cabdab0049aba08ea9b814907008c1d269b2644bfdc4b8dc013fb936339f53e", @ANYRES16=0x0, @ANYBLOB="007bb5bd7000ffdbdf254b0000000400ec000a000600bbbbbbbbbbbb00000800d20000000700000000eeaaa100000000006a00000008000000000000000800000001000000080000000800000008000000fa02038ea700000103e31f08a3aa2bc5ddfe963acf2808c9a935574177c8d8dc9a540181df1ed1e696607eb8de4875eb"], 0x60}, 0x1, 0x0, 0x0, 0x4080}, 0xa0) 03:20:33 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ptrace$cont(0x7, r0, 0x0, 0x0) 03:20:33 executing program 4: mkdir(&(0x7f0000000280)='./file0\x00', 0x0) mount$bpf(0x0, &(0x7f00000001c0)='./file0\x00', 0x0, 0x0, 0x0) 03:20:33 executing program 3: pipe(&(0x7f0000000840)={0xffffffffffffffff, 0xffffffffffffffff}) write(r0, 0x0, 0x0) [ 473.171127][ T27] audit: type=1804 audit(1583119233.161:198): pid=19269 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir486746795/syzkaller.S4NoXv/91/file0/bus" dev="loop1" ino=107 res=1 03:20:33 executing program 5: perf_event_open(&(0x7f0000000440)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) openat$vcs(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/vcs\x00', 0x440400, 0x0) ioctl$sock_netdev_private(0xffffffffffffffff, 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r0, 0xae80, 0x0) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) pipe(0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) close(r1) socket$inet(0x10, 0x0, 0x0) write(0xffffffffffffffff, 0x0, 0x0) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) mkdir(&(0x7f0000000500)='./file1\x00', 0x0) write$binfmt_elf64(r2, &(0x7f0000000080)=ANY=[], 0xce024b8b) link(0x0, &(0x7f0000000000)='./file1/file0\x00') rmdir(&(0x7f0000000140)='./file1\x00') utimes(&(0x7f00000000c0)='./file1\x00', 0x0) write$binfmt_misc(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0xfffffecc) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$KVM_NMI(r0, 0xae9a) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) 03:20:33 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$L2TP_CMD_SESSION_DELETE(r0, 0x0, 0x0) 03:20:33 executing program 4: getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0) [ 473.283737][ T27] audit: type=1804 audit(1583119233.251:199): pid=19339 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir486746795/syzkaller.S4NoXv/91/file0/bus" dev="loop1" ino=107 res=1 03:20:33 executing program 3: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000480)={0x2, 0x0, @multicast1}, 0x10) 03:20:36 executing program 1: prlimit64(0x0, 0x0, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = syz_open_procfs(0xffffffffffffffff, 0x0) preadv(r0, &(0x7f0000000380)=[{&(0x7f0000000240)=""/123, 0xfffffe65}], 0x1, 0x1000000) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0)='IPVS\x00') sendmsg$IPVS_CMD_FLUSH(r0, &(0x7f0000000500)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="00012bbd7000fcdbdf25114000ff06000f000400000008000900000001000800030004000000"], 0x38}, 0x1, 0x0, 0x0, 0x4000000}, 0x1) r2 = getpid() sched_setattr(r2, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r3 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r3, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r5, 0x407, 0x0) write(r5, &(0x7f0000000340), 0x41395527) vmsplice(r4, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x7e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r6 = open(&(0x7f0000000240)='./file0\x00', 0x880, 0x0) fchdir(r6) r7 = creat(&(0x7f0000000680)='./bus\x00', 0x0) ftruncate(r7, 0x800) lseek(r7, 0x0, 0x2) r8 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0) sendfile(r7, r8, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0x0) sendmsg$NL80211_CMD_START_SCHED_SCAN(0xffffffffffffffff, &(0x7f0000000440)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000400)={&(0x7f00000006c0)=ANY=[@ANYBLOB="6000000056f3257a4fcfe2f523d172e7d3ccf9f026b82608f14536009793803f9262155f95eda2f906e1adf01794d1dc50d9f94fa2755eb6a78e734497b5d45d20299029657b342cf5048b8df517b8262e43802b6f4fd08e4831281e6744113689ba928193e3524a7b5bb966519233661752defd54145cabdab0049aba08ea9b814907008c1d269b2644bfdc4b8dc013fb936339f53e", @ANYRES16=0x0, @ANYBLOB="007bb5bd7000ffdbdf254b0000000400ec000a000600bbbbbbbbbbbb00000800d20000000700000000eeaaa100000000006a00000008000000000000000800000001000000080000000800000008000000fa02038ea700000103e31f08a3aa2bc5ddfe963acf2808c9a935574177c8d8dc9a540181df1ed1e696607eb8de4875eb"], 0x60}, 0x1, 0x0, 0x0, 0x4080}, 0xa0) 03:20:36 executing program 5: perf_event_open(&(0x7f0000000440)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) openat$vcs(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/vcs\x00', 0x440400, 0x0) ioctl$sock_netdev_private(0xffffffffffffffff, 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r0, 0xae80, 0x0) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) pipe(0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) close(r1) socket$inet(0x10, 0x0, 0x0) write(0xffffffffffffffff, 0x0, 0x0) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) mkdir(&(0x7f0000000500)='./file1\x00', 0x0) write$binfmt_elf64(r2, &(0x7f0000000080)=ANY=[], 0xce024b8b) link(0x0, &(0x7f0000000000)='./file1/file0\x00') rmdir(&(0x7f0000000140)='./file1\x00') utimes(&(0x7f00000000c0)='./file1\x00', 0x0) write$binfmt_misc(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0xfffffecc) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$KVM_NMI(r0, 0xae9a) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) 03:20:36 executing program 3: socket$inet6(0xa, 0x0, 0x0) r0 = dup(0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x396, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x10001, 0x400}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = open(&(0x7f0000000440)='./bus\x00', 0x141042, 0x0) sendfile(r0, r1, 0x0, 0x0) 03:20:36 executing program 4: openat$vcs(0xffffffffffffff9c, 0x0, 0x2c0100, 0x0) 03:20:36 executing program 2: openat$nvram(0xffffffffffffff9c, &(0x7f0000001d40)='/dev/nvram\x00', 0x10100, 0x0) 03:20:36 executing program 4: socketpair(0x15, 0x0, 0x0, &(0x7f0000000000)) 03:20:36 executing program 2: r0 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_inet_SIOCSARP(r0, 0x8955, &(0x7f0000000280)={{0x2, 0x0, @multicast2}, {0x0, @random="300e5b2235fb"}, 0x0, {0x2, 0x0, @broadcast}, 'syz_tun\x00'}) 03:20:36 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}], 0x3, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ptrace$cont(0x7, r0, 0x0, 0x0) 03:20:36 executing program 5: perf_event_open(&(0x7f0000000440)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) openat$vcs(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/vcs\x00', 0x440400, 0x0) ioctl$sock_netdev_private(0xffffffffffffffff, 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r0, 0xae80, 0x0) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) pipe(0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) close(r1) socket$inet(0x10, 0x0, 0x0) write(0xffffffffffffffff, 0x0, 0x0) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) mkdir(&(0x7f0000000500)='./file1\x00', 0x0) write$binfmt_elf64(r2, &(0x7f0000000080)=ANY=[], 0xce024b8b) link(&(0x7f0000000240)='./file0\x00', 0x0) rmdir(&(0x7f0000000140)='./file1\x00') utimes(&(0x7f00000000c0)='./file1\x00', 0x0) write$binfmt_misc(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0xfffffecc) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$KVM_NMI(r0, 0xae9a) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) 03:20:36 executing program 3: io_setup(0x4, &(0x7f00000004c0)=0x0) r1 = socket$inet(0x2, 0x806, 0x0) io_submit(r0, 0x1, &(0x7f0000000600)=[&(0x7f0000000240)={0x0, 0x0, 0x0, 0x5, 0x0, r1, 0x0, 0x0, 0x1}]) [ 476.363250][ T27] audit: type=1804 audit(1583119236.361:200): pid=19577 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir486746795/syzkaller.S4NoXv/92/file0/bus" dev="loop1" ino=108 res=1 03:20:36 executing program 2: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x89a2, &(0x7f0000000080)={'bridge0\x00'}) 03:20:36 executing program 4: r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0x5, &(0x7f0000000040)=@req3={0x0, 0x100000001}, 0x1c) [ 476.503059][ T27] audit: type=1804 audit(1583119236.501:201): pid=19593 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir486746795/syzkaller.S4NoXv/92/file0/bus" dev="loop1" ino=108 res=1 03:20:36 executing program 1: prlimit64(0x0, 0x0, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = syz_open_procfs(0xffffffffffffffff, 0x0) preadv(r0, &(0x7f0000000380)=[{&(0x7f0000000240)=""/123, 0xfffffe65}], 0x1, 0x1000000) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0)='IPVS\x00') sendmsg$IPVS_CMD_FLUSH(r0, &(0x7f0000000500)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="00012bbd7000fcdbdf25114000ff06000f000400000008000900000001000800030004000000"], 0x38}, 0x1, 0x0, 0x0, 0x4000000}, 0x1) r2 = getpid() sched_setattr(r2, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r3 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r3, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r5, 0x407, 0x0) write(r5, &(0x7f0000000340), 0x41395527) vmsplice(r4, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x7e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r6 = open(&(0x7f0000000240)='./file0\x00', 0x880, 0x0) fchdir(r6) r7 = creat(&(0x7f0000000680)='./bus\x00', 0x0) ftruncate(r7, 0x800) lseek(r7, 0x0, 0x2) r8 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0) sendfile(r7, r8, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0x0) sendmsg$NL80211_CMD_START_SCHED_SCAN(0xffffffffffffffff, &(0x7f0000000440)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000400)={&(0x7f00000006c0)=ANY=[@ANYBLOB="6000000056f3257a4fcfe2f523d172e7d3ccf9f026b82608f14536009793803f9262155f95eda2f906e1adf01794d1dc50d9f94fa2755eb6a78e734497b5d45d20299029657b342cf5048b8df517b8262e43802b6f4fd08e4831281e6744113689ba928193e3524a7b5bb966519233661752defd54145cabdab0049aba08ea9b814907008c1d269b2644bfdc4b8dc013fb936339f53e", @ANYRES16=0x0, @ANYBLOB="007bb5bd7000ffdbdf254b0000000400ec000a000600bbbbbbbbbbbb00000800d20000000700000000eeaaa100000000006a00000008000000000000000800000001000000080000000800000008000000fa02038ea700000103e31f08a3aa2bc5ddfe963acf2808c9a935574177c8d8dc9a540181df1ed1e696607eb8de4875eb"], 0x60}, 0x1, 0x0, 0x0, 0x4080}, 0xa0) 03:20:36 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, 0x0) 03:20:36 executing program 3: r0 = open(&(0x7f0000000040)='./bus\x00', 0x17e, 0x0) write$binfmt_aout(r0, &(0x7f0000000540)=ANY=[@ANYBLOB='V'], 0x1) 03:20:36 executing program 5: perf_event_open(&(0x7f0000000440)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) openat$vcs(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/vcs\x00', 0x440400, 0x0) ioctl$sock_netdev_private(0xffffffffffffffff, 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r0, 0xae80, 0x0) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) pipe(0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) close(r1) socket$inet(0x10, 0x0, 0x0) write(0xffffffffffffffff, 0x0, 0x0) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) mkdir(&(0x7f0000000500)='./file1\x00', 0x0) write$binfmt_elf64(r2, &(0x7f0000000080)=ANY=[], 0xce024b8b) link(&(0x7f0000000240)='./file0\x00', 0x0) rmdir(&(0x7f0000000140)='./file1\x00') utimes(&(0x7f00000000c0)='./file1\x00', 0x0) write$binfmt_misc(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0xfffffecc) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$KVM_NMI(r0, 0xae9a) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) 03:20:36 executing program 4: [ 476.966530][ T0] NOHZ: local_softirq_pending 08 [ 477.010514][ T820] attempt to access beyond end of device [ 477.028090][ T820] loop1: rw=1, want=2493, limit=63 [ 477.038791][ T820] attempt to access beyond end of device [ 477.044456][ T820] loop1: rw=1, want=4581, limit=63 03:20:37 executing program 4: sendmsg$DEVLINK_CMD_RELOAD(0xffffffffffffffff, 0x0, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) ioctl$sock_inet6_SIOCADDRT(r0, 0x890b, &(0x7f0000000d40)={@initdev={0xfe, 0x88, [], 0x0, 0x0}, @mcast2, @ipv4={[], [], @empty}, 0x0, 0x0, 0x400}) sendmsg$DEVLINK_CMD_GET(0xffffffffffffffff, 0x0, 0x0) [ 477.089619][ T820] attempt to access beyond end of device [ 477.095399][ T820] loop1: rw=1, want=6629, limit=63 03:20:37 executing program 2: syz_mount_image$vfat(&(0x7f0000000040)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000280)=[{&(0x7f00000003c0)="eb3c906d6b66732e66617400020301", 0xf}], 0x8010, 0x0) [ 477.143491][ T820] attempt to access beyond end of device [ 477.165821][ T820] loop1: rw=1, want=8701, limit=63 [ 477.180460][ T820] attempt to access beyond end of device [ 477.195282][ T820] loop1: rw=1, want=8825, limit=63 [ 477.514313][ T27] audit: type=1804 audit(1583119237.511:202): pid=19838 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir486746795/syzkaller.S4NoXv/93/file0/bus" dev="loop1" ino=109 res=1 [ 477.590605][ T27] audit: type=1804 audit(1583119237.591:203): pid=19843 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir486746795/syzkaller.S4NoXv/93/file0/bus" dev="loop1" ino=109 res=1 [ 478.237978][ T7] attempt to access beyond end of device [ 478.243642][ T7] loop1: rw=1, want=3997, limit=63 [ 478.249712][ T0] NOHZ: local_softirq_pending 08 [ 478.254340][ T7] attempt to access beyond end of device [ 478.260501][ T7] loop1: rw=1, want=6045, limit=63 [ 478.270308][ T7] attempt to access beyond end of device [ 478.276011][ T7] loop1: rw=1, want=8125, limit=63 [ 478.285480][ T7] attempt to access beyond end of device [ 478.291171][ T7] loop1: rw=1, want=10181, limit=63 [ 478.300937][ T7] attempt to access beyond end of device [ 478.306662][ T7] loop1: rw=1, want=12229, limit=63 [ 478.317474][ T7] attempt to access beyond end of device [ 478.323211][ T7] loop1: rw=1, want=14277, limit=63 [ 478.332823][ T7] attempt to access beyond end of device [ 478.338568][ T7] loop1: rw=1, want=16325, limit=63 [ 478.348453][ T7] attempt to access beyond end of device [ 478.354175][ T7] loop1: rw=1, want=18373, limit=63 [ 478.363443][ T7] attempt to access beyond end of device [ 478.369200][ T7] loop1: rw=1, want=20421, limit=63 [ 478.379126][ T7] attempt to access beyond end of device [ 478.384831][ T7] loop1: rw=1, want=22469, limit=63 [ 478.394288][ T7] attempt to access beyond end of device [ 478.400014][ T7] loop1: rw=1, want=24517, limit=63 [ 478.410291][ T7] attempt to access beyond end of device [ 478.416045][ T7] loop1: rw=1, want=26565, limit=63 [ 478.423700][ T7] attempt to access beyond end of device [ 478.429976][ T7] loop1: rw=1, want=27509, limit=63 03:20:39 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}], 0x3, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ptrace$cont(0x7, r0, 0x0, 0x0) 03:20:39 executing program 3: r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vhost-net\x00', 0x2, 0x0) r1 = userfaultfd(0x0) dup2(r1, r0) 03:20:39 executing program 5: perf_event_open(&(0x7f0000000440)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) openat$vcs(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/vcs\x00', 0x440400, 0x0) ioctl$sock_netdev_private(0xffffffffffffffff, 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r0, 0xae80, 0x0) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) pipe(0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) close(r1) socket$inet(0x10, 0x0, 0x0) write(0xffffffffffffffff, 0x0, 0x0) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) mkdir(&(0x7f0000000500)='./file1\x00', 0x0) write$binfmt_elf64(r2, &(0x7f0000000080)=ANY=[], 0xce024b8b) link(&(0x7f0000000240)='./file0\x00', 0x0) rmdir(&(0x7f0000000140)='./file1\x00') utimes(&(0x7f00000000c0)='./file1\x00', 0x0) write$binfmt_misc(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0xfffffecc) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$KVM_NMI(r0, 0xae9a) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) 03:20:39 executing program 4: r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000180)={0x1, &(0x7f00000001c0)=[{0x6}]}, 0x10) socket$inet_udp(0x2, 0x2, 0x0) close(0xffffffffffffffff) 03:20:39 executing program 2: syz_mount_image$vfat(&(0x7f0000000040)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000280)=[{&(0x7f00000003c0)="eb3c906d6b66732e66617400020301", 0xf}], 0x8010, 0x0) 03:20:39 executing program 1: prlimit64(0x0, 0x0, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='sched\x00') preadv(0xffffffffffffffff, &(0x7f0000000380)=[{&(0x7f0000000240)=""/123, 0xfffffe65}], 0x1, 0x1000000) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0)='IPVS\x00') sendmsg$IPVS_CMD_FLUSH(r0, &(0x7f0000000500)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="00012bbd7000fcdbdf25114000ff06000f000400000008000900000001000800030004000000"], 0x38}, 0x1, 0x0, 0x0, 0x4000000}, 0x1) r2 = getpid() sched_setattr(r2, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r3 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r3, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r5, 0x407, 0x0) write(r5, &(0x7f0000000340), 0x41395527) vmsplice(r4, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x7e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r6 = open(&(0x7f0000000240)='./file0\x00', 0x880, 0x0) fchdir(r6) r7 = creat(&(0x7f0000000680)='./bus\x00', 0x0) ftruncate(r7, 0x800) lseek(r7, 0x0, 0x2) r8 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0) sendfile(r7, r8, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0x0) sendmsg$NL80211_CMD_START_SCHED_SCAN(0xffffffffffffffff, &(0x7f0000000440)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000400)={&(0x7f00000006c0)=ANY=[@ANYBLOB="6000000056f3257a4fcfe2f523d172e7d3ccf9f026b82608f14536009793803f9262155f95eda2f906e1adf01794d1dc50d9f94fa2755eb6a78e734497b5d45d20299029657b342cf5048b8df517b8262e43802b6f4fd08e4831281e6744113689ba928193e3524a7b5bb966519233661752defd54145cabdab0049aba08ea9b814907008c1d269b2644bfdc4b8dc013fb936339f53e", @ANYRES16=0x0, @ANYBLOB="007bb5bd7000ffdbdf254b0000000400ec000a000600bbbbbbbbbbbb00000800d20000000700000000eeaaa100000000006a00000008000000000000000800000001000000080000000800000008000000fa02038ea700000103e31f08a3aa2bc5ddfe963acf2808c9a935574177c8d8dc9a540181df1ed1e696607eb8de4875eb"], 0x60}, 0x1, 0x0, 0x0, 0x4080}, 0xa0) 03:20:39 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000440)='ethtool\x00') sendmsg$ETHTOOL_MSG_STRSET_GET(r0, &(0x7f0000000780)={0x0, 0xfffff000, &(0x7f0000000740)={&(0x7f0000000180)={0x18, r1, 0x703, 0x0, 0x0, {0x4}, [@ETHTOOL_A_STRSET_HEADER={0x4}]}, 0x18}}, 0x0) 03:20:39 executing program 2: syz_mount_image$vfat(&(0x7f0000000040)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000280)=[{&(0x7f00000003c0)="eb3c906d6b66732e66617400020301", 0xf}], 0x8010, 0x0) 03:20:39 executing program 5: perf_event_open(&(0x7f0000000440)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) openat$vcs(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/vcs\x00', 0x440400, 0x0) ioctl$sock_netdev_private(0xffffffffffffffff, 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r0, 0xae80, 0x0) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) pipe(0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) close(r1) socket$inet(0x10, 0x0, 0x0) write(0xffffffffffffffff, 0x0, 0x0) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) mkdir(&(0x7f0000000500)='./file1\x00', 0x0) write$binfmt_elf64(r2, &(0x7f0000000080)=ANY=[], 0xce024b8b) link(&(0x7f0000000240)='./file0\x00', &(0x7f0000000000)='./file1/file0\x00') rmdir(0x0) utimes(&(0x7f00000000c0)='./file1\x00', 0x0) write$binfmt_misc(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0xfffffecc) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$KVM_NMI(r0, 0xae9a) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) 03:20:39 executing program 4: dup(0xffffffffffffffff) r0 = open(&(0x7f0000000040)='./file0\x00', 0x141042, 0x0) write$binfmt_elf64(r0, &(0x7f0000000180)=ANY=[@ANYRESHEX, @ANYRESDEC, @ANYRESHEX], 0x38) sendfile(r0, 0xffffffffffffffff, 0x0, 0x0) [ 479.779982][ T27] audit: type=1804 audit(1583119239.781:204): pid=19967 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir486746795/syzkaller.S4NoXv/94/file0/bus" dev="sda1" ino=17329 res=1 03:20:39 executing program 5: perf_event_open(&(0x7f0000000440)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) openat$vcs(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/vcs\x00', 0x440400, 0x0) ioctl$sock_netdev_private(0xffffffffffffffff, 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r0, 0xae80, 0x0) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) pipe(0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) close(r1) socket$inet(0x10, 0x0, 0x0) write(0xffffffffffffffff, 0x0, 0x0) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) mkdir(&(0x7f0000000500)='./file1\x00', 0x0) write$binfmt_elf64(r2, &(0x7f0000000080)=ANY=[], 0xce024b8b) link(&(0x7f0000000240)='./file0\x00', &(0x7f0000000000)='./file1/file0\x00') rmdir(0x0) utimes(&(0x7f00000000c0)='./file1\x00', 0x0) write$binfmt_misc(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0xfffffecc) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$KVM_NMI(r0, 0xae9a) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) [ 479.817595][ T27] audit: type=1804 audit(1583119239.781:205): pid=19967 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir486746795/syzkaller.S4NoXv/94/file0/bus" dev="sda1" ino=17329 res=1 03:20:39 executing program 3: creat(&(0x7f0000000680)='./bus\x00', 0x0) r0 = open(&(0x7f0000000240)='./bus\x00', 0x48401, 0x0) ftruncate(r0, 0x0) [ 479.962068][ T27] audit: type=1800 audit(1583119239.961:206): pid=20087 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed comm="syz-executor.4" name="file0" dev="sda1" ino=17281 res=0 03:20:42 executing program 2: syz_mount_image$vfat(&(0x7f0000000040)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000280)=[{&(0x7f00000003c0)="eb3c906d6b66732e66617400020301", 0xf}], 0x8010, 0x0) 03:20:42 executing program 4: ioctl$KVM_ASSIGN_SET_MSIX_NR(0xffffffffffffffff, 0x4008ae73, 0x0) 03:20:42 executing program 3: r0 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_wireguard(r0, 0x8924, &(0x7f0000000240)={'wg2\x00'}) 03:20:42 executing program 5: perf_event_open(&(0x7f0000000440)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) openat$vcs(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/vcs\x00', 0x440400, 0x0) ioctl$sock_netdev_private(0xffffffffffffffff, 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r0, 0xae80, 0x0) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) pipe(0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) close(r1) socket$inet(0x10, 0x0, 0x0) write(0xffffffffffffffff, 0x0, 0x0) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) mkdir(&(0x7f0000000500)='./file1\x00', 0x0) write$binfmt_elf64(r2, &(0x7f0000000080)=ANY=[], 0xce024b8b) link(&(0x7f0000000240)='./file0\x00', &(0x7f0000000000)='./file1/file0\x00') rmdir(0x0) utimes(&(0x7f00000000c0)='./file1\x00', 0x0) write$binfmt_misc(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0xfffffecc) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$KVM_NMI(r0, 0xae9a) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) 03:20:42 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}], 0x3, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ptrace$cont(0x7, r0, 0x0, 0x0) 03:20:42 executing program 1: prlimit64(0x0, 0x0, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='sched\x00') preadv(0xffffffffffffffff, &(0x7f0000000380)=[{&(0x7f0000000240)=""/123, 0xfffffe65}], 0x1, 0x1000000) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0)='IPVS\x00') sendmsg$IPVS_CMD_FLUSH(r0, &(0x7f0000000500)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="00012bbd7000fcdbdf25114000ff06000f000400000008000900000001000800030004000000"], 0x38}, 0x1, 0x0, 0x0, 0x4000000}, 0x1) r2 = getpid() sched_setattr(r2, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r3 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r3, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r5, 0x407, 0x0) write(r5, &(0x7f0000000340), 0x41395527) vmsplice(r4, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x7e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r6 = open(&(0x7f0000000240)='./file0\x00', 0x880, 0x0) fchdir(r6) r7 = creat(&(0x7f0000000680)='./bus\x00', 0x0) ftruncate(r7, 0x800) lseek(r7, 0x0, 0x2) r8 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0) sendfile(r7, r8, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0x0) sendmsg$NL80211_CMD_START_SCHED_SCAN(0xffffffffffffffff, &(0x7f0000000440)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000400)={&(0x7f00000006c0)=ANY=[@ANYBLOB="6000000056f3257a4fcfe2f523d172e7d3ccf9f026b82608f14536009793803f9262155f95eda2f906e1adf01794d1dc50d9f94fa2755eb6a78e734497b5d45d20299029657b342cf5048b8df517b8262e43802b6f4fd08e4831281e6744113689ba928193e3524a7b5bb966519233661752defd54145cabdab0049aba08ea9b814907008c1d269b2644bfdc4b8dc013fb936339f53e", @ANYRES16=0x0, @ANYBLOB="007bb5bd7000ffdbdf254b0000000400ec000a000600bbbbbbbbbbbb00000800d20000000700000000eeaaa100000000006a00000008000000000000000800000001000000080000000800000008000000fa02038ea700000103e31f08a3aa2bc5ddfe963acf2808c9a935574177c8d8dc9a540181df1ed1e696607eb8de4875eb"], 0x60}, 0x1, 0x0, 0x0, 0x4080}, 0xa0) 03:20:42 executing program 4: r0 = socket$inet(0x2, 0x2, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x10012, r1, 0x0) setsockopt$inet_udp_int(r0, 0x11, 0x0, &(0x7f0000000000), 0x4) 03:20:42 executing program 5: perf_event_open(&(0x7f0000000440)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) openat$vcs(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/vcs\x00', 0x440400, 0x0) ioctl$sock_netdev_private(0xffffffffffffffff, 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r0, 0xae80, 0x0) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) pipe(0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) close(r1) socket$inet(0x10, 0x0, 0x0) write(0xffffffffffffffff, 0x0, 0x0) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) mkdir(&(0x7f0000000500)='./file1\x00', 0x0) write$binfmt_elf64(r2, &(0x7f0000000080)=ANY=[], 0xce024b8b) link(&(0x7f0000000240)='./file0\x00', &(0x7f0000000000)='./file1/file0\x00') rmdir(&(0x7f0000000140)='./file1\x00') utimes(0x0, 0x0) write$binfmt_misc(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0xfffffecc) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$KVM_NMI(r0, 0xae9a) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) 03:20:42 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 03:20:42 executing program 3: recvmmsg(0xffffffffffffffff, &(0x7f000000ce80)=[{{0x0, 0x0, &(0x7f000000a3c0)=[{0x0}, {&(0x7f0000000000)=""/191, 0xbf}], 0x2}}], 0x1, 0x0, 0x0) connect$inet(0xffffffffffffffff, &(0x7f0000000200)={0x2, 0x0, @dev}, 0xffffffa2) r0 = socket$inet(0x2, 0x806, 0x0) connect$inet(r0, &(0x7f00000002c0)={0x2, 0x0, @empty}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f0000003c80), 0x38e, 0x0, 0x0) [ 482.799017][ T27] audit: type=1804 audit(1583119242.801:207): pid=20323 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir486746795/syzkaller.S4NoXv/95/file0/bus" dev="loop1" ino=110 res=1 03:20:42 executing program 2: syz_mount_image$vfat(0x0, &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000280)=[{&(0x7f00000003c0)="eb3c906d6b66732e66617400020301", 0xf}], 0x8010, 0x0) [ 482.889600][ T27] audit: type=1804 audit(1583119242.891:208): pid=20344 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir486746795/syzkaller.S4NoXv/95/file0/bus" dev="loop1" ino=110 res=1 03:20:42 executing program 4: pipe(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$UDMABUF_CREATE(r0, 0x40187542, 0x0) 03:20:43 executing program 3: socketpair(0x18, 0x0, 0x81, &(0x7f0000000840)) 03:20:43 executing program 5: perf_event_open(&(0x7f0000000440)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) openat$vcs(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/vcs\x00', 0x440400, 0x0) ioctl$sock_netdev_private(0xffffffffffffffff, 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r0, 0xae80, 0x0) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) pipe(0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) close(r1) socket$inet(0x10, 0x0, 0x0) write(0xffffffffffffffff, 0x0, 0x0) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) mkdir(&(0x7f0000000500)='./file1\x00', 0x0) write$binfmt_elf64(r2, &(0x7f0000000080)=ANY=[], 0xce024b8b) link(&(0x7f0000000240)='./file0\x00', &(0x7f0000000000)='./file1/file0\x00') rmdir(&(0x7f0000000140)='./file1\x00') utimes(0x0, 0x0) write$binfmt_misc(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0xfffffecc) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$KVM_NMI(r0, 0xae9a) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) 03:20:43 executing program 4: io_setup(0x9, &(0x7f0000000380)) 03:20:43 executing program 2: syz_mount_image$vfat(0x0, &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000280)=[{&(0x7f00000003c0)="eb3c906d6b66732e66617400020301", 0xf}], 0x8010, 0x0) 03:20:45 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {0x0}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ptrace$cont(0x7, r0, 0x0, 0x0) 03:20:45 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_SET_STATION(r0, &(0x7f0000000280)={0x0, 0x0, 0x0}, 0x0) 03:20:45 executing program 5: perf_event_open(&(0x7f0000000440)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) openat$vcs(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/vcs\x00', 0x440400, 0x0) ioctl$sock_netdev_private(0xffffffffffffffff, 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r0, 0xae80, 0x0) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) pipe(0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) close(r1) socket$inet(0x10, 0x0, 0x0) write(0xffffffffffffffff, 0x0, 0x0) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) mkdir(&(0x7f0000000500)='./file1\x00', 0x0) write$binfmt_elf64(r2, &(0x7f0000000080)=ANY=[], 0xce024b8b) link(&(0x7f0000000240)='./file0\x00', &(0x7f0000000000)='./file1/file0\x00') rmdir(&(0x7f0000000140)='./file1\x00') utimes(0x0, 0x0) write$binfmt_misc(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0xfffffecc) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$KVM_NMI(r0, 0xae9a) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) 03:20:45 executing program 4: socket$inet6_tcp(0xa, 0x1, 0x0) socket$inet_udp(0x2, 0x2, 0x0) syz_open_dev$sndpcmp(0x0, 0x0, 0x0) ioctl$sock_inet_SIOCSIFBRDADDR(0xffffffffffffffff, 0x891a, 0x0) syz_genetlink_get_family_id$tipc(&(0x7f0000000140)='TIPC\x00') sendmsg$TIPC_CMD_GET_MAX_PORTS(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x400283}, 0xc, &(0x7f0000000080)={0x0}}, 0x880) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x5}, 0x0, 0xfffeffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$inet_sctp6_SCTP_AUTO_ASCONF(0xffffffffffffffff, 0x84, 0x1e, 0x0, 0x0) open(&(0x7f0000000040)='./bus\x00', 0x0, 0x0) syz_init_net_socket$bt_l2cap(0x1f, 0x0, 0x3) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8b22, &(0x7f0000000000)='wlan0\x00') ioctl$EXT4_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, &(0x7f0000000400)=0x43c023) r0 = syz_open_procfs(0x0, &(0x7f0000000380)='net/if_inet6\x00') preadv(r0, &(0x7f0000000380), 0x0, 0x0) 03:20:45 executing program 1: prlimit64(0x0, 0x0, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='sched\x00') preadv(0xffffffffffffffff, &(0x7f0000000380)=[{&(0x7f0000000240)=""/123, 0xfffffe65}], 0x1, 0x1000000) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0)='IPVS\x00') sendmsg$IPVS_CMD_FLUSH(r0, &(0x7f0000000500)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="00012bbd7000fcdbdf25114000ff06000f000400000008000900000001000800030004000000"], 0x38}, 0x1, 0x0, 0x0, 0x4000000}, 0x1) r2 = getpid() sched_setattr(r2, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r3 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r3, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r5, 0x407, 0x0) write(r5, &(0x7f0000000340), 0x41395527) vmsplice(r4, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x7e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r6 = open(&(0x7f0000000240)='./file0\x00', 0x880, 0x0) fchdir(r6) r7 = creat(&(0x7f0000000680)='./bus\x00', 0x0) ftruncate(r7, 0x800) lseek(r7, 0x0, 0x2) r8 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0) sendfile(r7, r8, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0x0) sendmsg$NL80211_CMD_START_SCHED_SCAN(0xffffffffffffffff, &(0x7f0000000440)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000400)={&(0x7f00000006c0)=ANY=[@ANYBLOB="6000000056f3257a4fcfe2f523d172e7d3ccf9f026b82608f14536009793803f9262155f95eda2f906e1adf01794d1dc50d9f94fa2755eb6a78e734497b5d45d20299029657b342cf5048b8df517b8262e43802b6f4fd08e4831281e6744113689ba928193e3524a7b5bb966519233661752defd54145cabdab0049aba08ea9b814907008c1d269b2644bfdc4b8dc013fb936339f53e", @ANYRES16=0x0, @ANYBLOB="007bb5bd7000ffdbdf254b0000000400ec000a000600bbbbbbbbbbbb00000800d20000000700000000eeaaa100000000006a00000008000000000000000800000001000000080000000800000008000000fa02038ea700000103e31f08a3aa2bc5ddfe963acf2808c9a935574177c8d8dc9a540181df1ed1e696607eb8de4875eb"], 0x60}, 0x1, 0x0, 0x0, 0x4080}, 0xa0) 03:20:45 executing program 2: syz_mount_image$vfat(0x0, &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000280)=[{&(0x7f00000003c0)="eb3c906d6b66732e66617400020301", 0xf}], 0x8010, 0x0) 03:20:45 executing program 3: mprotect(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0x0) mprotect(&(0x7f0000a00000/0x600000)=nil, 0x600000, 0x0) 03:20:45 executing program 2: syz_mount_image$vfat(&(0x7f0000000040)='vfat\x00', 0x0, 0x7fff, 0x1, &(0x7f0000000280)=[{&(0x7f00000003c0)="eb3c906d6b66732e66617400020301", 0xf}], 0x8010, 0x0) 03:20:45 executing program 4: bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000300)={0xffffffffffffffff, 0x0, 0x0}, 0x10) 03:20:45 executing program 3: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f00000000c0)) [ 485.909646][ T27] audit: type=1804 audit(1583119245.911:209): pid=20629 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir486746795/syzkaller.S4NoXv/96/file0/bus" dev="loop1" ino=111 res=1 03:20:45 executing program 5: perf_event_open(&(0x7f0000000440)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) openat$vcs(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/vcs\x00', 0x440400, 0x0) ioctl$sock_netdev_private(0xffffffffffffffff, 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r0, 0xae80, 0x0) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) pipe(0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) close(r1) socket$inet(0x10, 0x0, 0x0) write(0xffffffffffffffff, 0x0, 0x0) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) mkdir(&(0x7f0000000500)='./file1\x00', 0x0) write$binfmt_elf64(r2, &(0x7f0000000080)=ANY=[], 0xce024b8b) link(&(0x7f0000000240)='./file0\x00', &(0x7f0000000000)='./file1/file0\x00') rmdir(&(0x7f0000000140)='./file1\x00') utimes(&(0x7f00000000c0)='./file1\x00', 0x0) write$binfmt_misc(0xffffffffffffffff, 0x0, 0x0) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$KVM_NMI(r0, 0xae9a) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) [ 486.019629][ T27] audit: type=1804 audit(1583119246.021:210): pid=20709 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir486746795/syzkaller.S4NoXv/96/file0/bus" dev="loop1" ino=111 res=1 03:20:46 executing program 2: syz_mount_image$vfat(&(0x7f0000000040)='vfat\x00', 0x0, 0x7fff, 0x1, &(0x7f0000000280)=[{&(0x7f00000003c0)="eb3c906d6b66732e66617400020301", 0xf}], 0x8010, 0x0) 03:20:48 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {0x0}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ptrace$cont(0x7, r0, 0x0, 0x0) 03:20:48 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = socket$inet_udplite(0x2, 0x2, 0x88) r2 = fcntl$dupfd(r0, 0x0, r1) setsockopt$IPT_SO_SET_REPLACE(r2, 0x0, 0x40, &(0x7f0000000980)=ANY=[@ANYBLOB="726177000000000000000000000000000000000000000000000000000000000008f80000030000003003000098020000000000000000000000000000000000009802000098020000980700009802000098020000030080000000000000000000ffffffffe00000010000000000000000e4000000010000000000bd00000000007465616d5f736c6176655f310000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c001080200000000000000000000000000000000000000005001686173686c696d6974000000000000000000000000000000000000000002726f7365300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000040000000000000000000000000000000000000000000000000000000000000fb00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000fcffffffffffffff000000000000000000000000030000000700000000000000000000000000000048"], 0x1) 03:20:48 executing program 3: mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000000d40)={0xffffffffffffffff}, 0x0) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000340)='9p\x00', 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=']) 03:20:48 executing program 5: perf_event_open(&(0x7f0000000440)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) openat$vcs(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/vcs\x00', 0x440400, 0x0) ioctl$sock_netdev_private(0xffffffffffffffff, 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r0, 0xae80, 0x0) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) pipe(0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) close(r1) socket$inet(0x10, 0x0, 0x0) write(0xffffffffffffffff, 0x0, 0x0) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) mkdir(&(0x7f0000000500)='./file1\x00', 0x0) write$binfmt_elf64(r2, &(0x7f0000000080)=ANY=[], 0xce024b8b) link(&(0x7f0000000240)='./file0\x00', &(0x7f0000000000)='./file1/file0\x00') rmdir(&(0x7f0000000140)='./file1\x00') utimes(&(0x7f00000000c0)='./file1\x00', 0x0) write$binfmt_misc(0xffffffffffffffff, 0x0, 0x0) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$KVM_NMI(r0, 0xae9a) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) 03:20:48 executing program 2: syz_mount_image$vfat(&(0x7f0000000040)='vfat\x00', 0x0, 0x7fff, 0x1, &(0x7f0000000280)=[{&(0x7f00000003c0)="eb3c906d6b66732e66617400020301", 0xf}], 0x8010, 0x0) 03:20:48 executing program 1: prlimit64(0x0, 0x0, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='sched\x00') preadv(0xffffffffffffffff, 0x0, 0x0, 0x1000000) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0)='IPVS\x00') sendmsg$IPVS_CMD_FLUSH(r0, &(0x7f0000000500)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="00012bbd7000fcdbdf25114000ff06000f000400000008000900000001000800030004000000"], 0x38}, 0x1, 0x0, 0x0, 0x4000000}, 0x1) r2 = getpid() sched_setattr(r2, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r3 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r3, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r5, 0x407, 0x0) write(r5, &(0x7f0000000340), 0x41395527) vmsplice(r4, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x7e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r6 = open(&(0x7f0000000240)='./file0\x00', 0x880, 0x0) fchdir(r6) r7 = creat(&(0x7f0000000680)='./bus\x00', 0x0) ftruncate(r7, 0x800) lseek(r7, 0x0, 0x2) r8 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0) sendfile(r7, r8, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0x0) sendmsg$NL80211_CMD_START_SCHED_SCAN(0xffffffffffffffff, &(0x7f0000000440)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000400)={&(0x7f00000006c0)=ANY=[@ANYBLOB="6000000056f3257a4fcfe2f523d172e7d3ccf9f026b82608f14536009793803f9262155f95eda2f906e1adf01794d1dc50d9f94fa2755eb6a78e734497b5d45d20299029657b342cf5048b8df517b8262e43802b6f4fd08e4831281e6744113689ba928193e3524a7b5bb966519233661752defd54145cabdab0049aba08ea9b814907008c1d269b2644bfdc4b8dc013fb936339f53e", @ANYRES16=0x0, @ANYBLOB="007bb5bd7000ffdbdf254b0000000400ec000a000600bbbbbbbbbbbb00000800d20000000700000000eeaaa100000000006a00000008000000000000000800000001000000080000000800000008000000fa02038ea700000103e31f08a3aa2bc5ddfe963acf2808c9a935574177c8d8dc9a540181df1ed1e696607eb8de4875eb"], 0x60}, 0x1, 0x0, 0x0, 0x4080}, 0xa0) [ 488.864874][T20837] 9pnet: Insufficient options for proto=fd [ 488.873852][T20843] 9pnet: Insufficient options for proto=fd 03:20:48 executing program 3: r0 = socket$kcm(0x29, 0x2, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000040)={'team0\x00'}) 03:20:48 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NLBL_CIPSOV4_C_REMOVE(r0, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={0x0}}, 0x0) syz_genetlink_get_family_id$netlbl_cipso(0x0) 03:20:48 executing program 2: syz_mount_image$vfat(&(0x7f0000000040)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000280)=[{&(0x7f00000003c0)="eb3c906d6b66732e66617400020301", 0xf}], 0x8010, 0x0) 03:20:49 executing program 5: perf_event_open(&(0x7f0000000440)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) openat$vcs(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/vcs\x00', 0x440400, 0x0) ioctl$sock_netdev_private(0xffffffffffffffff, 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r0, 0xae80, 0x0) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) pipe(0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) close(r1) socket$inet(0x10, 0x0, 0x0) write(0xffffffffffffffff, 0x0, 0x0) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) mkdir(&(0x7f0000000500)='./file1\x00', 0x0) write$binfmt_elf64(r2, &(0x7f0000000080)=ANY=[], 0xce024b8b) link(&(0x7f0000000240)='./file0\x00', &(0x7f0000000000)='./file1/file0\x00') rmdir(&(0x7f0000000140)='./file1\x00') utimes(&(0x7f00000000c0)='./file1\x00', 0x0) write$binfmt_misc(0xffffffffffffffff, 0x0, 0x0) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$KVM_NMI(r0, 0xae9a) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) [ 489.108395][ T27] audit: type=1804 audit(1583119249.111:211): pid=20951 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir486746795/syzkaller.S4NoXv/97/file0/bus" dev="loop1" ino=112 res=1 03:20:49 executing program 3: getpid() openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) perf_event_open(&(0x7f00000004c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1f}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000300)='net/netlink\x00') socket$kcm(0x29, 0x0, 0x0) r1 = add_key(&(0x7f0000000100)='encrypted\x00', 0x0, &(0x7f0000000100), 0x0, 0xfffffffffffffffe) keyctl$read(0xb, r1, &(0x7f0000000240)=""/112, 0x349b7f55) add_key(&(0x7f0000000140)='encrypted\x00', &(0x7f0000000180)={'syz'}, &(0x7f0000000100), 0xca, 0xfffffffffffffffe) sendmsg$nl_generic(r0, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000680)={0xcc, 0x33, 0x2, 0x0, 0x25dfdbfc, {0x1d}, [@nested={0xc, 0x0, 0x0, 0x1, [@typed={0x8, 0x5e, 0x0, 0x0, @fd}]}, @typed={0x8, 0x93, 0x0, 0x0, @uid}, @generic, @generic="75eb6be7e569bdc91bdc3361692f29b06bde66b639722df1918bb7fbb94daf2efc550fea0f0c0f0ed909a96c884eb94a23df1de3efef1bd3f512f828287768a593ba9addfcc44e47", @typed={0x8, 0x7f, 0x0, 0x0, @u32=0x2}, @generic, @generic="4075b405633881b98bd4bcc79d196afddd82eda36149ae74639d6f768043bcf49620342b736aa73bdec365dd59b1b85bc3b3e56769aac6de6e8035e332091ef7e4091c63b00ca9e19897ccfb9ccd1d905efe38c0"]}, 0xcc}, 0x1, 0x0, 0x0, 0x4000080}, 0x4008040) mkdir(&(0x7f0000000140)='./file0\x00', 0x0) mkdir(&(0x7f0000000180)='./file0//ile0\x00', 0x0) rmdir(&(0x7f0000000340)='./file0//ile0\x00') [ 489.196158][ T27] audit: type=1804 audit(1583119249.181:212): pid=20964 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir486746795/syzkaller.S4NoXv/97/file0/bus" dev="loop1" ino=112 res=1 03:20:49 executing program 4: r0 = socket$inet6(0xa, 0x2, 0x0) getsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, 0x0, 0x0) [ 489.392467][T21076] encrypted_key: insufficient parameters specified [ 489.519650][T21076] encrypted_key: insufficient parameters specified 03:20:51 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {0x0}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ptrace$cont(0x7, r0, 0x0, 0x0) 03:20:51 executing program 2: syz_mount_image$vfat(&(0x7f0000000040)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000280)=[{&(0x7f00000003c0)="eb3c906d6b66732e66617400020301", 0xf}], 0x8010, 0x0) 03:20:51 executing program 5: perf_event_open(&(0x7f0000000440)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) openat$vcs(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/vcs\x00', 0x440400, 0x0) ioctl$sock_netdev_private(0xffffffffffffffff, 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r0, 0xae80, 0x0) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) pipe(0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) close(r1) socket$inet(0x10, 0x0, 0x0) write(0xffffffffffffffff, 0x0, 0x0) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) mkdir(&(0x7f0000000500)='./file1\x00', 0x0) write$binfmt_elf64(r2, &(0x7f0000000080)=ANY=[], 0xce024b8b) link(&(0x7f0000000240)='./file0\x00', &(0x7f0000000000)='./file1/file0\x00') rmdir(&(0x7f0000000140)='./file1\x00') utimes(&(0x7f00000000c0)='./file1\x00', 0x0) write$binfmt_misc(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0xfffffecc) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$KVM_NMI(0xffffffffffffffff, 0xae9a) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) 03:20:51 executing program 4: syz_open_dev$sndctrl(&(0x7f0000000080)='/dev/snd/controlC#\x00', 0x0, 0x0) 03:20:51 executing program 3: getpid() openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) perf_event_open(&(0x7f00000004c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1f}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000300)='net/netlink\x00') socket$kcm(0x29, 0x0, 0x0) r1 = add_key(&(0x7f0000000100)='encrypted\x00', 0x0, &(0x7f0000000100), 0x0, 0xfffffffffffffffe) keyctl$read(0xb, r1, &(0x7f0000000240)=""/112, 0x349b7f55) add_key(&(0x7f0000000140)='encrypted\x00', &(0x7f0000000180)={'syz'}, &(0x7f0000000100), 0xca, 0xfffffffffffffffe) sendmsg$nl_generic(r0, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000680)={0xcc, 0x33, 0x2, 0x0, 0x25dfdbfc, {0x1d}, [@nested={0xc, 0x0, 0x0, 0x1, [@typed={0x8, 0x5e, 0x0, 0x0, @fd}]}, @typed={0x8, 0x93, 0x0, 0x0, @uid}, @generic, @generic="75eb6be7e569bdc91bdc3361692f29b06bde66b639722df1918bb7fbb94daf2efc550fea0f0c0f0ed909a96c884eb94a23df1de3efef1bd3f512f828287768a593ba9addfcc44e47", @typed={0x8, 0x7f, 0x0, 0x0, @u32=0x2}, @generic, @generic="4075b405633881b98bd4bcc79d196afddd82eda36149ae74639d6f768043bcf49620342b736aa73bdec365dd59b1b85bc3b3e56769aac6de6e8035e332091ef7e4091c63b00ca9e19897ccfb9ccd1d905efe38c0"]}, 0xcc}, 0x1, 0x0, 0x0, 0x4000080}, 0x4008040) mkdir(&(0x7f0000000140)='./file0\x00', 0x0) mkdir(&(0x7f0000000180)='./file0//ile0\x00', 0x0) rmdir(&(0x7f0000000340)='./file0//ile0\x00') 03:20:51 executing program 1: prlimit64(0x0, 0x0, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='sched\x00') preadv(0xffffffffffffffff, 0x0, 0x0, 0x1000000) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0)='IPVS\x00') sendmsg$IPVS_CMD_FLUSH(r0, &(0x7f0000000500)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="00012bbd7000fcdbdf25114000ff06000f000400000008000900000001000800030004000000"], 0x38}, 0x1, 0x0, 0x0, 0x4000000}, 0x1) r2 = getpid() sched_setattr(r2, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r3 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r3, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r5, 0x407, 0x0) write(r5, &(0x7f0000000340), 0x41395527) vmsplice(r4, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x7e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r6 = open(&(0x7f0000000240)='./file0\x00', 0x880, 0x0) fchdir(r6) r7 = creat(&(0x7f0000000680)='./bus\x00', 0x0) ftruncate(r7, 0x800) lseek(r7, 0x0, 0x2) r8 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0) sendfile(r7, r8, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0x0) sendmsg$NL80211_CMD_START_SCHED_SCAN(0xffffffffffffffff, &(0x7f0000000440)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000400)={&(0x7f00000006c0)=ANY=[@ANYBLOB="6000000056f3257a4fcfe2f523d172e7d3ccf9f026b82608f14536009793803f9262155f95eda2f906e1adf01794d1dc50d9f94fa2755eb6a78e734497b5d45d20299029657b342cf5048b8df517b8262e43802b6f4fd08e4831281e6744113689ba928193e3524a7b5bb966519233661752defd54145cabdab0049aba08ea9b814907008c1d269b2644bfdc4b8dc013fb936339f53e", @ANYRES16=0x0, @ANYBLOB="007bb5bd7000ffdbdf254b0000000400ec000a000600bbbbbbbbbbbb00000800d20000000700000000eeaaa100000000006a00000008000000000000000800000001000000080000000800000008000000fa02038ea700000103e31f08a3aa2bc5ddfe963acf2808c9a935574177c8d8dc9a540181df1ed1e696607eb8de4875eb"], 0x60}, 0x1, 0x0, 0x0, 0x4080}, 0xa0) 03:20:51 executing program 4: r0 = syz_open_dev$usbfs(&(0x7f0000000040)='/dev/bus/usb/00#/00#\x00', 0x4000000000000071, 0x28001) ioctl$USBDEVFS_RELEASE_PORT(r0, 0x80045519, &(0x7f0000000000)=0x1dd) [ 492.040581][T21133] encrypted_key: insufficient parameters specified 03:20:52 executing program 4: r0 = syz_open_dev$usbfs(&(0x7f0000000040)='/dev/bus/usb/00#/00#\x00', 0x4000000000000071, 0x28001) ioctl$USBDEVFS_RELEASE_PORT(r0, 0x80045519, &(0x7f0000000000)=0x1dd) 03:20:52 executing program 2: syz_mount_image$vfat(&(0x7f0000000040)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000280)=[{&(0x7f00000003c0)="eb3c906d6b66732e66617400020301", 0xf}], 0x8010, 0x0) [ 492.122566][ T27] audit: type=1804 audit(1583119252.121:213): pid=21153 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir486746795/syzkaller.S4NoXv/98/file0/bus" dev="loop1" ino=113 res=1 03:20:52 executing program 5: perf_event_open(&(0x7f0000000440)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) openat$vcs(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/vcs\x00', 0x440400, 0x0) ioctl$sock_netdev_private(0xffffffffffffffff, 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r0, 0xae80, 0x0) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) pipe(0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) close(r1) socket$inet(0x10, 0x0, 0x0) write(0xffffffffffffffff, 0x0, 0x0) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) mkdir(&(0x7f0000000500)='./file1\x00', 0x0) write$binfmt_elf64(r2, &(0x7f0000000080)=ANY=[], 0xce024b8b) link(&(0x7f0000000240)='./file0\x00', &(0x7f0000000000)='./file1/file0\x00') rmdir(&(0x7f0000000140)='./file1\x00') utimes(&(0x7f00000000c0)='./file1\x00', 0x0) write$binfmt_misc(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0xfffffecc) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$KVM_NMI(0xffffffffffffffff, 0xae9a) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) [ 492.219467][ T27] audit: type=1804 audit(1583119252.171:214): pid=21153 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir486746795/syzkaller.S4NoXv/98/file0/bus" dev="loop1" ino=113 res=1 03:20:52 executing program 4: socket(0x22, 0x0, 0x1) 03:20:52 executing program 2: syz_mount_image$vfat(&(0x7f0000000040)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x0, 0x0, 0x8010, 0x0) 03:20:55 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000200)}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ptrace$cont(0x7, r0, 0x0, 0x0) 03:20:55 executing program 3: r0 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_wireguard(r0, 0x894c, 0x0) 03:20:55 executing program 4: mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000495000/0x400000)=nil, 0x404000, 0x15) 03:20:55 executing program 5: perf_event_open(&(0x7f0000000440)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) openat$vcs(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/vcs\x00', 0x440400, 0x0) ioctl$sock_netdev_private(0xffffffffffffffff, 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r0, 0xae80, 0x0) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) pipe(0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) close(r1) socket$inet(0x10, 0x0, 0x0) write(0xffffffffffffffff, 0x0, 0x0) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) mkdir(&(0x7f0000000500)='./file1\x00', 0x0) write$binfmt_elf64(r2, &(0x7f0000000080)=ANY=[], 0xce024b8b) link(&(0x7f0000000240)='./file0\x00', &(0x7f0000000000)='./file1/file0\x00') rmdir(&(0x7f0000000140)='./file1\x00') utimes(&(0x7f00000000c0)='./file1\x00', 0x0) write$binfmt_misc(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0xfffffecc) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$KVM_NMI(0xffffffffffffffff, 0xae9a) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) 03:20:55 executing program 2: syz_mount_image$vfat(&(0x7f0000000040)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x0, 0x0, 0x8010, 0x0) 03:20:55 executing program 1: prlimit64(0x0, 0x0, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='sched\x00') preadv(0xffffffffffffffff, 0x0, 0x0, 0x1000000) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0)='IPVS\x00') sendmsg$IPVS_CMD_FLUSH(r0, &(0x7f0000000500)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="00012bbd7000fcdbdf25114000ff06000f000400000008000900000001000800030004000000"], 0x38}, 0x1, 0x0, 0x0, 0x4000000}, 0x1) r2 = getpid() sched_setattr(r2, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r3 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r3, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r5, 0x407, 0x0) write(r5, &(0x7f0000000340), 0x41395527) vmsplice(r4, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x7e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r6 = open(&(0x7f0000000240)='./file0\x00', 0x880, 0x0) fchdir(r6) r7 = creat(&(0x7f0000000680)='./bus\x00', 0x0) ftruncate(r7, 0x800) lseek(r7, 0x0, 0x2) r8 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0) sendfile(r7, r8, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0x0) sendmsg$NL80211_CMD_START_SCHED_SCAN(0xffffffffffffffff, &(0x7f0000000440)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000400)={&(0x7f00000006c0)=ANY=[@ANYBLOB="6000000056f3257a4fcfe2f523d172e7d3ccf9f026b82608f14536009793803f9262155f95eda2f906e1adf01794d1dc50d9f94fa2755eb6a78e734497b5d45d20299029657b342cf5048b8df517b8262e43802b6f4fd08e4831281e6744113689ba928193e3524a7b5bb966519233661752defd54145cabdab0049aba08ea9b814907008c1d269b2644bfdc4b8dc013fb936339f53e", @ANYRES16=0x0, @ANYBLOB="007bb5bd7000ffdbdf254b0000000400ec000a000600bbbbbbbbbbbb00000800d20000000700000000eeaaa100000000006a00000008000000000000000800000001000000080000000800000008000000fa02038ea700000103e31f08a3aa2bc5ddfe963acf2808c9a935574177c8d8dc9a540181df1ed1e696607eb8de4875eb"], 0x60}, 0x1, 0x0, 0x0, 0x4080}, 0xa0) 03:20:55 executing program 3: sendmsg$IPCTNL_MSG_CT_GET(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[@ANYBLOB="50000000010105009c00000000000000000000003c0001802c000180140003000000000000000000000000000000000014000400fe800100006559b270cd6524270000aa0c0002800500010000000000"], 0x50}}, 0x0) r0 = socket(0x10, 0x80002, 0x0) sendmmsg$alg(r0, &(0x7f0000000140), 0x492492492492805, 0x0) 03:20:55 executing program 2: syz_mount_image$vfat(&(0x7f0000000040)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x0, 0x0, 0x8010, 0x0) [ 495.317185][ T27] audit: type=1804 audit(1583119255.321:215): pid=21441 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir486746795/syzkaller.S4NoXv/99/file0/bus" dev="loop1" ino=114 res=1 03:20:55 executing program 5: bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0x10, 0x4, 0x4, 0x5, 0x0, 0xffffffffffffffff, 0x0, [0x2e]}, 0x3c) 03:20:55 executing program 3: syz_open_dev$rtc(&(0x7f0000000100)='/dev/rtc#\x00', 0x0, 0x2c1) [ 495.449096][ T27] audit: type=1804 audit(1583119255.371:216): pid=21441 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir486746795/syzkaller.S4NoXv/99/file0/bus" dev="loop1" ino=114 res=1 03:20:55 executing program 2: