{r6, @in={{0x2, 0x4e21, @rand_addr=0x64010100}}, 0x9, 0x81, 0x400, 0xfff, 0x2, 0x0, 0x3}, &(0x7f0000000280)=0x9c)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r7 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r7, 0x0, 0x8400fffffffa)
sendfile(r0, r7, 0x0, 0xffffffff)

[ 2696.836787] GS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2696.853629] FSBase=00007ff5ac388700 GSBase=ffff8880aec00000 TRBase=fffffe0000003000
[ 2696.875012] GDTR:                           limit=0x00000000, base=0x0000000000000001
[ 2696.896332] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000
[ 2696.908968] CR0=0000000080050033 CR3=0000000040d29000 CR4=00000000001426f0
[ 2696.914850] LDTR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2696.919225] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff864018c0
[ 2696.933002] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[ 2696.945107] *** Control State ***
[ 2696.955355] PinBased=0000003f CPUBased=b699edfa SecondaryExec=000000ea
[ 2696.959000] IDTR:                           limit=0x00000000, base=0x0000000000000000
[ 2696.975514] EntryControls=0000d1ff ExitControls=002fefff
[ 2696.989789] audit: type=1804 audit(1591347231.143:264): pid=18601 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.3" name="/root/syzkaller-testdir891778437/syzkaller.7QqUtx/770/bus" dev="sda1" ino=17569 res=1
[ 2697.007025] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2697.023105] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[ 2697.046488] VMEntry: intr_info=8000030d errcode=00000000 ilen=00000000
[ 2697.063550] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[ 2697.068950] VMExit: intr_info=00000000 errcode=00000000 ilen=00000003
[ 2697.086718]         reason=80000021 qualification=0000000000000000
[ 2697.089694] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[ 2697.096791] IDTVectoring: info=00000000 errcode=00000000
[ 2697.108278] TSC Offset = 0xfffffa58f37c5745
[ 2697.113239] EPT pointer = 0x000000004b2a901e
[ 2697.120488] Virtual processor ID = 0x001c
[ 2697.126184] Interruptibility = 00000000  ActivityState = 00000000
[ 2697.155764] *** Host State ***
[ 2697.167845] RIP = 0xffffffff8116426f  RSP = 0xffff88803a0b79d0
[ 2697.194970] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[ 2697.202116] FSBase=00007fc3c7505700 GSBase=ffff8880aec00000 TRBase=fffffe0000003000
[ 2697.212805] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000
[ 2697.220919] CR0=0000000080050033 CR3=000000005ad35000 CR4=00000000001426f0
[ 2697.229756] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff864018c0
[ 2697.238728] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[ 2697.247618] *** Control State ***
[ 2697.251637] PinBased=0000003f CPUBased=b6986dfe SecondaryExec=000000ea
[ 2697.261700] EntryControls=0000d1ff ExitControls=002fefff
[ 2697.268925] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[ 2697.278049] VMEntry: intr_info=800000c5 errcode=00000000 ilen=00000000
[ 2697.286380] VMExit: intr_info=00000000 errcode=00000000 ilen=00000003
[ 2697.295099]         reason=80000021 qualification=0000000000000000
[ 2697.302058] IDTVectoring: info=00000000 errcode=00000000
[ 2697.310368] TSC Offset = 0xfffffa58f487d42d
[ 2697.316472] EPT pointer = 0x0000000038c7f01e
[ 2697.321583] Virtual processor ID = 0x0024
08:53:51 executing program 0:
socket$kcm(0x2b, 0x0, 0x0)
clock_gettime(0x0, &(0x7f0000000040))
dup2(0xffffffffffffffff, 0xffffffffffffffff)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000002c0)={0xffffffffffffffff, 0xfffffffffffffe9d, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x3, 0x10, 0x0, 0x10002}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10)
add_key(&(0x7f0000000300)='cifs.spnego\x00', &(0x7f0000000380)={'syz', 0x3}, &(0x7f0000000480)="1ea9101e3ea3206c86666a2734980f1123ae8f2f64d3078030c62133f0dd91e6267010bb6a47171438cf699d09ce5bae2eb3c60d00cb7fddfc94fb777274db6c57534308476ef353c8b7253d6b0b79b336b9849bd5f1725359cf650196648a75bd6a3970c27d3b52efd8d2d6d88a6d290e63c19f337b4cb34c061b2a8b7d756f7f86f3eb85755016aac74d55cc949ed9c490cd9f4e24c1f35a95b2444058c06af5e4bbaed2fcadef0fbb1fbdad26c5434610b284eca3a10e04f63c8cbbbab3e0e3878c8ce789accc45aea5880424c7d2393db94d5dc4429fa6440450165f559b8ea6a281dc5e72a541944783f805af6c2bfed5047c5c65f97b285573d2d2c237f7b2281f52224db8b17df2a27d2e64fb7fa819e33ad6d3d9f620651dd40fa30dd63de7f32858f5409cdcf92f00ad081e92ffc7c120a4a3db959c6b70035a215f47c7ceb2da38b0022814b43ad86c7498ffc8d09125dafbf5a556189dbec4dcc7ad085b96afe4f0e82993ff64d01162ea564d6dc736000e15dd0f95770b2dd96af945ce2d44273d7658f5187c5300d8eb260706f8c8bda9dfd1e6059421f7c3c42a69c895dcdf1a0134f8c9657903283152e92585117afe51b3a7c1c2e8ffc8a53e6d4300ac9016dcd32f2c2dac1b9a59730d9867ed9aa26439f95408f647a416b735b89161f1950640eb1cb9c849391f4117762f145e5d7a0b7b284a136f889d783bace20a66e44a994dc229d8492d18bc8cf6a3d88979df91824aeb8d0e79e366e634c96523793608323ccab88d49365675626fbc0b3e670f6d88c3038eece767bb47a83bc077bddea40b98339a778f72924ddb3733e06aa312e02b31e42593410fe70f344546815b0f7d4c36cdd600763d38c06ab66520af4ac7f04161f8885b6709d70e4d1446e547ac9e4666dc071ec052cef9c3053a0a536c8af12e6c2f3f6a0f4e66bb107197f72470a09baafa7eae059e874f3274d099fa5fca0479e59c8b5ae8024cccee29867e9a4d5628d708ff0c767bf84462e3ef5ab7aa228a19df66f91ddd3db04d2b864e209d942069a685d406b623e4ef9bf32f5c1188b42e04fcc5482bc24d6d352a39d570d9b2cfad2bbf9985ac74e940d6da7de38c2a11a04918de2d8556be8d360b4e1055e1b2201f33918ea7c2207a0c8253290d29d8ddf8f63fcd2fb080fb56f080c8b2fb17e63dc0c305a1b9f2e63417dd6bf6d26e419bb29ffd85eb92e796b45d5a96e0a53b5bf321e5081f3da2c12d525bdadbad3d5d3160195ff601fda979c89e4a7f8a882228297bb229aae250b8b0f967c523cfec722c07a9c52e4ebe8d45f766c76cf810fc342862b0b5c7b094e2357c635802da45b48277385c08d0feca712ceed0320a5290e81061aafdbffe89c826c1221cd72c509db96f9c58fb6badb8820eb120e55ec1da871d8233301a701860594bd36f1ab1e5d12418e86458a96039ba07182981d6c329130114f7ed21d5387ef13cf02b6c299c8948186d0387997ee59d1e38b10578d0e98fb8e23f0195b56b98e7d8b1958223ad030b96c54a9d632d6aef53270b9e2ba9bcfb24a104f051507353921fcb29e9eb5340a85df027990e8efb373f8b2977647d153281426cd379468b702558445f3e286fdf8be5e0a5113122a0cded6c57c7056f856c7d568b31e746cfcb63eaf36f074eeee9eb4b70f638b61dc7aa60e71369412fe9bf2a1df9097cdf20307a6fe40cc445fdcbb00c7cd9953b9ab06be798e7a6cfc1402c69b549373ce261ddfd5746f2aa5e44efa42edfe26fa52613a3f379efc5865ddc24b24e1c2f34c57ceaf8b57957a1ba0cc25bd7fad80da2001845f5b2e3c423add91f57927212842290173d8892923a78fd1087f04867a7656eff6d377225aeaa2397c40317558f43291d15150703dd96b61e121ebcde67b8671249f63af3d7d252923167b59c53cdec98dfe634fa11dea321fd9e122ca4779ed32c2a1a26417c51aaafd814156c117f36f2b4208092984d859a66bf02b3ff077fb835f132b5f2097dee2a19e09b1d1dd7c25c6006353051a317240693d004a4e5553b66cc54e11ddf38d469bdc52f4b7afbfff68c44550bc235656f0106399aad87cef29759a58bb9b936c79bb41062e996901f985f8aacf33d6c5f665e1407a83a96aa5a57acb4c8fecb559baccfd9d142387d0a7dc3a390aa5e18645c282c9fc0650e3ad7376f1a5db1408d901a38744dc5b0ae364f9ba95261e503fa95843a14fc871b5a6139202c5e1d990561d40a5768a220dd30b8d5b8aa62d9301660ac504530781b3eef02f182386dc439dd80fbae4fe353118d59aa5be98c607de0eeadd6d456cf4a5c945deeca7f564101e6eb992da2bfbf61eec8e7891a8e3dfa0eefd4f322164704e66d72175484d6ad0b8a4efa3ccf191f746d4252257ec7c6d9d2e7fd65f68680c5f6aa44d2bdbaf0f726fe9957f3edf0acdb7013f5e63d94c98f2d8138f917cf524ea58ac7466577c21c6659d778ffb6bddc5a04b5070bd768591bfd9deeeabc93390d37c35051840ff7287f95a6c8a3ed7f1b9300fb94e3421272223c349abcad0c897f49dfcc0c39640562d9ebe3b349b0984cf0f978b2201a1d86f0da9f04e5e18e4447e0f8ecca2dbf5acc0bff8f18029c0443aca8554efa1ceffffc01e306f2e8de27551a0f1625a8e6eb85dd99c7fcca90db6edc7fd232df7272912d30e4ec1d6d6eaef0941d7640680ececc5ae484a65572e4c4406e1e5ebedc4ce35726f2e03d195db85a0f24f6d7d1b8cd6516042a517f0dece9f601c541d20f21ab51dc22dfa5f26a5fa5c007e10f4399a77e6309d7e84a5b8d1c224024dad344989f84ef867f066673877dafae13d1479d69b80da73ec74de42ff70e980fca827ca5e7f53a9fd224e399c4b92132cd408dd4b840a008c7f537da4a5ef4d477c3a7dbc1e9d85930470edf4209ff6692405df1127c8b85837a799407569dbc7f769c6d7f773401005b6149b13ab5e67a8693415240f4a25be8a12761d71ab178c0c78ee45737b013867a988677276dc3a0928d650b4d3b4f82bacf7b34e3bd22f4f8f7793d5820f5a751cd98e38da9c12cd78246d2206803332ba91afe5bc36f08ed8742a23f5ad3b8ce97d7c07f9c0d04b810d154b96e2fbe64ab55546ef30fa8cf57993d9715b8ea6de5a450a995e39c7b55acc6ae3f22d3580d7c945db0599f2e056c2d882d2a4b4279b54fe3e499353361870e0914bd0074625c71d2c55ad52e0adccf622c1574586f7ef24a6828eaf7eae8391bb86698fdb581c21f18b94d05847efc125dc3b7ec5dd8e4b5e8c2676f834bd4debf96c4119d0cc341f87d6192ab979c43d1eafa3c95fa612e16bb363478c7842c3c0cd7c3bb64aed7a4d0361acc4e8a0445f4dff79850e16dc07a1bad47a977573345f6c98d0aa9b45c087f4d9f17e4552d075cbb1fd5de0ecea1d53ea990c52d5199a8c76ceb1ed36748c612b8108b190160f0fd586974ca67c2ff21ef2346e5ec032907c8b4c6c07b9ef00babf9b07c0f893ed48a543c40f3d1a870cc21291805f238bd9fc417c33bc21381677219345d2fb7f1cf4de5a22c7db384b3acc2a06cf16ab960d8742c2fc7f15c2641c52767cd1710995934428b92c0eb32342d4e6f19ff6b5a35c0c55a8ad33bd30dc7de0e22c63ebebd62d162b261cb698d55e55db950d40e9efdbe892d5a06f372d154e4250a4c8e4dbad713401acb4ab83edb0b1fcf2a34a49370f89838db1b6e0123fe61ef71887586e0a5e55e0bd30def92cb3a2bb942f645b5e48322f76f3082d1887b53d50c96090f479c6571601ba269d8a781f0c375739a8d453d42be21c4c62dadfaf178a6a1054eeedb0864f8052e75e901175f2f832643278a8d05475bf7f8737dc18e40dc34831c307d71b646eccb92430e50bf37fa62e8c9a0e9097a4a0dac4305558352c084689995c839938138905a610bcda9a812356a3ac655ec1c7325c00290215710393480012e7afb33562532c366eec827513362178570cc43075a86e410abdf56a8f60529e79abb0700e17bd3ba521b122a02e1663897158310a8fcca895e81e158bf61bb8e027be611e5996da8ff1f8031e86e25a7191b6bf080783fa927effc99e28f22c35489b989975fa5f24b949f9af3eae289d0204d558327899226ac2d774bf3a542440e41674c8cf1e2cfd8018da92e1108fc5f7354d2e417ea24a38955c479b50a424d01d30570b655277e45d68509a857eefc4a2254e09a68409d43a05fd4d2367d9f8e3cef3d0acb37f5383c0369d094550b73f3274e62e32ecd059b38267330af37cbe3b674b0f17456ba094b7a51a6535294e2288eb3ca8098106b11565a5d0d3ad81f9c2c88b757e2d2ae293f2bfadef60bbc95fabd17a22ebcf8faa32f39ae89d235401826a9286e1a18bb776c9c00ce1937b8d24b219ff44790de869413fa3781757a625da2fd8bb1a84a1c87fd5329e3b429f633c6dc41aa13f1d4a15ad5688a84efecd2756aec49866d1d632f8b3397dc50d51d63551df652fbbe546fdfb67d06a65736278fe5355bd252e6171498f26672981b3e9da6eb41a87479ca47d86b9224fd18bb7e959c218e9f94240b654c62c377f92bdc07242b3490dcb54681c8854e0e2290adf581c6c2564402b94f270a90c549a0d4473dd5a275caec37bfe31a751811d856c95b4bd87be494f5766478dea7ed579279a5a8e553df4aab81c77de340ede24da7db38f69e5ca1b805334c9c5ebac9938b66efdfa7b1e141cac29e00a34a7c4e9d90a4c29a8d38b3f9977e79466da9fbe9f282b25140a62f8207aa9219de18cb48077cfa184de9ff16aba6357df37ff90ec4e5284b4a02f9867f08e6ec5c218e0393de75095911261870e50ad4fc7d55c094408b9605fdeb9234795824906f7e6747f93362f6eb8563c6250370e194a9703ef5bc8ee0e993fbaad800df411b5e1dd8d3afcd1c93e5b2c8eb0a63a63faa7a2e7fb1b063e9adc5efe4c1686944bf7ba21715171aacd693d74cacd7a0493ddb6dccb968998811fab6749782a71878d5d4e603b37ec74caa14b6ff8c03367ce01f20c48e8527e2f6496ae994fd14d5d84f2ab18daace47f5a31c5e7da82e7f90473a0cc8d5da4147422389a729f1bfccc86a59af3c06edb4beeaec6387794a5438c9cb35cb3c6f7fdc4df32937e200b5f23efd04f793f8c4642f3945e35eb1dcb318d354765b24d83648d2be344a61ccbcee25544629f905431502a303ff4f4afb8d82a542089af84db0fd307d25eb70d950b8f83206cc05c9ec4ca3462f64c6f82680c775f12206d840876013df1f5a198811438b341276afd4ce33a61d5d0930caa75128f1fb7036b8d8ddd9102bf4019b9d14e0ef1c45a140badecbbe61b6cd9dd66a87fa62539a7da4e2ff302e73363f1fa07fae200461290db2c045bf63177d5b7d7dc69fb73d38b3174781cb1901adc059b2908c2f580de1e2c0d91cfa0384bb8e43f04f107af12b810e562301560a9150cb8e296952d3e8d247fd39fca16adf239c73c6d0cf3302fe3cde43a69f1144b0c9c0b2d4f7bbf4e080c95ba55ed791dc4fa214c0424770272830058c14a9b62ff62f605724d3a68d87c7d6c8bb9b95d63587f3bba343b84d20529ce0efbd2810def6013177c7f66bd9790edef28ca1f89e6288d3af5b052abc11776b43f23fcdb07508cdad0dbd7adf0dede44042d45b4585bb927f96c02a543520f0e8a6d301624f096c55418cd55a2ed0c0348d32a211cb8150befa644a4e4a26a9af0000cc550c5d", 0x1000, 0xfffffffffffffffd)
r0 = request_key(&(0x7f0000000100)='id_legacy\x00', &(0x7f0000000140)={'syz', 0x0}, &(0x7f0000000180)='./cgroup.cpu/syz0\x00', 0xfffffffffffffff8)
keyctl$invalidate(0x15, r0)
request_key(&(0x7f0000001480)='id_legacy\x00', &(0x7f00000014c0)={'syz', 0x2}, &(0x7f0000001500)=':\x00', r0)
r1 = getpid()
sched_setscheduler(r1, 0x5, &(0x7f00000001c0))
perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0xfc, 0x0, 0x0, 0x2440, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000000001f, 0x0, 0x53a, 0x3ff, 0x0, 0x0, 0x0, 0x2000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x5, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x2)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000500)='/dev/kvm\x00', 0x40000, 0x0)
bind$alg(0xffffffffffffffff, &(0x7f0000000180)={0x26, 'hash\x00', 0x0, 0x0, 'crc32-generic\x00'}, 0x58)
syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x0, 0x2)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x7, 0x0, 0x97620f7e38610a1f}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r3 = socket(0x1e, 0x4, 0x0)
setsockopt$RDS_CONG_MONITOR(0xffffffffffffffff, 0x114, 0x6, &(0x7f0000000140)=0x1, 0x4)
setsockopt$packet_tx_ring(r3, 0x10f, 0x87, &(0x7f0000000200)=@req3={0x4, 0x1, 0x7, 0x10000, 0x8, 0x80, 0x3}, 0x1c)
read(r2, &(0x7f0000000400)=""/168, 0x41c)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket(0x10, 0x3, 0x0)
write$FUSE_NOTIFY_INVAL_ENTRY(0xffffffffffffffff, &(0x7f0000001580)=ANY=[@ANYBLOB="2c5970a0c7d6d9af4597b35454a0a6ae02fa0d541b6a13ec6640b1a612b7a956bf69d02ea9f829884f2498007dbc41f03b7eeb80b7221bbeba81a0f5c0082d3f87b3d54235f69529641809af097b5dbef3681849e0fe9c1459314f96dcef3258ef74ae3e364f906405228af5898550b880881a2c9831955ce58e2b1f80cae4410efad6e9337e613778b6fad2ad284963fae8628036044dcdff03"], 0x2b)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000140)={'ip6tnl0\x00'})
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(0xffffffffffffffff, 0xc008ae88, &(0x7f0000000000)={0x0, 0x0, [0x0, 0x0, 0x1]})
r7 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(r7, 0xc008ae88, &(0x7f0000000000))
sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB="34e40000000000ece8a53299fa051ba997be6fb1838274a49786c1c5c44f68a58ae5c7f7", @ANYRES32=r7, @ANYRES32=r6], 0x3}, 0x1, 0x0, 0x0, 0x10}, 0x0)
r8 = mq_open(&(0x7f00000004c0)='ip6tnl\x00', 0x6eb3ebbbcc0884f2, 0x60, 0x0)
mq_notify(r8, &(0x7f00000001c0)={0x0, 0x1000000})
sendmsg$TIPC_CMD_GET_NETID(0xffffffffffffffff, 0x0, 0x4000)
mq_timedsend(r8, 0x0, 0x0, 0x0, 0x0)
r9 = openat$binder_debug(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/kernel/debug/binder/transaction_log\x00', 0x0, 0x0)
lseek(r9, 0x401, 0x0)
r10 = socket$pppl2tp(0x18, 0x1, 0x1)
ioctl$ifreq_SIOCGIFINDEX_wireguard(r10, 0x8933, &(0x7f0000001540)={'wg0\x00'})
dup3(r9, r10, 0x0)
perf_event_open(&(0x7f0000000380)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x10000003, 0x0, 0xc8f8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, @perf_config_ext, 0x0, 0x4, 0x0, 0x4, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, r9, 0x0)
sendmmsg(r3, &(0x7f0000000280), 0x1, 0x0)

08:53:51 executing program 5:
r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
setsockopt$CAIFSO_REQ_PARAM(r0, 0x116, 0x80, &(0x7f0000000180)="87d85e65048925d93f1fd531c312c2f3d14c3f1ce58dc932d269ce83009b3566c5fa9799eddfac38fdeefb04bf22503e2e02c141e2b0a7e9daf202d14980f7b696a657c95122ef0841a90eea38596ad170e6e77736c8f0353513b4d61f69e942933245cffa3546989af2f27134c3c6ef869a0bf690317e3c7aeab563d7a888b6f728c240d24a8225878a342a28e648511ee0ecf9e3e34818f8007d1f4954af189c46e2ad373b670ced8a33e3c03e669ca10e94b6144cea0c853d3555ad2c52769c429b487671b2e45a2e572f5f1cf4da93f0611b81123b6ec1873a6fc9c9de6fbfa1caee5cad", 0xe6)
fremovexattr(r0, &(0x7f0000000080)=@known='user.syz\x00')

08:53:51 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = fcntl$dupfd(r2, 0x0, r2)
io_submit(0x0, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x80000000000000, 0x7}])
ioctl$VIDIOC_QBUF(0xffffffffffffffff, 0xc058560f, &(0x7f0000000280)={0x8, 0xb, 0x4, 0xe000, 0x81, {0x77359400}, {0x5, 0x2, 0x20, 0x7, 0xff, 0x9, "50ecae14"}, 0x4820, 0x1, @planes=&(0x7f0000000040)={0x7, 0x200, @userptr=0x2, 0x40}, 0xfffffff9, 0x0, <r4=>0xffffffffffffffff})
setsockopt$CAIFSO_LINK_SELECT(r4, 0x116, 0x7f, &(0x7f0000000300)=0x7, 0x4)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_CLOCK(0xffffffffffffffff, 0x4030ae7b, &(0x7f0000000000)={0xec2})
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000026000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
r6 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
fcntl$setstatus(r6, 0x4, 0x46000)
io_setup(0x2349, &(0x7f0000000240)=<r7=>0x0)
io_submit(r7, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x80000000000000, 0x1, 0x0, r6, &(0x7f0000000000), 0x377140be6b5ef4c7}])
ioctl$KVM_CREATE_IRQCHIP(r6, 0xae60)
ioctl$KVM_RUN(r5, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r5, 0x4138ae84, &(0x7f00000000c0)={{}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x4, 0xce, 0x0, 0xfd}, {}, {0x0, 0x0, 0x0, 0x0, 0xfc}, {}, {}, 0xa0000020})
ioctl$KVM_RUN(r5, 0xae80, 0x0)

08:53:51 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200)
r2 = bpf$OBJ_GET_MAP(0x7, &(0x7f0000000240)={&(0x7f0000000040)='./file0\x00', 0x0, 0x10}, 0x10)
write$binfmt_elf64(r2, &(0x7f0000000280)={{0x7f, 0x45, 0x4c, 0x46, 0x7f, 0x1, 0x1, 0xb, 0xfffffffffffffff8, 0x5752cad198ea64e4, 0x3, 0x6, 0x64, 0x40, 0x22d, 0x800, 0x800, 0x38, 0x1, 0x3, 0x1, 0x4}, [{0x4f46fbc8ea3bec63, 0x1d, 0x3, 0x1, 0x5, 0x7, 0x8705, 0x3}], "bd60947f91c9c89d0181721c561fcb8b44a9d9cb8f9ac9d1e9850bf31af9798088672eb347a3277cf3b484", [[]]}, 0x1a3)
r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_CLOCK(0xffffffffffffffff, 0x4030ae7b, &(0x7f0000000000)={0xec2})
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000026000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r3, 0x4138ae84, &(0x7f00000000c0)={{0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0xfe, 0x0, 0x0, 0x9}, {0x0, 0x0, 0xe}, {0x0, 0x0, 0x0, 0x0, 0xff}, {}, {0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, {0x0, 0x0, 0x0, 0x4, 0xce, 0x0, 0xfd}, {0x1a000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f}, {0x0, 0xd000}, {0x1}, {}, 0x80000004, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [0x8f88, 0x0, 0x0, 0x20]})
ioctl$KVM_RUN(r3, 0xae80, 0x0)

08:53:51 executing program 2:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0)
r1 = socket$key(0xf, 0x3, 0x2)
recvmmsg(r1, &(0x7f0000002b00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0)
pipe(&(0x7f0000000940)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
fcntl$setpipe(r3, 0x407, 0x0)
write(r3, &(0x7f0000000340), 0x41395527)
vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0)
r4 = open(0x0, 0x141042, 0x0)
r5 = creat(&(0x7f0000000040)='./bus\x00', 0x0)
fcntl$setstatus(r5, 0x4, 0x46000)
lseek(r5, 0x4200, 0x0)
r6 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
io_setup(0x1ff, &(0x7f00000004c0)=<r7=>0x0)
ioctl$FS_IOC_RESVSP(0xffffffffffffffff, 0x40305828, 0x0)
io_submit(r7, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r6, &(0x7f0000000000), 0x10000}])
r8 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0)
ioctl$SG_GET_ACCESS_COUNT(0xffffffffffffffff, 0x2289, &(0x7f0000000180))
open_by_handle_at(0xffffffffffffffff, &(0x7f00000001c0)=ANY=[@ANYBLOB="6acd79670d6e29e126302ff8b20bd3f74acd794ba72ee51495a75bad38c89507631dc8ff4ec34f91f1d5a6a2a8cbf66a1e04000000000000009f2a7ff586cd3ff53e28cb8d6152b605cedc06d489959a82bb0000000000ebd64c4c856cdfe6de9500c3e23ae39cb8f35a0847f4ecd284857013f54757a22fdeb41f37199af2be295eb036ba6db41fe47db2fb400853fc12052181d007d6413c34f3c2df07"], 0x0)
sendfile(r5, r8, 0x0, 0x8400fffffffb)
sendfile(0xffffffffffffffff, r4, &(0x7f0000000100), 0x8080fffffffe)

[ 2697.736086] *** Guest State ***
[ 2697.755403] CR0: actual=0x0000000080000024, shadow=0x0000000080000004, gh_mask=fffffffffffffff7
08:53:51 executing program 3:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = fcntl$dupfd(r2, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
fcntl$setstatus(r0, 0x4, 0x6900)
ioctl$ASHMEM_GET_PIN_STATUS(0xffffffffffffffff, 0x7709, 0x0)
r4 = socket$inet6_sctp(0xa, 0x5, 0x84)
shutdown(r4, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r4, 0x84, 0x6f, &(0x7f0000000040)={0x0, 0x94, &(0x7f0000000300)=[@in={0x2, 0x4e22, @dev={0xac, 0x14, 0x14, 0x2a}}, @in6={0xa, 0x4e23, 0x0, @ipv4={[], [], @empty}, 0x5}, @in={0x2, 0x4e23, @multicast2}, @in={0x2, 0x4e20, @initdev={0xac, 0x1e, 0x0, 0x0}}, @in6={0xa, 0x4e20, 0x4, @dev={0xfe, 0x80, [], 0x36}, 0x5}, @in={0x2, 0x4e22, @initdev={0xac, 0x1e, 0x0, 0x0}}, @in6={0xa, 0x4e21, 0x1, @mcast1, 0xffffffff}]}, &(0x7f0000000180)=0x10)
r5 = socket$inet(0x2, 0x80001, 0x84)
getsockopt$inet_sctp_SCTP_MAX_BURST(r5, 0x84, 0x14, &(0x7f00000000c0)=@assoc_value={<r6=>0x0}, &(0x7f0000000100)=0xfffffdeb)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r4, 0x84, 0x7d, &(0x7f0000000240)={r6, @in={{0x2, 0x0, @multicast2}}, 0x0, 0x2, 0x200}, 0x9c)
getsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(0xffffffffffffffff, 0x84, 0x9, &(0x7f0000000080)={r6, @in={{0x2, 0x4e21, @rand_addr=0x64010100}}, 0x9, 0x81, 0x400, 0xfff, 0x2, 0x0, 0x3}, &(0x7f0000000280)=0x9c)
lseek(r0, 0x0, 0x2)
r7 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r7, 0x0, 0x8400fffffffa)
sendfile(r0, r7, 0x0, 0xffffffff)

[ 2697.797024] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[ 2697.844978] CR3 = 0x0000000000000000
[ 2697.865138] RSP = 0x0000000000002018  RIP = 0x0000000000000000
[ 2697.866501] *** Guest State ***
[ 2697.935860] audit: type=1804 audit(1591347232.093:265): pid=18642 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.2" name="/root/syzkaller-testdir440013971/syzkaller.BGz3RF/4511/bus" dev="sda1" ino=17634 res=1
[ 2697.946702] RFLAGS=0x00000002         DR7 = 0x0000000000000400
[ 2698.011630] CR0: actual=0x0000000080000020, shadow=0x00000000a0000020, gh_mask=fffffffffffffff7
[ 2698.072277] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
08:53:52 executing program 3:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = fcntl$dupfd(r2, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
fcntl$setstatus(r0, 0x4, 0x6900)
ioctl$ASHMEM_GET_PIN_STATUS(0xffffffffffffffff, 0x7709, 0x0)
r4 = socket$inet6_sctp(0xa, 0x5, 0x84)
shutdown(r4, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r4, 0x84, 0x6f, &(0x7f0000000040)={0x0, 0x94, &(0x7f0000000300)=[@in={0x2, 0x4e22, @dev={0xac, 0x14, 0x14, 0x2a}}, @in6={0xa, 0x4e23, 0x0, @ipv4={[], [], @empty}, 0x5}, @in={0x2, 0x4e23, @multicast2}, @in={0x2, 0x4e20, @initdev={0xac, 0x1e, 0x0, 0x0}}, @in6={0xa, 0x4e20, 0x4, @dev={0xfe, 0x80, [], 0x36}, 0x5}, @in={0x2, 0x4e22, @initdev={0xac, 0x1e, 0x0, 0x0}}, @in6={0xa, 0x4e21, 0x1, @mcast1, 0xffffffff}]}, &(0x7f0000000180)=0x10)
r5 = socket$inet(0x2, 0x80001, 0x84)
getsockopt$inet_sctp_SCTP_MAX_BURST(r5, 0x84, 0x14, &(0x7f00000000c0)=@assoc_value={<r6=>0x0}, &(0x7f0000000100)=0xfffffdeb)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r4, 0x84, 0x7d, &(0x7f0000000240)={r6, @in={{0x2, 0x0, @multicast2}}, 0x0, 0x2, 0x200}, 0x9c)
getsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(0xffffffffffffffff, 0x84, 0x9, &(0x7f0000000080)={r6, @in={{0x2, 0x4e21, @rand_addr=0x64010100}}, 0x9, 0x81, 0x400, 0xfff, 0x2, 0x0, 0x3}, &(0x7f0000000280)=0x9c)
lseek(r0, 0x0, 0x2)
r7 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r7, 0x0, 0x8400fffffffa)
sendfile(r0, r7, 0x0, 0xffffffff)

08:53:52 executing program 5:
r0 = creat(&(0x7f0000000140)='./bus\x00', 0x100)
ioctl$VIDIOC_G_FMT(r0, 0xc0d05604, &(0x7f0000000180)={0x6, @sdr={0x3032344d, 0x3ff}})
fremovexattr(r0, &(0x7f0000000080)=@known='user.syz\x00')

[ 2698.148910] audit: type=1804 audit(1591347232.223:266): pid=18641 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.3" name="/root/syzkaller-testdir891778437/syzkaller.7QqUtx/771/bus" dev="sda1" ino=17636 res=1
[ 2698.223672] CR3 = 0x0000000000000000
[ 2698.259673] RSP = 0x0000000000002006  RIP = 0x0000000000000000
[ 2698.262817] Sysenter RSP=0000000000000f80 CS:RIP=0050:0000000000002810
[ 2698.312790] RFLAGS=0x00010002         DR7 = 0x0000000000000400
[ 2698.329135] CS:   sel=0x0000, attr=0x08081, limit=0x00000000, base=0x0000000000000000
[ 2698.350022] Sysenter RSP=0000000000000f80 CS:RIP=0050:0000000000002810
[ 2698.385711] CS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2698.392073] DS:   sel=0x000e, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2698.408179] audit: type=1804 audit(1591347232.523:267): pid=18647 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.3" name="/root/syzkaller-testdir891778437/syzkaller.7QqUtx/772/bus" dev="sda1" ino=17601 res=1
08:53:52 executing program 3:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = fcntl$dupfd(r2, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
fcntl$setstatus(r0, 0x4, 0x6900)
ioctl$ASHMEM_GET_PIN_STATUS(0xffffffffffffffff, 0x7709, 0x0)
r4 = socket$inet6_sctp(0xa, 0x5, 0x84)
shutdown(r4, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r4, 0x84, 0x6f, &(0x7f0000000040)={0x0, 0x94, &(0x7f0000000300)=[@in={0x2, 0x4e22, @dev={0xac, 0x14, 0x14, 0x2a}}, @in6={0xa, 0x4e23, 0x0, @ipv4={[], [], @empty}, 0x5}, @in={0x2, 0x4e23, @multicast2}, @in={0x2, 0x4e20, @initdev={0xac, 0x1e, 0x0, 0x0}}, @in6={0xa, 0x4e20, 0x4, @dev={0xfe, 0x80, [], 0x36}, 0x5}, @in={0x2, 0x4e22, @initdev={0xac, 0x1e, 0x0, 0x0}}, @in6={0xa, 0x4e21, 0x1, @mcast1, 0xffffffff}]}, &(0x7f0000000180)=0x10)
r5 = socket$inet(0x2, 0x80001, 0x84)
getsockopt$inet_sctp_SCTP_MAX_BURST(r5, 0x84, 0x14, &(0x7f00000000c0)=@assoc_value={<r6=>0x0}, &(0x7f0000000100)=0xfffffdeb)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r4, 0x84, 0x7d, &(0x7f0000000240)={r6, @in={{0x2, 0x0, @multicast2}}, 0x0, 0x2, 0x200}, 0x9c)
getsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(0xffffffffffffffff, 0x84, 0x9, &(0x7f0000000080)={r6, @in={{0x2, 0x4e21, @rand_addr=0x64010100}}, 0x9, 0x81, 0x400, 0xfff, 0x2, 0x0, 0x3}, &(0x7f0000000280)=0x9c)
lseek(r0, 0x0, 0x2)
r7 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r7, 0x0, 0x8400fffffffa)
sendfile(r0, r7, 0x0, 0xffffffff)

[ 2698.409388] SS:   sel=0x0000, attr=0x04005, limit=0x00000000, base=0x0000000000000000
[ 2698.440918] DS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2698.484362] SS:   sel=0x0000, attr=0x04005, limit=0x00000000, base=0x0000000000000000
[ 2698.538902] ES:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2698.612969] audit: type=1804 audit(1591347232.763:268): pid=18663 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="ToMToU" comm="syz-executor.2" name="/root/syzkaller-testdir440013971/syzkaller.BGz3RF/4511/bus" dev="sda1" ino=17634 res=1
[ 2698.615973] ES:   sel=0x0000, attr=0x00081, limit=0x00000000, base=0x0000000000000000
[ 2698.640718] FS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
08:53:52 executing program 3:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = fcntl$dupfd(r2, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
fcntl$setstatus(r0, 0x4, 0x6900)
ioctl$ASHMEM_GET_PIN_STATUS(0xffffffffffffffff, 0x7709, 0x0)
r4 = socket$inet6_sctp(0xa, 0x5, 0x84)
shutdown(r4, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r4, 0x84, 0x6f, &(0x7f0000000040)={0x0, 0x94, &(0x7f0000000300)=[@in={0x2, 0x4e22, @dev={0xac, 0x14, 0x14, 0x2a}}, @in6={0xa, 0x4e23, 0x0, @ipv4={[], [], @empty}, 0x5}, @in={0x2, 0x4e23, @multicast2}, @in={0x2, 0x4e20, @initdev={0xac, 0x1e, 0x0, 0x0}}, @in6={0xa, 0x4e20, 0x4, @dev={0xfe, 0x80, [], 0x36}, 0x5}, @in={0x2, 0x4e22, @initdev={0xac, 0x1e, 0x0, 0x0}}, @in6={0xa, 0x4e21, 0x1, @mcast1, 0xffffffff}]}, &(0x7f0000000180)=0x10)
r5 = socket$inet(0x2, 0x80001, 0x84)
getsockopt$inet_sctp_SCTP_MAX_BURST(r5, 0x84, 0x14, &(0x7f00000000c0)=@assoc_value={<r6=>0x0}, &(0x7f0000000100)=0xfffffdeb)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r4, 0x84, 0x7d, &(0x7f0000000240)={r6, @in={{0x2, 0x0, @multicast2}}, 0x0, 0x2, 0x200}, 0x9c)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r7 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r7, 0x0, 0x8400fffffffa)
sendfile(r0, r7, 0x0, 0xffffffff)

[ 2698.694965] GS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2698.711485] audit: type=1804 audit(1591347232.763:269): pid=18664 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="ToMToU" comm="syz-executor.2" name="/root/syzkaller-testdir440013971/syzkaller.BGz3RF/4511/bus" dev="sda1" ino=17634 res=1
08:53:52 executing program 5:
r0 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/btrfs-control\x00', 0x0, 0x0)
ioctl$ASHMEM_GET_PIN_STATUS(r0, 0x7709, 0x0)
getsockopt$IPT_SO_GET_REVISION_MATCH(r0, 0x0, 0x42, &(0x7f0000000000)={'NETMAP\x00'}, &(0x7f0000000040)=0x1e)
r1 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
fremovexattr(r1, &(0x7f0000000080)=@random={'trusted.', '\x00'})
r2 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/btrfs-control\x00', 0x0, 0x0)
ioctl$ASHMEM_GET_PIN_STATUS(r2, 0x7709, 0x0)
setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000000180)="838337d851cd6160994baaa87c51a34fcba35c66e743cf5bc10f1954624c0d58330da9fb8dc9f88f3960b3a784f90e0fddbe12f3a567d3576dedfbaf2740289cc74ba86c6a5a838142c6a31f60ddcc6a80cf79944a6eb9d4c5fcb75f44abad856e5d07b2bf6bd6777e8af345d18f0f77fc9a88177edda29085fec51b61117c8a71e7", 0x82)

[ 2698.751197] GDTR:                           limit=0x00000000, base=0x0000000000000000
[ 2698.760549] FS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2698.770750] LDTR: sel=0x0000, attr=0x00000, limit=0x00000000, base=0x0000000000000000
[ 2698.789919] IDTR:                           limit=0x00000000, base=0x0000000000000000
[ 2698.808326] GS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000010000
[ 2698.820693] audit: type=1804 audit(1591347232.763:270): pid=18637 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.2" name="/root/syzkaller-testdir440013971/syzkaller.BGz3RF/4511/bus" dev="sda1" ino=17634 res=1
[ 2698.838423] GDTR:                           limit=0x00000000, base=0x0000000000000001
[ 2698.851467] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2698.876667] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[ 2698.889286] LDTR: sel=0x0000, attr=0x10000, limit=0x0000d000, base=0x0000000000000000
08:53:53 executing program 2:
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
dup(r1)
sendmsg$nl_route(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000040)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x5, 0x10, 0x5}]}, 0x30}}, 0x0)

[ 2698.905776] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[ 2698.920504] IDTR:                           limit=0x00000000, base=0x0000000000000000
[ 2698.943809] Interruptibility = 00000000  ActivityState = 00000000
[ 2698.953219] audit: type=1804 audit(1591347232.823:271): pid=18657 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.3" name="/root/syzkaller-testdir891778437/syzkaller.7QqUtx/773/bus" dev="sda1" ino=17619 res=1
[ 2698.960847] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x000000000001a000
[ 2698.978895] *** Host State ***
[ 2698.989717] RIP = 0xffffffff8116426f  RSP = 0xffff88801419f9d0
[ 2698.996666] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[ 2699.005138] FSBase=00007ff5ac388700 GSBase=ffff8880aec00000 TRBase=fffffe0000003000
[ 2699.015517] audit: type=1804 audit(1591347232.973:272): pid=18671 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.3" name="/root/syzkaller-testdir891778437/syzkaller.7QqUtx/774/bus" dev="sda1" ino=17521 res=1
[ 2699.043171] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000
[ 2699.051021] CR0=0000000080050033 CR3=0000000091795000 CR4=00000000001426f0
[ 2699.060865] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff864018c0
[ 2699.072652] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[ 2699.087322] bridge0: port 2(bridge_slave_1) entered disabled state
[ 2699.094738] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[ 2699.106465] *** Control State ***
[ 2699.113242] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[ 2699.119102] PinBased=0000003f CPUBased=b6986dfa SecondaryExec=000000ea
[ 2699.143691] EntryControls=0000d1ff ExitControls=002fefff
[ 2699.148128] Interruptibility = 00000000  ActivityState = 00000000
[ 2699.151003] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[ 2699.177186] VMEntry: intr_info=8000030d errcode=00000000 ilen=00000000
[ 2699.184350] *** Host State ***
[ 2699.195175] RIP = 0xffffffff8116426f  RSP = 0xffff8880152c79d0
[ 2699.207453] VMExit: intr_info=00000000 errcode=00000000 ilen=00000003
[ 2699.228817] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[ 2699.230291]         reason=80000021 qualification=0000000000000000
[ 2699.242095] IDTVectoring: info=00000000 errcode=00000000
[ 2699.247638] FSBase=00007fc3c7505700 GSBase=ffff8880aed00000 TRBase=fffffe0000034000
[ 2699.247647] GDTBase=fffffe0000032000 IDTBase=fffffe0000000000
[ 2699.247657] CR0=0000000080050033 CR3=0000000081d1a000 CR4=00000000001426e0
[ 2699.247669] Sysenter RSP=fffffe0000033200 CS:RIP=0010:ffffffff864018c0
[ 2699.247677] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[ 2699.247681] *** Control State ***
[ 2699.247686] PinBased=0000003f CPUBased=b6986dfe SecondaryExec=000000ea
[ 2699.247691] EntryControls=0000d1ff ExitControls=002fefff
[ 2699.247700] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[ 2699.247705] VMEntry: intr_info=80000003 errcode=00000000 ilen=00000000
[ 2699.247711] VMExit: intr_info=00000000 errcode=00000000 ilen=00000003
[ 2699.247716]         reason=80000021 qualification=0000000000000000
[ 2699.247720] IDTVectoring: info=00000000 errcode=00000000
[ 2699.247725] TSC Offset = 0xfffffa58217687b8
[ 2699.247731] EPT pointer = 0x0000000081cae01e
[ 2699.247739] Virtual processor ID = 0x001c
[ 2699.361040] TSC Offset = 0xfffffa5813785d6f
[ 2699.370056] EPT pointer = 0x00000000391b401e
[ 2699.399724] Virtual processor ID = 0x0024
08:53:53 executing program 0:
socket$kcm(0x2b, 0x0, 0x0)
clock_gettime(0x0, &(0x7f0000000040))
dup2(0xffffffffffffffff, 0xffffffffffffffff)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000002c0)={0xffffffffffffffff, 0xfffffffffffffe9d, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x3, 0x10, 0x0, 0x10002}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10)
add_key(&(0x7f0000000300)='cifs.spnego\x00', &(0x7f0000000380)={'syz', 0x3}, &(0x7f0000000480)="1ea9101e3ea3206c86666a2734980f1123ae8f2f64d3078030c62133f0dd91e6267010bb6a47171438cf699d09ce5bae2eb3c60d00cb7fddfc94fb777274db6c57534308476ef353c8b7253d6b0b79b336b9849bd5f1725359cf650196648a75bd6a3970c27d3b52efd8d2d6d88a6d290e63c19f337b4cb34c061b2a8b7d756f7f86f3eb85755016aac74d55cc949ed9c490cd9f4e24c1f35a95b2444058c06af5e4bbaed2fcadef0fbb1fbdad26c5434610b284eca3a10e04f63c8cbbbab3e0e3878c8ce789accc45aea5880424c7d2393db94d5dc4429fa6440450165f559b8ea6a281dc5e72a541944783f805af6c2bfed5047c5c65f97b285573d2d2c237f7b2281f52224db8b17df2a27d2e64fb7fa819e33ad6d3d9f620651dd40fa30dd63de7f32858f5409cdcf92f00ad081e92ffc7c120a4a3db959c6b70035a215f47c7ceb2da38b0022814b43ad86c7498ffc8d09125dafbf5a556189dbec4dcc7ad085b96afe4f0e82993ff64d01162ea564d6dc736000e15dd0f95770b2dd96af945ce2d44273d7658f5187c5300d8eb260706f8c8bda9dfd1e6059421f7c3c42a69c895dcdf1a0134f8c9657903283152e92585117afe51b3a7c1c2e8ffc8a53e6d4300ac9016dcd32f2c2dac1b9a59730d9867ed9aa26439f95408f647a416b735b89161f1950640eb1cb9c849391f4117762f145e5d7a0b7b284a136f889d783bace20a66e44a994dc229d8492d18bc8cf6a3d88979df91824aeb8d0e79e366e634c96523793608323ccab88d49365675626fbc0b3e670f6d88c3038eece767bb47a83bc077bddea40b98339a778f72924ddb3733e06aa312e02b31e42593410fe70f344546815b0f7d4c36cdd600763d38c06ab66520af4ac7f04161f8885b6709d70e4d1446e547ac9e4666dc071ec052cef9c3053a0a536c8af12e6c2f3f6a0f4e66bb107197f72470a09baafa7eae059e874f3274d099fa5fca0479e59c8b5ae8024cccee29867e9a4d5628d708ff0c767bf84462e3ef5ab7aa228a19df66f91ddd3db04d2b864e209d942069a685d406b623e4ef9bf32f5c1188b42e04fcc5482bc24d6d352a39d570d9b2cfad2bbf9985ac74e940d6da7de38c2a11a04918de2d8556be8d360b4e1055e1b2201f33918ea7c2207a0c8253290d29d8ddf8f63fcd2fb080fb56f080c8b2fb17e63dc0c305a1b9f2e63417dd6bf6d26e419bb29ffd85eb92e796b45d5a96e0a53b5bf321e5081f3da2c12d525bdadbad3d5d3160195ff601fda979c89e4a7f8a882228297bb229aae250b8b0f967c523cfec722c07a9c52e4ebe8d45f766c76cf810fc342862b0b5c7b094e2357c635802da45b48277385c08d0feca712ceed0320a5290e81061aafdbffe89c826c1221cd72c509db96f9c58fb6badb8820eb120e55ec1da871d8233301a701860594bd36f1ab1e5d12418e86458a96039ba07182981d6c329130114f7ed21d5387ef13cf02b6c299c8948186d0387997ee59d1e38b10578d0e98fb8e23f0195b56b98e7d8b1958223ad030b96c54a9d632d6aef53270b9e2ba9bcfb24a104f051507353921fcb29e9eb5340a85df027990e8efb373f8b2977647d153281426cd379468b702558445f3e286fdf8be5e0a5113122a0cded6c57c7056f856c7d568b31e746cfcb63eaf36f074eeee9eb4b70f638b61dc7aa60e71369412fe9bf2a1df9097cdf20307a6fe40cc445fdcbb00c7cd9953b9ab06be798e7a6cfc1402c69b549373ce261ddfd5746f2aa5e44efa42edfe26fa52613a3f379efc5865ddc24b24e1c2f34c57ceaf8b57957a1ba0cc25bd7fad80da2001845f5b2e3c423add91f57927212842290173d8892923a78fd1087f04867a7656eff6d377225aeaa2397c40317558f43291d15150703dd96b61e121ebcde67b8671249f63af3d7d252923167b59c53cdec98dfe634fa11dea321fd9e122ca4779ed32c2a1a26417c51aaafd814156c117f36f2b4208092984d859a66bf02b3ff077fb835f132b5f2097dee2a19e09b1d1dd7c25c6006353051a317240693d004a4e5553b66cc54e11ddf38d469bdc52f4b7afbfff68c44550bc235656f0106399aad87cef29759a58bb9b936c79bb41062e996901f985f8aacf33d6c5f665e1407a83a96aa5a57acb4c8fecb559baccfd9d142387d0a7dc3a390aa5e18645c282c9fc0650e3ad7376f1a5db1408d901a38744dc5b0ae364f9ba95261e503fa95843a14fc871b5a6139202c5e1d990561d40a5768a220dd30b8d5b8aa62d9301660ac504530781b3eef02f182386dc439dd80fbae4fe353118d59aa5be98c607de0eeadd6d456cf4a5c945deeca7f564101e6eb992da2bfbf61eec8e7891a8e3dfa0eefd4f322164704e66d72175484d6ad0b8a4efa3ccf191f746d4252257ec7c6d9d2e7fd65f68680c5f6aa44d2bdbaf0f726fe9957f3edf0acdb7013f5e63d94c98f2d8138f917cf524ea58ac7466577c21c6659d778ffb6bddc5a04b5070bd768591bfd9deeeabc93390d37c35051840ff7287f95a6c8a3ed7f1b9300fb94e3421272223c349abcad0c897f49dfcc0c39640562d9ebe3b349b0984cf0f978b2201a1d86f0da9f04e5e18e4447e0f8ecca2dbf5acc0bff8f18029c0443aca8554efa1ceffffc01e306f2e8de27551a0f1625a8e6eb85dd99c7fcca90db6edc7fd232df7272912d30e4ec1d6d6eaef0941d7640680ececc5ae484a65572e4c4406e1e5ebedc4ce35726f2e03d195db85a0f24f6d7d1b8cd6516042a517f0dece9f601c541d20f21ab51dc22dfa5f26a5fa5c007e10f4399a77e6309d7e84a5b8d1c224024dad344989f84ef867f066673877dafae13d1479d69b80da73ec74de42ff70e980fca827ca5e7f53a9fd224e399c4b92132cd408dd4b840a008c7f537da4a5ef4d477c3a7dbc1e9d85930470edf4209ff6692405df1127c8b85837a799407569dbc7f769c6d7f773401005b6149b13ab5e67a8693415240f4a25be8a12761d71ab178c0c78ee45737b013867a988677276dc3a0928d650b4d3b4f82bacf7b34e3bd22f4f8f7793d5820f5a751cd98e38da9c12cd78246d2206803332ba91afe5bc36f08ed8742a23f5ad3b8ce97d7c07f9c0d04b810d154b96e2fbe64ab55546ef30fa8cf57993d9715b8ea6de5a450a995e39c7b55acc6ae3f22d3580d7c945db0599f2e056c2d882d2a4b4279b54fe3e499353361870e0914bd0074625c71d2c55ad52e0adccf622c1574586f7ef24a6828eaf7eae8391bb86698fdb581c21f18b94d05847efc125dc3b7ec5dd8e4b5e8c2676f834bd4debf96c4119d0cc341f87d6192ab979c43d1eafa3c95fa612e16bb363478c7842c3c0cd7c3bb64aed7a4d0361acc4e8a0445f4dff79850e16dc07a1bad47a977573345f6c98d0aa9b45c087f4d9f17e4552d075cbb1fd5de0ecea1d53ea990c52d5199a8c76ceb1ed36748c612b8108b190160f0fd586974ca67c2ff21ef2346e5ec032907c8b4c6c07b9ef00babf9b07c0f893ed48a543c40f3d1a870cc21291805f238bd9fc417c33bc21381677219345d2fb7f1cf4de5a22c7db384b3acc2a06cf16ab960d8742c2fc7f15c2641c52767cd1710995934428b92c0eb32342d4e6f19ff6b5a35c0c55a8ad33bd30dc7de0e22c63ebebd62d162b261cb698d55e55db950d40e9efdbe892d5a06f372d154e4250a4c8e4dbad713401acb4ab83edb0b1fcf2a34a49370f89838db1b6e0123fe61ef71887586e0a5e55e0bd30def92cb3a2bb942f645b5e48322f76f3082d1887b53d50c96090f479c6571601ba269d8a781f0c375739a8d453d42be21c4c62dadfaf178a6a1054eeedb0864f8052e75e901175f2f832643278a8d05475bf7f8737dc18e40dc34831c307d71b646eccb92430e50bf37fa62e8c9a0e9097a4a0dac4305558352c084689995c839938138905a610bcda9a812356a3ac655ec1c7325c00290215710393480012e7afb33562532c366eec827513362178570cc43075a86e410abdf56a8f60529e79abb0700e17bd3ba521b122a02e1663897158310a8fcca895e81e158bf61bb8e027be611e5996da8ff1f8031e86e25a7191b6bf080783fa927effc99e28f22c35489b989975fa5f24b949f9af3eae289d0204d558327899226ac2d774bf3a542440e41674c8cf1e2cfd8018da92e1108fc5f7354d2e417ea24a38955c479b50a424d01d30570b655277e45d68509a857eefc4a2254e09a68409d43a05fd4d2367d9f8e3cef3d0acb37f5383c0369d094550b73f3274e62e32ecd059b38267330af37cbe3b674b0f17456ba094b7a51a6535294e2288eb3ca8098106b11565a5d0d3ad81f9c2c88b757e2d2ae293f2bfadef60bbc95fabd17a22ebcf8faa32f39ae89d235401826a9286e1a18bb776c9c00ce1937b8d24b219ff44790de869413fa3781757a625da2fd8bb1a84a1c87fd5329e3b429f633c6dc41aa13f1d4a15ad5688a84efecd2756aec49866d1d632f8b3397dc50d51d63551df652fbbe546fdfb67d06a65736278fe5355bd252e6171498f26672981b3e9da6eb41a87479ca47d86b9224fd18bb7e959c218e9f94240b654c62c377f92bdc07242b3490dcb54681c8854e0e2290adf581c6c2564402b94f270a90c549a0d4473dd5a275caec37bfe31a751811d856c95b4bd87be494f5766478dea7ed579279a5a8e553df4aab81c77de340ede24da7db38f69e5ca1b805334c9c5ebac9938b66efdfa7b1e141cac29e00a34a7c4e9d90a4c29a8d38b3f9977e79466da9fbe9f282b25140a62f8207aa9219de18cb48077cfa184de9ff16aba6357df37ff90ec4e5284b4a02f9867f08e6ec5c218e0393de75095911261870e50ad4fc7d55c094408b9605fdeb9234795824906f7e6747f93362f6eb8563c6250370e194a9703ef5bc8ee0e993fbaad800df411b5e1dd8d3afcd1c93e5b2c8eb0a63a63faa7a2e7fb1b063e9adc5efe4c1686944bf7ba21715171aacd693d74cacd7a0493ddb6dccb968998811fab6749782a71878d5d4e603b37ec74caa14b6ff8c03367ce01f20c48e8527e2f6496ae994fd14d5d84f2ab18daace47f5a31c5e7da82e7f90473a0cc8d5da4147422389a729f1bfccc86a59af3c06edb4beeaec6387794a5438c9cb35cb3c6f7fdc4df32937e200b5f23efd04f793f8c4642f3945e35eb1dcb318d354765b24d83648d2be344a61ccbcee25544629f905431502a303ff4f4afb8d82a542089af84db0fd307d25eb70d950b8f83206cc05c9ec4ca3462f64c6f82680c775f12206d840876013df1f5a198811438b341276afd4ce33a61d5d0930caa75128f1fb7036b8d8ddd9102bf4019b9d14e0ef1c45a140badecbbe61b6cd9dd66a87fa62539a7da4e2ff302e73363f1fa07fae200461290db2c045bf63177d5b7d7dc69fb73d38b3174781cb1901adc059b2908c2f580de1e2c0d91cfa0384bb8e43f04f107af12b810e562301560a9150cb8e296952d3e8d247fd39fca16adf239c73c6d0cf3302fe3cde43a69f1144b0c9c0b2d4f7bbf4e080c95ba55ed791dc4fa214c0424770272830058c14a9b62ff62f605724d3a68d87c7d6c8bb9b95d63587f3bba343b84d20529ce0efbd2810def6013177c7f66bd9790edef28ca1f89e6288d3af5b052abc11776b43f23fcdb07508cdad0dbd7adf0dede44042d45b4585bb927f96c02a543520f0e8a6d301624f096c55418cd55a2ed0c0348d32a211cb8150befa644a4e4a26a9af0000cc550c5d", 0x1000, 0xfffffffffffffffd)
r0 = request_key(&(0x7f0000000100)='id_legacy\x00', &(0x7f0000000140)={'syz', 0x0}, &(0x7f0000000180)='./cgroup.cpu/syz0\x00', 0xfffffffffffffff8)
keyctl$invalidate(0x15, r0)
request_key(&(0x7f0000001480)='id_legacy\x00', &(0x7f00000014c0)={'syz', 0x2}, &(0x7f0000001500)=':\x00', r0)
r1 = getpid()
sched_setscheduler(r1, 0x5, &(0x7f00000001c0))
perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0xfc, 0x0, 0x0, 0x2440, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000000001f, 0x0, 0x53a, 0x3ff, 0x0, 0x0, 0x0, 0x2000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x5, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x2)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000500)='/dev/kvm\x00', 0x40000, 0x0)
bind$alg(0xffffffffffffffff, &(0x7f0000000180)={0x26, 'hash\x00', 0x0, 0x0, 'crc32-generic\x00'}, 0x58)
syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x0, 0x2)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x7, 0x0, 0x97620f7e38610a1f}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r3 = socket(0x1e, 0x4, 0x0)
setsockopt$RDS_CONG_MONITOR(0xffffffffffffffff, 0x114, 0x6, &(0x7f0000000140)=0x1, 0x4)
setsockopt$packet_tx_ring(r3, 0x10f, 0x87, &(0x7f0000000200)=@req3={0x4, 0x1, 0x7, 0x10000, 0x8, 0x80, 0x3}, 0x1c)
read(r2, &(0x7f0000000400)=""/168, 0x41c)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket(0x10, 0x3, 0x0)
write$FUSE_NOTIFY_INVAL_ENTRY(0xffffffffffffffff, &(0x7f0000001580)=ANY=[@ANYBLOB="2c5970a0c7d6d9af4597b35454a0a6ae02fa0d541b6a13ec6640b1a612b7a956bf69d02ea9f829884f2498007dbc41f03b7eeb80b7221bbeba81a0f5c0082d3f87b3d54235f69529641809af097b5dbef3681849e0fe9c1459314f96dcef3258ef74ae3e364f906405228af5898550b880881a2c9831955ce58e2b1f80cae4410efad6e9337e613778b6fad2ad284963fae8628036044dcdff03"], 0x2b)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000140)={'ip6tnl0\x00'})
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(0xffffffffffffffff, 0xc008ae88, &(0x7f0000000000)={0x0, 0x0, [0x0, 0x0, 0x1]})
r7 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(r7, 0xc008ae88, &(0x7f0000000000))
sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB="34e40000000000ece8a53299fa051ba997be6fb1838274a49786c1c5c44f68a58ae5c7f7", @ANYRES32=r7, @ANYRES32=r6], 0x3}, 0x1, 0x0, 0x0, 0x10}, 0x0)
r8 = mq_open(&(0x7f00000004c0)='ip6tnl\x00', 0x6eb3ebbbcc0884f2, 0x60, 0x0)
mq_notify(r8, &(0x7f00000001c0)={0x0, 0x1000000})
sendmsg$TIPC_CMD_GET_NETID(0xffffffffffffffff, 0x0, 0x4000)
mq_timedsend(r8, 0x0, 0x0, 0x0, 0x0)
r9 = openat$binder_debug(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/kernel/debug/binder/transaction_log\x00', 0x0, 0x0)
lseek(r9, 0x401, 0x0)
r10 = socket$pppl2tp(0x18, 0x1, 0x1)
ioctl$ifreq_SIOCGIFINDEX_wireguard(r10, 0x8933, &(0x7f0000001540)={'wg0\x00'})
dup3(r9, r10, 0x0)
perf_event_open(&(0x7f0000000380)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x10000003, 0x0, 0xc8f8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, @perf_config_ext, 0x0, 0x4, 0x0, 0x4, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, r9, 0x0)
sendmmsg(r3, &(0x7f0000000280), 0x1, 0x0)

08:53:53 executing program 5:
r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000180)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x1040038}, 0xc, &(0x7f0000000040)={&(0x7f00000000c0)={0x58, 0x2, 0x6, 0x201, 0x0, 0x0, {0x0, 0x0, 0xa}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x5}, @IPSET_ATTR_DATA={0x24, 0x7, 0x0, 0x1, [@IPSET_ATTR_MAXELEM={0x8, 0x13, 0x1, 0x0, 0x1}, @IPSET_ATTR_CIDR={0x5, 0x3, 0x81}, @IPSET_ATTR_PROBES={0x5, 0x15, 0x81}, @IPSET_ATTR_HASHSIZE={0x8, 0x12, 0x1, 0x0, 0x5}]}]}, 0x58}, 0x1, 0x0, 0x0, 0x8080}, 0x0)
fremovexattr(r0, &(0x7f0000000080)=@known='user.syz\x00')
ioctl$VIDIOC_QUERY_EXT_CTRL(0xffffffffffffffff, 0xc0e85667, &(0x7f00000001c0)={0x80000000, 0x6, "038fbccf31c0fc65c96b611365a8fe318ed2148fe80b719b94a8bdf5ea1e13b5", 0x1, 0x6, 0x6, 0x17, 0x2, 0x800, 0x1, 0xa38, [0x1000, 0xfffffff8, 0xfffff000, 0x80]})

08:53:53 executing program 2:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@textreal={0x8, &(0x7f00000000c0)="650fae8f0000660fd5427db8d9038ec02c090f01ca3e0f01cfaa0f30f30f2ad1656626f30f38f6606d", 0x29}], 0x1, 0x0, 0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r3 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/btrfs-control\x00', 0x0, 0x0)
ioctl$ASHMEM_GET_PIN_STATUS(r3, 0x7709, 0x0)
r4 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/btrfs-control\x00', 0x0, 0x0)
ioctl$ASHMEM_GET_PIN_STATUS(r4, 0x7709, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
syz_genetlink_get_family_id$tipc2(0x0)
ioctl$sock_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000100)={0x0, @nfc, @can, @phonet, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)='veth1_macvtap\x00'})

08:53:53 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_CLOCK(0xffffffffffffffff, 0x4030ae7b, &(0x7f0000000000)={0xec2})
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000026000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000000c0)={{0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x9}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x4, 0xce, 0x0, 0xfd}, {}, {}, {0x1}, {}, 0x80000004, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x20]})
r3 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
fcntl$setstatus(r3, 0x4, 0x46000)
io_setup(0x2349, &(0x7f0000000240)=<r4=>0x0)
io_submit(r4, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x80000000000000, 0x1, 0x0, r3, &(0x7f0000000000), 0x377140be6b5ef4c7}])
setsockopt$PNPIPE_INITSTATE(r3, 0x113, 0x4, &(0x7f0000000040)=0x1, 0x4)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

08:53:53 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = fcntl$dupfd(r2, 0x0, r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_CLOCK(0xffffffffffffffff, 0x4030ae7b, &(0x7f0000000000)={0xec2})
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000026000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
r5 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/btrfs-control\x00', 0x0, 0x0)
ioctl$ASHMEM_GET_PIN_STATUS(r5, 0x7709, 0x0)
ioctl$SOUND_MIXER_READ_RECMASK(r5, 0x80044dfd, &(0x7f0000000040))

08:53:53 executing program 3:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = fcntl$dupfd(r2, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
fcntl$setstatus(r0, 0x4, 0x6900)
ioctl$ASHMEM_GET_PIN_STATUS(0xffffffffffffffff, 0x7709, 0x0)
r4 = socket$inet6_sctp(0xa, 0x5, 0x84)
shutdown(r4, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r4, 0x84, 0x6f, &(0x7f0000000040)={0x0, 0x94, &(0x7f0000000300)=[@in={0x2, 0x4e22, @dev={0xac, 0x14, 0x14, 0x2a}}, @in6={0xa, 0x4e23, 0x0, @ipv4={[], [], @empty}, 0x5}, @in={0x2, 0x4e23, @multicast2}, @in={0x2, 0x4e20, @initdev={0xac, 0x1e, 0x0, 0x0}}, @in6={0xa, 0x4e20, 0x4, @dev={0xfe, 0x80, [], 0x36}, 0x5}, @in={0x2, 0x4e22, @initdev={0xac, 0x1e, 0x0, 0x0}}, @in6={0xa, 0x4e21, 0x1, @mcast1, 0xffffffff}]}, &(0x7f0000000180)=0x10)
r5 = socket$inet(0x2, 0x80001, 0x84)
getsockopt$inet_sctp_SCTP_MAX_BURST(r5, 0x84, 0x14, &(0x7f00000000c0)=@assoc_value, &(0x7f0000000100)=0xfffffdeb)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r6 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r6, 0x0, 0x8400fffffffa)
sendfile(r0, r6, 0x0, 0xffffffff)

[ 2699.692259] *** Guest State ***
[ 2699.714024] CR0: actual=0x0000000080000024, shadow=0x0000000080000004, gh_mask=fffffffffffffff7
[ 2699.722917] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[ 2699.778259] audit: type=1804 audit(1591347233.933:273): pid=18703 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.3" name="/root/syzkaller-testdir891778437/syzkaller.7QqUtx/775/bus" dev="sda1" ino=17665 res=1
08:53:54 executing program 4:
r0 = add_key$keyring(&(0x7f0000000000)='keyring\x00', &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd)
add_key$user(&(0x7f0000000080)='user\x00', &(0x7f0000000400)={'syz', 0x2}, &(0x7f0000000180)="88", 0x1, r0)
r1 = request_key(&(0x7f0000000040)='trusted\x00', &(0x7f0000000240)={'syz', 0x1}, &(0x7f0000000280)='\x00', r0)
keyctl$KEYCTL_PKEY_QUERY(0x18, r1, 0x0, &(0x7f00000002c0)='/dev/kvm\x00', &(0x7f0000000300))
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
r5 = fcntl$dupfd(r4, 0x0, r4)
ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200)
r6 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_CLOCK(0xffffffffffffffff, 0x4030ae7b, &(0x7f0000000000)={0xec2})
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000026000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r6, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r6, 0x4138ae84, &(0x7f00000000c0)={{}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x4, 0xce, 0x0, 0xfd}})
ioctl$KVM_RUN(r6, 0xae80, 0x0)

08:53:54 executing program 2:
r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x46000)
io_setup(0x2349, &(0x7f0000000240)=<r1=>0x0)
io_submit(r1, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x80000000000000, 0x1, 0x0, r0, &(0x7f0000000000), 0x377140be6b5ef4c7}])
ioctl$VFIO_SET_IOMMU(r0, 0x3b66, 0x7)
r2 = socket$inet6(0xa, 0x5, 0x0)
r3 = socket$inet6(0xa, 0x2, 0x0)
r4 = dup(r3)
r5 = socket$netlink(0x10, 0x3, 0x0)
getsockopt$sock_cred(r5, 0x1, 0x11, &(0x7f0000000280)={0x0, 0x0, <r6=>0x0}, &(0x7f0000cab000)=0xc)
syz_mount_image$hfs(&(0x7f0000000000)='hfs\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f00000002c0)={[{@gid={'gid', 0x3d, r6}}]})
stat(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000900)={0x0, 0x0, 0x0, 0x0, 0x0, <r7=>0x0})
syz_mount_image$tmpfs(&(0x7f0000000000)='tmpfs\x00', &(0x7f0000000040)='./file0\x00', 0x2, 0x8, &(0x7f0000000840)=[{&(0x7f0000000140)="fe0898ca14f56dbd11f172e2372226cac5f87f53df05fa8251352b5014bc11d024884aa1a73ceece1040d89a5041ac327beb8798a1b68cb8138e4594eb488784a87de44344bf9c04ad3e2acddb7ba8b4e3aca890162f3932694f83a1e52359422f94603609542c6a610ccea6d448d78b48d3f4caed7867734e8a19c94137b10215cd7719f79839cf5d260e43bdbf152801c6a55b19eab525a4ac38b408a4b80cc92b0648a23d6ebe2573bba6b07234a0dfcc2d0d18f9e50154fcffab6f9319bf99d6754cf151cf8f80bd7997ea9edd836ada7acd56cf2fc3602f8bd0f3a32e147fa1a487d07ad7caaeb5cf8e4f0f7a5db0a4bfafb5a758b1725a", 0xfa, 0x4}, {&(0x7f0000000300)="ceb6d059fcbbbae3fd460c10a5ae990676bf395c8b097351d23312678e7375a234f7127401221a481fbbbf00b0da02e5192b8728c8e6a529ec715a0301312f36b2adc8776128d4f08079", 0x4a, 0x5}, {&(0x7f0000000380)="32cc7ef00cd53e1fa942f5d7cb79a0d6eef50d4c742d56c3a95286c359544e28c92949533999149181828c2f44629434aebd26097e18e71accd22ff22bbe17b9c258b3a6444e83ff9744df6ed8322928f38c41588c8fbd6a0c7ed0106891733ade3e9f1dd12ecc663d7c36ee324938bf2eab172086c57b64e748666730df44c9ebb33e509db1c91cb781666c7b521bdd7015", 0x92, 0x80000000}, {&(0x7f0000000440)="3b1c194448c27ca2cdd4b091dc28aeff182fec95fba2a78d762eb90ca8125379246c18920c7bfa32d8c825c833b27a5f736716ca8b566ae5d0cfc2dc7de3d0c51e368b390e39d7252859258355427abb002e63f0ed4f7ddd0a0417853a27160f818b57ea8de91052cb85d11bba6b8b50137879932f5d46c2ebad1dc7b001e1", 0x7f, 0x7fffffff}, {&(0x7f00000005c0)="07cfc5638113bd0e97937edd98c97166382249daed2cd2c33961bf4e1ccd4f74b3c291a72caeb71ab776d33cfbfd061850aaf28daecc72bf8822bbdfd2b90abc7b8bf5de410bf2a229529826d371e893cb88323b9b0c12c40d7a7a1c2d8a1c237f93d450952e287f186946adbce2e34b771ffbd8d76074417c957d18c13889ff44c3a1c0f1d4eb173748e5454b9065b9118cf9234c83d92034b80fb9c308bba0727882b50c5381e792e405ee07596c4c016849e241cb9d183cf7d2f04459ad39159330f2684ed774f433b52ddd960a51fcf208db52e39189365dde07af9c052536bb777250896ff8bb93d525a05e420c0d8669cf61c67c31ffac7e", 0xfb, 0x8}, {&(0x7f00000004c0)="fef0fbc3686fd99144c569329ecf1d2217e51e41136de99978980920f2394cdd4b354b4830d3f5699872fbe444b19c87b21221d40e3596430d666ec87bf62425e81137f0c14a8b01c392cdc7c65630a8e1b8889392b5fb7ea1c0f0fdba3ccc", 0x5f, 0x9}, {&(0x7f00000006c0)="09700faecbebb026a1977bef1c675e1aaad680ff6f15958990c6a3fa6f1c40e31aafbea50c4d79e18bd4800ccc70a5fc7fc9bc1f248930828a40595f61c9b9c752", 0x41, 0x5}, {&(0x7f0000000740)="2638f3e79c54b9e8187228cedabb97bceab3316699c3310a948f13af6159e84a36284c50d5dbcd13900e77fef05a38d725ac83e40400e3a9b822f3daaa562a7c53efc81f84a4029365d325e2a19b901bd4334e9c82dc25f09815770a47be4e8aa18e3b7bd3cc8987a664ca53fe4057c62943a56d2798fc149c4c8966e786fefd3e6463865d6258b25f4d53255b0b3710366ea26d7eac2521ad0fd73dc3b58a66a341ed99121956ddec1c73e3bc9bc3ce25f60b62cc45a22948795c398a6163f35e153f8af18fe1d2a3c8bf2b7c1a5f64e8333fa79ed48216917e13", 0xdb, 0x3ff}], 0x100000, &(0x7f0000000980)={[{@mode={'mode', 0x3d, 0x10e5}}, {@mode={'mode', 0x3d, 0x5}}, {@huge_advise={'huge=advise', 0x3d, '--%'}}, {@huge_within_size={'huge=within_size', 0x3d, '}'}}, {@gid={'gid', 0x3d, r6}}, {@gid={'gid', 0x3d, r7}}, {@mpol={'mpol', 0x3d, {'prefer', '=relative', @val={0x3a, [0x2c, 0x3d, 0x2d, 0x32, 0x30]}}}}], [{@appraise_type='appraise_type=imasig'}]})
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
sendmmsg$inet(r2, &(0x7f0000006c40)=[{{&(0x7f0000000100)={0x2, 0x0, @local}, 0x10, &(0x7f0000002640)=[{&(0x7f0000000080)='\x00', 0x1}], 0x1}}, {{&(0x7f0000000280)={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, &(0x7f0000000580)=[{&(0x7f00000002c0)="ea", 0x1}], 0x1}}], 0x2, 0x0)

[ 2699.852408] CR3 = 0x0000000000000000
[ 2699.887301] RSP = 0x0000000000002018  RIP = 0x0000000000000000
[ 2699.911369] RFLAGS=0x00000002         DR7 = 0x0000000000000400
[ 2699.931804] Sysenter RSP=0000000000000f80 CS:RIP=0050:0000000000002810
08:53:54 executing program 5:
socketpair(0x28, 0x1, 0x200, &(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r0, 0x84, 0x22, &(0x7f0000000040)={0xfff, 0x8, 0x7, 0xf6e}, &(0x7f00000000c0)=0x10)
r1 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
sync_file_range(r1, 0x224e, 0x875f, 0x3)
fremovexattr(r1, &(0x7f0000000080)=@known='user.syz\x00')
r2 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/btrfs-control\x00', 0x0, 0x0)
r3 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
fcntl$setstatus(r3, 0x4, 0x46000)
io_setup(0x2349, &(0x7f0000000240)=<r4=>0x0)
io_submit(r4, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x80000000000000, 0x1, 0x0, r3, &(0x7f0000000000), 0x377140be6b5ef4c7}])
getsockopt$inet_sctp6_SCTP_HMAC_IDENT(r3, 0x84, 0x16, &(0x7f0000000280)={0x3, [0x5, 0x1, 0x2]}, &(0x7f0000000300)=0xa)
ioctl$ASHMEM_GET_PIN_STATUS(r2, 0x7709, 0x0)
accept$packet(0xffffffffffffffff, &(0x7f0000000180)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f00000001c0)=0xffffffffffffff52)
setsockopt$inet6_mreq(r2, 0x29, 0x0, &(0x7f0000000200)={@remote, r5}, 0x14)
r6 = openat$ocfs2_control(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ocfs2_control\x00', 0x200100, 0x0)
ioctl$SIOCAX25GETUID(r6, 0x89e0, &(0x7f0000000240)={0x3, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, 0xffffffffffffffff})

[ 2699.967892] CS:   sel=0x0000, attr=0x08081, limit=0x00000000, base=0x0000000000000000
[ 2700.015334] *** Guest State ***
[ 2700.022075] DS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2700.035353] CR0: actual=0x0000000000000020, shadow=0x0000000000000000, gh_mask=fffffffffffffff7
[ 2700.060457] SS:   sel=0x0000, attr=0x04005, limit=0x00000000, base=0x0000000000000000
[ 2700.082205] CR4: actual=0x0000000000002050, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[ 2700.091888] ES:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2700.109656] CR3 = 0x00000000fffbc000
[ 2700.117014] RSP = 0x0000000000002006  RIP = 0x0000000000000000
[ 2700.130666] RFLAGS=0x00010002         DR7 = 0x0000000000000400
[ 2700.134173] FS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2700.140742] Sysenter RSP=0000000000000f80 CS:RIP=0050:0000000000002810
[ 2700.159385] GS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2700.168850] GDTR:                           limit=0x00000000, base=0x0000000000000001
[ 2700.170593] CS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2700.180492] LDTR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2700.195949] IDTR:                           limit=0x00000000, base=0x0000000000000000
[ 2700.206466] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2700.216786] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[ 2700.225405] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[ 2700.232784] DS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2700.235551] Interruptibility = 00000000  ActivityState = 00000000
[ 2700.249439] *** Host State ***
[ 2700.255064] RIP = 0xffffffff8116426f  RSP = 0xffff88803c8af9d0
[ 2700.261779] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[ 2700.269202] SS:   sel=0x0000, attr=0x04005, limit=0x00000000, base=0x0000000000000000
[ 2700.271056] FSBase=00007fc3c7505700 GSBase=ffff8880aec00000 TRBase=fffffe0000003000
[ 2700.287314] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000
[ 2700.295811] CR0=0000000080050033 CR3=0000000050c25000 CR4=00000000001426f0
[ 2700.300490] ES:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2700.315067] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff864018c0
[ 2700.324278] FS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2700.327806] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[ 2700.350304] *** Control State ***
[ 2700.354219] GS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2700.357094] PinBased=0000003f CPUBased=b6986dfe SecondaryExec=000000ea
08:53:54 executing program 5:
creat(&(0x7f0000000140)='./bus\x00', 0x0)
r0 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/btrfs-control\x00', 0x0, 0x0)
ioctl$ASHMEM_GET_PIN_STATUS(r0, 0x7709, 0x0)
r1 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x46000)
io_setup(0x2349, &(0x7f0000000240)=<r2=>0x0)
io_submit(r2, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x80000000000000, 0x1, 0x0, r1, &(0x7f0000000000), 0x377140be6b5ef4c7}])
fremovexattr(r1, &(0x7f0000000040)=@random={'trusted.', '+\x00'})

[ 2700.375415] EntryControls=0000d1ff ExitControls=002fefff
[ 2700.382741] GDTR:                           limit=0x00000000, base=0x0000000000000000
[ 2700.395152] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[ 2700.412836] LDTR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2700.421898] VMEntry: intr_info=800000c5 errcode=00000000 ilen=00000000
[ 2700.450152] IDTR:                           limit=0x00000000, base=0x0000000000000000
[ 2700.452661] VMExit: intr_info=00000000 errcode=00000000 ilen=00000003
[ 2700.485096] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2700.508044]         reason=80000021 qualification=0000000000000000
[ 2700.517395] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[ 2700.535419] IDTVectoring: info=00000000 errcode=00000000
[ 2700.548980] TSC Offset = 0xfffffa5719c13572
08:53:54 executing program 3:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = fcntl$dupfd(r2, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
fcntl$setstatus(r0, 0x4, 0x6900)
ioctl$ASHMEM_GET_PIN_STATUS(0xffffffffffffffff, 0x7709, 0x0)
r4 = socket$inet6_sctp(0xa, 0x5, 0x84)
shutdown(r4, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r4, 0x84, 0x6f, &(0x7f0000000040)={0x0, 0x94, &(0x7f0000000300)=[@in={0x2, 0x4e22, @dev={0xac, 0x14, 0x14, 0x2a}}, @in6={0xa, 0x4e23, 0x0, @ipv4={[], [], @empty}, 0x5}, @in={0x2, 0x4e23, @multicast2}, @in={0x2, 0x4e20, @initdev={0xac, 0x1e, 0x0, 0x0}}, @in6={0xa, 0x4e20, 0x4, @dev={0xfe, 0x80, [], 0x36}, 0x5}, @in={0x2, 0x4e22, @initdev={0xac, 0x1e, 0x0, 0x0}}, @in6={0xa, 0x4e21, 0x1, @mcast1, 0xffffffff}]}, &(0x7f0000000180)=0x10)
socket$inet(0x2, 0x80001, 0x84)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r5 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r5, 0x0, 0x8400fffffffa)
sendfile(r0, r5, 0x0, 0xffffffff)

[ 2700.552368] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[ 2700.553990] EPT pointer = 0x000000005818601e
[ 2700.583639] Interruptibility = 00000000  ActivityState = 00000000
[ 2700.587200] Virtual processor ID = 0x001c
08:53:54 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_CLOCK(0xffffffffffffffff, 0x4030ae7b, &(0x7f0000000000)={0xec2})
prctl$PR_GET_CHILD_SUBREAPER(0x25)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000026000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000000c0)={{0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x9}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x4, 0xce, 0x0, 0xfd}, {}, {}, {0x1}, {}, 0x80000004, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x20]})
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040))
ioctl$KVM_RUN(r2, 0xae80, 0x0)

[ 2700.609702] *** Host State ***
[ 2700.621192] RIP = 0xffffffff8116426f  RSP = 0xffff8880546579d0
[ 2700.658384] audit: type=1804 audit(1591347234.813:274): pid=18743 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.3" name="/root/syzkaller-testdir891778437/syzkaller.7QqUtx/776/bus" dev="sda1" ino=17665 res=1
[ 2700.667477] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[ 2700.743509] FSBase=00007ff5ac388700 GSBase=ffff8880aed00000 TRBase=fffffe0000034000
[ 2700.782734] *** Guest State ***
[ 2700.784364] GDTBase=fffffe0000032000 IDTBase=fffffe0000000000
[ 2700.808500] CR0: actual=0x0000000080000024, shadow=0x0000000080000004, gh_mask=fffffffffffffff7
[ 2700.809425] CR0=0000000080050033 CR3=000000001a069000 CR4=00000000001426e0
[ 2700.850733] Sysenter RSP=fffffe0000033200 CS:RIP=0010:ffffffff864018c0
[ 2700.858459] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[ 2700.873748] *** Control State ***
[ 2700.880514] PinBased=0000003f CPUBased=b699edfa SecondaryExec=000000ea
[ 2700.892281] EntryControls=0000d1ff ExitControls=002fefff
[ 2700.912338] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[ 2700.921395] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[ 2700.931254] VMEntry: intr_info=8000030d errcode=00000000 ilen=00000000
[ 2700.948574] VMExit: intr_info=00000000 errcode=00000000 ilen=00000003
[ 2700.960656]         reason=80000021 qualification=0000000000000000
[ 2700.969186] IDTVectoring: info=00000000 errcode=00000000
[ 2700.980753] TSC Offset = 0xfffffa56e7d02541
[ 2700.986977] EPT pointer = 0x000000004ea1f01e
[ 2700.990498] CR3 = 0x0000000000000000
[ 2700.991512] Virtual processor ID = 0x0024
[ 2701.007934] RSP = 0x0000000000002018  RIP = 0x0000000000000000
[ 2701.040282] RFLAGS=0x00000002         DR7 = 0x0000000000000400
[ 2701.072945] Sysenter RSP=0000000000000f80 CS:RIP=0050:0000000000002810
[ 2701.103565] CS:   sel=0x0000, attr=0x08081, limit=0x00000000, base=0x0000000000000000
[ 2701.111682] DS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2701.121470] SS:   sel=0x0000, attr=0x04005, limit=0x00000000, base=0x0000000000000000
[ 2701.131102] ES:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2701.140447] FS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2701.150362] GS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2701.159761] GDTR:                           limit=0x00000000, base=0x0000000000000001
[ 2701.170511] LDTR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2701.180672] IDTR:                           limit=0x00000000, base=0x0000000000000000
[ 2701.190288] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2701.201822] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[ 2701.209753] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[ 2701.220916] Interruptibility = 00000000  ActivityState = 00000000
[ 2701.228826] *** Host State ***
[ 2701.232534] RIP = 0xffffffff8116426f  RSP = 0xffff88804a84f9d0
[ 2701.242451] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[ 2701.250650] FSBase=00007fc3c7505700 GSBase=ffff8880aec00000 TRBase=fffffe0000003000
[ 2701.261904] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000
[ 2701.269308] CR0=0000000080050033 CR3=0000000043dac000 CR4=00000000001426f0
[ 2701.304582] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff864018c0
[ 2701.312036] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[ 2701.339936] *** Control State ***
[ 2701.343815] PinBased=0000003f CPUBased=b6986dfe SecondaryExec=000000ea
[ 2701.350641] EntryControls=0000d1ff ExitControls=002fefff
[ 2701.358011] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[ 2701.365886] VMEntry: intr_info=800000c5 errcode=00000000 ilen=00000000
[ 2701.372801] VMExit: intr_info=00000000 errcode=00000000 ilen=00000003
[ 2701.381058]         reason=80000021 qualification=0000000000000000
[ 2701.388508] IDTVectoring: info=00000000 errcode=00000000
[ 2701.395089] TSC Offset = 0xfffffa56806f23b4
[ 2701.399654] EPT pointer = 0x000000003f5f201e
[ 2701.405580] Virtual processor ID = 0x001c
08:53:55 executing program 0:
perf_event_open(&(0x7f00000012c0)={0xe6f671cdf8e9ba8, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x9, 0x2}, 0x1040, 0x4, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sched_setattr(0x0, 0x0, 0x0)
r0 = syz_open_procfs(0x0, 0x0)
ioctl$VIDIOC_QUERYCAP(r0, 0x80685600, &(0x7f0000000100))
r1 = socket$inet(0x2, 0x4000000805, 0x0)
r2 = socket$inet_sctp(0x2, 0x1, 0x84)
r3 = openat$mice(0xffffffffffffff9c, &(0x7f0000000180)='/dev/input/mice\x00', 0x840)
write$vhost_msg_v2(r3, &(0x7f00000001c0)={0x2, 0x0, {&(0x7f0000000280)=""/250, 0xfa, &(0x7f0000000380)=""/231, 0x0, 0x3}}, 0x48)
r4 = dup3(r1, r2, 0x0)
setns(r4, 0x80)
mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000040)='./file0/file0\x00', &(0x7f0000000480)='v7\x00', 0x101040, 0x0)
sendmsg$TCPDIAG_GETSOCK(0xffffffffffffffff, &(0x7f0000000580)={&(0x7f00000004c0)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000500)={&(0x7f0000004240)=ANY=[@ANYBLOB="0c1300001200000428bd7000fcdbdf252700e2004e214e2341800000010000000010000006000000010000800000008000000080ff070000460b520b5c0ee001f733f5e255ea0620a69b8391bdf0b22de3cbea32a7335b611f6dbec6804f55faeea4b8dac9b7d899cfd5be539f94e8450794fa8b3eb4addc20ba1c6cbfd5f34f35c901cfd563b5458c97440bc418de714f2b6503ad8a539f7ad1f03e45747b7238ac3be55b56a84bdefc923e3965a261402d913e265dd08a613ba154aeb5949b3643a672f9c1a54cbdd2246034", @ANYRES32=0x0, @ANYBLOB="faffffff09000000000000800300000072000100a5281577aaae15dd0d5684316f29ae9c33184cf0fbea4784e8fccc77592ed5d5056e7a71663bdf06d92a182af6154c24dcf832abb42008a703d746148a81559055d6443ad7903fb7f576f1e8e561963aea84a7284b2fdf014934e7430e82231dd6529933360ff67607486279134c00001f0001001518c9b17231fd692ee9f4677e5ab955c2e57ba9ded8488a1cb12500a5000100f499bcb394966a73c887fe8a9b69d1ced591c48f8adf326c1b9d98750ab9a50ebbda98cbc32f1c05be85cd24db35ce620b0afe92e6f5990a1b0749295f67c6ea661f9ed14ae9dd48427fd848612b02e447b177be6e483fed18699a2a3e5270d1f5d7c278527e040c679ea76e33b047b7eb144cd53fb311b7ae96ec54adee4fabfbbc6fd735727c66cb6b0b241f316245fc37d3c1f4acf4cd7167c9f07ee01fec6100000091000100b995f2d172c2d2bc4ac1fee5a00b793f1e09d9c24bdf3d01e820a830d7cd484e4349c1fbe123efe39a669f7e046611af7337f991f70a564fe5ec0736f74af9990a4280eaf17b2d1ef7c457677b23eb478fbac86577f52015d11113f53459acc7ba397d018347ae9c8a1240ea10840ab0626bcd6573b9d80c3cf480db54423254ec2d92ecb1a4585117a629504dbe4149eb999f7b329d5a289af4384e3e00000028000100cb253a5f9ac9350c3cea6c148c37fd728477921206e9917aafa6b70ced35ae024eb3ca2e04100100d309f2274929d2a6afc9e0b78bac2d06b326156f95fa09cba929bfa30c4bdbecda4dd4263b71a7fe98992a5ef08808a896f98e9e1052fca6153baaa8a1cb4496660bfa6d2a63fe5cf168e1ce7dc334077f8d7151958082308a6c4f649a80eea014f6b8bacb787feb6057e7affdfeb5875cfeb7d822d42ca943fa523a2d70f032c4c153c7e01786596bed935ad7cb3191934de25ddcdea55da9a0d535d9b916cd7a6e374910cad3d7c781862dc9c93660016cef11f8a6b7ea1be2243b1bf6ca0f3b8540d6104b693f4ad78f610e1c3199af3855964083320a70b8704163a5ab7f3b81157b1108a326de90227f45deea1532f6313d5c73c42c106db4fa824d2e443c2180b6bdad8de91c9cfca1d703fea16906750dc4e29fdc6054d89c922477f035cf2bd4f4631ee501778ccbad0adec1e17358ef2e859a07665f84917e8f5952917442d01de89b5ed11720f25a1989b3dfa6f913d6c58e3daf613ad6a6403b86858499d9ef3deeb6e1d1243a78e6562e5426ae6651b8cc2cd9af02e36c6dd5eafad86582442ef94cdba6404e720131e5dfb88fc52fa90704398bd9f577232091e72007774fee51672f66ea9634bf592246b98c4023d215b315c96aa6d5faa003a8b1e0270b899dc2416bc8104352ed1509d58f8357fa3de56c69cf54b875985584f6c80f5ea6fa272a8589815459d9052c033c4ff9128bebd47a1a34c02fee6e1fe3589c0bc2e67e051caaa97b5ea27076910ead49aa5e31426db3a3ca2851bde3b2f20fad40153c3789eeccd4e0628fd7c8ebccf9c08959449b41c1d7eaf54ad66eaa5662b3fc2c1a6c48150b2e36105e7faaf0d26c9c668c9d5d5f6071a35dbcd2cd423da86c3d079018c682d346efad9bf32fd3f90998dfa174308553d3317b284ce9d7f8b765c6040ef36c74166ce4887676d541d40e87854ee219b69798f0d925b9292e06f86d1b5957b9ac2aa01f59719cf7d2dfdbd47eca841723606e18ff7458b9a2be750bfc7868a48a81fc025f8a03fc3833e1bc93a6f5813385b1d75c9d709add53a9d200c3a71fe9072ba36754a5ee0403a4c7ffbb633b6b265473634d4c19cdea536d5aa7e4fef68ff0db0ff55043c3ac02602957c69f456ddef6b7681ef9b2e9a909d2cfc1c0fcc100f538483392df4a85f4a7ca5271805f9e11ed44fdd49ce667e9671a869fc200274007ac07c926df0c99ce67cb6339727232df35679e5f56b802893f35635e130c6432df9225dc85cc92df2caaeaf9c47cbed970e793f2de0a0f6b6c223b6315b5a4d4187b6e72001dc44a958d82c6c6a7e02658945f709fa626a877a8fba369773feaedfc7fb76bb55aa8f20097f533b024b93261dae688c0adf8b9426b6e51b494c665c51186cf98250ee0e4d57a757bd567e2cf31f5840e87fde118f6b21864696621cc19a2e28d34acf53bca3f7bee4baadfa353406c330ab296ef23958d6c0e00a4701f2e81ff1cd7017cde9ff938a2bc3600dae185ed6d283a9a188c5a76b3863abf1936975512d9268737585146f7be48a7d98c07740a7e291eab4a858ca24d3c3e0f6087bae2049bdbb58e301f0a99a4b7caafa5e4294477e22905aae804418d7e11fc909926b62c0a5db41bf6bf56418dd33a19bc5581ab018a4d899c44aaa569a71c4b23a6512d430d30adeb234f2a7a2e6b9f1a8a0d5fa0bbb8d725268b172a01fbd72c448307d71a9e0026490d2d2aa5ebf57346736e74d3dee4e04c18e9055be37e686222293e963e9fcddce1b03dbdc8eb959c33024d58ebe759034cdeb71006040c94d6dffbcf8e4b093e8f204afa1f9b50a88e03aee7f5df9a47bd46d676331b40b2d437ad128303a66b82585e13dda48dfc953fa607609cfc982cc033380ec24281131ebbcd9d3e31d350f6d59d6cdf6955d58045713e83f4ad4b6336acdd31cf74c5e1648ad19ff9f0ef9a550bf9b3f41589e99ad1457f0c2fffe9e77b77b1050e800a172797e3a09f6c5f8631faa59a6cf678ec061eb5112e0889d46d1dbf0e631fd31d81eaeb9a8989a87a068e83358ac1d7cc050d58eef2cf57f3a10d7838e9f1d9c2da2d2b09045cf2b58958b4dab583b96b362dab6458299f52072ab78853721e596e985ba3b9bd007cf839ee8ed4ce4464a2abf344a1f55c1eafbee5b0df31c085131f93c87f5ce03d28b0ad2ab40b7edb9e39058af32b8b9f0266d5f5f89a8e9ba31aa604537a1f21bdfff4c9396b17a21b6437986dd14769e4e375c99bdc7915217cdc72647bfbf128bd1d4a3f622b156ee601a797f51d0f777ffa14154b104b85ec2dcf9e8cefb77618103b810ab504f9173eadf99560b9848df9d0cc1706c83acb7e21c96600c4c800651f2e491b22a3820d9726da2c79bdc850b773927daf455764add076af63617492c98c8c3e7e6807778ee8c5c7b7db8e48663a269c8d5b362c6287978721a346f2a17d60d302c88516304b91db04b11af2da90e18d162052236abb9ab6728c20e70d09fe74a8a6f734a04d5f26a799435d94df0112519550971794cb6f8a894ed86fbd3fd27c3eea45ba539686e23900dcf2aebce3987a9e5f4e972055318bf8da1b68670f617a88fbf21c3d807a043c6856eb63aaaee1bb3114791d0f0532cf7812fd9e2ad20008d5dfbe42320cf82dc9b1201f5efba4b9ef4037b740172e12cfa3a219faf8406587748de56366ea9259c310b9b7c788fcbdaa2f52f37497281af5650bbd0e28d6c8164d899939d38b42e6324d05e9bfe1b3e1e71cafc9e69d32a68df4d8efedc84c11f934ad5b409243068f6ef1c8500700677d821bd3b18e835eef23c06ed3db435c62717e0299554c01228778fb99ac25b69cab180cff57b55ed008ce9435d6645272456f24904c2e4b2cdc1cf5939292bd29f6da2d351c79e755b7ce175eed3e8ae7ebbe10980287c1619702acaa6af44a16464b103aedda917567271ac62503b87837735c5c42802d8d86c07ef9d52bb4af1db978b4f3ca3c242fc84c59d5ffd20ad53cbfc318805843be233df294d0553c9f7f5bbca6587dbd9ffafc34a944e36bc357437e0307c83e30b49e12e66adbefac062065de5b932e275cd32cc0952b7c76bcd7570df2b6d2df20de8a04482c91497ac2f6f1d682495e6373cfc1894bd6042c2649e0b147f19e3f5edc1a98ea9ee8eb247451cdc5104473eae08fb4fafdde3b9f60aa5f4f75f6ebfb3a51fc0cc263354703fe747a4b3da91b7da7434c90c924d6d54f0f28f14eb813eb998334c822a8d0982215bad86b5b84fd0b207a83f0adb5bb7e83b30df1442a4e8b50c5216e0d62568ba304223499ca32c09a3fdcf14afd2b2cc76a73037e486ce98fbe532faaff7d43508a2b022f67762e757914d6c552bc1187aa3e36815d9cf1ec949e7960c50d9c883d97153a6127374e24ebc381b95b98980639a138749b94f8dc04c1f4e23b581f70304e922e260dd987186f260b5ccd3547f6d8d63d8e5dd50e488b7beea7d01fef54fcb221e760e4076ec45573efbfa2f7a1a759072dbf02c003171c5a3819845460eb9680c4638f25d0014fd6b7cd14de7ec80cfbe79e3ae34cf152d3c87ba0c45a330414d202684a955b9c09d346e4a6c8502669fd31882b683f920a7307f59d1cca3ea6dc38ab7c68767ee862dc29a528c933ac8bfe739efc9ec45f443edd72d7ce5f170591e8b3369f71a7b7a28dc58b9a303377577737eaf4fe4955e08b98734197b31ed03b0203c2533a4bab8f7c6748f7c3f908eb9f6fee03fb6f35f8dd610d4ee04ada7bd3805d89f9c8955de9d59ac2e4cb1b82646a37d3bca635290e6e61bbfe9a9e4d7113771e5025bc85adf7f0cc8c0451c288a4d2e8daff270a5977be252f128e30dfe4844a3e06272862ad7739a4b5b7b520a6ee201219473d60979ca38eb172a36d845b5a9b5e40e1c284158aa9672e3e7fd1d621b4b513614306db9c38bb7cc9b65908c8aae0ba3172a37b128f181a2efa94101d92faaac82e052bc4f62b877d5f309566dceb254ee63b5c281ac174234965549af23a30a13aea9bb4143b3ff8707c383d240aa38e5369c3c99a69019eaa166ce775a52b1dd80335b6addbbaa307000fcad39965097ce72b55834da2050424ac92ec5d616667e8c2ccf5ce19836f901da3bf79f2e906cfa6379d6c9ba09c428ebfe0856b9a801e6e65f4a5665b5e56b534ffe96ea09d11eda928e82a5da0a0be779b947546b1af265742ba7acbd65f6924a4eb86d14990f81cc121ff23cf58454a58da8e65c078e8d961dc03dca1e327a77baab14e7601cf113f22aa4ea72f783d96f47db111101744b0b740b556eff8e27e82ea5a571cdc182b96908b1141d5f7707a00aa856e559cf9f0fd229cbfe9830d529da16ad55f33f2b62d4881774def9ff56f79afd2d1dcec7d5099f34ab52a51c04e0e2002f6979bb275234561cf0c059fab67e8866ed79b9cd14c3305b376bbbb8ad2e629299eb4df63e60c47931a3edb8e02264625d131bbf91f6d7ba394f5c886078f311c6f57f341b8800d547de7fe5765c0d52fbd3c2e544ed73cb43577821231261b4ea2dc4c1c9d465255fe89e0740613dea8a1c7f9242c6162f3f8c34723f2aefaa6e9514ba6193ac4636494d9e4643256ded9679c9cd2a32ce23e12ee38783a5a3bcca47c5e6846d8b7e34db1d4c0bdd8bdceabdd6f1b621f4dc962527a2aa802dca4490279c95a28d7d2e1a58d44d116410c2bb9c7706f968c13fe98a36358fca8fa52b1a61ec88adffb9d558ffd380779ede464599bccdcd1e84ee0d632fec55c7b431bbbd06bca6c69e064219115fb9f2f52187b2c7c4e2a7aecc0d11d0b6398fef0b6cacce0432345706584b8d812ed20ca3b5dc316a1ad6f05632a753d836e3f92a6de4284c11595ce2569c0f12be530ab97ebb235b94b79878a8caacf839ec9273ecdfe64442429daa2a0ea345bd1fc7d97f0249d551d2898eeeaf0ee3f332cee69fe29510df5df5624ad8ada71c69bb86ace15a9586723de87c3ea33d88e7b46023c391531ecc2c37e88b996a9bf30710ad8bcbffc0cb7ccbb5171d1aa81e5b7d53b10bb2097e95dd8992cd9ce5a1f5fc3cd5028c34d7bbe6876d7d4ca33022d2bdd96c8b5e1e4ee8dfe63db40d509d6568d4702ef315ba64fa406ff0818b8108fb301ca441968ddcc91e84216090d3284d112bf63adeaeccabf79adf113cac5e3a38d6e51459bf4ed6a568c610091eeeed8668bcac731980d06ee8e3745dfd6f783de3b63914d6475ddd9470f5f5bbce33fd28d39ec67561d3489c3e8c281e220ba301304c5501933f275313d5b3a65f98a000417badfe4647586145dfa85dbe17dfd6c31705b0426f11037131065e7e7886ba4f4a2eaa7dc2b3dbbf6e01e8ff9234f23fdd54f2135ed83c06296caaa9a501376ca666345d6afaed4e44b9c7d8ea81e0f14fb969741c265507a4c49dedc019c73af195a3180ca472680b8ab6a06dc08158c28e255a2cca92db2a39a9ecafe80c3aaf3f3d2270538be170c7a8635bed41fb9d37f0c7a0f62debcd7c3967faa1521180d7cba57f739eb1fba5210ac4d2b3b96368e907a0f908feffe3f848d531324fa6544339750c353355b5243940ca1f16bc56487270b3ff507242a44309350ba0c4ce02d3ba7dc9fa48aa37778b3ab9cfaa3cccc77af4984621715995e4c377f3e7eb211ea50fed9ca3b4bf12fc56a44285d2a44691d4e99017ec5c139a5949f1aa075bf2e9b2e93a652a30bc62a0d2dba8a7110119d1d68a1278bb57aac58086e775dd9aee0bc075e2bbe087799b558c4000100e30aa6e0c9336db246742c3d93858132b0a484a63ab3dc0653a9688f6f7ede0ba5b8ec1c7016391b86607daf0769188dff82bb2de99ddb0413b1af6db7725be09be27d487e855ff17ed02c71a03a5eece00d60a18f98d1906635b8026b555483d008463e1916ddfc76ef8911f4f70651e35ac3f12b6a61231cc805df54d131fb2c03293e32a9d0dc0e9023c66cb32b2e0a480dc034b9f7315d94d47429acbe24e9f2a8b2bc27488b730e49e590978bf0"], 0x130c}, 0x1, 0x0, 0x0, 0x400000d0}, 0x400c0)
setsockopt$IP_VS_SO_SET_STARTDAEMON(r2, 0x0, 0x48b, &(0x7f00000000c0)={0x1, 'vlan1\x00', 0x4}, 0x18)
chdir(&(0x7f0000000540)='./file0\x00')
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000240), 0x0)
mkdir(&(0x7f0000001ac0)='./file0\x00', 0x0)
ioctl$FIOCLEX(0xffffffffffffffff, 0x5451)
rmdir(&(0x7f0000000000)='./file0\x00')

08:53:55 executing program 5:
creat(&(0x7f0000000140)='./bus\x00', 0x0)
r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x46000)
io_setup(0x2349, &(0x7f0000000240)=<r1=>0x0)
io_submit(r1, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x80000000000000, 0x1, 0x0, r0, &(0x7f0000000000), 0x377140be6b5ef4c7}])
fremovexattr(r0, &(0x7f0000000000)=@random={'user.', 'trusted.ovmrlay.nlink\x00'})
write$binfmt_misc(0xffffffffffffffff, &(0x7f0000000300)={'syz0', "35c83821635fa89fec92015ded83ff0405f14d3e430d51af044add736c038e4a80ac6a1eb4eabfe6a02d003b79de56ff329a168b6db614b2640993bbf51381bf890f7f885f30b0999ea42acc9215ad9afbd7fc7011cd595204ba99c778402b717b566744d75b6a15035ffd8ad0a45ac9820c28196857ae1fbb61d923711111351c1645c05739dca7ca82550550b5df8c2bbc82d18b10fc91b2ce9eac0daed1ffe3858acf4de5f66e5e6822a1cdc4f541c4da14fc491d00e358bb9789e51b84b3123fcd1f4aea5d544fd5b54b9503de33650651cf0744ef0a2a9fbc3d7b63f5013037579737df196a7916d57688acee"}, 0xf3)
ioctl$ASHMEM_GET_PIN_STATUS(0xffffffffffffffff, 0x7709, 0x0)
fcntl$setsig(0xffffffffffffffff, 0xa, 0xa)

08:53:55 executing program 2:
r0 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x1000, 0x800000000000, 0xa12e}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$FS_IOC_SETVERSION(r0, 0x40087602, &(0x7f0000000340)=0x1)
bind$inet(r1, &(0x7f0000000100)={0x2, 0x4e20, @multicast2}, 0x10)
ioctl$DRM_IOCTL_MODE_ADDFB(0xffffffffffffffff, 0xc01c64ae, &(0x7f0000000200)={0x81, 0x1, 0xd6, 0x0, 0x7, 0x8ce, 0x4})
setsockopt$sock_int(r1, 0x1, 0x3c, &(0x7f0000000000)=0x1, 0x1039c)
sendto$inet(r1, 0x0, 0xffffffffffffff12, 0x20000000, &(0x7f0000000080)={0x2, 0x4e20}, 0x10)
r2 = openat$cachefiles(0xffffffffffffff9c, 0x0, 0x64201, 0x0)
syz_genetlink_get_family_id$netlbl_unlabel(0x0)
sendmsg$NLBL_UNLABEL_C_STATICLIST(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f00000000c0)={&(0x7f00000006c0)=ANY=[@ANYRES16=r2, @ANYRESHEX, @ANYBLOB="000214e936a64c1a63c3dfc827bd7000fdc79eae11bb51dbdf2505fc2102f2010000000000000000360273797374656d5f013a6f626a6563745f723a7670c2705f742e733000080004000a010102440ac8a0a700d360adff232278a8e4d706b96e312596a3ffd8dd78c60f7a4cc322c61c832cbc9257ca03e69f71aa8a247bca8d7bb96feed3bf13f67de66f2229ae4db89c1c1bc9037653f42d274f8764699debaf3a23302ea87f71715d1905706b36f88f49eb2ec525b3a9780dbe12f60a10e7a1ab2e6e87f0853f6271b27736b7e1df586d15ba4ed130a841474bfe9c0a8ffe784d8e20cb650b694bbfe5d4d8112d8af357451f2a89bee65dbbd98def53c8e61087686160e8a314ac09913cc72f535c69e86935c6ad6dc123a1644ca2b3eda5259e9c96083337e3aeed3507acfaa9b5797fa2d52585e67690a5ca74aaeeb25122c9c3c7e6c63f7cf7d00079d966a136c69683ae6444fc4129913f88320b6fa0d3dd801c3e79cc8e4fa52f5ca7c0926156cce4158ac8b02fe55f219ca127d0df3b56f0aeb3786469e6e373fb05060c2831a156c8285c7323"], 0x44}, 0x1, 0x0, 0x0, 0x10}, 0x400c4dd)
getsockopt$netlink(0xffffffffffffffff, 0x10e, 0x7, &(0x7f00000002c0)=""/103, 0x0)
socket(0x0, 0x0, 0x0)
ioctl$VHOST_SET_LOG_FD(0xffffffffffffffff, 0x4004af07, 0x0)
setsockopt$inet_tcp_TCP_REPAIR_WINDOW(0xffffffffffffffff, 0x6, 0x1d, &(0x7f00000004c0)={0x3, 0x80000001, 0x2, 0xfffffff7, 0x8}, 0x14)
socket$packet(0x11, 0xa104fbf7b24e2f48, 0x300)
syz_genetlink_get_family_id$tipc(0x0)
syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000240)='NLBL_UNLBL\x00')
sendto$inet(r1, &(0x7f0000000140)="7c0d111317b1ff8ec8f29f81319ec5b10d0d003f00efd9448dbef1ffb4e3a6af87131512da528f6235fe35d3053b5cb4877c1b89bbf83f6d749d5b00679601a3abdc204cf1ad797252bb0c7b43e3e9763221cb2c8d76f824f4bea338f53aa75703f465e50e434e2193900c39ab79d37cc0ce7a", 0xffffffffffffffd0, 0x401c005, 0x0, 0xffffffffffffff36)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x2)