syz_mount_image$vfat(&(0x7f0000000040)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x0, &(0x7f0000000280), 0x8010, 0x0) 03:20:55 executing program 3: migrate_pages(0x0, 0x6, 0x0, &(0x7f0000001ac0)=0x2) 03:20:58 executing program 3: open(&(0x7f00000000c0)='./file0\x00', 0x204c2, 0x0) mount(&(0x7f0000001340)=ANY=[@ANYBLOB='./file0'], &(0x7f0000000000)='./file0\x00', 0x0, 0x30c5000, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x292a8bc, &(0x7f0000000180)) pipe(0x0) socket$netlink(0x10, 0x3, 0x0) 03:20:58 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000200)}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ptrace$cont(0x7, r0, 0x0, 0x0) 03:20:58 executing program 5: r0 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_inet_SIOCSARP(r0, 0x8953, &(0x7f0000000280)={{0x2, 0x0, @multicast2}, {0x30c, @random="300e5b2235fb"}, 0x0, {0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 'syz_tun\x00'}) 03:20:58 executing program 2: syz_mount_image$vfat(&(0x7f0000000040)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x0, &(0x7f0000000280), 0x8010, 0x0) 03:20:58 executing program 4: prctl$PR_SVE_GET_VL(0x33, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x7fff, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000000, 0x0) mmap(&(0x7f0000000000/0x95c000)=nil, 0x95c000, 0x4, 0x44831, 0xffffffffffffffff, 0x0) 03:20:58 executing program 1: prlimit64(0x0, 0x0, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='sched\x00') preadv(0xffffffffffffffff, &(0x7f0000000380), 0x0, 0x1000000) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0)='IPVS\x00') sendmsg$IPVS_CMD_FLUSH(r0, &(0x7f0000000500)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="00012bbd7000fcdbdf25114000ff06000f000400000008000900000001000800030004000000"], 0x38}, 0x1, 0x0, 0x0, 0x4000000}, 0x1) r2 = getpid() sched_setattr(r2, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r3 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r3, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r5, 0x407, 0x0) write(r5, &(0x7f0000000340), 0x41395527) vmsplice(r4, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x7e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r6 = open(&(0x7f0000000240)='./file0\x00', 0x880, 0x0) fchdir(r6) r7 = creat(&(0x7f0000000680)='./bus\x00', 0x0) ftruncate(r7, 0x800) lseek(r7, 0x0, 0x2) r8 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0) sendfile(r7, r8, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0x0) sendmsg$NL80211_CMD_START_SCHED_SCAN(0xffffffffffffffff, &(0x7f0000000440)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000400)={&(0x7f00000006c0)=ANY=[@ANYBLOB="6000000056f3257a4fcfe2f523d172e7d3ccf9f026b82608f14536009793803f9262155f95eda2f906e1adf01794d1dc50d9f94fa2755eb6a78e734497b5d45d20299029657b342cf5048b8df517b8262e43802b6f4fd08e4831281e6744113689ba928193e3524a7b5bb966519233661752defd54145cabdab0049aba08ea9b814907008c1d269b2644bfdc4b8dc013fb936339f53e", @ANYRES16=0x0, @ANYBLOB="007bb5bd7000ffdbdf254b0000000400ec000a000600bbbbbbbbbbbb00000800d20000000700000000eeaaa100000000006a00000008000000000000000800000001000000080000000800000008000000fa02038ea700000103e31f08a3aa2bc5ddfe963acf2808c9a935574177c8d8dc9a540181df1ed1e696607eb8de4875eb"], 0x60}, 0x1, 0x0, 0x0, 0x4080}, 0xa0) 03:20:58 executing program 5: add_key$keyring(&(0x7f0000000080)='keyring\x00', 0x0, 0x0, 0x0, 0xffffffffffffffff) semop(0x0, &(0x7f0000000100)=[{0x0, 0x7b4}], 0x1) 03:20:58 executing program 2: syz_mount_image$vfat(&(0x7f0000000040)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x0, &(0x7f0000000280), 0x8010, 0x0) [ 498.235908][T21502] EXT4-fs (sda1): re-mounted. Opts: 03:20:58 executing program 5: socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) accept$netrom(r0, 0x0, 0x0) [ 498.311488][T21513] EXT4-fs (sda1): re-mounted. Opts: [ 498.364913][ T27] audit: type=1804 audit(1583119258.361:217): pid=21519 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir486746795/syzkaller.S4NoXv/100/file0/bus" dev="loop1" ino=115 res=1 03:20:58 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) 03:20:58 executing program 3: creat(0x0, 0x0) openat$zero(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = creat(&(0x7f0000000040)='./bus\x00', 0x0) fallocate(r0, 0x0, 0x0, 0x1000100) [ 498.462741][ T27] audit: type=1804 audit(1583119258.451:218): pid=21512 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir486746795/syzkaller.S4NoXv/100/file0/bus" dev="loop1" ino=115 res=1 03:20:58 executing program 2: syz_mount_image$vfat(&(0x7f0000000040)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000280)=[{0x0}], 0x8010, 0x0) 03:20:58 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) 03:21:01 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000200)}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ptrace$cont(0x7, r0, 0x0, 0x0) 03:21:01 executing program 3: r0 = getpid() sched_setscheduler(r0, 0x5, 0x0) openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) sendmsg$IPSET_CMD_DEL(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000000)={0x14}, 0x14}}, 0x0) perf_event_open(&(0x7f00000004c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1f}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket$kcm(0x29, 0x0, 0x0) openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x0, 0x0) open(&(0x7f0000000180)='./file1\x00', 0x0, 0x0) keyctl$reject(0x13, 0x0, 0x0, 0x3, 0x0) keyctl$chown(0x4, 0x0, 0x0, 0x0) mkdir(&(0x7f0000000140)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000440)='cgroup2\x00', 0x0, 0x0) mkdir(&(0x7f0000000180)='./file0//ile0\x00', 0x0) rmdir(&(0x7f0000000340)='./file0//ile0\x00') 03:21:01 executing program 2: syz_mount_image$vfat(&(0x7f0000000040)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000280)=[{0x0}], 0x8010, 0x0) 03:21:01 executing program 5: prctl$PR_SVE_GET_VL(0x33, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) syncfs(0xffffffffffffffff) 03:21:01 executing program 1: prlimit64(0x0, 0x0, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='sched\x00') preadv(0xffffffffffffffff, &(0x7f0000000380), 0x0, 0x1000000) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0)='IPVS\x00') sendmsg$IPVS_CMD_FLUSH(r0, &(0x7f0000000500)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="00012bbd7000fcdbdf25114000ff06000f000400000008000900000001000800030004000000"], 0x38}, 0x1, 0x0, 0x0, 0x4000000}, 0x1) r2 = getpid() sched_setattr(r2, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r3 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r3, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r5, 0x407, 0x0) write(r5, &(0x7f0000000340), 0x41395527) vmsplice(r4, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x7e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r6 = open(&(0x7f0000000240)='./file0\x00', 0x880, 0x0) fchdir(r6) r7 = creat(&(0x7f0000000680)='./bus\x00', 0x0) ftruncate(r7, 0x800) lseek(r7, 0x0, 0x2) r8 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0) sendfile(r7, r8, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0x0) sendmsg$NL80211_CMD_START_SCHED_SCAN(0xffffffffffffffff, &(0x7f0000000440)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000400)={&(0x7f00000006c0)=ANY=[@ANYBLOB="6000000056f3257a4fcfe2f523d172e7d3ccf9f026b82608f14536009793803f9262155f95eda2f906e1adf01794d1dc50d9f94fa2755eb6a78e734497b5d45d20299029657b342cf5048b8df517b8262e43802b6f4fd08e4831281e6744113689ba928193e3524a7b5bb966519233661752defd54145cabdab0049aba08ea9b814907008c1d269b2644bfdc4b8dc013fb936339f53e", @ANYRES16=0x0, @ANYBLOB="007bb5bd7000ffdbdf254b0000000400ec000a000600bbbbbbbbbbbb00000800d20000000700000000eeaaa100000000006a00000008000000000000000800000001000000080000000800000008000000fa02038ea700000103e31f08a3aa2bc5ddfe963acf2808c9a935574177c8d8dc9a540181df1ed1e696607eb8de4875eb"], 0x60}, 0x1, 0x0, 0x0, 0x4080}, 0xa0) 03:21:01 executing program 4: prctl$PR_SVE_GET_VL(0x33, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x7fff, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000000, 0x0) mmap(&(0x7f0000000000/0x95c000)=nil, 0x95c000, 0x4, 0x44831, 0xffffffffffffffff, 0x0) [ 501.391691][ T27] audit: type=1804 audit(1583119261.391:219): pid=21675 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir486746795/syzkaller.S4NoXv/101/file0/bus" dev="loop1" ino=116 res=1 03:21:01 executing program 2: syz_mount_image$vfat(&(0x7f0000000040)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000280)=[{0x0}], 0x8010, 0x0) [ 501.469450][ T27] audit: type=1804 audit(1583119261.471:220): pid=21751 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir486746795/syzkaller.S4NoXv/101/file0/bus" dev="loop1" ino=116 res=1 03:21:01 executing program 3: r0 = memfd_create(&(0x7f0000000100)='#\x00', 0x0) write(r0, 0x0, 0x0) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x80000000004, 0x11, r0, 0x0) openat$dlm_plock(0xffffffffffffff9c, 0x0, 0x0, 0x0) 03:21:01 executing program 2: syz_mount_image$vfat(&(0x7f0000000040)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000280)=[{&(0x7f00000003c0)}], 0x8010, 0x0) 03:21:01 executing program 5: mknod(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) 03:21:01 executing program 2: syz_mount_image$vfat(&(0x7f0000000040)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000280)=[{&(0x7f00000003c0)}], 0x8010, 0x0) 03:21:01 executing program 3: r0 = memfd_create(0x0, 0x0) r1 = creat(&(0x7f0000000480)='./bus/file0\x00', 0x81) read$eventfd(r1, 0x0, 0x0) fallocate(r0, 0x800000000000003, 0xfa9, 0x0) r2 = msgget$private(0x0, 0x204) msgctl$IPC_STAT(r2, 0x2, &(0x7f00000002c0)=""/106) r3 = socket$inet6(0xa, 0x400000000001, 0x0) r4 = dup(r3) openat$cgroup_procs(0xffffffffffffff9c, &(0x7f0000000040)='cgroup.procs\x00', 0x2, 0x0) preadv(0xffffffffffffffff, &(0x7f00000027c0)=[{&(0x7f0000003840)=""/4109, 0x100d}], 0x24, 0x0) openat$cgroup_procs(0xffffffffffffff9c, &(0x7f0000000040)='cgroup.procs\x00', 0x2, 0x0) preadv(0xffffffffffffffff, &(0x7f00000027c0), 0x0, 0x0) dup2(0xffffffffffffffff, 0xffffffffffffffff) r5 = openat$cgroup_procs(0xffffffffffffff9c, &(0x7f0000000040)='cgroup.procs\x00', 0x2, 0x0) dup2(r5, r5) getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, 0x0, &(0x7f0000000880)) perf_event_open(&(0x7f000001d000)={0x1, 0x396, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x400}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r6 = open(&(0x7f0000000440)='./bus\x00', 0x141042, 0x0) sendfile(r4, r6, 0x0, 0x0) [ 502.231505][ T7954] attempt to access beyond end of device [ 502.245918][ T7954] loop1: rw=1, want=3933, limit=63 [ 502.275969][ T7954] attempt to access beyond end of device [ 502.282740][ T7954] loop1: rw=1, want=5981, limit=63 [ 502.303777][ T7954] attempt to access beyond end of device [ 502.309770][ T7954] loop1: rw=1, want=8029, limit=63 [ 502.335701][ T7954] attempt to access beyond end of device [ 502.348101][ T7954] loop1: rw=1, want=9793, limit=63 03:21:04 executing program 2: syz_mount_image$vfat(&(0x7f0000000040)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000280)=[{&(0x7f00000003c0)}], 0x8010, 0x0) 03:21:04 executing program 5: r0 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000780)='/proc/capi/capi20ncci\x00', 0x0, 0x0) ioctl$KVM_ASSIGN_PCI_DEVICE(r0, 0x8040ae69, 0x0) 03:21:04 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000200)="6653070002053c27bc337600363925d86800278dcff47d010000805acf4f8f36460234432479aed75d492b415bcee00a06dc", 0x32}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ptrace$cont(0x7, r0, 0x0, 0x0) 03:21:04 executing program 1: prlimit64(0x0, 0x0, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='sched\x00') preadv(0xffffffffffffffff, &(0x7f0000000380), 0x0, 0x1000000) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0)='IPVS\x00') sendmsg$IPVS_CMD_FLUSH(r0, &(0x7f0000000500)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="00012bbd7000fcdbdf25114000ff06000f000400000008000900000001000800030004000000"], 0x38}, 0x1, 0x0, 0x0, 0x4000000}, 0x1) r2 = getpid() sched_setattr(r2, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r3 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r3, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r5, 0x407, 0x0) write(r5, &(0x7f0000000340), 0x41395527) vmsplice(r4, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x7e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r6 = open(&(0x7f0000000240)='./file0\x00', 0x880, 0x0) fchdir(r6) r7 = creat(&(0x7f0000000680)='./bus\x00', 0x0) ftruncate(r7, 0x800) lseek(r7, 0x0, 0x2) r8 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0) sendfile(r7, r8, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0x0) sendmsg$NL80211_CMD_START_SCHED_SCAN(0xffffffffffffffff, &(0x7f0000000440)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000400)={&(0x7f00000006c0)=ANY=[@ANYBLOB="6000000056f3257a4fcfe2f523d172e7d3ccf9f026b82608f14536009793803f9262155f95eda2f906e1adf01794d1dc50d9f94fa2755eb6a78e734497b5d45d20299029657b342cf5048b8df517b8262e43802b6f4fd08e4831281e6744113689ba928193e3524a7b5bb966519233661752defd54145cabdab0049aba08ea9b814907008c1d269b2644bfdc4b8dc013fb936339f53e", @ANYRES16=0x0, @ANYBLOB="007bb5bd7000ffdbdf254b0000000400ec000a000600bbbbbbbbbbbb00000800d20000000700000000eeaaa100000000006a00000008000000000000000800000001000000080000000800000008000000fa02038ea700000103e31f08a3aa2bc5ddfe963acf2808c9a935574177c8d8dc9a540181df1ed1e696607eb8de4875eb"], 0x60}, 0x1, 0x0, 0x0, 0x4080}, 0xa0) 03:21:04 executing program 4: prctl$PR_SVE_GET_VL(0x33, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x7fff, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000000, 0x0) mmap(&(0x7f0000000000/0x95c000)=nil, 0x95c000, 0x4, 0x44831, 0xffffffffffffffff, 0x0) 03:21:04 executing program 3: syz_mount_image$msdos(&(0x7f0000000080)='msdos\x00', &(0x7f0000000100)='./file0\x00', 0xffc00000, 0x1, &(0x7f0000000040)=[{&(0x7f0000010000)="0400000000eeffff656174000404090a02", 0x11}], 0x0, 0x0) 03:21:04 executing program 5: socket(0x1e, 0x0, 0xfc) [ 504.430051][T21826] FAT-fs (loop3): invalid media value (0x00) 03:21:04 executing program 2: syz_mount_image$vfat(&(0x7f0000000040)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000280)=[{&(0x7f00000003c0)="eb3c906d6b66732e", 0x8}], 0x8010, 0x0) [ 504.498346][T21826] FAT-fs (loop3): Can't find a valid FAT filesystem 03:21:04 executing program 5: r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000080)='/dev/rtc0\x00', 0x0, 0x0) read(r0, 0x0, 0x0) [ 504.607107][ T27] audit: type=1804 audit(1583119264.611:221): pid=21842 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir486746795/syzkaller.S4NoXv/102/file0/bus" dev="sda1" ino=16521 res=1 [ 504.693161][ T27] audit: type=1804 audit(1583119264.691:222): pid=21846 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir486746795/syzkaller.S4NoXv/102/file0/bus" dev="sda1" ino=16521 res=1 [ 504.731694][T21826] FAT-fs (loop3): invalid media value (0x00) [ 504.746627][T21826] FAT-fs (loop3): Can't find a valid FAT filesystem 03:21:04 executing program 5: mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1, 0x11, 0xffffffffffffffff, 0x0) 03:21:04 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x0) 03:21:04 executing program 2: syz_mount_image$vfat(&(0x7f0000000040)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000280)=[{&(0x7f00000003c0)="eb3c906d6b66732e", 0x8}], 0x8010, 0x0) 03:21:05 executing program 5: mmap(&(0x7f000005d000/0x400000)=nil, 0x400000, 0x0, 0x392d6ad36ec2c8b2, 0xffffffffffffffff, 0x0) clone3(&(0x7f0000001680)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x50) 03:21:05 executing program 3: syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000011000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, 0x0) 03:21:05 executing program 2: syz_mount_image$vfat(&(0x7f0000000040)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000280)=[{&(0x7f00000003c0)="eb3c906d6b66732e", 0x8}], 0x8010, 0x0) 03:21:07 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280), 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pipe(&(0x7f0000000200)) 03:21:07 executing program 3: setsockopt$inet6_dccp_int(0xffffffffffffffff, 0x21, 0x0, 0x0, 0x0) 03:21:07 executing program 1: prlimit64(0x0, 0x0, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='sched\x00') preadv(0xffffffffffffffff, &(0x7f0000000380)=[{0x0}], 0x1, 0x1000000) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0)='IPVS\x00') sendmsg$IPVS_CMD_FLUSH(r0, &(0x7f0000000500)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="00012bbd7000fcdbdf25114000ff06000f000400000008000900000001000800030004000000"], 0x38}, 0x1, 0x0, 0x0, 0x4000000}, 0x1) r2 = getpid() sched_setattr(r2, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r3 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r3, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r5, 0x407, 0x0) write(r5, &(0x7f0000000340), 0x41395527) vmsplice(r4, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x7e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r6 = open(&(0x7f0000000240)='./file0\x00', 0x880, 0x0) fchdir(r6) r7 = creat(&(0x7f0000000680)='./bus\x00', 0x0) ftruncate(r7, 0x800) lseek(r7, 0x0, 0x2) r8 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0) sendfile(r7, r8, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0x0) sendmsg$NL80211_CMD_START_SCHED_SCAN(0xffffffffffffffff, &(0x7f0000000440)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000400)={&(0x7f00000006c0)=ANY=[@ANYBLOB="6000000056f3257a4fcfe2f523d172e7d3ccf9f026b82608f14536009793803f9262155f95eda2f906e1adf01794d1dc50d9f94fa2755eb6a78e734497b5d45d20299029657b342cf5048b8df517b8262e43802b6f4fd08e4831281e6744113689ba928193e3524a7b5bb966519233661752defd54145cabdab0049aba08ea9b814907008c1d269b2644bfdc4b8dc013fb936339f53e", @ANYRES16=0x0, @ANYBLOB="007bb5bd7000ffdbdf254b0000000400ec000a000600bbbbbbbbbbbb00000800d20000000700000000eeaaa100000000006a00000008000000000000000800000001000000080000000800000008000000fa02038ea700000103e31f08a3aa2bc5ddfe963acf2808c9a935574177c8d8dc9a540181df1ed1e696607eb8de4875eb"], 0x60}, 0x1, 0x0, 0x0, 0x4080}, 0xa0) 03:21:07 executing program 2: syz_mount_image$vfat(&(0x7f0000000040)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000280)=[{&(0x7f00000003c0)="eb3c906d6b66732e66617400", 0xc}], 0x8010, 0x0) 03:21:07 executing program 5: syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x0, 0x0) 03:21:07 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000200)="6653070002053c27bc337600363925d86800278dcff47d010000805acf4f8f36460234432479aed75d492b415bcee00a06dc", 0x32}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ptrace$cont(0x7, r0, 0x0, 0x0) 03:21:07 executing program 2: syz_mount_image$vfat(&(0x7f0000000040)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000280)=[{&(0x7f00000003c0)="eb3c906d6b66732e66617400", 0xc}], 0x8010, 0x0) 03:21:07 executing program 4: openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x4788a0, 0x0) 03:21:07 executing program 3: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 03:21:07 executing program 5: memfd_create(0x0, 0x0) r0 = creat(&(0x7f00000000c0)='./bus\x00', 0x0) bind$inet6(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x396, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ftruncate(r0, 0x800fe) [ 507.642056][ T27] audit: type=1804 audit(1583119267.641:223): pid=21907 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir486746795/syzkaller.S4NoXv/103/file0/bus" dev="loop1" ino=117 res=1 [ 507.804115][ T27] audit: type=1804 audit(1583119267.801:224): pid=21911 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir486746795/syzkaller.S4NoXv/103/file0/bus" dev="loop1" ino=117 res=1 03:21:07 executing program 4: semop(0x0, &(0x7f0000000100)=[{0x0, 0x7b4}], 0x1) 03:21:08 executing program 5: syz_open_dev$ndb(&(0x7f0000000080)='/dev/nbd#\x00', 0x0, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) 03:21:08 executing program 3: r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) 03:21:08 executing program 4: r0 = socket$inet6_udp(0xa, 0x2, 0x0) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000000)) r2 = dup2(r1, r0) ioctl$VIDIOC_PREPARE_BUF(r2, 0xc058565d, 0x0) 03:21:08 executing program 3: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_inet_udp_SIOCINQ(r0, 0x8953, &(0x7f0000000040)) 03:21:10 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000200)="6653070002053c27bc337600363925d86800278dcff47d010000805acf4f8f36460234432479aed75d492b415bcee00a06dc", 0x32}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ptrace$cont(0x7, r0, 0x0, 0x0) 03:21:10 executing program 2: syz_mount_image$vfat(&(0x7f0000000040)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000280)=[{&(0x7f00000003c0)="eb3c906d6b66732e66617400", 0xc}], 0x8010, 0x0) 03:21:10 executing program 4: r0 = socket$can_j1939(0x1d, 0x2, 0x7) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) bind$can_j1939(r0, &(0x7f0000000a40)={0x1d, r2}, 0x18) 03:21:10 executing program 1: prlimit64(0x0, 0x0, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='sched\x00') preadv(0xffffffffffffffff, &(0x7f0000000380)=[{0x0}], 0x1, 0x1000000) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0)='IPVS\x00') sendmsg$IPVS_CMD_FLUSH(r0, &(0x7f0000000500)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="00012bbd7000fcdbdf25114000ff06000f000400000008000900000001000800030004000000"], 0x38}, 0x1, 0x0, 0x0, 0x4000000}, 0x1) r2 = getpid() sched_setattr(r2, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r3 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r3, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r5, 0x407, 0x0) write(r5, &(0x7f0000000340), 0x41395527) vmsplice(r4, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x7e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r6 = open(&(0x7f0000000240)='./file0\x00', 0x880, 0x0) fchdir(r6) r7 = creat(&(0x7f0000000680)='./bus\x00', 0x0) ftruncate(r7, 0x800) lseek(r7, 0x0, 0x2) r8 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0) sendfile(r7, r8, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0x0) sendmsg$NL80211_CMD_START_SCHED_SCAN(0xffffffffffffffff, &(0x7f0000000440)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000400)={&(0x7f00000006c0)=ANY=[@ANYBLOB="6000000056f3257a4fcfe2f523d172e7d3ccf9f026b82608f14536009793803f9262155f95eda2f906e1adf01794d1dc50d9f94fa2755eb6a78e734497b5d45d20299029657b342cf5048b8df517b8262e43802b6f4fd08e4831281e6744113689ba928193e3524a7b5bb966519233661752defd54145cabdab0049aba08ea9b814907008c1d269b2644bfdc4b8dc013fb936339f53e", @ANYRES16=0x0, @ANYBLOB="007bb5bd7000ffdbdf254b0000000400ec000a000600bbbbbbbbbbbb00000800d20000000700000000eeaaa100000000006a00000008000000000000000800000001000000080000000800000008000000fa02038ea700000103e31f08a3aa2bc5ddfe963acf2808c9a935574177c8d8dc9a540181df1ed1e696607eb8de4875eb"], 0x60}, 0x1, 0x0, 0x0, 0x4080}, 0xa0) 03:21:10 executing program 5: r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_opts(r0, 0x29, 0x37, &(0x7f0000000ac0)=ANY=[@ANYBLOB], 0x1) 03:21:10 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x95c000)=nil, 0x95c000, 0x0, 0x44831, 0xffffffffffffffff, 0x0) syz_open_procfs(0x0, &(0x7f0000000140)='auxv\x00') 03:21:10 executing program 3: r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) ioctl$int_in(r0, 0x800000c004500a, &(0x7f0000000300)) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r1, 0x6, 0x13, 0x0, 0x0) openat$nvram(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nvram\x00', 0x20a440, 0x0) setsockopt$inet6_tcp_TCP_MD5SIG(0xffffffffffffffff, 0x6, 0xe, 0x0, 0x0) connect$inet6(0xffffffffffffffff, 0x0, 0x0) setsockopt$inet6_tcp_TCP_ULP(r1, 0x6, 0x1f, 0x0, 0x0) setsockopt$inet6_tcp_TLS_TX(r1, 0x11a, 0x2, 0x0, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) syz_open_dev$tty1(0xc, 0x4, 0x4) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000240)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0) 03:21:10 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000740)={0x0, 0x2, 0x0, 0x1000, &(0x7f0000000000/0x1000)=nil}) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) 03:21:10 executing program 4: bpf$MAP_CREATE(0x0, &(0x7f0000000040)={0x9, 0x0, 0x0, 0x801}, 0x3c) [ 510.761551][ T27] audit: type=1804 audit(1583119270.761:225): pid=22169 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir486746795/syzkaller.S4NoXv/104/file0/bus" dev="loop1" ino=118 res=1 03:21:10 executing program 2: syz_mount_image$vfat(&(0x7f0000000040)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000280)=[{&(0x7f00000003c0)="eb3c906d6b66732e666174000203", 0xe}], 0x8010, 0x0) [ 510.877472][ T27] audit: type=1804 audit(1583119270.871:226): pid=22179 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir486746795/syzkaller.S4NoXv/104/file0/bus" dev="loop1" ino=118 res=1 03:21:10 executing program 4: socket$isdn(0x22, 0x3, 0x0) 03:21:11 executing program 5: r0 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0, 0x3d2}}, 0x0) [ 511.436667][ T7972] attempt to access beyond end of device [ 511.442429][ T7972] loop1: rw=1, want=2829, limit=63 [ 511.453196][ T7972] attempt to access beyond end of device [ 511.458934][ T7972] loop1: rw=1, want=4893, limit=63 [ 511.468671][ T7972] attempt to access beyond end of device [ 511.474318][ T7972] loop1: rw=1, want=6941, limit=63 [ 511.481220][ T7972] attempt to access beyond end of device [ 511.486866][ T7972] loop1: rw=1, want=7021, limit=63 03:21:13 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000200)="6653070002053c27bc337600363925d86800278dcff47d010000805acf4f8f36460234432479aed75d492b415bcee00a06dc9d8e99adaf81dcfc6afd983f79e65199615607676f8f9fc0eb", 0x4b}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ptrace$cont(0x7, r0, 0x0, 0x0) 03:21:13 executing program 2: syz_mount_image$vfat(&(0x7f0000000040)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000280)=[{&(0x7f00000003c0)="eb3c906d6b66732e666174000203", 0xe}], 0x8010, 0x0) 03:21:13 executing program 4: r0 = socket$netlink(0x10, 0x3, 0xa) sendmsg$BATADV_CMD_GET_ROUTING_ALGOS(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={0x0}}, 0x0) 03:21:13 executing program 5: r0 = socket(0x10, 0x803, 0x0) getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) 03:21:13 executing program 1: prlimit64(0x0, 0x0, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='sched\x00') preadv(0xffffffffffffffff, &(0x7f0000000380)=[{0x0}], 0x1, 0x1000000) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0)='IPVS\x00') sendmsg$IPVS_CMD_FLUSH(r0, &(0x7f0000000500)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="00012bbd7000fcdbdf25114000ff06000f000400000008000900000001000800030004000000"], 0x38}, 0x1, 0x0, 0x0, 0x4000000}, 0x1) r2 = getpid() sched_setattr(r2, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r3 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r3, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r5, 0x407, 0x0) write(r5, &(0x7f0000000340), 0x41395527) vmsplice(r4, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x7e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r6 = open(&(0x7f0000000240)='./file0\x00', 0x880, 0x0) fchdir(r6) r7 = creat(&(0x7f0000000680)='./bus\x00', 0x0) ftruncate(r7, 0x800) lseek(r7, 0x0, 0x2) r8 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0) sendfile(r7, r8, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0x0) sendmsg$NL80211_CMD_START_SCHED_SCAN(0xffffffffffffffff, &(0x7f0000000440)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000400)={&(0x7f00000006c0)=ANY=[@ANYBLOB="6000000056f3257a4fcfe2f523d172e7d3ccf9f026b82608f14536009793803f9262155f95eda2f906e1adf01794d1dc50d9f94fa2755eb6a78e734497b5d45d20299029657b342cf5048b8df517b8262e43802b6f4fd08e4831281e6744113689ba928193e3524a7b5bb966519233661752defd54145cabdab0049aba08ea9b814907008c1d269b2644bfdc4b8dc013fb936339f53e", @ANYRES16=0x0, @ANYBLOB="007bb5bd7000ffdbdf254b0000000400ec000a000600bbbbbbbbbbbb00000800d20000000700000000eeaaa100000000006a00000008000000000000000800000001000000080000000800000008000000fa02038ea700000103e31f08a3aa2bc5ddfe963acf2808c9a935574177c8d8dc9a540181df1ed1e696607eb8de4875eb"], 0x60}, 0x1, 0x0, 0x0, 0x4080}, 0xa0) 03:21:13 executing program 3: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000100)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128-generic\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000200)="ab553fec94248c32e27d04000000288a", 0x10) accept4(r0, &(0x7f0000000740)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @local}}}, 0x0, 0x0) 03:21:13 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000440)='ethtool\x00') sendmsg$ETHTOOL_MSG_STRSET_GET(r0, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000740)={&(0x7f0000000180)={0x18, r1, 0x703, 0x0, 0x0, {0x4}, [@ETHTOOL_A_STRSET_HEADER={0x4}]}, 0x18}, 0x1, 0xfffffff0}, 0x0) 03:21:13 executing program 5: r0 = getpid() r1 = syz_open_dev$sndseq(&(0x7f0000000880)='/dev/snd/seq\x00', 0x0, 0x0) read(r1, &(0x7f0000000200)=""/18, 0x33c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r1, 0x4040534e, &(0x7f0000000080)={0x2000000025f, @time}) timer_create(0x0, &(0x7f0000000100)={0x0, 0x12}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r0, 0x1000000000015) 03:21:13 executing program 3: keyctl$dh_compute(0x17, &(0x7f0000000080), 0x0, 0x0, &(0x7f00000001c0)={0x0}) 03:21:13 executing program 2: syz_mount_image$vfat(&(0x7f0000000040)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000280)=[{&(0x7f00000003c0)="eb3c906d6b66732e666174000203", 0xe}], 0x8010, 0x0) [ 513.847734][ T27] audit: type=1804 audit(1583119273.851:227): pid=22321 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir486746795/syzkaller.S4NoXv/105/file0/bus" dev="loop1" ino=119 res=1 03:21:14 executing program 3: socket$inet6_tcp(0xa, 0x1, 0x0) socket$inet_udp(0x2, 0x2, 0x0) syz_open_dev$sndpcmp(0x0, 0x0, 0x0) ioctl$sock_inet_SIOCSIFBRDADDR(0xffffffffffffffff, 0x891a, 0x0) syz_genetlink_get_family_id$tipc(&(0x7f0000000140)='TIPC\x00') sendmsg$TIPC_CMD_GET_MAX_PORTS(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x400283}, 0xc, &(0x7f0000000080)={0x0}}, 0x880) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x5}, 0x0, 0xfffeffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$inet_sctp6_SCTP_AUTO_ASCONF(0xffffffffffffffff, 0x84, 0x1e, 0x0, 0x0) r0 = open(&(0x7f0000000040)='./bus\x00', 0x0, 0x0) syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8b22, &(0x7f0000000000)='wlan0\x00') ioctl$EXT4_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, &(0x7f0000000400)=0x43c023) ioctl$DRM_IOCTL_GET_CLIENT(r0, 0xc0286405, &(0x7f00000003c0)={0x0, 0x800, {0x0}, {0xee01}, 0x6, 0x9}) r2 = syz_open_procfs(r1, &(0x7f0000000380)='net/if_inet6\x00') preadv(r2, &(0x7f0000000380), 0x0, 0x0) [ 513.960373][ T27] audit: type=1804 audit(1583119273.931:228): pid=22332 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir486746795/syzkaller.S4NoXv/105/file0/bus" dev="loop1" ino=119 res=1 03:21:14 executing program 4: r0 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_wireguard(r0, 0x8903, &(0x7f0000000240)={'wg2\x00'}) [ 514.551820][ T7954] attempt to access beyond end of device [ 514.557628][ T7954] loop1: rw=1, want=2329, limit=63 [ 514.567331][ T7954] attempt to access beyond end of device [ 514.573112][ T7954] loop1: rw=1, want=4377, limit=63 [ 514.582664][ T7954] attempt to access beyond end of device [ 514.588446][ T7954] loop1: rw=1, want=6433, limit=63 [ 514.597705][ T7954] attempt to access beyond end of device [ 514.603343][ T7954] loop1: rw=1, want=8481, limit=63 [ 514.613357][ T7954] attempt to access beyond end of device [ 514.619029][ T7954] loop1: rw=1, want=10425, limit=63 03:21:16 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000200)="6653070002053c27bc337600363925d86800278dcff47d010000805acf4f8f36460234432479aed75d492b415bcee00a06dc9d8e99adaf81dcfc6afd983f79e65199615607676f8f9fc0eb", 0x4b}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ptrace$cont(0x7, r0, 0x0, 0x0) 03:21:16 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000280)) ioctl$TCSETA(r0, 0x5406, &(0x7f0000000000)={0xb40c, 0x0, 0x0, 0x0, 0x0, "02a93ed1fde1308a"}) r1 = syz_open_pts(r0, 0x0) ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000100)) 03:21:16 executing program 3: perf_event_open(&(0x7f0000000800)={0x1, 0x70, 0x1, 0x0, 0x0, 0x0, 0x0, 0x50a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 03:21:16 executing program 2: syz_mount_image$vfat(&(0x7f0000000040)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000280)=[{&(0x7f00000003c0)="eb3c906d6b66732e66617400020301", 0xf}], 0x0, 0x0) 03:21:16 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) sendmsg$TIPC_NL_NET_GET(r1, &(0x7f0000000c40)={&(0x7f0000000b40), 0xc, &(0x7f0000000c00)={0x0}}, 0x4008842) 03:21:16 executing program 1: prlimit64(0x0, 0x0, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='sched\x00') preadv(0xffffffffffffffff, &(0x7f0000000380)=[{&(0x7f0000000240)=""/123, 0xfffffe65}], 0x1, 0x0) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0)='IPVS\x00') sendmsg$IPVS_CMD_FLUSH(r0, &(0x7f0000000500)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="00012bbd7000fcdbdf25114000ff06000f000400000008000900000001000800030004000000"], 0x38}, 0x1, 0x0, 0x0, 0x4000000}, 0x1) r2 = getpid() sched_setattr(r2, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r3 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r3, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r5, 0x407, 0x0) write(r5, &(0x7f0000000340), 0x41395527) vmsplice(r4, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x7e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r6 = open(&(0x7f0000000240)='./file0\x00', 0x880, 0x0) fchdir(r6) r7 = creat(&(0x7f0000000680)='./bus\x00', 0x0) ftruncate(r7, 0x800) lseek(r7, 0x0, 0x2) r8 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0) sendfile(r7, r8, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0x0) sendmsg$NL80211_CMD_START_SCHED_SCAN(0xffffffffffffffff, &(0x7f0000000440)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000400)={&(0x7f00000006c0)=ANY=[@ANYBLOB="6000000056f3257a4fcfe2f523d172e7d3ccf9f026b82608f14536009793803f9262155f95eda2f906e1adf01794d1dc50d9f94fa2755eb6a78e734497b5d45d20299029657b342cf5048b8df517b8262e43802b6f4fd08e4831281e6744113689ba928193e3524a7b5bb966519233661752defd54145cabdab0049aba08ea9b814907008c1d269b2644bfdc4b8dc013fb936339f53e", @ANYRES16=0x0, @ANYBLOB="007bb5bd7000ffdbdf254b0000000400ec000a000600bbbbbbbbbbbb00000800d20000000700000000eeaaa100000000006a00000008000000000000000800000001000000080000000800000008000000fa02038ea700000103e31f08a3aa2bc5ddfe963acf2808c9a935574177c8d8dc9a540181df1ed1e696607eb8de4875eb"], 0x60}, 0x1, 0x0, 0x0, 0x4080}, 0xa0) 03:21:16 executing program 3: io_setup(0x83, &(0x7f00000003c0)=0x0) io_submit(r0, 0x1, &(0x7f0000000540)=[0x0]) 03:21:16 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 516.814912][T22458] FAT-fs (loop2): bogus number of FAT structure [ 516.836794][T22458] FAT-fs (loop2): Can't find a valid FAT filesystem 03:21:17 executing program 2: syz_mount_image$vfat(&(0x7f0000000040)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000280)=[{&(0x7f00000003c0)="eb3c906d6b66732e66617400020301", 0xf}], 0x0, 0x0) 03:21:17 executing program 5: r0 = socket$inet(0x2, 0x1, 0x0) setsockopt$inet_mreqn(r0, 0x0, 0x27, &(0x7f0000000080)={@multicast1, @local}, 0xc) r1 = socket$inet(0x2, 0x1, 0x0) setsockopt$inet_mreqn(r1, 0x0, 0x27, &(0x7f0000000080)={@multicast1, @local}, 0xc) [ 517.038540][ T27] audit: type=1804 audit(1583119277.041:229): pid=22570 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir486746795/syzkaller.S4NoXv/106/file0/bus" dev="loop1" ino=120 res=1 03:21:17 executing program 3: mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x0, 0x10, 0xffffffffffffffff, 0x0) [ 517.100655][T22583] FAT-fs (loop2): bogus number of FAT structure [ 517.107121][T22583] FAT-fs (loop2): Can't find a valid FAT filesystem 03:21:17 executing program 2: syz_mount_image$vfat(&(0x7f0000000040)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000280)=[{&(0x7f00000003c0)="eb3c906d6b66732e66617400020301", 0xf}], 0x0, 0x0) [ 517.210934][ T27] audit: type=1804 audit(1583119277.141:230): pid=22587 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir486746795/syzkaller.S4NoXv/106/file0/bus" dev="loop1" ino=120 res=1 [ 517.336793][T22653] FAT-fs (loop2): bogus number of FAT structure [ 517.360233][T22653] FAT-fs (loop2): Can't find a valid FAT filesystem 03:21:19 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000200)="6653070002053c27bc337600363925d86800278dcff47d010000805acf4f8f36460234432479aed75d492b415bcee00a06dc9d8e99adaf81dcfc6afd983f79e65199615607676f8f9fc0eb", 0x4b}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ptrace$cont(0x7, r0, 0x0, 0x0) 03:21:19 executing program 4: add_key$keyring(0x0, 0x0, 0x0, 0x0, 0xfffffffffffffff8) 03:21:19 executing program 5: keyctl$dh_compute(0x17, &(0x7f0000000100), &(0x7f0000000140)=""/4096, 0x1000, &(0x7f0000001240)={0x0}) 03:21:19 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r1, &(0x7f0000000040)={0xa, 0x4e22}, 0x1c) listen(r1, 0x0) sendto$inet6(r0, 0x0, 0x0, 0x20000004, &(0x7f0000000280)={0xa, 0x100000004e22, 0x0, @loopback}, 0x1c) keyctl$chown(0x4, 0x0, 0x0, 0x0) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x0, 0x40031, 0xffffffffffffffff, 0x0) mmap(&(0x7f00000be000/0x3000)=nil, 0x3000, 0x2, 0x100132, 0xffffffffffffffff, 0x0) sendto$inet6(r0, &(0x7f00000005c0), 0xe0ffffff, 0x0, 0x0, 0xd8) 03:21:19 executing program 2: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) 03:21:19 executing program 1: prlimit64(0x0, 0x0, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='sched\x00') preadv(0xffffffffffffffff, &(0x7f0000000380)=[{&(0x7f0000000240)=""/123, 0xfffffe65}], 0x1, 0x0) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0)='IPVS\x00') sendmsg$IPVS_CMD_FLUSH(r0, &(0x7f0000000500)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="00012bbd7000fcdbdf25114000ff06000f000400000008000900000001000800030004000000"], 0x38}, 0x1, 0x0, 0x0, 0x4000000}, 0x1) r2 = getpid() sched_setattr(r2, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r3 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r3, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r5, 0x407, 0x0) write(r5, &(0x7f0000000340), 0x41395527) vmsplice(r4, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x7e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r6 = open(&(0x7f0000000240)='./file0\x00', 0x880, 0x0) fchdir(r6) r7 = creat(&(0x7f0000000680)='./bus\x00', 0x0) ftruncate(r7, 0x800) lseek(r7, 0x0, 0x2) r8 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0) sendfile(r7, r8, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0x0) sendmsg$NL80211_CMD_START_SCHED_SCAN(0xffffffffffffffff, &(0x7f0000000440)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000400)={&(0x7f00000006c0)=ANY=[@ANYBLOB="6000000056f3257a4fcfe2f523d172e7d3ccf9f026b82608f14536009793803f9262155f95eda2f906e1adf01794d1dc50d9f94fa2755eb6a78e734497b5d45d20299029657b342cf5048b8df517b8262e43802b6f4fd08e4831281e6744113689ba928193e3524a7b5bb966519233661752defd54145cabdab0049aba08ea9b814907008c1d269b2644bfdc4b8dc013fb936339f53e", @ANYRES16=0x0, @ANYBLOB="007bb5bd7000ffdbdf254b0000000400ec000a000600bbbbbbbbbbbb00000800d20000000700000000eeaaa100000000006a00000008000000000000000800000001000000080000000800000008000000fa02038ea700000103e31f08a3aa2bc5ddfe963acf2808c9a935574177c8d8dc9a540181df1ed1e696607eb8de4875eb"], 0x60}, 0x1, 0x0, 0x0, 0x4080}, 0xa0) 03:21:19 executing program 4: add_key$user(&(0x7f0000000280)='user\x00', 0x0, 0x0, 0x0, 0xfffffffffffffffe) add_key$user(&(0x7f0000000200)='user\x00', &(0x7f00000005c0)={'syz'}, &(0x7f00000000c0), 0x390, 0xfffffffffffffffd) 03:21:19 executing program 5: creat(0x0, 0x0) r0 = open(&(0x7f0000000140)='./bus\x00', 0x141042, 0x0) write$eventfd(r0, &(0x7f00000001c0), 0xffffff7f) fallocate(0xffffffffffffffff, 0x4000000000000010, 0x0, 0x7fff) [ 519.895477][ C0] TCP: request_sock_TCPv6: Possible SYN flooding on port 20002. Sending cookies. Check SNMP counters. [ 519.957417][ C0] TCP: request_sock_TCPv6: Possible SYN flooding on port 20002. Sending cookies. Check SNMP counters. 03:21:20 executing program 2: r0 = memfd_create(&(0x7f0000000100)='#\x00', 0x0) write(r0, &(0x7f0000000040)="0600", 0x2) write$FUSE_NOTIFY_STORE(r0, &(0x7f0000000480)=ANY=[], 0x0) sendfile(r0, r0, &(0x7f0000001000), 0xffff) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x80000000004, 0x11, r0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f000001a000)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f000002eff0)={0x1f0, &(0x7f0000000000)=[{}]}, 0x10) 03:21:20 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r1, &(0x7f0000000040)={0xa, 0x4e22}, 0x1c) listen(r1, 0x0) sendto$inet6(r0, 0x0, 0x0, 0x20000004, &(0x7f0000000280)={0xa, 0x100000004e22, 0x0, @loopback}, 0x1c) keyctl$chown(0x4, 0x0, 0x0, 0x0) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x0, 0x40031, 0xffffffffffffffff, 0x0) mmap(&(0x7f00000be000/0x3000)=nil, 0x3000, 0x2, 0x100132, 0xffffffffffffffff, 0x0) sendto$inet6(r0, &(0x7f00000005c0), 0xe0ffffff, 0x0, 0x0, 0xd8) [ 520.087217][ T27] audit: type=1804 audit(1583119280.091:231): pid=22728 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir486746795/syzkaller.S4NoXv/107/file0/bus" dev="loop1" ino=121 res=1 03:21:20 executing program 4: r0 = socket$can_bcm(0x1d, 0x2, 0x2) sendmsg$can_bcm(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)}, 0x0) [ 520.244731][ C1] TCP: request_sock_TCPv6: Possible SYN flooding on port 20002. Sending cookies. Check SNMP counters. [ 520.277094][ T27] audit: type=1804 audit(1583119280.211:232): pid=22737 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir486746795/syzkaller.S4NoXv/107/file0/bus" dev="loop1" ino=121 res=1 03:21:20 executing program 3: prlimit64(0x0, 0xe, 0x0, 0x0) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) [ 520.778286][ T7] attempt to access beyond end of device [ 520.783974][ T7] loop1: rw=1, want=2609, limit=63 [ 520.796087][ T7] attempt to access beyond end of device [ 520.801942][ T7] loop1: rw=1, want=4681, limit=63 [ 520.811226][ T7] attempt to access beyond end of device [ 520.817331][ T7] loop1: rw=1, want=5729, limit=63 03:21:22 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000200)="6653070002053c27bc337600363925d86800278dcff47d010000805acf4f8f36460234432479aed75d492b415bcee00a06dc9d8e99adaf81dcfc6afd983f79e65199615607676f8f9fc0ebf8b0b16d6f2c59957ab364884b", 0x58}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ptrace$cont(0x7, r0, 0x0, 0x0) 03:21:22 executing program 4: openat$dir(0xffffffffffffff9c, &(0x7f00000008c0)='./file0\x00', 0x0, 0x0) 03:21:22 executing program 5: r0 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_udp_encap(r0, 0x11, 0x64, &(0x7f0000001940), 0x4) 03:21:22 executing program 3: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000180)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETLINK(r0, 0x400454cd, 0x0) 03:21:22 executing program 1: prlimit64(0x0, 0x0, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='sched\x00') preadv(0xffffffffffffffff, &(0x7f0000000380)=[{&(0x7f0000000240)=""/123, 0xfffffe65}], 0x1, 0x0) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0)='IPVS\x00') sendmsg$IPVS_CMD_FLUSH(r0, &(0x7f0000000500)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="00012bbd7000fcdbdf25114000ff06000f000400000008000900000001000800030004000000"], 0x38}, 0x1, 0x0, 0x0, 0x4000000}, 0x1) r2 = getpid() sched_setattr(r2, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r3 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r3, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r5, 0x407, 0x0) write(r5, &(0x7f0000000340), 0x41395527) vmsplice(r4, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x7e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r6 = open(&(0x7f0000000240)='./file0\x00', 0x880, 0x0) fchdir(r6) r7 = creat(&(0x7f0000000680)='./bus\x00', 0x0) ftruncate(r7, 0x800) lseek(r7, 0x0, 0x2) r8 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0) sendfile(r7, r8, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0x0) sendmsg$NL80211_CMD_START_SCHED_SCAN(0xffffffffffffffff, &(0x7f0000000440)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000400)={&(0x7f00000006c0)=ANY=[@ANYBLOB="6000000056f3257a4fcfe2f523d172e7d3ccf9f026b82608f14536009793803f9262155f95eda2f906e1adf01794d1dc50d9f94fa2755eb6a78e734497b5d45d20299029657b342cf5048b8df517b8262e43802b6f4fd08e4831281e6744113689ba928193e3524a7b5bb966519233661752defd54145cabdab0049aba08ea9b814907008c1d269b2644bfdc4b8dc013fb936339f53e", @ANYRES16=0x0, @ANYBLOB="007bb5bd7000ffdbdf254b0000000400ec000a000600bbbbbbbbbbbb00000800d20000000700000000eeaaa100000000006a00000008000000000000000800000001000000080000000800000008000000fa02038ea700000103e31f08a3aa2bc5ddfe963acf2808c9a935574177c8d8dc9a540181df1ed1e696607eb8de4875eb"], 0x60}, 0x1, 0x0, 0x0, 0x4080}, 0xa0) 03:21:22 executing program 2: r0 = socket$inet(0x2, 0x806, 0x0) connect$inet(r0, &(0x7f00000002c0)={0x2, 0x0, @empty}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f0000001980)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, &(0x7f0000001a40)) 03:21:23 executing program 4: r0 = socket$inet6(0xa, 0x400000000001, 0x0) sendto$inet6(r0, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x0, 0x0, @empty}, 0x1c) 03:21:23 executing program 3: mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0) r0 = gettid() process_vm_writev(r0, &(0x7f0000000000)=[{&(0x7f00008f9f09)=""/247, 0xf7}], 0x1, &(0x7f0000121000)=[{&(0x7f0000217f28)=""/231, 0xffffff4e}], 0x23a, 0x0) 03:21:23 executing program 5: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000100)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128-generic\x00'}, 0x58) accept4(r0, 0x0, 0x0, 0x0) 03:21:23 executing program 2: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) fcntl$setstatus(r0, 0x2, 0x0) 03:21:23 executing program 2: perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 523.193573][ T27] audit: type=1804 audit(1583119283.191:233): pid=22871 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir486746795/syzkaller.S4NoXv/108/file0/bus" dev="loop1" ino=122 res=1 03:21:23 executing program 4: r0 = socket$inet6(0xa, 0x400000000001, 0x0) sendto$inet6(r0, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x0, 0x0, @empty}, 0x1c) [ 523.300829][ T27] audit: type=1804 audit(1583119283.291:234): pid=22895 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir486746795/syzkaller.S4NoXv/108/file0/bus" dev="loop1" ino=122 res=1 03:21:25 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000200)="6653070002053c27bc337600363925d86800278dcff47d010000805acf4f8f36460234432479aed75d492b415bcee00a06dc9d8e99adaf81dcfc6afd983f79e65199615607676f8f9fc0ebf8b0b16d6f2c59957ab364884b", 0x58}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ptrace$cont(0x7, r0, 0x0, 0x0) 03:21:25 executing program 5: openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x13, 0x0, 0x0) openat$nvram(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nvram\x00', 0x20a440, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) syz_open_dev$tty1(0xc, 0x4, 0x4) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, 0x0, 0x0) 03:21:25 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r1, &(0x7f0000000040)={0xa, 0x4e22}, 0x1c) listen(r1, 0x0) sendto$inet6(r0, 0x0, 0x0, 0x20000004, &(0x7f0000000280)={0xa, 0x100000004e22, 0x0, @loopback}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f0000000080)='tls\x00', 0x152) setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x1, &(0x7f0000000100)=@gcm_128={{0x303}, '\x00', '\x00', "20040100"}, 0x28) sendto$inet6(r0, 0x0, 0x0, 0x0, 0x0, 0x0) 03:21:25 executing program 4: r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_DELAYED_SACK(r0, 0x84, 0x11, 0x0, 0x0) 03:21:25 executing program 3: r0 = socket$inet6(0xa, 0x2, 0x0) getsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, 0x0, &(0x7f0000000640)) 03:21:25 executing program 1: prlimit64(0x0, 0x0, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='sched\x00') preadv(0xffffffffffffffff, &(0x7f0000000380)=[{&(0x7f0000000240)=""/123, 0xfffffe65}], 0x1, 0x1000000) r1 = syz_genetlink_get_family_id$ipvs(0x0) sendmsg$IPVS_CMD_FLUSH(r0, &(0x7f0000000500)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="00012bbd7000fcdbdf25114000ff06000f000400000008000900000001000800030004000000"], 0x38}, 0x1, 0x0, 0x0, 0x4000000}, 0x1) r2 = getpid() sched_setattr(r2, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r3 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r3, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r5, 0x407, 0x0) write(r5, &(0x7f0000000340), 0x41395527) vmsplice(r4, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x7e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r6 = open(&(0x7f0000000240)='./file0\x00', 0x880, 0x0) fchdir(r6) r7 = creat(&(0x7f0000000680)='./bus\x00', 0x0) ftruncate(r7, 0x800) lseek(r7, 0x0, 0x2) r8 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0) sendfile(r7, r8, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0x0) sendmsg$NL80211_CMD_START_SCHED_SCAN(0xffffffffffffffff, &(0x7f0000000440)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000400)={&(0x7f00000006c0)=ANY=[@ANYBLOB="6000000056f3257a4fcfe2f523d172e7d3ccf9f026b82608f14536009793803f9262155f95eda2f906e1adf01794d1dc50d9f94fa2755eb6a78e734497b5d45d20299029657b342cf5048b8df517b8262e43802b6f4fd08e4831281e6744113689ba928193e3524a7b5bb966519233661752defd54145cabdab0049aba08ea9b814907008c1d269b2644bfdc4b8dc013fb936339f53e", @ANYRES16=0x0, @ANYBLOB="007bb5bd7000ffdbdf254b0000000400ec000a000600bbbbbbbbbbbb00000800d20000000700000000eeaaa100000000006a00000008000000000000000800000001000000080000000800000008000000fa02038ea700000103e31f08a3aa2bc5ddfe963acf2808c9a935574177c8d8dc9a540181df1ed1e696607eb8de4875eb"], 0x60}, 0x1, 0x0, 0x0, 0x4080}, 0xa0) 03:21:26 executing program 3: r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000080)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, 0x0) [ 526.054679][ C1] TCP: request_sock_TCPv6: Possible SYN flooding on port 20002. Sending cookies. Check SNMP counters. 03:21:26 executing program 4: pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1) close(r1) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=ANY=[@ANYBLOB="4400000010007f01bd6c73912767000000", @ANYRES32], 0x2}}, 0x0) splice(r0, 0x0, r1, 0x0, 0x10000, 0x0) 03:21:26 executing program 2: r0 = socket$inet6(0xa, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, 0x0, 0x0) [ 526.172231][ C1] TCP: request_sock_TCPv6: Possible SYN flooding on port 20002. Sending cookies. Check SNMP counters. 03:21:26 executing program 3: r0 = socket(0xa, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000880)=@nat={'nat\x00', 0x19, 0x2, 0x0, [0x20000280, 0x0, 0x0, 0x200002b0, 0x200002e0], 0x11, 0x0}, 0x78) [ 526.253719][T23032] netlink: 36 bytes leftover after parsing attributes in process `syz-executor.4'. [ 526.259815][ T27] audit: type=1804 audit(1583119286.251:235): pid=23027 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir486746795/syzkaller.S4NoXv/109/file0/bus" dev="loop1" ino=123 res=1 [ 526.341267][ T27] audit: type=1804 audit(1583119286.341:236): pid=23036 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir486746795/syzkaller.S4NoXv/109/file0/bus" dev="loop1" ino=123 res=1 03:21:26 executing program 4: r0 = creat(&(0x7f0000000180)='./bus\x00', 0x0) io_setup(0x4, &(0x7f00000004c0)=0x0) io_submit(r1, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x80000000000000, 0x1, 0x0, r0, 0x0}]) 03:21:26 executing program 2: getpid() sendmsg$IPSET_CMD_DEL(0xffffffffffffffff, 0x0, 0x4040) perf_event_open(&(0x7f00000004c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) add_key(0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe) keyctl$read(0xb, 0x0, &(0x7f0000000240)=""/112, 0x349b7f55) lstat(0x0, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000a00)={&(0x7f0000000640), 0xc, &(0x7f00000009c0)={&(0x7f0000000680)={0x12c, 0x0, 0x2, 0x70bd29, 0x25dfdbfc, {0x1d}, [@typed={0x8, 0x93, 0x0, 0x0, @uid}, @generic="c0fbd08c7c2e58ac79eaef293624792cadeeecf294fcdab88b25536684696c5cdf6f4a364dc0a63ba0eb86dbd6089ee93ad6b4e1225058d56a9f19d39b1f34a959e7c6f5dda9efb755587af70354d91863ed0c8d776acea36f150b7995d634de8fe2a784892955964edd26f7a8058480fdf392c7720fd7e49caf69", @generic="b47d8d8daa40cbe06480f045300de7472be521bf7c36627e383598555dea9e7b19ca9583d882207e5436fb4c5638906de7d3316d6a1d542321cda666b15b945b8439521fdd5cbc1d1a", @generic, @typed={0x4}, @typed={0x8, 0x0, 0x0, 0x0, @u32=0x2}, @generic, @generic="4075b405633881b98bd4bcc79d196afddd82eda36149ae74639d6f768043bcf49620342b736aa73bdec365dd59b1b85bc3b3e56769aac6de6e8035e332091e"]}, 0x12c}}, 0x4008040) mkdir(&(0x7f0000000140)='./file0\x00', 0x0) 03:21:29 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000200)="6653070002053c27bc337600363925d86800278dcff47d010000805acf4f8f36460234432479aed75d492b415bcee00a06dc9d8e99adaf81dcfc6afd983f79e65199615607676f8f9fc0ebf8b0b16d6f2c59957ab364884b", 0x58}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ptrace$cont(0x7, r0, 0x0, 0x0) 03:21:29 executing program 3: inotify_add_watch(0xffffffffffffffff, 0x0, 0x80000000) 03:21:29 executing program 2: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) connect$unix(r0, &(0x7f0000000000)=@file={0x0, './file0\x00'}, 0x6e) 03:21:29 executing program 4: open(&(0x7f0000000340)='./file0\x00', 0x141042, 0x0) open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) 03:21:29 executing program 5: openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x13, 0x0, 0x0) openat$nvram(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nvram\x00', 0x20a440, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) syz_open_dev$tty1(0xc, 0x4, 0x4) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, 0x0, 0x0) 03:21:29 executing program 1: prlimit64(0x0, 0x0, &(0x7f0000000280)={0x9, 0x8d}, 0x0) syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='sched\x00') preadv(0xffffffffffffffff, &(0x7f0000000380)=[{&(0x7f0000000240)=""/123, 0xfffffe65}], 0x1, 0x1000000) r0 = syz_genetlink_get_family_id$ipvs(0x0) sendmsg$IPVS_CMD_FLUSH(0xffffffffffffffff, &(0x7f0000000500)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r0, @ANYBLOB="00012bbd7000fcdbdf25114000ff06000f000400000008000900000001000800030004000000"], 0x38}, 0x1, 0x0, 0x0, 0x4000000}, 0x1) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x7e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r5 = open(&(0x7f0000000240)='./file0\x00', 0x880, 0x0) fchdir(r5) r6 = creat(&(0x7f0000000680)='./bus\x00', 0x0) ftruncate(r6, 0x800) lseek(r6, 0x0, 0x2) r7 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0) sendfile(r6, r7, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0x0) sendmsg$NL80211_CMD_START_SCHED_SCAN(0xffffffffffffffff, &(0x7f0000000440)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000400)={&(0x7f00000006c0)=ANY=[@ANYBLOB="6000000056f3257a4fcfe2f523d172e7d3ccf9f026b82608f14536009793803f9262155f95eda2f906e1adf01794d1dc50d9f94fa2755eb6a78e734497b5d45d20299029657b342cf5048b8df517b8262e43802b6f4fd08e4831281e6744113689ba928193e3524a7b5bb966519233661752defd54145cabdab0049aba08ea9b814907008c1d269b2644bfdc4b8dc013fb936339f53e", @ANYRES16=0x0, @ANYBLOB="007bb5bd7000ffdbdf254b0000000400ec000a000600bbbbbbbbbbbb00000800d20000000700000000eeaaa100000000006a00000008000000000000000800000001000000080000000800000008000000fa02038ea700000103e31f08a3aa2bc5ddfe963acf2808c9a935574177c8d8dc9a540181df1ed1e696607eb8de4875eb"], 0x60}, 0x1, 0x0, 0x0, 0x4080}, 0xa0) [ 529.136764][ T27] audit: type=1804 audit(1583119289.141:237): pid=23165 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir200708982/syzkaller.B2ZVQs/215/file0" dev="sda1" ino=16770 res=1 03:21:29 executing program 2: socket$inet6_tcp(0xa, 0x1, 0x0) openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x101100) socket$inet_udp(0x2, 0x2, 0x0) syz_open_dev$sndpcmp(0x0, 0x0, 0x0) ioctl$sock_inet_SIOCSIFBRDADDR(0xffffffffffffffff, 0x891a, 0x0) r0 = syz_genetlink_get_family_id$tipc(&(0x7f0000000140)='TIPC\x00') sendmsg$TIPC_CMD_GET_MAX_PORTS(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x400283}, 0xc, &(0x7f0000000080)={&(0x7f00000001c0)={0x1c, r0, 0x400, 0x70bd29, 0x0, {}, ["", ""]}, 0x1c}}, 0x880) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x5}, 0x0, 0xfffeffffffffffff, 0xffffffffffffffff, 0x0) keyctl$KEYCTL_PKEY_VERIFY(0x1c, 0x0, 0x0, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_AUTO_ASCONF(0xffffffffffffffff, 0x84, 0x1e, 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xa}], 0x1, 0x0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x0, 0x0) syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8b22, &(0x7f0000000000)='wlan0\x00') ioctl$EXT4_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, &(0x7f0000000400)=0x43c023) ioctl$DRM_IOCTL_GET_CLIENT(r1, 0xc0286405, &(0x7f00000003c0)={0x0, 0x800, {0x0}, {0xee01}, 0x6, 0x9}) r3 = syz_open_procfs(r2, &(0x7f0000000380)='net/if_inet6\x00') preadv(r3, &(0x7f0000000380), 0x0, 0x0) 03:21:29 executing program 3: openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000a00)='/proc/capi/capi20ncci\x00', 0x199000, 0x0) 03:21:29 executing program 4: creat(&(0x7f0000000100)='./file0\x00', 0x0) [ 529.303377][ T27] audit: type=1804 audit(1583119289.301:238): pid=23178 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir486746795/syzkaller.S4NoXv/110/file0/bus" dev="loop1" ino=124 res=1 03:21:29 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000280)) r1 = syz_open_pts(r0, 0x0) ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000100)={0x80ffffff}) [ 529.379421][ T27] audit: type=1804 audit(1583119289.381:239): pid=23183 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir486746795/syzkaller.S4NoXv/110/file0/bus" dev="loop1" ino=124 res=1 03:21:29 executing program 4: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000000), 0x1c) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @remote}, 0x1c) 03:21:29 executing program 3: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x0, 0x3, &(0x7f0000000300)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}, {0x0, 0x0, 0x40008}, {&(0x7f0000000c80)="a3189c56fcb856044efceb12a5941f66e0cdb824d2b9d495a2ade4ab41e3376f4311486d2b20e89633bf02047254ce03f68aa160716986199b91fbaa0fe169d173a821973e65cc436feb74557d18f597b93c6c6397dae04a7a93af4d6adb8e54d269518c9676b1a881bb31dc81f0d61dc2d499456fb21df8ed9dc1d49e700621208c162bbbf4d9a3a01cd65e9e5a6b454a6d1022331de11bd72032b413be63b84194b0397814f62b016a2ee95575a9b815d92e7411124ce5993326da028ba4559d9239ff03290dc9f863d0810918438a5b9a4ad3bc0e772b4cd1d9a5e4bf7cf13ab0fe9e9a4c2970cd09481f166864ee020e1993b99faae44015306a72945d48ad0c76fb5b7d9e5ddb5aec7f3ff8a295af9ee2e96937a34ca91b749c30fca9d5ed3a4e406fffd11f65bf69afb5b8e5dc8edb765e745163f166fc7ffc8336f17280671e67e90d4d7b1dacc2f3b3a7223bc13d24c532aaeada8d1a36d17825cfc319acea9941857f6a0ecc3557dee2c72dd2948d6fbdacaa78f2975de22ab91c424d6f35fc78423b8107b068150133b34c12febf155065ebec0aa0b11cf163eb7c3a39d71e4acb209c66df3accc4dd2655f24dcbf24d0abf237fa75b556a5737e2703d47994219cc7b5d926d3b17a31033628804856be2b1d10e70a42caddde7c9d943b94fd5423a599d80708d4091cd26b97400f59ac2b662b662a0cbaeb46b564edd67a2bfc47d4837c5c0fc6069f5bc0e5821fc987c8174e36cee40f626852d651a21f1877e1d77d3f43b7bf82699499ee1349ecce05addd4d7ac3c26473bf4060593ac009f026d74a3a25e3fafed007af240f866c56220fc4eb837ed161bc6535e94217e89ae38d7782cdb65978cb091d2d1bc52151a2117f377773a16520a3e1a02b990a542de38f59cd037f9bc12ccefcfa665ff5cd613035a78f66b05276b3395fd7b1da95ad87ef52e35e6fba4b8a69c6ef92b159a2f152da4a75331f9be43da6269feb241deb183dc454174f9b70a82b64c5f12b9181f660cac1ec431bf79b4bf7a458652eee5cf438619233136e965ec6db75e127ad034834ca44a0ebb6aae790990edb7cce54bf540586d812f7c5179b50ba9177c5e9fc38704be934f47572426a64679d8b3edf75839b0e0c74ca52f9d3e30f84cfab0edde00ffa9", 0x340, 0x81}], 0x0, 0x0) r0 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0) fchdir(r0) creat(&(0x7f0000000040)='./file0\x00', 0x0) [ 529.996161][ T7972] attempt to access beyond end of device [ 530.001826][ T7972] loop1: rw=1, want=3049, limit=63 [ 530.011456][ T7972] attempt to access beyond end of device [ 530.017166][ T7972] loop1: rw=1, want=5161, limit=63 [ 530.026126][ T7972] attempt to access beyond end of device [ 530.031766][ T7972] loop1: rw=1, want=7209, limit=63 [ 530.041539][ T7972] attempt to access beyond end of device [ 530.047214][ T7972] loop1: rw=1, want=9257, limit=63 [ 530.057004][ T7972] attempt to access beyond end of device [ 530.062772][ T7972] loop1: rw=1, want=11305, limit=63 [ 530.071303][ T7972] attempt to access beyond end of device [ 530.077654][ T7972] loop1: rw=1, want=12437, limit=63 03:21:32 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000200)="6653070002053c27bc337600363925d86800278dcff47d010000805acf4f8f36460234432479aed75d492b415bcee00a06dc9d8e99adaf81dcfc6afd983f79e65199615607676f8f9fc0ebf8b0b16d6f2c59957ab364884b3c5d05692e66", 0x5e}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ptrace$cont(0x7, r0, 0x0, 0x0) 03:21:32 executing program 2: socket$inet6_tcp(0xa, 0x1, 0x0) openat$vhci(0xffffffffffffff9c, 0x0, 0x0) syz_genetlink_get_family_id$tipc(0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x5}, 0x0, 0xfffeffffffffffff, 0xffffffffffffffff, 0x0) vmsplice(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8b22, 0x0) 03:21:32 executing program 4: r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) ioctl$int_in(r0, 0x800000c004500a, &(0x7f0000000300)) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r1, 0x6, 0x13, &(0x7f00000000c0)=0x100000001, 0x1d4) openat$nvram(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nvram\x00', 0x20a440, 0x0) setsockopt$inet6_tcp_TCP_MD5SIG(0xffffffffffffffff, 0x6, 0xe, 0x0, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000000140)={0xa, 0x0, 0x0, @loopback}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(r1, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x138) setsockopt$inet6_tcp_TLS_TX(r1, 0x11a, 0x2, 0x0, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) syz_open_dev$tty1(0xc, 0x4, 0x4) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000240)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0) 03:21:32 executing program 3: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) connect$unix(r0, 0x0, 0x0) 03:21:32 executing program 5: request_key(&(0x7f0000000100)='.request_key_auth\x00', 0x0, 0x0, 0x0) 03:21:32 executing program 1: prlimit64(0x0, 0x0, &(0x7f0000000280)={0x9, 0x8d}, 0x0) syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='sched\x00') preadv(0xffffffffffffffff, &(0x7f0000000380)=[{&(0x7f0000000240)=""/123, 0xfffffe65}], 0x1, 0x1000000) r0 = syz_genetlink_get_family_id$ipvs(0x0) sendmsg$IPVS_CMD_FLUSH(0xffffffffffffffff, &(0x7f0000000500)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r0, @ANYBLOB="00012bbd7000fcdbdf25114000ff06000f000400000008000900000001000800030004000000"], 0x38}, 0x1, 0x0, 0x0, 0x4000000}, 0x1) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x7e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r5 = open(&(0x7f0000000240)='./file0\x00', 0x880, 0x0) fchdir(r5) r6 = creat(&(0x7f0000000680)='./bus\x00', 0x0) ftruncate(r6, 0x800) lseek(r6, 0x0, 0x2) r7 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0) sendfile(r6, r7, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0x0) sendmsg$NL80211_CMD_START_SCHED_SCAN(0xffffffffffffffff, &(0x7f0000000440)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000400)={&(0x7f00000006c0)=ANY=[@ANYBLOB="6000000056f3257a4fcfe2f523d172e7d3ccf9f026b82608f14536009793803f9262155f95eda2f906e1adf01794d1dc50d9f94fa2755eb6a78e734497b5d45d20299029657b342cf5048b8df517b8262e43802b6f4fd08e4831281e6744113689ba928193e3524a7b5bb966519233661752defd54145cabdab0049aba08ea9b814907008c1d269b2644bfdc4b8dc013fb936339f53e", @ANYRES16=0x0, @ANYBLOB="007bb5bd7000ffdbdf254b0000000400ec000a000600bbbbbbbbbbbb00000800d20000000700000000eeaaa100000000006a00000008000000000000000800000001000000080000000800000008000000fa02038ea700000103e31f08a3aa2bc5ddfe963acf2808c9a935574177c8d8dc9a540181df1ed1e696607eb8de4875eb"], 0x60}, 0x1, 0x0, 0x0, 0x4080}, 0xa0) 03:21:32 executing program 3: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000)='/dev/net/tun\x00', 0x0, 0x0) ioctl$SIOCSIFHWADDR(r0, 0x8924, &(0x7f0000000240)={'batadv_slave_0\x00', @random="01003a1e2410"}) 03:21:32 executing program 5: r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000040)={0x2, &(0x7f0000000000)=[{}, {0x80000006}]}, 0x10) 03:21:32 executing program 2: r0 = socket$inet_smc(0x2b, 0x1, 0x0) sendmsg$RDMA_NLDEV_CMD_SYS_SET(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={0x0}, 0x1, 0x0, 0xffffff7f}, 0x0) [ 532.375892][ T27] audit: type=1804 audit(1583119292.371:240): pid=23227 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir486746795/syzkaller.S4NoXv/111/file0/bus" dev="loop1" ino=126 res=1 03:21:32 executing program 2: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(r0, 0x84, 0x6b, &(0x7f00000002c0)=[@in={0x2, 0x0, @multicast2}], 0x10) 03:21:32 executing program 3: getpid() perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) write(0xffffffffffffffff, &(0x7f0000000380), 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000080)="baa100b000eef36cba2100ec66b9800000c00f326635001000000f30bad104ecc80080d267d9f8f30f1bb429000f20c06635200000000f22c067f3af", 0x3c}], 0x1, 0x0, 0x0, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000000100)={[0x0, 0x0, 0x7ff, 0x97e3]}) perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x1000, &(0x7f0000000000/0x1000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff], 0x1f000}) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 532.460295][ T27] audit: type=1804 audit(1583119292.461:241): pid=23236 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir486746795/syzkaller.S4NoXv/111/file0/bus" dev="loop1" ino=126 res=1 03:21:32 executing program 4: r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) ioctl$int_in(r0, 0x800000c004500a, &(0x7f0000000300)) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r1, 0x6, 0x13, &(0x7f00000000c0)=0x100000001, 0x1d4) openat$nvram(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nvram\x00', 0x20a440, 0x0) setsockopt$inet6_tcp_TCP_MD5SIG(0xffffffffffffffff, 0x6, 0xe, 0x0, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000000140)={0xa, 0x0, 0x0, @loopback}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(r1, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x138) setsockopt$inet6_tcp_TLS_TX(r1, 0x11a, 0x2, 0x0, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) syz_open_dev$tty1(0xc, 0x4, 0x4) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000240)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0) 03:21:35 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000200)="6653070002053c27bc337600363925d86800278dcff47d010000805acf4f8f36460234432479aed75d492b415bcee00a06dc9d8e99adaf81dcfc6afd983f79e65199615607676f8f9fc0ebf8b0b16d6f2c59957ab364884b3c5d05692e66", 0x5e}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ptrace$cont(0x7, r0, 0x0, 0x0) 03:21:35 executing program 2: r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) ioctl$int_in(r0, 0x800000c004500a, &(0x7f0000000300)) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r1, 0x6, 0x13, &(0x7f00000000c0)=0x100000001, 0x1d4) openat$nvram(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nvram\x00', 0x20a440, 0x0) setsockopt$inet6_tcp_TCP_MD5SIG(0xffffffffffffffff, 0x6, 0xe, 0x0, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000000140)={0xa, 0x0, 0x0, @loopback}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(r1, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x138) setsockopt$inet6_tcp_TLS_TX(r1, 0x11a, 0x2, 0x0, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) syz_open_dev$tty1(0xc, 0x4, 0x4) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000240)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0) 03:21:35 executing program 5: socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) connect$rxrpc(r0, 0x0, 0x0) 03:21:35 executing program 1: prlimit64(0x0, 0x0, &(0x7f0000000280)={0x9, 0x8d}, 0x0) syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='sched\x00') preadv(0xffffffffffffffff, &(0x7f0000000380)=[{&(0x7f0000000240)=""/123, 0xfffffe65}], 0x1, 0x1000000) r0 = syz_genetlink_get_family_id$ipvs(0x0) sendmsg$IPVS_CMD_FLUSH(0xffffffffffffffff, &(0x7f0000000500)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r0, @ANYBLOB="00012bbd7000fcdbdf25114000ff06000f000400000008000900000001000800030004000000"], 0x38}, 0x1, 0x0, 0x0, 0x4000000}, 0x1) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x7e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r5 = open(&(0x7f0000000240)='./file0\x00', 0x880, 0x0) fchdir(r5) r6 = creat(&(0x7f0000000680)='./bus\x00', 0x0) ftruncate(r6, 0x800) lseek(r6, 0x0, 0x2) r7 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0) sendfile(r6, r7, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0x0) sendmsg$NL80211_CMD_START_SCHED_SCAN(0xffffffffffffffff, &(0x7f0000000440)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000400)={&(0x7f00000006c0)=ANY=[@ANYBLOB="6000000056f3257a4fcfe2f523d172e7d3ccf9f026b82608f14536009793803f9262155f95eda2f906e1adf01794d1dc50d9f94fa2755eb6a78e734497b5d45d20299029657b342cf5048b8df517b8262e43802b6f4fd08e4831281e6744113689ba928193e3524a7b5bb966519233661752defd54145cabdab0049aba08ea9b814907008c1d269b2644bfdc4b8dc013fb936339f53e", @ANYRES16=0x0, @ANYBLOB="007bb5bd7000ffdbdf254b0000000400ec000a000600bbbbbbbbbbbb00000800d20000000700000000eeaaa100000000006a00000008000000000000000800000001000000080000000800000008000000fa02038ea700000103e31f08a3aa2bc5ddfe963acf2808c9a935574177c8d8dc9a540181df1ed1e696607eb8de4875eb"], 0x60}, 0x1, 0x0, 0x0, 0x4080}, 0xa0) 03:21:35 executing program 4: r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) ioctl$int_in(r0, 0x800000c004500a, &(0x7f0000000300)) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r1, 0x6, 0x13, &(0x7f00000000c0)=0x100000001, 0x1d4) openat$nvram(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nvram\x00', 0x20a440, 0x0) setsockopt$inet6_tcp_TCP_MD5SIG(0xffffffffffffffff, 0x6, 0xe, 0x0, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000000140)={0xa, 0x0, 0x0, @loopback}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(r1, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x138) setsockopt$inet6_tcp_TLS_TX(r1, 0x11a, 0x2, 0x0, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) syz_open_dev$tty1(0xc, 0x4, 0x4) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000240)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0) 03:21:35 executing program 3: r0 = open(&(0x7f0000000340)='./file0\x00', 0x141042, 0x0) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/keys\x00', 0x0, 0x0) dup2(r1, r0) 03:21:35 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000100)='/dev/uinput\x00', 0x0, 0x0) r1 = dup(r0) ioctl$UI_DEV_SETUP(r1, 0x5501, 0x0) 03:21:35 executing program 3: keyctl$dh_compute(0x17, &(0x7f0000000340), 0x0, 0x0, &(0x7f0000000500)={0x0, &(0x7f0000000440)="95801c16190fdeba3490181e08247979ff164fc0d278325462d8d7ca327e8426edc5304383f623af909e62f3ec2b7bc25d980958d2672507bbae190a09094ad670", 0x41}) [ 535.476779][ T27] audit: type=1804 audit(1583119295.481:242): pid=23276 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir486746795/syzkaller.S4NoXv/112/file0/bus" dev="loop1" ino=127 res=1 03:21:35 executing program 3: chdir(0x0) symlink(&(0x7f0000001000)='./file0\x00', &(0x7f00000000c0)='./file0\x00') [ 535.541344][ T27] audit: type=1804 audit(1583119295.541:243): pid=23361 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir486746795/syzkaller.S4NoXv/112/file0/bus" dev="loop1" ino=127 res=1 03:21:35 executing program 5: syz_emit_ethernet(0x120, &(0x7f00000024c0)={@broadcast=[0xff, 0xff, 0xff, 0x0], @local, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "a4f008", 0xea, 0x3a, 0xff, @initdev={0xfe, 0x88, [], 0x0, 0x0}, @local, {[], @ndisc_ra={0x86, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [{0x0, 0xa, "a78c000005dc791153d5dea6b259b8e3cd2c8038336823493b87aa0568f00b1c71a8242373244ad2439adc07df0a69748e254c1e4a8a8b3f0ab0c430397754db3e340a14a2a1328c5f93037dc1435c11b37a"}, {0x0, 0x10, "84f0da52ef24571313968050378ee824f4dffba7feed320557f7671975afc9c545c5ea6137c8ce680ba2d2e8794cc0ee661ab31313a50f67f637326bdc20eee126a2c281295ae9405b24d13dc48b7b6aa26e8a94498418f3472f7281922377d30a3b5ed2c6a2990e5ea6b275c1d5bddf59f3d1843df268e8c825c6b2cff208dfb5cd8283"}]}}}}}}, 0x0) 03:21:35 executing program 2: openat$dsp1(0xffffffffffffff9c, &(0x7f0000000a80)='/dev/dsp1\x00', 0x1, 0x0) 03:21:35 executing program 3: openat$full(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/full\x00', 0x10040, 0x0) [ 536.157584][ T820] attempt to access beyond end of device [ 536.163237][ T820] loop1: rw=1, want=3409, limit=63 [ 536.173303][ T820] attempt to access beyond end of device [ 536.178989][ T820] loop1: rw=1, want=5457, limit=63 [ 536.188649][ T820] attempt to access beyond end of device [ 536.194289][ T820] loop1: rw=1, want=7505, limit=63 [ 536.203922][ T820] attempt to access beyond end of device [ 536.209697][ T820] loop1: rw=1, want=9553, limit=63 [ 536.219918][ T820] attempt to access beyond end of device [ 536.225613][ T820] loop1: rw=1, want=11509, limit=63 03:21:38 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000200)="6653070002053c27bc337600363925d86800278dcff47d010000805acf4f8f36460234432479aed75d492b415bcee00a06dc9d8e99adaf81dcfc6afd983f79e65199615607676f8f9fc0ebf8b0b16d6f2c59957ab364884b3c5d05692e66", 0x5e}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ptrace$cont(0x7, r0, 0x0, 0x0) 03:21:38 executing program 5: perf_event_open(&(0x7f0000000200)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) 03:21:38 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) 03:21:38 executing program 3: r0 = socket$inet6_udp(0xa, 0x2, 0x0) r1 = userfaultfd(0x0) ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, 0x0) ioctl$UFFDIO_UNREGISTER(0xffffffffffffffff, 0x8010aa01, 0x0) dup2(r1, r0) sendmsg$netlink(0xffffffffffffffff, 0x0, 0x0) dup2(0xffffffffffffffff, 0xffffffffffffffff) 03:21:38 executing program 2: pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) pipe2$9p(&(0x7f0000000d40)={0xffffffffffffffff}, 0x0) epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r1, &(0x7f0000000000)) 03:21:38 executing program 1: prlimit64(0x0, 0x0, &(0x7f0000000280)={0x9, 0x8d}, 0x0) syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='sched\x00') preadv(0xffffffffffffffff, &(0x7f0000000380)=[{&(0x7f0000000240)=""/123, 0xfffffe65}], 0x1, 0x1000000) syz_genetlink_get_family_id$ipvs(0x0) sendmsg$IPVS_CMD_FLUSH(0xffffffffffffffff, 0x0, 0x1) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x7e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r4 = open(&(0x7f0000000240)='./file0\x00', 0x880, 0x0) fchdir(r4) r5 = creat(&(0x7f0000000680)='./bus\x00', 0x0) ftruncate(r5, 0x800) lseek(r5, 0x0, 0x2) r6 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0) sendfile(r5, r6, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0x0) sendmsg$NL80211_CMD_START_SCHED_SCAN(0xffffffffffffffff, &(0x7f0000000440)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000400)={&(0x7f00000006c0)=ANY=[@ANYBLOB="6000000056f3257a4fcfe2f523d172e7d3ccf9f026b82608f14536009793803f9262155f95eda2f906e1adf01794d1dc50d9f94fa2755eb6a78e734497b5d45d20299029657b342cf5048b8df517b8262e43802b6f4fd08e4831281e6744113689ba928193e3524a7b5bb966519233661752defd54145cabdab0049aba08ea9b814907008c1d269b2644bfdc4b8dc013fb936339f53e", @ANYRES16=0x0, @ANYBLOB="007bb5bd7000ffdbdf254b0000000400ec000a000600bbbbbbbbbbbb00000800d20000000700000000eeaaa100000000006a00000008000000000000000800000001000000080000000800000008000000fa02038ea700000103e31f08a3aa2bc5ddfe963acf2808c9a935574177c8d8dc9a540181df1ed1e696607eb8de4875eb"], 0x60}, 0x1, 0x0, 0x0, 0x4080}, 0xa0) 03:21:38 executing program 4: ioctl$sock_inet_SIOCSIFBRDADDR(0xffffffffffffffff, 0x891a, 0x0) syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3) 03:21:38 executing program 2: syz_mount_image$msdos(&(0x7f0000000080)='msdos\x00', &(0x7f0000000100)='./file0\x00', 0xffc00000, 0x1, &(0x7f0000000040)=[{&(0x7f0000010000)="0400000000eeffff656174000404090a0200027400f801", 0x17}], 0x1000010, 0x0) syz_open_procfs(0x0, &(0x7f00000001c0)='mounts\x00') socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x0) socket$nl_xfrm(0x10, 0x3, 0x6) 03:21:38 executing program 5: r0 = socket$inet_sctp(0x2, 0x1, 0x84) setsockopt$IPT_SO_SET_REPLACE(r0, 0x104000000000000, 0x40, &(0x7f0000001a80)=ANY=[@ANYBLOB="72617700000000000000000000000000000000000000000000000000000000000200000003000000a012000000000000301100000000000000000000301100000812000008120000081200000812000008120000030000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ecffffffffffffff000000000000000000000000000000000000000000000000000000000000000000000000060000000000000008113011000000000000000000000000000000000000000030106367726f7570000000000000000000000000000000000000000000000001010100002e2f6367726f75702e6370752f73797a3000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006800726174656573740000000000000000000000000000000000000000000000626f6e643000000000000000000000006873723000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000280053594e50524f585900000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000b000d80000000000000000000000000000000000000000004000736574000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000028004d41524b00000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000000feffffff"], 0x1) 03:21:38 executing program 3: open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) creat(&(0x7f0000000040)='./bus\x00', 0x0) 03:21:38 executing program 4: ioctl$VIDIOC_QUERYBUF(0xffffffffffffffff, 0xc0585609, 0x0) [ 538.684659][T23436] xt_cgroup: path and classid specified [ 538.704179][ T27] audit: type=1804 audit(1583119298.701:244): pid=23428 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir486746795/syzkaller.S4NoXv/113/file0/bus" dev="loop1" ino=128 res=1 03:21:38 executing program 3: r0 = creat(&(0x7f0000000240)='./bus\x00', 0x0) ioctl$EXT4_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, &(0x7f0000000040)) write$binfmt_elf64(r0, &(0x7f0000000000)=ANY=[@ANYRESDEC], 0xfd14) [ 538.938071][ T27] audit: type=1804 audit(1583119298.941:245): pid=23443 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir486746795/syzkaller.S4NoXv/113/file0/bus" dev="loop1" ino=128 res=1 [ 539.297896][ T7972] attempt to access beyond end of device [ 539.303558][ T7972] loop1: rw=1, want=2957, limit=63 [ 539.314433][ T7972] attempt to access beyond end of device [ 539.320130][ T7972] loop1: rw=1, want=5077, limit=63 [ 539.331178][ T7972] attempt to access beyond end of device [ 539.336871][ T7972] loop1: rw=1, want=7165, limit=63 [ 539.345630][ T7972] attempt to access beyond end of device [ 539.351330][ T7972] loop1: rw=1, want=8689, limit=63 03:21:41 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000200)="6653070002053c27bc337600363925d86800278dcff47d010000805acf4f8f36460234432479aed75d492b415bcee00a06dc9d8e99adaf81dcfc6afd983f79e65199615607676f8f9fc0ebf8b0b16d6f2c59957ab364884b3c5d05692e664ebf68", 0x61}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ptrace$cont(0x7, r0, 0x0, 0x0) 03:21:41 executing program 2: r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) setresuid(0x0, 0x0, 0x0) 03:21:41 executing program 5: r0 = syz_open_procfs(0x0, &(0x7f0000000300)='net/netlink\x00') pidfd_send_signal(r0, 0x0, 0x0, 0x0) 03:21:41 executing program 4: socketpair(0x1a, 0x0, 0x0, &(0x7f0000000000)) 03:21:41 executing program 3: syz_emit_ethernet(0x11e, &(0x7f00000024c0)={@broadcast=[0xff, 0xff, 0xff, 0x0], @local, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "a4f008", 0xe8, 0x3a, 0xff, @initdev={0xfe, 0x88, [], 0x0, 0x0}, @local, {[], @ndisc_ra={0x86, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [{0x0, 0xa, "a78c000005dc791153d5dea6b259b8e3cd2c8038336823493b87aa0568f00b1c71a8242373244ad2439adc07df0a69748e254c1e4a8a8b3f0ab0c430397754db3e340a14a2a1328c5f93037dc1435c11"}, {0x0, 0x10, "84f0da52ef24571313968050378ee824f4dffba7feed320557f7671975afc9c545c5ea6137c8ce680ba2d2e8794cc0ee661ab31313a50f67f637326bdc20eee126a2c281295ae9405b24d13dc48b7b6aa26e8a94498418f3472f7281922377d30a3b5ed2c6a2990e5ea6b275c1d5bddf59f3d1843df268e8c825c6b2cff208dfb5cd8283"}]}}}}}}, 0x0) 03:21:41 executing program 1: prlimit64(0x0, 0x0, &(0x7f0000000280)={0x9, 0x8d}, 0x0) syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='sched\x00') preadv(0xffffffffffffffff, &(0x7f0000000380)=[{&(0x7f0000000240)=""/123, 0xfffffe65}], 0x1, 0x1000000) syz_genetlink_get_family_id$ipvs(0x0) sendmsg$IPVS_CMD_FLUSH(0xffffffffffffffff, 0x0, 0x1) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x7e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r4 = open(&(0x7f0000000240)='./file0\x00', 0x880, 0x0) fchdir(r4) r5 = creat(&(0x7f0000000680)='./bus\x00', 0x0) ftruncate(r5, 0x800) lseek(r5, 0x0, 0x2) r6 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0) sendfile(r5, r6, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0x0) sendmsg$NL80211_CMD_START_SCHED_SCAN(0xffffffffffffffff, &(0x7f0000000440)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000400)={&(0x7f00000006c0)=ANY=[@ANYBLOB="6000000056f3257a4fcfe2f523d172e7d3ccf9f026b82608f14536009793803f9262155f95eda2f906e1adf01794d1dc50d9f94fa2755eb6a78e734497b5d45d20299029657b342cf5048b8df517b8262e43802b6f4fd08e4831281e6744113689ba928193e3524a7b5bb966519233661752defd54145cabdab0049aba08ea9b814907008c1d269b2644bfdc4b8dc013fb936339f53e", @ANYRES16=0x0, @ANYBLOB="007bb5bd7000ffdbdf254b0000000400ec000a000600bbbbbbbbbbbb00000800d20000000700000000eeaaa100000000006a00000008000000000000000800000001000000080000000800000008000000fa02038ea700000103e31f08a3aa2bc5ddfe963acf2808c9a935574177c8d8dc9a540181df1ed1e696607eb8de4875eb"], 0x60}, 0x1, 0x0, 0x0, 0x4080}, 0xa0) 03:21:41 executing program 4: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)) 03:21:41 executing program 3: syz_emit_ethernet(0x11e, &(0x7f00000024c0)={@broadcast=[0xff, 0xff, 0xff, 0x0], @local, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "a4f008", 0xe8, 0x3a, 0xff, @initdev={0xfe, 0x88, [], 0x0, 0x0}, @local, {[], @ndisc_ra={0x86, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [{0x0, 0xa, "a78c000005dc791153d5dea6b259b8e3cd2c8038336823493b87aa0568f00b1c71a8242373244ad2439adc07df0a69748e254c1e4a8a8b3f0ab0c430397754db3e340a14a2a1328c5f93037dc1435c11"}, {0x0, 0x10, "84f0da52ef24571313968050378ee824f4dffba7feed320557f7671975afc9c545c5ea6137c8ce680ba2d2e8794cc0ee661ab31313a50f67f637326bdc20eee126a2c281295ae9405b24d13dc48b7b6aa26e8a94498418f3472f7281922377d30a3b5ed2c6a2990e5ea6b275c1d5bddf59f3d1843df268e8c825c6b2cff208dfb5cd8283"}]}}}}}}, 0x0) 03:21:41 executing program 2: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r0, &(0x7f0000000280)={0x2, 0x4e23, @broadcast}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) writev(r0, &(0x7f0000000bc0)=[{&(0x7f0000001340)="83a15d3f300b93f0737fde29ed5ab6a63f07c8891c4cd3d41ffff7136b011fff477d56ddd308455ff218d7bfab83b8ef75d5065d03adb820d42e03b0cd5ee383835cb611a3c7ac10e5b649a6901211360409c6e612e28110b1b5ee515fccf8a1031d396ea7b27b787779d57a7e428cc441a8e3ef52f3b73e76b729f56cc4fc4ba98263817c50d83f7a174e7322512908dc04f0965019807f47716203dd7e4ed9cb7579fe30e47df7ec5b0d9bc3e0268c9d794c187b021aa6e8c3cff33bae2ba5a28bf09121649a3a6de389c710f95d7eed26dde32725c55c8034a270c74ab3c59074ce0e0e00e83349b1332f69ef1773bb4a95a6ee448de80216b80ad910546cb9d8cb26f5db729f9835ab1b3fbc5a8479f9161846a26c7b112a85d952b49ebeefde12bf14150d81f5c734c463b14fc0b6a739fe413fbbd79257fbee13405f6ce7892788f6b14f90c2ef788e73e54dcf049e835b7fc9db9bd7a424be964444531069e799d8032b3856bb3ef6f0d8e9c21ae48c58f4965817bf278ac948f4aae727e8241a2ab6781b8c5d58d7731cb13a264b82e84d811432c04d8c4f059fc7bf0bff0f10d6896ee714f76474787bf1c8704178320e7252d6f60a5839c82e782e08b1cf3c6d56a01e6cc70111385b408aecf4873d305a0754ed28440ebfce3d7bbd94bdebd6e945bd2b17dcf26379dfb2ec6bb2e1a61eeea342a987b91bb3ce5e0187013abc86146337", 0x209}], 0x1) sendto$inet(r0, &(0x7f00000012c0)="0c268a927f1f6588b967481241ba7860005cf65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95425a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0xfe6a, 0x11, 0x0, 0x27) 03:21:41 executing program 5: r0 = creat(&(0x7f0000000040)='./bus\x00', 0x0) fallocate(r0, 0x0, 0x0, 0x1000100) open(&(0x7f0000000780)='./bus\x00', 0x14103e, 0x0) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x7ffffe, 0x4002011, 0xffffffffffffffff, 0x0) 03:21:41 executing program 4: r0 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) sendmmsg$inet(r0, &(0x7f0000008700)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) [ 541.828456][ T27] audit: type=1804 audit(1583119301.831:246): pid=23487 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir486746795/syzkaller.S4NoXv/114/file0/bus" dev="loop1" ino=129 res=1 03:21:41 executing program 3: perf_event_open(&(0x7f0000000440)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mmap(&(0x7f0000000000/0x95c000)=nil, 0x95c000, 0x0, 0x44831, 0xffffffffffffffff, 0x0) [ 541.913269][ T27] audit: type=1804 audit(1583119301.871:247): pid=23475 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir486746795/syzkaller.S4NoXv/114/file0/bus" dev="loop1" ino=129 res=1 [ 542.053279][ T27] audit: type=1800 audit(1583119302.051:248): pid=23489 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed comm="syz-executor.5" name="bus" dev="sda1" ino=17377 res=0 03:21:44 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000200)="6653070002053c27bc337600363925d86800278dcff47d010000805acf4f8f36460234432479aed75d492b415bcee00a06dc9d8e99adaf81dcfc6afd983f79e65199615607676f8f9fc0ebf8b0b16d6f2c59957ab364884b3c5d05692e664ebf68", 0x61}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ptrace$cont(0x7, r0, 0x0, 0x0) 03:21:44 executing program 2: r0 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_wireguard(r0, 0x8946, &(0x7f0000000240)={'wg2\x00'}) 03:21:44 executing program 4: pipe2$9p(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RMKDIR(r0, &(0x7f0000000180)={0x14}, 0xfffffffffffffdef) 03:21:44 executing program 5: r0 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f0000000a40)='/dev/dlm-monitor\x00', 0x0, 0x0) ioctl$MON_IOCG_STATS(r0, 0x80089203, 0x0) 03:21:44 executing program 3: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, r0, 0x0) 03:21:44 executing program 1: prlimit64(0x0, 0x0, &(0x7f0000000280)={0x9, 0x8d}, 0x0) syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='sched\x00') preadv(0xffffffffffffffff, &(0x7f0000000380)=[{&(0x7f0000000240)=""/123, 0xfffffe65}], 0x1, 0x1000000) syz_genetlink_get_family_id$ipvs(0x0) sendmsg$IPVS_CMD_FLUSH(0xffffffffffffffff, 0x0, 0x1) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x7e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r4 = open(&(0x7f0000000240)='./file0\x00', 0x880, 0x0) fchdir(r4) r5 = creat(&(0x7f0000000680)='./bus\x00', 0x0) ftruncate(r5, 0x800) lseek(r5, 0x0, 0x2) r6 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0) sendfile(r5, r6, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0x0) sendmsg$NL80211_CMD_START_SCHED_SCAN(0xffffffffffffffff, &(0x7f0000000440)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000400)={&(0x7f00000006c0)=ANY=[@ANYBLOB="6000000056f3257a4fcfe2f523d172e7d3ccf9f026b82608f14536009793803f9262155f95eda2f906e1adf01794d1dc50d9f94fa2755eb6a78e734497b5d45d20299029657b342cf5048b8df517b8262e43802b6f4fd08e4831281e6744113689ba928193e3524a7b5bb966519233661752defd54145cabdab0049aba08ea9b814907008c1d269b2644bfdc4b8dc013fb936339f53e", @ANYRES16=0x0, @ANYBLOB="007bb5bd7000ffdbdf254b0000000400ec000a000600bbbbbbbbbbbb00000800d20000000700000000eeaaa100000000006a00000008000000000000000800000001000000080000000800000008000000fa02038ea700000103e31f08a3aa2bc5ddfe963acf2808c9a935574177c8d8dc9a540181df1ed1e696607eb8de4875eb"], 0x60}, 0x1, 0x0, 0x0, 0x4080}, 0xa0) 03:21:44 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) syz_open_pts(r0, 0x0) 03:21:44 executing program 4: r0 = socket(0x10, 0x80002, 0x0) sendmmsg$alg(r0, &(0x7f0000000140), 0x492492492492805, 0x0) 03:21:44 executing program 2: r0 = socket(0x80000000000000a, 0x2, 0x0) setsockopt$inet6_group_source_req(r0, 0x29, 0x2e, 0x0, 0x0) 03:21:44 executing program 3: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, r0, 0x0) 03:21:44 executing program 3: syz_open_dev$mouse(0x0, 0x0, 0x51b142) 03:21:44 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) syz_open_pts(r0, 0x0) [ 545.010320][ T27] audit: type=1804 audit(1583119305.011:249): pid=23626 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir486746795/syzkaller.S4NoXv/115/file0/bus" dev="sda1" ino=17758 res=1 [ 545.150904][ T27] audit: type=1804 audit(1583119305.071:250): pid=23636 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir486746795/syzkaller.S4NoXv/115/file0/bus" dev="sda1" ino=17758 res=1 03:21:47 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000200)="6653070002053c27bc337600363925d86800278dcff47d010000805acf4f8f36460234432479aed75d492b415bcee00a06dc9d8e99adaf81dcfc6afd983f79e65199615607676f8f9fc0ebf8b0b16d6f2c59957ab364884b3c5d05692e664ebf68", 0x61}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ptrace$cont(0x7, r0, 0x0, 0x0) 03:21:47 executing program 2: r0 = socket$can_raw(0x1d, 0x3, 0x1) recvmsg$can_raw(r0, &(0x7f0000002340)={0x0, 0x0, 0x0}, 0x0) 03:21:47 executing program 4: r0 = creat(&(0x7f00000000c0)='./bus\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x396, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ftruncate(r0, 0x800fe) 03:21:47 executing program 3: r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000b40)='/proc/partitions\x00', 0x0, 0x0) io_uring_register$IORING_REGISTER_FILES_UPDATE(r0, 0x6, 0x0, 0x0) 03:21:47 executing program 5: creat(&(0x7f0000000000)='./bus\x00', 0x0) creat(&(0x7f00000000c0)='./bus\x00', 0x0) 03:21:47 executing program 1: prlimit64(0x0, 0x0, &(0x7f0000000280)={0x9, 0x8d}, 0x0) syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='sched\x00') preadv(0xffffffffffffffff, &(0x7f0000000380)=[{&(0x7f0000000240)=""/123, 0xfffffe65}], 0x1, 0x1000000) r0 = syz_genetlink_get_family_id$ipvs(0x0) sendmsg$IPVS_CMD_FLUSH(0xffffffffffffffff, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000480)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r0, @ANYBLOB="00012bbd7000fcdbdf25114000ff06000f000400000008000900000001000800030004000000"], 0x3}, 0x1, 0x0, 0x0, 0x4000000}, 0x1) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x7e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r5 = open(&(0x7f0000000240)='./file0\x00', 0x880, 0x0) fchdir(r5) r6 = creat(&(0x7f0000000680)='./bus\x00', 0x0) ftruncate(r6, 0x800) lseek(r6, 0x0, 0x2) r7 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0) sendfile(r6, r7, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0x0) sendmsg$NL80211_CMD_START_SCHED_SCAN(0xffffffffffffffff, &(0x7f0000000440)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000400)={&(0x7f00000006c0)=ANY=[@ANYBLOB="6000000056f3257a4fcfe2f523d172e7d3ccf9f026b82608f14536009793803f9262155f95eda2f906e1adf01794d1dc50d9f94fa2755eb6a78e734497b5d45d20299029657b342cf5048b8df517b8262e43802b6f4fd08e4831281e6744113689ba928193e3524a7b5bb966519233661752defd54145cabdab0049aba08ea9b814907008c1d269b2644bfdc4b8dc013fb936339f53e", @ANYRES16=0x0, @ANYBLOB="007bb5bd7000ffdbdf254b0000000400ec000a000600bbbbbbbbbbbb00000800d20000000700000000eeaaa100000000006a00000008000000000000000800000001000000080000000800000008000000fa02038ea700000103e31f08a3aa2bc5ddfe963acf2808c9a935574177c8d8dc9a540181df1ed1e696607eb8de4875eb"], 0x60}, 0x1, 0x0, 0x0, 0x4080}, 0xa0) 03:21:47 executing program 4: r0 = socket(0x10, 0x3, 0x0) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r0, 0x84, 0x6e, 0x0, 0x0) 03:21:47 executing program 3: r0 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) sendmmsg$inet(r0, &(0x7f0000008700)=[{{0x0, 0x0, &(0x7f0000001540)=[{0x0}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}], 0x9}}], 0x1, 0x0) 03:21:47 executing program 5: socket(0x2, 0xa, 0x9) 03:21:48 executing program 4: recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0) r0 = gettid() process_vm_writev(r0, 0x0, 0x0, 0x0, 0x0, 0x0) madvise(&(0x7f0000495000/0x400000)=nil, 0x404000, 0x0) 03:21:48 executing program 3: perf_event_open(&(0x7f000000a000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 547.972743][T23677] syz-executor.5 uses obsolete (PF_INET,SOCK_PACKET) [ 547.975005][ T27] audit: type=1804 audit(1583119307.971:251): pid=23669 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir486746795/syzkaller.S4NoXv/116/file0/bus" dev="loop1" ino=130 res=1 03:21:48 executing program 5: r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x0, 0x0) ioctl$BLKSECTGET(r0, 0x1267, &(0x7f0000000080)) [ 548.064589][ T27] audit: type=1804 audit(1583119308.061:252): pid=23681 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir486746795/syzkaller.S4NoXv/116/file0/bus" dev="loop1" ino=130 res=1 03:21:50 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000200)="6653070002053c27bc337600363925d86800278dcff47d010000805acf4f8f36460234432479aed75d492b415bcee00a06dc9d8e99adaf81dcfc6afd983f79e65199615607676f8f9fc0ebf8b0b16d6f2c59957ab364884b3c5d05692e664ebf68e6fa", 0x63}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ptrace$cont(0x7, r0, 0x0, 0x0) 03:21:50 executing program 3: bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000001ec0)={0xffffffffffffffff, 0x0, 0x0}, 0x10) 03:21:50 executing program 5: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r0, &(0x7f0000000280)={0x2, 0x4e23, @broadcast}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000400)=[{0x6, 0x0, 0x0, 0xe8}]}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) sendmsg$TIPC_NL_BEARER_ADD(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)={0x14}, 0x14}}, 0x0) writev(r0, &(0x7f0000000bc0)=[{&(0x7f0000001340)="83a15d3f300b93f0737fde29ed5ab6a63f07c8891c4cd3d41ffff7136b011fff477d56ddd308455ff218d7bfab83b8ef75d5065d03adb820d42e03b0cd5ee383835cb611a3c7ac10e5b649a6901211360409c6e612e28110b1b5ee515fccf8a1031d396ea7b27b787779d57a7e428cc441a8e3ef52f3b73e76b729f56cc4fc4ba98263817c50d83f7a174e7322512908dc04f0965019807f47716203dd7e4ed9cb7579fe30e47df7ec5b0d9bc3e0268c9d794c187b021aa6e8c3cff33bae2ba5a28bf09121649a3a6de389c710f95d7eed26dde32725c55c8034a270c74ab3c59074ce0e0e00e83349b1332f69ef1773bb4a95a6ee448de80216b80ad910546cb9d8cb26f5db729f9835ab1b3fbc5a8479f9161846a26c7b112a85d952b49ebeefde12bf14150d81f5c734c463b14fc0b6a739fe413fbbd79257fbee13405f6ce7892788f6b14f90c2ef788e73e54dcf049e835b7fc9db9bd7a424be964444531069e799d8032b3856bb3ef6f0d8e9c21ae48c58f4965817bf278ac948f4aae727e8241a2ab6781b8c5d58d7731cb13a264b82e84d811432c04d8c4f059fc7bf0bff0f10d6896ee714f76474787bf1c8704178320e7252d6f60a5839c82e782e08b1cf3c6d56a01e6cc70111385b408aecf4873d305a0754ed28440ebfce3d7bbd94bdebd6e945bd2b17dcf26379dfb2ec6bb2e1a61eeea342a987b91bb3ce5e0187013abc861463378caa6e4a2bee49d4e2d263389687a7c2cd2a7cf0893da319bb04f1f1bf7a91d7976e9551face2928293abb98986187edcdafd8fcd9130316730357da17be532e14438a796ef47e40edb0ed9c55610d2b8bd52de0e656d17162ddb36612b94f1ab6ce11194cea845bd9f204e5acd84a374dcfaaf80fd7313f71c25f613af54a3096e7364c01e420bd2e4628c7e3d64d4a900d253656a03596dd5c25affa91fae809f41d6216d5ccc8d2e522f258991f9c0248c341711df4e5aab020e48aebca50cb85d77c54f3b9d7eca12130249416d596bc6dd635a6e90d5075048d099a826b3c9c665fe8d71a7fad2a0e0456698d2f8e1ab970b153aa28656ae2c52415daff4f454b9a423f6bd74d9f7d3dd62cfd260780e51d76d191d5c474f4c7d2d1f58a4b953b754d072ac9f69f2b17b71cfbc6790736df04bf5e9df73848bc80ccab3820fd19c8134dce4eac1af19c67ffc169e71f1c9acedaae570b13a6c80ef5f942d6a715ea3b6bd0cb877b2456d38eca79a09020c5b70ada626d98071af32dcd116c12335b48cf8ed8786f039f1c1188a12c84fa76ab6dcbaae5b73cda1773983cc31f810b8326a5d31938dbef8b95699f0cc88a61a66ae635af6bbe251d90f0dadbf9389c2a3337d97103a5b63da1aaf2db95cdcc273c1ba2fb06cbd7a84021742d6d308a876fcc349038c385a23b5ad0f78ba10627a7e2198ebd0197723d7d8494029234627ac3eca197785518fb0be557890d7a1270481da68a0cd3ddf599c42719b8415d01bd855d01a54ecf27be1dcf5a540ab3c9c4bf87e275155d754712a26b6aafbeb7abca50d8de66aa240e54bfda18cc97714e564fe6d778b0cb374e14556a48", 0x46d}], 0x1) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000600), 0x4) sendto$inet(r0, &(0x7f00000012c0)='\f&', 0x2, 0x11, 0x0, 0x0) 03:21:50 executing program 2: r0 = creat(&(0x7f00000000c0)='./bus\x00', 0x0) dup(0xffffffffffffffff) openat$cgroup_procs(0xffffffffffffff9c, 0x0, 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x396, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ftruncate(r0, 0x0) 03:21:50 executing program 4: recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0) r0 = gettid() process_vm_writev(r0, 0x0, 0x0, 0x0, 0x0, 0x0) madvise(&(0x7f0000495000/0x400000)=nil, 0x404000, 0x0) 03:21:50 executing program 1: prlimit64(0x0, 0x0, &(0x7f0000000280)={0x9, 0x8d}, 0x0) syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='sched\x00') preadv(0xffffffffffffffff, &(0x7f0000000380)=[{&(0x7f0000000240)=""/123, 0xfffffe65}], 0x1, 0x1000000) r0 = syz_genetlink_get_family_id$ipvs(0x0) sendmsg$IPVS_CMD_FLUSH(0xffffffffffffffff, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000480)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r0, @ANYBLOB="00012bbd7000fcdbdf25114000ff06000f000400000008000900000001000800030004000000"], 0x3}, 0x1, 0x0, 0x0, 0x4000000}, 0x1) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x7e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r5 = open(&(0x7f0000000240)='./file0\x00', 0x880, 0x0) fchdir(r5) r6 = creat(&(0x7f0000000680)='./bus\x00', 0x0) ftruncate(r6, 0x800) lseek(r6, 0x0, 0x2) r7 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0) sendfile(r6, r7, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0x0) sendmsg$NL80211_CMD_START_SCHED_SCAN(0xffffffffffffffff, &(0x7f0000000440)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000400)={&(0x7f00000006c0)=ANY=[@ANYBLOB="6000000056f3257a4fcfe2f523d172e7d3ccf9f026b82608f14536009793803f9262155f95eda2f906e1adf01794d1dc50d9f94fa2755eb6a78e734497b5d45d20299029657b342cf5048b8df517b8262e43802b6f4fd08e4831281e6744113689ba928193e3524a7b5bb966519233661752defd54145cabdab0049aba08ea9b814907008c1d269b2644bfdc4b8dc013fb936339f53e", @ANYRES16=0x0, @ANYBLOB="007bb5bd7000ffdbdf254b0000000400ec000a000600bbbbbbbbbbbb00000800d20000000700000000eeaaa100000000006a00000008000000000000000800000001000000080000000800000008000000fa02038ea700000103e31f08a3aa2bc5ddfe963acf2808c9a935574177c8d8dc9a540181df1ed1e696607eb8de4875eb"], 0x60}, 0x1, 0x0, 0x0, 0x4080}, 0xa0) 03:21:50 executing program 3: r0 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_wireguard(r0, 0x8911, &(0x7f0000000240)={'wg2\x00'}) 03:21:50 executing program 2: r0 = creat(&(0x7f00000000c0)='./bus\x00', 0x0) dup(0xffffffffffffffff) openat$cgroup_procs(0xffffffffffffff9c, 0x0, 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x396, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ftruncate(r0, 0x0) 03:21:51 executing program 5: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r0, &(0x7f0000000280)={0x2, 0x4e23, @broadcast}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000400)=[{0x6, 0x0, 0x0, 0xe8}]}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) sendmsg$TIPC_NL_BEARER_ADD(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)={0x14}, 0x14}}, 0x0) writev(r0, &(0x7f0000000bc0)=[{&(0x7f0000001340)="83a15d3f300b93f0737fde29ed5ab6a63f07c8891c4cd3d41ffff7136b011fff477d56ddd308455ff218d7bfab83b8ef75d5065d03adb820d42e03b0cd5ee383835cb611a3c7ac10e5b649a6901211360409c6e612e28110b1b5ee515fccf8a1031d396ea7b27b787779d57a7e428cc441a8e3ef52f3b73e76b729f56cc4fc4ba98263817c50d83f7a174e7322512908dc04f0965019807f47716203dd7e4ed9cb7579fe30e47df7ec5b0d9bc3e0268c9d794c187b021aa6e8c3cff33bae2ba5a28bf09121649a3a6de389c710f95d7eed26dde32725c55c8034a270c74ab3c59074ce0e0e00e83349b1332f69ef1773bb4a95a6ee448de80216b80ad910546cb9d8cb26f5db729f9835ab1b3fbc5a8479f9161846a26c7b112a85d952b49ebeefde12bf14150d81f5c734c463b14fc0b6a739fe413fbbd79257fbee13405f6ce7892788f6b14f90c2ef788e73e54dcf049e835b7fc9db9bd7a424be964444531069e799d8032b3856bb3ef6f0d8e9c21ae48c58f4965817bf278ac948f4aae727e8241a2ab6781b8c5d58d7731cb13a264b82e84d811432c04d8c4f059fc7bf0bff0f10d6896ee714f76474787bf1c8704178320e7252d6f60a5839c82e782e08b1cf3c6d56a01e6cc70111385b408aecf4873d305a0754ed28440ebfce3d7bbd94bdebd6e945bd2b17dcf26379dfb2ec6bb2e1a61eeea342a987b91bb3ce5e0187013abc861463378caa6e4a2bee49d4e2d263389687a7c2cd2a7cf0893da319bb04f1f1bf7a91d7976e9551face2928293abb98986187edcdafd8fcd9130316730357da17be532e14438a796ef47e40edb0ed9c55610d2b8bd52de0e656d17162ddb36612b94f1ab6ce11194cea845bd9f204e5acd84a374dcfaaf80fd7313f71c25f613af54a3096e7364c01e420bd2e4628c7e3d64d4a900d253656a03596dd5c25affa91fae809f41d6216d5ccc8d2e522f258991f9c0248c341711df4e5aab020e48aebca50cb85d77c54f3b9d7eca12130249416d596bc6dd635a6e90d5075048d099a826b3c9c665fe8d71a7fad2a0e0456698d2f8e1ab970b153aa28656ae2c52415daff4f454b9a423f6bd74d9f7d3dd62cfd260780e51d76d191d5c474f4c7d2d1f58a4b953b754d072ac9f69f2b17b71cfbc6790736df04bf5e9df73848bc80ccab3820fd19c8134dce4eac1af19c67ffc169e71f1c9acedaae570b13a6c80ef5f942d6a715ea3b6bd0cb877b2456d38eca79a09020c5b70ada626d98071af32dcd116c12335b48cf8ed8786f039f1c1188a12c84fa76ab6dcbaae5b73cda1773983cc31f810b8326a5d31938dbef8b95699f0cc88a61a66ae635af6bbe251d90f0dadbf9389c2a3337d97103a5b63da1aaf2db95cdcc273c1ba2fb06cbd7a84021742d6d308a876fcc349038c385a23b5ad0f78ba10627a7e2198ebd0197723d7d8494029234627ac3eca197785518fb0be557890d7a1270481da68a0cd3ddf599c42719b8415d01bd855d01a54ecf27be1dcf5a540ab3c9c4bf87e275155d754712a26b6aafbeb7abca50d8de66aa240e54bfda18cc97714e564fe6d778b0cb374e14556a48", 0x46d}], 0x1) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000600), 0x4) sendto$inet(r0, &(0x7f00000012c0)='\f&', 0x2, 0x11, 0x0, 0x0) 03:21:51 executing program 3: creat(&(0x7f0000000480)='./bus/file0\x00', 0x0) creat(&(0x7f00000000c0)='./bus\x00', 0x0) [ 551.031270][ T27] audit: type=1804 audit(1583119311.031:253): pid=23817 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir486746795/syzkaller.S4NoXv/117/file0/bus" dev="loop1" ino=131 res=1 03:21:51 executing program 3: syz_emit_ethernet(0x62, &(0x7f0000000080)={@local, @remote, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "209200", 0x2c, 0x6, 0x0, @remote, @local, {[], {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0xb, 0x0, 0x0, 0x0, 0x0, {[@exp_smc={0xfe, 0x6}, @md5sig={0x13, 0x12, "82dd214d3b0edaf79ef4805be76f69ee"}]}}}}}}}}, 0x0) [ 551.209363][ T27] audit: type=1804 audit(1583119311.081:254): pid=23822 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir486746795/syzkaller.S4NoXv/117/file0/bus" dev="loop1" ino=131 res=1 03:21:51 executing program 2: syz_genetlink_get_family_id$ipvs(&(0x7f0000000100)='IPVS\x00') [ 551.707012][ T7] attempt to access beyond end of device [ 551.712723][ T7] loop1: rw=1, want=2565, limit=63 [ 551.722793][ T7] attempt to access beyond end of device [ 551.728460][ T7] loop1: rw=1, want=4613, limit=63 [ 551.738262][ T7] attempt to access beyond end of device [ 551.743898][ T7] loop1: rw=1, want=6661, limit=63 [ 551.754684][ T7] attempt to access beyond end of device [ 551.760347][ T7] loop1: rw=1, want=8709, limit=63 [ 551.766969][ T7] attempt to access beyond end of device [ 551.772587][ T7] loop1: rw=1, want=8745, limit=63 03:21:53 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000200)="6653070002053c27bc337600363925d86800278dcff47d010000805acf4f8f36460234432479aed75d492b415bcee00a06dc9d8e99adaf81dcfc6afd983f79e65199615607676f8f9fc0ebf8b0b16d6f2c59957ab364884b3c5d05692e664ebf68e6fa", 0x63}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ptrace$cont(0x7, r0, 0x0, 0x0) 03:21:53 executing program 3: r0 = socket$inet(0x2, 0x2, 0x0) getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000002d80)={0x0, @local, @local}, &(0x7f0000000280)=0xfffffffffffffee9) 03:21:53 executing program 5: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r0, &(0x7f0000000280)={0x2, 0x4e23, @broadcast}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000400)=[{0x6, 0x0, 0x0, 0xe8}]}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) sendmsg$TIPC_NL_BEARER_ADD(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)={0x14}, 0x14}}, 0x0) writev(r0, &(0x7f0000000bc0)=[{&(0x7f0000001340)="83a15d3f300b93f0737fde29ed5ab6a63f07c8891c4cd3d41ffff7136b011fff477d56ddd308455ff218d7bfab83b8ef75d5065d03adb820d42e03b0cd5ee383835cb611a3c7ac10e5b649a6901211360409c6e612e28110b1b5ee515fccf8a1031d396ea7b27b787779d57a7e428cc441a8e3ef52f3b73e76b729f56cc4fc4ba98263817c50d83f7a174e7322512908dc04f0965019807f47716203dd7e4ed9cb7579fe30e47df7ec5b0d9bc3e0268c9d794c187b021aa6e8c3cff33bae2ba5a28bf09121649a3a6de389c710f95d7eed26dde32725c55c8034a270c74ab3c59074ce0e0e00e83349b1332f69ef1773bb4a95a6ee448de80216b80ad910546cb9d8cb26f5db729f9835ab1b3fbc5a8479f9161846a26c7b112a85d952b49ebeefde12bf14150d81f5c734c463b14fc0b6a739fe413fbbd79257fbee13405f6ce7892788f6b14f90c2ef788e73e54dcf049e835b7fc9db9bd7a424be964444531069e799d8032b3856bb3ef6f0d8e9c21ae48c58f4965817bf278ac948f4aae727e8241a2ab6781b8c5d58d7731cb13a264b82e84d811432c04d8c4f059fc7bf0bff0f10d6896ee714f76474787bf1c8704178320e7252d6f60a5839c82e782e08b1cf3c6d56a01e6cc70111385b408aecf4873d305a0754ed28440ebfce3d7bbd94bdebd6e945bd2b17dcf26379dfb2ec6bb2e1a61eeea342a987b91bb3ce5e0187013abc861463378caa6e4a2bee49d4e2d263389687a7c2cd2a7cf0893da319bb04f1f1bf7a91d7976e9551face2928293abb98986187edcdafd8fcd9130316730357da17be532e14438a796ef47e40edb0ed9c55610d2b8bd52de0e656d17162ddb36612b94f1ab6ce11194cea845bd9f204e5acd84a374dcfaaf80fd7313f71c25f613af54a3096e7364c01e420bd2e4628c7e3d64d4a900d253656a03596dd5c25affa91fae809f41d6216d5ccc8d2e522f258991f9c0248c341711df4e5aab020e48aebca50cb85d77c54f3b9d7eca12130249416d596bc6dd635a6e90d5075048d099a826b3c9c665fe8d71a7fad2a0e0456698d2f8e1ab970b153aa28656ae2c52415daff4f454b9a423f6bd74d9f7d3dd62cfd260780e51d76d191d5c474f4c7d2d1f58a4b953b754d072ac9f69f2b17b71cfbc6790736df04bf5e9df73848bc80ccab3820fd19c8134dce4eac1af19c67ffc169e71f1c9acedaae570b13a6c80ef5f942d6a715ea3b6bd0cb877b2456d38eca79a09020c5b70ada626d98071af32dcd116c12335b48cf8ed8786f039f1c1188a12c84fa76ab6dcbaae5b73cda1773983cc31f810b8326a5d31938dbef8b95699f0cc88a61a66ae635af6bbe251d90f0dadbf9389c2a3337d97103a5b63da1aaf2db95cdcc273c1ba2fb06cbd7a84021742d6d308a876fcc349038c385a23b5ad0f78ba10627a7e2198ebd0197723d7d8494029234627ac3eca197785518fb0be557890d7a1270481da68a0cd3ddf599c42719b8415d01bd855d01a54ecf27be1dcf5a540ab3c9c4bf87e275155d754712a26b6aafbeb7abca50d8de66aa240e54bfda18cc97714e564fe6d778b0cb374e14556a48", 0x46d}], 0x1) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000600), 0x4) sendto$inet(r0, &(0x7f00000012c0)='\f&', 0x2, 0x11, 0x0, 0x0) 03:21:53 executing program 2: creat(&(0x7f0000000080)='./file0\x00', 0x0) bpf$OBJ_GET_PROG(0x7, &(0x7f0000000300)={&(0x7f00000002c0)='./file0\x00'}, 0x10) 03:21:53 executing program 4: r0 = inotify_init1(0x0) ioctl$ASHMEM_SET_PROT_MASK(r0, 0x40087705, 0x0) 03:21:53 executing program 1: prlimit64(0x0, 0x0, &(0x7f0000000280)={0x9, 0x8d}, 0x0) syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='sched\x00') preadv(0xffffffffffffffff, &(0x7f0000000380)=[{&(0x7f0000000240)=""/123, 0xfffffe65}], 0x1, 0x1000000) r0 = syz_genetlink_get_family_id$ipvs(0x0) sendmsg$IPVS_CMD_FLUSH(0xffffffffffffffff, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000480)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r0, @ANYBLOB="00012bbd7000fcdbdf25114000ff06000f000400000008000900000001000800030004000000"], 0x3}, 0x1, 0x0, 0x0, 0x4000000}, 0x1) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x7e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r5 = open(&(0x7f0000000240)='./file0\x00', 0x880, 0x0) fchdir(r5) r6 = creat(&(0x7f0000000680)='./bus\x00', 0x0) ftruncate(r6, 0x800) lseek(r6, 0x0, 0x2) r7 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0) sendfile(r6, r7, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0x0) sendmsg$NL80211_CMD_START_SCHED_SCAN(0xffffffffffffffff, &(0x7f0000000440)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000400)={&(0x7f00000006c0)=ANY=[@ANYBLOB="6000000056f3257a4fcfe2f523d172e7d3ccf9f026b82608f14536009793803f9262155f95eda2f906e1adf01794d1dc50d9f94fa2755eb6a78e734497b5d45d20299029657b342cf5048b8df517b8262e43802b6f4fd08e4831281e6744113689ba928193e3524a7b5bb966519233661752defd54145cabdab0049aba08ea9b814907008c1d269b2644bfdc4b8dc013fb936339f53e", @ANYRES16=0x0, @ANYBLOB="007bb5bd7000ffdbdf254b0000000400ec000a000600bbbbbbbbbbbb00000800d20000000700000000eeaaa100000000006a00000008000000000000000800000001000000080000000800000008000000fa02038ea700000103e31f08a3aa2bc5ddfe963acf2808c9a935574177c8d8dc9a540181df1ed1e696607eb8de4875eb"], 0x60}, 0x1, 0x0, 0x0, 0x4080}, 0xa0) 03:21:54 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)={0x14, 0x2, 0x6, 0x1}, 0x14}}, 0x0) 03:21:54 executing program 3: sendto$unix(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) 03:21:54 executing program 5: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r0, &(0x7f0000000280)={0x2, 0x4e23, @broadcast}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000400)=[{0x6, 0x0, 0x0, 0xe8}]}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) sendmsg$TIPC_NL_BEARER_ADD(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)={0x14}, 0x14}}, 0x0) writev(r0, &(0x7f0000000bc0)=[{&(0x7f0000001340)="83a15d3f300b93f0737fde29ed5ab6a63f07c8891c4cd3d41ffff7136b011fff477d56ddd308455ff218d7bfab83b8ef75d5065d03adb820d42e03b0cd5ee383835cb611a3c7ac10e5b649a6901211360409c6e612e28110b1b5ee515fccf8a1031d396ea7b27b787779d57a7e428cc441a8e3ef52f3b73e76b729f56cc4fc4ba98263817c50d83f7a174e7322512908dc04f0965019807f47716203dd7e4ed9cb7579fe30e47df7ec5b0d9bc3e0268c9d794c187b021aa6e8c3cff33bae2ba5a28bf09121649a3a6de389c710f95d7eed26dde32725c55c8034a270c74ab3c59074ce0e0e00e83349b1332f69ef1773bb4a95a6ee448de80216b80ad910546cb9d8cb26f5db729f9835ab1b3fbc5a8479f9161846a26c7b112a85d952b49ebeefde12bf14150d81f5c734c463b14fc0b6a739fe413fbbd79257fbee13405f6ce7892788f6b14f90c2ef788e73e54dcf049e835b7fc9db9bd7a424be964444531069e799d8032b3856bb3ef6f0d8e9c21ae48c58f4965817bf278ac948f4aae727e8241a2ab6781b8c5d58d7731cb13a264b82e84d811432c04d8c4f059fc7bf0bff0f10d6896ee714f76474787bf1c8704178320e7252d6f60a5839c82e782e08b1cf3c6d56a01e6cc70111385b408aecf4873d305a0754ed28440ebfce3d7bbd94bdebd6e945bd2b17dcf26379dfb2ec6bb2e1a61eeea342a987b91bb3ce5e0187013abc861463378caa6e4a2bee49d4e2d263389687a7c2cd2a7cf0893da319bb04f1f1bf7a91d7976e9551face2928293abb98986187edcdafd8fcd9130316730357da17be532e14438a796ef47e40edb0ed9c55610d2b8bd52de0e656d17162ddb36612b94f1ab6ce11194cea845bd9f204e5acd84a374dcfaaf80fd7313f71c25f613af54a3096e7364c01e420bd2e4628c7e3d64d4a900d253656a03596dd5c25affa91fae809f41d6216d5ccc8d2e522f258991f9c0248c341711df4e5aab020e48aebca50cb85d77c54f3b9d7eca12130249416d596bc6dd635a6e90d5075048d099a826b3c9c665fe8d71a7fad2a0e0456698d2f8e1ab970b153aa28656ae2c52415daff4f454b9a423f6bd74d9f7d3dd62cfd260780e51d76d191d5c474f4c7d2d1f58a4b953b754d072ac9f69f2b17b71cfbc6790736df04bf5e9df73848bc80ccab3820fd19c8134dce4eac1af19c67ffc169e71f1c9acedaae570b13a6c80ef5f942d6a715ea3b6bd0cb877b2456d38eca79a09020c5b70ada626d98071af32dcd116c12335b48cf8ed8786f039f1c1188a12c84fa76ab6dcbaae5b73cda1773983cc31f810b8326a5d31938dbef8b95699f0cc88a61a66ae635af6bbe251d90f0dadbf9389c2a3337d97103a5b63da1aaf2db95cdcc273c1ba2fb06cbd7a84021742d6d308a876fcc349038c385a23b5ad0f78ba10627a7e2198ebd0197723d7d8494029234627ac3eca197785518fb0be557890d7a1270481da68a0cd3ddf599c42719b8415d01bd855d01a54ecf27be1dcf5a540ab3c9c4bf87e275155d754712a26b6aafbeb7abca50d8de66aa240e54bfda18cc97714e564fe6d778b0cb374e14556a48", 