08:53:55 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = fcntl$dupfd(r2, 0x0, r2)
r4 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/btrfs-control\x00', 0x0, 0x0)
ioctl$ASHMEM_GET_PIN_STATUS(r4, 0x7709, 0x0)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000240)='nl80211\x00')
r6 = getpid()
sched_setattr(r6, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0)
r7 = openat$full(0xffffffffffffff9c, &(0x7f0000000280)='/dev/full\x00', 0x600440, 0x0)
sendmsg$NL80211_CMD_SET_WIPHY_NETNS(r4, &(0x7f0000000340)={&(0x7f0000000040), 0xc, &(0x7f0000000300)={&(0x7f00000002c0)={0x2c, r5, 0x20, 0x70bd2c, 0x25dfdbfc, {}, [@NL80211_ATTR_PID={0x8, 0x52, r6}, @NL80211_ATTR_WIPHY={0x8, 0x1, 0x4}, @NL80211_ATTR_NETNS_FD={0x8, 0xdb, r7}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
r8 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_CLOCK(0xffffffffffffffff, 0x4030ae7b, &(0x7f0000000000)={0xec2})
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r8, &(0x7f0000026000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r8, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r8, 0x4138ae84, &(0x7f00000000c0)={{0x0, 0x0, 0x0, 0x0, 0xba}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, {0xd000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20}, {0x0, 0x0, 0x0, 0x4, 0xce, 0x0, 0xfd, 0x2}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x54}})
ioctl$KVM_RUN(r8, 0xae80, 0x0)

08:53:55 executing program 3:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = fcntl$dupfd(r2, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
fcntl$setstatus(r0, 0x4, 0x6900)
ioctl$ASHMEM_GET_PIN_STATUS(0xffffffffffffffff, 0x7709, 0x0)
r4 = socket$inet6_sctp(0xa, 0x5, 0x84)
shutdown(r4, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r4, 0x84, 0x6f, &(0x7f0000000040)={0x0, 0x94, &(0x7f0000000300)=[@in={0x2, 0x4e22, @dev={0xac, 0x14, 0x14, 0x2a}}, @in6={0xa, 0x4e23, 0x0, @ipv4={[], [], @empty}, 0x5}, @in={0x2, 0x4e23, @multicast2}, @in={0x2, 0x4e20, @initdev={0xac, 0x1e, 0x0, 0x0}}, @in6={0xa, 0x4e20, 0x4, @dev={0xfe, 0x80, [], 0x36}, 0x5}, @in={0x2, 0x4e22, @initdev={0xac, 0x1e, 0x0, 0x0}}, @in6={0xa, 0x4e21, 0x1, @mcast1, 0xffffffff}]}, &(0x7f0000000180)=0x10)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r5 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r5, 0x0, 0x8400fffffffa)
sendfile(r0, r5, 0x0, 0xffffffff)

08:53:55 executing program 1:
prctl$PR_GET_THP_DISABLE(0x2a)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_CLOCK(0xffffffffffffffff, 0x4030ae7b, &(0x7f0000000000)={0xec2})
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000026000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000000c0)={{0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x9}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x4, 0xce, 0x0, 0xfd}, {}, {}, {0x1}, {}, 0x80000004, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x20]})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

[ 2701.666989] audit: type=1804 audit(1591347235.823:275): pid=18781 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.3" name="/root/syzkaller-testdir891778437/syzkaller.7QqUtx/777/bus" dev="sda1" ino=17601 res=1
[ 2701.714315] *** Guest State ***
[ 2701.720045] CR0: actual=0x0000000000000020, shadow=0x0000000000000000, gh_mask=fffffffffffffff7
[ 2701.746465] *** Guest State ***
[ 2701.756985] CR0: actual=0x0000000080000024, shadow=0x0000000080000004, gh_mask=fffffffffffffff7
[ 2701.768702] IPVS: sync thread started: state = MASTER, mcast_ifn = vlan1, syncid = 4, id = 0
[ 2701.786840] CR4: actual=0x0000000000002050, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[ 2701.812862] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[ 2701.858337] CR3 = 0x00000000fffbc000
[ 2701.874184] CR3 = 0x0000000000000000
[ 2701.878519] RSP = 0x0000000000002018  RIP = 0x0000000000000000
[ 2701.891928] RSP = 0x0000000000002018  RIP = 0x0000000000000000
[ 2701.900430] RFLAGS=0x00000002         DR7 = 0x0000000000000400
[ 2701.909454] RFLAGS=0x00000002         DR7 = 0x0000000000000400
[ 2701.916623] Sysenter RSP=0000000000000f80 CS:RIP=0050:0000000000002810
[ 2701.925596] Sysenter RSP=0000000000000f80 CS:RIP=0050:0000000000002810
[ 2701.932952] CS:   sel=0x0000, attr=0x00001, limit=0x00000000, base=0x0000000000000000
[ 2701.943801] CS:   sel=0x0000, attr=0x08081, limit=0x00000000, base=0x0000000000000000
[ 2701.952528] DS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2701.963447] DS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2701.972387] SS:   sel=0x0000, attr=0x04005, limit=0x00000000, base=0x0000000000000000
[ 2701.993796] SS:   sel=0x0000, attr=0x04005, limit=0x00000000, base=0x0000000000000000
08:53:56 executing program 5:
creat(&(0x7f0000000140)='./bus\x00', 0x38)
r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x46000)
io_setup(0x2349, &(0x7f0000000240)=<r1=>0x0)
io_submit(r1, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x80000000000000, 0x1, 0x0, r0, &(0x7f0000000000), 0x377140be6b5ef4c7}])
fremovexattr(r0, &(0x7f0000000040)=ANY=[@ANYBLOB="73656375726774792e637075736574b4da2d2400"])
r2 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/btrfs-control\x00', 0x0, 0x0)
ioctl$ASHMEM_GET_PIN_STATUS(r2, 0x7709, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x2400, 0x8)

[ 2702.002896] ES:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2702.024907] ES:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2702.041016] FS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x000000000000d000
[ 2702.052895] FS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
08:53:56 executing program 0:
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)=ANY=[@ANYBLOB="24000000fdffbfffffffffff0000420004"], 0x24}}, 0x0)
r0 = socket$packet(0x11, 0x3, 0x300)
r1 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r2, @ANYBLOB="0000000000000000280012000c00010076657468"], 0x48}}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000340)=ANY=[@ANYBLOB="4c00000024001d0f000000000000000000040000", @ANYRES32=r2, @ANYBLOB="00000000f1ffffff060000000d00010066715f636f64656c"], 0x4c}}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000640)=@newtfilter={0x24, 0x2a, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r2}}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_GET_MPATH(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f00000003c0)={&(0x7f0000000380)={0x34, 0x0, 0x100, 0x71bd2a, 0x25dfdbfc, {}, [@NL80211_ATTR_IFINDEX={0x8, 0x3, r2}, @NL80211_ATTR_MAC={0xa, 0x6, @remote}, @NL80211_ATTR_MAC={0xa, 0x6, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}}]}, 0x34}, 0x1, 0x0, 0x0, 0x880}, 0x40805)
r3 = dup(r0)
r4 = socket$inet_udplite(0x2, 0x2, 0x88)
getsockopt$sock_cred(r4, 0x1, 0x11, &(0x7f0000000240)={0x0, <r5=>0x0}, &(0x7f0000000280)=0x5)
setuid(r5)
sendmsg$nl_route(r3, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000180)=@ipv6_delroute={0x15c, 0x19, 0x10, 0x70bd25, 0x25dfdbfd, {0xa, 0x20, 0x14, 0x89, 0xfd, 0x4, 0xfe}, [@RTA_ENCAP_TYPE={0x6, 0x15, 0x7}, @RTA_GATEWAY={0x14, 0x5, @loopback}, @RTA_EXPIRES={0x8, 0x17, 0x8}, @RTA_UID={0x8, 0x19, r5}, @RTA_GATEWAY={0x14, 0x5, @loopback}, @RTA_METRICS={0xe1, 0x8, 0x0, 0x1, "61a136f5c8c93f15fda885451deffe460c186072187aa26c0b880136c5600ed1c2294eba3145cf3bf6c3f183300539f1f478beefe048ed1d856164e0076618d04511cdecffa2048c1d79b9ee2e6cbd3e9e59ca60059933a499f11221951f62042480a0c62102c491631bd65a78ac0c4ae63f5a305de4578b69efd00d07825d1928a6bc874e4ec911d308d08fc70a2d44f8524378f6600edcb2025375498881340bff4fa8f8bcd44a452d7d2dc619f15e5ca87af761e40bbbcb6e27f250a8358f8391739b5897d955c5ae486c8554bf3dccf5a84e533066da586ce50db0"}, @RTA_MARK={0x8, 0x10, 0x3}, @RTA_GATEWAY={0x14, 0x5, @remote}]}, 0x15c}, 0x1, 0x0, 0x0, 0x1}, 0x4)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmmsg(r6, &(0x7f0000000080), 0x30, 0x0)
ioctl$ASHMEM_GET_PIN_STATUS(0xffffffffffffffff, 0x7709, 0x0)
ioctl$SIOCGSTAMPNS(0xffffffffffffffff, 0x8907, &(0x7f0000000300))
ioctl$VIDIOC_S_EDID(0xffffffffffffffff, 0xc0285629, &(0x7f0000000480)={0x0, 0x9, 0xfe7, [], &(0x7f0000000440)=0xb3})

[ 2702.085361] GS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2702.101198] GS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2702.132524] GDTR:                           limit=0x00000000, base=0x0000000000000000
[ 2702.153778] GDTR:                           limit=0x00000000, base=0x0000000000000001
08:53:56 executing program 5:
creat(&(0x7f0000000140)='./bus\x00', 0x0)

[ 2702.188851] LDTR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2702.208040] LDTR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2702.236627] IDTR:                           limit=0x00000000, base=0x0000000000000000
[ 2702.245049] IDTR:                           limit=0x00000000, base=0x0000000000000000
[ 2702.265992] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2702.266732] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2702.281940] EFER =     0x0000000000000000  PAT = 0x0007040600070406
08:53:56 executing program 0:
syz_emit_ethernet(0x5e, &(0x7f00000001c0)={@multicast, @empty, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, '\x00', 0x28, 0x3a, 0xff, @initdev={0xfe, 0x88, [], 0x0, 0x0}, @mcast2, {[], @ndisc_redir={0x89, 0x0, 0x0, [], @remote={0xfe, 0x80, [0x2]}, @remote}}}}}}, 0x0)
r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x46000)
io_setup(0x2349, &(0x7f0000000240)=<r1=>0x0)
io_submit(r1, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x80000000000000, 0x1, 0x0, r0, &(0x7f0000000000), 0x377140be6b5ef4c7}])
ioctl$sock_SIOCGIFBR(r0, 0x8940, &(0x7f0000000040)=@add_del={0x2, &(0x7f0000000000)='veth0_vlan\x00'})
recvfrom$unix(r0, &(0x7f0000000080)=""/34, 0x22, 0x40000043, 0x0, 0x0)

[ 2702.301507] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[ 2702.320849] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[ 2702.340561] Interruptibility = 00000000  ActivityState = 00000000
[ 2702.357578] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[ 2702.370330] *** Host State ***
[ 2702.385842] RIP = 0xffffffff8116426f  RSP = 0xffff88803c8af9d0
[ 2702.398625] Interruptibility = 00000000  ActivityState = 00000000
[ 2702.412741] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[ 2702.436563] FSBase=00007fc3c7505700 GSBase=ffff8880aec00000 TRBase=fffffe0000034000
[ 2702.455658] *** Host State ***
08:53:56 executing program 3:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = fcntl$dupfd(r2, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
fcntl$setstatus(r0, 0x4, 0x6900)
ioctl$ASHMEM_GET_PIN_STATUS(0xffffffffffffffff, 0x7709, 0x0)
r4 = socket$inet6_sctp(0xa, 0x5, 0x84)
shutdown(r4, 0x0)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r5 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r5, 0x0, 0x8400fffffffa)
sendfile(r0, r5, 0x0, 0xffffffff)

[ 2702.458890] RIP = 0xffffffff8116426f  RSP = 0xffff88804b2df9d0
08:53:56 executing program 5:
r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
fremovexattr(r0, &(0x7f0000000080)=@known='user.syz\x00')
epoll_create1(0x80000)
socket$nl_route(0x10, 0x3, 0x0)
r1 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x46000)
io_setup(0x2349, &(0x7f0000000240)=<r2=>0x0)
r3 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
fcntl$setstatus(r3, 0x4, 0x46000)
io_setup(0x2349, &(0x7f0000000240))
r4 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
fcntl$setstatus(r4, 0x4, 0x46000)
io_setup(0x2349, &(0x7f0000000240)=<r5=>0x0)
io_submit(r5, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x80000000000000, 0x1, 0x0, r4, &(0x7f0000000000), 0x377140be6b5ef4c7}])
io_submit(r5, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x80000000000000, 0x1, 0x0, r3}])
io_submit(r2, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x80000000000000, 0x1, 0x0, r3}])
bind$netrom(r1, &(0x7f0000000000)={{0x3, @default, 0x4}, [@null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @bcast, @null, @default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}]}, 0x48)

08:53:56 executing program 0:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
sched_setattr(r0, &(0x7f0000000040)={0x38, 0x1, 0x0, 0x0, 0x5}, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r1, &(0x7f0000002240)=[{{0x0, 0x0, &(0x7f0000000a80)=[{&(0x7f0000000380)=""/165, 0xa5}, {0x0}, {0x0}, {0x0}], 0x4, &(0x7f00000004c0)=""/91, 0x5b}, 0x1000}], 0x1, 0x0, 0x0)
pipe(&(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
fcntl$setpipe(r3, 0x407, 0x0)
write(r3, &(0x7f0000000340), 0x41395527)
vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0xfffffd93}], 0x1, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0)
fsetxattr$system_posix_acl(0xffffffffffffffff, 0x0, &(0x7f0000000940)=ANY=[@ANYRESOCT, @ANYRES32, @ANYRES32=r3, @ANYBLOB="9175ab82fe005236843e341d6eedfac3c1a81e2ea7eb271cb09a8081ecf55849b3e0c5f3b38141acd9f20e203e8061f02034504431fd8a60e0f20033a4485d208523faf47186b91283afa9607da9d9f6dac2c18bcfe29875fceca026b3bb693ff02e3518f92e2717c13a7cb6a19650a426a7a09d267e7ca03869dcfdb7137600e9e3929f4e6ce6793d45e9f0e5e9473afc401b18ecdaec63b33a36c4b5927e6cf9553126d62b0e6c0a3c5c99c25e80b5cc05cc71f55c2272c34d1c9c985c82a3032e5c5443f50af43ba18ab4a7f69a044414fcf05ffe992ba7b390b011f41957ae83a9c3a4954e5c205b84490c1f25451e4528", @ANYRES64], 0x8, 0x0)
r4 = socket$inet6_udp(0xa, 0x2, 0x0)
perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x4, 0x0, 0x0, 0x0, 0x0, 0xd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x100000000000}, 0x0, 0x0, 0xfffffffd, 0x0, 0x7}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
write$RDMA_USER_CM_CMD_QUERY(0xffffffffffffffff, &(0x7f0000000040)={0x13, 0x10, 0x7, {0x0, 0xffffffffffffffff, 0x2}}, 0x18)
write$RDMA_USER_CM_CMD_JOIN_MCAST(0xffffffffffffffff, &(0x7f0000000140)={0x16, 0x98, 0xfa00, {&(0x7f0000000100), 0x4, 0xffffffffffffffff, 0x30, 0x1, @in6={0xa, 0x4e24, 0x0, @loopback, 0x80000000}}}, 0xa0)
ioctl$sock_inet6_SIOCSIFADDR(r4, 0x89a1, &(0x7f00000000c0)={@local={0xfe, 0x80, [0x600, 0x3ef, 0x0, 0x3f00000000000000, 0x100000000000000, 0x0, 0x1103, 0x0, 0x0, 0x0, 0x0, 0x6]}})
ioctl$sock_inet6_SIOCADDRT(r4, 0x89a0, &(0x7f00000005c0)={@local={0xfe, 0x80, [0x0, 0xfeff0000]}, @local, @ipv4={[], [], @broadcast}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x810296})
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x8031, 0xffffffffffffffff, 0x0)
write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527)
fsetxattr$system_posix_acl(0xffffffffffffffff, 0x0, &(0x7f0000000740)=ANY=[@ANYRES32, @ANYRES32, @ANYBLOB="e1f6583671e907a178cec481b5efde33193734000000008d030014894e3fcffd705a4de88a56d0b87da0b889a8ded1a7d7ab0df041bf600d1a5ebfb2867b04a94d5591a7"], 0x8, 0x0)

[ 2702.522732] *** Guest State ***
[ 2702.531780] GDTBase=fffffe0000032000 IDTBase=fffffe0000000000
[ 2702.540443] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
08:53:56 executing program 2:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000000)='/dev/btrfs-control\x00', 0x323400, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0xfffffffffffffffd)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000fe8000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$KVM_SET_LAPIC(r3, 0x4400ae8f, &(0x7f0000000400)={"6cdd4237dd245c8404721efdc9c8dc1964125fa96fa42b761c6ec25b2bec0ba4c81036c93a40c8a4d4412a763b00040000000000003c5ca206c047ecee377abaece6b88378e38e06c5fc191f361d264ffa8b46485f02baee1ab6b8154252066178868d1ef4b53606000000000000007c21a984c2b9ca4bbb7a87165c0c1dbc75d7ea4df1001000000000694525952f44500a1f0db509c32cc7ace842c28f37f06e4ea9f1e5f0c6c379f9cc58bf69fcde317fad4825aa1b6a832d4e48cc41bb5a6baa41d614f6c8941bee805954a62d196a4e8d4bf6b21224b57f530d0000c1ff53bf79a1f5c5dc34b22645cbc11c4562d22db88d0edc5daee171cc04d96d9ec2db07478f347edbd6404923ad4a5672b1b285c7988c4ec0922c655ff600000000c00dc290d936d93236051fadfb4b95d02c0bda7ce38dabb7cd103fe4d0c9c963cd717a77f8df8d46099b1f580968af6afbbc19db161c6df3e7c9c71bc08a282fc2c142856b5e4caff4c0a4f72445ef10dcd2c569319d6e9bb2058d023f669a64fc7d9684b45b00000000364673dcfa9235ea5a2ff23c4bb5c5acb290e8976dcac779ff000000000000003d4e185afe28a774b99d3890bd37428617de4cdd6f53c419ce31054182fd098af7b7f1b1152c691611f897558d4b755cb783978d9859b0537b05b623dcb5c4ca9317471a40fa4998cca80e961efffb4e1aa25d8a17deef0c8694c4395fc99be3c3fe7aeb8af4929ce7d346ca62b25d48fda5d10146702f78b233b5208752726ed9f0c340d494b92d19cc930bb8a5f8b4da8f4603ac0c3b698384e17a570dc8524823ed15af4ecfabb4b2541d3c114b7bba1c21a845c9cf0d1cc24aba47e30f558b2246ad95ccf7d2f80cc0ab26f08336ea1a33b79cf35b898837016eb211a1734c7af076e15451e33519fc978f66df7df4557c91024a8dc130a28ef5f63ad07b39c8d23b85cf434e065e8a29a80047fe17dee6f6347b4951f97b5703dc78b1ca9d74ea6a9ae12ab367c0de2659cc38d2f33ddd86e0597d33361eada119b5132145fa4525c488c7fffd6ceda6e9a02ebd97ced6b0161f2cc84615ceb8b18883299c636e9e46724a9a0600a8bb02f3e489631d522019a35fe12a33caf9dd8768ddbc02a484c345c3eff254297b1dbb04989c3f9f3c7b3c985c39b1d313018068d3809bac8c657e39f4f692613e28387e955722908dd88b56163be8312ff47c5b6f280472935af74e97a5a8110a4d74496f4c8ec82ddb010100000000000001a047526865c888c9ff36056cc4ad258021e1581d43badaaec6cc5a2ef989de9801fed6d4be2bfcfe07a69c46bffbe9dd03970800000000000000d372bdd6d89dc1ecf63c23d506114d0fba2bd1c69e8f7e3fccdcda85ce975ec1381b1cec6ddaa76e186719d819164300"})
ioctl$KVM_RUN(r3, 0xae80, 0x0)

[ 2702.591323] CR0=0000000080050033 CR3=0000000041d42000 CR4=00000000001426f0
[ 2702.591502] CR0: actual=0x0000000080000024, shadow=0x0000000080000004, gh_mask=fffffffffffffff7
[ 2702.634482] FSBase=00007ff5ac388700 GSBase=ffff8880aec00000 TRBase=fffffe0000003000
[ 2702.634731] Sysenter RSP=fffffe0000033200 CS:RIP=0010:ffffffff864018c0
[ 2702.658231] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000
[ 2702.675091] audit: type=1804 audit(1591347236.833:276): pid=18839 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.3" name="/root/syzkaller-testdir891778437/syzkaller.7QqUtx/778/bus" dev="sda1" ino=17601 res=1
[ 2702.694233] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[ 2702.715939] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
08:53:56 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000004c0)=@newlink={0x3c, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @vlan={{0x9, 0x1, 'vlan\x00'}, {0x4}}}, @IFLA_CARRIER={0x5, 0x21, 0x98}]}, 0x3c}}, 0x4000880)

[ 2702.730734] CR0=0000000080050033 CR3=0000000081c65000 CR4=00000000001426f0
[ 2702.732248] *** Control State ***
[ 2702.761705] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff864018c0
[ 2702.770284] CR3 = 0x0000000000000000
[ 2702.855993] PinBased=0000003f CPUBased=b6986dfe SecondaryExec=000000ea
[ 2702.902725] RSP = 0x0000000000002018  RIP = 0x0000000000000000
[ 2702.908006] EntryControls=0000d1ff ExitControls=002fefff
[ 2702.931380] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[ 2702.939173] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[ 2702.943867] RFLAGS=0x00000002         DR7 = 0x0000000000000400
[ 2702.959933] *** Control State ***
[ 2702.972103] Sysenter RSP=0000000000000f80 CS:RIP=0050:0000000000002810
[ 2702.974533] VMEntry: intr_info=800000c5 errcode=00000000 ilen=00000000
[ 2702.979763] PinBased=0000003f CPUBased=b699edfa SecondaryExec=000000ea
[ 2703.005123] EntryControls=0000d1ff ExitControls=002fefff
[ 2703.011934] CS:   sel=0x0000, attr=0x08081, limit=0x00000000, base=0x0000000000000000
[ 2703.021949] VMExit: intr_info=00000000 errcode=00000000 ilen=00000003
[ 2703.027400] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[ 2703.042119] DS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2703.051264]         reason=80000021 qualification=0000000000000000
[ 2703.057876] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000
[ 2703.067559] IDTVectoring: info=00000000 errcode=00000000
[ 2703.067684] SS:   sel=0x0000, attr=0x04005, limit=0x00000000, base=0x0000000000000000
[ 2703.081957] VMExit: intr_info=00000000 errcode=00000000 ilen=00000003
[ 2703.088746] TSC Offset = 0xfffffa55fb418c6d
[ 2703.101828] EPT pointer = 0x0000000014b4701e
[ 2703.102572] ES:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2703.117547] Virtual processor ID = 0x0024
[ 2703.142921]         reason=80000021 qualification=0000000000000000
[ 2703.165344] FS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2703.192523] IDTVectoring: info=00000000 errcode=00000000
[ 2703.217122] GS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2703.221715] TSC Offset = 0xfffffa55ff35e0c6
[ 2703.235738] GDTR:                           limit=0x00000000, base=0x0000000000000001
[ 2703.242078] EPT pointer = 0x00000000a986d01e
[ 2703.245655] LDTR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2703.254728] Virtual processor ID = 0x001c
[ 2703.258841] IDTR:                           limit=0x00000000, base=0x0000000000000000
[ 2703.270277] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2703.290164] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[ 2703.307071] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
08:53:57 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = fcntl$dupfd(r2, 0x0, r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_CLOCK(0xffffffffffffffff, 0x4030ae7b, &(0x7f0000000000)={0xec2})
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x40, 0x0, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r4, 0x4138ae84, &(0x7f00000000c0)={{}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x4, 0xce, 0x0, 0xfd}})
ioctl$KVM_RUN(r4, 0xae80, 0x0)

08:53:57 executing program 2:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
setuid(0x0)
arch_prctl$ARCH_MAP_VDSO_X32(0x2001, 0x6)
r0 = socket(0x10, 0x80002, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000180)={'batadv0\x00', <r1=>0x0})
r2 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000340)='/dev/nvram\x00', 0x420001, 0x0)
ioctl$VIDIOC_TRY_ENCODER_CMD(r2, 0xc028564e, &(0x7f0000000380)={0x1, 0x0, [0x5, 0x7, 0x3, 0x5, 0x1, 0x1, 0x8, 0x5]})
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket(0x10, 0x803, 0x0)
ioctl$sock_inet_tcp_SIOCATMARK(r0, 0x8905, &(0x7f0000000300))
sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000240)={0x0, <r5=>0x0}, &(0x7f0000000280)=0x5)
setuid(r5)
ioprio_get$uid(0x0, r5)
r6 = openat$sndtimer(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/snd/timer\x00', 0x100)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$FS_IOC_FIEMAP(r6, 0xc020660b, &(0x7f0000000280)=ANY=[@ANYBLOB="ff7f0000000000000500000000000000020000000500006205000000000000000fb959f8d4b800000000000000061000000000000001010000000000000dff0000000000000000000000000000c000"/88])
setsockopt$netlink_NETLINK_NO_ENOBUFS(r2, 0x10e, 0x5, &(0x7f0000000240)=0x3, 0x4)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)=@newlink={0x44, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @gretap={{0xb, 0x1, 'gretap\x00'}, {0xc, 0x2, 0x0, 0x1, [@IFLA_GRE_OFLAGS={0x6, 0x3, 0x8001}]}}}, @IFLA_MASTER={0x8, 0xa, r1}]}, 0x44}}, 0x0)

[ 2703.315174] Interruptibility = 00000000  ActivityState = 00000000
[ 2703.321875] *** Host State ***
[ 2703.334496] RIP = 0xffffffff8116426f  RSP = 0xffff888038cbf9d0
[ 2703.342283] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[ 2703.357637] FSBase=00007fc3c74c2700 GSBase=ffff8880aec00000 TRBase=fffffe0000034000
[ 2703.374544] GDTBase=fffffe0000032000 IDTBase=fffffe0000000000
[ 2703.382410] CR0=0000000080050033 CR3=0000000041d42000 CR4=00000000001426f0
[ 2703.437100] *** Guest State ***
[ 2703.453637] CR0: actual=0x0000000000000020, shadow=0x0000000000000000, gh_mask=fffffffffffffff7
[ 2703.471480] Sysenter RSP=fffffe0000033200 CS:RIP=0010:ffffffff864018c0
[ 2703.489488] CR4: actual=0x0000000000002050, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[ 2703.499389] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[ 2703.523862] CR3 = 0x00000000fffbc000
[ 2703.531284] *** Control State ***
[ 2703.536952] RSP = 0x0000000000000f80  RIP = 0x000000000000000b
[ 2703.547558] PinBased=0000003f CPUBased=b6986dfe SecondaryExec=000000ea
[ 2703.567056] RFLAGS=0x00010082         DR7 = 0x0000000000000400
[ 2703.580621] EntryControls=0000d1ff ExitControls=002fefff
[ 2703.592772] Sysenter RSP=0000000000000f80 CS:RIP=0050:0000000000002810
[ 2703.613939] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[ 2703.621195] VMEntry: intr_info=800000c5 errcode=00000000 ilen=00000000
[ 2703.633198] CS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2703.658118] VMExit: intr_info=00000000 errcode=00000000 ilen=00000003
[ 2703.665096] DS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2703.673243]         reason=80000021 qualification=0000000000000000
[ 2703.679611] IDTVectoring: info=00000000 errcode=00000000
[ 2703.685715] SS:   sel=0x0000, attr=0x04005, limit=0x00000000, base=0x0000000000000000
[ 2703.693900] TSC Offset = 0xfffffa5592f2496b
[ 2703.698224] EPT pointer = 0x000000005104401e
[ 2703.702631] Virtual processor ID = 0x0029
[ 2703.706927] ES:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2703.715008] FS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
08:53:57 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200)
r2 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000040)='/dev/cachefiles\x00', 0x80, 0x0)
setsockopt$inet6_udp_encap(r2, 0x11, 0x64, &(0x7f0000000240), 0x4)
r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_CLOCK(0xffffffffffffffff, 0x4030ae7b, &(0x7f0000000000)={0xec2})
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000026000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r3, 0x4138ae84, &(0x7f00000000c0)={{0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x9}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x4, 0xce, 0x0, 0xfd}, {}, {}, {0x1}, {}, 0x80000004, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x20]})
ioctl$KVM_RUN(r3, 0xae80, 0x0)

08:53:57 executing program 5:
r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
fremovexattr(r0, &(0x7f0000000080)=@known='user.syz\x00')
r1 = socket$inet6_sctp(0xa, 0x5, 0x84)
shutdown(r1, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f0000000040)={0x0, 0xfffffca5, &(0x7f0000000300)=[@in={0x2, 0x4e22, @dev={0xac, 0x14, 0x14, 0x2a}}, @in6={0xa, 0x4e23, 0x0, @ipv4={[], [], @empty}, 0x5}, @in={0x2, 0x4e23, @multicast2}, @in={0x2, 0x4e20, @loopback}, @in6={0xa, 0x4e20, 0x4, @dev={0xfe, 0x80, [], 0x36}, 0x5}, @in={0x2, 0x4e22, @initdev={0xac, 0x1e, 0x0, 0x0}}, @in6={0xa, 0x4e21, 0x1, @mcast1, 0xffffffff}]}, &(0x7f0000000180)=0x10)
r2 = socket$inet(0x2, 0x80001, 0x84)
getsockopt$inet_sctp_SCTP_MAX_BURST(r2, 0x84, 0x14, &(0x7f00000000c0)=@assoc_value={<r3=>0x0}, &(0x7f0000000100)=0xfffffdeb)
r4 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
fcntl$setstatus(r4, 0x4, 0x46000)
io_setup(0x2349, &(0x7f0000000240)=<r5=>0x0)
io_submit(r5, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x80000000000000, 0x1, 0x0, r4, &(0x7f0000000000), 0x377140be6b5ef4c7}])
fsetxattr(r4, &(0x7f0000000000)=@random={'osx.', 'user.syz\x00'}, &(0x7f00000003c0)='.[\x00', 0x3, 0x1)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x7d, &(0x7f0000000240)={r3}, 0x9c)
getsockopt$inet_sctp6_SCTP_LOCAL_AUTH_CHUNKS(r0, 0x84, 0x1b, &(0x7f00000001c0)=ANY=[@ANYRES32=r3, @ANYBLOB="09000000f54da9c8bc7c1e6f9cdba4ff8083744a56adea2ecd847d5cd116a564943cb83a4bf7364412ef34bacdfed0e0f129ef3208f5653c13096deed7bf77ae66dec160817a9ac85a41710251"], &(0x7f0000000040)=0x11)

08:53:57 executing program 2:
mkdir(&(0x7f0000000040)='./file0\x00', 0x43)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/btrfs-control\x00', 0x0, 0x0)
ioctl$ASHMEM_GET_PIN_STATUS(r2, 0x7709, 0x0)
clock_gettime(0x0, &(0x7f0000000000)={<r3=>0x0, <r4=>0x0})
ioctl$VIDIOC_QUERYBUF(r2, 0xc0585609, &(0x7f0000000140)={0x1, 0xc, 0x4, 0x40000, 0x3, {r3, r4/1000+60000}, {0x3, 0x0, 0x1, 0x1, 0x1, 0x1f, "e1328b26"}, 0x1, 0x3, @offset=0xc7a, 0x4, 0x0, r1})
r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
perf_event_open(&(0x7f0000000080)={0x2, 0x70, 0xd5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_kvm_setup_cpu$x86(r1, r5, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)

08:53:57 executing program 0:
futex(&(0x7f0000000000), 0x7, 0x0, 0x0, &(0x7f0000000080), 0xfffffffe)
r0 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/btrfs-control\x00', 0x0, 0x0)
ioctl$ASHMEM_GET_PIN_STATUS(r0, 0x7709, 0x0)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000040)={0xaa, 0x44})
r1 = openat$vcsa(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vcsa\x00', 0x0, 0x0)
setsockopt$inet6_tcp_TLS_RX(r1, 0x6, 0x2, &(0x7f0000000100)=@gcm_128={{0x304}, "cb1b7a9f0618e272", "7bc8a9540bf5c8b25ae6a7ff5ddebee7", "3bfd5d1e", "df0c9c0a88794089"}, 0x28)

08:53:57 executing program 3:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = fcntl$dupfd(r2, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
fcntl$setstatus(r0, 0x4, 0x6900)
ioctl$ASHMEM_GET_PIN_STATUS(0xffffffffffffffff, 0x7709, 0x0)
r4 = socket$inet6_sctp(0xa, 0x5, 0x84)
shutdown(r4, 0x0)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r5 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r5, 0x0, 0x8400fffffffa)
sendfile(r0, r5, 0x0, 0xffffffff)

[ 2703.742284] GS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2703.778245] GDTR:                           limit=0x00000000, base=0x0000000000000000
08:53:58 executing program 0:
r0 = socket$kcm(0x10, 0x2, 0x10)
r1 = syz_genetlink_get_family_id$ipvs(&(0x7f00000001c0)='IPVS\x00')
sendmsg$IPVS_CMD_NEW_DAEMON(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000040)={0x30, r1, 0x1, 0x4000000, 0x0, {0xa}, [@IPVS_CMD_ATTR_DEST={0x1c, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_TUN_FLAGS={0x6, 0xf, 0x3f}, @IPVS_DEST_ATTR_PORT={0x6, 0x2, 0x4e21}, @IPVS_DEST_ATTR_INACT_CONNS={0x8}]}]}, 0x30}, 0x1, 0x0, 0x0, 0x8000}, 0x0)

[ 2703.807119] audit: type=1804 audit(1591347237.963:277): pid=18886 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.3" name="/root/syzkaller-testdir891778437/syzkaller.7QqUtx/779/bus" dev="sda1" ino=16020 res=1
[ 2703.860806] LDTR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2703.887916] *** Guest State ***
[ 2703.904184] CR0: actual=0x0000000080000024, shadow=0x0000000080000004, gh_mask=fffffffffffffff7
[ 2703.916232] IDTR:                           limit=0x00000000, base=0x0000000000000000
[ 2703.941022] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
08:53:58 executing program 0:
pipe(&(0x7f0000000040)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = socket$inet_udp(0x2, 0x2, 0x0)
r3 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r4 = dup(r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
close(r2)
r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x88002, 0x0)
ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000000100)={'syzkaller1\x00', 0xa732})
r6 = socket(0x10, 0x80002, 0x0)
sendmmsg$alg(0xffffffffffffffff, &(0x7f0000000140)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000100), 0x0, 0x4048018}], 0x1, 0x0)
ioctl$sock_inet_SIOCSIFADDR(r6, 0x8914, &(0x7f0000000000)={'syzkaller1\x00', {0x7, 0x0, @dev}})
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000280)=ANY=[@ANYBLOB="00c350e4346eb1bd55a534f5365f7e83aa42378c2f31eb429031c4b54782794fbb100ff445e03e1feaa5016c1762713ff73b1fc7b51c839c1a56e711cfd1deb4e227eef8b9a9f3b286425c0415d06df3c9fe778bfb7559490c563acf5c7132290ef6b4b7d724bb3aa623fd7e"], 0x80}}, 0x0)
r7 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/btrfs-control\x00', 0x0, 0x0)
ioctl$ASHMEM_GET_PIN_STATUS(r7, 0x7709, 0x0)
accept4$phonet_pipe(r7, &(0x7f00000000c0), &(0x7f0000000180)=0x10, 0x0)
write$tun(0xffffffffffffffff, &(0x7f0000000140)=ANY=[@ANYBLOB="00000000bbbbbbbbbbbbaaaaaaaaaaaa8100000086dd60"], 0x1)
write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x1000000c8)
splice(r0, 0x0, r2, 0x0, 0x80000000010005, 0x0)

08:53:58 executing program 2:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb07, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x3, 0x100000000}, 0xc800, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
preadv(0xffffffffffffffff, &(0x7f00000017c0), 0x3da, 0x3f00)
arch_prctl$ARCH_MAP_VDSO_X32(0x2001, 0x0)
r0 = socket$inet6(0xa, 0x400000000001, 0x0)
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, 0x0)
close(r0)
r1 = socket$inet6_sctp(0xa, 0x801, 0x84)
sendmsg$NLBL_CALIPSO_C_LISTALL(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000180)={&(0x7f0000000240)=ANY=[@ANYBLOB="340000001643a860954f45d4d6a27c918659101f25fed68d8eb783831f72b8cf69677a059f07f984ab97b4f67f506fe6ee5d7fd77a9babf3fbbdfc238fc8388f5853e6349e33fd89af31f2b311620909b7daee75df2bba17604b08c82cdbe9cc3c6a50e584da4e014faf0a76f7fbded35a7e166828a2e07bf38bce7bcca467819edc640ea366f2e13036b5b6dae4b8b6d9fc3a387f5ceb1b00"/164, @ANYRES16=0x0, @ANYBLOB="05f700007000ffdbdf05a75c0000000000fffffffffffffe00000100000008080200020000000800020002000100"], 0x34}}, 0x1)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r1, 0x84, 0x64, &(0x7f0000cf6fe4)=[@in6={0xa, 0x4e23, 0x0, @loopback}], 0x1c)
connect$inet6(r1, &(0x7f0000000080)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
r2 = open(&(0x7f0000000080)='./bus\x00', 0x141042, 0x0)
r3 = syz_open_procfs(0x0, &(0x7f0000000040)='net/arp\x00')
preadv(r3, &(0x7f00000017c0), 0x3da, 0x3f00)
ioctl$sock_kcm_SIOCKCMCLONE(r3, 0x89e2, &(0x7f0000000000)={r1})
setsockopt$inet_sctp6_SCTP_MAXSEG(r0, 0x84, 0xd, &(0x7f0000000140)=@assoc_value={0x0, 0x839}, 0x8)
ftruncate(r2, 0x200004)
sendfile(r0, r2, 0x0, 0x80001d00c0d0)

[ 2703.964658] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2704.020122] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[ 2704.030188] CR3 = 0x0000000000000000
[ 2704.040474] RSP = 0x0000000000002018  RIP = 0x0000000000000000
[ 2704.051104] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[ 2704.094790] RFLAGS=0x00000002         DR7 = 0x0000000000000400
[ 2704.149900] Interruptibility = 00000000  ActivityState = 00000000
[ 2704.177796] Sysenter RSP=0000000000000f80 CS:RIP=0050:0000000000002810
[ 2704.211069] *** Host State ***
[ 2704.238565] RIP = 0xffffffff8116426f  RSP = 0xffff8880194b79d0
[ 2704.246031] CS:   sel=0x0000, attr=0x08081, limit=0x00000000, base=0x0000000000000000
[ 2704.290358] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[ 2704.304146] DS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2704.321641] FSBase=00007ff5ac388700 GSBase=ffff8880aed00000 TRBase=fffffe0000034000
[ 2704.337143] SS:   sel=0x0000, attr=0x04005, limit=0x00000000, base=0x0000000000000000
[ 2704.363777] GDTBase=fffffe0000032000 IDTBase=fffffe0000000000
[ 2704.379973] CR0=0000000080050033 CR3=0000000081c65000 CR4=00000000001426e0
[ 2704.401521] Sysenter RSP=fffffe0000033200 CS:RIP=0010:ffffffff864018c0
[ 2704.409203] ES:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2704.431896] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[ 2704.445810] FS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2704.463858] *** Control State ***
[ 2704.478601] PinBased=0000003f CPUBased=b699edfa SecondaryExec=000000ea
[ 2704.489093] GS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2704.513276] EntryControls=0000d1ff ExitControls=002fefff
[ 2704.528141] GDTR:                           limit=0x00000000, base=0x0000000000000001
[ 2704.544690] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[ 2704.567504] LDTR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2704.580434] VMEntry: intr_info=80000306 errcode=00000000 ilen=00000000
[ 2704.611375] IDTR:                           limit=0x00000000, base=0x0000000000000000
[ 2704.626356] VMExit: intr_info=00000000 errcode=00000000 ilen=00000003
08:53:58 executing program 3:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = fcntl$dupfd(r2, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
fcntl$setstatus(r0, 0x4, 0x6900)
ioctl$ASHMEM_GET_PIN_STATUS(0xffffffffffffffff, 0x7709, 0x0)
socket$inet6_sctp(0xa, 0x5, 0x84)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r4 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r4, 0x0, 0x8400fffffffa)
sendfile(r0, r4, 0x0, 0xffffffff)

[ 2704.662641]         reason=80000021 qualification=0000000000000000
[ 2704.674919] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
08:53:58 executing program 5:
r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
r1 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/btrfs-control\x00', 0x0, 0x0)
ioctl$ASHMEM_GET_PIN_STATUS(r1, 0x7709, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = socket$vsock_stream(0x28, 0x1, 0x0)
bind(r3, &(0x7f0000000180)=@l2={0x1f, 0x401, @fixed={[], 0x12}, 0x9}, 0x80)
r4 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000400)='IPVS\x00')
sendmsg$IPVS_CMD_NEW_SERVICE(r2, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000380)={0x58, r4, 0x1, 0x0, 0x0, {}, [@IPVS_CMD_ATTR_SERVICE={0x44, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_AF={0x6, 0x1, 0xa}, @IPVS_SVC_ATTR_SCHED_NAME={0xa, 0x6, 'lblcr\x00'}, @IPVS_SVC_ATTR_NETMASK={0x8}, @IPVS_SVC_ATTR_FLAGS={0xc}, @IPVS_SVC_ATTR_FWMARK={0x8}, @IPVS_SVC_ATTR_TIMEOUT={0x8}, @IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}]}]}, 0x58}, 0x1, 0xf0ffffff00000000}, 0x0)
sendmsg$IPVS_CMD_NEW_SERVICE(r1, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f00000000c0)={&(0x7f0000000040)={0x40, r4, 0x100, 0x70bd28, 0x25dfdbfc, {}, [@IPVS_CMD_ATTR_DEST={0x24, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_L_THRESH={0x8}, @IPVS_DEST_ATTR_WEIGHT={0x8, 0x4, 0xf016}, @IPVS_DEST_ATTR_PORT={0x6, 0x2, 0x4e22}, @IPVS_DEST_ATTR_TUN_PORT={0x6, 0xe, 0x4e24}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x200}]}, 0x40}, 0x1, 0x0, 0x0, 0x8048810}, 0x4040)
fremovexattr(r0, &(0x7f0000000080)=@known='user.syz\x00')
ioctl$SNDRV_PCM_IOCTL_FORWARD(r0, 0x40084149, &(0x7f0000000200)=0x100000001)

[ 2704.709715] IDTVectoring: info=00000000 errcode=00000000
[ 2704.729456] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[ 2704.746290] TSC Offset = 0xfffffa5512cd31d4
[ 2704.762373] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[ 2704.770688] EPT pointer = 0x0000000091df101e
[ 2704.775316] audit: type=1804 audit(1591347238.934:278): pid=18929 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.3" name="/root/syzkaller-testdir891778437/syzkaller.7QqUtx/780/bus" dev="sda1" ino=15953 res=1
[ 2704.814756] Virtual processor ID = 0x001c
[ 2704.825715] Interruptibility = 00000000  ActivityState = 00000000
[ 2704.869479] *** Host State ***
08:53:59 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = fcntl$dupfd(r2, 0x0, r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_CLOCK(0xffffffffffffffff, 0x4030ae7b, &(0x7f0000000000)={0xec2})
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000026000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r4, 0x4138ae84, &(0x7f00000000c0)={{}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, {0x0, 0x0, 0xa}, {}, {0x0, 0x0, 0x0, 0x4, 0xce, 0x0, 0xfd}, {0x10000}})
r5 = socket$netlink(0x10, 0x3, 0x0)
r6 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r6, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, <r7=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r7, @ANYBLOB="0000000000000000280012000c00010076657468"], 0x48}}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000340)=ANY=[@ANYBLOB="4c00000024001d0f000000000000000000040000", @ANYRES32=r7, @ANYBLOB="00000000f1ffffff060000000d00010066715f636f64656c"], 0x4c}}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000640)=@newtfilter={0x24, 0x2a, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r7}}, 0x24}}, 0x0)
ioctl$ifreq_SIOCGIFINDEX_vcan(r2, 0x8933, &(0x7f0000000040)={'vxcan1\x00', r7})
ioctl$KVM_RUN(r4, 0xae80, 0x0)

[ 2704.908654] RIP = 0xffffffff8116426f  RSP = 0xffff888056ed79d0
[ 2704.933958] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
08:53:59 executing program 2:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = fcntl$dupfd(r2, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
fcntl$setstatus(r0, 0x4, 0x6900)
ioctl$ASHMEM_GET_PIN_STATUS(0xffffffffffffffff, 0x7709, 0x0)
r4 = socket$inet6_sctp(0xa, 0x5, 0x84)
shutdown(r4, 0x0)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r5 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r5, 0x0, 0x8400fffffffa)
sendfile(r0, r5, 0x0, 0xffffffff)

[ 2704.970218] FSBase=00007fc3c7505700 GSBase=ffff8880aed00000 TRBase=fffffe0000034000
[ 2705.002743] GDTBase=fffffe0000032000 IDTBase=fffffe0000000000
[ 2705.049703] CR0=0000000080050033 CR3=0000000091de1000 CR4=00000000001426e0
[ 2705.072217] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.4'.
[ 2705.102659] Sysenter RSP=fffffe0000033200 CS:RIP=0010:ffffffff864018c0
[ 2705.127859] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[ 2705.156006] *** Control State ***
[ 2705.167097] audit: type=1804 audit(1591347239.324:279): pid=18955 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.2" name="/root/syzkaller-testdir440013971/syzkaller.BGz3RF/4521/bus" dev="sda1" ino=15908 res=1
[ 2705.173533] *** Guest State ***
[ 2705.195137] PinBased=0000003f CPUBased=b6986dfe SecondaryExec=000000ea
[ 2705.218625] EntryControls=0000d1ff ExitControls=002fefff
[ 2705.239751] CR0: actual=0x0000000000000020, shadow=0x0000000000000000, gh_mask=fffffffffffffff7
[ 2705.241006] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[ 2705.261329] CR4: actual=0x0000000000002050, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[ 2705.290531] VMEntry: intr_info=800000c5 errcode=00000000 ilen=00000000
[ 2705.298226] VMExit: intr_info=00000000 errcode=00000000 ilen=00000003
[ 2705.305830]         reason=80000021 qualification=0000000000000000
[ 2705.312660] IDTVectoring: info=00000000 errcode=00000000
[ 2705.319078] TSC Offset = 0xfffffa54d7b06ad7
[ 2705.324158] EPT pointer = 0x0000000091b4101e
[ 2705.329953] Virtual processor ID = 0x0029
[ 2705.330606] CR3 = 0x00000000fffbc000
08:53:59 executing program 5:
r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
r1 = openat$null(0xffffffffffffff9c, &(0x7f0000000000)='/dev/null\x00', 0x400500, 0x0)
fremovexattr(r0, &(0x7f0000000080)=@known='user.syz\x00')
r2 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
fcntl$setstatus(r2, 0x4, 0x46000)
io_setup(0x2349, &(0x7f0000000240)=<r3=>0x0)
io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x80000000000000, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7}])
r4 = openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f0000001400)='/dev/nvme-fabrics\x00', 0x20000, 0x0)
r5 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/btrfs-control\x00', 0x0, 0x0)
ioctl$ASHMEM_GET_PIN_STATUS(r5, 0x7709, 0x0)
r6 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
fcntl$setstatus(r6, 0x4, 0x46000)
io_setup(0x2349, &(0x7f0000000240)=<r7=>0x0)
io_submit(r7, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x80000000000000, 0x1, 0x0, r6, &(0x7f0000000000), 0x377140be6b5ef4c7}])
sendmsg$unix(r0, &(0x7f0000001480)={&(0x7f00000000c0)=@file={0x1, './bus\x00'}, 0x6e, &(0x7f0000001380)=[{&(0x7f0000000040)="667b474a79469c3acf63", 0xa}, {&(0x7f0000000180)="575f1212993fe239", 0x8}, {&(0x7f00000001c0)="ab55730683c7862b4c53eb52c88d1dc3554fd4ccb4539a0aa4", 0x19}, {&(0x7f0000000200)="b9abfd744cf7c64d42b2ce5d249ea9e73ebe62a57e471e4c4424c1c64e7ef3845c5fd448a67b1449044e92f34798ff9c3a75743dea7cb9531b99eecb30cd399861b39e204f46e4ac2fd3a4b68bb5aa072bcf9da60e47134b0963c8a66844d474504bc35688e45d18a9a7b1e770fbdf1622f32e097d1b38e42abac8771dbaf70796225600e95e216955af73c4caf54f8c3c9abec8568b9a26d58ae01245c344bd7b14b2fb377bb25479db468db3e081ea70f46623720ea1e5e1cdba4a0a6e0a6a8d32261fc457d89197b4922e01", 0xcd}, {&(0x7f0000000300)="a7fdbb0f61aa19f87afef11eaf03ff948eac623b09357008d0a9ac3e4cb6a8e3da4fac0486d46eb2f0fa89761d22c63eb453f71997fc201dc21d0ef2226ebded4e95a5cbbda558d00ece07bf3a09466bce6e0068ba5a07c82c1d2f8601551de5b8c4a4823a2053ec97c44b74957d83574f4f3744f3ed39250a99c0abffa6770aee576668cd86b4cb84f29c87d70a33567cdb40526b027af0285f661ed6577273a70e35c998812acb6f295590463d6eb87e30367e6d53fbd8df9ae63521c7f4fde840e66d8a5d29cf8b49070eadcaaff99cc881c3e25c9e75987fde746d96d0dfe731f6153725305fdb0147c770d2373fd5c35ba2030bb66b000a12ee136d90663f7ecd5b79676d90657192ca95406cdf388e52cd167ca37e369f85d7d5cde6a7572dbc3e2592d99f76a11552f272cfd9178ec8484f990d23c573740cef6ea1ca2f1447b78b9e06ea9fd53da1ac40c52a99bfdda1354b466d99b9d96d3b8253bfb16aa8cfcc8fa410208b2f421f4137573794dd50d7ae27d6b41def97c880cf4be46d128d93c8b9ee78a4a465d7057331b6ebcbb35f94d3f77d5350c02580f17214df81be99894fbe14ea26b59dc9dbcfd37b56dc45adca2e19021c9d2946daa82ef36d21fa26a61672ce6616025a6055b1866035b46e0958a32fff92c457d1dbc93a6f900af6a7a8d9612546b9420b212aab887ef9953eda068de8b7c350e95a3203ccd9bd3cefe026c88130a80b752789957fb6b99ad1c23fd9365cc0e4cca879f656a959b1a3790817b1cb9a198b62bc0928f3bad7e6537bbc2ec833735c3fce7db13a57f17feef07fbd7f7af9d82efd56330c0e63309e9e31033fa80f466c2854cf3e4c4f43c16c8bd789713b16e26c13a6b2043c9775b9ccc97bf8c82412a6e3996425456018d13d930cb98ebf849fdc87aa89b4e57c0b8796c6d495f3c2c65bb78858b864e2c684128bca6cebc0e114483c19a1517bdc4470270bbaaf939477fe91fd989961f26577b21aad9d2af86538610f344cb1af327965bd7a654fad17ee2ebc693a8d4b3fb6d79cf8ad4eb70a8cda9284e6d0073f80fc9d2cb5b22f5f7520002461ae045b1d2ff53109678a69823a2cb814ce7b0cfda2f79c085d6770030a13e36a5c0c47e8e32770de6971fbb93905f7273bf8e78b1e626bf87293b21f6019ea37c255c3849f9b6ab331022a1fb4450e5d7ff8036ed1ed0b6017adcab1ac737bf4951031fb997f15ee7ffb7a22e5bbefcd7a60f262ad5657e26e0f2852cb44dedc0e16cf1fbbedc7a13ba16e2be9fd3369268b454a827a5b59ee98e6931349909e84514929420699bf8c81a3fdecd49e25fe9ba0f24e0d1d2b9d2b89e414cbbeb172060b8790684211e72872c8d53f246f4e7fe1fc3f33eaf882980bf3cb29c822c4555398516b31ac1c3a79cb4ec28f60b7e09b00dc588e6bc22d38c92663e243fbba2ef51dc679fc882e863bbbcdca527bb020f84775d0da375bf78b7d60d3cf879ce12300fd58f2b9e4c8a6b7781c3b0e8c0bd9ad3bf94ba8a3e18bc42fac9f009d1e2d45606d8d231e1c3119f557c53d4f3e7b48ef84c4e535cf04dcf035ef83477a3316dc6232eaad2d806a47453e346f468ebc7d4cbd687552237c965e69d69111bdfdc7e1b99f77381c0ca32b3258ca4598522f490770b852a883da7c215aa549c4c47c528a5644ccf2a1777a2f3db55588d1524d06e8e150e2493c1860918973296489240098b1d13ce95163336b3fd0867f588d55b7cac2d6ed1ba03c408c12eeb6cdf26e975e1fb67c7f0e452e4ceb196ce65ef37277f20223072771273cf326ca49444e4cd77674e2c7b55d1f3f2b5500d7750d90002c173853672c45e027d313f413fad39c93589ab1ac847eb91647e07b63a7a0d1d3f66220b2aa874e43e376a5e94702b230bb1e48167da7401d1acb721620bc82943c313d5705c9996d6d7079f8ec4e4fb70a319505046a90451d2bb3e5c09a5ab037944eb2a24b7b5729b52c5cb62f642f8c2973bd9962bd1d302069bf544d52969935f7daed871b4fe434bce27b0a9bd807ee9137fb1a5d131ab1cfdd6a3721f579651d6b103f6eb1ef07e641cc016304369d390992c083ec2080bb6b9210c0039c80c82d714a3b5e8c7447fac8f626f6abd42084c6c886d695681227e1077df233000d1d939777762e2005a6eb741675dfd6c22c260cc72f4134e875e179d5bb8a40a17828642bc6bbbe43e95c3602c801575dc3b6ab27dd6706fded9592df8f5f8163d471dad25267b311277fe1199c22b9f1816a8b224e203b0410ab753b7b561f008b1137d5353ae0456e9e4f42be4f0afc90d2b6ea91b4e34054304745da346a04648ca14cb3461a83a69fa4620068afb08ac02e57540465ae77045910f0f4bbd513be3780eb62908df6e2736983af8f8cbd183dc59697d4b881c8b1da9fb5f72380ba4395912af71402c71764a260c0aa5c9f7f85fd6d6c54a4a942538780cdfba3e023d141e9e762750b0949dc1040abfa863c90d4b0bbbe4f6a8149cf79855042de6c114b9b12bb9c7d26d36f94aa7a3c5a49edff47806d0c8ecdc5f9bf1bef22beaf80f193ca58e90d924a12a4dba4d4e46734b146134b99a127f8d8b51df79a0442be159334f96b84f4b2950cde90a902bec6ecbe4e11059af7d41cc029e163a8a77e4919697f525d82ebb05e1dd55eab50622b36125652fe9e7b5af7a37228d5b3ddbda4a9f73b28ccdb9e74e61789e346b79494c17e2a467078596289625b110e723acaaa4ef67ab68acc0e3cd253bafe549bb7d5a6aeb26507a6b5ece69287b1aa330711cda4cf1768e4d04afd27ea4b88b2bcdedcd49c22c89c36af734da71ad6afb39ac80ad40e72dfb0f48b95059e41016153a7b7c35d9fe212081b9982a28b74086d9e395a065950bd0bbd4c5d3c802bfc6bf026d39f1b4cd5b1158a7cc9fbdc072ec23a0df2d2fc96f92582e2429ca1714f36eaf9ce96e7926d09151f1fc5c0268e0d1490c71da3add5a1be628a18547da65bda7302e6e5951afc24407934f40dc4f4fd79b16cb3f38256077070d6c07d01de60cc333e76f0ff96fdc3d6171eea7afbb38901667db1546628d3fc9045c4a2968ccd075c3a1fd8ba8963b6981f47a6e9fd0c600d9a12540bcde6335c9275cebbfa6cb532e0ec0fc8e38a90348f7cfd4345fdf52357b1b17cb94871435f174766fdec15f29d4fd5af89c837ffcfcd40847b79ff23314ce739337bfe6fdb146211cd64e4fe669b860749cc8689a492ef498a2a2ce04f729fc533d647392349c0ee67ea34a50f48e18b7890f2cdab23116db83e38417c0d800eb50a02c769495bd36b7d617952c9919c05a6b4838688d4c441f343aba7283e679051aff3767ce4de7896d9969729fe18802b74d5b3663942d90046727a901057576d2d797c757bd083ca3faa2bcee2a514b7f0616a8ad5eaecf31745e35294d47a64f7885e3135139dda81da1b9aa8ef6a6a92112479bd0e1b81809c6919b081bc482aa2576d59ac83f4e07ccec4f4b7b474647d75fcf521187d586590fec16e7334edbb6aa1d34f42e3794f1bfa23da526c262fe8080e838ecac8b36783675e92d080cb93904b6acbecf15886bbaf424a41ed393a8563588c83eeb10da36dd9c24721224179399dfcef32d2963b58314ce5807b40341765be7e5319755a450976c319a48989ffe50ada06d5772b80cdb6d0e0b17a031266a87aef4029475527a2a3e7b6e5d9308b879e9325bdaf43d7e932dd24fbe41b1d387ef02a54a2e74a75bcac9fd21e575f16781c92482ca59bd321680a80ab37b5de759c3c4024f36487565391d3b9c1c0e4ba8affd7505caaf3992ab8aeec3f4aa365f82487f13c6751f583e68fcad598811d6766328416d4c2367c1fb01c62562634619470501afb28244b24fa77db56ee4bbbce568f94bf314a4b0ca5e59d86d9434af60070614cae4efd6bf38a9f9a51952703d33f3df0c24969a0123a7a49772bfa8c6adac67c287e9e80af08405dc541b5ce9d1d6b5064527cb09e3ebc7e9bf213898348b8127abe28df92889a1552d371f0684b09cfd2adc2e872c90d7b5f09fe38215e65b349b43fbcc6dc15dfca8c7956dcb04f9ef4282d8b49d423bab6b47fe2975c7577ad316b016ebcd382086c24ff72352d5fdb688a57c3e38c0f9d4eb999a0c83b5ba5d5e8d253dc7fa3333feeef05d2c1f90a3cdad91aa87e03b42765312715b7ecfca38da13592cab8e07dfb8f4e8509bc92c5cb364cc90caf98c790e2f643db6e41efaff9942bede62165de8c6252f52fb21886b6afd062c74a05909e20ea630f2329d2aa3ddbf83b615a1e6591a95fccb7406021e5b099ba1bd131911d83c1fa38edecc00e6ce7fd3d57a8c8505e927bf08dfc147ca42a59da1da745cc5f8bdf84520ee752718eff6114422f84a7220a7ea0ed10e8a00b28e01a86d873cfaa9c9f52795678bd34d868506184f3d0a0b0f537ee79412935a162b93e86f94a8911e6154a6e04827220aae887161ef08ec25c2eacac35852291015b869a59b83fa423f40d13e0c3c996eaa42431c52096f12b868763d56543271e238018375bf9639cf2f3bfb34a3306a2474d23e16beda11fdac7898550b00337d0a7503235d07f793e659d55a3282227b55ad80f9cdeaf8faaf930a4cce1cb5bbea11fb156b77d8605aa5a7071904681d40468ee7c9556a84ee181967d269ca0597fa557ce11b1c23a26efecbb491ad88337641533578331b50c9cdd70c30d329feb18196b5abb9f3cb2f68b57fa18a495ecfdd5611ebd29d05eb4ccf0f86743ab0b439fe6f4d1587c0ce19b873b5cbd071e5917b1c06de508f28b91f206ab0462ddcc5fba4cc92e93b79d828286fae31888dca4659bed6462c6e9adc1000e12be720b5ed6020881840e3e35d09b7464724ceee562871152e5dc7fddee3f28a0e8dd458f2ad4dfa66b424e3fea440eb497795cc886f9ed8cc97d3c94d605e9bb222ae58057e29ad28bdb354558d2b9705bd019866095abe703962980e1b3c671e14efaa04af78385787d4d0d2370140a4aaea7f1724fc2ba60dfc402ee75456de7062c7ea56991fa36ef17136135071a9ce9cd2b618ba4778d7173b9f96ae1e268662ea7f1a19973e1aea0c8ca57e472112b4e6b0f9a0cd326f262c7ed1f441d35340ce8387041e6fc7a9c8fc52b59c161119dedfeb2ab11b99df2923441572eef993bdcd9acf95ad1c901f878f04403ad2b2e2bf2353d562aa83441addb61178a5e553b2f442040724a195b3cc0622255eef6b281e081a96e95f6df40f97b8feb4ac0be8fff2763cb3c553d12c6a778016cd11630daca1794e48477748ca7c7f21e73a65298e003d73882bf07f7b0d2423848d50e1a3ec97e3711bb68ead315f6f529d1c504b89ff51776ec49779d6b9512141b373b230a0cdb52b2504b8e378a63e502ebd6ecb4ad20920e36f5178cbb0ae8976b47886bc1bf7567c4646cd7c2ec1b03fbe104e3dc2ac617e11b91973c4075ca85a031446c11536da995b2a31430dda5228d20127d8162d35834a119229e22897d8f1990c87d1119b662cbb24106696bfeb074e638a98aaddb4e19da6653ae6e345cdeae666ea671bb8523e4efc6449986add57a0821348c3cc580f6038733b659ed6ef09e26160953a3040e2e988ddca65239fdb64f317d1a9db783ad4462727efce5305657cd4844becb0a56cecc8c63f9095ecf316706fe6e6fc04fcec2d84140fc43cac0e543bf150a6f444d971ed8179bc3d7bd6ce156dc4e4561e4", 0x1000}, {&(0x7f0000001300)="d6569d7b74f5642b71188548dba23ef016e18e4c5b1a3df65eff25b1e72c6cfcd962b631eab469141fb039b7a08a3f7906191347f705cd397dd4c8a8dc737b98a6c8077906aba7caa88d73e637e1c0c20925a9c1b91e76ddbe", 0x59}], 0x6, &(0x7f0000001440)=[@rights={{0x30, 0x1, 0x1, [r2, r4, r5, r6, r0, 0xffffffffffffffff, r1, r0]}}], 0x30, 0x10}, 0x40)
mbind(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, &(0x7f00000014c0)=0x7fff, 0x3, 0x5)

08:53:59 executing program 0:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0)
r0 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r0, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0)
pipe(&(0x7f0000000100)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
fcntl$setpipe(r1, 0x407, 0x100000003)
write(r2, &(0x7f0000000340), 0x41395527)
vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0)
clone(0x80271903, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
socket$inet_udplite(0x2, 0x2, 0x88)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$TIPC_CMD_SET_NETID(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000100)={0x24, 0x0, 0xc07, 0x0, 0x0, {{}, {}, {0x8}}}, 0x24}}, 0x0)
sendmsg$TIPC_CMD_ENABLE_BEARER(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000200)={0x0, 0x3c}, 0x1, 0x0, 0x0, 0x20004814}, 0x8000)
r4 = socket(0x10, 0x3, 0x0)
write(r4, &(0x7f0000000000)="1c0000001a009b8a14000000ff0000adf87e28000000000000000000", 0x1c)
recvmmsg(r4, &(0x7f0000002ec0), 0x400000000000ec0, 0x2, &(0x7f00000001c0)={0x77359400})
write(0xffffffffffffffff, 0x0, 0x0)

08:53:59 executing program 1:
r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x46000)
io_setup(0x2349, &(0x7f0000000240)=<r1=>0x0)
io_submit(r1, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x80000000000000, 0x1, 0x0, r0, &(0x7f0000000000), 0x377140be6b5ef4c7}])
r2 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/btrfs-control\x00', 0x0, 0x0)
ioctl$ASHMEM_GET_PIN_STATUS(r2, 0x7709, 0x0)
ioctl$VIDIOC_QUERYBUF(r0, 0xc0585609, &(0x7f0000000240)={0x6b, 0xc, 0x4, 0x1000000, 0x5f41, {0x77359400}, {0x3, 0x2, 0x3, 0x1, 0x7, 0x0, "326845bb"}, 0x4, 0x0, @fd=r2, 0x1c00000, 0x0, <r3=>0xffffffffffffffff})
ioctl$VIDIOC_QUERY_EXT_CTRL(r3, 0xc0e85667, &(0x7f00000002c0)={0xc0000000, 0x6, "bdbb94cab9ed85e164776f5cede48d212ffb0abfe9e9a0ce792d21d7ea6c4f89", 0x2, 0xffffffff00000001, 0x7, 0xfacb, 0x9, 0x7, 0x80000000, 0x20, [0x279a, 0x0, 0x4, 0x43d7]})
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200)
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
ioctl$KVM_SET_CLOCK(0xffffffffffffffff, 0x4030ae7b, &(0x7f0000000000)={0xec2})
ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
io_submit(0x0, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x80000000000000, 0x1, 0x0, 0xffffffffffffffff, &(0x7f0000000000), 0x377140be6b5ef4c7}])
sendto$phonet(0xffffffffffffffff, &(0x7f0000000580)="85467b59d0b06b36a5f6d98f660d25f0428fdc96c3b517170c2586648e3006f4777db7df94aeff00f0c4521765ee15bea047c14b4d75cb3a1809913be710575f88dddedaa1d3a70828a4be0156ff3a315664a78ed4f032315c928d394b33d91334e5c29b5d0c52d8a5c10c95e5715f05898cf35a4807e921fd3696bdaef3c701bca0962715c399a438b38b3c4dde266c40c565021e3d2eae8964a4f277a194cf6b4b3344ee5b47132d60d29a88a8658583e3038ba7e67e98fa14c61d5ebea7c44613e0c533f5bbb96a3747776c14270e2189fc44ab5eae0c66bac75a93518f0e5da6f8e8ea0cb64871b4a96ce312feeead97acbade5720b1a4f22af65f0ccbeb598be0cfe853487cae98f20a1e4881e31a124aaa2e5a557bd10e9a8ba1a205fabf00a6d7f4c2ea85a58952c3265dbddf8e5269f3194fdc68ce3d8bccd8c9102285880038fe0e99f3f7d7ac2a1efc6f7c65fe68624e26a3205c8b70281d581530c774d65802af0c8d8e546b2d9c6a7260e47e770728eb5d0dd1f271ab76dc555c6e9ebaf38166bfcfc6153a67c505a66c3f153efe5058df551cc4398fd0780234e50c30d8550210c268f895b677156a19df6e5a5bb09081509e0766c26c01f92ef7622ab709db3f6b216055f3680e052b42d24407634144f7a1223319ea230729d0aa3ca1b2525c061715044a1ab58b7276b083b6471499403ebdab668e57aa447977ad67f2cc6e9ad7faffbcfe60281e87c8b39a2cfe09ac5114871cce4e5139056ea6219b1eaa9a0d5a52ca0f8c185e63e261057b9100cc9f188269f378a78ca671e311dd71f8de958ab263b48c3495d8712d65a3d6238a7ce055dfbae521f4c3e1583913ba5d4816361ad636424858bfa40b9a0e19c718b215b9fa5da35eeadd9c5e0bb528eb4dd22409d6998c9bf5a330ea07694da1d8d8585122781c642f4a1df0e0d2f86008fadac5908e0aaa58988d9b04c887346d55f531e0ea51289fffa109b86802692612aa9d4c33cb0783bbeabc72bff2fd3ca1b81e03e72f10c1cbd8f95acafde67dab2c5f81f7119048ef35ac5adee000e56abb077cecae85f6bea9f572128e27c7a01057330ff3dc2e287d02554d706468ae9e185e7aa5246f31688de790e8b874e3998cf430f65c72c301b35180492b1055d4b5e51b9f9b76045cca4b1232da71804985667cf1665524532cc168fe229cd1bf8011707f788e20b94115b9eb53d1236feb73283cc93b070e8c879368362e57b1c1bb793b3c0858667b005cf89f6ca204d9df571b82ed3d468f775b9291b98b5ef1e29faaae207ea469e815034098b08482701ee799ca2db3803f077518bc936b03e3e8a43b71cd6ee59db4d514c3c2c022ce4a5cb10d1d77a932a3c5103a19835613288927752275de3ed87fc1c452dc1fe3088d9c4fd70ad74ab2aa530341e5bb30fafa4575551f0e015defa369ddff727f9156c865651805a50393dfc5ce07d3c4340822d49052350b318ddc86c90392806c7fd06741766ff128d4e0599717b2761838202c1cffa365a4dc4f4326591ed09ba612112688131160ac72182f2caf13bd2636e0ccd2ba1f8dd798fa97d17c7e72999eff56d4536d14c298a5e5ab8bbac17a75cea9ad2f27a53e034389aa7bd148929aa0eab96cf7925cc53e85256ecd58fea8295f21576de8537026433dc1a56fd43f8691ab0a0cbe388dbd7905643d553fdb5cac86ec93f964be2ff3ae413a2531fcfb16d908f4b67beec7d97bbb8071a9478ea97b825e5b8e13e25f2259efa0c37ecba60c7d488b79579a1ca4fe97ff6dbde76dc7eaa94312b24dde07764a3aa453dd02f024d788925df85e0fe05cd0baf6c7066ed06da86cbaf2706c53078f3b8cddbf4dc5f4fe2ec97e3ee80779af7c419c403bd03aee0f518b86f799aa88a8800f61c95a8146a4c1b9ff2dd60a7e219dd0bb1cfb25a087731329875fbe079a545e5dce270890f23f4699b02ff6239708d067e4bbe455cc377c3e719fbcb01eec38cf5cfeb071d14f58183e8f9770e4089efdb5057f2a6cce46870a8beabfbe54cc7c8be2c06b0bf042e6c44f3225e7635f40d2c1c3f81209b12c65798d791f7be26a380d80fc309316e0b56aba756239556291d965ed55e890cbb35b129cf39685d538f3def0ec489f415004f9994ee4fc700ff5924bcc12071f9e141d7f9938eb9aed06f21f5bcf46b8e2ea5fee7616204be88dd8ac9d551fb981dd2bb981c7143eafa17333b8a7d475c6807c90b7b1ae529d8b9e73c0f21c5a5ecb10074ccc18a7188682e442139371412794a5cd1dd52e70cab771e90d9fb971ad6861468602e9c0c1feb9804d421afc4b94c7296ee5b193da58956c79094a2b309c76f4fe4a46d7d5e4b93626cf94f1e8b7f4d04a093873c1a28cc01475b1370f2b3e83f52f2710c7652b9c85fd72361e4910f59f209f37ab7097040688136242c1cbc3e7b9339440d58690b7ef5cb81f3b07efed24909a60b2bfff741cc05b86b34d1002240fce896cc1b2946db63a80b311451df5a62ca5dc3261138cdd03f673cdd9d475a87a1bb4cbd9898c0d83db6a5c5bf5e47187810056dd8ac2f5fa1c0f90eb722cfa54dc44549a642f9a74024ed400107190c10efc02479b07f6cfb620400e8357bacfe61718cb5a0ec058f6cb7dc43339e091c1c995978ff19ae78c6239f8aa1fc652475349cee16caf9ace7e22580e8d71ba2e6a6a7472beae6e03dbd053072d327687d8875febb8f151a5e018b8903f861711c3f40ac1acc62d9c705f75dfacd292f507474e7a13a388418d4cdb53b14b223567ed9eafae85d2f525e36554fcefc63f3b63d74ba03842596658d4944e9eef7896a2bd0cf660fb74d059f428bd808e4ad1840e578c5b50f3f79755ae00d9144db4d98ff81b78422440716511998189ed11e722a3f9502c351b5b30381448693d13c6d58ab6f187115589d83d601c7e077d31eaf46b775fb59272ca40d4bed4b9c99a3c2b30e2f5869f426a86e6aa83a0ffe94be6dc57fbc8506e240bf367b06231e42ad279add4757564b6b0cd27e783e12565dd48d385467bd85019f607532bf3f19fee9bee8cc587ffea6c4d3d132e61221148e7852eeb949281015acbbd15fb997a7b4516bd62ac2ce5d037570c9af606079e33eeeec2413d7d4b0e1c9d4a66f155ee348550f0a3d4d3de3d710d20efe83be0caaad066bc4f524a058fc91fd4a8dde095cc69dfd05a571fdb2673d331ccc88da0e848b369a0a4fd61304231d791988409c36b7b317a8d84d610a07a78505e8d6b52968b35361085b0d02cf98415eeabb75c93ed01df42ea6ca8883fc3a47ec4e66e11c2184477fccefb7c31c67da507b4c7fe1302a275ee4fa248407a7c2eaae26a63a998e45f602c13505fd261fcd7c3df4e6f9629439ab36e82642e0a6db7e0fd893ed2d05a9a2154a8e7dabfb028d343ef95d7664b7d134be4977f8e55ce890ff0db9988105bfc0f4c0f30a9be183fb73b4f2ba216d9bc29b1d52dc6f3893c9e0c88df71601fb1c919d6308d95f8391a7a50fb39e89d116064f19435d2c29dce53ce12fbe36050f7a0778a635af98f38aeab3710567f7d7c17a2a7349395d2e77149f788eb96a5f23837c73c8e7454ce84b912df8051d0f3264a79260cab279105f8c80cce3ed0f846086817000c133d47bb6f9b8a0d757710685d5b618ee3fab5f946d57490885c211fe281b17424e2e3e11c0c6d357d5d464eb6d5d4316305baf6aa585175c864f0fc190a754922248ea31afdf6f9e2b5006147f505f528f0156acac76258e31dab962a039524a9670edec8aa0ebab7a05c2619c5b31ba032f98207a1a71f3ce704ae31bcb986b07f968f1e040ff6057faf4cf87c8f9b703a7f8cbd50ae09406c8ce3b957996d36101482ed95212e46984dfafb956bdeccbe61f6294c52dfa5658c57e233246eb02a93dbcefc68319d6325029a9bac427ebe24423eb811b04b3a91133b21afd9ac8f491e76dd5923edb28d2e3dcfdac1624291c5f68f2a8e6e6d3e8c3bcf1541317882a9cd9beb0bb0dd1835f0a3f7cbb7e3a4040bc1e5909d3f97e4113a3cf65a4cd985539df44fb7fc2f53ebaa0e515d6d954d81c109ce66bf8e1ddf4e59def4ce80eb7038dd278668df684d7798e19bb8b0c4d92b83a7ca0eaf847735a0bc51bbde164a0cb2cf016b5d6f3aa8c77c93ba2927233fa7dcb534d223a3becc68e29f45fb247c90f7c284277f2b5f669cf014282e747e643b0955de82adf454537bbeaa16b501eb6178c3d0baee270f796bc04fe75247304382ef8028b9acbe3e22bc53385c74c9662a89fc0be53802ad7ea1052d64df586440ea7356ab58b4ebf9ba0d4fe55492cedafd10beda2fabec77b917298fd6fc0aec0688bdbcd3c714dcdd928dffdf2c3cefd25fd2c20e91b30f844795a5b0fc3b025154a2994a9d8604668fdb146141620db5e13e18a5cf0edecc96d10e3e339a42ef33f78f791f6220e127a82c0212dac28c0a0844ecfa8070fac749f83e76ad1fcc70487f4e84ab1ee374205f6439f81eda770de0d8c484b607b424ebbe9d3b2b228b3ff1eb1dec5e769c463390742439fb8288f878ef2f6d9d95f05475f2585cb281418aa0a989c17fb7432c6a7746f109b72677b2ea7c43902874dd1859ce7e2459fbbd834bb8e0799e17926001e7e3df1699ed6dc85f711b3e5bda0493054d2e382ec79fbfb22c1431243173d65de3f0366bd23af424267946cba0935ed33a67e0c916739de1fc8b3b05bfb10542a23a01845327b194d23dd3bcd952bed1a17b2a4106e67c41dda36016920de2999e2853ef3e458d1b4428a9ce9426128d9d9fc81d5fc87e7c9d27ea0dae6761214ccf1d70c66a3b82a5b2a61e3856908147001946d7592d2bf9f2a394e4e34a278b370261eb77193c8fc2e880e245f4d737b5bf89471ccf1fd1908d08c2e00e54375b7576eaff3d7a5af4c31e073d5fdae4c81962d75157e4feee880528319d78c13c1bcfb9228144427144916eaf114155a08e2f5b186f3c3821a6738190e75a3adb9394a485ffdf730aa1c257393db71bb602ba57b9d5aafeb71762d86bfb568a75ae638d2e3bafc65443a5a296aee0b3c273e360268e6fe3d08ffccc8bf5d6960b21cef126ed08a24c738d4ceff487322363ba301266d35026763030a3b8e95b9d86107a0893fae2e3d0c5f6ea712284117efe48f33086d652788f2326f4ec8aae5ea34d0ab4f635b55079e4aa714e28d58dd9438e7e1760373fa6fd65937f53a6d3db54680c3db040884845e01f4d78e0da9cab88fe1ea31f9efde123a8028c19f3d82e172aadeb67619b47f67a50446a5305f009625e5c819cf0201a172166efd05e4ed1d2c7dec53781449fdfbc4531849a1d3ecea028b792a3f5a8a7301ccdad6e07209c2544ed4692311fcb127dc51b8480c2725e560f51d553cb5e76b39e3ffb3247e9434893a76bd8cac458080bb6380437b7fc2f7e976f0f19dda0ea6be8ea964ba3d2000c456d15265a73fbf006df523cdece82406405ee4ed7d86748bc5027f871d7ef8e825134c4a8051793cc4eaf39bbc00f13070138cc485513ba7d51393c1757ff1d1d182381f92f536a777417eaecb18270ba102ae9ed1489295ae001f522515433f419f8bc3734fa7de8dac2d1aaeae011571a56277abe75cbcf19e138a443464ded3223f4b046a1553653a0ad93c8d4d5750f03a818c72061da196f2b8c0710039fd447b09b5f227f35a8b77cfccbba82591c658fc66af448926f12377a5d63113774e8ea7fdfe5", 0x1000, 0x880, 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000026000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r6, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r6, 0x4138ae84, &(0x7f00000000c0)={{0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x9}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x4, 0xce, 0x0, 0xfd}, {}, {}, {0x1}, {}, 0x80000004, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x20]})
ioctl$KVM_RUN(r6, 0xae80, 0x0)

[ 2705.376422] RSP = 0x0000000000002006  RIP = 0x0000000000000000
[ 2705.412236] RFLAGS=0x00010002         DR7 = 0x0000000000000400
[ 2705.447012] Sysenter RSP=0000000000000f80 CS:RIP=0050:0000000000002810
[ 2705.473966] CS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2705.524150] DS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2705.603385] SS:   sel=0x0000, attr=0x04005, limit=0x00000000, base=0x0000000000000000
08:53:59 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_CLOCK(0xffffffffffffffff, 0x4030ae7b, &(0x7f0000000000)={0xec2})
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000026000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000000c0)={{0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x9}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x4, 0xce, 0x0, 0xfd}, {}, {}, {0x1}, {}, 0x80000004, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x20]})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket$netlink(0x10, 0x3, 0x0)
r5 = socket$netlink(0x10, 0x3, 0x0)
r6 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r6, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, <r7=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r7, @ANYBLOB="0000000000000000280012000c00010076657468"], 0x48}}, 0x0)
sendmsg$nl_route_sched(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000340)=ANY=[@ANYBLOB="4c00000024001d0f000000000000000000040000", @ANYRES32=r7, @ANYBLOB="00000000f1ffffff060000000d00010066715f636f64656c"], 0x4c}}, 0x0)
sendmsg$nl_route_sched(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000640)=@newtfilter={0x24, 0x2a, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r7}}, 0x24}}, 0x0)
sendmsg$TEAM_CMD_PORT_LIST_GET(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000300)={&(0x7f0000000280)={0x60, 0x0, 0x200, 0x70bd2b, 0x25dfdbfe, {}, [{{0x8}, {0x44, 0x2, 0x0, 0x1, [{0x40, 0x1, @queue_id={{{0x24, 0x1, 'queue_id\x00'}, {0x5}, {0x8, 0x4, 0x1fa}}, {0x8, 0x6, r7}}}]}}]}, 0x60}, 0x1, 0x0, 0x0, 0x4000}, 0x4008802)

08:53:59 executing program 0:
r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x46000)
io_setup(0x2349, &(0x7f0000000240)=<r1=>0x0)
io_submit(r1, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x80000000000000, 0x1, 0x0, r0, &(0x7f0000000000), 0x377140be6b5ef4c7}])
r2 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/btrfs-control\x00', 0x0, 0x0)
ioctl$ASHMEM_GET_PIN_STATUS(r2, 0x7709, 0x0)
ioctl$VIDIOC_QUERYBUF(r0, 0xc0585609, &(0x7f0000000240)={0x6b, 0xc, 0x4, 0x1000000, 0x5f41, {0x77359400}, {0x3, 0x2, 0x3, 0x1, 0x7, 0x0, "326845bb"}, 0x4, 0x0, @fd=r2, 0x1c00000, 0x0, <r3=>0xffffffffffffffff})
ioctl$VIDIOC_QUERY_EXT_CTRL(r3, 0xc0e85667, &(0x7f00000002c0)={0xc0000000, 0x6, "bdbb94cab9ed85e164776f5cede48d212ffb0abfe9e9a0ce792d21d7ea6c4f89", 0x2, 0xffffffff00000001, 0x7, 0xfacb, 0x9, 0x7, 0x80000000, 0x20, [0x279a, 0x0, 0x4, 0x43d7]})
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200)
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
ioctl$KVM_SET_CLOCK(0xffffffffffffffff, 0x4030ae7b, &(0x7f0000000000)={0xec2})
ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
io_submit(0x0, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x80000000000000, 0x1, 0x0, 0xffffffffffffffff, &(0x7f0000000000), 0x377140be6b5ef4c7}])
sendto$phonet(0xffffffffffffffff, &(0x7f0000000580)="85467b59d0b06b36a5f6d98f660d25f0428fdc96c3b517170c2586648e3006f4777db7df94aeff00f0c4521765ee15bea047c14b4d75cb3a1809913be710575f88dddedaa1d3a70828a4be0156ff3a315664a78ed4f032315c928d394b33d91334e5c29b5d0c52d8a5c10c95e5715f05898cf35a4807e921fd3696bdaef3c701bca0962715c399a438b38b3c4dde266c40c565021e3d2eae8964a4f277a194cf6b4b3344ee5b47132d60d29a88a8658583e3038ba7e67e98fa14c61d5ebea7c44613e0c533f5bbb96a3747776c14270e2189fc44ab5eae0c66bac75a93518f0e5da6f8e8ea0cb64871b4a96ce312feeead97acbade5720b1a4f22af65f0ccbeb598be0cfe853487cae98f20a1e4881e31a124aaa2e5a557bd10e9a8ba1a205fabf00a6d7f4c2ea85a58952c3265dbddf8e5269f3194fdc68ce3d8bccd8c9102285880038fe0e99f3f7d7ac2a1efc6f7c65fe68624e26a3205c8b70281d581530c774d65802af0c8d8e546b2d9c6a7260e47e770728eb5d0dd1f271ab76dc555c6e9ebaf38166bfcfc6153a67c505a66c3f153efe5058df551cc4398fd0780234e50c30d8550210c268f895b677156a19df6e5a5bb09081509e0766c26c01f92ef7622ab709db3f6b216055f3680e052b42d24407634144f7a1223319ea230729d0aa3ca1b2525c061715044a1ab58b7276b083b6471499403ebdab668e57aa447977ad67f2cc6e9ad7faffbcfe60281e87c8b39a2cfe09ac5114871cce4e5139056ea6219b1eaa9a0d5a52ca0f8c185e63e261057b9100cc9f188269f378a78ca671e311dd71f8de958ab263b48c3495d8712d65a3d6238a7ce055dfbae521f4c3e1583913ba5d4816361ad636424858bfa40b9a0e19c718b215b9fa5da35eeadd9c5e0bb528eb4dd22409d6998c9bf5a330ea07694da1d8d8585122781c642f4a1df0e0d2f86008fadac5908e0aaa58988d9b04c887346d55f531e0ea51289fffa109b86802692612aa9d4c33cb0783bbeabc72bff2fd3ca1b81e03e72f10c1cbd8f95acafde67dab2c5f81f7119048ef35ac5adee000e56abb077cecae85f6bea9f572128e27c7a01057330ff3dc2e287d02554d706468ae9e185e7aa5246f31688de790e8b874e3998cf430f65c72c301b35180492b1055d4b5e51b9f9b76045cca4b1232da71804985667cf1665524532cc168fe229cd1bf8011707f788e20b94115b9eb53d1236feb73283cc93b070e8c879368362e57b1c1bb793b3c0858667b005cf89f6ca204d9df571b82ed3d468f775b9291b98b5ef1e29faaae207ea469e815034098b08482701ee799ca2db3803f077518bc936b03e3e8a43b71cd6ee59db4d514c3c2c022ce4a5cb10d1d77a932a3c5103a19835613288927752275de3ed87fc1c452dc1fe3088d9c4fd70ad74ab2aa530341e5bb30fafa4575551f0e015defa369ddff727f9156c865651805a50393dfc5ce07d3c4340822d49052350b318ddc86c90392806c7fd06741766ff128d4e0599717b2761838202c1cffa365a4dc4f4326591ed09ba612112688131160ac72182f2caf13bd2636e0ccd2ba1f8dd798fa97d17c7e72999eff56d4536d14c298a5e5ab8bbac17a75cea9ad2f27a53e034389aa7bd148929aa0eab96cf7925cc53e85256ecd58fea8295f21576de8537026433dc1a56fd43f8691ab0a0cbe388dbd7905643d553fdb5cac86ec93f964be2ff3ae413a2531fcfb16d908f4b67beec7d97bbb8071a9478ea97b825e5b8e13e25f2259efa0c37ecba60c7d488b79579a1ca4fe97ff6dbde76dc7eaa94312b24dde07764a3aa453dd02f024d788925df85e0fe05cd0baf6c7066ed06da86cbaf2706c53078f3b8cddbf4dc5f4fe2ec97e3ee80779af7c419c403bd03aee0f518b86f799aa88a8800f61c95a8146a4c1b9ff2dd60a7e219dd0bb1cfb25a087731329875fbe079a545e5dce270890f23f4699b02ff6239708d067e4bbe455cc377c3e719fbcb01eec38cf5cfeb071d14f58183e8f9770e4089efdb5057f2a6cce46870a8beabfbe54cc7c8be2c06b0bf042e6c44f3225e7635f40d2c1c3f81209b12c65798d791f7be26a380d80fc309316e0b56aba756239556291d965ed55e890cbb35b129cf39685d538f3def0ec489f415004f9994ee4fc700ff5924bcc12071f9e141d7f9938eb9aed06f21f5bcf46b8e2ea5fee7616204be88dd8ac9d551fb981dd2bb981c7143eafa17333b8a7d475c6807c90b7b1ae529d8b9e73c0f21c5a5ecb10074ccc18a7188682e442139371412794a5cd1dd52e70cab771e90d9fb971ad6861468602e9c0c1feb9804d421afc4b94c7296ee5b193da58956c79094a2b309c76f4fe4a46d7d5e4b93626cf94f1e8b7f4d04a093873c1a28cc01475b1370f2b3e83f52f2710c7652b9c85fd72361e4910f59f209f37ab7097040688136242c1cbc3e7b9339440d58690b7ef5cb81f3b07efed24909a60b2bfff741cc05b86b34d1002240fce896cc1b2946db63a80b311451df5a62ca5dc3261138cdd03f673cdd9d475a87a1bb4cbd9898c0d83db6a5c5bf5e47187810056dd8ac2f5fa1c0f90eb722cfa54dc44549a642f9a74024ed400107190c10efc02479b07f6cfb620400e8357bacfe61718cb5a0ec058f6cb7dc43339e091c1c995978ff19ae78c6239f8aa1fc652475349cee16caf9ace7e22580e8d71ba2e6a6a7472beae6e03dbd053072d327687d8875febb8f151a5e018b8903f861711c3f40ac1acc62d9c705f75dfacd292f507474e7a13a388418d4cdb53b14b223567ed9eafae85d2f525e36554fcefc63f3b63d74ba03842596658d4944e9eef7896a2bd0cf660fb74d059f428bd808e4ad1840e578c5b50f3f79755ae00d9144db4d98ff81b78422440716511998189ed11e722a3f9502c351b5b30381448693d13c6d58ab6f187115589d83d601c7e077d31eaf46b775fb59272ca40d4bed4b9c99a3c2b30e2f5869f426a86e6aa83a0ffe94be6dc57fbc8506e240bf367b06231e42ad279add4757564b6b0cd27e783e12565dd48d385467bd85019f607532bf3f19fee9bee8cc587ffea6c4d3d132e61221148e7852eeb949281015acbbd15fb997a7b4516bd62ac2ce5d037570c9af606079e33eeeec2413d7d4b0e1c9d4a66f155ee348550f0a3d4d3de3d710d20efe83be0caaad066bc4f524a058fc91fd4a8dde095cc69dfd05a571fdb2673d331ccc88da0e848b369a0a4fd61304231d791988409c36b7b317a8d84d610a07a78505e8d6b52968b35361085b0d02cf98415eeabb75c93ed01df42ea6ca8883fc3a47ec4e66e11c2184477fccefb7c31c67da507b4c7fe1302a275ee4fa248407a7c2eaae26a63a998e45f602c13505fd261fcd7c3df4e6f9629439ab36e82642e0a6db7e0fd893ed2d05a9a2154a8e7dabfb028d343ef95d7664b7d134be4977f8e55ce890ff0db9988105bfc0f4c0f30a9be183fb73b4f2ba216d9bc29b1d52dc6f3893c9e0c88df71601fb1c919d6308d95f8391a7a50fb39e89d116064f19435d2c29dce53ce12fbe36050f7a0778a635af98f38aeab3710567f7d7c17a2a7349395d2e77149f788eb96a5f23837c73c8e7454ce84b912df8051d0f3264a79260cab279105f8c80cce3ed0f846086817000c133d47bb6f9b8a0d757710685d5b618ee3fab5f946d57490885c211fe281b17424e2e3e11c0c6d357d5d464eb6d5d4316305baf6aa585175c864f0fc190a754922248ea31afdf6f9e2b5006147f505f528f0156acac76258e31dab962a039524a9670edec8aa0ebab7a05c2619c5b31ba032f98207a1a71f3ce704ae31bcb986b07f968f1e040ff6057faf4cf87c8f9b703a7f8cbd50ae09406c8ce3b957996d36101482ed95212e46984dfafb956bdeccbe61f6294c52dfa5658c57e233246eb02a93dbcefc68319d6325029a9bac427ebe24423eb811b04b3a91133b21afd9ac8f491e76dd5923edb28d2e3dcfdac1624291c5f68f2a8e6e6d3e8c3bcf1541317882a9cd9beb0bb0dd1835f0a3f7cbb7e3a4040bc1e5909d3f97e4113a3cf65a4cd985539df44fb7fc2f53ebaa0e515d6d954d81c109ce66bf8e1ddf4e59def4ce80eb7038dd278668df684d7798e19bb8b0c4d92b83a7ca0eaf847735a0bc51bbde164a0cb2cf016b5d6f3aa8c77c93ba2927233fa7dcb534d223a3becc68e29f45fb247c90f7c284277f2b5f669cf014282e747e643b0955de82adf454537bbeaa16b501eb6178c3d0baee270f796bc04fe75247304382ef8028b9acbe3e22bc53385c74c9662a89fc0be53802ad7ea1052d64df586440ea7356ab58b4ebf9ba0d4fe55492cedafd10beda2fabec77b917298fd6fc0aec0688bdbcd3c714dcdd928dffdf2c3cefd25fd2c20e91b30f844795a5b0fc3b025154a2994a9d8604668fdb146141620db5e13e18a5cf0edecc96d10e3e339a42ef33f78f791f6220e127a82c0212dac28c0a0844ecfa8070fac749f83e76ad1fcc70487f4e84ab1ee374205f6439f81eda770de0d8c484b607b424ebbe9d3b2b228b3ff1eb1dec5e769c463390742439fb8288f878ef2f6d9d95f05475f2585cb281418aa0a989c17fb7432c6a7746f109b72677b2ea7c43902874dd1859ce7e2459fbbd834bb8e0799e17926001e7e3df1699ed6dc85f711b3e5bda0493054d2e382ec79fbfb22c1431243173d65de3f0366bd23af424267946cba0935ed33a67e0c916739de1fc8b3b05bfb10542a23a01845327b194d23dd3bcd952bed1a17b2a4106e67c41dda36016920de2999e2853ef3e458d1b4428a9ce9426128d9d9fc81d5fc87e7c9d27ea0dae6761214ccf1d70c66a3b82a5b2a61e3856908147001946d7592d2bf9f2a394e4e34a278b370261eb77193c8fc2e880e245f4d737b5bf89471ccf1fd1908d08c2e00e54375b7576eaff3d7a5af4c31e073d5fdae4c81962d75157e4feee880528319d78c13c1bcfb9228144427144916eaf114155a08e2f5b186f3c3821a6738190e75a3adb9394a485ffdf730aa1c257393db71bb602ba57b9d5aafeb71762d86bfb568a75ae638d2e3bafc65443a5a296aee0b3c273e360268e6fe3d08ffccc8bf5d6960b21cef126ed08a24c738d4ceff487322363ba301266d35026763030a3b8e95b9d86107a0893fae2e3d0c5f6ea712284117efe48f33086d652788f2326f4ec8aae5ea34d0ab4f635b55079e4aa714e28d58dd9438e7e1760373fa6fd65937f53a6d3db54680c3db040884845e01f4d78e0da9cab88fe1ea31f9efde123a8028c19f3d82e172aadeb67619b47f67a50446a5305f009625e5c819cf0201a172166efd05e4ed1d2c7dec53781449fdfbc4531849a1d3ecea028b792a3f5a8a7301ccdad6e07209c2544ed4692311fcb127dc51b8480c2725e560f51d553cb5e76b39e3ffb3247e9434893a76bd8cac458080bb6380437b7fc2f7e976f0f19dda0ea6be8ea964ba3d2000c456d15265a73fbf006df523cdece82406405ee4ed7d86748bc5027f871d7ef8e825134c4a8051793cc4eaf39bbc00f13070138cc485513ba7d51393c1757ff1d1d182381f92f536a777417eaecb18270ba102ae9ed1489295ae001f522515433f419f8bc3734fa7de8dac2d1aaeae011571a56277abe75cbcf19e138a443464ded3223f4b046a1553653a0ad93c8d4d5750f03a818c72061da196f2b8c0710039fd447b09b5f227f35a8b77cfccbba82591c658fc66af448926f12377a5d63113774e8ea7fdfe5", 0x1000, 0x880, 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000026000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r6, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r6, 0x4138ae84, &(0x7f00000000c0)={{0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x9}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x4, 0xce, 0x0, 0xfd}, {}, {}, {0x1}, {}, 0x80000004, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x20]})
ioctl$KVM_RUN(r6, 0xae80, 0x0)

08:53:59 executing program 3:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = fcntl$dupfd(r2, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
fcntl$setstatus(r0, 0x4, 0x6900)
ioctl$ASHMEM_GET_PIN_STATUS(0xffffffffffffffff, 0x7709, 0x0)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r4 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r4, 0x0, 0x8400fffffffa)
sendfile(r0, r4, 0x0, 0xffffffff)

08:53:59 executing program 5:
r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
fremovexattr(r0, &(0x7f0000000080)=@known='user.syz\x00')
write$nbd(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="67446698010000000200040002000000178ac05cdff0e04077dabdb1d18183016ed2cf5ce19b1ee1a5bb6e35695abd653eef505a2f9e242f144d493348044bcda6b08f2a0f55ae5984e61ed15d83dae55aebf7ad79f26f928351a770d533eb43e7bdade6a02459aa18325838b60ba82c3dc97ba05f486a4f9666355c7318c9db7f5d0ec65e60a596dc6f7c3a709a643b79788c2eb3834ef4ca539bf23d1c027d74f4c689542897865bc7ec6e7e6b7fe9a1b74b6bce171b18dd9bf73c46cbd5f4ce45032750bb1bb116e5b263f5a273e5ff3a83f4a79a7830b8d14e10576c15860e2acf069413e772925ece0befd7c9a80f5d29616a56ace6e4c2c370af1dc8166e266eba9ab0b8475772afccb86d046f1025c290578d5d8ea3840dfeb421f7705aacced603343e85d936c37bfb12a154b6ad1b0e81842437fec049391668017a90137c8d209cd583361cfe863afc29f1de739a5233f5edf563552e4087f6ffd03cef8acd19851e59c39b13229400bae8cbc8906fee0b75f0949f733f3f585bf84daf0c6a4305c66cd21be0bd5475e4f71dc14af40d46475fef4c8b72f95f9abc90b02c1e190a99b504e439522ff36ce05c50d3628d9913adea9b610a11fe1540d4f843d59f46bffb687cd6afb61c97366396946984437c4fc2345b06c221b359b9e4068bef630013be74279db3add928d802cd501bc71ceb176b2deedd0a8cc6e03c2de308a979a8782c982cc21b37ceb1ab47b278465dd9d2ee37048837cdcf5f0b3d8755ac9c27b4f159a8d6a27ac7d462edc44ad6a8ff40f0715b8237d0d60c00d1f0a411fed5eabc3f9dae25100c5d182fa1c5079c08a88c739af3d017d637702cf2777bdfe8fc018bc2ddbe99175bfc4c6abdfac69633814de5a3170128bb9b24710a0dec1bac02d4dd9afcbe9ae89d0a3c086835dab91c4e28c29f428aa7adeb594abca0cc450d1ee9f6d344f4a7885da511889d1d06ac550f861a37539d0a367487e7442bdf43d31816b92a53095099a21e0a9655619ed849c780f81694725cf3ca29da59bf3f6ecba0275c2dd24512b90e3d58ca66596764bab52b4e1c9e8b2179b24e77b303daac595df32e7e2ca8fcfb23c156446f68dff7980f0514b5d2976e93f773be85522da6fc1ccc0ae3ffe421cddc54f80202b115eb2989f2a36881d732493b5d0ffc61334cdfe03436623b4651f7e298ae2deebb763c7f32cbd2ca517d4ff37b57592b07f83f28fcf9018480d409836c0a003fe3d42ef3c329d24f9efb809fccf7fd49f8446bb8d6d7aaa5f62f44ebdbf53ceb469b774ead642a2bd8ddeb6bf7b8a28925eb9121fe41ff1e4f37b10321734ea6dff5a481e43255762b30e261b81acee90f4003021c2e79257ffdd7d8cb5382137072b1780216badca8e5776871415c2dbfac7715d7de666a391288caa54ab1682b3ae3edddff642bc4a7f25dafa0ab96582696879ff00119ba8d5f3813150debab6f9dc826c2024843bb1e2ad31a1e1ffc8fce739ba81f57dbebe3baa71a8b144e5956d5b0106eef4821e09ac920a0b65eef14018cbff48448f31d60a78bfdd96bbf12c01c611a6ae4bffa6f0f30daf009f245ee2a7a7e4b10af5622e1b25ce262d4c79f33398156311dfbbd74c6b2d6e25e9c0255b0ed1d2647fac0903e527f80c81b78b8a7c74eb7f4042ea81a93eb1056a8d466dd05ef3374e693f86a5295593cc2c8922b3476992f20ae05ad352b64790dff7d309c1371f1c616e205ff72011168be9e409f84326c1883db9f311c102f0c99150d52c344ddc03184c0691ecd01371ec2c338b027d9dfced7c333a73c702f8b753aa475b462c4f80904af31b18f7a3491d5648900ffb93f7be72d24a5d6c2a718bf642152d91080c8ab64e69ff4a562e6f89bea80b544a2f916e52b3cab86281bc3ca7c2ca1ec47f430855a6b893d30a018e16e36966bd163813856365eee91edc55d158ea6153edf7710d28819f75aa3fd11ecde082215a734df02de7fa1d282331ea3230d71f4c07677c8c20be88ea6be31c44f6f8358cf8c9f85cb60a84faf1be20ea0afd79ddcd6094e614dd5dba039a8576c826861eb5196598d9865bec293b0b54ba3b28db805ec1900926dd0284f803b0ef191920ddf4ff7b76dca3f9648e696b37657f479178a77b8887dbafe40382aa13048b7e927498e095e233560c2e288e8d8dd0042256a139de0f114becbb1d0a596c37d13d8edbe72b49296620afae487d8d78493fefb9e96564ec5bdd39c0d06c94282c225d92392170a7d414d62d5fc097fe9edab7e1166209864277fef8f231eff9be7a0c7dd810211dc20a2319bfb96cf7fe6716de3c5d4261453ef0da0d0add1e859fd970c61578d9302c354ecd7c2c3ca2f32492d5c345551e2f02267c504a83a14602cd6b7d60c744e9b427ab86dd02ae4cd650a45de21c5b0c985c7ce9a1ee6ceb7c61341a73bff551e84b906c3a54a134733f92e553898f743e9e1d2466027536bdcce789c95c281166ca78309b121d15f9bd1587ce583e65e979d8ab8a5000f0c029bcd605de49804306b9f87c441223bbca2cbcb26b56194397cb70887e3ad7851ce8caadf6e445bde22c16caca683124aeed0db7330d7028e2d509f5bb323c51b0bcda2f063d20f96e0eac6fbc6422b43a625c936cc417afd8aafdcd857ad2153ba8195ac0d9eccf5a3f1e817089f96d2796dfb36a3b2852b319bb5d64b66139512b9887c3fd4b8115f7ae12d9a94bee3370107b9748b9eadd5a21b65bde1155e85d9e25d7115ad6d4f08b14c9d6b99bb9860f506ad8c2f0a7911243e33ab1c239c69336f0e8a0edf146ee3d9fe5ede894f2d3901dffd660b63c229d94c7ef34a1279cf27bacc16e70def433a209ecb339eda602a3c81b2dabc17066281ad70e42a306921959ec96c374d615582d6185b64e8a33bfd1e405b9dee07e9b093b8954a3b3089e948114a841f6a953fe99a915160f97b08bec596ed1352ffb986d20a015b9a1a0978bd9842a3a894d5caae3cd3934b5defa30b3a3711337ee4ed8bba4c0548ff968f2302e6638ddc1a7c1734f09b72aa6ad9509c9b3ab5662ae18d55442dff9299adad69b20973396a4961b12c69074e3a1370c51729bc63efbf6ee2764e0b84fbc1ee74aade220553685f26c5a6714685f0043c916e084c333d32773c9b71d2274fbdcb0510e0a424a41800e9719048c3fe98afb0c13fcc33fbf5ebeaa6bbcc04a25152e22685f4097fc721a647ce210aabef7dac11977e4e81cba2eb75e6d478d7c42d9329e730464e137b2a08512fd15e23913ad26b4823399d2c9d0b23a3911ca2f962619351fdf8c7b2c49f73c9812d31f21cca8091e9aac5690aedf6bcfc1e2b6c1af6c574d019e5a2cad3411d01680f5b23fa49a9a3e1cd490a34f02ff5f3d476d9bfd574a01faa2e86182cfd602bc9a0baeeea708a93cde6c19b7be0eec5b7725e07e75be93d2c7c261fa130699b3cdaba5265265c2f646d7ece5a6b214aaa51afde2483a61b0215073f84d8c675be782486b779b374bc1aa75b527ee551e6a82e798610ecca0fabe438d11485ac7bef66bae72b0a383a2bb972eed01c7b0ff82992efd961f1df2cecf1602f58a35026f5fe8b43d51fde4dfa89a43f36b7193e865d5d35e9e83c6302e07b9360a7e23e3eb8681adc6272b0e55d785fbae03e38001eab6aa602c2ec59d60d03a0f72706bb8b3ae0cff042d92b93c72e9697143ee16005a02fb4de64436a18323eaff9e7832059472241fe0fd234f5d6bccbd447a8854fcb7fbc3d3232ad70ee4e354f7164e0a8850759b4f569b7a2154671754dbf2583295a25241f47ba17839eb45ca486b106a1e1bb472dd7c139aba827347e7e63e73af10b6c3801ca2c490e2c84e262e35c097131d64f1a503e1b67ea78a4dbb163d2f6cba8acb51905bc5835ee81e2e3dfb1f27a2053d9e4cb6bc232162df9d9f452756ce96694c1c028e48c402721e6f5df99cfd3557bf8765bf04717fb051704deac3546a3f36bd029303af3aaac8eaa91721c6079fe73b3a3e31e72e74e1f5c8cbff5625c2275a63b5e5290eef93feade659cedad9314a311a5f14a0a2c407f44609712e920fab5d1da8515c05079de5321fa57c9d92a3e900a02dc8d116b519f9636bd28182363c635e05c0f1914cd73041de9da3e5650010af02eb1d2f732a67dce0b7994dd812442786392183fb66dd4208f2f0c3d7713a2c921769b4c25d7bac65d120119df3a13b8825779c70c8b1cbe55766df2fa213ce3a25da13857fd281b605d68464d9e46308a3393c622ee65c4b1694830faf4820fa84d89ca3ec9ee1ef647737a143406ff0cd0805f005182dada6835ef2ce1728eddf00546699cfb9be4da94ffd03cd0afc03c81bc91b7526850eeff45eab67b16e32224329f975c82c844b1d08838505e0dd9a2364a67c4f9201cce1046c2b66e4ab980e9194bd045c9da9ef343fbb5f6173f08b78355633ee40c72c53aeb88f3c49b1eaeaec83c5e5e59aa55be9f38ec401b4679852d0208e6a28690821da774185c2dc57e7375c70a42b04b59f0f932f6e93d0dd70197c0a8370c5c0c17bb57b644f31de0e622b284d299246fb6c29cb1a597f4934818b9d62f46f6f09b06e7002bdcc9938c4759f08724dee048568b54063e4abd5f56dd10ca150a5c940fbc7e4a5817ef7c148ae3f8245fb498a8deb42ffe906b2084364cce08ac26bd5b3b7e8b336899f15cee12dc3261383b0df67040d3624fdaced2eafe2ad31a382649549bede58f8783fb150507040242ec6998c60504e491117dd5a2297c3c4b6a668c07b39788bfd4ae60b5dd8f382a4ff7956ca076c8b31ba39a44d2154f3443cdf11d570d962f8aa9e2d77743ef6a267c9e712ac94020e59cd75dcd5df8a1beabd48f3aa2054522656508182ccbe16f3762119c17a4e40f63749d57545dffe2433c222abc513798a9a9c931c22de69dd11807bdd17102e0797c5dfcd8b57ab89f2ac210e894297ed5e1ee53aabd267b62f6193fa93c97a931332ede74dfeb38853d27fe70f13b2e6256a5a7962e9e0c734f968a0e84c39ca3b9f0359c735762c955507c246726e6e2484ee7e7e73975de92f7523ff3b6b0b16580ce2d82751eb05412782b5f78f52e2f524578716169b17ce7610fd3f44c34655d3602f8845295b6219044cdd2b007c4481d3db1434a77360d66b3e80b9aaf1795a40a70aab82de89bb30912c34eff7e2f44a25120e3030972d9e9c5e998da97e21d62f96b810a9ec2a4c9619ca2ade1882e569548ffcb8577c6850aca3f428133185eef824fbaf1e3fbb6637429d83e13919b5012f5fa8345daae12b5767db51c8f6baeb6da626d37b56c9aad603fd326b3bb78ee66f9ba703b961696326578687ed6c7659a93bf24dfbe1db25fb373e47a3865d81e2f6f7a34d67288fcd6996301b3aeeaf6c3b842b46af4a67621755214a55235f3146eed450f6c80dfbc128f45d882ed2176096fc0e5cb3b10a139895eaf75d90172b7925c368ab65606f8455da10d811ee7fbd4fe518ce77e302d89bdeb9ba06206c4b5b1fc645209fcd5cdf543fa0d7ec802697500a444f9ac8b4af7dc457ea1296dbcfd02e3e09639fea9025fdb7869379ff658687048e5ade09fe61fa4e6d519d0a4c6885b721a78500a056aa100af8bd3380e4f45df799ff75fc351883f79e4269159c3697e17c41d1028e0cf93dfe617db5271de9d5f59542d607ed6d43378d39700f68c7f49379ca083ab5c369a3b89f41341db38fb986d909549b7379cfda55c3b84a22d16d451cb38d737471c"], 0x1010)
connect$vsock_dgram(r0, &(0x7f0000000000)={0x28, 0x0, 0xffffffff, @hyper}, 0x10)

[ 2705.696655] ES:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2705.746727] FS:   sel=0x000a, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2705.755097] audit: type=1804 audit(1591347239.904:280): pid=18990 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.3" name="/root/syzkaller-testdir891778437/syzkaller.7QqUtx/781/bus" dev="sda1" ino=15985 res=1
[ 2705.830448] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.4'.
[ 2705.871849] GS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2705.881821] *** Guest State ***
[ 2705.894329] CR0: actual=0x0000000080000024, shadow=0x0000000080000004, gh_mask=fffffffffffffff7
08:54:00 executing program 0:
r0 = getpid()
sched_setscheduler(r0, 0x5, &(0x7f0000000080))
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_PCM_NEXT_DEVICE(0xffffffffffffffff, 0x80045530, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x4cb, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe]})
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

[ 2705.915431] GDTR:                           limit=0x00000000, base=0x0000000000000000
[ 2705.928466] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.1'.
[ 2705.947936] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[ 2705.984676] LDTR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
08:54:00 executing program 2:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = fcntl$dupfd(r2, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
fcntl$setstatus(r0, 0x4, 0x6900)
ioctl$ASHMEM_GET_PIN_STATUS(0xffffffffffffffff, 0x7709, 0x0)
r4 = socket$inet6_sctp(0xa, 0x5, 0x84)
shutdown(r4, 0x0)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r5 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r5, 0x0, 0x8400fffffffa)
sendfile(r0, r5, 0x0, 0xffffffff)

[ 2706.027030] CR3 = 0x0000000000000000
[ 2706.044879] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.1'.
[ 2706.048126] IDTR:                           limit=0x00000000, base=0x0000000000000000
[ 2706.071187] RSP = 0x0000000000002018  RIP = 0x0000000000000000
[ 2706.107930] RFLAGS=0x00000002         DR7 = 0x0000000000000400
[ 2706.116393] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000010000
[ 2706.138726] Sysenter RSP=0000000000000f80 CS:RIP=0050:0000000000002810
[ 2706.161964] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[ 2706.174388] audit: type=1804 audit(1591347240.334:281): pid=19019 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.2" name="/root/syzkaller-testdir440013971/syzkaller.BGz3RF/4522/bus" dev="sda1" ino=15908 res=1
[ 2706.190866] CS:   sel=0x0000, attr=0x08081, limit=0x00000000, base=0x0000000000000000
[ 2706.208866] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
08:54:00 executing program 5:
r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
fremovexattr(r0, &(0x7f0000000080)=@known='user.syz\x00')
creat(&(0x7f0000000000)='./bus\x00', 0x0)

[ 2706.248040] Interruptibility = 00000000  ActivityState = 00000000
[ 2706.270421] *** Host State ***
[ 2706.274329] DS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2706.293532] RIP = 0xffffffff8116426f  RSP = 0xffff88801684f9d0
[ 2706.311804] SS:   sel=0x0000, attr=0x04005, limit=0x00000000, base=0x0000000000000000
[ 2706.321481] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[ 2706.347468] FSBase=00007ff5ac366700 GSBase=ffff8880aec00000 TRBase=fffffe0000003000
[ 2706.360397] ES:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2706.389567] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000
[ 2706.398193] FS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2706.415630] CR0=0000000080050033 CR3=000000001905c000 CR4=00000000001426f0
[ 2706.416122] GS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2706.437078] Sysenter RSP=fffffe0000033200 CS:RIP=0010:ffffffff864018c0
[ 2706.458894] GDTR:                           limit=0x00000000, base=0x0000000000000001
[ 2706.468194] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[ 2706.469204] LDTR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2706.488412] IDTR:                           limit=0x00000000, base=0x0000000000000000
[ 2706.495957] *** Control State ***
[ 2706.496782] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2706.511750] PinBased=0000003f CPUBased=b699edfa SecondaryExec=000000ea
[ 2706.533838] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.1'.
[ 2706.548331] EntryControls=0000d1ff ExitControls=002fefff
[ 2706.556898] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.1'.
[ 2706.571574] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[ 2706.599155] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[ 2706.602447] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[ 2706.616867] VMEntry: intr_info=8000030d errcode=00000000 ilen=00000000
[ 2706.647899] VMExit: intr_info=00000000 errcode=00000000 ilen=00000003
[ 2706.650006] Interruptibility = 00000000  ActivityState = 00000000
[ 2706.659373]         reason=80000021 qualification=0000000000000000
[ 2706.673936] IDTVectoring: info=00000000 errcode=00000000
[ 2706.674647] *** Host State ***
[ 2706.679965] TSC Offset = 0xfffffa5435e3ee96
[ 2706.691933] EPT pointer = 0x000000001909c01e
[ 2706.695731] RIP = 0xffffffff8116426f  RSP = 0xffff8880959bf9d0
[ 2706.698214] Virtual processor ID = 0x001c
[ 2706.714220] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[ 2706.735822] FSBase=00007fc3c7505700 GSBase=ffff8880aec00000 TRBase=fffffe0000003000
08:54:00 executing program 3:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = fcntl$dupfd(r2, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r4 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r4, 0x0, 0x8400fffffffa)
sendfile(r0, r4, 0x0, 0xffffffff)

08:54:00 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = fcntl$dupfd(r2, 0x0, r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r5 = openat$null(0xffffffffffffff9c, &(0x7f0000000040)='/dev/null\x00', 0x1, 0x0)
ioctl$TUNSETTXFILTER(r5, 0x400454d1, &(0x7f0000000280)=ANY=[@ANYBLOB="01000600aaaaaaaaaabbaaaaaaaaaaaaaaaaaaaaaabba2aaaaaaaabbd82d9b1d05040180c2000001"])
ioctl$KVM_SET_CLOCK(0xffffffffffffffff, 0x4030ae7b, &(0x7f0000000000)={0xec2})
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000026000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$TIOCMGET(r5, 0x5415, &(0x7f00000002c0))
ioctl$KVM_RUN(r4, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r4, 0x4138ae84, &(0x7f00000000c0)={{}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x4, 0xce, 0x0, 0xfd}})
write$FUSE_POLL(0xffffffffffffffff, &(0x7f0000000240)={0x18, 0xfffffffffffffffe, 0x7, {0x1}}, 0x18)
ioctl$KVM_RUN(r4, 0xae80, 0x0)

08:54:00 executing program 5:
r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
fremovexattr(r0, &(0x7f0000000080)=@known='user.syz\x00')

[ 2706.759913] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000
[ 2706.766483] CR0=0000000080050033 CR3=0000000082030000 CR4=00000000001426f0
[ 2706.774467] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff864018c0
[ 2706.781843] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[ 2706.805848] *** Control State ***
[ 2706.811298] PinBased=0000003f CPUBased=b6986dfe SecondaryExec=000000ea
[ 2706.829270] audit: type=1804 audit(1591347240.984:282): pid=19036 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.3" name="/root/syzkaller-testdir891778437/syzkaller.7QqUtx/782/bus" dev="sda1" ino=16102 res=1
[ 2706.849383] EntryControls=0000d1ff ExitControls=002fefff
[ 2706.881179] *** Guest State ***
[ 2706.885782] CR0: actual=0x0000000000000020, shadow=0x0000000000000000, gh_mask=fffffffffffffff7
[ 2706.922370] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[ 2706.958485] CR4: actual=0x0000000000002050, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[ 2706.979625] VMEntry: intr_info=800000c5 errcode=00000000 ilen=00000000
[ 2706.998379] CR3 = 0x00000000fffbc000
[ 2707.008511] VMExit: intr_info=00000000 errcode=00000000 ilen=00000003
[ 2707.022233] RSP = 0x0000000000002006  RIP = 0x0000000000000000
[ 2707.036584]         reason=80000021 qualification=0000000000000000
[ 2707.047788] RFLAGS=0x00010002         DR7 = 0x0000000000000400
[ 2707.061204] IDTVectoring: info=00000000 errcode=00000000
[ 2707.071524] Sysenter RSP=0000000000000f80 CS:RIP=0050:0000000000002810
08:54:01 executing program 2:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = fcntl$dupfd(r2, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
fcntl$setstatus(r0, 0x4, 0x6900)
ioctl$ASHMEM_GET_PIN_STATUS(0xffffffffffffffff, 0x7709, 0x0)
r4 = socket$inet6_sctp(0xa, 0x5, 0x84)
shutdown(r4, 0x0)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r5 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r5, 0x0, 0x8400fffffffa)
sendfile(r0, r5, 0x0, 0xffffffff)

[ 2707.083368] TSC Offset = 0xfffffa53c8685062
[ 2707.102260] CS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2707.113738] EPT pointer = 0x0000000085e7801e
[ 2707.118822] Virtual processor ID = 0x0029
[ 2707.125415] DS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2707.161498] SS:   sel=0x0000, attr=0x04005, limit=0x00000000, base=0x0000000000000000
[ 2707.195407] audit: type=1804 audit(1591347241.354:283): pid=19046 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.2" name="/root/syzkaller-testdir440013971/syzkaller.BGz3RF/4523/bus" dev="sda1" ino=15908 res=1
[ 2707.231533] ES:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2707.291620] FS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2707.374424] GS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2707.429456] GDTR:                           limit=0x00000000, base=0x0000000000000000
[ 2707.462610] LDTR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
08:54:01 executing program 1:
r0 = creat(&(0x7f0000000300)='./bus/file0\x00', 0x146)
fcntl$setstatus(r0, 0x4, 0x46000)
io_setup(0x2349, &(0x7f0000000240)=<r1=>0x0)
io_submit(r1, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x80000000000000, 0x1, 0x0, r0, &(0x7f0000000000), 0x377140be6b5ef4c7}])
getpeername(r0, &(0x7f00000019c0)=@ll, &(0x7f0000001a40)=0x80)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_CLOCK(0xffffffffffffffff, 0x4030ae7b, &(0x7f0000000000)={0xec2})
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000026000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
fstat(r3, &(0x7f0000000240))
r5 = getpid()
mount$fuse(0x0, &(0x7f00000002c0)='./bus/file0\x00', &(0x7f0000000340)='fuse\x00', 0x80000, &(0x7f00000003c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x8000}, 0x2c, {'user_id'}, 0x2c, {'group_id'}, 0x2c, {[{@max_read={'max_read', 0x3d, 0x80000000}}, {@default_permissions='default_permissions'}, {@blksize={'blksize'}}, {@default_permissions='default_permissions'}, {@blksize={'blksize', 0x3d, 0x1100}}, {@allow_other='allow_other'}, {@blksize={'blksize', 0x3d, 0x800}}, {@max_read={'max_read', 0x3d, 0x9}}], [{@dont_appraise='dont_appraise'}, {@subj_role={'subj_role', 0x3d, 'cpusetposix_acl_access'}}]}})
sched_setattr(r5, &(0x7f0000000040)={0x38, 0x1, 0x0, 0x0, 0x9}, 0x0)
ptrace$cont(0x1f, r5, 0x9, 0x1)
ioctl$KVM_RUN(r4, 0xae80, 0x0)

[ 2707.492607] IDTR:                           limit=0x00000000, base=0x0000000000000000
[ 2707.516126] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2707.528630] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[ 2707.537810] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[ 2707.549717] Interruptibility = 00000000  ActivityState = 00000000
[ 2707.658528] *** Host State ***
[ 2707.689986] RIP = 0xffffffff8116426f  RSP = 0xffff88805b5b79d0
08:54:01 executing program 3:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = fcntl$dupfd(r2, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r4 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r4, 0x0, 0x8400fffffffa)
sendfile(r0, r4, 0x0, 0xffffffff)

08:54:01 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_CLOCK(0xffffffffffffffff, 0x4030ae7b, &(0x7f0000000000)={0xec2})
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000040)={0x0, 0x1, 0x1000, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000026000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000000c0)={{0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x9}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x4, 0xce, 0x0, 0xfd}, {}, {}, {0x1}, {}, 0x80000004, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x20]})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

[ 2707.739943] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[ 2707.776450] FSBase=00007ff5ac388700 GSBase=ffff8880aec00000 TRBase=fffffe0000003000
[ 2707.796601] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000
[ 2707.811325] CR0=0000000080050033 CR3=0000000085f0c000 CR4=00000000001426f0
[ 2707.820516] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff864018c0
[ 2707.837851] audit: type=1804 audit(1591347241.994:284): pid=19064 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.3" name="/root/syzkaller-testdir891778437/syzkaller.7QqUtx/783/bus" dev="sda1" ino=16073 res=1
[ 2707.860290] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[ 2707.914721] *** Control State ***
[ 2707.935378] PinBased=0000003f CPUBased=b699edfa SecondaryExec=000000ea
08:54:02 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_CLOCK(0xffffffffffffffff, 0x4030ae7b, &(0x7f0000000000)={0xec2})
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000026000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
r3 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
fcntl$setstatus(r3, 0x4, 0x46000)
io_setup(0x2349, &(0x7f0000000240)=<r4=>0x0)
r5 = dup2(0xffffffffffffffff, 0xffffffffffffffff)
r6 = syz_genetlink_get_family_id$tipc(&(0x7f0000000340)='TIPC\x00')
sendmsg$TIPC_CMD_SET_NODE_ADDR(r5, &(0x7f0000000400)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f00000003c0)={&(0x7f0000000380)={0x24, r6, 0x10, 0x70bd29, 0x25dfdbfe, {{}, {}, {0x8, 0x11, 0x4}}, ["", "", "", "", "", "", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x40091}, 0x4004080)
sendmsg$TIPC_CMD_ENABLE_BEARER(0xffffffffffffffff, &(0x7f00000003c0)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000380)={&(0x7f0000000340)=ANY=[@ANYBLOB="020006e0", @ANYRES16=r6, @ANYBLOB="00012bbd70ff7f0000000600000000000000000000000000000000097564703a73797a3100"/46], 0x34}, 0x1, 0x0, 0x0, 0x4008000}, 0x8c1)
io_submit(r4, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x80000000000000, 0x1, 0xfff, r3, &(0x7f0000000440)="95e0153381a2df1844d2513e3e28a89c0391822ae7a3cd4dadcba1da636bdf02642fedb2c136c5043d4fbf31da5a613857d7664fd5cb31849a24f06fe3b62f765707ddabe9114a630bcb93c1414aad1c847ab6fd932155d4208ceb6024968ee44b96845e89558ceac4d4ada90e7b651d73651875b3578359563dd1af6ca3b42fbfe5036103ad2b10a60629611a57ae885b8ad080", 0x94, 0x0, 0x0, 0x3}])
getsockopt$bt_sco_SCO_OPTIONS(r3, 0x11, 0x1, &(0x7f0000000240)=""/114, &(0x7f0000000040)=0x72)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000000c0)={{0xc002, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x5}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0x2}, {0x0, 0x0, 0xd, 0x4, 0xce, 0x0, 0xfd}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, {0x0, 0x3000, 0xb, 0x0, 0x0, 0x0, 0xfd}, {0x1}, {}, 0x80000004, 0x0, 0xd000, 0x0, 0x0, 0x0, 0x0, [0x0, 0x10000000000000, 0x0, 0x20]})
getcwd(&(0x7f00000002c0)=""/38, 0x26)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

[ 2707.997052] EntryControls=0000d1ff ExitControls=002fefff
[ 2708.042744] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[ 2708.081593] VMEntry: intr_info=8000030d errcode=00000000 ilen=00000000
08:54:02 executing program 2:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = fcntl$dupfd(r2, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
fcntl$setstatus(r0, 0x4, 0x6900)
ioctl$ASHMEM_GET_PIN_STATUS(0xffffffffffffffff, 0x7709, 0x0)
r4 = socket$inet6_sctp(0xa, 0x5, 0x84)
shutdown(r4, 0x0)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r5 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r5, 0x0, 0xffffffff)

[ 2708.139763] VMExit: intr_info=00000000 errcode=00000000 ilen=00000003
[ 2708.150743] *** Guest State ***
[ 2708.165627] CR0: actual=0x0000000080000024, shadow=0x0000000080000004, gh_mask=fffffffffffffff7
[ 2708.190879]         reason=80000021 qualification=0000000000000000
[ 2708.223195] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[ 2708.228103] IDTVectoring: info=00000000 errcode=00000000
[ 2708.249135] audit: type=1804 audit(1591347242.404:285): pid=19080 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.2" name="/root/syzkaller-testdir440013971/syzkaller.BGz3RF/4524/bus" dev="sda1" ino=15908 res=1
[ 2708.283518] TSC Offset = 0xfffffa533b46214a
[ 2708.297652] CR3 = 0x000000000000d000
[ 2708.311593] EPT pointer = 0x00000000821d401e
[ 2708.317168] RSP = 0x0000000000002018  RIP = 0x0000000000000000
[ 2708.341958] Virtual processor ID = 0x001c
[ 2708.342204] RFLAGS=0x00000002         DR7 = 0x0000000000000400
[ 2708.392773] Sysenter RSP=0000000000000f80 CS:RIP=0050:0000000000002810
[ 2708.426688] CS:   sel=0x0000, attr=0x08081, limit=0x00000000, base=0x000000000000c002
[ 2708.460314] DS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2708.510429] SS:   sel=0x000d, attr=0x04005, limit=0x00000000, base=0x0000000000000000
[ 2708.550910] ES:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2708.590093] FS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2708.631115] GS:   sel=0x0000, attr=0x00001, limit=0x00000000, base=0x0000000000000000
[ 2708.676515] GDTR:                           limit=0x00000000, base=0x0000000000000001
[ 2708.716540] LDTR: sel=0x000b, attr=0x10000, limit=0x00003000, base=0x0000000000000000
[ 2708.745894] IDTR:                           limit=0x00000000, base=0x0000000000000000
[ 2708.772660] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2708.801113] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[ 2708.824367] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[ 2708.850779] Interruptibility = 00000000  ActivityState = 00000000
[ 2708.864379] *** Host State ***
[ 2708.881705] RIP = 0xffffffff8116426f  RSP = 0xffff88805090f9d0
[ 2708.908287] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[ 2708.936755] FSBase=00007fc3c7505700 GSBase=ffff8880aed00000 TRBase=fffffe0000034000
[ 2708.965176] GDTBase=fffffe0000032000 IDTBase=fffffe0000000000
[ 2708.971098] CR0=0000000080050033 CR3=000000003d843000 CR4=00000000001426e0
[ 2708.988626] Sysenter RSP=fffffe0000033200 CS:RIP=0010:ffffffff864018c0
[ 2709.002805] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[ 2709.019134] *** Control State ***
[ 2709.023531] PinBased=0000003f CPUBased=b6986dfe SecondaryExec=000000ea
[ 2709.038999] EntryControls=0000d1ff ExitControls=002fefff
[ 2709.051918] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[ 2709.069678] VMEntry: intr_info=80000074 errcode=00000000 ilen=00000000
[ 2709.117686] VMExit: intr_info=00000000 errcode=00000000 ilen=00000003
[ 2709.137949]         reason=80000021 qualification=0000000000000000
[ 2709.147920] IDTVectoring: info=00000000 errcode=00000000
[ 2709.161512] TSC Offset = 0xfffffa52914a5aa4
[ 2709.171566] EPT pointer = 0x000000003a4c201e
[ 2709.182636] Virtual processor ID = 0x0024
08:54:03 executing program 0:
r0 = socket(0xa, 0x1, 0x0)
r1 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x46000)
io_setup(0x2349, &(0x7f0000000240)=<r2=>0x0)
io_submit(r2, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x80000000000000, 0x1, 0x0, r1, &(0x7f0000000000), 0x377140be6b5ef4c7}])
r3 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
fcntl$setstatus(r3, 0x4, 0x46000)
io_setup(0x2349, &(0x7f0000000240)=<r4=>0x0)
io_submit(r4, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x80000000000000, 0x1, 0x0, r3, &(0x7f0000000000), 0x377140be6b5ef4c7}])
r5 = dup(r1)
getsockopt$inet6_mtu(r5, 0x29, 0x17, &(0x7f0000000040), &(0x7f0000000080)=0x4)
ioctl$sock_inet_tcp_SIOCOUTQ(r0, 0x8901, &(0x7f0000000000))

08:54:03 executing program 5:
r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x46000)
io_setup(0x2349, &(0x7f0000000240)=<r1=>0x0)
io_submit(r1, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x80000000000000, 0x1, 0x0, r0, &(0x7f0000000000), 0x377140be6b5ef4c7}])
ioctl$EVIOCGID(r0, 0x80084502, &(0x7f0000000440)=""/244)
r2 = openat(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x10040, 0x48)
r3 = syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f00000001c0)='NLBL_MGMT\x00')
sendmsg$NLBL_MGMT_C_LISTDEF(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000380)={0x50, r3, 0x0, 0x70bd2a, 0x25dfdbfc, {}, [@NLBL_MGMT_A_FAMILY={0x6, 0xb, 0x25}, @NLBL_MGMT_A_FAMILY={0x6, 0xb, 0x1d}, @NLBL_MGMT_A_IPV4ADDR={0x8, 0x7, @rand_addr=0x64010100}, @NLBL_MGMT_A_PROTOCOL={0x8, 0x2, 0x5}, @NLBL_MGMT_A_CV4DOI={0x8, 0x4, 0x2}, @NLBL_MGMT_A_CLPDOI={0x8, 0xc, 0x1}, @NLBL_MGMT_A_DOMAIN={0xc, 0x1, 'overlay\x00'}]}, 0x50}, 0x1, 0x0, 0x0, 0x40}, 0x0)
r4 = openat(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x10040, 0x48)
r5 = syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f00000001c0)='NLBL_MGMT\x00')
sendmsg$NLBL_MGMT_C_LISTDEF(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000380)={0x50, r5, 0x0, 0x70bd2a, 0x25dfdbfc, {}, [@NLBL_MGMT_A_FAMILY={0x6, 0xb, 0x25}, @NLBL_MGMT_A_FAMILY={0x6, 0xb, 0x1d}, @NLBL_MGMT_A_IPV4ADDR={0x8, 0x7, @rand_addr=0x64010100}, @NLBL_MGMT_A_PROTOCOL={0x8, 0x2, 0x5}, @NLBL_MGMT_A_CV4DOI={0x8, 0x4, 0x2}, @NLBL_MGMT_A_CLPDOI={0x8, 0xc, 0x1}, @NLBL_MGMT_A_DOMAIN={0xc, 0x1, 'overlay\x00'}]}, 0x50}, 0x1, 0x0, 0x0, 0x40}, 0x0)
sendmsg$NLBL_MGMT_C_LISTALL(r4, &(0x7f0000000300)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000180)={&(0x7f0000000280)={0x50, r5, 0x400, 0x70bd2d, 0x25dfdbfe, {}, [@NLBL_MGMT_A_IPV6MASK={0x14, 0x6, @dev={0xfe, 0x80, [], 0x17}}, @NLBL_MGMT_A_IPV6ADDR={0x14, 0x5, @mcast2}, @NLBL_MGMT_A_IPV6ADDR={0x14, 0x5, @private0}]}, 0x50}, 0x1, 0x0, 0x0, 0x48c0}, 0x0)
sendmsg$NLBL_MGMT_C_LISTALL(r2, &(0x7f0000000300)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000180)={&(0x7f0000000280)={0x14, r5, 0x400, 0x70b92d, 0x25dfdbfe}, 0x14}, 0x1, 0x0, 0x0, 0x4c8c0}, 0x40840)
sendmsg$NLBL_MGMT_C_LISTALL(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000040)={0x1c, r3, 0x1, 0x70bd28, 0x25dfdbfb, {}, [@NLBL_MGMT_A_PROTOCOL={0x8, 0x2, 0x4}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4}, 0x8a0)
r6 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
fremovexattr(r6, &(0x7f0000000080)=@known='user.syz\x00')

08:54:03 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = fcntl$dupfd(r2, 0x0, r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_CLOCK(0xffffffffffffffff, 0x4030ae7b, &(0x7f0000000000)={0xec2})
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
r5 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
fcntl$setstatus(r5, 0x4, 0x46000)
io_setup(0x2349, &(0x7f0000000240)=<r6=>0x0)
io_submit(r6, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x80000000000000, 0x1, 0x0, r5, &(0x7f0000000000), 0x377140be6b5ef4c7}])
fstatfs(r5, &(0x7f0000000240)=""/196)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000026000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r4, 0x4138ae84, &(0x7f00000000c0)={{}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x4, 0xce, 0x0, 0xfd}})
ioctl$KVM_RUN(r4, 0xae80, 0x0)

08:54:03 executing program 3:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = fcntl$dupfd(r2, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r4 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r4, 0x0, 0x8400fffffffa)
sendfile(r0, r4, 0x0, 0xffffffff)

08:54:03 executing program 2:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = fcntl$dupfd(r2, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
fcntl$setstatus(r0, 0x4, 0x6900)
ioctl$ASHMEM_GET_PIN_STATUS(0xffffffffffffffff, 0x7709, 0x0)
r4 = socket$inet6_sctp(0xa, 0x5, 0x84)
shutdown(r4, 0x0)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r5 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r5, 0x0, 0xffffffff)

08:54:03 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_CLOCK(0xffffffffffffffff, 0x4030ae7b, &(0x7f0000000000)={0xec2})
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000026000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
r3 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/btrfs-control\x00', 0x0, 0x0)
ioctl$ASHMEM_GET_PIN_STATUS(r3, 0x7709, 0x0)
ioctl$SNDRV_PCM_IOCTL_DROP(r3, 0x4143, 0x0)
io_submit(0x0, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x80000000000000, 0x1, 0x0, 0xffffffffffffffff, &(0x7f0000000000), 0x377140be6b5ef4c7}])
ioctl$SCSI_IOCTL_STOP_UNIT(0xffffffffffffffff, 0x6)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000000c0)={{0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x9}, {}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0x4}, {0x0, 0x0, 0x0, 0x4, 0xce, 0x0, 0xfd}, {}, {}, {0x1}, {}, 0x80000004, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x20]})
r4 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
fcntl$setstatus(r4, 0x4, 0x46000)
io_setup(0x2349, &(0x7f0000000240)=<r5=>0x0)
io_submit(r5, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x80000000000000, 0x1, 0x0, r4, &(0x7f0000000000), 0x377140be6b5ef4c7}])
ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r4, 0xc0a85320, &(0x7f0000000240)={{0x4, 0x2}, 'port0\x00', 0x68, 0x100000, 0x200, 0x20, 0x2, 0x8, 0x81, 0x0, 0x4, 0x5c})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

[ 2709.819205] audit: type=1804 audit(1591347243.974:286): pid=19107 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.3" name="/root/syzkaller-testdir891778437/syzkaller.7QqUtx/784/bus" dev="sda1" ino=16210 res=1
[ 2709.925929] *** Guest State ***
[ 2709.949022] *** Guest State ***
[ 2709.960937] CR0: actual=0x0000000080000024, shadow=0x0000000080000004, gh_mask=fffffffffffffff7
[ 2709.962269] audit: type=1804 audit(1591347244.014:287): pid=19108 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.2" name="/root/syzkaller-testdir440013971/syzkaller.BGz3RF/4525/bus" dev="sda1" ino=16226 res=1
[ 2709.982836] CR0: actual=0x0000000000000020, shadow=0x0000000000000000, gh_mask=fffffffffffffff7
08:54:04 executing program 0:
perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext, 0x0, 0x2, 0x0, 0x5, 0x0, 0x0, 0x1ff}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$BPF_GET_BTF_INFO(0xf, 0x0, 0x0)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="85000000130000005d0000000000000095000000000000000a621cf434b9dbafdc0a00e9bfde03afe9c81a9cf05725caf1cae63587ff7f0000cde5c019080096e2c43f6b8fd41b7e7666ada01543b7185a4650732b48588a84f8347a1b5efd079137038277beb5e0615c40dbb7005fbd189981feb0a514c168646ea716bb5b94bd00009b4f22389c753acb8026fd808f25bfc91c15d7dc2adcdefba0868942577d8953191eeb79379829652b10737d4e25a22695df1cff25340af4fc990000099fff70b24f8228bd07741c710ebde4bf17dc8f3259ec78e5b39515991b1428fa5301000004398f6500000000a3124871b76f1b2c8fea54fb3726850310bd480355921c9c0c120d049000b3190974f06e53eb9e0000cc4bd12f5d44b172a4a2f72bb3fd2656551881b945861d8f3eb0a543de4c71e4f306767a7b542258becc9fa5987a7000009fdf95541c4148a3c0322a5d2c539b749491ce88e47b147884df676eb8a8f4d844ff1e3c219666703f302c70d773a59b60cb9b0000000000a39bbd19344c7c498ce255f79fc8e77e3ba393f8401af9077cca6d65a63d47b53ad6f1be3a10c540cda8df0b4e07b1d53f32ff3e2ce03dd70707d2dd1db91f842e36a8a3f7f89258943e32023d6670910d1fdc9db9d03f849ceeafe8bf00677ad1dea3e2fec13ce0b92489cba78d5517600a9518b811a8bf9de074bf1bd738045b1620e83b908d1ece9177c4b9b6f1224a598004d1d9f09c317f7a0bed457e82b97d41ccae8c8c0ded87dfe708d56233a95f78e3aafa6551eb8eaf62ae8917a56fb6a82cadc189f5e98a5a30df3ec44e772a7b356c4ce3628ec559afc7b4a955fdc1503f890600f0ec0bd45b70933c32b6909644ad5b5f4c20206cc2c7b2f5e64270d30aaf2fe5dabdd463b705d87fe885a47d2e0696268ef0a939bcd4b4b48e80fbfea60ab1bc0d6c8833c5bbbcc1eb127fdd65836125"], &(0x7f0000000000)='GPL\x00', 0x5, 0x487, &(0x7f000000cf3d)=""/195}, 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r0, 0x0, 0x12, 0x0, &(0x7f0000000380)="263abd040e98ff4dc870bd6688a8640888a8", 0x0, 0x200}, 0x28)

[ 2710.057861] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[ 2710.107870] CR3 = 0x0000000000000000
[ 2710.128616] RSP = 0x0000000000002018  RIP = 0x0000000000000000
[ 2710.136508] CR4: actual=0x0000000000002050, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[ 2710.186884] RFLAGS=0x00000002         DR7 = 0x0000000000000400
[ 2710.220156] CR3 = 0x00000000fffbc000
08:54:04 executing program 5:
r0 = openat$ocfs2_control(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ocfs2_control\x00', 0xb0000, 0x0)
setsockopt$inet6_MCAST_MSFILTER(r0, 0x29, 0x30, &(0x7f0000000300)={0x5, {{0xa, 0x4e21, 0x8e5, @private2={0xfc, 0x2, [], 0x1}, 0x6}}, 0x1, 0x9, [{{0xa, 0x4e20, 0x6, @private2, 0x3}}, {{0xa, 0x4e24, 0x3, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0x7}}, {{0xa, 0x4e20, 0xfffffffe, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0x1}}, {{0xa, 0x4e21, 0xec40, @mcast2, 0x3}}, {{0xa, 0x4e20, 0x1, @remote, 0x4}}, {{0xa, 0x4e24, 0x8, @dev={0xfe, 0x80, [], 0x30}, 0x101}}, {{0xa, 0x4e21, 0x9, @dev={0xfe, 0x80, [], 0x41}}}, {{0xa, 0x4e21, 0x3ff, @initdev={0xfe, 0x88, [], 0x0, 0x0}, 0x6}}, {{0xa, 0x4e21, 0x3a3b, @mcast1, 0x5}}]}, 0x510)
r1 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/btrfs-control\x00', 0x0, 0x0)
ioctl$ASHMEM_GET_PIN_STATUS(r1, 0x7709, 0x0)
r2 = open$dir(&(0x7f0000000040)='./bus\x00', 0x0, 0x2)
renameat(r1, &(0x7f0000000000)='./bus\x00', r2, &(0x7f00000000c0)='./bus\x00')
fcntl$getownex(r2, 0x10, &(0x7f0000000180))
r3 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
fremovexattr(r3, &(0x7f0000000080)=@known='user.syz\x00')

[ 2710.245807] Sysenter RSP=0000000000000f80 CS:RIP=0050:0000000000002810
[ 2710.264918] RSP = 0x0000000000002006  RIP = 0x0000000000000000
[ 2710.307845] RFLAGS=0x00010002         DR7 = 0x0000000000000400
[ 2710.311370] CS:   sel=0x0000, attr=0x08081, limit=0x00000000, base=0x0000000000000000
[ 2710.340234] DS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2710.342887] Sysenter RSP=0000000000000f80 CS:RIP=0050:0000000000002810
[ 2710.407368] SS:   sel=0x0000, attr=0x04005, limit=0x00000000, base=0x0000000000000000
[ 2710.413822] CS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2710.472871] ES:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2710.481150] DS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2710.515358] FS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2710.525855] SS:   sel=0x0000, attr=0x04005, limit=0x00000000, base=0x0000000000000000
[ 2710.559479] GS:   sel=0x0000, attr=0x00001, limit=0x00000000, base=0x0000000000000000
[ 2710.568299] ES:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2710.618273] GDTR:                           limit=0x00000000, base=0x0000000000000001
[ 2710.629177] FS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
08:54:04 executing program 3:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = fcntl$dupfd(r2, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r4 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r4, 0x0, 0x8400fffffffa)
sendfile(r0, r4, 0x0, 0xffffffff)

08:54:04 executing program 2:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = fcntl$dupfd(r2, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
fcntl$setstatus(r0, 0x4, 0x6900)
ioctl$ASHMEM_GET_PIN_STATUS(0xffffffffffffffff, 0x7709, 0x0)
r4 = socket$inet6_sctp(0xa, 0x5, 0x84)
shutdown(r4, 0x0)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r5 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r5, 0x0, 0xffffffff)

[ 2710.668969] LDTR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2710.679859] GS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2710.712793] IDTR:                           limit=0x00000000, base=0x0000000000000000
[ 2710.726555] GDTR:                           limit=0x00000000, base=0x0000000000000000
[ 2710.735980] audit: type=1804 audit(1591347244.894:288): pid=19132 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="ToMToU" comm="syz-executor.5" name="/root/syzkaller-testdir619757868/syzkaller.NyDZSH/3696/bus" dev="sda1" ino=16338 res=1
[ 2710.785161] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2710.808472] LDTR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
08:54:05 executing program 0:
perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext, 0x0, 0x2, 0x0, 0x5, 0x0, 0x0, 0x1ff}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$BPF_GET_BTF_INFO(0xf, 0x0, 0x0)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="85000000130000005d0000000000000095000000000000000a621cf434b9dbafdc0a00e9bfde03afe9c81a9cf05725caf1cae63587ff7f0000cde5c019080096e2c43f6b8fd41b7e7666ada01543b7185a4650732b48588a84f8347a1b5efd079137038277beb5e0615c40dbb7005fbd189981feb0a514c168646ea716bb5b94bd00009b4f22389c753acb8026fd808f25bfc91c15d7dc2adcdefba0868942577d8953191eeb79379829652b10737d4e25a22695df1cff25340af4fc990000099fff70b24f8228bd07741c710ebde4bf17dc8f3259ec78e5b39515991b1428fa5301000004398f6500000000a3124871b76f1b2c8fea54fb3726850310bd480355921c9c0c120d049000b3190974f06e53eb9e0000cc4bd12f5d44b172a4a2f72bb3fd2656551881b945861d8f3eb0a543de4c71e4f306767a7b542258becc9fa5987a7000009fdf95541c4148a3c0322a5d2c539b749491ce88e47b147884df676eb8a8f4d844ff1e3c219666703f302c70d773a59b60cb9b0000000000a39bbd19344c7c498ce255f79fc8e77e3ba393f8401af9077cca6d65a63d47b53ad6f1be3a10c540cda8df0b4e07b1d53f32ff3e2ce03dd70707d2dd1db91f842e36a8a3f7f89258943e32023d6670910d1fdc9db9d03f849ceeafe8bf00677ad1dea3e2fec13ce0b92489cba78d5517600a9518b811a8bf9de074bf1bd738045b1620e83b908d1ece9177c4b9b6f1224a598004d1d9f09c317f7a0bed457e82b97d41ccae8c8c0ded87dfe708d56233a95f78e3aafa6551eb8eaf62ae8917a56fb6a82cadc189f5e98a5a30df3ec44e772a7b356c4ce3628ec559afc7b4a955fdc1503f890600f0ec0bd45b70933c32b6909644ad5b5f4c20206cc2c7b2f5e64270d30aaf2fe5dabdd463b705d87fe885a47d2e0696268ef0a939bcd4b4b48e80fbfea60ab1bc0d6c8833c5bbbcc1eb127fdd65836125"], &(0x7f0000000000)='GPL\x00', 0x5, 0x487, &(0x7f000000cf3d)=""/195}, 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r0, 0x0, 0x12, 0x0, &(0x7f0000000380)="263abd040e98ff4dc870bd6688a8640888a8", 0x0, 0x200}, 0x28)

[ 2710.838601] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[ 2710.850321] IDTR:                           limit=0x00000000, base=0x0000000000000000
[ 2710.861195] audit: type=1804 audit(1591347244.954:289): pid=19148 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.2" name="/root/syzkaller-testdir440013971/syzkaller.BGz3RF/4526/bus" dev="sda1" ino=15908 res=1
08:54:05 executing program 5:
r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
fremovexattr(r0, &(0x7f0000000080)=@known='user.syz\x00')
pread64(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x8000)

[ 2710.893209] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[ 2710.910864] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
08:54:05 executing program 0:
prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0)
openat$vsock(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vsock\x00', 0x16000, 0x0)
r0 = getpid()
sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0)
socket$inet6(0xa, 0x3, 0x7)
recvmmsg(0xffffffffffffffff, &(0x7f0000000b80)=[{{0x0, 0x0, &(0x7f0000000a40)=[{&(0x7f0000000240)=""/86, 0x56}, {&(0x7f0000000440)=""/99, 0x63}, {0x0}, {0x0}, {&(0x7f0000000340)=""/233, 0xe9}], 0x5}, 0x4007ff}], 0x1, 0x0, 0x0)
pipe(&(0x7f0000000300)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
fcntl$setpipe(r2, 0x407, 0x0)
write(r2, &(0x7f0000000340), 0x41395527)
vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x8, 0x3}, 0x0)
perf_event_open(&(0x7f0000000100)={0x2, 0x70, 0xd4, 0x1c, 0x0, 0x0, 0x0, 0x400000000, 0x0, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_bp={0x0, 0xe}, 0x2000, 0x0, 0x0, 0x8}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r3 = creat(&(0x7f0000000180)='./bus\x00', 0x0)
fallocate(r3, 0x0, 0x0, 0x8020001)
ioctl$MON_IOCX_MFETCH(r3, 0xc0109207, 0x0)
getsockopt$inet_sctp_SCTP_RECVNXTINFO(0xffffffffffffffff, 0x84, 0x21, 0x0, 0x0)
preadv(0xffffffffffffffff, &(0x7f0000000500), 0x37d, 0x0)
ioctl$sock_TIOCOUTQ(0xffffffffffffffff, 0x5411, &(0x7f0000000200))
syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='numa_maps\x00')

[ 2710.938398] Interruptibility = 00000000  ActivityState = 00000000
[ 2710.961287] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[ 2710.970192] *** Host State ***
[ 2710.982035] RIP = 0xffffffff8116426f  RSP = 0xffff8880110bf9d0
[ 2710.991800] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[ 2711.009193] audit: type=1804 audit(1591347245.094:290): pid=19153 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.3" name="/root/syzkaller-testdir891778437/syzkaller.7QqUtx/785/bus" dev="sda1" ino=16326 res=1
[ 2711.038708] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[ 2711.057062] Interruptibility = 00000000  ActivityState = 00000000
[ 2711.080247] FSBase=00007fc3c7505700 GSBase=ffff8880aec00000 TRBase=fffffe0000034000
[ 2711.097556] *** Host State ***
[ 2711.108902] RIP = 0xffffffff8116426f  RSP = 0xffff888082b6f9d0
[ 2711.121465] GDTBase=fffffe0000032000 IDTBase=fffffe0000000000
[ 2711.150571] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[ 2711.164671] CR0=0000000080050033 CR3=00000000150b3000 CR4=00000000001426f0
[ 2711.197625] FSBase=00007ff5ac388700 GSBase=ffff8880aec00000 TRBase=fffffe0000034000
[ 2711.215441] Sysenter RSP=fffffe0000033200 CS:RIP=0010:ffffffff864018c0
[ 2711.250888] GDTBase=fffffe0000032000 IDTBase=fffffe0000000000
[ 2711.261488] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
08:54:05 executing program 0:
semctl$GETNCNT(0x0, 0x0, 0xe, 0x0)
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext={0xfffffffffffffffc, 0x1}}, 0x0, 0xffffffbfffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$packet(0x11, 0x3, 0x300)
r1 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x46000)
io_setup(0x2349, &(0x7f0000000240)=<r2=>0x0)
io_submit(r2, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x80000000000000, 0x1, 0x0, r1, &(0x7f0000000000), 0x377140be6b5ef4c7}])
creat(&(0x7f0000000140)='./bus\x00', 0x0)
r3 = dup(0xffffffffffffffff)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0xa)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
ioctl$ifreq_SIOCGIFINDEX_wireguard(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'wg0\x00'})
setsockopt$packet_int(r3, 0x107, 0x10000000000f, &(0x7f0000006ffc)=0x4000000a, 0x4)
r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
r5 = socket$packet(0x11, 0x2, 0x300)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000200)={'vlan0\x00', <r6=>0x0})
bind$packet(r0, &(0x7f0000000640)={0x11, 0x0, r6, 0x1, 0x0, 0x6, @link_local}, 0x14)
setsockopt$packet_fanout(r5, 0x107, 0x12, &(0x7f0000000000)={0x0, 0x3}, 0x4)
sendto$inet6(r0, &(0x7f0000000300)="0503d03206023e0e01a00000c513f7c25975e697b02f08066b2b2ff0dac8897c6b11876d886b143a301817ccd51cc5471d130a6632a88161b6fd8f24286a57c3fe257c3314a3974bb654697f", 0xfdfa, 0x0, 0x0, 0x0)

[ 2711.316956] CR0=0000000080050033 CR3=00000000190fa000 CR4=00000000001426f0
[ 2711.349567] *** Control State ***
[ 2711.363548] Sysenter RSP=fffffe0000033200 CS:RIP=0010:ffffffff864018c0
[ 2711.373468] PinBased=0000003f CPUBased=b6986dfe SecondaryExec=000000ea
[ 2711.396537] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[ 2711.404203] EntryControls=0000d1ff ExitControls=002fefff
[ 2711.426795] *** Control State ***
[ 2711.430612] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[ 2711.449199] PinBased=0000003f CPUBased=b699edfa SecondaryExec=000000ea
[ 2711.464694] VMEntry: intr_info=800000c5 errcode=00000000 ilen=00000000
[ 2711.479547] EntryControls=0000d1ff ExitControls=002fefff
[ 2711.496820] VMExit: intr_info=00000000 errcode=00000000 ilen=00000003
[ 2711.508978] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[ 2711.528989]         reason=80000021 qualification=0000000000000000
[ 2711.539744] VMEntry: intr_info=8000030d errcode=00000000 ilen=00000000
[ 2711.559368] IDTVectoring: info=00000000 errcode=00000000
[ 2711.569028] VMExit: intr_info=00000000 errcode=00000000 ilen=00000003
[ 2711.586103] TSC Offset = 0xfffffa51a0549b80
[ 2711.603474]         reason=80000021 qualification=0000000000000000
[ 2711.614942] EPT pointer = 0x00000000883dc01e
[ 2711.630482] Virtual processor ID = 0x001c
[ 2711.638137] IDTVectoring: info=00000000 errcode=00000000
[ 2711.664973] TSC Offset = 0xfffffa519f06961e
[ 2711.687446] EPT pointer = 0x000000001944e01e
[ 2711.711497] Virtual processor ID = 0x0024
08:54:05 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = fcntl$dupfd(r2, 0x0, r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_CLOCK(0xffffffffffffffff, 0x4030ae7b, &(0x7f0000000000)={0xec2})
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000026000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r4, 0x4138ae84, &(0x7f00000000c0)={{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfc}, {}, {}, {0x0, 0x0, 0xe}, {}, {0x0, 0x0, 0x0, 0x4, 0xce, 0x0, 0xfd}})
ioctl$KVM_RUN(r4, 0xae80, 0x0)

08:54:05 executing program 2:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = fcntl$dupfd(r2, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
fcntl$setstatus(r0, 0x4, 0x6900)
ioctl$ASHMEM_GET_PIN_STATUS(0xffffffffffffffff, 0x7709, 0x0)
r4 = socket$inet6_sctp(0xa, 0x5, 0x84)
shutdown(r4, 0x0)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
sendfile(r0, 0xffffffffffffffff, 0x0, 0x8400fffffffa)
sendfile(r0, 0xffffffffffffffff, 0x0, 0xffffffff)

08:54:05 executing program 5:
r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
fremovexattr(r0, &(0x7f0000000040)=@known='trusted.overlay.impure\x00')
r1 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/btrfs-control\x00', 0x0, 0x0)
ioctl$ASHMEM_GET_PIN_STATUS(r1, 0x7709, 0x0)
r2 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/btrfs-control\x00', 0x0, 0x0)
ioctl$ASHMEM_GET_PIN_STATUS(r2, 0x7709, 0x0)
ioctl$EVIOCSABS0(r2, 0x401845c0, &(0x7f00000000c0)={0x9, 0xc54e, 0xff, 0x5, 0xfffffff7, 0x3ff})
futimesat(r1, &(0x7f0000000000)='./bus\x00', &(0x7f0000000080)={{0x77359400}, {0x0, 0xea60}})

08:54:05 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300)='/dev/kvm\x00', 0x40, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_CLOCK(0xffffffffffffffff, 0x4030ae7b, &(0x7f0000000000)={0xec2})
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000026000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
r3 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
fcntl$setstatus(r3, 0x4, 0x46000)
io_setup(0x2349, &(0x7f0000000240)=<r4=>0x0)
io_submit(r4, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x80000000000000, 0x1, 0x0, r3, &(0x7f0000000000), 0x377140be6b5ef4c7}])
ioctl$SIOCGIFHWADDR(r3, 0x8927, &(0x7f0000000040))
vmsplice(r0, &(0x7f0000000500)=[{&(0x7f0000000340)="7fccef7cdba78bac169bf3cf9963f6da00db21e09f8f392b94019b6465f4d39ca0b330214ec8025e90e37159ade827ee27b53b53573f27f641b34f914648816527e27670285c977841fb9fc0445441dcde36b5d63cfe211c16b5578b7dd27ac69c8b216aa4aabf75c1bd3277021f21bf60013d1ac771", 0x76}, {&(0x7f00000003c0)="b5d7806dcfe5c2ec49916283d88bfb0a1299f3a6558f64d46c7b", 0x1a}, {&(0x7f0000000400)='N', 0x1}, {&(0x7f0000000440)="9bb37f3a8cd66abcd86d4131ba99803979d97b334d8a4dffba0d5dff107723907ee361751537c997250358474d600e02ea5cf4eff12b2cee76cbf19347286c2ea2efda8cfaa80a42eea937734d02865d2ba6f82ebe11a48a941df8493d2befd48c4fd8769e7a53959d38cb2ece2551c5bd24c79fc5a9136bf2400983c415d68a6642ce1ba4f0771aa8e9cd76cb93cdb091a1f69495c345546496ae2147e84a9496b3ed68a64b436ff88cca446a7c3ec921c6be6d79e74f4cd4b2c475612752", 0xbf}], 0x4, 0x8)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
r5 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000200)='/dev/btrfs-control\x00', 0x0, 0x0)
ioctl$ASHMEM_GET_PIN_STATUS(r5, 0x7709, 0x0)
ioctl$VIDIOC_S_JPEGCOMP(r5, 0x408c563e, &(0x7f0000000240)={0x7e1, 0x5, 0x2d, "35b369442769174744b34bbf2c7d040565a8049212ae9229a80f3cc211bb7a58109c8f00a93c4641517bba2ae39ab9de9773ee3bd4183386b39dd8b0", 0x1, "4bf06efef8798935a8546a1324c7936ee5273f4cd240da2bd3bc0ecc682d0f87f4103b6dd13ec9dcb2946c247d93064e5520b5700e39f120f775eddd", 0xa0})
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000000c0)={{0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x9}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x4, 0xce, 0x0, 0xfd}, {}, {}, {0x1}, {}, 0x80000004, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x20]})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

08:54:05 executing program 3:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
fcntl$dupfd(r2, 0x0, r1)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r3 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r3, 0x0, 0x8400fffffffa)
sendfile(r0, r3, 0x0, 0xffffffff)

08:54:05 executing program 0:
r0 = socket(0x11, 0x800000003, 0x0)
bind(r0, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80)
r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = dup3(r1, r2, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
getsockname$packet(r0, &(0x7f00000003c0)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000000)=0x14)
r5 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r5, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000180)=@newqdisc={0x90, 0x24, 0xf0b, 0x0, 0x3, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa, 0x1, 'netem\x00'}, {0x60, 0x2, {{}, [@TCA_NETEM_CORR={0x10}, @TCA_NETEM_RATE64={0xc}, @TCA_NETEM_RATE={0x14}, @TCA_NETEM_ECN={0x8}, @TCA_NETEM_REORDER={0xc}]}}}]}, 0x90}}, 0x0)

08:54:06 executing program 2:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = fcntl$dupfd(r2, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
fcntl$setstatus(r0, 0x4, 0x6900)
ioctl$ASHMEM_GET_PIN_STATUS(0xffffffffffffffff, 0x7709, 0x0)
r4 = socket$inet6_sctp(0xa, 0x5, 0x84)
shutdown(r4, 0x0)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
sendfile(r0, 0xffffffffffffffff, 0x0, 0x8400fffffffa)
sendfile(r0, 0xffffffffffffffff, 0x0, 0xffffffff)

[ 2711.887889] *** Guest State ***
[ 2711.891206] CR0: actual=0x0000000080000024, shadow=0x0000000080000004, gh_mask=fffffffffffffff7
08:54:06 executing program 2:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = fcntl$dupfd(r2, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
fcntl$setstatus(r0, 0x4, 0x6900)
ioctl$ASHMEM_GET_PIN_STATUS(0xffffffffffffffff, 0x7709, 0x0)
r4 = socket$inet6_sctp(0xa, 0x5, 0x84)
shutdown(r4, 0x0)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
sendfile(r0, 0xffffffffffffffff, 0x0, 0x8400fffffffa)
sendfile(r0, 0xffffffffffffffff, 0x0, 0xffffffff)

08:54:06 executing program 5:
r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
fremovexattr(r0, &(0x7f0000000080)=@known='user.syz\x00')
r1 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/btrfs-control\x00', 0x0, 0x0)
r2 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
fcntl$setstatus(r2, 0x4, 0x46000)
io_setup(0x2349, &(0x7f0000000240)=<r3=>0x0)
io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x80000000000000, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7}])
setsockopt$inet_sctp_SCTP_FRAGMENT_INTERLEAVE(r2, 0x84, 0x12, &(0x7f0000000040)=0xffffffff, 0x4)
ioctl$ASHMEM_GET_PIN_STATUS(r1, 0x7709, 0x0)
ioctl$EVIOCGABS20(r1, 0x80184560, &(0x7f0000000180)=""/113)
write$P9_RLERROR(r1, &(0x7f0000000000)={0x10, 0x7, 0x1, {0x7, '{vmnet0'}}, 0x10)
socket$inet6(0xa, 0x2, 0x2)
ioctl$RNDCLEARPOOL(r2, 0x5206, &(0x7f0000000100)=0xf6c)

[ 2711.948016] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[ 2711.984752] CR3 = 0x0000000000000000
08:54:06 executing program 0:
prlimit64(0x0, 0xe, &(0x7f0000000240)={0x9, 0x8d}, 0x0)
r0 = getpid()
sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r1, &(0x7f0000006040)=[{{0x0, 0x0, 0x0}, 0xc}], 0x1, 0x0, 0x0)
pipe(&(0x7f0000000300)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
fcntl$setpipe(r3, 0x407, 0x0)
write(r3, &(0x7f0000000340), 0x41395527)
vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
dup(r1)
mkdir(&(0x7f00000000c0)='./file0\x00', 0x0)
readahead(0xffffffffffffffff, 0x0, 0xffffffff80000000)
ioctl$DRM_IOCTL_SET_VERSION(0xffffffffffffffff, 0xc0106407, 0x0)
ioctl$SG_GET_COMMAND_Q(0xffffffffffffffff, 0x2270, 0x0)
openat$dir(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r4 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000400)='/dev/fuse\x00', 0x2, 0x0)
mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000940)='fuse\x00', 0x0, &(0x7f0000000140)={{'fd', 0x3d, r4}, 0x2c, {'rootmode', 0x3d, 0x8000}, 0x2c, {'user_id'}, 0x2c, {'group_id'}})
ioctl$RTC_UIE_OFF(0xffffffffffffffff, 0x7004)

[ 2711.994767] RSP = 0x0000000000002018  RIP = 0x0000000000000000
[ 2712.003849] RFLAGS=0x00000002         DR7 = 0x0000000000000400
[ 2712.020331] Sysenter RSP=0000000000000f80 CS:RIP=0050:0000000000002810
[ 2712.056537] CS:   sel=0x0000, attr=0x08081, limit=0x00000000, base=0x0000000000000000
[ 2712.075509] audit: type=1804 audit(1591347246.234:291): pid=19204 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.3" name="/root/syzkaller-testdir891778437/syzkaller.7QqUtx/786/bus" dev="sda1" ino=16242 res=1
08:54:06 executing program 2:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = fcntl$dupfd(r2, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
fcntl$setstatus(r0, 0x4, 0x6900)
ioctl$ASHMEM_GET_PIN_STATUS(0xffffffffffffffff, 0x7709, 0x0)
r4 = socket$inet6_sctp(0xa, 0x5, 0x84)
shutdown(r4, 0x0)
ftruncate(r0, 0x800)
r5 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r5, 0x0, 0x8400fffffffa)
sendfile(r0, r5, 0x0, 0xffffffff)

[ 2712.120373] DS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2712.139814] SS:   sel=0x0000, attr=0x04005, limit=0x00000000, base=0x0000000000000000
[ 2712.171748] ES:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2712.193344] FS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2712.203600] audit: type=1804 audit(1591347246.364:292): pid=19213 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.2" name="/root/syzkaller-testdir440013971/syzkaller.BGz3RF/4530/bus" dev="sda1" ino=16327 res=1
[ 2712.236680] GS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
08:54:06 executing program 2:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = fcntl$dupfd(r2, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
fcntl$setstatus(r0, 0x4, 0x6900)
ioctl$ASHMEM_GET_PIN_STATUS(0xffffffffffffffff, 0x7709, 0x0)
r4 = socket$inet6_sctp(0xa, 0x5, 0x84)
shutdown(r4, 0x0)
ftruncate(r0, 0x800)
r5 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r5, 0x0, 0x8400fffffffa)
sendfile(r0, r5, 0x0, 0xffffffff)

[ 2712.266665] GDTR:                           limit=0x00000000, base=0x0000000000000001
[ 2712.341401] LDTR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2712.404467] IDTR:                           limit=0x00000000, base=0x0000000000000000
[ 2712.442073] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
08:54:06 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x6402c0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = fcntl$dupfd(r2, 0x0, r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_CLOCK(0xffffffffffffffff, 0x4030ae7b, &(0x7f0000000000)={0xec2})
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000026000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1)
io_setup(0x2349, &(0x7f0000000240)=<r5=>0x0)
io_submit(r5, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x80000000000000, 0x1, 0x0, 0xffffffffffffffff, &(0x7f0000000000), 0x377140be6b5ef4c7}])
getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f00000007c0)={<r6=>0x0, @remote, @multicast1}, &(0x7f0000000800)=0xc)
sendmsg$BATADV_CMD_SET_HARDIF(0xffffffffffffffff, &(0x7f0000000900)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000008c0)={&(0x7f0000000840)={0x64, 0x0, 0x102, 0x70bd2a, 0x25dfdbff, {}, [@BATADV_ATTR_VLANID={0x6, 0x28, 0x3}, @BATADV_ATTR_ELP_INTERVAL={0x8, 0x3a, 0xa25}, @BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5}, @BATADV_ATTR_HOP_PENALTY={0x5, 0x35, 0x4}, @BATADV_ATTR_AGGREGATED_OGMS_ENABLED={0x5, 0x29, 0x1}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5, 0x2a, 0x1}, @BATADV_ATTR_ELP_INTERVAL={0x8, 0x3a, 0x9}, @BATADV_ATTR_GW_SEL_CLASS={0x8, 0x34, 0x10001}, @BATADV_ATTR_THROUGHPUT_OVERRIDE={0x8, 0x3b, 0x1}, @BATADV_ATTR_HARD_IFINDEX={0x8, 0x6, r6}]}, 0x64}, 0x1, 0x0, 0x0, 0x2840}, 0x4000000)
ioctl$KVM_SET_SREGS(r4, 0x4138ae84, &(0x7f00000000c0)={{}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, {0x4}, {0x0, 0x0, 0x0, 0x10}, {}, {0x0, 0x0, 0x0, 0x4, 0xce, 0x0, 0xfd}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}})
ioctl$KVM_RUN(r4, 0xae80, 0x0)
r7 = getpid()
sched_setattr(r7, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0)
ptrace$poke(0x4, r7, &(0x7f0000000200), 0x7f)

[ 2712.464839] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[ 2712.545336] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
08:54:06 executing program 2:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = fcntl$dupfd(r2, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
fcntl$setstatus(r0, 0x4, 0x6900)
ioctl$ASHMEM_GET_PIN_STATUS(0xffffffffffffffff, 0x7709, 0x0)
r4 = socket$inet6_sctp(0xa, 0x5, 0x84)
shutdown(r4, 0x0)
ftruncate(r0, 0x800)
r5 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r5, 0x0, 0x8400fffffffa)
sendfile(r0, r5, 0x0, 0xffffffff)

[ 2712.594596] Interruptibility = 00000000  ActivityState = 00000000
[ 2712.631214] *** Host State ***
08:54:06 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = fcntl$dupfd(r2, 0x0, r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_CLOCK(0xffffffffffffffff, 0x4030ae7b, &(0x7f0000000000)={0xec2})
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000026000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r4, 0x4138ae84, &(0x7f00000000c0)={{}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x4, 0xce, 0x0, 0xfd}, {}, {}, {}, {}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x20000000]})
symlinkat(&(0x7f0000000040)='./file0\x00', r3, &(0x7f0000000240)='./file0\x00')
ioctl$KVM_RUN(r4, 0xae80, 0x0)
r5 = openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f0000000280)='/dev/nvme-fabrics\x00', 0x630002, 0x0)
ioctl$USBDEVFS_CONTROL(r5, 0xc0185500, &(0x7f0000000380)={0x5, 0x3, 0x7, 0x6b, 0x8e, 0x0, &(0x7f00000002c0)="628652c83e9ed3f3c7d64ee3e74e0c6a7767f27ce1850806898d2b67e8c094540d7f977d22453cc030d1272d650b177df3a00084eaaec359e5d40d47ea5c4067ccd5bcb44b9efdc980b158e9855edba4ebc24676f01f327e7fdf7ad74c7122a0a3b283683e8eb82125f5b82f82fcbc90a1229f4f1b7a69fbaea405ef38972f6ad4bfee5ed2b854ee92059c883fa8"})

[ 2712.651241] RIP = 0xffffffff8116426f  RSP = 0xffff8880151679d0
[ 2712.673445] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[ 2712.705762] audit: type=1804 audit(1591347246.864:293): pid=19238 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.2" name="/root/syzkaller-testdir440013971/syzkaller.BGz3RF/4532/bus" dev="sda1" ino=16417 res=1
[ 2712.733996] FSBase=00007fc3c7505700 GSBase=ffff8880aed00000 TRBase=fffffe0000034000
[ 2712.779147] GDTBase=fffffe0000032000 IDTBase=fffffe0000000000
[ 2712.796734] CR0=0000000080050033 CR3=000000008e016000 CR4=00000000001426e0
[ 2712.807211] Sysenter RSP=fffffe0000033200 CS:RIP=0010:ffffffff864018c0
[ 2712.815490] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[ 2712.828470] *** Guest State ***
[ 2712.838443] *** Control State ***
[ 2712.844503] PinBased=0000003f CPUBased=b6986dfe SecondaryExec=000000ea
[ 2712.864339] CR0: actual=0x0000000000000020, shadow=0x0000000000000000, gh_mask=fffffffffffffff7
[ 2712.886120] EntryControls=0000d1ff ExitControls=002fefff
[ 2712.901354] CR4: actual=0x0000000000002050, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[ 2712.906990] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[ 2712.916758] CR3 = 0x00000000fffbc000
[ 2712.930792] RSP = 0x0000000000002006  RIP = 0x0000000000000000
[ 2712.979232] VMEntry: intr_info=800000c5 errcode=00000000 ilen=00000000
[ 2712.989387] RFLAGS=0x00010002         DR7 = 0x0000000000000400
[ 2713.008384] Sysenter RSP=0000000000000f80 CS:RIP=0050:0000000000002810
[ 2713.010025] VMExit: intr_info=00000000 errcode=00000000 ilen=00000003
[ 2713.030841] CS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2713.032168]         reason=80000021 qualification=0000000000000000
[ 2713.075603] IDTVectoring: info=00000000 errcode=00000000
[ 2713.079266] DS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2713.090798] SS:   sel=0x0000, attr=0x04005, limit=0x00000000, base=0x0000000000000000
[ 2713.099142] TSC Offset = 0xfffffa508ef66b9c
[ 2713.102033] ES:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2713.118942] EPT pointer = 0x000000003fa8b01e
[ 2713.119782] FS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2713.132227] GS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2713.137213] Virtual processor ID = 0x001c
[ 2713.154848] GDTR:                           limit=0x00000000, base=0x0000000000000000
08:54:07 executing program 1:
openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200)
r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
ioctl$KVM_SET_CLOCK(0xffffffffffffffff, 0x4030ae7b, &(0x7f0000000000)={0xec2})
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r0, &(0x7f0000026000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r0, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r0, 0x4138ae84, &(0x7f00000000c0)={{0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x9}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x4, 0xce, 0x0, 0xfd}, {}, {}, {0x1}, {}, 0x80000004, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x20]})
ioctl$KVM_RUN(r0, 0xae80, 0x0)
r1 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x46000)
io_setup(0x2349, &(0x7f0000000240)=<r2=>0x0)
io_submit(r2, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x80000000000000, 0x1, 0x0, r1, &(0x7f0000000000), 0x377140be6b5ef4c7}])
r3 = accept4(r1, &(0x7f0000000240)=@nfc, &(0x7f00000002c0)=0x80, 0x180000)
ioctl$IMGETCOUNT(r3, 0x80044943, &(0x7f0000000300))
ioctl$KVM_SET_CPUID(r0, 0x4008ae8a, &(0x7f0000000040)={0x2, 0x0, [{0xc0000001, 0x1, 0x1f, 0x1b4}, {0xa, 0x8, 0x1, 0x5, 0x6}]})

08:54:07 executing program 5:
r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x46000)
io_setup(0x2349, &(0x7f0000000240)=<r1=>0x0)
io_submit(r1, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x80000000000000, 0x1, 0x0, r0, &(0x7f0000000000), 0x377140be6b5ef4c7}])
clock_gettime(0x0, &(0x7f0000000000)={<r2=>0x0, <r3=>0x0})
r4 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
fcntl$setstatus(r4, 0x4, 0x46000)
io_setup(0x2349, &(0x7f0000000240)=<r5=>0x0)
io_submit(r5, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x80000000000000, 0x1, 0x0, r4, &(0x7f0000000000), 0x377140be6b5ef4c7}])
ioctl$VIDIOC_QUERYBUF(r0, 0xc0585609, &(0x7f00000000c0)={0x5f477f9f, 0x8, 0x4, 0x10, 0x3, {r2, r3/1000+10000}, {0x4, 0x1, 0x7, 0x2, 0x5, 0x44, "e9ddf932"}, 0x4, 0x1, @fd=r4, 0x2})
r6 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
fremovexattr(r6, &(0x7f0000000080)=@known='user.syz\x00')

08:54:07 executing program 2:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = fcntl$dupfd(r2, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
fcntl$setstatus(r0, 0x4, 0x6900)
ioctl$ASHMEM_GET_PIN_STATUS(0xffffffffffffffff, 0x7709, 0x0)
r4 = socket$inet6_sctp(0xa, 0x5, 0x84)
shutdown(r4, 0x0)
lseek(r0, 0x0, 0x2)
r5 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r5, 0x0, 0x8400fffffffa)
sendfile(r0, r5, 0x0, 0xffffffff)

08:54:07 executing program 3:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
fcntl$dupfd(r2, 0x0, r1)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r3 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r3, 0x0, 0x8400fffffffa)
sendfile(r0, r3, 0x0, 0xffffffff)

08:54:07 executing program 0:
prlimit64(0x0, 0xe, &(0x7f0000000240)={0x9, 0x8d}, 0x0)
r0 = getpid()
sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r1, &(0x7f0000006040)=[{{0x0, 0x0, 0x0}, 0xc}], 0x1, 0x0, 0x0)
pipe(&(0x7f0000000300)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
fcntl$setpipe(r3, 0x407, 0x0)
write(r3, &(0x7f0000000340), 0x41395527)
vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
dup(r1)
mkdir(&(0x7f00000000c0)='./file0\x00', 0x0)
readahead(0xffffffffffffffff, 0x0, 0xffffffff80000000)
ioctl$DRM_IOCTL_SET_VERSION(0xffffffffffffffff, 0xc0106407, 0x0)
ioctl$SG_GET_COMMAND_Q(0xffffffffffffffff, 0x2270, 0x0)
openat$dir(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r4 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000400)='/dev/fuse\x00', 0x2, 0x0)
mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000940)='fuse\x00', 0x0, &(0x7f0000000140)={{'fd', 0x3d, r4}, 0x2c, {'rootmode', 0x3d, 0x8000}, 0x2c, {'user_id'}, 0x2c, {'group_id'}})
ioctl$RTC_UIE_OFF(0xffffffffffffffff, 0x7004)

[ 2713.202312] LDTR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2713.231084] IDTR:                           limit=0x00000000, base=0x0000000000000000
[ 2713.250275] audit: type=1804 audit(1591347247.404:294): pid=19263 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.3" name="/root/syzkaller-testdir891778437/syzkaller.7QqUtx/787/bus" dev="sda1" ino=16500 res=1
[ 2713.271457] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
08:54:07 executing program 2:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = fcntl$dupfd(r2, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
fcntl$setstatus(r0, 0x4, 0x6900)
ioctl$ASHMEM_GET_PIN_STATUS(0xffffffffffffffff, 0x7709, 0x0)
r4 = socket$inet6_sctp(0xa, 0x5, 0x84)
shutdown(r4, 0x0)
lseek(r0, 0x0, 0x2)
r5 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r5, 0x0, 0x8400fffffffa)
sendfile(r0, r5, 0x0, 0xffffffff)

[ 2713.320608] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[ 2713.336968] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[ 2713.452853] Interruptibility = 00000000  ActivityState = 00000000
[ 2713.520994] *** Host State ***
08:54:07 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
fcntl$setstatus(r2, 0x4, 0x46000)
io_setup(0x2349, &(0x7f0000000240)=<r3=>0x0)
io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x80000000000000, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7}])
getsockopt$inet_sctp6_SCTP_ADAPTATION_LAYER(r2, 0x84, 0x7, &(0x7f0000000040), &(0x7f0000000240)=0x4)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200)
r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_CLOCK(0xffffffffffffffff, 0x4030ae7b, &(0x7f0000000000)={0xec2})
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000037000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r4, 0x4138ae84, &(0x7f00000000c0)={{0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x9}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x4, 0xce, 0x0, 0xfd}, {}, {}, {0x1}, {}, 0x80000004, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x20]})
ioctl$KVM_RUN(r4, 0xae80, 0x0)

[ 2713.555396] RIP = 0xffffffff8116426f  RSP = 0xffff8880587e79d0
[ 2713.644001] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[ 2713.682504] FSBase=00007ff5ac388700 GSBase=ffff8880aed00000 TRBase=fffffe0000003000
[ 2713.693222] *** Guest State ***
[ 2713.694649] audit: type=1804 audit(1591347247.444:295): pid=19262 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.2" name="/root/syzkaller-testdir440013971/syzkaller.BGz3RF/4533/bus" dev="sda1" ino=16532 res=1
[ 2713.696539] CR0: actual=0x0000000000000020, shadow=0x0000000000000000, gh_mask=fffffffffffffff7
[ 2713.696551] CR4: actual=0x0000000000002050, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[ 2713.696556] CR3 = 0x00000000fffbc000
08:54:07 executing program 2:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = fcntl$dupfd(r2, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
fcntl$setstatus(r0, 0x4, 0x6900)
ioctl$ASHMEM_GET_PIN_STATUS(0xffffffffffffffff, 0x7709, 0x0)
r4 = socket$inet6_sctp(0xa, 0x5, 0x84)
shutdown(r4, 0x0)
lseek(r0, 0x0, 0x2)
r5 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r5, 0x0, 0x8400fffffffa)
sendfile(r0, r5, 0x0, 0xffffffff)

[ 2713.696568] RSP = 0x0000000000000000  RIP = 0x000000000000fff0
[ 2713.696576] RFLAGS=0x00000002         DR7 = 0x0000000000000400
[ 2713.696589] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
[ 2713.696598] CS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2713.696610] DS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2713.696622] SS:   sel=0x0000, attr=0x04005, limit=0x00000000, base=0x0000000000000000
[ 2713.812045] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000
[ 2713.834980] CR0=0000000080050033 CR3=000000003a8cd000 CR4=00000000001426e0
[ 2713.861632] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff864018c0
[ 2713.888568] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
08:54:08 executing program 5:
r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
fremovexattr(r0, &(0x7f0000000000)=@known='system.sockprotoname\x00')
r1 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x46000)
io_setup(0x2349, &(0x7f0000000240)=<r2=>0x0)
io_submit(r2, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x80000000000000, 0x1, 0x0, r1, &(0x7f0000000000), 0x377140be6b5ef4c7}])
setsockopt$bt_BT_VOICE(r1, 0x112, 0xb, &(0x7f0000000040)=0x60, 0x2)

08:54:08 executing program 2:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = fcntl$dupfd(r2, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
fcntl$setstatus(r0, 0x4, 0x6900)
ioctl$ASHMEM_GET_PIN_STATUS(0xffffffffffffffff, 0x7709, 0x0)
socket$inet6_sctp(0xa, 0x5, 0x84)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r4 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r4, 0x0, 0x8400fffffffa)
sendfile(r0, r4, 0x0, 0xffffffff)

[ 2713.923079] *** Control State ***
[ 2713.945024] PinBased=0000003f CPUBased=b699edfe SecondaryExec=000000ea
[ 2713.959776] *** Guest State ***
[ 2713.971100] EntryControls=0000d1ff ExitControls=002fefff
[ 2713.976968] CR0: actual=0x0000000080000024, shadow=0x0000000080000004, gh_mask=fffffffffffffff7
[ 2713.976980] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[ 2713.976985] CR3 = 0x0000000000000000
[ 2713.976991] RSP = 0x0000000000002018  RIP = 0x0000000000000000
[ 2713.976999] RFLAGS=0x00000002         DR7 = 0x0000000000000400
[ 2713.977011] Sysenter RSP=0000000000000f80 CS:RIP=0050:0000000000002810
[ 2713.998871] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[ 2714.047432] VMEntry: intr_info=8000030d errcode=00000000 ilen=00000000
[ 2714.081373] ES:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
08:54:08 executing program 3:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
fcntl$dupfd(r2, 0x0, r1)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r3 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r3, 0x0, 0x8400fffffffa)
sendfile(r0, r3, 0x0, 0xffffffff)

[ 2714.099889] VMExit: intr_info=00000000 errcode=00000000 ilen=00000003
[ 2714.111972] FS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2714.136985]         reason=80000021 qualification=0000000000000000
[ 2714.144339] CS:   sel=0x0000, attr=0x08081, limit=0x00000000, base=0x0000000000000000
[ 2714.162338] GS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2714.184166] IDTVectoring: info=00000000 errcode=00000000
[ 2714.203500] TSC Offset = 0xfffffa500ba4f6b6
[ 2714.203532] DS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2714.208701] GDTR:                           limit=0x00000000, base=0x0000000000000000
[ 2714.234837] EPT pointer = 0x000000004aa4001e
[ 2714.256623] Virtual processor ID = 0x0024
[ 2714.276390] SS:   sel=0x0000, attr=0x04005, limit=0x00000000, base=0x0000000000000000
[ 2714.303728] LDTR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2714.319005] ES:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2714.353840] IDTR:                           limit=0x00000000, base=0x0000000000000000
[ 2714.361380] FS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2714.404575] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2714.407733] GS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2714.428375] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[ 2714.432008] GDTR:                           limit=0x00000000, base=0x0000000000000001
[ 2714.440942] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[ 2714.453430] Interruptibility = 00000000  ActivityState = 00000000
[ 2714.461284] *** Host State ***
[ 2714.467785] RIP = 0xffffffff8116426f  RSP = 0xffff8880408879d0
[ 2714.475535] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[ 2714.478280] LDTR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2714.484862] FSBase=00007ff5ac345700 GSBase=ffff8880aec00000 TRBase=fffffe0000003000
[ 2714.501039] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000
[ 2714.509821] CR0=0000000080050033 CR3=000000003a8cd000 CR4=00000000001426f0
[ 2714.519877] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff864018c0
[ 2714.528360] IDTR:                           limit=0x00000000, base=0x0000000000000000
[ 2714.529742] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[ 2714.546370] *** Control State ***
[ 2714.550791] PinBased=0000003f CPUBased=b699edfe SecondaryExec=000000e2
[ 2714.560207] EntryControls=0000d1ff ExitControls=002fefff
[ 2714.561021] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2714.575185] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[ 2714.589028] VMEntry: intr_info=8000009d errcode=00000000 ilen=00000000
[ 2714.597945] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[ 2714.610424] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[ 2714.621271] Interruptibility = 00000000  ActivityState = 00000000
[ 2714.634715] *** Host State ***
[ 2714.638130] RIP = 0xffffffff8116426f  RSP = 0xffff888040baf9d0
[ 2714.651745] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[ 2714.660706] FSBase=00007fc3c7505700 GSBase=ffff8880aed00000 TRBase=fffffe0000034000
[ 2714.666313] VMExit: intr_info=00000000 errcode=00000000 ilen=00000003
[ 2714.677215] GDTBase=fffffe0000032000 IDTBase=fffffe0000000000
[ 2714.690431] CR0=0000000080050033 CR3=0000000080a0d000 CR4=00000000001426e0
[ 2714.705982] Sysenter RSP=fffffe0000033200 CS:RIP=0010:ffffffff864018c0
[ 2714.728625] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[ 2714.731749]         reason=80000021 qualification=0000000000000000
[ 2714.736963] *** Control State ***
[ 2714.747624] PinBased=0000003f CPUBased=b6986dfe SecondaryExec=000000ea
[ 2714.756019] EntryControls=0000d1ff ExitControls=002fefff
[ 2714.761790] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[ 2714.771056] VMEntry: intr_info=800000c5 errcode=00000000 ilen=00000000
[ 2714.779563] VMExit: intr_info=00000000 errcode=00000000 ilen=00000003
[ 2714.787977]         reason=80000021 qualification=0000000000000000
[ 2714.795988] IDTVectoring: info=00000000 errcode=00000000
[ 2714.804128] TSC Offset = 0xfffffa4f73b0f192
[ 2714.808796] EPT pointer = 0x000000001528501e
[ 2714.815070] Virtual processor ID = 0x0029
[ 2714.815621] IDTVectoring: info=00000000 errcode=00000000
[ 2714.877203] TSC Offset = 0xfffffa4f94dbb93a
[ 2714.903764] EPT pointer = 0x000000004960001e
[ 2714.917141] Virtual processor ID = 0x001c
08:54:09 executing program 5:
creat(&(0x7f0000000140)='./bus\x00', 0x0)
r0 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/btrfs-control\x00', 0x0, 0x0)
ioctl$ASHMEM_GET_PIN_STATUS(r0, 0x7709, 0x0)
ioctl$KDGKBDIACR(r0, 0x4b4a, &(0x7f0000000000)=""/87)

08:54:09 executing program 0:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
fcntl$dupfd(r2, 0x0, r1)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r3 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r3, 0x0, 0x8400fffffffa)
sendfile(r0, r3, 0x0, 0xffffffff)

08:54:09 executing program 2:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = fcntl$dupfd(r2, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
fcntl$setstatus(r0, 0x4, 0x6900)
ioctl$ASHMEM_GET_PIN_STATUS(0xffffffffffffffff, 0x7709, 0x0)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r4 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r4, 0x0, 0x8400fffffffa)
sendfile(r0, r4, 0x0, 0xffffffff)

08:54:09 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0)
r1 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x46000)
io_setup(0x2349, &(0x7f0000000240)=<r2=>0x0)
io_submit(r2, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x80000000000000, 0x1, 0x0, r1, &(0x7f0000000000), 0x377140be6b5ef4c7}])
ioctl$SNDRV_CTL_IOCTL_ELEM_LIST(r1, 0xc0505510, &(0x7f0000000300)={0x3, 0x3, 0x8000, 0x3, &(0x7f0000000240)=[{}, {}, {}]})
r3 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_CLOCK(0xffffffffffffffff, 0x4030ae7b, &(0x7f0000000000)={0xec2})
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000026000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r4, 0x4138ae84, &(0x7f00000000c0)={{0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x9}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x4, 0xce, 0x0, 0xfd}, {}, {}, {0x1}, {}, 0x80000004, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x20]})
ioctl$KVM_RUN(r4, 0xae80, 0x0)

08:54:09 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = fcntl$dupfd(r2, 0x0, r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
r4 = socket$netlink(0x10, 0x3, 0x0)
r5 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r6, @ANYBLOB="0000000000000000280012000c00010076657468"], 0x48}}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000340)=ANY=[@ANYBLOB="4c00000024001d0f000000000000000000040000", @ANYRES32=r6, @ANYBLOB="00000000f1ffffff060000000d00010066715f636f64656c"], 0x4c}}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000640)=@newtfilter={0x24, 0x2a, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r6}}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_GET_MPP(0xffffffffffffffff, &(0x7f0000002940)={&(0x7f0000000040), 0xc, &(0x7f0000002900)={&(0x7f00000028c0)={0x2c, 0x0, 0x2, 0x70bd2d, 0x25dfdbff, {}, [@NL80211_ATTR_IFINDEX={0x8}, @NL80211_ATTR_WIPHY={0x8, 0x1, 0xffffffffffffffff}, @NL80211_ATTR_IFINDEX={0x8, 0x3, r6}]}, 0x2c}, 0x1, 0x0, 0x0, 0x2000000}, 0x4001)
r7 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_CLOCK(0xffffffffffffffff, 0x4030ae7b, &(0x7f0000000000)={0xec2})
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r7, &(0x7f0000026000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r7, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r7, 0x4138ae84, &(0x7f00000000c0)={{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, {}, {}, {}, {}, {0x0, 0x1, 0x0, 0x4, 0xce, 0x0, 0xfd, 0x0, 0x0, 0x8}, {}, {}, {}, {}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf000})
ioctl$KVM_RUN(r7, 0xae80, 0x0)

08:54:09 executing program 3:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140))
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0xffffffff)

[ 2715.009715] kauditd_printk_skb: 4 callbacks suppressed
[ 2715.009724] audit: type=1804 audit(1591347249.164:300): pid=19323 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.2" name="/root/syzkaller-testdir440013971/syzkaller.BGz3RF/4537/bus" dev="sda1" ino=16482 res=1
[ 2715.116804] *** Guest State ***
[ 2715.124639] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.4'.
[ 2715.125174] CR0: actual=0x0000000080000024, shadow=0x0000000080000004, gh_mask=fffffffffffffff7
[ 2715.147567] audit: type=1804 audit(1591347249.204:301): pid=19326 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.0" name="/root/syzkaller-testdir384449744/syzkaller.8GxjaF/4246/bus" dev="sda1" ino=15908 res=1
[ 2715.177512] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[ 2715.190915] CR3 = 0x0000000000000000
[ 2715.201046] RSP = 0x0000000000002018  RIP = 0x0000000000000000
[ 2715.211443] audit: type=1804 audit(1591347249.264:302): pid=19332 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.3" name="/root/syzkaller-testdir891778437/syzkaller.7QqUtx/789/bus" dev="sda1" ino=16725 res=1
[ 2715.229409] *** Guest State ***
[ 2715.239062] RFLAGS=0x00000002         DR7 = 0x0000000000000400
[ 2715.250260] Sysenter RSP=0000000000000f80 CS:RIP=0050:0000000000002810
08:54:09 executing program 5:
r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
fremovexattr(r0, &(0x7f0000000080)=@known='user.syz\x00')
socket$nl_generic(0x10, 0x3, 0x10)

[ 2715.259884] CS:   sel=0x0000, attr=0x08081, limit=0x00000000, base=0x0000000000000000
[ 2715.273628] DS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2715.282646] CR0: actual=0x0000000000000020, shadow=0x0000000000000000, gh_mask=fffffffffffffff7
[ 2715.284251] SS:   sel=0x0000, attr=0x04005, limit=0x00000000, base=0x0000000000000000
[ 2715.336044] ES:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2715.340507] CR4: actual=0x0000000000002050, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[ 2715.347909] FS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2715.375554] GS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2715.386788] CR3 = 0x00000000fffbc000
[ 2715.393923] GDTR:                           limit=0x00000000, base=0x0000000000000001
[ 2715.407450] RSP = 0x0000000000002006  RIP = 0x0000000000000000
[ 2715.417442] LDTR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2715.428032] RFLAGS=0x00010002         DR7 = 0x0000000000000400
[ 2715.439546] Sysenter RSP=0000000000000f80 CS:RIP=0050:0000000000002810
[ 2715.447556] IDTR:                           limit=0x00000000, base=0x0000000000000000
[ 2715.460694] CS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2715.472556] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2715.486371] DS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2715.495831] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[ 2715.507609] SS:   sel=0x0000, attr=0x04005, limit=0x00000001, base=0x0000000000000000
[ 2715.516681] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[ 2715.529838] ES:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
08:54:09 executing program 5:
r0 = creat(&(0x7f0000000140)='./bus\x00', 0x182)
prctl$PR_MCE_KILL_GET(0x22)
fremovexattr(r0, &(0x7f0000000040)=@known='com.apple.FinderInfo\x00')

[ 2715.539661] Interruptibility = 00000000  ActivityState = 00000000
[ 2715.553903] *** Host State ***
[ 2715.557842] FS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2715.576205] RIP = 0xffffffff8116426f  RSP = 0xffff8880151779d0
[ 2715.586694] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[ 2715.595696] GS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2715.614690] FSBase=00007fc3c7505700 GSBase=ffff8880aed00000 TRBase=fffffe0000034000
[ 2715.626501] GDTR:                           limit=0x00000000, base=0x0000000000000000
[ 2715.642279] GDTBase=fffffe0000032000 IDTBase=fffffe0000000000
[ 2715.653692] LDTR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2715.664018] CR0=0000000080050033 CR3=0000000080ae4000 CR4=00000000001426e0
[ 2715.675111] IDTR:                           limit=0x00000000, base=0x0000000000000000
[ 2715.684386] Sysenter RSP=fffffe0000033200 CS:RIP=0010:ffffffff864018c0
[ 2715.697558] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2715.706072] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[ 2715.717309] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[ 2715.725177] *** Control State ***
[ 2715.737072] PinBased=0000003f CPUBased=b6986dfe SecondaryExec=000000ea
[ 2715.744526] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[ 2715.758059] EntryControls=0000d1ff ExitControls=002fefff
[ 2715.765967] Interruptibility = 00000000  ActivityState = 00000000
[ 2715.776872] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[ 2715.787014] *** Host State ***
08:54:10 executing program 5:
r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
fremovexattr(r0, &(0x7f0000000000)=@random={'security.', 'bdev\x00'})

[ 2715.793641] RIP = 0xffffffff8116426f  RSP = 0xffff88804ab6f9d0
[ 2715.805421] VMEntry: intr_info=800000c5 errcode=00000000 ilen=00000000
[ 2715.821104] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[ 2715.831368] VMExit: intr_info=00000000 errcode=00000000 ilen=00000003
[ 2715.880725] FSBase=00007ff5ac367700 GSBase=ffff8880aec00000 TRBase=fffffe0000034000
[ 2715.890433] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.4'.
[ 2715.906408]         reason=80000021 qualification=0000000000000000
[ 2715.923821] GDTBase=fffffe0000032000 IDTBase=fffffe0000000000
08:54:10 executing program 2:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = fcntl$dupfd(r2, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r4 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r4, 0x0, 0x8400fffffffa)
sendfile(r0, r4, 0x0, 0xffffffff)

[ 2715.932921] IDTVectoring: info=00000000 errcode=00000000
[ 2715.938570] CR0=0000000080050033 CR3=0000000055084000 CR4=00000000001426f0
[ 2715.955539] TSC Offset = 0xfffffa4ed3319915
[ 2715.961406] Sysenter RSP=fffffe0000033200 CS:RIP=0010:ffffffff864018c0
[ 2715.974206] EPT pointer = 0x000000005b31a01e
[ 2715.981449] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[ 2715.989507] Virtual processor ID = 0x001c
[ 2716.000235] audit: type=1804 audit(1591347250.154:303): pid=19367 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.2" name="/root/syzkaller-testdir440013971/syzkaller.BGz3RF/4538/bus" dev="sda1" ino=16257 res=1
08:54:10 executing program 3:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140))
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0xffffffff)

[ 2716.032851] *** Control State ***
[ 2716.051155] PinBased=0000003f CPUBased=b699edfa SecondaryExec=000000ea
[ 2716.087091] EntryControls=0000d1ff ExitControls=002fefff
08:54:10 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200)
r2 = openat$zero(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/zero\x00', 0x680100, 0x0)
r3 = socket$inet6_sctp(0xa, 0x5, 0x84)
shutdown(r3, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r3, 0x84, 0x6f, &(0x7f0000000040)={0x0, 0xfffffca5, &(0x7f0000000300)=[@in={0x2, 0x4e22, @dev={0xac, 0x14, 0x14, 0x2a}}, @in6={0xa, 0x4e23, 0x0, @ipv4={[], [], @empty}, 0x5}, @in={0x2, 0x4e23, @multicast2}, @in={0x2, 0x4e20, @loopback}, @in6={0xa, 0x4e20, 0x4, @dev={0xfe, 0x80, [], 0x36}, 0x5}, @in={0x2, 0x4e22, @initdev={0xac, 0x1e, 0x0, 0x0}}, @in6={0xa, 0x4e21, 0x1, @mcast1, 0xffffffff}]}, &(0x7f0000000180)=0x10)
r4 = socket$inet(0x2, 0x80001, 0x84)
getsockopt$inet_sctp_SCTP_MAX_BURST(r4, 0x84, 0x14, &(0x7f00000000c0)=@assoc_value={<r5=>0x0}, &(0x7f0000000100)=0xfffffdeb)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r3, 0x84, 0x7d, &(0x7f0000000240)={r5}, 0x9c)
getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(r2, 0x84, 0x6d, &(0x7f0000000300)={r5, 0x22, "da904617fef49df9d7338f11d148a3e4461960be31d550986f04716b1165fb2f3636"}, &(0x7f0000000340)=0x2a)
r6 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r7 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000040)='/dev/btrfs-control\x00', 0x2040, 0x0)
getsockopt$inet_sctp_SCTP_HMAC_IDENT(r7, 0x84, 0x16, &(0x7f0000000240)={0x3, [0x8001, 0xfdaf, 0xff]}, &(0x7f0000000280)=0xa)
ioctl$KVM_SET_CLOCK(0xffffffffffffffff, 0x4030ae7b, &(0x7f0000000000)={0xec2, 0x8})
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000026000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r6, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r6, 0x4138ae84, &(0x7f00000000c0)={{0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x9}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x4, 0xce, 0x0, 0xfd}, {}, {}, {0x1}, {}, 0x80000004, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x20]})
ioctl$KVM_RUN(r6, 0xae80, 0x0)

[ 2716.144555] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[ 2716.165366] audit: type=1804 audit(1591347250.324:304): pid=19373 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.3" name="/root/syzkaller-testdir891778437/syzkaller.7QqUtx/790/bus" dev="sda1" ino=16170 res=1
08:54:10 executing program 0:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
fcntl$dupfd(r2, 0x0, r1)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r3 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r3, 0x0, 0x8400fffffffa)
sendfile(r0, r3, 0x0, 0xffffffff)

[ 2716.219010] VMEntry: intr_info=8000030d errcode=00000000 ilen=00000000
[ 2716.274158] VMExit: intr_info=00000000 errcode=00000000 ilen=00000003
[ 2716.300486]         reason=80000021 qualification=0000000000000000
08:54:10 executing program 5:
r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
fremovexattr(r0, &(0x7f0000000080)=@known='user.syz\x00')
syz_open_dev$audion(&(0x7f0000000000)='/dev/audio#\x00', 0x59, 0x135000)

[ 2716.330606] *** Guest State ***
[ 2716.344948] IDTVectoring: info=00000000 errcode=00000000
[ 2716.348199] CR0: actual=0x0000000080000024, shadow=0x0000000080000004, gh_mask=fffffffffffffff7
[ 2716.386357] TSC Offset = 0xfffffa4ec3ae0598
[ 2716.411811] audit: type=1804 audit(1591347250.564:305): pid=19381 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.0" name="/root/syzkaller-testdir384449744/syzkaller.8GxjaF/4247/bus" dev="sda1" ino=16482 res=1
[ 2716.423701] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[ 2716.439607] EPT pointer = 0x000000003f7a401e
[ 2716.483276] Virtual processor ID = 0x0024
08:54:10 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = fcntl$dupfd(r2, 0x0, r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_CLOCK(0xffffffffffffffff, 0x4030ae7b, &(0x7f0000000000)={0xec2})
r5 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dlm_plock\x00', 0x8000, 0x0)
r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0)
write$FUSE_INTERRUPT(r6, &(0x7f0000000080)={0x10}, 0x10)
r7 = dup2(0xffffffffffffffff, r6)
r8 = syz_genetlink_get_family_id$tipc(&(0x7f0000000340)='TIPC\x00')
sendmsg$TIPC_CMD_SET_NODE_ADDR(r7, &(0x7f0000000400)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f00000003c0)={&(0x7f0000000380)={0x24, r8, 0x300, 0x70bd29, 0x25dfdbfe, {{}, {}, {0x8, 0x11, 0x4}}, ["", "", "", "", "", "", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x80}, 0x4004080)
sendmsg$TIPC_CMD_GET_NODES(r5, &(0x7f0000000300)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000280)={0x1c, r8, 0x400, 0x70bd29, 0x25dfdbff, {}, ["", "", "", "", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x40}, 0x8080)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000026000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
connect$llc(0xffffffffffffffff, &(0x7f0000000440)={0x1a, 0x8, 0x4, 0x6, 0xd4, 0x80}, 0x10)
ioctl$KVM_SET_SREGS(r4, 0x4138ae84, &(0x7f00000000c0)={{}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x4, 0xce, 0x0, 0xfd}})
ioctl$KVM_RUN(r4, 0xae80, 0x0)

[ 2716.637694] CR3 = 0x0000000000000000
[ 2716.678898] RSP = 0x0000000000002018  RIP = 0x0000000000000000
[ 2716.723620] RFLAGS=0x00000002         DR7 = 0x0000000000000400
08:54:11 executing program 2:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = fcntl$dupfd(r2, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r4 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r4, 0x0, 0x8400fffffffa)
sendfile(r0, r4, 0x0, 0xffffffff)

[ 2716.799681] *** Guest State ***
[ 2716.800230] Sysenter RSP=0000000000000f80 CS:RIP=0050:0000000000002810
[ 2716.817995] CR0: actual=0x0000000000000020, shadow=0x0000000000000000, gh_mask=fffffffffffffff7
[ 2716.831782] CS:   sel=0x0000, attr=0x08081, limit=0x00000000, base=0x0000000000000000
[ 2716.879443] DS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2716.887863] CR4: actual=0x0000000000002050, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[ 2716.887874] CR3 = 0x00000000fffbc000
[ 2716.887881] RSP = 0x0000000000002006  RIP = 0x0000000000000000
[ 2716.887889] RFLAGS=0x00010002         DR7 = 0x0000000000000400
[ 2716.887901] Sysenter RSP=0000000000000f80 CS:RIP=0050:0000000000002810
[ 2716.887909] CS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2716.887922] DS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2716.887936] SS:   sel=0x0000, attr=0x04005, limit=0x00000000, base=0x0000000000000000
[ 2716.887947] ES:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2716.887960] FS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2716.887973] GS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2716.887982] GDTR:                           limit=0x00000000, base=0x0000000000000000
08:54:11 executing program 5:
r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
fremovexattr(r0, &(0x7f0000000080)=@known='user.syz\x00')
ioctl$sock_inet_SIOCSIFADDR(r0, 0x8916, &(0x7f0000000000)={'batadv0\x00', {0x2, 0x4e22, @rand_addr=0x64010101}})
r1 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/btrfs-control\x00', 0x0, 0x0)
ioctl$ASHMEM_GET_PIN_STATUS(r1, 0x7709, 0x0)
fallocate(r1, 0x2, 0x100000001, 0xb71)

[ 2716.887995] LDTR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2716.888003] IDTR:                           limit=0x00000000, base=0x0000000000000000
[ 2716.888016] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2716.888024] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[ 2716.888032] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[ 2716.888038] Interruptibility = 00000000  ActivityState = 00000000
[ 2716.888042] *** Host State ***
[ 2716.888051] RIP = 0xffffffff8116426f  RSP = 0xffff88809a3379d0
08:54:11 executing program 3:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140))
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0xffffffff)

[ 2716.888066] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[ 2716.888076] FSBase=00007ff5ac388700 GSBase=ffff8880aed00000 TRBase=fffffe0000034000
[ 2717.001692] SS:   sel=0x0000, attr=0x04005, limit=0x00000000, base=0x0000000000000000
[ 2717.056017] audit: type=1804 audit(1591347251.184:306): pid=19395 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.2" name="/root/syzkaller-testdir440013971/syzkaller.BGz3RF/4539/bus" dev="sda1" ino=16103 res=1
[ 2717.189020] audit: type=1804 audit(1591347251.294:307): pid=19402 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.3" name="/root/syzkaller-testdir891778437/syzkaller.7QqUtx/791/bus" dev="sda1" ino=16257 res=1
08:54:11 executing program 0:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
fcntl$dupfd(r2, 0x0, r1)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r3 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r3, 0x0, 0x8400fffffffa)
sendfile(r0, r3, 0x0, 0xffffffff)

[ 2717.373709] ES:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2717.426267] FS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2717.456930] GS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2717.473036] GDTBase=fffffe0000032000 IDTBase=fffffe0000000000
[ 2717.500979] GDTR:                           limit=0x00000000, base=0x0000000000000001
[ 2717.527582] CR0=0000000080050033 CR3=000000003b944000 CR4=00000000001426e0
[ 2717.550672] audit: type=1804 audit(1591347251.704:308): pid=19409 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.0" name="/root/syzkaller-testdir384449744/syzkaller.8GxjaF/4248/bus" dev="sda1" ino=16482 res=1
[ 2717.562734] Sysenter RSP=fffffe0000033200 CS:RIP=0010:ffffffff864018c0
[ 2717.622972] LDTR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
08:54:11 executing program 5:
r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x46000)
io_setup(0x2349, &(0x7f0000000240))
io_submit(0x0, 0x1, &(0x7f0000000540)=[&(0x7f0000000100)={0x0, 0x0, 0x80000000000000, 0x1, 0x0, r0, &(0x7f0000000000), 0x0, 0x0, 0x0, 0x0, r0}])
ioctl$VIDIOC_ENUMAUDIO(r0, 0xc0345641, &(0x7f0000000000)={0x7ff, "d041bf4208c3ed55aabaf611725319b55ae631691160fb5494af698a8aaf4faa", 0x1})
r1 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
fremovexattr(r1, &(0x7f00000000c0)=@known='trusted.overlay.impure\x00')
r2 = socket$inet_udplite(0x2, 0x2, 0x88)
getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000000240)={0x0, <r3=>0x0}, &(0x7f0000000280)=0x5)
setuid(r3)
r4 = socket$netlink(0x10, 0x3, 0x0)
getsockopt$sock_cred(r4, 0x1, 0x11, &(0x7f0000000280)={0x0, 0x0, <r5=>0x0}, &(0x7f0000cab000)=0xc)
syz_mount_image$hfs(&(0x7f0000000000)='hfs\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f00000002c0)={[{@gid={'gid', 0x3d, r5}}]})
r6 = socket$inet_udplite(0x2, 0x2, 0x88)
getsockopt$sock_cred(r6, 0x1, 0x11, &(0x7f0000000240)={0x0, <r7=>0x0}, &(0x7f0000000280)=0x5)
setuid(r7)
r8 = socket$netlink(0x10, 0x3, 0x0)
getsockopt$sock_cred(r8, 0x1, 0x11, &(0x7f0000000280)={0x0, 0x0, <r9=>0x0}, &(0x7f0000cab000)=0xc)
syz_mount_image$hfs(&(0x7f0000000000)='hfs\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB, @ANYRESHEX=r9, @ANYBLOB="2c10"])
write$FUSE_DIRENTPLUS(r1, &(0x7f0000000280)=ANY=[@ANYBLOB="5001000000000000070000000000000002000000000000000000000000000000020000000000000013000034000000000000000000ffffff7f00000000030000000000fdff02000000000000002014000000000008fbffffff0500000802000000000000000300"/121, @ANYRES32=r3, @ANYRES32=r5, @ANYBLOB="0300000001040000000000000500000000000000fcffffff03000000090000001f000000757365722e73797a000000000000000005000000000000000100000000000000700600000000000000100000000000000600000000800000030000000000000002000000000000003f0000000000000006000000000000002c2b000000000000ffff0000000000000100000004000f00"/160, @ANYRES32=r7, @ANYRES32=r9, @ANYBLOB="0800000004000000000000000100000000000000030000000000000000000000e3250000"], 0x150)

[ 2717.693482] IDTR:                           limit=0x00000000, base=0x0000000000000000
[ 2717.724008] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[ 2717.746533] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2717.763399] *** Control State ***
[ 2717.784095] PinBased=0000003f CPUBased=b699edfa SecondaryExec=000000ea
[ 2717.806592] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[ 2717.816661] EntryControls=0000d1ff ExitControls=002fefff
[ 2717.845570] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
08:54:12 executing program 2:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = fcntl$dupfd(r2, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r4 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r4, 0x0, 0x8400fffffffa)
sendfile(r0, r4, 0x0, 0xffffffff)

[ 2717.855864] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[ 2717.880476] VMEntry: intr_info=8000030d errcode=00000000 ilen=00000000
[ 2717.904570] VMExit: intr_info=00000000 errcode=00000000 ilen=00000003
[ 2717.908733] Interruptibility = 00000000  ActivityState = 00000000
[ 2717.940656] *** Host State ***
[ 2717.946610]         reason=80000021 qualification=0000000000000000
08:54:12 executing program 3:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r2 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r2, 0x0, 0x8400fffffffa)
sendfile(r0, r2, 0x0, 0xffffffff)

[ 2717.966319] RIP = 0xffffffff8116426f  RSP = 0xffff8880408979d0
[ 2717.971097] IDTVectoring: info=00000000 errcode=00000000
[ 2717.988580] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[ 2717.999751] TSC Offset = 0xfffffa4def7a3c67
[ 2718.009028] FSBase=00007fc3c7505700 GSBase=ffff8880aec00000 TRBase=fffffe0000003000
[ 2718.024147] EPT pointer = 0x000000003d72c01e
[ 2718.030420] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000
[ 2718.048735] Virtual processor ID = 0x0024
[ 2718.080751] CR0=0000000080050033 CR3=0000000014606000 CR4=00000000001426f0
[ 2718.093489] audit: type=1804 audit(1591347252.255:309): pid=19429 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.3" name="/root/syzkaller-testdir891778437/syzkaller.7QqUtx/792/bus" dev="sda1" ino=16169 res=1
[ 2718.131358] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff864018c0
08:54:12 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = fcntl$dupfd(r2, 0x0, r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
openat$audio(0xffffffffffffff9c, &(0x7f0000000240)='/dev/audio\x00', 0x2c0380, 0x0)
r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r5 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/btrfs-control\x00', 0x0, 0x0)
ioctl$ASHMEM_GET_PIN_STATUS(r5, 0x7709, 0x0)
ioctl$VIDIOC_SUBDEV_G_CROP(r5, 0xc038563b, &(0x7f0000000040)={0x1, 0x0, {0x3fe1cd04, 0x3, 0x0, 0x7fff}})
ioctl$KVM_SET_CLOCK(0xffffffffffffffff, 0x4030ae7b, &(0x7f0000000000)={0xec2})
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000026000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r4, 0x4138ae84, &(0x7f00000000c0)={{}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x4, 0xce, 0x0, 0xfd}})
ioctl$KVM_RUN(r4, 0xae80, 0x0)

[ 2718.173780] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[ 2718.211423] *** Control State ***
[ 2718.239105] PinBased=0000003f CPUBased=b6986dfe SecondaryExec=000000ea
[ 2718.313427] EntryControls=0000d1ff ExitControls=002fefff
[ 2718.319021] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[ 2718.375428] VMEntry: intr_info=800000c5 errcode=00000000 ilen=00000000
[ 2718.380881] *** Guest State ***
[ 2718.415345] CR0: actual=0x0000000000000020, shadow=0x0000000000000000, gh_mask=fffffffffffffff7
[ 2718.437773] VMExit: intr_info=00000000 errcode=00000000 ilen=00000003
[ 2718.468347] CR4: actual=0x0000000000002050, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[ 2718.481425]         reason=80000021 qualification=0000000000000000
[ 2718.524238] IDTVectoring: info=00000000 errcode=00000000
[ 2718.528445] CR3 = 0x00000000fffbc000
[ 2718.549996] RSP = 0x0000000000000f80  RIP = 0x0000000000000000
[ 2718.582476] TSC Offset = 0xfffffa4e2cbb48b7
[ 2718.588468] RFLAGS=0x00000002         DR7 = 0x0000000000000400
[ 2718.604489] EPT pointer = 0x000000003fbeb01e
[ 2718.621452] Virtual processor ID = 0x001c
08:54:12 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_CLOCK(0xffffffffffffffff, 0x4030ae7b, &(0x7f0000000000)={0xec2})
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_genetlink_get_family_id$netlbl_calipso(&(0x7f0000000040)='NLBL_CALIPSO\x00')
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000026000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000000c0)={{0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x9}, {}, {}, {}, {0x4000, 0x0, 0x8}, {0x0, 0x0, 0x0, 0x4, 0xce, 0x0, 0xfd, 0x0, 0x0, 0xfe}, {}, {0x2002}, {0x1}, {}, 0x80000004, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [0x800, 0x0, 0x0, 0x20]})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

08:54:12 executing program 5:
r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
fremovexattr(r0, &(0x7f0000000080)=@known='user.syz\x00')
r1 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x46000)
io_setup(0x2349, &(0x7f0000000240)=<r2=>0x0)
io_submit(r2, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x80000000000000, 0x1, 0x0, r1, &(0x7f0000000000), 0x377140be6b5ef4c7}])
ioctl$DRM_IOCTL_DROP_MASTER(r1, 0x641f)
r3 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/btrfs-control\x00', 0x0, 0x0)
ioctl$ASHMEM_GET_PIN_STATUS(r3, 0x7709, 0x0)
ioctl$VT_GETSTATE(r3, 0x5603, &(0x7f0000000000)={0x0, 0xfffd, 0x36})

08:54:12 executing program 0:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
fcntl$dupfd(r2, 0x0, r1)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r3 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r3, 0x0, 0xffffffff)

[ 2718.654615] Sysenter RSP=0000000000000f80 CS:RIP=0050:0000000000002810
[ 2718.690407] CS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2718.738222] DS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2718.792872] SS:   sel=0x0000, attr=0x04005, limit=0x00000000, base=0x0000000000000000
[ 2718.862829] ES:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2718.884735] *** Guest State ***
[ 2718.901765] CR0: actual=0x0000000080000024, shadow=0x0000000080000004, gh_mask=fffffffffffffff7
08:54:13 executing program 2:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = fcntl$dupfd(r2, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r4 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r4, 0x0, 0x8400fffffffa)
sendfile(r0, r4, 0x0, 0xffffffff)

08:54:13 executing program 3:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r2 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r2, 0x0, 0x8400fffffffa)
sendfile(r0, r2, 0x0, 0xffffffff)

[ 2718.929766] FS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2718.949764] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[ 2718.962994] GS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2718.984554] CR3 = 0x0000000000000000
[ 2718.989664] GDTR:                           limit=0x00000000, base=0x0000000000000000
[ 2719.006063] RSP = 0x0000000000002018  RIP = 0x0000000000000000
[ 2719.018728] RFLAGS=0x00000002         DR7 = 0x0000000000000400
[ 2719.043077] LDTR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2719.079503] Sysenter RSP=0000000000000f80 CS:RIP=0050:0000000000002810
[ 2719.107902] IDTR:                           limit=0x00000000, base=0x0000000000000000
[ 2719.131083] CS:   sel=0x0000, attr=0x08081, limit=0x00000000, base=0x0000000000000000
[ 2719.159893] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2719.177345] DS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2719.200549] EFER =     0x0000000000000000  PAT = 0x0007040600070406
08:54:13 executing program 5:
r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
fremovexattr(r0, &(0x7f0000000080)=@known='user.syz\x00')
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(r0, 0x8983, &(0x7f0000000000)={0x7, 'rose0\x00', {0x2}, 0x3f})

[ 2719.218875] SS:   sel=0x0000, attr=0x04005, limit=0x00000000, base=0x0000000000000000
[ 2719.239860] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[ 2719.268054] ES:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2719.287238] Interruptibility = 00000000  ActivityState = 00000000
[ 2719.307550] FS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2719.319763] *** Host State ***
[ 2719.334812] RIP = 0xffffffff8116426f  RSP = 0xffff888040baf9d0
[ 2719.358243] GS:   sel=0x0008, attr=0x10000, limit=0x00000000, base=0x0000000000004000
[ 2719.362166] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[ 2719.405427] GDTR:                           limit=0x00000000, base=0x0000000000000001
[ 2719.413834] FSBase=00007ff5ac388700 GSBase=ffff8880aed00000 TRBase=fffffe0000003000
[ 2719.450273] LDTR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000002002
[ 2719.458965] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000
[ 2719.484111] IDTR:                           limit=0x00000000, base=0x0000000000000000
[ 2719.507002] CR0=0000000080050033 CR3=0000000058817000 CR4=00000000001426e0
[ 2719.508211] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
08:54:13 executing program 0:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
fcntl$dupfd(r2, 0x0, r1)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r3 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r3, 0x0, 0xffffffff)