0x46d}], 0x1) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000600), 0x4) sendto$inet(r0, &(0x7f00000012c0)='\f&', 0x2, 0x11, 0x0, 0x0) 03:21:54 executing program 2: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) fcntl$setstatus(r0, 0xb, 0x0) [ 554.123484][ T27] audit: type=1804 audit(1583119314.121:255): pid=23861 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir486746795/syzkaller.S4NoXv/118/file0/bus" dev="loop1" ino=132 res=1 [ 554.204030][ T27] audit: type=1804 audit(1583119314.201:256): pid=23872 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir486746795/syzkaller.S4NoXv/118/file0/bus" dev="loop1" ino=132 res=1 03:21:54 executing program 5: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r0, &(0x7f0000000280)={0x2, 0x4e23, @broadcast}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000400)=[{0x6, 0x0, 0x0, 0xe8}]}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) sendmsg$TIPC_NL_BEARER_ADD(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)={0x14}, 0x14}}, 0x0) writev(r0, &(0x7f0000000bc0)=[{&(0x7f0000001340)="83a15d3f300b93f0737fde29ed5ab6a63f07c8891c4cd3d41ffff7136b011fff477d56ddd308455ff218d7bfab83b8ef75d5065d03adb820d42e03b0cd5ee383835cb611a3c7ac10e5b649a6901211360409c6e612e28110b1b5ee515fccf8a1031d396ea7b27b787779d57a7e428cc441a8e3ef52f3b73e76b729f56cc4fc4ba98263817c50d83f7a174e7322512908dc04f0965019807f47716203dd7e4ed9cb7579fe30e47df7ec5b0d9bc3e0268c9d794c187b021aa6e8c3cff33bae2ba5a28bf09121649a3a6de389c710f95d7eed26dde32725c55c8034a270c74ab3c59074ce0e0e00e83349b1332f69ef1773bb4a95a6ee448de80216b80ad910546cb9d8cb26f5db729f9835ab1b3fbc5a8479f9161846a26c7b112a85d952b49ebeefde12bf14150d81f5c734c463b14fc0b6a739fe413fbbd79257fbee13405f6ce7892788f6b14f90c2ef788e73e54dcf049e835b7fc9db9bd7a424be964444531069e799d8032b3856bb3ef6f0d8e9c21ae48c58f4965817bf278ac948f4aae727e8241a2ab6781b8c5d58d7731cb13a264b82e84d811432c04d8c4f059fc7bf0bff0f10d6896ee714f76474787bf1c8704178320e7252d6f60a5839c82e782e08b1cf3c6d56a01e6cc70111385b408aecf4873d305a0754ed28440ebfce3d7bbd94bdebd6e945bd2b17dcf26379dfb2ec6bb2e1a61eeea342a987b91bb3ce5e0187013abc861463378caa6e4a2bee49d4e2d263389687a7c2cd2a7cf0893da319bb04f1f1bf7a91d7976e9551face2928293abb98986187edcdafd8fcd9130316730357da17be532e14438a796ef47e40edb0ed9c55610d2b8bd52de0e656d17162ddb36612b94f1ab6ce11194cea845bd9f204e5acd84a374dcfaaf80fd7313f71c25f613af54a3096e7364c01e420bd2e4628c7e3d64d4a900d253656a03596dd5c25affa91fae809f41d6216d5ccc8d2e522f258991f9c0248c341711df4e5aab020e48aebca50cb85d77c54f3b9d7eca12130249416d596bc6dd635a6e90d5075048d099a826b3c9c665fe8d71a7fad2a0e0456698d2f8e1ab970b153aa28656ae2c52415daff4f454b9a423f6bd74d9f7d3dd62cfd260780e51d76d191d5c474f4c7d2d1f58a4b953b754d072ac9f69f2b17b71cfbc6790736df04bf5e9df73848bc80ccab3820fd19c8134dce4eac1af19c67ffc169e71f1c9acedaae570b13a6c80ef5f942d6a715ea3b6bd0cb877b2456d38eca79a09020c5b70ada626d98071af32dcd116c12335b48cf8ed8786f039f1c1188a12c84fa76ab6dcbaae5b73cda1773983cc31f810b8326a5d31938dbef8b95699f0cc88a61a66ae635af6bbe251d90f0dadbf9389c2a3337d97103a5b63da1aaf2db95cdcc273c1ba2fb06cbd7a84021742d6d308a876fcc349038c385a23b5ad0f78ba10627a7e2198ebd0197723d7d8494029234627ac3eca197785518fb0be557890d7a1270481da68a0cd3ddf599c42719b8415d01bd855d01a54ecf27be1dcf5a540ab3c9c4bf87e275155d754712a26b6aafbeb7abca50d8de66aa240e54bfda18cc97714e564fe6d778b0cb374e14556a48", 0x46d}], 0x1) sendto$inet(r0, &(0x7f00000012c0)='\f&', 0x2, 0x11, 0x0, 0x0) 03:21:54 executing program 4: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) tkill(0x0, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, 0x0) [ 554.817731][ T7954] attempt to access beyond end of device [ 554.823392][ T7954] loop1: rw=1, want=3865, limit=63 [ 554.833590][ T7954] attempt to access beyond end of device [ 554.839336][ T7954] loop1: rw=1, want=5913, limit=63 [ 554.849630][ T7954] attempt to access beyond end of device [ 554.855334][ T7954] loop1: rw=1, want=7961, limit=63 [ 554.865390][ T7954] attempt to access beyond end of device [ 554.871248][ T7954] loop1: rw=1, want=10009, limit=63 [ 554.881918][ T7954] attempt to access beyond end of device [ 554.887610][ T7954] loop1: rw=1, want=12057, limit=63 [ 554.897246][ T7954] attempt to access beyond end of device [ 554.902954][ T7954] loop1: rw=1, want=14041, limit=63 03:21:56 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000200)="6653070002053c27bc337600363925d86800278dcff47d010000805acf4f8f36460234432479aed75d492b415bcee00a06dc9d8e99adaf81dcfc6afd983f79e65199615607676f8f9fc0ebf8b0b16d6f2c59957ab364884b3c5d05692e664ebf68e6fa", 0x63}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ptrace$cont(0x7, r0, 0x0, 0x0) 03:21:56 executing program 3: bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f00000000c0)={0xffffffffffffffff, 0x0, 0x0}, 0x20) 03:21:56 executing program 2: mkdir(&(0x7f0000000000)='./file0\x00', 0x0) chdir(&(0x7f0000000300)='./file0\x00') mkdir(&(0x7f0000000240)='./file1\x00', 0x0) 03:21:56 executing program 4: mmap(&(0x7f000005d000/0x400000)=nil, 0x400000, 0x3, 0x392d6ad36ec2c8b2, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mbind(&(0x7f0000012000/0xc00000)=nil, 0xc00000, 0x0, 0x0, 0x5d04, 0x10000000002) 03:21:56 executing program 5: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r0, &(0x7f0000000280)={0x2, 0x4e23, @broadcast}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000400)=[{0x6, 0x0, 0x0, 0xe8}]}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) sendmsg$TIPC_NL_BEARER_ADD(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)={0x14}, 0x14}}, 0x0) writev(r0, &(0x7f0000000bc0)=[{&(0x7f0000001340)="83a15d3f300b93f0737fde29ed5ab6a63f07c8891c4cd3d41ffff7136b011fff477d56ddd308455ff218d7bfab83b8ef75d5065d03adb820d42e03b0cd5ee383835cb611a3c7ac10e5b649a6901211360409c6e612e28110b1b5ee515fccf8a1031d396ea7b27b787779d57a7e428cc441a8e3ef52f3b73e76b729f56cc4fc4ba98263817c50d83f7a174e7322512908dc04f0965019807f47716203dd7e4ed9cb7579fe30e47df7ec5b0d9bc3e0268c9d794c187b021aa6e8c3cff33bae2ba5a28bf09121649a3a6de389c710f95d7eed26dde32725c55c8034a270c74ab3c59074ce0e0e00e83349b1332f69ef1773bb4a95a6ee448de80216b80ad910546cb9d8cb26f5db729f9835ab1b3fbc5a8479f9161846a26c7b112a85d952b49ebeefde12bf14150d81f5c734c463b14fc0b6a739fe413fbbd79257fbee13405f6ce7892788f6b14f90c2ef788e73e54dcf049e835b7fc9db9bd7a424be964444531069e799d8032b3856bb3ef6f0d8e9c21ae48c58f4965817bf278ac948f4aae727e8241a2ab6781b8c5d58d7731cb13a264b82e84d811432c04d8c4f059fc7bf0bff0f10d6896ee714f76474787bf1c8704178320e7252d6f60a5839c82e782e08b1cf3c6d56a01e6cc70111385b408aecf4873d305a0754ed28440ebfce3d7bbd94bdebd6e945bd2b17dcf26379dfb2ec6bb2e1a61eeea342a987b91bb3ce5e0187013abc861463378caa6e4a2bee49d4e2d263389687a7c2cd2a7cf0893da319bb04f1f1bf7a91d7976e9551face2928293abb98986187edcdafd8fcd9130316730357da17be532e14438a796ef47e40edb0ed9c55610d2b8bd52de0e656d17162ddb36612b94f1ab6ce11194cea845bd9f204e5acd84a374dcfaaf80fd7313f71c25f613af54a3096e7364c01e420bd2e4628c7e3d64d4a900d253656a03596dd5c25affa91fae809f41d6216d5ccc8d2e522f258991f9c0248c341711df4e5aab020e48aebca50cb85d77c54f3b9d7eca12130249416d596bc6dd635a6e90d5075048d099a826b3c9c665fe8d71a7fad2a0e0456698d2f8e1ab970b153aa28656ae2c52415daff4f454b9a423f6bd74d9f7d3dd62cfd260780e51d76d191d5c474f4c7d2d1f58a4b953b754d072ac9f69f2b17b71cfbc6790736df04bf5e9df73848bc80ccab3820fd19c8134dce4eac1af19c67ffc169e71f1c9acedaae570b13a6c80ef5f942d6a715ea3b6bd0cb877b2456d38eca79a09020c5b70ada626d98071af32dcd116c12335b48cf8ed8786f039f1c1188a12c84fa76ab6dcbaae5b73cda1773983cc31f810b8326a5d31938dbef8b95699f0cc88a61a66ae635af6bbe251d90f0dadbf9389c2a3337d97103a5b63da1aaf2db95cdcc273c1ba2fb06cbd7a84021742d6d308a876fcc349038c385a23b5ad0f78ba10627a7e2198ebd0197723d7d8494029234627ac3eca197785518fb0be557890d7a1270481da68a0cd3ddf599c42719b8415d01bd855d01a54ecf27be1dcf5a540ab3c9c4bf87e275155d754712a26b6aafbeb7abca50d8de66aa240e54bfda18cc97714e564fe6d778b0cb374e14556a48", 0x46d}], 0x1) sendto$inet(r0, &(0x7f00000012c0)='\f&', 0x2, 0x11, 0x0, 0x0) 03:21:56 executing program 1: prlimit64(0x0, 0x0, &(0x7f0000000280)={0x9, 0x8d}, 0x0) syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='sched\x00') preadv(0xffffffffffffffff, &(0x7f0000000380)=[{&(0x7f0000000240)=""/123, 0xfffffe65}], 0x1, 0x1000000) r0 = syz_genetlink_get_family_id$ipvs(0x0) sendmsg$IPVS_CMD_FLUSH(0xffffffffffffffff, &(0x7f0000000500)={&(0x7f0000000380), 0xc, &(0x7f00000004c0)={&(0x7f0000000480)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r0, @ANYBLOB="00012bbd7000fcdbdf25114000ff06000f000400000008000900000001000800030004000000"], 0x38}, 0x1, 0x0, 0x0, 0x4000000}, 0x1) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x7e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r5 = open(&(0x7f0000000240)='./file0\x00', 0x880, 0x0) fchdir(r5) r6 = creat(&(0x7f0000000680)='./bus\x00', 0x0) ftruncate(r6, 0x800) lseek(r6, 0x0, 0x2) r7 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0) sendfile(r6, r7, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0x0) sendmsg$NL80211_CMD_START_SCHED_SCAN(0xffffffffffffffff, &(0x7f0000000440)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000400)={&(0x7f00000006c0)=ANY=[@ANYBLOB="6000000056f3257a4fcfe2f523d172e7d3ccf9f026b82608f14536009793803f9262155f95eda2f906e1adf01794d1dc50d9f94fa2755eb6a78e734497b5d45d20299029657b342cf5048b8df517b8262e43802b6f4fd08e4831281e6744113689ba928193e3524a7b5bb966519233661752defd54145cabdab0049aba08ea9b814907008c1d269b2644bfdc4b8dc013fb936339f53e", @ANYRES16=0x0, @ANYBLOB="007bb5bd7000ffdbdf254b0000000400ec000a000600bbbbbbbbbbbb00000800d20000000700000000eeaaa100000000006a00000008000000000000000800000001000000080000000800000008000000fa02038ea700000103e31f08a3aa2bc5ddfe963acf2808c9a935574177c8d8dc9a540181df1ed1e696607eb8de4875eb"], 0x60}, 0x1, 0x0, 0x0, 0x4080}, 0xa0) 03:21:57 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f00000000c0)=0x100000001, 0x1d4) connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x0, @loopback}, 0x1c) 03:21:57 executing program 5: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r0, &(0x7f0000000280)={0x2, 0x4e23, @broadcast}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000400)=[{0x6, 0x0, 0x0, 0xe8}]}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) sendmsg$TIPC_NL_BEARER_ADD(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)={0x14}, 0x14}}, 0x0) writev(r0, &(0x7f0000000bc0)=[{&(0x7f0000001340)="83a15d3f300b93f0737fde29ed5ab6a63f07c8891c4cd3d41ffff7136b011fff477d56ddd308455ff218d7bfab83b8ef75d5065d03adb820d42e03b0cd5ee383835cb611a3c7ac10e5b649a6901211360409c6e612e28110b1b5ee515fccf8a1031d396ea7b27b787779d57a7e428cc441a8e3ef52f3b73e76b729f56cc4fc4ba98263817c50d83f7a174e7322512908dc04f0965019807f47716203dd7e4ed9cb7579fe30e47df7ec5b0d9bc3e0268c9d794c187b021aa6e8c3cff33bae2ba5a28bf09121649a3a6de389c710f95d7eed26dde32725c55c8034a270c74ab3c59074ce0e0e00e83349b1332f69ef1773bb4a95a6ee448de80216b80ad910546cb9d8cb26f5db729f9835ab1b3fbc5a8479f9161846a26c7b112a85d952b49ebeefde12bf14150d81f5c734c463b14fc0b6a739fe413fbbd79257fbee13405f6ce7892788f6b14f90c2ef788e73e54dcf049e835b7fc9db9bd7a424be964444531069e799d8032b3856bb3ef6f0d8e9c21ae48c58f4965817bf278ac948f4aae727e8241a2ab6781b8c5d58d7731cb13a264b82e84d811432c04d8c4f059fc7bf0bff0f10d6896ee714f76474787bf1c8704178320e7252d6f60a5839c82e782e08b1cf3c6d56a01e6cc70111385b408aecf4873d305a0754ed28440ebfce3d7bbd94bdebd6e945bd2b17dcf26379dfb2ec6bb2e1a61eeea342a987b91bb3ce5e0187013abc861463378caa6e4a2bee49d4e2d263389687a7c2cd2a7cf0893da319bb04f1f1bf7a91d7976e9551face2928293abb98986187edcdafd8fcd9130316730357da17be532e14438a796ef47e40edb0ed9c55610d2b8bd52de0e656d17162ddb36612b94f1ab6ce11194cea845bd9f204e5acd84a374dcfaaf80fd7313f71c25f613af54a3096e7364c01e420bd2e4628c7e3d64d4a900d253656a03596dd5c25affa91fae809f41d6216d5ccc8d2e522f258991f9c0248c341711df4e5aab020e48aebca50cb85d77c54f3b9d7eca12130249416d596bc6dd635a6e90d5075048d099a826b3c9c665fe8d71a7fad2a0e0456698d2f8e1ab970b153aa28656ae2c52415daff4f454b9a423f6bd74d9f7d3dd62cfd260780e51d76d191d5c474f4c7d2d1f58a4b953b754d072ac9f69f2b17b71cfbc6790736df04bf5e9df73848bc80ccab3820fd19c8134dce4eac1af19c67ffc169e71f1c9acedaae570b13a6c80ef5f942d6a715ea3b6bd0cb877b2456d38eca79a09020c5b70ada626d98071af32dcd116c12335b48cf8ed8786f039f1c1188a12c84fa76ab6dcbaae5b73cda1773983cc31f810b8326a5d31938dbef8b95699f0cc88a61a66ae635af6bbe251d90f0dadbf9389c2a3337d97103a5b63da1aaf2db95cdcc273c1ba2fb06cbd7a84021742d6d308a876fcc349038c385a23b5ad0f78ba10627a7e2198ebd0197723d7d8494029234627ac3eca197785518fb0be557890d7a1270481da68a0cd3ddf599c42719b8415d01bd855d01a54ecf27be1dcf5a540ab3c9c4bf87e275155d754712a26b6aafbeb7abca50d8de66aa240e54bfda18cc97714e564fe6d778b0cb374e14556a48", 0x46d}], 0x1) sendto$inet(r0, &(0x7f00000012c0)='\f&', 0x2, 0x11, 0x0, 0x0) 03:21:57 executing program 2: r0 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000280)='/dev/vsock\x00', 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0xc0045878, 0x0) 03:21:57 executing program 3: r0 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000000)='/proc/capi/capi20ncci\x00', 0x0, 0x0) connect$unix(r0, 0x0, 0x0) [ 557.273675][ T27] audit: type=1804 audit(1583119317.271:257): pid=23909 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir486746795/syzkaller.S4NoXv/119/file0/bus" dev="loop1" ino=133 res=1 03:21:57 executing program 5: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r0, &(0x7f0000000280)={0x2, 0x4e23, @broadcast}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000400)=[{0x6, 0x0, 0x0, 0xe8}]}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) sendmsg$TIPC_NL_BEARER_ADD(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)={0x14}, 0x14}}, 0x0) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000600), 0x4) sendto$inet(r0, &(0x7f00000012c0)='\f&', 0x2, 0x11, 0x0, 0x0) 03:21:57 executing program 4: mmap(&(0x7f000005d000/0x400000)=nil, 0x400000, 0x3, 0x392d6ad36ec2c8b2, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mbind(&(0x7f0000012000/0xc00000)=nil, 0xc00000, 0x0, 0x0, 0x5d04, 0x10000000002) [ 557.368088][ T27] audit: type=1804 audit(1583119317.361:258): pid=23922 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir486746795/syzkaller.S4NoXv/119/file0/bus" dev="loop1" ino=133 res=1 [ 557.882560][ T7972] attempt to access beyond end of device [ 557.888303][ T7972] loop1: rw=1, want=2389, limit=63 [ 557.899447][ T7972] attempt to access beyond end of device [ 557.905190][ T7972] loop1: rw=1, want=4437, limit=63 [ 557.916365][ T7972] attempt to access beyond end of device [ 557.922105][ T7972] loop1: rw=1, want=6485, limit=63 [ 557.932567][ T7972] attempt to access beyond end of device [ 557.938284][ T7972] loop1: rw=1, want=8533, limit=63 [ 557.946314][ T7972] attempt to access beyond end of device [ 557.952108][ T7972] loop1: rw=1, want=9281, limit=63 03:22:00 executing program 3: mount$fuse(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000100)='fuse\x00', 0x0, &(0x7f0000000180)={{'fd'}, 0x2c, {'rootmode'}, 0x2c, {'user_id'}, 0x2c, {'group_id'}}) 03:22:00 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_SIOCGPGRP(r0, 0x8904, &(0x7f00000004c0)) 03:22:00 executing program 5: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r0, &(0x7f0000000280)={0x2, 0x4e23, @broadcast}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000400)=[{0x6, 0x0, 0x0, 0xe8}]}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) sendmsg$TIPC_NL_BEARER_ADD(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)={0x14}, 0x14}}, 0x0) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000600), 0x4) sendto$inet(r0, &(0x7f00000012c0)='\f&', 0x2, 0x11, 0x0, 0x0) 03:22:00 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {&(0x7f0000000200)="6653070002053c27bc337600363925d86800278dcff47d010000805acf4f8f36460234432479aed75d492b415bcee00a06dc9d8e99adaf81dcfc6afd983f79e65199615607676f8f9fc0ebf8b0b16d6f2c59957ab364884b3c5d05692e664ebf68e6faa5", 0x64}], 0x3, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ptrace$cont(0x7, r0, 0x0, 0x0) 03:22:00 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) 03:22:00 executing program 1: prlimit64(0x0, 0x0, &(0x7f0000000280)={0x9, 0x8d}, 0x0) syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='sched\x00') preadv(0xffffffffffffffff, &(0x7f0000000380)=[{&(0x7f0000000240)=""/123, 0xfffffe65}], 0x1, 0x1000000) r0 = syz_genetlink_get_family_id$ipvs(0x0) sendmsg$IPVS_CMD_FLUSH(0xffffffffffffffff, &(0x7f0000000500)={&(0x7f0000000380), 0xc, &(0x7f00000004c0)={&(0x7f0000000480)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r0, @ANYBLOB="00012bbd7000fcdbdf25114000ff06000f000400000008000900000001000800030004000000"], 0x38}, 0x1, 0x0, 0x0, 0x4000000}, 0x1) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x7e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r5 = open(&(0x7f0000000240)='./file0\x00', 0x880, 0x0) fchdir(r5) r6 = creat(&(0x7f0000000680)='./bus\x00', 0x0) ftruncate(r6, 0x800) lseek(r6, 0x0, 0x2) r7 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0) sendfile(r6, r7, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0x0) sendmsg$NL80211_CMD_START_SCHED_SCAN(0xffffffffffffffff, &(0x7f0000000440)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000400)={&(0x7f00000006c0)=ANY=[@ANYBLOB="6000000056f3257a4fcfe2f523d172e7d3ccf9f026b82608f14536009793803f9262155f95eda2f906e1adf01794d1dc50d9f94fa2755eb6a78e734497b5d45d20299029657b342cf5048b8df517b8262e43802b6f4fd08e4831281e6744113689ba928193e3524a7b5bb966519233661752defd54145cabdab0049aba08ea9b814907008c1d269b2644bfdc4b8dc013fb936339f53e", @ANYRES16=0x0, @ANYBLOB="007bb5bd7000ffdbdf254b0000000400ec000a000600bbbbbbbbbbbb00000800d20000000700000000eeaaa100000000006a00000008000000000000000800000001000000080000000800000008000000fa02038ea700000103e31f08a3aa2bc5ddfe963acf2808c9a935574177c8d8dc9a540181df1ed1e696607eb8de4875eb"], 0x60}, 0x1, 0x0, 0x0, 0x4080}, 0xa0) 03:22:00 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) getsockopt$inet6_tcp_int(r0, 0x6, 0x0, 0x0, &(0x7f0000000040)) 03:22:00 executing program 3: r0 = socket(0x10, 0x80002, 0x0) write(r0, &(0x7f0000000140)="2600000022004701050000000000000005006d20002b1f000a4a51f1ee839cd53400b017ca5b", 0x26) 03:22:00 executing program 5: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r0, &(0x7f0000000280)={0x2, 0x4e23, @broadcast}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000400)=[{0x6, 0x0, 0x0, 0xe8}]}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) sendmsg$TIPC_NL_BEARER_ADD(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)={0x14}, 0x14}}, 0x0) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000600), 0x4) sendto$inet(r0, &(0x7f00000012c0)='\f&', 0x2, 0x11, 0x0, 0x0) 03:22:00 executing program 2: r0 = gettid() io_submit(0x0, 0x0, 0x0) ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) 03:22:00 executing program 5: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r0, &(0x7f0000000280)={0x2, 0x4e23, @broadcast}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000400)=[{0x6, 0x0, 0x0, 0xe8}]}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) writev(r0, &(0x7f0000000bc0)=[{&(0x7f0000001340)="83a15d3f300b93f0737fde29ed5ab6a63f07c8891c4cd3d41ffff7136b011fff477d56ddd308455ff218d7bfab83b8ef75d5065d03adb820d42e03b0cd5ee383835cb611a3c7ac10e5b649a6901211360409c6e612e28110b1b5ee515fccf8a1031d396ea7b27b787779d57a7e428cc441a8e3ef52f3b73e76b729f56cc4fc4ba98263817c50d83f7a174e7322512908dc04f0965019807f47716203dd7e4ed9cb7579fe30e47df7ec5b0d9bc3e0268c9d794c187b021aa6e8c3cff33bae2ba5a28bf09121649a3a6de389c710f95d7eed26dde32725c55c8034a270c74ab3c59074ce0e0e00e83349b1332f69ef1773bb4a95a6ee448de80216b80ad910546cb9d8cb26f5db729f9835ab1b3fbc5a8479f9161846a26c7b112a85d952b49ebeefde12bf14150d81f5c734c463b14fc0b6a739fe413fbbd79257fbee13405f6ce7892788f6b14f90c2ef788e73e54dcf049e835b7fc9db9bd7a424be964444531069e799d8032b3856bb3ef6f0d8e9c21ae48c58f4965817bf278ac948f4aae727e8241a2ab6781b8c5d58d7731cb13a264b82e84d811432c04d8c4f059fc7bf0bff0f10d6896ee714f76474787bf1c8704178320e7252d6f60a5839c82e782e08b1cf3c6d56a01e6cc70111385b408aecf4873d305a0754ed28440ebfce3d7bbd94bdebd6e945bd2b17dcf26379dfb2ec6bb2e1a61eeea342a987b91bb3ce5e0187013abc861463378caa6e4a2bee49d4e2d263389687a7c2cd2a7cf0893da319bb04f1f1bf7a91d7976e9551face2928293abb98986187edcdafd8fcd9130316730357da17be532e14438a796ef47e40edb0ed9c55610d2b8bd52de0e656d17162ddb36612b94f1ab6ce11194cea845bd9f204e5acd84a374dcfaaf80fd7313f71c25f613af54a3096e7364c01e420bd2e4628c7e3d64d4a900d253656a03596dd5c25affa91fae809f41d6216d5ccc8d2e522f258991f9c0248c341711df4e5aab020e48aebca50cb85d77c54f3b9d7eca12130249416d596bc6dd635a6e90d5075048d099a826b3c9c665fe8d71a7fad2a0e0456698d2f8e1ab970b153aa28656ae2c52415daff4f454b9a423f6bd74d9f7d3dd62cfd260780e51d76d191d5c474f4c7d2d1f58a4b953b754d072ac9f69f2b17b71cfbc6790736df04bf5e9df73848bc80ccab3820fd19c8134dce4eac1af19c67ffc169e71f1c9acedaae570b13a6c80ef5f942d6a715ea3b6bd0cb877b2456d38eca79a09020c5b70ada626d98071af32dcd116c12335b48cf8ed8786f039f1c1188a12c84fa76ab6dcbaae5b73cda1773983cc31f810b8326a5d31938dbef8b95699f0cc88a61a66ae635af6bbe251d90f0dadbf9389c2a3337d97103a5b63da1aaf2db95cdcc273c1ba2fb06cbd7a84021742d6d308a876fcc349038c385a23b5ad0f78ba10627a7e2198ebd0197723d7d8494029234627ac3eca197785518fb0be557890d7a1270481da68a0cd3ddf599c42719b8415d01bd855d01a54ecf27be1dcf5a540ab3c9c4bf87e275155d754712a26b6aafbeb7abca50d8de66aa240e54bfda18cc97714e564fe6d778b0cb374e14556a48", 0x46d}], 0x1) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000600), 0x4) sendto$inet(r0, &(0x7f00000012c0)='\f&', 0x2, 0x11, 0x0, 0x0) [ 560.335114][ T27] audit: type=1804 audit(1583119320.331:259): pid=23960 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir486746795/syzkaller.S4NoXv/120/file0/bus" dev="loop1" ino=134 res=1 03:22:00 executing program 3: syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) 03:22:00 executing program 2: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f000000c280)={&(0x7f0000000080)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x101, 0x0, 0x0, {}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}], {0x14}}, 0x48}}, 0x0) [ 560.422276][ T27] audit: type=1804 audit(1583119320.401:260): pid=23960 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir486746795/syzkaller.S4NoXv/120/file0/bus" dev="loop1" ino=134 res=1 03:22:00 executing program 5: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r0, &(0x7f0000000280)={0x2, 0x4e23, @broadcast}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000400)=[{0x6, 0x0, 0x0, 0xe8}]}, 0x10) writev(r0, &(0x7f0000000bc0)=[{&(0x7f0000001340)="83a15d3f300b93f0737fde29ed5ab6a63f07c8891c4cd3d41ffff7136b011fff477d56ddd308455ff218d7bfab83b8ef75d5065d03adb820d42e03b0cd5ee383835cb611a3c7ac10e5b649a6901211360409c6e612e28110b1b5ee515fccf8a1031d396ea7b27b787779d57a7e428cc441a8e3ef52f3b73e76b729f56cc4fc4ba98263817c50d83f7a174e7322512908dc04f0965019807f47716203dd7e4ed9cb7579fe30e47df7ec5b0d9bc3e0268c9d794c187b021aa6e8c3cff33bae2ba5a28bf09121649a3a6de389c710f95d7eed26dde32725c55c8034a270c74ab3c59074ce0e0e00e83349b1332f69ef1773bb4a95a6ee448de80216b80ad910546cb9d8cb26f5db729f9835ab1b3fbc5a8479f9161846a26c7b112a85d952b49ebeefde12bf14150d81f5c734c463b14fc0b6a739fe413fbbd79257fbee13405f6ce7892788f6b14f90c2ef788e73e54dcf049e835b7fc9db9bd7a424be964444531069e799d8032b3856bb3ef6f0d8e9c21ae48c58f4965817bf278ac948f4aae727e8241a2ab6781b8c5d58d7731cb13a264b82e84d811432c04d8c4f059fc7bf0bff0f10d6896ee714f76474787bf1c8704178320e7252d6f60a5839c82e782e08b1cf3c6d56a01e6cc70111385b408aecf4873d305a0754ed28440ebfce3d7bbd94bdebd6e945bd2b17dcf26379dfb2ec6bb2e1a61eeea342a987b91bb3ce5e0187013abc861463378caa6e4a2bee49d4e2d263389687a7c2cd2a7cf0893da319bb04f1f1bf7a91d7976e9551face2928293abb98986187edcdafd8fcd9130316730357da17be532e14438a796ef47e40edb0ed9c55610d2b8bd52de0e656d17162ddb36612b94f1ab6ce11194cea845bd9f204e5acd84a374dcfaaf80fd7313f71c25f613af54a3096e7364c01e420bd2e4628c7e3d64d4a900d253656a03596dd5c25affa91fae809f41d6216d5ccc8d2e522f258991f9c0248c341711df4e5aab020e48aebca50cb85d77c54f3b9d7eca12130249416d596bc6dd635a6e90d5075048d099a826b3c9c665fe8d71a7fad2a0e0456698d2f8e1ab970b153aa28656ae2c52415daff4f454b9a423f6bd74d9f7d3dd62cfd260780e51d76d191d5c474f4c7d2d1f58a4b953b754d072ac9f69f2b17b71cfbc6790736df04bf5e9df73848bc80ccab3820fd19c8134dce4eac1af19c67ffc169e71f1c9acedaae570b13a6c80ef5f942d6a715ea3b6bd0cb877b2456d38eca79a09020c5b70ada626d98071af32dcd116c12335b48cf8ed8786f039f1c1188a12c84fa76ab6dcbaae5b73cda1773983cc31f810b8326a5d31938dbef8b95699f0cc88a61a66ae635af6bbe251d90f0dadbf9389c2a3337d97103a5b63da1aaf2db95cdcc273c1ba2fb06cbd7a84021742d6d308a876fcc349038c385a23b5ad0f78ba10627a7e2198ebd0197723d7d8494029234627ac3eca197785518fb0be557890d7a1270481da68a0cd3ddf599c42719b8415d01bd855d01a54ecf27be1dcf5a540ab3c9c4bf87e275155d754712a26b6aafbeb7abca50d8de66aa240e54bfda18cc97714e564fe6d778b0cb374e14556a48", 0x46d}], 0x1) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000600), 0x4) sendto$inet(r0, &(0x7f00000012c0)='\f&', 0x2, 0x11, 0x0, 0x0) 03:22:00 executing program 2: fsopen(&(0x7f0000001200)='cgroup2\x00', 0x0) 03:22:03 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {&(0x7f0000000200)="6653070002053c27bc337600363925d86800278dcff47d010000805acf4f8f36460234432479aed75d492b415bcee00a06dc9d8e99adaf81dcfc6afd983f79e65199615607676f8f9fc0ebf8b0b16d6f2c59957ab364884b3c5d05692e664ebf68e6faa5", 0x64}], 0x3, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ptrace$cont(0x7, r0, 0x0, 0x0) 03:22:03 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r1, &(0x7f0000000040)={0xa, 0x4e22}, 0x1c) listen(r1, 0x0) sendto$inet6(r0, 0x0, 0x0, 0x20000004, &(0x7f0000000280)={0xa, 0x100000004e22, 0x0, @loopback}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f0000000080)='tls\x00', 0x152) setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x1, &(0x7f0000000100)=@gcm_128={{0x303}, '\x00', '\x00', "20040100"}, 0x28) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x0, 0x40031, 0xffffffffffffffff, 0x0) sendto$inet6(r0, &(0x7f00000005c0), 0xe0ffffff, 0x0, 0x0, 0xd8) 03:22:03 executing program 5: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r0, &(0x7f0000000280)={0x2, 0x4e23, @broadcast}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000400)=[{0x6, 0x0, 0x0, 0xe8}]}, 0x10) writev(r0, &(0x7f0000000bc0)=[{&(0x7f0000001340)="83a15d3f300b93f0737fde29ed5ab6a63f07c8891c4cd3d41ffff7136b011fff477d56ddd308455ff218d7bfab83b8ef75d5065d03adb820d42e03b0cd5ee383835cb611a3c7ac10e5b649a6901211360409c6e612e28110b1b5ee515fccf8a1031d396ea7b27b787779d57a7e428cc441a8e3ef52f3b73e76b729f56cc4fc4ba98263817c50d83f7a174e7322512908dc04f0965019807f47716203dd7e4ed9cb7579fe30e47df7ec5b0d9bc3e0268c9d794c187b021aa6e8c3cff33bae2ba5a28bf09121649a3a6de389c710f95d7eed26dde32725c55c8034a270c74ab3c59074ce0e0e00e83349b1332f69ef1773bb4a95a6ee448de80216b80ad910546cb9d8cb26f5db729f9835ab1b3fbc5a8479f9161846a26c7b112a85d952b49ebeefde12bf14150d81f5c734c463b14fc0b6a739fe413fbbd79257fbee13405f6ce7892788f6b14f90c2ef788e73e54dcf049e835b7fc9db9bd7a424be964444531069e799d8032b3856bb3ef6f0d8e9c21ae48c58f4965817bf278ac948f4aae727e8241a2ab6781b8c5d58d7731cb13a264b82e84d811432c04d8c4f059fc7bf0bff0f10d6896ee714f76474787bf1c8704178320e7252d6f60a5839c82e782e08b1cf3c6d56a01e6cc70111385b408aecf4873d305a0754ed28440ebfce3d7bbd94bdebd6e945bd2b17dcf26379dfb2ec6bb2e1a61eeea342a987b91bb3ce5e0187013abc861463378caa6e4a2bee49d4e2d263389687a7c2cd2a7cf0893da319bb04f1f1bf7a91d7976e9551face2928293abb98986187edcdafd8fcd9130316730357da17be532e14438a796ef47e40edb0ed9c55610d2b8bd52de0e656d17162ddb36612b94f1ab6ce11194cea845bd9f204e5acd84a374dcfaaf80fd7313f71c25f613af54a3096e7364c01e420bd2e4628c7e3d64d4a900d253656a03596dd5c25affa91fae809f41d6216d5ccc8d2e522f258991f9c0248c341711df4e5aab020e48aebca50cb85d77c54f3b9d7eca12130249416d596bc6dd635a6e90d5075048d099a826b3c9c665fe8d71a7fad2a0e0456698d2f8e1ab970b153aa28656ae2c52415daff4f454b9a423f6bd74d9f7d3dd62cfd260780e51d76d191d5c474f4c7d2d1f58a4b953b754d072ac9f69f2b17b71cfbc6790736df04bf5e9df73848bc80ccab3820fd19c8134dce4eac1af19c67ffc169e71f1c9acedaae570b13a6c80ef5f942d6a715ea3b6bd0cb877b2456d38eca79a09020c5b70ada626d98071af32dcd116c12335b48cf8ed8786f039f1c1188a12c84fa76ab6dcbaae5b73cda1773983cc31f810b8326a5d31938dbef8b95699f0cc88a61a66ae635af6bbe251d90f0dadbf9389c2a3337d97103a5b63da1aaf2db95cdcc273c1ba2fb06cbd7a84021742d6d308a876fcc349038c385a23b5ad0f78ba10627a7e2198ebd0197723d7d8494029234627ac3eca197785518fb0be557890d7a1270481da68a0cd3ddf599c42719b8415d01bd855d01a54ecf27be1dcf5a540ab3c9c4bf87e275155d754712a26b6aafbeb7abca50d8de66aa240e54bfda18cc97714e564fe6d778b0cb374e14556a48", 0x46d}], 0x1) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000600), 0x4) sendto$inet(r0, &(0x7f00000012c0)='\f&', 0x2, 0x11, 0x0, 0x0) 03:22:03 executing program 2: pipe(&(0x7f0000000340)={0xffffffffffffffff}) write$UHID_CREATE(r0, 0x0, 0x0) 03:22:03 executing program 1: prlimit64(0x0, 0x0, &(0x7f0000000280)={0x9, 0x8d}, 0x0) syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='sched\x00') preadv(0xffffffffffffffff, &(0x7f0000000380)=[{&(0x7f0000000240)=""/123, 0xfffffe65}], 0x1, 0x1000000) r0 = syz_genetlink_get_family_id$ipvs(0x0) sendmsg$IPVS_CMD_FLUSH(0xffffffffffffffff, &(0x7f0000000500)={&(0x7f0000000380), 0xc, &(0x7f00000004c0)={&(0x7f0000000480)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r0, @ANYBLOB="00012bbd7000fcdbdf25114000ff06000f000400000008000900000001000800030004000000"], 0x38}, 0x1, 0x0, 0x0, 0x4000000}, 0x1) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x7e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r5 = open(&(0x7f0000000240)='./file0\x00', 0x880, 0x0) fchdir(r5) r6 = creat(&(0x7f0000000680)='./bus\x00', 0x0) ftruncate(r6, 0x800) lseek(r6, 0x0, 0x2) r7 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0) sendfile(r6, r7, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0x0) sendmsg$NL80211_CMD_START_SCHED_SCAN(0xffffffffffffffff, &(0x7f0000000440)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000400)={&(0x7f00000006c0)=ANY=[@ANYBLOB="6000000056f3257a4fcfe2f523d172e7d3ccf9f026b82608f14536009793803f9262155f95eda2f906e1adf01794d1dc50d9f94fa2755eb6a78e734497b5d45d20299029657b342cf5048b8df517b8262e43802b6f4fd08e4831281e6744113689ba928193e3524a7b5bb966519233661752defd54145cabdab0049aba08ea9b814907008c1d269b2644bfdc4b8dc013fb936339f53e", @ANYRES16=0x0, @ANYBLOB="007bb5bd7000ffdbdf254b0000000400ec000a000600bbbbbbbbbbbb00000800d20000000700000000eeaaa100000000006a00000008000000000000000800000001000000080000000800000008000000fa02038ea700000103e31f08a3aa2bc5ddfe963acf2808c9a935574177c8d8dc9a540181df1ed1e696607eb8de4875eb"], 0x60}, 0x1, 0x0, 0x0, 0x4080}, 0xa0) 03:22:03 executing program 4: r0 = creat(&(0x7f0000000080)='./bus\x00', 0x0) fallocate(r0, 0x100000003, 0x0, 0x28120005) 03:22:03 executing program 4: syz_genetlink_get_family_id$netlbl_cipso(0x0) [ 563.240424][ C0] TCP: request_sock_TCPv6: Possible SYN flooding on port 20002. Sending cookies. Check SNMP counters. 03:22:03 executing program 2: perf_event_open(&(0x7f0000000100)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 03:22:03 executing program 5: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r0, &(0x7f0000000280)={0x2, 0x4e23, @broadcast}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000400)=[{0x6, 0x0, 0x0, 0xe8}]}, 0x10) writev(r0, &(0x7f0000000bc0)=[{&(0x7f0000001340)="83a15d3f300b93f0737fde29ed5ab6a63f07c8891c4cd3d41ffff7136b011fff477d56ddd308455ff218d7bfab83b8ef75d5065d03adb820d42e03b0cd5ee383835cb611a3c7ac10e5b649a6901211360409c6e612e28110b1b5ee515fccf8a1031d396ea7b27b787779d57a7e428cc441a8e3ef52f3b73e76b729f56cc4fc4ba98263817c50d83f7a174e7322512908dc04f0965019807f47716203dd7e4ed9cb7579fe30e47df7ec5b0d9bc3e0268c9d794c187b021aa6e8c3cff33bae2ba5a28bf09121649a3a6de389c710f95d7eed26dde32725c55c8034a270c74ab3c59074ce0e0e00e83349b1332f69ef1773bb4a95a6ee448de80216b80ad910546cb9d8cb26f5db729f9835ab1b3fbc5a8479f9161846a26c7b112a85d952b49ebeefde12bf14150d81f5c734c463b14fc0b6a739fe413fbbd79257fbee13405f6ce7892788f6b14f90c2ef788e73e54dcf049e835b7fc9db9bd7a424be964444531069e799d8032b3856bb3ef6f0d8e9c21ae48c58f4965817bf278ac948f4aae727e8241a2ab6781b8c5d58d7731cb13a264b82e84d811432c04d8c4f059fc7bf0bff0f10d6896ee714f76474787bf1c8704178320e7252d6f60a5839c82e782e08b1cf3c6d56a01e6cc70111385b408aecf4873d305a0754ed28440ebfce3d7bbd94bdebd6e945bd2b17dcf26379dfb2ec6bb2e1a61eeea342a987b91bb3ce5e0187013abc861463378caa6e4a2bee49d4e2d263389687a7c2cd2a7cf0893da319bb04f1f1bf7a91d7976e9551face2928293abb98986187edcdafd8fcd9130316730357da17be532e14438a796ef47e40edb0ed9c55610d2b8bd52de0e656d17162ddb36612b94f1ab6ce11194cea845bd9f204e5acd84a374dcfaaf80fd7313f71c25f613af54a3096e7364c01e420bd2e4628c7e3d64d4a900d253656a03596dd5c25affa91fae809f41d6216d5ccc8d2e522f258991f9c0248c341711df4e5aab020e48aebca50cb85d77c54f3b9d7eca12130249416d596bc6dd635a6e90d5075048d099a826b3c9c665fe8d71a7fad2a0e0456698d2f8e1ab970b153aa28656ae2c52415daff4f454b9a423f6bd74d9f7d3dd62cfd260780e51d76d191d5c474f4c7d2d1f58a4b953b754d072ac9f69f2b17b71cfbc6790736df04bf5e9df73848bc80ccab3820fd19c8134dce4eac1af19c67ffc169e71f1c9acedaae570b13a6c80ef5f942d6a715ea3b6bd0cb877b2456d38eca79a09020c5b70ada626d98071af32dcd116c12335b48cf8ed8786f039f1c1188a12c84fa76ab6dcbaae5b73cda1773983cc31f810b8326a5d31938dbef8b95699f0cc88a61a66ae635af6bbe251d90f0dadbf9389c2a3337d97103a5b63da1aaf2db95cdcc273c1ba2fb06cbd7a84021742d6d308a876fcc349038c385a23b5ad0f78ba10627a7e2198ebd0197723d7d8494029234627ac3eca197785518fb0be557890d7a1270481da68a0cd3ddf599c42719b8415d01bd855d01a54ecf27be1dcf5a540ab3c9c4bf87e275155d754712a26b6aafbeb7abca50d8de66aa240e54bfda18cc97714e564fe6d778b0cb374e14556a48", 0x46d}], 0x1) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000600), 0x4) sendto$inet(r0, &(0x7f00000012c0)='\f&', 0x2, 0x11, 0x0, 0x0) 03:22:03 executing program 3: sendto(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0xfffffd2a) 03:22:03 executing program 3: r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000000)={0xaa, 0x21}) 03:22:03 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {&(0x7f0000000200)="6653070002053c27bc337600363925d86800278dcff47d010000805acf4f8f36460234432479aed75d492b415bcee00a06dc9d8e99adaf81dcfc6afd983f79e65199615607676f8f9fc0ebf8b0b16d6f2c59957ab364884b3c5d05692e664ebf68e6faa5", 0x64}], 0x3, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ptrace$cont(0x7, r0, 0x0, 0x0) 03:22:03 executing program 2: socketpair(0x22, 0x0, 0x3f, &(0x7f0000000440)) 03:22:03 executing program 4: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000280)={0x0}, 0x1, 0x0, 0x32}, 0x0) [ 563.530691][ T27] audit: type=1804 audit(1583119323.531:261): pid=24010 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir486746795/syzkaller.S4NoXv/121/file0/bus" dev="loop1" ino=135 res=1 03:22:03 executing program 3: bpf$MAP_CREATE(0x0, &(0x7f00000000c0)={0x1a}, 0x40) [ 563.587857][ T27] audit: type=1804 audit(1583119323.571:262): pid=24022 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir486746795/syzkaller.S4NoXv/121/file0/bus" dev="loop1" ino=135 res=1 03:22:03 executing program 5: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r0, &(0x7f0000000280)={0x2, 0x4e23, @broadcast}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) writev(r0, &(0x7f0000000bc0)=[{&(0x7f0000001340)="83a15d3f300b93f0737fde29ed5ab6a63f07c8891c4cd3d41ffff7136b011fff477d56ddd308455ff218d7bfab83b8ef75d5065d03adb820d42e03b0cd5ee383835cb611a3c7ac10e5b649a6901211360409c6e612e28110b1b5ee515fccf8a1031d396ea7b27b787779d57a7e428cc441a8e3ef52f3b73e76b729f56cc4fc4ba98263817c50d83f7a174e7322512908dc04f0965019807f47716203dd7e4ed9cb7579fe30e47df7ec5b0d9bc3e0268c9d794c187b021aa6e8c3cff33bae2ba5a28bf09121649a3a6de389c710f95d7eed26dde32725c55c8034a270c74ab3c59074ce0e0e00e83349b1332f69ef1773bb4a95a6ee448de80216b80ad910546cb9d8cb26f5db729f9835ab1b3fbc5a8479f9161846a26c7b112a85d952b49ebeefde12bf14150d81f5c734c463b14fc0b6a739fe413fbbd79257fbee13405f6ce7892788f6b14f90c2ef788e73e54dcf049e835b7fc9db9bd7a424be964444531069e799d8032b3856bb3ef6f0d8e9c21ae48c58f4965817bf278ac948f4aae727e8241a2ab6781b8c5d58d7731cb13a264b82e84d811432c04d8c4f059fc7bf0bff0f10d6896ee714f76474787bf1c8704178320e7252d6f60a5839c82e782e08b1cf3c6d56a01e6cc70111385b408aecf4873d305a0754ed28440ebfce3d7bbd94bdebd6e945bd2b17dcf26379dfb2ec6bb2e1a61eeea342a987b91bb3ce5e0187013abc861463378caa6e4a2bee49d4e2d263389687a7c2cd2a7cf0893da319bb04f1f1bf7a91d7976e9551face2928293abb98986187edcdafd8fcd9130316730357da17be532e14438a796ef47e40edb0ed9c55610d2b8bd52de0e656d17162ddb36612b94f1ab6ce11194cea845bd9f204e5acd84a374dcfaaf80fd7313f71c25f613af54a3096e7364c01e420bd2e4628c7e3d64d4a900d253656a03596dd5c25affa91fae809f41d6216d5ccc8d2e522f258991f9c0248c341711df4e5aab020e48aebca50cb85d77c54f3b9d7eca12130249416d596bc6dd635a6e90d5075048d099a826b3c9c665fe8d71a7fad2a0e0456698d2f8e1ab970b153aa28656ae2c52415daff4f454b9a423f6bd74d9f7d3dd62cfd260780e51d76d191d5c474f4c7d2d1f58a4b953b754d072ac9f69f2b17b71cfbc6790736df04bf5e9df73848bc80ccab3820fd19c8134dce4eac1af19c67ffc169e71f1c9acedaae570b13a6c80ef5f942d6a715ea3b6bd0cb877b2456d38eca79a09020c5b70ada626d98071af32dcd116c12335b48cf8ed8786f039f1c1188a12c84fa76ab6dcbaae5b73cda1773983cc31f810b8326a5d31938dbef8b95699f0cc88a61a66ae635af6bbe251d90f0dadbf9389c2a3337d97103a5b63da1aaf2db95cdcc273c1ba2fb06cbd7a84021742d6d308a876fcc349038c385a23b5ad0f78ba10627a7e2198ebd0197723d7d8494029234627ac3eca197785518fb0be557890d7a1270481da68a0cd3ddf599c42719b8415d01bd855d01a54ecf27be1dcf5a540ab3c9c4bf87e275155d754712a26b6aafbeb7abca50d8de66aa240e54bfda18cc97714e564fe6d778b0cb374e14556a48", 0x46d}], 0x1) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000600), 0x4) sendto$inet(r0, &(0x7f00000012c0)='\f&', 0x2, 0x11, 0x0, 0x0) 03:22:04 executing program 1: prlimit64(0x0, 0x0, &(0x7f0000000280)={0x9, 0x8d}, 0x0) syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='sched\x00') preadv(0xffffffffffffffff, &(0x7f0000000380)=[{&(0x7f0000000240)=""/123, 0xfffffe65}], 0x1, 0x1000000) syz_genetlink_get_family_id$ipvs(0x0) sendmsg$IPVS_CMD_FLUSH(0xffffffffffffffff, &(0x7f0000000500)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x1000000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x4000000}, 0x1) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x7e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r4 = open(&(0x7f0000000240)='./file0\x00', 0x880, 0x0) fchdir(r4) r5 = creat(&(0x7f0000000680)='./bus\x00', 0x0) ftruncate(r5, 0x800) lseek(r5, 0x0, 0x2) r6 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0) sendfile(r5, r6, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0x0) sendmsg$NL80211_CMD_START_SCHED_SCAN(0xffffffffffffffff, &(0x7f0000000440)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000400)={&(0x7f00000006c0)=ANY=[@ANYBLOB="6000000056f3257a4fcfe2f523d172e7d3ccf9f026b82608f14536009793803f9262155f95eda2f906e1adf01794d1dc50d9f94fa2755eb6a78e734497b5d45d20299029657b342cf5048b8df517b8262e43802b6f4fd08e4831281e6744113689ba928193e3524a7b5bb966519233661752defd54145cabdab0049aba08ea9b814907008c1d269b2644bfdc4b8dc013fb936339f53e", @ANYRES16=0x0, @ANYBLOB="007bb5bd7000ffdbdf254b0000000400ec000a000600bbbbbbbbbbbb00000800d20000000700000000eeaaa100000000006a00000008000000000000000800000001000000080000000800000008000000fa02038ea700000103e31f08a3aa2bc5ddfe963acf2808c9a935574177c8d8dc9a540181df1ed1e696607eb8de4875eb"], 0x60}, 0x1, 0x0, 0x0, 0x4080}, 0xa0) 03:22:04 executing program 4: pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r0, 0x0, 0x0, 0x0) 03:22:04 executing program 3: r0 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) writev(r0, &(0x7f0000000440)=[{0x0}, {&(0x7f0000000c00)='S', 0x1}], 0x2) 03:22:04 executing program 5: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r0, &(0x7f0000000280)={0x2, 0x4e23, @broadcast}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) writev(r0, &(0x7f0000000bc0)=[{&(0x7f0000001340)="83a15d3f300b93f0737fde29ed5ab6a63f07c8891c4cd3d41ffff7136b011fff477d56ddd308455ff218d7bfab83b8ef75d5065d03adb820d42e03b0cd5ee383835cb611a3c7ac10e5b649a6901211360409c6e612e28110b1b5ee515fccf8a1031d396ea7b27b787779d57a7e428cc441a8e3ef52f3b73e76b729f56cc4fc4ba98263817c50d83f7a174e7322512908dc04f0965019807f47716203dd7e4ed9cb7579fe30e47df7ec5b0d9bc3e0268c9d794c187b021aa6e8c3cff33bae2ba5a28bf09121649a3a6de389c710f95d7eed26dde32725c55c8034a270c74ab3c59074ce0e0e00e83349b1332f69ef1773bb4a95a6ee448de80216b80ad910546cb9d8cb26f5db729f9835ab1b3fbc5a8479f9161846a26c7b112a85d952b49ebeefde12bf14150d81f5c734c463b14fc0b6a739fe413fbbd79257fbee13405f6ce7892788f6b14f90c2ef788e73e54dcf049e835b7fc9db9bd7a424be964444531069e799d8032b3856bb3ef6f0d8e9c21ae48c58f4965817bf278ac948f4aae727e8241a2ab6781b8c5d58d7731cb13a264b82e84d811432c04d8c4f059fc7bf0bff0f10d6896ee714f76474787bf1c8704178320e7252d6f60a5839c82e782e08b1cf3c6d56a01e6cc70111385b408aecf4873d305a0754ed28440ebfce3d7bbd94bdebd6e945bd2b17dcf26379dfb2ec6bb2e1a61eeea342a987b91bb3ce5e0187013abc861463378caa6e4a2bee49d4e2d263389687a7c2cd2a7cf0893da319bb04f1f1bf7a91d7976e9551face2928293abb98986187edcdafd8fcd9130316730357da17be532e14438a796ef47e40edb0ed9c55610d2b8bd52de0e656d17162ddb36612b94f1ab6ce11194cea845bd9f204e5acd84a374dcfaaf80fd7313f71c25f613af54a3096e7364c01e420bd2e4628c7e3d64d4a900d253656a03596dd5c25affa91fae809f41d6216d5ccc8d2e522f258991f9c0248c341711df4e5aab020e48aebca50cb85d77c54f3b9d7eca12130249416d596bc6dd635a6e90d5075048d099a826b3c9c665fe8d71a7fad2a0e0456698d2f8e1ab970b153aa28656ae2c52415daff4f454b9a423f6bd74d9f7d3dd62cfd260780e51d76d191d5c474f4c7d2d1f58a4b953b754d072ac9f69f2b17b71cfbc6790736df04bf5e9df73848bc80ccab3820fd19c8134dce4eac1af19c67ffc169e71f1c9acedaae570b13a6c80ef5f942d6a715ea3b6bd0cb877b2456d38eca79a09020c5b70ada626d98071af32dcd116c12335b48cf8ed8786f039f1c1188a12c84fa76ab6dcbaae5b73cda1773983cc31f810b8326a5d31938dbef8b95699f0cc88a61a66ae635af6bbe251d90f0dadbf9389c2a3337d97103a5b63da1aaf2db95cdcc273c1ba2fb06cbd7a84021742d6d308a876fcc349038c385a23b5ad0f78ba10627a7e2198ebd0197723d7d8494029234627ac3eca197785518fb0be557890d7a1270481da68a0cd3ddf599c42719b8415d01bd855d01a54ecf27be1dcf5a540ab3c9c4bf87e275155d754712a26b6aafbeb7abca50d8de66aa240e54bfda18cc97714e564fe6d778b0cb374e14556a48", 0x46d}], 0x1) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000600), 0x4) sendto$inet(r0, &(0x7f00000012c0)='\f&', 0x2, 0x11, 0x0, 0x0) 03:22:04 executing program 2: r0 = socket$l2tp6(0xa, 0x2, 0x73) sendto$l2tp6(r0, &(0x7f0000000000)="9e", 0x1, 0x800, &(0x7f0000000040)={0xa, 0x0, 0x0, @mcast1, 0x1}, 0x20) 03:22:04 executing program 2: r0 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ioctl$VIDIOC_DQEVENT(r0, 0x80885659, 0x0) 03:22:04 executing program 5: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r0, &(0x7f0000000280)={0x2, 0x4e23, @broadcast}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) writev(r0, &(0x7f0000000bc0)=[{&(0x7f0000001340)="83a15d3f300b93f0737fde29ed5ab6a63f07c8891c4cd3d41ffff7136b011fff477d56ddd308455ff218d7bfab83b8ef75d5065d03adb820d42e03b0cd5ee383835cb611a3c7ac10e5b649a6901211360409c6e612e28110b1b5ee515fccf8a1031d396ea7b27b787779d57a7e428cc441a8e3ef52f3b73e76b729f56cc4fc4ba98263817c50d83f7a174e7322512908dc04f0965019807f47716203dd7e4ed9cb7579fe30e47df7ec5b0d9bc3e0268c9d794c187b021aa6e8c3cff33bae2ba5a28bf09121649a3a6de389c710f95d7eed26dde32725c55c8034a270c74ab3c59074ce0e0e00e83349b1332f69ef1773bb4a95a6ee448de80216b80ad910546cb9d8cb26f5db729f9835ab1b3fbc5a8479f9161846a26c7b112a85d952b49ebeefde12bf14150d81f5c734c463b14fc0b6a739fe413fbbd79257fbee13405f6ce7892788f6b14f90c2ef788e73e54dcf049e835b7fc9db9bd7a424be964444531069e799d8032b3856bb3ef6f0d8e9c21ae48c58f4965817bf278ac948f4aae727e8241a2ab6781b8c5d58d7731cb13a264b82e84d811432c04d8c4f059fc7bf0bff0f10d6896ee714f76474787bf1c8704178320e7252d6f60a5839c82e782e08b1cf3c6d56a01e6cc70111385b408aecf4873d305a0754ed28440ebfce3d7bbd94bdebd6e945bd2b17dcf26379dfb2ec6bb2e1a61eeea342a987b91bb3ce5e0187013abc861463378caa6e4a2bee49d4e2d263389687a7c2cd2a7cf0893da319bb04f1f1bf7a91d7976e9551face2928293abb98986187edcdafd8fcd9130316730357da17be532e14438a796ef47e40edb0ed9c55610d2b8bd52de0e656d17162ddb36612b94f1ab6ce11194cea845bd9f204e5acd84a374dcfaaf80fd7313f71c25f613af54a3096e7364c01e420bd2e4628c7e3d64d4a900d253656a03596dd5c25affa91fae809f41d6216d5ccc8d2e522f258991f9c0248c341711df4e5aab020e48aebca50cb85d77c54f3b9d7eca12130249416d596bc6dd635a6e90d5075048d099a826b3c9c665fe8d71a7fad2a0e0456698d2f8e1ab970b153aa28656ae2c52415daff4f454b9a423f6bd74d9f7d3dd62cfd260780e51d76d191d5c474f4c7d2d1f58a4b953b754d072ac9f69f2b17b71cfbc6790736df04bf5e9df73848bc80ccab3820fd19c8134dce4eac1af19c67ffc169e71f1c9acedaae570b13a6c80ef5f942d6a715ea3b6bd0cb877b2456d38eca79a09020c5b70ada626d98071af32dcd116c12335b48cf8ed8786f039f1c1188a12c84fa76ab6dcbaae5b73cda1773983cc31f810b8326a5d31938dbef8b95699f0cc88a61a66ae635af6bbe251d90f0dadbf9389c2a3337d97103a5b63da1aaf2db95cdcc273c1ba2fb06cbd7a84021742d6d308a876fcc349038c385a23b5ad0f78ba10627a7e2198ebd0197723d7d8494029234627ac3eca197785518fb0be557890d7a1270481da68a0cd3ddf599c42719b8415d01bd855d01a54ecf27be1dcf5a540ab3c9c4bf87e275155d754712a26b6aafbeb7abca50d8de66aa240e54bfda18cc97714e564fe6d778b0cb374e14556a48", 0x46d}], 0x1) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000600), 0x4) sendto$inet(r0, &(0x7f00000012c0)='\f&', 0x2, 0x11, 0x0, 0x0) [ 564.432787][ T27] audit: type=1804 audit(1583119324.431:263): pid=24071 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir486746795/syzkaller.S4NoXv/122/file0/bus" dev="loop1" ino=136 res=1 [ 564.497782][ T27] audit: type=1804 audit(1583119324.501:264): pid=24076 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir486746795/syzkaller.S4NoXv/122/file0/bus" dev="loop1" ino=136 res=1 [ 565.131147][ T7972] attempt to access beyond end of device [ 565.136888][ T7972] loop1: rw=1, want=3913, limit=63 [ 565.146777][ T7972] attempt to access beyond end of device [ 565.152554][ T7972] loop1: rw=1, want=5961, limit=63 [ 565.162459][ T7972] attempt to access beyond end of device [ 565.168279][ T7972] loop1: rw=1, want=8009, limit=63 [ 565.178824][ T7972] attempt to access beyond end of device [ 565.184555][ T7972] loop1: rw=1, want=10057, limit=63 [ 565.195119][ T7972] attempt to access beyond end of device [ 565.200886][ T7972] loop1: rw=1, want=12105, limit=63 [ 565.211752][ T7972] attempt to access beyond end of device [ 565.217420][ T7972] loop1: rw=1, want=14153, limit=63 [ 565.228757][ T7972] attempt to access beyond end of device [ 565.234397][ T7972] loop1: rw=1, want=16201, limit=63 [ 565.245046][ T7972] attempt to access beyond end of device [ 565.250750][ T7972] loop1: rw=1, want=18249, limit=63 [ 565.261001][ T7972] attempt to access beyond end of device [ 565.266704][ T7972] loop1: rw=1, want=20297, limit=63 [ 565.276441][ T7972] attempt to access beyond end of device [ 565.282190][ T7972] loop1: rw=1, want=22345, limit=63 [ 565.292916][ T7972] attempt to access beyond end of device [ 565.298696][ T7972] loop1: rw=1, want=24401, limit=63 [ 565.309367][ T7972] attempt to access beyond end of device [ 565.315057][ T7972] loop1: rw=1, want=26449, limit=63 [ 565.322208][ T7972] attempt to access beyond end of device [ 565.328032][ T7972] loop1: rw=1, want=26489, limit=63 03:22:06 executing program 3: fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) syz_mount_image$ext4(0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0) 03:22:06 executing program 4: r0 = syz_open_dev$sndseq(&(0x7f0000000880)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x2000000025f, @time}) 03:22:06 executing program 5: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000400)=[{0x6, 0x0, 0x0, 0xe8}]}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) writev(r0, &(0x7f0000000bc0)=[{&(0x7f0000001340)="83a15d3f300b93f0737fde29ed5ab6a63f07c8891c4cd3d41ffff7136b011fff477d56ddd308455ff218d7bfab83b8ef75d5065d03adb820d42e03b0cd5ee383835cb611a3c7ac10e5b649a6901211360409c6e612e28110b1b5ee515fccf8a1031d396ea7b27b787779d57a7e428cc441a8e3ef52f3b73e76b729f56cc4fc4ba98263817c50d83f7a174e7322512908dc04f0965019807f47716203dd7e4ed9cb7579fe30e47df7ec5b0d9bc3e0268c9d794c187b021aa6e8c3cff33bae2ba5a28bf09121649a3a6de389c710f95d7eed26dde32725c55c8034a270c74ab3c59074ce0e0e00e83349b1332f69ef1773bb4a95a6ee448de80216b80ad910546cb9d8cb26f5db729f9835ab1b3fbc5a8479f9161846a26c7b112a85d952b49ebeefde12bf14150d81f5c734c463b14fc0b6a739fe413fbbd79257fbee13405f6ce7892788f6b14f90c2ef788e73e54dcf049e835b7fc9db9bd7a424be964444531069e799d8032b3856bb3ef6f0d8e9c21ae48c58f4965817bf278ac948f4aae727e8241a2ab6781b8c5d58d7731cb13a264b82e84d811432c04d8c4f059fc7bf0bff0f10d6896ee714f76474787bf1c8704178320e7252d6f60a5839c82e782e08b1cf3c6d56a01e6cc70111385b408aecf4873d305a0754ed28440ebfce3d7bbd94bdebd6e945bd2b17dcf26379dfb2ec6bb2e1a61eeea342a987b91bb3ce5e0187013abc861463378caa6e4a2bee49d4e2d263389687a7c2cd2a7cf0893da319bb04f1f1bf7a91d7976e9551face2928293abb98986187edcdafd8fcd9130316730357da17be532e14438a796ef47e40edb0ed9c55610d2b8bd52de0e656d17162ddb36612b94f1ab6ce11194cea845bd9f204e5acd84a374dcfaaf80fd7313f71c25f613af54a3096e7364c01e420bd2e4628c7e3d64d4a900d253656a03596dd5c25affa91fae809f41d6216d5ccc8d2e522f258991f9c0248c341711df4e5aab020e48aebca50cb85d77c54f3b9d7eca12130249416d596bc6dd635a6e90d5075048d099a826b3c9c665fe8d71a7fad2a0e0456698d2f8e1ab970b153aa28656ae2c52415daff4f454b9a423f6bd74d9f7d3dd62cfd260780e51d76d191d5c474f4c7d2d1f58a4b953b754d072ac9f69f2b17b71cfbc6790736df04bf5e9df73848bc80ccab3820fd19c8134dce4eac1af19c67ffc169e71f1c9acedaae570b13a6c80ef5f942d6a715ea3b6bd0cb877b2456d38eca79a09020c5b70ada626d98071af32dcd116c12335b48cf8ed8786f039f1c1188a12c84fa76ab6dcbaae5b73cda1773983cc31f810b8326a5d31938dbef8b95699f0cc88a61a66ae635af6bbe251d90f0dadbf9389c2a3337d97103a5b63da1aaf2db95cdcc273c1ba2fb06cbd7a84021742d6d308a876fcc349038c385a23b5ad0f78ba10627a7e2198ebd0197723d7d8494029234627ac3eca197785518fb0be557890d7a1270481da68a0cd3ddf599c42719b8415d01bd855d01a54ecf27be1dcf5a540ab3c9c4bf87e275155d754712a26b6aafbeb7abca50d8de66aa240e54bfda18cc97714e564fe6d778b0cb374e14556a48", 0x46d}], 0x1) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000600), 0x4) sendto$inet(r0, &(0x7f00000012c0)='\f&', 0x2, 0x11, 0x0, 0x0) 03:22:06 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {&(0x7f0000000200)="6653070002053c27bc337600363925d86800278dcff47d010000805acf4f8f36460234432479aed75d492b415bcee00a06dc9d8e99adaf81dcfc6afd983f79e65199615607676f8f9fc0ebf8b0b16d6f2c59957ab364884b3c5d05692e664ebf68e6faa5", 0x64}], 0x3, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ptrace$cont(0x7, r0, 0x0, 0x0) 03:22:06 executing program 1: prlimit64(0x0, 0x0, &(0x7f0000000280)={0x9, 0x8d}, 0x0) syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='sched\x00') preadv(0xffffffffffffffff, &(0x7f0000000380)=[{&(0x7f0000000240)=""/123, 0xfffffe65}], 0x1, 0x1000000) syz_genetlink_get_family_id$ipvs(0x0) sendmsg$IPVS_CMD_FLUSH(0xffffffffffffffff, &(0x7f0000000500)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x1000000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x4000000}, 0x1) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x7e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r4 = open(&(0x7f0000000240)='./file0\x00', 0x880, 0x0) fchdir(r4) r5 = creat(&(0x7f0000000680)='./bus\x00', 0x0) ftruncate(r5, 0x800) lseek(r5, 0x0, 0x2) r6 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0) sendfile(r5, r6, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0x0) sendmsg$NL80211_CMD_START_SCHED_SCAN(0xffffffffffffffff, &(0x7f0000000440)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000400)={&(0x7f00000006c0)=ANY=[@ANYBLOB="6000000056f3257a4fcfe2f523d172e7d3ccf9f026b82608f14536009793803f9262155f95eda2f906e1adf01794d1dc50d9f94fa2755eb6a78e734497b5d45d20299029657b342cf5048b8df517b8262e43802b6f4fd08e4831281e6744113689ba928193e3524a7b5bb966519233661752defd54145cabdab0049aba08ea9b814907008c1d269b2644bfdc4b8dc013fb936339f53e", @ANYRES16=0x0, @ANYBLOB="007bb5bd7000ffdbdf254b0000000400ec000a000600bbbbbbbbbbbb00000800d20000000700000000eeaaa100000000006a00000008000000000000000800000001000000080000000800000008000000fa02038ea700000103e31f08a3aa2bc5ddfe963acf2808c9a935574177c8d8dc9a540181df1ed1e696607eb8de4875eb"], 0x60}, 0x1, 0x0, 0x0, 0x4080}, 0xa0) 03:22:06 executing program 2: r0 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_udp_int(r0, 0x11, 0x66, &(0x7f00000000c0), 0x4) 03:22:06 executing program 4: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) r0 = open$dir(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) getdents64(r0, &(0x7f0000000800)=""/218, 0x9c2) 03:22:06 executing program 5: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000400)=[{0x6, 0x0, 0x0, 0xe8}]}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) writev(r0, &(0x7f0000000bc0)=[{&(0x7f0000001340)="83a15d3f300b93f0737fde29ed5ab6a63f07c8891c4cd3d41ffff7136b011fff477d56ddd308455ff218d7bfab83b8ef75d5065d03adb820d42e03b0cd5ee383835cb611a3c7ac10e5b649a6901211360409c6e612e28110b1b5ee515fccf8a1031d396ea7b27b787779d57a7e428cc441a8e3ef52f3b73e76b729f56cc4fc4ba98263817c50d83f7a174e7322512908dc04f0965019807f47716203dd7e4ed9cb7579fe30e47df7ec5b0d9bc3e0268c9d794c187b021aa6e8c3cff33bae2ba5a28bf09121649a3a6de389c710f95d7eed26dde32725c55c8034a270c74ab3c59074ce0e0e00e83349b1332f69ef1773bb4a95a6ee448de80216b80ad910546cb9d8cb26f5db729f9835ab1b3fbc5a8479f9161846a26c7b112a85d952b49ebeefde12bf14150d81f5c734c463b14fc0b6a739fe413fbbd79257fbee13405f6ce7892788f6b14f90c2ef788e73e54dcf049e835b7fc9db9bd7a424be964444531069e799d8032b3856bb3ef6f0d8e9c21ae48c58f4965817bf278ac948f4aae727e8241a2ab6781b8c5d58d7731cb13a264b82e84d811432c04d8c4f059fc7bf0bff0f10d6896ee714f76474787bf1c8704178320e7252d6f60a5839c82e782e08b1cf3c6d56a01e6cc70111385b408aecf4873d305a0754ed28440ebfce3d7bbd94bdebd6e945bd2b17dcf26379dfb2ec6bb2e1a61eeea342a987b91bb3ce5e0187013abc861463378caa6e4a2bee49d4e2d263389687a7c2cd2a7cf0893da319bb04f1f1bf7a91d7976e9551face2928293abb98986187edcdafd8fcd9130316730357da17be532e14438a796ef47e40edb0ed9c55610d2b8bd52de0e656d17162ddb36612b94f1ab6ce11194cea845bd9f204e5acd84a374dcfaaf80fd7313f71c25f613af54a3096e7364c01e420bd2e4628c7e3d64d4a900d253656a03596dd5c25affa91fae809f41d6216d5ccc8d2e522f258991f9c0248c341711df4e5aab020e48aebca50cb85d77c54f3b9d7eca12130249416d596bc6dd635a6e90d5075048d099a826b3c9c665fe8d71a7fad2a0e0456698d2f8e1ab970b153aa28656ae2c52415daff4f454b9a423f6bd74d9f7d3dd62cfd260780e51d76d191d5c474f4c7d2d1f58a4b953b754d072ac9f69f2b17b71cfbc6790736df04bf5e9df73848bc80ccab3820fd19c8134dce4eac1af19c67ffc169e71f1c9acedaae570b13a6c80ef5f942d6a715ea3b6bd0cb877b2456d38eca79a09020c5b70ada626d98071af32dcd116c12335b48cf8ed8786f039f1c1188a12c84fa76ab6dcbaae5b73cda1773983cc31f810b8326a5d31938dbef8b95699f0cc88a61a66ae635af6bbe251d90f0dadbf9389c2a3337d97103a5b63da1aaf2db95cdcc273c1ba2fb06cbd7a84021742d6d308a876fcc349038c385a23b5ad0f78ba10627a7e2198ebd0197723d7d8494029234627ac3eca197785518fb0be557890d7a1270481da68a0cd3ddf599c42719b8415d01bd855d01a54ecf27be1dcf5a540ab3c9c4bf87e275155d754712a26b6aafbeb7abca50d8de66aa240e54bfda18cc97714e564fe6d778b0cb374e14556a48", 0x46d}], 0x1) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000600), 0x4) sendto$inet(r0, &(0x7f00000012c0)='\f&', 0x2, 0x11, 0x0, 0x0) 03:22:06 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x2a7) 03:22:06 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r0, 0x4000000000000, 0x40, &(0x7f00000004c0)=@raw={'raw\x00', 0x2, 0x3, 0x260, 0x108, 0x0, 0x0, 0x0, 0x108, 0x1c8, 0x1c8, 0x1c8, 0x1c8, 0x1c8, 0x3, 0x0, {[{{@ip={@rand_addr, @dev, 0x0, 0x0, '\x00', 'veth0\x00'}, 0x0, 0xa0, 0x108, 0x0, {}, [@common=@inet=@dccp={{0x30, 'dccp\x00'}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, 'pptp\x00', 'syz0\x00'}}}, {{@uncond, 0x0, 0x98, 0xc0, 0x0, {}, [@inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}], {{[], 0x0, 0x70, 0x98}, {0x28, '\x00', 0x4}}}}, 0x2c0) 03:22:06 executing program 2: syz_mount_image$ext4(0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x1, &(0x7f0000000100)=[{0x0}], 0x4801, 0x0) 03:22:07 executing program 5: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000400)=[{0x6, 0x0, 0x0, 0xe8}]}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) writev(r0, &(0x7f0000000bc0)=[{&(0x7f0000001340)="83a15d3f300b93f0737fde29ed5ab6a63f07c8891c4cd3d41ffff7136b011fff477d56ddd308455ff218d7bfab83b8ef75d5065d03adb820d42e03b0cd5ee383835cb611a3c7ac10e5b649a6901211360409c6e612e28110b1b5ee515fccf8a1031d396ea7b27b787779d57a7e428cc441a8e3ef52f3b73e76b729f56cc4fc4ba98263817c50d83f7a174e7322512908dc04f0965019807f47716203dd7e4ed9cb7579fe30e47df7ec5b0d9bc3e0268c9d794c187b021aa6e8c3cff33bae2ba5a28bf09121649a3a6de389c710f95d7eed26dde32725c55c8034a270c74ab3c59074ce0e0e00e83349b1332f69ef1773bb4a95a6ee448de80216b80ad910546cb9d8cb26f5db729f9835ab1b3fbc5a8479f9161846a26c7b112a85d952b49ebeefde12bf14150d81f5c734c463b14fc0b6a739fe413fbbd79257fbee13405f6ce7892788f6b14f90c2ef788e73e54dcf049e835b7fc9db9bd7a424be964444531069e799d8032b3856bb3ef6f0d8e9c21ae48c58f4965817bf278ac948f4aae727e8241a2ab6781b8c5d58d7731cb13a264b82e84d811432c04d8c4f059fc7bf0bff0f10d6896ee714f76474787bf1c8704178320e7252d6f60a5839c82e782e08b1cf3c6d56a01e6cc70111385b408aecf4873d305a0754ed28440ebfce3d7bbd94bdebd6e945bd2b17dcf26379dfb2ec6bb2e1a61eeea342a987b91bb3ce5e0187013abc861463378caa6e4a2bee49d4e2d263389687a7c2cd2a7cf0893da319bb04f1f1bf7a91d7976e9551face2928293abb98986187edcdafd8fcd9130316730357da17be532e14438a796ef47e40edb0ed9c55610d2b8bd52de0e656d17162ddb36612b94f1ab6ce11194cea845bd9f204e5acd84a374dcfaaf80fd7313f71c25f613af54a3096e7364c01e420bd2e4628c7e3d64d4a900d253656a03596dd5c25affa91fae809f41d6216d5ccc8d2e522f258991f9c0248c341711df4e5aab020e48aebca50cb85d77c54f3b9d7eca12130249416d596bc6dd635a6e90d5075048d099a826b3c9c665fe8d71a7fad2a0e0456698d2f8e1ab970b153aa28656ae2c52415daff4f454b9a423f6bd74d9f7d3dd62cfd260780e51d76d191d5c474f4c7d2d1f58a4b953b754d072ac9f69f2b17b71cfbc6790736df04bf5e9df73848bc80ccab3820fd19c8134dce4eac1af19c67ffc169e71f1c9acedaae570b13a6c80ef5f942d6a715ea3b6bd0cb877b2456d38eca79a09020c5b70ada626d98071af32dcd116c12335b48cf8ed8786f039f1c1188a12c84fa76ab6dcbaae5b73cda1773983cc31f810b8326a5d31938dbef8b95699f0cc88a61a66ae635af6bbe251d90f0dadbf9389c2a3337d97103a5b63da1aaf2db95cdcc273c1ba2fb06cbd7a84021742d6d308a876fcc349038c385a23b5ad0f78ba10627a7e2198ebd0197723d7d8494029234627ac3eca197785518fb0be557890d7a1270481da68a0cd3ddf599c42719b8415d01bd855d01a54ecf27be1dcf5a540ab3c9c4bf87e275155d754712a26b6aafbeb7abca50d8de66aa240e54bfda18cc97714e564fe6d778b0cb374e14556a48", 0x46d}], 0x1) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000600), 0x4) sendto$inet(r0, &(0x7f00000012c0)='\f&', 0x2, 0x11, 0x0, 0x0) [ 567.057539][ T27] audit: type=1804 audit(1583119327.061:265): pid=24097 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir486746795/syzkaller.S4NoXv/123/file0/bus" dev="sda1" ino=17697 res=1 [ 567.091207][ T27] audit: type=1804 audit(1583119327.061:266): pid=24097 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir486746795/syzkaller.S4NoXv/123/file0/bus" dev="sda1" ino=17697 res=1 [ 567.130386][T24115] x_tables: ip_tables: dccp match: only valid for protocol 33 03:22:07 executing program 4: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) r0 = open$dir(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) getdents64(r0, &(0x7f0000000800)=""/218, 0x9c2) 03:22:07 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = add_key$user(&(0x7f0000000280)='user\x00', &(0x7f0000000000)={'syz'}, &(0x7f0000000240)='X', 0x1, 0xfffffffffffffffe) r1 = add_key$user(&(0x7f0000000200)='user\x00', &(0x7f00000005c0)={'syz'}, &(0x7f00000000c0), 0x390, 0xfffffffffffffffd) keyctl$dh_compute(0x17, &(0x7f0000000080)={r0, r1, r1}, 0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000040)={'crct10dif\x00'}}) 03:22:07 executing program 2: r0 = socket(0x2, 0xa, 0x0) connect$can_bcm(r0, 0x0, 0x0) 03:22:09 executing program 3: r0 = syz_open_procfs(0x0, &(0x7f0000000300)='net/netlink\x00') connect$can_j1939(r0, 0x0, 0x0) 03:22:09 executing program 5: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000280)={0x2, 0x4e23, @broadcast}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000400)=[{0x6, 0x0, 0x0, 0xe8}]}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) writev(r0, &(0x7f0000000bc0)=[{&(0x7f0000001340)="83a15d3f300b93f0737fde29ed5ab6a63f07c8891c4cd3d41ffff7136b011fff477d56ddd308455ff218d7bfab83b8ef75d5065d03adb820d42e03b0cd5ee383835cb611a3c7ac10e5b649a6901211360409c6e612e28110b1b5ee515fccf8a1031d396ea7b27b787779d57a7e428cc441a8e3ef52f3b73e76b729f56cc4fc4ba98263817c50d83f7a174e7322512908dc04f0965019807f47716203dd7e4ed9cb7579fe30e47df7ec5b0d9bc3e0268c9d794c187b021aa6e8c3cff33bae2ba5a28bf09121649a3a6de389c710f95d7eed26dde32725c55c8034a270c74ab3c59074ce0e0e00e83349b1332f69ef1773bb4a95a6ee448de80216b80ad910546cb9d8cb26f5db729f9835ab1b3fbc5a8479f9161846a26c7b112a85d952b49ebeefde12bf14150d81f5c734c463b14fc0b6a739fe413fbbd79257fbee13405f6ce7892788f6b14f90c2ef788e73e54dcf049e835b7fc9db9bd7a424be964444531069e799d8032b3856bb3ef6f0d8e9c21ae48c58f4965817bf278ac948f4aae727e8241a2ab6781b8c5d58d7731cb13a264b82e84d811432c04d8c4f059fc7bf0bff0f10d6896ee714f76474787bf1c8704178320e7252d6f60a5839c82e782e08b1cf3c6d56a01e6cc70111385b408aecf4873d305a0754ed28440ebfce3d7bbd94bdebd6e945bd2b17dcf26379dfb2ec6bb2e1a61eeea342a987b91bb3ce5e0187013abc861463378caa6e4a2bee49d4e2d263389687a7c2cd2a7cf0893da319bb04f1f1bf7a91d7976e9551face2928293abb98986187edcdafd8fcd9130316730357da17be532e14438a796ef47e40edb0ed9c55610d2b8bd52de0e656d17162ddb36612b94f1ab6ce11194cea845bd9f204e5acd84a374dcfaaf80fd7313f71c25f613af54a3096e7364c01e420bd2e4628c7e3d64d4a900d253656a03596dd5c25affa91fae809f41d6216d5ccc8d2e522f258991f9c0248c341711df4e5aab020e48aebca50cb85d77c54f3b9d7eca12130249416d596bc6dd635a6e90d5075048d099a826b3c9c665fe8d71a7fad2a0e0456698d2f8e1ab970b153aa28656ae2c52415daff4f454b9a423f6bd74d9f7d3dd62cfd260780e51d76d191d5c474f4c7d2d1f58a4b953b754d072ac9f69f2b17b71cfbc6790736df04bf5e9df73848bc80ccab3820fd19c8134dce4eac1af19c67ffc169e71f1c9acedaae570b13a6c80ef5f942d6a715ea3b6bd0cb877b2456d38eca79a09020c5b70ada626d98071af32dcd116c12335b48cf8ed8786f039f1c1188a12c84fa76ab6dcbaae5b73cda1773983cc31f810b8326a5d31938dbef8b95699f0cc88a61a66ae635af6bbe251d90f0dadbf9389c2a3337d97103a5b63da1aaf2db95cdcc273c1ba2fb06cbd7a84021742d6d308a876fcc349038c385a23b5ad0f78ba10627a7e2198ebd0197723d7d8494029234627ac3eca197785518fb0be557890d7a1270481da68a0cd3ddf599c42719b8415d01bd855d01a54ecf27be1dcf5a540ab3c9c4bf87e275155d754712a26b6aafbeb7abca50d8de66aa240e54bfda18cc97714e564fe6d778b0cb374e14556a48", 0x46d}], 0x1) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000600), 0x4) sendto$inet(r0, &(0x7f00000012c0)='\f&', 0x2, 0x11, 0x0, 0x0) 03:22:09 executing program 2: r0 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @mcast1}, 0x1c) 03:22:09 executing program 4: openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) 03:22:09 executing program 1: prlimit64(0x0, 0x0, &(0x7f0000000280)={0x9, 0x8d}, 0x0) syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='sched\x00') preadv(0xffffffffffffffff, &(0x7f0000000380)=[{&(0x7f0000000240)=""/123, 0xfffffe65}], 0x1, 0x1000000) syz_genetlink_get_family_id$ipvs(0x0) sendmsg$IPVS_CMD_FLUSH(0xffffffffffffffff, &(0x7f0000000500)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x1000000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x4000000}, 0x1) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x7e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r4 = open(&(0x7f0000000240)='./file0\x00', 0x880, 0x0) fchdir(r4) r5 = creat(&(0x7f0000000680)='./bus\x00', 0x0) ftruncate(r5, 0x800) lseek(r5, 0x0, 0x2) r6 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0) sendfile(r5, r6, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0x0) sendmsg$NL80211_CMD_START_SCHED_SCAN(0xffffffffffffffff, &(0x7f0000000440)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000400)={&(0x7f00000006c0)=ANY=[@ANYBLOB="6000000056f3257a4fcfe2f523d172e7d3ccf9f026b82608f14536009793803f9262155f95eda2f906e1adf01794d1dc50d9f94fa2755eb6a78e734497b5d45d20299029657b342cf5048b8df517b8262e43802b6f4fd08e4831281e6744113689ba928193e3524a7b5bb966519233661752defd54145cabdab0049aba08ea9b814907008c1d269b2644bfdc4b8dc013fb936339f53e", @ANYRES16=0x0, @ANYBLOB="007bb5bd7000ffdbdf254b0000000400ec000a000600bbbbbbbbbbbb00000800d20000000700000000eeaaa100000000006a00000008000000000000000800000001000000080000000800000008000000fa02038ea700000103e31f08a3aa2bc5ddfe963acf2808c9a935574177c8d8dc9a540181df1ed1e696607eb8de4875eb"], 0x60}, 0x1, 0x0, 0x0, 0x4080}, 0xa0) 03:22:09 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {&(0x7f0000000200)="6653070002053c27bc337600363925d86800278dcff47d010000805acf4f8f36460234432479aed75d492b415bcee00a06dc9d8e99adaf81dcfc6afd983f79e65199615607676f8f9fc0ebf8b0b16d6f2c59957ab364884b3c5d05692e664ebf68e6faa5", 0x64}], 0x3, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ptrace$cont(0x7, r0, 0x0, 0x0) 03:22:09 executing program 4: socket$inet_icmp_raw(0x2, 0x3, 0x1) r0 = creat(&(0x7f0000000180)='./bus\x00', 0x0) fcntl$setstatus(r0, 0x4, 0x98428d57a99b5f44) io_setup(0x4, &(0x7f00000004c0)=0x0) r2 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ioctl$EXT4_IOC_SETFLAGS(r2, 0x40086602, &(0x7f0000000040)) io_submit(r1, 0x200002f1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x80000000000000, 0x1, 0x0, r0, &(0x7f0000000000), 0x377140be6b5ef4c7}]) 03:22:09 executing program 5: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000280)={0x2, 0x4e23, @broadcast}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000400)=[{0x6, 0x0, 0x0, 0xe8}]}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) writev(r0, &(0x7f0000000bc0)=[{&(0x7f0000001340)="83a15d3f300b93f0737fde29ed5ab6a63f07c8891c4cd3d41ffff7136b011fff477d56ddd308455ff218d7bfab83b8ef75d5065d03adb820d42e03b0cd5ee383835cb611a3c7ac10e5b649a6901211360409c6e612e28110b1b5ee515fccf8a1031d396ea7b27b787779d57a7e428cc441a8e3ef52f3b73e76b729f56cc4fc4ba98263817c50d83f7a174e7322512908dc04f0965019807f47716203dd7e4ed9cb7579fe30e47df7ec5b0d9bc3e0268c9d794c187b021aa6e8c3cff33bae2ba5a28bf09121649a3a6de389c710f95d7eed26dde32725c55c8034a270c74ab3c59074ce0e0e00e83349b1332f69ef1773bb4a95a6ee448de80216b80ad910546cb9d8cb26f5db729f9835ab1b3fbc5a8479f9161846a26c7b112a85d952b49ebeefde12bf14150d81f5c734c463b14fc0b6a739fe413fbbd79257fbee13405f6ce7892788f6b14f90c2ef788e73e54dcf049e835b7fc9db9bd7a424be964444531069e799d8032b3856bb3ef6f0d8e9c21ae48c58f4965817bf278ac948f4aae727e8241a2ab6781b8c5d58d7731cb13a264b82e84d811432c04d8c4f059fc7bf0bff0f10d6896ee714f76474787bf1c8704178320e7252d6f60a5839c82e782e08b1cf3c6d56a01e6cc70111385b408aecf4873d305a0754ed28440ebfce3d7bbd94bdebd6e945bd2b17dcf26379dfb2ec6bb2e1a61eeea342a987b91bb3ce5e0187013abc861463378caa6e4a2bee49d4e2d263389687a7c2cd2a7cf0893da319bb04f1f1bf7a91d7976e9551face2928293abb98986187edcdafd8fcd9130316730357da17be532e14438a796ef47e40edb0ed9c55610d2b8bd52de0e656d17162ddb36612b94f1ab6ce11194cea845bd9f204e5acd84a374dcfaaf80fd7313f71c25f613af54a3096e7364c01e420bd2e4628c7e3d64d4a900d253656a03596dd5c25affa91fae809f41d6216d5ccc8d2e522f258991f9c0248c341711df4e5aab020e48aebca50cb85d77c54f3b9d7eca12130249416d596bc6dd635a6e90d5075048d099a826b3c9c665fe8d71a7fad2a0e0456698d2f8e1ab970b153aa28656ae2c52415daff4f454b9a423f6bd74d9f7d3dd62cfd260780e51d76d191d5c474f4c7d2d1f58a4b953b754d072ac9f69f2b17b71cfbc6790736df04bf5e9df73848bc80ccab3820fd19c8134dce4eac1af19c67ffc169e71f1c9acedaae570b13a6c80ef5f942d6a715ea3b6bd0cb877b2456d38eca79a09020c5b70ada626d98071af32dcd116c12335b48cf8ed8786f039f1c1188a12c84fa76ab6dcbaae5b73cda1773983cc31f810b8326a5d31938dbef8b95699f0cc88a61a66ae635af6bbe251d90f0dadbf9389c2a3337d97103a5b63da1aaf2db95cdcc273c1ba2fb06cbd7a84021742d6d308a876fcc349038c385a23b5ad0f78ba10627a7e2198ebd0197723d7d8494029234627ac3eca197785518fb0be557890d7a1270481da68a0cd3ddf599c42719b8415d01bd855d01a54ecf27be1dcf5a540ab3c9c4bf87e275155d754712a26b6aafbeb7abca50d8de66aa240e54bfda18cc97714e564fe6d778b0cb374e14556a48", 0x46d}], 0x1) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000600), 0x4) sendto$inet(r0, &(0x7f00000012c0)='\f&', 0x2, 0x11, 0x0, 0x0) 03:22:09 executing program 3: r0 = syz_open_procfs(0x0, &(0x7f0000004d00)='net/netlink\x00') readv(r0, &(0x7f0000001c80)=[{&(0x7f0000000700)=""/150, 0x96}, {&(0x7f00000007c0)=""/140, 0x8c}, {&(0x7f0000000880)=""/201, 0xc9}, {&(0x7f0000000980)=""/202, 0xca}, {&(0x7f0000000a80)=""/229, 0xe5}, {&(0x7f0000000b80)=""/253, 0xfd}], 0x6) 03:22:09 executing program 2: r0 = socket$inet6(0xa, 0x800000000000002, 0x0) sendmmsg(r0, 0x0, 0x0, 0x0) [ 570.084412][ T27] audit: type=1804 audit(1583119330.081:267): pid=24161 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir486746795/syzkaller.S4NoXv/124/file0/bus" dev="loop1" ino=137 res=1 03:22:10 executing program 2: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = creat(&(0x7f0000000040)='./bus\x00', 0x0) fallocate(r0, 0x0, 0x0, 0x1000100) r1 = open(&(0x7f0000000780)='./bus\x00', 0x14103e, 0x0) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x7ffffe, 0x4002011, r1, 0x0) [ 570.222883][ T27] audit: type=1804 audit(1583119330.161:268): pid=24174 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir486746795/syzkaller.S4NoXv/124/file0/bus" dev="loop1" ino=137 res=1 03:22:10 executing program 3: r0 = socket$can_j1939(0x1d, 0x2, 0x7) readv(r0, 0x0, 0x0) 03:22:10 executing program 5: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000280)={0x2, 0x4e23, @broadcast}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000400)=[{0x6, 0x0, 0x0, 0xe8}]}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) writev(r0, &(0x7f0000000bc0)=[{&(0x7f0000001340)="83a15d3f300b93f0737fde29ed5ab6a63f07c8891c4cd3d41ffff7136b011fff477d56ddd308455ff218d7bfab83b8ef75d5065d03adb820d42e03b0cd5ee383835cb611a3c7ac10e5b649a6901211360409c6e612e28110b1b5ee515fccf8a1031d396ea7b27b787779d57a7e428cc441a8e3ef52f3b73e76b729f56cc4fc4ba98263817c50d83f7a174e7322512908dc04f0965019807f47716203dd7e4ed9cb7579fe30e47df7ec5b0d9bc3e0268c9d794c187b021aa6e8c3cff33bae2ba5a28bf09121649a3a6de389c710f95d7eed26dde32725c55c8034a270c74ab3c59074ce0e0e00e83349b1332f69ef1773bb4a95a6ee448de80216b80ad910546cb9d8cb26f5db729f9835ab1b3fbc5a8479f9161846a26c7b112a85d952b49ebeefde12bf14150d81f5c734c463b14fc0b6a739fe413fbbd79257fbee13405f6ce7892788f6b14f90c2ef788e73e54dcf049e835b7fc9db9bd7a424be964444531069e799d8032b3856bb3ef6f0d8e9c21ae48c58f4965817bf278ac948f4aae727e8241a2ab6781b8c5d58d7731cb13a264b82e84d811432c04d8c4f059fc7bf0bff0f10d6896ee714f76474787bf1c8704178320e7252d6f60a5839c82e782e08b1cf3c6d56a01e6cc70111385b408aecf4873d305a0754ed28440ebfce3d7bbd94bdebd6e945bd2b17dcf26379dfb2ec6bb2e1a61eeea342a987b91bb3ce5e0187013abc861463378caa6e4a2bee49d4e2d263389687a7c2cd2a7cf0893da319bb04f1f1bf7a91d7976e9551face2928293abb98986187edcdafd8fcd9130316730357da17be532e14438a796ef47e40edb0ed9c55610d2b8bd52de0e656d17162ddb36612b94f1ab6ce11194cea845bd9f204e5acd84a374dcfaaf80fd7313f71c25f613af54a3096e7364c01e420bd2e4628c7e3d64d4a900d253656a03596dd5c25affa91fae809f41d6216d5ccc8d2e522f258991f9c0248c341711df4e5aab020e48aebca50cb85d77c54f3b9d7eca12130249416d596bc6dd635a6e90d5075048d099a826b3c9c665fe8d71a7fad2a0e0456698d2f8e1ab970b153aa28656ae2c52415daff4f454b9a423f6bd74d9f7d3dd62cfd260780e51d76d191d5c474f4c7d2d1f58a4b953b754d072ac9f69f2b17b71cfbc6790736df04bf5e9df73848bc80ccab3820fd19c8134dce4eac1af19c67ffc169e71f1c9acedaae570b13a6c80ef5f942d6a715ea3b6bd0cb877b2456d38eca79a09020c5b70ada626d98071af32dcd116c12335b48cf8ed8786f039f1c1188a12c84fa76ab6dcbaae5b73cda1773983cc31f810b8326a5d31938dbef8b95699f0cc88a61a66ae635af6bbe251d90f0dadbf9389c2a3337d97103a5b63da1aaf2db95cdcc273c1ba2fb06cbd7a84021742d6d308a876fcc349038c385a23b5ad0f78ba10627a7e2198ebd0197723d7d8494029234627ac3eca197785518fb0be557890d7a1270481da68a0cd3ddf599c42719b8415d01bd855d01a54ecf27be1dcf5a540ab3c9c4bf87e275155d754712a26b6aafbeb7abca50d8de66aa240e54bfda18cc97714e564fe6d778b0cb374e14556a48", 0x46d}], 0x1) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000600), 0x4) sendto$inet(r0, &(0x7f00000012c0)='\f&', 0x2, 0x11, 0x0, 0x0) 03:22:10 executing program 5: setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(0xffffffffffffffff, &(0x7f0000000280)={0x2, 0x4e23, @broadcast}, 0x10) setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000400)=[{0x6, 0x0, 0x0, 0xe8}]}, 0x10) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) writev(0xffffffffffffffff, &(0x7f0000000bc0)=[{&(0x7f0000001340)="83a15d3f300b93f0737fde29ed5ab6a63f07c8891c4cd3d41ffff7136b011fff477d56ddd308455ff218d7bfab83b8ef75d5065d03adb820d42e03b0cd5ee383835cb611a3c7ac10e5b649a6901211360409c6e612e28110b1b5ee515fccf8a1031d396ea7b27b787779d57a7e428cc441a8e3ef52f3b73e76b729f56cc4fc4ba98263817c50d83f7a174e7322512908dc04f0965019807f47716203dd7e4ed9cb7579fe30e47df7ec5b0d9bc3e0268c9d794c187b021aa6e8c3cff33bae2ba5a28bf09121649a3a6de389c710f95d7eed26dde32725c55c8034a270c74ab3c59074ce0e0e00e83349b1332f69ef1773bb4a95a6ee448de80216b80ad910546cb9d8cb26f5db729f9835ab1b3fbc5a8479f9161846a26c7b112a85d952b49ebeefde12bf14150d81f5c734c463b14fc0b6a739fe413fbbd79257fbee13405f6ce7892788f6b14f90c2ef788e73e54dcf049e835b7fc9db9bd7a424be964444531069e799d8032b3856bb3ef6f0d8e9c21ae48c58f4965817bf278ac948f4aae727e8241a2ab6781b8c5d58d7731cb13a264b82e84d811432c04d8c4f059fc7bf0bff0f10d6896ee714f76474787bf1c8704178320e7252d6f60a5839c82e782e08b1cf3c6d56a01e6cc70111385b408aecf4873d305a0754ed28440ebfce3d7bbd94bdebd6e945bd2b17dcf26379dfb2ec6bb2e1a61eeea342a987b91bb3ce5e0187013abc861463378caa6e4a2bee49d4e2d263389687a7c2cd2a7cf0893da319bb04f1f1bf7a91d7976e9551face2928293abb98986187edcdafd8fcd9130316730357da17be532e14438a796ef47e40edb0ed9c55610d2b8bd52de0e656d17162ddb36612b94f1ab6ce11194cea845bd9f204e5acd84a374dcfaaf80fd7313f71c25f613af54a3096e7364c01e420bd2e4628c7e3d64d4a900d253656a03596dd5c25affa91fae809f41d6216d5ccc8d2e522f258991f9c0248c341711df4e5aab020e48aebca50cb85d77c54f3b9d7eca12130249416d596bc6dd635a6e90d5075048d099a826b3c9c665fe8d71a7fad2a0e0456698d2f8e1ab970b153aa28656ae2c52415daff4f454b9a423f6bd74d9f7d3dd62cfd260780e51d76d191d5c474f4c7d2d1f58a4b953b754d072ac9f69f2b17b71cfbc6790736df04bf5e9df73848bc80ccab3820fd19c8134dce4eac1af19c67ffc169e71f1c9acedaae570b13a6c80ef5f942d6a715ea3b6bd0cb877b2456d38eca79a09020c5b70ada626d98071af32dcd116c12335b48cf8ed8786f039f1c1188a12c84fa76ab6dcbaae5b73cda1773983cc31f810b8326a5d31938dbef8b95699f0cc88a61a66ae635af6bbe251d90f0dadbf9389c2a3337d97103a5b63da1aaf2db95cdcc273c1ba2fb06cbd7a84021742d6d308a876fcc349038c385a23b5ad0f78ba10627a7e2198ebd0197723d7d8494029234627ac3eca197785518fb0be557890d7a1270481da68a0cd3ddf599c42719b8415d01bd855d01a54ecf27be1dcf5a540ab3c9c4bf87e275155d754712a26b6aafbeb7abca50d8de66aa240e54bfda18cc97714e564fe6d778b0cb374e14556a48", 0x46d}], 0x1) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x8, &(0x7f0000000600), 0x4) sendto$inet(0xffffffffffffffff, &(0x7f00000012c0)='\f&', 0x2, 0x11, 0x0, 0x0) 03:22:10 executing program 4: mknod$loop(&(0x7f0000000040)='./file0\x00', 0x0, 0x1) 03:22:10 executing program 3: getsockname$inet(0xffffffffffffffff, 0x0, 0x0) 03:22:10 executing program 1: prlimit64(0x0, 0x0, &(0x7f0000000280)={0x9, 0x8d}, 0x0) syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='sched\x00') preadv(0xffffffffffffffff, &(0x7f0000000380)=[{&(0x7f0000000240)=""/123, 0xfffffe65}], 0x1, 0x1000000) syz_genetlink_get_family_id$ipvs(0x0) sendmsg$IPVS_CMD_FLUSH(0xffffffffffffffff, &(0x7f0000000500)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f00000004c0), 0x1, 0x0, 0x0, 0x4000000}, 0x1) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x7e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r4 = open(&(0x7f0000000240)='./file0\x00', 0x880, 0x0) fchdir(r4) r5 = creat(&(0x7f0000000680)='./bus\x00', 0x0) ftruncate(r5, 0x800) lseek(r5, 0x0, 0x2) r6 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0) sendfile(r5, r6, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0x0) sendmsg$NL80211_CMD_START_SCHED_SCAN(0xffffffffffffffff, &(0x7f0000000440)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000400)={&(0x7f00000006c0)=ANY=[@ANYBLOB="6000000056f3257a4fcfe2f523d172e7d3ccf9f026b82608f14536009793803f9262155f95eda2f906e1adf01794d1dc50d9f94fa2755eb6a78e734497b5d45d20299029657b342cf5048b8df517b8262e43802b6f4fd08e4831281e6744113689ba928193e3524a7b5bb966519233661752defd54145cabdab0049aba08ea9b814907008c1d269b2644bfdc4b8dc013fb936339f53e", @ANYRES16=0x0, @ANYBLOB="007bb5bd7000ffdbdf254b0000000400ec000a000600bbbbbbbbbbbb00000800d20000000700000000eeaaa100000000006a00000008000000000000000800000001000000080000000800000008000000fa02038ea700000103e31f08a3aa2bc5ddfe963acf2808c9a935574177c8d8dc9a540181df1ed1e696607eb8de4875eb"], 0x60}, 0x1, 0x0, 0x0, 0x4080}, 0xa0) [ 571.023524][ T27] audit: type=1804 audit(1583119331.021:269): pid=24205 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir486746795/syzkaller.S4NoXv/125/file0/bus" dev="loop1" ino=138 res=1 [ 571.075674][ T27] audit: type=1804 audit(1583119331.071:270): pid=24208 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir486746795/syzkaller.S4NoXv/125/file0/bus" dev="loop1" ino=138 res=1 03:22:12 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {&(0x7f0000000200)="6653070002053c27bc337600363925d86800278dcff47d010000805acf4f8f36460234432479aed75d492b415bcee00a06dc9d8e99adaf81dcfc6afd983f79e65199615607676f8f9fc0ebf8b0b16d6f2c59957ab364884b3c5d05692e664ebf68e6faa5", 0x64}], 0x3, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ptrace$cont(0x7, r0, 0x0, 0x0) 03:22:12 executing program 4: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x0, 0x3, &(0x7f0000000300)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}, {0x0, 0x0, 0x40008}, {&(0x7f0000000c80)="a3189c56fcb856044efceb12a5", 0xd}], 0x0, 0x0) 03:22:12 executing program 5: setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(0xffffffffffffffff, &(0x7f0000000280)={0x2, 0x4e23, @broadcast}, 0x10) setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000400)=[{0x6, 0x0, 0x0, 0xe8}]}, 0x10) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) writev(0xffffffffffffffff, &(0x7f0000000bc0)=[{&(0x7f0000001340)="83a15d3f300b93f0737fde29ed5ab6a63f07c8891c4cd3d41ffff7136b011fff477d56ddd308455ff218d7bfab83b8ef75d5065d03adb820d42e03b0cd5ee383835cb611a3c7ac10e5b649a6901211360409c6e612e28110b1b5ee515fccf8a1031d396ea7b27b787779d57a7e428cc441a8e3ef52f3b73e76b729f56cc4fc4ba98263817c50d83f7a174e7322512908dc04f0965019807f47716203dd7e4ed9cb7579fe30e47df7ec5b0d9bc3e0268c9d794c187b021aa6e8c3cff33bae2ba5a28bf09121649a3a6de389c710f95d7eed26dde32725c55c8034a270c74ab3c59074ce0e0e00e83349b1332f69ef1773bb4a95a6ee448de80216b80ad910546cb9d8cb26f5db729f9835ab1b3fbc5a8479f9161846a26c7b112a85d952b49ebeefde12bf14150d81f5c734c463b14fc0b6a739fe413fbbd79257fbee13405f6ce7892788f6b14f90c2ef788e73e54dcf049e835b7fc9db9bd7a424be964444531069e799d8032b3856bb3ef6f0d8e9c21ae48c58f4965817bf278ac948f4aae727e8241a2ab6781b8c5d58d7731cb13a264b82e84d811432c04d8c4f059fc7bf0bff0f10d6896ee714f76474787bf1c8704178320e7252d6f60a5839c82e782e08b1cf3c6d56a01e6cc70111385b408aecf4873d305a0754ed28440ebfce3d7bbd94bdebd6e945bd2b17dcf26379dfb2ec6bb2e1a61eeea342a987b91bb3ce5e0187013abc861463378caa6e4a2bee49d4e2d263389687a7c2cd2a7cf0893da319bb04f1f1bf7a91d7976e9551face2928293abb98986187edcdafd8fcd9130316730357da17be532e14438a796ef47e40edb0ed9c55610d2b8bd52de0e656d17162ddb36612b94f1ab6ce11194cea845bd9f204e5acd84a374dcfaaf80fd7313f71c25f613af54a3096e7364c01e420bd2e4628c7e3d64d4a900d253656a03596dd5c25affa91fae809f41d6216d5ccc8d2e522f258991f9c0248c341711df4e5aab020e48aebca50cb85d77c54f3b9d7eca12130249416d596bc6dd635a6e90d5075048d099a826b3c9c665fe8d71a7fad2a0e0456698d2f8e1ab970b153aa28656ae2c52415daff4f454b9a423f6bd74d9f7d3dd62cfd260780e51d76d191d5c474f4c7d2d1f58a4b953b754d072ac9f69f2b17b71cfbc6790736df04bf5e9df73848bc80ccab3820fd19c8134dce4eac1af19c67ffc169e71f1c9acedaae570b13a6c80ef5f942d6a715ea3b6bd0cb877b2456d38eca79a09020c5b70ada626d98071af32dcd116c12335b48cf8ed8786f039f1c1188a12c84fa76ab6dcbaae5b73cda1773983cc31f810b8326a5d31938dbef8b95699f0cc88a61a66ae635af6bbe251d90f0dadbf9389c2a3337d97103a5b63da1aaf2db95cdcc273c1ba2fb06cbd7a84021742d6d308a876fcc349038c385a23b5ad0f78ba10627a7e2198ebd0197723d7d8494029234627ac3eca197785518fb0be557890d7a1270481da68a0cd3ddf599c42719b8415d01bd855d01a54ecf27be1dcf5a540ab3c9c4bf87e275155d754712a26b6aafbeb7abca50d8de66aa240e54bfda18cc97714e564fe6d778b0cb374e14556a48", 0x46d}], 0x1) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x8, &(0x7f0000000600), 0x4) sendto$inet(0xffffffffffffffff, &(0x7f00000012c0)='\f&', 0x2, 0x11, 0x0, 0x0) 03:22:12 executing program 3: r0 = socket$can_j1939(0x1d, 0x2, 0x7) sendmsg$can_j1939(r0, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0) 03:22:12 executing program 2: recvmsg$kcm(0xffffffffffffffff, &(0x7f0000002300)={0x0, 0x0, 0x0, 0x0, &(0x7f0000002280)=""/101, 0x65}, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000080)='net/netstat\x00') preadv(r0, &(0x7f00000017c0), 0x1000000000000304, 0x400000000000000) 03:22:12 executing program 1: prlimit64(0x0, 0x0, &(0x7f0000000280)={0x9, 0x8d}, 0x0) syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='sched\x00') preadv(0xffffffffffffffff, &(0x7f0000000380)=[{&(0x7f0000000240)=""/123, 0xfffffe65}], 0x1, 0x1000000) syz_genetlink_get_family_id$ipvs(0x0) sendmsg$IPVS_CMD_FLUSH(0xffffffffffffffff, &(0x7f0000000500)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f00000004c0), 0x1, 0x0, 0x0, 0x4000000}, 0x1) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x7e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r4 = open(&(0x7f0000000240)='./file0\x00', 0x880, 0x0) fchdir(r4) r5 = creat(&(0x7f0000000680)='./bus\x00', 0x0) ftruncate(r5, 0x800) lseek(r5, 0x0, 0x2) r6 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0) sendfile(r5, r6, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0x0) sendmsg$NL80211_CMD_START_SCHED_SCAN(0xffffffffffffffff, &(0x7f0000000440)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000400)={&(0x7f00000006c0)=ANY=[@ANYBLOB="6000000056f3257a4fcfe2f523d172e7d3ccf9f026b82608f14536009793803f9262155f95eda2f906e1adf01794d1dc50d9f94fa2755eb6a78e734497b5d45d20299029657b342cf5048b8df517b8262e43802b6f4fd08e4831281e6744113689ba928193e3524a7b5bb966519233661752defd54145cabdab0049aba08ea9b814907008c1d269b2644bfdc4b8dc013fb936339f53e", @ANYRES16=0x0, @ANYBLOB="007bb5bd7000ffdbdf254b0000000400ec000a000600bbbbbbbbbbbb00000800d20000000700000000eeaaa100000000006a00000008000000000000000800000001000000080000000800000008000000fa02038ea700000103e31f08a3aa2bc5ddfe963acf2808c9a935574177c8d8dc9a540181df1ed1e696607eb8de4875eb"], 0x60}, 0x1, 0x0, 0x0, 0x4080}, 0xa0) 03:22:13 executing program 5: setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(0xffffffffffffffff, &(0x7f0000000280)={0x2, 0x4e23, @broadcast}, 0x10) setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000400)=[{0x6, 0x0, 0x0, 0xe8}]}, 0x10) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) writev(0xffffffffffffffff, &(0x7f0000000bc0)=[{&(0x7f0000001340)="83a15d3f300b93f0737fde29ed5ab6a63f07c8891c4cd3d41ffff7136b011fff477d56ddd308455ff218d7bfab83b8ef75d5065d03adb820d42e03b0cd5ee383835cb611a3c7ac10e5b649a6901211360409c6e612e28110b1b5ee515fccf8a1031d396ea7b27b787779d57a7e428cc441a8e3ef52f3b73e76b729f56cc4fc4ba98263817c50d83f7a174e7322512908dc04f0965019807f47716203dd7e4ed9cb7579fe30e47df7ec5b0d9bc3e0268c9d794c187b021aa6e8c3cff33bae2ba5a28bf09121649a3a6de389c710f95d7eed26dde32725c55c8034a270c74ab3c59074ce0e0e00e83349b1332f69ef1773bb4a95a6ee448de80216b80ad910546cb9d8cb26f5db729f9835ab1b3fbc5a8479f9161846a26c7b112a85d952b49ebeefde12bf14150d81f5c734c463b14fc0b6a739fe413fbbd79257fbee13405f6ce7892788f6b14f90c2ef788e73e54dcf049e835b7fc9db9bd7a424be964444531069e799d8032b3856bb3ef6f0d8e9c21ae48c58f4965817bf278ac948f4aae727e8241a2ab6781b8c5d58d7731cb13a264b82e84d811432c04d8c4f059fc7bf0bff0f10d6896ee714f76474787bf1c8704178320e7252d6f60a5839c82e782e08b1cf3c6d56a01e6cc70111385b408aecf4873d305a0754ed28440ebfce3d7bbd94bdebd6e945bd2b17dcf26379dfb2ec6bb2e1a61eeea342a987b91bb3ce5e0187013abc861463378caa6e4a2bee49d4e2d263389687a7c2cd2a7cf0893da319bb04f1f1bf7a91d7976e9551face2928293abb98986187edcdafd8fcd9130316730357da17be532e14438a796ef47e40edb0ed9c55610d2b8bd52de0e656d17162ddb36612b94f1ab6ce11194cea845bd9f204e5acd84a374dcfaaf80fd7313f71c25f613af54a3096e7364c01e420bd2e4628c7e3d64d4a900d253656a03596dd5c25affa91fae809f41d6216d5ccc8d2e522f258991f9c0248c341711df4e5aab020e48aebca50cb85d77c54f3b9d7eca12130249416d596bc6dd635a6e90d5075048d099a826b3c9c665fe8d71a7fad2a0e0456698d2f8e1ab970b153aa28656ae2c52415daff4f454b9a423f6bd74d9f7d3dd62cfd260780e51d76d191d5c474f4c7d2d1f58a4b953b754d072ac9f69f2b17b71cfbc6790736df04bf5e9df73848bc80ccab3820fd19c8134dce4eac1af19c67ffc169e71f1c9acedaae570b13a6c80ef5f942d6a715ea3b6bd0cb877b2456d38eca79a09020c5b70ada626d98071af32dcd116c12335b48cf8ed8786f039f1c1188a12c84fa76ab6dcbaae5b73cda1773983cc31f810b8326a5d31938dbef8b95699f0cc88a61a66ae635af6bbe251d90f0dadbf9389c2a3337d97103a5b63da1aaf2db95cdcc273c1ba2fb06cbd7a84021742d6d308a876fcc349038c385a23b5ad0f78ba10627a7e2198ebd0197723d7d8494029234627ac3eca197785518fb0be557890d7a1270481da68a0cd3ddf599c42719b8415d01bd855d01a54ecf27be1dcf5a540ab3c9c4bf87e275155d754712a26b6aafbeb7abca50d8de66aa240e54bfda18cc97714e564fe6d778b0cb374e14556a48", 0x46d}], 0x1) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x8, &(0x7f0000000600), 0x4) sendto$inet(0xffffffffffffffff, &(0x7f00000012c0)='\f&', 0x2, 0x11, 0x0, 0x0) 03:22:13 executing program 3: syz_mount_image$ext4(0x0, 0x0, 0x0, 0x1, &(0x7f00000007c0)=[{&(0x7f0000000580)="62f23e748cdfecc0d3bcb88248f9f8f8e87edc5637656d6e511dcdc6041c8d8a0957939950c15c7ac6360c7820e1d5957ba4167f17600b58767db91e29eb92a20f86dddfb0f8dda322d3ddeadba924051c7894f228f090746b1a55e851e7dcaae4d8411f6806d216b4f2e7eca231a301cc0c9bb4bb5598a94336a99790d3b77dcda45483c1fb1194c56ddfddb587442754e6c815", 0x94, 0x9}], 0x0, 0x0) chdir(&(0x7f0000000200)='./file0\x00') syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0xabb, &(0x7f0000000100)=[{&(0x7f00000000c0)="800000003804000019000300e60100006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x4db, 0x400}], 0x4801, 0x0) [ 573.057909][T24222] FAT-fs (loop4): bogus logical sector size 42258 [ 573.064456][T24222] FAT-fs (loop4): Can't find a valid FAT filesystem 03:22:13 executing program 2: r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000000)) readv(r0, &(0x7f0000000540)=[{&(0x7f0000000000)=""/100, 0x64}], 0x1) 03:22:13 executing program 5: r0 = socket$inet(0x2, 0x0, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r0, &(0x7f0000000280)={0x2, 0x4e23, @broadcast}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000400)=[{0x6, 0x0, 0x0, 0xe8}]}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) writev(r0, &(0x7f0000000bc0)=[{&(0x7f0000001340)="83a15d3f300b93f0737fde29ed5ab6a63f07c8891c4cd3d41ffff7136b011fff477d56ddd308455ff218d7bfab83b8ef75d5065d03adb820d42e03b0cd5ee383835cb611a3c7ac10e5b649a6901211360409c6e612e28110b1b5ee515fccf8a1031d396ea7b27b787779d57a7e428cc441a8e3ef52f3b73e76b729f56cc4fc4ba98263817c50d83f7a174e7322512908dc04f0965019807f47716203dd7e4ed9cb7579fe30e47df7ec5b0d9bc3e0268c9d794c187b021aa6e8c3cff33bae2ba5a28bf09121649a3a6de389c710f95d7eed26dde32725c55c8034a270c74ab3c59074ce0e0e00e83349b1332f69ef1773bb4a95a6ee448de80216b80ad910546cb9d8cb26f5db729f9835ab1b3fbc5a8479f9161846a26c7b112a85d952b49ebeefde12bf14150d81f5c734c463b14fc0b6a739fe413fbbd79257fbee13405f6ce7892788f6b14f90c2ef788e73e54dcf049e835b7fc9db9bd7a424be964444531069e799d8032b3856bb3ef6f0d8e9c21ae48c58f4965817bf278ac948f4aae727e8241a2ab6781b8c5d58d7731cb13a264b82e84d811432c04d8c4f059fc7bf0bff0f10d6896ee714f76474787bf1c8704178320e7252d6f60a5839c82e782e08b1cf3c6d56a01e6cc70111385b408aecf4873d305a0754ed28440ebfce3d7bbd94bdebd6e945bd2b17dcf26379dfb2ec6bb2e1a61eeea342a987b91bb3ce5e0187013abc861463378caa6e4a2bee49d4e2d263389687a7c2cd2a7cf0893da319bb04f1f1bf7a91d7976e9551face2928293abb98986187edcdafd8fcd9130316730357da17be532e14438a796ef47e40edb0ed9c55610d2b8bd52de0e656d17162ddb36612b94f1ab6ce11194cea845bd9f204e5acd84a374dcfaaf80fd7313f71c25f613af54a3096e7364c01e420bd2e4628c7e3d64d4a900d253656a03596dd5c25affa91fae809f41d6216d5ccc8d2e522f258991f9c0248c341711df4e5aab020e48aebca50cb85d77c54f3b9d7eca12130249416d596bc6dd635a6e90d5075048d099a826b3c9c665fe8d71a7fad2a0e0456698d2f8e1ab970b153aa28656ae2c52415daff4f454b9a423f6bd74d9f7d3dd62cfd260780e51d76d191d5c474f4c7d2d1f58a4b953b754d072ac9f69f2b17b71cfbc6790736df04bf5e9df73848bc80ccab3820fd19c8134dce4eac1af19c67ffc169e71f1c9acedaae570b13a6c80ef5f942d6a715ea3b6bd0cb877b2456d38eca79a09020c5b70ada626d98071af32dcd116c12335b48cf8ed8786f039f1c1188a12c84fa76ab6dcbaae5b73cda1773983cc31f810b8326a5d31938dbef8b95699f0cc88a61a66ae635af6bbe251d90f0dadbf9389c2a3337d97103a5b63da1aaf2db95cdcc273c1ba2fb06cbd7a84021742d6d308a876fcc349038c385a23b5ad0f78ba10627a7e2198ebd0197723d7d8494029234627ac3eca197785518fb0be557890d7a1270481da68a0cd3ddf599c42719b8415d01bd855d01a54ecf27be1dcf5a540ab3c9c4bf87e275155d754712a26b6aafbeb7abca50d8de66aa240e54bfda18cc97714e564fe6d778b0cb374e14556a48", 0x46d}], 0x1) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000600), 0x4) sendto$inet(r0, &(0x7f00000012c0)='\f&', 0x2, 0x11, 0x0, 0x0) [ 573.169741][T24222] FAT-fs (loop4): bogus logical sector size 42258 [ 573.190081][T24222] FAT-fs (loop4): Can't find a valid FAT filesystem [ 573.201477][ T27] audit: type=1804 audit(1583119333.181:271): pid=24237 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir486746795/syzkaller.S4NoXv/126/file0/bus" dev="loop1" ino=139 res=1 [ 573.230895][ T27] audit: type=1804 audit(1583119333.231:272): pid=24231 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir486746795/syzkaller.S4NoXv/126/file0/bus" dev="loop1" ino=139 res=1 03:22:13 executing program 4: r0 = syz_open_procfs(0x0, &(0x7f0000004d00)='net/netlink\x00') ioctl$BINDER_WRITE_READ(r0, 0x40305829, 0x0) [ 573.394169][T24243] EXT4-fs (loop3): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 573.408014][T24243] EXT4-fs (loop3): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock [ 573.420191][T24243] EXT4-fs (loop3): ext4_check_descriptors: Inode table for group 0 overlaps superblock [ 573.443219][T24243] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue 03:22:13 executing program 5: r0 = socket$inet(0x2, 0x0, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r0, &(0x7f0000000280)={0x2, 0x4e23, @broadcast}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000400)=[{0x6, 0x0, 0x0, 0xe8}]}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) writev(r0, &(0x7f0000000bc0)=[{&(0x7f0000001340)="83a15d3f300b93f0737fde29ed5ab6a63f07c8891c4cd3d41ffff7136b011fff477d56ddd308455ff218d7bfab83b8ef75d5065d03adb820d42e03b0cd5ee383835cb611a3c7ac10e5b649a6901211360409c6e612e28110b1b5ee515fccf8a1031d396ea7b27b787779d57a7e428cc441a8e3ef52f3b73e76b729f56cc4fc4ba98263817c50d83f7a174e7322512908dc04f0965019807f47716203dd7e4ed9cb7579fe30e47df7ec5b0d9bc3e0268c9d794c187b021aa6e8c3cff33bae2ba5a28bf09121649a3a6de389c710f95d7eed26dde32725c55c8034a270c74ab3c59074ce0e0e00e83349b1332f69ef1773bb4a95a6ee448de80216b80ad910546cb9d8cb26f5db729f9835ab1b3fbc5a8479f9161846a26c7b112a85d952b49ebeefde12bf14150d81f5c734c463b14fc0b6a739fe413fbbd79257fbee13405f6ce7892788f6b14f90c2ef788e73e54dcf049e835b7fc9db9bd7a424be964444531069e799d8032b3856bb3ef6f0d8e9c21ae48c58f4965817bf278ac948f4aae727e8241a2ab6781b8c5d58d7731cb13a264b82e84d811432c04d8c4f059fc7bf0bff0f10d6896ee714f76474787bf1c8704178320e7252d6f60a5839c82e782e08b1cf3c6d56a01e6cc70111385b408aecf4873d305a0754ed28440ebfce3d7bbd94bdebd6e945bd2b17dcf26379dfb2ec6bb2e1a61eeea342a987b91bb3ce5e0187013abc861463378caa6e4a2bee49d4e2d263389687a7c2cd2a7cf0893da319bb04f1f1bf7a91d7976e9551face2928293abb98986187edcdafd8fcd9130316730357da17be532e14438a796ef47e40edb0ed9c55610d2b8bd52de0e656d17162ddb36612b94f1ab6ce11194cea845bd9f204e5acd84a374dcfaaf80fd7313f71c25f613af54a3096e7364c01e420bd2e4628c7e3d64d4a900d253656a03596dd5c25affa91fae809f41d6216d5ccc8d2e522f258991f9c0248c341711df4e5aab020e48aebca50cb85d77c54f3b9d7eca12130249416d596bc6dd635a6e90d5075048d099a826b3c9c665fe8d71a7fad2a0e0456698d2f8e1ab970b153aa28656ae2c52415daff4f454b9a423f6bd74d9f7d3dd62cfd260780e51d76d191d5c474f4c7d2d1f58a4b953b754d072ac9f69f2b17b71cfbc6790736df04bf5e9df73848bc80ccab3820fd19c8134dce4eac1af19c67ffc169e71f1c9acedaae570b13a6c80ef5f942d6a715ea3b6bd0cb877b2456d38eca79a09020c5b70ada626d98071af32dcd116c12335b48cf8ed8786f039f1c1188a12c84fa76ab6dcbaae5b73cda1773983cc31f810b8326a5d31938dbef8b95699f0cc88a61a66ae635af6bbe251d90f0dadbf9389c2a3337d97103a5b63da1aaf2db95cdcc273c1ba2fb06cbd7a84021742d6d308a876fcc349038c385a23b5ad0f78ba10627a7e2198ebd0197723d7d8494029234627ac3eca197785518fb0be557890d7a1270481da68a0cd3ddf599c42719b8415d01bd855d01a54ecf27be1dcf5a540ab3c9c4bf87e275155d754712a26b6aafbeb7abca50d8de66aa240e54bfda18cc97714e564fe6d778b0cb374e14556a48", 0x46d}], 0x1) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000600), 0x4) sendto$inet(r0, &(0x7f00000012c0)='\f&', 0x2, 0x11, 0x0, 0x0) 03:22:15 executing program 3: openat$nvram(0xffffffffffffff9c, 0x0, 0x450000, 0x0) 03:22:15 executing program 4: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmsg(r0, 0x0, 0x0) 03:22:15 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {&(0x7f0000000200)="6653070002053c27bc337600363925d86800278dcff47d010000805acf4f8f36460234432479aed75d492b415bcee00a06dc9d8e99adaf81dcfc6afd983f79e65199615607676f8f9fc0ebf8b0b16d6f2c59957ab364884b3c5d05692e664ebf68e6faa5", 0x64}], 0x3, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ptrace$cont(0x7, r0, 0x0, 0x0) 03:22:15 executing program 5: r0 = socket$inet(0x2, 0x0, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r0, &(0x7f0000000280)={0x2, 0x4e23, @broadcast}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000400)=[{0x6, 0x0, 0x0, 0xe8}]}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) writev(r0, &(0x7f0000000bc0)=[{&(0x7f0000001340)="83a15d3f300b93f0737fde29ed5ab6a63f07c8891c4cd3d41ffff7136b011fff477d56ddd308455ff218d7bfab83b8ef75d5065d03adb820d42e03b0cd5ee383835cb611a3c7ac10e5b649a6901211360409c6e612e28110b1b5ee515fccf8a1031d396ea7b27b787779d57a7e428cc441a8e3ef52f3b73e76b729f56cc4fc4ba98263817c50d83f7a174e7322512908dc04f0965019807f47716203dd7e4ed9cb7579fe30e47df7ec5b0d9bc3e0268c9d794c187b021aa6e8c3cff33bae2ba5a28bf09121649a3a6de389c710f95d7eed26dde32725c55c8034a270c74ab3c59074ce0e0e00e83349b1332f69ef1773bb4a95a6ee448de80216b80ad910546cb9d8cb26f5db729f9835ab1b3fbc5a8479f9161846a26c7b112a85d952b49ebeefde12bf14150d81f5c734c463b14fc0b6a739fe413fbbd79257fbee13405f6ce7892788f6b14f90c2ef788e73e54dcf049e835b7fc9db9bd7a424be964444531069e799d8032b3856bb3ef6f0d8e9c21ae48c58f4965817bf278ac948f4aae727e8241a2ab6781b8c5d58d7731cb13a264b82e84d811432c04d8c4f059fc7bf0bff0f10d6896ee714f76474787bf1c8704178320e7252d6f60a5839c82e782e08b1cf3c6d56a01e6cc70111385b408aecf4873d305a0754ed28440ebfce3d7bbd94bdebd6e945bd2b17dcf26379dfb2ec6bb2e1a61eeea342a987b91bb3ce5e0187013abc861463378caa6e4a2bee49d4e2d263389687a7c2cd2a7cf0893da319bb04f1f1bf7a91d7976e9551face2928293abb98986187edcdafd8fcd9130316730357da17be532e14438a796ef47e40edb0ed9c55610d2b8bd52de0e656d17162ddb36612b94f1ab6ce11194cea845bd9f204e5acd84a374dcfaaf80fd7313f71c25f613af54a3096e7364c01e420bd2e4628c7e3d64d4a900d253656a03596dd5c25affa91fae809f41d6216d5ccc8d2e522f258991f9c0248c341711df4e5aab020e48aebca50cb85d77c54f3b9d7eca12130249416d596bc6dd635a6e90d5075048d099a826b3c9c665fe8d71a7fad2a0e0456698d2f8e1ab970b153aa28656ae2c52415daff4f454b9a423f6bd74d9f7d3dd62cfd260780e51d76d191d5c474f4c7d2d1f58a4b953b754d072ac9f69f2b17b71cfbc6790736df04bf5e9df73848bc80ccab3820fd19c8134dce4eac1af19c67ffc169e71f1c9acedaae570b13a6c80ef5f942d6a715ea3b6bd0cb877b2456d38eca79a09020c5b70ada626d98071af32dcd116c12335b48cf8ed8786f039f1c1188a12c84fa76ab6dcbaae5b73cda1773983cc31f810b8326a5d31938dbef8b95699f0cc88a61a66ae635af6bbe251d90f0dadbf9389c2a3337d97103a5b63da1aaf2db95cdcc273c1ba2fb06cbd7a84021742d6d308a876fcc349038c385a23b5ad0f78ba10627a7e2198ebd0197723d7d8494029234627ac3eca197785518fb0be557890d7a1270481da68a0cd3ddf599c42719b8415d01bd855d01a54ecf27be1dcf5a540ab3c9c4bf87e275155d754712a26b6aafbeb7abca50d8de66aa240e54bfda18cc97714e564fe6d778b0cb374e14556a48", 0x46d}], 0x1) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000600), 0x4) sendto$inet(r0, &(0x7f00000012c0)='\f&', 0x2, 0x11, 0x0, 0x0) 03:22:15 executing program 2: chdir(0x0) mkdir(&(0x7f0000000240)='./file1\x00', 0x0) rename(&(0x7f0000000340)='./file1\x00', &(0x7f0000000380)='./file0\x00') 03:22:15 executing program 1: prlimit64(0x0, 0x0, &(0x7f0000000280)={0x9, 0x8d}, 0x0) syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='sched\x00') preadv(0xffffffffffffffff, &(0x7f0000000380)=[{&(0x7f0000000240)=""/123, 0xfffffe65}], 0x1, 0x1000000) syz_genetlink_get_family_id$ipvs(0x0) sendmsg$IPVS_CMD_FLUSH(0xffffffffffffffff, &(0x7f0000000500)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f00000004c0), 0x1, 0x0, 0x0, 0x4000000}, 0x1) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x7e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r4 = open(&(0x7f0000000240)='./file0\x00', 0x880, 0x0) fchdir(r4) r5 = creat(&(0x7f0000000680)='./bus\x00', 0x0) ftruncate(r5, 0x800) lseek(r5, 0x0, 0x2) r6 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0) sendfile(r5, r6, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0x0) sendmsg$NL80211_CMD_START_SCHED_SCAN(0xffffffffffffffff, &(0x7f0000000440)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000400)={&(0x7f00000006c0)=ANY=[@ANYBLOB="6000000056f3257a4fcfe2f523d172e7d3ccf9f026b82608f14536009793803f9262155f95eda2f906e1adf01794d1dc50d9f94fa2755eb6a78e734497b5d45d20299029657b342cf5048b8df517b8262e43802b6f4fd08e4831281e6744113689ba928193e3524a7b5bb966519233661752defd54145cabdab0049aba08ea9b814907008c1d269b2644bfdc4b8dc013fb936339f53e", @ANYRES16=0x0, @ANYBLOB="007bb5bd7000ffdbdf254b0000000400ec000a000600bbbbbbbbbbbb00000800d20000000700000000eeaaa100000000006a00000008000000000000000800000001000000080000000800000008000000fa02038ea700000103e31f08a3aa2bc5ddfe963acf2808c9a935574177c8d8dc9a540181df1ed1e696607eb8de4875eb"], 0x60}, 0x1, 0x0, 0x0, 0x4080}, 0xa0) 03:22:16 executing program 3: 03:22:16 executing program 4: 03:22:16 executing program 2: chdir(0x0) mkdir(&(0x7f0000000240)='./file1\x00', 0x0) rename(&(0x7f0000000340)='./file1\x00', &(0x7f0000000380)='./file0\x00') 03:22:16 executing program 5: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r0, &(0x7f0000000280)={0x2, 0x4e23, @broadcast}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000400)=[{0x6, 0x0, 0x0, 0xe8}]}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) writev(r0, &(0x7f0000000bc0)=[{&(0x7f0000001340)="83a15d3f300b93f0737fde29ed5ab6a63f07c8891c4cd3d41ffff7136b011fff477d56ddd308455ff218d7bfab83b8ef75d5065d03adb820d42e03b0cd5ee383835cb611a3c7ac10e5b649a6901211360409c6e612e28110b1b5ee515fccf8a1031d396ea7b27b787779d57a7e428cc441a8e3ef52f3b73e76b729f56cc4fc4ba98263817c50d83f7a174e7322512908dc04f0965019807f47716203dd7e4ed9cb7579fe30e47df7ec5b0d9bc3e0268c9d794c187b021aa6e8c3cff33bae2ba5a28bf09121649a3a6de389c710f95d7eed26dde32725c55c8034a270c74ab3c59074ce0e0e00e83349b1332f69ef1773bb4a95a6ee448de80216b80ad910546cb9d8cb26f5db729f9835ab1b3fbc5a8479f9161846a26c7b112a85d952b49ebeefde12bf14150d81f5c734c463b14fc0b6a739fe413fbbd79257fbee13405f6ce7892788f6b14f90c2ef788e73e54dcf049e835b7fc9db9bd7a424be964444531069e799d8032b3856bb3ef6f0d8e9c21ae48c58f4965817bf278ac948f4aae727e8241a2ab6781b8c5d58d7731cb13a264b82e84d811432c04d8c4f059fc7bf0bff0f10d6896ee714f76474787bf1c8704178320e7252d6f60a5839c82e782e08b1cf3c6d56a01e6cc70111385b408aecf4873d305a0754ed28440ebfce3d7bbd94bdebd6e945bd2b17dcf26379dfb2ec6bb2e1a61eeea342a987b91bb3ce5e0187013abc861463378caa6e4a2bee49d4e2d263389687a7c2cd2a7cf0893da319bb04f1f1bf7a91d7976e9551face2928293abb98986187edcdafd8fcd9130316730357da17be532e14438a796ef47e40edb0ed9c55610d2b8bd52de0e656d17162ddb36612b94f1ab6ce11194cea845bd9f204e5acd84a374dcfaaf80fd7313f71c25f613af54a3096e7364c01e420bd2e4628c7e3d64d4a900d253656a03596dd5c25affa91fae809f41d6216d5ccc8d2e522f258991f9c0248c341711df4e5aab020e48aebca50cb85d77c54f3b9d7eca12130249416d596bc6dd635a6e90d5075048d099a826b3c9c665fe8d71a7fad2a0e0456698d2f8e1ab970b153aa28656ae2c52415daff4f454b9a423f6bd74d9f7d3dd62cfd260780e51d76d191d5c474f4c7d2d1f58a4b953b754d072ac9f69f2b17b71cfbc6790736df04bf5e9df73848bc80ccab3820fd19c8134dce4eac1af19c67ffc169e71f1c9acedaae570b13a6c80ef5f942d6a715ea3b6bd0cb877b2456d38eca79a09020c5b70ada626d98071af32dcd116c12335b48cf8ed8786f039f1c1188a12c84fa76ab6dcbaae5b73cda1773983cc31f810b8326a5d31938dbef8b95699f0cc88a61a66ae635af6bbe251d90f0dadbf9389c2a3337d97103a5b63da1aaf2db95cdcc273c1ba2fb06cbd7a84021742d6d308a876fcc349038c385a23b5ad0f78ba10627a7e2198ebd0197723d7d8494029234627ac3eca197785518fb0be557890d7a1270481da68a0cd3ddf599c42719b8415d01bd855d01a54ecf27be1dcf5a540ab3c9c4bf87e275155d754712a26b6aafbeb7abca50d8de66aa240e54bfda18cc97714e564fe6d778b0cb374e14556a48", 0x46d}], 0x1) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000600), 0x4) sendto$inet(r0, &(0x7f00000012c0)='\f&', 0x2, 0x11, 0x0, 0x0) 03:22:16 executing program 4: 03:22:16 executing program 5: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r0, &(0x7f0000000280)={0x2, 0x4e23, @broadcast}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000400)=[{0x6, 0x0, 0x0, 0xe8}]}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) writev(r0, &(0x7f0000000bc0)=[{&(0x7f0000001340)="83a15d3f300b93f0737fde29ed5ab6a63f07c8891c4cd3d41ffff7136b011fff477d56ddd308455ff218d7bfab83b8ef75d5065d03adb820d42e03b0cd5ee383835cb611a3c7ac10e5b649a6901211360409c6e612e28110b1b5ee515fccf8a1031d396ea7b27b787779d57a7e428cc441a8e3ef52f3b73e76b729f56cc4fc4ba98263817c50d83f7a174e7322512908dc04f0965019807f47716203dd7e4ed9cb7579fe30e47df7ec5b0d9bc3e0268c9d794c187b021aa6e8c3cff33bae2ba5a28bf09121649a3a6de389c710f95d7eed26dde32725c55c8034a270c74ab3c59074ce0e0e00e83349b1332f69ef1773bb4a95a6ee448de80216b80ad910546cb9d8cb26f5db729f9835ab1b3fbc5a8479f9161846a26c7b112a85d952b49ebeefde12bf14150d81f5c734c463b14fc0b6a739fe413fbbd79257fbee13405f6ce7892788f6b14f90c2ef788e73e54dcf049e835b7fc9db9bd7a424be964444531069e799d8032b3856bb3ef6f0d8e9c21ae48c58f4965817bf278ac948f4aae727e8241a2ab6781b8c5d58d7731cb13a264b82e84d811432c04d8c4f059fc7bf0bff0f10d6896ee714f76474787bf1c8704178320e7252d6f60a5839c82e782e08b1cf3c6d56a01e6cc70111385b408aecf4873d305a0754ed28440ebfce3d7bbd94bdebd6e945bd2b17dcf26379dfb2ec6bb2e1a61eeea342a987b91bb3ce5e0187013abc861463378caa6e4a2bee49d4e2d263389687a7c2cd2a7cf0893da319bb04f1f1bf7a91d7976e9551face2928293abb98986187edcdafd8fcd9130316730357da17be532e14438a796ef47e40edb0ed9c55610d2b8bd52de0e656d17162ddb36612b94f1ab6ce11194cea845bd9f204e5acd84a374dcfaaf80fd7313f71c25f613af54a3096e7364c01e420bd2e4628c7e3d64d4a900d253656a03596dd5c25affa91fae809f41d6216d5ccc8d2e522f258991f9c0248c341711df4e5aab020e48aebca50cb85d77c54f3b9d7eca12130249416d596bc6dd635a6e90d5075048d099a826b3c9c665fe8d71a7fad2a0e0456698d2f8e1ab970b153aa28656ae2c52415daff4f454b9a423f6bd74d9f7d3dd62cfd260780e51d76d191d5c474f4c7d2d1f58a4b953b754d072ac9f69f2b17b71cfbc6790736df04bf5e9df73848bc80ccab3820fd19c8134dce4eac1af19c67ffc169e71f1c9acedaae570b13a6c80ef5f942d6a715ea3b6bd0cb877b2456d38eca79a09020c5b70ada626d98071af32dcd116c12335b48cf8ed8786f039f1c1188a12c84fa76ab6dcbaae5b73cda1773983cc31f810b8326a5d31938dbef8b95699f0cc88a61a66ae635af6bbe251d90f0dadbf9389c2a3337d97103a5b63da1aaf2db95cdcc273c1ba2fb06cbd7a84021742d6d308a876fcc349038c385a23b5ad0f78ba10627a7e2198ebd0197723d7d8494029234627ac3eca197785518fb0be557890d7a1270481da68a0cd3ddf599c42719b8415d01bd855d01a54ecf27be1dcf5a540ab3c9c4bf87e275155d754712a26b6aafbeb7abca50d8de66aa240e54bfda18cc97714e564fe6d778b0cb374e14556a48", 0x46d}], 0x1) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000600), 0x4) sendto$inet(r0, &(0x7f00000012c0)='\f&', 0x2, 0x11, 0x0, 0x0) [ 576.352047][ T27] audit: type=1804 audit(1583119336.351:273): pid=24493 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir486746795/syzkaller.S4NoXv/127/file0/bus" dev="loop1" ino=140 res=1 03:22:16 executing program 4: [ 576.438123][ T27] audit: type=1804 audit(1583119336.441:274): pid=24504 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir486746795/syzkaller.S4NoXv/127/file0/bus" dev="loop1" ino=140 res=1 03:22:19 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {&(0x7f0000000200)="6653070002053c27bc337600363925d86800278dcff47d010000805acf4f8f36460234432479aed75d492b415bcee00a06dc9d8e99adaf81dcfc6afd983f79e65199615607676f8f9fc0ebf8b0b16d6f2c59957ab364884b3c5d05692e664ebf68e6faa5", 0x64}], 0x3, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ptrace$cont(0x7, r0, 0x0, 0x0) 03:22:19 executing program 3: 03:22:19 executing program 2: 03:22:19 executing program 4: 03:22:19 executing program 5: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r0, &(0x7f0000000280)={0x2, 0x4e23, @broadcast}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000400)=[{0x6, 0x0, 0x0, 0xe8}]}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) writev(r0, &(0x7f0000000bc0)=[{&(0x7f0000001340)="83a15d3f300b93f0737fde29ed5ab6a63f07c8891c4cd3d41ffff7136b011fff477d56ddd308455ff218d7bfab83b8ef75d5065d03adb820d42e03b0cd5ee383835cb611a3c7ac10e5b649a6901211360409c6e612e28110b1b5ee515fccf8a1031d396ea7b27b787779d57a7e428cc441a8e3ef52f3b73e76b729f56cc4fc4ba98263817c50d83f7a174e7322512908dc04f0965019807f47716203dd7e4ed9cb7579fe30e47df7ec5b0d9bc3e0268c9d794c187b021aa6e8c3cff33bae2ba5a28bf09121649a3a6de389c710f95d7eed26dde32725c55c8034a270c74ab3c59074ce0e0e00e83349b1332f69ef1773bb4a95a6ee448de80216b80ad910546cb9d8cb26f5db729f9835ab1b3fbc5a8479f9161846a26c7b112a85d952b49ebeefde12bf14150d81f5c734c463b14fc0b6a739fe413fbbd79257fbee13405f6ce7892788f6b14f90c2ef788e73e54dcf049e835b7fc9db9bd7a424be964444531069e799d8032b3856bb3ef6f0d8e9c21ae48c58f4965817bf278ac948f4aae727e8241a2ab6781b8c5d58d7731cb13a264b82e84d811432c04d8c4f059fc7bf0bff0f10d6896ee714f76474787bf1c8704178320e7252d6f60a5839c82e782e08b1cf3c6d56a01e6cc70111385b408aecf4873d305a0754ed28440ebfce3d7bbd94bdebd6e945bd2b17dcf26379dfb2ec6bb2e1a61eeea342a987b91bb3ce5e0187013abc861463378caa6e4a2bee49d4e2d263389687a7c2cd2a7cf0893da319bb04f1f1bf7a91d7976e9551face2928293abb98986187edcdafd8fcd9130316730357da17be532e14438a796ef47e40edb0ed9c55610d2b8bd52de0e656d17162ddb36612b94f1ab6ce11194cea845bd9f204e5acd84a374dcfaaf80fd7313f71c25f613af54a3096e7364c01e420bd2e4628c7e3d64d4a900d253656a03596dd5c25affa91fae809f41d6216d5ccc8d2e522f258991f9c0248c341711df4e5aab020e48aebca50cb85d77c54f3b9d7eca12130249416d596bc6dd635a6e90d5075048d099a826b3c9c665fe8d71a7fad2a0e0456698d2f8e1ab970b153aa28656ae2c52415daff4f454b9a423f6bd74d9f7d3dd62cfd260780e51d76d191d5c474f4c7d2d1f58a4b953b754d072ac9f69f2b17b71cfbc6790736df04bf5e9df73848bc80ccab3820fd19c8134dce4eac1af19c67ffc169e71f1c9acedaae570b13a6c80ef5f942d6a715ea3b6bd0cb877b2456d38eca79a09020c5b70ada626d98071af32dcd116c12335b48cf8ed8786f039f1c1188a12c84fa76ab6dcbaae5b73cda1773983cc31f810b8326a5d31938dbef8b95699f0cc88a61a66ae635af6bbe251d90f0dadbf9389c2a3337d97103a5b63da1aaf2db95cdcc273c1ba2fb06cbd7a84021742d6d308a876fcc349038c385a23b5ad0f78ba10627a7e2198ebd0197723d7d8494029234627ac3eca197785518fb0be557890d7a1270481da68a0cd3ddf599c42719b8415d01bd855d01a54ecf27be1dcf5a540ab3c9c4bf87e275155d754712a26b6aafbeb7abca50d8de66aa240e54bfda18cc97714e564fe6d778b0cb374e14556a48", 0x46d}], 0x1) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000600), 0x4) sendto$inet(r0, &(0x7f00000012c0)='\f&', 0x2, 0x11, 0x0, 0x0) 03:22:19 executing program 1: prlimit64(0x0, 0x0, &(0x7f0000000280)={0x9, 0x8d}, 0x0) syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='sched\x00') preadv(0xffffffffffffffff, &(0x7f0000000380)=[{&(0x7f0000000240)=""/123, 0xfffffe65}], 0x1, 0x1000000) r0 = syz_genetlink_get_family_id$ipvs(0x0) sendmsg$IPVS_CMD_FLUSH(0xffffffffffffffff, &(0x7f0000000500)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r0], 0x2}, 0x1, 0x0, 0x0, 0x4000000}, 0x1) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x7e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r5 = open(&(0x7f0000000240)='./file0\x00', 0x880, 0x0) fchdir(r5) r6 = creat(&(0x7f0000000680)='./bus\x00', 0x0) ftruncate(r6, 0x800) lseek(r6, 0x0, 0x2) r7 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0) sendfile(r6, r7, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0x0) sendmsg$NL80211_CMD_START_SCHED_SCAN(0xffffffffffffffff, &(0x7f0000000440)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000400)={&(0x7f00000006c0)=ANY=[@ANYBLOB="6000000056f3257a4fcfe2f523d172e7d3ccf9f026b82608f14536009793803f9262155f95eda2f906e1adf01794d1dc50d9f94fa2755eb6a78e734497b5d45d20299029657b342cf5048b8df517b8262e43802b6f4fd08e4831281e6744113689ba928193e3524a7b5bb966519233661752defd54145cabdab0049aba08ea9b814907008c1d269b2644bfdc4b8dc013fb936339f53e", @ANYRES16=0x0, @ANYBLOB="007bb5bd7000ffdbdf254b0000000400ec000a000600bbbbbbbbbbbb00000800d20000000700000000eeaaa100000000006a00000008000000000000000800000001000000080000000800000008000000fa02038ea700000103e31f08a3aa2bc5ddfe963acf2808c9a935574177c8d8dc9a540181df1ed1e696607eb8de4875eb"], 0x60}, 0x1, 0x0, 0x0, 0x4080}, 0xa0) 03:22:19 executing program 4: 03:22:19 executing program 3: 03:22:19 executing program 2: 03:22:19 executing program 5: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x0, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r0, &(0x7f0000000280)={0x2, 0x4e23, @broadcast}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000400)=[{0x6, 0x0, 0x0, 0xe8}]}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) writev(r0, &(0x7f0000000bc0)=[{&(0x7f0000001340)="83a15d3f300b93f0737fde29ed5ab6a63f07c8891c4cd3d41ffff7136b011fff477d56ddd308455ff218d7bfab83b8ef75d5065d03adb820d42e03b0cd5ee383835cb611a3c7ac10e5b649a6901211360409c6e612e28110b1b5ee515fccf8a1031d396ea7b27b787779d57a7e428cc441a8e3ef52f3b73e76b729f56cc4fc4ba98263817c50d83f7a174e7322512908dc04f0965019807f47716203dd7e4ed9cb7579fe30e47df7ec5b0d9bc3e0268c9d794c187b021aa6e8c3cff33bae2ba5a28bf09121649a3a6de389c710f95d7eed26dde32725c55c8034a270c74ab3c59074ce0e0e00e83349b1332f69ef1773bb4a95a6ee448de80216b80ad910546cb9d8cb26f5db729f9835ab1b3fbc5a8479f9161846a26c7b112a85d952b49ebeefde12bf14150d81f5c734c463b14fc0b6a739fe413fbbd79257fbee13405f6ce7892788f6b14f90c2ef788e73e54dcf049e835b7fc9db9bd7a424be964444531069e799d8032b3856bb3ef6f0d8e9c21ae48c58f4965817bf278ac948f4aae727e8241a2ab6781b8c5d58d7731cb13a264b82e84d811432c04d8c4f059fc7bf0bff0f10d6896ee714f76474787bf1c8704178320e7252d6f60a5839c82e782e08b1cf3c6d56a01e6cc70111385b408aecf4873d305a0754ed28440ebfce3d7bbd94bdebd6e945bd2b17dcf26379dfb2ec6bb2e1a61eeea342a987b91bb3ce5e0187013abc861463378caa6e4a2bee49d4e2d263389687a7c2cd2a7cf0893da319bb04f1f1bf7a91d7976e9551face2928293abb98986187edcdafd8fcd9130316730357da17be532e14438a796ef47e40edb0ed9c55610d2b8bd52de0e656d17162ddb36612b94f1ab6ce11194cea845bd9f204e5acd84a374dcfaaf80fd7313f71c25f613af54a3096e7364c01e420bd2e4628c7e3d64d4a900d253656a03596dd5c25affa91fae809f41d6216d5ccc8d2e522f258991f9c0248c341711df4e5aab020e48aebca50cb85d77c54f3b9d7eca12130249416d596bc6dd635a6e90d5075048d099a826b3c9c665fe8d71a7fad2a0e0456698d2f8e1ab970b153aa28656ae2c52415daff4f454b9a423f6bd74d9f7d3dd62cfd260780e51d76d191d5c474f4c7d2d1f58a4b953b754d072ac9f69f2b17b71cfbc6790736df04bf5e9df73848bc80ccab3820fd19c8134dce4eac1af19c67ffc169e71f1c9acedaae570b13a6c80ef5f942d6a715ea3b6bd0cb877b2456d38eca79a09020c5b70ada626d98071af32dcd116c12335b48cf8ed8786f039f1c1188a12c84fa76ab6dcbaae5b73cda1773983cc31f810b8326a5d31938dbef8b95699f0cc88a61a66ae635af6bbe251d90f0dadbf9389c2a3337d97103a5b63da1aaf2db95cdcc273c1ba2fb06cbd7a84021742d6d308a876fcc349038c385a23b5ad0f78ba10627a7e2198ebd0197723d7d8494029234627ac3eca197785518fb0be557890d7a1270481da68a0cd3ddf599c42719b8415d01bd855d01a54ecf27be1dcf5a540ab3c9c4bf87e275155d754712a26b6aafbeb7abca50d8de66aa240e54bfda18cc97714e564fe6d778b0cb374e14556a48", 