[ 2719.557379] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff864018c0
[ 2719.602676] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[ 2719.634699] *** Control State ***
[ 2719.638961] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[ 2719.652922] *** Guest State ***
[ 2719.654417] PinBased=0000003f CPUBased=b699edfa SecondaryExec=000000ea
[ 2719.656628] CR0: actual=0x0000000080000024, shadow=0x0000000080000004, gh_mask=fffffffffffffff7
[ 2719.699169] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[ 2719.727711] EntryControls=0000d1ff ExitControls=002fefff
08:54:13 executing program 5:
r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
r1 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/btrfs-control\x00', 0x0, 0x0)
creat(&(0x7f00000000c0)='./file0\x00', 0x1c0)
ioctl$ASHMEM_GET_PIN_STATUS(r1, 0x7709, 0x0)
ioctl$TIOCGSID(r0, 0x5429, &(0x7f0000000000)=<r2=>0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_REPLACE(r1, 0xc1105518, &(0x7f0000000180)={{0xa, 0x5, 0xffff, 0x0, '\x00', 0x4}, 0x1, 0x10000000, 0xfdff, r2, 0x1, 0x4, 'syz0\x00', &(0x7f0000000040)=['user.syz\x00'], 0x9, [], [0x2, 0xff7f, 0x401, 0x1540]})
fremovexattr(r0, &(0x7f0000000080)=@known='user.syz\x00')

[ 2719.742628] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[ 2719.754427] Interruptibility = 00000000  ActivityState = 00000000
[ 2719.784623] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[ 2719.789925] *** Host State ***
[ 2719.800403] CR3 = 0x0000000000000000
[ 2719.816824] RIP = 0xffffffff8116426f  RSP = 0xffff8880587e79d0
[ 2719.828292] RSP = 0x0000000000000000  RIP = 0x000000000000fff0
08:54:14 executing program 3:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r2 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r2, 0x0, 0x8400fffffffa)
sendfile(r0, r2, 0x0, 0xffffffff)

[ 2719.850823] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000
[ 2719.871487] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[ 2719.889560] RFLAGS=0x00010002         DR7 = 0x0000000000000400
08:54:14 executing program 2:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
fcntl$dupfd(r2, 0x0, r1)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r3 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r3, 0x0, 0x8400fffffffa)
sendfile(r0, r3, 0x0, 0xffffffff)

[ 2719.894300] VMExit: intr_info=00000000 errcode=00000000 ilen=00000003
[ 2719.919444] FSBase=00007fc3c7505700 GSBase=ffff8880aec00000 TRBase=fffffe0000034000
[ 2719.928945] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
[ 2719.935408]         reason=80000021 qualification=0000000000000000
[ 2719.963280] CS:   sel=0x0000, attr=0x08081, limit=0x00000000, base=0x0000000000000000
[ 2719.974596] GDTBase=fffffe0000032000 IDTBase=fffffe0000000000
[ 2719.977288] IDTVectoring: info=00000000 errcode=00000000
[ 2719.997247] CR0=0000000080050033 CR3=000000009b55b000 CR4=00000000001426f0
[ 2720.008236] DS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2720.026665] TSC Offset = 0xfffffa4d154d1e14
[ 2720.028237] Sysenter RSP=fffffe0000033200 CS:RIP=0010:ffffffff864018c0
[ 2720.045610] EPT pointer = 0x00000000428f601e
[ 2720.055968] SS:   sel=0x0000, attr=0x04005, limit=0x00000000, base=0x0000000000000000
[ 2720.078314] Virtual processor ID = 0x0024
[ 2720.080224] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[ 2720.098118] *** Control State ***
[ 2720.106848] ES:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2720.123068] PinBased=0000003f CPUBased=b6986dfe SecondaryExec=000000ea
[ 2720.156816] FS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2720.169237] EntryControls=0000d1ff ExitControls=002fefff
[ 2720.196235] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
08:54:14 executing program 5:
r0 = creat(&(0x7f0000000000)='./bus\x00', 0x10)
fremovexattr(r0, &(0x7f0000000080)=@known='user.syz\x00')

08:54:14 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = fcntl$dupfd(r2, 0x0, r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_CLOCK(0xffffffffffffffff, 0x4030ae7b, &(0x7f0000000000)={0x2000000005, 0x80000000})
ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000040)={0x0, 0x0, 0x100000, 0x1000, &(0x7f0000000000/0x1000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000026000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r4, 0x4138ae84, &(0x7f00000000c0)={{}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, {0x0, 0xf000}, {0x0, 0x0, 0x0, 0x4, 0xce, 0x0, 0xfd}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}})
ioctl$KVM_RUN(r4, 0xae80, 0x0)
r5 = socket$inet6_udplite(0xa, 0x2, 0x88)
setsockopt$inet6_MCAST_JOIN_GROUP(r3, 0x29, 0x2a, &(0x7f00000003c0)={0x1, {{0xa, 0x4e21, 0x101, @dev={0xfe, 0x80, [], 0x37}, 0x5}}}, 0x88)
setsockopt$inet6_IPV6_DSTOPTS(r5, 0x29, 0x3b, &(0x7f0000000480)=ANY=[@ANYBLOB="32280000ff000000040181000100089e060c4ee79f7b8af962579cf768e7eed7c97927f6ba7011b12ea26f17b2bc22351058769fa26a490fe925a5003ddab7c3bdc954cf432a9ebb01795911a9ff1878c1f2b5a2e67d39ba07a38d42b3fe3dffa72d4285627da90a1b5ab1209e16d75c76cf4931a47978dd8916a6fc48202c2ee7c1f55811532d998794043fa78ab075a4917d489ff7091853c68a8fdd6206714337dc14fbcad5a4e9ef8b7fbbbc42d2e2fe90b60738000000010c8101000500000000e8ffff270d000000000000fdffffffffffffff01001000000000000000000014000000ff0000000000000001050000000000c91000000000000000000004ffff35afd68b00010007480000000010024000feffffffffffffff080000000019070000000000000000000300000000000000830e0000000000000400000000000000070000000000000095f90000000000000000"], 0x150)
r6 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/btrfs-control\x00', 0x0, 0x0)
ioctl$ASHMEM_GET_PIN_STATUS(r6, 0x7709, 0x0)
mmap$perf(&(0x7f000002c000/0x4000)=nil, 0x4000, 0x1000002, 0x4010, 0xffffffffffffffff, 0x4)
shutdown(r6, 0x1)

[ 2720.208601] GS:   sel=0x0008, attr=0x10000, limit=0x00000000, base=0x0000000000004000
[ 2720.217004] kauditd_printk_skb: 6 callbacks suppressed
[ 2720.217013] audit: type=1804 audit(1591347254.375:316): pid=19487 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.2" name="/root/syzkaller-testdir440013971/syzkaller.BGz3RF/4542/bus" dev="sda1" ino=16803 res=1
[ 2720.282655] VMEntry: intr_info=8000000b errcode=00000000 ilen=00000000
[ 2720.298851] GDTR:                           limit=0x00000000, base=0x0000000000000001
[ 2720.319443] VMExit: intr_info=00000000 errcode=00000000 ilen=00000003
[ 2720.339749] LDTR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000002002
[ 2720.355102]         reason=80000021 qualification=0000000000000000
[ 2720.377399] IDTR:                           limit=0x00000000, base=0x0000000000000000
[ 2720.387219] IDTVectoring: info=00000000 errcode=00000000
[ 2720.411923] TSC Offset = 0xfffffa4cd0fb82ee
[ 2720.425328] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2720.442482] *** Guest State ***
[ 2720.443288] EPT pointer = 0x00000000413d701e
[ 2720.462312] Virtual processor ID = 0x001c
[ 2720.479311] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[ 2720.487623] CR0: actual=0x0000000000000020, shadow=0x0000000000000000, gh_mask=fffffffffffffff7
[ 2720.518634] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[ 2720.557807] CR4: actual=0x0000000000002050, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[ 2720.575881] Interruptibility = 00000000  ActivityState = 00000000
[ 2720.590868] CR3 = 0x00000000fffbc000
[ 2720.601284] RSP = 0x0000000000000f80  RIP = 0x0000000000000000
[ 2720.610989] *** Host State ***
[ 2720.628861] RIP = 0xffffffff8116426f  RSP = 0xffff8880151779d0
[ 2720.634952] RFLAGS=0x00000002         DR7 = 0x0000000000000400
[ 2720.634965] Sysenter RSP=0000000000000f80 CS:RIP=0050:0000000000002810
[ 2720.634974] CS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2720.634988] DS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2720.660115] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[ 2720.715553] FSBase=00007fc3c74a1700 GSBase=ffff8880aed00000 TRBase=fffffe0000034000
[ 2720.760760] SS:   sel=0x0000, attr=0x04005, limit=0x00000000, base=0x0000000000000000
[ 2720.768258] GDTBase=fffffe0000032000 IDTBase=fffffe0000000000
[ 2720.776893] ES:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2720.804432] CR0=0000000080050033 CR3=000000009b55b000 CR4=00000000001426e0
[ 2720.810294] FS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2720.824686] Sysenter RSP=fffffe0000033200 CS:RIP=0010:ffffffff864018c0
[ 2720.844988] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[ 2720.858958] GS:   sel=0x0000, attr=0x10000, limit=0x0000f000, base=0x0000000000000000
[ 2720.867241] *** Control State ***
[ 2720.867250] PinBased=0000003f CPUBased=b6986dfe SecondaryExec=000000e2
[ 2720.867256] EntryControls=0000d1ff ExitControls=002fefff
[ 2720.867269] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[ 2720.867274] VMEntry: intr_info=80000306 errcode=00000000 ilen=00000000
[ 2720.867283] VMExit: intr_info=00000000 errcode=00000000 ilen=00000003
[ 2720.890729] GDTR:                           limit=0x00000000, base=0x0000000000000000
[ 2720.913155] LDTR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2720.923098] IDTR:                           limit=0x00000000, base=0x0000000000000000
[ 2720.932146] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2720.941030] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[ 2720.948723] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[ 2720.957482] Interruptibility = 00000000  ActivityState = 00000000
[ 2720.978474]         reason=80000021 qualification=0000000000000000
[ 2720.986095] *** Host State ***
[ 2720.995718] RIP = 0xffffffff8116426f  RSP = 0xffff8880186cf9d0
[ 2721.001403] IDTVectoring: info=00000000 errcode=00000000
[ 2721.005617] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[ 2721.022490] FSBase=00007ff5ac388700 GSBase=ffff8880aec00000 TRBase=fffffe0000003000
[ 2721.030584] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000
[ 2721.033541] TSC Offset = 0xfffffa4c67cc4089
[ 2721.039083] CR0=0000000080050033 CR3=0000000019864000 CR4=00000000001426f0
[ 2721.046345] EPT pointer = 0x000000001963d01e
[ 2721.049561] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff864018c0
[ 2721.060206] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[ 2721.067493] *** Control State ***
[ 2721.068511] Virtual processor ID = 0x0029
[ 2721.071229] PinBased=0000003f CPUBased=b699edfa SecondaryExec=000000ea
[ 2721.083943] EntryControls=0000d1ff ExitControls=002fefff
[ 2721.089617] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[ 2721.098378] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000
08:54:15 executing program 5:
r0 = creat(&(0x7f0000000000)='./bus\x00', 0x1a9)
fremovexattr(r0, &(0x7f0000000080)=@known='user.syz\x00')

08:54:15 executing program 0:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
fcntl$dupfd(r2, 0x0, r1)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r3 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r3, 0x0, 0xffffffff)

08:54:15 executing program 3:
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = fcntl$dupfd(r1, 0x0, r0)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
fcntl$setstatus(0xffffffffffffffff, 0x4, 0x6900)
ftruncate(0xffffffffffffffff, 0x800)
lseek(0xffffffffffffffff, 0x0, 0x2)
r3 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(0xffffffffffffffff, r3, 0x0, 0x8400fffffffa)
sendfile(0xffffffffffffffff, r3, 0x0, 0xffffffff)

[ 2721.112726] VMExit: intr_info=00000000 errcode=00000000 ilen=00000003
[ 2721.130193]         reason=80000021 qualification=0000000000000000
[ 2721.138498] IDTVectoring: info=00000000 errcode=00000000
[ 2721.151444] TSC Offset = 0xfffffa4bf8518bee
08:54:15 executing program 2:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
fcntl$dupfd(r2, 0x0, r1)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r3 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r3, 0x0, 0x8400fffffffa)
sendfile(r0, r3, 0x0, 0xffffffff)

08:54:15 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_CLOCK(0xffffffffffffffff, 0x4030ae7b, &(0x7f0000000000)={0xec2})
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000026000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000000c0)={{0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x9}, {}, {0x0, 0x0, 0xf, 0x3}, {}, {0x2000}, {0x1, 0x0, 0x0, 0x4, 0xce, 0x0, 0xfd}, {}, {}, {0x1}, {0xd000}, 0x80000004, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x20]})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
r3 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
r4 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/btrfs-control\x00', 0x0, 0x0)
ioctl$ASHMEM_GET_PIN_STATUS(r4, 0x7709, 0x0)
fcntl$setstatus(r4, 0x4, 0x6400)
io_setup(0x2349, &(0x7f0000000240)=<r5=>0x0)
io_submit(r5, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x80000000000000, 0x1, 0x0, r3, &(0x7f0000000000), 0x377140be6b5ef4c7}])
io_setup(0x2349, &(0x7f0000000240)=<r6=>0x0)
io_submit(r6, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x80000000000000, 0x1, 0x0, 0xffffffffffffffff, &(0x7f0000000000), 0x377140be6b5ef4c7}])
setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f0000001500)=0xffffffffffffffff, 0x4)
recvmsg$can_bcm(r3, &(0x7f00000014c0)={&(0x7f0000000240)=@nfc, 0x80, &(0x7f0000001400)=[{&(0x7f00000002c0)=""/138, 0x8a}, {&(0x7f0000000040)=""/51, 0x33}, {&(0x7f0000000380)=""/127, 0x7f}, {&(0x7f0000000400)=""/4096, 0x1000}], 0x4, &(0x7f0000001440)=""/123, 0x7b}, 0x10001)

[ 2721.176320] EPT pointer = 0x000000003c0f701e
[ 2721.193453] Virtual processor ID = 0x0024
[ 2721.226020] audit: type=1804 audit(1591347255.385:317): pid=19514 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.0" name="/root/syzkaller-testdir384449744/syzkaller.8GxjaF/4251/bus" dev="sda1" ino=16851 res=1
08:54:15 executing program 3:
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = fcntl$dupfd(r1, 0x0, r0)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
fcntl$setstatus(0xffffffffffffffff, 0x4, 0x6900)
ftruncate(0xffffffffffffffff, 0x800)
lseek(0xffffffffffffffff, 0x0, 0x2)
r3 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(0xffffffffffffffff, r3, 0x0, 0x8400fffffffa)
sendfile(0xffffffffffffffff, r3, 0x0, 0xffffffff)

[ 2721.302061] *** Guest State ***
08:54:15 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = fcntl$dupfd(r2, 0x0, r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_CLOCK(0xffffffffffffffff, 0x4030ae7b, &(0x7f0000000000)={0xec2})
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000026000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
syz_init_net_socket$netrom(0x6, 0x5, 0x0)
ioctl$KVM_SET_SREGS(r4, 0x4138ae84, &(0x7f00000000c0)={{}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x4, 0xce, 0x0, 0xfd}})
ioctl$KVM_RUN(r4, 0xae80, 0x0)

[ 2721.329297] CR0: actual=0x0000000080000024, shadow=0x0000000080000004, gh_mask=fffffffffffffff7
[ 2721.380011] audit: type=1804 audit(1591347255.435:318): pid=19515 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.2" name="/root/syzkaller-testdir440013971/syzkaller.BGz3RF/4543/bus" dev="sda1" ino=16914 res=1
[ 2721.382116] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
08:54:15 executing program 3:
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = fcntl$dupfd(r1, 0x0, r0)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
fcntl$setstatus(0xffffffffffffffff, 0x4, 0x6900)
ftruncate(0xffffffffffffffff, 0x800)
lseek(0xffffffffffffffff, 0x0, 0x2)
r3 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(0xffffffffffffffff, r3, 0x0, 0x8400fffffffa)
sendfile(0xffffffffffffffff, r3, 0x0, 0xffffffff)

[ 2721.517896] *** Guest State ***
[ 2721.529802] CR0: actual=0x0000000000000020, shadow=0x0000000000000000, gh_mask=fffffffffffffff7
[ 2721.568321] CR4: actual=0x0000000000002050, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[ 2721.581238] CR3 = 0x0000000000000000
[ 2721.595083] RSP = 0x0000000000002018  RIP = 0x0000000000000000
[ 2721.610297] CR3 = 0x00000000fffbc000
[ 2721.619440] RFLAGS=0x00000002         DR7 = 0x0000000000000400
[ 2721.630549] RSP = 0x0000000000002006  RIP = 0x0000000000000000
[ 2721.648353] Sysenter RSP=0000000000000f80 CS:RIP=0050:0000000000002810
[ 2721.659339] RFLAGS=0x00010002         DR7 = 0x0000000000000400
08:54:15 executing program 5:
r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
fremovexattr(r0, &(0x7f0000000080)=@known='user.syz\x00')
r1 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x46000)
io_setup(0x2349, &(0x7f0000000240)=<r2=>0x0)
io_submit(r2, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x80000000000000, 0x1, 0x0, r1, &(0x7f0000000000), 0x377140be6b5ef4c7}])
ioctl$TUNSETSNDBUF(r1, 0x400454d4, &(0x7f0000000040)=0x5)
ioctl$VIDIOC_G_FBUF(r0, 0x8030560a, &(0x7f0000000000)={0x7, 0xc, &(0x7f0000000180)="30fe804f2bf481c62fe95227b4021da486c4a8f781189bbfccd1d2ac465703439ad2916d76f4ce2d8c331d8ac519e14c896d609805dd73f1b23c830529e86e8e3ad41b604933016cf07baf4c01365a9de0e373cfa6f797ac8f0bf2ab2bc7a8a72678ea0c1321f5ed3b1707dafda70b25ed24e7d0c5b0fe3cfae2a9430bd8489cd35edd735ca71606245f2636f0395676d9c24bfdd4f02123cbab82ba486055de2848db7406120564d3e835bd2bc00ef412bc864e52df8e45ba8111efc6f57b", {0xffffffff, 0x7ff, 0x41414770, 0x3, 0x1, 0x6, 0xa, 0x101}})

08:54:15 executing program 3:
r0 = creat(0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = fcntl$dupfd(r2, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r4 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r4, 0x0, 0x8400fffffffa)
sendfile(r0, r4, 0x0, 0xffffffff)

[ 2721.677975] CS:   sel=0x0000, attr=0x08081, limit=0x00000000, base=0x0000000000000000
[ 2721.689592] Sysenter RSP=0000000000000f80 CS:RIP=0050:0000000000002810
[ 2721.728109] DS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2721.737748] CS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2721.764728] SS:   sel=0x0000, attr=0x04005, limit=0x00000000, base=0x0000000000000001
[ 2721.773092] DS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2721.799388] ES:   sel=0x000f, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2721.808996] SS:   sel=0x0000, attr=0x04005, limit=0x00000000, base=0x0000000000000000
[ 2721.836654] FS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
08:54:16 executing program 3:
r0 = creat(0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = fcntl$dupfd(r2, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r4 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r4, 0x0, 0x8400fffffffa)
sendfile(r0, r4, 0x0, 0xffffffff)

[ 2721.846175] ES:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2721.881159] GS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000002000
[ 2721.892533] FS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2721.914846] GDTR:                           limit=0x00000000, base=0x0000000000000001
[ 2721.924469] GS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2721.950191] LDTR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2721.959650] GDTR:                           limit=0x00000000, base=0x0000000000000000
[ 2721.984482] IDTR:                           limit=0x00000000, base=0x000000000000d000
[ 2721.995263] LDTR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
08:54:16 executing program 2:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
fcntl$dupfd(r2, 0x0, r1)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r3 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r3, 0x0, 0x8400fffffffa)
sendfile(r0, r3, 0x0, 0xffffffff)

08:54:16 executing program 3:
r0 = creat(0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = fcntl$dupfd(r2, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r4 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r4, 0x0, 0x8400fffffffa)
sendfile(r0, r4, 0x0, 0xffffffff)

08:54:16 executing program 0:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
fcntl$dupfd(r2, 0x0, r1)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
sendfile(r0, 0xffffffffffffffff, 0x0, 0x8400fffffffa)
sendfile(r0, 0xffffffffffffffff, 0x0, 0xffffffff)

[ 2722.033787] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2722.047766] IDTR:                           limit=0x00000000, base=0x0000000000000000
[ 2722.109683] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[ 2722.117101] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2722.143810] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[ 2722.144027] audit: type=1804 audit(1591347256.305:319): pid=19551 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.2" name="/root/syzkaller-testdir440013971/syzkaller.BGz3RF/4544/bus" dev="sda1" ino=16482 res=1
[ 2722.158523] EFER =     0x0000000000000000  PAT = 0x0007040600070406
08:54:16 executing program 3:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = fcntl$dupfd(r2, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r4 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r4, 0x0, 0x8400fffffffa)
sendfile(r0, r4, 0x0, 0xffffffff)

[ 2722.201466] Interruptibility = 00000000  ActivityState = 00000000
08:54:16 executing program 0:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
fcntl$dupfd(r2, 0x0, r1)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
sendfile(r0, 0xffffffffffffffff, 0x0, 0x8400fffffffa)
sendfile(r0, 0xffffffffffffffff, 0x0, 0xffffffff)

[ 2722.245654] *** Host State ***
[ 2722.263070] RIP = 0xffffffff8116426f  RSP = 0xffff888092b679d0
[ 2722.302952] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[ 2722.319361] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[ 2722.338525] audit: type=1804 audit(1591347256.495:320): pid=19567 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.3" name="/root/syzkaller-testdir891778437/syzkaller.7QqUtx/801/bus" dev="sda1" ino=16851 res=1
[ 2722.374958] FSBase=00007fc3c7505700 GSBase=ffff8880aed00000 TRBase=fffffe0000034000
[ 2722.396362] Interruptibility = 00000000  ActivityState = 00000000
[ 2722.411148] GDTBase=fffffe0000032000 IDTBase=fffffe0000000000
[ 2722.423443] *** Host State ***
[ 2722.433188] RIP = 0xffffffff8116426f  RSP = 0xffff8880412879d0
[ 2722.442316] CR0=0000000080050033 CR3=0000000084663000 CR4=00000000001426e0
[ 2722.471877] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[ 2722.489731] Sysenter RSP=fffffe0000033200 CS:RIP=0010:ffffffff864018c0
[ 2722.506488] FSBase=00007ff5ac388700 GSBase=ffff8880aed00000 TRBase=fffffe0000034000
[ 2722.519402] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[ 2722.537780] GDTBase=fffffe0000032000 IDTBase=fffffe0000000000
[ 2722.545314] *** Control State ***
[ 2722.557156] PinBased=0000003f CPUBased=b6986dfe SecondaryExec=000000ea
[ 2722.567456] CR0=0000000080050033 CR3=00000000a5894000 CR4=00000000001426e0
[ 2722.584423] EntryControls=0000d1ff ExitControls=002fefff
[ 2722.596055] Sysenter RSP=fffffe0000033200 CS:RIP=0010:ffffffff864018c0
[ 2722.608571] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[ 2722.626848] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[ 2722.637903] VMEntry: intr_info=800000c5 errcode=00000000 ilen=00000000
[ 2722.658609] *** Control State ***
[ 2722.665059] VMExit: intr_info=00000000 errcode=00000000 ilen=00000003
[ 2722.676247] PinBased=0000003f CPUBased=b699edfa SecondaryExec=000000ea
[ 2722.697202]         reason=80000021 qualification=0000000000000000
[ 2722.706529] EntryControls=0000d1ff ExitControls=002fefff
[ 2722.718949] IDTVectoring: info=00000000 errcode=00000000
[ 2722.736528] TSC Offset = 0xfffffa4b833c8959
[ 2722.737661] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[ 2722.751211] EPT pointer = 0x000000004976201e
[ 2722.767657] Virtual processor ID = 0x001c
[ 2722.771297] VMEntry: intr_info=8000030d errcode=00000000 ilen=00000000
[ 2722.779326] VMExit: intr_info=00000000 errcode=00000000 ilen=00000003
08:54:17 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_CLOCK(0xffffffffffffffff, 0x4030ae7b, &(0x7f0000000000)={0xec2})
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
r3 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/btrfs-control\x00', 0x0, 0x0)
ioctl$ASHMEM_GET_PIN_STATUS(r3, 0x7709, 0x0)
r4 = syz_genetlink_get_family_id$tipc(&(0x7f0000000240)='TIPC\x00')
pipe2(&(0x7f0000000340)={<r5=>0xffffffffffffffff}, 0x84000)
ioctl$EVIOCGREP(r5, 0x80084503, &(0x7f0000000380)=""/36)
sendmsg$TIPC_CMD_DISABLE_BEARER(r3, &(0x7f0000000300)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f00000002c0)={&(0x7f0000000280)={0x2c, r4, 0x1, 0x70bd2a, 0x25dfdbff, {{}, {}, {0x10, 0x13, @udp='udp:syz0\x00'}}, ["", "", "", "", "", "", "", "", ""]}, 0x2c}}, 0x80000)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000026000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000000c0)={{0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x9}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x4, 0xce, 0x0, 0xfd}, {}, {}, {0x1}, {}, 0x80000004, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x20]})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

08:54:17 executing program 0:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
fcntl$dupfd(r2, 0x0, r1)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
sendfile(r0, 0xffffffffffffffff, 0x0, 0x8400fffffffa)
sendfile(r0, 0xffffffffffffffff, 0x0, 0xffffffff)

[ 2722.836371]         reason=80000021 qualification=0000000000000000
[ 2722.880413] IDTVectoring: info=00000000 errcode=00000000
[ 2722.916255] TSC Offset = 0xfffffa4b6778199a
[ 2722.934912] EPT pointer = 0x000000009092a01e
[ 2722.963654] Virtual processor ID = 0x0024
[ 2723.000571] *** Guest State ***
08:54:17 executing program 5:
r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
fremovexattr(r0, &(0x7f0000000080)=@known='user.syz\x00')
r1 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/btrfs-control\x00', 0x0, 0x0)
ioctl$ASHMEM_GET_PIN_STATUS(r1, 0x7709, 0x0)
fadvise64(r1, 0x4, 0x40000000001f, 0x5)
r2 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/btrfs-control\x00', 0x0, 0x0)
ioctl$ASHMEM_GET_PIN_STATUS(r2, 0x7709, 0x0)
ioctl$VIDIOC_S_FMT(r2, 0xc0d05605, &(0x7f0000000180)={0x8, @pix={0x58, 0x6, 0x39555659, 0x8, 0x80, 0x10000, 0xa, 0x7fff, 0x1, 0x0, 0x1, 0x1}})

08:54:17 executing program 2:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140))
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0xffffffff)

08:54:17 executing program 0:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
fcntl$dupfd(r2, 0x0, r1)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
r3 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r3, 0x0, 0x8400fffffffa)
sendfile(r0, r3, 0x0, 0xffffffff)

08:54:17 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = fcntl$dupfd(r2, 0x0, r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_CLOCK(0xffffffffffffffff, 0x4030ae7b, &(0x7f0000000000)={0xec2})
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000026000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r4, 0x4138ae84, &(0x7f00000000c0)={{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20}, {}, {}, {0x0, 0x3000}, {}, {0x3000, 0x0, 0x0, 0x4, 0xce, 0x0, 0xfd, 0x0, 0x0, 0x0, 0xff}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x28}})
ioctl$KVM_RUN(r4, 0xae80, 0x0)

[ 2723.025592] CR0: actual=0x0000000080000024, shadow=0x0000000080000004, gh_mask=fffffffffffffff7
[ 2723.055875] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[ 2723.113465] CR3 = 0x0000000000000000
[ 2723.131865] RSP = 0x0000000000002018  RIP = 0x0000000000000000
08:54:17 executing program 3:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = fcntl$dupfd(r2, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r4 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r4, 0x0, 0x8400fffffffa)
sendfile(r0, r4, 0x0, 0xffffffff)

[ 2723.158691] audit: type=1804 audit(1591347257.315:321): pid=19589 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.2" name="/root/syzkaller-testdir440013971/syzkaller.BGz3RF/4545/bus" dev="sda1" ino=16373 res=1
[ 2723.175099] RFLAGS=0x00000002         DR7 = 0x0000000000000400
08:54:17 executing program 0:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
fcntl$dupfd(r2, 0x0, r1)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
r3 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r3, 0x0, 0x8400fffffffa)
sendfile(r0, r3, 0x0, 0xffffffff)

[ 2723.247103] Sysenter RSP=0000000000000f80 CS:RIP=0050:0000000000002810
[ 2723.274711] *** Guest State ***
[ 2723.294786] CR0: actual=0x0000000000000020, shadow=0x0000000000000000, gh_mask=fffffffffffffff7
[ 2723.307365] CS:   sel=0x0000, attr=0x08081, limit=0x00000000, base=0x0000000000000000
[ 2723.307473] audit: type=1804 audit(1591347257.365:322): pid=19590 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.0" name="/root/syzkaller-testdir384449744/syzkaller.8GxjaF/4255/bus" dev="sda1" ino=16964 res=1
[ 2723.337685] CR4: actual=0x0000000000002050, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[ 2723.351871] DS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2723.399692] SS:   sel=0x0000, attr=0x04005, limit=0x00000000, base=0x0000000000000000
[ 2723.419482] CR3 = 0x00000000fffbc000
[ 2723.438187] RSP = 0x0000000000002006  RIP = 0x0000000000000000
08:54:17 executing program 0:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
fcntl$dupfd(r2, 0x0, r1)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
r3 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r3, 0x0, 0x8400fffffffa)
sendfile(r0, r3, 0x0, 0xffffffff)

[ 2723.448806] ES:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2723.484570] RFLAGS=0x00010002         DR7 = 0x0000000000000400
08:54:17 executing program 5:
r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
fremovexattr(r0, &(0x7f0000000080)=@known='user.syz\x00')
ioctl$VHOST_SET_VRING_BUSYLOOP_TIMEOUT(r0, 0x4008af23, &(0x7f0000000000)={0x3, 0x9})

[ 2723.501107] FS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2723.520084] Sysenter RSP=0000000000000f80 CS:RIP=0050:0000000000002810
[ 2723.548778] GS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2723.561138] CS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2723.582698] audit: type=1804 audit(1591347257.445:323): pid=19598 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.3" name="/root/syzkaller-testdir891778437/syzkaller.7QqUtx/802/bus" dev="sda1" ino=16626 res=1
[ 2723.592705] GDTR:                           limit=0x00000000, base=0x0000000000000001
[ 2723.624955] DS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
08:54:17 executing program 0:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
fcntl$dupfd(r2, 0x0, r1)
fcntl$setstatus(r0, 0x4, 0x6900)
lseek(r0, 0x0, 0x2)
r3 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r3, 0x0, 0x8400fffffffa)
sendfile(r0, r3, 0x0, 0xffffffff)

[ 2723.658220] SS:   sel=0x0000, attr=0x05005, limit=0x00000000, base=0x0000000000003000
[ 2723.698508] ES:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2723.731726] LDTR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2723.750154] FS:   sel=0x0000, attr=0x10000, limit=0x00003000, base=0x0000000000000000
[ 2723.774510] IDTR:                           limit=0x00000000, base=0x0000000000000000
[ 2723.797957] GS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2723.826205] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2723.846318] GDTR:                           limit=0x00000000, base=0x0000000000000000
08:54:18 executing program 0:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
fcntl$dupfd(r2, 0x0, r1)
fcntl$setstatus(r0, 0x4, 0x6900)
lseek(r0, 0x0, 0x2)
r3 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r3, 0x0, 0x8400fffffffa)
sendfile(r0, r3, 0x0, 0xffffffff)

[ 2723.874010] audit: type=1804 audit(1591347257.555:324): pid=19603 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.0" name="/root/syzkaller-testdir384449744/syzkaller.8GxjaF/4256/bus" dev="sda1" ino=17156 res=1
[ 2723.885760] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[ 2723.911565] LDTR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2723.953984] IDTR:                           limit=0x00000000, base=0x0000000000000000
[ 2724.018201] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[ 2724.028344] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2724.056373] Interruptibility = 00000000  ActivityState = 00000000
[ 2724.075419] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[ 2724.087801] audit: type=1804 audit(1591347257.795:325): pid=19608 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.0" name="/root/syzkaller-testdir384449744/syzkaller.8GxjaF/4257/bus" dev="sda1" ino=16742 res=1
[ 2724.131059] *** Host State ***
[ 2724.142539] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[ 2724.155930] RIP = 0xffffffff8116426f  RSP = 0xffff8880146af9d0
[ 2724.174023] Interruptibility = 00000000  ActivityState = 00000000
[ 2724.184087] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[ 2724.199710] *** Host State ***
[ 2724.207744] FSBase=00007fc3c7505700 GSBase=ffff8880aed00000 TRBase=fffffe0000034000
[ 2724.218393] RIP = 0xffffffff8116426f  RSP = 0xffff8880417a79d0
[ 2724.225322] GDTBase=fffffe0000032000 IDTBase=fffffe0000000000
[ 2724.232918] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[ 2724.240205] CR0=0000000080050033 CR3=000000004b5be000 CR4=00000000001426e0
[ 2724.249129] FSBase=00007ff5ac388700 GSBase=ffff8880aed00000 TRBase=fffffe0000034000
[ 2724.258072] Sysenter RSP=fffffe0000033200 CS:RIP=0010:ffffffff864018c0
[ 2724.266825] GDTBase=fffffe0000032000 IDTBase=fffffe0000000000
[ 2724.273663] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[ 2724.280584] CR0=0000000080050033 CR3=00000000497ed000 CR4=00000000001426e0
[ 2724.290039] *** Control State ***
[ 2724.294659] Sysenter RSP=fffffe0000033200 CS:RIP=0010:ffffffff864018c0
[ 2724.302733] PinBased=0000003f CPUBased=b6986dfe SecondaryExec=000000ea
[ 2724.309583] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[ 2724.318153] EntryControls=0000d1ff ExitControls=002fefff
[ 2724.324680] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[ 2724.332754] *** Control State ***
[ 2724.343516] PinBased=0000003f CPUBased=b699edfa SecondaryExec=000000ea
[ 2724.350567] VMEntry: intr_info=800000c5 errcode=00000000 ilen=00000000
[ 2724.367960] EntryControls=0000d1ff ExitControls=002fefff
[ 2724.375108] VMExit: intr_info=00000000 errcode=00000000 ilen=00000003
[ 2724.377147] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[ 2724.390834] VMEntry: intr_info=8000030d errcode=00000000 ilen=00000000
[ 2724.394656]         reason=80000021 qualification=0000000000000000
[ 2724.402119] VMExit: intr_info=00000000 errcode=00000000 ilen=00000003
[ 2724.410506]         reason=80000021 qualification=0000000000000000
[ 2724.419014] IDTVectoring: info=00000000 errcode=00000000
08:54:18 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_CLOCK(0xffffffffffffffff, 0x4030ae7b, &(0x7f0000000000)={0xec2})
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000026000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000000c0)={{0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x9}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x4, 0xce, 0x0, 0xfd}, {}, {}, {0x1}, {}, 0x80000004, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x20]})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
r3 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
fcntl$setstatus(r3, 0x4, 0x46000)
io_setup(0x2349, &(0x7f0000000240)=<r4=>0x0)
io_submit(r4, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x80000000000000, 0x1, 0x0, r3, &(0x7f0000000000), 0x377140be6b5ef4c7}])
setsockopt$inet_sctp6_SCTP_I_WANT_MAPPED_V4_ADDR(r3, 0x84, 0xc, &(0x7f0000000040)=0x9a, 0x4)

[ 2724.429781] TSC Offset = 0xfffffa4a9c4260a7
[ 2724.438677] IDTVectoring: info=00000000 errcode=00000000
[ 2724.439303] EPT pointer = 0x000000001a0b101e
[ 2724.444287] TSC Offset = 0xfffffa4a7647e286
[ 2724.444295] EPT pointer = 0x000000008c6a401e
[ 2724.444304] Virtual processor ID = 0x0024
[ 2724.472121] Virtual processor ID = 0x001c
08:54:18 executing program 0:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
fcntl$dupfd(r2, 0x0, r1)
fcntl$setstatus(r0, 0x4, 0x6900)
lseek(r0, 0x0, 0x2)
r3 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r3, 0x0, 0x8400fffffffa)
sendfile(r0, r3, 0x0, 0xffffffff)

08:54:18 executing program 2:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140))
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0xffffffff)

08:54:18 executing program 3:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = fcntl$dupfd(r2, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r4 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r4, 0x0, 0x8400fffffffa)
sendfile(r0, r4, 0x0, 0xffffffff)

08:54:18 executing program 5:
r0 = socket(0x21, 0x4, 0xec5)
r1 = syz_open_procfs(0x0, &(0x7f0000000180)='net/icmp6\x00')
preadv(r1, &(0x7f0000000480), 0x10000000000002a1, 0x10400003)
r2 = syz_genetlink_get_family_id$wireguard(&(0x7f0000000100)='wireguard\x00')
sendmsg$WG_CMD_GET_DEVICE(r1, &(0x7f00000001c0)={&(0x7f0000000040), 0xc, &(0x7f0000000180)={&(0x7f0000000a00)=ANY=[@ANYBLOB="1e929ca1a4c029383bd50a39a450211bdd", @ANYRES16=r2, @ANYBLOB="000228bd7000ffdbdf2500000000b40c08804801008008000300060000002c010980a0000080060001000a00000014000200fc0200000000000000000000000000000500030000000000060001000a00000014000200fe8800000000000000000000000001010500030002000000060001000200040008000200ac1e01010500030002000000060001000a00000014000200fc0200000000000000000000000000010500030002000000060001000200000008000200ffffffff050003000300000088000080060001000200000008000200e00000020500030001000000060001000200000008000200ac1414bb0500030001000000060001000200000008000200000000000500030000000000060001000a00000014000200fe8000000000000000000000000000bb0500030000000000060001000200000008000200ac1414bb050003000200000006000500080000000800030006000000200000801400040002004e21e0000002000000000000000008000a00010000002404008008000a000100000008000a000100000008000a0001000000240001000000000000000000000000000000000000000000000000000000000000000000140004000200a0fb000000000000000000000000200004000a004e240000002bfe800000000000000000000000000040ff00000024000100d1732899f611cd8994034d7f413dc957630e5493c285aca40065cb6311be696b240002007669ddadf3a979960d3a258d451b4b8f8628f72287295f22a81a530fb2c3777944030980dc000080060001000a00000014000200fe8000000000000000000000000000bb0500030003000000060001000a00000014000200fe80000000000000000000000000002a0500030000000000060001000200000008000200ac1414340500030002000000060001000200000008000200ac1414300500030002000000060001000a00000014000200fe8800000000000000000000000000010500030002000000060001000a00000014000200000000000000000000000000000000010500030003000000060001000200000008000200ac1414c50500030002000000000100800600010002000000080002007f0000010500030000000000060001000a00000014000200200100000000000000000000000000020500030002000000060001000a00000014000200ff02000000000000000000000000000105000300000000000600010002000000080002007f0000010500030003000000060001000200000008000200e00000010500030000000000060001000200000008000200ffffffff05000300030000000600010002000000080002007f0000010500030003000000060001000200000008000200ffffffff0500030001000000060001000a00000014000200fc01000000000000000000000000000105000300000000000c010080060001000a00000014000200fc0100000000000000000000000000000500030001000000060001000a00000014000200000000000000000000000000000000010500030000000000060001000a00000014000200fc0000000000000000000000000000000500030003000000060001000a00000014000200fc0200000000000000000000000000010500030002000000060001000200000008000200ac1e00010500030003000000060001000200000008000200ac1414bb0500030001000000060001000a0000001400020000000000000000000000ffffffffffff0500030003000000060001000a00000014000200ff020000000000000000000000000001050003000100000058000080060001000200000008000200ac14143b0500030001000000060001000a00000014000200fc0100000000000000000000000000000500030002000000060001000200000008000200e0000002050003000200000024000100f44da367a88ee6564f020211456727082f5cebee8b1bf5eb7337341b459b39223800008008000a000100000024000100d1732899f611cd8994034d7f413dc957630e5493c285aca40065cb6311be696b06000500340c00001806008024000200ea4c07c4877fefeaa6bc4f58367ace4ff372c11b94d59b12189c062bca25473acc01098064000080060001000a0000001400020000000000000000000000ffffac1414aa0500030001000000060001000a00000014000200ff0200000000000000000000000000010500030002000000060001000200000008000200ac1414bb0500030002000000e8000080060001000200000008000200000000000500030002000000060001000a00000014000200ff0200000000000000000000000000010500030000000000060001000200000008000200ffffffff0500030000000000060001000a00000014000200ff0200000000000000000000000000010500030002000000060001000200000008000200000000000500030002000000060001000200000008000200e000000105000300000000000600010002000000080002007f0000010500030003000000060001000a000000140002002001000000000000000000000000000205000300010000007c0000800600010002000000080002000a0101010500030003000000060001000a00000014000200fc0100000000000000000000000000010500030002000000060001000a00000014000200ff0100000000000000000000000000010500030007000000060001000200000008000200e0000002050003000000000008000a00010000001c04098064000080060001000200000008000200ac1414aa0500030000000000060001000a00000014000200fe8800000000000000000000000001010500030002000000060001000a0000001400020000000000000000000000ffff64010102050003000100000058000080060001000a00000014000200fc0000000000000000000000000000000500030000001800060001000200000008000200ac1e01010500030003000000060001000200000008000200ac14142a050003000300000094000080060001000a00000014000200fe8000000000000000000000000000aa0500030003000000060001000200000008000200ac1414bb0500030003000000060001000a00000014000200fe80000000000000000000000000004005000300010000000600010002000000080002000a0101010500030002000000060001000200000008000200ac1414aa050003000000000058000080060001000200000008000200ac1414aa0500030002000000060001000a00000014000200fc0200000000000000000000000000010500030001000000060001000200000008000200e0000001050003000000000094000080060001000a0000001400020000000000000000000000ffffac1e01010500030001000000060001000a00000014000200fc0100000000000000000000000000010500030003000000060001000a00000014000200fe8000000000000000000000000000aa0500030001000000060001000a0000001400020000000000000000000000ffff640101000500030002000000dc000080060001000200000008000200ac1414270500030002000000060001000a00000014000200000000000000000000000000000000010500030002000000060001000a00000014000200fe8000000000000000000000000000aa05000300010000000600010002000000080002000a0101020500030000000000060001000200000008000200ac1414aa0500030002000000060001000a00000014000200fc0100000000000000000000000000000500030003000000060001000a00000014000200fe80000000000000000000000000000d050003000100000000010080060001000a00000014000200ff02000000000000000000000000000105000300000000000600010002000000080002007f0000010500030002000000060001000a00000014000200000000000000000000000000000000000500030003000000060001000a00000014000200ff01000000000000000000000000000105000300020000000600010002000000080002007f0000010500030002000000060001000a00000014000200fe8000000000000000000000000000210500030001000000060001000a00000014000200ff0200000000000000000000000000010500030000000000060001000200000008000200000000000500030001000000d40000801400040002004e22ac1e010100000000000000000684020000000000000004000a004e2400000001200100000000000000000000000000020200000008000a000100000024000100dbffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff24000200bc7cf80d3387038e4bb6a7bcc8dc72200fbf09cd82bb41492c7c9f2962249f811400040002004e200a010102000000000000000006000500040000000600050008000000200004000a004e210000000900000000000000000000ffff64010100200000001a754a76d924c903f86c9dfe953afa5e147a1345f9ba302dba9071e38e4e4257b9f1720a0db506b6141106f8d1276f48cedda492512cb57dd92084adce24402a96b3a524c6add7fa"], 0xcc8}}, 0x4008083)
sendmsg$WG_CMD_GET_DEVICE(r0, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000040)={&(0x7f0000001740)={0x152c, r2, 0x2, 0x70bd2d, 0x25dfdbfc, {}, [@WGDEVICE_A_PEERS={0x1064, 0x8, 0x0, 0x1, [{0x30, 0x0, 0x0, 0x1, [@WGPEER_A_PRESHARED_KEY={0x24, 0x2, "0619378246745e35e2c8f6c0bbed4da0f049c6d362e1e9bd8b1a18a27fe2726a"}, @WGPEER_A_PERSISTENT_KEEPALIVE_INTERVAL={0x6, 0x5, 0x3}]}, {0xc, 0x0, 0x0, 0x1, [@WGPEER_A_PERSISTENT_KEEPALIVE_INTERVAL={0x6, 0x5, 0xe30}]}, {0x2e0, 0x0, 0x0, 0x1, [@WGPEER_A_PROTOCOL_VERSION={0x8}, @WGPEER_A_ALLOWEDIPS={0x2d4, 0x9, 0x0, 0x1, [{0x64, 0x0, 0x0, 0x1, [@ipv6={{0x6}, {0x14, 0x2, @dev={0xfe, 0x80, [], 0x20}}, {0x5, 0x3, 0x3}}, @ipv4={{0x6}, {0x8, 0x2, @local}, {0x5, 0x3, 0x2}}, @ipv6={{0x6}, {0x14, 0x2, @remote}, {0x5, 0x3, 0x1}}]}, {0xc4, 0x0, 0x0, 0x1, [@ipv6={{0x6}, {0x14, 0x2, @private1={0xfc, 0x1, [], 0x1}}, {0x5, 0x3, 0x1}}, @ipv4={{0x6}, {0x8, 0x2, @empty}, {0x5, 0x3, 0x2}}, @ipv6={{0x6}, {0x14, 0x2, @loopback}, {0x5, 0x3, 0x2}}, @ipv6={{0x6}, {0x14, 0x2, @rand_addr=' \x01\x00'}, {0x5, 0x3, 0x1}}, @ipv6={{0x6}, {0x14, 0x2, @mcast1}, {0x5, 0x3, 0x2}}, @ipv4={{0x6}, {0x8, 0x2, @multicast2}, {0x5, 0x3, 0x2}}]}, {0x1c, 0x0, 0x0, 0x1, [@ipv4={{0x6}, {0x8, 0x2, @loopback}, {0x5, 0x3, 0x1}}]}, {0x28, 0x0, 0x0, 0x1, [@ipv6={{0x6}, {0x14, 0x2, @dev={0xfe, 0x80, [], 0x23}}, {0x5}}]}, {0xf4, 0x0, 0x0, 0x1, [@ipv6={{0x6}, {0x14, 0x2, @initdev={0xfe, 0x88, [], 0x0, 0x0}}, {0x5, 0x3, 0x2}}, @ipv4={{0x6}, {0x8, 0x2, @local}, {0x5, 0x3, 0x1}}, @ipv4={{0x6}, {0x8, 0x2, @private=0xa010100}, {0x5, 0x3, 0x1}}, @ipv6={{0x6}, {0x14, 0x2, @ipv4={[], [], @dev={0xac, 0x14, 0x14, 0x3a}}}, {0x5, 0x3, 0x2}}, @ipv4={{0x6}, {0x8, 0x2, @multicast2}, {0x5}}, @ipv6={{0x6}, {0x14, 0x2, @loopback}, {0x5, 0x3, 0x3}}, @ipv4={{0x6}, {0x8, 0x2, @multicast1}, {0x5}}, @ipv6={{0x6}, {0x14, 0x2, @mcast2}, {0x5, 0x3, 0x3}}]}, {0x70, 0x0, 0x0, 0x1, [@ipv6={{0x6}, {0x14, 0x2, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}, {0x5, 0x3, 0x7f}}, @ipv6={{0x6}, {0x14, 0x2, @mcast1}, {0x5, 0x3, 0x3}}, @ipv6={{0x6}, {0x14, 0x2, @empty}, {0x5, 0x3, 0x3}}]}]}]}, {0x4}, {0x48, 0x0, 0x0, 0x1, [@WGPEER_A_ENDPOINT4={0x14, 0x4, {0x2, 0x4e22, @remote}}, @WGPEER_A_PROTOCOL_VERSION={0x8}, @WGPEER_A_ENDPOINT6={0x20, 0x4, {0xa, 0x4e21, 0x7f, @private1={0xfc, 0x1, [], 0x1}, 0x101}}, @WGPEER_A_PROTOCOL_VERSION={0x8}]}, {0x2c0, 0x0, 0x0, 0x1, [@WGPEER_A_ALLOWEDIPS={0x2bc, 0x9, 0x0, 0x1, [{0x70, 0x0, 0x0, 0x1, [@ipv4={{0x6}, {0x8, 0x2, @multicast2}, {0x5}}, @ipv6={{0x6}, {0x14, 0x2, @initdev={0xfe, 0x88, [], 0x0, 0x0}}, {0x5, 0x3, 0x3}}, @ipv4={{0x6}, {0x8, 0x2, @multicast1}, {0x5}}, @ipv4={{0x6}, {0x8, 0x2, @multicast1}, {0x5, 0x3, 0x2}}]}, {0x40, 0x0, 0x0, 0x1, [@ipv6={{0x6}, {0x14, 0x2, @mcast2}, {0x5, 0x3, 0x1}}, @ipv4={{0x6}, {0x8, 0x2, @rand_addr=0x64010101}, {0x5, 0x3, 0x1}}]}, {0x16c, 0x0, 0x0, 0x1, [@ipv6={{0x6}, {0x14, 0x2, @local}, {0x5, 0x3, 0x3}}, @ipv6={{0x6}, {0x14, 0x2, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}, {0x5, 0x3, 0x2}}, @ipv6={{0x6}, {0x14, 0x2, @ipv4={[], [], @multicast1}}, {0x5, 0x3, 0x3}}, @ipv6={{0x6}, {0x14, 0x2, @ipv4={[], [], @rand_addr=0x64010102}}, {0x5, 0x3, 0x3}}, @ipv6={{0x6}, {0x14, 0x2, @remote}, {0x5, 0x3, 0x3}}, @ipv6={{0x6}, {0x14, 0x2, @dev={0xfe, 0x80, [], 0xc}}, {0x5, 0x3, 0x2}}, @ipv6={{0x6}, {0x14, 0x2, @loopback}, {0x5}}, @ipv6={{0x6}, {0x14, 0x2, @private1}, {0x5, 0x3, 0x2}}, @ipv6={{0x6}, {0x14, 0x2, @private1}, {0x5, 0x3, 0x2}}, @ipv6={{0x6}, {0x14, 0x2, @mcast2}, {0x5}}]}, {0x1c, 0x0, 0x0, 0x1, [@ipv4={{0x6}, {0x8, 0x2, @empty}, {0x5, 0x3, 0x3}}]}, {0x58, 0x0, 0x0, 0x1, [@ipv6={{0x6}, {0x14, 0x2, @mcast1}, {0x5, 0x3, 0x1}}, @ipv4={{0x6}, {0x8, 0x2, @empty}, {0x5, 0x3, 0x1}}, @ipv4={{0x6}, {0x8, 0x2, @multicast2}, {0x5, 0x3, 0x3}}]}, {0x28, 0x0, 0x0, 0x1, [@ipv6={{0x6}, {0x14, 0x2, @mcast2}, {0x5, 0x3, 0x1}}]}]}]}, {0x84, 0x0, 0x0, 0x1, [@WGPEER_A_ENDPOINT6={0x20, 0x4, {0xa, 0x4e21, 0xfffff801, @mcast2, 0x8000}}, @WGPEER_A_PERSISTENT_KEEPALIVE_INTERVAL={0x6, 0x5, 0x7fff}, @WGPEER_A_PROTOCOL_VERSION={0x8}, @WGPEER_A_PUBLIC_KEY={0x24, 0x1, @c_g='\xf4M\xa3g\xa8\x8e\xe6VO\x02\x02\x11Eg\'\b/\\\xeb\xee\x8b\x1b\xf5\xebs74\x1bE\x9b9\"'}, @WGPEER_A_PUBLIC_KEY={0x24, 0x1, @a_g='\x97\\\x9d\x81\xc9\x83\xc8 \x9e\xe7\x81%K\x89\x9f\x8e\xd9%\xae\x9f\t#\xc2<b\xf5<W\xcd\xbfi\x1c'}, @WGPEER_A_PROTOCOL_VERSION={0x8}]}, {0x418, 0x0, 0x0, 0x1, [@WGPEER_A_ENDPOINT4={0x14, 0x4, {0x2, 0x4e21, @local}}, @WGPEER_A_PROTOCOL_VERSION={0x8}, @WGPEER_A_ENDPOINT6={0x20, 0x4, {0xa, 0x4e1f, 0x0, @private2={0xfc, 0x2, [], 0x1}, 0x5}}, @WGPEER_A_ALLOWEDIPS={0x3d8, 0x9, 0x0, 0x1, [{0x7c, 0x0, 0x0, 0x1, [@ipv4={{0x6}, {0x8, 0x2, @broadcast}, {0x5, 0x3, 0x3}}, @ipv4={{0x6}, {0x8, 0x2, @dev={0xac, 0x14, 0x14, 0x2e}}, {0x5, 0x3, 0x1}}, @ipv4={{0x6}, {0x8, 0x2, @loopback}, {0x5, 0x3, 0x2}}, @ipv4={{0x6}, {0x8, 0x2, @remote}, {0x5}}, @ipv4={{0x6}, {0x8, 0x2, @local}, {0x5, 0x3, 0x2}}]}, {0x100, 0x0, 0x0, 0x1, [@ipv4={{0x6}, {0x8, 0x2, @private=0xa010102}, {0x5}}, @ipv4={{0x6}, {0x8, 0x2, @private=0xa010102}, {0x5, 0x3, 0x7}}, @ipv4={{0x6}, {0x8, 0x2, @multicast2}, {0x5, 0x3, 0x2}}, @ipv6={{0x6}, {0x14, 0x2, @remote}, {0x5, 0x3, 0x2}}, @ipv4={{0x6}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x1, 0x0}}, {0x5, 0x3, 0x1}}, @ipv4={{0x6}, {0x8, 0x2, @empty}, {0x5, 0x3, 0x1}}, @ipv6={{0x6}, {0x14, 0x2, @mcast2}, {0x5, 0x3, 0x1}}, @ipv6={{0x6}, {0x14, 0x2, @initdev={0xfe, 0x88, [], 0x40, 0x0}}, {0x5, 0x3, 0x2}}, @ipv4={{0x6}, {0x8, 0x2, @broadcast}, {0x5, 0x3, 0x3}}]}, {0x124, 0x0, 0x0, 0x1, [@ipv4={{0x6}, {0x8, 0x2, @remote}, {0x5, 0x3, 0x3}}, @ipv6={{0x6}, {0x14, 0x2, @initdev={0xfe, 0x88, [], 0x1, 0x0}}, {0x5, 0x3, 0x3}}, @ipv6={{0x6}, {0x14, 0x2, @mcast1}, {0x5, 0x3, 0x3}}, @ipv4={{0x6}, {0x8, 0x2, @rand_addr=0x64010102}, {0x5, 0x3, 0x3}}, @ipv6={{0x6}, {0x14, 0x2, @loopback}, {0x5, 0x3, 0x2}}, @ipv4={{0x6}, {0x8, 0x2, @rand_addr=0x64010100}, {0x5, 0x3, 0x2}}, @ipv4={{0x6}, {0x8, 0x2, @loopback}, {0x5, 0x3, 0x3}}, @ipv4={{0x6}, {0x8, 0x2, @rand_addr=0x64010102}, {0x5, 0x3, 0x3}}, @ipv6={{0x6}, {0x14, 0x2, @initdev={0xfe, 0x88, [], 0x0, 0x0}}, {0x5, 0x3, 0x2}}, @ipv4={{0x6}, {0x8, 0x2, @local}, {0x5, 0x3, 0x3}}]}, {0x58, 0x0, 0x0, 0x1, [@ipv4={{0x6}, {0x8, 0x2, @remote}, {0x5, 0x3, 0x2}}, @ipv6={{0x6}, {0x14, 0x2, @mcast1}, {0x5, 0x3, 0x1}}, @ipv4={{0x6}, {0x8, 0x2, @dev={0xac, 0x14, 0x14, 0x11}}, {0x5, 0x3, 0x1}}]}, {0xdc, 0x0, 0x0, 0x1, [@ipv6={{0x6}, {0x14, 0x2, @mcast2}, {0x5, 0x3, 0x2}}, @ipv6={{0x6}, {0x14, 0x2, @private2={0xfc, 0x2, [], 0x1}}, {0x5}}, @ipv4={{0x6}, {0x8, 0x2, @loopback}, {0x5, 0x3, 0x2}}, @ipv4={{0x6}, {0x8, 0x2, @multicast1}, {0x5, 0x3, 0x2}}, @ipv6={{0x6}, {0x14, 0x2, @empty}, {0x5, 0x3, 0x2}}, @ipv4={{0x6}, {0x8, 0x2, @local}, {0x5}}, @ipv6={{0x6}, {0x14, 0x2, @mcast1}, {0x5, 0x3, 0x2}}]}]}]}, {0x260, 0x0, 0x0, 0x1, [@WGPEER_A_ALLOWEDIPS={0x1bc, 0x9, 0x0, 0x1, [{0x7c, 0x0, 0x0, 0x1, [@ipv4={{0x6}, {0x8, 0x2, @loopback}, {0x5}}, @ipv6={{0x6}, {0x14, 0x2, @loopback}, {0x5, 0x3, 0x2}}, @ipv6={{0x6}, {0x14, 0x2, @local}, {0x5, 0x3, 0x1}}, @ipv4={{0x6}, {0x8, 0x2, @empty}, {0x5}}]}, {0x58, 0x0, 0x0, 0x1, [@ipv4={{0x6}, {0x8, 0x2, @multicast2}, {0x5, 0x3, 0x1}}, @ipv4={{0x6}, {0x8, 0x2, @local}, {0x5, 0x3, 0x1}}, @ipv6={{0x6}, {0x14, 0x2, @private2={0xfc, 0x2, [], 0x1}}, {0x5, 0x3, 0x2}}]}, {0xa0, 0x0, 0x0, 0x1, [@ipv6={{0x6}, {0x14, 0x2, @private1}, {0x5, 0x3, 0x3}}, @ipv4={{0x6}, {0x8, 0x2, @empty}, {0x5, 0x3, 0x3}}, @ipv6={{0x6}, {0x14, 0x2, @dev={0xfe, 0x80, [], 0x10}}, {0x5, 0x3, 0x2}}, @ipv6={{0x6}, {0x14, 0x2, @ipv4={[], [], @rand_addr=0x64010101}}, {0x5, 0x3, 0x1}}, @ipv4={{0x6}, {0x8, 0x2, @private=0xa010102}, {0x5, 0x3, 0x2}}]}, {0x1c, 0x0, 0x0, 0x1, [@ipv4={{0x6}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x1, 0x0}}, {0x5, 0x3, 0x3}}]}, {0x28, 0x0, 0x0, 0x1, [@ipv6={{0x6}, {0x14, 0x2, @private2={0xfc, 0x2, [], 0x1}}, {0x5, 0x3, 0x1}}]}]}, @WGPEER_A_ENDPOINT4={0x14, 0x4, {0x2, 0x4, @local}}, @WGPEER_A_ENDPOINT6={0x20, 0x4, {0xa, 0x4e23, 0x9, @empty, 0x30a}}, @WGPEER_A_ENDPOINT4={0x14, 0x4, {0x2, 0x4e20, @broadcast}}, @WGPEER_A_PERSISTENT_KEEPALIVE_INTERVAL={0x6, 0x5, 0x8}, @WGPEER_A_PRESHARED_KEY={0x24, 0x2, "8914a7402fbd170649aab1c6c8d10fd976805b1d9eae137e0a5a0347143a01ff"}, @WGPEER_A_ENDPOINT4={0x14, 0x4, {0x2, 0x4e22, @remote}}, @WGPEER_A_FLAGS={0x8, 0x3, 0x6}, @WGPEER_A_FLAGS={0x8, 0x3, 0x3}, @WGPEER_A_PROTOCOL_VERSION={0x8}]}, {0x33c, 0x0, 0x0, 0x1, [@WGPEER_A_FLAGS={0x8}, @WGPEER_A_ENDPOINT6={0x20, 0x4, {0xa, 0x4e21, 0x7, @remote, 0x40}}, @WGPEER_A_PRESHARED_KEY={0x24, 0x2, "e84e41213afeb715d43f809d416928d94f54ac688860f99b6425110a07c31409"}, @WGPEER_A_PROTOCOL_VERSION={0x8}, @WGPEER_A_PERSISTENT_KEEPALIVE_INTERVAL={0x6, 0x5, 0x2079}, @WGPEER_A_FLAGS={0x8, 0x3, 0x7}, @WGPEER_A_ALLOWEDIPS={0x1b8, 0x9, 0x0, 0x1, [{0xd0, 0x0, 0x0, 0x1, [@ipv4={{0x6}, {0x8, 0x2, @local}, {0x5}}, @ipv4={{0x6}, {0x8, 0x2, @dev={0xac, 0x14, 0x14, 0xa}}, {0x5, 0x3, 0x2}}, @ipv6={{0x6}, {0x14, 0x2, @private1={0xfc, 0x1, [], 0x1}}, {0x5, 0x3, 0x2}}, @ipv4={{0x6}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x1, 0x0}}, {0x5}}, @ipv6={{0x6}, {0x14, 0x2, @rand_addr=' \x01\x00'}, {0x5, 0x3, 0x2}}, @ipv6={{0x6}, {0x14, 0x2, @mcast1}, {0x5, 0x3, 0x1}}, @ipv4={{0x6}, {0x8, 0x2, @multicast1}, {0x5, 0x3, 0x2}}]}, {0x28, 0x0, 0x0, 0x1, [@ipv6={{0x6}, {0x14, 0x2, @private0}, {0x5}}]}, {0x7c, 0x0, 0x0, 0x1, [@ipv6={{0x6}, {0x14, 0x2, @empty}, {0x5, 0x3, 0x1}}, @ipv4={{0x6}, {0x8, 0x2, @multicast2}, {0x5}}, @ipv6={{0x6}, {0x14, 0x2, @initdev={0xfe, 0x88, [], 0x1, 0x0}}, {0x5, 0x3, 0x2}}, @ipv4={{0x6}, {0x8, 0x2, @broadcast}, {0x5, 0x3, 0x2}}]}, {0x40, 0x0, 0x0, 0x1, [@ipv4={{0x6}, {0x8, 0x2, @multicast1}, {0x5, 0x3, 0x2}}, @ipv6={{0x6}, {0x14, 0x2, @mcast2}, {0x5}}]}]}, @WGPEER_A_ALLOWEDIPS={0x108, 0x9, 0x0, 0x1, [{0x1c, 0x0, 0x0, 0x1, [@ipv4={{0x6}, {0x8, 0x2, @private=0xa010100}, {0x5, 0x3, 0x3}}]}, {0xe8, 0x0, 0x0, 0x1, [@ipv6={{0x6}, {0x14, 0x2, @ipv4={[], [], @remote}}, {0x5}}, @ipv6={{0x6}, {0x14, 0x2, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}, {0x5, 0x3, 0x2}}, @ipv4={{0x6}, {0x8, 0x2, @remote}, {0x5, 0x3, 0x3}}, @ipv6={{0x6}, {0x14, 0x2, @private2}, {0x5}}, @ipv4={{0x6}, {0x8, 0x2, @remote}, {0x5, 0x3, 0x1}}, @ipv4={{0x6}, {0x8, 0x2, @empty}, {0x5, 0x3, 0x2}}, @ipv4={{0x6}, {0x8, 0x2, @local}, {0x5, 0x3, 0x2}}, @ipv4={{0x6}, {0x8, 0x2, @empty}, {0x5}}]}]}, @WGPEER_A_ENDPOINT4={0x14, 0x4, {0x2, 0x4e24, @empty}}]}]}, @WGDEVICE_A_PRIVATE_KEY={0x24, 0x3, @c='\xa0\xcb\x87\x9aG\xf5\xbcdL\x0ei?\xa6\xd01\xc7J\x15S\xb6\xe9\x01\xb9\xff/Q\x8cx\x04/\xb5B'}, @WGDEVICE_A_PEERS={0x46c, 0x8, 0x0, 0x1, [{0x12c, 0x0, 0x0, 0x1, [@WGPEER_A_ALLOWEDIPS={0xbc, 0x9, 0x0, 0x1, [{0xb8, 0x0, 0x0, 0x1, [@ipv4={{0x6}, {0x8, 0x2, @local}, {0x5, 0x3, 0x3}}, @ipv4={{0x6}, {0x8, 0x2, @loopback}, {0x5, 0x3, 0x2}}, @ipv6={{0x6}, {0x14, 0x2, @local}, {0x5, 0x3, 0x2}}, @ipv4={{0x6}, {0x8, 0x2, @dev={0xac, 0x14, 0x14, 0x24}}, {0x5, 0x3, 0x3}}, @ipv4={{0x6}, {0x8, 0x2, @local}, {0x5, 0x3, 0x2}}, @ipv4={{0x6}, {0x8, 0x2, @multicast1}, {0x5, 0x3, 0x2}}, @ipv4={{0x6}, {0x8, 0x2, @private=0xa010100}, {0x5, 0x3, 0x3}}]}]}, @WGPEER_A_PROTOCOL_VERSION={0x8}, @WGPEER_A_ENDPOINT4={0x14, 0x4, {0x2, 0x4e22, @local}}, @WGPEER_A_PRESHARED_KEY={0x24, 0x2, "38d628fd81f8626fd46f0541706e4f987c1435c008bdcacec930e8b0f633e76a"}, @WGPEER_A_PERSISTENT_KEEPALIVE_INTERVAL={0x6, 0x5, 0xfff7}, @WGPEER_A_PUBLIC_KEY={0x24}]}, {0x50, 0x0, 0x0, 0x1, [@WGPEER_A_PUBLIC_KEY={0x24}, @WGPEER_A_PERSISTENT_KEEPALIVE_INTERVAL={0x6, 0x5, 0xb1ab}, @WGPEER_A_ENDPOINT6={0x20, 0x4, {0xa, 0x4e24, 0x2, @initdev={0xfe, 0x88, [], 0x1, 0x0}, 0x4}}]}, {0xc, 0x0, 0x0, 0x1, [@WGPEER_A_PROTOCOL_VERSION={0x8}]}, {0x2e0, 0x0, 0x0, 0x1, [@WGPEER_A_ALLOWEDIPS={0x250, 0x9, 0x0, 0x1, [{0x7c, 0x0, 0x0, 0x1, [@ipv6={{0x6}, {0x14, 0x2, @remote}, {0x5, 0x3, 0x2}}, @ipv4={{0x6}, {0x8, 0x2, @remote}, {0x5, 0x3, 0x2}}, @ipv4={{0x6}, {0x8, 0x2, @private=0xa010102}, {0x5}}, @ipv6={{0x6}, {0x14, 0x2, @remote}, {0x5, 0x3, 0x3}}]}, {0x124, 0x0, 0x0, 0x1, [@ipv6={{0x6}, {0x14, 0x2, @private0}, {0x5, 0x3, 0x3}}, @ipv6={{0x6}, {0x14, 0x2, @remote}, {0x5, 0x3, 0x1}}, @ipv4={{0x6}, {0x8, 0x2, @multicast2}, {0x5, 0x3, 0x3}}, @ipv4={{0x6}, {0x8, 0x2, @multicast1}, {0x5, 0x3, 0x3}}, @ipv6={{0x6}, {0x14, 0x2, @mcast1}, {0x5, 0x3, 0x1}}, @ipv4={{0x6}, {0x8, 0x2, @private=0xa010100}, {0x5}}, @ipv4={{0x6}, {0x8, 0x2, @local}, {0x5, 0x3, 0x2}}, @ipv4={{0x6}, {0x8, 0x2, @multicast1}, {0x5, 0x3, 0x2}}, @ipv4={{0x6}, {0x8, 0x2, @rand_addr=0x64010101}, {0x5}}, @ipv6={{0x6}, {0x14, 0x2, @empty}, {0x5, 0x3, 0x3}}]}, {0xac, 0x0, 0x0, 0x1, [@ipv6={{0x6}, {0x14, 0x2, @rand_addr=' \x01\x00'}, {0x5, 0x3, 0x2}}, @ipv6={{0x6}, {0x14, 0x2, @mcast1}, {0x5}}, @ipv4={{0x6}, {0x8, 0x2, @multicast2}, {0x5, 0x3, 0x1}}, @ipv4={{0x6}, {0x8, 0x2, @loopback}, {0x5, 0x3, 0x3}}, @ipv4={{0x6}, {0x8, 0x2, @broadcast}, {0x5, 0x3, 0x2}}, @ipv4={{0x6}, {0x8, 0x2, @broadcast}, {0x5}}]}]}, @WGPEER_A_ENDPOINT6={0x20, 0x4, {0xa, 0x4e24, 0x1, @mcast1, 0xff}}, @WGPEER_A_PRESHARED_KEY={0x24, 0x2, "c2e73c011df5d70a0a519ca2989784661a2a83439a5aa7604cda8bf10c4bafec"}, @WGPEER_A_PRESHARED_KEY={0x24, 0x2, "de3c02f05806e5d12dd94d1d2e3a0c58fffd302cc27cabb101eeeee6e902e596"}, @WGPEER_A_PRESHARED_KEY={0x24, 0x2, "d769fab0036ba6ac00ba876ffa0b7cedd08bd7f15f22ef770c8161d8605fa5ba"}]}]}, @WGDEVICE_A_PRIVATE_KEY={0x24, 0x3, @b='\xb0\x80s\xe8\xd4N\x91\xe3\xda\x92,\"C\x82D\xbb\x88\\i\xe2i\xc8\xe9\xd85\xb1\x14):M\xdcn'}]}, 0x152c}}, 0x81)
r3 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
fremovexattr(r3, &(0x7f0000000080)=@known='user.syz\x00')

08:54:18 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = fcntl$dupfd(r2, 0x0, r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_CLOCK(0xffffffffffffffff, 0x4030ae7b, &(0x7f0000000000)={0xec2})
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000026000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
r5 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
fcntl$setstatus(r5, 0x4, 0x46000)
io_setup(0x2349, &(0x7f0000000240)=<r6=>0x0)
io_submit(r6, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x80000000000000, 0x1, 0x0, r5, &(0x7f0000000000), 0x377140be6b5ef4c7}])
setsockopt$pppl2tp_PPPOL2TP_SO_DEBUG(r5, 0x111, 0x1, 0x1f, 0x4)
ioctl$KVM_SET_SREGS(r4, 0x4138ae84, &(0x7f00000000c0)={{}, {}, {0x0, 0x0, 0xc}, {}, {}, {0x0, 0x0, 0x0, 0x4, 0xce, 0x0, 0xfd}, {}, {0x0, 0x0, 0x10}})
ioctl$KVM_RUN(r4, 0xae80, 0x0)

08:54:18 executing program 0:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
fcntl$dupfd(r2, 0x0, r1)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r3 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r3, 0x0, 0x8400fffffffa)
sendfile(r0, r3, 0x0, 0xffffffff)

[ 2724.653301] *** Guest State ***
[ 2724.661293] *** Guest State ***
[ 2724.669310] CR0: actual=0x0000000080000024, shadow=0x0000000080000004, gh_mask=fffffffffffffff7
[ 2724.678659] CR0: actual=0x0000000000000020, shadow=0x0000000000000000, gh_mask=fffffffffffffff7
[ 2724.722881] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[ 2724.752861] CR4: actual=0x0000000000002050, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[ 2724.784739] CR3 = 0x0000000000000000
[ 2724.810198] RSP = 0x0000000000002018  RIP = 0x0000000000000000
[ 2724.836721] CR3 = 0x00000000fffbc000
[ 2724.847616] RFLAGS=0x00000002         DR7 = 0x0000000000000400
[ 2724.888550] RSP = 0x0000000000002006  RIP = 0x0000000000000000
[ 2724.890472] Sysenter RSP=0000000000000f80 CS:RIP=0050:0000000000002810
[ 2724.924623] RFLAGS=0x00010002         DR7 = 0x0000000000000400
[ 2724.948077] Sysenter RSP=0000000000000f80 CS:RIP=0050:0000000000002810
[ 2724.958394] CS:   sel=0x0000, attr=0x08081, limit=0x00000000, base=0x0000000000000000
08:54:19 executing program 5:
r0 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/btrfs-control\x00', 0x0, 0x0)
ioctl$ASHMEM_GET_PIN_STATUS(r0, 0x7709, 0x0)
sendmsg$NFT_MSG_GETGEN(r0, &(0x7f0000000380)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x14, 0x10, 0xa, 0x401, 0x0, 0x0, {0x0, 0x0, 0x9}, ["", "", "", "", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x4004}, 0x4000010)
getpeername$llc(r0, &(0x7f0000000200)={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @random}, &(0x7f0000000240)=0x10)
setxattr$security_capability(&(0x7f0000000080)='./bus\x00', &(0x7f0000000180)='security.capability\x00', &(0x7f00000001c0)=@v2={0x2000000, [{0x7, 0x4}, {0xfff, 0xffff}]}, 0x14, 0x2)
creat(&(0x7f0000000140)='./bus\x00', 0x0)
prctl$PR_GET_PDEATHSIG(0x2, &(0x7f0000000000))
setxattr$trusted_overlay_redirect(&(0x7f0000000040)='./bus\x00', &(0x7f00000000c0)='trusted.overlay.redirect\x00', &(0x7f0000000100)='./bus/file0\x00', 0xc, 0x3)

[ 2725.001845] DS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2725.010584] CS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2725.053832] SS:   sel=0x0000, attr=0x04005, limit=0x00000000, base=0x0000000000000000
[ 2725.077956] DS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2725.089230] ES:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2725.109529] SS:   sel=0x0000, attr=0x04005, limit=0x00000000, base=0x0000000000000000
[ 2725.129085] FS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2725.141657] ES:   sel=0x000c, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2725.150489] FS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2725.160880] GS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2725.173063] GDTR:                           limit=0x00000000, base=0x0000000000000000
[ 2725.182527] LDTR: sel=0x0010, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2725.185318] GS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2725.232405] IDTR:                           limit=0x00000000, base=0x0000000000000000
[ 2725.258239] GDTR:                           limit=0x00000000, base=0x0000000000000001
[ 2725.297999] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2725.305308] LDTR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
08:54:19 executing program 3:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x3, 0x0, 0x0)
r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r2 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r2, 0x0, 0x8400fffffffa)
sendfile(r0, r2, 0x0, 0xffffffff)

[ 2725.374935] IDTR:                           limit=0x00000000, base=0x0000000000000000
[ 2725.388095] EFER =     0x0000000000000000  PAT = 0x0007040600070406
08:54:19 executing program 2:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140))
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0xffffffff)

[ 2725.458270] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[ 2725.479667] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2725.498159] kauditd_printk_skb: 6 callbacks suppressed
[ 2725.498169] audit: type=1804 audit(1591347259.655:332): pid=19684 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.3" name="/root/syzkaller-testdir891778437/syzkaller.7QqUtx/804/bus" dev="sda1" ino=16626 res=1
[ 2725.536226] Interruptibility = 00000000  ActivityState = 00000000
[ 2725.537570] EFER =     0x0000000000000000  PAT = 0x0007040600070406
08:54:19 executing program 0:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
fcntl$dupfd(r2, 0x0, r1)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r3 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r3, 0x0, 0x8400fffffffa)
sendfile(r0, r3, 0x0, 0xffffffff)

[ 2725.565615] *** Host State ***
[ 2725.572702] RIP = 0xffffffff8116426f  RSP = 0xffff88805dd179d0
[ 2725.584337] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[ 2725.594167] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[ 2725.603782] FSBase=00007ff5ac388700 GSBase=ffff8880aec00000 TRBase=fffffe0000003000
08:54:19 executing program 5:
r0 = creat(&(0x7f0000000140)='./bus\x00', 0xa4)
fremovexattr(r0, &(0x7f0000000080)=@known='user.syz\x00')
r1 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x46000)
io_setup(0x2349, &(0x7f0000000240)=<r2=>0x0)
r3 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/btrfs-control\x00', 0x0, 0x0)
ioctl$ASHMEM_GET_PIN_STATUS(r3, 0x7709, 0x0)
ioctl$EXT4_IOC_MOVE_EXT(r3, 0xc028660f, &(0x7f0000000040)={0x0, r1, 0x3, 0x40, 0x5, 0x401})
io_submit(r2, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x80000000000000, 0x1, 0x0, r1, &(0x7f0000000000), 0x377140be6b5ef4c7}])
r4 = dup3(r1, 0xffffffffffffffff, 0x0)
ioctl$SNDRV_PCM_IOCTL_FORWARD(r4, 0x40084149, &(0x7f0000000000)=0x7fff)

[ 2725.616179] audit: type=1804 audit(1591347259.745:333): pid=19687 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.2" name="/root/syzkaller-testdir440013971/syzkaller.BGz3RF/4547/bus" dev="sda1" ino=16742 res=1
[ 2725.634513] Interruptibility = 00000000  ActivityState = 00000000
[ 2725.653674] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000
[ 2725.695051] *** Host State ***
[ 2725.696470] CR0=0000000080050033 CR3=000000004342c000 CR4=00000000001426f0
[ 2725.709387] RIP = 0xffffffff8116426f  RSP = 0xffff8880581579d0
[ 2725.747114] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[ 2725.768014] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff864018c0
[ 2725.784311] FSBase=00007fc3c7505700 GSBase=ffff8880aed00000 TRBase=fffffe0000034000
[ 2725.809842] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[ 2725.818204] GDTBase=fffffe0000032000 IDTBase=fffffe0000000000
[ 2725.863549] *** Control State ***
[ 2725.869137] CR0=0000000080050033 CR3=0000000087a9f000 CR4=00000000001426e0
[ 2725.879158] audit: type=1804 audit(1591347260.035:334): pid=19692 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.0" name="/root/syzkaller-testdir384449744/syzkaller.8GxjaF/4262/bus" dev="sda1" ino=16747 res=1
[ 2725.899268] Sysenter RSP=fffffe0000033200 CS:RIP=0010:ffffffff864018c0
[ 2725.932151] PinBased=0000003f CPUBased=b699edfa SecondaryExec=000000ea
[ 2725.937039] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[ 2725.978277] *** Control State ***
[ 2725.986341] EntryControls=0000d1ff ExitControls=002fefff
[ 2726.002505] PinBased=0000003f CPUBased=b6986dfe SecondaryExec=000000ea
[ 2726.033699] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[ 2726.040108] EntryControls=0000d1ff ExitControls=002fefff
[ 2726.071072] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[ 2726.103133] VMEntry: intr_info=800000c5 errcode=00000000 ilen=00000000
[ 2726.131538] VMExit: intr_info=00000000 errcode=00000000 ilen=00000003
[ 2726.140560] VMEntry: intr_info=8000030d errcode=00000000 ilen=00000000
[ 2726.163149]         reason=80000021 qualification=0000000000000000
[ 2726.190842] IDTVectoring: info=00000000 errcode=00000000
[ 2726.214270] VMExit: intr_info=00000000 errcode=00000000 ilen=00000003
[ 2726.219400] TSC Offset = 0xfffffa49b8a06f80
[ 2726.247164] EPT pointer = 0x0000000038c3e01e
[ 2726.278363] Virtual processor ID = 0x0024
[ 2726.298373]         reason=80000021 qualification=0000000000000000
[ 2726.347476] IDTVectoring: info=00000000 errcode=00000000
08:54:20 executing program 5:
r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
fremovexattr(r0, &(0x7f0000000080)=@known='user.syz\x00')
r1 = socket$inet6_sctp(0xa, 0x5, 0x84)
shutdown(r1, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f0000000040)={0x0, 0x94, &(0x7f0000000600)=[@in={0x2, 0x4e22, @local}, @in={0x2, 0x4e21, @local}, @in6={0xa, 0x4e20, 0x50f, @loopback, 0x400}, @in={0x2, 0x4e20, @loopback}, @in6={0xa, 0x4e20, 0x2, @dev={0xfe, 0x80, [], 0x36}, 0x4}, @in={0x2, 0x4e22, @initdev={0xac, 0x1e, 0x0, 0x0}}, @in6={0xa, 0x4e21, 0x1, @mcast1, 0xffffffdf}]}, &(0x7f0000000180)=0x10)
r2 = socket$inet(0x2, 0x80001, 0x84)
getsockopt$inet_sctp_SCTP_MAX_BURST(r2, 0x84, 0x14, &(0x7f00000000c0)=@assoc_value={<r3=>0x0}, &(0x7f0000000100)=0xfffffdeb)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x7d, &(0x7f0000000240)={r3, @in6={{0xa, 0x4e24, 0x10000, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0x1}}, 0x0, 0x1ff}, 0x9c)
setsockopt$inet_sctp_SCTP_PEER_ADDR_THLDS(r0, 0x84, 0x1f, &(0x7f0000000180)={r3, @in={{0x2, 0x4e20, @multicast1}}, 0x2, 0xf3d3}, 0x90)
r4 = openat$ocfs2_control(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ocfs2_control\x00', 0x1, 0x0)
r5 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
io_setup(0x2349, &(0x7f0000000240)=<r6=>0x0)
io_submit(r6, 0x1, &(0x7f0000000540)=[&(0x7f00000005c0)={0x0, 0x0, 0x80000000000000, 0x1, 0x0, r5}])
r7 = dup(r5)
r8 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/btrfs-control\x00', 0x0, 0x0)
ioctl$ASHMEM_GET_PIN_STATUS(r8, 0x7709, 0x0)
ioctl$VIDIOC_QUERYBUF(r7, 0xc0585609, &(0x7f00000003c0)={0x0, 0xb, 0x4, 0x0, 0xfffff303, {0x77359400}, {0x2, 0xc, 0xff, 0x1, 0x3e, 0x7, "97fec0b4"}, 0x5, 0x2, @fd=r8, 0x76})
recvfrom$packet(r4, &(0x7f0000000440)=""/220, 0xdc, 0x60, &(0x7f0000000580)={0x11, 0x4, 0x0, 0x1, 0x9, 0x6, @multicast}, 0x14)
accept$nfc_llcp(r4, &(0x7f00000000c0), &(0x7f0000000040)=0x60)

08:54:20 executing program 3:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x3, 0x0, 0x0)
r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r2 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r2, 0x0, 0x8400fffffffa)
sendfile(r0, r2, 0x0, 0xffffffff)

08:54:20 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
fcntl$setstatus(r2, 0x4, 0x46000)
io_setup(0x2349, &(0x7f0000000240)=<r3=>0x0)
io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x80000000000000, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7}])
mq_getsetattr(r2, &(0x7f0000000240)={0x2, 0x100000000, 0x0, 0x7ff}, &(0x7f0000000280))
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200)
openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/nvme-fabrics\x00', 0x40000, 0x0)
r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_CLOCK(0xffffffffffffffff, 0x4030ae7b, &(0x7f0000000000)={0xec2})
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000026000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r4, 0x4138ae84, &(0x7f00000000c0)={{0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x9}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x4, 0xce, 0x0, 0xfd}, {}, {}, {0x1}, {}, 0x80000004, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x20]})
openat$full(0xffffffffffffff9c, &(0x7f0000000040)='/dev/full\x00', 0x200, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)

[ 2726.397206] TSC Offset = 0xfffffa49ba5b515f
08:54:20 executing program 2:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r2 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r2, 0x0, 0x8400fffffffa)
sendfile(r0, r2, 0x0, 0xffffffff)

[ 2726.417742] EPT pointer = 0x0000000039b7701e
[ 2726.443223] Virtual processor ID = 0x001c
[ 2726.481045] audit: type=1804 audit(1591347260.635:335): pid=19703 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.3" name="/root/syzkaller-testdir891778437/syzkaller.7QqUtx/805/bus" dev="sda1" ino=16715 res=1
[ 2726.610129] *** Guest State ***
[ 2726.640592] audit: type=1804 audit(1591347260.665:336): pid=19709 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.2" name="/root/syzkaller-testdir440013971/syzkaller.BGz3RF/4548/bus" dev="sda1" ino=16746 res=1
[ 2726.647769] CR0: actual=0x0000000080000024, shadow=0x0000000080000004, gh_mask=fffffffffffffff7
08:54:20 executing program 0:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
fcntl$dupfd(r2, 0x0, r1)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r3 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r3, 0x0, 0x8400fffffffa)
sendfile(r0, r3, 0x0, 0xffffffff)

08:54:20 executing program 4:
openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0)
r0 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/btrfs-control\x00', 0x0, 0x0)
ioctl$ASHMEM_GET_PIN_STATUS(r0, 0x7709, 0x0)
r1 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/btrfs-control\x00', 0x0, 0x0)
ioctl$ASHMEM_GET_PIN_STATUS(r1, 0x7709, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
r4 = fcntl$dupfd(r3, 0x0, r3)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, &(0x7f00000000c0)=@assoc_value={<r5=>0x0}, &(0x7f0000000100)=0xfffffdeb)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(0xffffffffffffffff, 0x84, 0x7d, &(0x7f0000000240)={r5}, 0x9c)
getsockopt$inet_sctp6_SCTP_LOCAL_AUTH_CHUNKS(r4, 0x84, 0x1b, &(0x7f0000000240)={<r6=>r5, 0x3d, "623431c930b7bcdbcb44756c6f7722a49834d15bb8b8568cb055b61954840589916c954a938a47a23ad9e9bc36c4707aa14bd4f4aff3acd351e8bc4d04"}, &(0x7f0000000040)=0x45)
setsockopt$inet_sctp6_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000000300)={r6, 0x8, 0x7, 0xffff}, 0x10)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
r7 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_CLOCK(0xffffffffffffffff, 0x4030ae7b, &(0x7f0000000000)={0xec2})
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r7, &(0x7f0000026000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r7, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r7, 0x4138ae84, &(0x7f00000000c0)={{0x0, 0x0, 0x0, 0x0, 0x0, 0xfc, 0x0, 0x0, 0x0, 0x0, 0x3}, {0x0, 0x0, 0x3}, {}, {}, {}, {0x0, 0x0, 0x0, 0x4, 0xce, 0x0, 0xfd}})
ioctl$KVM_RUN(r7, 0xae80, 0x0)

[ 2726.814062] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[ 2726.865907] CR3 = 0x0000000000000000
08:54:21 executing program 5:
r0 = creat(&(0x7f0000000140)='./bus\x00', 0x62a4261256c46039)
fremovexattr(r0, &(0x7f0000000000)=@known='system.posix_acl_default\x00')

08:54:21 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = fcntl$dupfd(r2, 0x0, r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_CLOCK(0xffffffffffffffff, 0x4030ae7b, &(0x7f0000000000)={0xec2})
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000026000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r4, 0x4138ae84, &(0x7f00000000c0)={{}, {}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, {0x0, 0x0, 0x0, 0x4, 0xce, 0x0, 0xfd, 0x0, 0x0, 0x0, 0x2}})
ioctl$KVM_RUN(r4, 0xae80, 0x0)

[ 2726.887488] RSP = 0x0000000000002018  RIP = 0x0000000000000000
[ 2726.914009] audit: type=1804 audit(1591347261.065:337): pid=19723 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.0" name="/root/syzkaller-testdir384449744/syzkaller.8GxjaF/4263/bus" dev="sda1" ino=16360 res=1
[ 2726.926215] RFLAGS=0x00000002         DR7 = 0x0000000000000400
[ 2727.028846] *** Guest State ***
[ 2727.038568] Sysenter RSP=0000000000000f80 CS:RIP=0050:0000000000002810
[ 2727.056031] CR0: actual=0x0000000000000020, shadow=0x0000000000000000, gh_mask=fffffffffffffff7
[ 2727.083468] CS:   sel=0x0000, attr=0x08081, limit=0x00000000, base=0x0000000000000000
[ 2727.112448] CR4: actual=0x0000000000002050, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[ 2727.134100] DS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2727.161700] CR3 = 0x00000000fffbc000
[ 2727.172656] SS:   sel=0x0000, attr=0x04005, limit=0x00000000, base=0x0000000000000000
[ 2727.187675] RSP = 0x0000000000002006  RIP = 0x0000000000000000
[ 2727.215489] RFLAGS=0x00010002         DR7 = 0x0000000000000400
[ 2727.228070] ES:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2727.251405] Sysenter RSP=0000000000000f80 CS:RIP=0050:0000000000002810
[ 2727.273313] FS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2727.306493] CS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2727.309763] *** Guest State ***
[ 2727.334007] GS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
08:54:21 executing program 2:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r2 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r2, 0x0, 0x8400fffffffa)
sendfile(r0, r2, 0x0, 0xffffffff)

08:54:21 executing program 3:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x3, 0x0, 0x0)
r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r2 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r2, 0x0, 0x8400fffffffa)
sendfile(r0, r2, 0x0, 0xffffffff)

[ 2727.359032] CR0: actual=0x0000000080000024, shadow=0x0000000080000004, gh_mask=fffffffffffffff7
[ 2727.363259] DS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2727.407169] GDTR:                           limit=0x00000000, base=0x0000000000000001
[ 2727.427165] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[ 2727.440160] SS:   sel=0x0000, attr=0x04005, limit=0x00000000, base=0x0000000000000000
[ 2727.450842] LDTR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2727.476802] audit: type=1804 audit(1591347261.635:338): pid=19741 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.2" name="/root/syzkaller-testdir440013971/syzkaller.BGz3RF/4549/bus" dev="sda1" ino=16748 res=1
[ 2727.487629] ES:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2727.502699] CR3 = 0x0000000000000000
[ 2727.514679] IDTR:                           limit=0x00000000, base=0x0000000000000000
[ 2727.560295] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2727.565113] RSP = 0x0000000000000f80  RIP = 0x0000000000000000
[ 2727.585954] FS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2727.610639] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[ 2727.618138] audit: type=1804 audit(1591347261.635:339): pid=19740 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.3" name="/root/syzkaller-testdir891778437/syzkaller.7QqUtx/806/bus" dev="sda1" ino=16746 res=1
[ 2727.630475] GS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2727.650589] RFLAGS=0x00000002         DR7 = 0x0000000000000400
08:54:21 executing program 5:
creat(&(0x7f0000000140)='./bus\x00', 0x0)
r0 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/btrfs-control\x00', 0x0, 0x0)
ioctl$ASHMEM_GET_PIN_STATUS(r0, 0x7709, 0x0)
ioctl$PPPIOCSACTIVE(r0, 0x40107446, &(0x7f0000000040)={0x2, &(0x7f0000000000)=[{0x400, 0x2, 0xc0, 0xd7}, {0x3ff, 0xfd, 0x9, 0x1ff}]})
fremovexattr(r0, &(0x7f0000000080)=@known='user.syz\x00')
r1 = openat$zero(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/zero\x00', 0x290000, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0)
write$FUSE_INTERRUPT(r2, &(0x7f0000000080)={0x10}, 0x10)
dup2(0xffffffffffffffff, r2)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000100)='nl80211\x00')
sendmsg$NL80211_CMD_GET_WIPHY(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x24, r4, 0x4, 0x0, 0x0, {}, [@NL80211_ATTR_WIPHY={0x8, 0x1, 0x2}, @NL80211_ATTR_IFINDEX={0x8}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_SET_KEY(r2, &(0x7f00000002c0)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000280)={&(0x7f00000004c0)=ANY=[@ANYBLOB="34009a67c0ceda57ac584b922eadd6f06c7b37a6cd0000ff08e2b89e1a00"/39, @ANYRES16=r4, @ANYBLOB="08002dbd7000ffdbdf250a00000008003700000000000f000a00302dee441434b328beffb4000800090001ac0f00"], 0x34}, 0x1, 0x0, 0x0, 0x80}, 0x8000)
sendmsg$NL80211_CMD_NEW_MPATH(r1, &(0x7f0000000240)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000200)={&(0x7f0000000180)={0x6c, r4, 0x2, 0x70bd25, 0x25dfdbff, {}, [@NL80211_ATTR_WDEV={0xc, 0x99, {0x7ff, 0x3}}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @random="da7ea806a4be"}, @NL80211_ATTR_WDEV={0xc, 0x99, {0x4, 0x4}}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @dev={[], 0x41}}, @NL80211_ATTR_WIPHY={0x8}, @NL80211_ATTR_WDEV={0xc, 0x99, {0x1200, 0x4}}, @NL80211_ATTR_IFINDEX={0x8}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @remote}]}, 0x6c}, 0x1, 0x0, 0x0, 0x10}, 0x10)

[ 2727.654650] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
08:54:21 executing program 0:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140))
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0xffffffff)

[ 2727.702638] Sysenter RSP=0000000000000f80 CS:RIP=0050:0000000000002810
[ 2727.708908] Interruptibility = 00000000  ActivityState = 00000000
[ 2727.725446] GDTR:                           limit=0x00000000, base=0x0000000000000000
[ 2727.736296] CS:   sel=0x0000, attr=0x08081, limit=0x00000000, base=0x0000000000000000
[ 2727.764246] DS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2727.765852] *** Host State ***
[ 2727.780561] LDTR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2727.804204] RIP = 0xffffffff8116426f  RSP = 0xffff88803e9ff9d0
[ 2727.824681] IDTR:                           limit=0x00000000, base=0x0000000000000000
[ 2727.836876] SS:   sel=0x0000, attr=0x04005, limit=0x00000000, base=0x0000000000000000
[ 2727.851668] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[ 2727.873485] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2727.885339] FSBase=00007fc3c7505700 GSBase=ffff8880aed00000 TRBase=fffffe0000034000
[ 2727.913679] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[ 2727.922352] GDTBase=fffffe0000032000 IDTBase=fffffe0000000000
[ 2727.940993] audit: type=1804 audit(1591347262.095:340): pid=19751 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.0" name="/root/syzkaller-testdir384449744/syzkaller.8GxjaF/4264/bus" dev="sda1" ino=16752 res=1
[ 2727.947942] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[ 2727.976491] CR0=0000000080050033 CR3=000000004dd5b000 CR4=00000000001426e0
[ 2727.979952] ES:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2728.005785] Sysenter RSP=fffffe0000033200 CS:RIP=0010:ffffffff864018c0
[ 2728.033961] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[ 2728.060974] *** Control State ***
[ 2728.077177] PinBased=0000003f CPUBased=b6986dfe SecondaryExec=000000ea
[ 2728.088050] Interruptibility = 00000000  ActivityState = 00000000
[ 2728.104586] FS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2728.109370] EntryControls=0000d1ff ExitControls=002fefff
[ 2728.130222] *** Host State ***
[ 2728.143830] RIP = 0xffffffff8116426f  RSP = 0xffff888086a0f9d0
[ 2728.167621] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[ 2728.189495] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[ 2728.220904] VMEntry: intr_info=800000c5 errcode=00000000 ilen=00000000
[ 2728.238597] FSBase=00007ff5ac388700 GSBase=ffff8880aed00000 TRBase=fffffe0000003000
[ 2728.257351] VMExit: intr_info=00000000 errcode=00000000 ilen=00000003
08:54:22 executing program 3:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff})
r2 = fcntl$dupfd(0xffffffffffffffff, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r3 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r3, 0x0, 0x8400fffffffa)
sendfile(r0, r3, 0x0, 0xffffffff)

[ 2728.279445]         reason=80000021 qualification=0000000000000000
[ 2728.294243] GDTBase=fffffe0000032000 IDTBase=fffffe0000000000
[ 2728.314105] GS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2728.314282] IDTVectoring: info=00000000 errcode=00000000
08:54:22 executing program 2:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r2 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r2, 0x0, 0x8400fffffffa)
sendfile(r0, r2, 0x0, 0xffffffff)

[ 2728.339228] CR0=0000000080050033 CR3=0000000038c15000 CR4=00000000001426e0
[ 2728.364546] TSC Offset = 0xfffffa48aeafe81b
[ 2728.372827] Sysenter RSP=fffffe0000033200 CS:RIP=0010:ffffffff864018c0
[ 2728.378909] GDTR:                           limit=0x00000000, base=0x0000000000000001
[ 2728.390669] EPT pointer = 0x000000001847801e
[ 2728.406240] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[ 2728.415538] Virtual processor ID = 0x001c
[ 2728.429173] LDTR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2728.430506] audit: type=1804 audit(1591347262.585:341): pid=19761 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.3" name="/root/syzkaller-testdir891778437/syzkaller.7QqUtx/807/bus" dev="sda1" ino=16719 res=1
[ 2728.476533] IDTR:                           limit=0x00000000, base=0x0000000000000000
[ 2728.482378] *** Control State ***
[ 2728.500299] PinBased=0000003f CPUBased=b699edfa SecondaryExec=000000ea
[ 2728.533680] EntryControls=0000d1ff ExitControls=002fefff
[ 2728.537476] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2728.556278] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[ 2728.583660] VMEntry: intr_info=8000030d errcode=00000000 ilen=00000000
[ 2728.614559] VMExit: intr_info=00000000 errcode=00000000 ilen=00000003
[ 2728.634158] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[ 2728.640594]         reason=80000021 qualification=0000000000000000
[ 2728.659046] IDTVectoring: info=00000000 errcode=00000000
[ 2728.674535] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[ 2728.680088] TSC Offset = 0xfffffa4872960fe7
[ 2728.692815] EPT pointer = 0x000000004317201e
[ 2728.708759] Virtual processor ID = 0x0024
[ 2728.775556] Interruptibility = 00000000  ActivityState = 00000000
[ 2728.842323] *** Host State ***
[ 2728.898440] RIP = 0xffffffff8116426f  RSP = 0xffff88804dbcf9d0
[ 2728.912740] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[ 2728.927255] FSBase=00007fc3c74e4700 GSBase=ffff8880aec00000 TRBase=fffffe0000003000
[ 2728.935867] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000
[ 2728.950967] CR0=0000000080050033 CR3=000000004dd5b000 CR4=00000000001426f0
[ 2728.981509] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff864018c0
[ 2729.005107] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[ 2729.027974] *** Control State ***
[ 2729.038863] PinBased=0000003f CPUBased=b6986dfe SecondaryExec=000000ea
[ 2729.049358] EntryControls=0000d1ff ExitControls=002fefff
[ 2729.063045] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[ 2729.070673] VMEntry: intr_info=800000c5 errcode=00000000 ilen=00000000
[ 2729.087780] VMExit: intr_info=00000000 errcode=00000000 ilen=00000003
[ 2729.097406]         reason=80000021 qualification=0000000000000000
[ 2729.110800] IDTVectoring: info=00000000 errcode=00000000
[ 2729.119293] TSC Offset = 0xfffffa48496e59f9
[ 2729.129046] EPT pointer = 0x000000005dc3d01e
[ 2729.138244] Virtual processor ID = 0x0029
08:54:23 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_CLOCK(0xffffffffffffffff, 0x4030ae7b, &(0x7f0000000000)={0xec2})
r3 = socket$inet6_dccp(0xa, 0x6, 0x0)
r4 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
fcntl$setstatus(r4, 0x4, 0x46000)
io_setup(0x2349, &(0x7f0000000240)=<r5=>0x0)
io_submit(r5, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x80000000000000, 0x1, 0x0, r4, &(0x7f0000000000), 0x377140be6b5ef4c7}])
setsockopt$sock_attach_bpf(r3, 0x1, 0x32, &(0x7f0000000040)=r4, 0x4)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000026000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
fcntl$setstatus(0xffffffffffffffff, 0x4, 0x46000)
io_setup(0x2349, &(0x7f0000000240)=<r6=>0x0)
io_submit(r6, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x80000000000000, 0x1, 0x0, 0xffffffffffffffff, &(0x7f0000000000), 0x377140be6b5ef4c7}])
ioctl$DRM_IOCTL_MODESET_CTL(0xffffffffffffffff, 0x40086408, &(0x7f0000000280)={0x3, 0xffffffff})
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000000c0)={{0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x9}, {}, {}, {}, {}, {0x0, 0x0, 0x3, 0x4, 0xce, 0x0, 0xfd, 0x0, 0x7f}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc9}, {0x1}, {0x2}, 0x80000004, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x20]})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

08:54:23 executing program 5:
r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
fremovexattr(r0, &(0x7f0000000080)=@known='user.syz\x00')
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x1ff, 0x235})
r1 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x46000)
io_setup(0x2349, &(0x7f0000000240)=<r2=>0x0)
io_submit(r2, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x80000000000000, 0x1, 0x0, r1, &(0x7f0000000000), 0x377140be6b5ef4c7}])
ioctl$TCSETX(r1, 0x5433, &(0x7f0000000040)={0x1000, 0x3, [0x55, 0x7ff, 0xb6b, 0x3, 0x3], 0x6})

08:54:23 executing program 0:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0xffffffff)

08:54:23 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = fcntl$dupfd(r2, 0x0, r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_CLOCK(0xffffffffffffffff, 0x4030ae7b, &(0x7f0000000000)={0xec2})
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000026000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
r5 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
r6 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/btrfs-control\x00', 0x0, 0x0)
ioctl$ASHMEM_GET_PIN_STATUS(r6, 0x7709, 0x0)
setsockopt$bt_BT_VOICE(r6, 0x112, 0xb, &(0x7f0000000040), 0x2)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000300)={r6, 0x28, &(0x7f0000000340)}, 0x10)
fcntl$setstatus(r5, 0x4, 0x46000)
io_setup(0x2349, &(0x7f0000000240)=<r7=>0x0)
io_submit(r7, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x80000000000000, 0x1, 0x0, r5, &(0x7f0000000000), 0x377140be6b5ef4c7}])
ioctl$KVM_RUN(r5, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(0xffffffffffffffff, 0x4138ae84, &(0x7f00000000c0)={{}, {}, {0xd000}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, {}, {0x0, 0x3000, 0x0, 0x4, 0xce, 0x0, 0xfd}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}})
ioctl$KVM_RUN(r4, 0xae80, 0x0)

08:54:23 executing program 3:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff})
r2 = fcntl$dupfd(0xffffffffffffffff, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r3 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r3, 0x0, 0x8400fffffffa)
sendfile(r0, r3, 0x0, 0xffffffff)

08:54:23 executing program 2:
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = fcntl$dupfd(r1, 0x0, r0)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
fcntl$setstatus(0xffffffffffffffff, 0x4, 0x6900)
ftruncate(0xffffffffffffffff, 0x800)
lseek(0xffffffffffffffff, 0x0, 0x2)
r3 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(0xffffffffffffffff, r3, 0x0, 0x8400fffffffa)
sendfile(0xffffffffffffffff, r3, 0x0, 0xffffffff)

[ 2729.465984] *** Guest State ***
08:54:23 executing program 2:
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = fcntl$dupfd(r1, 0x0, r0)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
fcntl$setstatus(0xffffffffffffffff, 0x4, 0x6900)
ftruncate(0xffffffffffffffff, 0x800)
lseek(0xffffffffffffffff, 0x0, 0x2)
r3 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(0xffffffffffffffff, r3, 0x0, 0x8400fffffffa)
sendfile(0xffffffffffffffff, r3, 0x0, 0xffffffff)