0x46d}], 0x1) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000600), 0x4) sendto$inet(r0, &(0x7f00000012c0)='\f&', 0x2, 0x11, 0x0, 0x0) 03:22:19 executing program 5: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x0, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r0, &(0x7f0000000280)={0x2, 0x4e23, @broadcast}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000400)=[{0x6, 0x0, 0x0, 0xe8}]}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) writev(r0, &(0x7f0000000bc0)=[{&(0x7f0000001340)="83a15d3f300b93f0737fde29ed5ab6a63f07c8891c4cd3d41ffff7136b011fff477d56ddd308455ff218d7bfab83b8ef75d5065d03adb820d42e03b0cd5ee383835cb611a3c7ac10e5b649a6901211360409c6e612e28110b1b5ee515fccf8a1031d396ea7b27b787779d57a7e428cc441a8e3ef52f3b73e76b729f56cc4fc4ba98263817c50d83f7a174e7322512908dc04f0965019807f47716203dd7e4ed9cb7579fe30e47df7ec5b0d9bc3e0268c9d794c187b021aa6e8c3cff33bae2ba5a28bf09121649a3a6de389c710f95d7eed26dde32725c55c8034a270c74ab3c59074ce0e0e00e83349b1332f69ef1773bb4a95a6ee448de80216b80ad910546cb9d8cb26f5db729f9835ab1b3fbc5a8479f9161846a26c7b112a85d952b49ebeefde12bf14150d81f5c734c463b14fc0b6a739fe413fbbd79257fbee13405f6ce7892788f6b14f90c2ef788e73e54dcf049e835b7fc9db9bd7a424be964444531069e799d8032b3856bb3ef6f0d8e9c21ae48c58f4965817bf278ac948f4aae727e8241a2ab6781b8c5d58d7731cb13a264b82e84d811432c04d8c4f059fc7bf0bff0f10d6896ee714f76474787bf1c8704178320e7252d6f60a5839c82e782e08b1cf3c6d56a01e6cc70111385b408aecf4873d305a0754ed28440ebfce3d7bbd94bdebd6e945bd2b17dcf26379dfb2ec6bb2e1a61eeea342a987b91bb3ce5e0187013abc861463378caa6e4a2bee49d4e2d263389687a7c2cd2a7cf0893da319bb04f1f1bf7a91d7976e9551face2928293abb98986187edcdafd8fcd9130316730357da17be532e14438a796ef47e40edb0ed9c55610d2b8bd52de0e656d17162ddb36612b94f1ab6ce11194cea845bd9f204e5acd84a374dcfaaf80fd7313f71c25f613af54a3096e7364c01e420bd2e4628c7e3d64d4a900d253656a03596dd5c25affa91fae809f41d6216d5ccc8d2e522f258991f9c0248c341711df4e5aab020e48aebca50cb85d77c54f3b9d7eca12130249416d596bc6dd635a6e90d5075048d099a826b3c9c665fe8d71a7fad2a0e0456698d2f8e1ab970b153aa28656ae2c52415daff4f454b9a423f6bd74d9f7d3dd62cfd260780e51d76d191d5c474f4c7d2d1f58a4b953b754d072ac9f69f2b17b71cfbc6790736df04bf5e9df73848bc80ccab3820fd19c8134dce4eac1af19c67ffc169e71f1c9acedaae570b13a6c80ef5f942d6a715ea3b6bd0cb877b2456d38eca79a09020c5b70ada626d98071af32dcd116c12335b48cf8ed8786f039f1c1188a12c84fa76ab6dcbaae5b73cda1773983cc31f810b8326a5d31938dbef8b95699f0cc88a61a66ae635af6bbe251d90f0dadbf9389c2a3337d97103a5b63da1aaf2db95cdcc273c1ba2fb06cbd7a84021742d6d308a876fcc349038c385a23b5ad0f78ba10627a7e2198ebd0197723d7d8494029234627ac3eca197785518fb0be557890d7a1270481da68a0cd3ddf599c42719b8415d01bd855d01a54ecf27be1dcf5a540ab3c9c4bf87e275155d754712a26b6aafbeb7abca50d8de66aa240e54bfda18cc97714e564fe6d778b0cb374e14556a48", 0x46d}], 0x1) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000600), 0x4) sendto$inet(r0, &(0x7f00000012c0)='\f&', 0x2, 0x11, 0x0, 0x0) [ 579.405500][ T27] audit: type=1804 audit(1583119339.401:275): pid=24536 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir486746795/syzkaller.S4NoXv/128/file0/bus" dev="loop1" ino=141 res=1 03:22:19 executing program 2: [ 579.461914][ T27] audit: type=1804 audit(1583119339.461:276): pid=24545 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir486746795/syzkaller.S4NoXv/128/file0/bus" dev="loop1" ino=141 res=1 [ 580.013941][ T21] attempt to access beyond end of device [ 580.019679][ T21] loop1: rw=1, want=2869, limit=63 [ 580.029237][ T21] attempt to access beyond end of device [ 580.034876][ T21] loop1: rw=1, want=4917, limit=63 [ 580.046962][ T21] attempt to access beyond end of device [ 580.052617][ T21] loop1: rw=1, want=6965, limit=63 [ 580.062799][ T21] attempt to access beyond end of device [ 580.068559][ T21] loop1: rw=1, want=9013, limit=63 [ 580.078441][ T21] attempt to access beyond end of device [ 580.084147][ T21] loop1: rw=1, want=11061, limit=63 [ 580.094303][ T21] attempt to access beyond end of device [ 580.100062][ T21] loop1: rw=1, want=13109, limit=63 [ 580.108345][ T21] attempt to access beyond end of device [ 580.114044][ T21] loop1: rw=1, want=13805, limit=63 03:22:22 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {&(0x7f0000000200)="6653070002053c27bc337600363925d86800278dcff47d010000805acf4f8f36460234432479aed75d492b415bcee00a06dc9d8e99adaf81dcfc6afd983f79e65199615607676f8f9fc0ebf8b0b16d6f2c59957ab364884b3c5d05692e664ebf68e6faa5", 0x64}], 0x3, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ptrace$cont(0x7, r0, 0x0, 0x0) 03:22:22 executing program 4: 03:22:22 executing program 3: 03:22:22 executing program 5: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x0, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r0, &(0x7f0000000280)={0x2, 0x4e23, @broadcast}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000400)=[{0x6, 0x0, 0x0, 0xe8}]}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) writev(r0, &(0x7f0000000bc0)=[{&(0x7f0000001340)="83a15d3f300b93f0737fde29ed5ab6a63f07c8891c4cd3d41ffff7136b011fff477d56ddd308455ff218d7bfab83b8ef75d5065d03adb820d42e03b0cd5ee383835cb611a3c7ac10e5b649a6901211360409c6e612e28110b1b5ee515fccf8a1031d396ea7b27b787779d57a7e428cc441a8e3ef52f3b73e76b729f56cc4fc4ba98263817c50d83f7a174e7322512908dc04f0965019807f47716203dd7e4ed9cb7579fe30e47df7ec5b0d9bc3e0268c9d794c187b021aa6e8c3cff33bae2ba5a28bf09121649a3a6de389c710f95d7eed26dde32725c55c8034a270c74ab3c59074ce0e0e00e83349b1332f69ef1773bb4a95a6ee448de80216b80ad910546cb9d8cb26f5db729f9835ab1b3fbc5a8479f9161846a26c7b112a85d952b49ebeefde12bf14150d81f5c734c463b14fc0b6a739fe413fbbd79257fbee13405f6ce7892788f6b14f90c2ef788e73e54dcf049e835b7fc9db9bd7a424be964444531069e799d8032b3856bb3ef6f0d8e9c21ae48c58f4965817bf278ac948f4aae727e8241a2ab6781b8c5d58d7731cb13a264b82e84d811432c04d8c4f059fc7bf0bff0f10d6896ee714f76474787bf1c8704178320e7252d6f60a5839c82e782e08b1cf3c6d56a01e6cc70111385b408aecf4873d305a0754ed28440ebfce3d7bbd94bdebd6e945bd2b17dcf26379dfb2ec6bb2e1a61eeea342a987b91bb3ce5e0187013abc861463378caa6e4a2bee49d4e2d263389687a7c2cd2a7cf0893da319bb04f1f1bf7a91d7976e9551face2928293abb98986187edcdafd8fcd9130316730357da17be532e14438a796ef47e40edb0ed9c55610d2b8bd52de0e656d17162ddb36612b94f1ab6ce11194cea845bd9f204e5acd84a374dcfaaf80fd7313f71c25f613af54a3096e7364c01e420bd2e4628c7e3d64d4a900d253656a03596dd5c25affa91fae809f41d6216d5ccc8d2e522f258991f9c0248c341711df4e5aab020e48aebca50cb85d77c54f3b9d7eca12130249416d596bc6dd635a6e90d5075048d099a826b3c9c665fe8d71a7fad2a0e0456698d2f8e1ab970b153aa28656ae2c52415daff4f454b9a423f6bd74d9f7d3dd62cfd260780e51d76d191d5c474f4c7d2d1f58a4b953b754d072ac9f69f2b17b71cfbc6790736df04bf5e9df73848bc80ccab3820fd19c8134dce4eac1af19c67ffc169e71f1c9acedaae570b13a6c80ef5f942d6a715ea3b6bd0cb877b2456d38eca79a09020c5b70ada626d98071af32dcd116c12335b48cf8ed8786f039f1c1188a12c84fa76ab6dcbaae5b73cda1773983cc31f810b8326a5d31938dbef8b95699f0cc88a61a66ae635af6bbe251d90f0dadbf9389c2a3337d97103a5b63da1aaf2db95cdcc273c1ba2fb06cbd7a84021742d6d308a876fcc349038c385a23b5ad0f78ba10627a7e2198ebd0197723d7d8494029234627ac3eca197785518fb0be557890d7a1270481da68a0cd3ddf599c42719b8415d01bd855d01a54ecf27be1dcf5a540ab3c9c4bf87e275155d754712a26b6aafbeb7abca50d8de66aa240e54bfda18cc97714e564fe6d778b0cb374e14556a48", 0x46d}], 0x1) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000600), 0x4) sendto$inet(r0, &(0x7f00000012c0)='\f&', 0x2, 0x11, 0x0, 0x0) 03:22:22 executing program 2: 03:22:22 executing program 1: prlimit64(0x0, 0x0, &(0x7f0000000280)={0x9, 0x8d}, 0x0) syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='sched\x00') preadv(0xffffffffffffffff, &(0x7f0000000380)=[{&(0x7f0000000240)=""/123, 0xfffffe65}], 0x1, 0x1000000) r0 = syz_genetlink_get_family_id$ipvs(0x0) sendmsg$IPVS_CMD_FLUSH(0xffffffffffffffff, &(0x7f0000000500)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r0], 0x2}, 0x1, 0x0, 0x0, 0x4000000}, 0x1) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x7e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r5 = open(&(0x7f0000000240)='./file0\x00', 0x880, 0x0) fchdir(r5) r6 = creat(&(0x7f0000000680)='./bus\x00', 0x0) ftruncate(r6, 0x800) lseek(r6, 0x0, 0x2) r7 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0) sendfile(r6, r7, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0x0) sendmsg$NL80211_CMD_START_SCHED_SCAN(0xffffffffffffffff, &(0x7f0000000440)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000400)={&(0x7f00000006c0)=ANY=[@ANYBLOB="6000000056f3257a4fcfe2f523d172e7d3ccf9f026b82608f14536009793803f9262155f95eda2f906e1adf01794d1dc50d9f94fa2755eb6a78e734497b5d45d20299029657b342cf5048b8df517b8262e43802b6f4fd08e4831281e6744113689ba928193e3524a7b5bb966519233661752defd54145cabdab0049aba08ea9b814907008c1d269b2644bfdc4b8dc013fb936339f53e", @ANYRES16=0x0, @ANYBLOB="007bb5bd7000ffdbdf254b0000000400ec000a000600bbbbbbbbbbbb00000800d20000000700000000eeaaa100000000006a00000008000000000000000800000001000000080000000800000008000000fa02038ea700000103e31f08a3aa2bc5ddfe963acf2808c9a935574177c8d8dc9a540181df1ed1e696607eb8de4875eb"], 0x60}, 0x1, 0x0, 0x0, 0x4080}, 0xa0) 03:22:22 executing program 3: 03:22:22 executing program 4: 03:22:22 executing program 2: 03:22:22 executing program 5: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, 0x0, 0x0) bind$inet(r0, &(0x7f0000000280)={0x2, 0x4e23, @broadcast}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000400)=[{0x6, 0x0, 0x0, 0xe8}]}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) writev(r0, &(0x7f0000000bc0)=[{&(0x7f0000001340)="83a15d3f300b93f0737fde29ed5ab6a63f07c8891c4cd3d41ffff7136b011fff477d56ddd308455ff218d7bfab83b8ef75d5065d03adb820d42e03b0cd5ee383835cb611a3c7ac10e5b649a6901211360409c6e612e28110b1b5ee515fccf8a1031d396ea7b27b787779d57a7e428cc441a8e3ef52f3b73e76b729f56cc4fc4ba98263817c50d83f7a174e7322512908dc04f0965019807f47716203dd7e4ed9cb7579fe30e47df7ec5b0d9bc3e0268c9d794c187b021aa6e8c3cff33bae2ba5a28bf09121649a3a6de389c710f95d7eed26dde32725c55c8034a270c74ab3c59074ce0e0e00e83349b1332f69ef1773bb4a95a6ee448de80216b80ad910546cb9d8cb26f5db729f9835ab1b3fbc5a8479f9161846a26c7b112a85d952b49ebeefde12bf14150d81f5c734c463b14fc0b6a739fe413fbbd79257fbee13405f6ce7892788f6b14f90c2ef788e73e54dcf049e835b7fc9db9bd7a424be964444531069e799d8032b3856bb3ef6f0d8e9c21ae48c58f4965817bf278ac948f4aae727e8241a2ab6781b8c5d58d7731cb13a264b82e84d811432c04d8c4f059fc7bf0bff0f10d6896ee714f76474787bf1c8704178320e7252d6f60a5839c82e782e08b1cf3c6d56a01e6cc70111385b408aecf4873d305a0754ed28440ebfce3d7bbd94bdebd6e945bd2b17dcf26379dfb2ec6bb2e1a61eeea342a987b91bb3ce5e0187013abc861463378caa6e4a2bee49d4e2d263389687a7c2cd2a7cf0893da319bb04f1f1bf7a91d7976e9551face2928293abb98986187edcdafd8fcd9130316730357da17be532e14438a796ef47e40edb0ed9c55610d2b8bd52de0e656d17162ddb36612b94f1ab6ce11194cea845bd9f204e5acd84a374dcfaaf80fd7313f71c25f613af54a3096e7364c01e420bd2e4628c7e3d64d4a900d253656a03596dd5c25affa91fae809f41d6216d5ccc8d2e522f258991f9c0248c341711df4e5aab020e48aebca50cb85d77c54f3b9d7eca12130249416d596bc6dd635a6e90d5075048d099a826b3c9c665fe8d71a7fad2a0e0456698d2f8e1ab970b153aa28656ae2c52415daff4f454b9a423f6bd74d9f7d3dd62cfd260780e51d76d191d5c474f4c7d2d1f58a4b953b754d072ac9f69f2b17b71cfbc6790736df04bf5e9df73848bc80ccab3820fd19c8134dce4eac1af19c67ffc169e71f1c9acedaae570b13a6c80ef5f942d6a715ea3b6bd0cb877b2456d38eca79a09020c5b70ada626d98071af32dcd116c12335b48cf8ed8786f039f1c1188a12c84fa76ab6dcbaae5b73cda1773983cc31f810b8326a5d31938dbef8b95699f0cc88a61a66ae635af6bbe251d90f0dadbf9389c2a3337d97103a5b63da1aaf2db95cdcc273c1ba2fb06cbd7a84021742d6d308a876fcc349038c385a23b5ad0f78ba10627a7e2198ebd0197723d7d8494029234627ac3eca197785518fb0be557890d7a1270481da68a0cd3ddf599c42719b8415d01bd855d01a54ecf27be1dcf5a540ab3c9c4bf87e275155d754712a26b6aafbeb7abca50d8de66aa240e54bfda18cc97714e564fe6d778b0cb374e14556a48", 0x46d}], 0x1) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000600), 0x4) sendto$inet(r0, &(0x7f00000012c0)='\f&', 0x2, 0x11, 0x0, 0x0) 03:22:22 executing program 3: 03:22:22 executing program 4: [ 582.418172][ T27] audit: type=1804 audit(1583119342.421:277): pid=24574 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir486746795/syzkaller.S4NoXv/129/file0/bus" dev="loop1" ino=142 res=1 [ 582.513130][ T27] audit: type=1804 audit(1583119342.481:278): pid=24582 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir486746795/syzkaller.S4NoXv/129/file0/bus" dev="loop1" ino=142 res=1 [ 583.066718][ T21] attempt to access beyond end of device [ 583.072380][ T21] loop1: rw=1, want=2349, limit=63 [ 583.081734][ T21] attempt to access beyond end of device [ 583.087404][ T21] loop1: rw=1, want=4405, limit=63 [ 583.096445][ T21] attempt to access beyond end of device [ 583.102096][ T21] loop1: rw=1, want=6453, limit=63 [ 583.111876][ T21] attempt to access beyond end of device [ 583.117531][ T21] loop1: rw=1, want=8501, limit=63 [ 583.126928][ T21] attempt to access beyond end of device [ 583.132643][ T21] loop1: rw=1, want=10549, limit=63 [ 583.142201][ T21] attempt to access beyond end of device [ 583.147883][ T21] loop1: rw=1, want=12597, limit=63 [ 583.158275][ T21] attempt to access beyond end of device [ 583.163962][ T21] loop1: rw=1, want=14645, limit=63 [ 583.171583][ T21] attempt to access beyond end of device [ 583.177261][ T21] loop1: rw=1, want=15269, limit=63 03:22:25 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000200)="6653070002053c27bc337600363925d86800278dcff47d010000805acf4f8f36460234432479aed75d492b415bcee00a06dc9d8e99adaf81dcfc6afd983f79e65199615607676f8f9fc0ebf8b0b16d6f2c59957ab364884b3c5d05692e664ebf68e6faa5", 0x64}], 0x4, 0x0) ptrace$setopts(0xffffffffffffffff, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ptrace$cont(0x7, r0, 0x0, 0x0) 03:22:25 executing program 2: 03:22:25 executing program 5: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, 0x0, 0x0) bind$inet(r0, &(0x7f0000000280)={0x2, 0x4e23, @broadcast}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000400)=[{0x6, 0x0, 0x0, 0xe8}]}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) writev(r0, &(0x7f0000000bc0)=[{&(0x7f0000001340)="83a15d3f300b93f0737fde29ed5ab6a63f07c8891c4cd3d41ffff7136b011fff477d56ddd308455ff218d7bfab83b8ef75d5065d03adb820d42e03b0cd5ee383835cb611a3c7ac10e5b649a6901211360409c6e612e28110b1b5ee515fccf8a1031d396ea7b27b787779d57a7e428cc441a8e3ef52f3b73e76b729f56cc4fc4ba98263817c50d83f7a174e7322512908dc04f0965019807f47716203dd7e4ed9cb7579fe30e47df7ec5b0d9bc3e0268c9d794c187b021aa6e8c3cff33bae2ba5a28bf09121649a3a6de389c710f95d7eed26dde32725c55c8034a270c74ab3c59074ce0e0e00e83349b1332f69ef1773bb4a95a6ee448de80216b80ad910546cb9d8cb26f5db729f9835ab1b3fbc5a8479f9161846a26c7b112a85d952b49ebeefde12bf14150d81f5c734c463b14fc0b6a739fe413fbbd79257fbee13405f6ce7892788f6b14f90c2ef788e73e54dcf049e835b7fc9db9bd7a424be964444531069e799d8032b3856bb3ef6f0d8e9c21ae48c58f4965817bf278ac948f4aae727e8241a2ab6781b8c5d58d7731cb13a264b82e84d811432c04d8c4f059fc7bf0bff0f10d6896ee714f76474787bf1c8704178320e7252d6f60a5839c82e782e08b1cf3c6d56a01e6cc70111385b408aecf4873d305a0754ed28440ebfce3d7bbd94bdebd6e945bd2b17dcf26379dfb2ec6bb2e1a61eeea342a987b91bb3ce5e0187013abc861463378caa6e4a2bee49d4e2d263389687a7c2cd2a7cf0893da319bb04f1f1bf7a91d7976e9551face2928293abb98986187edcdafd8fcd9130316730357da17be532e14438a796ef47e40edb0ed9c55610d2b8bd52de0e656d17162ddb36612b94f1ab6ce11194cea845bd9f204e5acd84a374dcfaaf80fd7313f71c25f613af54a3096e7364c01e420bd2e4628c7e3d64d4a900d253656a03596dd5c25affa91fae809f41d6216d5ccc8d2e522f258991f9c0248c341711df4e5aab020e48aebca50cb85d77c54f3b9d7eca12130249416d596bc6dd635a6e90d5075048d099a826b3c9c665fe8d71a7fad2a0e0456698d2f8e1ab970b153aa28656ae2c52415daff4f454b9a423f6bd74d9f7d3dd62cfd260780e51d76d191d5c474f4c7d2d1f58a4b953b754d072ac9f69f2b17b71cfbc6790736df04bf5e9df73848bc80ccab3820fd19c8134dce4eac1af19c67ffc169e71f1c9acedaae570b13a6c80ef5f942d6a715ea3b6bd0cb877b2456d38eca79a09020c5b70ada626d98071af32dcd116c12335b48cf8ed8786f039f1c1188a12c84fa76ab6dcbaae5b73cda1773983cc31f810b8326a5d31938dbef8b95699f0cc88a61a66ae635af6bbe251d90f0dadbf9389c2a3337d97103a5b63da1aaf2db95cdcc273c1ba2fb06cbd7a84021742d6d308a876fcc349038c385a23b5ad0f78ba10627a7e2198ebd0197723d7d8494029234627ac3eca197785518fb0be557890d7a1270481da68a0cd3ddf599c42719b8415d01bd855d01a54ecf27be1dcf5a540ab3c9c4bf87e275155d754712a26b6aafbeb7abca50d8de66aa240e54bfda18cc97714e564fe6d778b0cb374e14556a48", 0x46d}], 0x1) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000600), 0x4) sendto$inet(r0, &(0x7f00000012c0)='\f&', 0x2, 0x11, 0x0, 0x0) 03:22:25 executing program 3: 03:22:25 executing program 4: 03:22:25 executing program 1: prlimit64(0x0, 0x0, &(0x7f0000000280)={0x9, 0x8d}, 0x0) syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='sched\x00') preadv(0xffffffffffffffff, &(0x7f0000000380)=[{&(0x7f0000000240)=""/123, 0xfffffe65}], 0x1, 0x1000000) r0 = syz_genetlink_get_family_id$ipvs(0x0) sendmsg$IPVS_CMD_FLUSH(0xffffffffffffffff, &(0x7f0000000500)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r0], 0x2}, 0x1, 0x0, 0x0, 0x4000000}, 0x1) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x7e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r5 = open(&(0x7f0000000240)='./file0\x00', 0x880, 0x0) fchdir(r5) r6 = creat(&(0x7f0000000680)='./bus\x00', 0x0) ftruncate(r6, 0x800) lseek(r6, 0x0, 0x2) r7 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0) sendfile(r6, r7, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0x0) sendmsg$NL80211_CMD_START_SCHED_SCAN(0xffffffffffffffff, &(0x7f0000000440)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000400)={&(0x7f00000006c0)=ANY=[@ANYBLOB="6000000056f3257a4fcfe2f523d172e7d3ccf9f026b82608f14536009793803f9262155f95eda2f906e1adf01794d1dc50d9f94fa2755eb6a78e734497b5d45d20299029657b342cf5048b8df517b8262e43802b6f4fd08e4831281e6744113689ba928193e3524a7b5bb966519233661752defd54145cabdab0049aba08ea9b814907008c1d269b2644bfdc4b8dc013fb936339f53e", @ANYRES16=0x0, @ANYBLOB="007bb5bd7000ffdbdf254b0000000400ec000a000600bbbbbbbbbbbb00000800d20000000700000000eeaaa100000000006a00000008000000000000000800000001000000080000000800000008000000fa02038ea700000103e31f08a3aa2bc5ddfe963acf2808c9a935574177c8d8dc9a540181df1ed1e696607eb8de4875eb"], 0x60}, 0x1, 0x0, 0x0, 0x4080}, 0xa0) 03:22:25 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000200)="6653070002053c27bc337600363925d86800278dcff47d010000805acf4f8f36460234432479aed75d492b415bcee00a06dc9d8e99adaf81dcfc6afd983f79e65199615607676f8f9fc0ebf8b0b16d6f2c59957ab364884b3c5d05692e664ebf68e6faa5", 0x64}], 0x4, 0x0) ptrace$setopts(0xffffffffffffffff, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ptrace$cont(0x7, r0, 0x0, 0x0) 03:22:25 executing program 2: 03:22:25 executing program 4: 03:22:25 executing program 3: 03:22:25 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000200)="6653070002053c27bc337600363925d86800278dcff47d010000805acf4f8f36460234432479aed75d492b415bcee00a06dc9d8e99adaf81dcfc6afd983f79e65199615607676f8f9fc0ebf8b0b16d6f2c59957ab364884b3c5d05692e664ebf68e6faa5", 0x64}], 0x4, 0x0) ptrace$setopts(0xffffffffffffffff, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ptrace$cont(0x7, r0, 0x0, 0x0) 03:22:25 executing program 5: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, 0x0, 0x0) bind$inet(r0, &(0x7f0000000280)={0x2, 0x4e23, @broadcast}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000400)=[{0x6, 0x0, 0x0, 0xe8}]}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) writev(r0, &(0x7f0000000bc0)=[{&(0x7f0000001340)="83a15d3f300b93f0737fde29ed5ab6a63f07c8891c4cd3d41ffff7136b011fff477d56ddd308455ff218d7bfab83b8ef75d5065d03adb820d42e03b0cd5ee383835cb611a3c7ac10e5b649a6901211360409c6e612e28110b1b5ee515fccf8a1031d396ea7b27b787779d57a7e428cc441a8e3ef52f3b73e76b729f56cc4fc4ba98263817c50d83f7a174e7322512908dc04f0965019807f47716203dd7e4ed9cb7579fe30e47df7ec5b0d9bc3e0268c9d794c187b021aa6e8c3cff33bae2ba5a28bf09121649a3a6de389c710f95d7eed26dde32725c55c8034a270c74ab3c59074ce0e0e00e83349b1332f69ef1773bb4a95a6ee448de80216b80ad910546cb9d8cb26f5db729f9835ab1b3fbc5a8479f9161846a26c7b112a85d952b49ebeefde12bf14150d81f5c734c463b14fc0b6a739fe413fbbd79257fbee13405f6ce7892788f6b14f90c2ef788e73e54dcf049e835b7fc9db9bd7a424be964444531069e799d8032b3856bb3ef6f0d8e9c21ae48c58f4965817bf278ac948f4aae727e8241a2ab6781b8c5d58d7731cb13a264b82e84d811432c04d8c4f059fc7bf0bff0f10d6896ee714f76474787bf1c8704178320e7252d6f60a5839c82e782e08b1cf3c6d56a01e6cc70111385b408aecf4873d305a0754ed28440ebfce3d7bbd94bdebd6e945bd2b17dcf26379dfb2ec6bb2e1a61eeea342a987b91bb3ce5e0187013abc861463378caa6e4a2bee49d4e2d263389687a7c2cd2a7cf0893da319bb04f1f1bf7a91d7976e9551face2928293abb98986187edcdafd8fcd9130316730357da17be532e14438a796ef47e40edb0ed9c55610d2b8bd52de0e656d17162ddb36612b94f1ab6ce11194cea845bd9f204e5acd84a374dcfaaf80fd7313f71c25f613af54a3096e7364c01e420bd2e4628c7e3d64d4a900d253656a03596dd5c25affa91fae809f41d6216d5ccc8d2e522f258991f9c0248c341711df4e5aab020e48aebca50cb85d77c54f3b9d7eca12130249416d596bc6dd635a6e90d5075048d099a826b3c9c665fe8d71a7fad2a0e0456698d2f8e1ab970b153aa28656ae2c52415daff4f454b9a423f6bd74d9f7d3dd62cfd260780e51d76d191d5c474f4c7d2d1f58a4b953b754d072ac9f69f2b17b71cfbc6790736df04bf5e9df73848bc80ccab3820fd19c8134dce4eac1af19c67ffc169e71f1c9acedaae570b13a6c80ef5f942d6a715ea3b6bd0cb877b2456d38eca79a09020c5b70ada626d98071af32dcd116c12335b48cf8ed8786f039f1c1188a12c84fa76ab6dcbaae5b73cda1773983cc31f810b8326a5d31938dbef8b95699f0cc88a61a66ae635af6bbe251d90f0dadbf9389c2a3337d97103a5b63da1aaf2db95cdcc273c1ba2fb06cbd7a84021742d6d308a876fcc349038c385a23b5ad0f78ba10627a7e2198ebd0197723d7d8494029234627ac3eca197785518fb0be557890d7a1270481da68a0cd3ddf599c42719b8415d01bd855d01a54ecf27be1dcf5a540ab3c9c4bf87e275155d754712a26b6aafbeb7abca50d8de66aa240e54bfda18cc97714e564fe6d778b0cb374e14556a48", 0x46d}], 0x1) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000600), 0x4) sendto$inet(r0, &(0x7f00000012c0)='\f&', 0x2, 0x11, 0x0, 0x0) 03:22:25 executing program 3: [ 585.554733][ T27] audit: type=1804 audit(1583119345.551:279): pid=24620 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir486746795/syzkaller.S4NoXv/130/file0/bus" dev="sda1" ino=16913 res=1 03:22:25 executing program 2: 03:22:25 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000200)="6653070002053c27bc337600363925d86800278dcff47d010000805acf4f8f36460234432479aed75d492b415bcee00a06dc9d8e99adaf81dcfc6afd983f79e65199615607676f8f9fc0ebf8b0b16d6f2c59957ab364884b3c5d05692e664ebf68e6faa5", 0x64}], 0x4, 0x0) ptrace$setopts(0x4206, 0x0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ptrace$cont(0x7, r0, 0x0, 0x0) [ 585.603454][ T27] audit: type=1804 audit(1583119345.601:280): pid=24614 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir486746795/syzkaller.S4NoXv/130/file0/bus" dev="sda1" ino=16913 res=1 03:22:25 executing program 4: 03:22:25 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000200)="6653070002053c27bc337600363925d86800278dcff47d010000805acf4f8f36460234432479aed75d492b415bcee00a06dc9d8e99adaf81dcfc6afd983f79e65199615607676f8f9fc0ebf8b0b16d6f2c59957ab364884b3c5d05692e664ebf68e6faa5", 0x64}], 0x4, 0x0) ptrace$setopts(0x4206, 0x0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ptrace$cont(0x7, r0, 0x0, 0x0) 03:22:26 executing program 5: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0), 0x25d) bind$inet(r0, &(0x7f0000000280)={0x2, 0x4e23, @broadcast}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000400)=[{0x6, 0x0, 0x0, 0xe8}]}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) writev(r0, &(0x7f0000000bc0)=[{&(0x7f0000001340)="83a15d3f300b93f0737fde29ed5ab6a63f07c8891c4cd3d41ffff7136b011fff477d56ddd308455ff218d7bfab83b8ef75d5065d03adb820d42e03b0cd5ee383835cb611a3c7ac10e5b649a6901211360409c6e612e28110b1b5ee515fccf8a1031d396ea7b27b787779d57a7e428cc441a8e3ef52f3b73e76b729f56cc4fc4ba98263817c50d83f7a174e7322512908dc04f0965019807f47716203dd7e4ed9cb7579fe30e47df7ec5b0d9bc3e0268c9d794c187b021aa6e8c3cff33bae2ba5a28bf09121649a3a6de389c710f95d7eed26dde32725c55c8034a270c74ab3c59074ce0e0e00e83349b1332f69ef1773bb4a95a6ee448de80216b80ad910546cb9d8cb26f5db729f9835ab1b3fbc5a8479f9161846a26c7b112a85d952b49ebeefde12bf14150d81f5c734c463b14fc0b6a739fe413fbbd79257fbee13405f6ce7892788f6b14f90c2ef788e73e54dcf049e835b7fc9db9bd7a424be964444531069e799d8032b3856bb3ef6f0d8e9c21ae48c58f4965817bf278ac948f4aae727e8241a2ab6781b8c5d58d7731cb13a264b82e84d811432c04d8c4f059fc7bf0bff0f10d6896ee714f76474787bf1c8704178320e7252d6f60a5839c82e782e08b1cf3c6d56a01e6cc70111385b408aecf4873d305a0754ed28440ebfce3d7bbd94bdebd6e945bd2b17dcf26379dfb2ec6bb2e1a61eeea342a987b91bb3ce5e0187013abc861463378caa6e4a2bee49d4e2d263389687a7c2cd2a7cf0893da319bb04f1f1bf7a91d7976e9551face2928293abb98986187edcdafd8fcd9130316730357da17be532e14438a796ef47e40edb0ed9c55610d2b8bd52de0e656d17162ddb36612b94f1ab6ce11194cea845bd9f204e5acd84a374dcfaaf80fd7313f71c25f613af54a3096e7364c01e420bd2e4628c7e3d64d4a900d253656a03596dd5c25affa91fae809f41d6216d5ccc8d2e522f258991f9c0248c341711df4e5aab020e48aebca50cb85d77c54f3b9d7eca12130249416d596bc6dd635a6e90d5075048d099a826b3c9c665fe8d71a7fad2a0e0456698d2f8e1ab970b153aa28656ae2c52415daff4f454b9a423f6bd74d9f7d3dd62cfd260780e51d76d191d5c474f4c7d2d1f58a4b953b754d072ac9f69f2b17b71cfbc6790736df04bf5e9df73848bc80ccab3820fd19c8134dce4eac1af19c67ffc169e71f1c9acedaae570b13a6c80ef5f942d6a715ea3b6bd0cb877b2456d38eca79a09020c5b70ada626d98071af32dcd116c12335b48cf8ed8786f039f1c1188a12c84fa76ab6dcbaae5b73cda1773983cc31f810b8326a5d31938dbef8b95699f0cc88a61a66ae635af6bbe251d90f0dadbf9389c2a3337d97103a5b63da1aaf2db95cdcc273c1ba2fb06cbd7a84021742d6d308a876fcc349038c385a23b5ad0f78ba10627a7e2198ebd0197723d7d8494029234627ac3eca197785518fb0be557890d7a1270481da68a0cd3ddf599c42719b8415d01bd855d01a54ecf27be1dcf5a540ab3c9c4bf87e275155d754712a26b6aafbeb7abca50d8de66aa240e54bfda18cc97714e564fe6d778b0cb374e14556a48", 0x46d}], 0x1) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000600), 0x4) sendto$inet(r0, &(0x7f00000012c0)='\f&', 0x2, 0x11, 0x0, 0x0) 03:22:26 executing program 3: 03:22:26 executing program 2: 03:22:26 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000200)="6653070002053c27bc337600363925d86800278dcff47d010000805acf4f8f36460234432479aed75d492b415bcee00a06dc9d8e99adaf81dcfc6afd983f79e65199615607676f8f9fc0ebf8b0b16d6f2c59957ab364884b3c5d05692e664ebf68e6faa5", 0x64}], 0x4, 0x0) ptrace$setopts(0x4206, 0x0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ptrace$cont(0x7, r0, 0x0, 0x0) 03:22:26 executing program 4: 03:22:26 executing program 1: prlimit64(0x0, 0x0, &(0x7f0000000280)={0x9, 0x8d}, 0x0) syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='sched\x00') preadv(0xffffffffffffffff, &(0x7f0000000380)=[{&(0x7f0000000240)=""/123, 0xfffffe65}], 0x1, 0x1000000) r0 = syz_genetlink_get_family_id$ipvs(0x0) sendmsg$IPVS_CMD_FLUSH(0xffffffffffffffff, &(0x7f0000000500)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r0, @ANYBLOB], 0x3}, 0x1, 0x0, 0x0, 0x4000000}, 0x1) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x7e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r5 = open(&(0x7f0000000240)='./file0\x00', 0x880, 0x0) fchdir(r5) r6 = creat(&(0x7f0000000680)='./bus\x00', 0x0) ftruncate(r6, 0x800) lseek(r6, 0x0, 0x2) r7 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0) sendfile(r6, r7, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0x0) sendmsg$NL80211_CMD_START_SCHED_SCAN(0xffffffffffffffff, &(0x7f0000000440)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000400)={&(0x7f00000006c0)=ANY=[@ANYBLOB="6000000056f3257a4fcfe2f523d172e7d3ccf9f026b82608f14536009793803f9262155f95eda2f906e1adf01794d1dc50d9f94fa2755eb6a78e734497b5d45d20299029657b342cf5048b8df517b8262e43802b6f4fd08e4831281e6744113689ba928193e3524a7b5bb966519233661752defd54145cabdab0049aba08ea9b814907008c1d269b2644bfdc4b8dc013fb936339f53e", @ANYRES16=0x0, @ANYBLOB="007bb5bd7000ffdbdf254b0000000400ec000a000600bbbbbbbbbbbb00000800d20000000700000000eeaaa100000000006a00000008000000000000000800000001000000080000000800000008000000fa02038ea700000103e31f08a3aa2bc5ddfe963acf2808c9a935574177c8d8dc9a540181df1ed1e696607eb8de4875eb"], 0x60}, 0x1, 0x0, 0x0, 0x4080}, 0xa0) 03:22:26 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000200)="6653070002053c27bc337600363925d86800278dcff47d010000805acf4f8f36460234432479aed75d492b415bcee00a06dc9d8e99adaf81dcfc6afd983f79e65199615607676f8f9fc0ebf8b0b16d6f2c59957ab364884b3c5d05692e664ebf68e6faa5", 0x64}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(0x0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ptrace$cont(0x7, r0, 0x0, 0x0) 03:22:26 executing program 2: 03:22:26 executing program 5: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0), 0x25d) bind$inet(r0, &(0x7f0000000280)={0x2, 0x4e23, @broadcast}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000400)=[{0x6, 0x0, 0x0, 0xe8}]}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) writev(r0, &(0x7f0000000bc0)=[{&(0x7f0000001340)="83a15d3f300b93f0737fde29ed5ab6a63f07c8891c4cd3d41ffff7136b011fff477d56ddd308455ff218d7bfab83b8ef75d5065d03adb820d42e03b0cd5ee383835cb611a3c7ac10e5b649a6901211360409c6e612e28110b1b5ee515fccf8a1031d396ea7b27b787779d57a7e428cc441a8e3ef52f3b73e76b729f56cc4fc4ba98263817c50d83f7a174e7322512908dc04f0965019807f47716203dd7e4ed9cb7579fe30e47df7ec5b0d9bc3e0268c9d794c187b021aa6e8c3cff33bae2ba5a28bf09121649a3a6de389c710f95d7eed26dde32725c55c8034a270c74ab3c59074ce0e0e00e83349b1332f69ef1773bb4a95a6ee448de80216b80ad910546cb9d8cb26f5db729f9835ab1b3fbc5a8479f9161846a26c7b112a85d952b49ebeefde12bf14150d81f5c734c463b14fc0b6a739fe413fbbd79257fbee13405f6ce7892788f6b14f90c2ef788e73e54dcf049e835b7fc9db9bd7a424be964444531069e799d8032b3856bb3ef6f0d8e9c21ae48c58f4965817bf278ac948f4aae727e8241a2ab6781b8c5d58d7731cb13a264b82e84d811432c04d8c4f059fc7bf0bff0f10d6896ee714f76474787bf1c8704178320e7252d6f60a5839c82e782e08b1cf3c6d56a01e6cc70111385b408aecf4873d305a0754ed28440ebfce3d7bbd94bdebd6e945bd2b17dcf26379dfb2ec6bb2e1a61eeea342a987b91bb3ce5e0187013abc861463378caa6e4a2bee49d4e2d263389687a7c2cd2a7cf0893da319bb04f1f1bf7a91d7976e9551face2928293abb98986187edcdafd8fcd9130316730357da17be532e14438a796ef47e40edb0ed9c55610d2b8bd52de0e656d17162ddb36612b94f1ab6ce11194cea845bd9f204e5acd84a374dcfaaf80fd7313f71c25f613af54a3096e7364c01e420bd2e4628c7e3d64d4a900d253656a03596dd5c25affa91fae809f41d6216d5ccc8d2e522f258991f9c0248c341711df4e5aab020e48aebca50cb85d77c54f3b9d7eca12130249416d596bc6dd635a6e90d5075048d099a826b3c9c665fe8d71a7fad2a0e0456698d2f8e1ab970b153aa28656ae2c52415daff4f454b9a423f6bd74d9f7d3dd62cfd260780e51d76d191d5c474f4c7d2d1f58a4b953b754d072ac9f69f2b17b71cfbc6790736df04bf5e9df73848bc80ccab3820fd19c8134dce4eac1af19c67ffc169e71f1c9acedaae570b13a6c80ef5f942d6a715ea3b6bd0cb877b2456d38eca79a09020c5b70ada626d98071af32dcd116c12335b48cf8ed8786f039f1c1188a12c84fa76ab6dcbaae5b73cda1773983cc31f810b8326a5d31938dbef8b95699f0cc88a61a66ae635af6bbe251d90f0dadbf9389c2a3337d97103a5b63da1aaf2db95cdcc273c1ba2fb06cbd7a84021742d6d308a876fcc349038c385a23b5ad0f78ba10627a7e2198ebd0197723d7d8494029234627ac3eca197785518fb0be557890d7a1270481da68a0cd3ddf599c42719b8415d01bd855d01a54ecf27be1dcf5a540ab3c9c4bf87e275155d754712a26b6aafbeb7abca50d8de66aa240e54bfda18cc97714e564fe6d778b0cb374e14556a48", 0x46d}], 0x1) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000600), 0x4) sendto$inet(r0, &(0x7f00000012c0)='\f&', 0x2, 0x11, 0x0, 0x0) 03:22:26 executing program 4: 03:22:26 executing program 3: 03:22:26 executing program 2: [ 586.529523][ T27] audit: type=1804 audit(1583119346.531:281): pid=24663 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir486746795/syzkaller.S4NoXv/131/file0/bus" dev="loop1" ino=143 res=1 [ 586.597310][ T27] audit: type=1804 audit(1583119346.591:282): pid=24676 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir486746795/syzkaller.S4NoXv/131/file0/bus" dev="loop1" ino=143 res=1 03:22:26 executing program 4: 03:22:26 executing program 3: 03:22:26 executing program 2: 03:22:26 executing program 5: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0), 0x25d) bind$inet(r0, &(0x7f0000000280)={0x2, 0x4e23, @broadcast}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000400)=[{0x6, 0x0, 0x0, 0xe8}]}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) writev(r0, &(0x7f0000000bc0)=[{&(0x7f0000001340)="83a15d3f300b93f0737fde29ed5ab6a63f07c8891c4cd3d41ffff7136b011fff477d56ddd308455ff218d7bfab83b8ef75d5065d03adb820d42e03b0cd5ee383835cb611a3c7ac10e5b649a6901211360409c6e612e28110b1b5ee515fccf8a1031d396ea7b27b787779d57a7e428cc441a8e3ef52f3b73e76b729f56cc4fc4ba98263817c50d83f7a174e7322512908dc04f0965019807f47716203dd7e4ed9cb7579fe30e47df7ec5b0d9bc3e0268c9d794c187b021aa6e8c3cff33bae2ba5a28bf09121649a3a6de389c710f95d7eed26dde32725c55c8034a270c74ab3c59074ce0e0e00e83349b1332f69ef1773bb4a95a6ee448de80216b80ad910546cb9d8cb26f5db729f9835ab1b3fbc5a8479f9161846a26c7b112a85d952b49ebeefde12bf14150d81f5c734c463b14fc0b6a739fe413fbbd79257fbee13405f6ce7892788f6b14f90c2ef788e73e54dcf049e835b7fc9db9bd7a424be964444531069e799d8032b3856bb3ef6f0d8e9c21ae48c58f4965817bf278ac948f4aae727e8241a2ab6781b8c5d58d7731cb13a264b82e84d811432c04d8c4f059fc7bf0bff0f10d6896ee714f76474787bf1c8704178320e7252d6f60a5839c82e782e08b1cf3c6d56a01e6cc70111385b408aecf4873d305a0754ed28440ebfce3d7bbd94bdebd6e945bd2b17dcf26379dfb2ec6bb2e1a61eeea342a987b91bb3ce5e0187013abc861463378caa6e4a2bee49d4e2d263389687a7c2cd2a7cf0893da319bb04f1f1bf7a91d7976e9551face2928293abb98986187edcdafd8fcd9130316730357da17be532e14438a796ef47e40edb0ed9c55610d2b8bd52de0e656d17162ddb36612b94f1ab6ce11194cea845bd9f204e5acd84a374dcfaaf80fd7313f71c25f613af54a3096e7364c01e420bd2e4628c7e3d64d4a900d253656a03596dd5c25affa91fae809f41d6216d5ccc8d2e522f258991f9c0248c341711df4e5aab020e48aebca50cb85d77c54f3b9d7eca12130249416d596bc6dd635a6e90d5075048d099a826b3c9c665fe8d71a7fad2a0e0456698d2f8e1ab970b153aa28656ae2c52415daff4f454b9a423f6bd74d9f7d3dd62cfd260780e51d76d191d5c474f4c7d2d1f58a4b953b754d072ac9f69f2b17b71cfbc6790736df04bf5e9df73848bc80ccab3820fd19c8134dce4eac1af19c67ffc169e71f1c9acedaae570b13a6c80ef5f942d6a715ea3b6bd0cb877b2456d38eca79a09020c5b70ada626d98071af32dcd116c12335b48cf8ed8786f039f1c1188a12c84fa76ab6dcbaae5b73cda1773983cc31f810b8326a5d31938dbef8b95699f0cc88a61a66ae635af6bbe251d90f0dadbf9389c2a3337d97103a5b63da1aaf2db95cdcc273c1ba2fb06cbd7a84021742d6d308a876fcc349038c385a23b5ad0f78ba10627a7e2198ebd0197723d7d8494029234627ac3eca197785518fb0be557890d7a1270481da68a0cd3ddf599c42719b8415d01bd855d01a54ecf27be1dcf5a540ab3c9c4bf87e275155d754712a26b6aafbeb7abca50d8de66aa240e54bfda18cc97714e564fe6d778b0cb374e14556a48", 0x46d}], 0x1) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000600), 0x4) sendto$inet(r0, &(0x7f00000012c0)='\f&', 0x2, 0x11, 0x0, 0x0) 03:22:26 executing program 2: 03:22:27 executing program 4: 03:22:29 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000200)="6653070002053c27bc337600363925d86800278dcff47d010000805acf4f8f36460234432479aed75d492b415bcee00a06dc9d8e99adaf81dcfc6afd983f79e65199615607676f8f9fc0ebf8b0b16d6f2c59957ab364884b3c5d05692e664ebf68e6faa5", 0x64}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(0x0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ptrace$cont(0x7, r0, 0x0, 0x0) 03:22:29 executing program 3: 03:22:29 executing program 5: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(0xffffffffffffffff, &(0x7f0000000280)={0x2, 0x4e23, @broadcast}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000400)=[{0x6, 0x0, 0x0, 0xe8}]}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) writev(r0, &(0x7f0000000bc0)=[{&(0x7f0000001340)="83a15d3f300b93f0737fde29ed5ab6a63f07c8891c4cd3d41ffff7136b011fff477d56ddd308455ff218d7bfab83b8ef75d5065d03adb820d42e03b0cd5ee383835cb611a3c7ac10e5b649a6901211360409c6e612e28110b1b5ee515fccf8a1031d396ea7b27b787779d57a7e428cc441a8e3ef52f3b73e76b729f56cc4fc4ba98263817c50d83f7a174e7322512908dc04f0965019807f47716203dd7e4ed9cb7579fe30e47df7ec5b0d9bc3e0268c9d794c187b021aa6e8c3cff33bae2ba5a28bf09121649a3a6de389c710f95d7eed26dde32725c55c8034a270c74ab3c59074ce0e0e00e83349b1332f69ef1773bb4a95a6ee448de80216b80ad910546cb9d8cb26f5db729f9835ab1b3fbc5a8479f9161846a26c7b112a85d952b49ebeefde12bf14150d81f5c734c463b14fc0b6a739fe413fbbd79257fbee13405f6ce7892788f6b14f90c2ef788e73e54dcf049e835b7fc9db9bd7a424be964444531069e799d8032b3856bb3ef6f0d8e9c21ae48c58f4965817bf278ac948f4aae727e8241a2ab6781b8c5d58d7731cb13a264b82e84d811432c04d8c4f059fc7bf0bff0f10d6896ee714f76474787bf1c8704178320e7252d6f60a5839c82e782e08b1cf3c6d56a01e6cc70111385b408aecf4873d305a0754ed28440ebfce3d7bbd94bdebd6e945bd2b17dcf26379dfb2ec6bb2e1a61eeea342a987b91bb3ce5e0187013abc861463378caa6e4a2bee49d4e2d263389687a7c2cd2a7cf0893da319bb04f1f1bf7a91d7976e9551face2928293abb98986187edcdafd8fcd9130316730357da17be532e14438a796ef47e40edb0ed9c55610d2b8bd52de0e656d17162ddb36612b94f1ab6ce11194cea845bd9f204e5acd84a374dcfaaf80fd7313f71c25f613af54a3096e7364c01e420bd2e4628c7e3d64d4a900d253656a03596dd5c25affa91fae809f41d6216d5ccc8d2e522f258991f9c0248c341711df4e5aab020e48aebca50cb85d77c54f3b9d7eca12130249416d596bc6dd635a6e90d5075048d099a826b3c9c665fe8d71a7fad2a0e0456698d2f8e1ab970b153aa28656ae2c52415daff4f454b9a423f6bd74d9f7d3dd62cfd260780e51d76d191d5c474f4c7d2d1f58a4b953b754d072ac9f69f2b17b71cfbc6790736df04bf5e9df73848bc80ccab3820fd19c8134dce4eac1af19c67ffc169e71f1c9acedaae570b13a6c80ef5f942d6a715ea3b6bd0cb877b2456d38eca79a09020c5b70ada626d98071af32dcd116c12335b48cf8ed8786f039f1c1188a12c84fa76ab6dcbaae5b73cda1773983cc31f810b8326a5d31938dbef8b95699f0cc88a61a66ae635af6bbe251d90f0dadbf9389c2a3337d97103a5b63da1aaf2db95cdcc273c1ba2fb06cbd7a84021742d6d308a876fcc349038c385a23b5ad0f78ba10627a7e2198ebd0197723d7d8494029234627ac3eca197785518fb0be557890d7a1270481da68a0cd3ddf599c42719b8415d01bd855d01a54ecf27be1dcf5a540ab3c9c4bf87e275155d754712a26b6aafbeb7abca50d8de66aa240e54bfda18cc97714e564fe6d778b0cb374e14556a48", 0x46d}], 0x1) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000600), 0x4) sendto$inet(r0, &(0x7f00000012c0)='\f&', 0x2, 0x11, 0x0, 0x0) 03:22:29 executing program 2: 03:22:29 executing program 1: prlimit64(0x0, 0x0, &(0x7f0000000280)={0x9, 0x8d}, 0x0) syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='sched\x00') preadv(0xffffffffffffffff, &(0x7f0000000380)=[{&(0x7f0000000240)=""/123, 0xfffffe65}], 0x1, 0x1000000) r0 = syz_genetlink_get_family_id$ipvs(0x0) sendmsg$IPVS_CMD_FLUSH(0xffffffffffffffff, &(0x7f0000000500)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r0, @ANYBLOB], 0x3}, 0x1, 0x0, 0x0, 0x4000000}, 0x1) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x7e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r5 = open(&(0x7f0000000240)='./file0\x00', 0x880, 0x0) fchdir(r5) r6 = creat(&(0x7f0000000680)='./bus\x00', 0x0) ftruncate(r6, 0x800) lseek(r6, 0x0, 0x2) r7 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0) sendfile(r6, r7, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0x0) sendmsg$NL80211_CMD_START_SCHED_SCAN(0xffffffffffffffff, &(0x7f0000000440)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000400)={&(0x7f00000006c0)=ANY=[@ANYBLOB="6000000056f3257a4fcfe2f523d172e7d3ccf9f026b82608f14536009793803f9262155f95eda2f906e1adf01794d1dc50d9f94fa2755eb6a78e734497b5d45d20299029657b342cf5048b8df517b8262e43802b6f4fd08e4831281e6744113689ba928193e3524a7b5bb966519233661752defd54145cabdab0049aba08ea9b814907008c1d269b2644bfdc4b8dc013fb936339f53e", @ANYRES16=0x0, @ANYBLOB="007bb5bd7000ffdbdf254b0000000400ec000a000600bbbbbbbbbbbb00000800d20000000700000000eeaaa100000000006a00000008000000000000000800000001000000080000000800000008000000fa02038ea700000103e31f08a3aa2bc5ddfe963acf2808c9a935574177c8d8dc9a540181df1ed1e696607eb8de4875eb"], 0x60}, 0x1, 0x0, 0x0, 0x4080}, 0xa0) 03:22:29 executing program 4: 03:22:29 executing program 2: 03:22:29 executing program 4: 03:22:29 executing program 3: 03:22:29 executing program 5: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(0xffffffffffffffff, &(0x7f0000000280)={0x2, 0x4e23, @broadcast}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000400)=[{0x6, 0x0, 0x0, 0xe8}]}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) writev(r0, &(0x7f0000000bc0)=[{&(0x7f0000001340)="83a15d3f300b93f0737fde29ed5ab6a63f07c8891c4cd3d41ffff7136b011fff477d56ddd308455ff218d7bfab83b8ef75d5065d03adb820d42e03b0cd5ee383835cb611a3c7ac10e5b649a6901211360409c6e612e28110b1b5ee515fccf8a1031d396ea7b27b787779d57a7e428cc441a8e3ef52f3b73e76b729f56cc4fc4ba98263817c50d83f7a174e7322512908dc04f0965019807f47716203dd7e4ed9cb7579fe30e47df7ec5b0d9bc3e0268c9d794c187b021aa6e8c3cff33bae2ba5a28bf09121649a3a6de389c710f95d7eed26dde32725c55c8034a270c74ab3c59074ce0e0e00e83349b1332f69ef1773bb4a95a6ee448de80216b80ad910546cb9d8cb26f5db729f9835ab1b3fbc5a8479f9161846a26c7b112a85d952b49ebeefde12bf14150d81f5c734c463b14fc0b6a739fe413fbbd79257fbee13405f6ce7892788f6b14f90c2ef788e73e54dcf049e835b7fc9db9bd7a424be964444531069e799d8032b3856bb3ef6f0d8e9c21ae48c58f4965817bf278ac948f4aae727e8241a2ab6781b8c5d58d7731cb13a264b82e84d811432c04d8c4f059fc7bf0bff0f10d6896ee714f76474787bf1c8704178320e7252d6f60a5839c82e782e08b1cf3c6d56a01e6cc70111385b408aecf4873d305a0754ed28440ebfce3d7bbd94bdebd6e945bd2b17dcf26379dfb2ec6bb2e1a61eeea342a987b91bb3ce5e0187013abc861463378caa6e4a2bee49d4e2d263389687a7c2cd2a7cf0893da319bb04f1f1bf7a91d7976e9551face2928293abb98986187edcdafd8fcd9130316730357da17be532e14438a796ef47e40edb0ed9c55610d2b8bd52de0e656d17162ddb36612b94f1ab6ce11194cea845bd9f204e5acd84a374dcfaaf80fd7313f71c25f613af54a3096e7364c01e420bd2e4628c7e3d64d4a900d253656a03596dd5c25affa91fae809f41d6216d5ccc8d2e522f258991f9c0248c341711df4e5aab020e48aebca50cb85d77c54f3b9d7eca12130249416d596bc6dd635a6e90d5075048d099a826b3c9c665fe8d71a7fad2a0e0456698d2f8e1ab970b153aa28656ae2c52415daff4f454b9a423f6bd74d9f7d3dd62cfd260780e51d76d191d5c474f4c7d2d1f58a4b953b754d072ac9f69f2b17b71cfbc6790736df04bf5e9df73848bc80ccab3820fd19c8134dce4eac1af19c67ffc169e71f1c9acedaae570b13a6c80ef5f942d6a715ea3b6bd0cb877b2456d38eca79a09020c5b70ada626d98071af32dcd116c12335b48cf8ed8786f039f1c1188a12c84fa76ab6dcbaae5b73cda1773983cc31f810b8326a5d31938dbef8b95699f0cc88a61a66ae635af6bbe251d90f0dadbf9389c2a3337d97103a5b63da1aaf2db95cdcc273c1ba2fb06cbd7a84021742d6d308a876fcc349038c385a23b5ad0f78ba10627a7e2198ebd0197723d7d8494029234627ac3eca197785518fb0be557890d7a1270481da68a0cd3ddf599c42719b8415d01bd855d01a54ecf27be1dcf5a540ab3c9c4bf87e275155d754712a26b6aafbeb7abca50d8de66aa240e54bfda18cc97714e564fe6d778b0cb374e14556a48", 0x46d}], 0x1) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000600), 0x4) sendto$inet(r0, &(0x7f00000012c0)='\f&', 0x2, 0x11, 0x0, 0x0) 03:22:29 executing program 4: 03:22:29 executing program 3: [ 589.699125][ T27] audit: type=1804 audit(1583119349.701:283): pid=24814 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir486746795/syzkaller.S4NoXv/132/file0/bus" dev="loop1" ino=144 res=1 [ 589.759003][ T27] audit: type=1804 audit(1583119349.751:284): pid=24822 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir486746795/syzkaller.S4NoXv/132/file0/bus" dev="loop1" ino=144 res=1 [ 590.327973][ T7] attempt to access beyond end of device [ 590.333630][ T7] loop1: rw=1, want=2693, limit=63 [ 590.344512][ T7] attempt to access beyond end of device [ 590.350409][ T7] loop1: rw=1, want=4781, limit=63 [ 590.361235][ T7] attempt to access beyond end of device [ 590.366956][ T7] loop1: rw=1, want=6829, limit=63 [ 590.375977][ T7] attempt to access beyond end of device [ 590.381827][ T7] loop1: rw=1, want=8877, limit=63 [ 590.392184][ T7] attempt to access beyond end of device [ 590.397906][ T7] loop1: rw=1, want=10941, limit=63 [ 590.409326][ T7] attempt to access beyond end of device [ 590.415033][ T7] loop1: rw=1, want=12989, limit=63 [ 590.425056][ T7] attempt to access beyond end of device [ 590.430787][ T7] loop1: rw=1, want=15037, limit=63 [ 590.440936][ T7] attempt to access beyond end of device [ 590.447208][ T7] loop1: rw=1, want=16157, limit=63 03:22:32 executing program 5: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(0xffffffffffffffff, &(0x7f0000000280)={0x2, 0x4e23, @broadcast}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000400)=[{0x6, 0x0, 0x0, 0xe8}]}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) writev(r0, &(0x7f0000000bc0)=[{&(0x7f0000001340)="83a15d3f300b93f0737fde29ed5ab6a63f07c8891c4cd3d41ffff7136b011fff477d56ddd308455ff218d7bfab83b8ef75d5065d03adb820d42e03b0cd5ee383835cb611a3c7ac10e5b649a6901211360409c6e612e28110b1b5ee515fccf8a1031d396ea7b27b787779d57a7e428cc441a8e3ef52f3b73e76b729f56cc4fc4ba98263817c50d83f7a174e7322512908dc04f0965019807f47716203dd7e4ed9cb7579fe30e47df7ec5b0d9bc3e0268c9d794c187b021aa6e8c3cff33bae2ba5a28bf09121649a3a6de389c710f95d7eed26dde32725c55c8034a270c74ab3c59074ce0e0e00e83349b1332f69ef1773bb4a95a6ee448de80216b80ad910546cb9d8cb26f5db729f9835ab1b3fbc5a8479f9161846a26c7b112a85d952b49ebeefde12bf14150d81f5c734c463b14fc0b6a739fe413fbbd79257fbee13405f6ce7892788f6b14f90c2ef788e73e54dcf049e835b7fc9db9bd7a424be964444531069e799d8032b3856bb3ef6f0d8e9c21ae48c58f4965817bf278ac948f4aae727e8241a2ab6781b8c5d58d7731cb13a264b82e84d811432c04d8c4f059fc7bf0bff0f10d6896ee714f76474787bf1c8704178320e7252d6f60a5839c82e782e08b1cf3c6d56a01e6cc70111385b408aecf4873d305a0754ed28440ebfce3d7bbd94bdebd6e945bd2b17dcf26379dfb2ec6bb2e1a61eeea342a987b91bb3ce5e0187013abc861463378caa6e4a2bee49d4e2d263389687a7c2cd2a7cf0893da319bb04f1f1bf7a91d7976e9551face2928293abb98986187edcdafd8fcd9130316730357da17be532e14438a796ef47e40edb0ed9c55610d2b8bd52de0e656d17162ddb36612b94f1ab6ce11194cea845bd9f204e5acd84a374dcfaaf80fd7313f71c25f613af54a3096e7364c01e420bd2e4628c7e3d64d4a900d253656a03596dd5c25affa91fae809f41d6216d5ccc8d2e522f258991f9c0248c341711df4e5aab020e48aebca50cb85d77c54f3b9d7eca12130249416d596bc6dd635a6e90d5075048d099a826b3c9c665fe8d71a7fad2a0e0456698d2f8e1ab970b153aa28656ae2c52415daff4f454b9a423f6bd74d9f7d3dd62cfd260780e51d76d191d5c474f4c7d2d1f58a4b953b754d072ac9f69f2b17b71cfbc6790736df04bf5e9df73848bc80ccab3820fd19c8134dce4eac1af19c67ffc169e71f1c9acedaae570b13a6c80ef5f942d6a715ea3b6bd0cb877b2456d38eca79a09020c5b70ada626d98071af32dcd116c12335b48cf8ed8786f039f1c1188a12c84fa76ab6dcbaae5b73cda1773983cc31f810b8326a5d31938dbef8b95699f0cc88a61a66ae635af6bbe251d90f0dadbf9389c2a3337d97103a5b63da1aaf2db95cdcc273c1ba2fb06cbd7a84021742d6d308a876fcc349038c385a23b5ad0f78ba10627a7e2198ebd0197723d7d8494029234627ac3eca197785518fb0be557890d7a1270481da68a0cd3ddf599c42719b8415d01bd855d01a54ecf27be1dcf5a540ab3c9c4bf87e275155d754712a26b6aafbeb7abca50d8de66aa240e54bfda18cc97714e564fe6d778b0cb374e14556a48", 0x46d}], 0x1) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000600), 0x4) sendto$inet(r0, &(0x7f00000012c0)='\f&', 0x2, 0x11, 0x0, 0x0) 03:22:32 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000200)="6653070002053c27bc337600363925d86800278dcff47d010000805acf4f8f36460234432479aed75d492b415bcee00a06dc9d8e99adaf81dcfc6afd983f79e65199615607676f8f9fc0ebf8b0b16d6f2c59957ab364884b3c5d05692e664ebf68e6faa5", 0x64}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(0x0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ptrace$cont(0x7, r0, 0x0, 0x0) 03:22:32 executing program 2: 03:22:32 executing program 4: 03:22:32 executing program 3: 03:22:32 executing program 1: prlimit64(0x0, 0x0, &(0x7f0000000280)={0x9, 0x8d}, 0x0) syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='sched\x00') preadv(0xffffffffffffffff, &(0x7f0000000380)=[{&(0x7f0000000240)=""/123, 0xfffffe65}], 0x1, 0x1000000) r0 = syz_genetlink_get_family_id$ipvs(0x0) sendmsg$IPVS_CMD_FLUSH(0xffffffffffffffff, &(0x7f0000000500)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r0, @ANYBLOB], 0x3}, 0x1, 0x0, 0x0, 0x4000000}, 0x1) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x7e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r5 = open(&(0x7f0000000240)='./file0\x00', 0x880, 0x0) fchdir(r5) r6 = creat(&(0x7f0000000680)='./bus\x00', 0x0) ftruncate(r6, 0x800) lseek(r6, 0x0, 0x2) r7 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0) sendfile(r6, r7, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0x0) sendmsg$NL80211_CMD_START_SCHED_SCAN(0xffffffffffffffff, &(0x7f0000000440)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000400)={&(0x7f00000006c0)=ANY=[@ANYBLOB="6000000056f3257a4fcfe2f523d172e7d3ccf9f026b82608f14536009793803f9262155f95eda2f906e1adf01794d1dc50d9f94fa2755eb6a78e734497b5d45d20299029657b342cf5048b8df517b8262e43802b6f4fd08e4831281e6744113689ba928193e3524a7b5bb966519233661752defd54145cabdab0049aba08ea9b814907008c1d269b2644bfdc4b8dc013fb936339f53e", @ANYRES16=0x0, @ANYBLOB="007bb5bd7000ffdbdf254b0000000400ec000a000600bbbbbbbbbbbb00000800d20000000700000000eeaaa100000000006a00000008000000000000000800000001000000080000000800000008000000fa02038ea700000103e31f08a3aa2bc5ddfe963acf2808c9a935574177c8d8dc9a540181df1ed1e696607eb8de4875eb"], 0x60}, 0x1, 0x0, 0x0, 0x4080}, 0xa0) 03:22:32 executing program 2: 03:22:32 executing program 4: 03:22:32 executing program 5: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r0, 0x0, 0x0) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000400)=[{0x6, 0x0, 0x0, 0xe8}]}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) writev(r0, &(0x7f0000000bc0)=[{&(0x7f0000001340)="83a15d3f300b93f0737fde29ed5ab6a63f07c8891c4cd3d41ffff7136b011fff477d56ddd308455ff218d7bfab83b8ef75d5065d03adb820d42e03b0cd5ee383835cb611a3c7ac10e5b649a6901211360409c6e612e28110b1b5ee515fccf8a1031d396ea7b27b787779d57a7e428cc441a8e3ef52f3b73e76b729f56cc4fc4ba98263817c50d83f7a174e7322512908dc04f0965019807f47716203dd7e4ed9cb7579fe30e47df7ec5b0d9bc3e0268c9d794c187b021aa6e8c3cff33bae2ba5a28bf09121649a3a6de389c710f95d7eed26dde32725c55c8034a270c74ab3c59074ce0e0e00e83349b1332f69ef1773bb4a95a6ee448de80216b80ad910546cb9d8cb26f5db729f9835ab1b3fbc5a8479f9161846a26c7b112a85d952b49ebeefde12bf14150d81f5c734c463b14fc0b6a739fe413fbbd79257fbee13405f6ce7892788f6b14f90c2ef788e73e54dcf049e835b7fc9db9bd7a424be964444531069e799d8032b3856bb3ef6f0d8e9c21ae48c58f4965817bf278ac948f4aae727e8241a2ab6781b8c5d58d7731cb13a264b82e84d811432c04d8c4f059fc7bf0bff0f10d6896ee714f76474787bf1c8704178320e7252d6f60a5839c82e782e08b1cf3c6d56a01e6cc70111385b408aecf4873d305a0754ed28440ebfce3d7bbd94bdebd6e945bd2b17dcf26379dfb2ec6bb2e1a61eeea342a987b91bb3ce5e0187013abc861463378caa6e4a2bee49d4e2d263389687a7c2cd2a7cf0893da319bb04f1f1bf7a91d7976e9551face2928293abb98986187edcdafd8fcd9130316730357da17be532e14438a796ef47e40edb0ed9c55610d2b8bd52de0e656d17162ddb36612b94f1ab6ce11194cea845bd9f204e5acd84a374dcfaaf80fd7313f71c25f613af54a3096e7364c01e420bd2e4628c7e3d64d4a900d253656a03596dd5c25affa91fae809f41d6216d5ccc8d2e522f258991f9c0248c341711df4e5aab020e48aebca50cb85d77c54f3b9d7eca12130249416d596bc6dd635a6e90d5075048d099a826b3c9c665fe8d71a7fad2a0e0456698d2f8e1ab970b153aa28656ae2c52415daff4f454b9a423f6bd74d9f7d3dd62cfd260780e51d76d191d5c474f4c7d2d1f58a4b953b754d072ac9f69f2b17b71cfbc6790736df04bf5e9df73848bc80ccab3820fd19c8134dce4eac1af19c67ffc169e71f1c9acedaae570b13a6c80ef5f942d6a715ea3b6bd0cb877b2456d38eca79a09020c5b70ada626d98071af32dcd116c12335b48cf8ed8786f039f1c1188a12c84fa76ab6dcbaae5b73cda1773983cc31f810b8326a5d31938dbef8b95699f0cc88a61a66ae635af6bbe251d90f0dadbf9389c2a3337d97103a5b63da1aaf2db95cdcc273c1ba2fb06cbd7a84021742d6d308a876fcc349038c385a23b5ad0f78ba10627a7e2198ebd0197723d7d8494029234627ac3eca197785518fb0be557890d7a1270481da68a0cd3ddf599c42719b8415d01bd855d01a54ecf27be1dcf5a540ab3c9c4bf87e275155d754712a26b6aafbeb7abca50d8de66aa240e54bfda18cc97714e564fe6d778b0cb374e14556a48", 0x46d}], 0x1) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000600), 0x4) sendto$inet(r0, &(0x7f00000012c0)='\f&', 0x2, 0x11, 0x0, 0x0) 03:22:32 executing program 3: 03:22:32 executing program 4: 03:22:32 executing program 2: [ 592.782648][ T27] audit: type=1804 audit(1583119352.781:285): pid=24848 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir486746795/syzkaller.S4NoXv/133/file0/bus" dev="loop1" ino=145 res=1 03:22:32 executing program 3: [ 592.898945][ T27] audit: type=1804 audit(1583119352.901:286): pid=24859 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir486746795/syzkaller.S4NoXv/133/file0/bus" dev="loop1" ino=145 res=1 03:22:35 executing program 2: 03:22:35 executing program 5: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r0, 0x0, 0x0) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000400)=[{0x6, 0x0, 0x0, 0xe8}]}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) writev(r0, &(0x7f0000000bc0)=[{&(0x7f0000001340)="83a15d3f300b93f0737fde29ed5ab6a63f07c8891c4cd3d41ffff7136b011fff477d56ddd308455ff218d7bfab83b8ef75d5065d03adb820d42e03b0cd5ee383835cb611a3c7ac10e5b649a6901211360409c6e612e28110b1b5ee515fccf8a1031d396ea7b27b787779d57a7e428cc441a8e3ef52f3b73e76b729f56cc4fc4ba98263817c50d83f7a174e7322512908dc04f0965019807f47716203dd7e4ed9cb7579fe30e47df7ec5b0d9bc3e0268c9d794c187b021aa6e8c3cff33bae2ba5a28bf09121649a3a6de389c710f95d7eed26dde32725c55c8034a270c74ab3c59074ce0e0e00e83349b1332f69ef1773bb4a95a6ee448de80216b80ad910546cb9d8cb26f5db729f9835ab1b3fbc5a8479f9161846a26c7b112a85d952b49ebeefde12bf14150d81f5c734c463b14fc0b6a739fe413fbbd79257fbee13405f6ce7892788f6b14f90c2ef788e73e54dcf049e835b7fc9db9bd7a424be964444531069e799d8032b3856bb3ef6f0d8e9c21ae48c58f4965817bf278ac948f4aae727e8241a2ab6781b8c5d58d7731cb13a264b82e84d811432c04d8c4f059fc7bf0bff0f10d6896ee714f76474787bf1c8704178320e7252d6f60a5839c82e782e08b1cf3c6d56a01e6cc70111385b408aecf4873d305a0754ed28440ebfce3d7bbd94bdebd6e945bd2b17dcf26379dfb2ec6bb2e1a61eeea342a987b91bb3ce5e0187013abc861463378caa6e4a2bee49d4e2d263389687a7c2cd2a7cf0893da319bb04f1f1bf7a91d7976e9551face2928293abb98986187edcdafd8fcd9130316730357da17be532e14438a796ef47e40edb0ed9c55610d2b8bd52de0e656d17162ddb36612b94f1ab6ce11194cea845bd9f204e5acd84a374dcfaaf80fd7313f71c25f613af54a3096e7364c01e420bd2e4628c7e3d64d4a900d253656a03596dd5c25affa91fae809f41d6216d5ccc8d2e522f258991f9c0248c341711df4e5aab020e48aebca50cb85d77c54f3b9d7eca12130249416d596bc6dd635a6e90d5075048d099a826b3c9c665fe8d71a7fad2a0e0456698d2f8e1ab970b153aa28656ae2c52415daff4f454b9a423f6bd74d9f7d3dd62cfd260780e51d76d191d5c474f4c7d2d1f58a4b953b754d072ac9f69f2b17b71cfbc6790736df04bf5e9df73848bc80ccab3820fd19c8134dce4eac1af19c67ffc169e71f1c9acedaae570b13a6c80ef5f942d6a715ea3b6bd0cb877b2456d38eca79a09020c5b70ada626d98071af32dcd116c12335b48cf8ed8786f039f1c1188a12c84fa76ab6dcbaae5b73cda1773983cc31f810b8326a5d31938dbef8b95699f0cc88a61a66ae635af6bbe251d90f0dadbf9389c2a3337d97103a5b63da1aaf2db95cdcc273c1ba2fb06cbd7a84021742d6d308a876fcc349038c385a23b5ad0f78ba10627a7e2198ebd0197723d7d8494029234627ac3eca197785518fb0be557890d7a1270481da68a0cd3ddf599c42719b8415d01bd855d01a54ecf27be1dcf5a540ab3c9c4bf87e275155d754712a26b6aafbeb7abca50d8de66aa240e54bfda18cc97714e564fe6d778b0cb374e14556a48", 0x46d}], 0x1) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000600), 0x4) sendto$inet(r0, &(0x7f00000012c0)='\f&', 0x2, 0x11, 0x0, 0x0) 03:22:35 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000200)="6653070002053c27bc337600363925d86800278dcff47d010000805acf4f8f36460234432479aed75d492b415bcee00a06dc9d8e99adaf81dcfc6afd983f79e65199615607676f8f9fc0ebf8b0b16d6f2c59957ab364884b3c5d05692e664ebf68e6faa5", 0x64}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x0) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ptrace$cont(0x7, r0, 0x0, 0x0) 03:22:35 executing program 3: 03:22:35 executing program 4: 03:22:35 executing program 1: prlimit64(0x0, 0x0, &(0x7f0000000280)={0x9, 0x8d}, 0x0) syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='sched\x00') preadv(0xffffffffffffffff, &(0x7f0000000380)=[{&(0x7f0000000240)=""/123, 0xfffffe65}], 0x1, 0x1000000) syz_genetlink_get_family_id$ipvs(0x0) sendmsg$IPVS_CMD_FLUSH(0xffffffffffffffff, &(0x7f0000000500)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYBLOB], 0x2}, 0x1, 0x0, 0x0, 0x4000000}, 0x1) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x7e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r4 = open(&(0x7f0000000240)='./file0\x00', 0x880, 0x0) fchdir(r4) r5 = creat(&(0x7f0000000680)='./bus\x00', 0x0) ftruncate(r5, 0x800) lseek(r5, 0x0, 0x2) r6 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0) sendfile(r5, r6, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0x0) sendmsg$NL80211_CMD_START_SCHED_SCAN(0xffffffffffffffff, &(0x7f0000000440)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000400)={&(0x7f00000006c0)=ANY=[@ANYBLOB="6000000056f3257a4fcfe2f523d172e7d3ccf9f026b82608f14536009793803f9262155f95eda2f906e1adf01794d1dc50d9f94fa2755eb6a78e734497b5d45d20299029657b342cf5048b8df517b8262e43802b6f4fd08e4831281e6744113689ba928193e3524a7b5bb966519233661752defd54145cabdab0049aba08ea9b814907008c1d269b2644bfdc4b8dc013fb936339f53e", @ANYRES16=0x0, @ANYBLOB="007bb5bd7000ffdbdf254b0000000400ec000a000600bbbbbbbbbbbb00000800d20000000700000000eeaaa100000000006a00000008000000000000000800000001000000080000000800000008000000fa02038ea700000103e31f08a3aa2bc5ddfe963acf2808c9a935574177c8d8dc9a540181df1ed1e696607eb8de4875eb"], 0x60}, 0x1, 0x0, 0x0, 0x4080}, 0xa0) 03:22:35 executing program 3: 03:22:35 executing program 2: 03:22:35 executing program 5: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r0, 0x0, 0x0) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000400)=[{0x6, 0x0, 0x0, 0xe8}]}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) writev(r0, &(0x7f0000000bc0)=[{&(0x7f0000001340)="83a15d3f300b93f0737fde29ed5ab6a63f07c8891c4cd3d41ffff7136b011fff477d56ddd308455ff218d7bfab83b8ef75d5065d03adb820d42e03b0cd5ee383835cb611a3c7ac10e5b649a6901211360409c6e612e28110b1b5ee515fccf8a1031d396ea7b27b787779d57a7e428cc441a8e3ef52f3b73e76b729f56cc4fc4ba98263817c50d83f7a174e7322512908dc04f0965019807f47716203dd7e4ed9cb7579fe30e47df7ec5b0d9bc3e0268c9d794c187b021aa6e8c3cff33bae2ba5a28bf09121649a3a6de389c710f95d7eed26dde32725c55c8034a270c74ab3c59074ce0e0e00e83349b1332f69ef1773bb4a95a6ee448de80216b80ad910546cb9d8cb26f5db729f9835ab1b3fbc5a8479f9161846a26c7b112a85d952b49ebeefde12bf14150d81f5c734c463b14fc0b6a739fe413fbbd79257fbee13405f6ce7892788f6b14f90c2ef788e73e54dcf049e835b7fc9db9bd7a424be964444531069e799d8032b3856bb3ef6f0d8e9c21ae48c58f4965817bf278ac948f4aae727e8241a2ab6781b8c5d58d7731cb13a264b82e84d811432c04d8c4f059fc7bf0bff0f10d6896ee714f76474787bf1c8704178320e7252d6f60a5839c82e782e08b1cf3c6d56a01e6cc70111385b408aecf4873d305a0754ed28440ebfce3d7bbd94bdebd6e945bd2b17dcf26379dfb2ec6bb2e1a61eeea342a987b91bb3ce5e0187013abc861463378caa6e4a2bee49d4e2d263389687a7c2cd2a7cf0893da319bb04f1f1bf7a91d7976e9551face2928293abb98986187edcdafd8fcd9130316730357da17be532e14438a796ef47e40edb0ed9c55610d2b8bd52de0e656d17162ddb36612b94f1ab6ce11194cea845bd9f204e5acd84a374dcfaaf80fd7313f71c25f613af54a3096e7364c01e420bd2e4628c7e3d64d4a900d253656a03596dd5c25affa91fae809f41d6216d5ccc8d2e522f258991f9c0248c341711df4e5aab020e48aebca50cb85d77c54f3b9d7eca12130249416d596bc6dd635a6e90d5075048d099a826b3c9c665fe8d71a7fad2a0e0456698d2f8e1ab970b153aa28656ae2c52415daff4f454b9a423f6bd74d9f7d3dd62cfd260780e51d76d191d5c474f4c7d2d1f58a4b953b754d072ac9f69f2b17b71cfbc6790736df04bf5e9df73848bc80ccab3820fd19c8134dce4eac1af19c67ffc169e71f1c9acedaae570b13a6c80ef5f942d6a715ea3b6bd0cb877b2456d38eca79a09020c5b70ada626d98071af32dcd116c12335b48cf8ed8786f039f1c1188a12c84fa76ab6dcbaae5b73cda1773983cc31f810b8326a5d31938dbef8b95699f0cc88a61a66ae635af6bbe251d90f0dadbf9389c2a3337d97103a5b63da1aaf2db95cdcc273c1ba2fb06cbd7a84021742d6d308a876fcc349038c385a23b5ad0f78ba10627a7e2198ebd0197723d7d8494029234627ac3eca197785518fb0be557890d7a1270481da68a0cd3ddf599c42719b8415d01bd855d01a54ecf27be1dcf5a540ab3c9c4bf87e275155d754712a26b6aafbeb7abca50d8de66aa240e54bfda18cc97714e564fe6d778b0cb374e14556a48", 0x46d}], 0x1) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000600), 0x4) sendto$inet(r0, &(0x7f00000012c0)='\f&', 0x2, 0x11, 0x0, 0x0) 03:22:35 executing program 4: [ 595.860619][ T27] audit: type=1804 audit(1583119355.861:287): pid=24882 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir486746795/syzkaller.S4NoXv/134/file0/bus" dev="loop1" ino=146 res=1 03:22:35 executing program 3: 03:22:35 executing program 5: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r0, &(0x7f0000000280)={0x2, 0x0, @broadcast}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000400)=[{0x6, 0x0, 0x0, 0xe8}]}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) writev(r0, &(0x7f0000000bc0)=[{&(0x7f0000001340)="83a15d3f300b93f0737fde29ed5ab6a63f07c8891c4cd3d41ffff7136b011fff477d56ddd308455ff218d7bfab83b8ef75d5065d03adb820d42e03b0cd5ee383835cb611a3c7ac10e5b649a6901211360409c6e612e28110b1b5ee515fccf8a1031d396ea7b27b787779d57a7e428cc441a8e3ef52f3b73e76b729f56cc4fc4ba98263817c50d83f7a174e7322512908dc04f0965019807f47716203dd7e4ed9cb7579fe30e47df7ec5b0d9bc3e0268c9d794c187b021aa6e8c3cff33bae2ba5a28bf09121649a3a6de389c710f95d7eed26dde32725c55c8034a270c74ab3c59074ce0e0e00e83349b1332f69ef1773bb4a95a6ee448de80216b80ad910546cb9d8cb26f5db729f9835ab1b3fbc5a8479f9161846a26c7b112a85d952b49ebeefde12bf14150d81f5c734c463b14fc0b6a739fe413fbbd79257fbee13405f6ce7892788f6b14f90c2ef788e73e54dcf049e835b7fc9db9bd7a424be964444531069e799d8032b3856bb3ef6f0d8e9c21ae48c58f4965817bf278ac948f4aae727e8241a2ab6781b8c5d58d7731cb13a264b82e84d811432c04d8c4f059fc7bf0bff0f10d6896ee714f76474787bf1c8704178320e7252d6f60a5839c82e782e08b1cf3c6d56a01e6cc70111385b408aecf4873d305a0754ed28440ebfce3d7bbd94bdebd6e945bd2b17dcf26379dfb2ec6bb2e1a61eeea342a987b91bb3ce5e0187013abc861463378caa6e4a2bee49d4e2d263389687a7c2cd2a7cf0893da319bb04f1f1bf7a91d7976e9551face2928293abb98986187edcdafd8fcd9130316730357da17be532e14438a796ef47e40edb0ed9c55610d2b8bd52de0e656d17162ddb36612b94f1ab6ce11194cea845bd9f204e5acd84a374dcfaaf80fd7313f71c25f613af54a3096e7364c01e420bd2e4628c7e3d64d4a900d253656a03596dd5c25affa91fae809f41d6216d5ccc8d2e522f258991f9c0248c341711df4e5aab020e48aebca50cb85d77c54f3b9d7eca12130249416d596bc6dd635a6e90d5075048d099a826b3c9c665fe8d71a7fad2a0e0456698d2f8e1ab970b153aa28656ae2c52415daff4f454b9a423f6bd74d9f7d3dd62cfd260780e51d76d191d5c474f4c7d2d1f58a4b953b754d072ac9f69f2b17b71cfbc6790736df04bf5e9df73848bc80ccab3820fd19c8134dce4eac1af19c67ffc169e71f1c9acedaae570b13a6c80ef5f942d6a715ea3b6bd0cb877b2456d38eca79a09020c5b70ada626d98071af32dcd116c12335b48cf8ed8786f039f1c1188a12c84fa76ab6dcbaae5b73cda1773983cc31f810b8326a5d31938dbef8b95699f0cc88a61a66ae635af6bbe251d90f0dadbf9389c2a3337d97103a5b63da1aaf2db95cdcc273c1ba2fb06cbd7a84021742d6d308a876fcc349038c385a23b5ad0f78ba10627a7e2198ebd0197723d7d8494029234627ac3eca197785518fb0be557890d7a1270481da68a0cd3ddf599c42719b8415d01bd855d01a54ecf27be1dcf5a540ab3c9c4bf87e275155d754712a26b6aafbeb7abca50d8de66aa240e54bfda18cc97714e564fe6d778b0cb374e14556a48", 0x46d}], 0x1) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000600), 0x4) sendto$inet(r0, &(0x7f00000012c0)='\f&', 0x2, 0x11, 0x0, 0x0) [ 595.914207][ T27] audit: type=1804 audit(1583119355.911:288): pid=24893 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir486746795/syzkaller.S4NoXv/134/file0/bus" dev="loop1" ino=146 res=1 03:22:36 executing program 2: 03:22:36 executing program 4: [ 596.514037][ T7972] attempt to access beyond end of device [ 596.521856][ T7972] loop1: rw=1, want=2985, limit=63 [ 596.532129][ T7972] attempt to access beyond end of device [ 596.537783][ T7972] loop1: rw=1, want=5033, limit=63 [ 596.547323][ T7972] attempt to access beyond end of device [ 596.552961][ T7972] loop1: rw=1, want=7081, limit=63 [ 596.562112][ T7972] attempt to access beyond end of device [ 596.567824][ T7972] loop1: rw=1, want=9129, limit=63 [ 596.577653][ T7972] attempt to access beyond end of device [ 596.583300][ T7972] loop1: rw=1, want=11177, limit=63 [ 596.590488][ T7972] attempt to access beyond end of device [ 596.596141][ T7972] loop1: rw=1, want=11361, limit=63 03:22:38 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000200)="6653070002053c27bc337600363925d86800278dcff47d010000805acf4f8f36460234432479aed75d492b415bcee00a06dc9d8e99adaf81dcfc6afd983f79e65199615607676f8f9fc0ebf8b0b16d6f2c59957ab364884b3c5d05692e664ebf68e6faa5", 0x64}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x0) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ptrace$cont(0x7, r0, 0x0, 0x0) 03:22:38 executing program 3: 03:22:38 executing program 5: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r0, &(0x7f0000000280)={0x2, 0x0, @broadcast}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000400)=[{0x6, 0x0, 0x0, 0xe8}]}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) writev(r0, &(0x7f0000000bc0)=[{&(0x7f0000001340)="83a15d3f300b93f0737fde29ed5ab6a63f07c8891c4cd3d41ffff7136b011fff477d56ddd308455ff218d7bfab83b8ef75d5065d03adb820d42e03b0cd5ee383835cb611a3c7ac10e5b649a6901211360409c6e612e28110b1b5ee515fccf8a1031d396ea7b27b787779d57a7e428cc441a8e3ef52f3b73e76b729f56cc4fc4ba98263817c50d83f7a174e7322512908dc04f0965019807f47716203dd7e4ed9cb7579fe30e47df7ec5b0d9bc3e0268c9d794c187b021aa6e8c3cff33bae2ba5a28bf09121649a3a6de389c710f95d7eed26dde32725c55c8034a270c74ab3c59074ce0e0e00e83349b1332f69ef1773bb4a95a6ee448de80216b80ad910546cb9d8cb26f5db729f9835ab1b3fbc5a8479f9161846a26c7b112a85d952b49ebeefde12bf14150d81f5c734c463b14fc0b6a739fe413fbbd79257fbee13405f6ce7892788f6b14f90c2ef788e73e54dcf049e835b7fc9db9bd7a424be964444531069e799d8032b3856bb3ef6f0d8e9c21ae48c58f4965817bf278ac948f4aae727e8241a2ab6781b8c5d58d7731cb13a264b82e84d811432c04d8c4f059fc7bf0bff0f10d6896ee714f76474787bf1c8704178320e7252d6f60a5839c82e782e08b1cf3c6d56a01e6cc70111385b408aecf4873d305a0754ed28440ebfce3d7bbd94bdebd6e945bd2b17dcf26379dfb2ec6bb2e1a61eeea342a987b91bb3ce5e0187013abc861463378caa6e4a2bee49d4e2d263389687a7c2cd2a7cf0893da319bb04f1f1bf7a91d7976e9551face2928293abb98986187edcdafd8fcd9130316730357da17be532e14438a796ef47e40edb0ed9c55610d2b8bd52de0e656d17162ddb36612b94f1ab6ce11194cea845bd9f204e5acd84a374dcfaaf80fd7313f71c25f613af54a3096e7364c01e420bd2e4628c7e3d64d4a900d253656a03596dd5c25affa91fae809f41d6216d5ccc8d2e522f258991f9c0248c341711df4e5aab020e48aebca50cb85d77c54f3b9d7eca12130249416d596bc6dd635a6e90d5075048d099a826b3c9c665fe8d71a7fad2a0e0456698d2f8e1ab970b153aa28656ae2c52415daff4f454b9a423f6bd74d9f7d3dd62cfd260780e51d76d191d5c474f4c7d2d1f58a4b953b754d072ac9f69f2b17b71cfbc6790736df04bf5e9df73848bc80ccab3820fd19c8134dce4eac1af19c67ffc169e71f1c9acedaae570b13a6c80ef5f942d6a715ea3b6bd0cb877b2456d38eca79a09020c5b70ada626d98071af32dcd116c12335b48cf8ed8786f039f1c1188a12c84fa76ab6dcbaae5b73cda1773983cc31f810b8326a5d31938dbef8b95699f0cc88a61a66ae635af6bbe251d90f0dadbf9389c2a3337d97103a5b63da1aaf2db95cdcc273c1ba2fb06cbd7a84021742d6d308a876fcc349038c385a23b5ad0f78ba10627a7e2198ebd0197723d7d8494029234627ac3eca197785518fb0be557890d7a1270481da68a0cd3ddf599c42719b8415d01bd855d01a54ecf27be1dcf5a540ab3c9c4bf87e275155d754712a26b6aafbeb7abca50d8de66aa240e54bfda18cc97714e564fe6d778b0cb374e14556a48", 0x46d}], 0x1) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000600), 0x4) sendto$inet(r0, &(0x7f00000012c0)='\f&', 0x2, 0x11, 0x0, 0x0) 03:22:38 executing program 2: 03:22:38 executing program 4: 03:22:38 executing program 1: prlimit64(0x0, 0x0, &(0x7f0000000280)={0x9, 0x8d}, 0x0) syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='sched\x00') preadv(0xffffffffffffffff, &(0x7f0000000380)=[{&(0x7f0000000240)=""/123, 0xfffffe65}], 0x1, 0x1000000) syz_genetlink_get_family_id$ipvs(0x0) sendmsg$IPVS_CMD_FLUSH(0xffffffffffffffff, &(0x7f0000000500)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYBLOB], 0x2}, 0x1, 0x0, 0x0, 0x4000000}, 0x1) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x7e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r4 = open(&(0x7f0000000240)='./file0\x00', 0x880, 0x0) fchdir(r4) r5 = creat(&(0x7f0000000680)='./bus\x00', 0x0) ftruncate(r5, 0x800) lseek(r5, 0x0, 0x2) r6 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0) sendfile(r5, r6, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0x0) sendmsg$NL80211_CMD_START_SCHED_SCAN(0xffffffffffffffff, &(0x7f0000000440)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000400)={&(0x7f00000006c0)=ANY=[@ANYBLOB="6000000056f3257a4fcfe2f523d172e7d3ccf9f026b82608f14536009793803f9262155f95eda2f906e1adf01794d1dc50d9f94fa2755eb6a78e734497b5d45d20299029657b342cf5048b8df517b8262e43802b6f4fd08e4831281e6744113689ba928193e3524a7b5bb966519233661752defd54145cabdab0049aba08ea9b814907008c1d269b2644bfdc4b8dc013fb936339f53e", @ANYRES16=0x0, @ANYBLOB="007bb5bd7000ffdbdf254b0000000400ec000a000600bbbbbbbbbbbb00000800d20000000700000000eeaaa100000000006a00000008000000000000000800000001000000080000000800000008000000fa02038ea700000103e31f08a3aa2bc5ddfe963acf2808c9a935574177c8d8dc9a540181df1ed1e696607eb8de4875eb"], 0x60}, 0x1, 0x0, 0x0, 0x4080}, 0xa0) 03:22:38 executing program 3: 03:22:38 executing program 5: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r0, &(0x7f0000000280)={0x2, 0x0, @broadcast}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000400)=[{0x6, 0x0, 0x0, 0xe8}]}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) writev(r0, &(0x7f0000000bc0)=[{&(0x7f0000001340)="83a15d3f300b93f0737fde29ed5ab6a63f07c8891c4cd3d41ffff7136b011fff477d56ddd308455ff218d7bfab83b8ef75d5065d03adb820d42e03b0cd5ee383835cb611a3c7ac10e5b649a6901211360409c6e612e28110b1b5ee515fccf8a1031d396ea7b27b787779d57a7e428cc441a8e3ef52f3b73e76b729f56cc4fc4ba98263817c50d83f7a174e7322512908dc04f0965019807f47716203dd7e4ed9cb7579fe30e47df7ec5b0d9bc3e0268c9d794c187b021aa6e8c3cff33bae2ba5a28bf09121649a3a6de389c710f95d7eed26dde32725c55c8034a270c74ab3c59074ce0e0e00e83349b1332f69ef1773bb4a95a6ee448de80216b80ad910546cb9d8cb26f5db729f9835ab1b3fbc5a8479f9161846a26c7b112a85d952b49ebeefde12bf14150d81f5c734c463b14fc0b6a739fe413fbbd79257fbee13405f6ce7892788f6b14f90c2ef788e73e54dcf049e835b7fc9db9bd7a424be964444531069e799d8032b3856bb3ef6f0d8e9c21ae48c58f4965817bf278ac948f4aae727e8241a2ab6781b8c5d58d7731cb13a264b82e84d811432c04d8c4f059fc7bf0bff0f10d6896ee714f76474787bf1c8704178320e7252d6f60a5839c82e782e08b1cf3c6d56a01e6cc70111385b408aecf4873d305a0754ed28440ebfce3d7bbd94bdebd6e945bd2b17dcf26379dfb2ec6bb2e1a61eeea342a987b91bb3ce5e0187013abc861463378caa6e4a2bee49d4e2d263389687a7c2cd2a7cf0893da319bb04f1f1bf7a91d7976e9551face2928293abb98986187edcdafd8fcd9130316730357da17be532e14438a796ef47e40edb0ed9c55610d2b8bd52de0e656d17162ddb36612b94f1ab6ce11194cea845bd9f204e5acd84a374dcfaaf80fd7313f71c25f613af54a3096e7364c01e420bd2e4628c7e3d64d4a900d253656a03596dd5c25affa91fae809f41d6216d5ccc8d2e522f258991f9c0248c341711df4e5aab020e48aebca50cb85d77c54f3b9d7eca12130249416d596bc6dd635a6e90d5075048d099a826b3c9c665fe8d71a7fad2a0e0456698d2f8e1ab970b153aa28656ae2c52415daff4f454b9a423f6bd74d9f7d3dd62cfd260780e51d76d191d5c474f4c7d2d1f58a4b953b754d072ac9f69f2b17b71cfbc6790736df04bf5e9df73848bc80ccab3820fd19c8134dce4eac1af19c67ffc169e71f1c9acedaae570b13a6c80ef5f942d6a715ea3b6bd0cb877b2456d38eca79a09020c5b70ada626d98071af32dcd116c12335b48cf8ed8786f039f1c1188a12c84fa76ab6dcbaae5b73cda1773983cc31f810b8326a5d31938dbef8b95699f0cc88a61a66ae635af6bbe251d90f0dadbf9389c2a3337d97103a5b63da1aaf2db95cdcc273c1ba2fb06cbd7a84021742d6d308a876fcc349038c385a23b5ad0f78ba10627a7e2198ebd0197723d7d8494029234627ac3eca197785518fb0be557890d7a1270481da68a0cd3ddf599c42719b8415d01bd855d01a54ecf27be1dcf5a540ab3c9c4bf87e275155d754712a26b6aafbeb7abca50d8de66aa240e54bfda18cc97714e564fe6d778b0cb374e14556a48", 0x46d}], 0x1) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000600), 0x4) sendto$inet(r0, &(0x7f00000012c0)='\f&', 0x2, 0x11, 0x0, 0x0) 03:22:38 executing program 4: 03:22:38 executing program 2: 03:22:38 executing program 5: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r0, &(0x7f0000000280)={0x2, 0x4e23, @broadcast}, 0x10) setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000400)=[{0x6, 0x0, 0x0, 0xe8}]}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) writev(r0, &(0x7f0000000bc0)=[{&(0x7f0000001340)="83a15d3f300b93f0737fde29ed5ab6a63f07c8891c4cd3d41ffff7136b011fff477d56ddd308455ff218d7bfab83b8ef75d5065d03adb820d42e03b0cd5ee383835cb611a3c7ac10e5b649a6901211360409c6e612e28110b1b5ee515fccf8a1031d396ea7b27b787779d57a7e428cc441a8e3ef52f3b73e76b729f56cc4fc4ba98263817c50d83f7a174e7322512908dc04f0965019807f47716203dd7e4ed9cb7579fe30e47df7ec5b0d9bc3e0268c9d794c187b021aa6e8c3cff33bae2ba5a28bf09121649a3a6de389c710f95d7eed26dde32725c55c8034a270c74ab3c59074ce0e0e00e83349b1332f69ef1773bb4a95a6ee448de80216b80ad910546cb9d8cb26f5db729f9835ab1b3fbc5a8479f9161846a26c7b112a85d952b49ebeefde12bf14150d81f5c734c463b14fc0b6a739fe413fbbd79257fbee13405f6ce7892788f6b14f90c2ef788e73e54dcf049e835b7fc9db9bd7a424be964444531069e799d8032b3856bb3ef6f0d8e9c21ae48c58f4965817bf278ac948f4aae727e8241a2ab6781b8c5d58d7731cb13a264b82e84d811432c04d8c4f059fc7bf0bff0f10d6896ee714f76474787bf1c8704178320e7252d6f60a5839c82e782e08b1cf3c6d56a01e6cc70111385b408aecf4873d305a0754ed28440ebfce3d7bbd94bdebd6e945bd2b17dcf26379dfb2ec6bb2e1a61eeea342a987b91bb3ce5e0187013abc861463378caa6e4a2bee49d4e2d263389687a7c2cd2a7cf0893da319bb04f1f1bf7a91d7976e9551face2928293abb98986187edcdafd8fcd9130316730357da17be532e14438a796ef47e40edb0ed9c55610d2b8bd52de0e656d17162ddb36612b94f1ab6ce11194cea845bd9f204e5acd84a374dcfaaf80fd7313f71c25f613af54a3096e7364c01e420bd2e4628c7e3d64d4a900d253656a03596dd5c25affa91fae809f41d6216d5ccc8d2e522f258991f9c0248c341711df4e5aab020e48aebca50cb85d77c54f3b9d7eca12130249416d596bc6dd635a6e90d5075048d099a826b3c9c665fe8d71a7fad2a0e0456698d2f8e1ab970b153aa28656ae2c52415daff4f454b9a423f6bd74d9f7d3dd62cfd260780e51d76d191d5c474f4c7d2d1f58a4b953b754d072ac9f69f2b17b71cfbc6790736df04bf5e9df73848bc80ccab3820fd19c8134dce4eac1af19c67ffc169e71f1c9acedaae570b13a6c80ef5f942d6a715ea3b6bd0cb877b2456d38eca79a09020c5b70ada626d98071af32dcd116c12335b48cf8ed8786f039f1c1188a12c84fa76ab6dcbaae5b73cda1773983cc31f810b8326a5d31938dbef8b95699f0cc88a61a66ae635af6bbe251d90f0dadbf9389c2a3337d97103a5b63da1aaf2db95cdcc273c1ba2fb06cbd7a84021742d6d308a876fcc349038c385a23b5ad0f78ba10627a7e2198ebd0197723d7d8494029234627ac3eca197785518fb0be557890d7a1270481da68a0cd3ddf599c42719b8415d01bd855d01a54ecf27be1dcf5a540ab3c9c4bf87e275155d754712a26b6aafbeb7abca50d8de66aa240e54bfda18cc97714e564fe6d778b0cb374e14556a48", 0x46d}], 0x1) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000600), 0x4) sendto$inet(r0, &(0x7f00000012c0)='\f&', 0x2, 0x11, 0x0, 0x0) 03:22:38 executing program 2: [ 598.948211][ T27] audit: type=1804 audit(1583119358.951:289): pid=24926 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir486746795/syzkaller.S4NoXv/135/file0/bus" dev="loop1" ino=147 res=1 [ 599.031635][ T27] audit: type=1804 audit(1583119359.031:290): pid=24934 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir486746795/syzkaller.S4NoXv/135/file0/bus" dev="loop1" ino=147 res=1 [ 599.576834][ T7972] attempt to access beyond end of device [ 599.582634][ T7972] loop1: rw=1, want=2353, limit=63 [ 599.592645][ T7972] attempt to access beyond end of device [ 599.598648][ T7972] loop1: rw=1, want=4401, limit=63 [ 599.608685][ T7972] attempt to access beyond end of device [ 599.614440][ T7972] loop1: rw=1, want=6449, limit=63 [ 599.624314][ T7972] attempt to access beyond end of device [ 599.630644][ T7972] loop1: rw=1, want=8505, limit=63 [ 599.640896][ T7972] attempt to access beyond end of device [ 599.646623][ T7972] loop1: rw=1, want=10569, limit=63 [ 599.657450][ T7972] attempt to access beyond end of device [ 599.663935][ T7972] loop1: rw=1, want=12617, limit=63 [ 599.672128][ T7972] attempt to access beyond end of device [ 599.677870][ T7972] loop1: rw=1, want=13589, limit=63 03:22:41 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000200)="6653070002053c27bc337600363925d86800278dcff47d010000805acf4f8f36460234432479aed75d492b415bcee00a06dc9d8e99adaf81dcfc6afd983f79e65199615607676f8f9fc0ebf8b0b16d6f2c59957ab364884b3c5d05692e664ebf68e6faa5", 0x64}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x0) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ptrace$cont(0x7, r0, 0x0, 0x0) 03:22:41 executing program 3: 03:22:41 executing program 4: 03:22:41 executing program 5: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r0, &(0x7f0000000280)={0x2, 0x4e23, @broadcast}, 0x10) setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000400)=[{0x6, 0x0, 0x0, 0xe8}]}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) writev(r0, &(0x7f0000000bc0)=[{&(0x7f0000001340)="83a15d3f300b93f0737fde29ed5ab6a63f07c8891c4cd3d41ffff7136b011fff477d56ddd308455ff218d7bfab83b8ef75d5065d03adb820d42e03b0cd5ee383835cb611a3c7ac10e5b649a6901211360409c6e612e28110b1b5ee515fccf8a1031d396ea7b27b787779d57a7e428cc441a8e3ef52f3b73e76b729f56cc4fc4ba98263817c50d83f7a174e7322512908dc04f0965019807f47716203dd7e4ed9cb7579fe30e47df7ec5b0d9bc3e0268c9d794c187b021aa6e8c3cff33bae2ba5a28bf09121649a3a6de389c710f95d7eed26dde32725c55c8034a270c74ab3c59074ce0e0e00e83349b1332f69ef1773bb4a95a6ee448de80216b80ad910546cb9d8cb26f5db729f9835ab1b3fbc5a8479f9161846a26c7b112a85d952b49ebeefde12bf14150d81f5c734c463b14fc0b6a739fe413fbbd79257fbee13405f6ce7892788f6b14f90c2ef788e73e54dcf049e835b7fc9db9bd7a424be964444531069e799d8032b3856bb3ef6f0d8e9c21ae48c58f4965817bf278ac948f4aae727e8241a2ab6781b8c5d58d7731cb13a264b82e84d811432c04d8c4f059fc7bf0bff0f10d6896ee714f76474787bf1c8704178320e7252d6f60a5839c82e782e08b1cf3c6d56a01e6cc70111385b408aecf4873d305a0754ed28440ebfce3d7bbd94bdebd6e945bd2b17dcf26379dfb2ec6bb2e1a61eeea342a987b91bb3ce5e0187013abc861463378caa6e4a2bee49d4e2d263389687a7c2cd2a7cf0893da319bb04f1f1bf7a91d7976e9551face2928293abb98986187edcdafd8fcd9130316730357da17be532e14438a796ef47e40edb0ed9c55610d2b8bd52de0e656d17162ddb36612b94f1ab6ce11194cea845bd9f204e5acd84a374dcfaaf80fd7313f71c25f613af54a3096e7364c01e420bd2e4628c7e3d64d4a900d253656a03596dd5c25affa91fae809f41d6216d5ccc8d2e522f258991f9c0248c341711df4e5aab020e48aebca50cb85d77c54f3b9d7eca12130249416d596bc6dd635a6e90d5075048d099a826b3c9c665fe8d71a7fad2a0e0456698d2f8e1ab970b153aa28656ae2c52415daff4f454b9a423f6bd74d9f7d3dd62cfd260780e51d76d191d5c474f4c7d2d1f58a4b953b754d072ac9f69f2b17b71cfbc6790736df04bf5e9df73848bc80ccab3820fd19c8134dce4eac1af19c67ffc169e71f1c9acedaae570b13a6c80ef5f942d6a715ea3b6bd0cb877b2456d38eca79a09020c5b70ada626d98071af32dcd116c12335b48cf8ed8786f039f1c1188a12c84fa76ab6dcbaae5b73cda1773983cc31f810b8326a5d31938dbef8b95699f0cc88a61a66ae635af6bbe251d90f0dadbf9389c2a3337d97103a5b63da1aaf2db95cdcc273c1ba2fb06cbd7a84021742d6d308a876fcc349038c385a23b5ad0f78ba10627a7e2198ebd0197723d7d8494029234627ac3eca197785518fb0be557890d7a1270481da68a0cd3ddf599c42719b8415d01bd855d01a54ecf27be1dcf5a540ab3c9c4bf87e275155d754712a26b6aafbeb7abca50d8de66aa240e54bfda18cc97714e564fe6d778b0cb374e14556a48", 0x46d}], 0x1) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000600), 0x4) sendto$inet(r0, &(0x7f00000012c0)='\f&', 0x2, 0x11, 0x0, 0x0) 03:22:41 executing program 2: 03:22:41 executing program 1: prlimit64(0x0, 0x0, &(0x7f0000000280)={0x9, 0x8d}, 0x0) syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='sched\x00') preadv(0xffffffffffffffff, &(0x7f0000000380)=[{&(0x7f0000000240)=""/123, 0xfffffe65}], 0x1, 0x1000000) syz_genetlink_get_family_id$ipvs(0x0) sendmsg$IPVS_CMD_FLUSH(0xffffffffffffffff, &(0x7f0000000500)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYBLOB], 0x2}, 0x1, 0x0, 0x0, 0x4000000}, 0x1) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x7e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r4 = open(&(0x7f0000000240)='./file0\x00', 0x880, 0x0) fchdir(r4) r5 = creat(&(0x7f0000000680)='./bus\x00', 0x0) ftruncate(r5, 0x800) lseek(r5, 0x0, 0x2) r6 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0) sendfile(r5, r6, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0x0) sendmsg$NL80211_CMD_START_SCHED_SCAN(0xffffffffffffffff, &(0x7f0000000440)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000400)={&(0x7f00000006c0)=ANY=[@ANYBLOB="6000000056f3257a4fcfe2f523d172e7d3ccf9f026b82608f14536009793803f9262155f95eda2f906e1adf01794d1dc50d9f94fa2755eb6a78e734497b5d45d20299029657b342cf5048b8df517b8262e43802b6f4fd08e4831281e6744113689ba928193e3524a7b5bb966519233661752defd54145cabdab0049aba08ea9b814907008c1d269b2644bfdc4b8dc013fb936339f53e", @ANYRES16=0x0, @ANYBLOB="007bb5bd7000ffdbdf254b0000000400ec000a000600bbbbbbbbbbbb00000800d20000000700000000eeaaa100000000006a00000008000000000000000800000001000000080000000800000008000000fa02038ea700000103e31f08a3aa2bc5ddfe963acf2808c9a935574177c8d8dc9a540181df1ed1e696607eb8de4875eb"], 0x60}, 0x1, 0x0, 0x0, 0x4080}, 0xa0) 03:22:41 executing program 2: 03:22:41 executing program 5: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r0, &(0x7f0000000280)={0x2, 0x4e23, @broadcast}, 0x10) setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000400)=[{0x6, 0x0, 0x0, 0xe8}]}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) writev(r0, &(0x7f0000000bc0)=[{&(0x7f0000001340)="83a15d3f300b93f0737fde29ed5ab6a63f07c8891c4cd3d41ffff7136b011fff477d56ddd308455ff218d7bfab83b8ef75d5065d03adb820d42e03b0cd5ee383835cb611a3c7ac10e5b649a6901211360409c6e612e28110b1b5ee515fccf8a1031d396ea7b27b787779d57a7e428cc441a8e3ef52f3b73e76b729f56cc4fc4ba98263817c50d83f7a174e7322512908dc04f0965019807f47716203dd7e4ed9cb7579fe30e47df7ec5b0d9bc3e0268c9d794c187b021aa6e8c3cff33bae2ba5a28bf09121649a3a6de389c710f95d7eed26dde32725c55c8034a270c74ab3c59074ce0e0e00e83349b1332f69ef1773bb4a95a6ee448de80216b80ad910546cb9d8cb26f5db729f9835ab1b3fbc5a8479f9161846a26c7b112a85d952b49ebeefde12bf14150d81f5c734c463b14fc0b6a739fe413fbbd79257fbee13405f6ce7892788f6b14f90c2ef788e73e54dcf049e835b7fc9db9bd7a424be964444531069e799d8032b3856bb3ef6f0d8e9c21ae48c58f4965817bf278ac948f4aae727e8241a2ab6781b8c5d58d7731cb13a264b82e84d811432c04d8c4f059fc7bf0bff0f10d6896ee714f76474787bf1c8704178320e7252d6f60a5839c82e782e08b1cf3c6d56a01e6cc70111385b408aecf4873d305a0754ed28440ebfce3d7bbd94bdebd6e945bd2b17dcf26379dfb2ec6bb2e1a61eeea342a987b91bb3ce5e0187013abc861463378caa6e4a2bee49d4e2d263389687a7c2cd2a7cf0893da319bb04f1f1bf7a91d7976e9551face2928293abb98986187edcdafd8fcd9130316730357da17be532e14438a796ef47e40edb0ed9c55610d2b8bd52de0e656d17162ddb36612b94f1ab6ce11194cea845bd9f204e5acd84a374dcfaaf80fd7313f71c25f613af54a3096e7364c01e420bd2e4628c7e3d64d4a900d253656a03596dd5c25affa91fae809f41d6216d5ccc8d2e522f258991f9c0248c341711df4e5aab020e48aebca50cb85d77c54f3b9d7eca12130249416d596bc6dd635a6e90d5075048d099a826b3c9c665fe8d71a7fad2a0e0456698d2f8e1ab970b153aa28656ae2c52415daff4f454b9a423f6bd74d9f7d3dd62cfd260780e51d76d191d5c474f4c7d2d1f58a4b953b754d072ac9f69f2b17b71cfbc6790736df04bf5e9df73848bc80ccab3820fd19c8134dce4eac1af19c67ffc169e71f1c9acedaae570b13a6c80ef5f942d6a715ea3b6bd0cb877b2456d38eca79a09020c5b70ada626d98071af32dcd116c12335b48cf8ed8786f039f1c1188a12c84fa76ab6dcbaae5b73cda1773983cc31f810b8326a5d31938dbef8b95699f0cc88a61a66ae635af6bbe251d90f0dadbf9389c2a3337d97103a5b63da1aaf2db95cdcc273c1ba2fb06cbd7a84021742d6d308a876fcc349038c385a23b5ad0f78ba10627a7e2198ebd0197723d7d8494029234627ac3eca197785518fb0be557890d7a1270481da68a0cd3ddf599c42719b8415d01bd855d01a54ecf27be1dcf5a540ab3c9c4bf87e275155d754712a26b6aafbeb7abca50d8de66aa240e54bfda18cc97714e564fe6d778b0cb374e14556a48", 0x46d}], 0x1) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000600), 0x4) sendto$inet(r0, &(0x7f00000012c0)='\f&', 0x2, 0x11, 0x0, 0x0) 03:22:41 executing program 4: 03:22:41 executing program 3: 03:22:42 executing program 4: [ 602.042780][ T27] audit: type=1804 audit(1583119362.041:291): pid=24959 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir486746795/syzkaller.S4NoXv/136/file0/bus" dev="loop1" ino=148 res=1 03:22:42 executing program 3: [ 602.187967][ T27] audit: type=1804 audit(1583119362.171:292): pid=24970 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir486746795/syzkaller.S4NoXv/136/file0/bus" dev="loop1" ino=148 res=1 03:22:44 executing program 3: 03:22:44 executing program 5: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r0, &(0x7f0000000280)={0x2, 0x4e23, @broadcast}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, 0x0, 0x0) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) writev(r0, &(0x7f0000000bc0)=[{&(0x7f0000001340)="83a15d3f300b93f0737fde29ed5ab6a63f07c8891c4cd3d41ffff7136b011fff477d56ddd308455ff218d7bfab83b8ef75d5065d03adb820d42e03b0cd5ee383835cb611a3c7ac10e5b649a6901211360409c6e612e28110b1b5ee515fccf8a1031d396ea7b27b787779d57a7e428cc441a8e3ef52f3b73e76b729f56cc4fc4ba98263817c50d83f7a174e7322512908dc04f0965019807f47716203dd7e4ed9cb7579fe30e47df7ec5b0d9bc3e0268c9d794c187b021aa6e8c3cff33bae2ba5a28bf09121649a3a6de389c710f95d7eed26dde32725c55c8034a270c74ab3c59074ce0e0e00e83349b1332f69ef1773bb4a95a6ee448de80216b80ad910546cb9d8cb26f5db729f9835ab1b3fbc5a8479f9161846a26c7b112a85d952b49ebeefde12bf14150d81f5c734c463b14fc0b6a739fe413fbbd79257fbee13405f6ce7892788f6b14f90c2ef788e73e54dcf049e835b7fc9db9bd7a424be964444531069e799d8032b3856bb3ef6f0d8e9c21ae48c58f4965817bf278ac948f4aae727e8241a2ab6781b8c5d58d7731cb13a264b82e84d811432c04d8c4f059fc7bf0bff0f10d6896ee714f76474787bf1c8704178320e7252d6f60a5839c82e782e08b1cf3c6d56a01e6cc70111385b408aecf4873d305a0754ed28440ebfce3d7bbd94bdebd6e945bd2b17dcf26379dfb2ec6bb2e1a61eeea342a987b91bb3ce5e0187013abc861463378caa6e4a2bee49d4e2d263389687a7c2cd2a7cf0893da319bb04f1f1bf7a91d7976e9551face2928293abb98986187edcdafd8fcd9130316730357da17be532e14438a796ef47e40edb0ed9c55610d2b8bd52de0e656d17162ddb36612b94f1ab6ce11194cea845bd9f204e5acd84a374dcfaaf80fd7313f71c25f613af54a3096e7364c01e420bd2e4628c7e3d64d4a900d253656a03596dd5c25affa91fae809f41d6216d5ccc8d2e522f258991f9c0248c341711df4e5aab020e48aebca50cb85d77c54f3b9d7eca12130249416d596bc6dd635a6e90d5075048d099a826b3c9c665fe8d71a7fad2a0e0456698d2f8e1ab970b153aa28656ae2c52415daff4f454b9a423f6bd74d9f7d3dd62cfd260780e51d76d191d5c474f4c7d2d1f58a4b953b754d072ac9f69f2b17b71cfbc6790736df04bf5e9df73848bc80ccab3820fd19c8134dce4eac1af19c67ffc169e71f1c9acedaae570b13a6c80ef5f942d6a715ea3b6bd0cb877b2456d38eca79a09020c5b70ada626d98071af32dcd116c12335b48cf8ed8786f039f1c1188a12c84fa76ab6dcbaae5b73cda1773983cc31f810b8326a5d31938dbef8b95699f0cc88a61a66ae635af6bbe251d90f0dadbf9389c2a3337d97103a5b63da1aaf2db95cdcc273c1ba2fb06cbd7a84021742d6d308a876fcc349038c385a23b5ad0f78ba10627a7e2198ebd0197723d7d8494029234627ac3eca197785518fb0be557890d7a1270481da68a0cd3ddf599c42719b8415d01bd855d01a54ecf27be1dcf5a540ab3c9c4bf87e275155d754712a26b6aafbeb7abca50d8de66aa240e54bfda18cc97714e564fe6d778b0cb374e14556a48", 0x46d}], 0x1) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000600), 0x4) sendto$inet(r0, &(0x7f00000012c0)='\f&', 0x2, 0x11, 0x0, 0x0) 03:22:44 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000200)="6653070002053c27bc337600363925d86800278dcff47d010000805acf4f8f36460234432479aed75d492b415bcee00a06dc9d8e99adaf81dcfc6afd983f79e65199615607676f8f9fc0ebf8b0b16d6f2c59957ab364884b3c5d05692e664ebf68e6faa5", 0x64}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0xffffffffffffffff, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ptrace$cont(0x7, r0, 0x0, 0x0) 03:22:44 executing program 4: 03:22:44 executing program 2: 03:22:44 executing program 1: prlimit64(0x0, 0x0, &(0x7f0000000280)={0x9, 0x8d}, 0x0) syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='sched\x00') preadv(0xffffffffffffffff, &(0x7f0000000380)=[{&(0x7f0000000240)=""/123, 0xfffffe65}], 0x1, 0x1000000) syz_genetlink_get_family_id$ipvs(0x0) sendmsg$IPVS_CMD_FLUSH(0xffffffffffffffff, &(0x7f0000000500)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16, @ANYBLOB], 0x3}, 0x1, 0x0, 0x0, 0x4000000}, 0x1) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x7e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r4 = open(&(0x7f0000000240)='./file0\x00', 0x880, 0x0) fchdir(r4) r5 = creat(&(0x7f0000000680)='./bus\x00', 0x0) ftruncate(r5, 0x800) lseek(r5, 0x0, 0x2) r6 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0) sendfile(r5, r6, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0x0) sendmsg$NL80211_CMD_START_SCHED_SCAN(0xffffffffffffffff, &(0x7f0000000440)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000400)={&(0x7f00000006c0)=ANY=[@ANYBLOB="6000000056f3257a4fcfe2f523d172e7d3ccf9f026b82608f14536009793803f9262155f95eda2f906e1adf01794d1dc50d9f94fa2755eb6a78e734497b5d45d20299029657b342cf5048b8df517b8262e43802b6f4fd08e4831281e6744113689ba928193e3524a7b5bb966519233661752defd54145cabdab0049aba08ea9b814907008c1d269b2644bfdc4b8dc013fb936339f53e", @ANYRES16=0x0, @ANYBLOB="007bb5bd7000ffdbdf254b0000000400ec000a000600bbbbbbbbbbbb00000800d20000000700000000eeaaa100000000006a00000008000000000000000800000001000000080000000800000008000000fa02038ea700000103e31f08a3aa2bc5ddfe963acf2808c9a935574177c8d8dc9a540181df1ed1e696607eb8de4875eb"], 0x60}, 0x1, 0x0, 0x0, 0x4080}, 0xa0) 03:22:44 executing program 5: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r0, &(0x7f0000000280)={0x2, 0x4e23, @broadcast}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, 0x0, 0x0) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) writev(r0, &(0x7f0000000bc0)=[{&(0x7f0000001340)="83a15d3f300b93f0737fde29ed5ab6a63f07c8891c4cd3d41ffff7136b011fff477d56ddd308455ff218d7bfab83b8ef75d5065d03adb820d42e03b0cd5ee383835cb611a3c7ac10e5b649a6901211360409c6e612e28110b1b5ee515fccf8a1031d396ea7b27b787779d57a7e428cc441a8e3ef52f3b73e76b729f56cc4fc4ba98263817c50d83f7a174e7322512908dc04f0965019807f47716203dd7e4ed9cb7579fe30e47df7ec5b0d9bc3e0268c9d794c187b021aa6e8c3cff33bae2ba5a28bf09121649a3a6de389c710f95d7eed26dde32725c55c8034a270c74ab3c59074ce0e0e00e83349b1332f69ef1773bb4a95a6ee448de80216b80ad910546cb9d8cb26f5db729f9835ab1b3fbc5a8479f9161846a26c7b112a85d952b49ebeefde12bf14150d81f5c734c463b14fc0b6a739fe413fbbd79257fbee13405f6ce7892788f6b14f90c2ef788e73e54dcf049e835b7fc9db9bd7a424be964444531069e799d8032b3856bb3ef6f0d8e9c21ae48c58f4965817bf278ac948f4aae727e8241a2ab6781b8c5d58d7731cb13a264b82e84d811432c04d8c4f059fc7bf0bff0f10d6896ee714f76474787bf1c8704178320e7252d6f60a5839c82e782e08b1cf3c6d56a01e6cc70111385b408aecf4873d305a0754ed28440ebfce3d7bbd94bdebd6e945bd2b17dcf26379dfb2ec6bb2e1a61eeea342a987b91bb3ce5e0187013abc861463378caa6e4a2bee49d4e2d263389687a7c2cd2a7cf0893da319bb04f1f1bf7a91d7976e9551face2928293abb98986187edcdafd8fcd9130316730357da17be532e14438a796ef47e40edb0ed9c55610d2b8bd52de0e656d17162ddb36612b94f1ab6ce11194cea845bd9f204e5acd84a374dcfaaf80fd7313f71c25f613af54a3096e7364c01e420bd2e4628c7e3d64d4a900d253656a03596dd5c25affa91fae809f41d6216d5ccc8d2e522f258991f9c0248c341711df4e5aab020e48aebca50cb85d77c54f3b9d7eca12130249416d596bc6dd635a6e90d5075048d099a826b3c9c665fe8d71a7fad2a0e0456698d2f8e1ab970b153aa28656ae2c52415daff4f454b9a423f6bd74d9f7d3dd62cfd260780e51d76d191d5c474f4c7d2d1f58a4b953b754d072ac9f69f2b17b71cfbc6790736df04bf5e9df73848bc80ccab3820fd19c8134dce4eac1af19c67ffc169e71f1c9acedaae570b13a6c80ef5f942d6a715ea3b6bd0cb877b2456d38eca79a09020c5b70ada626d98071af32dcd116c12335b48cf8ed8786f039f1c1188a12c84fa76ab6dcbaae5b73cda1773983cc31f810b8326a5d31938dbef8b95699f0cc88a61a66ae635af6bbe251d90f0dadbf9389c2a3337d97103a5b63da1aaf2db95cdcc273c1ba2fb06cbd7a84021742d6d308a876fcc349038c385a23b5ad0f78ba10627a7e2198ebd0197723d7d8494029234627ac3eca197785518fb0be557890d7a1270481da68a0cd3ddf599c42719b8415d01bd855d01a54ecf27be1dcf5a540ab3c9c4bf87e275155d754712a26b6aafbeb7abca50d8de66aa240e54bfda18cc97714e564fe6d778b0cb374e14556a48", 0x46d}], 0x1) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000600), 0x4) sendto$inet(r0, &(0x7f00000012c0)='\f&', 0x2, 0x11, 0x0, 0x0) 03:22:44 executing program 3: 03:22:44 executing program 2: 03:22:44 executing program 4: 03:22:45 executing program 5: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r0, &(0x7f0000000280)={0x2, 0x4e23, @broadcast}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, 0x0, 0x0) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) writev(r0, &(0x7f0000000bc0)=[{&(0x7f0000001340)="83a15d3f300b93f0737fde29ed5ab6a63f07c8891c4cd3d41ffff7136b011fff477d56ddd308455ff218d7bfab83b8ef75d5065d03adb820d42e03b0cd5ee383835cb611a3c7ac10e5b649a6901211360409c6e612e28110b1b5ee515fccf8a1031d396ea7b27b787779d57a7e428cc441a8e3ef52f3b73e76b729f56cc4fc4ba98263817c50d83f7a174e7322512908dc04f0965019807f47716203dd7e4ed9cb7579fe30e47df7ec5b0d9bc3e0268c9d794c187b021aa6e8c3cff33bae2ba5a28bf09121649a3a6de389c710f95d7eed26dde32725c55c8034a270c74ab3c59074ce0e0e00e83349b1332f69ef1773bb4a95a6ee448de80216b80ad910546cb9d8cb26f5db729f9835ab1b3fbc5a8479f9161846a26c7b112a85d952b49ebeefde12bf14150d81f5c734c463b14fc0b6a739fe413fbbd79257fbee13405f6ce7892788f6b14f90c2ef788e73e54dcf049e835b7fc9db9bd7a424be964444531069e799d8032b3856bb3ef6f0d8e9c21ae48c58f4965817bf278ac948f4aae727e8241a2ab6781b8c5d58d7731cb13a264b82e84d811432c04d8c4f059fc7bf0bff0f10d6896ee714f76474787bf1c8704178320e7252d6f60a5839c82e782e08b1cf3c6d56a01e6cc70111385b408aecf4873d305a0754ed28440ebfce3d7bbd94bdebd6e945bd2b17dcf26379dfb2ec6bb2e1a61eeea342a987b91bb3ce5e0187013abc861463378caa6e4a2bee49d4e2d263389687a7c2cd2a7cf0893da319bb04f1f1bf7a91d7976e9551face2928293abb98986187edcdafd8fcd9130316730357da17be532e14438a796ef47e40edb0ed9c55610d2b8bd52de0e656d17162ddb36612b94f1ab6ce11194cea845bd9f204e5acd84a374dcfaaf80fd7313f71c25f613af54a3096e7364c01e420bd2e4628c7e3d64d4a900d253656a03596dd5c25affa91fae809f41d6216d5ccc8d2e522f258991f9c0248c341711df4e5aab020e48aebca50cb85d77c54f3b9d7eca12130249416d596bc6dd635a6e90d5075048d099a826b3c9c665fe8d71a7fad2a0e0456698d2f8e1ab970b153aa28656ae2c52415daff4f454b9a423f6bd74d9f7d3dd62cfd260780e51d76d191d5c474f4c7d2d1f58a4b953b754d072ac9f69f2b17b71cfbc6790736df04bf5e9df73848bc80ccab3820fd19c8134dce4eac1af19c67ffc169e71f1c9acedaae570b13a6c80ef5f942d6a715ea3b6bd0cb877b2456d38eca79a09020c5b70ada626d98071af32dcd116c12335b48cf8ed8786f039f1c1188a12c84fa76ab6dcbaae5b73cda1773983cc31f810b8326a5d31938dbef8b95699f0cc88a61a66ae635af6bbe251d90f0dadbf9389c2a3337d97103a5b63da1aaf2db95cdcc273c1ba2fb06cbd7a84021742d6d308a876fcc349038c385a23b5ad0f78ba10627a7e2198ebd0197723d7d8494029234627ac3eca197785518fb0be557890d7a1270481da68a0cd3ddf599c42719b8415d01bd855d01a54ecf27be1dcf5a540ab3c9c4bf87e275155d754712a26b6aafbeb7abca50d8de66aa240e54bfda18cc97714e564fe6d778b0cb374e14556a48", 0x46d}], 0x1) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000600), 0x4) sendto$inet(r0, &(0x7f00000012c0)='\f&', 0x2, 0x11, 0x0, 0x0) 03:22:45 executing program 3: [ 605.165368][ T27] audit: type=1804 audit(1583119365.161:293): pid=24991 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir486746795/syzkaller.S4NoXv/137/file0/bus" dev="loop1" ino=149 res=1 03:22:45 executing program 4: [ 605.254305][ T27] audit: type=1804 audit(1583119365.251:294): pid=25005 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir486746795/syzkaller.S4NoXv/137/file0/bus" dev="loop1" ino=149 res=1 03:22:45 executing program 5: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r0, &(0x7f0000000280)={0x2, 0x4e23, @broadcast}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000480)={0x0, 0x0}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) writev(r0, &(0x7f0000000bc0)=[{&(0x7f0000001340)="83a15d3f300b93f0737fde29ed5ab6a63f07c8891c4cd3d41ffff7136b011fff477d56ddd308455ff218d7bfab83b8ef75d5065d03adb820d42e03b0cd5ee383835cb611a3c7ac10e5b649a6901211360409c6e612e28110b1b5ee515fccf8a1031d396ea7b27b787779d57a7e428cc441a8e3ef52f3b73e76b729f56cc4fc4ba98263817c50d83f7a174e7322512908dc04f0965019807f47716203dd7e4ed9cb7579fe30e47df7ec5b0d9bc3e0268c9d794c187b021aa6e8c3cff33bae2ba5a28bf09121649a3a6de389c710f95d7eed26dde32725c55c8034a270c74ab3c59074ce0e0e00e83349b1332f69ef1773bb4a95a6ee448de80216b80ad910546cb9d8cb26f5db729f9835ab1b3fbc5a8479f9161846a26c7b112a85d952b49ebeefde12bf14150d81f5c734c463b14fc0b6a739fe413fbbd79257fbee13405f6ce7892788f6b14f90c2ef788e73e54dcf049e835b7fc9db9bd7a424be964444531069e799d8032b3856bb3ef6f0d8e9c21ae48c58f4965817bf278ac948f4aae727e8241a2ab6781b8c5d58d7731cb13a264b82e84d811432c04d8c4f059fc7bf0bff0f10d6896ee714f76474787bf1c8704178320e7252d6f60a5839c82e782e08b1cf3c6d56a01e6cc70111385b408aecf4873d305a0754ed28440ebfce3d7bbd94bdebd6e945bd2b17dcf26379dfb2ec6bb2e1a61eeea342a987b91bb3ce5e0187013abc861463378caa6e4a2bee49d4e2d263389687a7c2cd2a7cf0893da319bb04f1f1bf7a91d7976e9551face2928293abb98986187edcdafd8fcd9130316730357da17be532e14438a796ef47e40edb0ed9c55610d2b8bd52de0e656d17162ddb36612b94f1ab6ce11194cea845bd9f204e5acd84a374dcfaaf80fd7313f71c25f613af54a3096e7364c01e420bd2e4628c7e3d64d4a900d253656a03596dd5c25affa91fae809f41d6216d5ccc8d2e522f258991f9c0248c341711df4e5aab020e48aebca50cb85d77c54f3b9d7eca12130249416d596bc6dd635a6e90d5075048d099a826b3c9c665fe8d71a7fad2a0e0456698d2f8e1ab970b153aa28656ae2c52415daff4f454b9a423f6bd74d9f7d3dd62cfd260780e51d76d191d5c474f4c7d2d1f58a4b953b754d072ac9f69f2b17b71cfbc6790736df04bf5e9df73848bc80ccab3820fd19c8134dce4eac1af19c67ffc169e71f1c9acedaae570b13a6c80ef5f942d6a715ea3b6bd0cb877b2456d38eca79a09020c5b70ada626d98071af32dcd116c12335b48cf8ed8786f039f1c1188a12c84fa76ab6dcbaae5b73cda1773983cc31f810b8326a5d31938dbef8b95699f0cc88a61a66ae635af6bbe251d90f0dadbf9389c2a3337d97103a5b63da1aaf2db95cdcc273c1ba2fb06cbd7a84021742d6d308a876fcc349038c385a23b5ad0f78ba10627a7e2198ebd0197723d7d8494029234627ac3eca197785518fb0be557890d7a1270481da68a0cd3ddf599c42719b8415d01bd855d01a54ecf27be1dcf5a540ab3c9c4bf87e275155d754712a26b6aafbeb7abca50d8de66aa240e54bfda18cc97714e564fe6d778b0cb374e14556a48", 0x46d}], 0x1) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000600), 0x4) sendto$inet(r0, &(0x7f00000012c0)='\f&', 0x2, 0x11, 0x0, 0x0) [ 605.745971][ T7972] attempt to access beyond end of device [ 605.751620][ T7972] loop1: rw=1, want=2393, limit=63 [ 605.761955][ T7972] attempt to access beyond end of device [ 605.767777][ T7972] loop1: rw=1, want=4449, limit=63 [ 605.777927][ T7972] attempt to access beyond end of device [ 605.783679][ T7972] loop1: rw=1, want=6497, limit=63 [ 605.793706][ T7972] attempt to access beyond end of device [ 605.799534][ T7972] loop1: rw=1, want=8533, limit=63 03:22:47 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000200)="6653070002053c27bc337600363925d86800278dcff47d010000805acf4f8f36460234432479aed75d492b415bcee00a06dc9d8e99adaf81dcfc6afd983f79e65199615607676f8f9fc0ebf8b0b16d6f2c59957ab364884b3c5d05692e664ebf68e6faa5", 0x64}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0xffffffffffffffff, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ptrace$cont(0x7, r0, 0x0, 0x0) 03:22:47 executing program 2: 03:22:47 executing program 3: 03:22:47 executing program 4: 03:22:47 executing program 5: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r0, &(0x7f0000000280)={0x2, 0x4e23, @broadcast}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000480)={0x0, 0x0}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) writev(r0, &(0x7f0000000bc0)=[{&(0x7f0000001340)="83a15d3f300b93f0737fde29ed5ab6a63f07c8891c4cd3d41ffff7136b011fff477d56ddd308455ff218d7bfab83b8ef75d5065d03adb820d42e03b0cd5ee383835cb611a3c7ac10e5b649a6901211360409c6e612e28110b1b5ee515fccf8a1031d396ea7b27b787779d57a7e428cc441a8e3ef52f3b73e76b729f56cc4fc4ba98263817c50d83f7a174e7322512908dc04f0965019807f47716203dd7e4ed9cb7579fe30e47df7ec5b0d9bc3e0268c9d794c187b021aa6e8c3cff33bae2ba5a28bf09121649a3a6de389c710f95d7eed26dde32725c55c8034a270c74ab3c59074ce0e0e00e83349b1332f69ef1773bb4a95a6ee448de80216b80ad910546cb9d8cb26f5db729f9835ab1b3fbc5a8479f9161846a26c7b112a85d952b49ebeefde12bf14150d81f5c734c463b14fc0b6a739fe413fbbd79257fbee13405f6ce7892788f6b14f90c2ef788e73e54dcf049e835b7fc9db9bd7a424be964444531069e799d8032b3856bb3ef6f0d8e9c21ae48c58f4965817bf278ac948f4aae727e8241a2ab6781b8c5d58d7731cb13a264b82e84d811432c04d8c4f059fc7bf0bff0f10d6896ee714f76474787bf1c8704178320e7252d6f60a5839c82e782e08b1cf3c6d56a01e6cc70111385b408aecf4873d305a0754ed28440ebfce3d7bbd94bdebd6e945bd2b17dcf26379dfb2ec6bb2e1a61eeea342a987b91bb3ce5e0187013abc861463378caa6e4a2bee49d4e2d263389687a7c2cd2a7cf0893da319bb04f1f1bf7a91d7976e9551face2928293abb98986187edcdafd8fcd9130316730357da17be532e14438a796ef47e40edb0ed9c55610d2b8bd52de0e656d17162ddb36612b94f1ab6ce11194cea845bd9f204e5acd84a374dcfaaf80fd7313f71c25f613af54a3096e7364c01e420bd2e4628c7e3d64d4a900d253656a03596dd5c25affa91fae809f41d6216d5ccc8d2e522f258991f9c0248c341711df4e5aab020e48aebca50cb85d77c54f3b9d7eca12130249416d596bc6dd635a6e90d5075048d099a826b3c9c665fe8d71a7fad2a0e0456698d2f8e1ab970b153aa28656ae2c52415daff4f454b9a423f6bd74d9f7d3dd62cfd260780e51d76d191d5c474f4c7d2d1f58a4b953b754d072ac9f69f2b17b71cfbc6790736df04bf5e9df73848bc80ccab3820fd19c8134dce4eac1af19c67ffc169e71f1c9acedaae570b13a6c80ef5f942d6a715ea3b6bd0cb877b2456d38eca79a09020c5b70ada626d98071af32dcd116c12335b48cf8ed8786f039f1c1188a12c84fa76ab6dcbaae5b73cda1773983cc31f810b8326a5d31938dbef8b95699f0cc88a61a66ae635af6bbe251d90f0dadbf9389c2a3337d97103a5b63da1aaf2db95cdcc273c1ba2fb06cbd7a84021742d6d308a876fcc349038c385a23b5ad0f78ba10627a7e2198ebd0197723d7d8494029234627ac3eca197785518fb0be557890d7a1270481da68a0cd3ddf599c42719b8415d01bd855d01a54ecf27be1dcf5a540ab3c9c4bf87e275155d754712a26b6aafbeb7abca50d8de66aa240e54bfda18cc97714e564fe6d778b0cb374e14556a48", 0x46d}], 0x1) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000600), 0x4) sendto$inet(r0, &(0x7f00000012c0)='\f&', 0x2, 0x11, 0x0, 0x0) 03:22:47 executing program 1: prlimit64(0x0, 0x0, &(0x7f0000000280)={0x9, 0x8d}, 0x0) syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='sched\x00') preadv(0xffffffffffffffff, &(0x7f0000000380)=[{&(0x7f0000000240)=""/123, 0xfffffe65}], 0x1, 0x1000000) syz_genetlink_get_family_id$ipvs(0x0) sendmsg$IPVS_CMD_FLUSH(0xffffffffffffffff, &(0x7f0000000500)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16, @ANYBLOB], 0x3}, 0x1, 0x0, 0x0, 0x4000000}, 0x1) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x7e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r4 = open(&(0x7f0000000240)='./file0\x00', 0x880, 0x0) fchdir(r4) r5 = creat(&(0x7f0000000680)='./bus\x00', 0x0) ftruncate(r5, 0x800) lseek(r5, 0x0, 0x2) r6 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0) sendfile(r5, r6, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0x0) sendmsg$NL80211_CMD_START_SCHED_SCAN(0xffffffffffffffff, &(0x7f0000000440)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000400)={&(0x7f00000006c0)=ANY=[@ANYBLOB="6000000056f3257a4fcfe2f523d172e7d3ccf9f026b82608f14536009793803f9262155f95eda2f906e1adf01794d1dc50d9f94fa2755eb6a78e734497b5d45d20299029657b342cf5048b8df517b8262e43802b6f4fd08e4831281e6744113689ba928193e3524a7b5bb966519233661752defd54145cabdab0049aba08ea9b814907008c1d269b2644bfdc4b8dc013fb936339f53e", @ANYRES16=0x0, @ANYBLOB="007bb5bd7000ffdbdf254b0000000400ec000a000600bbbbbbbbbbbb00000800d20000000700000000eeaaa100000000006a00000008000000000000000800000001000000080000000800000008000000fa02038ea700000103e31f08a3aa2bc5ddfe963acf2808c9a935574177c8d8dc9a540181df1ed1e696607eb8de4875eb"], 0x60}, 0x1, 0x0, 0x0, 0x4080}, 0xa0) 03:22:48 executing program 3: 03:22:48 executing program 2: 03:22:48 executing program 4: 03:22:48 executing program 5: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r0, &(0x7f0000000280)={0x2, 0x4e23, @broadcast}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000480)={0x0, 0x0}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) writev(r0, &(0x7f0000000bc0)=[{&(0x7f0000001340)="83a15d3f300b93f0737fde29ed5ab6a63f07c8891c4cd3d41ffff7136b011fff477d56ddd308455ff218d7bfab83b8ef75d5065d03adb820d42e03b0cd5ee383835cb611a3c7ac10e5b649a6901211360409c6e612e28110b1b5ee515fccf8a1031d396ea7b27b787779d57a7e428cc441a8e3ef52f3b73e76b729f56cc4fc4ba98263817c50d83f7a174e7322512908dc04f0965019807f47716203dd7e4ed9cb7579fe30e47df7ec5b0d9bc3e0268c9d794c187b021aa6e8c3cff33bae2ba5a28bf09121649a3a6de389c710f95d7eed26dde32725c55c8034a270c74ab3c59074ce0e0e00e83349b1332f69ef1773bb4a95a6ee448de80216b80ad910546cb9d8cb26f5db729f9835ab1b3fbc5a8479f9161846a26c7b112a85d952b49ebeefde12bf14150d81f5c734c463b14fc0b6a739fe413fbbd79257fbee13405f6ce7892788f6b14f90c2ef788e73e54dcf049e835b7fc9db9bd7a424be964444531069e799d8032b3856bb3ef6f0d8e9c21ae48c58f4965817bf278ac948f4aae727e8241a2ab6781b8c5d58d7731cb13a264b82e84d811432c04d8c4f059fc7bf0bff0f10d6896ee714f76474787bf1c8704178320e7252d6f60a5839c82e782e08b1cf3c6d56a01e6cc70111385b408aecf4873d305a0754ed28440ebfce3d7bbd94bdebd6e945bd2b17dcf26379dfb2ec6bb2e1a61eeea342a987b91bb3ce5e0187013abc861463378caa6e4a2bee49d4e2d263389687a7c2cd2a7cf0893da319bb04f1f1bf7a91d7976e9551face2928293abb98986187edcdafd8fcd9130316730357da17be532e14438a796ef47e40edb0ed9c55610d2b8bd52de0e656d17162ddb36612b94f1ab6ce11194cea845bd9f204e5acd84a374dcfaaf80fd7313f71c25f613af54a3096e7364c01e420bd2e4628c7e3d64d4a900d253656a03596dd5c25affa91fae809f41d6216d5ccc8d2e522f258991f9c0248c341711df4e5aab020e48aebca50cb85d77c54f3b9d7eca12130249416d596bc6dd635a6e90d5075048d099a826b3c9c665fe8d71a7fad2a0e0456698d2f8e1ab970b153aa28656ae2c52415daff4f454b9a423f6bd74d9f7d3dd62cfd260780e51d76d191d5c474f4c7d2d1f58a4b953b754d072ac9f69f2b17b71cfbc6790736df04bf5e9df73848bc80ccab3820fd19c8134dce4eac1af19c67ffc169e71f1c9acedaae570b13a6c80ef5f942d6a715ea3b6bd0cb877b2456d38eca79a09020c5b70ada626d98071af32dcd116c12335b48cf8ed8786f039f1c1188a12c84fa76ab6dcbaae5b73cda1773983cc31f810b8326a5d31938dbef8b95699f0cc88a61a66ae635af6bbe251d90f0dadbf9389c2a3337d97103a5b63da1aaf2db95cdcc273c1ba2fb06cbd7a84021742d6d308a876fcc349038c385a23b5ad0f78ba10627a7e2198ebd0197723d7d8494029234627ac3eca197785518fb0be557890d7a1270481da68a0cd3ddf599c42719b8415d01bd855d01a54ecf27be1dcf5a540ab3c9c4bf87e275155d754712a26b6aafbeb7abca50d8de66aa240e54bfda18cc97714e564fe6d778b0cb374e14556a48", 0x46d}], 0x1) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000600), 0x4) sendto$inet(r0, &(0x7f00000012c0)='\f&', 0x2, 0x11, 0x0, 0x0) 03:22:48 executing program 2: 03:22:48 executing program 5: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r0, &(0x7f0000000280)={0x2, 0x4e23, @broadcast}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000480)={0x0, &(0x7f0000000400)}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) writev(r0, &(0x7f0000000bc0)=[{&(0x7f0000001340)="83a15d3f300b93f0737fde29ed5ab6a63f07c8891c4cd3d41ffff7136b011fff477d56ddd308455ff218d7bfab83b8ef75d5065d03adb820d42e03b0cd5ee383835cb611a3c7ac10e5b649a6901211360409c6e612e28110b1b5ee515fccf8a1031d396ea7b27b787779d57a7e428cc441a8e3ef52f3b73e76b729f56cc4fc4ba98263817c50d83f7a174e7322512908dc04f0965019807f47716203dd7e4ed9cb7579fe30e47df7ec5b0d9bc3e0268c9d794c187b021aa6e8c3cff33bae2ba5a28bf09121649a3a6de389c710f95d7eed26dde32725c55c8034a270c74ab3c59074ce0e0e00e83349b1332f69ef1773bb4a95a6ee448de80216b80ad910546cb9d8cb26f5db729f9835ab1b3fbc5a8479f9161846a26c7b112a85d952b49ebeefde12bf14150d81f5c734c463b14fc0b6a739fe413fbbd79257fbee13405f6ce7892788f6b14f90c2ef788e73e54dcf049e835b7fc9db9bd7a424be964444531069e799d8032b3856bb3ef6f0d8e9c21ae48c58f4965817bf278ac948f4aae727e8241a2ab6781b8c5d58d7731cb13a264b82e84d811432c04d8c4f059fc7bf0bff0f10d6896ee714f76474787bf1c8704178320e7252d6f60a5839c82e782e08b1cf3c6d56a01e6cc70111385b408aecf4873d305a0754ed28440ebfce3d7bbd94bdebd6e945bd2b17dcf26379dfb2ec6bb2e1a61eeea342a987b91bb3ce5e0187013abc861463378caa6e4a2bee49d4e2d263389687a7c2cd2a7cf0893da319bb04f1f1bf7a91d7976e9551face2928293abb98986187edcdafd8fcd9130316730357da17be532e14438a796ef47e40edb0ed9c55610d2b8bd52de0e656d17162ddb36612b94f1ab6ce11194cea845bd9f204e5acd84a374dcfaaf80fd7313f71c25f613af54a3096e7364c01e420bd2e4628c7e3d64d4a900d253656a03596dd5c25affa91fae809f41d6216d5ccc8d2e522f258991f9c0248c341711df4e5aab020e48aebca50cb85d77c54f3b9d7eca12130249416d596bc6dd635a6e90d5075048d099a826b3c9c665fe8d71a7fad2a0e0456698d2f8e1ab970b153aa28656ae2c52415daff4f454b9a423f6bd74d9f7d3dd62cfd260780e51d76d191d5c474f4c7d2d1f58a4b953b754d072ac9f69f2b17b71cfbc6790736df04bf5e9df73848bc80ccab3820fd19c8134dce4eac1af19c67ffc169e71f1c9acedaae570b13a6c80ef5f942d6a715ea3b6bd0cb877b2456d38eca79a09020c5b70ada626d98071af32dcd116c12335b48cf8ed8786f039f1c1188a12c84fa76ab6dcbaae5b73cda1773983cc31f810b8326a5d31938dbef8b95699f0cc88a61a66ae635af6bbe251d90f0dadbf9389c2a3337d97103a5b63da1aaf2db95cdcc273c1ba2fb06cbd7a84021742d6d308a876fcc349038c385a23b5ad0f78ba10627a7e2198ebd0197723d7d8494029234627ac3eca197785518fb0be557890d7a1270481da68a0cd3ddf599c42719b8415d01bd855d01a54ecf27be1dcf5a540ab3c9c4bf87e275155d754712a26b6aafbeb7abca50d8de66aa240e54bfda18cc97714e564fe6d778b0cb374e14556a48", 0x46d}], 0x1) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000600), 0x4) sendto$inet(r0, &(0x7f00000012c0)='\f&', 0x2, 0x11, 0x0, 0x0) [ 608.284960][ T27] audit: type=1804 audit(1583119368.281:295): pid=25041 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir486746795/syzkaller.S4NoXv/138/file0/bus" dev="loop1" ino=150 res=1 [ 608.394149][ T27] audit: type=1804 audit(1583119368.391:296): pid=25047 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir486746795/syzkaller.S4NoXv/138/file0/bus" dev="loop1" ino=150 res=1 [ 608.916865][ T7954] attempt to access beyond end of device [ 608.922559][ T7954] loop1: rw=1, want=3769, limit=63 [ 608.932949][ T7954] attempt to access beyond end of device [ 608.939602][ T7954] loop1: rw=1, want=5817, limit=63 [ 608.950225][ T7954] attempt to access beyond end of device [ 608.955972][ T7954] loop1: rw=1, want=7873, limit=63 [ 608.965717][ T7954] attempt to access beyond end of device [ 608.971827][ T7954] loop1: rw=1, want=9929, limit=63 [ 608.982420][ T7954] attempt to access beyond end of device [ 608.988228][ T7954] loop1: rw=1, want=11977, limit=63 [ 608.998848][ T7954] attempt to access beyond end of device [ 609.004606][ T7954] loop1: rw=1, want=14025, limit=63 [ 609.014628][ T7954] attempt to access beyond end of device [ 609.020480][ T7954] loop1: rw=1, want=16073, limit=63 [ 609.029611][ T7954] attempt to access beyond end of device [ 609.035305][ T7954] loop1: rw=1, want=17005, limit=63 03:22:51 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000200)="6653070002053c27bc337600363925d86800278dcff47d010000805acf4f8f36460234432479aed75d492b415bcee00a06dc9d8e99adaf81dcfc6afd983f79e65199615607676f8f9fc0ebf8b0b16d6f2c59957ab364884b3c5d05692e664ebf68e6faa5", 0x64}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0xffffffffffffffff, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ptrace$cont(0x7, r0, 0x0, 0x0) 03:22:51 executing program 4: 03:22:51 executing program 3: 03:22:51 executing program 2: 03:22:51 executing program 5: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r0, &(0x7f0000000280)={0x2, 