[ 2729.508977] CR0: actual=0x0000000080000024, shadow=0x0000000080000004, gh_mask=fffffffffffffff7
08:54:23 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = socket$isdn(0x22, 0x3, 0x24)
setsockopt$MISDN_TIME_STAMP(r3, 0x0, 0x1, &(0x7f0000000040)=0x1, 0x4)
ioctl$sock_inet6_tcp_SIOCINQ(r2, 0x541b, &(0x7f0000001280))
r4 = fcntl$dupfd(r2, 0x0, r2)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_CLOCK(0xffffffffffffffff, 0x4030ae7b, &(0x7f0000000000)={0xec2})
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000026000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r5, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r5, 0x4138ae84, &(0x7f00000000c0)={{0x0, 0x0, 0xc}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x4, 0xce, 0x0, 0xfd}, {0x0, 0x0, 0xd}, {0x4000}})
ioctl$KVM_RUN(r5, 0xae80, 0x0)
r6 = openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f0000000240)='/dev/nvme-fabrics\x00', 0x28a800, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000340)=ANY=[@ANYBLOB="4c00000024001d0f000000000000000000040000", @ANYRES32, @ANYBLOB="00000000f1ffffff060000000d00010066715f636f64656c"], 0x4c}}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000640)=@newtfilter={0x24, 0x2a, 0xd27}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_GET_MPP(0xffffffffffffffff, &(0x7f0000001380)={&(0x7f00000012c0)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000001340)={&(0x7f0000001300)={0x1c, 0x0, 0x700, 0x70bd29, 0x25dfdbfd, {}, [@NL80211_ATTR_IFINDEX={0x8}]}, 0x1c}, 0x1, 0x0, 0x0, 0x24004840}, 0x800)
setsockopt$inet6_tcp_buf(r6, 0x6, 0xd, &(0x7f0000000280)="e5ddaa681758b6df6817101c73f254a5ef2277b2b4de2b20308fc3ebd1aa6f3eb1471d091fae431b104eba0abff78803d7561aaf0a13080cb3bec97f221782f5ef96bbb771aae002adff6d1a0dcdb51d82ad6ae637f3d57bb45877d07eb678670ba78ef1b6627cd32fbebda3c4f52e0b2301d13535969715537f953d81c1a2273b61a0efb005a0295f0d3a22b3f87f3eaa409981d0b86e50cb9998d764107c40ed7894887c713fe6024a297b45eef8cad0f5bb1c59f93c27d43e7731059c3701ab0c9e0481ea329344dfd97f8376b4f0b7e30bec9e9e6c8d87105bd6c33d03e94f738536de1e5db816a2d5a820209dc47c9c0291126fb6f7c4a6c2cf39a4b646ca6630a8491229136c7a565c186047d9b23a228b71de8fc987036a1ec6d55559ac64828e1b8625177846384228110ed796d600e606b20664f44ef675b546a555e11ed203d5f292615e42b8df2999c3dcd9b961162093613bb9456fc6b0d61a8ca53e3a6bc3ee6ca6a7f962a73d2774a6b7e9dedc75c1338ce733b99e27986ac3b66ed44f39c83fadf2391c3ae74d1b08d54b3f63891381ae67748ebc247e55a3033b8c6ff221dd11ce7f0d9136b241b1e801b4bf0768dc18010e264f11b4109918fc325fec2096f7589a0a895ce9b8bdf07602f4ef97892feddd8380b9543146365023e4f8bc994f2a048207a23136539dd5bc5710c67e14597a71b16ee0e3cfa20b5e40be004aa67a9de07d53465d477db76526edd5e1a16d60cd492d18448ab94b9e2a1af076f4a1d9d629842a43aa705f97928f824b0a5ac1193193b3180ad4e21273b4e9c79859e7f51ef6710fe4c6959bd39127e02ea0797a2281d638a8ba8321786ed773ca53ca62e2b8047b09ae1df1ef4aee0f9c366be53351ac6526edd4f3fd8bb9dd44dba23e7996af9c4219d01ede6242d4f26cbcb83f516a430b9e9002b10d69152eaed58f9b89da9cd7506d22c463c79d916945508b47ae1a4d5977f26b21843c0cd7beb1eb443fc0349bea3267f68435e977edd78c4afe10f31e9066b3f990c1e93c27ff37793892dc86cfd2f39d660d65e9c3dce6171e7224cc325e38c850ac805f82f6b6a067aab4c55e27b839fa271ee5f1cee6198b4708541bbbe7102068268047e051c0e109fc6ec5373dc8877dfd04fdb09a668714931df59676b0ed3a61ac30693951317794a7d77324e26be18c3e1cb62ec3adb8d94bf73ee5e6bb3b4ca9f7d69283c8b0eae3dc0f9357fea0facdbde829b80e5d276d30ab0c756f0687e36fad0d446084fbfdeebbfaaf921dd192d117f3bf3b057d61ebd3f3d0f5a33235259be1d815471dc400a722456fa5cf741e9b3f72a36641168bd9e5b3cf6e448bcbec8db2bc55d1373753672c55102340915dd884af0276a36f396c2f353128239327bfda6607e53e5ef3efc67b3e285ecbe324b6cedb9517133fc4157b77dce5f654129959cf5a2580f165a1a568ae8e85d2086bb000c2b1f7bd14d8cff180b8f07b2ad0d249387f5610ab7f994f550304c799a5f128404c91aa30f962d6a702870452cc9ddbb268d94ca63c2e0194dc1de2d81a35011a9f051732252d125b291f990a7420f53590b11d2bbac85ca8ad764003abc8536a3681072a84cef242d4a4e76c53fbb8ce8705c33b8fc0796149fca041c15d6b58dd0f6170e3772a77b988f00e65ce20cc12fdbf641bb02344acaf471db810be01a1e67916f9b839f899d7005444edac155e077a23d4c26ba5af70ff3e3a17e243a62a34df210a99ebc67e0af48820f11c46c14d9bae04289ee4dbd2782a1e71a576410f0158dcaaedfeed676cfe52a62c033ad7a28cb20de12235819cc0b3a628d117eb12e9deb1406d407016472be49cade35fb4980eb9696d907dc529e0c668c8e5090a3b40838c7d023b41d137cdae101e84479707c8c06bde6d1c703ec2a7e4c61215f6e9af6016d2d4823fc4e9c678c7be512c4d4cf74df706b395bc2949504c992d4b23eeddef8dc700e5b5c4c12f6ebed0b101ccf73f843e4ef4688ed6c31d7c7328c9222591b236f27238f1122f513444dbc50369936fb6b3bc1da76cc351e2a51f56fdcc3b8242cbe668fba1deb07ad1149ab307b68100b963a2151a460a14f092da4a4f145c7e449fbf12df316124e4713fdb2cbdde71c9308d9d530819b51e9051375dc380bcaa8e713b35a51d635470fdac1e0b992dd9106494bcb7dc1f8b72fbf698ad0fc333581585de60257f1868fa02f1d1cb18f5c54aa1870ce64f8fe9ca36dcfc944f582c30c605c6bcd5d0857a69e1586026f110adcde5c24fe39ac30fe3adb6c0f006764098e728d52cb4ba5f983ee6e9da403240879abd36db96211ecd04e8c822d685dff4a89f61f718c79b79f1e1b7266df20df61153d99eb83388a9cf7e44d60aebcf1af7af10c4b9a2295dfe43738b50287353911847835972ee202d892d792bd3b152381de07d9d6d7cffaa437b86ee9339d23123e6dbfe9f07dd88ab9dee54b51b709c1f0945a3b00b3b934bb59e3fa10a18f0ef93d1085b9cb694b4adecd698505ab050c77ed0cfb395e30d0b9d75bb4c72dc1b1e335d0da9f645f60ced71c6bc7af3c43200f34ddea0a609ac4dfe4a3a592c089404a02201e6c870dbbfa015b767e7495a81fe9312681bb7cf0d79769dd63d46d6bd2ead2f6767cebfcd2444b7d9d01f9af2704dd0f005e3375cb1ba1d696afe14e816926c9f057e57ff226b17dc347e1dea74a4da873b94658e4cb64c47bd8ea96b32584a28f6f31df9f8a4c0bc0630d82135bffb4814aeec614749ae77ffbec225bba3528a74d118f5ca151139cb58d698b0a7bee56d258fe10fe7fcfaa384b60ec8c05b59ee380b7c6ba458fb029fe2b68cff6cfe1d0deaebe3bd44f234b99c7c6d6cd331cd4681a81078921c484223d8adcd5f064a046b61a9f33fbd1d01336d9e27cc80d1664fd683ddb7ed518d96ef48f8c1b0acc7f6c55014dbd7c0fdd82292ce982db40387f0edbd5d1a8a8d2d7876dffe2ea4a6e1a5ef2eb20b6f01ff78124fca702b9b747a9beab1d27b5aaa2b2e2b594e7301fb98de89d87390ac3f25646b44689d14a76ab4c740fbc98f7e2d5011945e71d0974cc56d0d9fe81aceacd43edbb784d0e4bdba7d7d510e79637af0adc22b80571a0e09a572a57e561472e444a3a9fed59ff3d787e295a0d4ea76e01a3b91715dab58280b9cacf702346cb9cf75c3cd36476566eedca59a047ccfd564394d3ba65f786e789a6a4fdc3e9aea15a83b7d61e4f5d7b2d73ba1457d551f97cad17440d2d2d084cc24358fc67d4a9bee8c8f777d96345a4678dafe7ed0da1a2676c34dec3e6abdb0e8113768948f4fd64a5c49b64b7a6c8578f7c9437bd29e0a2b786aa1c791f7d64e091e5f36d4139693e25293b73d4088625b3780cf47c6e5ae7d3639e935e85d8dee9a8e0839d7229f447fef6d5f9a03cc38c2ac3272420bea714a62a5b5ef206c035e941e5052f75cce4d8f37617dd4f5e9429ccc40e6a7f66f53de5d335753ba97e437912820152afa40253f53c07e42c5184884bfb435a98d353150adf4f04c94b5bd01094dba4010c85dcec340e7d12b14eca8119457b05733c5941cb3369933446faf27208c3041589f571d2e34a09a27fe745ae55dbde969c32b3e852ad6f9646b38f872223fa28d369de7e2be987d0b28762509815cb11f588c7d3155e9fc910c4791367415aecec957e2c3b9b288f3eef594fb4ef35746359908be5eb9319346b1e8a5d0d772fa12b24024141e902df60d043319e0974db33cab7dfda5648fa41ef71346b714cd0dbdc7ecd5af1a858ad700fa88cf663b4540813b72c3ca10e53f000a6fc0eef93a4f63120aabfa31d60afe4e809c03b0f27f66148844f6e8bbae1b0a56d292e4cd7a48e42acf15410f65bd826f882bf5d903c82c340fef043eadef031dd3bd35a0e618eef0badc12e20e129dac2b11a714223bd0e0d0ecf9c0c0e7ec4cdb803cf07f119a04441396be605cea4c0d875b66a8fd8fd3b3f7ae9ae3b9fe8f5c92885d9ab3201acbabe4db4b533303939d4ee55fa8848fb59ab178e2459acc4f92f984bf7b59d6efee7860e2abcb83afbc0d4737d07c2d088fc78dd80a3c37cc543b3c0c4ce0fa00ffafe86549b377451844cde3360c4949ae56aa41a9f2c0a85815e3e897f1f6d8a4e3607f391e8a0904000b787b78d5e6e683191a26d645e4191d87bfac06b3698d0d8bb8de0b36e82b8fc0cc473a6113c95a67ab1e94e263ee966830bfee76e47b76b8027401b9d409ccce0362a6721969a449483ddf21b3071a63389dccf86cd29c36b1f0fbee8e1d20da55d5385bf418703132600afa7b79a1df76a010c5c91289c501a68ee3bb2f5e9923d764549b284a28e6817114464dac9aba697cd199cc40325a97eea71d92c4d90b8fa46daf8068e5e4990e74135cfb1da9a08f56bac9865a89779c4b2482588ea172b1f309335e27880338fcc4085b656465051dc72f8d3be8be68fa203618667b9176b7f3656ae8e1d76bf21ad24fe1b4c6f4a4c655d6cdd04b2a4e72c7b1a26119ecdbf269b12bf2b6ad3438d8cd58ed3b342b5edad478ad1675ca9c2b4eb6907e0bc0e5fcd3be745daee2a8e33e4101f15c58f141c0676cdf377479b1a2d313aebc94db732095af16bbb8cda1168995f038558d9ef47b4a43c5ae88ef4c5be4741090c27cb7db37bc60bcdc88586f3e68dfe45525ef7b2f81e1a6fe2b6c20458a2854bcb1ce37e10cfd6075a0fcd8e208023369dd38b0e569f0f9403c27af63e69d8cc19d0aed225db5c1645232aaf1f97f5e49c16376f882453a85ba701e587a806042b38a464176c378cc6073d89f3b77f606a0f2bf84734f4683206e0462f439b81476ca70f4e64dc48da993b31a9bac4262d840b63c15dbff9069b8ae893955aa3e78cdb8136a177ae16b4c701dbaefdbca6bca93d6bd395df0461f052869683dba2568ac82ea4d411fd7685a0270780cc095e5380727d5f3fbedb021780d3aa50648ec02105e9fdfcc8f958a6a05a49438bfd39fcecda0c5bdceac8e050dc51e3c10b80ea22188aac7a5770c08eb28791dd0086fba42f249e76c4925b779c9f3adaf8d9a99c363459594939ddf33010cd03369d0ace3c5d26a426e003b887a1c9d0e2681edc58aa4015b9f5f4d30de0a5e5dd4bbde1d4c44de842d887f2a547477b9f296d7027dc0b32799e7be69404973cb798bedd0597fa72afa96af0490121f51c8d940f687969330bb286edec6d28554a92408e38d6b5751829e43be085bc3cbbd25504a89ee5b8b86614f198f0f74c4d2572fb0b53bfd39f9eee3cfaef90f289352970fb9fe654cac846a2e86306c4860506aebe56d77373ee3ec79276c722a7ec6107319f0c54ace65e76db200fadd16bc4d3bac11a77d31f6a456e097fee9eac5557c01d99d8a279ac9393823f81189652417eb25d6165b078b13ac0e75f08f7ccd68259b2c25ad4a1613d1bb346e17f979d037ddf73768a64b9bc7dd7ff0c818e6689c927480cc03f073de08ba918971c5b37413934eb683d45dc0a18716390c783fd928cc37f46cf15f0eaa9966342117b9a97bec1f47df71e6befdfb41035b98eb30cf1fa403dc9fb238faf05701ae4230f0c7d2bbe01e0f0b6b87709042cb82bda4f2bd8afb7397c21d511c2642b6a795840fa9cba9dfdccf79d2c3fe0b14cdf328819c7011992a5ac5b49a01e718c5e6553d1fd4500e78a4e69ba737b85537b8b072170aea587f98bb8944b2e0badbeb72aa597ef9589e3d17f078c8", 0x1000)

[ 2729.600394] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[ 2729.673154] CR3 = 0x0000000000000000
08:54:23 executing program 5:
r0 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/btrfs-control\x00', 0x0, 0x0)
ioctl$ASHMEM_GET_PIN_STATUS(r0, 0x7709, 0x0)
r1 = openat(r0, &(0x7f0000000000)='./bus\x00', 0x200, 0x90)
ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TIMER(r1, 0xc0605345, &(0x7f00000000c0)={0x3f, 0x0, {0x1, 0x3, 0x7, 0x2}})
r2 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
fremovexattr(r2, &(0x7f0000000080)=@known='user.syz\x00')

[ 2729.695873] RSP = 0x0000000000002018  RIP = 0x0000000000000000
[ 2729.712620] RFLAGS=0x00000002         DR7 = 0x0000000000000400
08:54:23 executing program 2:
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = fcntl$dupfd(r1, 0x0, r0)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
fcntl$setstatus(0xffffffffffffffff, 0x4, 0x6900)
ftruncate(0xffffffffffffffff, 0x800)
lseek(0xffffffffffffffff, 0x0, 0x2)
r3 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(0xffffffffffffffff, r3, 0x0, 0x8400fffffffa)
sendfile(0xffffffffffffffff, r3, 0x0, 0xffffffff)

[ 2729.746536] Sysenter RSP=0000000000000f80 CS:RIP=0050:0000000000002810
[ 2729.753152] *** Guest State ***
[ 2729.764153] CS:   sel=0x0000, attr=0x08081, limit=0x00000000, base=0x0000000000000000
[ 2729.777290] CR0: actual=0x0000000000000020, shadow=0x0000000000000000, gh_mask=fffffffffffffff7
[ 2729.788928] DS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2729.828829] SS:   sel=0x0003, attr=0x06005, limit=0x00000000, base=0x0000000000000000
[ 2729.832282] CR4: actual=0x0000000000002050, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
08:54:24 executing program 2:
r0 = creat(0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = fcntl$dupfd(r2, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r4 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r4, 0x0, 0x8400fffffffa)
sendfile(r0, r4, 0x0, 0xffffffff)

[ 2729.887257] ES:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2729.895806] CR3 = 0x00000000fffbc000
[ 2729.916713] RSP = 0x0000000000002006  RIP = 0x0000000000000000
[ 2729.944508] RFLAGS=0x00010002         DR7 = 0x0000000000000400
[ 2729.948740] FS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2729.972997] Sysenter RSP=0000000000000f80 CS:RIP=0050:0000000000002810
[ 2729.999211] GS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2730.013763] CS:   sel=0x000c, attr=0x10000, limit=0x00000000, base=0x0000000000000000
08:54:24 executing program 0:
fcntl$setstatus(0xffffffffffffffff, 0x4, 0x6900)
ftruncate(0xffffffffffffffff, 0x800)
lseek(0xffffffffffffffff, 0x0, 0x2)
r0 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(0xffffffffffffffff, r0, 0x0, 0x8400fffffffa)
sendfile(0xffffffffffffffff, r0, 0x0, 0xffffffff)

[ 2730.061439] GDTR:                           limit=0x00000000, base=0x0000000000000001
[ 2730.086314] DS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2730.146140] LDTR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2730.167208] SS:   sel=0x0000, attr=0x04005, limit=0x00000000, base=0x0000000000000000
[ 2730.190361] IDTR:                           limit=0x00000000, base=0x0000000000000002
[ 2730.202063] ES:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2730.218842] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2730.233071] FS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2730.249366] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[ 2730.275543] GS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2730.284054] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[ 2730.302513] GDTR:                           limit=0x00000000, base=0x0000000000000000
[ 2730.324463] Interruptibility = 00000000  ActivityState = 00000000
[ 2730.335911] LDTR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000004000
[ 2730.344207] *** Host State ***
[ 2730.347526] RIP = 0xffffffff8116426f  RSP = 0xffff888082a3f9d0
[ 2730.355536] IDTR:                           limit=0x00000000, base=0x0000000000000000
[ 2730.365600] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[ 2730.373267] TR:   sel=0x000d, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2730.382619] FSBase=00007fc3c7505700 GSBase=ffff8880aec00000 TRBase=fffffe0000003000
[ 2730.390549] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[ 2730.398810] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000
[ 2730.405891] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[ 2730.415400] CR0=0000000080050033 CR3=0000000091c95000 CR4=00000000001426f0
[ 2730.423531] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff864018c0
[ 2730.430337] Interruptibility = 00000000  ActivityState = 00000000
[ 2730.438085] *** Host State ***
[ 2730.442296] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[ 2730.448520] RIP = 0xffffffff8116426f  RSP = 0xffff8880929ef9d0
[ 2730.458689] *** Control State ***
[ 2730.470869] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[ 2730.479277] PinBased=0000003f CPUBased=b6986dfe SecondaryExec=000000ea
[ 2730.487371] FSBase=00007ff5ac388700 GSBase=ffff8880aed00000 TRBase=fffffe0000003000
[ 2730.496299] EntryControls=0000d1ff ExitControls=002fefff
[ 2730.503868] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[ 2730.510848] VMEntry: intr_info=800000c5 errcode=00000000 ilen=00000000
[ 2730.519360] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000
[ 2730.521387] *** Guest State ***
[ 2730.526721] CR0=0000000080050033 CR3=000000004f128000 CR4=00000000001426e0
[ 2730.528748] CR0: actual=0x0000000000000020, shadow=0x0000000000000000, gh_mask=fffffffffffffff7
[ 2730.537440] VMExit: intr_info=00000000 errcode=00000000 ilen=00000003
[ 2730.558877] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff864018c0
[ 2730.567996] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[ 2730.576204]         reason=80000021 qualification=0000000000000000
[ 2730.583581] *** Control State ***
[ 2730.587137] PinBased=0000003f CPUBased=b699edfa SecondaryExec=000000ea
[ 2730.596104] IDTVectoring: info=00000000 errcode=00000000
[ 2730.602585] TSC Offset = 0xfffffa4731a34f4f
[ 2730.603004] CR4: actual=0x0000000000002050, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[ 2730.607062] EntryControls=0000d1ff ExitControls=002fefff
[ 2730.623380] EPT pointer = 0x000000001846001e
[ 2730.627895] Virtual processor ID = 0x0024
[ 2730.640703] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
08:54:24 executing program 3:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff})
r2 = fcntl$dupfd(0xffffffffffffffff, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r3 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r3, 0x0, 0x8400fffffffa)
sendfile(r0, r3, 0x0, 0xffffffff)

08:54:24 executing program 2:
r0 = creat(0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = fcntl$dupfd(r2, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r4 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r4, 0x0, 0x8400fffffffa)
sendfile(r0, r4, 0x0, 0xffffffff)

08:54:24 executing program 0:
fcntl$setstatus(0xffffffffffffffff, 0x4, 0x6900)
ftruncate(0xffffffffffffffff, 0x800)
lseek(0xffffffffffffffff, 0x0, 0x2)
r0 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(0xffffffffffffffff, r0, 0x0, 0x8400fffffffa)
sendfile(0xffffffffffffffff, r0, 0x0, 0xffffffff)

08:54:24 executing program 5:
r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x46000)
io_setup(0x2349, &(0x7f0000000280)=<r1=>0x0)
io_submit(r1, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x80000000000000, 0x1, 0x0, r0, &(0x7f0000000000), 0x377140be6b5ef4c7}])
setsockopt$inet6_buf(r0, 0x29, 0xcc, &(0x7f0000000100)="e4", 0x1)
sendmsg$NLBL_UNLABEL_C_STATICREMOVE(r0, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000040)={&(0x7f0000000180)=ANY=[@ANYBLOB="0100", @ANYRES16=0x0, @ANYBLOB="000229bd7000ffdbdf2504000000140006006272696467655f736c6176655f30000014000200fe8000000000000000000000000000aa140006007663616e300000000000000000000000140006006e72300000000000000000000000000008000500ac1414aa14000300ff010000000000000000000000000001080005000000000008000500ac14143b14000200fe8000000000000000000000000000bb14000300ff020000000000000000000000000001"], 0xb8}, 0x1, 0x0, 0x0, 0x8014}, 0x8000)
r2 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
fremovexattr(r2, &(0x7f0000000080)=@known='user.syz\x00')

08:54:24 executing program 1:
r0 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/btrfs-control\x00', 0x0, 0x0)
ioctl$ASHMEM_GET_PIN_STATUS(r0, 0x7709, 0x0)
ioctl$sock_SIOCGIFVLAN_GET_VLAN_EGRESS_PRIORITY_CMD(r0, 0x8982, &(0x7f0000000280))
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_CLOCK(0xffffffffffffffff, 0x4030ae7b, &(0x7f0000000000)={0xec2})
r4 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/btrfs-control\x00', 0x0, 0x0)
ioctl$ASHMEM_GET_PIN_STATUS(r4, 0x7709, 0x0)
getsockopt$llc_int(r4, 0x10c, 0x1, &(0x7f0000000040), &(0x7f0000000240)=0x4)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000080)={0x1fd, 0x0, 0x10000, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000026000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$TIOCEXCL(r4, 0x540c)
mmap(&(0x7f0000025000/0x2000)=nil, 0x2000, 0x2, 0x4000010, r1, 0xd3752000)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r3, 0x4138ae84, &(0x7f00000000c0)={{0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x9}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe1}, {}, {0x0, 0x0, 0x0, 0x4, 0xce, 0x0, 0xfd}, {}, {}, {0x1}, {}, 0x80000004, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x20]})
ioctl$KVM_RUN(r3, 0xae80, 0x0)

[ 2730.658230] VMEntry: intr_info=8000030d errcode=00000000 ilen=00000000
[ 2730.659610] CR3 = 0x00000000fffbc000
[ 2730.669034] VMExit: intr_info=00000000 errcode=00000000 ilen=00000003
[ 2730.705156] RSP = 0x0000000000000000  RIP = 0x000000000000fff0
[ 2730.715991]         reason=80000021 qualification=0000000000000000
[ 2730.738646] RFLAGS=0x00010002         DR7 = 0x0000000000000400
[ 2730.745074] kauditd_printk_skb: 3 callbacks suppressed
[ 2730.745083] audit: type=1804 audit(1591347264.905:345): pid=19847 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.3" name="/root/syzkaller-testdir891778437/syzkaller.7QqUtx/809/bus" dev="sda1" ino=16750 res=1
[ 2730.752668] IDTVectoring: info=00000000 errcode=00000000
08:54:24 executing program 2:
r0 = creat(0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = fcntl$dupfd(r2, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r4 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r4, 0x0, 0x8400fffffffa)
sendfile(r0, r4, 0x0, 0xffffffff)

08:54:25 executing program 0:
fcntl$setstatus(0xffffffffffffffff, 0x4, 0x6900)
ftruncate(0xffffffffffffffff, 0x800)
lseek(0xffffffffffffffff, 0x0, 0x2)
r0 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(0xffffffffffffffff, r0, 0x0, 0x8400fffffffa)
sendfile(0xffffffffffffffff, r0, 0x0, 0xffffffff)

[ 2730.801475] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
[ 2730.857387] CS:   sel=0x000c, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2730.866157] *** Guest State ***
[ 2730.869456] CR0: actual=0x0000000080000024, shadow=0x0000000080000004, gh_mask=fffffffffffffff7
[ 2730.903773] DS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2730.924686] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[ 2730.947542] SS:   sel=0x0000, attr=0x04005, limit=0x00000000, base=0x0000000000000000
[ 2730.968601] CR3 = 0x0000000000000000
[ 2730.981405] ES:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2730.989097] TSC Offset = 0xfffffa46fd49f40f
[ 2730.997336] RSP = 0x0000000000000f80  RIP = 0x0000000000000000
[ 2731.025730] RFLAGS=0x00010002         DR7 = 0x0000000000000400
[ 2731.030355] EPT pointer = 0x000000003fa4001e
[ 2731.037610] FS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2731.063174] Sysenter RSP=0000000000000f80 CS:RIP=0050:0000000000002810
[ 2731.083610] GS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2731.100277] Virtual processor ID = 0x001c
[ 2731.102356] CS:   sel=0x0000, attr=0x08081, limit=0x00000000, base=0x0000000000000000
[ 2731.128409] GDTR:                           limit=0x00000000, base=0x0000000000000000
[ 2731.152116] DS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2731.180361] LDTR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000004000
[ 2731.207348] SS:   sel=0x0000, attr=0x04005, limit=0x00000000, base=0x0000000000000000
[ 2731.227247] IDTR:                           limit=0x00000000, base=0x0000000000000000
[ 2731.257132] ES:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2731.258173] TR:   sel=0x000d, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2731.270897] FS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2731.282291] GS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2731.292425] GDTR:                           limit=0x00000000, base=0x0000000000000001
[ 2731.302586] LDTR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2731.312079] IDTR:                           limit=0x00000000, base=0x0000000000000000
[ 2731.315284] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[ 2731.322599] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2731.336832] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[ 2731.344659] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[ 2731.353416] Interruptibility = 00000000  ActivityState = 00000000
[ 2731.360527] *** Host State ***
[ 2731.363619] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[ 2731.365130] RIP = 0xffffffff8116426f  RSP = 0xffff8880860879d0
[ 2731.379345] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[ 2731.387073] FSBase=00007fc3c7505700 GSBase=ffff8880aed00000 TRBase=fffffe0000003000
[ 2731.392626] Interruptibility = 00000000  ActivityState = 00000000
[ 2731.396056] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000
[ 2731.409441] CR0=0000000080050033 CR3=0000000043517000 CR4=00000000001426e0
[ 2731.418072] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff864018c0
[ 2731.423051] *** Host State ***
[ 2731.426296] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[ 2731.435428] *** Control State ***
[ 2731.440076] PinBased=0000003f CPUBased=b6986dfe SecondaryExec=000000ea
[ 2731.440220] RIP = 0xffffffff8116426f  RSP = 0xffff88804351f9d0
[ 2731.448222] EntryControls=0000d1ff ExitControls=002fefff
[ 2731.460362] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[ 2731.468639] VMEntry: intr_info=80000306 errcode=00000000 ilen=00000000
[ 2731.477328] VMExit: intr_info=00000000 errcode=00000000 ilen=00000003
[ 2731.485165]         reason=80000021 qualification=0000000000000000
[ 2731.488062] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[ 2731.493196] IDTVectoring: info=00000000 errcode=00000000
[ 2731.504923] TSC Offset = 0xfffffa466419f5e8
[ 2731.511558] EPT pointer = 0x0000000082b6a01e
[ 2731.519250] FSBase=00007ff5ac324700 GSBase=ffff8880aed00000 TRBase=fffffe0000034000
[ 2731.523839] Virtual processor ID = 0x0024
[ 2731.550967] GDTBase=fffffe0000032000 IDTBase=fffffe0000000000
[ 2731.556895] CR0=0000000080050033 CR3=000000004f128000 CR4=00000000001426e0
[ 2731.621096] Sysenter RSP=fffffe0000033200 CS:RIP=0010:ffffffff864018c0
[ 2731.627796] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[ 2731.640450] *** Control State ***
[ 2731.645697] PinBased=0000003f CPUBased=b699edfa SecondaryExec=000000e2
[ 2731.658655] EntryControls=0000d1ff ExitControls=002fefff
[ 2731.665675] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[ 2731.678986] VMEntry: intr_info=80000306 errcode=00000000 ilen=00000000
[ 2731.686347] VMExit: intr_info=00000000 errcode=00000000 ilen=00000003
[ 2731.699218]         reason=80000021 qualification=0000000000000000
[ 2731.706330] IDTVectoring: info=00000000 errcode=00000000
[ 2731.712555] TSC Offset = 0xfffffa4693fc99c0
[ 2731.716918] EPT pointer = 0x000000004e28001e
08:54:25 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = fcntl$dupfd(r2, 0x0, r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_CLOCK(0xffffffffffffffff, 0x4030ae7b, &(0x7f0000000000)={0xec2})
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_genetlink_get_family_id$team(&(0x7f0000000040)='team\x00')
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000026000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r4, 0x4138ae84, &(0x7f00000000c0)={{}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81}, {0x0, 0x0, 0x3}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20}, {}, {0x0, 0x0, 0x0, 0x4, 0xce, 0x0, 0xfd}})
ioctl$KVM_RUN(r4, 0xae80, 0x0)

08:54:25 executing program 0:
r0 = creat(0x0, 0x0)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0xffffffff)

08:54:25 executing program 2:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = fcntl$dupfd(r2, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r4 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r4, 0x0, 0x8400fffffffa)
sendfile(r0, r4, 0x0, 0xffffffff)

08:54:25 executing program 3:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = fcntl$dupfd(r1, 0x0, 0xffffffffffffffff)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r3 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r3, 0x0, 0x8400fffffffa)
sendfile(r0, r3, 0x0, 0xffffffff)

08:54:25 executing program 5:
r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x46000)
io_setup(0x2349, &(0x7f0000000240)=<r1=>0x0)
io_submit(r1, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x80000000000000, 0x1, 0x0, r0, &(0x7f0000000000), 0x377140be6b5ef4c7}])
setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r0, 0x84, 0x6e, &(0x7f0000000180)=[@in={0x2, 0x4e20, @private=0xa010101}, @in6={0xa, 0x4e23, 0x0, @initdev={0xfe, 0x88, [], 0x0, 0x0}, 0x80080001}, @in6={0xa, 0x4e23, 0x3f, @remote, 0x2}, @in6={0xa, 0x4e24, 0x401, @loopback, 0x2}, @in={0x2, 0x4e20, @loopback}], 0x74)
r2 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
fremovexattr(r2, &(0x7f0000000080)=@known='user.syz\x00')

08:54:25 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_CLOCK(0xffffffffffffffff, 0x4030ae7b, &(0x7f0000000000)={0xec2})
r3 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/btrfs-control\x00', 0x0, 0x0)
ioctl$ASHMEM_GET_PIN_STATUS(r3, 0x7709, 0x0)
ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000240)={[0x2ba026d3, 0x3f, 0x7fff, 0x96, 0x7fff, 0x8000, 0x6, 0x100, 0x4, 0x9, 0x3, 0xfffffffffffffff8, 0x800, 0x0, 0x7f, 0xd1], 0x2, 0x2002})
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000026000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
r4 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
fcntl$setstatus(r4, 0x4, 0x46000)
io_setup(0x2349, &(0x7f0000000240)=<r5=>0x0)
io_submit(r5, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x80000000000000, 0x1, 0x0, r4, &(0x7f0000000000), 0x377140be6b5ef4c7}])
r6 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
ioctl$VIDIOC_TRY_EXT_CTRLS(r4, 0xc0205649, &(0x7f0000000340)={0xf000000, 0x8, 0x8, r6, 0x0, &(0x7f0000000300)={0x9c0001, 0xffffffff, [], @string=&(0x7f0000000040)=0xb}})
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000000c0)={{0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x9}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x4, 0xce, 0x0, 0xfd}, {}, {}, {0x1}, {}, 0x80000004, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x20]})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

[ 2731.723218] Virtual processor ID = 0x0029
08:54:26 executing program 0:
r0 = creat(0x0, 0x0)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0xffffffff)

[ 2731.811285] audit: type=1804 audit(1591347265.966:346): pid=19880 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.3" name="/root/syzkaller-testdir891778437/syzkaller.7QqUtx/810/bus" dev="sda1" ino=17247 res=1
08:54:26 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_CLOCK(0xffffffffffffffff, 0x4030ae7b, &(0x7f0000000000)={0xec2})
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000026000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
r3 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
fcntl$setstatus(r3, 0x4, 0x46000)
io_setup(0x2349, &(0x7f0000000240)=<r4=>0x0)
io_submit(r4, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x80000000000000, 0x1, 0x0, r3, &(0x7f0000000000), 0x377140be6b5ef4c7}])
ioctl$SNDRV_TIMER_IOCTL_START(r3, 0x54a0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000000c0)={{0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x9}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x4, 0xce, 0x0, 0xfd}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, {0x1}, {}, 0x80000004, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x20]})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

08:54:26 executing program 0:
r0 = creat(0x0, 0x0)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0xffffffff)

[ 2731.952847] *** Guest State ***
[ 2731.958943] CR0: actual=0x0000000000000020, shadow=0x0000000000000000, gh_mask=fffffffffffffff7
[ 2731.977591] CR4: actual=0x0000000000002050, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[ 2732.017412] CR3 = 0x00000000fffbc000
[ 2732.028552] audit: type=1804 audit(1591347265.976:347): pid=19884 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.2" name="/root/syzkaller-testdir440013971/syzkaller.BGz3RF/4557/bus" dev="sda1" ino=17267 res=1
[ 2732.038604] RSP = 0x0000000000002006  RIP = 0x0000000000000000
08:54:26 executing program 0:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
fcntl$setstatus(0xffffffffffffffff, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0xffffffff)

[ 2732.086130] *** Guest State ***
[ 2732.117729] CR0: actual=0x0000000080000024, shadow=0x0000000080000004, gh_mask=fffffffffffffff7
[ 2732.143211] RFLAGS=0x00010002         DR7 = 0x0000000000000400
[ 2732.155985] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
08:54:26 executing program 5:
r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_READ(r0, 0xc4c85512, &(0x7f0000000180)={{0x6, 0x3, 0x10001, 0xfffffffd, 'syz0\x00', 0x81}, 0x0, [0x20, 0x100000001, 0xb3, 0x5, 0x8000, 0x80, 0x2, 0x83de, 0xec1, 0x116d, 0x3e5, 0x1, 0x7, 0x7, 0x4, 0x2e, 0xde6, 0x6, 0xa3, 0x100000, 0x3, 0xff, 0x0, 0x8, 0xa79b, 0x7ff, 0x2, 0x10000, 0x0, 0xff, 0x6, 0x0, 0x800, 0x3, 0x2, 0x8000, 0x8, 0x400, 0x2, 0x101, 0xfffffffffffffffe, 0x3, 0x5ea9, 0x100000000, 0x10000, 0x10001, 0x0, 0xffffffff, 0x100000001, 0x100000001, 0x8001, 0x3, 0x7, 0x40, 0xa4, 0x38, 0x1, 0xfffffffffffffffa, 0xffff, 0x6a60, 0x2, 0x7, 0x5, 0x8001, 0x9, 0x8, 0x3, 0xfffffffffffffff9, 0x45280000, 0x43, 0x3, 0x81, 0x7, 0x9, 0xff, 0x1, 0x3f, 0xfff, 0x713b57ea, 0xa416, 0x1, 0x0, 0x70, 0x4, 0x9, 0x9, 0x2, 0x6, 0x56039afb, 0x5, 0xffffffffffffffff, 0x1, 0x9, 0x88, 0xdf, 0xc, 0x3, 0x4, 0x5, 0xffffffff, 0x81, 0x8, 0x40, 0x65, 0x80000000, 0x8, 0xf43, 0x2, 0x1000, 0x805, 0x28, 0xfff, 0x100000000, 0x7fffffff, 0xffffffffffff9b01, 0x1, 0x3, 0xecd4, 0x2, 0x1, 0x7, 0x0, 0x4, 0x9, 0x0, 0x7, 0x3, 0x7]})
fremovexattr(r0, &(0x7f0000000080)=@known='user.syz\x00')

[ 2732.178022] Sysenter RSP=0000000000000f80 CS:RIP=0050:0000000000002810
[ 2732.203592] CR3 = 0x0000000000000000
[ 2732.210422] audit: type=1804 audit(1591347266.346:348): pid=19911 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.0" name="/root/syzkaller-testdir384449744/syzkaller.8GxjaF/4272/bus" dev="sda1" ino=17275 res=1
[ 2732.239826] CS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2732.254151] RSP = 0x0000000000002018  RIP = 0x0000000000000000
[ 2732.263993] DS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2732.275608] RFLAGS=0x00000002         DR7 = 0x0000000000000400
[ 2732.289195] Sysenter RSP=0000000000000f80 CS:RIP=0050:0000000000002810
[ 2732.297771] SS:   sel=0x0000, attr=0x04005, limit=0x00000000, base=0x0000000000000000
[ 2732.309588] CS:   sel=0x0000, attr=0x08081, limit=0x00000000, base=0x0000000000000000
[ 2732.323048] ES:   sel=0x0003, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2732.347089] DS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2732.363799] FS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2732.391137] SS:   sel=0x0000, attr=0x04005, limit=0x00000000, base=0x0000000000000000
[ 2732.406651] GS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2732.437749] ES:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2732.453568] GDTR:                           limit=0x00000000, base=0x0000000000000000
[ 2732.485513] FS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2732.511090] LDTR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2732.544753] GS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2732.564883] IDTR:                           limit=0x00000000, base=0x0000000000000000
08:54:26 executing program 3:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = fcntl$dupfd(r1, 0x0, 0xffffffffffffffff)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r3 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r3, 0x0, 0x8400fffffffa)
sendfile(r0, r3, 0x0, 0xffffffff)

[ 2732.624588] GDTR:                           limit=0x00000000, base=0x0000000000000001
[ 2732.643391] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2732.675115] LDTR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2732.696369] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[ 2732.716674] IDTR:                           limit=0x00000000, base=0x0000000000000000
[ 2732.727615] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[ 2732.757680] audit: type=1804 audit(1591347266.916:349): pid=19928 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.3" name="/root/syzkaller-testdir891778437/syzkaller.7QqUtx/811/bus" dev="sda1" ino=16711 res=1
[ 2732.793724] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2732.806884] Interruptibility = 00000000  ActivityState = 00000000
[ 2732.818741] *** Host State ***
[ 2732.829343] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[ 2732.839845] RIP = 0xffffffff8116426f  RSP = 0xffff8880569679d0
[ 2732.858246] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[ 2732.869805] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[ 2732.878963] Interruptibility = 00000000  ActivityState = 00000000
[ 2732.887218] FSBase=00007ff5ac388700 GSBase=ffff8880aed00000 TRBase=fffffe0000034000
[ 2732.897501] *** Host State ***
[ 2732.902147] *** Guest State ***
[ 2732.906440] CR0: actual=0x0000000080000024, shadow=0x0000000080000004, gh_mask=fffffffffffffff7
[ 2732.918026] GDTBase=fffffe0000032000 IDTBase=fffffe0000000000
[ 2732.925968] RIP = 0xffffffff8116426f  RSP = 0xffff8880429e79d0
[ 2732.934763] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[ 2732.945077] CR0=0000000080050033 CR3=000000004e327000 CR4=00000000001426e0
[ 2732.954539] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[ 2732.968506] Sysenter RSP=fffffe0000033200 CS:RIP=0010:ffffffff864018c0
[ 2732.976604] FSBase=00007fc3c7505700 GSBase=ffff8880aed00000 TRBase=fffffe0000034000
[ 2732.985934] CR3 = 0x0000000000000000
[ 2732.993064] RSP = 0x0000000000002018  RIP = 0x0000000000000000
[ 2733.013411] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[ 2733.019985] GDTBase=fffffe0000032000 IDTBase=fffffe0000000000
[ 2733.033005] RFLAGS=0x00000002         DR7 = 0x0000000000000400
[ 2733.039577] *** Control State ***
[ 2733.047766] CR0=0000000080050033 CR3=000000004e48c000 CR4=00000000001426e0
[ 2733.058067] PinBased=0000003f CPUBased=b699edfa SecondaryExec=000000ea
[ 2733.069906] Sysenter RSP=0000000000000f80 CS:RIP=0050:0000000000002810
[ 2733.082587] Sysenter RSP=fffffe0000033200 CS:RIP=0010:ffffffff864018c0
[ 2733.091742] EntryControls=0000d1ff ExitControls=002fefff
[ 2733.105204] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[ 2733.111831] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[ 2733.130183] *** Control State ***
[ 2733.135370] VMEntry: intr_info=8000030d errcode=00000000 ilen=00000000
[ 2733.138536] CS:   sel=0x0000, attr=0x08081, limit=0x00000000, base=0x0000000000000000
[ 2733.147404] PinBased=0000003f CPUBased=b6986dfe SecondaryExec=000000ea
[ 2733.166164] DS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2733.166388] VMExit: intr_info=00000000 errcode=00000000 ilen=00000003
[ 2733.189206] EntryControls=0000d1ff ExitControls=002fefff
[ 2733.206300] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[ 2733.207503] SS:   sel=0x0000, attr=0x04005, limit=0x00000000, base=0x0000000000000000
[ 2733.214916]         reason=80000021 qualification=0000000000000000
[ 2733.237867] VMEntry: intr_info=800000c5 errcode=00000000 ilen=00000000
[ 2733.245675] IDTVectoring: info=00000000 errcode=00000000
[ 2733.252969] TSC Offset = 0xfffffa45ced68884
[ 2733.257735] VMExit: intr_info=00000000 errcode=00000000 ilen=00000003
[ 2733.266253] EPT pointer = 0x00000000952bc01e
[ 2733.271947]         reason=80000021 qualification=0000000000000000
[ 2733.278667] Virtual processor ID = 0x001c
[ 2733.279931] ES:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2733.290101] IDTVectoring: info=00000000 errcode=00000000
[ 2733.299281] TSC Offset = 0xfffffa45c3cd4dfb
[ 2733.316046] EPT pointer = 0x0000000080bf501e
08:54:27 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = fcntl$dupfd(r2, 0x0, r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_CLOCK(0xffffffffffffffff, 0x4030ae7b, &(0x7f0000000000)={0xec2})
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000026000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r4, 0x4138ae84, &(0x7f00000000c0)={{}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x6, 0x4}, {0x3000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa8}, {0x0, 0x4000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x8, 0x0, 0x4}, {0x0, 0x0, 0x0, 0x4, 0xce, 0x0, 0xfd}, {}, {0x0, 0x0, 0x0, 0x1}})
ioctl$KVM_RUN(r4, 0xae80, 0x0)
syz_mount_image$xfs(&(0x7f0000000040)='xfs\x00', &(0x7f0000000240)='./file0\x00', 0x61, 0x5, &(0x7f0000000640)=[{&(0x7f0000000280)="11e5dff98923246a4b2ff8555769e82198d99e0c21f96d037a7958b6993e2537860321a570", 0x25, 0x68659c25}, {&(0x7f00000002c0)="121d31c2bf81fd97719c874f049ec1425e20e83ff2af21d3460e7ba11d4f4fd1b1ffabbae3756908c8921d44c62352345db907a01c3f104bf009f2c2ad882961478b05913ec9cf8cb5f640232d79d0552a56e733af16bd8c7d84212f3b35a9fcdbb7ddef07a999ad97e9794e0e3b9e48134decb3891c29d15f985d412e8e9780b0c8ace5f76e9da24dace53814ffc6b30c0e589ffeb1d7f07fd7ecf53898e1a868457078cd4e1fe8fcf3286ca5696310d86e2fb0c5c6d663121aaae47151f0fd526a2e0e7f623510244f6ec91a169732ceb4f85d3e79ad31d276bcacc826", 0xde, 0x9}, {&(0x7f00000003c0)="ebf2578eac4be3c6ab5ce93c989d1339d646b906065d79950d04105ed1881da884ca64b7b3ae2de38d1b947c9c7577384666293c5acca0fc8b99f8adbf2b1cf13c12dcbf0b670335fd4240762a0c9a7092d60246176d72e3f09dd1da140ec374541d9292f0a649c6e0efed3b339d69005e157637ded6c178a4d88c0ddb64bdab3dacada278bb88e291b0bc4e4c62508ed94e930759c6956345ae7860e493333638386153bdec16cdf8447216017668300a458c37b746b8626b4af8212fe0541f1347b318", 0xc4, 0x1}, {&(0x7f00000004c0)="bf12b4ae4f8a789b4617dc4172117a4196af16db10490ad8eb5489c86f3e8f19ac611848be2d6b2f6d61c15076c63daef092ff728ae8f878e607d313bd2be20c742a22f90199e98ff9a027b83dee6d484a1107af9c212b85c6552936e6ee890f4c0815c6fa84b7a53238abed0f8efcbd970c50d3ba8b41df70a5236464cbb1aadd8db9b43f15a75d0bb760be6c1e1fdb1a14362e94dd95517b9fcd07b1092823d5fcb97f383b1f06232febf57080be020b6df55debfef68713bf2ddb5f39e736adf61b576ccc10f3bb1d1ad8d8326261bcf90646c6f7e21726249e8cb9b5790b316784b0734784296b4580999ef6598bfd1c92b531ff97", 0xf7, 0x10001}, {&(0x7f00000005c0)="4e0863906bdca0c5373a7ab978a2ea92ae9c01bb57e8371085c066ea7d115a8e8e8362a0f83a1a6a714896b75607bf3fe2584710b65ccfb8db5299d6503c794abd4831fd2361d97850d3fd0bac9fd34a51e4a2ef472081e683210dcc21a0ff45b679c1cd7573853d9f703a9a88d6ecdc7a7a169429", 0x75}], 0x8000, &(0x7f00000006c0)={[{@swidth={'swidth', 0x3d, 0xffffffffffff0001}}, {@noattr2='noattr2'}, {@nodiscard='nodiscard'}], [{@context={'context', 0x3d, 'sysadm_u'}}]})

08:54:27 executing program 2:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = fcntl$dupfd(r2, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r4 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r4, 0x0, 0x8400fffffffa)
sendfile(r0, r4, 0x0, 0xffffffff)

08:54:27 executing program 5:
r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
fremovexattr(r0, &(0x7f0000000080)=@known='user.syz\x00')
renameat(r0, &(0x7f0000000000)='./bus\x00', r0, &(0x7f0000000040)='./bus\x00')
r1 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/btrfs-control\x00', 0x0, 0x0)
ioctl$ASHMEM_GET_PIN_STATUS(r1, 0x7709, 0x0)
ioctl$VIDIOC_RESERVED(r1, 0x5601, 0x0)

08:54:27 executing program 0:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
fcntl$setstatus(0xffffffffffffffff, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0xffffffff)

[ 2733.336736] FS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2733.343617] Virtual processor ID = 0x0024
[ 2733.383308] GS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2733.422242] audit: type=1804 audit(1591347267.586:350): pid=19946 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.2" name="/root/syzkaller-testdir440013971/syzkaller.BGz3RF/4558/bus" dev="sda1" ino=17278 res=1
[ 2733.450521] GDTR:                           limit=0x00000000, base=0x0000000000000001
[ 2733.497719] *** Guest State ***
[ 2733.505367] LDTR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2733.509610] CR0: actual=0x0000000000000020, shadow=0x0000000000000000, gh_mask=fffffffffffffff7
08:54:27 executing program 3:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = fcntl$dupfd(r1, 0x0, 0xffffffffffffffff)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r3 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r3, 0x0, 0x8400fffffffa)
sendfile(r0, r3, 0x0, 0xffffffff)

[ 2733.554795] audit: type=1804 audit(1591347267.636:351): pid=19949 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.0" name="/root/syzkaller-testdir384449744/syzkaller.8GxjaF/4273/bus" dev="sda1" ino=17284 res=1
[ 2733.565944] IDTR:                           limit=0x00000000, base=0x0000000000000000
[ 2733.618447] CR4: actual=0x0000000000002050, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[ 2733.665892] CR3 = 0x00000000fffbc000
[ 2733.687733] RSP = 0x0000000000002006  RIP = 0x0000000000000000
[ 2733.694745] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2733.698284] audit: type=1804 audit(1591347267.846:352): pid=19957 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.3" name="/root/syzkaller-testdir891778437/syzkaller.7QqUtx/812/bus" dev="sda1" ino=17303 res=1
08:54:27 executing program 5:
r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
mbind(&(0x7f0000fff000/0x1000)=nil, 0x1000, 0x8000, &(0x7f0000000000)=0x8, 0x40, 0x0)
fremovexattr(r0, &(0x7f0000000080)=@known='user.syz\x00')

[ 2733.734403] RFLAGS=0x00010002         DR7 = 0x0000000000000400
[ 2733.748295] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[ 2733.750573] Sysenter RSP=0000000000000f80 CS:RIP=0050:0000000000002810
[ 2733.771902] CS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2733.783529] DS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2733.792709] SS:   sel=0x0000, attr=0x04005, limit=0x00000000, base=0x0000000000000000
[ 2733.803889] ES:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2733.810920] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[ 2733.814073] FS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000003000
[ 2733.830013] GS:   sel=0x0000, attr=0x10000, limit=0x00004000, base=0x0000000000000000
[ 2733.840691] GDTR:                           limit=0x00000000, base=0x0000000000000000
[ 2733.850527] LDTR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2733.874470] Interruptibility = 00000000  ActivityState = 00000000
[ 2733.890647] IDTR:                           limit=0x00000000, base=0x0000000000000000
[ 2733.922919] *** Host State ***
[ 2733.943873] RIP = 0xffffffff8116426f  RSP = 0xffff8880911279d0
[ 2733.945234] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2733.979604] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[ 2734.017856] FSBase=00007fc3c74a1700 GSBase=ffff8880aed00000 TRBase=fffffe0000003000
[ 2734.025050] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[ 2734.059326] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[ 2734.074472] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000
[ 2734.101135] Interruptibility = 00000000  ActivityState = 00000000
[ 2734.125477] CR0=0000000080050033 CR3=000000004e48c000 CR4=00000000001426e0
[ 2734.130422] *** Host State ***
08:54:28 executing program 5:
r0 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0x7, 0x60000)
r1 = socket$inet6_sctp(0xa, 0x5, 0x84)
shutdown(r1, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f0000000040)={0x0, 0xfffffca5, &(0x7f0000000300)=[@in={0x2, 0x4e22, @dev={0xac, 0x14, 0x14, 0x2a}}, @in6={0xa, 0x4e23, 0x0, @ipv4={[], [], @empty}, 0x5}, @in={0x2, 0x4e23, @multicast2}, @in={0x2, 0x4e20, @loopback}, @in6={0xa, 0x4e20, 0x4, @dev={0xfe, 0x80, [], 0x36}, 0x5}, @in={0x2, 0x4e22, @initdev={0xac, 0x1e, 0x0, 0x0}}, @in6={0xa, 0x4e21, 0x1, @mcast1, 0xffffffff}]}, &(0x7f0000000180)=0x10)
r2 = socket$inet(0x2, 0x80001, 0x84)
getsockopt$inet_sctp_SCTP_MAX_BURST(r2, 0x84, 0x14, &(0x7f00000000c0)=@assoc_value={<r3=>0x0}, &(0x7f0000000100)=0xfffffdeb)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x7d, &(0x7f0000000240)={r3}, 0x9c)
setsockopt$inet_sctp_SCTP_ENABLE_STREAM_RESET(r0, 0x84, 0x76, &(0x7f0000000080)={r3, 0x2}, 0x8)
creat(&(0x7f0000000000)='./bus\x00', 0x0)

[ 2734.164785] RIP = 0xffffffff8116426f  RSP = 0xffff888082a3f9d0
[ 2734.202119] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff864018c0
[ 2734.223215] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[ 2734.265824] *** Guest State ***
[ 2734.269825] FSBase=00007ff5ac388700 GSBase=ffff8880aed00000 TRBase=fffffe0000034000
[ 2734.277575] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[ 2734.286684] CR0: actual=0x0000000000000020, shadow=0x0000000000000000, gh_mask=fffffffffffffff7
[ 2734.315063] GDTBase=fffffe0000032000 IDTBase=fffffe0000000000
[ 2734.324195] CR0=0000000080050033 CR3=000000003f7b7000 CR4=00000000001426e0
[ 2734.335029] Sysenter RSP=fffffe0000033200 CS:RIP=0010:ffffffff864018c0
[ 2734.339625] *** Control State ***
[ 2734.345864] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[ 2734.354978] *** Control State ***
[ 2734.362665] PinBased=0000003f CPUBased=b699edfa SecondaryExec=000000ea
[ 2734.362923] PinBased=0000003f CPUBased=b6986dfe SecondaryExec=000000ea
[ 2734.370336] EntryControls=0000d1ff ExitControls=002fefff
[ 2734.380047] CR4: actual=0x0000000000002050, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[ 2734.391523] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[ 2734.399536] CR3 = 0x00000000fffbc000
[ 2734.405524] VMEntry: intr_info=8000030d errcode=00000000 ilen=00000000
[ 2734.422745] RSP = 0x0000000000000f80  RIP = 0x0000000000000000
[ 2734.443329] VMExit: intr_info=00000000 errcode=00000000 ilen=00000003
[ 2734.453683] RFLAGS=0x00000002         DR7 = 0x0000000000000400
[ 2734.474788]         reason=80000021 qualification=0000000000000000
[ 2734.481085] EntryControls=0000d1ff ExitControls=002fefff
[ 2734.486595] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[ 2734.494760] IDTVectoring: info=00000000 errcode=00000000
[ 2734.506661] TSC Offset = 0xfffffa44fae00ca0
[ 2734.516587] Sysenter RSP=0000000000000f80 CS:RIP=0050:0000000000002810
[ 2734.529283] EPT pointer = 0x000000004d17401e
[ 2734.531068] CS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2734.545853] Virtual processor ID = 0x001c
[ 2734.551574] VMEntry: intr_info=800000c5 errcode=00000000 ilen=00000000
[ 2734.558934] VMExit: intr_info=00000000 errcode=00000000 ilen=00000003
[ 2734.585963] DS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2734.598294]         reason=80000021 qualification=0000000000000000
[ 2734.606911] IDTVectoring: info=00000000 errcode=00000000
[ 2734.616001] TSC Offset = 0xfffffa4552dcacec
[ 2734.618357] SS:   sel=0x0000, attr=0x04005, limit=0x00000000, base=0x0000000000000000
[ 2734.620622] EPT pointer = 0x00000000972bc01e
08:54:28 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
chdir(&(0x7f0000000040)='./bus\x00')
ioctl$KVM_SET_CLOCK(0xffffffffffffffff, 0x4030ae7b, &(0x7f0000000000)={0xec2})
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000026000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
r3 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
fcntl$setstatus(r3, 0x4, 0x46000)
io_setup(0x2349, &(0x7f0000000240)=<r4=>0x0)
io_submit(r4, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x80000000000000, 0x1, 0x0, r3, &(0x7f0000000000), 0x377140be6b5ef4c7}])
fcntl$setsig(r3, 0xa, 0x1a)
ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000280)={[0x6, 0x7, 0xffff, 0x5, 0x800, 0x4, 0x4, 0x9, 0xffffffff, 0x979, 0x2, 0x1, 0x7, 0x8, 0x8, 0x72], 0x3000, 0x1e202})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000000c0)={{0x0, 0x100000, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x9}, {}, {}, {0x0, 0x2000}, {0x2}, {0x0, 0x0, 0x0, 0x4, 0xce, 0x0, 0xfd}, {}, {0x0, 0x2, 0xd}, {0x1}, {}, 0x40000006, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x20]})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

08:54:28 executing program 2:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = fcntl$dupfd(r2, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r4 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r4, 0x0, 0x8400fffffffa)
sendfile(r0, r4, 0x0, 0xffffffff)

08:54:28 executing program 0:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
fcntl$setstatus(0xffffffffffffffff, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0xffffffff)

08:54:28 executing program 5:
r0 = creat(&(0x7f0000000140)='./bus\x00', 0x53)
fremovexattr(r0, &(0x7f0000000080)=@known='user.syz\x00')
r1 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
r2 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
fcntl$setstatus(r2, 0x4, 0x46000)
io_setup(0x2349, &(0x7f0000000240)=<r3=>0x0)
io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x80000000000000, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7}])
bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000000100)={r2, &(0x7f0000000280)="cdc007b56f628369d7f466a1d9e5a701c7629e8d6e14872a641140758d0cde5259961304a69b215d685ea680ed92aa76ebd4ca543cd7ac24917cb1c5626fac4bc5f09dd07d35c1aa8bd328ce660f28a748bcb9277ced60daef16582e933e7875cdb14d23cc9712f99c99dcc00a6e3b9829297ee7d03411830cbe5044dbeb1ae2ddc117dcdae22b700d994f8cf18ead1da01b557b19b365803d64d3481b6fe1d9dd56ebdd86bc5eaba88a22a10d5f24ed7ee5ef598338277aee592bd84e61eadb2d1197ee7b3897fb7c123e8c062de9f62851eba4c8aafc15bdf0a56a78055a7ba87ac917ca1e922f", &(0x7f0000000040)=""/61}, 0x20)
fcntl$setstatus(r1, 0x4, 0x46000)
io_setup(0x2349, &(0x7f0000000240)=<r4=>0x0)
io_submit(r4, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x80000000000000, 0x1, 0x0, r1, &(0x7f0000000000), 0x377140be6b5ef4c7}])
ioctl$TUNGETSNDBUF(r1, 0x800454d3, &(0x7f0000000000))

08:54:28 executing program 3:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
fcntl$dupfd(r2, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r3 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r3, 0x0, 0x8400fffffffa)
sendfile(r0, r3, 0x0, 0xffffffff)

[ 2734.620631] Virtual processor ID = 0x0029
[ 2734.648502] ES:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2734.656925] FS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000003000
[ 2734.705946] audit: type=1804 audit(1591347268.866:353): pid=19978 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.2" name="/root/syzkaller-testdir440013971/syzkaller.BGz3RF/4559/bus" dev="sda1" ino=15959 res=1
[ 2734.754894] GS:   sel=0x0000, attr=0x10000, limit=0x00004000, base=0x0000000000000000
[ 2734.784131] GDTR:                           limit=0x00000000, base=0x0000000000000000
[ 2734.810614] audit: type=1804 audit(1591347268.876:354): pid=19981 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.3" name="/root/syzkaller-testdir891778437/syzkaller.7QqUtx/813/bus" dev="sda1" ino=15972 res=1
[ 2734.856361] LDTR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2734.904399] *** Guest State ***
[ 2734.912780] IDTR:                           limit=0x00000000, base=0x0000000000000000
[ 2734.930393] CR0: actual=0x0000000000000026, shadow=0x0000000040000006, gh_mask=fffffffffffffff7
[ 2734.974468] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2735.007978] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[ 2735.009895] CR4: actual=0x0000000000002050, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[ 2735.040831] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[ 2735.076471] Interruptibility = 00000000  ActivityState = 00000000
[ 2735.108617] CR3 = 0x00000000fffbc000
[ 2735.123819] *** Host State ***
[ 2735.132975] RSP = 0x0000000000002018  RIP = 0x0000000000000000
[ 2735.143363] RIP = 0xffffffff8116426f  RSP = 0xffff88804fc7f9d0
[ 2735.166664] RFLAGS=0x00000002         DR7 = 0x0000000000000400
[ 2735.178125] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[ 2735.196634] Sysenter RSP=0000000000000f80 CS:RIP=0050:0000000000002810
[ 2735.225896] CS:   sel=0x0000, attr=0x08081, limit=0x00100000, base=0x0000000000000000
[ 2735.227649] FSBase=00007ff5ac345700 GSBase=ffff8880aec00000 TRBase=fffffe0000034000
[ 2735.258328] DS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2735.288564] SS:   sel=0x0000, attr=0x04005, limit=0x00000000, base=0x0000000000000000
[ 2735.299514] ES:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2735.315301] GDTBase=fffffe0000032000 IDTBase=fffffe0000000000
[ 2735.324958] FS:   sel=0x0000, attr=0x10000, limit=0x00002000, base=0x0000000000000000
[ 2735.336837] GS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000002
[ 2735.352454] CR0=0000000080050033 CR3=000000003f7b7000 CR4=00000000001426f0
[ 2735.369965] GDTR:                           limit=0x00000000, base=0x0000000000000001
[ 2735.393974] Sysenter RSP=fffffe0000033200 CS:RIP=0010:ffffffff864018c0
[ 2735.393998] LDTR: sel=0x000d, attr=0x10000, limit=0x00000002, base=0x0000000000000000
[ 2735.421299] IDTR:                           limit=0x00000000, base=0x0000000000000000
[ 2735.436725] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[ 2735.470679] *** Control State ***
[ 2735.471986] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2735.494257] PinBased=0000003f CPUBased=b699edfa SecondaryExec=000000ea
[ 2735.527439] EntryControls=0000d1ff ExitControls=002fefff
[ 2735.558019] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[ 2735.568585] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[ 2735.591014] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[ 2735.598500] Interruptibility = 00000000  ActivityState = 00000000
[ 2735.612640] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000
[ 2735.646493] VMExit: intr_info=00000000 errcode=00000000 ilen=00000003
[ 2735.651230] *** Host State ***
[ 2735.656484] RIP = 0xffffffff8116426f  RSP = 0xffff8880886679d0
[ 2735.682294] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[ 2735.684112]         reason=80000021 qualification=0000000000000000
[ 2735.688731] FSBase=00007fc3c7505700 GSBase=ffff8880aec00000 TRBase=fffffe0000003000
[ 2735.688741] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000
[ 2735.688753] CR0=0000000080050033 CR3=00000000593a6000 CR4=00000000001426f0
[ 2735.688764] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff864018c0
[ 2735.688775] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[ 2735.718175] IDTVectoring: info=00000000 errcode=00000000
[ 2735.763291] TSC Offset = 0xfffffa448fecd936
[ 2735.778432] EPT pointer = 0x0000000056da701e
[ 2735.784320] Virtual processor ID = 0x0024
08:54:29 executing program 0:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x0)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0xffffffff)

08:54:29 executing program 5:
r0 = creat(&(0x7f0000000140)='./bus\x00', 0x127)
fremovexattr(r0, &(0x7f0000000080)=@known='user.syz\x00')

08:54:29 executing program 2:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x3, 0x0, 0x0)
r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r2 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r2, 0x0, 0x8400fffffffa)
sendfile(r0, r2, 0x0, 0xffffffff)

08:54:29 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = fcntl$dupfd(r2, 0x0, r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_CLOCK(0xffffffffffffffff, 0x4030ae7b, &(0x7f0000000000)={0xec2})
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000026000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$ASHMEM_GET_PROT_MASK(r3, 0x7706, &(0x7f0000000040))
r5 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
fcntl$setstatus(r5, 0x4, 0x46000)
io_setup(0x2349, &(0x7f0000000240)=<r6=>0x0)
io_submit(r6, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x80000000000000, 0x1, 0x0, r5, &(0x7f0000000000), 0x377140be6b5ef4c7}])
ioctl$VIDIOC_S_PARM(r5, 0xc0cc5616, &(0x7f0000000240)={0xb, @output={0x1000, 0x1, {0x1, 0xfffffffd}, 0x800, 0xfffffffd}})
ioctl$KVM_RUN(r4, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r4, 0x4138ae84, &(0x7f00000000c0)={{0x0, 0x0, 0x0, 0x4}, {}, {0x0, 0x0, 0x0, 0xfe}, {0x5000}, {}, {0x0, 0x0, 0x0, 0x4, 0xce, 0x0, 0xfd}, {}, {}, {}, {0x0, 0x7}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x1]})
ioctl$KVM_RUN(r4, 0xae80, 0x0)

08:54:30 executing program 3:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
fcntl$dupfd(r2, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r3 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r3, 0x0, 0x8400fffffffa)
sendfile(r0, r3, 0x0, 0xffffffff)

[ 2735.807797] *** Control State ***
[ 2735.811367] PinBased=0000003f CPUBased=b699edfe SecondaryExec=000000ea
[ 2735.818035] EntryControls=0000d1ff ExitControls=002fefff
[ 2735.858294] kauditd_printk_skb: 1 callbacks suppressed
[ 2735.858304] audit: type=1804 audit(1591347270.016:356): pid=20011 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.3" name="/root/syzkaller-testdir891778437/syzkaller.7QqUtx/814/bus" dev="sda1" ino=16290 res=1
[ 2735.872215] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
08:54:30 executing program 2:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x3, 0x0, 0x0)
r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r2 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r2, 0x0, 0x8400fffffffa)
sendfile(r0, r2, 0x0, 0xffffffff)

08:54:30 executing program 4:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0xffffffff)

[ 2736.005431] VMEntry: intr_info=800000c5 errcode=00000000 ilen=00000000
[ 2736.038019] VMExit: intr_info=00000000 errcode=00000000 ilen=00000003
[ 2736.077906]         reason=80000021 qualification=0000000000000000
[ 2736.087205] audit: type=1804 audit(1591347270.066:357): pid=20010 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.0" name="/root/syzkaller-testdir384449744/syzkaller.8GxjaF/4275/bus" dev="sda1" ino=16337 res=1
[ 2736.134021] IDTVectoring: info=00000000 errcode=00000000
[ 2736.183447] TSC Offset = 0xfffffa4443bfeb53
[ 2736.220121] EPT pointer = 0x00000000aec5a01e
[ 2736.249823] audit: type=1804 audit(1591347270.226:358): pid=20025 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.2" name="/root/syzkaller-testdir440013971/syzkaller.BGz3RF/4561/bus" dev="sda1" ino=16230 res=1
[ 2736.256845] Virtual processor ID = 0x001c
[ 2736.396741] audit: type=1804 audit(1591347270.276:359): pid=20027 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.4" name="/root/syzkaller-testdir787812507/syzkaller.VZIQUG/4429/bus" dev="sda1" ino=16372 res=1
08:54:30 executing program 5:
r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
fremovexattr(r0, &(0x7f0000000000)=@known='com.apple.FinderInfo\x00')

08:54:30 executing program 0:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x0)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0xffffffff)

08:54:30 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
keyctl$read(0xb, 0x0, &(0x7f0000000440)=""/51, 0x33)
ioctl$KVM_SET_CLOCK(0xffffffffffffffff, 0x4030ae7b, &(0x7f0000000000)={0xec2})
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000000)={<r3=>0xffffffffffffffff}, 0x13f}}, 0xffaf)
write$RDMA_USER_CM_CMD_QUERY(0xffffffffffffffff, &(0x7f0000000040)={0x13, 0x10, 0x7, {0x0, r3, 0x2}}, 0x18)
write$RDMA_USER_CM_CMD_RESOLVE_ADDR(0xffffffffffffffff, &(0x7f0000000300)={0x15, 0x110, 0xfa00, {r3, 0x7, 0x0, 0x0, 0x0, @in={0x2, 0x4e24, @loopback}, @in={0x2, 0x4e22, @private=0xa010101}}}, 0x118)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000026000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
r4 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
fcntl$setstatus(r4, 0x4, 0x46000)
io_setup(0x2349, &(0x7f0000000240)=<r5=>0x0)
io_submit(r5, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x80000000000000, 0x1, 0x0, r4, &(0x7f0000000000), 0x377140be6b5ef4c7}])
write$FUSE_NOTIFY_POLL(r4, &(0x7f0000000040)={0x18, 0x1, 0x0, {0xf5e}}, 0x18)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000000c0)={{0x2, 0x8004, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x9}, {}, {0x0, 0x0, 0x0, 0x9, 0xca, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, {0x2, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9c}, {0x0, 0x0, 0x0, 0x7, 0xce, 0x0, 0xfd, 0x0, 0x0, 0x0, 0x0, 0x8}, {0x0, 0x0, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}, {0x0, 0x0, 0x0, 0x0, 0x80}, {0x1}, {}, 0x80000004, 0x0, 0x0, 0x0, 0x800003, 0x5400, 0x0, [0xffff, 0x0, 0x0, 0x20]})
ioctl$SIOCX25SCALLUSERDATA(r0, 0x89e5, &(0x7f0000000240)={0x4a, "fa6d9e21cd29226ed859011da234514b1949e397cb60480fb63d30df20d8e6d912291869a18648b1e3bd906276c66e5e4ba72079500391e66759ce102ffe445ec077c3047b838b4aaa6d1644eec346dadcfabcdb5d108c8b4406afe09882ee1e8c5b014a102bd4b2a2521e7456f9b896e8da8cda49618d2cd3ecc460903c8c41"})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

08:54:30 executing program 3:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
fcntl$dupfd(r2, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r3 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r3, 0x0, 0x8400fffffffa)
sendfile(r0, r3, 0x0, 0xffffffff)

08:54:31 executing program 2:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x3, 0x0, 0x0)
r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r2 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r2, 0x0, 0x8400fffffffa)
sendfile(r0, r2, 0x0, 0xffffffff)

08:54:31 executing program 5:
r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x46000)
io_setup(0x2349, &(0x7f0000000240)=<r1=>0x0)
io_submit(r1, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x80000000000000, 0x1, 0x0, r0, &(0x7f0000000000), 0x377140be6b5ef4c7}])
ioctl$USBDEVFS_BULK(r0, 0xc0185502, &(0x7f0000000040)={{{0x5}}, 0x2d, 0x43, &(0x7f0000000000)="3297330130d2dc01148617c8d5d12a7dd99879b37578250f9c93917457b072e287fc8b09411f924df598f21877"})
r2 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
fremovexattr(r2, &(0x7f0000000080)=@known='user.syz\x00')

08:54:31 executing program 3:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = fcntl$dupfd(r2, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x0)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r4 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r4, 0x0, 0x8400fffffffa)
sendfile(r0, r4, 0x0, 0xffffffff)

[ 2736.947768] audit: type=1804 audit(1591347271.106:360): pid=20049 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.0" name="/root/syzkaller-testdir384449744/syzkaller.8GxjaF/4276/bus" dev="sda1" ino=16113 res=1
[ 2737.102171] audit: type=1804 audit(1591347271.216:361): pid=20053 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.2" name="/root/syzkaller-testdir440013971/syzkaller.BGz3RF/4562/bus" dev="sda1" ino=16132 res=1
08:54:31 executing program 4:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0xffffffff)

08:54:31 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/btrfs-control\x00', 0x0, 0x0)
ioctl$ASHMEM_GET_PIN_STATUS(r2, 0x7709, 0x0)
r3 = getpid()
sched_setattr(r3, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0)
r4 = getpgrp(r3)
getresuid(&(0x7f0000002c80)=<r5=>0x0, &(0x7f0000002cc0), &(0x7f0000002d00))
r6 = socket$netlink(0x10, 0x3, 0x0)
getsockopt$sock_cred(r6, 0x1, 0x11, &(0x7f0000000280)={0x0, 0x0, <r7=>0x0}, &(0x7f0000cab000)=0xc)
syz_mount_image$hfs(&(0x7f0000000000)='hfs\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f00000002c0)={[{@gid={'gid', 0x3d, r7}}]})
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000002e00)={&(0x7f0000000040)=@kern={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000002c00)=[{&(0x7f00000002c0)={0x128, 0x29, 0x20, 0x70bd2d, 0x25dfdbfb, "", [@generic="9a8b3c977251233c4415b2942b2cacb689b5ddffa0de23cee61ee97a92e61dbf58b08b660595d3bd9a7645db151c69587578852e2e1f9c29ac529fb787df6c4d08502c0f7813380acf088a498b2dfdc0f413265569916160d689ec26f7d78a744d6ed99c5b46ca108c60ce17154ef6ff4fe03609658c00bce7f5b1845a19b03358a6289de3756ae4fbc8a070cdc6cd03ced7701bdc8e221b091c7ac6d9f99504002f27bf58df7bc54f3abd205bb2a1702b9efe8773db07d728f561598da0dd4201561f41a7f40c5306f70d56d34995e0a6ad73dc83adb5671e96366abbb6fd8d26a65618d71a482f86bb", @nested={0xc, 0x52, 0x0, 0x1, [@typed={0x8, 0x33, 0x0, 0x0, @ipv4=@dev={0xac, 0x14, 0x14, 0x2f}}]}, @nested={0x1d, 0x84, 0x0, 0x1, [@typed={0x8, 0x3a, 0x0, 0x0, @pid}, @generic="b0ae832ac7efd034847c8abc173f32bde5"]}]}, 0x128}, {&(0x7f0000000480)={0x178, 0x30, 0x2, 0x70bd25, 0x25dfdbfd, "", [@typed={0x14, 0x36, 0x0, 0x0, @ipv6=@ipv4={[], [], @remote}}, @generic="a75fefb985fa8a3330bef72e5ea8039fcb61fc77ef979e63dd200a48a0975eb49db7264eccc95278975b5c41d89763a8acf24edb9db09b7678d511d8ea38a94f7ff7ac6778d5fa1222a894293a0e0c5fdeee1821519cc94afd7433d1c42babb78ad36c08d0cd33773ebe0223c30b4ce582e4444a1182ef69c96416c2ac6b7dd1d777be07cb84939046fceaccbeed70dd40dc7d71d5f88a46212eca427767b53ab15c1827e4f04c02040acf", @typed={0x8, 0xf, 0x0, 0x0, @fd}, @typed={0x8, 0x69, 0x0, 0x0, @ipv4=@broadcast}, @nested={0x1f, 0x79, 0x0, 0x1, [@typed={0x8, 0x6c, 0x0, 0x0, @ipv4=@rand_addr=0x64010102}, @typed={0x8, 0x30, 0x0, 0x0, @ipv4=@initdev={0xac, 0x1e, 0x0, 0x0}}, @generic="9d4655", @typed={0x8, 0x13, 0x0, 0x0, @ipv4=@remote}]}, @nested={0x78, 0x83, 0x0, 0x1, [@typed={0x8, 0x50, 0x0, 0x0, @pid}, @typed={0x8, 0x8d, 0x0, 0x0, @fd}, @generic="63ad65a98c22ecd40c945f439916d1672b55d52579cee9d065b3c046ec8115e95351e9ad91bea10a", @typed={0x3b, 0x7f, 0x0, 0x0, @binary="a6ad1e076eecf30552775730d377d10d8a6a57e66dc8b5d3d6751c913a401cde5893be86a441015eb643af9c96a39f482ab3cd6c4c0cc6"}]}]}, 0x178}, {&(0x7f00000006c0)=ANY=[@ANYBLOB="cc2100003c0008002abd7000ffdbdf2508002e00", @ANYRES32=0x0, @ANYBLOB="528f2fcaab04cf30bcc41d07503998b407e68ed52d2ec0e83e5b5b52e9c0bf966f458e6fee53b1fce9e86ea431dbfe5ad2f3aafba2d3c7a5595f99c031fdba1d8b85af60274ee72ad87460d0bb5fdf9c08fec08cf837e70f5041dd36f3dc2f5e06bfad51e996629d12769df67b832198a37c83e6717b848916ce695887ea0257973f1bff60538b11b5b61dbd8b7aa758226a76d5b2a118b8e9efaa905adbc2cf7331cf0593f962857cf35c5fe1f47a13bb7ce303ae03028cff44ebc7bf0df85cb5c5cdff045c403454fe8c8b45e3baeb70a377d1e9787aadf38e40077a7a008f75a174ec9a9df620812a218b7bdd058a381b41729187715e6a9a9f8b178a2ba352af0df7d0b21fdc3723562c91864893c0f092ced1d32d4bd7daf98e3fbb3a1ee92a8dd96e89d92d95523956cec5a5770ca00a6fed0f8d2515ec47b126cecf9bcda59b4129c9ed34681c0529a6e8e450cbc50c3e2a845c28d0d46b5b2ac4c0c4f61247795fcc9ba91cc3922b637d2feec6e8db07c54e11c658537041dc3f8de75dd9bdcd7ce63f71c490dac93af22f066175540627918af86248752b230a72783bfe08abf26fe6d9c95b68f475a809ba21424235bf4db56d9a25e93e48d302c4a1c2c9772593c9b4132e4be9f7eba7bb7c931f11bb6659e02940050761c0d51d52809dc3e48891ede49a3c5e0fe866f394c719cb1d6d14c82d0c957871e8a5bb5e0e905d03cbc88d3dc32e5d12bbcc2c0108f3bd936656bf2462d62498de930f47cfcbcd2571875518a231361078bec10dc68db09f83c4a20a25f340c98e4d40f521e8e90e7f5c93839a1b99618c5a0840b7611ddbb7a20d81baac35f352ecb48088892a467abdf4dcd7bafa3058f281ac356ea2cb498c5a3f8b08219b51d1e0eab0d149abf72a10202a471b3c7f13558cb638568daee4fa8f4f16892a6240163039e9b5d6ed15f2b3c227113421cafe7073e618fc344c1ccda58ac6fa34555aa4b7a5df4836ebabe81e4682e1c457e8351c47528ef3fc223cfd30a3813707a71cd01e30c77283166ca4e75e29cb37abd0f49955add3322247bf5c0bd241b76c878d2a9f4810c973aa2287a834edcca99a93b93f610658c7d2288bed6b0a1881f1cf08f819d49baabdb1ed1c0753c903b3bfa0b5469f1f7be358aaabb11108336281b3274d96a346cc2cb06e1ecf18855b369379707fddc72d222632248c2facb84eae31d0fa94d931d8e73ebc3ce5ada413565bfd74c695cfd665fab56b76dcab390edd2ca57621ad79e2d6e641c9dd80f51fbe59381d40fc68db6ee90c1be0fa28f862207ae34d179578bd710eb20cdb3d78143a3315e5c61e1d52d6f5e5c111b7ec46e497dd68df60d1ed4429231c427fbf6b2e5afc43ff595f23c26facb4c2f2e9c339ce65c0b216c76b95b03d681d71d645c2516ae65fe1cf0b689c4372aad9a08bc493adfc7db0b3d1b4dbfcd9afcac3eaecfd7d64989461cf7c37b16e6b640adfd22bba6cf51e1283d913c6951511e0c45e73b5c4ebc2b84edddd701c845082843dd78d03151fb7ba9418059cfb7c4dd095625fd15361a42157c48a7693ec949745380d1a8a5b8039eef0b931b5ab0b429826b9b83b08fd801c4f4b2d7c70e07bcc84c9de38000c7673742c84a339eaae60f0488147a0baac653381beff69de2d3db6cba0da17013dfa43155b985b45d31ac2886407c4cb6c0f5ec233946567bf8ef727f2bd81194eabc97692f7805ab88f70f21df4e7816d3e150a0ecc13c96a63596a1c6d47749ca3d5c4396bfa4977711ec8f410c9a0f1ced6c76ea10627ad33d8441da887f3042d339bb4e590f19cbf11b07aa10776ae060936a09155aa0b20d7a96683df164394d41fe78ab2b799d3cf4df76926c194bae0bbe3653442a836e28a2168d321e119148841111da6305870f9d4c3712b89fb4c848d2a261b95e05fd509f4da0ad80f236d250a4d2bf59d9e00e0431549ec430672aa00bea3241733d1776a282405d3e653feec1c26271beb00ad36e2acbe887ba78f0656613845043614adf80fd97c7eb9dcf492e34eac1b7df9c3014a25ca29f0cea9478c15ceae9bba3def0287a8f50b6746eac16533558cf6c8237bceba22a522cc065d865e06929f96d6be68ae07f38a03ecd223a38099678449b55ea9beb5bf62635d69f2546be0898986110080e2a3ac1a1b61e049be0a3cc5d9c9f913f5ac6cd2d7d5339d798fda73f5bbd72926791f50c0d8651c1aa9bfe203d8b24188e1da7475f1673890ff0d31925745f848d8553c7a04faa0c8e90338de8a7e5d86321ab2a96ac4056c77857743df65f8253457ed1007935ec36e9d55aa860fc091d98a142cfe20580af5fe569822ff0a9c87bce1820298ccf8bc3a227701e34403d74f6fa163ffa8ef15cded9c40d78d17a30b5326f69aa4d689765219679d07f44dc8882a2987b9360855433a3816835ba679b48a243c8867d7c23b6f1fd7f32388d827658deafc33c4f7d59aee43e7a6495bb6b4be76a687d9405183239c2fc6f2f4e21a0fd96f21747e8687b0a1be194e1ba737772b7ab973a455f59670c2b4760813d9aa59083c7b8b551485926fa5ec2dc68b664625bb6e775ce033d0e238f38de8bb2432d03987f0347fa6ad777af3dc23ebe70f2f2da1c9ae22602d0c67eadf7ce9aedd3ebe7070f63d0cbd19126cc30c4f697c747f0d7efb2549e99b98b68901f930de3cc4474db3993f5b2fa71c8b42ae00cd6d4f741cc0eb5203baee01bbfe89b9e422ed608f5b0491156b8515f5f5a0f9d3f97db287f877988d5c1a41c926e9075570adca64802b288b0b2cff9af47ec7c7879a7a1d9f2f7e3f882e5b641dd9a1580d00d100e74042062af210a4fe4f8179eaaa6aa7a3942269ea76ac9fbceefac3adbb35d14f2affa1550bba85d731c72b5769e575c8ac52da928cc396a8bd0625c735f762a7dc9e8b7c2afb60ca780dffe6fe049f0624cea7389271f28a4de96dd8c5524535c48e3bc36c3cdf5f0c5ea5cb37bed1a69228656337dc573a8cdd3b7b10b72a4fbf22e10faf1305fadecaf79b48fb364ac0361fb3c57e3e9ae28207f5045a8173b6fd730f15b8074ada5f4df8e58429518c4c80e3118191013315395e6d5da5ae18304b4b93433d3603835aac0bf1996ee582ef9c9ea0c79f6064fe3f70022acbd8dc91b290722ed92e7c6619de4b200f073ae91de4b714c7f29e20d27d98d1b5c22f89db10ea3ce620726e50c93af377e923870a02417f45624e296900775744e46baf808e8200c6b3899e99373188ebb6c80696a2d443af00b881615fbf29b001c2d63538067820ccf98f8c9ff732d2c7b492af040323c657620a33aaf6da39f567b64d82ed28a749c48ff5b205a3c85961bd01b6601ef96fe5cec63fb644585634e77fb252848fb1b858f5eeb40c20e530e59686b827dfa437d23417d4504bcf53a6c59ff245c90128a8c2637bb761a787dfac02a2a1c26e0c2f8780d6b8a8f73ac4fbd7eea57de9434566ff360bc80e453cb23672c027e4e0c1181d7ce7d67aa39b010862ac1608dcd97e4deffe4f14c27829691a74280a0cb82b602cffb94e626a913970f9c2c7c00c6f469959bc08c5ea77ddcce9c6a004945cb15996f708fe8f0c1ff7361f3f3547a71c8870cfdc72c7cac257a9eace09f94c649bb2b31441d333963dc9c277c8401bdc7d5e582f404b04909c2452c125068f5e9fde7315cdde84bfa9027247d14db49d52996e5b5e522dfa21aa17a10c714b2a8454cdc8fbb7c9bc3b384fc09a3d37acb57ff0ab30c6744248fa4295d7808dec505ce9be71ac1091e7829feca41dd039b6db7519768c3837917d92b26e016d14a9b07cefe34b4ce8e201ad2113d86745517c4ad15c9efbd82e28325a25be551e2986cbeaf055ecc53b6c9ff1db7c0a1353c7a70d9a56617f46fd8e9910d2ddd8ce62b54c88d18de270644e8758059eaf8a7d8c05cf467c13ca722cd7001f7acdeb4771ec54107dbb1a02ec4afab1a04d4ac77c7af79b2eace79697843d75b7a9465348ab6e24573cf130d7663423d79884aabaeefe5fb8eaaa04bb61979abdb3ad322088b81c5befcd8345c42f75d0c95117c7979cd7e0c63eef64c1713b4d2bf5967ed90bdfe0affbe85ea040a6a87cb2700b96ce92599e00eb390841fc9df6d56580b38166ff7bbb68c73b24641f851f23239d5020b114b5adda02f6d7c8c613f0d0ddd0c40e265f38c7574263b472b7710addade401ad06db7093efda171d8aaad37fb8dc504e5dbedaeab31aac092b496cfcd086dba4ec1a11d7c31093de649e97fbb45ff654c510feb742d236588f2f0a3c2c34d4308432d35bb6df8574673374c6cacb1e6bb8485b701c671eb0d9b456b7290646ef7c41e6cd0c12ce1d3420421f15f9a39159fe9f735dbbc3a6a896680b24988d72b0193be41f5f8403973ef91d588f9829e46ccc7c6d07e0560d693be57330f927d894234a598c26295f4920c627a8f7d8fc5e2e9a081858d59bc473f0a1d5a13859e5b6679a8c0a442f65844d6902289767c26201485cd81a552d94c1fe86f69ba00d2aec41b4c2be639238f17cd4df5a1628f5ac50aa751a60824b2e30fdbe30d177dad4c98d8e38c78539059477a13de5569c0bd12686cc9c7a5504452c1e99489f53b26a4107fd651408dea8e118c2278c07b5f494494abadab80d87ed9687d258c36db8b0e6df090c1fed88781db6313153e6331d25d7f0b205d164c5a44d93eaa2802e71854837a49e460c15cc825c1b33c249162622e4dc2edc767779ea8ee898af453b9492095de3f0dcb17afdd6ffa093eabd0e0e812344c863d5a2639b1043cc9be7d5cc9e7f5690f6f0eb1429c4de1efbf9d971f1dbc318625555de6f94e36b10c0c29f29e470e115f9119368314bea8a72258fefe95483ac22ecd29c2323fa9b0510854d75b64dde5975c41fe5d25a62127d14d62b29d4c85d9b1e497be967e89ed56ab1df5b570e11adba182f181a7a720a41a8d31b0897ee16a2281e5ede076e1d5b321d2ed66a44a7d90110db78168ac6262089b258fe5af5cd70018ffd8cbd5b5c3a8ab788d29513f6c09aaf06d06d239e5013e9cdd28a252492a2c543c14b3baf82c331bdadb513010b6ed4569bda7bb192a4a16fcce8b9b89c6df2f6d2dcf58ac17bd7e23c6ccc3efb8d9fda827c9324c1149a0f25b1e1fe30a95a577370317642f6ea0e9382405aabf7806034ba98ae80f4367f963de067560f91ea30ca160e9133fbd91105e6afdc0e074027d3666a3591ef9479a36bc1aca4166b4a0e76bccee807ac12454bd13e68a091027c5c1eef895b297dd7804d58432f2be6893bdd5df6f2507dc035977d7816f27f4073712f24d0fd2cb049069fce96b2a685b639a62d21850ac0857d648b1fa63be0887289c7df2c5c60e047e72cfd1c2cd9492ab8587a2e2ddeb40cf566aedfa801d8bcde86b8e88691c5e56e9a6e78935ea5eb248a187e4474c70a7b2fad966a4818d82ad7c877e9cc4e5ca15e203f98a2d8e1c69a824950e4abe145a422e78b1b27af6479895fcfd3f49e96befa588b695b9d30e10222884368133084908e759847222947c74fd438cfd4454e78afd1ba02cf531f3b439463bf3c8389d1db0156edfbeac01072518af0759774be4d7cbb6570c81882cc46f4a141c14d380028591df7e013b16b82b5a9e7e182353b78d748fa9d4519521a69ecaa1237612b24bffa2cb9210e54a6d29ea42b60e426b242df9d559f06e5f63e43b237ebb92124cc15a523fab1cda8f69221a18886bbac4b66d5e84015bd86d225002cb986602faaed1f56e22c438bc8fdfe87dfcd967d7e6c8a9b3addc7f9334bdd1486b4e9ea9e9f4ebe4092b06c5a16f029d90db50487a34af558ae32bc91a6506d7cd737ca5fc9f86a78f381a345b21ce2d5a1afa5e677613a1c025bf4e3cab43846c4cac5ae07acb01aaed4acad67fbb6f5c752d9b048c9e65a057504e839da421aa5148a4d6b9574f48f072c4e1b5caa767fa3b8f7e1ae77c2a24cdf1dc8eb02364f40c908001500220a0000f8105b80f61186c9efd4c4af8ffad142b9a42292f63bcd8c60b5fa205a8d817bb333a00bfa19ac142e45337f8861fff0564d5604309a89e48e2aa7c313f3c7d18a411988370869555e44699295071f7e435ce46ce96a874b154833aa03c0607a769ed14cd6f1ef9bae6c37097708006400", @ANYRES32, @ANYBLOB="498048958dfa2d12d4850b939cd98d7c6b99031013898151e5a720605852a78290b44ab07ea256e8f30588edbac8384fa7be58296b9a2c36c998f34974b8e22a638c319af18872a1aed1ef425345da3963593db6622e312ff63edfecd82f6100cc5d0abedfa7452800217120d3bb5faafc8fdba925ac10098684b008000400050000009755a35712b323f8e1d9e92a1759124f3754cb8b7f24e8e336b84c70274baa4a0218f071811dc76089742db0117a7329a3c13e8e4e7f5d4e9169f73f962a79bcdba953bf7d92608002079b779684fc81b132b5a588092ce497416c249dd97ca2658cda5ac4838eb58e453bb5522d47baf571d666cc5d278547fb412dad6e9303147a0402042c94fb63e36d27910bddb89d064702cbc8aefd32e0647e2832e95d57d9864f2732c81d083e91c5bafebc3898dcbf0390a9f7c9b9586cc97a044e5f64e1bc381991b93e3c7ecb4fe08e80e9a3b257109a239c7f5b99aa2277e2259ef41236a27b03f13641e2622b5c1654ea88f4a56fc7548ab1d25d2ab85b315d53e1f2181dce83ca8d816353ad2a1edeb696d96f496b9c008f8d55ce783244a72eabe1ca4b2f371cc992ad7aeebd07697336044f40b14a2ca7880ed755588fa266fb8edce23abed92dae7e34198483ed8911ba0c352873a4e64af1db5f27267ecdc36bd6d8377e44fa70f7f66744f766fe1e18c07b66bf9c3bcabd8a6f34da8f47ab4bbf2c6afdf8b069d526e9f1c0625bd59ebb1e8a3c35fe51c127d7ba2612fd36e1622c6fb4323549482997282cf349d7cd77589bfd24b8b9b7aac8cf3142f5234588f85fff4bcf1036373265ebf727dae02b3d81ae1eb36b4e52505a732a59771f1df014aa372601ad7e5143d73a774676a3ebec2c81938d29d567b449d01d22d79b64c7f1bf24dd0926c3aba4a516350b55a54f687452002312259c6d712391cf3cc98622ff2fc0bd4b0c571e1cd790acae2855ee17c40fbbae9c60ddda25d2e000de1b5b70d9b892945b064375de89510a86fc7e76572656334f10013f84deb4121fe94c6c85c0331bf3b93a75b6228ef656fc20627bb2bc671eb3ee4269170e8a41982d2025b0f86d9be9a8043208e9da0dabc84b8a1a6114bd146a7c3d05285e39b0eabc3805ec39bd5bb6a8c32fec86ea359b99c977b56cc671a5ce59d6b2283cdb2ab3b3fdf46cfdf617ec3767f9ab5556868492cb5264e5a0f9ef0ba1dfe22f6915aa8196d976e45b372cc860be21e8b8c2a86a06662ba7832c359251cdc5ca1eb54a89d21eee8f66708269fae1db2c0dbfbb797c49d2a0c8fa0409f8f2446f3609a6b1d0cb72f3b31d5615d6e9dfd7ec23a25ac86adfc3ee7dbd10e9c64f2a2b472458a672e60bb2b5c76319774fc833a60c4236e34af08c639657d0a26fd809c60cf8ba7a035e6eeeb8d65e4dfd7ebbeadbfada8eac4e3761692198ecda258e19eaf4292dab25251c61796d674f3c8cc5d4a834874dc52b8c0f00c1e5cc14cc85f5f9094f7a984001f38df8125e87ac54d10729e04c61e3da836b2e06c4bd697a9509c06e1cb1bed8a3ec71962e8ffc78667e718763a1d7855f9883262616524f37ee67f23c55a50254c4aa5dfd6d6c9f13fb43beb0300b6d3563a9c2ea909debf8f1b22ffd54d377750d60c92561c7436d03407de7bec1a866a5ae82da3b2b588ecbafb47c388cbf21dfe9232fc51d54bd12ff231ccd67de76cd34f3d9f4812449a30846bb239a29f403868db23b57acdbb2817bda9a5483d2ea3bb5db17b9f3cae94b5da6f694317acc622647bf417e190c1bcd9fa0ccdf124aa59b1684a0ba199cb7269a046c5438facd46153014a5ddf9afd7c90b02004134596e466b97fc9f8d3ac8e35309a06a9852cb6cc8932cdc1c503d9e8a998086d2420a3148d319da913b45d3059c5991a6fa255cc1ddcbf548c6288ccf9f0141bbfbfcd7c6bc1c9e1776de234d4adcb868815d34d1de9ed9524f7baf50c022405aed0996ad5728d718e77d7c0ce6b33164502fad202c36b56fa61ff66ffaa2d04cbf8805008b7bf76af7ac7addd5aee0cd9f59d830c2b0ea5a1e14991c317bcbc3becc5399dac8d654eb7507770593a6d68c55dc92b62a8e500a34ed3f4fd0bb46d14c57d0f1a135add0700b400bd6eccccc17e1e9d6746c46331efe6ef0993b72bfa7957ec8e72fead78ec153bd22f4e833857203a84215e20697e989812a6422c11c70407739fd836c96e27cc1ca635baca9367911a33fd67085b870b7a0f83b3bc1a4768fa03b9796549b0c795156e41f4089ed32af13b41fe7930b67067a2992d44bebdac7bf1e75714eb2eb017aaf224b38638c91c5d29fc4a44fd959dd794d4e720057d498e2a1c914ef52b4af386c4c904302293001f933df5fe76a1e606b15ed169ac24076ddc3d0b4479d8f42e2ed180178f2f968f25b4d5263354663f4c5702a7ff99e524c5a693f1f86407620bb39bf38eec319129ca612e53af7509977e6797dae1c40800888c1b6c5dd1b0ff6ad1f145ea4762bb72fcce9717c9a4fa6520d4265401cfbaf568a2e12782495ee6cb3d285f92f0ef35b283134f029db0c79f427f1e61d28c2ba84b3762debaf7358c8ed52eb7fff463137ff93b49f1188c1f06cdb8d8a33177c4da2316c5b628381e6f4a9ac576536f467ec8b9bfc7f36c529a74c4bcbdbbaeb005fa000476fa8045f90b8c16ff63f7d51b22d36d41d68b6cf602b1e009a8218aef044f22f45ba17064333f1e81f4054ae6fd886f2439e94645cddba6b46cc397bb878101885c8d6cbe1900b069e6a9270b689598a3eb9b4d41e1609704616a8972f1c9dc8c129974fc8594ceecefbab2a615fe12d7fb76991e81007ab978ea88cc5169f477f479713b0321ec3607677826386119ca415f7389a0bc89c23a595057aca3e1bf427d714be2dbf5e3095cc8806f9d536f0e888467ba9d9e5a5156b60bcd80b7c7fb89e301eb542f05116010a546fbcff370744496923ffbbf00a873c0eeb6081b6f2719864d922c0a932856ce6dda42c02f70149cd249483e52689b28ae174cf81f2396d6cbd2e5162c4446c2ac3c2c264e0e87b988e3b2e05d9bb3e1b1688e27e54e2c7729f018f8553f2cf4ee87f2df1ea30a6a77ecb873dbb4dce00c6bca633cc8bc6136f91da52dad7a08232a1a3edd1b3b193a1af8178ed1c7e7230387bd6761d4066e3e8a834eb6582f10c95eb163429ee24613bedb7e2ebfddf11974d790ffa6bba181100df76ee90f7e4760a5c6c5d32d6f0a8fc86302bbf20f2c9f38abc16702b9473bbf870f7f83ac12d33e06452570d5d7f0bb99ad4eb0f466ff6f12aa8c0353fc3ec814b28509ab328a4f365321bdf3bf6c2f8dad8b8cf318bccf5e42658a70e992a731fd771ad8a86af280800b4fda5f51d70ffbcb37f5e023a1a6eabd4cfc753a277414ebbe67a0a50dbfbe6615f53db57141d48f7e358af7235bda8d6ce830e3b743610bad2d0b5996a3f444ea2002a35a601a19401bb43e1b172d0245053d630be32233a599cc23cdcf9f633135e3b6c943ddb3640837a114bf13044695511a6c0f63ecfaca80555e48c467e6b84e3832b4c9955c6e33cdba52d3b6d2215495b2e0c915bd66604dbec0e745749758357cd18f2a70808fdfcd333383fc2e1f7476619a0e148797d07ad3e9134873504bad1a0082715d889ef5c77b41bb0594b4e0765c4364bf073efad5abb90d03cea5a7a2ad8ee673afba8ec8a79e24efdfe5639705d3b3fe0ce30e1ed1dc06470abbcd00824513beca57ad7ff1cbee1bd0425b33c87c2ad5595f323a2b5277da9adf9b8e3a20b94f2f689087a2b0517a1442c6e16279d67a057e6797a0612f9cd3ffe45fc731fa632516c8cdcd7a928c5c0d3672c6e8772a6e745d9b2bc9e49e5d7bc5647e4ad1bcd6b442e166662f041b09d31d9aa05fa0345dff1346dc9d2a583167f7c3559e5358b83aac653b91d6c1468d71e1ce83d46112ec5d5d4e2ecee9c87177bda9121920c37a877d587c6db4fd632a5b975daaaabebcd86e5cbe172626f348398131280f5537ecb7ef71870dd38a53623fa33aac39f248666d87cec470331f263a447e33eedfea7c675a8e23dc9d169bacfd3de44581549bd4fd3f7fa8587642f7d2e08d458edf85e4854d72ca32dc8015f12691f85df29572a1c61c8bebf872897091d4b861dcb63ea6641962e44e1343dbfbd97eaef3a960b400e643d0746cef6cef26c4dcba0d3ae2193f8b31e1c6d20a92ce279748d90d54f1de330d323e0ede674e002b384868c669d874efda503cb28261e463f1478c6b6cb99c5bb7ad08e5ea9767b9c9a0b3b4de0e0f84d9036072a9bcff5c3ef15f6b948a1bb6a78b31ea38027c2a095fa2535c21e5ab93ab6342de3cee9309eaae8e60248e4140ddcf9f854bbf7dcfecb4e20f2182365725244bb18d6dae0c449e97cfbf409853f8be9dd708669cd60f388edc648760fc24e390a4bbe2afb72fe0fea2c390ae2c310c3d7d0db178b4d897f30ca3e609e284677f7ac1082967e2ce57e5991fd4436ef16379c597cfd934408844de6acad84be73877d0cf8e1d85b3426519c10591ccf9b77ba658375691ce4093f649dad64820ed79d224d3be860371fcd50c9bb426ea90c4ea7b979914c71925342966d5be68e437b6703a468ac043613964031a0b197bd1fb026c06b1a8f68faf807dbe217372eb590f0f5a3ad05098ddf26f4c0afdd3a7c085cd19a993dbc791c08e7d8ff25c58bc501755d33440a0d7e75a29ee8d1029927fd0097019a2a96a079bdbf13d6fc3e34ad2c4ac89df4a309979f9acc3879479b80a0347e67569063cb27a227c92fef9e4b3fa142e0768a4d5ff2ea536fcb178366a1d0fac5ea3a026cb09b39ea6e83bba99e70186af1933a73e4363b59f8ec008e4e157544565b923734673023c1fb3b7d02636cc1f4cc6ae0c386280556c66a0aa0a84e0316641b6d7a14eca37abc127acc32b8f0db03c4ec02dce1b116acf50f459931b50e4b717e91bda281122cd486e3d0bb68d35b11021e96f2f0ab8e0284ce08531346cc41da2165dd70545409a06056765b9dcc37ff4eaad9e52a9b035b90c852cf980240fd4262e1580a1df67ce96270e85b9faaef2cc8c6e699a58d7986fcea9ae1925b7c1ba66a10f820df6712785db766c35c5bf38e4d718073b9d1483885157ed59b5628d6a2f6d4493c5e70b62b37b0f84ccd43dac1cb4957b13fe139c678a295e5079aa81e81539a01b4044cb9e0c8321e167a8c95313f297b98b769bf395c09b6a0e5367bf771cec6e05398fff2404a651776c0510e93476408ddf6ec5a873d427aa311c0335115f0667d9fb8392f506efe318ad7c37455d39ec856b2e9bb1a6462144854d95d272f8c8d727eaf0ea049b6b480d4d91d6ba9d11a28d940cf832b3587dc0a7a6db787e45c293c7a64e2dd9bf7f101542bbad77e097d3b809a026ae563d1b8b1834ce93e44f100729ce9cbfc40b10beea7b1d66f0e35d4023b9e35184b1356096100a932e2320020ad77d28d1ccc3d2730a946a0d32c08c5b15fcb373e0ac67c271063af74f63d8fa35dfb9017d7b3dc72dca50ef909f4e7b1cc0134a643ff86560f58279c157dd085210b87a5837a201a7b98014b06e7e37768acdcd58d63927073d7a8e37007b4dd65a1553bb26ff53e0c4f6714d1ff5583a3158cba9d8981fe3293a3aa20d663e4d49d3564f6808b4ad47c92377865a37332bc1f996a7445472ffe720fe1c0a47df58d48994fa24cc65db57da203b7d40ba1d77d1de5a495d558e9ac3487e9cd0c3a63ab2d53de804f57afe3947c113d34a4b0c26d17835eee6cc24582cf5d785c2ed776a60ebd0e675dbae2321e1b7b38ba40c99da75e4da053af3d0301986484773b354546ecef52f3f3fa3c927c3949a7f74987a592e95e1ae217f0f0172b6cf378c7c5d691e35b3ef2f930bdf968598e00"/4227], 0x21cc}, {&(0x7f0000002e40)={0x3b4, 0x3b, 0x400, 0x70bd25, 0x25dfdbfd, "", [@nested={0x39b, 0x1d, 0x0, 0x1, [@generic="6985868978bcc92bdda9433e7a6bbf1e4008b04ecf7158677b69d3d8af7174dd709879f8c9db37de8278d4264c8881def0582dd6924936ab2e9cb46fc3c8a6dcce1a1dae3395737f1546131a8d3e0815a1f6f71e70b94e3d6ff438dd3961c6a220e1700b4fb406007ce33276313e40c844e45da34d7e81e187a708d1e4dcfdfb63ac2831e7c102b5161fdff68c05eaa15626b5af07c41cde8ebc4f8ac44c53e2190a6d2a89822830b9b770b92048e1a177b0aa29c98a4ae5f54f674c54b7532433c922a8fccec2eb9bc8733d0069b0e5783962bf5de09beffde7d76ed0d867c3", @typed={0x8, 0x24, 0x0, 0x0, @uid}, @generic="729262423ef29bd05a7fd01379f1ba30f33a0e03b681934026e909a81ff9dfdf970d987a92d3c67d3621bd254a9d912ca8bd8462634b33be5990e26f4a21d5bc74f4175b5a11c01e8632410e9b6ca0296425025da9d3ec72be37b2315c337dd615a5d8755b1c01d74ace308e55e302c36380ff20c53ef2a91bdc47e813d8f6ffaa504c2aa97465799a2bbdb476387592edc4117c3e5ee1b071c3f79d", @generic="32e32c0e77872b89b239520954ff8a6b6e50de8fd7f8d054e3557c94ab3ae576233f4e9fe8fd1281ea8fddc3006444e0c54c522e7f389e2d47b6484a57f7651c5eb7a173f1c40d57279799189e7346663a370169ba94aff430629ef92876a74d430a7656f0cb6326e0323931f8fcdfb2d6afcee85abac4112289dd4610a1e3e3deb3fc9e9df2891999587a42059cac7d6e1d747c6ad2cc8109c3d1844b", @generic="8a9b285826defd378c81c9a7fac74bb6904265ec3c6f1b33e395a84594616755600abc4814b5ebedac654e9bc2247377ec00665c", @generic="475799cea8ddee6987678f1a4a1331f209e6af050b080c42b99798eda00ad5d3d078b1ced5b1d926478c33af08a40b4129bb3f718a2bde93fbcf4a416a29ed73fa3a05afa4e72d8d91004e1bafdf01dbd67d1a89481a966b90fa74830ef95f80bcf5e79e884bb00197e3a7edd0081f509b4f24c47668abec6648c0f872373bcabf566cb9c800bb8291505666d4b3d9123f20", @generic="042fdde026dec534f638b492bb2305ec2a9eb4dff1e2bd2864f8ebe89a9f21c3b3a1a7fe96818813370c05a3de55000835d01101d267395c623fd3fbf7e48831793a48cd707c1da512d33f5017e4355df8888a6926b97a995bf6476bd68a1c0dae10e0416e51de76fae7f96ea1913dae0e9967ab1281a0f6", @typed={0x35, 0x5f, 0x0, 0x0, @binary="9fca3ce785fc9779d815138ac597f7809c3e6ad4bc0da5aad0c312f025718871742eebd3ba948e667551efb95b9279f073"}]}, @typed={0x8, 0x11, 0x0, 0x0, @pid}]}, 0x3b4}], 0x4, &(0x7f0000002d40)=[@cred={{0x1c}}, @cred={{0x1c}}, @rights={{0x24, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, r2, r0, r0]}}, @cred={{0x1c, 0x1, 0x2, {r4, r5, r7}}}], 0x88, 0x4008810}, 0x4000)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200)
r8 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_CLOCK(0xffffffffffffffff, 0x4030ae7b, &(0x7f0000000000)={0xec2})
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r8, &(0x7f0000026000/0x18000)=nil, 0x0, 0x0, 0x12, 0x0, 0x0)
ioctl$KVM_RUN(r8, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r8, 0x4138ae84, &(0x7f00000000c0)={{0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x9}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x4, 0xce, 0x0, 0xfd}, {}, {}, {0x1}, {}, 0x80000004, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x20]})
ioctl$KVM_RUN(r8, 0xae80, 0x0)

[ 2737.275874] audit: type=1804 audit(1591347271.226:362): pid=20054 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.3" name="/root/syzkaller-testdir891778437/syzkaller.7QqUtx/816/bus" dev="sda1" ino=16138 res=1
[ 2737.530053] audit: type=1804 audit(1591347271.686:363): pid=20065 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.4" name="/root/syzkaller-testdir787812507/syzkaller.VZIQUG/4430/bus" dev="sda1" ino=16329 res=1
08:54:31 executing program 5:
r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
fremovexattr(r0, &(0x7f0000000080)=@known='user.syz\x00')
r1 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/btrfs-control\x00', 0x0, 0x0)
ioctl$ASHMEM_GET_PIN_STATUS(r1, 0x7709, 0x0)
write$P9_RLOCK(r1, &(0x7f0000000000)={0x8, 0x35, 0x1}, 0x8)

08:54:31 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_CLOCK(0xffffffffffffffff, 0x4030ae7b, &(0x7f0000000000)={0xec2})
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000026000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000000c0)={{0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x9}, {0x0, 0xf000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, {}, {}, {}, {0x0, 0x0, 0x0, 0x4, 0xce, 0x0, 0xfd}, {}, {}, {0x1}, {}, 0x80000004, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x20]})
r3 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/btrfs-control\x00', 0x0, 0x0)
ioctl$ASHMEM_GET_PIN_STATUS(r3, 0x7709, 0x0)
getsockopt$ARPT_SO_GET_REVISION_TARGET(r3, 0x0, 0x63, &(0x7f0000000040)={'NETMAP\x00'}, &(0x7f0000000240)=0x1e)
r4 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
fcntl$setstatus(r4, 0x4, 0x46000)
io_setup(0x2349, &(0x7f0000000240)=<r5=>0x0)
io_submit(r5, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x80000000000000, 0x1, 0x0, r4, &(0x7f0000000000), 0x377140be6b5ef4c7}])
ioctl$KDSIGACCEPT(r4, 0x4b4e, 0x1e)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

08:54:31 executing program 0:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x0)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0xffffffff)

08:54:32 executing program 3:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = fcntl$dupfd(r2, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x0)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r4 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r4, 0x0, 0x8400fffffffa)
sendfile(r0, r4, 0x0, 0xffffffff)

[ 2737.878972] *** Guest State ***
[ 2737.895035] CR0: actual=0x0000000080000024, shadow=0x0000000080000004, gh_mask=fffffffffffffff7
08:54:32 executing program 2:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff})
r2 = fcntl$dupfd(0xffffffffffffffff, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r3 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r3, 0x0, 0x8400fffffffa)
sendfile(r0, r3, 0x0, 0xffffffff)

[ 2737.931469] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[ 2737.957132] CR3 = 0x0000000000000000
[ 2737.967818] RSP = 0x0000000000002018  RIP = 0x0000000000000000
[ 2737.979160] audit: type=1804 audit(1591347272.136:364): pid=20080 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.0" name="/root/syzkaller-testdir384449744/syzkaller.8GxjaF/4277/bus" dev="sda1" ino=16122 res=1
[ 2737.998658] RFLAGS=0x00000002         DR7 = 0x0000000000000400
[ 2738.051471] Sysenter RSP=0000000000000f80 CS:RIP=0050:0000000000002810
[ 2738.107026] CS:   sel=0x0000, attr=0x08081, limit=0x00000000, base=0x0000000000000000
08:54:32 executing program 5:
r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
r1 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/btrfs-control\x00', 0x0, 0x0)
ioctl$ASHMEM_GET_PIN_STATUS(r1, 0x7709, 0x0)
ioctl$KVM_CREATE_DEVICE(r0, 0xc00caee0, &(0x7f0000000000)={0x4, r1})
fremovexattr(r0, &(0x7f0000000080)=@known='user.syz\x00')
r2 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/btrfs-control\x00', 0x0, 0x0)
r3 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000040)='/dev/cachefiles\x00', 0x230001, 0x0)
setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r3, 0x10e, 0x1, &(0x7f00000000c0)=0x1a, 0x4)
ioctl$ASHMEM_GET_PIN_STATUS(r2, 0x7709, 0x0)
ioctl$KDGKBSENT(r2, 0x4b48, &(0x7f0000000300)={0x7f, "7a759908784fb865f8f62e66a3a8bc2a2ca7c3e70454641571d41ec368c8898bdee12def078966c20c3ca1cca4af443ee7c3023972b19a66078d47985a20cef1ee1845c8cc9cf0a70d591d416754ad427012618db6dac2aed0a8c004810f3785eb0da3d759ef2e26b494516b3c10008d1b1c3ff2891dd5f015c911473ac081d9ae3e1d27abca83cd27397c1c360e6bca7aa2e276b59dcb45547ffc7a0ea57b6ce286ea741d9fd145c43869b2d5bc9bcc4bfd4528ed8391f564b3dc4e402019516c45ca8e29244a78147700e171eb555015ed9f9ac776d343543eb6f7043b9a597557de9793dc884966fde980bf78afddd215d598846af7a0333925314b8f949f2d16e52983fd3f65b50460390fae2e57e58b81f02c2027b4a382110f77597aa2c8891ecaf2be5545cb340c631e9de2b35240947db5be340614eb56cbbec415dc4cab0e747871d47cb804b06f0645eca51346727da8d21c98e2d0aa275ba4b934b88d57fd1977a37899bcacc92fde547c41de4ce79be2a08069388f975d707d34ce5e2005ddf968f281556182ebcb4fcbfa1ca99682caad1bde917ef943f84c5b5ea2f979f0b2cae18727bd0fe2365253b07b1819e3503dfce9133f76b89c4cbe7c4e83efb7db6f057776859a49b5f3deb93c54b422a914ac782f2c43d64bba1b75b0e6aac94b13922bca36346ee9c768565c5abd35a11dd7ff8704f0374b92f3"})

[ 2738.134589] audit: type=1804 audit(1591347272.206:365): pid=20084 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.2" name="/root/syzkaller-testdir440013971/syzkaller.BGz3RF/4563/bus" dev="sda1" ino=16451 res=1
[ 2738.165749] DS:   sel=0x0000, attr=0x10000, limit=0x0000f000, base=0x0000000000000000
[ 2738.284812] SS:   sel=0x0000, attr=0x04005, limit=0x00000000, base=0x0000000000000000
[ 2738.400966] ES:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2738.490841] FS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2738.574177] GS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2738.673462] GDTR:                           limit=0x00000000, base=0x0000000000000001
08:54:32 executing program 0:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(0xffffffffffffffff, 0x800)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0xffffffff)

[ 2738.774785] LDTR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
08:54:33 executing program 4:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r2 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r2, 0x0, 0x8400fffffffa)
sendfile(r0, r2, 0x0, 0xffffffff)

08:54:33 executing program 2:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff})
r2 = fcntl$dupfd(0xffffffffffffffff, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r3 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r3, 0x0, 0x8400fffffffa)
sendfile(r0, r3, 0x0, 0xffffffff)

08:54:33 executing program 3:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = fcntl$dupfd(r2, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x0)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r4 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r4, 0x0, 0x8400fffffffa)
sendfile(r0, r4, 0x0, 0xffffffff)

[ 2738.866887] IDTR:                           limit=0x00000000, base=0x0000000000000000
[ 2738.875419] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2738.885019] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[ 2738.905957] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
08:54:33 executing program 5:
r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
fremovexattr(r0, &(0x7f0000000080)=@known='user.syz\x00')
r1 = openat$null(0xffffffffffffff9c, &(0x7f0000000000)='/dev/null\x00', 0x2, 0x0)
recvmsg$kcm(r1, &(0x7f0000000480)={&(0x7f00000000c0)=@nfc, 0x80, &(0x7f00000003c0)=[{&(0x7f0000000180)=""/78, 0x4e}, {&(0x7f0000000200)=""/206, 0xce}, {&(0x7f0000000300)=""/123, 0x7b}, {&(0x7f0000000040)}, {&(0x7f0000000380)=""/21, 0x15}], 0x5, &(0x7f0000000440)=""/21, 0x15}, 0x20)

[ 2738.935718] Interruptibility = 00000000  ActivityState = 00000000
[ 2738.965509] *** Host State ***
[ 2738.992064] RIP = 0xffffffff8116426f  RSP = 0xffff8880460979d0
08:54:33 executing program 0:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(0xffffffffffffffff, 0x800)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0xffffffff)

[ 2739.041802] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[ 2739.115229] FSBase=00007fc3c7505700 GSBase=ffff8880aec00000 TRBase=fffffe0000003000
[ 2739.189391] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000
08:54:33 executing program 0:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(0xffffffffffffffff, 0x800)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0xffffffff)

[ 2739.275799] CR0=0000000080050033 CR3=0000000039153000 CR4=00000000001426f0
[ 2739.346081] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff864018c0
[ 2739.426572] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[ 2739.488981] *** Control State ***
[ 2739.547573] PinBased=0000003f CPUBased=b6986dfe SecondaryExec=000000ea
[ 2739.617904] EntryControls=0000d1ff ExitControls=002fefff
[ 2739.681573] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[ 2739.733560] VMEntry: intr_info=800000c5 errcode=00000000 ilen=00000000
[ 2739.831804] VMExit: intr_info=00000000 errcode=00000000 ilen=00000003
[ 2739.859887]         reason=80000021 qualification=0000000000000000
[ 2739.885007] IDTVectoring: info=00000000 errcode=00000000
[ 2739.899076] TSC Offset = 0xfffffa42a2e3364c
[ 2739.907930] EPT pointer = 0x000000001926101e
[ 2739.931116] Virtual processor ID = 0x001c
08:54:34 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_CLOCK(0xffffffffffffffff, 0x4030ae7b, &(0x7f0000000000)={0xec2})
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000026000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000000c0)={{0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0xd7}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x4, 0xce, 0x0, 0xfd}, {}, {}, {0x1}, {}, 0x80000004, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x20]})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

08:54:34 executing program 0:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x0)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0xffffffff)

08:54:34 executing program 5:
r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
fremovexattr(r0, &(0x7f0000000080)=@known='user.syz\x00')
r1 = socket$isdn_base(0x22, 0x3, 0x0)
recvmmsg(r1, &(0x7f0000000100)=[{{0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000000)=""/95, 0x5f}, {&(0x7f0000000180)=""/200, 0xc8}, {&(0x7f0000000280)=""/163, 0xa3}, {&(0x7f0000000340)=""/4096, 0x1000}], 0x4, &(0x7f0000001340)=""/117, 0x75}, 0xe3f}], 0x1, 0x0, &(0x7f00000013c0)={0x77359400})

08:54:34 executing program 2:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff})
r2 = fcntl$dupfd(0xffffffffffffffff, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r3 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r3, 0x0, 0x8400fffffffa)
sendfile(r0, r3, 0x0, 0xffffffff)

08:54:34 executing program 3:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = fcntl$dupfd(r2, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
fcntl$setstatus(0xffffffffffffffff, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r4 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r4, 0x0, 0x8400fffffffa)
sendfile(r0, r4, 0x0, 0xffffffff)

08:54:34 executing program 4:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r2 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r2, 0x0, 0x8400fffffffa)
sendfile(r0, r2, 0x0, 0xffffffff)

08:54:34 executing program 0:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x0)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0xffffffff)

[ 2740.105617] *** Guest State ***
[ 2740.137553] CR0: actual=0x0000000080000024, shadow=0x0000000080000004, gh_mask=fffffffffffffff7
08:54:34 executing program 5:
r0 = creat(&(0x7f0000000140)='./bus\x00', 0xc4)
fremovexattr(r0, &(0x7f0000000080)=@known='user.syz\x00')

[ 2740.238164] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
08:54:34 executing program 0:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x0)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0xffffffff)

[ 2740.348247] CR3 = 0x0000000000000000
[ 2740.388393] RSP = 0x0000000000002018  RIP = 0x0000000000000000
08:54:34 executing program 0:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(0xffffffffffffffff, 0x0, 0x2)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0xffffffff)

[ 2740.453790] RFLAGS=0x00000002         DR7 = 0x0000000000000400
[ 2740.519871] Sysenter RSP=0000000000000f80 CS:RIP=0050:0000000000002810
[ 2740.587460] CS:   sel=0x0000, attr=0x08081, limit=0x00000000, base=0x0000000000000000
08:54:34 executing program 0:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(0xffffffffffffffff, 0x0, 0x2)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0xffffffff)

[ 2740.657855] DS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2740.712008] SS:   sel=0x0000, attr=0x04005, limit=0x00000000, base=0x0000000000000000
[ 2740.758797] ES:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
08:54:35 executing program 2:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = fcntl$dupfd(r1, 0x0, 0xffffffffffffffff)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r3 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r3, 0x0, 0x8400fffffffa)
sendfile(r0, r3, 0x0, 0xffffffff)

[ 2740.851524] FS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2740.903769] GS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2740.962913] kauditd_printk_skb: 15 callbacks suppressed
[ 2740.962923] audit: type=1804 audit(1591347275.126:381): pid=20172 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.2" name="/root/syzkaller-testdir440013971/syzkaller.BGz3RF/4566/bus" dev="sda1" ino=16122 res=1
[ 2740.979984] GDTR:                           limit=0x00000000, base=0x0000000000000001
[ 2741.067559] LDTR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2741.108095] IDTR:                           limit=0x00000000, base=0x0000000000000000
[ 2741.118171] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2741.127505] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[ 2741.135717] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[ 2741.144557] Interruptibility = 00000000  ActivityState = 00000000
[ 2741.152160] *** Host State ***
[ 2741.156811] RIP = 0xffffffff8116426f  RSP = 0xffff88801929f9d0
[ 2741.164729] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[ 2741.172443] FSBase=00007fc3c7505700 GSBase=ffff8880aec00000 TRBase=fffffe0000003000
[ 2741.181424] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000
[ 2741.187834] CR0=0000000080050033 CR3=000000008557e000 CR4=00000000001426f0
[ 2741.197996] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff864018c0
[ 2741.205902] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[ 2741.218624] *** Control State ***
[ 2741.224542] PinBased=0000003f CPUBased=b6986dfe SecondaryExec=000000ea
[ 2741.237138] EntryControls=0000d1ff ExitControls=002fefff
[ 2741.246977] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[ 2741.266217] VMEntry: intr_info=800000c5 errcode=00000000 ilen=00000000
[ 2741.275243] VMExit: intr_info=00000000 errcode=00000000 ilen=00000003
[ 2741.291016]         reason=80000021 qualification=0000000000000000
[ 2741.298144] IDTVectoring: info=00000000 errcode=00000000
[ 2741.313352] TSC Offset = 0xfffffa41712bb1c6
[ 2741.318665] EPT pointer = 0x000000005448701e
[ 2741.329001] Virtual processor ID = 0x001c
08:54:35 executing program 3:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = fcntl$dupfd(r2, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
fcntl$setstatus(0xffffffffffffffff, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r4 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r4, 0x0, 0x8400fffffffa)
sendfile(r0, r4, 0x0, 0xffffffff)

08:54:35 executing program 0:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(0xffffffffffffffff, 0x0, 0x2)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0xffffffff)

08:54:35 executing program 5:
syz_open_dev$media(&(0x7f0000000000)='/dev/media#\x00', 0x6, 0x20a900)
r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
r1 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x46000)
io_setup(0x2349, &(0x7f0000000240)=<r2=>0x0)
io_submit(r2, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x80000000000000, 0x1, 0x0, r1, &(0x7f0000000000), 0x377140be6b5ef4c7}])
ioctl$EXT4_IOC_SWAP_BOOT(r1, 0x6611)
fremovexattr(r0, &(0x7f0000000080)=@known='user.syz\x00')

08:54:35 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_CLOCK(0xffffffffffffffff, 0x4030ae7b, &(0x7f0000000000)={0xec2})
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000026000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000000c0)={{0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x9}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x4, 0xce, 0x0, 0xfd}, {}, {}, {0x1}, {}, 0x80000004, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x20]})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket$netlink(0x10, 0x3, 0x0)
r5 = socket$netlink(0x10, 0x3, 0x0)
r6 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r6, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000240)={0x0}, 0x1, 0x0, 0x0, 0x48801}, 0xc090)
getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, <r7=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r7, @ANYBLOB="0000000000000000280012000c00010076657468"], 0x48}}, 0x0)
sendmsg$nl_route_sched(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000340)=ANY=[@ANYBLOB="4c00000024001d0f000000000000000000040000", @ANYRES32=r7, @ANYBLOB="00000000f1ffffff060000000d00010066715f636f64656c"], 0x4c}}, 0x0)
sendmsg$nl_route_sched(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000640)=@newtfilter={0x24, 0x2a, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r7}}, 0x24}}, 0x0)
ioctl$sock_inet6_SIOCDIFADDR(0xffffffffffffffff, 0x8936, &(0x7f0000000040)={@ipv4={[], [], @broadcast}, 0x5, r7})

08:54:35 executing program 4:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r2 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r2, 0x0, 0x8400fffffffa)
sendfile(r0, r2, 0x0, 0xffffffff)

08:54:35 executing program 0:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x0)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0xffffffff)

[ 2741.476554] audit: type=1804 audit(1591347275.636:382): pid=20184 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.0" name="/root/syzkaller-testdir384449744/syzkaller.8GxjaF/4286/bus" dev="sda1" ino=16530 res=1
08:54:35 executing program 4:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r2 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r2, 0x0, 0xffffffff)

[ 2741.612875] *** Guest State ***
[ 2741.633525] CR0: actual=0x0000000080000024, shadow=0x0000000080000004, gh_mask=fffffffffffffff7
[ 2741.642934] audit: type=1804 audit(1591347275.676:383): pid=20185 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.3" name="/root/syzkaller-testdir891778437/syzkaller.7QqUtx/820/bus" dev="sda1" ino=16561 res=1
08:54:35 executing program 0:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x0)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0xffffffff)

[ 2741.682391] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.1'.
[ 2741.721203] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
08:54:35 executing program 2:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = fcntl$dupfd(r1, 0x0, 0xffffffffffffffff)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r3 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r3, 0x0, 0x8400fffffffa)
sendfile(r0, r3, 0x0, 0xffffffff)

[ 2741.828627] CR3 = 0x0000000000000000
[ 2741.852987] RSP = 0x0000000000002018  RIP = 0x0000000000000000
[ 2741.868228] audit: type=1804 audit(1591347275.786:384): pid=20193 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.0" name="/root/syzkaller-testdir384449744/syzkaller.8GxjaF/4287/bus" dev="sda1" ino=15923 res=1
[ 2741.886665] RFLAGS=0x00000002         DR7 = 0x0000000000000400
08:54:36 executing program 0:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x0)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0xffffffff)

[ 2741.902129] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.1'.
[ 2741.944798] Sysenter RSP=0000000000000f80 CS:RIP=0050:0000000000002810
[ 2741.989894] CS:   sel=0x0000, attr=0x08081, limit=0x00000000, base=0x0000000000000000
[ 2742.034637] DS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2742.066269] SS:   sel=0x0000, attr=0x04005, limit=0x00000000, base=0x0000000000000000
08:54:36 executing program 0:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r1 = open(0x0, 0x0, 0x0)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0xffffffff)

[ 2742.108654] ES:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
08:54:36 executing program 5:
r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
fremovexattr(r0, &(0x7f0000000080)=@known='user.syz\x00')
sendmsg$NFQNL_MSG_VERDICT_BATCH(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000000c0)={&(0x7f0000000580)=ANY=[@ANYBLOB="2c00000003030300000000000000ce8e8a4d00699a770cf14179e100034000080003400000000000000000003b13228bee4380d8034fd86fd61f5d89cb05633137dbe257de550b183be57bce27f9f4141e19c46851e193cf16b065f0c33c5476712640a5f78b1ff83735eb756c29b37b2916e68deeee401bd659f00e9663d75bcc11888123b0c9ed8d53bef82a69919b078c90c4ca8204d823aa3492b557b099a2740f56df8ab994877bf0774dedad831bdd37a60e38f7ccc5dc4fdf7a115dda86f42172f8efa265eb55a5ec160ac5f5a0704ae53d48728443a283e9f2e46048af9bd1630c2904821ee87f33898022a26808085eefbd2733580cabef0f5416e0f1a85b71e164e3be8764b9a3378e7579c264394a47a637c84c0c84999bfb080b1776e856abcec8c9d2a2e58315b1cffb71a8333024663acd5f9ebc91c5b72495bbe35bf1072642b71efc6b426f235650a10b9eb858f8"], 0x2c}, 0x1, 0x0, 0x0, 0x50}, 0x0)
r1 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
r2 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
fcntl$setstatus(r2, 0x4, 0x46000)
io_setup(0x2349, &(0x7f0000000240)=<r3=>0x0)
io_submit(r3, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x80000000000000, 0x5, 0x0, r2, &(0x7f0000000000), 0x0, 0xfffffffffffffffe}])
setsockopt$inet_sctp6_SCTP_DISABLE_FRAGMENTS(r2, 0x84, 0x8, &(0x7f00000001c0)=0x6, 0x4)
ioctl$ASHMEM_GET_PIN_STATUS(0xffffffffffffffff, 0x7709, 0x0)
ioctl$KVM_GET_NR_MMU_PAGES(0xffffffffffffffff, 0xae45, 0x3)
fcntl$setstatus(r1, 0x4, 0x46000)
io_setup(0x2349, &(0x7f0000000240)=<r4=>0x0)
r5 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
fcntl$setstatus(r5, 0x4, 0x46000)
io_setup(0x2349, &(0x7f0000000240)=<r6=>0x0)
io_submit(r6, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x80000000000000, 0x1, 0x0, r5, &(0x7f0000000000), 0x377140be6b5ef4c7}])
ioctl$SNDRV_PCM_IOCTL_DELAY(r5, 0x80084121, &(0x7f0000000200))
io_submit(r4, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x80000000000000, 0x1, 0x0, r1, &(0x7f0000000000), 0x377140be6b5ef4c7}])
ioctl$SOUND_MIXER_READ_RECMASK(r1, 0x80044dfd, &(0x7f0000000180))

[ 2742.156935] audit: type=1804 audit(1591347275.916:385): pid=20200 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.4" name="/root/syzkaller-testdir787812507/syzkaller.VZIQUG/4434/bus" dev="sda1" ino=16642 res=1
[ 2742.162943] FS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2742.281159] audit: type=1804 audit(1591347275.976:386): pid=20207 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.0" name="/root/syzkaller-testdir384449744/syzkaller.8GxjaF/4288/bus" dev="sda1" ino=15977 res=1
08:54:36 executing program 3:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = fcntl$dupfd(r2, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
fcntl$setstatus(0xffffffffffffffff, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r4 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r4, 0x0, 0x8400fffffffa)
sendfile(r0, r4, 0x0, 0xffffffff)

08:54:36 executing program 0:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r1 = open(0x0, 0x0, 0x0)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0xffffffff)

[ 2742.307585] audit: type=1804 audit(1591347276.106:387): pid=20212 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.2" name="/root/syzkaller-testdir440013971/syzkaller.BGz3RF/4567/bus" dev="sda1" ino=16658 res=1
[ 2742.339566] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.1'.
[ 2742.343548] audit: type=1804 audit(1591347276.186:388): pid=20216 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.0" name="/root/syzkaller-testdir384449744/syzkaller.8GxjaF/4289/bus" dev="sda1" ino=16530 res=1
[ 2742.366421] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.1'.
[ 2742.427428] GS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2742.477653] GDTR:                           limit=0x00000000, base=0x0000000000000001
08:54:36 executing program 0:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r1 = open(0x0, 0x0, 0x0)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0xffffffff)

[ 2742.531365] LDTR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2742.593765] IDTR:                           limit=0x00000000, base=0x0000000000000000
[ 2742.618814] audit: type=1804 audit(1591347276.776:389): pid=20235 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.3" name="/root/syzkaller-testdir891778437/syzkaller.7QqUtx/821/bus" dev="sda1" ino=16513 res=1
[ 2742.626299] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2742.762181] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[ 2742.788542] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[ 2742.823279] Interruptibility = 00000000  ActivityState = 00000000
[ 2742.861344] *** Host State ***
[ 2742.879164] RIP = 0xffffffff8116426f  RSP = 0xffff888086a0f9d0
[ 2742.906261] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[ 2742.917748] FSBase=00007fc3c7505700 GSBase=ffff8880aed00000 TRBase=fffffe0000034000
[ 2742.928202] GDTBase=fffffe0000032000 IDTBase=fffffe0000000000
[ 2742.944877] CR0=0000000080050033 CR3=00000000a0d1f000 CR4=00000000001426e0
[ 2742.957474] Sysenter RSP=fffffe0000033200 CS:RIP=0010:ffffffff864018c0
[ 2742.967562] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[ 2742.979032] *** Control State ***
[ 2742.984150] PinBased=0000003f CPUBased=b6986dfe SecondaryExec=000000ea
[ 2742.995701] EntryControls=0000d1ff ExitControls=002fefff
[ 2743.004217] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[ 2743.016764] VMEntry: intr_info=800000c5 errcode=00000000 ilen=00000000
[ 2743.026019] VMExit: intr_info=00000000 errcode=00000000 ilen=00000003
[ 2743.037540]         reason=80000021 qualification=0000000000000000
[ 2743.046372] IDTVectoring: info=00000000 errcode=00000000
[ 2743.057499] TSC Offset = 0xfffffa40a2c3e981
[ 2743.063607] EPT pointer = 0x00000000a954801e
[ 2743.068226] Virtual processor ID = 0x001c
08:54:37 executing program 0:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(0xffffffffffffffff, r1, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0xffffffff)

08:54:37 executing program 4:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r2 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r2, 0x0, 0xffffffff)

08:54:37 executing program 2:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = fcntl$dupfd(r1, 0x0, 0xffffffffffffffff)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r3 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r3, 0x0, 0x8400fffffffa)
sendfile(r0, r3, 0x0, 0xffffffff)

08:54:37 executing program 5:
r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
r1 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x46000)
io_setup(0x2349, &(0x7f0000000240)=<r2=>0x0)
io_submit(r2, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x80000000000000, 0x1, 0x0, r1, &(0x7f0000000000), 0x377140be6b5ef4c7}])
ioctl$SNDRV_PCM_IOCTL_HW_REFINE(r1, 0xc2604110, &(0x7f0000000180)={0x1ff, [[0x8, 0x3, 0xfe44, 0x8, 0x8001, 0x2, 0x6, 0x100], [0x7fffffff, 0x8000, 0x7, 0x5, 0xfffffffb, 0x76d, 0x9, 0x7fffffff], [0x4a245529, 0x2, 0x1, 0x4, 0x20, 0x8, 0x2, 0x6]], [], [{0xffffffff, 0xff, 0x0, 0x1, 0x1}, {0x3f, 0x40, 0x1, 0x1, 0x0, 0x1}, {0x5, 0xae4, 0x0, 0x0, 0x1}, {0x8000, 0x10000, 0x1, 0x0, 0x0, 0x1}, {0x7ba0, 0x8001, 0x1, 0x0, 0x1}, {0x4, 0x203, 0x0, 0x1, 0x0, 0x1}, {0xfffffffd, 0x4, 0x1, 0x0, 0x0, 0x1}, {0x8, 0xffff, 0x1, 0x0, 0x1, 0x1}, {0x3, 0x0, 0x1, 0x0, 0x1, 0x1}, {0xfff, 0x10000000, 0x1}, {0x81, 0x7, 0x0, 0x0, 0x1, 0x1}, {0x401, 0xea17, 0x0, 0x1, 0x1, 0x1}], [], 0x7fff})
fremovexattr(r0, &(0x7f0000000080)=@known='user.syz\x00')
r3 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000000)='/dev/btrfs-control\x00', 0x1, 0x0)
r4 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000100)='TIPCv2\x00')
sendmsg$TIPC_NL_MON_SET(r3, &(0x7f0000000500)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f00000004c0)={&(0x7f0000000400)={0x98, r4, 0x4, 0x70bd28, 0x25dfdbfc, {}, [@TIPC_NLA_MEDIA={0x30, 0x5, 0x0, 0x1, [@TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'eth\x00'}, @TIPC_NLA_MEDIA_PROP={0x24, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x15}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x3}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x7}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x3}]}]}, @TIPC_NLA_SOCK={0x54, 0x2, 0x0, 0x1, [@TIPC_NLA_SOCK_CON={0x2c, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_NODE={0x8, 0x2, 0x9}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x8}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x7}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x7}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0xfffffc33}]}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x6}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x2}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0x20}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x20}]}]}, 0x98}, 0x1, 0x0, 0x0, 0x4091}, 0x22004094)
madvise(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x14)

08:54:37 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_CLOCK(0xffffffffffffffff, 0x4030ae7b, &(0x7f0000000000)={0xec2})
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
openat$zero(0xffffffffffffff9c, &(0x7f0000000040)='/dev/zero\x00', 0x206001, 0x0)
r3 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/btrfs-control\x00', 0x0, 0x0)
ioctl$ASHMEM_GET_PIN_STATUS(r3, 0x7709, 0x0)
r4 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000240)='/dev/vsock\x00', 0x44102, 0x0)
syz_kvm_setup_cpu$x86(r4, r3, &(0x7f0000026000/0x18000)=nil, 0x0, 0x0, 0x78, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000000c0)={{0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x9}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x4, 0xce, 0x0, 0xfd}, {}, {}, {0x1}, {}, 0x80000004, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x20]})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

[ 2743.170584] audit: type=1804 audit(1591347277.336:390): pid=20250 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.4" name="/root/syzkaller-testdir787812507/syzkaller.VZIQUG/4435/bus" dev="sda1" ino=16770 res=1
[ 2743.213220] *** Guest State ***
[ 2743.233908] CR0: actual=0x0000000080000024, shadow=0x0000000080000004, gh_mask=fffffffffffffff7
[ 2743.316363] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[ 2743.357752] CR3 = 0x0000000000000000
08:54:37 executing program 3:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = fcntl$dupfd(r2, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
fcntl$setstatus(r0, 0x4, 0x0)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r4 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r4, 0x0, 0x8400fffffffa)
sendfile(r0, r4, 0x0, 0xffffffff)

[ 2743.382690] RSP = 0x0000000000000000  RIP = 0x000000000000fff0
[ 2743.405084] RFLAGS=0x00010002         DR7 = 0x0000000000000400
[ 2743.456126] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
[ 2743.489129] CS:   sel=0x0000, attr=0x08081, limit=0x00000000, base=0x0000000000000000
08:54:37 executing program 5:
r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
fremovexattr(r0, &(0x7f0000000080)=@known='user.syz\x00')
getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(0xffffffffffffffff, 0x84, 0x1d, &(0x7f0000000040)={0x2, [0x0, 0x0]}, &(0x7f00000000c0)=0xc)
openat$ppp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ppp\x00', 0x101104, 0x0)

[ 2743.528746] DS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2743.568203] SS:   sel=0x0000, attr=0x04005, limit=0x00000000, base=0x0000000000000000
[ 2743.615522] ES:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2743.655064] FS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2743.692558] GS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2743.731298] GDTR:                           limit=0x00000000, base=0x0000000000000001
[ 2743.767493] LDTR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2743.804992] IDTR:                           limit=0x00000000, base=0x0000000000000000
[ 2743.849800] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2743.903725] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[ 2743.939193] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
08:54:38 executing program 2:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
fcntl$dupfd(r2, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r3 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r3, 0x0, 0x8400fffffffa)
sendfile(r0, r3, 0x0, 0xffffffff)

[ 2743.991291] Interruptibility = 00000000  ActivityState = 00000000
[ 2744.021074] *** Host State ***
[ 2744.024416] RIP = 0xffffffff8116426f  RSP = 0xffff888050c779d0
08:54:38 executing program 4:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r2 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r2, 0x0, 0xffffffff)

08:54:38 executing program 0:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(0xffffffffffffffff, r1, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0xffffffff)

[ 2744.061700] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[ 2744.068591] FSBase=00007fc3c7505700 GSBase=ffff8880aed00000 TRBase=fffffe0000034000
[ 2744.148125] GDTBase=fffffe0000032000 IDTBase=fffffe0000000000
[ 2744.195785] CR0=0000000080050033 CR3=000000003a444000 CR4=00000000001426e0
08:54:38 executing program 5:
r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
fremovexattr(r0, &(0x7f0000000000)=@known='user.syz\x00')
r1 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/btrfs-control\x00', 0x0, 0x0)
ioctl$ASHMEM_GET_PIN_STATUS(r1, 0x7709, 0x0)
r2 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/btrfs-control\x00', 0x0, 0x0)
ioctl$ASHMEM_GET_PIN_STATUS(r2, 0x7709, 0x0)
r3 = socket$inet6_sctp(0xa, 0x5, 0x84)
shutdown(r3, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r3, 0x84, 0x6f, &(0x7f0000000040)={0x0, 0xfffffca5, &(0x7f0000000300)=[@in={0x2, 0x4e22, @dev={0xac, 0x14, 0x14, 0x2a}}, @in6={0xa, 0x4e23, 0x0, @ipv4={[], [], @empty}, 0x5}, @in={0x2, 0x4e23, @multicast2}, @in={0x2, 0x4e20, @loopback}, @in6={0xa, 0x4e20, 0x4, @dev={0xfe, 0x80, [], 0x36}, 0x5}, @in={0x2, 0x4e22, @initdev={0xac, 0x1e, 0x0, 0x0}}, @in6={0xa, 0x4e21, 0x1, @mcast1, 0xffffffff}]}, &(0x7f0000000180)=0x10)
r4 = socket$inet(0x2, 0x80001, 0x84)
r5 = syz_open_dev$ptys(0xc, 0x3, 0x1)
ioctl$VT_DISALLOCATE(r5, 0x5608)
getsockopt$inet_sctp_SCTP_MAX_BURST(r4, 0x84, 0x14, &(0x7f00000000c0)=@assoc_value={<r6=>0x0}, &(0x7f0000000100)=0xfffffdeb)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r3, 0x84, 0x7d, &(0x7f0000000240)={r6}, 0x9c)
getsockopt$inet_sctp_SCTP_AUTH_ACTIVE_KEY(r2, 0x84, 0x18, &(0x7f0000000040)={<r7=>r6, 0x1}, &(0x7f0000000080)=0x8)
setsockopt$inet_sctp_SCTP_AUTH_DEACTIVATE_KEY(r1, 0x84, 0x23, &(0x7f00000000c0)={r7, 0x401}, 0x8)

[ 2744.237132] Sysenter RSP=fffffe0000033200 CS:RIP=0010:ffffffff864018c0
[ 2744.275562] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[ 2744.316377] *** Control State ***
[ 2744.338285] PinBased=0000003f CPUBased=b6986dfe SecondaryExec=000000e2
[ 2744.373520] EntryControls=0000d1ff ExitControls=002fefff
[ 2744.407891] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[ 2744.441706] VMEntry: intr_info=80000306 errcode=00000000 ilen=00000000
[ 2744.476454] VMExit: intr_info=00000000 errcode=00000000 ilen=00000003
08:54:38 executing program 3:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = fcntl$dupfd(r2, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
fcntl$setstatus(r0, 0x4, 0x0)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r4 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r4, 0x0, 0x8400fffffffa)
sendfile(r0, r4, 0x0, 0xffffffff)

[ 2744.517466]         reason=80000021 qualification=0000000000000000
[ 2744.546619] IDTVectoring: info=00000000 errcode=00000000
[ 2744.565906] TSC Offset = 0xfffffa3fc71f621c
[ 2744.579060] EPT pointer = 0x00000000191e501e
[ 2744.596292] Virtual processor ID = 0x001c
08:54:38 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_CLOCK(0xffffffffffffffff, 0x4030ae7b, &(0x7f0000000000)={0xec2})
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
r3 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
fcntl$setstatus(r3, 0x4, 0x46000)
syz_genetlink_get_family_id$ethtool(&(0x7f0000000280)='ethtool\x00')
io_setup(0x2349, &(0x7f0000000240)=<r4=>0x0)
io_submit(r4, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x80000000000000, 0x1, 0x0, r3, &(0x7f0000000000), 0x377140be6b5ef4c7}])
write$P9_RXATTRWALK(r3, &(0x7f0000000040)={0xf, 0x1f, 0x2, 0x6}, 0xf)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000026000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000000c0)={{0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x9}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9e}, {0x0, 0x0, 0x0, 0x0, 0x7}, {}, {0x0, 0x0, 0x0, 0x4, 0xce, 0x0, 0xfd}, {}, {0x0, 0x0, 0x0, 0x0, 0xfd}, {0x1}, {}, 0x80000004, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x20]})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

08:54:38 executing program 5:
r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
fremovexattr(r0, &(0x7f0000000080)=@known='user.syz\x00')
r1 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x46000)
io_setup(0x2349, &(0x7f0000000240)=<r2=>0x0)
io_submit(r2, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x80000000000000, 0x1, 0x0, r1, &(0x7f0000000000), 0x377140be6b5ef4c7}])
connect(r1, &(0x7f0000000000)=@tipc=@id={0x1e, 0x3, 0x2, {0x4e22}}, 0x80)

[ 2744.809075] *** Guest State ***
[ 2744.822331] CR0: actual=0x0000000080000024, shadow=0x0000000080000004, gh_mask=fffffffffffffff7
[ 2744.864857] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
08:54:39 executing program 2:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
fcntl$dupfd(r2, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r3 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r3, 0x0, 0x8400fffffffa)
sendfile(r0, r3, 0x0, 0xffffffff)

[ 2744.906185] CR3 = 0x0000000000000000
[ 2744.923532] RSP = 0x0000000000002018  RIP = 0x0000000000000000
08:54:39 executing program 4:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
sendfile(r0, 0xffffffffffffffff, 0x0, 0x8400fffffffa)
sendfile(r0, 0xffffffffffffffff, 0x0, 0xffffffff)

08:54:39 executing program 0:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(0xffffffffffffffff, r1, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0xffffffff)

[ 2744.960957] RFLAGS=0x00000002         DR7 = 0x0000000000000400
[ 2744.993393] Sysenter RSP=0000000000000f80 CS:RIP=0050:0000000000002810
[ 2745.047316] CS:   sel=0x0000, attr=0x08081, limit=0x00000000, base=0x0000000000000000
[ 2745.101598] DS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
08:54:39 executing program 4:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
sendfile(r0, 0xffffffffffffffff, 0x0, 0x8400fffffffa)
sendfile(r0, 0xffffffffffffffff, 0x0, 0xffffffff)

[ 2745.162087] SS:   sel=0x0000, attr=0x04005, limit=0x00000000, base=0x0000000000000000
[ 2745.216760] ES:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
08:54:39 executing program 4:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
sendfile(r0, 0xffffffffffffffff, 0x0, 0x8400fffffffa)
sendfile(r0, 0xffffffffffffffff, 0x0, 0xffffffff)

[ 2745.260794] FS:   sel=0x0000, attr=0x00081, limit=0x00000000, base=0x0000000000000000
[ 2745.309641] GS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2745.347696] GDTR:                           limit=0x00000000, base=0x0000000000000001
08:54:39 executing program 4:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
r2 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r2, 0x0, 0x8400fffffffa)
sendfile(r0, r2, 0x0, 0xffffffff)

[ 2745.384092] LDTR: sel=0x0000, attr=0x00080, limit=0x00000000, base=0x0000000000000000
08:54:39 executing program 5:
r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
fremovexattr(r0, &(0x7f0000000080)=@known='user.syz\x00')
recvmsg$kcm(r0, &(0x7f00000000c0)={&(0x7f0000000000)=@phonet, 0x80, &(0x7f0000000340)=[{&(0x7f0000000180)=""/142, 0x8e}, {&(0x7f0000000240)=""/202, 0xca}], 0x2}, 0x100)

[ 2745.431027] IDTR:                           limit=0x00000000, base=0x0000000000000000
[ 2745.470508] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
08:54:39 executing program 4:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
r2 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r2, 0x0, 0x8400fffffffa)
sendfile(r0, r2, 0x0, 0xffffffff)

[ 2745.510956] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[ 2745.547640] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[ 2745.604987] Interruptibility = 00000000  ActivityState = 00000000
[ 2745.639562] *** Host State ***
[ 2745.656300] RIP = 0xffffffff8116426f  RSP = 0xffff8880192279d0
[ 2745.689306] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
08:54:39 executing program 3:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = fcntl$dupfd(r2, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
fcntl$setstatus(r0, 0x4, 0x0)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r4 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r4, 0x0, 0x8400fffffffa)
sendfile(r0, r4, 0x0, 0xffffffff)

08:54:39 executing program 4:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
r2 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r2, 0x0, 0x8400fffffffa)
sendfile(r0, r2, 0x0, 0xffffffff)

[ 2745.713188] FSBase=00007fc3c7505700 GSBase=ffff8880aed00000 TRBase=fffffe0000034000
[ 2745.742781] GDTBase=fffffe0000032000 IDTBase=fffffe0000000000
[ 2745.778797] CR0=0000000080050033 CR3=0000000082039000 CR4=00000000001426e0
[ 2745.805334] Sysenter RSP=fffffe0000033200 CS:RIP=0010:ffffffff864018c0
[ 2745.849231] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[ 2745.885301] *** Control State ***
[ 2745.900457] PinBased=0000003f CPUBased=b6986dfe SecondaryExec=000000ea
[ 2745.945314] EntryControls=0000d1ff ExitControls=002fefff
[ 2745.952358] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[ 2745.959351] VMEntry: intr_info=800000c5 errcode=00000000 ilen=00000000
[ 2745.982724] VMExit: intr_info=00000000 errcode=00000000 ilen=00000003
[ 2745.989347]         reason=80000021 qualification=0000000000000000
[ 2746.012044] IDTVectoring: info=00000000 errcode=00000000
[ 2746.017572] TSC Offset = 0xfffffa3ef150d327
[ 2746.023523] EPT pointer = 0x000000005dd2201e
[ 2746.033012] Virtual processor ID = 0x001c
08:54:40 executing program 5:
r0 = creat(&(0x7f0000000080)='./bus\x00', 0x1)
fremovexattr(r0, &(0x7f0000000040)=ANY=[@ANYBLOB="747275737465642e7bbb51eabf8f21478c42a90075e2ed96d5"])

08:54:40 executing program 2:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
fcntl$dupfd(r2, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r3 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r3, 0x0, 0x8400fffffffa)
sendfile(r0, r3, 0x0, 0xffffffff)

08:54:40 executing program 4:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
fcntl$setstatus(r0, 0x4, 0x6900)
lseek(r0, 0x0, 0x2)
r2 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r2, 0x0, 0x8400fffffffa)
sendfile(r0, r2, 0x0, 0xffffffff)

08:54:40 executing program 0:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, 0xffffffffffffffff, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0xffffffff)

08:54:40 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200)
r2 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
fcntl$setstatus(r2, 0x4, 0x46000)
io_setup(0x2349, &(0x7f0000000240)=<r3=>0x0)
io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x80000000000000, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7}])
ioctl$VIDIOC_G_FMT(r2, 0xc0d05604, &(0x7f0000000240)={0x5, @sliced={0x4, [0x2, 0x400, 0x8, 0xd1f4, 0x1ff, 0x3ff, 0x400, 0xffe1, 0x0, 0x8, 0x3f, 0x4, 0x1d96, 0x2, 0x0, 0x7ff, 0x3f, 0x1000, 0x6, 0x9, 0x3, 0x8, 0x101, 0x81, 0x7, 0x401, 0x2, 0x2, 0x38, 0x14f, 0xffff, 0x6, 0x5ee, 0x6, 0x0, 0x1, 0x4, 0x2, 0x1, 0x7, 0x1, 0xbd9, 0x3ff, 0x5, 0x6358, 0x7ff, 0x2, 0x5], 0xbdf5}})
r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_CLOCK(0xffffffffffffffff, 0x4030ae7b, &(0x7f0000000000)={0xec2})
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000026000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r4, 0x4138ae84, &(0x7f00000000c0)={{0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x9}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x4, 0xce, 0x0, 0xfd}, {}, {}, {0x1}, {}, 0x80000004, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x20]})
ioctl$KVM_RUN(r4, 0xae80, 0x0)

[ 2746.147063] kauditd_printk_skb: 13 callbacks suppressed
[ 2746.147072] audit: type=1804 audit(1591347280.307:404): pid=20344 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.4" name="/root/syzkaller-testdir787812507/syzkaller.VZIQUG/4443/bus" dev="sda1" ino=16770 res=1
08:54:40 executing program 4:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
fcntl$setstatus(r0, 0x4, 0x6900)
lseek(r0, 0x0, 0x2)
r2 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r2, 0x0, 0x8400fffffffa)
sendfile(r0, r2, 0x0, 0xffffffff)

[ 2746.293708] audit: type=1804 audit(1591347280.317:405): pid=20346 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.2" name="/root/syzkaller-testdir440013971/syzkaller.BGz3RF/4571/bus" dev="sda1" ino=16962 res=1
[ 2746.310934] *** Guest State ***
08:54:40 executing program 4:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
fcntl$setstatus(r0, 0x4, 0x6900)
lseek(r0, 0x0, 0x2)
r2 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r2, 0x0, 0x8400fffffffa)
sendfile(r0, r2, 0x0, 0xffffffff)

[ 2746.369776] CR0: actual=0x0000000080000024, shadow=0x0000000080000004, gh_mask=fffffffffffffff7
08:54:40 executing program 5:
creat(&(0x7f0000000140)='./bus\x00', 0x0)
r0 = accept4$alg(0xffffffffffffffff, 0x0, 0x0, 0x0)
fremovexattr(r0, &(0x7f0000000000)=@known='system.advise\x00')

[ 2746.433305] audit: type=1804 audit(1591347280.357:406): pid=20345 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.0" name="/root/syzkaller-testdir384449744/syzkaller.8GxjaF/4296/bus" dev="sda1" ino=16948 res=1
[ 2746.447736] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
08:54:40 executing program 4:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r2 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r2, 0x0, 0x8400fffffffa)
sendfile(r0, r2, 0x0, 0xffffffff)

[ 2746.560563] CR3 = 0x0000000000000000
[ 2746.588673] RSP = 0x0000000000002018  RIP = 0x0000000000000000
[ 2746.618301] RFLAGS=0x00000002         DR7 = 0x0000000000000400
[ 2746.622973] audit: type=1804 audit(1591347280.537:407): pid=20356 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.4" name="/root/syzkaller-testdir787812507/syzkaller.VZIQUG/4444/bus" dev="sda1" ino=17025 res=1
[ 2746.654938] Sysenter RSP=0000000000000f80 CS:RIP=0050:0000000000002810
[ 2746.693124] CS:   sel=0x0000, attr=0x08081, limit=0x00000000, base=0x0000000000000000
08:54:40 executing program 3:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = fcntl$dupfd(r2, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(0xffffffffffffffff, 0x800)
lseek(r0, 0x0, 0x2)
r4 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r4, 0x0, 0x8400fffffffa)
sendfile(r0, r4, 0x0, 0xffffffff)

[ 2746.737371] DS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2746.774084] SS:   sel=0x0000, attr=0x04005, limit=0x00000000, base=0x0000000000000000
[ 2746.836968] ES:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2746.852120] audit: type=1804 audit(1591347280.697:408): pid=20358 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.4" name="/root/syzkaller-testdir787812507/syzkaller.VZIQUG/4445/bus" dev="sda1" ino=15915 res=1
[ 2746.903011] FS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
08:54:41 executing program 2:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = fcntl$dupfd(r2, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x0)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r4 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r4, 0x0, 0x8400fffffffa)
sendfile(r0, r4, 0x0, 0xffffffff)

08:54:41 executing program 0:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, 0xffffffffffffffff, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0xffffffff)

[ 2746.943341] audit: type=1804 audit(1591347280.887:409): pid=20361 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.4" name="/root/syzkaller-testdir787812507/syzkaller.VZIQUG/4446/bus" dev="sda1" ino=16977 res=1
[ 2746.971429] GS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
08:54:41 executing program 5:
r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
r1 = getpid()
sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0)
r2 = open(&(0x7f00000000c0)='./bus\x00', 0x155500, 0x20)
perf_event_open(&(0x7f0000000000)={0x1, 0x70, 0x66, 0x7, 0x0, 0x4, 0x0, 0x4, 0x20000, 0xb, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x2, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0xc0d9, 0x4, @perf_config_ext={0x5, 0xca}, 0x42080, 0x1000, 0x1ff, 0x9, 0x8, 0x80000000, 0xffc0}, r1, 0xd, r2, 0xd)
fremovexattr(r0, &(0x7f0000000080)=@known='user.syz\x00')

[ 2747.056088] GDTR:                           limit=0x00000000, base=0x0000000000000001
[ 2747.057199] *** Guest State ***
[ 2747.087310] CR0: actual=0x0000000080000024, shadow=0x0000000080000004, gh_mask=fffffffffffffff7
[ 2747.120074] LDTR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2747.139954] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[ 2747.159397] audit: type=1804 audit(1591347281.237:410): pid=20372 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.0" name="/root/syzkaller-testdir384449744/syzkaller.8GxjaF/4297/bus" dev="sda1" ino=16458 res=1
[ 2747.177208] IDTR:                           limit=0x00000000, base=0x0000000000000000
[ 2747.238293] CR3 = 0x0000000000000000
08:54:41 executing program 3:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = fcntl$dupfd(r2, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(0xffffffffffffffff, 0x800)
lseek(r0, 0x0, 0x2)
r4 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r4, 0x0, 0x8400fffffffa)
sendfile(r0, r4, 0x0, 0xffffffff)

[ 2747.273179] RSP = 0x0000000000002018  RIP = 0x0000000000000000
[ 2747.295623] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2747.322963] RFLAGS=0x00000002         DR7 = 0x0000000000000400
[ 2747.347893] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[ 2747.366519] Sysenter RSP=0000000000000f80 CS:RIP=0050:0000000000002810
[ 2747.375566] audit: type=1804 audit(1591347281.277:411): pid=20374 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.2" name="/root/syzkaller-testdir440013971/syzkaller.BGz3RF/4572/bus" dev="sda1" ino=16578 res=1
[ 2747.385043] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[ 2747.427039] CS:   sel=0x0000, attr=0x08081, limit=0x00000000, base=0x0000000000000000
[ 2747.468555] DS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
08:54:41 executing program 3:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = fcntl$dupfd(r2, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(0xffffffffffffffff, 0x800)
lseek(r0, 0x0, 0x2)
r4 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r4, 0x0, 0x8400fffffffa)
sendfile(r0, r4, 0x0, 0xffffffff)

08:54:41 executing program 4:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r2 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r2, 0x0, 0x8400fffffffa)
sendfile(r0, r2, 0x0, 0xffffffff)

[ 2747.509968] SS:   sel=0x0000, attr=0x04005, limit=0x00000000, base=0x0000000000000000
[ 2747.524411] audit: type=1804 audit(1591347281.367:412): pid=20377 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.3" name="/root/syzkaller-testdir891778437/syzkaller.7QqUtx/825/bus" dev="sda1" ino=16833 res=1
[ 2747.535789] Interruptibility = 00000000  ActivityState = 00000000
[ 2747.586909] ES:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2747.624687] *** Host State ***
[ 2747.632106] FS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2747.651494] RIP = 0xffffffff8116426f  RSP = 0xffff8880502d79d0
[ 2747.669384] GS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2747.680115] audit: type=1804 audit(1591347281.587:413): pid=20383 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.3" name="/root/syzkaller-testdir891778437/syzkaller.7QqUtx/826/bus" dev="sda1" ino=16993 res=1
[ 2747.686412] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[ 2747.711914] GDTR:                           limit=0x00000000, base=0x0000000000000001
[ 2747.720483] LDTR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2747.730393] IDTR:                           limit=0x00000000, base=0x0000000000000000
[ 2747.741914] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2747.754437] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[ 2747.762553] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[ 2747.771782] Interruptibility = 00000000  ActivityState = 00000000
[ 2747.797239] *** Host State ***
[ 2747.804688] FSBase=00007fc3c7505700 GSBase=ffff8880aed00000 TRBase=fffffe0000034000
[ 2747.806901] RIP = 0xffffffff8116426f  RSP = 0xffff888081ce79d0
[ 2747.834090] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[ 2747.864839] FSBase=00007fc3c74c2700 GSBase=ffff8880aec00000 TRBase=fffffe0000003000
[ 2747.865562] GDTBase=fffffe0000032000 IDTBase=fffffe0000000000
[ 2747.895874] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000
[ 2747.918178] CR0=0000000080050033 CR3=000000003a879000 CR4=00000000001426f0
[ 2747.928184] CR0=0000000080050033 CR3=000000003a879000 CR4=00000000001426e0
[ 2747.949955] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff864018c0
[ 2747.956674] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[ 2747.999256] *** Control State ***
[ 2748.001379] Sysenter RSP=fffffe0000033200 CS:RIP=0010:ffffffff864018c0
[ 2748.007709] PinBased=0000003f CPUBased=b6986dfe SecondaryExec=000000ea
[ 2748.016451] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[ 2748.042181] EntryControls=0000d1ff ExitControls=002fefff
[ 2748.048080] *** Control State ***
[ 2748.058107] PinBased=0000003f CPUBased=b6986dfe SecondaryExec=000000ea
[ 2748.085277] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[ 2748.090075] EntryControls=0000d1ff ExitControls=002fefff
[ 2748.105787] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[ 2748.116384] VMEntry: intr_info=800000c5 errcode=00000000 ilen=00000000
[ 2748.135271] VMEntry: intr_info=800000c5 errcode=00000000 ilen=00000000
[ 2748.136597] VMExit: intr_info=00000000 errcode=00000000 ilen=00000003
[ 2748.157790] VMExit: intr_info=00000000 errcode=00000000 ilen=00000003
[ 2748.162895]         reason=80000021 qualification=0000000000000000
[ 2748.191313] IDTVectoring: info=00000000 errcode=00000000
[ 2748.191364]         reason=80000021 qualification=0000000000000000
[ 2748.209718] TSC Offset = 0xfffffa3db5eae068
[ 2748.227382] EPT pointer = 0x000000004dd1f01e
[ 2748.237610] IDTVectoring: info=00000000 errcode=00000000
[ 2748.241836] Virtual processor ID = 0x0024
[ 2748.268266] TSC Offset = 0xfffffa3e1caae17e
[ 2748.288908] EPT pointer = 0x000000000af1d01e
[ 2748.316715] Virtual processor ID = 0x001c
08:54:42 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_CLOCK(0xffffffffffffffff, 0x4030ae7b, &(0x7f0000000000)={0xec2})
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000026000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000000c0)={{0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x9}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x4, 0xce, 0x0, 0xfd}, {}, {}, {0x1}, {}, 0x80000004, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x20]})

08:54:42 executing program 5:
r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
syz_open_dev$admmidi(&(0x7f0000000000)='/dev/admmidi#\x00', 0x2, 0x400)
fremovexattr(r0, &(0x7f0000000080)=@known='user.syz\x00')

08:54:42 executing program 3:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = fcntl$dupfd(r2, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x0)
lseek(r0, 0x0, 0x2)
r4 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r4, 0x0, 0x8400fffffffa)
sendfile(r0, r4, 0x0, 0xffffffff)

08:54:42 executing program 0:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, 0xffffffffffffffff, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0xffffffff)

08:54:42 executing program 2:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = fcntl$dupfd(r2, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x0)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r4 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r4, 0x0, 0x8400fffffffa)
sendfile(r0, r4, 0x0, 0xffffffff)

08:54:42 executing program 3:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = fcntl$dupfd(r2, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x0)
lseek(r0, 0x0, 0x2)
r4 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r4, 0x0, 0x8400fffffffa)
sendfile(r0, r4, 0x0, 0xffffffff)

08:54:42 executing program 4:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r2 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r2, 0x0, 0x8400fffffffa)
sendfile(r0, r2, 0x0, 0xffffffff)

08:54:42 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_CLOCK(0xffffffffffffffff, 0x4030ae7b, &(0x7f0000000000)={0xec2})
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
r3 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/btrfs-control\x00', 0x0, 0x0)
ioctl$ASHMEM_GET_PIN_STATUS(r3, 0x7709, 0x0)
r4 = socket$inet_tcp(0x2, 0x1, 0x0)
sendmsg(r3, &(0x7f0000000980)={&(0x7f0000000240)=@pppol2tpv3={0x18, 0x1, {0x0, r4, {0x2, 0x4e21, @private=0xa010101}, 0x3, 0x1, 0x1, 0x3}}, 0x80, &(0x7f0000000040)=[{&(0x7f00000002c0)="9cc746fecbfa14ac10962a9da837c2f4afbdef8fe9f3e69b53b416d56d64ac905df57520f40d4ce5449b0aaf022193f6b8becd0c2c96256f479a21f5558ba8d08fe09745be55c0c746c47079dedb73a944b0bb7e3c74b73064acbf2568ec25db0e9d9a920f59961f00b6cfb110507e4b9e96afe7f50945c393a1ceae1c131c593103a863d4558929df68a838dd19d5e419940893366b491d307547fb66d6040261622a1e57fde1d1268f024d53c2aefe8f54a022e8ad4da8", 0xb8}, {&(0x7f0000000380)="16afd077e89de687262f08b7564436560433ad37bbf915991100e391bc075d420925a9a0d30c1718d191686fc854d5f4a9ab66f7b3958472b511c5f339f781720cc66028102a9803d96f2fc204a94988d1d94a40bb11ad3777cbefc92d7b0a39e336c52a79fc6d17ba5a455332953dfaed6449508482906f1a0b4f4b42a478596362bea744de236c1c15f8af02d1be59c6d3116ed125dc5455795b3cbc4f27ec27bd8d26fe5cf1bb3f983d852fbc1dd051ce4cc8eb6443d3251f74d699b2af57914d", 0xc2}], 0x2, &(0x7f0000000480)=[{0xf8, 0x84, 0x100, "ff8e2733c4d1d735ce38ca34067a8baf940af8a167f0f33f2ec5ab9a04a2d5e2bc13d9ab46c57b9a4f32baafbf30884cf91dbdd99a6fa12978e3a1710aae4b85b070e53df13c327382ffaa8b95d6de62f75d0b5a140374b39e4d74d93d2395e4d80650d83527018725e26147233689ca34c2fc1fedf02ddd055dda6732d9917bd6acceb4f8c69b735a51aa7aca533a6cb3626da93c5f868e189def8279b88208c10c2a1fddb309f39594f83378a8b1aba68c1d05434d22eeb62d17bb9d5b69c5937da126761e93d1f60bc88e83ab00e8d7a1c90a996bda204f8e074c5379c5955f8081d5bc4c80a5"}, {0x90, 0x10b, 0x3, "dd25e0d963c8336c5a1b35bd5f5ab2e1ec04e6710c4f777982ed652259cc74a75fb7135b17968b8f0010f877f36a8b08b43c52226f30b3e5f61046c4c83ecee1efe749e0578bf3e651ba668ee2999d78695b6f4a569633bda73413d95c6798ccc91740999f06c90c2989f33e0fbb7bcd4225ef1d96aa1fe86aa44f"}, {0x98, 0x10b, 0xd2, "07b388d72583dd8de2c18c738e13168b5206176af5ef404c4e956b9a80ecca7b11a8eeb020586d19ea1e67bed5718672a95af7dfbcc2a8b262df3737f6859a5b055d4c086d525d129d3fb28ab50334b4aa670f3d0f682f25bc8dcbbe7af70200b90f71d70b7cda32175cdbb8d1e3a61019bc83578c5cfb5a8af97d43d306daea86b16e16dd"}, {0xc0, 0x102, 0xd9, "fe938e21c1185a25cb28538e2148277b54acbee92ddde279859367b091f1c74c4f38e59fb0f7b106112d0d62076d3914b22d1715978a97cc532b1c0677ffc97f046abe202f90e9a00c5b932baba9d988a8998ac25bf6c0ff8ee917ce6e3f934030037feea4c6736ea915e35dc570ca826f472567db0e93884f77b7fa958b3fb773b860727dfa4abb5bfb14b88bf92cc311c5b67aa0b1328b86a8cdf46fc9259d3dc58f824fcb2445326a338910d4"}, {0x70, 0x104, 0xf5, "387dab7dbd4c8082923786200fbd2da3b89308928f119ae8cf8b3fdcf47186915aed5154aa33d9c512772f3da0c1993a3e5ffb43ff9b363cd9951e0785a9d7314dc79c6fe2b92917c88966e3a40b43acd83eaa9c2f3a4c5afd54b43eba819c"}, {0xc0, 0x11, 0x8, "a7c0cea6ec13f16e88001ff9149fc9fd7bfe317987c35daeb395864612f8852055cb1267bcad2c8fe539e359e4b4c2c918d3107cee877e68e2a2242bc7edcbf3563603567813ea00ae5afe3fa439a7f6e979ac7bb0c0cb851310ab66dac933106336bdfd7bd130ce42ee7bdcfa1d019bfa0ff564a62aa552abeb49a060d6ea211e136c7b49cb1f47d3bd7bf3ae917bd54afd1c0d49345001dea8f83e8bd31c3a705b79b8b57674a49103b23145"}, {0xd0, 0x113, 0x2, "b6ce1e5a98a67c8fd80fd78d715f0c077e246963fc99e4f91e80911a5b087f6eacc5d2a59ef67bf3ff814780e6bde0cdb7e723a1cd2ec29769259c04235795f9b00df354043f785bc32d7a71cc853f17e0be253e3c828d0b7b88dad72a81a5e4d4159819dc7d6b2c26f8d6882af7cb9664899d1b38b428d54577dcd212c772fd20fefcb892587843e38b312d364716da0d8a2bcaa08073acb42033187cdb0b7b9b91a0214a8edc1f46a7e12bb38cddce2e8c814ac01907e149a8ee"}], 0x4e0}, 0x20000000)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000026000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000000c0)={{0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x9}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x4, 0xce, 0x0, 0xfd}, {}, {0x0, 0x0, 0x0, 0x0, 0x6}, {0x1}, {}, 0x80000004, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x20]})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

08:54:42 executing program 3:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = fcntl$dupfd(r2, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x0)
lseek(r0, 0x0, 0x2)
r4 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r4, 0x0, 0x8400fffffffa)
sendfile(r0, r4, 0x0, 0xffffffff)

08:54:42 executing program 5:
r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
fremovexattr(r0, &(0x7f0000000080)=@known='user.syz\x00')
r1 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x46000)
io_setup(0x2349, &(0x7f0000000240)=<r2=>0x0)
io_submit(r2, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x80000000000000, 0x1, 0x0, r1, &(0x7f0000000000), 0x377140be6b5ef4c7}])
inotify_add_watch(r1, &(0x7f0000000000)='./bus\x00', 0x806)

[ 2748.874826] *** Guest State ***
08:54:43 executing program 3:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = fcntl$dupfd(r2, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(0xffffffffffffffff, 0x0, 0x2)
r4 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r4, 0x0, 0x8400fffffffa)
sendfile(r0, r4, 0x0, 0xffffffff)

[ 2748.895092] CR0: actual=0x0000000080000024, shadow=0x0000000080000004, gh_mask=fffffffffffffff7
[ 2748.935029] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[ 2748.979177] CR3 = 0x0000000000000000
[ 2748.996585] RSP = 0x0000000000002018  RIP = 0x0000000000000000
[ 2749.026063] RFLAGS=0x00000002         DR7 = 0x0000000000000400
[ 2749.053971] Sysenter RSP=0000000000000f80 CS:RIP=0050:0000000000002810
08:54:43 executing program 3:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = fcntl$dupfd(r2, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(0xffffffffffffffff, 0x0, 0x2)
r4 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r4, 0x0, 0x8400fffffffa)
sendfile(r0, r4, 0x0, 0xffffffff)

[ 2749.083538] CS:   sel=0x0000, attr=0x08081, limit=0x00000000, base=0x0000000000000000
[ 2749.123695] DS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
08:54:43 executing program 3:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = fcntl$dupfd(r2, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(0xffffffffffffffff, 0x0, 0x2)
r4 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r4, 0x0, 0x8400fffffffa)
sendfile(r0, r4, 0x0, 0xffffffff)

[ 2749.153833] SS:   sel=0x0000, attr=0x04005, limit=0x00000000, base=0x0000000000000000
[ 2749.190874] ES:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2749.221255] FS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2749.256581] GS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
08:54:43 executing program 0:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r1, 0x0, 0x0)
sendfile(r0, r1, 0x0, 0xffffffff)

08:54:43 executing program 2:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = fcntl$dupfd(r2, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x0)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r4 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r4, 0x0, 0x8400fffffffa)
sendfile(r0, r4, 0x0, 0xffffffff)

[ 2749.278078] GDTR:                           limit=0x00000000, base=0x0000000000000001
08:54:43 executing program 3:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = fcntl$dupfd(r2, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x0)
r4 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r4, 0x0, 0x8400fffffffa)
sendfile(r0, r4, 0x0, 0xffffffff)

[ 2749.330571] LDTR: sel=0x0000, attr=0x00000, limit=0x00000000, base=0x0000000000000000
[ 2749.384158] IDTR:                           limit=0x00000000, base=0x0000000000000000
[ 2749.414408] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
08:54:43 executing program 5:
r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
fremovexattr(r0, &(0x7f0000000040)=@known='trusted.overlay.impure\x00')
r1 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/btrfs-control\x00', 0x0, 0x0)
ioctl$ASHMEM_GET_PIN_STATUS(r1, 0x7709, 0x0)
ioctl$VIDIOC_CROPCAP(r1, 0xc02c563a, &(0x7f0000000000)={0x3, {0xbf6, 0xfffffffd, 0x1, 0x2000000}, {0x4, 0x5, 0xab, 0x9}, {0x4, 0x7}})

[ 2749.459394] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[ 2749.496950] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
08:54:43 executing program 3:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = fcntl$dupfd(r2, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x0)
r4 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r4, 0x0, 0x8400fffffffa)
sendfile(r0, r4, 0x0, 0xffffffff)

[ 2749.509315] Interruptibility = 00000000  ActivityState = 00000000
[ 2749.518738] *** Host State ***
[ 2749.525748] RIP = 0xffffffff8116426f  RSP = 0xffff88804f5a79d0
[ 2749.534640] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[ 2749.544701] FSBase=00007fc3c7505700 GSBase=ffff8880aed00000 TRBase=fffffe0000034000
[ 2749.562820] GDTBase=fffffe0000032000 IDTBase=fffffe0000000000
[ 2749.572138] CR0=0000000080050033 CR3=00000000190b4000 CR4=00000000001426e0
[ 2749.585699] Sysenter RSP=fffffe0000033200 CS:RIP=0010:ffffffff864018c0
[ 2749.595611] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[ 2749.630734] *** Control State ***
[ 2749.660240] PinBased=0000003f CPUBased=b6986dfe SecondaryExec=000000ea
[ 2749.695152] EntryControls=0000d1ff ExitControls=002fefff
[ 2749.730730] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[ 2749.770805] VMEntry: intr_info=800000c5 errcode=00000000 ilen=00000000
[ 2749.778834] VMExit: intr_info=00000000 errcode=00000000 ilen=00000003
[ 2749.799418]         reason=80000021 qualification=0000000000000000
[ 2749.814785] IDTVectoring: info=00000000 errcode=00000000
[ 2749.827659] TSC Offset = 0xfffffa3cbfd05d49
08:54:44 executing program 4:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0xffffffff)

[ 2749.838039] EPT pointer = 0x000000004f6be01e
[ 2749.853087] Virtual processor ID = 0x001c
08:54:44 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_CLOCK(0xffffffffffffffff, 0x4030ae7b, &(0x7f0000000000)={0xec2})
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000026000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
r3 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
fcntl$setstatus(r3, 0x4, 0x46000)
io_setup(0x2349, &(0x7f0000000240)=<r4=>0x0)
io_submit(r4, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x80000000000000, 0x1, 0x0, r3, &(0x7f0000000000), 0x377140be6b5ef4c7}])
connect$tipc(r3, &(0x7f0000000040)=@name={0x1e, 0x2, 0x0, {{0x41, 0x4}, 0x1}}, 0x10)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000000c0)={{0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x9}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x4, 0xce, 0x0, 0xfd}, {}, {}, {0x1}, {}, 0x80000004, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x20]})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

08:54:44 executing program 3:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = fcntl$dupfd(r2, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x0)
r4 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r4, 0x0, 0x8400fffffffa)
sendfile(r0, r4, 0x0, 0xffffffff)

08:54:44 executing program 5:
r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
fremovexattr(r0, &(0x7f0000000080)=@known='user.syz\x00')
r1 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/btrfs-control\x00', 0x0, 0x0)
ioctl$ASHMEM_GET_PIN_STATUS(r1, 0x7709, 0x0)
ioctl$DRM_IOCTL_MODE_RMFB(r1, 0xc00464af, &(0x7f0000000000)=0x5)

08:54:44 executing program 3:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = fcntl$dupfd(r2, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r4 = open(0x0, 0x0, 0x0)
sendfile(r0, r4, 0x0, 0x8400fffffffa)
sendfile(r0, r4, 0x0, 0xffffffff)

[ 2750.072719] *** Guest State ***
[ 2750.087342] CR0: actual=0x0000000080000024, shadow=0x0000000080000004, gh_mask=fffffffffffffff7
08:54:44 executing program 3:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = fcntl$dupfd(r2, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r4 = open(0x0, 0x0, 0x0)
sendfile(r0, r4, 0x0, 0x8400fffffffa)
sendfile(r0, r4, 0x0, 0xffffffff)

[ 2750.125511] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[ 2750.162389] CR3 = 0x0000000000000000
[ 2750.168368] RSP = 0x0000000000002018  RIP = 0x0000000000000000
08:54:44 executing program 0:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r1, 0x0, 0x0)
sendfile(r0, r1, 0x0, 0xffffffff)

08:54:44 executing program 2:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = fcntl$dupfd(r2, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
fcntl$setstatus(0xffffffffffffffff, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r4 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r4, 0x0, 0x8400fffffffa)
sendfile(r0, r4, 0x0, 0xffffffff)

[ 2750.216767] RFLAGS=0x00000002         DR7 = 0x0000000000000400
[ 2750.275643] Sysenter RSP=0000000000000f80 CS:RIP=0050:0000000000002810
08:54:44 executing program 3:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = fcntl$dupfd(r2, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r4 = open(0x0, 0x0, 0x0)
sendfile(r0, r4, 0x0, 0x8400fffffffa)
sendfile(r0, r4, 0x0, 0xffffffff)

[ 2750.319699] CS:   sel=0x0000, attr=0x08081, limit=0x00000000, base=0x0000000000000000
[ 2750.362167] DS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2750.384596] SS:   sel=0x0000, attr=0x04005, limit=0x00000000, base=0x0000000000000000
08:54:44 executing program 3:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = fcntl$dupfd(r2, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r4 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(0xffffffffffffffff, r4, 0x0, 0x8400fffffffa)
sendfile(r0, r4, 0x0, 0xffffffff)

[ 2750.407375] ES:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2750.442294] FS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2750.450802] GS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2750.513152] GDTR:                           limit=0x00000000, base=0x0000000000000001
08:54:44 executing program 5:
r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
fremovexattr(r0, &(0x7f0000000080)=@known='user.syz\x00')
r1 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/btrfs-control\x00', 0x0, 0x0)
ioctl$ASHMEM_GET_PIN_STATUS(r1, 0x7709, 0x0)
ioctl$VIDIOC_S_EXT_CTRLS(r0, 0xc0205648, &(0x7f00000001c0)={0xa20000, 0x7fffffff, 0x2, <r2=>r1, 0x0, &(0x7f0000000180)={0x990afa, 0x8, [], @p_u32=&(0x7f0000000100)=0x1000}})
r3 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/btrfs-control\x00', 0x0, 0x0)
ioctl$ASHMEM_GET_PIN_STATUS(r3, 0x7709, 0x0)
r4 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/vga_arbiter\x00', 0x80000, 0x0)
getdents64(r4, &(0x7f0000000400)=""/134, 0x86)
r5 = socket$inet6_sctp(0xa, 0x5, 0x84)
shutdown(r5, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r5, 0x84, 0x6f, &(0x7f0000000040)={0x0, 0xfffffca5, &(0x7f0000000300)=[@in={0x2, 0x4e22, @dev={0xac, 0x14, 0x14, 0x2a}}, @in6={0xa, 0x4e23, 0x0, @ipv4={[], [], @empty}, 0x5}, @in={0x2, 0x4e23, @multicast2}, @in={0x2, 0x4e20, @loopback}, @in6={0xa, 0x4e20, 0x4, @dev={0xfe, 0x80, [], 0x36}, 0x5}, @in={0x2, 0x4e22, @initdev={0xac, 0x1e, 0x0, 0x0}}, @in6={0xa, 0x4e21, 0x1, @mcast1, 0xffffffff}]}, &(0x7f0000000180)=0x10)
r6 = socket$inet(0x2, 0x80001, 0x84)
getsockopt$inet_sctp_SCTP_MAX_BURST(r6, 0x84, 0x14, &(0x7f00000000c0)=@assoc_value={<r7=>0x0}, &(0x7f0000000100)=0xfffffdeb)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r5, 0x84, 0x7d, &(0x7f0000000240)={r7}, 0x9c)
setsockopt$inet_sctp_SCTP_ASSOCINFO(r3, 0x84, 0x1, &(0x7f0000000000)={r7, 0x1f, 0x3f, 0x80, 0x20, 0x1}, 0x14)
ioctl$KVM_SET_BOOT_CPU_ID(r2, 0xae78, &(0x7f00000000c0))
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000200)=[@in6={0xa, 0x4e24, 0x6, @mcast1, 0x2e8}, @in6={0xa, 0x4e24, 0xe845, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0x3f}, @in={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x32}}, @in6={0xa, 0x4e24, 0x1, @private1, 0x8c23}], 0x64)

[ 2750.582589] LDTR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2750.615448] IDTR:                           limit=0x00000000, base=0x0000000000000000
[ 2750.649468] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2750.682666] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[ 2750.707658] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[ 2750.743456] Interruptibility = 00000000  ActivityState = 00000000
[ 2750.770802] *** Host State ***
[ 2750.785570] RIP = 0xffffffff8116426f  RSP = 0xffff8880400cf9d0
[ 2750.822239] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[ 2750.894204] FSBase=00007fc3c7505700 GSBase=ffff8880aed00000 TRBase=fffffe0000034000
08:54:45 executing program 4:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0xffffffff)

[ 2750.949195] GDTBase=fffffe0000032000 IDTBase=fffffe0000000000
[ 2750.974707] CR0=0000000080050033 CR3=0000000056a71000 CR4=00000000001426e0
[ 2751.005312] Sysenter RSP=fffffe0000033200 CS:RIP=0010:ffffffff864018c0
[ 2751.082940] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
08:54:45 executing program 2:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = fcntl$dupfd(r2, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
fcntl$setstatus(0xffffffffffffffff, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r4 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r4, 0x0, 0x8400fffffffa)
sendfile(r0, r4, 0x0, 0xffffffff)

[ 2751.124735] *** Control State ***
[ 2751.141787] PinBased=0000003f CPUBased=b6986dfe SecondaryExec=000000ea
[ 2751.169670] EntryControls=0000d1ff ExitControls=002fefff
[ 2751.183889] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[ 2751.202948] VMEntry: intr_info=800000c5 errcode=00000000 ilen=00000000
[ 2751.222653] VMExit: intr_info=00000000 errcode=00000000 ilen=00000003
[ 2751.259706]         reason=80000021 qualification=0000000000000000
[ 2751.291357] IDTVectoring: info=00000000 errcode=00000000
[ 2751.308485] TSC Offset = 0xfffffa3c1db03275
[ 2751.331002] EPT pointer = 0x00000000905d101e
[ 2751.352481] Virtual processor ID = 0x001c
08:54:45 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = open(&(0x7f0000000040)='./file0\x00', 0x800, 0x6)
r3 = syz_open_dev$vcsn(&(0x7f0000000240)='/dev/vcs#\x00', 0x80000000, 0x101000)
ioctl$VIDIOC_QBUF(r3, 0xc058560f, &(0x7f0000000300)={0x1, 0x5, 0x4, 0x80000, 0xfffff001, {0x77359400}, {0x2, 0xc, 0x2, 0x45, 0xff, 0x3, "b69611c8"}, 0x7fffffff, 0x2, @planes=&(0x7f00000002c0)={0x401, 0x8000, @userptr=0x291, 0x5}, 0x81, 0x0, r2})
r4 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
fcntl$setstatus(r4, 0x4, 0x46000)
io_setup(0x2349, &(0x7f0000000240)=<r5=>0x0)
io_submit(r5, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x80000000000000, 0x1, 0x0, r4, &(0x7f0000000000), 0x377140be6b5ef4c7}])
ioctl$VHOST_SET_VRING_CALL(r4, 0x4008af21, &(0x7f0000000280)={0x1, r3})
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200)
r6 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_CLOCK(0xffffffffffffffff, 0x4030ae7b, &(0x7f0000000000)={0xec2})
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
socket$nl_audit(0x10, 0x3, 0x9)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000026000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
lsetxattr$trusted_overlay_nlink(&(0x7f0000000380)='./bus\x00', &(0x7f00000003c0)='trusted.overlay.nlink\x00', &(0x7f0000000400)={'U+', 0x401}, 0x16, 0x3)
ioctl$KVM_RUN(r6, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r6, 0x4138ae84, &(0x7f00000000c0)={{0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x9}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x4, 0xce, 0x0, 0xfd}, {}, {}, {0x1}, {}, 0x80000004, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x20]})
ioctl$KVM_RUN(r6, 0xae80, 0x0)

08:54:45 executing program 0:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r1, 0x0, 0x0)
sendfile(r0, r1, 0x0, 0xffffffff)

08:54:45 executing program 5:
r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
fremovexattr(r0, &(0x7f0000000080)=@known='user.syz\x00')
r1 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x46000)
io_setup(0x2349, &(0x7f0000000240)=<r2=>0x0)
io_submit(r2, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x80000000000000, 0x1, 0x0, r1, &(0x7f0000000000), 0x377140be6b5ef4c7}])
r3 = socket$netlink(0x10, 0x3, 0x0)
r4 = socket$netlink(0x10, 0x3, 0x0)
r5 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[], 0x48}, 0x1, 0x0, 0x0, 0xc040}, 0x0)
sendmsg$nl_route_sched(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000340)=ANY=[@ANYBLOB="4c00000024001d0f000000000000000000040000", @ANYRES32=r6, @ANYBLOB="00000000f1ffffff060000000d00010066715f636f64656c"], 0x4c}}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000640)=@newtfilter={0x24, 0x2a, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r6}}, 0x24}}, 0x0)
sendmsg$TEAM_CMD_PORT_LIST_GET(r0, &(0x7f00000009c0)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000980)={&(0x7f00000005c0)={0x3b4, 0x0, 0x100, 0x70bd2b, 0x25dfdbfd, {}, [{{0x8}, {0xb8, 0x2, 0x0, 0x1, [{0x38, 0x1, @notify_peers_count={{0x24, 0x1, 'notify_peers_count\x00'}, {0x5}, {0x8, 0x4, 0xdc61}}}, {0x40, 0x1, @priority={{{0x24, 0x1, 'priority\x00'}, {0x5}, {0x8, 0x4, 0x1}}, {0x8}}}, {0x3c, 0x1, @user_linkup={{{0x24, 0x1, 'user_linkup\x00'}, {0x5}, {0x4}}, {0x8}}}]}}, {{0x8}, {0x108, 0x2, 0x0, 0x1, [{0x38, 0x1, @notify_peers_count={{0x24, 0x1, 'notify_peers_count\x00'}, {0x5}, {0x8, 0x4, 0x3f}}}, {0x4c, 0x1, @lb_tx_method={{0x24, 0x1, 'lb_tx_method\x00'}, {0x5}, {0x19, 0x4, 'hash_to_port_mapping\x00'}}}, {0x40, 0x1, @lb_hash_stats={{{0x24, 0x1, 'lb_hash_stats\x00'}, {0x5}, {0x8, 0x4, 0x7}}, {0x8}}}, {0x40, 0x1, @queue_id={{{0x24, 0x1, 'queue_id\x00'}, {0x5}, {0x8, 0x4, 0x8d5}}, {0x8}}}]}}, {{0x8}, {0x3c, 0x2, 0x0, 0x1, [{0x38, 0x1, @notify_peers_count={{0x24, 0x1, 'notify_peers_count\x00'}, {0x5}, {0x8, 0x4, 0x5}}}]}}, {{0x8}, {0x7c, 0x2, 0x0, 0x1, [{0x38, 0x1, @notify_peers_interval={{0x24, 0x1, 'notify_peers_interval\x00'}, {0x5}, {0x8, 0x4, 0x5}}}, {0x40, 0x1, @lb_tx_hash_to_port_mapping={{{0x24, 0x1, 'lb_tx_hash_to_port_mapping\x00'}, {0x5}, {0x8}}, {0x8}}}]}}, {{0x8}, {0x100, 0x2, 0x0, 0x1, [{0x44, 0x1, @bpf_hash_func={{0x24, 0x1, 'bpf_hash_func\x00'}, {0x5}, {0x14, 0x4, [{0x9, 0xe0, 0x1, 0x7}, {0x8cce, 0x1, 0xff, 0x8}]}}}, {0x40, 0x1, @priority={{{0x24, 0x1, 'priority\x00'}, {0x5}, {0x8, 0x4, 0x5}}, {0x8}}}, {0x40, 0x1, @queue_id={{{0x24, 0x1, 'queue_id\x00'}, {0x5}, {0x8, 0x4, 0x6}}, {0x8, 0x6, r6}}}, {0x38, 0x1, @notify_peers_count={{0x24, 0x1, 'notify_peers_count\x00'}, {0x5}, {0x8, 0x4, 0x3bf}}}]}}]}, 0x3b4}, 0x1, 0x0, 0x0, 0x894}, 0x2000c001)
sysinfo(&(0x7f0000000180)=""/146)
ioctl$FIOCLEX(r1, 0x5451)
ioctl$DRM_IOCTL_MODE_ADDFB2(r0, 0xc06864b8, &(0x7f0000000000)={0x40, 0x5, 0x0, 0x3ff, 0x1, [0x60a32b97, 0xa33], [0x480000, 0x0, 0x1, 0x5750], [0xa9b, 0x5, 0x613, 0x9], [0xba5, 0x3ff, 0x8000, 0x1]})
r7 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dlm_plock\x00', 0x400000, 0x0)
setsockopt$inet6_tcp_TCP_ULP(r7, 0x6, 0x1f, &(0x7f0000000280)='tls\x00', 0x4)

08:54:45 executing program 3:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = fcntl$dupfd(r2, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r4 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(0xffffffffffffffff, r4, 0x0, 0x8400fffffffa)
sendfile(r0, r4, 0x0, 0xffffffff)

[ 2751.400515] kauditd_printk_skb: 20 callbacks suppressed
[ 2751.400524] audit: type=1804 audit(1591347285.567:434): pid=20513 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.2" name="/root/syzkaller-testdir440013971/syzkaller.BGz3RF/4576/bus" dev="sda1" ino=15980 res=1
[ 2751.590090] *** Guest State ***
[ 2751.607520] CR0: actual=0x0000000080000024, shadow=0x0000000080000004, gh_mask=fffffffffffffff7
[ 2751.615350] audit: type=1804 audit(1591347285.687:435): pid=20521 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.3" name="/root/syzkaller-testdir891778437/syzkaller.7QqUtx/841/bus" dev="sda1" ino=16457 res=1
[ 2751.634780] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[ 2751.673905] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.5'.
[ 2751.742871] audit: type=1804 audit(1591347285.707:436): pid=20523 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.0" name="/root/syzkaller-testdir384449744/syzkaller.8GxjaF/4301/bus" dev="sda1" ino=16582 res=1
[ 2751.795939] CR3 = 0x0000000000000000
08:54:46 executing program 4:
fcntl$setstatus(0xffffffffffffffff, 0x4, 0x6900)
ftruncate(0xffffffffffffffff, 0x800)
lseek(0xffffffffffffffff, 0x0, 0x2)
r0 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(0xffffffffffffffff, r0, 0x0, 0x8400fffffffa)
sendfile(0xffffffffffffffff, r0, 0x0, 0xffffffff)

[ 2751.847776] RSP = 0x0000000000002018  RIP = 0x0000000000000000
[ 2751.881460] RFLAGS=0x00000002         DR7 = 0x0000000000000400
08:54:46 executing program 4:
fcntl$setstatus(0xffffffffffffffff, 0x4, 0x6900)
ftruncate(0xffffffffffffffff, 0x800)
lseek(0xffffffffffffffff, 0x0, 0x2)
r0 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(0xffffffffffffffff, r0, 0x0, 0x8400fffffffa)
sendfile(0xffffffffffffffff, r0, 0x0, 0xffffffff)

[ 2751.906146] Sysenter RSP=0000000000000f80 CS:RIP=0050:0000000000002810
[ 2751.962055] CS:   sel=0x0000, attr=0x08081, limit=0x00000000, base=0x0000000000000000
[ 2751.963351] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.5'.
[ 2751.994199] DS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
08:54:46 executing program 4:
fcntl$setstatus(0xffffffffffffffff, 0x4, 0x6900)
ftruncate(0xffffffffffffffff, 0x800)
lseek(0xffffffffffffffff, 0x0, 0x2)
r0 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(0xffffffffffffffff, r0, 0x0, 0x8400fffffffa)
sendfile(0xffffffffffffffff, r0, 0x0, 0xffffffff)

[ 2752.040203] SS:   sel=0x0000, attr=0x04005, limit=0x00000000, base=0x0000000000000000
[ 2752.069333] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.5'.
[ 2752.085035] ES:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
08:54:46 executing program 4:
r0 = creat(0x0, 0x0)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0xffffffff)

[ 2752.116420] FS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2752.148677] GS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
08:54:46 executing program 5:
r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
fremovexattr(r0, &(0x7f0000000080)=@known='user.syz\x00')
r1 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000000)='/dev/cachefiles\x00', 0x80000, 0x0)
inotify_add_watch(r1, &(0x7f0000000040)='./bus\x00', 0x93000000)

08:54:46 executing program 2:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = fcntl$dupfd(r2, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
fcntl$setstatus(0xffffffffffffffff, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r4 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r4, 0x0, 0x8400fffffffa)
sendfile(r0, r4, 0x0, 0xffffffff)

08:54:46 executing program 4:
r0 = creat(0x0, 0x0)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0xffffffff)

[ 2752.213973] GDTR:                           limit=0x00000000, base=0x0000000000000001
[ 2752.285007] LDTR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
08:54:46 executing program 4:
r0 = creat(0x0, 0x0)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0xffffffff)

[ 2752.393871] IDTR:                           limit=0x00000000, base=0x0000000000000000
[ 2752.406676] audit: type=1804 audit(1591347286.567:437): pid=20551 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.2" name="/root/syzkaller-testdir440013971/syzkaller.BGz3RF/4577/bus" dev="sda1" ino=16025 res=1
[ 2752.431080] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2752.431090] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[ 2752.431099] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[ 2752.431106] Interruptibility = 00000000  ActivityState = 00000000
[ 2752.431109] *** Host State ***
[ 2752.431117] RIP = 0xffffffff8116426f  RSP = 0xffff88809ea579d0
[ 2752.431133] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[ 2752.431142] FSBase=00007fc3c7505700 GSBase=ffff8880aec00000 TRBase=fffffe0000003000
[ 2752.431151] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000
[ 2752.431162] CR0=0000000080050033 CR3=0000000038c3f000 CR4=00000000001426f0
[ 2752.431173] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff864018c0
[ 2752.431181] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[ 2752.431734] *** Control State ***
[ 2752.709086] PinBased=0000003f CPUBased=b6986dfe SecondaryExec=000000ea
[ 2752.727975] EntryControls=0000d1ff ExitControls=002fefff
[ 2752.733869] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[ 2752.742664] VMEntry: intr_info=800000c5 errcode=00000000 ilen=00000000
[ 2752.770456] VMExit: intr_info=00000000 errcode=00000000 ilen=00000003
[ 2752.793566]         reason=80000021 qualification=0000000000000000
[ 2752.815447] IDTVectoring: info=00000000 errcode=00000000
[ 2752.834615] TSC Offset = 0xfffffa3b4b347fd8
[ 2752.845535] EPT pointer = 0x000000005302b01e
[ 2752.855805] Virtual processor ID = 0x001c
08:54:47 executing program 3:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = fcntl$dupfd(r2, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r4 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(0xffffffffffffffff, r4, 0x0, 0x8400fffffffa)
sendfile(r0, r4, 0x0, 0xffffffff)

08:54:47 executing program 0:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
sendfile(0xffffffffffffffff, r1, 0x0, 0xffffffff)

08:54:47 executing program 4:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
fcntl$setstatus(0xffffffffffffffff, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0xffffffff)

08:54:47 executing program 5:
r0 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/btrfs-control\x00', 0x2e8480, 0x0)
ioctl$ASHMEM_GET_PIN_STATUS(r0, 0x7709, 0x0)
ioctl$SG_SCSI_RESET(r0, 0x2284, 0x0)
r1 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
r2 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/btrfs-control\x00', 0x0, 0x0)
ioctl$ASHMEM_GET_PIN_STATUS(0xffffffffffffffff, 0x7709, 0x0)
getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f0000000180)={{{@in=@dev, @in=@private, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r3=>0x0}}, {{@in=@empty}}}, &(0x7f00000000c0)=0xe8)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket$netlink(0x10, 0x3, 0x0)
r6 = socket$netlink(0x10, 0x3, 0x0)
r7 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r7, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, <r8=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r8, @ANYBLOB="0000000000000000280012000c00010076657468"], 0x48}}, 0x0)
sendmsg$nl_route_sched(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000340)=ANY=[@ANYBLOB="4c00000024001d0ef70000000000000000040000", @ANYRES32=r8, @ANYBLOB="00000000f1ffffff060000000d00010066715f636f64656c"], 0x4c}}, 0x0)
sendmsg$nl_route_sched(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000640)=ANY=[@ANYBLOB='$\x00\x00\x00*\x00\'\r\x00'/20, @ANYRES32=r8, @ANYBLOB="00f0000000100000e5"], 0x24}}, 0x0)
sendmsg$NL80211_CMD_LEAVE_MESH(r1, &(0x7f0000000280)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000100)={&(0x7f0000000300)={0x70, 0x0, 0x100, 0x70bd2c, 0x25dfdbfe, {}, [@NL80211_ATTR_WIPHY={0x8, 0x1, 0x4}, @NL80211_ATTR_WDEV={0xc, 0x99, {0x6, 0x2}}, @NL80211_ATTR_IFINDEX={0x8}, @NL80211_ATTR_IFINDEX={0x8, 0x3, r3}, @NL80211_ATTR_IFINDEX={0x8, 0x3, r8}, @NL80211_ATTR_WDEV={0xc, 0x99, {0x3, 0xffffffff}}, @NL80211_ATTR_WIPHY={0x8, 0x1, 0xffffffffffffffff}, @NL80211_ATTR_WIPHY={0x8, 0x1, 0x1}, @NL80211_ATTR_IFINDEX={0x8}, @NL80211_ATTR_WDEV={0xc, 0x99, {0x40000000, 0x1}}]}, 0x70}, 0x1, 0x0, 0x0, 0x4840}, 0x4000)
ioctl$ASHMEM_GET_PIN_STATUS(r2, 0x7709, 0x0)
ioctl$VHOST_SET_VRING_KICK(r1, 0x4008af20, &(0x7f0000000000)={0x2, r2})
fremovexattr(r1, &(0x7f0000000080)=@known='user.syz\x00')

08:54:47 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200)
ioctl$KVM_SET_CLOCK(0xffffffffffffffff, 0x4030ae7b, &(0x7f0000000000)={0xec2})
ioctl$SNDRV_SEQ_IOCTL_GET_CLIENT_POOL(0xffffffffffffffff, 0xc058534b, &(0x7f0000000280)={0x9, 0xfff, 0x4, 0x3, 0x6, 0xfff})
r2 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
fcntl$setstatus(r2, 0x4, 0x46000)
io_setup(0x2349, &(0x7f0000000240)=<r3=>0x0)
io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x80000000000000, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7}])
ioctl$SNDRV_CTL_IOCTL_ELEM_LOCK(r2, 0x40405514, &(0x7f0000000040)={0x0, 0x2, 0x1f, 0x40, '\x00', 0x8})
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000026000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(0xffffffffffffffff, 0x4138ae84, &(0x7f00000000c0)={{0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x9}, {}, {}, {0x5000}, {}, {0xeee0b367d300e69d, 0x0, 0x8, 0x4, 0xce, 0x0, 0xfd}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0xff}, {0x1}, {}, 0x80000004, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x20]})
r4 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/btrfs-control\x00', 0x0, 0x0)
ioctl$ASHMEM_GET_PIN_STATUS(r4, 0x7709, 0x0)
r5 = dup2(r4, 0xffffffffffffffff)
ioctl$KVM_ASSIGN_SET_MSIX_NR(r5, 0x4008ae73, &(0x7f0000000300)={0x4, 0x2})
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)

[ 2752.991238] audit: type=1804 audit(1591347287.157:438): pid=20566 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.4" name="/root/syzkaller-testdir787812507/syzkaller.VZIQUG/4457/bus" dev="sda1" ino=17311 res=1
08:54:47 executing program 3:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = fcntl$dupfd(r2, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r4 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, 0xffffffffffffffff, 0x0, 0x8400fffffffa)
sendfile(r0, r4, 0x0, 0xffffffff)

[ 2753.123460] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.5'.
[ 2753.161782] audit: type=1804 audit(1591347287.257:439): pid=20573 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.0" name="/root/syzkaller-testdir384449744/syzkaller.8GxjaF/4302/bus" dev="sda1" ino=17326 res=1
08:54:47 executing program 2:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = fcntl$dupfd(r2, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
fcntl$setstatus(r0, 0x4, 0x0)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r4 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r4, 0x0, 0x8400fffffffa)
sendfile(r0, r4, 0x0, 0xffffffff)

08:54:47 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0)
r1 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x46000)
vmsplice(0xffffffffffffffff, &(0x7f00000003c0)=[{&(0x7f0000000300)="a24283450f01673b3b534053ba5643bd2a5d7dc96d9dfb165f48802da4ae055f464008989408eee05039c914ce8b4e1f0386b3504f5586b5348100defd2b3bd7d9d0c52efe061739e2af19e3b289322884126f9192e07d351163e1948d9e4e5749c2f0e0422ab454268cc223ff8c3f546ec63217c0be1240a807ff23f9be54a8afd9d0122e39ed3fb632fbda1236", 0x8e}], 0x1, 0x8)
io_setup(0x2349, &(0x7f0000000240)=<r2=>0x0)
io_submit(r2, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x80000000000000, 0x1, 0x0, r1, &(0x7f0000000000), 0x377140be6b5ef4c7}])
ioctl$SOUND_MIXER_WRITE_VOLUME(r1, 0xc0044d02, &(0x7f0000000040)=0x1d)
r3 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_CLOCK(0xffffffffffffffff, 0x4030ae7b, &(0x7f0000000000)={0xec2})
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000026000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
r5 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/btrfs-control\x00', 0x0, 0x0)
ioctl$ASHMEM_GET_PIN_STATUS(r5, 0x7709, 0x0)
socket$inet(0x2, 0x2, 0x400)
ioctl$UI_SET_SWBIT(r5, 0x4004556d, 0x1)
ioctl$KVM_SET_SREGS(r4, 0x4138ae84, &(0x7f00000000c0)={{0x0, 0x0, 0x0, 0xfc, 0x7, 0x0, 0x0, 0x0, 0x1, 0x9, 0x3}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, {0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0xff, 0x0, 0x0, 0x0, 0x2}, {0x0, 0x0, 0xe}, {0x3000, 0x0, 0x3}, {0x100000, 0x0, 0x8, 0x1f, 0x7, 0x0, 0xfd, 0xfe, 0x0, 0x0, 0x1, 0x81}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x1}, {0x0, 0x6000, 0xf, 0x0, 0x0, 0x0, 0x0, 0x9}, {0x1}, {}, 0x80000004, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x20]})
ioctl$KVM_RUN(r4, 0xae80, 0x0)

[ 2753.319480] audit: type=1804 audit(1591347287.447:440): pid=20585 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.3" name="/root/syzkaller-testdir891778437/syzkaller.7QqUtx/843/bus" dev="sda1" ino=17309 res=1
[ 2753.425166] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.5'.
[ 2753.476410] audit: type=1804 audit(1591347287.637:441): pid=20602 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.2" name="/root/syzkaller-testdir440013971/syzkaller.BGz3RF/4578/bus" dev="sda1" ino=17329 res=1
08:54:47 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_CLOCK(0xffffffffffffffff, 0x4030ae7b, &(0x7f0000000000)={0xec2})
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_genetlink_get_family_id$fou(&(0x7f0000000040)='fou\x00')
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000026000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_LAPIC(r2, 0x4400ae8f, &(0x7f0000000240)={"8eac3d1ccf641c61aa5352c9a9f8346cd3a53644cba20f9fba934ecb667fc2ab5c0128e08c5842ce994013678abfeb96cfa1b10d4a4024d715270f1514061a2df17f24652715768890ca07255833ddd598602ae2c7b91aa14bc33e507c72362bbb8de6070501a5c3bf6cd21118d0bca5b2756f5b7f5584c4be2290c180d5e73ad3ab95ebd9bc05c43b2cf9afde34189403ceb30d80fdda8de107c63bb2392c322633c6ff12d0a0ad1be26dad9ade905a93a83c536a42ecbb1dfc3e9927b2182185957743b3a3c048ed76eae87182e3a12fcb1c388df0b608f87e0168b311245ee884637014f6c2fed602116a932bae3a7b2372c0cddbba6210ba46323363604c8b77abc33da54c4b015d276a2932fa3befea24b96ab64d957d1b8dfebf497abc86bfcff9760a9c954a93b4c60953f83e5462ac8d915576b73e7175b342441c1303994dbe7c2f4221b3a515f18ffb75dd4c08e87a6760d8d8a458706fe0961d5334cc647eb2b4ba2c336199bc3fd31a2dab005d59c3fd204e7638831e0152a2e4091c9345b8d4074f31ffb13204041af63c3be7d03f1a10bf1b7ee9230c5cfd8631fee51256002a7f3ce6660c7cbbd2c03a14131639dbe56f38690270344d2ee0b01a5e71d46b21eae758d3176aede117279dcf5af2cd8673d1209f6efbe1147681ac002d9b6e8443a647d54b2ba3f167889dd98afdd61ac18b15578030c6426ef88d641bc7cdfeb4206462f60c04758e8579b762f6387f5f8271b30c8d7e4ebd8095b5574b4f04ffaf9a244525a0f7a2dccb62d717f5917642c9fc184eeac79d98146a2c4f5d16d6aeb459e0e6fdd58a01883da3c1a3f75dd9015bb48d80e103898a24b8de84c1822bf62119671503f0f96b102f21c15375bf822d003b017e762fd4e0e9b206cbb98f8a9f0ddeede87286bb29de86dcab1d764114c5381f320c7661a00ee5b5a3a18a22a44157ea3296e65ce0adcc70a276427a36e27eb2e68e4e211c1917de9fa4dc0b7b1b40f0f3e1552075dec7592fdf0c771a53ec5127b4c2bc89a817f892c29fcbcf7da31475174535ba812b76fc664a6c83888557d5179a4e9ceb5b9d8335a4f8c3f15ec120d61635e1ce5db4891bb05efe89a82525fb24fdbc6a05b7816cd56c5a258f711f7e889ccd42470257fc7eb103d75749ffe027403c76cdd9f3687854338f44fc2543c10bd5380709bf2691f5e78d4447496001ac4c7a480eeff8bb016c85e687bcd1edad438e6e2c1a3e9db9f4e162e1d189afc8648739bd579e0873483653343fd3d8db61723f28bd0a2a043de152fa00ec0bd479a60dc9fd5fc38b32a3c0aefc7e145edb076ebd8e47f9fa9185d8743e66624adb9361869cd6d8dc3675b598e0928eab7ae016372d15dc5f297d6ee3d5fcfde9662db3cea861dfbdaa1f58074863efa98dc8c227b8ad4088eedcdaa19aa7"})
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000000c0)={{0x0, 0x0, 0x0, 0xec, 0x7, 0x0, 0x0, 0x0, 0x0, 0x9}, {}, {0x0, 0x0, 0x0, 0x1}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, {0x0, 0x0, 0x0, 0x4, 0xce, 0x0, 0xfd, 0x0, 0x0, 0x0, 0x1}, {0x4, 0x0, 0xa, 0x0, 0x0, 0x0, 0xfd}, {0x0, 0x6000, 0x10}, {0x1}, {}, 0x80000004, 0x0, 0xe800, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x20]})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

[ 2753.629108] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.5'.
[ 2753.737031] *** Guest State ***
[ 2753.752736] CR0: actual=0x0000000080000024, shadow=0x0000000080000004, gh_mask=fffffffffffffff7
[ 2753.764092] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.5'.
08:54:47 executing program 4:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
fcntl$setstatus(0xffffffffffffffff, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0xffffffff)

08:54:48 executing program 0:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
sendfile(0xffffffffffffffff, r1, 0x0, 0xffffffff)

[ 2753.839697] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[ 2753.870475] CR3 = 0x000000000000e800
[ 2753.892087] RSP = 0x0000000000002018  RIP = 0x0000000000000000
[ 2753.923655] RFLAGS=0x00000002         DR7 = 0x0000000000000400
08:54:48 executing program 3:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = fcntl$dupfd(r2, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r4 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, 0xffffffffffffffff, 0x0, 0x8400fffffffa)
sendfile(r0, r4, 0x0, 0xffffffff)

[ 2753.962300] Sysenter RSP=0000000000000f80 CS:RIP=0050:0000000000002810
[ 2754.019458] CS:   sel=0x0000, attr=0x0808d, limit=0x00000000, base=0x0000000000000000
[ 2754.027599] audit: type=1804 audit(1591347288.187:442): pid=20617 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.4" name="/root/syzkaller-testdir787812507/syzkaller.VZIQUG/4458/bus" dev="sda1" ino=16421 res=1
08:54:48 executing program 5:
r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
fremovexattr(r0, &(0x7f0000000080)=@known='user.syz\x00')
r1 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/btrfs-control\x00', 0x0, 0x0)
ioctl$ASHMEM_GET_PIN_STATUS(r1, 0x7709, 0x0)
ioctl$sock_SIOCGIFVLAN_ADD_VLAN_CMD(r1, 0x8982, &(0x7f0000000040)={0x0, 'veth0_virt_wifi\x00', {0x2}, 0x23})
r2 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/btrfs-control\x00', 0x0, 0x0)
ioctl$ASHMEM_GET_PIN_STATUS(r2, 0x7709, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket$netlink(0x10, 0x3, 0x0)
r5 = socket$netlink(0x10, 0x3, 0x0)
r6 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r6, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, <r7=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r7, @ANYBLOB="0000000000000000280012000c00010076657468"], 0x48}}, 0x0)
sendmsg$nl_route_sched(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000340)=ANY=[@ANYBLOB="4c00000024001d0f000000000000000000040000", @ANYRES32=r7, @ANYBLOB="00000000f1ffffff060000000d00010066715f636f64656c"], 0x4c}}, 0x0)
sendmsg$nl_route_sched(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000640)=@newtfilter={0x24, 0x2a, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r7}}, 0x24}}, 0x0)
ioctl$ifreq_SIOCGIFINDEX_team(r2, 0x8933, &(0x7f0000000000)={'team0\x00', r7})

[ 2754.114558] DS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2754.160625] SS:   sel=0x0000, attr=0x05005, limit=0x00000000, base=0x0000000000000000
[ 2754.181492] audit: type=1804 audit(1591347288.217:443): pid=20618 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.0" name="/root/syzkaller-testdir384449744/syzkaller.8GxjaF/4303/bus" dev="sda1" ino=16615 res=1
08:54:48 executing program 2:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = fcntl$dupfd(r2, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
fcntl$setstatus(r0, 0x4, 0x0)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r4 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r4, 0x0, 0x8400fffffffa)
sendfile(r0, r4, 0x0, 0xffffffff)

[ 2754.237103] ES:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2754.277264] FS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2754.318433] GS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2754.361587] GDTR:                           limit=0x00000000, base=0x0000000000000001
[ 2754.401371] LDTR: sel=0x0010, attr=0x10000, limit=0x00006000, base=0x0000000000000000
[ 2754.441749] IDTR:                           limit=0x00000000, base=0x0000000000000000
[ 2754.510479] TR:   sel=0x000a, attr=0x10000, limit=0x00000000, base=0x0000000000000004
[ 2754.549637] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[ 2754.585293] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[ 2754.599909] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.5'.
[ 2754.635363] Interruptibility = 00000000  ActivityState = 00000000
[ 2754.668968] *** Host State ***
[ 2754.687915] RIP = 0xffffffff8116426f  RSP = 0xffff88803d7979d0
[ 2754.727074] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[ 2754.764732] FSBase=00007fc3c7505700 GSBase=ffff8880aed00000 TRBase=fffffe0000034000
08:54:49 executing program 0:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
sendfile(0xffffffffffffffff, r1, 0x0, 0xffffffff)

08:54:49 executing program 4:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
fcntl$setstatus(0xffffffffffffffff, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0xffffffff)

[ 2754.811247] GDTBase=fffffe0000032000 IDTBase=fffffe0000000000
[ 2754.845320] CR0=0000000080050033 CR3=000000001957c000 CR4=00000000001426e0
[ 2754.900628] Sysenter RSP=fffffe0000033200 CS:RIP=0010:ffffffff864018c0
[ 2754.945356] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[ 2754.987648] *** Control State ***
08:54:49 executing program 3:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = fcntl$dupfd(r2, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r4 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, 0xffffffffffffffff, 0x0, 0x8400fffffffa)
sendfile(r0, r4, 0x0, 0xffffffff)

[ 2755.018193] PinBased=0000003f CPUBased=b6986dfe SecondaryExec=000000ea
[ 2755.035268] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.5'.
[ 2755.058302] EntryControls=0000d1ff ExitControls=002fefff
[ 2755.099973] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[ 2755.145238] VMEntry: intr_info=800000c5 errcode=00000000 ilen=00000000
[ 2755.194439] VMExit: intr_info=00000000 errcode=00000000 ilen=00000003
[ 2755.238400]         reason=80000021 qualification=0000000000000000
[ 2755.238710] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.5'.
[ 2755.277385] IDTVectoring: info=00000000 errcode=00000000
[ 2755.308703] TSC Offset = 0xfffffa3a2521c7c6
[ 2755.335646] EPT pointer = 0x00000000153e501e
[ 2755.359019] Virtual processor ID = 0x001c
08:54:49 executing program 2:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = fcntl$dupfd(r2, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
fcntl$setstatus(r0, 0x4, 0x0)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r4 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r4, 0x0, 0x8400fffffffa)
sendfile(r0, r4, 0x0, 0xffffffff)

08:54:49 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_CLOCK(0xffffffffffffffff, 0x4030ae7b, &(0x7f0000000000)={0xec2})
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000026000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
r3 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
fcntl$setstatus(r3, 0x4, 0x46000)
io_setup(0x2349, &(0x7f0000000240)=<r4=>0x0)
io_submit(r4, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x80000000000000, 0x1, 0x0, r3, &(0x7f0000000000), 0x377140be6b5ef4c7}])
r5 = syz_genetlink_get_family_id$tipc(&(0x7f0000000240)='TIPC\x00')
sendmsg$TIPC_CMD_GET_REMOTE_MNG(r3, &(0x7f0000000300)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000280)={0x1c, r5, 0x10, 0x70bd2b, 0x25dfdbfe, {}, ["", "", "", "", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x40}, 0x20004800)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000000c0)={{0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x9}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x4, 0xce, 0x0, 0xfd}, {}, {}, {0x1}, {}, 0x80000004, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x20]})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

[ 2755.594947] *** Guest State ***
[ 2755.609963] CR0: actual=0x0000000080000024, shadow=0x0000000080000004, gh_mask=fffffffffffffff7
[ 2755.637644] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[ 2755.672665] CR3 = 0x0000000000000000
[ 2755.697617] RSP = 0x0000000000002018  RIP = 0x0000000000000000
08:54:49 executing program 0:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
sendfile(r0, 0xffffffffffffffff, 0x0, 0xffffffff)

[ 2755.741660] RFLAGS=0x00000002         DR7 = 0x0000000000000400
08:54:49 executing program 5:
r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
fremovexattr(r0, &(0x7f0000000080)=@known='user.syz\x00')
r1 = socket$inet6_sctp(0xa, 0x5, 0x84)
shutdown(r1, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f0000000040)={0x0, 0xfffffca5, &(0x7f0000000300)=[@in={0x2, 0x4e22, @dev={0xac, 0x14, 0x14, 0x2a}}, @in6={0xa, 0x4e23, 0x0, @ipv4={[], [], @empty}, 0x5}, @in={0x2, 0x4e23, @multicast2}, @in={0x2, 0x4e20, @loopback}, @in6={0xa, 0x4e20, 0x4, @dev={0xfe, 0x80, [], 0x36}, 0x5}, @in={0x2, 0x4e22, @initdev={0xac, 0x1e, 0x0, 0x0}}, @in6={0xa, 0x4e21, 0x1, @mcast1, 0xffffffff}]}, &(0x7f0000000180)=0x10)
r2 = socket$inet(0x2, 0x80001, 0x84)
getsockopt$inet_sctp_SCTP_MAX_BURST(r2, 0x84, 0x14, &(0x7f00000000c0)=@assoc_value={<r3=>0x0}, &(0x7f0000000100)=0xfffffdeb)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x7d, &(0x7f0000000240)={r3}, 0x9c)
setsockopt$inet_sctp_SCTP_ADD_STREAMS(r0, 0x84, 0x79, &(0x7f0000000000)={r3, 0x7, 0x7ff}, 0x8)

[ 2755.790159] Sysenter RSP=0000000000000f80 CS:RIP=0050:0000000000002810
[ 2755.831702] CS:   sel=0x0000, attr=0x08081, limit=0x00000000, base=0x0000000000000000
[ 2755.874615] DS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
08:54:50 executing program 4:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x0)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0xffffffff)

08:54:50 executing program 3:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = fcntl$dupfd(r2, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r4 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r4, 0x0, 0x0)
sendfile(r0, r4, 0x0, 0xffffffff)

[ 2755.932730] SS:   sel=0x0000, attr=0x04005, limit=0x00000000, base=0x0000000000000000
[ 2756.012661] ES:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2756.060609] FS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2756.102297] GS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2756.142303] GDTR:                           limit=0x00000000, base=0x0000000000000001
[ 2756.175375] LDTR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2756.208494] IDTR:                           limit=0x00000000, base=0x0000000000000000
08:54:50 executing program 5:
r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
fremovexattr(r0, &(0x7f0000000080)=@known='user.syz\x00')

[ 2756.249181] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2756.289904] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[ 2756.319950] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[ 2756.344274] Interruptibility = 00000000  ActivityState = 00000000
[ 2756.372973] *** Host State ***
[ 2756.390551] RIP = 0xffffffff8116426f  RSP = 0xffff8880148ff9d0
[ 2756.422516] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[ 2756.449583] FSBase=00007fc3c7505700 GSBase=ffff8880aed00000 TRBase=fffffe0000034000
08:54:50 executing program 2:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = fcntl$dupfd(r2, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(0xffffffffffffffff, 0x800)
lseek(r0, 0x0, 0x2)
r4 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r4, 0x0, 0x8400fffffffa)
sendfile(r0, r4, 0x0, 0xffffffff)

[ 2756.492625] GDTBase=fffffe0000032000 IDTBase=fffffe0000000000
[ 2756.525192] CR0=0000000080050033 CR3=00000000a49e5000 CR4=00000000001426e0
[ 2756.576481] Sysenter RSP=fffffe0000033200 CS:RIP=0010:ffffffff864018c0
[ 2756.603782] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[ 2756.628266] *** Control State ***
[ 2756.644353] PinBased=0000003f CPUBased=b6986dfe SecondaryExec=000000ea
08:54:50 executing program 0:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
sendfile(r0, 0xffffffffffffffff, 0x0, 0xffffffff)