0x4e23, @broadcast}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000480)={0x0, &(0x7f0000000400)}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) writev(r0, &(0x7f0000000bc0)=[{&(0x7f0000001340)="83a15d3f300b93f0737fde29ed5ab6a63f07c8891c4cd3d41ffff7136b011fff477d56ddd308455ff218d7bfab83b8ef75d5065d03adb820d42e03b0cd5ee383835cb611a3c7ac10e5b649a6901211360409c6e612e28110b1b5ee515fccf8a1031d396ea7b27b787779d57a7e428cc441a8e3ef52f3b73e76b729f56cc4fc4ba98263817c50d83f7a174e7322512908dc04f0965019807f47716203dd7e4ed9cb7579fe30e47df7ec5b0d9bc3e0268c9d794c187b021aa6e8c3cff33bae2ba5a28bf09121649a3a6de389c710f95d7eed26dde32725c55c8034a270c74ab3c59074ce0e0e00e83349b1332f69ef1773bb4a95a6ee448de80216b80ad910546cb9d8cb26f5db729f9835ab1b3fbc5a8479f9161846a26c7b112a85d952b49ebeefde12bf14150d81f5c734c463b14fc0b6a739fe413fbbd79257fbee13405f6ce7892788f6b14f90c2ef788e73e54dcf049e835b7fc9db9bd7a424be964444531069e799d8032b3856bb3ef6f0d8e9c21ae48c58f4965817bf278ac948f4aae727e8241a2ab6781b8c5d58d7731cb13a264b82e84d811432c04d8c4f059fc7bf0bff0f10d6896ee714f76474787bf1c8704178320e7252d6f60a5839c82e782e08b1cf3c6d56a01e6cc70111385b408aecf4873d305a0754ed28440ebfce3d7bbd94bdebd6e945bd2b17dcf26379dfb2ec6bb2e1a61eeea342a987b91bb3ce5e0187013abc861463378caa6e4a2bee49d4e2d263389687a7c2cd2a7cf0893da319bb04f1f1bf7a91d7976e9551face2928293abb98986187edcdafd8fcd9130316730357da17be532e14438a796ef47e40edb0ed9c55610d2b8bd52de0e656d17162ddb36612b94f1ab6ce11194cea845bd9f204e5acd84a374dcfaaf80fd7313f71c25f613af54a3096e7364c01e420bd2e4628c7e3d64d4a900d253656a03596dd5c25affa91fae809f41d6216d5ccc8d2e522f258991f9c0248c341711df4e5aab020e48aebca50cb85d77c54f3b9d7eca12130249416d596bc6dd635a6e90d5075048d099a826b3c9c665fe8d71a7fad2a0e0456698d2f8e1ab970b153aa28656ae2c52415daff4f454b9a423f6bd74d9f7d3dd62cfd260780e51d76d191d5c474f4c7d2d1f58a4b953b754d072ac9f69f2b17b71cfbc6790736df04bf5e9df73848bc80ccab3820fd19c8134dce4eac1af19c67ffc169e71f1c9acedaae570b13a6c80ef5f942d6a715ea3b6bd0cb877b2456d38eca79a09020c5b70ada626d98071af32dcd116c12335b48cf8ed8786f039f1c1188a12c84fa76ab6dcbaae5b73cda1773983cc31f810b8326a5d31938dbef8b95699f0cc88a61a66ae635af6bbe251d90f0dadbf9389c2a3337d97103a5b63da1aaf2db95cdcc273c1ba2fb06cbd7a84021742d6d308a876fcc349038c385a23b5ad0f78ba10627a7e2198ebd0197723d7d8494029234627ac3eca197785518fb0be557890d7a1270481da68a0cd3ddf599c42719b8415d01bd855d01a54ecf27be1dcf5a540ab3c9c4bf87e275155d754712a26b6aafbeb7abca50d8de66aa240e54bfda18cc97714e564fe6d778b0cb374e14556a48", 0x46d}], 0x1) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000600), 0x4) sendto$inet(r0, &(0x7f00000012c0)='\f&', 0x2, 0x11, 0x0, 0x0) 03:22:51 executing program 1: prlimit64(0x0, 0x0, &(0x7f0000000280)={0x9, 0x8d}, 0x0) syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='sched\x00') preadv(0xffffffffffffffff, &(0x7f0000000380)=[{&(0x7f0000000240)=""/123, 0xfffffe65}], 0x1, 0x1000000) syz_genetlink_get_family_id$ipvs(0x0) sendmsg$IPVS_CMD_FLUSH(0xffffffffffffffff, &(0x7f0000000500)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16, @ANYBLOB], 0x3}, 0x1, 0x0, 0x0, 0x4000000}, 0x1) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x7e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r4 = open(&(0x7f0000000240)='./file0\x00', 0x880, 0x0) fchdir(r4) r5 = creat(&(0x7f0000000680)='./bus\x00', 0x0) ftruncate(r5, 0x800) lseek(r5, 0x0, 0x2) r6 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0) sendfile(r5, r6, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0x0) sendmsg$NL80211_CMD_START_SCHED_SCAN(0xffffffffffffffff, &(0x7f0000000440)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000400)={&(0x7f00000006c0)=ANY=[@ANYBLOB="6000000056f3257a4fcfe2f523d172e7d3ccf9f026b82608f14536009793803f9262155f95eda2f906e1adf01794d1dc50d9f94fa2755eb6a78e734497b5d45d20299029657b342cf5048b8df517b8262e43802b6f4fd08e4831281e6744113689ba928193e3524a7b5bb966519233661752defd54145cabdab0049aba08ea9b814907008c1d269b2644bfdc4b8dc013fb936339f53e", @ANYRES16=0x0, @ANYBLOB="007bb5bd7000ffdbdf254b0000000400ec000a000600bbbbbbbbbbbb00000800d20000000700000000eeaaa100000000006a00000008000000000000000800000001000000080000000800000008000000fa02038ea700000103e31f08a3aa2bc5ddfe963acf2808c9a935574177c8d8dc9a540181df1ed1e696607eb8de4875eb"], 0x60}, 0x1, 0x0, 0x0, 0x4080}, 0xa0) 03:22:51 executing program 2: 03:22:51 executing program 4: 03:22:51 executing program 3: 03:22:51 executing program 5: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r0, &(0x7f0000000280)={0x2, 0x4e23, @broadcast}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000480)={0x0, &(0x7f0000000400)}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) writev(r0, &(0x7f0000000bc0)=[{&(0x7f0000001340)="83a15d3f300b93f0737fde29ed5ab6a63f07c8891c4cd3d41ffff7136b011fff477d56ddd308455ff218d7bfab83b8ef75d5065d03adb820d42e03b0cd5ee383835cb611a3c7ac10e5b649a6901211360409c6e612e28110b1b5ee515fccf8a1031d396ea7b27b787779d57a7e428cc441a8e3ef52f3b73e76b729f56cc4fc4ba98263817c50d83f7a174e7322512908dc04f0965019807f47716203dd7e4ed9cb7579fe30e47df7ec5b0d9bc3e0268c9d794c187b021aa6e8c3cff33bae2ba5a28bf09121649a3a6de389c710f95d7eed26dde32725c55c8034a270c74ab3c59074ce0e0e00e83349b1332f69ef1773bb4a95a6ee448de80216b80ad910546cb9d8cb26f5db729f9835ab1b3fbc5a8479f9161846a26c7b112a85d952b49ebeefde12bf14150d81f5c734c463b14fc0b6a739fe413fbbd79257fbee13405f6ce7892788f6b14f90c2ef788e73e54dcf049e835b7fc9db9bd7a424be964444531069e799d8032b3856bb3ef6f0d8e9c21ae48c58f4965817bf278ac948f4aae727e8241a2ab6781b8c5d58d7731cb13a264b82e84d811432c04d8c4f059fc7bf0bff0f10d6896ee714f76474787bf1c8704178320e7252d6f60a5839c82e782e08b1cf3c6d56a01e6cc70111385b408aecf4873d305a0754ed28440ebfce3d7bbd94bdebd6e945bd2b17dcf26379dfb2ec6bb2e1a61eeea342a987b91bb3ce5e0187013abc861463378caa6e4a2bee49d4e2d263389687a7c2cd2a7cf0893da319bb04f1f1bf7a91d7976e9551face2928293abb98986187edcdafd8fcd9130316730357da17be532e14438a796ef47e40edb0ed9c55610d2b8bd52de0e656d17162ddb36612b94f1ab6ce11194cea845bd9f204e5acd84a374dcfaaf80fd7313f71c25f613af54a3096e7364c01e420bd2e4628c7e3d64d4a900d253656a03596dd5c25affa91fae809f41d6216d5ccc8d2e522f258991f9c0248c341711df4e5aab020e48aebca50cb85d77c54f3b9d7eca12130249416d596bc6dd635a6e90d5075048d099a826b3c9c665fe8d71a7fad2a0e0456698d2f8e1ab970b153aa28656ae2c52415daff4f454b9a423f6bd74d9f7d3dd62cfd260780e51d76d191d5c474f4c7d2d1f58a4b953b754d072ac9f69f2b17b71cfbc6790736df04bf5e9df73848bc80ccab3820fd19c8134dce4eac1af19c67ffc169e71f1c9acedaae570b13a6c80ef5f942d6a715ea3b6bd0cb877b2456d38eca79a09020c5b70ada626d98071af32dcd116c12335b48cf8ed8786f039f1c1188a12c84fa76ab6dcbaae5b73cda1773983cc31f810b8326a5d31938dbef8b95699f0cc88a61a66ae635af6bbe251d90f0dadbf9389c2a3337d97103a5b63da1aaf2db95cdcc273c1ba2fb06cbd7a84021742d6d308a876fcc349038c385a23b5ad0f78ba10627a7e2198ebd0197723d7d8494029234627ac3eca197785518fb0be557890d7a1270481da68a0cd3ddf599c42719b8415d01bd855d01a54ecf27be1dcf5a540ab3c9c4bf87e275155d754712a26b6aafbeb7abca50d8de66aa240e54bfda18cc97714e564fe6d778b0cb374e14556a48", 0x46d}], 0x1) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000600), 0x4) sendto$inet(r0, &(0x7f00000012c0)='\f&', 0x2, 0x11, 0x0, 0x0) 03:22:51 executing program 3: [ 611.262954][ T27] audit: type=1804 audit(1583119371.261:297): pid=25075 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir486746795/syzkaller.S4NoXv/139/file0/bus" dev="loop1" ino=151 res=1 03:22:51 executing program 4: [ 611.429772][ T27] audit: type=1804 audit(1583119371.331:298): pid=25081 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir486746795/syzkaller.S4NoXv/139/file0/bus" dev="loop1" ino=151 res=1 03:22:54 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000200)="6653070002053c27bc337600363925d86800278dcff47d010000805acf4f8f36460234432479aed75d492b415bcee00a06dc9d8e99adaf81dcfc6afd983f79e65199615607676f8f9fc0ebf8b0b16d6f2c59957ab364884b3c5d05692e664ebf68e6faa5", 0x64}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, 0x0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ptrace$cont(0x7, r0, 0x0, 0x0) 03:22:54 executing program 2: 03:22:54 executing program 3: 03:22:54 executing program 5: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r0, &(0x7f0000000280)={0x2, 0x4e23, @broadcast}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000400)=[{0x0, 0x0, 0x0, 0xe8}]}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) writev(r0, &(0x7f0000000bc0)=[{&(0x7f0000001340)="83a15d3f300b93f0737fde29ed5ab6a63f07c8891c4cd3d41ffff7136b011fff477d56ddd308455ff218d7bfab83b8ef75d5065d03adb820d42e03b0cd5ee383835cb611a3c7ac10e5b649a6901211360409c6e612e28110b1b5ee515fccf8a1031d396ea7b27b787779d57a7e428cc441a8e3ef52f3b73e76b729f56cc4fc4ba98263817c50d83f7a174e7322512908dc04f0965019807f47716203dd7e4ed9cb7579fe30e47df7ec5b0d9bc3e0268c9d794c187b021aa6e8c3cff33bae2ba5a28bf09121649a3a6de389c710f95d7eed26dde32725c55c8034a270c74ab3c59074ce0e0e00e83349b1332f69ef1773bb4a95a6ee448de80216b80ad910546cb9d8cb26f5db729f9835ab1b3fbc5a8479f9161846a26c7b112a85d952b49ebeefde12bf14150d81f5c734c463b14fc0b6a739fe413fbbd79257fbee13405f6ce7892788f6b14f90c2ef788e73e54dcf049e835b7fc9db9bd7a424be964444531069e799d8032b3856bb3ef6f0d8e9c21ae48c58f4965817bf278ac948f4aae727e8241a2ab6781b8c5d58d7731cb13a264b82e84d811432c04d8c4f059fc7bf0bff0f10d6896ee714f76474787bf1c8704178320e7252d6f60a5839c82e782e08b1cf3c6d56a01e6cc70111385b408aecf4873d305a0754ed28440ebfce3d7bbd94bdebd6e945bd2b17dcf26379dfb2ec6bb2e1a61eeea342a987b91bb3ce5e0187013abc861463378caa6e4a2bee49d4e2d263389687a7c2cd2a7cf0893da319bb04f1f1bf7a91d7976e9551face2928293abb98986187edcdafd8fcd9130316730357da17be532e14438a796ef47e40edb0ed9c55610d2b8bd52de0e656d17162ddb36612b94f1ab6ce11194cea845bd9f204e5acd84a374dcfaaf80fd7313f71c25f613af54a3096e7364c01e420bd2e4628c7e3d64d4a900d253656a03596dd5c25affa91fae809f41d6216d5ccc8d2e522f258991f9c0248c341711df4e5aab020e48aebca50cb85d77c54f3b9d7eca12130249416d596bc6dd635a6e90d5075048d099a826b3c9c665fe8d71a7fad2a0e0456698d2f8e1ab970b153aa28656ae2c52415daff4f454b9a423f6bd74d9f7d3dd62cfd260780e51d76d191d5c474f4c7d2d1f58a4b953b754d072ac9f69f2b17b71cfbc6790736df04bf5e9df73848bc80ccab3820fd19c8134dce4eac1af19c67ffc169e71f1c9acedaae570b13a6c80ef5f942d6a715ea3b6bd0cb877b2456d38eca79a09020c5b70ada626d98071af32dcd116c12335b48cf8ed8786f039f1c1188a12c84fa76ab6dcbaae5b73cda1773983cc31f810b8326a5d31938dbef8b95699f0cc88a61a66ae635af6bbe251d90f0dadbf9389c2a3337d97103a5b63da1aaf2db95cdcc273c1ba2fb06cbd7a84021742d6d308a876fcc349038c385a23b5ad0f78ba10627a7e2198ebd0197723d7d8494029234627ac3eca197785518fb0be557890d7a1270481da68a0cd3ddf599c42719b8415d01bd855d01a54ecf27be1dcf5a540ab3c9c4bf87e275155d754712a26b6aafbeb7abca50d8de66aa240e54bfda18cc97714e564fe6d778b0cb374e14556a48", 0x46d}], 0x1) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000600), 0x4) sendto$inet(r0, &(0x7f00000012c0)='\f&', 0x2, 0x11, 0x0, 0x0) 03:22:54 executing program 4: 03:22:54 executing program 1: prlimit64(0x0, 0x0, &(0x7f0000000280)={0x9, 0x8d}, 0x0) syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='sched\x00') preadv(0xffffffffffffffff, &(0x7f0000000380)=[{&(0x7f0000000240)=""/123, 0xfffffe65}], 0x1, 0x1000000) r0 = syz_genetlink_get_family_id$ipvs(0x0) sendmsg$IPVS_CMD_FLUSH(0xffffffffffffffff, &(0x7f0000000500)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)=ANY=[@ANYRES16=r0, @ANYBLOB], 0x2}, 0x1, 0x0, 0x0, 0x4000000}, 0x1) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x7e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r5 = open(&(0x7f0000000240)='./file0\x00', 0x880, 0x0) fchdir(r5) r6 = creat(&(0x7f0000000680)='./bus\x00', 0x0) ftruncate(r6, 0x800) lseek(r6, 0x0, 0x2) r7 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0) sendfile(r6, r7, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0x0) sendmsg$NL80211_CMD_START_SCHED_SCAN(0xffffffffffffffff, &(0x7f0000000440)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000400)={&(0x7f00000006c0)=ANY=[@ANYBLOB="6000000056f3257a4fcfe2f523d172e7d3ccf9f026b82608f14536009793803f9262155f95eda2f906e1adf01794d1dc50d9f94fa2755eb6a78e734497b5d45d20299029657b342cf5048b8df517b8262e43802b6f4fd08e4831281e6744113689ba928193e3524a7b5bb966519233661752defd54145cabdab0049aba08ea9b814907008c1d269b2644bfdc4b8dc013fb936339f53e", @ANYRES16=0x0, @ANYBLOB="007bb5bd7000ffdbdf254b0000000400ec000a000600bbbbbbbbbbbb00000800d20000000700000000eeaaa100000000006a00000008000000000000000800000001000000080000000800000008000000fa02038ea700000103e31f08a3aa2bc5ddfe963acf2808c9a935574177c8d8dc9a540181df1ed1e696607eb8de4875eb"], 0x60}, 0x1, 0x0, 0x0, 0x4080}, 0xa0) 03:22:54 executing program 4: 03:22:54 executing program 2: 03:22:54 executing program 3: 03:22:54 executing program 5: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r0, &(0x7f0000000280)={0x2, 0x4e23, @broadcast}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000400)=[{0x0, 0x0, 0x0, 0xe8}]}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) writev(r0, &(0x7f0000000bc0)=[{&(0x7f0000001340)="83a15d3f300b93f0737fde29ed5ab6a63f07c8891c4cd3d41ffff7136b011fff477d56ddd308455ff218d7bfab83b8ef75d5065d03adb820d42e03b0cd5ee383835cb611a3c7ac10e5b649a6901211360409c6e612e28110b1b5ee515fccf8a1031d396ea7b27b787779d57a7e428cc441a8e3ef52f3b73e76b729f56cc4fc4ba98263817c50d83f7a174e7322512908dc04f0965019807f47716203dd7e4ed9cb7579fe30e47df7ec5b0d9bc3e0268c9d794c187b021aa6e8c3cff33bae2ba5a28bf09121649a3a6de389c710f95d7eed26dde32725c55c8034a270c74ab3c59074ce0e0e00e83349b1332f69ef1773bb4a95a6ee448de80216b80ad910546cb9d8cb26f5db729f9835ab1b3fbc5a8479f9161846a26c7b112a85d952b49ebeefde12bf14150d81f5c734c463b14fc0b6a739fe413fbbd79257fbee13405f6ce7892788f6b14f90c2ef788e73e54dcf049e835b7fc9db9bd7a424be964444531069e799d8032b3856bb3ef6f0d8e9c21ae48c58f4965817bf278ac948f4aae727e8241a2ab6781b8c5d58d7731cb13a264b82e84d811432c04d8c4f059fc7bf0bff0f10d6896ee714f76474787bf1c8704178320e7252d6f60a5839c82e782e08b1cf3c6d56a01e6cc70111385b408aecf4873d305a0754ed28440ebfce3d7bbd94bdebd6e945bd2b17dcf26379dfb2ec6bb2e1a61eeea342a987b91bb3ce5e0187013abc861463378caa6e4a2bee49d4e2d263389687a7c2cd2a7cf0893da319bb04f1f1bf7a91d7976e9551face2928293abb98986187edcdafd8fcd9130316730357da17be532e14438a796ef47e40edb0ed9c55610d2b8bd52de0e656d17162ddb36612b94f1ab6ce11194cea845bd9f204e5acd84a374dcfaaf80fd7313f71c25f613af54a3096e7364c01e420bd2e4628c7e3d64d4a900d253656a03596dd5c25affa91fae809f41d6216d5ccc8d2e522f258991f9c0248c341711df4e5aab020e48aebca50cb85d77c54f3b9d7eca12130249416d596bc6dd635a6e90d5075048d099a826b3c9c665fe8d71a7fad2a0e0456698d2f8e1ab970b153aa28656ae2c52415daff4f454b9a423f6bd74d9f7d3dd62cfd260780e51d76d191d5c474f4c7d2d1f58a4b953b754d072ac9f69f2b17b71cfbc6790736df04bf5e9df73848bc80ccab3820fd19c8134dce4eac1af19c67ffc169e71f1c9acedaae570b13a6c80ef5f942d6a715ea3b6bd0cb877b2456d38eca79a09020c5b70ada626d98071af32dcd116c12335b48cf8ed8786f039f1c1188a12c84fa76ab6dcbaae5b73cda1773983cc31f810b8326a5d31938dbef8b95699f0cc88a61a66ae635af6bbe251d90f0dadbf9389c2a3337d97103a5b63da1aaf2db95cdcc273c1ba2fb06cbd7a84021742d6d308a876fcc349038c385a23b5ad0f78ba10627a7e2198ebd0197723d7d8494029234627ac3eca197785518fb0be557890d7a1270481da68a0cd3ddf599c42719b8415d01bd855d01a54ecf27be1dcf5a540ab3c9c4bf87e275155d754712a26b6aafbeb7abca50d8de66aa240e54bfda18cc97714e564fe6d778b0cb374e14556a48", 0x46d}], 0x1) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000600), 0x4) sendto$inet(r0, &(0x7f00000012c0)='\f&', 0x2, 0x11, 0x0, 0x0) 03:22:54 executing program 4: [ 614.381824][ T27] audit: type=1804 audit(1583119374.381:299): pid=25109 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir486746795/syzkaller.S4NoXv/140/file0/bus" dev="loop1" ino=152 res=1 03:22:54 executing program 2: [ 614.481962][ T27] audit: type=1804 audit(1583119374.481:300): pid=25118 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir486746795/syzkaller.S4NoXv/140/file0/bus" dev="loop1" ino=152 res=1 [ 615.068681][ T7954] attempt to access beyond end of device [ 615.074526][ T7954] loop1: rw=1, want=2921, limit=63 [ 615.084702][ T7954] attempt to access beyond end of device [ 615.090606][ T7954] loop1: rw=1, want=4969, limit=63 [ 615.101114][ T7954] attempt to access beyond end of device [ 615.107529][ T7954] loop1: rw=1, want=7025, limit=63 [ 615.117288][ T7954] attempt to access beyond end of device [ 615.123082][ T7954] loop1: rw=1, want=9073, limit=63 [ 615.133500][ T7954] attempt to access beyond end of device [ 615.139276][ T7954] loop1: rw=1, want=11121, limit=63 [ 615.150333][ T7954] attempt to access beyond end of device [ 615.156088][ T7954] loop1: rw=1, want=13169, limit=63 [ 615.165839][ T7954] attempt to access beyond end of device [ 615.171565][ T7954] loop1: rw=1, want=15217, limit=63 [ 615.181948][ T7954] attempt to access beyond end of device [ 615.187667][ T7954] loop1: rw=1, want=17009, limit=63 03:22:57 executing program 3: 03:22:57 executing program 5: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r0, &(0x7f0000000280)={0x2, 0x4e23, @broadcast}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000400)=[{0x0, 0x0, 0x0, 0xe8}]}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) writev(r0, &(0x7f0000000bc0)=[{&(0x7f0000001340)="83a15d3f300b93f0737fde29ed5ab6a63f07c8891c4cd3d41ffff7136b011fff477d56ddd308455ff218d7bfab83b8ef75d5065d03adb820d42e03b0cd5ee383835cb611a3c7ac10e5b649a6901211360409c6e612e28110b1b5ee515fccf8a1031d396ea7b27b787779d57a7e428cc441a8e3ef52f3b73e76b729f56cc4fc4ba98263817c50d83f7a174e7322512908dc04f0965019807f47716203dd7e4ed9cb7579fe30e47df7ec5b0d9bc3e0268c9d794c187b021aa6e8c3cff33bae2ba5a28bf09121649a3a6de389c710f95d7eed26dde32725c55c8034a270c74ab3c59074ce0e0e00e83349b1332f69ef1773bb4a95a6ee448de80216b80ad910546cb9d8cb26f5db729f9835ab1b3fbc5a8479f9161846a26c7b112a85d952b49ebeefde12bf14150d81f5c734c463b14fc0b6a739fe413fbbd79257fbee13405f6ce7892788f6b14f90c2ef788e73e54dcf049e835b7fc9db9bd7a424be964444531069e799d8032b3856bb3ef6f0d8e9c21ae48c58f4965817bf278ac948f4aae727e8241a2ab6781b8c5d58d7731cb13a264b82e84d811432c04d8c4f059fc7bf0bff0f10d6896ee714f76474787bf1c8704178320e7252d6f60a5839c82e782e08b1cf3c6d56a01e6cc70111385b408aecf4873d305a0754ed28440ebfce3d7bbd94bdebd6e945bd2b17dcf26379dfb2ec6bb2e1a61eeea342a987b91bb3ce5e0187013abc861463378caa6e4a2bee49d4e2d263389687a7c2cd2a7cf0893da319bb04f1f1bf7a91d7976e9551face2928293abb98986187edcdafd8fcd9130316730357da17be532e14438a796ef47e40edb0ed9c55610d2b8bd52de0e656d17162ddb36612b94f1ab6ce11194cea845bd9f204e5acd84a374dcfaaf80fd7313f71c25f613af54a3096e7364c01e420bd2e4628c7e3d64d4a900d253656a03596dd5c25affa91fae809f41d6216d5ccc8d2e522f258991f9c0248c341711df4e5aab020e48aebca50cb85d77c54f3b9d7eca12130249416d596bc6dd635a6e90d5075048d099a826b3c9c665fe8d71a7fad2a0e0456698d2f8e1ab970b153aa28656ae2c52415daff4f454b9a423f6bd74d9f7d3dd62cfd260780e51d76d191d5c474f4c7d2d1f58a4b953b754d072ac9f69f2b17b71cfbc6790736df04bf5e9df73848bc80ccab3820fd19c8134dce4eac1af19c67ffc169e71f1c9acedaae570b13a6c80ef5f942d6a715ea3b6bd0cb877b2456d38eca79a09020c5b70ada626d98071af32dcd116c12335b48cf8ed8786f039f1c1188a12c84fa76ab6dcbaae5b73cda1773983cc31f810b8326a5d31938dbef8b95699f0cc88a61a66ae635af6bbe251d90f0dadbf9389c2a3337d97103a5b63da1aaf2db95cdcc273c1ba2fb06cbd7a84021742d6d308a876fcc349038c385a23b5ad0f78ba10627a7e2198ebd0197723d7d8494029234627ac3eca197785518fb0be557890d7a1270481da68a0cd3ddf599c42719b8415d01bd855d01a54ecf27be1dcf5a540ab3c9c4bf87e275155d754712a26b6aafbeb7abca50d8de66aa240e54bfda18cc97714e564fe6d778b0cb374e14556a48", 0x46d}], 0x1) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000600), 0x4) sendto$inet(r0, &(0x7f00000012c0)='\f&', 0x2, 0x11, 0x0, 0x0) 03:22:57 executing program 4: 03:22:57 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000200)="6653070002053c27bc337600363925d86800278dcff47d010000805acf4f8f36460234432479aed75d492b415bcee00a06dc9d8e99adaf81dcfc6afd983f79e65199615607676f8f9fc0ebf8b0b16d6f2c59957ab364884b3c5d05692e664ebf68e6faa5", 0x64}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, 0x0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ptrace$cont(0x7, r0, 0x0, 0x0) 03:22:57 executing program 2: 03:22:57 executing program 1: prlimit64(0x0, 0x0, &(0x7f0000000280)={0x9, 0x8d}, 0x0) syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='sched\x00') preadv(0xffffffffffffffff, &(0x7f0000000380)=[{&(0x7f0000000240)=""/123, 0xfffffe65}], 0x1, 0x1000000) r0 = syz_genetlink_get_family_id$ipvs(0x0) sendmsg$IPVS_CMD_FLUSH(0xffffffffffffffff, &(0x7f0000000500)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)=ANY=[@ANYRES16=r0, @ANYBLOB], 0x2}, 0x1, 0x0, 0x0, 0x4000000}, 0x1) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x7e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r5 = open(&(0x7f0000000240)='./file0\x00', 0x880, 0x0) fchdir(r5) r6 = creat(&(0x7f0000000680)='./bus\x00', 0x0) ftruncate(r6, 0x800) lseek(r6, 0x0, 0x2) r7 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0) sendfile(r6, r7, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0x0) sendmsg$NL80211_CMD_START_SCHED_SCAN(0xffffffffffffffff, &(0x7f0000000440)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000400)={&(0x7f00000006c0)=ANY=[@ANYBLOB="6000000056f3257a4fcfe2f523d172e7d3ccf9f026b82608f14536009793803f9262155f95eda2f906e1adf01794d1dc50d9f94fa2755eb6a78e734497b5d45d20299029657b342cf5048b8df517b8262e43802b6f4fd08e4831281e6744113689ba928193e3524a7b5bb966519233661752defd54145cabdab0049aba08ea9b814907008c1d269b2644bfdc4b8dc013fb936339f53e", @ANYRES16=0x0, @ANYBLOB="007bb5bd7000ffdbdf254b0000000400ec000a000600bbbbbbbbbbbb00000800d20000000700000000eeaaa100000000006a00000008000000000000000800000001000000080000000800000008000000fa02038ea700000103e31f08a3aa2bc5ddfe963acf2808c9a935574177c8d8dc9a540181df1ed1e696607eb8de4875eb"], 0x60}, 0x1, 0x0, 0x0, 0x4080}, 0xa0) 03:22:57 executing program 2: 03:22:57 executing program 3: 03:22:57 executing program 4: 03:22:57 executing program 5: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r0, &(0x7f0000000280)={0x2, 0x4e23, @broadcast}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000400)=[{0x6}]}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) writev(r0, &(0x7f0000000bc0)=[{&(0x7f0000001340)="83a15d3f300b93f0737fde29ed5ab6a63f07c8891c4cd3d41ffff7136b011fff477d56ddd308455ff218d7bfab83b8ef75d5065d03adb820d42e03b0cd5ee383835cb611a3c7ac10e5b649a6901211360409c6e612e28110b1b5ee515fccf8a1031d396ea7b27b787779d57a7e428cc441a8e3ef52f3b73e76b729f56cc4fc4ba98263817c50d83f7a174e7322512908dc04f0965019807f47716203dd7e4ed9cb7579fe30e47df7ec5b0d9bc3e0268c9d794c187b021aa6e8c3cff33bae2ba5a28bf09121649a3a6de389c710f95d7eed26dde32725c55c8034a270c74ab3c59074ce0e0e00e83349b1332f69ef1773bb4a95a6ee448de80216b80ad910546cb9d8cb26f5db729f9835ab1b3fbc5a8479f9161846a26c7b112a85d952b49ebeefde12bf14150d81f5c734c463b14fc0b6a739fe413fbbd79257fbee13405f6ce7892788f6b14f90c2ef788e73e54dcf049e835b7fc9db9bd7a424be964444531069e799d8032b3856bb3ef6f0d8e9c21ae48c58f4965817bf278ac948f4aae727e8241a2ab6781b8c5d58d7731cb13a264b82e84d811432c04d8c4f059fc7bf0bff0f10d6896ee714f76474787bf1c8704178320e7252d6f60a5839c82e782e08b1cf3c6d56a01e6cc70111385b408aecf4873d305a0754ed28440ebfce3d7bbd94bdebd6e945bd2b17dcf26379dfb2ec6bb2e1a61eeea342a987b91bb3ce5e0187013abc861463378caa6e4a2bee49d4e2d263389687a7c2cd2a7cf0893da319bb04f1f1bf7a91d7976e9551face2928293abb98986187edcdafd8fcd9130316730357da17be532e14438a796ef47e40edb0ed9c55610d2b8bd52de0e656d17162ddb36612b94f1ab6ce11194cea845bd9f204e5acd84a374dcfaaf80fd7313f71c25f613af54a3096e7364c01e420bd2e4628c7e3d64d4a900d253656a03596dd5c25affa91fae809f41d6216d5ccc8d2e522f258991f9c0248c341711df4e5aab020e48aebca50cb85d77c54f3b9d7eca12130249416d596bc6dd635a6e90d5075048d099a826b3c9c665fe8d71a7fad2a0e0456698d2f8e1ab970b153aa28656ae2c52415daff4f454b9a423f6bd74d9f7d3dd62cfd260780e51d76d191d5c474f4c7d2d1f58a4b953b754d072ac9f69f2b17b71cfbc6790736df04bf5e9df73848bc80ccab3820fd19c8134dce4eac1af19c67ffc169e71f1c9acedaae570b13a6c80ef5f942d6a715ea3b6bd0cb877b2456d38eca79a09020c5b70ada626d98071af32dcd116c12335b48cf8ed8786f039f1c1188a12c84fa76ab6dcbaae5b73cda1773983cc31f810b8326a5d31938dbef8b95699f0cc88a61a66ae635af6bbe251d90f0dadbf9389c2a3337d97103a5b63da1aaf2db95cdcc273c1ba2fb06cbd7a84021742d6d308a876fcc349038c385a23b5ad0f78ba10627a7e2198ebd0197723d7d8494029234627ac3eca197785518fb0be557890d7a1270481da68a0cd3ddf599c42719b8415d01bd855d01a54ecf27be1dcf5a540ab3c9c4bf87e275155d754712a26b6aafbeb7abca50d8de66aa240e54bfda18cc97714e564fe6d778b0cb374e14556a48", 0x46d}], 0x1) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000600), 0x4) sendto$inet(r0, &(0x7f00000012c0)='\f&', 0x2, 0x11, 0x0, 0x0) 03:22:57 executing program 2: [ 617.528559][ T27] audit: type=1804 audit(1583119377.531:301): pid=25143 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir486746795/syzkaller.S4NoXv/141/file0/bus" dev="loop1" ino=153 res=1 03:22:57 executing program 4: 03:22:57 executing program 3: [ 617.558628][ T27] audit: type=1804 audit(1583119377.541:302): pid=25143 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir486746795/syzkaller.S4NoXv/141/file0/bus" dev="loop1" ino=153 res=1 03:22:57 executing program 5: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r0, &(0x7f0000000280)={0x2, 0x4e23, @broadcast}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000400)=[{0x6}]}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) writev(r0, &(0x7f0000000bc0)=[{&(0x7f0000001340)="83a15d3f300b93f0737fde29ed5ab6a63f07c8891c4cd3d41ffff7136b011fff477d56ddd308455ff218d7bfab83b8ef75d5065d03adb820d42e03b0cd5ee383835cb611a3c7ac10e5b649a6901211360409c6e612e28110b1b5ee515fccf8a1031d396ea7b27b787779d57a7e428cc441a8e3ef52f3b73e76b729f56cc4fc4ba98263817c50d83f7a174e7322512908dc04f0965019807f47716203dd7e4ed9cb7579fe30e47df7ec5b0d9bc3e0268c9d794c187b021aa6e8c3cff33bae2ba5a28bf09121649a3a6de389c710f95d7eed26dde32725c55c8034a270c74ab3c59074ce0e0e00e83349b1332f69ef1773bb4a95a6ee448de80216b80ad910546cb9d8cb26f5db729f9835ab1b3fbc5a8479f9161846a26c7b112a85d952b49ebeefde12bf14150d81f5c734c463b14fc0b6a739fe413fbbd79257fbee13405f6ce7892788f6b14f90c2ef788e73e54dcf049e835b7fc9db9bd7a424be964444531069e799d8032b3856bb3ef6f0d8e9c21ae48c58f4965817bf278ac948f4aae727e8241a2ab6781b8c5d58d7731cb13a264b82e84d811432c04d8c4f059fc7bf0bff0f10d6896ee714f76474787bf1c8704178320e7252d6f60a5839c82e782e08b1cf3c6d56a01e6cc70111385b408aecf4873d305a0754ed28440ebfce3d7bbd94bdebd6e945bd2b17dcf26379dfb2ec6bb2e1a61eeea342a987b91bb3ce5e0187013abc861463378caa6e4a2bee49d4e2d263389687a7c2cd2a7cf0893da319bb04f1f1bf7a91d7976e9551face2928293abb98986187edcdafd8fcd9130316730357da17be532e14438a796ef47e40edb0ed9c55610d2b8bd52de0e656d17162ddb36612b94f1ab6ce11194cea845bd9f204e5acd84a374dcfaaf80fd7313f71c25f613af54a3096e7364c01e420bd2e4628c7e3d64d4a900d253656a03596dd5c25affa91fae809f41d6216d5ccc8d2e522f258991f9c0248c341711df4e5aab020e48aebca50cb85d77c54f3b9d7eca12130249416d596bc6dd635a6e90d5075048d099a826b3c9c665fe8d71a7fad2a0e0456698d2f8e1ab970b153aa28656ae2c52415daff4f454b9a423f6bd74d9f7d3dd62cfd260780e51d76d191d5c474f4c7d2d1f58a4b953b754d072ac9f69f2b17b71cfbc6790736df04bf5e9df73848bc80ccab3820fd19c8134dce4eac1af19c67ffc169e71f1c9acedaae570b13a6c80ef5f942d6a715ea3b6bd0cb877b2456d38eca79a09020c5b70ada626d98071af32dcd116c12335b48cf8ed8786f039f1c1188a12c84fa76ab6dcbaae5b73cda1773983cc31f810b8326a5d31938dbef8b95699f0cc88a61a66ae635af6bbe251d90f0dadbf9389c2a3337d97103a5b63da1aaf2db95cdcc273c1ba2fb06cbd7a84021742d6d308a876fcc349038c385a23b5ad0f78ba10627a7e2198ebd0197723d7d8494029234627ac3eca197785518fb0be557890d7a1270481da68a0cd3ddf599c42719b8415d01bd855d01a54ecf27be1dcf5a540ab3c9c4bf87e275155d754712a26b6aafbeb7abca50d8de66aa240e54bfda18cc97714e564fe6d778b0cb374e14556a48", 0x46d}], 0x1) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000600), 0x4) sendto$inet(r0, &(0x7f00000012c0)='\f&', 0x2, 0x11, 0x0, 0x0) 03:23:00 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000200)="6653070002053c27bc337600363925d86800278dcff47d010000805acf4f8f36460234432479aed75d492b415bcee00a06dc9d8e99adaf81dcfc6afd983f79e65199615607676f8f9fc0ebf8b0b16d6f2c59957ab364884b3c5d05692e664ebf68e6faa5", 0x64}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, 0x0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ptrace$cont(0x7, r0, 0x0, 0x0) 03:23:00 executing program 2: 03:23:00 executing program 4: 03:23:00 executing program 3: 03:23:00 executing program 5: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r0, &(0x7f0000000280)={0x2, 0x4e23, @broadcast}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000400)=[{0x6}]}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) writev(r0, &(0x7f0000000bc0)=[{&(0x7f0000001340)="83a15d3f300b93f0737fde29ed5ab6a63f07c8891c4cd3d41ffff7136b011fff477d56ddd308455ff218d7bfab83b8ef75d5065d03adb820d42e03b0cd5ee383835cb611a3c7ac10e5b649a6901211360409c6e612e28110b1b5ee515fccf8a1031d396ea7b27b787779d57a7e428cc441a8e3ef52f3b73e76b729f56cc4fc4ba98263817c50d83f7a174e7322512908dc04f0965019807f47716203dd7e4ed9cb7579fe30e47df7ec5b0d9bc3e0268c9d794c187b021aa6e8c3cff33bae2ba5a28bf09121649a3a6de389c710f95d7eed26dde32725c55c8034a270c74ab3c59074ce0e0e00e83349b1332f69ef1773bb4a95a6ee448de80216b80ad910546cb9d8cb26f5db729f9835ab1b3fbc5a8479f9161846a26c7b112a85d952b49ebeefde12bf14150d81f5c734c463b14fc0b6a739fe413fbbd79257fbee13405f6ce7892788f6b14f90c2ef788e73e54dcf049e835b7fc9db9bd7a424be964444531069e799d8032b3856bb3ef6f0d8e9c21ae48c58f4965817bf278ac948f4aae727e8241a2ab6781b8c5d58d7731cb13a264b82e84d811432c04d8c4f059fc7bf0bff0f10d6896ee714f76474787bf1c8704178320e7252d6f60a5839c82e782e08b1cf3c6d56a01e6cc70111385b408aecf4873d305a0754ed28440ebfce3d7bbd94bdebd6e945bd2b17dcf26379dfb2ec6bb2e1a61eeea342a987b91bb3ce5e0187013abc861463378caa6e4a2bee49d4e2d263389687a7c2cd2a7cf0893da319bb04f1f1bf7a91d7976e9551face2928293abb98986187edcdafd8fcd9130316730357da17be532e14438a796ef47e40edb0ed9c55610d2b8bd52de0e656d17162ddb36612b94f1ab6ce11194cea845bd9f204e5acd84a374dcfaaf80fd7313f71c25f613af54a3096e7364c01e420bd2e4628c7e3d64d4a900d253656a03596dd5c25affa91fae809f41d6216d5ccc8d2e522f258991f9c0248c341711df4e5aab020e48aebca50cb85d77c54f3b9d7eca12130249416d596bc6dd635a6e90d5075048d099a826b3c9c665fe8d71a7fad2a0e0456698d2f8e1ab970b153aa28656ae2c52415daff4f454b9a423f6bd74d9f7d3dd62cfd260780e51d76d191d5c474f4c7d2d1f58a4b953b754d072ac9f69f2b17b71cfbc6790736df04bf5e9df73848bc80ccab3820fd19c8134dce4eac1af19c67ffc169e71f1c9acedaae570b13a6c80ef5f942d6a715ea3b6bd0cb877b2456d38eca79a09020c5b70ada626d98071af32dcd116c12335b48cf8ed8786f039f1c1188a12c84fa76ab6dcbaae5b73cda1773983cc31f810b8326a5d31938dbef8b95699f0cc88a61a66ae635af6bbe251d90f0dadbf9389c2a3337d97103a5b63da1aaf2db95cdcc273c1ba2fb06cbd7a84021742d6d308a876fcc349038c385a23b5ad0f78ba10627a7e2198ebd0197723d7d8494029234627ac3eca197785518fb0be557890d7a1270481da68a0cd3ddf599c42719b8415d01bd855d01a54ecf27be1dcf5a540ab3c9c4bf87e275155d754712a26b6aafbeb7abca50d8de66aa240e54bfda18cc97714e564fe6d778b0cb374e14556a48", 0x46d}], 0x1) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000600), 0x4) sendto$inet(r0, &(0x7f00000012c0)='\f&', 0x2, 0x11, 0x0, 0x0) 03:23:00 executing program 1: prlimit64(0x0, 0x0, &(0x7f0000000280)={0x9, 0x8d}, 0x0) syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='sched\x00') preadv(0xffffffffffffffff, &(0x7f0000000380)=[{&(0x7f0000000240)=""/123, 0xfffffe65}], 0x1, 0x1000000) r0 = syz_genetlink_get_family_id$ipvs(0x0) sendmsg$IPVS_CMD_FLUSH(0xffffffffffffffff, &(0x7f0000000500)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)=ANY=[@ANYRES16=r0, @ANYBLOB], 0x2}, 0x1, 0x0, 0x0, 0x4000000}, 0x1) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x7e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r5 = open(&(0x7f0000000240)='./file0\x00', 0x880, 0x0) fchdir(r5) r6 = creat(&(0x7f0000000680)='./bus\x00', 0x0) ftruncate(r6, 0x800) lseek(r6, 0x0, 0x2) r7 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0) sendfile(r6, r7, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0x0) sendmsg$NL80211_CMD_START_SCHED_SCAN(0xffffffffffffffff, &(0x7f0000000440)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000400)={&(0x7f00000006c0)=ANY=[@ANYBLOB="6000000056f3257a4fcfe2f523d172e7d3ccf9f026b82608f14536009793803f9262155f95eda2f906e1adf01794d1dc50d9f94fa2755eb6a78e734497b5d45d20299029657b342cf5048b8df517b8262e43802b6f4fd08e4831281e6744113689ba928193e3524a7b5bb966519233661752defd54145cabdab0049aba08ea9b814907008c1d269b2644bfdc4b8dc013fb936339f53e", @ANYRES16=0x0, @ANYBLOB="007bb5bd7000ffdbdf254b0000000400ec000a000600bbbbbbbbbbbb00000800d20000000700000000eeaaa100000000006a00000008000000000000000800000001000000080000000800000008000000fa02038ea700000103e31f08a3aa2bc5ddfe963acf2808c9a935574177c8d8dc9a540181df1ed1e696607eb8de4875eb"], 0x60}, 0x1, 0x0, 0x0, 0x4080}, 0xa0) 03:23:00 executing program 4: 03:23:00 executing program 3: 03:23:00 executing program 2: 03:23:00 executing program 5: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r0, &(0x7f0000000280)={0x2, 0x4e23, @broadcast}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000400)=[{0x6, 0x0, 0x0, 0xe8}]}, 0x10) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) writev(r0, &(0x7f0000000bc0)=[{&(0x7f0000001340)="83a15d3f300b93f0737fde29ed5ab6a63f07c8891c4cd3d41ffff7136b011fff477d56ddd308455ff218d7bfab83b8ef75d5065d03adb820d42e03b0cd5ee383835cb611a3c7ac10e5b649a6901211360409c6e612e28110b1b5ee515fccf8a1031d396ea7b27b787779d57a7e428cc441a8e3ef52f3b73e76b729f56cc4fc4ba98263817c50d83f7a174e7322512908dc04f0965019807f47716203dd7e4ed9cb7579fe30e47df7ec5b0d9bc3e0268c9d794c187b021aa6e8c3cff33bae2ba5a28bf09121649a3a6de389c710f95d7eed26dde32725c55c8034a270c74ab3c59074ce0e0e00e83349b1332f69ef1773bb4a95a6ee448de80216b80ad910546cb9d8cb26f5db729f9835ab1b3fbc5a8479f9161846a26c7b112a85d952b49ebeefde12bf14150d81f5c734c463b14fc0b6a739fe413fbbd79257fbee13405f6ce7892788f6b14f90c2ef788e73e54dcf049e835b7fc9db9bd7a424be964444531069e799d8032b3856bb3ef6f0d8e9c21ae48c58f4965817bf278ac948f4aae727e8241a2ab6781b8c5d58d7731cb13a264b82e84d811432c04d8c4f059fc7bf0bff0f10d6896ee714f76474787bf1c8704178320e7252d6f60a5839c82e782e08b1cf3c6d56a01e6cc70111385b408aecf4873d305a0754ed28440ebfce3d7bbd94bdebd6e945bd2b17dcf26379dfb2ec6bb2e1a61eeea342a987b91bb3ce5e0187013abc861463378caa6e4a2bee49d4e2d263389687a7c2cd2a7cf0893da319bb04f1f1bf7a91d7976e9551face2928293abb98986187edcdafd8fcd9130316730357da17be532e14438a796ef47e40edb0ed9c55610d2b8bd52de0e656d17162ddb36612b94f1ab6ce11194cea845bd9f204e5acd84a374dcfaaf80fd7313f71c25f613af54a3096e7364c01e420bd2e4628c7e3d64d4a900d253656a03596dd5c25affa91fae809f41d6216d5ccc8d2e522f258991f9c0248c341711df4e5aab020e48aebca50cb85d77c54f3b9d7eca12130249416d596bc6dd635a6e90d5075048d099a826b3c9c665fe8d71a7fad2a0e0456698d2f8e1ab970b153aa28656ae2c52415daff4f454b9a423f6bd74d9f7d3dd62cfd260780e51d76d191d5c474f4c7d2d1f58a4b953b754d072ac9f69f2b17b71cfbc6790736df04bf5e9df73848bc80ccab3820fd19c8134dce4eac1af19c67ffc169e71f1c9acedaae570b13a6c80ef5f942d6a715ea3b6bd0cb877b2456d38eca79a09020c5b70ada626d98071af32dcd116c12335b48cf8ed8786f039f1c1188a12c84fa76ab6dcbaae5b73cda1773983cc31f810b8326a5d31938dbef8b95699f0cc88a61a66ae635af6bbe251d90f0dadbf9389c2a3337d97103a5b63da1aaf2db95cdcc273c1ba2fb06cbd7a84021742d6d308a876fcc349038c385a23b5ad0f78ba10627a7e2198ebd0197723d7d8494029234627ac3eca197785518fb0be557890d7a1270481da68a0cd3ddf599c42719b8415d01bd855d01a54ecf27be1dcf5a540ab3c9c4bf87e275155d754712a26b6aafbeb7abca50d8de66aa240e54bfda18cc97714e564fe6d778b0cb374e14556a48", 0x46d}], 0x1) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000600), 0x4) sendto$inet(r0, &(0x7f00000012c0)='\f&', 0x2, 0x11, 0x0, 0x0) 03:23:00 executing program 2: 03:23:00 executing program 4: 03:23:03 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000200)="6653070002053c27bc337600363925d86800278dcff47d010000805acf4f8f36460234432479aed75d492b415bcee00a06dc9d8e99adaf81dcfc6afd983f79e65199615607676f8f9fc0ebf8b0b16d6f2c59957ab364884b3c5d05692e664ebf68e6faa5", 0x64}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xffffffffffffffff, r0, 0x0, &(0x7f0000000080)) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ptrace$cont(0x7, r0, 0x0, 0x0) 03:23:03 executing program 2: 03:23:03 executing program 3: 03:23:03 executing program 5: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r0, &(0x7f0000000280)={0x2, 0x4e23, @broadcast}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000400)=[{0x6, 0x0, 0x0, 0xe8}]}, 0x10) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) writev(r0, &(0x7f0000000bc0)=[{&(0x7f0000001340)="83a15d3f300b93f0737fde29ed5ab6a63f07c8891c4cd3d41ffff7136b011fff477d56ddd308455ff218d7bfab83b8ef75d5065d03adb820d42e03b0cd5ee383835cb611a3c7ac10e5b649a6901211360409c6e612e28110b1b5ee515fccf8a1031d396ea7b27b787779d57a7e428cc441a8e3ef52f3b73e76b729f56cc4fc4ba98263817c50d83f7a174e7322512908dc04f0965019807f47716203dd7e4ed9cb7579fe30e47df7ec5b0d9bc3e0268c9d794c187b021aa6e8c3cff33bae2ba5a28bf09121649a3a6de389c710f95d7eed26dde32725c55c8034a270c74ab3c59074ce0e0e00e83349b1332f69ef1773bb4a95a6ee448de80216b80ad910546cb9d8cb26f5db729f9835ab1b3fbc5a8479f9161846a26c7b112a85d952b49ebeefde12bf14150d81f5c734c463b14fc0b6a739fe413fbbd79257fbee13405f6ce7892788f6b14f90c2ef788e73e54dcf049e835b7fc9db9bd7a424be964444531069e799d8032b3856bb3ef6f0d8e9c21ae48c58f4965817bf278ac948f4aae727e8241a2ab6781b8c5d58d7731cb13a264b82e84d811432c04d8c4f059fc7bf0bff0f10d6896ee714f76474787bf1c8704178320e7252d6f60a5839c82e782e08b1cf3c6d56a01e6cc70111385b408aecf4873d305a0754ed28440ebfce3d7bbd94bdebd6e945bd2b17dcf26379dfb2ec6bb2e1a61eeea342a987b91bb3ce5e0187013abc861463378caa6e4a2bee49d4e2d263389687a7c2cd2a7cf0893da319bb04f1f1bf7a91d7976e9551face2928293abb98986187edcdafd8fcd9130316730357da17be532e14438a796ef47e40edb0ed9c55610d2b8bd52de0e656d17162ddb36612b94f1ab6ce11194cea845bd9f204e5acd84a374dcfaaf80fd7313f71c25f613af54a3096e7364c01e420bd2e4628c7e3d64d4a900d253656a03596dd5c25affa91fae809f41d6216d5ccc8d2e522f258991f9c0248c341711df4e5aab020e48aebca50cb85d77c54f3b9d7eca12130249416d596bc6dd635a6e90d5075048d099a826b3c9c665fe8d71a7fad2a0e0456698d2f8e1ab970b153aa28656ae2c52415daff4f454b9a423f6bd74d9f7d3dd62cfd260780e51d76d191d5c474f4c7d2d1f58a4b953b754d072ac9f69f2b17b71cfbc6790736df04bf5e9df73848bc80ccab3820fd19c8134dce4eac1af19c67ffc169e71f1c9acedaae570b13a6c80ef5f942d6a715ea3b6bd0cb877b2456d38eca79a09020c5b70ada626d98071af32dcd116c12335b48cf8ed8786f039f1c1188a12c84fa76ab6dcbaae5b73cda1773983cc31f810b8326a5d31938dbef8b95699f0cc88a61a66ae635af6bbe251d90f0dadbf9389c2a3337d97103a5b63da1aaf2db95cdcc273c1ba2fb06cbd7a84021742d6d308a876fcc349038c385a23b5ad0f78ba10627a7e2198ebd0197723d7d8494029234627ac3eca197785518fb0be557890d7a1270481da68a0cd3ddf599c42719b8415d01bd855d01a54ecf27be1dcf5a540ab3c9c4bf87e275155d754712a26b6aafbeb7abca50d8de66aa240e54bfda18cc97714e564fe6d778b0cb374e14556a48", 0x46d}], 0x1) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000600), 0x4) sendto$inet(r0, &(0x7f00000012c0)='\f&', 0x2, 0x11, 0x0, 0x0) 03:23:03 executing program 4: 03:23:03 executing program 1: prlimit64(0x0, 0x0, &(0x7f0000000280)={0x9, 0x8d}, 0x0) syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='sched\x00') preadv(0xffffffffffffffff, &(0x7f0000000380)=[{&(0x7f0000000240)=""/123, 0xfffffe65}], 0x1, 0x1000000) r0 = syz_genetlink_get_family_id$ipvs(0x0) sendmsg$IPVS_CMD_FLUSH(0xffffffffffffffff, &(0x7f0000000500)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)=ANY=[@ANYBLOB, @ANYRES16=r0, @ANYBLOB], 0x3}, 0x1, 0x0, 0x0, 0x4000000}, 0x1) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x7e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r5 = open(&(0x7f0000000240)='./file0\x00', 0x880, 0x0) fchdir(r5) r6 = creat(&(0x7f0000000680)='./bus\x00', 0x0) ftruncate(r6, 0x800) lseek(r6, 0x0, 0x2) r7 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0) sendfile(r6, r7, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0x0) sendmsg$NL80211_CMD_START_SCHED_SCAN(0xffffffffffffffff, &(0x7f0000000440)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000400)={&(0x7f00000006c0)=ANY=[@ANYBLOB="6000000056f3257a4fcfe2f523d172e7d3ccf9f026b82608f14536009793803f9262155f95eda2f906e1adf01794d1dc50d9f94fa2755eb6a78e734497b5d45d20299029657b342cf5048b8df517b8262e43802b6f4fd08e4831281e6744113689ba928193e3524a7b5bb966519233661752defd54145cabdab0049aba08ea9b814907008c1d269b2644bfdc4b8dc013fb936339f53e", @ANYRES16=0x0, @ANYBLOB="007bb5bd7000ffdbdf254b0000000400ec000a000600bbbbbbbbbbbb00000800d20000000700000000eeaaa100000000006a00000008000000000000000800000001000000080000000800000008000000fa02038ea700000103e31f08a3aa2bc5ddfe963acf2808c9a935574177c8d8dc9a540181df1ed1e696607eb8de4875eb"], 0x60}, 0x1, 0x0, 0x0, 0x4080}, 0xa0) 03:23:03 executing program 5: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r0, &(0x7f0000000280)={0x2, 0x4e23, @broadcast}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000400)=[{0x6, 0x0, 0x0, 0xe8}]}, 0x10) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) writev(r0, &(0x7f0000000bc0)=[{&(0x7f0000001340)="83a15d3f300b93f0737fde29ed5ab6a63f07c8891c4cd3d41ffff7136b011fff477d56ddd308455ff218d7bfab83b8ef75d5065d03adb820d42e03b0cd5ee383835cb611a3c7ac10e5b649a6901211360409c6e612e28110b1b5ee515fccf8a1031d396ea7b27b787779d57a7e428cc441a8e3ef52f3b73e76b729f56cc4fc4ba98263817c50d83f7a174e7322512908dc04f0965019807f47716203dd7e4ed9cb7579fe30e47df7ec5b0d9bc3e0268c9d794c187b021aa6e8c3cff33bae2ba5a28bf09121649a3a6de389c710f95d7eed26dde32725c55c8034a270c74ab3c59074ce0e0e00e83349b1332f69ef1773bb4a95a6ee448de80216b80ad910546cb9d8cb26f5db729f9835ab1b3fbc5a8479f9161846a26c7b112a85d952b49ebeefde12bf14150d81f5c734c463b14fc0b6a739fe413fbbd79257fbee13405f6ce7892788f6b14f90c2ef788e73e54dcf049e835b7fc9db9bd7a424be964444531069e799d8032b3856bb3ef6f0d8e9c21ae48c58f4965817bf278ac948f4aae727e8241a2ab6781b8c5d58d7731cb13a264b82e84d811432c04d8c4f059fc7bf0bff0f10d6896ee714f76474787bf1c8704178320e7252d6f60a5839c82e782e08b1cf3c6d56a01e6cc70111385b408aecf4873d305a0754ed28440ebfce3d7bbd94bdebd6e945bd2b17dcf26379dfb2ec6bb2e1a61eeea342a987b91bb3ce5e0187013abc861463378caa6e4a2bee49d4e2d263389687a7c2cd2a7cf0893da319bb04f1f1bf7a91d7976e9551face2928293abb98986187edcdafd8fcd9130316730357da17be532e14438a796ef47e40edb0ed9c55610d2b8bd52de0e656d17162ddb36612b94f1ab6ce11194cea845bd9f204e5acd84a374dcfaaf80fd7313f71c25f613af54a3096e7364c01e420bd2e4628c7e3d64d4a900d253656a03596dd5c25affa91fae809f41d6216d5ccc8d2e522f258991f9c0248c341711df4e5aab020e48aebca50cb85d77c54f3b9d7eca12130249416d596bc6dd635a6e90d5075048d099a826b3c9c665fe8d71a7fad2a0e0456698d2f8e1ab970b153aa28656ae2c52415daff4f454b9a423f6bd74d9f7d3dd62cfd260780e51d76d191d5c474f4c7d2d1f58a4b953b754d072ac9f69f2b17b71cfbc6790736df04bf5e9df73848bc80ccab3820fd19c8134dce4eac1af19c67ffc169e71f1c9acedaae570b13a6c80ef5f942d6a715ea3b6bd0cb877b2456d38eca79a09020c5b70ada626d98071af32dcd116c12335b48cf8ed8786f039f1c1188a12c84fa76ab6dcbaae5b73cda1773983cc31f810b8326a5d31938dbef8b95699f0cc88a61a66ae635af6bbe251d90f0dadbf9389c2a3337d97103a5b63da1aaf2db95cdcc273c1ba2fb06cbd7a84021742d6d308a876fcc349038c385a23b5ad0f78ba10627a7e2198ebd0197723d7d8494029234627ac3eca197785518fb0be557890d7a1270481da68a0cd3ddf599c42719b8415d01bd855d01a54ecf27be1dcf5a540ab3c9c4bf87e275155d754712a26b6aafbeb7abca50d8de66aa240e54bfda18cc97714e564fe6d778b0cb374e14556a48", 0x46d}], 0x1) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000600), 0x4) sendto$inet(r0, &(0x7f00000012c0)='\f&', 0x2, 0x11, 0x0, 0x0) 03:23:03 executing program 4: 03:23:03 executing program 2: 03:23:03 executing program 3: 03:23:03 executing program 2: [ 623.642251][ T27] audit: type=1804 audit(1583119383.641:303): pid=25515 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir486746795/syzkaller.S4NoXv/143/file0/bus" dev="loop1" ino=155 res=1 03:23:03 executing program 4: [ 623.779812][ T27] audit: type=1804 audit(1583119383.691:304): pid=25527 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir486746795/syzkaller.S4NoXv/143/file0/bus" dev="loop1" ino=155 res=1 [ 624.307249][ T7954] attempt to access beyond end of device [ 624.312956][ T7954] loop1: rw=1, want=2673, limit=63 [ 624.323024][ T7954] attempt to access beyond end of device [ 624.328822][ T7954] loop1: rw=1, want=4721, limit=63 [ 624.339036][ T7954] attempt to access beyond end of device [ 624.344841][ T7954] loop1: rw=1, want=6769, limit=63 [ 624.354823][ T7954] attempt to access beyond end of device [ 624.360548][ T7954] loop1: rw=1, want=8825, limit=63 [ 624.371133][ T7954] attempt to access beyond end of device [ 624.377540][ T7954] loop1: rw=1, want=10873, limit=63 [ 624.387012][ T7954] attempt to access beyond end of device [ 624.392685][ T7954] loop1: rw=1, want=12921, limit=63 [ 624.403267][ T7954] attempt to access beyond end of device [ 624.409759][ T7954] loop1: rw=1, want=14969, limit=63 [ 624.419414][ T7954] attempt to access beyond end of device [ 624.425147][ T7954] loop1: rw=1, want=16277, limit=63 03:23:06 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000200)="6653070002053c27bc337600363925d86800278dcff47d010000805acf4f8f36460234432479aed75d492b415bcee00a06dc9d8e99adaf81dcfc6afd983f79e65199615607676f8f9fc0ebf8b0b16d6f2c59957ab364884b3c5d05692e664ebf68e6faa5", 0x64}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xffffffffffffffff, r0, 0x0, &(0x7f0000000080)) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ptrace$cont(0x7, r0, 0x0, 0x0) 03:23:06 executing program 3: 03:23:06 executing program 5: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r0, &(0x7f0000000280)={0x2, 0x4e23, @broadcast}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000400)=[{0x6, 0x0, 0x0, 0xe8}]}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) writev(r0, &(0x7f0000000bc0)=[{&(0x7f0000001340)="83a15d3f300b93f0737fde29ed5ab6a63f07c8891c4cd3d41ffff7136b011fff477d56ddd308455ff218d7bfab83b8ef75d5065d03adb820d42e03b0cd5ee383835cb611a3c7ac10e5b649a6901211360409c6e612e28110b1b5ee515fccf8a1031d396ea7b27b787779d57a7e428cc441a8e3ef52f3b73e76b729f56cc4fc4ba98263817c50d83f7a174e7322512908dc04f0965019807f47716203dd7e4ed9cb7579fe30e47df7ec5b0d9bc3e0268c9d794c187b021aa6e8c3cff33bae2ba5a28bf09121649a3a6de389c710f95d7eed26dde32725c55c8034a270c74ab3c59074ce0e0e00e83349b1332f69ef1773bb4a95a6ee448de80216b80ad910546cb9d8cb26f5db729f9835ab1b3fbc5a8479f9161846a26c7b112a85d952b49ebeefde12bf14150d81f5c734c463b14fc0b6a739fe413fbbd79257fbee13405f6ce7892788f6b14f90c2ef788e73e54dcf049e835b7fc9db9bd7a424be964444531069e799d8032b3856bb3ef6f0d8e9c21ae48c58f4965817bf278ac948f4aae727e8241a2ab6781b8c5d58d7731cb13a264b82e84d811432c04d8c4f059fc7bf0bff0f10d6896ee714f76474787bf1c8704178320e7252d6f60a5839c82e782e08b1cf3c6d56a01e6cc70111385b408aecf4873d305a0754ed28440ebfce3d7bbd94bdebd6e945bd2b17dcf26379dfb2ec6bb2e1a61eeea342a987b91bb3ce5e0187013abc861463378caa6e4a2bee49d4e2d263389687a7c2cd2a7cf0893da319bb04f1f1bf7a91d7976e9551face2928293abb98986187edcdafd8fcd9130316730357da17be532e14438a796ef47e40edb0ed9c55610d2b8bd52de0e656d17162ddb36612b94f1ab6ce11194cea845bd9f204e5acd84a374dcfaaf80fd7313f71c25f613af54a3096e7364c01e420bd2e4628c7e3d64d4a900d253656a03596dd5c25affa91fae809f41d6216d5ccc8d2e522f258991f9c0248c341711df4e5aab020e48aebca50cb85d77c54f3b9d7eca12130249416d596bc6dd635a6e90d5075048d099a826b3c9c665fe8d71a7fad2a0e0456698d2f8e1ab970b153aa28656ae2c52415daff4f454b9a423f6bd74d9f7d3dd62cfd260780e51d76d191d5c474f4c7d2d1f58a4b953b754d072ac9f69f2b17b71cfbc6790736df04bf5e9df73848bc80ccab3820fd19c8134dce4eac1af19c67ffc169e71f1c9acedaae570b13a6c80ef5f942d6a715ea3b6bd0cb877b2456d38eca79a09020c5b70ada626d98071af32dcd116c12335b48cf8ed8786f039f1c1188a12c84fa76ab6dcbaae5b73cda1773983cc31f810b8326a5d31938dbef8b95699f0cc88a61a66ae635af6bbe251d90f0dadbf9389c2a3337d97103a5b63da1aaf2db95cdcc273c1ba2fb06cbd7a84021742d6d308a876fcc349038c385a23b5ad0f78ba10627a7e2198ebd0197723d7d8494029234627ac3eca197785518fb0be557890d7a1270481da68a0cd3ddf599c42719b8415d01bd855d01a54ecf27be1dcf5a540ab3c9c4bf87e275155d754712a26b6aafbeb7abca50d8de66aa240e54bfda18cc97714e564fe6d778b0cb374e14556a48", 0x46d}], 0x1) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000600), 0x4) sendto$inet(r0, &(0x7f00000012c0)='\f&', 0x2, 0x11, 0x0, 0x0) 03:23:06 executing program 4: 03:23:06 executing program 2: 03:23:06 executing program 1: prlimit64(0x0, 0x0, &(0x7f0000000280)={0x9, 0x8d}, 0x0) syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='sched\x00') preadv(0xffffffffffffffff, &(0x7f0000000380)=[{&(0x7f0000000240)=""/123, 0xfffffe65}], 0x1, 0x1000000) r0 = syz_genetlink_get_family_id$ipvs(0x0) sendmsg$IPVS_CMD_FLUSH(0xffffffffffffffff, &(0x7f0000000500)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)=ANY=[@ANYBLOB, @ANYRES16=r0, @ANYBLOB], 0x3}, 0x1, 0x0, 0x0, 0x4000000}, 0x1) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x7e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r5 = open(&(0x7f0000000240)='./file0\x00', 0x880, 0x0) fchdir(r5) r6 = creat(&(0x7f0000000680)='./bus\x00', 0x0) ftruncate(r6, 0x800) lseek(r6, 0x0, 0x2) r7 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0) sendfile(r6, r7, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0x0) sendmsg$NL80211_CMD_START_SCHED_SCAN(0xffffffffffffffff, &(0x7f0000000440)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000400)={&(0x7f00000006c0)=ANY=[@ANYBLOB="6000000056f3257a4fcfe2f523d172e7d3ccf9f026b82608f14536009793803f9262155f95eda2f906e1adf01794d1dc50d9f94fa2755eb6a78e734497b5d45d20299029657b342cf5048b8df517b8262e43802b6f4fd08e4831281e6744113689ba928193e3524a7b5bb966519233661752defd54145cabdab0049aba08ea9b814907008c1d269b2644bfdc4b8dc013fb936339f53e", @ANYRES16=0x0, @ANYBLOB="007bb5bd7000ffdbdf254b0000000400ec000a000600bbbbbbbbbbbb00000800d20000000700000000eeaaa100000000006a00000008000000000000000800000001000000080000000800000008000000fa02038ea700000103e31f08a3aa2bc5ddfe963acf2808c9a935574177c8d8dc9a540181df1ed1e696607eb8de4875eb"], 0x60}, 0x1, 0x0, 0x0, 0x4080}, 0xa0) 03:23:06 executing program 5: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r0, &(0x7f0000000280)={0x2, 0x4e23, @broadcast}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000400)=[{0x6, 0x0, 0x0, 0xe8}]}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) writev(r0, &(0x7f0000000bc0)=[{&(0x7f0000001340)="83a15d3f300b93f0737fde29ed5ab6a63f07c8891c4cd3d41ffff7136b011fff477d56ddd308455ff218d7bfab83b8ef75d5065d03adb820d42e03b0cd5ee383835cb611a3c7ac10e5b649a6901211360409c6e612e28110b1b5ee515fccf8a1031d396ea7b27b787779d57a7e428cc441a8e3ef52f3b73e76b729f56cc4fc4ba98263817c50d83f7a174e7322512908dc04f0965019807f47716203dd7e4ed9cb7579fe30e47df7ec5b0d9bc3e0268c9d794c187b021aa6e8c3cff33bae2ba5a28bf09121649a3a6de389c710f95d7eed26dde32725c55c8034a270c74ab3c59074ce0e0e00e83349b1332f69ef1773bb4a95a6ee448de80216b80ad910546cb9d8cb26f5db729f9835ab1b3fbc5a8479f9161846a26c7b112a85d952b49ebeefde12bf14150d81f5c734c463b14fc0b6a739fe413fbbd79257fbee13405f6ce7892788f6b14f90c2ef788e73e54dcf049e835b7fc9db9bd7a424be964444531069e799d8032b3856bb3ef6f0d8e9c21ae48c58f4965817bf278ac948f4aae727e8241a2ab6781b8c5d58d7731cb13a264b82e84d811432c04d8c4f059fc7bf0bff0f10d6896ee714f76474787bf1c8704178320e7252d6f60a5839c82e782e08b1cf3c6d56a01e6cc70111385b408aecf4873d305a0754ed28440ebfce3d7bbd94bdebd6e945bd2b17dcf26379dfb2ec6bb2e1a61eeea342a987b91bb3ce5e0187013abc861463378caa6e4a2bee49d4e2d263389687a7c2cd2a7cf0893da319bb04f1f1bf7a91d7976e9551face2928293abb98986187edcdafd8fcd9130316730357da17be532e14438a796ef47e40edb0ed9c55610d2b8bd52de0e656d17162ddb36612b94f1ab6ce11194cea845bd9f204e5acd84a374dcfaaf80fd7313f71c25f613af54a3096e7364c01e420bd2e4628c7e3d64d4a900d253656a03596dd5c25affa91fae809f41d6216d5ccc8d2e522f258991f9c0248c341711df4e5aab020e48aebca50cb85d77c54f3b9d7eca12130249416d596bc6dd635a6e90d5075048d099a826b3c9c665fe8d71a7fad2a0e0456698d2f8e1ab970b153aa28656ae2c52415daff4f454b9a423f6bd74d9f7d3dd62cfd260780e51d76d191d5c474f4c7d2d1f58a4b953b754d072ac9f69f2b17b71cfbc6790736df04bf5e9df73848bc80ccab3820fd19c8134dce4eac1af19c67ffc169e71f1c9acedaae570b13a6c80ef5f942d6a715ea3b6bd0cb877b2456d38eca79a09020c5b70ada626d98071af32dcd116c12335b48cf8ed8786f039f1c1188a12c84fa76ab6dcbaae5b73cda1773983cc31f810b8326a5d31938dbef8b95699f0cc88a61a66ae635af6bbe251d90f0dadbf9389c2a3337d97103a5b63da1aaf2db95cdcc273c1ba2fb06cbd7a84021742d6d308a876fcc349038c385a23b5ad0f78ba10627a7e2198ebd0197723d7d8494029234627ac3eca197785518fb0be557890d7a1270481da68a0cd3ddf599c42719b8415d01bd855d01a54ecf27be1dcf5a540ab3c9c4bf87e275155d754712a26b6aafbeb7abca50d8de66aa240e54bfda18cc97714e564fe6d778b0cb374e14556a48", 0x46d}], 0x1) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000600), 0x4) sendto$inet(r0, &(0x7f00000012c0)='\f&', 0x2, 0x11, 0x0, 0x0) 03:23:06 executing program 3: 03:23:06 executing program 4: 03:23:06 executing program 2: [ 626.626015][ T7897] ================================================================== [ 626.634230][ T7897] BUG: KCSAN: data-race in iput / other_inode_match [ 626.640799][ T7897] [ 626.643114][ T7897] write to 0xffff88812515d180 of 8 bytes by task 7905 on cpu 0: [ 626.650806][ T7897] iput+0x2e6/0x4d0 [ 626.654607][ T7897] dentry_unlink_inode+0x272/0x2e0 [ 626.660957][ T7897] d_delete+0xca/0xe0 [ 626.665041][ T7897] vfs_rmdir+0x2d3/0x2f0 [ 626.669268][ T7897] do_rmdir+0x2e9/0x320 [ 626.673482][ T7897] __x64_sys_rmdir+0x2c/0x40 [ 626.678086][ T7897] do_syscall_64+0xc7/0x390 [ 626.682588][ T7897] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 626.688468][ T7897] [ 626.690794][ T7897] read to 0xffff88812515d180 of 8 bytes by task 7897 on cpu 1: [ 626.698343][ T7897] other_inode_match+0x6a/0x570 [ 626.703198][ T7897] find_inode_nowait+0x12f/0x160 [ 626.708133][ T7897] ext4_mark_iloc_dirty+0x123c/0x1500 [ 626.713537][ T7897] ext4_mark_inode_dirty+0xe6/0x420 [ 626.718776][ T7897] ext4_unlink+0x655/0x7d0 [ 626.723187][ T7897] vfs_unlink+0x223/0x3e0 [ 626.727512][ T7897] do_unlinkat+0x33f/0x550 [ 626.731915][ T7897] __x64_sys_unlink+0x38/0x50 [ 626.736588][ T7897] do_syscall_64+0xc7/0x390 [ 626.741079][ T7897] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 626.746952][ T7897] [ 626.749267][ T7897] Reported by Kernel Concurrency Sanitizer on: [ 626.755404][ T7897] CPU: 1 PID: 7897 Comm: syz-executor.3 Not tainted 5.6.0-rc1-syzkaller #0 [ 626.764026][ T7897] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 626.774079][ T7897] ================================================================== [ 626.782130][ T7897] Kernel panic - not syncing: panic_on_warn set ... [ 626.788741][ T7897] CPU: 1 PID: 7897 Comm: syz-executor.3 Not tainted 5.6.0-rc1-syzkaller #0 [ 626.797316][ T7897] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 626.807365][ T7897] Call Trace: [ 626.810661][ T7897] dump_stack+0x11d/0x187 [ 626.815025][ T7897] panic+0x210/0x640 [ 626.818910][ T7897] ? vprintk_func+0x89/0x13a [ 626.823499][ T7897] kcsan_report.cold+0xc/0x14 [ 626.828173][ T7897] kcsan_setup_watchpoint+0x304/0x400 [ 626.833581][ T7897] other_inode_match+0x6a/0x570 [ 626.838432][ T7897] ? __ext4_get_inode_loc+0x27a/0x990 [ 626.843795][ T7897] ? ext4_inode_csum_set+0x1c0/0x1c0 [ 626.849079][ T7897] find_inode_nowait+0x12f/0x160 [ 626.854124][ T7897] ext4_mark_iloc_dirty+0x123c/0x1500 [ 626.859495][ T7897] ext4_mark_inode_dirty+0xe6/0x420 [ 626.864806][ T7897] ? timestamp_truncate+0x11b/0x160 [ 626.870009][ T7897] ext4_unlink+0x655/0x7d0 [ 626.874435][ T7897] vfs_unlink+0x223/0x3e0 [ 626.878797][ T7897] do_unlinkat+0x33f/0x550 [ 626.883256][ T7897] __x64_sys_unlink+0x38/0x50 [ 626.887926][ T7897] do_syscall_64+0xc7/0x390 [ 626.892423][ T7897] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 626.898305][ T7897] RIP: 0033:0x45c1c7 [ 626.902192][ T7897] Code: 00 66 90 b8 58 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 4d b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 57 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 2d b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 626.921787][ T7897] RSP: 002b:00007ffca541dfd8 EFLAGS: 00000246 ORIG_RAX: 0000000000000057 [ 626.930189][ T7897] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000045c1c7 [ 626.938154][ T7897] RDX: 00007ffca541dff0 RSI: 00007ffca541dff0 RDI: 00007ffca541e080 [ 626.946383][ T7897] RBP: 00000000000002da R08: 0000000000000000 R09: 0000000000000010 [ 626.954358][ T7897] R10: 000000000000000a R11: 0000000000000246 R12: 00007ffca541f110 [ 626.962325][ T7897] R13: 000000000269d940 R14: 0000000000000000 R15: 00007ffca541f110 [ 626.971986][ T7897] Kernel Offset: disabled [ 626.976435][ T7897] Rebooting in 86400 seconds..