[ 2756.672235] EntryControls=0000d1ff ExitControls=002fefff
[ 2756.707132] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
08:54:50 executing program 5:
r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
fremovexattr(r0, &(0x7f0000000080)=@known='user.syz\x00')
r1 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/btrfs-control\x00', 0x1c000, 0x0)
ioctl$ASHMEM_GET_PIN_STATUS(r1, 0x7709, 0x0)
ioctl$sock_SIOCDELDLCI(r0, 0x8981, &(0x7f0000000040)={'bridge_slave_1\x00', 0xd091})
connect$bt_l2cap(r1, &(0x7f0000000000)={0x1f, 0x2, @none, 0xff3d, 0x1}, 0xe)

[ 2756.749906] VMEntry: intr_info=800000c5 errcode=00000000 ilen=00000000
[ 2756.767388] kauditd_printk_skb: 9 callbacks suppressed
[ 2756.767397] audit: type=1804 audit(1591347290.927:453): pid=20690 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.2" name="/root/syzkaller-testdir440013971/syzkaller.BGz3RF/4581/bus" dev="sda1" ino=16732 res=1
[ 2756.789658] VMExit: intr_info=00000000 errcode=00000000 ilen=00000003
08:54:51 executing program 2:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = fcntl$dupfd(r2, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(0xffffffffffffffff, 0x800)
lseek(r0, 0x0, 0x2)
r4 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r4, 0x0, 0x8400fffffffa)
sendfile(r0, r4, 0x0, 0xffffffff)

08:54:51 executing program 0:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
sendfile(r0, 0xffffffffffffffff, 0x0, 0xffffffff)

[ 2756.855387]         reason=80000021 qualification=0000000000000000
08:54:51 executing program 3:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = fcntl$dupfd(r2, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r4 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r4, 0x0, 0x0)
sendfile(r0, r4, 0x0, 0xffffffff)

[ 2756.916112] IDTVectoring: info=00000000 errcode=00000000
[ 2756.948241] audit: type=1804 audit(1591347291.107:454): pid=20698 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.2" name="/root/syzkaller-testdir440013971/syzkaller.BGz3RF/4582/bus" dev="sda1" ino=16200 res=1
[ 2756.958785] TSC Offset = 0xfffffa392b2aceaa
[ 2757.036248] audit: type=1804 audit(1591347291.107:455): pid=20699 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.0" name="/root/syzkaller-testdir384449744/syzkaller.8GxjaF/4307/bus" dev="sda1" ino=16346 res=1
[ 2757.059961] EPT pointer = 0x0000000014bfe01e
[ 2757.087882] Virtual processor ID = 0x001c
[ 2757.097524] audit: type=1804 audit(1591347291.187:456): pid=20705 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.3" name="/root/syzkaller-testdir891778437/syzkaller.7QqUtx/847/bus" dev="sda1" ino=15850 res=1
08:54:51 executing program 2:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = fcntl$dupfd(r2, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(0xffffffffffffffff, 0x800)
lseek(r0, 0x0, 0x2)
r4 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r4, 0x0, 0x8400fffffffa)
sendfile(r0, r4, 0x0, 0xffffffff)

08:54:51 executing program 4:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x0)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0xffffffff)

08:54:51 executing program 5:
creat(&(0x7f0000000140)='./bus\x00', 0x0)
r0 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/btrfs-control\x00', 0x0, 0x0)
ioctl$ASHMEM_GET_PIN_STATUS(r0, 0x7709, 0x0)
fremovexattr(r0, &(0x7f0000000000)=@random={'btrfs.', '\x00'})

08:54:51 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_CLOCK(0xffffffffffffffff, 0x4030ae7b, &(0x7f0000000000)={0xec2})
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000026000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$ASHMEM_GET_PIN_STATUS(0xffffffffffffffff, 0x7709, 0x0)
r3 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
fcntl$setstatus(r3, 0x4, 0x46000)
io_setup(0x2349, &(0x7f0000000240)=<r4=>0x0)
io_submit(r4, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x80000000000000, 0x1, 0x0, r3, &(0x7f0000000000), 0x377140be6b5ef4c7}])
r5 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x80000)
ioctl$VIDIOC_G_FMT(r5, 0xc0d05604, &(0x7f0000000300)={0x6, @sliced={0xb71, [0x7, 0xc6d, 0x3, 0x8, 0xff, 0x3, 0x7, 0x100, 0x0, 0x5, 0x1000, 0xcc, 0x1f, 0x8, 0x1, 0xffe0, 0x401, 0x101, 0x7fff, 0xd666, 0xad, 0x200, 0x1, 0x9, 0x101, 0xf6eb, 0x40, 0x1f, 0x0, 0x4, 0x0, 0x4, 0x8000, 0x8001, 0x200, 0x0, 0x6, 0x20, 0x1, 0x3a, 0x40, 0x0, 0x81, 0x1, 0x40, 0xfff, 0x2, 0x8001], 0x6}})
r6 = openat$vcsa(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vcsa\x00', 0x800, 0x0)
ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000240)={r3, 0x4fd, 0x3, r6})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000000c0)={{0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x9}, {0x4004}, {}, {}, {}, {0x0, 0x0, 0xe, 0x4, 0xce, 0x0, 0xfd}, {}, {}, {0x1}, {}, 0x80000004, 0x0, 0x5000, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x20]})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

08:54:51 executing program 2:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = fcntl$dupfd(r2, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x0)
lseek(r0, 0x0, 0x2)
r4 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r4, 0x0, 0x8400fffffffa)
sendfile(r0, r4, 0x0, 0xffffffff)

[ 2757.270468] audit: type=1804 audit(1591347291.397:457): pid=20713 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.4" name="/root/syzkaller-testdir787812507/syzkaller.VZIQUG/4461/bus" dev="sda1" ino=16709 res=1
[ 2757.400095] *** Guest State ***
[ 2757.420125] CR0: actual=0x0000000080000024, shadow=0x0000000080000004, gh_mask=fffffffffffffff7
08:54:51 executing program 2:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = fcntl$dupfd(r2, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x0)
lseek(r0, 0x0, 0x2)
r4 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r4, 0x0, 0x8400fffffffa)
sendfile(r0, r4, 0x0, 0xffffffff)

[ 2757.436485] audit: type=1804 audit(1591347291.397:458): pid=20712 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.2" name="/root/syzkaller-testdir440013971/syzkaller.BGz3RF/4583/bus" dev="sda1" ino=16729 res=1
[ 2757.480186] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
08:54:51 executing program 2:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = fcntl$dupfd(r2, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x0)
lseek(r0, 0x0, 0x2)
r4 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r4, 0x0, 0x8400fffffffa)
sendfile(r0, r4, 0x0, 0xffffffff)

[ 2757.555566] CR3 = 0x0000000000005000
[ 2757.584728] RSP = 0x0000000000002018  RIP = 0x0000000000000000
[ 2757.602389] audit: type=1804 audit(1591347291.527:459): pid=20720 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.2" name="/root/syzkaller-testdir440013971/syzkaller.BGz3RF/4584/bus" dev="sda1" ino=16736 res=1
[ 2757.617027] RFLAGS=0x00000002         DR7 = 0x0000000000000400
08:54:51 executing program 2:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = fcntl$dupfd(r2, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(0xffffffffffffffff, 0x0, 0x2)
r4 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r4, 0x0, 0x8400fffffffa)
sendfile(r0, r4, 0x0, 0xffffffff)

[ 2757.716834] Sysenter RSP=0000000000000f80 CS:RIP=0050:0000000000002810
08:54:51 executing program 0:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0x0)

[ 2757.762939] audit: type=1804 audit(1591347291.677:460): pid=20727 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.2" name="/root/syzkaller-testdir440013971/syzkaller.BGz3RF/4585/bus" dev="sda1" ino=16779 res=1
[ 2757.801146] CS:   sel=0x0000, attr=0x08081, limit=0x00000000, base=0x0000000000000000
08:54:52 executing program 3:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = fcntl$dupfd(r2, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r4 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r4, 0x0, 0x0)
sendfile(r0, r4, 0x0, 0xffffffff)

[ 2757.849470] DS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000004004
08:54:52 executing program 2:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = fcntl$dupfd(r2, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(0xffffffffffffffff, 0x0, 0x2)
r4 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r4, 0x0, 0x8400fffffffa)
sendfile(r0, r4, 0x0, 0xffffffff)

[ 2757.905110] SS:   sel=0x000e, attr=0x04005, limit=0x00000000, base=0x0000000000000000
[ 2757.957687] audit: type=1804 audit(1591347291.857:461): pid=20729 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.2" name="/root/syzkaller-testdir440013971/syzkaller.BGz3RF/4586/bus" dev="sda1" ino=16734 res=1
[ 2757.964039] ES:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
08:54:52 executing program 4:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x0)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0xffffffff)

08:54:52 executing program 2:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = fcntl$dupfd(r2, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(0xffffffffffffffff, 0x0, 0x2)
r4 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r4, 0x0, 0x8400fffffffa)
sendfile(r0, r4, 0x0, 0xffffffff)

[ 2758.133996] audit: type=1804 audit(1591347292.037:462): pid=20732 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.2" name="/root/syzkaller-testdir440013971/syzkaller.BGz3RF/4587/bus" dev="sda1" ino=16615 res=1
[ 2758.145978] FS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2758.248288] GS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
08:54:52 executing program 2:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = fcntl$dupfd(r2, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x0)
r4 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r4, 0x0, 0x8400fffffffa)
sendfile(r0, r4, 0x0, 0xffffffff)

[ 2758.290209] GDTR:                           limit=0x00000000, base=0x0000000000000001
[ 2758.337858] LDTR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2758.383959] IDTR:                           limit=0x00000000, base=0x0000000000000000
08:54:52 executing program 2:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = fcntl$dupfd(r2, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x0)
r4 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r4, 0x0, 0x8400fffffffa)
sendfile(r0, r4, 0x0, 0xffffffff)

[ 2758.426031] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2758.465717] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[ 2758.501944] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[ 2758.536042] Interruptibility = 00000000  ActivityState = 00000000
[ 2758.571705] *** Host State ***
[ 2758.591346] RIP = 0xffffffff8116426f  RSP = 0xffff88804c4bf9d0
[ 2758.628756] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[ 2758.654814] FSBase=00007fc3c7505700 GSBase=ffff8880aed00000 TRBase=fffffe0000034000
[ 2758.688972] GDTBase=fffffe0000032000 IDTBase=fffffe0000000000
[ 2758.712552] CR0=0000000080050033 CR3=000000000b1ea000 CR4=00000000001426e0
[ 2758.742457] Sysenter RSP=fffffe0000033200 CS:RIP=0010:ffffffff864018c0
[ 2758.769833] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[ 2758.799564] *** Control State ***
[ 2758.817506] PinBased=0000003f CPUBased=b6986dfe SecondaryExec=000000ea
[ 2758.845067] EntryControls=0000d1ff ExitControls=002fefff
[ 2758.872491] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[ 2758.909454] VMEntry: intr_info=800000c5 errcode=00000000 ilen=00000000
[ 2758.936221] VMExit: intr_info=00000000 errcode=00000000 ilen=00000003
[ 2758.963020]         reason=80000021 qualification=0000000000000000
[ 2758.988243] IDTVectoring: info=00000000 errcode=00000000
[ 2759.011323] TSC Offset = 0xfffffa3836252712
[ 2759.026947] EPT pointer = 0x00000000805cf01e
[ 2759.046118] Virtual processor ID = 0x001c
08:54:53 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_CLOCK(0xffffffffffffffff, 0x4030ae7b, &(0x7f0000000000)={0xec2})
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000026000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000000c0)={{0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x9}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x4, 0xce, 0x0, 0xfd}, {}, {}, {0x1}, {}, 0x80000004, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x20]})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
r3 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/btrfs-control\x00', 0x0, 0x0)
ioctl$ASHMEM_GET_PIN_STATUS(r3, 0x7709, 0x0)
accept4$unix(r3, &(0x7f0000000240)=@abs, &(0x7f0000000040)=0x6e, 0x800)

08:54:53 executing program 2:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = fcntl$dupfd(r2, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x0)
r4 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r4, 0x0, 0x8400fffffffa)
sendfile(r0, r4, 0x0, 0xffffffff)

08:54:53 executing program 0:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0x0)

08:54:53 executing program 3:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = fcntl$dupfd(r2, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r4 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r4, 0x0, 0x8400fffffffa)
sendfile(0xffffffffffffffff, r4, 0x0, 0xffffffff)

08:54:53 executing program 4:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(0xffffffffffffffff, 0x800)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0xffffffff)

08:54:53 executing program 2:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = fcntl$dupfd(r2, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r4 = open(0x0, 0x0, 0x0)
sendfile(r0, r4, 0x0, 0x8400fffffffa)
sendfile(r0, r4, 0x0, 0xffffffff)

08:54:53 executing program 2:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = fcntl$dupfd(r2, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r4 = open(0x0, 0x0, 0x0)
sendfile(r0, r4, 0x0, 0x8400fffffffa)
sendfile(r0, r4, 0x0, 0xffffffff)

[ 2759.274502] *** Guest State ***
[ 2759.293716] CR0: actual=0x0000000080000024, shadow=0x0000000080000004, gh_mask=fffffffffffffff7
[ 2759.352213] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
08:54:53 executing program 4:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(0xffffffffffffffff, 0x800)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0xffffffff)

[ 2759.414743] CR3 = 0x0000000000000000
08:54:53 executing program 2:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = fcntl$dupfd(r2, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r4 = open(0x0, 0x0, 0x0)
sendfile(r0, r4, 0x0, 0x8400fffffffa)
sendfile(r0, r4, 0x0, 0xffffffff)

[ 2759.455988] RSP = 0x0000000000002018  RIP = 0x0000000000000000
[ 2759.494177] RFLAGS=0x00000002         DR7 = 0x0000000000000400
08:54:53 executing program 4:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(0xffffffffffffffff, 0x800)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0xffffffff)

[ 2759.533808] Sysenter RSP=0000000000000f80 CS:RIP=0050:0000000000002810
08:54:53 executing program 2:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = fcntl$dupfd(r2, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r4 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(0xffffffffffffffff, r4, 0x0, 0x8400fffffffa)
sendfile(r0, r4, 0x0, 0xffffffff)

[ 2759.586469] CS:   sel=0x0000, attr=0x08081, limit=0x00000000, base=0x0000000000000000
08:54:53 executing program 4:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x0)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0xffffffff)

[ 2759.651429] DS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2759.704582] SS:   sel=0x0000, attr=0x04005, limit=0x00000000, base=0x0000000000000000
[ 2759.761809] ES:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2759.812905] FS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2759.846097] GS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2759.872277] GDTR:                           limit=0x00000000, base=0x0000000000000001
[ 2759.907570] LDTR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2759.937820] IDTR:                           limit=0x00000000, base=0x0000000000000000
[ 2759.964394] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2760.024022] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[ 2760.080207] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[ 2760.123671] Interruptibility = 00000000  ActivityState = 00000000
[ 2760.148526] *** Host State ***
[ 2760.163612] RIP = 0xffffffff8116426f  RSP = 0xffff88804c4bf9d0
[ 2760.187621] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[ 2760.220180] FSBase=00007fc3c7505700 GSBase=ffff8880aec00000 TRBase=fffffe0000034000
[ 2760.252780] GDTBase=fffffe0000032000 IDTBase=fffffe0000000000
[ 2760.277456] CR0=0000000080050033 CR3=0000000018089000 CR4=00000000001426f0
[ 2760.299395] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff864018c0
[ 2760.316864] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[ 2760.332873] *** Control State ***
[ 2760.342166] PinBased=0000003f CPUBased=b6986dfe SecondaryExec=000000ea
[ 2760.360789] EntryControls=0000d1ff ExitControls=002fefff
[ 2760.375806] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[ 2760.394294] VMEntry: intr_info=800000c5 errcode=00000000 ilen=00000000
[ 2760.412990] VMExit: intr_info=00000000 errcode=00000000 ilen=00000003
[ 2760.443868]         reason=80000021 qualification=0000000000000000
[ 2760.459647] IDTVectoring: info=00000000 errcode=00000000
[ 2760.471914] TSC Offset = 0xfffffa372dab4223
[ 2760.481916] EPT pointer = 0x000000003d64c01e
[ 2760.491823] Virtual processor ID = 0x001c
08:54:54 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_CLOCK(0xffffffffffffffff, 0x4030ae7b, &(0x7f0000000000)={0xec2})
r3 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/btrfs-control\x00', 0x0, 0x0)
ioctl$ASHMEM_GET_PIN_STATUS(r3, 0x7709, 0x0)
r4 = dup(r3)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000035000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000026000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000000c0)={{0x0, 0x1, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x9}, {}, {}, {0x0, 0x0, 0x8}, {}, {0x0, 0x0, 0x0, 0x4, 0xce, 0x0, 0xfd, 0x1}, {}, {}, {0x1}, {}, 0x80000004, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x7ff, 0x20]})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

08:54:54 executing program 0:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0x0)

08:54:54 executing program 3:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = fcntl$dupfd(r2, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r4 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r4, 0x0, 0x8400fffffffa)
sendfile(0xffffffffffffffff, r4, 0x0, 0xffffffff)

08:54:54 executing program 2:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = fcntl$dupfd(r2, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r4 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(0xffffffffffffffff, r4, 0x0, 0x8400fffffffa)
sendfile(r0, r4, 0x0, 0xffffffff)

08:54:54 executing program 4:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x0)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0xffffffff)

[ 2760.668213] *** Guest State ***
[ 2760.685936] CR0: actual=0x0000000080000024, shadow=0x0000000080000004, gh_mask=fffffffffffffff7
08:54:54 executing program 4:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x0)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0xffffffff)

[ 2760.741418] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[ 2760.799532] CR3 = 0x0000000000000000
[ 2760.833155] RSP = 0x0000000000000f80  RIP = 0x0000000000000000
[ 2760.866375] RFLAGS=0x00010002         DR7 = 0x0000000000000400
[ 2760.913975] Sysenter RSP=0000000000000f80 CS:RIP=0050:0000000000002810
08:54:55 executing program 4:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(0xffffffffffffffff, 0x0, 0x2)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0xffffffff)

[ 2760.973459] CS:   sel=0x0000, attr=0x08081, limit=0x00000001, base=0x0000000000000000
[ 2761.022425] DS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2761.104148] SS:   sel=0x0000, attr=0x04015, limit=0x00000000, base=0x0000000000000000
08:54:55 executing program 4:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(0xffffffffffffffff, 0x0, 0x2)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0xffffffff)

[ 2761.183865] ES:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2761.269625] FS:   sel=0x0008, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2761.329232] GS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
08:54:55 executing program 4:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(0xffffffffffffffff, 0x0, 0x2)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0xffffffff)

[ 2761.411735] GDTR:                           limit=0x00000000, base=0x0000000000000001
[ 2761.501522] LDTR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
08:54:55 executing program 2:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = fcntl$dupfd(r2, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r4 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(0xffffffffffffffff, r4, 0x0, 0x8400fffffffa)
sendfile(r0, r4, 0x0, 0xffffffff)

[ 2761.549912] IDTR:                           limit=0x00000000, base=0x0000000000000000
[ 2761.570660] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
08:54:55 executing program 4:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x0)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0xffffffff)

08:54:55 executing program 3:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = fcntl$dupfd(r2, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r4 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r4, 0x0, 0x8400fffffffa)
sendfile(0xffffffffffffffff, r4, 0x0, 0xffffffff)

[ 2761.596253] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[ 2761.617415] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[ 2761.655206] Interruptibility = 00000000  ActivityState = 00000000
[ 2761.698428] *** Host State ***
[ 2761.719101] RIP = 0xffffffff8116426f  RSP = 0xffff88800b1ef9d0
[ 2761.746105] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[ 2761.792686] FSBase=00007fc3c7505700 GSBase=ffff8880aec00000 TRBase=fffffe0000003000
[ 2761.801708] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000
[ 2761.808546] CR0=0000000080050033 CR3=0000000040d65000 CR4=00000000001426f0
[ 2761.817624] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff864018c0
[ 2761.852659] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[ 2761.872486] *** Control State ***
[ 2761.884027] PinBased=0000003f CPUBased=b6986dfe SecondaryExec=000000ea
[ 2761.908920] EntryControls=0000d1ff ExitControls=002fefff
[ 2761.929047] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[ 2761.951550] VMEntry: intr_info=80000306 errcode=00000000 ilen=00000000
[ 2761.974072] VMExit: intr_info=00000000 errcode=00000000 ilen=00000003
[ 2761.996324]         reason=80000021 qualification=0000000000000000
[ 2762.020858] IDTVectoring: info=00000000 errcode=00000000
[ 2762.042382] TSC Offset = 0xfffffa366db1053d
[ 2762.059406] EPT pointer = 0x00000000581f801e
[ 2762.077329] Virtual processor ID = 0x001c
08:54:56 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0)
r1 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/btrfs-control\x00', 0x0, 0x0)
ioctl$ASHMEM_GET_PIN_STATUS(r1, 0x7709, 0x0)
ioctl$KVM_GET_TSC_KHZ(r1, 0xaea3)
r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_CLOCK(0xffffffffffffffff, 0x4030ae7b, &(0x7f0000000000)={0xec2})
ioctl$USBDEVFS_DISCARDURB(0xffffffffffffffff, 0x550b, &(0x7f0000000040)=0x1)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000026000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r3, 0x4138ae84, &(0x7f00000000c0)={{0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x9}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x4, 0xce, 0x0, 0xfd}, {}, {}, {0x1}, {}, 0x80000004, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x20]})
ioctl$KVM_RUN(r3, 0xae80, 0x0)

08:54:56 executing program 0:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = fcntl$dupfd(r2, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
fcntl$setstatus(r0, 0x4, 0x0)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r4 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r4, 0x0, 0x8400fffffffa)
sendfile(r0, r4, 0x0, 0xffffffff)

08:54:56 executing program 4:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x0)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0xffffffff)

08:54:56 executing program 4:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x0)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0xffffffff)

[ 2762.241971] kauditd_printk_skb: 25 callbacks suppressed
[ 2762.241980] audit: type=1804 audit(1591347296.408:488): pid=20846 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.4" name="/root/syzkaller-testdir787812507/syzkaller.VZIQUG/4473/bus" dev="sda1" ino=17371 res=1
[ 2762.376285] *** Guest State ***
[ 2762.392670] CR0: actual=0x0000000080000024, shadow=0x0000000080000004, gh_mask=fffffffffffffff7
08:54:56 executing program 4:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r1 = open(0x0, 0x0, 0x0)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0xffffffff)

08:54:56 executing program 2:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = fcntl$dupfd(r2, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r4 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, 0xffffffffffffffff, 0x0, 0x8400fffffffa)
sendfile(r0, r4, 0x0, 0xffffffff)

[ 2762.430918] audit: type=1804 audit(1591347296.508:489): pid=20847 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.0" name="/root/syzkaller-testdir384449744/syzkaller.8GxjaF/4311/bus" dev="sda1" ino=17357 res=1
[ 2762.447035] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
08:54:56 executing program 3:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = fcntl$dupfd(r2, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r4 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r4, 0x0, 0x8400fffffffa)
sendfile(r0, 0xffffffffffffffff, 0x0, 0xffffffff)

08:54:56 executing program 4:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r1 = open(0x0, 0x0, 0x0)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0xffffffff)

[ 2762.591348] audit: type=1804 audit(1591347296.568:490): pid=20853 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.4" name="/root/syzkaller-testdir787812507/syzkaller.VZIQUG/4474/bus" dev="sda1" ino=17374 res=1
[ 2762.647464] CR3 = 0x0000000000000000
[ 2762.666482] RSP = 0x0000000000002018  RIP = 0x0000000000000000
08:54:56 executing program 4:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r1 = open(0x0, 0x0, 0x0)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0xffffffff)

[ 2762.696493] RFLAGS=0x00000002         DR7 = 0x0000000000000400
[ 2762.750731] Sysenter RSP=0000000000000f80 CS:RIP=0050:0000000000002810
[ 2762.753371] audit: type=1804 audit(1591347296.798:491): pid=20862 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.3" name="/root/syzkaller-testdir891778437/syzkaller.7QqUtx/852/bus" dev="sda1" ino=17252 res=1
[ 2762.779477] CS:   sel=0x0000, attr=0x08081, limit=0x00000000, base=0x0000000000000000
08:54:57 executing program 4:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(0xffffffffffffffff, r1, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0xffffffff)

[ 2762.841088] DS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2762.906393] SS:   sel=0x0000, attr=0x04005, limit=0x00000000, base=0x0000000000000000
[ 2762.943603] ES:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2762.979292] audit: type=1804 audit(1591347296.818:492): pid=20861 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.2" name="/root/syzkaller-testdir440013971/syzkaller.BGz3RF/4599/bus" dev="sda1" ino=17371 res=1
[ 2762.980386] FS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2763.174294] GS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2763.184239] audit: type=1804 audit(1591347297.118:493): pid=20868 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.4" name="/root/syzkaller-testdir787812507/syzkaller.VZIQUG/4478/bus" dev="sda1" ino=16312 res=1
08:54:57 executing program 0:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = fcntl$dupfd(r2, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
fcntl$setstatus(0xffffffffffffffff, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r4 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r4, 0x0, 0x8400fffffffa)
sendfile(r0, r4, 0x0, 0xffffffff)

[ 2763.238402] GDTR:                           limit=0x00000000, base=0x0000000000000001
[ 2763.283233] LDTR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2763.317012] IDTR:                           limit=0x00000000, base=0x0000000000000000
[ 2763.361461] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
08:54:57 executing program 2:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = fcntl$dupfd(r2, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r4 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, 0xffffffffffffffff, 0x0, 0x8400fffffffa)
sendfile(r0, r4, 0x0, 0xffffffff)

[ 2763.416637] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[ 2763.434590] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[ 2763.469402] Interruptibility = 00000000  ActivityState = 00000000
[ 2763.475671] *** Host State ***
[ 2763.525085] RIP = 0xffffffff8116426f  RSP = 0xffff888086a579d0
[ 2763.534730] audit: type=1804 audit(1591347297.698:494): pid=20879 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.0" name="/root/syzkaller-testdir384449744/syzkaller.8GxjaF/4312/bus" dev="sda1" ino=16615 res=1
[ 2763.563633] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[ 2763.587644] FSBase=00007fc3c7505700 GSBase=ffff8880aed00000 TRBase=fffffe0000034000
[ 2763.641764] GDTBase=fffffe0000032000 IDTBase=fffffe0000000000
[ 2763.655534] audit: type=1804 audit(1591347297.738:495): pid=20881 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.2" name="/root/syzkaller-testdir440013971/syzkaller.BGz3RF/4600/bus" dev="sda1" ino=16732 res=1
[ 2763.674284] CR0=0000000080050033 CR3=0000000040d65000 CR4=00000000001426e0
[ 2763.716200] Sysenter RSP=fffffe0000033200 CS:RIP=0010:ffffffff864018c0
[ 2763.751143] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[ 2763.772877] *** Control State ***
[ 2763.782051] PinBased=0000003f CPUBased=b6986dfe SecondaryExec=000000ea
[ 2763.806473] EntryControls=0000d1ff ExitControls=002fefff
[ 2763.837375] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[ 2763.863725] VMEntry: intr_info=800000c5 errcode=00000000 ilen=00000000
[ 2763.895002] VMExit: intr_info=00000000 errcode=00000000 ilen=00000003
[ 2763.919383]         reason=80000021 qualification=0000000000000000
[ 2763.948160] IDTVectoring: info=00000000 errcode=00000000
[ 2763.971488] TSC Offset = 0xfffffa358535982b
[ 2763.984299] EPT pointer = 0x000000003f49c01e
[ 2763.996750] Virtual processor ID = 0x001c
08:54:58 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_CLOCK(0xffffffffffffffff, 0x4030ae7b, &(0x7f0000000000)={0xec2})
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000026000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000000c0)={{0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x9}, {0x0, 0x0, 0x9}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0xfe}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, {}, {0x0, 0x0, 0x0, 0x4, 0xce, 0x0, 0xfd, 0x0, 0x8}, {0x0, 0x0, 0x3}, {}, {0x1}, {}, 0x80000004, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x20]})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
r3 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
fcntl$setstatus(r3, 0x4, 0x46000)
io_setup(0x2349, &(0x7f0000000240)=<r4=>0x0)
io_submit(r4, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x80000000000000, 0x1, 0x0, r3, &(0x7f0000000000), 0x377140be6b5ef4c7}])
ioctl$PERF_EVENT_IOC_PERIOD(r3, 0x40082404, &(0x7f0000000040)=0x3)

08:54:58 executing program 3:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = fcntl$dupfd(r2, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r4 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r4, 0x0, 0x8400fffffffa)
sendfile(r0, 0xffffffffffffffff, 0x0, 0xffffffff)

08:54:58 executing program 4:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(0xffffffffffffffff, r1, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0xffffffff)

[ 2764.167148] audit: type=1804 audit(1591347298.328:496): pid=20889 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.3" name="/root/syzkaller-testdir891778437/syzkaller.7QqUtx/853/bus" dev="sda1" ino=17376 res=1
[ 2764.291088] *** Guest State ***
[ 2764.317827] CR0: actual=0x0000000080000024, shadow=0x0000000080000004, gh_mask=fffffffffffffff7
[ 2764.347544] audit: type=1804 audit(1591347298.328:497): pid=20890 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.4" name="/root/syzkaller-testdir787812507/syzkaller.VZIQUG/4479/bus" dev="sda1" ino=17378 res=1
08:54:58 executing program 2:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = fcntl$dupfd(r2, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r4 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, 0xffffffffffffffff, 0x0, 0x8400fffffffa)
sendfile(r0, r4, 0x0, 0xffffffff)

[ 2764.388436] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
08:54:58 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_CLOCK(0xffffffffffffffff, 0x4030ae7b, &(0x7f0000000000)={0xec2})
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_genetlink_get_family_id$netlbl_calipso(&(0x7f0000000040)='NLBL_CALIPSO\x00')
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000026000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000000c0)={{0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x9}, {}, {}, {}, {0x4000, 0x0, 0x8}, {0x0, 0x0, 0x0, 0x4, 0xce, 0x0, 0xfd, 0x0, 0x0, 0xfe}, {}, {0x2002}, {0x1}, {}, 0x80000004, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [0x800, 0x0, 0x0, 0x20]})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

[ 2764.443552] CR3 = 0x0000000000000000
[ 2764.458700] RSP = 0x0000000000002018  RIP = 0x0000000000000000
[ 2764.482877] RFLAGS=0x00000002         DR7 = 0x0000000000000400
[ 2764.505550] Sysenter RSP=0000000000000f80 CS:RIP=0050:0000000000002810
[ 2764.527358] CS:   sel=0x0000, attr=0x08081, limit=0x00000000, base=0x0000000000000000
[ 2764.555654] DS:   sel=0x0009, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2764.582891] SS:   sel=0x0000, attr=0x04005, limit=0x00000000, base=0x0000000000000000
[ 2764.616984] ES:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2764.650454] FS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2764.685615] GS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2764.733886] GDTR:                           limit=0x00000000, base=0x0000000000000001
[ 2764.777452] LDTR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2764.815747] IDTR:                           limit=0x00000000, base=0x0000000000000000
[ 2764.856383] TR:   sel=0x0003, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2764.888309] *** Guest State ***
[ 2764.901027] CR0: actual=0x0000000080000024, shadow=0x0000000080000004, gh_mask=fffffffffffffff7
[ 2764.917862] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[ 2764.949457] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[ 2764.959547] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
08:54:59 executing program 3:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = fcntl$dupfd(r2, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r4 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r4, 0x0, 0x8400fffffffa)
sendfile(r0, 0xffffffffffffffff, 0x0, 0xffffffff)

08:54:59 executing program 4:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(0xffffffffffffffff, r1, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0xffffffff)

[ 2764.991769] Interruptibility = 00000000  ActivityState = 00000000
[ 2765.005215] CR3 = 0x0000000000000000
[ 2765.031271] RSP = 0x0000000000002018  RIP = 0x0000000000000000
[ 2765.031995] *** Guest State ***
[ 2765.039898] *** Host State ***
[ 2765.063356] RIP = 0xffffffff8116426f  RSP = 0xffff8880402079d0
[ 2765.074470] CR0: actual=0x0000000080000024, shadow=0x0000000080000004, gh_mask=fffffffffffffff7
[ 2765.075326] RFLAGS=0x00000002         DR7 = 0x0000000000000400
[ 2765.105081] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[ 2765.130631] FSBase=00007fc3c7505700 GSBase=ffff8880aec00000 TRBase=fffffe0000034000
[ 2765.141757] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[ 2765.147364] Sysenter RSP=0000000000000f80 CS:RIP=0050:0000000000002810
[ 2765.182592] GDTBase=fffffe0000032000 IDTBase=fffffe0000000000
[ 2765.189839] CS:   sel=0x0000, attr=0x08081, limit=0x00000000, base=0x0000000000000000
[ 2765.201749] CR3 = 0x0000000000000000
[ 2765.214960] CR0=0000000080050033 CR3=00000000400f4000 CR4=00000000001426f0
[ 2765.224315] RSP = 0x0000000000002018  RIP = 0x0000000000000000
[ 2765.230332] DS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2765.230348] SS:   sel=0x0000, attr=0x04005, limit=0x00000000, base=0x0000000000000000
[ 2765.230359] ES:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2765.230373] FS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2765.230386] GS:   sel=0x0008, attr=0x10000, limit=0x00000000, base=0x0000000000004000
[ 2765.230395] GDTR:                           limit=0x00000000, base=0x0000000000000001
[ 2765.230407] LDTR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000002002
[ 2765.230415] IDTR:                           limit=0x00000000, base=0x0000000000000000
[ 2765.230427] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2765.230433] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[ 2765.230441] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[ 2765.230447] Interruptibility = 00000000  ActivityState = 00000000
[ 2765.230450] *** Host State ***
[ 2765.230458] RIP = 0xffffffff8116426f  RSP = 0xffff88803c6079d0
[ 2765.230472] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[ 2765.230479] FSBase=00007f781e0d9700 GSBase=ffff8880aed00000 TRBase=fffffe0000034000
[ 2765.230486] GDTBase=fffffe0000032000 IDTBase=fffffe0000000000
[ 2765.230498] CR0=0000000080050033 CR3=00000000a161f000 CR4=00000000001426e0
[ 2765.230509] Sysenter RSP=fffffe0000033200 CS:RIP=0010:ffffffff864018c0
[ 2765.230519] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[ 2765.230522] *** Control State ***
[ 2765.230528] PinBased=0000003f CPUBased=b6986dfe SecondaryExec=000000ea
[ 2765.230534] EntryControls=0000d1ff ExitControls=002fefff
[ 2765.230542] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[ 2765.230547] VMEntry: intr_info=8000000b errcode=00000000 ilen=00000000
[ 2765.230553] VMExit: intr_info=00000000 errcode=00000000 ilen=00000003
[ 2765.230558]         reason=80000021 qualification=0000000000000000
[ 2765.230562] IDTVectoring: info=00000000 errcode=00000000
[ 2765.230567] TSC Offset = 0xfffffa342c5815bb
[ 2765.230573] EPT pointer = 0x0000000018c0e01e
[ 2765.230580] Virtual processor ID = 0x0024
[ 2765.255145] Sysenter RSP=fffffe0000033200 CS:RIP=0010:ffffffff864018c0
[ 2765.470172] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[ 2765.476780] *** Control State ***
08:54:59 executing program 2:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = fcntl$dupfd(r2, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r4 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r4, 0x0, 0x0)
sendfile(r0, r4, 0x0, 0xffffffff)

08:54:59 executing program 0:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
fcntl$dupfd(r2, 0x0, r1)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r3 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r3, 0x0, 0x8400fffffffa)
sendfile(r0, r3, 0x0, 0xffffffff)

[ 2765.482690] PinBased=0000003f CPUBased=b6986dfe SecondaryExec=000000ea
[ 2765.491345] EntryControls=0000d1ff ExitControls=002fefff
[ 2765.498114] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[ 2765.507227] VMEntry: intr_info=800000c5 errcode=00000000 ilen=00000000
[ 2765.524351] VMExit: intr_info=00000000 errcode=00000000 ilen=00000003
[ 2765.566604]         reason=80000021 qualification=0000000000000000
[ 2765.572908] RFLAGS=0x00000002         DR7 = 0x0000000000000400
[ 2765.603500] IDTVectoring: info=00000000 errcode=00000000
[ 2765.606886] Sysenter RSP=0000000000000f80 CS:RIP=0050:0000000000002810
[ 2765.637726] TSC Offset = 0xfffffa347eec2c81
[ 2765.657773] EPT pointer = 0x00000000a988101e
[ 2765.686533] Virtual processor ID = 0x001c
[ 2765.692852] CS:   sel=0x0000, attr=0x08081, limit=0x00000000, base=0x0000000000000000
[ 2765.756810] DS:   sel=0x0009, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2765.809738] SS:   sel=0x0000, attr=0x04005, limit=0x00000000, base=0x0000000000000000
[ 2765.858014] ES:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
08:55:00 executing program 4:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, 0xffffffffffffffff, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0xffffffff)

08:55:00 executing program 3:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = fcntl$dupfd(r2, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r4 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r4, 0x0, 0x8400fffffffa)
sendfile(r0, r4, 0x0, 0x0)

[ 2765.909512] FS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2765.966517] GS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2765.999584] GDTR:                           limit=0x00000000, base=0x0000000000000001
[ 2766.034914] LDTR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2766.071589] IDTR:                           limit=0x00000000, base=0x0000000000000000
[ 2766.106181] TR:   sel=0x0003, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2766.142259] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[ 2766.169940] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[ 2766.217207] Interruptibility = 00000000  ActivityState = 00000000
[ 2766.251316] *** Host State ***
[ 2766.281139] RIP = 0xffffffff8116426f  RSP = 0xffff88808dd1f9d0
[ 2766.343915] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[ 2766.367372] FSBase=00007fc3c74e3700 GSBase=ffff8880aec00000 TRBase=fffffe0000003000
[ 2766.394189] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000
[ 2766.414689] CR0=0000000080050033 CR3=00000000400f4000 CR4=00000000001426f0
08:55:00 executing program 2:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = fcntl$dupfd(r2, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r4 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r4, 0x0, 0x0)
sendfile(r0, r4, 0x0, 0xffffffff)

[ 2766.452159] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff864018c0
[ 2766.501817] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[ 2766.549857] *** Control State ***
[ 2766.594526] PinBased=0000003f CPUBased=b6986dfe SecondaryExec=000000ea
[ 2766.653380] EntryControls=0000d1ff ExitControls=002fefff
[ 2766.675430] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[ 2766.699714] VMEntry: intr_info=800000c5 errcode=00000000 ilen=00000000
[ 2766.725950] VMExit: intr_info=00000000 errcode=00000000 ilen=00000003
[ 2766.757128]         reason=80000021 qualification=0000000000000000
[ 2766.815639] IDTVectoring: info=00000000 errcode=00000000
[ 2766.831869] TSC Offset = 0xfffffa341916e314
[ 2766.845416] EPT pointer = 0x000000003c9ae01e
[ 2766.857331] Virtual processor ID = 0x0029
08:55:01 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_CLOCK(0xffffffffffffffff, 0x4030ae7b, &(0x7f0000000000)={0xec2})
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000026000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000000c0)={{0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x9}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfc}, {0x0, 0x0, 0xa}, {}, {}, {0x0, 0x0, 0x0, 0x4, 0xce, 0x0, 0xfd}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, {}, {0x1}, {}, 0x80000004, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd000, [0x0, 0x0, 0x0, 0x20]})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
r3 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/btrfs-control\x00', 0x0, 0x0)
rt_sigprocmask(0x0, &(0x7f0000000040)={[0x3]}, &(0x7f0000000240), 0x8)
ioctl$ASHMEM_GET_PIN_STATUS(r3, 0x7709, 0x0)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x8000)
ioctl$KVM_NMI(r4, 0xae9a)

08:55:01 executing program 0:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = fcntl$dupfd(r2, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r4 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r4, 0x0, 0x0)
sendfile(r0, r4, 0x0, 0xffffffff)

08:55:01 executing program 4:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, 0xffffffffffffffff, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0xffffffff)

08:55:01 executing program 3:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = fcntl$dupfd(r2, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r4 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r4, 0x0, 0x8400fffffffa)
sendfile(r0, r4, 0x0, 0x0)

[ 2767.040241] *** Guest State ***
[ 2767.057857] CR0: actual=0x0000000080000024, shadow=0x0000000080000004, gh_mask=fffffffffffffff7
[ 2767.108045] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[ 2767.145280] CR3 = 0x0000000000000000
[ 2767.152647] RSP = 0x0000000000002018  RIP = 0x0000000000000000
[ 2767.163146] RFLAGS=0x00000002         DR7 = 0x0000000000000400
[ 2767.173338] Sysenter RSP=0000000000000f80 CS:RIP=0050:0000000000002810
[ 2767.186107] CS:   sel=0x0000, attr=0x08081, limit=0x00000000, base=0x0000000000000000
[ 2767.198694] DS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2767.207016] SS:   sel=0x0000, attr=0x04005, limit=0x00000000, base=0x0000000000000000
[ 2767.222502] ES:   sel=0x000a, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2767.256877] FS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2767.287321] GS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2767.322773] GDTR:                           limit=0x00000000, base=0x0000000000000001
[ 2767.363164] LDTR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
08:55:01 executing program 2:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = fcntl$dupfd(r2, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r4 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r4, 0x0, 0x0)
sendfile(r0, r4, 0x0, 0xffffffff)

[ 2767.396489] IDTR:                           limit=0x00000000, base=0x0000000000000000
[ 2767.449101] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2767.471778] kauditd_printk_skb: 11 callbacks suppressed
[ 2767.471787] audit: type=1804 audit(1591347301.638:509): pid=20952 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.2" name="/root/syzkaller-testdir440013971/syzkaller.BGz3RF/4604/bus" dev="sda1" ino=15895 res=1
[ 2767.483277] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[ 2767.589878] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[ 2767.615970] Interruptibility = 00000000  ActivityState = 00000000
[ 2767.648022] *** Host State ***
[ 2767.666324] RIP = 0xffffffff8116426f  RSP = 0xffff8880198679d0
[ 2767.693516] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[ 2767.721353] FSBase=00007fc3c7505700 GSBase=ffff8880aed00000 TRBase=fffffe0000034000
[ 2767.754267] GDTBase=fffffe0000032000 IDTBase=fffffe0000000000
[ 2767.792321] CR0=0000000080050033 CR3=000000005b292000 CR4=00000000001426e0
08:55:02 executing program 4:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, 0xffffffffffffffff, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0xffffffff)

08:55:02 executing program 3:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = fcntl$dupfd(r2, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r4 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r4, 0x0, 0x8400fffffffa)
sendfile(r0, r4, 0x0, 0x0)

[ 2767.817337] Sysenter RSP=fffffe0000033200 CS:RIP=0010:ffffffff864018c0
[ 2767.828093] *** Guest State ***
[ 2767.835042] CR0: actual=0x0000000080000024, shadow=0x0000000080000004, gh_mask=fffffffffffffff7
[ 2767.890341] audit: type=1804 audit(1591347302.058:510): pid=20960 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.4" name="/root/syzkaller-testdir787812507/syzkaller.VZIQUG/4483/bus" dev="sda1" ino=16049 res=1
[ 2767.897155] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
08:55:02 executing program 0:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r2 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r2, 0x0, 0x8400fffffffa)
sendfile(r0, r2, 0x0, 0xffffffff)

[ 2767.933930] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[ 2767.982763] CR3 = 0x0000000000000000
[ 2767.997561] RSP = 0x0000000000000f80  RIP = 0x0000000000000000
[ 2768.023197] RFLAGS=0x00000002         DR7 = 0x0000000000000400
[ 2768.037879] *** Control State ***
[ 2768.058540] PinBased=0000003f CPUBased=b6986dfe SecondaryExec=000000ea
[ 2768.059833] audit: type=1804 audit(1591347302.158:511): pid=20962 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.3" name="/root/syzkaller-testdir891778437/syzkaller.7QqUtx/857/bus" dev="sda1" ino=16020 res=1
[ 2768.069725] Sysenter RSP=0000000000000f80 CS:RIP=0050:0000000000002810
[ 2768.125076] EntryControls=0000d1ff ExitControls=002fefff
[ 2768.153357] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[ 2768.177224] VMEntry: intr_info=800000c5 errcode=00000000 ilen=00000000
[ 2768.190160] CS:   sel=0x0000, attr=0x08081, limit=0x00000000, base=0x0000000000000000
[ 2768.211173] VMExit: intr_info=00000000 errcode=00000000 ilen=00000003
[ 2768.227363] DS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2768.246077]         reason=80000021 qualification=0000000000000000
08:55:02 executing program 2:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = fcntl$dupfd(r2, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r4 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r4, 0x0, 0x8400fffffffa)
sendfile(0xffffffffffffffff, r4, 0x0, 0xffffffff)

[ 2768.276802] SS:   sel=0x0000, attr=0x04005, limit=0x00000000, base=0x0000000000000000
[ 2768.294242] IDTVectoring: info=00000000 errcode=00000000
[ 2768.316406] TSC Offset = 0xfffffa3304cc4194
[ 2768.326708] ES:   sel=0x000a, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2768.339909] EPT pointer = 0x0000000082b6e01e
[ 2768.353005] Virtual processor ID = 0x001c
[ 2768.361212] FS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2768.365196] audit: type=1804 audit(1591347302.218:512): pid=20966 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.0" name="/root/syzkaller-testdir384449744/syzkaller.8GxjaF/4316/bus" dev="sda1" ino=16143 res=1
[ 2768.413224] GS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2768.451934] GDTR:                           limit=0x00000000, base=0x0000000000000001
[ 2768.478541] LDTR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2768.505000] IDTR:                           limit=0x00000000, base=0x0000000000000000
[ 2768.544893] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2768.573200] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[ 2768.592468] audit: type=1804 audit(1591347302.568:513): pid=20970 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.2" name="/root/syzkaller-testdir440013971/syzkaller.BGz3RF/4605/bus" dev="sda1" ino=15895 res=1
[ 2768.624145] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[ 2768.648114] Interruptibility = 00000000  ActivityState = 00000000
[ 2768.670549] *** Host State ***
[ 2768.681817] RIP = 0xffffffff8116426f  RSP = 0xffff8880582379d0
[ 2768.703555] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
08:55:02 executing program 4:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r1, 0x0, 0x0)
sendfile(r0, r1, 0x0, 0xffffffff)

[ 2768.725692] FSBase=00007fc3c74c2700 GSBase=ffff8880aed00000 TRBase=fffffe0000034000
[ 2768.755964] GDTBase=fffffe0000032000 IDTBase=fffffe0000000000
[ 2768.784246] CR0=0000000080050033 CR3=000000005b292000 CR4=00000000001426e0
[ 2768.813565] Sysenter RSP=fffffe0000033200 CS:RIP=0010:ffffffff864018c0
[ 2768.841137] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[ 2768.881958] audit: type=1804 audit(1591347303.048:514): pid=20975 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.4" name="/root/syzkaller-testdir787812507/syzkaller.VZIQUG/4484/bus" dev="sda1" ino=15795 res=1
[ 2768.920321] *** Control State ***
[ 2768.943751] PinBased=0000003f CPUBased=b6986dfe SecondaryExec=000000ea
08:55:03 executing program 3:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = fcntl$dupfd(r2, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
fcntl$setstatus(r0, 0x4, 0x6900)
ioctl$ASHMEM_GET_PIN_STATUS(0xffffffffffffffff, 0x7709, 0x0)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r4 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r4, 0x0, 0x8400fffffffa)
sendfile(r0, r4, 0x0, 0xffffffff)

[ 2768.986428] EntryControls=0000d1ff ExitControls=002fefff
[ 2769.033159] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[ 2769.084595] audit: type=1804 audit(1591347303.248:515): pid=20977 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.3" name="/root/syzkaller-testdir891778437/syzkaller.7QqUtx/858/bus" dev="sda1" ino=16211 res=1
[ 2769.114580] VMEntry: intr_info=800000c5 errcode=00000000 ilen=00000000
[ 2769.171132] VMExit: intr_info=00000000 errcode=00000000 ilen=00000003
[ 2769.204130]         reason=80000021 qualification=0000000000000000
08:55:03 executing program 0:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r2 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r2, 0x0, 0x8400fffffffa)
sendfile(r0, r2, 0x0, 0xffffffff)

[ 2769.227938] IDTVectoring: info=00000000 errcode=00000000
[ 2769.237560] TSC Offset = 0xfffffa3298d96f7c
[ 2769.261095] EPT pointer = 0x0000000085f6501e
[ 2769.282227] Virtual processor ID = 0x0024
[ 2769.297919] audit: type=1804 audit(1591347303.458:516): pid=20980 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.0" name="/root/syzkaller-testdir384449744/syzkaller.8GxjaF/4317/bus" dev="sda1" ino=15895 res=1
08:55:03 executing program 2:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = fcntl$dupfd(r2, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r4 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r4, 0x0, 0x8400fffffffa)
sendfile(0xffffffffffffffff, r4, 0x0, 0xffffffff)

[ 2769.536362] audit: type=1804 audit(1591347303.698:517): pid=20987 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.2" name="/root/syzkaller-testdir440013971/syzkaller.BGz3RF/4606/bus" dev="sda1" ino=16142 res=1
08:55:03 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_CLOCK(0xffffffffffffffff, 0x4030ae7b, &(0x7f0000000000)={0xec2})
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
socket$inet6_udplite(0xa, 0x2, 0x88)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000026000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000340)={0x1fe, 0x2, 0x3000, 0x1000, &(0x7f0000030000/0x1000)=nil})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
r3 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
fcntl$setstatus(r3, 0x4, 0x46000)
io_setup(0x2349, &(0x7f0000000240)=<r4=>0x0)
io_submit(r4, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x80000000000000, 0x1, 0x0, r3, &(0x7f0000000000), 0x377140be6b5ef4c7}])
getsockopt$inet_sctp6_SCTP_PARTIAL_DELIVERY_POINT(r3, 0x84, 0x13, &(0x7f0000000040), &(0x7f0000000300)=0x8)
r5 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/btrfs-control\x00', 0x0, 0x0)
ioctl$ASHMEM_GET_PIN_STATUS(r5, 0x7709, 0x0)
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TIMER(r5, 0x40605346, &(0x7f0000000240)={0x2, 0x0, {0x1, 0x0, 0x1f, 0x0, 0x1}, 0x80000000})
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000000c0)={{0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x9}, {0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x40}, {0xd000, 0x0, 0x4}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x1, 0x0, 0x1}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x6, 0x0, 0x0, 0xff}, {0x0, 0x0, 0x0, 0x4, 0xce, 0x0, 0xfd}, {0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, {0x2000}, {0x1}, {0x100000, 0xfffd}, 0x80000004, 0x0, 0x16007, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x20]})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

08:55:03 executing program 4:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r1, 0x0, 0x0)
sendfile(r0, r1, 0x0, 0xffffffff)

[ 2769.824993] audit: type=1804 audit(1591347303.988:518): pid=20992 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.4" name="/root/syzkaller-testdir787812507/syzkaller.VZIQUG/4485/bus" dev="sda1" ino=16225 res=1
08:55:04 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_CLOCK(0xffffffffffffffff, 0x4030ae7b, &(0x7f0000000000)={0xec2})
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000026000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000000c0)={{0x0, 0x0, 0x3, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x9}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, {0x0, 0x0, 0x0, 0x0, 0x3, 0x4, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x6}, {}, {0x0, 0x2, 0x0, 0x4, 0xce, 0x0, 0xfd}, {0x0, 0xf000}, {}, {0x1}, {0x0, 0xafc}, 0x80000004, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x20]})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
r3 = openat$mice(0xffffffffffffff9c, &(0x7f0000000040)='/dev/input/mice\x00', 0x8000)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

08:55:04 executing program 3:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = fcntl$dupfd(r2, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
fcntl$setstatus(r0, 0x4, 0x6900)
ioctl$ASHMEM_GET_PIN_STATUS(0xffffffffffffffff, 0x7709, 0x0)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r4 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r4, 0x0, 0x8400fffffffa)
sendfile(r0, r4, 0x0, 0xffffffff)

[ 2770.166835] *** Guest State ***
[ 2770.200720] CR0: actual=0x0000000080000024, shadow=0x0000000080000004, gh_mask=fffffffffffffff7
[ 2770.278200] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[ 2770.348617] CR3 = 0x0000000000000000
[ 2770.352536] RSP = 0x0000000000002018  RIP = 0x0000000000000000
[ 2770.410107] RFLAGS=0x00000002         DR7 = 0x0000000000000400
08:55:04 executing program 2:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = fcntl$dupfd(r2, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r4 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r4, 0x0, 0x8400fffffffa)
sendfile(0xffffffffffffffff, r4, 0x0, 0xffffffff)

08:55:04 executing program 0:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r2 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r2, 0x0, 0x8400fffffffa)
sendfile(r0, r2, 0x0, 0xffffffff)

[ 2770.452919] Sysenter RSP=0000000000000f80 CS:RIP=0050:0000000000002810
[ 2770.486401] CS:   sel=0x0003, attr=0x08081, limit=0x00000000, base=0x0000000000000000
[ 2770.532150] DS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2770.613911] SS:   sel=0x0000, attr=0x04005, limit=0x00000002, base=0x0000000000000000
08:55:04 executing program 4:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r1, 0x0, 0x0)
sendfile(r0, r1, 0x0, 0xffffffff)

[ 2770.676940] ES:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2770.788911] FS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2770.870323] GS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2770.948484] GDTR:                           limit=0x00000000, base=0x0000000000000001
[ 2771.081488] LDTR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2771.172885] IDTR:                           limit=0x00000afc, base=0x0000000000000000
08:55:05 executing program 3:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
fcntl$dupfd(r2, 0x0, r1)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r3 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r3, 0x0, 0x8400fffffffa)
sendfile(r0, r3, 0x0, 0xffffffff)

[ 2771.248149] TR:   sel=0x0000, attr=0x10000, limit=0x0000f000, base=0x0000000000000000
08:55:05 executing program 2:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = fcntl$dupfd(r2, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r4 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r4, 0x0, 0x8400fffffffa)
sendfile(r0, 0xffffffffffffffff, 0x0, 0xffffffff)

[ 2771.329463] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[ 2771.360491] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[ 2771.447210] Interruptibility = 00000000  ActivityState = 00000000
[ 2771.520147] *** Host State ***
[ 2771.555269] RIP = 0xffffffff8116426f  RSP = 0xffff88808cf179d0
08:55:05 executing program 4:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
sendfile(0xffffffffffffffff, r1, 0x0, 0xffffffff)

[ 2771.612721] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[ 2771.665334] FSBase=00007fc3c7505700 GSBase=ffff8880aec00000 TRBase=fffffe0000003000
[ 2771.762601] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000
[ 2771.825965] CR0=0000000080050033 CR3=0000000048ec1000 CR4=00000000001426f0
[ 2771.890558] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff864018c0
[ 2771.942333] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[ 2771.987630] *** Control State ***
08:55:06 executing program 0:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
fcntl$dupfd(r2, 0x0, r1)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r3 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r3, 0x0, 0x8400fffffffa)
sendfile(r0, r3, 0x0, 0xffffffff)

[ 2772.014137] PinBased=0000003f CPUBased=b6986dfe SecondaryExec=000000ea
[ 2772.083180] EntryControls=0000d1ff ExitControls=002fefff
[ 2772.168521] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[ 2772.213890] VMEntry: intr_info=800000c5 errcode=00000000 ilen=00000000
[ 2772.253872] VMExit: intr_info=00000000 errcode=00000000 ilen=00000003
[ 2772.297093]         reason=80000021 qualification=0000000000000000
08:55:06 executing program 2:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = fcntl$dupfd(r2, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r4 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r4, 0x0, 0x8400fffffffa)
sendfile(r0, 0xffffffffffffffff, 0x0, 0xffffffff)

[ 2772.338219] IDTVectoring: info=00000000 errcode=00000000
[ 2772.378267] TSC Offset = 0xfffffa3159dc5d4c
[ 2772.409169] EPT pointer = 0x00000000a56b601e
[ 2772.436450] Virtual processor ID = 0x001c
[ 2772.509084] kauditd_printk_skb: 8 callbacks suppressed
[ 2772.509094] audit: type=1804 audit(1591347306.679:527): pid=21039 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.2" name="/root/syzkaller-testdir440013971/syzkaller.BGz3RF/4609/bus" dev="sda1" ino=16133 res=1
08:55:06 executing program 4:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
sendfile(0xffffffffffffffff, r1, 0x0, 0xffffffff)

08:55:06 executing program 3:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
fcntl$dupfd(r2, 0x0, r1)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r3 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r3, 0x0, 0x8400fffffffa)
sendfile(r0, r3, 0x0, 0xffffffff)

[ 2772.665229] audit: type=1804 audit(1591347306.829:528): pid=21044 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.4" name="/root/syzkaller-testdir787812507/syzkaller.VZIQUG/4488/bus" dev="sda1" ino=16099 res=1
[ 2772.852029] audit: type=1804 audit(1591347306.969:529): pid=21047 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.3" name="/root/syzkaller-testdir891778437/syzkaller.7QqUtx/861/bus" dev="sda1" ino=16144 res=1
08:55:07 executing program 0:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
fcntl$dupfd(r2, 0x0, r1)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r3 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r3, 0x0, 0x8400fffffffa)
sendfile(r0, r3, 0x0, 0xffffffff)

[ 2773.244701] audit: type=1804 audit(1591347307.409:530): pid=21050 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.0" name="/root/syzkaller-testdir384449744/syzkaller.8GxjaF/4320/bus" dev="sda1" ino=15903 res=1
08:55:07 executing program 2:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = fcntl$dupfd(r2, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r4 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r4, 0x0, 0x8400fffffffa)
sendfile(r0, 0xffffffffffffffff, 0x0, 0xffffffff)

08:55:07 executing program 4:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
sendfile(0xffffffffffffffff, r1, 0x0, 0xffffffff)

[ 2773.444881] audit: type=1804 audit(1591347307.609:531): pid=21055 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.2" name="/root/syzkaller-testdir440013971/syzkaller.BGz3RF/4610/bus" dev="sda1" ino=16133 res=1
08:55:07 executing program 5:
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_MRT6_ADD_MFC_PROXY(r0, 0x29, 0xd2, &(0x7f0000000180)={{0xa, 0x4e20, 0x8eb, @local, 0x9}, {0xa, 0x4e22, 0x2, @mcast1, 0x879}, 0x7, [0x7, 0x5, 0xfffffeff, 0x4, 0x400, 0x6, 0xff, 0x2]}, 0x5c)
r1 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
r2 = syz_init_net_socket$nl_rdma(0xffffffffffffffff, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_RES_CQ_GET(r2, &(0x7f0000000280)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000200)={&(0x7f0000000300)={0x58, 0x140c, 0x200, 0x70bd25, 0x25dfdbfc, "", [@RDMA_NLDEV_ATTR_PORT_INDEX={0x8, 0x3, 0x3}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x1}, @RDMA_NLDEV_ATTR_RES_CQN={0x8}, @RDMA_NLDEV_ATTR_PORT_INDEX={0x8, 0x3, 0x1}, @RDMA_NLDEV_ATTR_RES_CQN={0x8}, @RDMA_NLDEV_ATTR_RES_CQN={0x8, 0x3d, 0x5}, @RDMA_NLDEV_ATTR_RES_CQN={0x8, 0x3d, 0x1}, @RDMA_NLDEV_ATTR_RES_CQN={0x8, 0x3d, 0x3}, @RDMA_NLDEV_ATTR_RES_CQN={0x8, 0x3d, 0x5}]}, 0x58}, 0x1, 0x0, 0x0, 0x2000c004}, 0x20000080)
r3 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
fcntl$setstatus(r3, 0x4, 0x46000)
io_setup(0x2349, &(0x7f0000000240)=<r4=>0x0)
io_submit(r4, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x80000000000000, 0x1, 0x0, r3, &(0x7f0000000000), 0x377140be6b5ef4c7}])
ioctl$DRM_IOCTL_GEM_OPEN(0xffffffffffffffff, 0xc010640b, &(0x7f0000000000)={0x0, <r5=>0x0, 0x3})
r6 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/btrfs-control\x00', 0x0, 0x0)
ioctl$ASHMEM_GET_PIN_STATUS(r6, 0x7709, 0x0)
ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r3, 0xc00c642d, &(0x7f0000000040)={r5, 0x0, r6})
fremovexattr(r1, &(0x7f0000000080)=@known='user.syz\x00')

[ 2773.565232] audit: type=1804 audit(1591347307.729:532): pid=21059 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.4" name="/root/syzkaller-testdir787812507/syzkaller.VZIQUG/4489/bus" dev="sda1" ino=16099 res=1
08:55:08 executing program 3:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
fcntl$dupfd(r2, 0x0, r1)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r3 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r3, 0x0, 0x8400fffffffa)
sendfile(r0, r3, 0x0, 0xffffffff)

08:55:08 executing program 5:
r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
fremovexattr(r0, &(0x7f0000000080)=@known='user.syz\x00')
r1 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/btrfs-control\x00', 0x0, 0x0)
ioctl$ASHMEM_GET_PIN_STATUS(r1, 0x7709, 0x0)
r2 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ubi_ctrl\x00', 0x0, 0x0)
ioctl$ASHMEM_GET_SIZE(r2, 0x40186f40, 0x76006e)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$devlink(&(0x7f0000000140)='devlink\x00')
sendmsg$DEVLINK_CMD_GET(r3, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000440)={0x14, r4, 0xc91add0bf88807dd, 0x0, 0x0, {0x17}}, 0x14}}, 0x0)
sendmsg$DEVLINK_CMD_PORT_SET(r2, &(0x7f0000000200)={&(0x7f0000000000), 0xc, &(0x7f0000000040)={&(0x7f0000000480)={0xd0, r4, 0x400, 0x70bd2c, 0x25dfdbfe, {}, [{{@nsim={{0xe, 0x1, 'netdevsim\x00'}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x3}}, {0x6}}, {{@nsim={{0xe, 0x1, 'netdevsim\x00'}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x1}}, {0x6}}, {{@pci={{0x8, 0x1, 'pci\x00'}, {0x11, 0x2, '0000:00:10.0\x00'}}, {0x8, 0x3, 0x2}}, {0x6}}, {{@nsim={{0xe, 0x1, 'netdevsim\x00'}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8}}, {0x6, 0x4, 0x3}}]}, 0xd0}, 0x1, 0x0, 0x0, 0x400c0}, 0x0)
sendmsg$DEVLINK_CMD_PORT_SET(r1, &(0x7f0000000200)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000100)={&(0x7f0000000180)={0x70, r4, 0x100, 0x70bd29, 0x25dfdbfb, {}, [{{@pci={{0x8, 0x1, 'pci\x00'}, {0x11, 0x2, '0000:00:10.0\x00'}}, {0x8, 0x3, 0x1}}, {0x6, 0x4, 0x1}}, {{@nsim={{0xe, 0x1, 'netdevsim\x00'}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x2}}, {0x6, 0x4, 0x2}}]}, 0x70}, 0x1, 0x0, 0x0, 0x4040040}, 0x40000)
lremovexattr(&(0x7f0000000000)='./bus\x00', &(0x7f0000000040)=@known='trusted.syz\x00')

[ 2774.197690] audit: type=1804 audit(1591347308.359:533): pid=21066 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.3" name="/root/syzkaller-testdir891778437/syzkaller.7QqUtx/862/bus" dev="sda1" ino=16143 res=1
08:55:08 executing program 2:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = fcntl$dupfd(r2, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r4 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r4, 0x0, 0x8400fffffffa)
sendfile(r0, r4, 0x0, 0x0)

[ 2774.279431] ubi: mtd0 is already attached to ubi0
08:55:08 executing program 0:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
fcntl$dupfd(r2, 0x0, r1)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r3 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r3, 0x0, 0x8400fffffffa)
sendfile(r0, r3, 0x0, 0xffffffff)

08:55:08 executing program 4:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
sendfile(r0, 0xffffffffffffffff, 0x0, 0xffffffff)

[ 2774.396623] audit: type=1804 audit(1591347308.559:534): pid=21071 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.2" name="/root/syzkaller-testdir440013971/syzkaller.BGz3RF/4611/bus" dev="sda1" ino=15834 res=1
[ 2774.472348] ubi: mtd0 is already attached to ubi0
08:55:08 executing program 5:
r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
fremovexattr(r0, &(0x7f0000000080)=@known='user.syz\x00')
r1 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vga_arbiter\x00', 0x4000, 0x0)
setsockopt$netlink_NETLINK_CAP_ACK(r1, 0x10e, 0xa, &(0x7f0000000040)=0x80000000, 0x4)
r2 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/ubi_ctrl\x00', 0x400001, 0x0)
ioctl$SECCOMP_IOCTL_NOTIF_RECV(r0, 0xc0502100, &(0x7f0000000200)={<r3=>0x0})
ioctl$SECCOMP_IOCTL_NOTIF_ID_VALID(r2, 0x80082102, &(0x7f0000000280)=r3)
keyctl$revoke(0x3, 0x0)
r4 = syz_init_net_socket$nl_rdma(0xffffffffffffffff, 0x3, 0x14)
r5 = syz_open_dev$dri(&(0x7f0000000180)='/dev/dri/card#\x00', 0x5, 0x440001)
fallocate(r5, 0x10, 0xafeb, 0x8001)
getpeername$netlink(r4, &(0x7f00000000c0), &(0x7f0000000100)=0xc)

[ 2774.604191] audit: type=1804 audit(1591347308.659:535): pid=21078 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.0" name="/root/syzkaller-testdir384449744/syzkaller.8GxjaF/4321/bus" dev="sda1" ino=16099 res=1
[ 2774.692210] audit: type=1804 audit(1591347308.689:536): pid=21079 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.4" name="/root/syzkaller-testdir787812507/syzkaller.VZIQUG/4490/bus" dev="sda1" ino=16133 res=1
08:55:09 executing program 5:
r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
ioctl$FIBMAP(r0, 0x1, &(0x7f0000000000)=0x1)
fremovexattr(r0, &(0x7f0000000080)=@known='user.syz\x00')

08:55:09 executing program 2:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = fcntl$dupfd(r2, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r4 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r4, 0x0, 0x8400fffffffa)
sendfile(r0, r4, 0x0, 0x0)

08:55:09 executing program 5:
r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x46000)
io_setup(0x2349, &(0x7f0000000240)=<r1=>0x0)
io_submit(r1, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x80000000000000, 0x1, 0x0, r0, &(0x7f0000000000), 0x377140be6b5ef4c7}])
accept4$tipc(r0, 0x0, &(0x7f0000000000), 0x800)
r2 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
fremovexattr(r2, &(0x7f0000000080)=@known='user.syz\x00')

08:55:09 executing program 3:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
fcntl$dupfd(r2, 0x0, r1)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r3 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r3, 0x0, 0xffffffff)

08:55:09 executing program 4:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
sendfile(r0, 0xffffffffffffffff, 0x0, 0xffffffff)

08:55:09 executing program 0 (fault-call:9 fault-nth:0):
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = fcntl$dupfd(r2, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r4 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r4, 0x0, 0x8400fffffffa)
sendfile(r0, r4, 0x0, 0xffffffff)

08:55:09 executing program 5:
r0 = creat(&(0x7f0000000140)='./bus\x00', 0x1)
fcntl$setstatus(r0, 0x4, 0x46000)
io_setup(0x2349, &(0x7f0000000240)=<r1=>0x0)
io_submit(r1, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x80000000000000, 0x1, 0x0, r0, &(0x7f0000000000), 0x377140be6b5ef4c7}])
ioctl$UI_END_FF_UPLOAD(r0, 0x406855c9, &(0x7f0000000000)={0x6, 0x1f, {0x54, 0x46d7, 0x4, {0x200}, {0x0, 0x9463}, @ramp={0x6, 0x9, {0xfe00, 0x401, 0xfff, 0x1}}}, {0x51, 0x64f, 0x400, {0x4, 0x8}, {0xb46, 0x8001}, @rumble={0x4, 0x3ff}}})
r2 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
r3 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/btrfs-control\x00', 0x0, 0x0)
ioctl$ASHMEM_GET_PIN_STATUS(r3, 0x7709, 0x0)
setsockopt$inet_sctp_SCTP_PARTIAL_DELIVERY_POINT(r3, 0x84, 0x13, &(0x7f0000000100)=0x4, 0x4)
fremovexattr(r2, &(0x7f0000000080)=@known='user.syz\x00')

[ 2775.803871] FAULT_INJECTION: forcing a failure.
[ 2775.803871] name failslab, interval 1, probability 0, space 0, times 0
[ 2775.852749] CPU: 1 PID: 21103 Comm: syz-executor.0 Not tainted 4.14.183-syzkaller #0
[ 2775.860669] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2775.870034] Call Trace:
[ 2775.872641]  dump_stack+0x1b2/0x283
[ 2775.876288]  should_fail.cold+0x10a/0x154
[ 2775.880456]  should_failslab+0xd6/0x130
[ 2775.884454]  kmem_cache_alloc_trace+0x2b7/0x3f0
[ 2775.889488]  alloc_pipe_info+0xaa/0x380
[ 2775.893651]  splice_direct_to_actor+0x581/0x730
[ 2775.898336]  ? avc_policy_seqno+0x5/0x10
[ 2775.902409]  ? generic_pipe_buf_nosteal+0x10/0x10
[ 2775.907300]  ? do_splice_to+0x150/0x150
[ 2775.911297]  ? rw_verify_area+0xe1/0x290
[ 2775.915371]  do_splice_direct+0x164/0x210
[ 2775.919529]  ? splice_direct_to_actor+0x730/0x730
[ 2775.924400]  ? rcu_read_lock_sched_held+0x10a/0x130
[ 2775.929426]  ? rcu_sync_lockdep_assert+0x69/0xa0
[ 2775.938257]  do_sendfile+0x469/0xaf0
[ 2775.941995]  ? do_compat_pwritev64+0x140/0x140
[ 2775.946597]  SyS_sendfile64+0xff/0x110
[ 2775.950581]  ? SyS_sendfile+0x130/0x130
[ 2775.954561]  ? do_syscall_64+0x4c/0x640
[ 2775.958543]  ? SyS_sendfile+0x130/0x130
[ 2775.962530]  do_syscall_64+0x1d5/0x640
[ 2775.966435]  entry_SYSCALL_64_after_hwframe+0x46/0xbb
[ 2775.971627] RIP: 0033:0x45ca69
[ 2775.974819] RSP: 002b:00007f781e0b7c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[ 2775.982532] RAX: ffffffffffffffda RBX: 00000000004fc580 RCX: 000000000045ca69
[ 2775.989893] RDX: 0000000000000000 RSI: 0000000000000007 RDI: 0000000000000003
[ 2775.997170] RBP: 000000000078bfa0 R08: 0000000000000000 R09: 0000000000000000
[ 2776.004445] R10: 00000000ffffffff R11: 0000000000000246 R12: 0000000000000008
[ 2776.011725] R13: 00000000000008dc R14: 00000000004cba56 R15: 00007f781e0b86d4
08:55:10 executing program 2:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = fcntl$dupfd(r2, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r4 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r4, 0x0, 0x8400fffffffa)
sendfile(r0, r4, 0x0, 0x0)

08:55:10 executing program 3:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
fcntl$dupfd(r2, 0x0, r1)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r3 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r3, 0x0, 0xffffffff)

08:55:10 executing program 4:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
sendfile(r0, 0xffffffffffffffff, 0x0, 0xffffffff)

08:55:10 executing program 5 (fault-call:6 fault-nth:0):
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0xffffffff)

08:55:10 executing program 0:
r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x46000)
io_setup(0x2349, &(0x7f0000000240)=<r1=>0x0)
io_submit(r1, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x80000000000000, 0x1, 0x0, r0, &(0x7f0000000000), 0x377140be6b5ef4c7}])
r2 = accept4$packet(r0, &(0x7f0000000040)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, &(0x7f0000000080)=0x14, 0x800)
pwritev(r2, &(0x7f00000005c0)=[{&(0x7f0000000180)="24cf78b3f05d252e00745a63f60f7f874d88bf192285cda58f38222eb754910937a773c39e760a33503e87d39254a878362afa8adcfaf55a8fc33ccf51b981b96b4a2d1b537a313aec6a4f6127331f91247546ad9acaa9c2794de94913085b4ca24cd58b2eef9b461d26e6048a810119d2bd81aaa1a2a9a11b9259ed948b0d6b41859cfa231387ceea6a9441e09c04ab2dc2d2d3283c394f96635071e7", 0x9d}, {&(0x7f0000000300)="2efb547b9e6a30be7172122aae5869fee2bdc9e1172de63bece74b907fc7479c1a1a6a44e67a79c1b1c4d9d092738eb64f5b81586df1d19ed3bd50f339bd7daca09ecef6351435a8cc9f426658f2bb33760b8e33ce435caa40f26903da70dccb077ebc627f8ab8f644ae9aba213730220625dae083345c9d64f073aaddc0a2265d196ec6be966bf7e635902b1b21c824d1414809921ef031bf06fd6ab94ed2f8fdb8a1f83a80c2f743204f8b30fdac680c606105218d08546dd3845f3a3491895612588840fe4357d77e4714683fec0798932ff3c5b4bd83911e2852d921b6e59e311d3a2da2315d0cff7b469d", 0xed}, {&(0x7f00000000c0)="3911b0e07804edd498aa8c5996693d0634e7fd6f54467d74f735968c9ce4c3e6709d1a663746e3e541dea22967c648e2bf643b0b", 0x34}, {&(0x7f0000000100)="39f6b88285ed33d6acfbee52290430cf68ad48a2ac908f681a0c8541404a3330c9b33e9a8190ae704fe7009def6485d7a4f12d", 0x33}, {&(0x7f0000000240)="43b93a40ad617c7315f04e95155a8977018b93413a3172f3582dd9", 0x1b}, {&(0x7f0000000400)="b094473c9573ab2b6aeef1fbee28ccd738137e5620710d8085a924c385d5c52ab01a347e998012c6edba499cdc99cf3bb840274eeaf2f6190932e4e96b5bc5b045449c9ad0388414516347bb08c8c8377b6fbabcdf11162b7a0d0ea3d290f9adfe69f94923af0c57ce69cfe70dc118f2bba78299ec0f99bcf93523fdc12148cecc001f560a7e672d045baa3fd93fe70cb38cb6fb627c7a949839fd08f6c2e17fa994f830653246294955d38d000c28e32cab69df1ba0410fdcae65204ecc4fa61710fa9f173297e8763d8bfeb9d2428a8349943a95dddf59697d8483c72d", 0xde}, {&(0x7f0000000500)="fc729c9e4a3c7c3c59954348160457e45985419cf70a8e79a95951dd35e1a5d951be9ea5adab7f17ed6d19de9eaf61702323fe8bf1f504995bbf90cfab78bf10f6912af6be3f03b59adfcc8f24182c83a2d568f4a50f46953117f4ddcf03d316291cf35669ae589994ebdb2d19f57fd27d75bea0f612659786bfe420f83c73153b", 0x81}, {&(0x7f0000000280)="f97fdce91179058a082024c820321e1a65f716e9ec5a01a713be", 0x1a}], 0x8, 0x151)
r3 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
r6 = fcntl$dupfd(r5, 0x406, r4)
ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200)
fcntl$setstatus(r3, 0x4, 0x6900)
ftruncate(r3, 0x800)
lseek(r3, 0x0, 0x2)
r7 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r3, r7, 0x0, 0x8400fffffffa)
sendfile(r3, r7, 0x0, 0xffffffff)

[ 2776.634489] FAULT_INJECTION: forcing a failure.
[ 2776.634489] name failslab, interval 1, probability 0, space 0, times 0
[ 2776.758069] CPU: 1 PID: 21118 Comm: syz-executor.5 Not tainted 4.14.183-syzkaller #0
[ 2776.766945] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2776.776309] Call Trace:
[ 2776.778916]  dump_stack+0x1b2/0x283
[ 2776.782736]  should_fail.cold+0x10a/0x154
[ 2776.786905]  should_failslab+0xd6/0x130
[ 2776.790892]  kmem_cache_alloc_trace+0x2b7/0x3f0
[ 2776.795578]  alloc_pipe_info+0xaa/0x380
[ 2776.799570]  splice_direct_to_actor+0x581/0x730
[ 2776.804252]  ? avc_policy_seqno+0x5/0x10
[ 2776.808326]  ? generic_pipe_buf_nosteal+0x10/0x10
[ 2776.813189]  ? do_splice_to+0x150/0x150
[ 2776.817180]  ? rw_verify_area+0xe1/0x290
[ 2776.821257]  do_splice_direct+0x164/0x210
[ 2776.829762]  ? splice_direct_to_actor+0x730/0x730
[ 2776.834625]  ? rcu_read_lock_sched_held+0x10a/0x130
[ 2776.839652]  ? rcu_sync_lockdep_assert+0x69/0xa0
[ 2776.844522]  do_sendfile+0x469/0xaf0
[ 2776.848272]  ? do_compat_pwritev64+0x140/0x140
[ 2776.852877]  SyS_sendfile64+0xff/0x110
[ 2776.856780]  ? SyS_sendfile+0x130/0x130
[ 2776.860766]  ? do_syscall_64+0x4c/0x640
[ 2776.864750]  ? SyS_sendfile+0x130/0x130
[ 2776.869013]  do_syscall_64+0x1d5/0x640
[ 2776.872917]  entry_SYSCALL_64_after_hwframe+0x46/0xbb
[ 2776.878113] RIP: 0033:0x45ca69
[ 2776.881309] RSP: 002b:00007ff846aa7c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[ 2776.889139] RAX: ffffffffffffffda RBX: 00000000004fc580 RCX: 000000000045ca69
[ 2776.896415] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000003
[ 2776.908254] RBP: 000000000078bfa0 R08: 0000000000000000 R09: 0000000000000000
[ 2776.915630] R10: 00000000ffffffff R11: 0000000000000246 R12: 0000000000000005
[ 2776.922910] R13: 00000000000008dc R14: 00000000004cba56 R15: 00007ff846aa86d4
08:55:11 executing program 4:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0x0)

08:55:11 executing program 3:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
fcntl$dupfd(r2, 0x0, r1)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r3 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r3, 0x0, 0xffffffff)

08:55:11 executing program 2 (fault-call:9 fault-nth:0):
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = fcntl$dupfd(r2, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r4 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r4, 0x0, 0x8400fffffffa)
sendfile(r0, r4, 0x0, 0xffffffff)

[ 2777.459742] FAULT_INJECTION: forcing a failure.
[ 2777.459742] name failslab, interval 1, probability 0, space 0, times 0
[ 2777.536687] CPU: 1 PID: 21132 Comm: syz-executor.2 Not tainted 4.14.183-syzkaller #0
[ 2777.544642] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2777.554005] Call Trace:
[ 2777.557048]  dump_stack+0x1b2/0x283
[ 2777.560705]  should_fail.cold+0x10a/0x154
[ 2777.564883]  should_failslab+0xd6/0x130
[ 2777.568875]  kmem_cache_alloc_trace+0x2b7/0x3f0
[ 2777.573575]  alloc_pipe_info+0xaa/0x380
[ 2777.577575]  splice_direct_to_actor+0x581/0x730
[ 2777.582261]  ? avc_policy_seqno+0x5/0x10
[ 2777.586341]  ? generic_pipe_buf_nosteal+0x10/0x10
[ 2777.591203]  ? do_splice_to+0x150/0x150
[ 2777.595189]  ? rw_verify_area+0xe1/0x290
[ 2777.599265]  do_splice_direct+0x164/0x210
[ 2777.603428]  ? splice_direct_to_actor+0x730/0x730
[ 2777.608297]  ? rcu_read_lock_sched_held+0x10a/0x130
[ 2777.618627]  ? rcu_sync_lockdep_assert+0x69/0xa0
[ 2777.623490]  do_sendfile+0x469/0xaf0
[ 2777.627231]  ? do_compat_pwritev64+0x140/0x140
[ 2777.631834]  SyS_sendfile64+0xff/0x110
[ 2777.635735]  ? SyS_sendfile+0x130/0x130
[ 2777.639719]  ? do_syscall_64+0x4c/0x640
[ 2777.643703]  ? SyS_sendfile+0x130/0x130
[ 2777.647687]  do_syscall_64+0x1d5/0x640
[ 2777.651594]  entry_SYSCALL_64_after_hwframe+0x46/0xbb
[ 2777.656791] RIP: 0033:0x45ca69
[ 2777.659983] RSP: 002b:00007f4e64959c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[ 2777.670130] RAX: ffffffffffffffda RBX: 00000000004fc580 RCX: 000000000045ca69
[ 2777.677431] RDX: 0000000000000000 RSI: 0000000000000007 RDI: 0000000000000003
[ 2777.684708] RBP: 000000000078bfa0 R08: 0000000000000000 R09: 0000000000000000
[ 2777.692515] R10: 00000000ffffffff R11: 0000000000000246 R12: 0000000000000008
[ 2777.699789] R13: 00000000000008dc R14: 00000000004cba56 R15: 00007f4e6495a6d4
[ 2777.719262] kauditd_printk_skb: 12 callbacks suppressed
[ 2777.719272] audit: type=1804 audit(1591347311.889:549): pid=21120 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="ToMToU" comm="syz-executor.0" name="/root/syzkaller-testdir384449744/syzkaller.8GxjaF/4323/bus" dev="sda1" ino=15903 res=1
08:55:11 executing program 5 (fault-call:6 fault-nth:1):
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0xffffffff)

08:55:12 executing program 0:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = fcntl$dupfd(r2, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r4 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r4, 0x0, 0x8400fffffffa)
sendfile(r0, r4, 0x0, 0xffffffff)
r5 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
fcntl$setstatus(r5, 0x4, 0x46000)
epoll_create1(0x0)
io_setup(0x2349, &(0x7f0000000240)=<r6=>0x0)
io_submit(r6, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x80000000000000, 0x1, 0x0, r5, &(0x7f0000000000), 0x377140be6b5ef4c7}])
ioctl$VIDIOC_G_EXT_CTRLS(r5, 0xc0205647, &(0x7f00000000c0)={0x9a0000, 0x10000, 0x5, <r7=>r1, 0x0, &(0x7f0000000080)={0xe55957e22f26fa1a, 0x40, [], @p_u32=&(0x7f0000000040)=0xfffffe01}})
r8 = syz_genetlink_get_family_id$tipc(&(0x7f0000000180)='TIPC\x00')
sendmsg$TIPC_CMD_GET_NETID(r7, &(0x7f0000000240)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)={0x1c, r8, 0x20, 0x70bd29, 0x25dfdbfd, {}, ["", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x800}, 0x0)

[ 2777.901965] audit: type=1804 audit(1591347311.919:550): pid=21120 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="ToMToU" comm="syz-executor.0" name="/root/syzkaller-testdir384449744/syzkaller.8GxjaF/4323/bus" dev="sda1" ino=15903 res=1
08:55:12 executing program 4:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0x0)

08:55:12 executing program 3:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
fcntl$dupfd(r2, 0x0, r1)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
sendfile(r0, 0xffffffffffffffff, 0x0, 0x8400fffffffa)
sendfile(r0, 0xffffffffffffffff, 0x0, 0xffffffff)

[ 2778.100462] FAULT_INJECTION: forcing a failure.
[ 2778.100462] name failslab, interval 1, probability 0, space 0, times 0
[ 2778.118272] audit: type=1804 audit(1591347311.919:551): pid=21120 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.0" name="/root/syzkaller-testdir384449744/syzkaller.8GxjaF/4323/bus" dev="sda1" ino=15903 res=1
08:55:12 executing program 3:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
fcntl$dupfd(r2, 0x0, r1)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
sendfile(r0, 0xffffffffffffffff, 0x0, 0x8400fffffffa)
sendfile(r0, 0xffffffffffffffff, 0x0, 0xffffffff)

[ 2778.250915] audit: type=1804 audit(1591347312.149:552): pid=21136 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.0" name="/root/syzkaller-testdir384449744/syzkaller.8GxjaF/4324/bus" dev="sda1" ino=15903 res=1
08:55:12 executing program 3:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
fcntl$dupfd(r2, 0x0, r1)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
sendfile(r0, 0xffffffffffffffff, 0x0, 0x8400fffffffa)
sendfile(r0, 0xffffffffffffffff, 0x0, 0xffffffff)

[ 2778.320194] CPU: 0 PID: 21142 Comm: syz-executor.5 Not tainted 4.14.183-syzkaller #0
[ 2778.328111] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2778.337475] Call Trace:
[ 2778.340097]  dump_stack+0x1b2/0x283
[ 2778.343745]  should_fail.cold+0x10a/0x154
[ 2778.347912]  should_failslab+0xd6/0x130
[ 2778.351903]  __kmalloc+0x2c1/0x400
[ 2778.355452]  ? alloc_pipe_info+0x156/0x380
[ 2778.359703]  alloc_pipe_info+0x156/0x380
[ 2778.363782]  splice_direct_to_actor+0x581/0x730
[ 2778.368466]  ? avc_policy_seqno+0x5/0x10
[ 2778.372537]  ? generic_pipe_buf_nosteal+0x10/0x10
[ 2778.377396]  ? do_splice_to+0x150/0x150
[ 2778.382342]  ? rw_verify_area+0xe1/0x290
[ 2778.386434]  do_splice_direct+0x164/0x210
[ 2778.390603]  ? splice_direct_to_actor+0x730/0x730
[ 2778.395464]  ? rcu_read_lock_sched_held+0x10a/0x130
[ 2778.400488]  ? rcu_sync_lockdep_assert+0x69/0xa0
[ 2778.405256]  do_sendfile+0x469/0xaf0
[ 2778.408995]  ? do_compat_pwritev64+0x140/0x140
[ 2778.413598]  SyS_sendfile64+0xff/0x110
08:55:12 executing program 3:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
fcntl$dupfd(r2, 0x0, r1)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
r3 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r3, 0x0, 0x8400fffffffa)
sendfile(r0, r3, 0x0, 0xffffffff)

08:55:12 executing program 2:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = fcntl$dupfd(r2, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040)='/dev/rfkill\x00', 0x7df040, 0x0)
r4 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r4, 0x0, 0x8400fffffffa)
sendfile(r0, r4, 0x0, 0xffffffff)

[ 2778.417490]  ? SyS_sendfile+0x130/0x130
[ 2778.421468]  ? do_syscall_64+0x4c/0x640
[ 2778.425446]  ? SyS_sendfile+0x130/0x130
[ 2778.429467]  do_syscall_64+0x1d5/0x640
[ 2778.433981]  entry_SYSCALL_64_after_hwframe+0x46/0xbb
[ 2778.439178] RIP: 0033:0x45ca69
[ 2778.442380] RSP: 002b:00007ff846aa7c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[ 2778.452622] RAX: ffffffffffffffda RBX: 00000000004fc580 RCX: 000000000045ca69
[ 2778.459898] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000003
[ 2778.467172] RBP: 000000000078bfa0 R08: 0000000000000000 R09: 0000000000000000
[ 2778.474446] R10: 00000000ffffffff R11: 0000000000000246 R12: 0000000000000005
[ 2778.481720] R13: 00000000000008dc R14: 00000000004cba56 R15: 00007ff846aa86d4
08:55:12 executing program 3:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
fcntl$dupfd(r2, 0x0, r1)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
r3 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r3, 0x0, 0x8400fffffffa)
sendfile(r0, r3, 0x0, 0xffffffff)

[ 2778.534292] audit: type=1804 audit(1591347312.209:553): pid=21138 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.5" name="/root/syzkaller-testdir619757868/syzkaller.NyDZSH/3770/bus" dev="sda1" ino=16353 res=1
08:55:12 executing program 3:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
fcntl$dupfd(r2, 0x0, r1)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
r3 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r3, 0x0, 0x8400fffffffa)
sendfile(r0, r3, 0x0, 0xffffffff)

[ 2778.691971] audit: type=1804 audit(1591347312.259:554): pid=21141 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="ToMToU" comm="syz-executor.0" name="/root/syzkaller-testdir384449744/syzkaller.8GxjaF/4324/bus" dev="sda1" ino=15903 res=1
[ 2778.812087] audit: type=1804 audit(1591347312.289:555): pid=21144 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.4" name="/root/syzkaller-testdir787812507/syzkaller.VZIQUG/4494/bus" dev="sda1" ino=16034 res=1
08:55:13 executing program 3:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
fcntl$dupfd(r2, 0x0, r1)
fcntl$setstatus(r0, 0x4, 0x6900)
lseek(r0, 0x0, 0x2)
r3 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r3, 0x0, 0x8400fffffffa)
sendfile(r0, r3, 0x0, 0xffffffff)

08:55:13 executing program 0:
r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x46000)
ioctl$MON_IOCX_GETX(r0, 0x4018920a, &(0x7f00000001c0)={&(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @iso}, &(0x7f0000000300)=""/197, 0xc5})
io_setup(0x2349, &(0x7f0000000240)=<r1=>0x0)
io_submit(r1, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x80000000000000, 0x1, 0x0, r0, &(0x7f0000000000), 0x377140be6b5ef4c7}])
getsockopt$netrom_NETROM_T4(r0, 0x103, 0x6, &(0x7f0000000040)=0x7fffffff, &(0x7f0000000100)=0x4)
r2 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000140)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
r5 = fcntl$dupfd(r4, 0x0, r3)
ppoll(&(0x7f0000000040), 0x0, &(0x7f0000000080)={0x0, 0x989680}, &(0x7f00000000c0)={[0x80000001]}, 0x8)
ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200)
fcntl$setstatus(r2, 0x4, 0x6900)
ftruncate(r2, 0x800)
lseek(r2, 0x0, 0x2)
r6 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r2, r6, 0x0, 0x8400fffffffa)
sendfile(r2, r6, 0x0, 0xffffffff)

[ 2779.005034] audit: type=1804 audit(1591347312.489:556): pid=21152 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.3" name="/root/syzkaller-testdir891778437/syzkaller.7QqUtx/869/bus" dev="sda1" ino=16133 res=1
[ 2779.135280] audit: type=1804 audit(1591347312.699:557): pid=21154 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.2" name="/root/syzkaller-testdir440013971/syzkaller.BGz3RF/4615/bus" dev="sda1" ino=16258 res=1
[ 2779.204738] audit: type=1804 audit(1591347312.819:558): pid=21157 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.3" name="/root/syzkaller-testdir891778437/syzkaller.7QqUtx/870/bus" dev="sda1" ino=16133 res=1
08:55:14 executing program 0:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
fcntl$dupfd(r2, 0x0, r1)
openat(0xffffffffffffffff, &(0x7f0000000040)='./bus\x00', 0x105a00, 0x0)
r3 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/btrfs-control\x00', 0x0, 0x0)
ioctl$ASHMEM_GET_PIN_STATUS(r3, 0x7709, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r4 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r4, 0x0, 0x8400fffffffa)
sendfile(r0, r4, 0x0, 0xffffffff)

08:55:14 executing program 4:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0x0)

08:55:14 executing program 3:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
fcntl$dupfd(r2, 0x0, r1)
fcntl$setstatus(r0, 0x4, 0x6900)
lseek(r0, 0x0, 0x2)
r3 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r3, 0x0, 0x8400fffffffa)
sendfile(r0, r3, 0x0, 0xffffffff)

08:55:14 executing program 2:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = fcntl$dupfd(r2, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
r4 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
fcntl$setstatus(r4, 0x4, 0x46000)
io_setup(0x2349, &(0x7f0000000240)=<r5=>0x0)
io_submit(r5, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x80000000000000, 0x1, 0x0, r4, &(0x7f0000000000), 0x377140be6b5ef4c7}])
r6 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/btrfs-control\x00', 0x0, 0x0)
ioctl$ASHMEM_GET_PIN_STATUS(r6, 0x7709, 0x0)
r7 = creat(&(0x7f0000000040)='./bus\x00', 0x0)
fcntl$setstatus(r7, 0x4, 0x46000)
io_setup(0x2349, &(0x7f0000000240)=<r8=>0x0)
io_submit(r8, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x80000000000000, 0x1, 0x0, r7, &(0x7f0000000000), 0x377140be6b5ef4c7}])
fcntl$setstatus(0xffffffffffffffff, 0x4, 0x44800)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r9 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r9, 0x0, 0x8400fffffffa)
sendfile(r0, r9, 0x0, 0xffffffff)

08:55:14 executing program 3:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
fcntl$dupfd(r2, 0x0, r1)
fcntl$setstatus(r0, 0x4, 0x6900)
lseek(r0, 0x0, 0x2)
r3 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r3, 0x0, 0x8400fffffffa)
sendfile(r0, r3, 0x0, 0xffffffff)

08:55:14 executing program 3:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
fcntl$dupfd(r2, 0x0, r1)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r3 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r3, 0x0, 0x8400fffffffa)
sendfile(r0, r3, 0x0, 0xffffffff)

08:55:15 executing program 0:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = fcntl$dupfd(r2, 0x0, r1)
r4 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000040)='/dev/hwrng\x00', 0x203, 0x0)
ioctl$FS_IOC_GETFSMAP(r4, 0xc0c0583b, &(0x7f0000000180)={0x0, 0x0, 0x1, 0x0, [], [{0x200, 0x5, 0x4, 0x101, 0xfc00000000000000, 0xfffffffffffffe00}, {0x9, 0x8000, 0x400, 0x96, 0xff, 0xba}], [[]]})
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r5 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r5, 0x0, 0x8400fffffffa)
sendfile(r0, r5, 0x0, 0xffffffff)

08:55:15 executing program 4:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = fcntl$dupfd(r2, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r4 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r4, 0x0, 0x8400fffffffa)
sendfile(r0, r4, 0x0, 0xffffffff)
r5 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
fcntl$setstatus(r5, 0x4, 0x46000)
epoll_create1(0x0)
io_setup(0x2349, &(0x7f0000000240)=<r6=>0x0)
io_submit(r6, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x80000000000000, 0x1, 0x0, r5, &(0x7f0000000000), 0x377140be6b5ef4c7}])
ioctl$VIDIOC_G_EXT_CTRLS(r5, 0xc0205647, &(0x7f00000000c0)={0x9a0000, 0x10000, 0x5, <r7=>r1, 0x0, &(0x7f0000000080)={0xe55957e22f26fa1a, 0x40, [], @p_u32=&(0x7f0000000040)=0xfffffe01}})
r8 = syz_genetlink_get_family_id$tipc(&(0x7f0000000180)='TIPC\x00')
sendmsg$TIPC_CMD_GET_NETID(r7, &(0x7f0000000240)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)={0x1c, r8, 0x20, 0x70bd29, 0x25dfdbfd, {}, ["", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x800}, 0x0)

08:55:15 executing program 3:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
fcntl$dupfd(r2, 0x0, r1)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r3 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r3, 0x0, 0x8400fffffffa)
sendfile(r0, r3, 0x0, 0xffffffff)

08:55:15 executing program 2:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = fcntl$dupfd(r2, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
fcntl$setstatus(r0, 0x4, 0x6900)
setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(0xffffffffffffffff, 0x84, 0x6e, &(0x7f0000000400)=[@in={0x2, 0x4e22, @multicast1}, @in={0x2, 0x4e20, @loopback}, @in={0x2, 0x4e21, @private=0xa010102}, @in={0x2, 0x4e23, @private=0xa010102}, @in={0x2, 0x4e23, @initdev={0xac, 0x1e, 0x0, 0x0}}, @in6={0xa, 0x4e21, 0x20, @mcast2, 0xc9}, @in6={0xa, 0x4e21, 0x7fffffff, @ipv4={[], [], @empty}, 0x9}, @in={0x2, 0x4e23, @broadcast}, @in6={0xa, 0x4e21, 0x1, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0xc0f}, @in6={0xa, 0x4e23, 0x9, @initdev={0xfe, 0x88, [], 0x1, 0x0}, 0x80000001}], 0xd0)
ftruncate(r0, 0x800)
r4 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
fcntl$setstatus(r4, 0x4, 0x46000)
io_setup(0x2349, &(0x7f0000000240)=<r5=>0x0)
io_submit(r5, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x80000000000000, 0x1, 0x0, r4, &(0x7f0000000000), 0x377140be6b5ef4c7}])
lseek(r4, 0x0, 0x2)
r6 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
r7 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
fcntl$setstatus(r7, 0x4, 0x44000)
io_setup(0x2349, &(0x7f0000000240))
io_submit(0x0, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x80000000000000, 0x1, 0x20, r7, &(0x7f0000000040)}])
lseek(r7, 0x3, 0x3)
sendfile(r0, r6, 0x0, 0x8400fffffffa)
sendfile(r0, r6, 0x0, 0xffffffff)

08:55:15 executing program 2:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = fcntl$dupfd(r2, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r4 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r4, 0x0, 0x8400fffffffa)
getsockopt$inet6_opts(r3, 0x29, 0x3b, &(0x7f0000000040)=""/18, &(0x7f0000000080)=0x12)
sendfile(r0, r4, 0x0, 0xffffffff)

08:55:16 executing program 0:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = fcntl$dupfd(r2, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r4 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r4, 0x0, 0x8400fffffffa)
r5 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/btrfs-control\x00', 0x0, 0x0)
ioctl$ASHMEM_GET_PIN_STATUS(r5, 0x7709, 0x0)
sendfile(r0, r5, 0x0, 0xffffffff)

08:55:16 executing program 3:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
fcntl$dupfd(r2, 0x0, r1)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r3 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r3, 0x0, 0x8400fffffffa)
sendfile(r0, r3, 0x0, 0xffffffff)

08:55:16 executing program 4:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = fcntl$dupfd(r2, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r4 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r4, 0x0, 0x8400fffffffa)
sendfile(r0, r4, 0x0, 0xffffffff)
r5 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
fcntl$setstatus(r5, 0x4, 0x46000)
epoll_create1(0x0)
io_setup(0x2349, &(0x7f0000000240)=<r6=>0x0)
io_submit(r6, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x80000000000000, 0x1, 0x0, r5, &(0x7f0000000000), 0x377140be6b5ef4c7}])
ioctl$VIDIOC_G_EXT_CTRLS(r5, 0xc0205647, &(0x7f00000000c0)={0x9a0000, 0x10000, 0x5, <r7=>r1, 0x0, &(0x7f0000000080)={0xe55957e22f26fa1a, 0x40, [], @p_u32=&(0x7f0000000040)=0xfffffe01}})
r8 = syz_genetlink_get_family_id$tipc(&(0x7f0000000180)='TIPC\x00')
sendmsg$TIPC_CMD_GET_NETID(r7, &(0x7f0000000240)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)={0x1c, r8, 0x20, 0x70bd29, 0x25dfdbfd, {}, ["", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x800}, 0x0)

08:55:16 executing program 2:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = fcntl$dupfd(r2, 0x0, r1)
ioctl$FBIOGET_CON2FBMAP(r0, 0x460f, &(0x7f0000000040)={0x28, 0x2})
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r4 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r4, 0x0, 0x8400fffffffa)
sendfile(r0, r4, 0x0, 0xffffffff)

[ 2783.163110] kauditd_printk_skb: 41 callbacks suppressed
[ 2783.163119] audit: type=1804 audit(1591347317.319:600): pid=21228 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="ToMToU" comm="syz-executor.0" name="/root/syzkaller-testdir384449744/syzkaller.8GxjaF/4328/bus" dev="sda1" ino=15814 res=1
08:55:17 executing program 3:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140))
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0xffffffff)

08:55:17 executing program 0:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = fcntl$dupfd(r2, 0x406, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r4 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r4, 0x0, 0x8400fffffffa)
sendfile(r0, r4, 0x0, 0xffffffff)

[ 2783.361627] audit: type=1804 audit(1591347317.339:601): pid=21228 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.0" name="/root/syzkaller-testdir384449744/syzkaller.8GxjaF/4328/bus" dev="sda1" ino=15814 res=1
08:55:17 executing program 4:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = fcntl$dupfd(r2, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r4 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r4, 0x0, 0x8400fffffffa)
sendfile(r0, r4, 0x0, 0xffffffff)
r5 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
fcntl$setstatus(r5, 0x4, 0x46000)
epoll_create1(0x0)
io_setup(0x2349, &(0x7f0000000240)=<r6=>0x0)
io_submit(r6, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x80000000000000, 0x1, 0x0, r5, &(0x7f0000000000), 0x377140be6b5ef4c7}])
ioctl$VIDIOC_G_EXT_CTRLS(r5, 0xc0205647, &(0x7f00000000c0)={0x9a0000, 0x10000, 0x5, <r7=>r1, 0x0, &(0x7f0000000080)={0xe55957e22f26fa1a, 0x40, [], @p_u32=&(0x7f0000000040)=0xfffffe01}})
r8 = syz_genetlink_get_family_id$tipc(&(0x7f0000000180)='TIPC\x00')
sendmsg$TIPC_CMD_GET_NETID(r7, &(0x7f0000000240)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)={0x1c, r8, 0x20, 0x70bd29, 0x25dfdbfd, {}, ["", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x800}, 0x0)

[ 2783.548588] audit: type=1804 audit(1591347317.559:602): pid=21241 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="ToMToU" comm="syz-executor.2" name="/root/syzkaller-testdir440013971/syzkaller.BGz3RF/4619/bus" dev="sda1" ino=16497 res=1
[ 2783.638786] audit: type=1804 audit(1591347317.569:603): pid=21237 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.2" name="/root/syzkaller-testdir440013971/syzkaller.BGz3RF/4619/bus" dev="sda1" ino=16497 res=1
[ 2783.764030] audit: type=1804 audit(1591347317.619:604): pid=21244 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.0" name="/root/syzkaller-testdir384449744/syzkaller.8GxjaF/4329/bus" dev="sda1" ino=15900 res=1
[ 2783.868003] audit: type=1804 audit(1591347317.669:605): pid=21246 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.3" name="/root/syzkaller-testdir891778437/syzkaller.7QqUtx/878/bus" dev="sda1" ino=16141 res=1
[ 2783.993042] audit: type=1804 audit(1591347317.829:606): pid=21250 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.4" name="/root/syzkaller-testdir787812507/syzkaller.VZIQUG/4498/bus" dev="sda1" ino=16353 res=1
[ 2784.097705] audit: type=1804 audit(1591347317.959:607): pid=21252 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="ToMToU" comm="syz-executor.4" name="/root/syzkaller-testdir787812507/syzkaller.VZIQUG/4498/bus" dev="sda1" ino=16353 res=1
[ 2784.235100] audit: type=1804 audit(1591347318.389:608): pid=21253 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="ToMToU" comm="syz-executor.0" name="/root/syzkaller-testdir384449744/syzkaller.8GxjaF/4329/bus" dev="sda1" ino=15900 res=1
08:55:18 executing program 0:
r0 = creat(&(0x7f0000000100)='./file0\x00', 0x2)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = fcntl$dupfd(r2, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
r4 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/btrfs-control\x00', 0x0, 0x0)
ioctl$ASHMEM_GET_PIN_STATUS(r4, 0x7709, 0x0)
fcntl$setstatus(r4, 0x4, 0x800)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r5 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r5, 0x0, 0x8400fffffffa)
r6 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
fcntl$setstatus(r6, 0x4, 0x46000)
io_setup(0x7fffffff, &(0x7f0000000240)=<r7=>0x0)
io_submit(r7, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x80000000000000, 0x1, 0x0, r6, &(0x7f0000000000), 0x377140be6b5ef4c7}])
sendfile(r6, r5, 0x0, 0xffffffff)
r8 = open(&(0x7f0000000040)='./bus\x00', 0x0, 0xe1)
bind$bt_hci(r8, &(0x7f0000000080)={0x1f, 0xffffffffffffffff, 0x1}, 0x6)

08:55:18 executing program 3:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0xffffffff)

[ 2784.387161] audit: type=1804 audit(1591347318.419:609): pid=21253 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.0" name="/root/syzkaller-testdir384449744/syzkaller.8GxjaF/4329/bus" dev="sda1" ino=15900 res=1
08:55:18 executing program 4:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
fcntl$dupfd(r2, 0x0, r1)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r3 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r3, 0x0, 0x8400fffffffa)
sendfile(r0, r3, 0x0, 0xffffffff)

08:55:18 executing program 0:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = fcntl$dupfd(r2, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r4 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
r5 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/btrfs-control\x00', 0x0, 0x0)
ioctl$ASHMEM_GET_PIN_STATUS(r5, 0x7709, 0x0)
lseek(r5, 0x101, 0x2)
sendfile(r0, r4, 0x0, 0x8400fffffffa)
ioctl$TUNSETOFFLOAD(r4, 0x400454d0, 0x13)
sendfile(r0, r4, 0x0, 0xffffffff)

08:55:19 executing program 3:
fcntl$setstatus(0xffffffffffffffff, 0x4, 0x6900)
ftruncate(0xffffffffffffffff, 0x800)
lseek(0xffffffffffffffff, 0x0, 0x2)
r0 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(0xffffffffffffffff, r0, 0x0, 0x8400fffffffa)
sendfile(0xffffffffffffffff, r0, 0x0, 0xffffffff)

08:55:19 executing program 3:
fcntl$setstatus(0xffffffffffffffff, 0x4, 0x6900)
ftruncate(0xffffffffffffffff, 0x800)
lseek(0xffffffffffffffff, 0x0, 0x2)
r0 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(0xffffffffffffffff, r0, 0x0, 0x8400fffffffa)
sendfile(0xffffffffffffffff, r0, 0x0, 0xffffffff)

08:55:19 executing program 4:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = fcntl$dupfd(r2, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r4 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
r5 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/btrfs-control\x00', 0x0, 0x0)
ioctl$ASHMEM_GET_PIN_STATUS(r5, 0x7709, 0x0)
lseek(r5, 0x101, 0x2)
sendfile(r0, r4, 0x0, 0x8400fffffffa)
ioctl$TUNSETOFFLOAD(r4, 0x400454d0, 0x13)
sendfile(r0, r4, 0x0, 0xffffffff)

08:55:19 executing program 3:
fcntl$setstatus(0xffffffffffffffff, 0x4, 0x6900)
ftruncate(0xffffffffffffffff, 0x800)
lseek(0xffffffffffffffff, 0x0, 0x2)
r0 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(0xffffffffffffffff, r0, 0x0, 0x8400fffffffa)
sendfile(0xffffffffffffffff, r0, 0x0, 0xffffffff)

08:55:19 executing program 0:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = fcntl$dupfd(r2, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r4 = open(&(0x7f0000000000)='./bus\x00', 0x200002, 0x143)
ioctl$sock_inet_SIOCGIFBRDADDR(r4, 0x8919, &(0x7f0000000040)={'wg2\x00', {0x2, 0x4e22, @private=0xa010102}})
sendfile(r0, r4, 0x0, 0x8400fffffffa)
r5 = openat$vsock(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vsock\x00', 0x20000, 0x0)
faccessat(r5, &(0x7f0000000100)='./bus\x00', 0x8, 0x1400)
sendfile(r0, r4, 0x0, 0xffffffff)

08:55:20 executing program 3:
r0 = creat(0x0, 0x0)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0xffffffff)

08:55:20 executing program 0:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = fcntl$dupfd(r2, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
semget$private(0x0, 0x0, 0x408)
r4 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r4, 0x0, 0x8400fffffffa)
sendfile(r0, r4, 0x0, 0xffffffff)

08:55:20 executing program 3:
r0 = creat(0x0, 0x0)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0xffffffff)

08:55:20 executing program 3:
r0 = creat(0x0, 0x0)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0xffffffff)

08:55:20 executing program 3:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
fcntl$setstatus(0xffffffffffffffff, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0xffffffff)

08:55:21 executing program 0:
r0 = creat(&(0x7f0000000080)='./bus/file0\x00', 0x40)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = fcntl$dupfd(r2, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r4 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r4, 0x0, 0x8400fffffffa)
sendfile(r0, r4, 0x0, 0xffffffff)

08:55:21 executing program 4:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
fcntl$dupfd(r2, 0x0, r1)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r3 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r3, 0x0, 0xffffffff)

08:55:21 executing program 3:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
fcntl$setstatus(0xffffffffffffffff, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0xffffffff)

08:55:21 executing program 0:
r0 = creat(&(0x7f0000000200)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = fcntl$dupfd(r2, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
fcntl$setstatus(r1, 0x4, 0x6900)
r4 = syz_open_pts(r3, 0x200)
r5 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
fcntl$setstatus(r5, 0x4, 0x46000)
io_setup(0x2349, &(0x7f0000000240)=<r6=>0x0)
io_submit(r6, 0x1, &(0x7f00000001c0)=[&(0x7f00000000c0)={0x0, 0x0, 0x80000000000000, 0x8, 0x3, r5}])
io_setup(0x2349, &(0x7f0000000240)=<r7=>0x0)
io_submit(r7, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x80000000000000, 0x1, 0x0, 0xffffffffffffffff, &(0x7f0000000000), 0x377140be6b5ef4c7}])
getsockopt$IP_VS_SO_GET_SERVICES(0xffffffffffffffff, 0x0, 0x482, &(0x7f0000000100)=""/55, &(0x7f0000000180)=0x37)
ioctl$SOUND_MIXER_READ_RECMASK(r5, 0x80044dfd, &(0x7f0000000080))
ioctl$TIOCPKT(r4, 0x5420, &(0x7f0000000040)=0xfffffff8)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r8 = open(&(0x7f0000000000)='./bus\x00', 0xc42c0, 0x0)
sendfile(r0, r8, 0x0, 0x8400fffffffa)
sendfile(r0, r8, 0x0, 0xffffffff)

08:55:21 executing program 0:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = fcntl$dupfd(r2, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r4 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
r5 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
fcntl$setstatus(r5, 0x4, 0x46000)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0x5, &(0x7f0000001000)=ANY=[@ANYBLOB="bf16000000000000b70700000100f0ff5070000000000000300000000000c00095000000000000002ba728041598d6fbd30cb599e83d24a3aa81d36bb3019c13bd2321af3cf1a54f26fb0b71d0e6adfefcf1d8f7faf75e0f226bd917487960717142fa9ea4318123751c0a0e168c1886d0d4d94f2f4e345c652fbc16ee988e6e0dc8cedf3ceb9fbfbf9b0a4def23d410f6296b32a83438810720a159cda903634e369a9e152ddcc7b1b85f3c4744aeaccd3641110bec4e9027a0c8055bbfc3a96d2e8910c2c39e4b3449abe802f5ab3e89cf6c662ed4048d3b3e22278d00031e5388ee5c867ddd58211d6ece1ccb0cd2b6d3cffd963218ce740068725837074e468ee207d2f73902ebcfcf49822775985bf31b715f5888b24efa000000000000000000000000000000000000000000000000020000000000000000000000000000b27cf3d1848a54d7132be1ffb0adf9deab29ea3323aa9fdfb52fafb09c3bfd09000000b91ab219efdebb7b3de8f67581cf796a1d4223b9ff7ffcad3f6c962b9f03000000000000001cf41ab11f12fb1e0a494034127de7c6592df1a6c64d8f20a67745409e011f1264d43e153b3d34899f40159e800ea2474b540500a30b23bcee46762c2093bcc9eae5ee3e980026c96f80ee1a74e04bde740750fa4d9aaa705989b8e673e3296e52d337c56abf112874ec309baed0495f06d058a73651d6fe048ba6866adebab53168770a71ad901ace383e41d277b103923a9d971f7a2591dbe4a912ffaf6f658f3f9cd16286744f83a83f138f8f92efd92239eafce5c1b3f97a297c9e49a0c3300ef7b7fb5f09e0c8a868a353409e34d3e82279637599f35ad380a447483cac394c7bbdcd0e3b1c39b6e00916de48a4e70f03cc4146a77af02c1d4cefd4a2b94c0aed8477dfa8ceefb467f05c6977c78cdbf37704ec73755539280b064bda144910fe050038ec9e47de89298b7bf4d769ccc18eede00e8ca5457870eb30d211e23ccc8e06dddeb61799257ab55ff413c86ba9affb12ec757c7234c270246c878d01160e6c07bf6cf8809c3a0d462357b22515567230ad1e1f4933545fc3c741374211663f6b63b1dd044dd0a2768e825972ea3b77641467c89fa0f82e8440105051e5510a33dcda5e143fbf221fff161c12ca389cbe4c51b3fa00675cc175067d2a214f8c9d9b2ecf63b66c5fd9c26a54d43fa050b88d1d43a8645bd9109b7e7131421c0f39113be7664e08bdd7115c61afcb718cf3c4680b2f6c7a84a4e378a9b15bc20f49e298727340e87cdefb40e56e9cfad973347d0de7ba4754ff231a1b933d8f931ba3552b2c7c503f3d0e7ab0e958adb862822e40009995ae166deb9856291a43a6f7eb2e32cefbf46306f2af79b8d4c2bf0f7a2cb032dad13007b82e6044f643fc8cd47ae636a5dbe9864a117d27326850a7c3b570863f532c218b10af13d7be94987005088a83880ccab9c9920c2d2af8c5e13d52c83ac3fa7c3ae6c08384865b66d2b4dcb5dd9cba16b64ebbbf8702ae12c77e6e34991af603e3856a346cf7f9fe0bc9f2a1a7506d35e5eb7088aeda890cf8a4a6f31ba6d9b8cb098f935bdcbb29fd0f1a342c9eed00000000ab6648a9dea0"], &(0x7f0000000140)='GPL\x00'}, 0x48)
r7 = socket$inet(0x2, 0x4000000000000001, 0x0)
getsockopt$sock_cred(r7, 0x1, 0x11, &(0x7f0000caaffb)={0x0, <r8=>0x0}, &(0x7f0000cab000)=0xc)
setreuid(0x0, r8)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000380)={r6, 0x0, 0x0}, 0x10)
io_setup(0x2349, &(0x7f0000000240)=<r9=>0x0)
io_submit(r9, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x80000000000000, 0x1, 0x0, r5, &(0x7f0000000000), 0x377140be6b5ef4c7}])
ioctl$IMGETVERSION(r5, 0x80044942, &(0x7f0000000040))
sendfile(r0, r4, 0x0, 0x8400fffffffa)
sendfile(r0, r4, 0x0, 0xffffffff)

08:55:22 executing program 4 (fault-call:6 fault-nth:0):
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0xffffffff)

08:55:22 executing program 3:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
fcntl$setstatus(0xffffffffffffffff, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0xffffffff)

[ 2788.175334] kauditd_printk_skb: 17 callbacks suppressed
[ 2788.175343] audit: type=1804 audit(1591347322.330:627): pid=21327 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.4" name="/root/syzkaller-testdir787812507/syzkaller.VZIQUG/4502/bus" dev="sda1" ino=16049 res=1
[ 2788.250804] audit: type=1804 audit(1591347322.410:628): pid=21329 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.3" name="/root/syzkaller-testdir891778437/syzkaller.7QqUtx/888/bus" dev="sda1" ino=16286 res=1
[ 2788.295059] FAULT_INJECTION: forcing a failure.
[ 2788.295059] name failslab, interval 1, probability 0, space 0, times 0
[ 2788.367929] CPU: 0 PID: 21330 Comm: syz-executor.4 Not tainted 4.14.183-syzkaller #0
[ 2788.375870] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2788.385229] Call Trace:
[ 2788.387840]  dump_stack+0x1b2/0x283
[ 2788.391513]  should_fail.cold+0x10a/0x154
[ 2788.395684]  should_failslab+0xd6/0x130
[ 2788.399667]  kmem_cache_alloc_trace+0x2b7/0x3f0
[ 2788.404349]  alloc_pipe_info+0xaa/0x380
[ 2788.408335]  splice_direct_to_actor+0x581/0x730
[ 2788.413011]  ? avc_policy_seqno+0x5/0x10
[ 2788.417077]  ? generic_pipe_buf_nosteal+0x10/0x10
[ 2788.421962]  ? do_splice_to+0x150/0x150
[ 2788.425941]  ? rw_verify_area+0xe1/0x290
[ 2788.430069]  do_splice_direct+0x164/0x210
[ 2788.434223]  ? splice_direct_to_actor+0x730/0x730
[ 2788.439085]  ? rcu_read_lock_sched_held+0x10a/0x130
[ 2788.444109]  ? rcu_sync_lockdep_assert+0x69/0xa0
[ 2788.448890]  do_sendfile+0x469/0xaf0
[ 2788.452616]  ? do_compat_pwritev64+0x140/0x140
[ 2788.457213]  SyS_sendfile64+0xff/0x110
[ 2788.461110]  ? SyS_sendfile+0x130/0x130
[ 2788.465090]  ? do_syscall_64+0x4c/0x640
[ 2788.469070]  ? SyS_sendfile+0x130/0x130
[ 2788.473054]  do_syscall_64+0x1d5/0x640
[ 2788.476962]  entry_SYSCALL_64_after_hwframe+0x46/0xbb
[ 2788.482191] RIP: 0033:0x45ca69
[ 2788.485379] RSP: 002b:00007ff5ac366c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[ 2788.493314] RAX: ffffffffffffffda RBX: 00000000004fc580 RCX: 000000000045ca69
[ 2788.500674] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000003
[ 2788.507951] RBP: 000000000078bfa0 R08: 0000000000000000 R09: 0000000000000000
[ 2788.515326] R10: 00000000ffffffff R11: 0000000000000246 R12: 0000000000000005
[ 2788.522600] R13: 00000000000008dc R14: 00000000004cba56 R15: 00007ff5ac3676d4
08:55:22 executing program 0:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = fcntl$dupfd(r2, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
perf_event_open(&(0x7f0000000080)={0x5, 0x70, 0xf9, 0x7f, 0x92, 0x8, 0x0, 0x8, 0x80288, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x2, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x3, 0x4, @perf_bp={&(0x7f0000000040)}, 0x1584a, 0xfffffffffffffffc, 0x5, 0x0, 0x6, 0x2, 0x5}, 0x0, 0x1, 0xffffffffffffffff, 0x2)
r4 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r4, 0x0, 0x8400fffffffa)
r5 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000180)='/dev/hwrng\x00', 0x8c040, 0x0)
ioctl$TIOCGWINSZ(r5, 0x5413, &(0x7f00000001c0))
sendfile(r0, r4, 0x0, 0xffffffff)
io_submit(0x0, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x80000000000000, 0x1, 0x0, 0xffffffffffffffff, &(0x7f0000000000), 0x377140be6b5ef4c7}])
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x18, 0xfa00, {0x3, &(0x7f0000000200)={<r6=>0xffffffffffffffff}, 0x13f, 0x1}}, 0x20)
write$RDMA_USER_CM_CMD_ACCEPT(r5, &(0x7f0000000300)={0x8, 0x120, 0xfa00, {0x1, {0x3, 0x9, "d91740528af2bedfc8ad8652b13eb04c2baa037e7d7e3cbc439fb0343b55f9c355d2e5695781fecb3c3d492e1b1f1ed04dc2166cf70218fba1992f1d1ac730b7553f22dd29fda08868ffc2b2952c3b0ab7e6737b468b09e249437be2951f5046e53c62aa067fdad56e7ed91295968dc6e68de788ef82ab31d06e34efe34437c8de87b63fe4679639b4ebce41028f1e1c2cd7dc4c33f772ef51527e7cee5b9dc6cb3450e0c86eccb6f82698e7e102654895b46899da45ca6097b2972d0b7028dcd298fa41d1b53da6ec42088957e2b5e865003c35d808f73b2ba8f126a98af874bde5997c56d4d704c83fac6c8cf0b4e4c63f2557cbc3b7a4a31b110db047a1db", 0x7, 0x0, 0xfe, 0x7, 0x0, 0x80, 0xff}, r6}}, 0x128)
r7 = openat$vcsa(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vcsa\x00', 0x149301, 0x0)
r8 = socket$netlink(0x10, 0x3, 0x0)
getsockopt$sock_cred(r8, 0x1, 0x11, &(0x7f0000000280)={0x0, 0x0, <r9=>0x0}, &(0x7f0000cab000)=0xc)
ioctl$TUNSETGROUP(r7, 0x400454ce, r9)

[ 2788.666360] audit: type=1804 audit(1591347322.820:629): pid=21333 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.0" name="/root/syzkaller-testdir384449744/syzkaller.8GxjaF/4337/bus" dev="sda1" ino=16338 res=1
08:55:23 executing program 3:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x0)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0xffffffff)

[ 2789.191435] audit: type=1804 audit(1591347323.350:630): pid=21337 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.3" name="/root/syzkaller-testdir891778437/syzkaller.7QqUtx/889/bus" dev="sda1" ino=16286 res=1
08:55:23 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_CLOCK(0xffffffffffffffff, 0x4030ae7b, &(0x7f0000000000)={0xec2})
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
r3 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/btrfs-control\x00', 0x0, 0x0)
ioctl$ASHMEM_GET_PIN_STATUS(r3, 0x7709, 0x0)
ioctl$DRM_IOCTL_MODE_GETPROPBLOB(r3, 0xc01064ac, &(0x7f0000000280)={0x0, 0x3d, &(0x7f0000000040)=""/61})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000026000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, &(0x7f00000003c0)={'batadv_slave_1\x00'})
r4 = add_key$user(&(0x7f00000001c0)='user\x00', &(0x7f0000000200)={'syz', 0x3}, &(0x7f0000000240)='t', 0x1, 0xffffffffffffffff)
keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, r4, 0x0, &(0x7f00000002c0)=@builtin='builtin_trusted\x00')
keyctl$update(0x2, r4, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
r5 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/btrfs-control\x00', 0x0, 0x0)
ioctl$ASHMEM_GET_PIN_STATUS(r5, 0x7709, 0x0)
syz_kvm_setup_cpu$x86(r1, r5, &(0x7f000003d000/0x18000)=nil, &(0x7f0000000380)=[@text32={0x20, &(0x7f0000000300)="672e98c4e3fdcf1708660ff5e8c4c1f97da5a4690000c4e2dda6100f784800b811cd41310f23d00f21f8353000000d0f23f80f20e035000040000f22e0a300000000d9ff", 0x44}], 0x1, 0x0, &(0x7f00000003c0), 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000000c0)={{0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x4}, {}, {0x0, 0x4000, 0x0, 0x0, 0x0, 0xdd, 0x9}, {0x1000, 0x0, 0x0, 0xfc, 0x0, 0x0, 0x0, 0x0, 0xff}, {}, {0x0, 0x0, 0x0, 0x4, 0xce, 0x0, 0xfd, 0x0, 0x0, 0x3}, {0x0, 0xd000, 0x0, 0x0, 0x0, 0x0, 0x2}, {0x1000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, {0x1}, {}, 0x80000004, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x20]})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

[ 2789.465433] audit: type=1804 audit(1591347323.620:631): pid=21335 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="ToMToU" comm="syz-executor.0" name="/root/syzkaller-testdir384449744/syzkaller.8GxjaF/4337/bus" dev="sda1" ino=16338 res=1
[ 2789.507440] *** Guest State ***
[ 2789.512779] CR0: actual=0x0000000080000024, shadow=0x0000000080000004, gh_mask=fffffffffffffff7
[ 2789.558124] audit: type=1804 audit(1591347323.650:632): pid=21334 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.0" name="/root/syzkaller-testdir384449744/syzkaller.8GxjaF/4337/bus" dev="sda1" ino=16338 res=1
[ 2789.564236] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
08:55:23 executing program 0:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140))
r1 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x46000)
io_setup(0x2349, &(0x7f0000000240)=<r2=>0x0)
io_submit(r2, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x80000000000000, 0x1, 0x0, r1, &(0x7f0000000000), 0x377140be6b5ef4c7}])
r3 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
fcntl$setstatus(r3, 0x4, 0x46000)
io_setup(0x2349, &(0x7f0000000240)=<r4=>0x0)
io_submit(r4, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x80000000000000, 0x1, 0x0, r3, &(0x7f0000000000), 0x377140be6b5ef4c7}])
r5 = fcntl$dupfd(r1, 0x0, r3)
ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200)
fcntl$setstatus(r0, 0x4, 0x6900)
ioctl$UI_SET_PHYS(r1, 0x4008556c, &(0x7f0000000040)='syz0\x00')
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r6 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r6, 0x0, 0x8400fffffffa)
sendfile(r0, r6, 0x0, 0xffffffff)

[ 2789.707504] CR3 = 0x0000000000000000
[ 2789.724588] RSP = 0x0000000000002006  RIP = 0x0000000000000000
[ 2789.745511] RFLAGS=0x00010002         DR7 = 0x0000000000000400
[ 2789.765662] Sysenter RSP=0000000000000f80 CS:RIP=0050:0000000000002810
[ 2789.782978] audit: type=1804 audit(1591347323.940:633): pid=21349 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.0" name="/root/syzkaller-testdir384449744/syzkaller.8GxjaF/4338/bus" dev="sda1" ino=16049 res=1
[ 2789.826256] CS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2789.859924] DS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2789.893836] SS:   sel=0x0000, attr=0x0c005, limit=0x00000000, base=0x0000000000000000
08:55:24 executing program 4:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
setsockopt$kcm_KCM_RECV_DISABLE(r0, 0x119, 0x1, &(0x7f00000000c0)=0x2, 0x4)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
r2 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/btrfs-control\x00', 0x0, 0x0)
ioctl$ASHMEM_GET_PIN_STATUS(r2, 0x7709, 0x0)
flock(r2, 0x2)
r3 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dlm-monitor\x00', 0x268000, 0x0)
openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000500)='/dev/dlm_plock\x00', 0x30100, 0x0)
r4 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/btrfs-control\x00', 0x0, 0x0)
ioctl$ASHMEM_GET_PIN_STATUS(r4, 0x7709, 0x0)
socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt$inet_sctp6_SCTP_DELAYED_SACK(r4, 0x84, 0x10, &(0x7f0000000140)=@assoc_value={0x0, 0x9}, 0x8)
r5 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/btrfs-control\x00', 0x0, 0x0)
ioctl$ASHMEM_GET_PIN_STATUS(r5, 0x7709, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r5, &(0x7f0000000080)={0x4})
sendfile(r0, r1, 0x0, 0xffffffff)

[ 2789.939296] ES:   sel=0x0000, attr=0x10000, limit=0x00004000, base=0x0000000000000000
[ 2789.965610] FS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000001000
08:55:24 executing program 3:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x0)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0xffffffff)

[ 2790.037519] GS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2790.054599] GDTR:                           limit=0x00000000, base=0x0000000000000001
[ 2790.067730] audit: type=1804 audit(1591347324.230:634): pid=21353 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.4" name="/root/syzkaller-testdir787812507/syzkaller.VZIQUG/4503/bus" dev="sda1" ino=16659 res=1
[ 2790.096046] LDTR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000001000
[ 2790.105890] IDTR:                           limit=0x00000000, base=0x0000000000000000
[ 2790.159052] TR:   sel=0x0000, attr=0x10000, limit=0x0000d000, base=0x0000000000000000
[ 2790.191333] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[ 2790.209582] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[ 2790.218906] Interruptibility = 00000000  ActivityState = 00000000
[ 2790.237811] *** Host State ***
[ 2790.242276] RIP = 0xffffffff8116426f  RSP = 0xffff888056aff9d0
08:55:24 executing program 2:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = fcntl$dupfd(r2, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r4 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r4, 0x0, 0x8400fffffffa)
sendfile(r0, r4, 0x0, 0xffffffff)
r5 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/btrfs-control\x00', 0x0, 0x0)
ioctl$ASHMEM_GET_PIN_STATUS(r5, 0x7709, 0x0)
r6 = creat(0x0, 0x0)
ioctl$EXT4_IOC_SETFLAGS(r6, 0x40086602, 0x0)
write$binfmt_elf64(r6, &(0x7f0000000200)=ANY=[], 0x8)
ioctl$DRM_IOCTL_MODE_LIST_LESSEES(0xffffffffffffffff, 0xc01064c7, &(0x7f0000000100)={0x7, 0x0, &(0x7f0000000040)=[<r7=>0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
ioctl$ASHMEM_GET_PIN_STATUS(0xffffffffffffffff, 0x7709, 0x0)
ioctl$sock_SIOCOUTQ(0xffffffffffffffff, 0x5411, &(0x7f0000000080))
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r6, 0xc01864c6, &(0x7f00000001c0)={&(0x7f0000000000)=[0x0], 0x1, 0x80800, r7})
ioctl$DRM_IOCTL_MODE_REVOKE_LEASE(r5, 0xc00464c9, &(0x7f0000000040)={r7})

[ 2790.260260] audit: type=1804 audit(1591347324.420:635): pid=21361 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.3" name="/root/syzkaller-testdir891778437/syzkaller.7QqUtx/890/bus" dev="sda1" ino=16676 res=1
[ 2790.318516] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[ 2790.355040] FSBase=00007fc3c74e3700 GSBase=ffff8880aec00000 TRBase=fffffe0000003000
[ 2790.419611] audit: type=1804 audit(1591347324.550:636): pid=21364 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.2" name="/root/syzkaller-testdir440013971/syzkaller.BGz3RF/4620/bus" dev="sda1" ino=16772 res=1
[ 2790.454938] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000
[ 2790.470753] CR0=0000000080050033 CR3=000000004cc1b000 CR4=00000000001426f0
[ 2790.479367] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff864018c0
[ 2790.488444] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[ 2790.499197] *** Control State ***
[ 2790.508174] PinBased=0000003f CPUBased=b6986dfe SecondaryExec=000000ea
[ 2790.540254] EntryControls=0000d1ff ExitControls=002fefff
[ 2790.607934] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
08:55:24 executing program 0:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040))
syz_init_net_socket$x25(0x9, 0x5, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200)
io_setup(0x2349, &(0x7f0000000240)=<r1=>0x0)
io_submit(r1, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x80000000000000, 0x1, 0x0, 0xffffffffffffffff, &(0x7f0000000000), 0x377140be6b5ef4c7}])
r2 = socket$inet6_sctp(0xa, 0x5, 0x84)
shutdown(r2, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r2, 0x84, 0x6f, &(0x7f0000000040)={0x0, 0xfffffca5, &(0x7f0000000300)=[@in={0x2, 0x4e22, @dev={0xac, 0x14, 0x14, 0x2a}}, @in6={0xa, 0x4e23, 0x0, @ipv4={[], [], @empty}, 0x5}, @in={0x2, 0x4e23, @multicast2}, @in={0x2, 0x4e20, @loopback}, @in6={0xa, 0x4e20, 0x4, @dev={0xfe, 0x80, [], 0x36}, 0x5}, @in={0x2, 0x4e22, @initdev={0xac, 0x1e, 0x0, 0x0}}, @in6={0xa, 0x4e21, 0x1, @mcast1, 0xffffffff}]}, &(0x7f0000000180)=0x10)
r3 = socket$inet(0x2, 0x80001, 0x84)
getsockopt$inet_sctp_SCTP_MAX_BURST(r3, 0x84, 0x14, &(0x7f00000000c0)=@assoc_value={<r4=>0x0}, &(0x7f0000000100)=0xfffffdeb)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r2, 0x84, 0x7d, &(0x7f0000000240)={r4}, 0x9c)
setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, &(0x7f0000000080)={r4, 0x8}, 0xc)
fcntl$setstatus(r0, 0x4, 0x6900)
syz_mount_image$msdos(&(0x7f0000000040)='msdos\x00', &(0x7f0000000100)='./file0\x00', 0xffc00000, 0x1, &(0x7f0000000180)=[{&(0x7f0000000000)="0400000900000000666174000404090a0200027400f801", 0x17}], 0x0, &(0x7f0000000480)={[{@fat=@nocase='nocase'}]})
r5 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r6 = syz_open_procfs(0x0, &(0x7f0000000080)='mountinfo\x00')
sendfile(r5, r6, 0x0, 0x800000080004103)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)

[ 2790.685097] VMEntry: intr_info=8000030d errcode=00000000 ilen=00000000
[ 2790.751777] VMExit: intr_info=00000000 errcode=00000000 ilen=00000003
[ 2790.825189]         reason=80000021 qualification=0000000000000000
[ 2790.886954] IDTVectoring: info=00000000 errcode=00000000
[ 2790.951154] TSC Offset = 0xfffffa270ca936bc
08:55:25 executing program 4:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
r1 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dlm-monitor\x00', 0x2002, 0x0)
sendmsg$NFQNL_MSG_CONFIG(r1, &(0x7f0000000140)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000100)={&(0x7f0000000300)=ANY=[@ANYBLOB="34000000020300000000000000000000030000020800010001000015080003400000100008000540000000310800034000000007b0d9b0c933f4a63d45f7dc697404e6a86a51489bd07f31ed1082ede8f57d064bdaaa3f1d0488c2da73f78130241bf3d286143d82dc3f24aecef4ce09f05e639c957517faa591f7115bd6b7444a41c3ae392131d952b696dc836893e429c55c7f2897765f409f0ae220535e04f1b66b20706dd3c4b90f3b8d46a856b14efa1d0a0f829c157f4a4ac5c99f68d3c91bf429e136fa61ed86d68d02082284eb9a8ee2dc9010dd7cfc3006ffb47f099a9c33c112ee5a9c79de9f7bae79710590792033c29e7d35cdb1a061b8e10768dbe9d41e86b2a2a4fe755ba3e52f086bf0fffb6bb22ff90516a175b4c40e6167c983a09f4769af754ef71ee9180fe61592ddb60c152e232b80afe97113741945f9bf7900b224cba6d633d17004190fb99b11168f43d04af5f9d510156e876c740b4eeb41a7e25d85164221"], 0x34}, 0x1, 0x0, 0x0, 0x4040}, 0x8000)
lseek(r0, 0x0, 0x2)
r2 = open(&(0x7f0000000000)='./bus\x00', 0x1a000, 0x0)
sendfile(r0, r2, 0x0, 0x8400fffffffa)
sendfile(r0, r2, 0x0, 0xffffffff)
get_mempolicy(&(0x7f0000000180), &(0x7f00000001c0), 0x8, &(0x7f0000ffc000/0x2000)=nil, 0x6)

[ 2790.951165] EPT pointer = 0x000000004f93c01e
[ 2790.951172] Virtual processor ID = 0x001c
08:55:25 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_CLOCK(0xffffffffffffffff, 0x4030ae7b, &(0x7f0000000000)={0xec2})
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000026000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000000c0)={{0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x9}, {}, {}, {0x5002}, {}, {0x0, 0x0, 0x0, 0x4, 0xce, 0x0, 0xfd}, {}, {}, {0x1}, {}, 0x80000004, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x20]})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

08:55:25 executing program 3:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x0)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0xffffffff)

08:55:25 executing program 4:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x400002, 0x14d)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0xffffffff)

[ 2791.247420] *** Guest State ***
[ 2791.247431] CR0: actual=0x0000000080000024, shadow=0x0000000080000004, gh_mask=fffffffffffffff7
08:55:25 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_GET_SUPPORTED_CPUID(r0, 0xc008ae05, &(0x7f0000000040)=""/45)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_CLOCK(0xffffffffffffffff, 0x4030ae7b, &(0x7f0000000000)={0xec2})
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000026000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000000c0)={{0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x9}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x4, 0xce, 0x0, 0xfd}, {}, {}, {0x1}, {}, 0x80000004, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x20]})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

08:55:25 executing program 4:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
r1 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000180)='/dev/dsp\x00', 0x80c00, 0x0)
fcntl$setstatus(r1, 0x4, 0xc0149d02c3fc8e51)
recvmsg$kcm(r0, &(0x7f0000002700)={&(0x7f00000001c0)=@ipx, 0x80, &(0x7f0000002640)=[{&(0x7f0000000580)=""/4096, 0x1000}, {&(0x7f0000000300)=""/149, 0x95}, {&(0x7f00000003c0)=""/239, 0xef}, {&(0x7f0000001580)=""/4096, 0x1000}, {&(0x7f0000002580)=""/163, 0xa3}, {&(0x7f00000004c0)=""/117, 0x75}, {&(0x7f0000000280)=""/8, 0x8}], 0x7, &(0x7f00000026c0)}, 0x40000000)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r2 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
prctl$PR_GET_FPEXC(0xb, &(0x7f0000000100))
sendfile(r0, r2, 0x0, 0x8400fffffffa)
r3 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
fcntl$setstatus(r3, 0x4, 0x46000)
io_setup(0x2349, &(0x7f0000000240)=<r4=>0x0)
io_submit(r4, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x80000000000000, 0x1, 0x0, r3, &(0x7f0000000000), 0x377140be6b5ef4c7}])
getsockopt$inet6_tcp_TCP_REPAIR_WINDOW(r3, 0x6, 0x1d, &(0x7f0000000040), &(0x7f0000000080)=0x14)
sendfile(r0, r2, 0x0, 0xffffffff)

[ 2791.247439] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
08:55:25 executing program 2:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = fcntl$dupfd(r2, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
r4 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/btrfs-control\x00', 0x0, 0x0)
ioctl$ASHMEM_GET_PIN_STATUS(r4, 0x7709, 0x0)
r5 = socket$inet6_sctp(0xa, 0x5, 0x84)
shutdown(r5, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r5, 0x84, 0x6f, &(0x7f0000000200)={0x0, 0x44, &(0x7f00000003c0)=[@in={0x2, 0x4e22, @dev={0xac, 0x14, 0x14, 0xe}}, @in={0x2, 0x4e24, @remote}, @in={0x2, 0x4e23, @initdev={0xac, 0x1e, 0x1, 0x0}}, @in={0x2, 0x4e20, @loopback}, @in={0x2, 0x4e20, @initdev={0xac, 0x1e, 0x1, 0x0}}, @in={0x2, 0x4e22, @initdev={0xac, 0x1e, 0x2, 0x0}}, @in6={0xa, 0x4e21, 0x1, @mcast1, 0xffffffff}, @in={0x2, 0x4e24, @rand_addr=0x64012101}]}, &(0x7f0000000180)=0x10)
r6 = socket$inet(0x2, 0x80001, 0x84)
getsockopt$inet_sctp_SCTP_MAX_BURST(r6, 0x84, 0x14, &(0x7f00000000c0)=@assoc_value={<r7=>0x0}, &(0x7f0000000100)=0xfffffdeb)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r5, 0x84, 0x7d, &(0x7f0000000240)={r7}, 0x9c)
getsockopt$inet_sctp6_SCTP_ASSOCINFO(r4, 0x84, 0x1, &(0x7f0000000040)={r7, 0x40, 0xffff, 0xffff8001, 0x7, 0x9}, &(0x7f0000000080)=0x14)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
setsockopt$inet_sctp_SCTP_CONTEXT(0xffffffffffffffff, 0x84, 0x11, &(0x7f00000001c0)={0x0, 0x9}, 0x8)
r8 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r8, 0x0, 0x8400fffffffa)
sendfile(r0, r8, 0x0, 0xffffffff)

[ 2791.247443] CR3 = 0x0000000000000000
[ 2791.247449] RSP = 0x0000000000002018  RIP = 0x0000000000000000
[ 2791.247457] RFLAGS=0x00000002         DR7 = 0x0000000000000400
[ 2791.247468] Sysenter RSP=0000000000000f80 CS:RIP=0050:0000000000002810
[ 2791.247475] CS:   sel=0x0000, attr=0x08081, limit=0x00000000, base=0x0000000000000000
[ 2791.247488] DS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
08:55:25 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_CLOCK(0xffffffffffffffff, 0x4030ae7b, &(0x7f0000000000)={0xec2})
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000026000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
r3 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/btrfs-control\x00', 0x0, 0x0)
ioctl$ASHMEM_GET_PIN_STATUS(r3, 0x7709, 0x0)
r4 = socket$inet6_sctp(0xa, 0x5, 0x84)
shutdown(r4, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r4, 0x84, 0x6f, &(0x7f0000000040)={0x0, 0xfffffca5, &(0x7f0000000300)=[@in={0x2, 0x4e22, @dev={0xac, 0x14, 0x14, 0x2a}}, @in6={0xa, 0x4e23, 0x0, @ipv4={[], [], @empty}, 0x5}, @in={0x2, 0x4e23, @multicast2}, @in={0x2, 0x4e20, @loopback}, @in6={0xa, 0x4e20, 0x4, @dev={0xfe, 0x80, [], 0x36}, 0x5}, @in={0x2, 0x4e22, @initdev={0xac, 0x1e, 0x0, 0x0}}, @in6={0xa, 0x4e21, 0x1, @mcast1, 0xffffffff}]}, &(0x7f0000000180)=0x10)
r5 = socket$inet(0x2, 0x80001, 0x84)
getsockopt$inet_sctp_SCTP_MAX_BURST(r5, 0x84, 0x14, &(0x7f00000000c0)=@assoc_value={<r6=>0x0}, &(0x7f0000000100)=0xfffffdeb)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r4, 0x84, 0x7d, &(0x7f0000000240)={r6}, 0x9c)
setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(r3, 0x84, 0x7c, &(0x7f0000000040)={r6, 0x98f9}, 0x8)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000000c0)={{0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x9}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x4, 0xce, 0x0, 0xfd}, {}, {}, {0x1}, {}, 0x80000004, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x20]})
close(r3)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

[ 2791.247502] SS:   sel=0x0000, attr=0x04005, limit=0x00000000, base=0x0000000000000000
[ 2791.247513] ES:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2791.247526] FS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000005002
[ 2791.247538] GS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2791.247547] GDTR:                           limit=0x00000000, base=0x0000000000000001
[ 2791.247560] LDTR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2791.247570] IDTR:                           limit=0x00000000, base=0x0000000000000000
[ 2791.247583] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
08:55:26 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_CLOCK(0xffffffffffffffff, 0x4030ae7b, &(0x7f0000000000)={0xec2})
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000026000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
r3 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
fcntl$setstatus(r3, 0x4, 0x46000)
io_setup(0x2349, &(0x7f0000000240)=<r4=>0x0)
io_submit(r4, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x80000000000000, 0x1, 0x0, r3, &(0x7f0000000000), 0x377140be6b5ef4c7}])
getsockopt$inet6_tcp_int(r3, 0x6, 0x9, &(0x7f0000000040), &(0x7f0000000240)=0x4)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000000c0)={{0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x9}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x4, 0xce, 0x0, 0xfd}, {}, {}, {0x1}, {}, 0x80000004, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x20]})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

[ 2791.247590] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[ 2791.247599] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[ 2791.247606] Interruptibility = 00000000  ActivityState = 00000000
[ 2791.247610] *** Host State ***
[ 2791.247619] RIP = 0xffffffff8116426f  RSP = 0xffff888090be79d0
08:55:26 executing program 3:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(0xffffffffffffffff, 0x800)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0xffffffff)

[ 2791.247634] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[ 2791.247642] FSBase=00007fc3c7505700 GSBase=ffff8880aec00000 TRBase=fffffe0000003000
[ 2791.247651] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000
[ 2791.247662] CR0=0000000080050033 CR3=000000004cc1b000 CR4=00000000001426f0
[ 2791.247672] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff864018c0
[ 2791.247681] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[ 2791.247685] *** Control State ***
[ 2791.247691] PinBased=0000003f CPUBased=b6986dfe SecondaryExec=000000ea
[ 2791.247696] EntryControls=0000d1ff ExitControls=002fefff
[ 2791.247706] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[ 2791.247712] VMEntry: intr_info=800000c5 errcode=00000000 ilen=00000000
[ 2791.247719] VMExit: intr_info=00000000 errcode=00000000 ilen=00000003
[ 2791.247724]         reason=80000021 qualification=0000000000000000
[ 2791.247729] IDTVectoring: info=00000000 errcode=00000000
[ 2791.247734] TSC Offset = 0xfffffa260ee2d145
[ 2791.247741] EPT pointer = 0x000000004e6c801e
[ 2791.247749] Virtual processor ID = 0x001c
[ 2791.488010] *** Guest State ***
[ 2791.488022] CR0: actual=0x0000000080000024, shadow=0x0000000080000004, gh_mask=fffffffffffffff7
[ 2791.488031] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[ 2791.488036] CR3 = 0x0000000000000000
[ 2791.488042] RSP = 0x0000000000002018  RIP = 0x0000000000000000
[ 2791.488050] RFLAGS=0x00000002         DR7 = 0x0000000000000400
[ 2791.488062] Sysenter RSP=0000000000000f80 CS:RIP=0050:0000000000002810
[ 2791.488070] CS:   sel=0x0000, attr=0x08081, limit=0x00000000, base=0x0000000000000000
[ 2791.488084] DS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2791.488098] SS:   sel=0x0000, attr=0x04005, limit=0x00000000, base=0x0000000000000000
[ 2791.488111] ES:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2791.488124] FS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2791.488137] GS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2791.488146] GDTR:                           limit=0x00000000, base=0x0000000000000001
[ 2791.488159] LDTR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
08:55:26 executing program 2:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000040)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = fcntl$dupfd(r2, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r4 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r4, 0x0, 0x8400fffffffa)
sendfile(r0, r4, 0x0, 0xffffffff)

[ 2791.488168] IDTR:                           limit=0x00000000, base=0x0000000000000000
[ 2791.488180] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2791.488188] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[ 2791.488196] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[ 2791.488203] Interruptibility = 00000000  ActivityState = 00000000
[ 2791.488207] *** Host State ***
[ 2791.488220] RIP = 0xffffffff8116426f  RSP = 0xffff8880192ef9d0
[ 2791.489790] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[ 2791.489800] FSBase=00007fc3c7505700 GSBase=ffff8880aec00000 TRBase=fffffe0000003000
[ 2791.489809] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000
[ 2791.489820] CR0=0000000080050033 CR3=0000000015126000 CR4=00000000001426f0
[ 2791.489831] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff864018c0
[ 2791.489840] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[ 2791.489844] *** Control State ***
[ 2791.489850] PinBased=0000003f CPUBased=b6986dfe SecondaryExec=000000ea
[ 2791.489856] EntryControls=0000d1ff ExitControls=002fefff
[ 2791.489865] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[ 2791.489871] VMEntry: intr_info=800000c5 errcode=00000000 ilen=00000000
[ 2791.489877] VMExit: intr_info=00000000 errcode=00000000 ilen=00000003
[ 2791.489882]         reason=80000021 qualification=0000000000000000
[ 2791.489894] IDTVectoring: info=00000000 errcode=00000000
[ 2791.489899] TSC Offset = 0xfffffa25ee32d7c4
[ 2791.489905] EPT pointer = 0x000000001a62401e
[ 2791.489913] Virtual processor ID = 0x001c
[ 2791.894453] *** Guest State ***
[ 2791.894466] CR0: actual=0x0000000080000024, shadow=0x0000000080000004, gh_mask=fffffffffffffff7
[ 2791.894475] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[ 2791.894480] CR3 = 0x0000000000000000
[ 2791.894486] RSP = 0x0000000000002018  RIP = 0x0000000000000000
[ 2791.894494] RFLAGS=0x00000002         DR7 = 0x0000000000000400
[ 2791.894505] Sysenter RSP=0000000000000f80 CS:RIP=0050:0000000000002810
[ 2791.894513] CS:   sel=0x0000, attr=0x08081, limit=0x00000000, base=0x0000000000000000
[ 2791.894526] DS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2791.894540] SS:   sel=0x0000, attr=0x04005, limit=0x00000000, base=0x0000000000000000
[ 2791.894553] ES:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2791.894567] FS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2791.894580] GS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2791.894590] GDTR:                           limit=0x00000000, base=0x0000000000000001
[ 2791.894603] LDTR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2791.894612] IDTR:                           limit=0x00000000, base=0x0000000000000000
[ 2791.900077] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2791.900088] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[ 2791.900098] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[ 2791.900105] Interruptibility = 00000000  ActivityState = 00000000
[ 2791.900109] *** Host State ***
[ 2791.900120] RIP = 0xffffffff8116426f  RSP = 0xffff8880192ef9d0
[ 2791.900136] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[ 2791.900146] FSBase=00007fc3c7505700 GSBase=ffff8880aec00000 TRBase=fffffe0000003000
[ 2791.900156] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000
[ 2791.900167] CR0=0000000080050033 CR3=000000001922c000 CR4=00000000001426f0
[ 2791.900178] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff864018c0
[ 2791.900187] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[ 2791.900191] *** Control State ***
[ 2791.900198] PinBased=0000003f CPUBased=b6986dfe SecondaryExec=000000ea
[ 2791.900204] EntryControls=0000d1ff ExitControls=002fefff
[ 2791.900213] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[ 2791.900220] VMEntry: intr_info=800000c5 errcode=00000000 ilen=00000000
[ 2791.900227] VMExit: intr_info=00000000 errcode=00000000 ilen=00000003
[ 2791.900233]         reason=80000021 qualification=0000000000000000
[ 2791.900239] IDTVectoring: info=00000000 errcode=00000000
[ 2791.900245] TSC Offset = 0xfffffa25b8b7bd94
[ 2791.900251] EPT pointer = 0x000000005578b01e
[ 2791.900260] Virtual processor ID = 0x001c
[ 2792.330051] *** Guest State ***
[ 2792.994045] CR0: actual=0x0000000080000024, shadow=0x0000000080000004, gh_mask=fffffffffffffff7
[ 2792.994058] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[ 2792.994063] CR3 = 0x0000000000000000
[ 2792.994069] RSP = 0x0000000000002018  RIP = 0x0000000000000000
[ 2792.994077] RFLAGS=0x00000002         DR7 = 0x0000000000000400
[ 2792.994088] Sysenter RSP=0000000000000f80 CS:RIP=0050:0000000000002810
[ 2792.994097] CS:   sel=0x0000, attr=0x08081, limit=0x00000000, base=0x0000000000000000
[ 2792.994111] DS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2792.994124] SS:   sel=0x0000, attr=0x04005, limit=0x00000000, base=0x0000000000000000
[ 2792.994136] ES:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2792.994149] FS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2792.994163] GS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2792.994173] GDTR:                           limit=0x00000000, base=0x0000000000000001
[ 2792.994186] LDTR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2792.994196] IDTR:                           limit=0x00000000, base=0x0000000000000000
[ 2792.994209] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2792.994217] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[ 2792.994226] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[ 2792.994233] Interruptibility = 00000000  ActivityState = 00000000
[ 2792.994237] *** Host State ***
[ 2792.994247] RIP = 0xffffffff8116426f  RSP = 0xffff888090be79d0
[ 2792.994262] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[ 2792.994271] FSBase=00007fc3c7505700 GSBase=ffff8880aec00000 TRBase=fffffe0000003000
[ 2792.994280] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000
[ 2792.994291] CR0=0000000080050033 CR3=000000003c9a2000 CR4=00000000001426f0
[ 2792.994302] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff864018c0
[ 2792.994311] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[ 2792.994315] *** Control State ***
[ 2792.994321] PinBased=0000003f CPUBased=b6986dfe SecondaryExec=000000ea
[ 2792.994326] EntryControls=0000d1ff ExitControls=002fefff
[ 2792.994335] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[ 2792.994341] VMEntry: intr_info=800000c5 errcode=00000000 ilen=00000000
[ 2792.994347] VMExit: intr_info=00000000 errcode=00000000 ilen=00000003
[ 2792.994352]         reason=80000021 qualification=0000000000000000
[ 2792.994356] IDTVectoring: info=00000000 errcode=00000000
[ 2792.994361] TSC Offset = 0xfffffa2582bebfe0
[ 2792.995137] EPT pointer = 0x00000000581e801e
[ 2792.995148] Virtual processor ID = 0x001c
[ 2793.467259] kauditd_printk_skb: 15 callbacks suppressed
[ 2793.467267] audit: type=1804 audit(1591347327.630:652): pid=21462 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="ToMToU" comm="syz-executor.2" name="/root/syzkaller-testdir440013971/syzkaller.BGz3RF/4622/bus" dev="sda1" ino=16625 res=1
[ 2793.486784] audit: type=1800 audit(1591347327.640:653): pid=21462 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="collect_data" cause="failed" comm="syz-executor.2" name="bus" dev="sda1" ino=16625 res=0
08:55:28 executing program 0:
r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000040)='/dev/snapshot\x00', 0x329000, 0x0)
setsockopt$CAN_RAW_RECV_OWN_MSGS(r0, 0x65, 0x4, &(0x7f0000000080)=0x1, 0x4)
r1 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = fcntl$dupfd(r3, 0x0, r2)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
fcntl$setstatus(r1, 0x4, 0x6900)
ftruncate(r1, 0x800)
lseek(r1, 0x0, 0x2)
r5 = open(&(0x7f0000000000)='./bus\x00', 0x80500, 0x92)
sendfile(r1, r5, 0x0, 0x8400fffffffa)
r6 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/btrfs-control\x00', 0x0, 0x0)
ioctl$ASHMEM_GET_PIN_STATUS(r6, 0x7709, 0x0)
connect$phonet_pipe(r6, &(0x7f00000000c0)={0x23, 0x1, 0x7f, 0xf7}, 0x10)
sendfile(r1, r5, 0x0, 0xffffffff)

08:55:28 executing program 3:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(0xffffffffffffffff, 0x800)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0xffffffff)

08:55:28 executing program 4:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6900)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r1 = gettid()
write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x6b, &(0x7f0000000200)="94a4b04e040000000900000000000000ee9a8f8cbeaf99cf938ba33a4c54fe550866619056e81f083ef900b5df9dca63c26932b28d918afb397b720623cf9ce7b80ca73345356098132211c71e2ba9c73ce2a6c8465cbf15672977ce44b4df9ddb81d56b172b46c622c3f6"}}], 0x1c)
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)}, {&(0x7f0000000000)="0832f497d38350418e4bb321019511dc5df26e9a0b90cb6974f527cc14538d1efb1ffe03284f6d33265be9c604c893f20e96beeb2aa4c457ac37a3a3f1ce8682500fcecd80", 0x45}], 0x2, 0x0)
ptrace$setopts(0x4206, r1, 0x0, 0x0)
tkill(r1, 0xf)
ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080))
ptrace$cont(0x7, r1, 0x0, 0x0)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r2 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r2, 0x402c5342, &(0x7f0000000040)={0x9, 0x0, 0x9d6a, {0x7, 0x80000001}, 0x7fffffff, 0x8})
sendfile(r0, r2, 0x0, 0x8400fffffffa)
sendfile(r0, r2, 0x0, 0xffffffff)

08:55:28 executing program 5:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000500)={0x7, 0x4, 0x8, 0xf1a}, 0x2c)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000080)={r1, 0x28, &(0x7f0000000240)={0x0, <r2=>0x0}}, 0x10)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000000)={r2}, 0xc)
r3 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
fcntl$setstatus(r3, 0x4, 0x46000)
io_setup(0x2349, &(0x7f0000000240)=<r4=>0x0)
io_submit(r4, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x80000000000000, 0x1, 0x0, r3, &(0x7f0000000000), 0x377140be6b5ef4c7}])
ioctl$sock_inet_SIOCSIFADDR(r3, 0x8916, &(0x7f00000000c0)={'team_slave_0\x00', {0x2, 0x4e24, @multicast2}})
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000040)={r2, 0xaf4, 0x8}, 0xc)
fcntl$setstatus(0xffffffffffffffff, 0x4, 0x46000)
io_setup(0x2349, &(0x7f0000000240)=<r5=>0x0)
io_submit(r5, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x80000000000000, 0x1, 0x0, 0xffffffffffffffff, &(0x7f0000000000), 0x377140be6b5ef4c7}])
setsockopt$RDS_CONG_MONITOR(0xffffffffffffffff, 0x114, 0x6, &(0x7f0000000100)=0x1, 0x4)
r6 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r6, 0x0, 0x8400fffffffa)
sendfile(r0, r6, 0x0, 0xffffffff)

08:55:28 executing program 1:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = fcntl$dupfd(r2, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
r4 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/btrfs-control\x00', 0x0, 0x0)
ioctl$ASHMEM_GET_PIN_STATUS(r4, 0x7709, 0x0)
r5 = socket$inet6_sctp(0xa, 0x5, 0x84)
shutdown(r5, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r5, 0x84, 0x6f, &(0x7f0000000200)={0x0, 0x44, &(0x7f00000003c0)=[@in={0x2, 0x4e22, @dev={0xac, 0x14, 0x14, 0xe}}, @in={0x2, 0x4e24, @remote}, @in={0x2, 0x4e23, @initdev={0xac, 0x1e, 0x1, 0x0}}, @in={0x2, 0x4e20, @loopback}, @in={0x2, 0x4e20, @initdev={0xac, 0x1e, 0x1, 0x0}}, @in={0x2, 0x4e22, @initdev={0xac, 0x1e, 0x2, 0x0}}, @in6={0xa, 0x4e21, 0x1, @mcast1, 0xffffffff}, @in={0x2, 0x4e24, @rand_addr=0x64012101}]}, &(0x7f0000000180)=0x10)
r6 = socket$inet(0x2, 0x80001, 0x84)
getsockopt$inet_sctp_SCTP_MAX_BURST(r6, 0x84, 0x14, &(0x7f00000000c0)=@assoc_value={<r7=>0x0}, &(0x7f0000000100)=0xfffffdeb)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r5, 0x84, 0x7d, &(0x7f0000000240)={r7}, 0x9c)
getsockopt$inet_sctp6_SCTP_ASSOCINFO(r4, 0x84, 0x1, &(0x7f0000000040)={r7, 0x40, 0xffff, 0xffff8001, 0x7, 0x9}, &(0x7f0000000080)=0x14)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
setsockopt$inet_sctp_SCTP_CONTEXT(0xffffffffffffffff, 0x84, 0x11, &(0x7f00000001c0)={0x0, 0x9}, 0x8)
r8 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r8, 0x0, 0x8400fffffffa)
sendfile(r0, r8, 0x0, 0xffffffff)

08:55:28 executing program 2:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = fcntl$dupfd(r2, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r4 = open(&(0x7f0000000000)='./bus\x00', 0x151003, 0x0)
sendfile(r0, r4, 0x0, 0x8400fffffffa)
sendfile(r0, r4, 0x0, 0xffffffff)
syz_open_dev$radio(&(0x7f0000000040)='/dev/radio#\x00', 0x3, 0x2)

[ 2794.456647] audit: type=1804 audit(1591347328.620:654): pid=21471 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.4" name="/root/syzkaller-testdir787812507/syzkaller.VZIQUG/4507/bus" dev="sda1" ino=16782 res=1
08:55:28 executing program 2:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = fcntl$dupfd(r2, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r4 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
r5 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
fcntl$setstatus(r5, 0x4, 0x46000)
io_setup(0x2349, &(0x7f0000000240)=<r6=>0x0)
io_submit(r6, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x80000000000000, 0x1, 0x0, r5, &(0x7f0000000000), 0x377140be6b5ef4c7}])
getsockopt$TIPC_GROUP_JOIN(r5, 0x10f, 0x87, &(0x7f0000000040), &(0x7f0000000080)=0x4)
sendfile(r0, r4, 0x0, 0x8400fffffffa)
sendfile(r0, r4, 0x0, 0xffffffff)

08:55:28 executing program 3:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(0xffffffffffffffff, 0x800)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0xffffffff)

[ 2794.598894] audit: type=1804 audit(1591347328.630:655): pid=21474 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.3" name="/root/syzkaller-testdir891778437/syzkaller.7QqUtx/893/bus" dev="sda1" ino=16794 res=1
[ 2794.728412] audit: type=1804 audit(1591347328.720:656): pid=21480 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.0" name="/root/syzkaller-testdir384449744/syzkaller.8GxjaF/4340/bus" dev="sda1" ino=15795 res=1
08:55:28 executing program 3:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x0)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0xffffffff)

08:55:29 executing program 2:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
fcntl$setstatus(r3, 0x4, 0x46000)
io_setup(0x2349, &(0x7f0000000240)=<r4=>0x0)
io_submit(r4, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x80000000000000, 0x1, 0x0, r3, &(0x7f0000000000), 0x377140be6b5ef4c7}])
ioctl$FIBMAP(r3, 0x1, &(0x7f0000000040)=0x1)
r5 = fcntl$dupfd(r2, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
getsockopt$bt_l2cap_L2CAP_OPTIONS(r0, 0x6, 0x1, &(0x7f0000000080), &(0x7f0000000100)=0xc)
lseek(r0, 0x0, 0x2)
r6 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r6, 0x0, 0x8400fffffffa)
sendfile(r0, r6, 0x0, 0xffffffff)

[ 2794.804488] audit: type=1804 audit(1591347328.740:657): pid=21472 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.5" name="/root/syzkaller-testdir619757868/syzkaller.NyDZSH/3771/bus" dev="sda1" ino=16793 res=1
08:55:29 executing program 5:
r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x46000)
io_setup(0x2349, &(0x7f0000000240)=<r1=>0x0)
io_submit(r1, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x80000000000000, 0x1, 0x0, r0, &(0x7f0000000000), 0x377140be6b5ef4c7}])
r2 = socket$inet6_sctp(0xa, 0x5, 0x84)
shutdown(r2, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r2, 0x84, 0x6f, &(0x7f0000000040)={0x0, 0xfffffca5, &(0x7f0000000300)=[@in={0x2, 0x4e22, @dev={0xac, 0x14, 0x14, 0x2a}}, @in6={0xa, 0x4e23, 0x0, @ipv4={[], [], @empty}, 0x5}, @in={0x2, 0x4e23, @multicast2}, @in={0x2, 0x4e20, @loopback}, @in6={0xa, 0x4e20, 0x4, @dev={0xfe, 0x80, [], 0x36}, 0x5}, @in={0x2, 0x4e22, @initdev={0xac, 0x1e, 0x0, 0x0}}, @in6={0xa, 0x4e21, 0x1, @mcast1, 0xffffffff}]}, &(0x7f0000000180)=0x10)
r3 = socket$inet(0x2, 0x80001, 0x84)
getsockopt$inet_sctp_SCTP_MAX_BURST(r3, 0x84, 0x14, &(0x7f00000000c0)=@assoc_value={<r4=>0x0}, &(0x7f0000000100)=0xfffffdeb)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r2, 0x84, 0x7d, &(0x7f0000000240)={r4}, 0x9c)
setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r0, 0x84, 0x75, &(0x7f0000000040)={r4, 0x7fffffff}, 0x8)
r5 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
fcntl$setstatus(r5, 0x4, 0x6900)
ftruncate(r5, 0x800)
lseek(r5, 0x0, 0x2)
r6 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r5, r6, 0x0, 0x8400fffffffa)
sendfile(r5, r6, 0x0, 0xffffffff)

[ 2794.893037] audit: type=1804 audit(1591347328.750:658): pid=21473 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.1" name="/root/syzkaller-testdir190625540/syzkaller.2WS0zB/6309/bus" dev="sda1" ino=16780 res=1
[ 2794.992251] audit: type=1804 audit(1591347328.800:659): pid=21484 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.2" name="/root/syzkaller-testdir440013971/syzkaller.BGz3RF/4624/bus" dev="sda1" ino=15798 res=1
08:55:29 executing program 3:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x0)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0xffffffff)

[ 2795.097852] audit: type=1804 audit(1591347328.800:660): pid=21484 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="ToMToU" comm="syz-executor.2" name="/root/syzkaller-testdir440013971/syzkaller.BGz3RF/4624/bus" dev="sda1" ino=15798 res=1
[ 2795.187167] audit: type=1804 audit(1591347328.830:661): pid=21484 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.2" name="/root/syzkaller-testdir440013971/syzkaller.BGz3RF/4624/bus" dev="sda1" ino=15798 res=1
08:55:29 executing program 3:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x0)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0xffffffff)

08:55:29 executing program 1:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040))
syz_init_net_socket$x25(0x9, 0x5, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200)
io_setup(0x2349, &(0x7f0000000240)=<r1=>0x0)
io_submit(r1, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x80000000000000, 0x1, 0x0, 0xffffffffffffffff, &(0x7f0000000000), 0x377140be6b5ef4c7}])
r2 = socket$inet6_sctp(0xa, 0x5, 0x84)
shutdown(r2, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r2, 0x84, 0x6f, &(0x7f0000000040)={0x0, 0xfffffca5, &(0x7f0000000300)=[@in={0x2, 0x4e22, @dev={0xac, 0x14, 0x14, 0x2a}}, @in6={0xa, 0x4e23, 0x0, @ipv4={[], [], @empty}, 0x5}, @in={0x2, 0x4e23, @multicast2}, @in={0x2, 0x4e20, @loopback}, @in6={0xa, 0x4e20, 0x4, @dev={0xfe, 0x80, [], 0x36}, 0x5}, @in={0x2, 0x4e22, @initdev={0xac, 0x1e, 0x0, 0x0}}, @in6={0xa, 0x4e21, 0x1, @mcast1, 0xffffffff}]}, &(0x7f0000000180)=0x10)
r3 = socket$inet(0x2, 0x80001, 0x84)
getsockopt$inet_sctp_SCTP_MAX_BURST(r3, 0x84, 0x14, &(0x7f00000000c0)=@assoc_value={<r4=>0x0}, &(0x7f0000000100)=0xfffffdeb)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r2, 0x84, 0x7d, &(0x7f0000000240)={r4}, 0x9c)
setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, &(0x7f0000000080)={r4, 0x8}, 0xc)
fcntl$setstatus(r0, 0x4, 0x6900)
syz_mount_image$msdos(&(0x7f0000000040)='msdos\x00', &(0x7f0000000100)='./file0\x00', 0xffc00000, 0x1, &(0x7f0000000180)=[{&(0x7f0000000000)="0400000900000000666174000404090a0200027400f801", 0x17}], 0x0, &(0x7f0000000480)={[{@fat=@nocase='nocase'}]})
r5 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r6 = syz_open_procfs(0x0, &(0x7f0000000080)='mountinfo\x00')
sendfile(r5, r6, 0x0, 0x800000080004103)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)

08:55:31 executing program 4:
r0 = creat(&(0x7f0000000040)='./bus\x00', 0xc0)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
r2 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/btrfs-control\x00', 0x100, 0x0)
ioctl$ASHMEM_GET_PIN_STATUS(r2, 0x7709, 0x0)
r3 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/btrfs-control\x00', 0x0, 0x0)
ioctl$ASHMEM_GET_PIN_STATUS(r3, 0x7709, 0x0)
sendfile(r0, r3, 0x0, 0x1008400fffffffa)
sendfile(r0, r1, 0x0, 0xffffffff)

08:55:31 executing program 3:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(0xffffffffffffffff, 0x0, 0x2)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0xffffffff)

08:55:31 executing program 5:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x6)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0xffffffff)

08:55:31 executing program 2:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = fcntl$dupfd(r2, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
r4 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/btrfs-control\x00', 0x0, 0x0)
ioctl$ASHMEM_GET_PIN_STATUS(r4, 0x7709, 0x0)
bind$unix(r4, &(0x7f0000000180)=@file={0x1, './bus\x00'}, 0x6e)
fcntl$setstatus(r0, 0x4, 0x6900)
clone(0x2000000, &(0x7f0000000040)="d2385af97df73fbc070f38b105929dc08386bd40d3f84003c1444ad0063f6e63e901c5ae9c1c264238707fc8270bd3f736dbf2760f59d732e234d1844b1c387b46b61c5fb1e4c54bb3aa89be2c", &(0x7f00000000c0), &(0x7f0000000100), &(0x7f0000000300)="9890e1515169cf462b4c304a755cb41a228f09b1ac093e1cf19035afe83b7616caeaf83c8522569b08a482b09e86a35973f19c89db1b7e8269d1c0cef24e2c1416295d1bc0db2519947f8be9defba4ce17f962565e3ffcd02e6f42f8c8d7ef0336e1ffe5977475b144aaf1c549d779c83608324d3eb62b482ba07f6386abbb61b36268a050789e555162f04eb906d3d89a326ebdc79adba087c5748ade79e2f43f22bb5eda09e9ead038a3924d32393cb2248d346871f0e7bdfbc88d518fa75a29cd31d80b8d269eecf45914dfbf3431c45a4895ab79b8738b9f42395f028c401b74043ea7c60bc3b096edb8d0155d2d964fc0dbfc2b80498742a224249cb2dc84d6411381da31221fd971550812ae193950b0512d3a547a404f9610129d3c492572f404cc93365a02dc7680b8516df1cfab8fb933e106bb74a8a1f7ede5b9d72513527124f83c1c5227c583624a4392b66df5b0d8acb3de018b9d8f681e2129c42582f443694ef3cfe99bca2b56abd5a2103d6cb00faec3bbabad236e96d0a283fbff4a127d64dce18d0de42495f3876f27e3e1293ad4e2e18314e908acb5070d932d88453932055186b711cb06844e0045730736095643ceeb2f9f9c5830233d5cee1b89297f66a9988d14f1963baf95f6f346e99244ff47990560c10be60c5ae659508e321fcf2d934f65a317966b6082973de9dac891810e8b77d258e35a75defc98e819905117b84d6272f7d50cd501ce81d089e969d3256b0f168c996c590c49f154ee7e9f4b468e0574fb9e02f8c28e1a460403b6222ae74977ef2d5f68de0567ec1516d73fbfc4d973339bd636d7f718bdd8a2c5da7f786460c2d3db2397be461aa8f3de2a32d512eb1d3944b9cdd62efe8185408305988306a16d75bf9b4dc38f06abb7673d5b4baa12ef43931f85db6690ffcdada15c003250aa0ab0cc42a3bd4f5368626d6cf3e4ac7acc0070ea8bc741096074937f7fe8ba0aba30002b0b7bacbb9beec0b079771521662b70a92dd1b571ab0729fc13c0acf7ef11fe9643bf88e7966238e7be6795e4803ec8a420eb69d2a694a21e2edf850cd58e1be07146d3c598c925a0d9aa0b95967e03126509d8014d4ddf469ef11a51ffda06dad90ff728d65e2c394bce4abe5ec6a2a2f56a0c620a3e8e7fee07013cb976fd0036e152c8b44c0fe2b85ed51cc3ae29ba02936c5f9d1ae2e4e976260f1fac78eb79f2effac19f4cd480770fdb0d2cd4e8ec816e23342dc142e7af28665eb6add2a3c234dc881df98551d573933c214f5580a595c21f5f0935493163e91557e690aad3a3ac52f47324bf4b76e36077a57d1b50702d55f3fffcd41106d63ff283642df51635d84a105daad6948faccb6e6cdb1a296f76479be31f1047b8a4612bbbbcaa35915238150d21a9b4336716f4e0c07d936ac9197621f06a1c9cf2136c50e9591d6f232d4bb3e93564d40c1b0122167b9d179383f9c53d31da2fd2f26d1e9c8f893fabe6daf437342dc9e7f5cd4dc36c54f66f6f648dfa57b55618451ff330278adb8f9d8ef422069d6d9c3c0e3aea11a9e349c2d887b410423092a1abc1a21c23be7655674457e04c33e5217bf9bb03db59cee60b5beb0d107b351a75c53cda000e6f7abcc6b7e34d2b5f2045c818a7c5ebfeb20542fd4002d2fc1b27b74196bb6d01df24e3a97dcc3920ec4efe4e82766987d16dd785811f5206f736ec97c3444f5787c912e8f14a4a8f0cc8b162af7a56b8dde394644c43094f481831fbe1c5e0d7b4a3e78d32ff8b4cc3e706214caa023ff49516407253bee43359989d10d1fccd36866a059de5e99d62fdf8182b637ee3b7acca9ca43f1f040c460c9ec33738055334733c5352405b439c9bef51013447d5e3eeb4e42c1ddae58b100c4c54ea58a75722f4903c3595e1e940de9af9307032bbbdd4a81272fbb81c7f81bed642ad6e63b131c0a5d8af95b310cb7b1d710c569c063671324b0decfb5409b32bb2b7fb20562a35cb6e42d7bc6a30493c0a4dfdf9abceb81f07a15d207ca96b707a370e94bda1d35cc68125d5294aaef65887e4c30e5ad08dece698d8c7f13d7d3708d3a6ee4e955d2d7edbdf226d06e6787d19cab1c11158a9013cde6b74978c0373b263346ad7df802b9e9e99d691a3e540e0eaec18f01b15e2325491d9c5f9fcf7b2195462b755b4358ab174e90e3d26f0cd335b7b0b7424db20c72bed2e603bc8f41556a13033ecea72792227c733ad7fa1365483840bf7a286fe584525e3546d5de3049769189333cfc54c8e9fb61d03cfc9478c112c2e490131d39afc091d5ebbe6a5f2387c1e8dfdda33fb1fd569c6a734a0e30cf078ca1cb34fa054bbc858e64ad43a643a1940db39bfc15da99a221b881baddf8ce4b462caec91ba25cca8dbf21cb16b25bc43af980b8d524eb93c109649cde403ee672ce778466e6d6caeee291aefa603720d619294cacd964c1e132f91fb5e119347f3a01cfc6e1455f33adf81940f3cb8c94605f71339828bb579f560746caadc9b5255e03092fea5c564c49369e52a3c023131a2144f2e81ce64899fd681095cab6c7649372e5d95aeb9df1b4dc6560330a3d22adb68841819ab8879a2e43a833503a47404eda80a622389c486831058bb898c20a5f028224803732376ea27fdc78d68625c609c84548939cfe572fac99146fa49fefd7aedd50a8682493257812bd40978f63258dbbcfa1a71f4354d4bbb66b7a2a1a189039d3bd5ffb8678114feccec460b15470242793e7dabe91421c59da3a9868beb95fe6398c7c5c3de2074602f1ac96394fc28a0c1c80a73bcb2841b3db2f463e079c24af4608c21f2115e08b69b47f67f4e483e6a59c7c7cd546b035dd06639786153ede5ae39b417de16eac3ae6283b3ba9a49369634d0332b02717ca08e26ea858a88731e63f6d110d4daf922e0928737547452d73433ae87378b8ee44f1ea7daae786ba02ca66f57400f0f46c2686bf8cb7ddff25082656522d39c7b06a8d3e8eb4c0fa1b5a298f38b0f1b66e59fec1fd56257d5dbcc9f5d87790252719a878c5187e4b5db5996d5ea5872e8775e3943e1ea6127b37d1e42f3a4f6314029e0d87df34f9ef5002defd1babefdc784f5f76080406c68d1fbb5e4c4197be6c2334bd20bc1cb8ed8185d23f7703da690a94950e4088bff41e16c1e4f932b399fcc5aa35d41a4d5faeb87cf376bdd07b02c38600d1e2fc4c63a32ec98c778f8f090a169d059183953ab81b636f0ef8a8c06213d450996195f705a8daef55000b13df0cb3093047b37bf9b57e9e9c20efc939873b3a362c56769df72676ec4ef76dea64a83054e3646c7f67ad8a88b5264739a148ef9ffb0695e399e4506238044f32071c0de545ffa5f00b878b3cc0d054d984dafdf7987dfde9a24bcb230b51320bb845e012e57e4294ac9fec23a80ce2f354530a2317c315dc779bc824e50fc7753ee6a63040ced0053459819fa1fe83442fb06b7d5210658e8795eda64edefa73efad3a4b7578fcec3434c2775db824687d50bdba63d89a2a9a41e406e3b207d7e54d76752bd57c30c4027c8895e917b8955bdce35da2245a7ed87da0d7f91b3ca74350cd79646db39ffd8ded38d40f3d31ba84e05014e75701e59df767b75210585d60ccf59f880e5babdc8bfb395ad66908df99d7737e943b6959cde26ef7656e268142f83b778c8e82902b5ba6fc426e5b5ddcd15039a32f9d8a80fc4cbc6c687f93c33b3c747742461f469a733ff8d6aa857122593266172341842f3f78ad821c0ce436f59f0b2751ddf92c23d4a742fd7363662066b61d657e3115827a9deaeb1d1cfd8eb899ed6890244b7bcf542d0ce5db48771532226e1131fa2f2d01f8e0aa86c77baf9e3f894c4bf03da0f7ca152a97f83f6ed553c459e980f630e970eb9c1b6ffd35e8c011706b8cc75645f68b5fe1acfdb99b6b1375909b33f69f87ca45cc33507121661ac84a2927588134ab5a274a892fcbffd1854c495c08bc5dfdc73dddd19ac99688f97850724bf72e98e610c103b649e344ee9025e80ef50c3d232ce9763beb97b2273a38e5227d6630197d8f6beea6560afa1fba64b102ef73fcd1620c1845068e9c8339bcaed030c918f56932422d5221ab1f41be424cbbefdacd249e42e7d4b5bf7273e8690fe8bc42293aad938621ae3e2cf09a1e395f835266c7c29fce6397fe33576cbc2bd6da8b08138362527e3ddac8289aadc6702af22bdaee6720b9bdaae2024f08a1ecf6e832f4b55551ea0aac57ad3239594dba3800064ad41b754fe7f1e663f9954c8b0eb3de75c9ad848846656b544c852caccba0b08cf2fdf4eca3278f1e78165fe337a7eca8def8b753c10729239b483e7ef6cf90476553f0b258e3046db4760d1ba83b1667fc350b7a9fed3a684a3134951e01e63d448a5c6fdd74793d909450e92070cf1dc0bac40552ff235411c9c0c6fd82e1fd1f8ea3e3e822e3b9a1e2bd64644cf659632a3aa486044a9bdcf72da1960e94f1309dd92ebd96589c84bb558b89a23093328e513e7391d16b4dc7366a0f4a64b23a1208b1c999c3ecdc8c84bd6023b70165bf5bfe18ea7013d9249b7aadc64497fab4988d74753b68938470f59c14750d448e440b31ca218afc8abde9eb2f3883b08ca3c7f3d87b71e98c56b11d9e206cf0e180f3710d746101d4705997fc32970fb71614bc91d12ab8699202880427d5bf256c162ead56bc2071070a7a0f139c371e82039fb144da1b655d5906ff0eff2cc9184aabd9e935473551a92708385c40cc468bd61cb480ae40cc9486baff9fd8af9dd1f068b87fdd285e96b563c1403f36d58c5f7c268be546752aee481c01b90f602920318efc65ffe084a2322e9112f9a3342cd6769682fb9003b257124b4b13e2b7ced38e579190f878a873287c8eda307868bc76f3e8b4074fe78eb65368901d02c1840e74efbc00718ed23fdf467c4df88152a72ee419fdb47006f896b54ce633acc6238da54f745bc2b0b2c7e52934038db5a28a9ae547001315ccdc19e22ae1e4e46299bb491fa917d550b02b64797f26c87a308ce8af0b51bb8fa4e98de4f0dcd52c8ef13884943e52f28ef678d306f830ec6f5e0d67ff4d6ec478ee21292e5b4cf37e33591f95690d39d31a9209003c924dd2ca93c0606cf58e0209c5449cf14170f115daed98454747e28dcd9c30f98f7720863d1b963e920ca048f68a9693789fc1d413b56bea7e8f7165a9c1b90c24af4362630b88bfb8aa1ac62e643311574ec0c7c790be05989456d59783b03c48112efbe28a18e97780e92742df83779c0098cdb97af4d2c98bc5d20c740535b53da067ad2064ce752b92f98120c3fccbee742611bb83b3150829249e7b93ca0562b8490adb0e0e0353f5463657a7a56f10f051c15f465a87d806ee22a3f47ba8d14f163ff67fdcded6c67f87629269a6ec436528534cc1a6438a69721b6966184dc013723e20a8a360471d4a8414c129cbe8ea1be7431e75f2850591e91d06d6bedd0a8a1a3d23897a3ab49b857a1db0f34fb74aed686caf8c9db91fe9f12ed26c395ab7ed659c6d1cf717e9e3baee503ba7919d3785a5522e43cecafa2a57d842ab27317ccc5ae97dac3a8df46d92f569f678c41c3290e804ead71cba4a5fd5e7fd01945c2768f5387d0663797428e4b7fe475a893f7cbab7c02ffcdf2f0f9e27e5df32d4693ceedb34d54225a446b4a1a3904821c2a6ed163e9c9cb54daa7352617fc6156ddad550434d17464a77586cf45931737371267fe2cf86bec")
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
ioctl$RNDGETENTCNT(r0, 0x80045200, &(0x7f0000000200))
r5 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r5, 0x0, 0x400)
sendfile(r0, r5, 0x0, 0xffffffff)

08:55:31 executing program 1:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040))
syz_init_net_socket$x25(0x9, 0x5, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200)
io_setup(0x2349, &(0x7f0000000240)=<r1=>0x0)
io_submit(r1, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x80000000000000, 0x1, 0x0, 0xffffffffffffffff, &(0x7f0000000000), 0x377140be6b5ef4c7}])
r2 = socket$inet6_sctp(0xa, 0x5, 0x84)
shutdown(r2, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r2, 0x84, 0x6f, &(0x7f0000000040)={0x0, 0xfffffca5, &(0x7f0000000300)=[@in={0x2, 0x4e22, @dev={0xac, 0x14, 0x14, 0x2a}}, @in6={0xa, 0x4e23, 0x0, @ipv4={[], [], @empty}, 0x5}, @in={0x2, 0x4e23, @multicast2}, @in={0x2, 0x4e20, @loopback}, @in6={0xa, 0x4e20, 0x4, @dev={0xfe, 0x80, [], 0x36}, 0x5}, @in={0x2, 0x4e22, @initdev={0xac, 0x1e, 0x0, 0x0}}, @in6={0xa, 0x4e21, 0x1, @mcast1, 0xffffffff}]}, &(0x7f0000000180)=0x10)
r3 = socket$inet(0x2, 0x80001, 0x84)
getsockopt$inet_sctp_SCTP_MAX_BURST(r3, 0x84, 0x14, &(0x7f00000000c0)=@assoc_value={<r4=>0x0}, &(0x7f0000000100)=0xfffffdeb)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r2, 0x84, 0x7d, &(0x7f0000000240)={r4}, 0x9c)
setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, &(0x7f0000000080)={r4, 0x8}, 0xc)
fcntl$setstatus(r0, 0x4, 0x6900)
syz_mount_image$msdos(&(0x7f0000000040)='msdos\x00', &(0x7f0000000100)='./file0\x00', 0xffc00000, 0x1, &(0x7f0000000180)=[{&(0x7f0000000000)="0400000900000000666174000404090a0200027400f801", 0x17}], 0x0, &(0x7f0000000480)={[{@fat=@nocase='nocase'}]})
r5 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r6 = syz_open_procfs(0x0, &(0x7f0000000080)='mountinfo\x00')
sendfile(r5, r6, 0x0, 0x800000080004103)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)

08:55:31 executing program 0:
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1, 0x3, &(0x7f0000001fd8)=ANY=[@ANYBLOB="850000002a00000084000000000000009500000000000000"], &(0x7f0000000180)='GPL\x00'}, 0x48)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000080)={r0, 0xc0, &(0x7f0000000380)={0x0, <r1=>0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000240)={r1}, 0xc)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000080)={r1}, 0xc)
r2 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
r5 = fcntl$dupfd(r4, 0x0, r3)
ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200)
fcntl$setstatus(r2, 0x4, 0x6900)
ftruncate(r2, 0x800)
lseek(r2, 0x0, 0x2)
r6 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r2, r6, 0x0, 0x8400fffffffa)
r7 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/btrfs-control\x00', 0x0, 0x0)
ioctl$ASHMEM_GET_PIN_STATUS(r7, 0x7709, 0x0)
ioctl$FS_IOC_REMOVE_ENCRYPTION_KEY(r7, 0xc0406618, &(0x7f00000000c0)={{0x0, 0x0, @descriptor="1e626b2defbf9db3"}})
sendfile(r2, r6, 0x0, 0xffffffff)

08:55:31 executing program 3:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(0xffffffffffffffff, 0x0, 0x2)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0xffffffff)

08:55:31 executing program 3:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(0xffffffffffffffff, 0x0, 0x2)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0xffffffff)

08:55:32 executing program 3:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x0)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0xffffffff)

08:55:32 executing program 3:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x0)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0xffffffff)

08:55:32 executing program 3:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x0)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0xffffffff)

08:55:32 executing program 0:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
openat$6lowpan_control(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/bluetooth/6lowpan_control\x00', 0x2, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
fcntl$setstatus(r3, 0x4, 0x46000)
io_setup(0x2349, &(0x7f0000000240)=<r4=>0x0)
io_submit(r4, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x80000000000000, 0x1, 0x0, r3, &(0x7f0000000000), 0x377140be6b5ef4c7}])
clock_gettime(0x0, &(0x7f0000000080)={<r5=>0x0, <r6=>0x0})
timerfd_settime(r3, 0x0, &(0x7f00000000c0)={{r5, r6+10000000}, {0x0, 0x3938700}}, &(0x7f0000000100))
r7 = fcntl$dupfd(r2, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x400200)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r8 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r8, 0x0, 0x8400fffffffa)
sendfile(r0, r8, 0x0, 0xffffffff)

08:55:32 executing program 4:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
connect$l2tp(r0, &(0x7f0000000040)={0x2, 0x0, @loopback, 0x4}, 0x10)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
r2 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/btrfs-control\x00', 0x0, 0x0)
sendmsg$NL80211_CMD_LEAVE_MESH(r1, &(0x7f0000000240)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)=ANY=[@ANYBLOB='\x00\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000125bd70000900000045000000"], 0x14}, 0x1, 0x0, 0x0, 0x4}, 0x4000002)
ioctl$ASHMEM_GET_PIN_STATUS(r2, 0x7709, 0x0)
ioctl$VIDIOC_QUERYBUF(r2, 0xc0585609, &(0x7f00000000c0)={0xcc, 0x1e, 0x4, 0x200000, 0x44, {}, {0x1, 0x1, 0x2, 0x2, 0x20, 0xff, "b996be91"}, 0x4, 0x0, @fd, 0x1, 0x0, r0})
r3 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/btrfs-control\x00', 0x0, 0x0)
ioctl$ASHMEM_GET_PIN_STATUS(r3, 0x7709, 0x0)
r4 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/btrfs-control\x00', 0x0, 0x0)
r5 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/btrfs-control\x00', 0x0, 0x0)
ioctl$ASHMEM_GET_PIN_STATUS(r5, 0x7709, 0x0)
mmap$usbfs(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x4000010, r5, 0x800)
ioctl$ASHMEM_GET_PIN_STATUS(r4, 0x7709, 0x0)
ioctl$VT_GETMODE(r4, 0x5601, &(0x7f0000000080))
sendfile(r0, r1, 0x0, 0xffffffff)

08:55:32 executing program 2:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff})
r2 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
fcntl$setstatus(r2, 0x4, 0x46000)
io_setup(0x2349, &(0x7f0000000240)=<r3=>0x0)
io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x80000000000000, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7}])
r4 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/btrfs-control\x00', 0x0, 0x0)
ioctl$ASHMEM_GET_PIN_STATUS(r4, 0x7709, 0x0)
r5 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vga_arbiter\x00', 0x4000, 0x0)
r6 = fcntl$dupfd(r5, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r7 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r7, 0x0, 0x8400fffffffa)
sendfile(r0, r7, 0x0, 0xffffffff)

08:55:32 executing program 5:
r0 = creat(&(0x7f0000000040)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0xffffffff)

08:55:32 executing program 3:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r1 = open(0x0, 0x0, 0x0)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0xffffffff)

[ 2798.504256] kauditd_printk_skb: 32 callbacks suppressed
[ 2798.504267] audit: type=1804 audit(1591347332.660:694): pid=21557 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.3" name="/root/syzkaller-testdir891778437/syzkaller.7QqUtx/903/bus" dev="sda1" ino=16073 res=1
[ 2798.541969] audit: type=1804 audit(1591347332.700:695): pid=21562 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.4" name="/root/syzkaller-testdir787812507/syzkaller.VZIQUG/4509/bus" dev="sda1" ino=16257 res=1
[ 2798.587498] audit: type=1804 audit(1591347332.750:696): pid=21560 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.0" name="/root/syzkaller-testdir384449744/syzkaller.8GxjaF/4342/bus" dev="sda1" ino=16226 res=1
[ 2798.654944] audit: type=1804 audit(1591347332.810:697): pid=21564 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.2" name="/root/syzkaller-testdir440013971/syzkaller.BGz3RF/4627/bus" dev="sda1" ino=15886 res=1
[ 2798.817476] audit: type=1804 audit(1591347332.980:698): pid=21573 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.5" name="/root/syzkaller-testdir619757868/syzkaller.NyDZSH/3774/bus" dev="sda1" ino=16149 res=1
[ 2799.371018] audit: type=1804 audit(1591347333.531:699): pid=21575 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="ToMToU" comm="syz-executor.0" name="/root/syzkaller-testdir384449744/syzkaller.8GxjaF/4342/bus" dev="sda1" ino=16226 res=1
[ 2799.380977] audit: type=1804 audit(1591347333.541:700): pid=21570 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="ToMToU" comm="syz-executor.0" name="/root/syzkaller-testdir384449744/syzkaller.8GxjaF/4342/bus" dev="sda1" ino=16226 res=1
[ 2799.392302] audit: type=1804 audit(1591347333.551:701): pid=21570 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.0" name="/root/syzkaller-testdir384449744/syzkaller.8GxjaF/4342/bus" dev="sda1" ino=16226 res=1
[ 2799.407933] audit: type=1804 audit(1591347333.571:702): pid=21566 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="ToMToU" comm="syz-executor.4" name="/root/syzkaller-testdir787812507/syzkaller.VZIQUG/4509/bus" dev="sda1" ino=16257 res=1
[ 2799.409445] audit: type=1804 audit(1591347333.571:703): pid=21566 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.4" name="/root/syzkaller-testdir787812507/syzkaller.VZIQUG/4509/bus" dev="sda1" ino=16257 res=1
08:55:34 executing program 1:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040))
syz_init_net_socket$x25(0x9, 0x5, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200)
io_setup(0x2349, &(0x7f0000000240)=<r1=>0x0)
io_submit(r1, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x80000000000000, 0x1, 0x0, 0xffffffffffffffff, &(0x7f0000000000), 0x377140be6b5ef4c7}])
r2 = socket$inet6_sctp(0xa, 0x5, 0x84)
shutdown(r2, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r2, 0x84, 0x6f, &(0x7f0000000040)={0x0, 0xfffffca5, &(0x7f0000000300)=[@in={0x2, 0x4e22, @dev={0xac, 0x14, 0x14, 0x2a}}, @in6={0xa, 0x4e23, 0x0, @ipv4={[], [], @empty}, 0x5}, @in={0x2, 0x4e23, @multicast2}, @in={0x2, 0x4e20, @loopback}, @in6={0xa, 0x4e20, 0x4, @dev={0xfe, 0x80, [], 0x36}, 0x5}, @in={0x2, 0x4e22, @initdev={0xac, 0x1e, 0x0, 0x0}}, @in6={0xa, 0x4e21, 0x1, @mcast1, 0xffffffff}]}, &(0x7f0000000180)=0x10)
r3 = socket$inet(0x2, 0x80001, 0x84)
getsockopt$inet_sctp_SCTP_MAX_BURST(r3, 0x84, 0x14, &(0x7f00000000c0)=@assoc_value={<r4=>0x0}, &(0x7f0000000100)=0xfffffdeb)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r2, 0x84, 0x7d, &(0x7f0000000240)={r4}, 0x9c)
setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, &(0x7f0000000080)={r4, 0x8}, 0xc)
fcntl$setstatus(r0, 0x4, 0x6900)
syz_mount_image$msdos(&(0x7f0000000040)='msdos\x00', &(0x7f0000000100)='./file0\x00', 0xffc00000, 0x1, &(0x7f0000000180)=[{&(0x7f0000000000)="0400000900000000666174000404090a0200027400f801", 0x17}], 0x0, &(0x7f0000000480)={[{@fat=@nocase='nocase'}]})
r5 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r6 = syz_open_procfs(0x0, &(0x7f0000000080)='mountinfo\x00')
sendfile(r5, r6, 0x0, 0x800000080004103)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)

08:55:34 executing program 3:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r1 = open(0x0, 0x0, 0x0)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0xffffffff)

08:55:34 executing program 0:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x20)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = fcntl$dupfd(r2, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
fcntl$setstatus(r0, 0x4, 0xc7b301fb2c8a8d74)
r4 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
fcntl$setstatus(r4, 0x4, 0x46000)
io_setup(0x2000009, &(0x7f0000000180)=<r5=>0x0)
io_submit(r5, 0x0, &(0x7f0000000540))
ioctl$FS_IOC_FSSETXATTR(r4, 0x401c5820, &(0x7f00000001c0)={0x0, 0x1, 0x6, 0x7, 0x400})
ftruncate(r0, 0x7)
lseek(r0, 0x0, 0x2)
r6 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r6, 0x0, 0x8400fffffffa)
io_submit(0x0, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x80000000000000, 0x1, 0x0, 0xffffffffffffffff, &(0x7f0000000000), 0x377140be6b5ef4c7}])
r7 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r7, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000000)={<r8=>0xffffffffffffffff}, 0x13f}}, 0xffaf)
write$RDMA_USER_CM_CMD_QUERY(r7, &(0x7f0000000040)={0x13, 0x10, 0x7, {0x0, r8, 0x2}}, 0x18)
write$RDMA_USER_CM_CMD_RESOLVE_ADDR(0xffffffffffffffff, &(0x7f0000000300)={0x15, 0x110, 0xfa00, {r8, 0x9, 0x0, 0x0, 0x0, @in={0x2, 0x4e20, @remote}, @ib={0x1b, 0x7, 0x6, {"5dcd3d468f2bb292789b2163c9abc72e"}, 0x401, 0x2, 0x4}}}, 0x118)
sendfile(r0, r6, 0x0, 0xffffffff)

08:55:34 executing program 2:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = fcntl$dupfd(r2, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
fcntl$setstatus(r0, 0x4, 0x6900)
r4 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/btrfs-control\x00', 0x0, 0x0)
ioctl$ASHMEM_GET_PIN_STATUS(r4, 0x7709, 0x0)
getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(r0, 0x84, 0x6d, &(0x7f0000000300)=ANY=[@ANYRES32=<r5=>0x0, @ANYBLOB="9d0000007dc1240617d34a348d8881ec152614ab22491380671801eefb619dba452dd21765e157ab1fb17c35415e7a91391bab2a07daac4bcc85ab71c31426fa5be9b93ae90600000000000000b54f570d9cac7bf6377d220d306d70a86c519ef934b9f830fa8727f0bb333922e08d1be11ed1ff6061fc44bc9528a2e1032fac8929060000008d2fe6792b5808720e7501bdaf5e814196a431b689150d011f3791dd26819c110b8e305791a347b6aaac6d63566debc3b7c30ec89e34616732372e90932d0c63ac1e2aafe3379d1e991f2cc8ad4fa8fcd87ca27ebfa00066cd1db02be45dc23389238775c83fb2abafa3dacdbdd2b1fa08e511cb3d21fbc981fba06b4a1741f7f9ae2ccc911355c996511e2c099184616540c39aab5e06a840f13335cdf76bd702c7c3d74a9ad34cb02da4dbb49842cd669c7f3aad14c1d272afb57e1b57d0f4248c6648dcb4661ee173"], &(0x7f0000000100)=0xa5)
setsockopt$inet_sctp_SCTP_MAX_BURST(r4, 0x84, 0x14, &(0x7f0000000180)=@assoc_value={r5, 0x2}, 0x8)
ftruncate(r0, 0x800)
bind$unix(r2, &(0x7f00000001c0)=@file={0x0, './bus\x00'}, 0x6e)
lseek(r0, 0x0, 0x2)
r6 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r6, 0x0, 0x8400fffffffa)
sendfile(r0, r6, 0x0, 0xffffffff)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, &(0x7f0000000040)={0x0, 0xfffffca5, &(0x7f0000000300)=[@in={0x2, 0x4e22, @dev={0xac, 0x14, 0x14, 0x2a}}, @in6={0xa, 0x4e23, 0x0, @ipv4={[], [], @empty}, 0x5}, @in={0x2, 0x4e23, @multicast2}, @in={0x2, 0x4e20, @loopback}, @in6={0xa, 0x4e20, 0x4, @dev={0xfe, 0x80, [], 0x36}, 0x5}, @in={0x2, 0x4e22, @initdev={0xac, 0x1e, 0x0, 0x0}}, @in6={0xa, 0x4e21, 0x1, @mcast1, 0xffffffff}]}, &(0x7f0000000180)=0x10)
r7 = socket$inet(0x2, 0x80001, 0x84)
getsockopt$inet_sctp_SCTP_MAX_BURST(r7, 0x84, 0x14, &(0x7f00000000c0)=@assoc_value={<r8=>0x0}, &(0x7f0000000100)=0xfffffdeb)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(0xffffffffffffffff, 0x84, 0x7d, &(0x7f0000000240)={r8}, 0x9c)
setsockopt$inet_sctp6_SCTP_AUTH_DEACTIVATE_KEY(r3, 0x84, 0x23, &(0x7f0000000040)={r8, 0x4}, 0x8)

08:55:34 executing program 5:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
ioctl$NBD_SET_SIZE(r1, 0xab02, 0x8)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0xffffffff)

08:55:34 executing program 3:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r1 = open(0x0, 0x0, 0x0)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0xffffffff)

08:55:34 executing program 0:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
getsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000040), 0x10)
r3 = fcntl$dupfd(r2, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r4 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
r5 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vga_arbiter\x00', 0x400040, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_LIST(r5, 0xc0505510, &(0x7f00000000c0)={0x5, 0x4, 0x0, 0x660, &(0x7f0000000180)=[{}, {}, {}, {}]})
sendfile(r0, r4, 0x0, 0x8400fffffffa)
r6 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
fcntl$setstatus(r6, 0x4, 0x46000)
io_setup(0x2349, &(0x7f0000000240)=<r7=>0x0)
io_submit(r7, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x80000000000000, 0x1, 0x0, r6, &(0x7f0000000000), 0x377140be6b5ef4c7}])
recvfrom$ax25(r6, &(0x7f0000000300)=""/68, 0x44, 0x142, &(0x7f0000000380)={{0x3, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, 0x6}, [@remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @null, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @null]}, 0x48)
sendfile(r0, r4, 0x0, 0xffffffff)

08:55:34 executing program 3:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(0xffffffffffffffff, r1, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0xffffffff)

08:55:35 executing program 3:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(0xffffffffffffffff, r1, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0xffffffff)

08:55:35 executing program 2:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = fcntl$dupfd(r2, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
io_setup(0x2349, &(0x7f0000000240)=<r4=>0x0)
io_submit(r4, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x80000000000000, 0x1, 0x0, 0xffffffffffffffff, &(0x7f0000000000), 0x377140be6b5ef4c7}])
r5 = socket$inet6_sctp(0xa, 0x5, 0x84)
shutdown(r5, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r5, 0x84, 0x6f, &(0x7f0000000040)={0x0, 0xfffffca5, &(0x7f0000000300)=[@in={0x2, 0x4e22, @dev={0xac, 0x14, 0x14, 0x2a}}, @in6={0xa, 0x4e23, 0x0, @ipv4={[], [], @empty}, 0x5}, @in={0x2, 0x4e23, @multicast2}, @in={0x2, 0x4e20, @loopback}, @in6={0xa, 0x4e20, 0x4, @dev={0xfe, 0x80, [], 0x36}, 0x5}, @in={0x2, 0x4e22, @initdev={0xac, 0x1e, 0x0, 0x0}}, @in6={0xa, 0x4e21, 0x1, @mcast1, 0xffffffff}]}, &(0x7f0000000180)=0x10)
r6 = socket$inet(0x2, 0x80001, 0x84)
getsockopt$inet_sctp_SCTP_MAX_BURST(r6, 0x84, 0x14, &(0x7f00000000c0)=@assoc_value={<r7=>0x0}, &(0x7f0000000100)=0xfffffdeb)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r5, 0x84, 0x7d, &(0x7f0000000240)={r7}, 0x9c)
getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(0xffffffffffffffff, 0x84, 0x6d, &(0x7f0000000040)={<r8=>r7, 0xe0, "4dc9b441bf076eb00c090b5f022f97da7d29728ffc9c1827d02ad7f19e260434a5133677ef6a969fa453323b08d5a2316cea86d43e1fc2668326145544b1f1236aaee418ee13fe77456c5e8f0f09708e7d657443ff86a941724c91e5eebecf4f80e196e364601ac989fd3d6261ef9d6b16212a39bd4b2e1be133d00019b010778f2fdfba3f3dc036b327c9c99621f3bb910140fd225704066a09c63f4c434619a7994970279401b79043dac1769844d4ed9c49eee382c0e83a38af6eccf5f23da47652c2957f7074cd45fd2bb647843dea893f63546539ace207a257818d779a"}, &(0x7f0000000180)=0xe8)
getsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r0, 0x84, 0x1f, &(0x7f00000001c0)={r8, @in={{0x2, 0x4e20, @rand_addr=0x64010101}}, 0x101, 0x1}, &(0x7f0000000280)=0x90)
r9 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r9, 0x0, 0x8400fffffffa)
sendfile(r0, r9, 0x0, 0xffffffff)

08:55:35 executing program 5:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x18, 0xfa00, {0x2, &(0x7f0000000100)={<r1=>0xffffffffffffffff}}}, 0x20)
write$RDMA_USER_CM_CMD_INIT_QP_ATTR(r0, &(0x7f0000000180)={0xb, 0x10, 0xfa00, {&(0x7f0000000040), r1, 0xb19d}}, 0x18)
lseek(r0, 0x0, 0x2)
r2 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r2, 0x0, 0x8400fffffffa)
sendfile(r0, r2, 0x0, 0xffffffff)

08:55:35 executing program 0:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = fcntl$dupfd(r2, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
fcntl$setstatus(r0, 0x4, 0x100)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r4 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r4, 0x0, 0x8400fffffffa)
r5 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
fcntl$setstatus(r5, 0x4, 0x46000)
io_setup(0x2349, &(0x7f0000000240)=<r6=>0x0)
io_submit(r6, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x80000000000000, 0x1, 0x0, r5, &(0x7f0000000000), 0x377140be6b5ef4c7}])
write$binfmt_misc(r5, &(0x7f0000000040)={'syz0', "4f6dd041777d4997c41f680b3afc5963fda4e5f8c2d54964baa27e04e3cda26b764f8fd6a5e6e9bb01a3b60bacd9dce2ba9a1282783241cc1f6b8ded3302a097afd742b0122ea102e5da630026ce469650759d7d40dd45541a84471d1fa9b54fecf31503aa5ee262b7bff02338b55c6bebc131c9c985f5d5f1dd5454a51374900745b13fa5d38ccd69f8eb0c1d62a849f69d943232f6f7a99e415246463720037f2ad1287f921015b4e38cc129a2e041b9f2ed04485c20b2d62fa3ff5a8e7b4944fedf1d2c21dce1e683160931e98925aed9a7eb8b7fb7fd422ce99957a6d5"}, 0xe3)
sendfile(r0, r4, 0x0, 0xffffffff)

08:55:36 executing program 1:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040))
syz_init_net_socket$x25(0x9, 0x5, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200)
io_setup(0x2349, &(0x7f0000000240)=<r1=>0x0)
io_submit(r1, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x80000000000000, 0x1, 0x0, 0xffffffffffffffff, &(0x7f0000000000), 0x377140be6b5ef4c7}])
r2 = socket$inet6_sctp(0xa, 0x5, 0x84)
shutdown(r2, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r2, 0x84, 0x6f, &(0x7f0000000040)={0x0, 0xfffffca5, &(0x7f0000000300)=[@in={0x2, 0x4e22, @dev={0xac, 0x14, 0x14, 0x2a}}, @in6={0xa, 0x4e23, 0x0, @ipv4={[], [], @empty}, 0x5}, @in={0x2, 0x4e23, @multicast2}, @in={0x2, 0x4e20, @loopback}, @in6={0xa, 0x4e20, 0x4, @dev={0xfe, 0x80, [], 0x36}, 0x5}, @in={0x2, 0x4e22, @initdev={0xac, 0x1e, 0x0, 0x0}}, @in6={0xa, 0x4e21, 0x1, @mcast1, 0xffffffff}]}, &(0x7f0000000180)=0x10)
r3 = socket$inet(0x2, 0x80001, 0x84)
getsockopt$inet_sctp_SCTP_MAX_BURST(r3, 0x84, 0x14, &(0x7f00000000c0)=@assoc_value={<r4=>0x0}, &(0x7f0000000100)=0xfffffdeb)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r2, 0x84, 0x7d, &(0x7f0000000240)={r4}, 0x9c)
setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, &(0x7f0000000080)={r4, 0x8}, 0xc)
fcntl$setstatus(r0, 0x4, 0x6900)
syz_mount_image$msdos(&(0x7f0000000040)='msdos\x00', &(0x7f0000000100)='./file0\x00', 0xffc00000, 0x1, &(0x7f0000000180)=[{&(0x7f0000000000)="0400000900000000666174000404090a0200027400f801", 0x17}], 0x0, &(0x7f0000000480)={[{@fat=@nocase='nocase'}]})
r5 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r6 = syz_open_procfs(0x0, &(0x7f0000000080)='mountinfo\x00')
sendfile(r5, r6, 0x0, 0x800000080004103)
ftruncate(r0, 0x800)

08:55:36 executing program 5:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000040)='/dev/btrfs-control\x00', 0x40, 0x0)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0xffffffff)

08:55:36 executing program 3:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(0xffffffffffffffff, r1, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0xffffffff)

08:55:36 executing program 2:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = fcntl$dupfd(r2, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r4 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
write$USERIO_CMD_SEND_INTERRUPT(r4, &(0x7f0000000040)={0x2, 0x2}, 0x2)
sendfile(r0, r4, 0x0, 0x8400fffffffa)
sendfile(r0, r4, 0x0, 0xffffffff)

08:55:36 executing program 0:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = fcntl$dupfd(r2, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
r4 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
fcntl$setstatus(r4, 0x4, 0x46000)
io_setup(0x2349, &(0x7f0000000240)=<r5=>0x0)
io_submit(r5, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x80000000000000, 0x1, 0xfffc, r4, &(0x7f0000000000), 0x0, 0x4}])
r6 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/btrfs-control\x00', 0x0, 0x0)
ioctl$ASHMEM_GET_PIN_STATUS(r6, 0x7709, 0x0)
bpf$OBJ_PIN_MAP(0x6, &(0x7f0000000100)={&(0x7f0000000080)='./bus\x00', r6}, 0x10)
r7 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000180)='/dev/btrfs-control\x00', 0x7f3000, 0x0)
ioctl$ASHMEM_GET_PIN_STATUS(r7, 0x7709, 0x0)
fcntl$setstatus(r7, 0x4, 0x2100)
ftruncate(0xffffffffffffffff, 0xffffffff)
ioctl$VIDIOC_SUBDEV_ENUM_MBUS_CODE(0xffffffffffffffff, 0xc0305602, &(0x7f0000000040)={0x0, 0x8, 0x1007, 0x1})
lseek(r0, 0x0, 0x2)
r8 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r8, 0x0, 0x8400fffffffa)
sendfile(r0, r8, 0x0, 0xffffffff)

08:55:37 executing program 0:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = fcntl$dupfd(r2, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
fcntl$setstatus(r0, 0x4, 0x6900)
r4 = getpgrp(0x0)
setpriority(0x0, r4, 0xffff)
perf_event_open(&(0x7f00000002c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x82, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$KVM_SET_XCRS(0xffffffffffffffff, 0x4188aea7, &(0x7f0000000140)=ANY=[@ANYBLOB="0201000803000000074800000000000035b25c393d0cfbfac9c3"])
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r6, 0x4020ae46, &(0x7f0000000740)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil})
r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r6, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r7, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0xfb]})
ioctl$KVM_RUN(r7, 0xae80, 0x0)
ioctl$KVM_RUN(r7, 0xae80, 0x0)
r8 = creat(&(0x7f0000000100)='./file0\x00', 0x0)
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r8, 0x84, 0x25, 0x0, 0x0)
ioctl$SNDRV_RAWMIDI_IOCTL_PVERSION(r8, 0x80045700, &(0x7f0000000000))

08:55:37 executing program 3:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, 0xffffffffffffffff, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0xffffffff)

08:55:37 executing program 2:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = fcntl$dupfd(r2, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r4 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r4, 0x0, 0x8400fffffffa)
sendfile(r0, r4, 0x0, 0xffffffff)
r5 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/btrfs-control\x00', 0x0, 0x0)
ioctl$ASHMEM_GET_PIN_STATUS(r5, 0x7709, 0x0)
setns(r5, 0x8000000)

[ 2803.555002] kauditd_printk_skb: 38 callbacks suppressed
[ 2803.555013] audit: type=1804 audit(1591347337.711:742): pid=21668 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.5" name="/root/syzkaller-testdir619757868/syzkaller.NyDZSH/3777/bus" dev="sda1" ino=16149 res=1
[ 2803.567808] audit: type=1804 audit(1591347337.731:743): pid=21671 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.2" name="/root/syzkaller-testdir440013971/syzkaller.BGz3RF/4631/bus" dev="sda1" ino=16436 res=1
08:55:38 executing program 3:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, 0xffffffffffffffff, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0xffffffff)

[ 2804.319356] audit: type=1804 audit(1591347338.481:744): pid=21675 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.3" name="/root/syzkaller-testdir891778437/syzkaller.7QqUtx/911/bus" dev="sda1" ino=16073 res=1
[ 2804.388107] audit: type=1804 audit(1591347338.551:745): pid=21673 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="ToMToU" comm="syz-executor.2" name="/root/syzkaller-testdir440013971/syzkaller.BGz3RF/4631/bus" dev="sda1" ino=16436 res=1
08:55:38 executing program 2:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = fcntl$dupfd(r2, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r4 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r4, 0x0, 0x8400fffffffa)
r5 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/btrfs-control\x00', 0x0, 0x0)
ioctl$ASHMEM_GET_PIN_STATUS(r5, 0x7709, 0x0)
getsockopt$inet_tcp_TCP_REPAIR_WINDOW(r5, 0x6, 0x1d, &(0x7f0000000040), &(0x7f0000000080)=0x14)
sendfile(r0, r4, 0x0, 0xffffffff)

[ 2804.402569] audit: type=1804 audit(1591347338.561:746): pid=21671 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.2" name="/root/syzkaller-testdir440013971/syzkaller.BGz3RF/4631/bus" dev="sda1" ino=16436 res=1
[ 2804.641146] audit: type=1804 audit(1591347338.801:747): pid=21678 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.2" name="/root/syzkaller-testdir440013971/syzkaller.BGz3RF/4632/bus" dev="sda1" ino=16436 res=1
08:55:39 executing program 1:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040))
syz_init_net_socket$x25(0x9, 0x5, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200)
io_setup(0x2349, &(0x7f0000000240)=<r1=>0x0)
io_submit(r1, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x80000000000000, 0x1, 0x0, 0xffffffffffffffff, &(0x7f0000000000), 0x377140be6b5ef4c7}])
r2 = socket$inet6_sctp(0xa, 0x5, 0x84)
shutdown(r2, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r2, 0x84, 0x6f, &(0x7f0000000040)={0x0, 0xfffffca5, &(0x7f0000000300)=[@in={0x2, 0x4e22, @dev={0xac, 0x14, 0x14, 0x2a}}, @in6={0xa, 0x4e23, 0x0, @ipv4={[], [], @empty}, 0x5}, @in={0x2, 0x4e23, @multicast2}, @in={0x2, 0x4e20, @loopback}, @in6={0xa, 0x4e20, 0x4, @dev={0xfe, 0x80, [], 0x36}, 0x5}, @in={0x2, 0x4e22, @initdev={0xac, 0x1e, 0x0, 0x0}}, @in6={0xa, 0x4e21, 0x1, @mcast1, 0xffffffff}]}, &(0x7f0000000180)=0x10)
r3 = socket$inet(0x2, 0x80001, 0x84)
getsockopt$inet_sctp_SCTP_MAX_BURST(r3, 0x84, 0x14, &(0x7f00000000c0)=@assoc_value={<r4=>0x0}, &(0x7f0000000100)=0xfffffdeb)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r2, 0x84, 0x7d, &(0x7f0000000240)={r4}, 0x9c)
setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, &(0x7f0000000080)={r4, 0x8}, 0xc)
fcntl$setstatus(r0, 0x4, 0x6900)
syz_mount_image$msdos(&(0x7f0000000040)='msdos\x00', &(0x7f0000000100)='./file0\x00', 0xffc00000, 0x1, &(0x7f0000000180)=[{&(0x7f0000000000)="0400000900000000666174000404090a0200027400f801", 0x17}], 0x0, &(0x7f0000000480)={[{@fat=@nocase='nocase'}]})
r5 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r6 = syz_open_procfs(0x0, &(0x7f0000000080)='mountinfo\x00')
sendfile(r5, r6, 0x0, 0x800000080004103)

08:55:39 executing program 3:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, 0xffffffffffffffff, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0xffffffff)

08:55:39 executing program 5:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
r1 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/btrfs-control\x00', 0x0, 0x0)
r2 = openat(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x10040, 0x48)
r3 = syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f00000001c0)='NLBL_MGMT\x00')
sendmsg$NLBL_MGMT_C_LISTDEF(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000380)={0x50, r3, 0x0, 0x70bd2a, 0x25dfdbfc, {}, [@NLBL_MGMT_A_FAMILY={0x6, 0xb, 0x25}, @NLBL_MGMT_A_FAMILY={0x6, 0xb, 0x1d}, @NLBL_MGMT_A_IPV4ADDR={0x8, 0x7, @rand_addr=0x64010100}, @NLBL_MGMT_A_PROTOCOL={0x8, 0x2, 0x5}, @NLBL_MGMT_A_CV4DOI={0x8, 0x4, 0x2}, @NLBL_MGMT_A_CLPDOI={0x8, 0xc, 0x1}, @NLBL_MGMT_A_DOMAIN={0xc, 0x1, 'overlay\x00'}]}, 0x50}, 0x1, 0x0, 0x0, 0x40}, 0x0)
sendmsg$NLBL_MGMT_C_LISTALL(r2, &(0x7f0000000300)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000180)={&(0x7f0000000440)=ANY=[@ANYBLOB='P\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="00042dbd7000fedbdf250300000014000600fe8000000000000000f4ffffff00001714000500ff0b000000000000000000000000000114000500fc000000000000000000000000000000706f178ac323bca6153c102ca2d918491b5b671d09f08f37977ce5717b24dfb9c0749311787c87a2e6c043b61de8632fd5830ec736668204000e70e1ae8304234fde40099b93aa9ddb3cba4971c191569cb1ffec7c837b24ba5809a454952f0966d7ee78b5d27fa7b4bb35893cd90a18e106c6317801ae2e33f3a4a862c8ae317a51df08b5068b8814e9a6f09351a767e7cc294a620fb81d075846231157a72268d9bf2e08b3e11f429b4ed086f22040df2949604df152546a19462e08e0"], 0x50}, 0x1, 0x0, 0x0, 0x48c0}, 0x0)
sendmsg$NLBL_MGMT_C_LISTDEF(r1, &(0x7f00000001c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)={0x1c, r3, 0x800, 0x70bd2c, 0x25dfdbfe, {}, [@NLBL_MGMT_A_CV4DOI={0x8, 0x4, 0x2}]}, 0x1c}, 0x1, 0x0, 0x0, 0x51}, 0x20000000)
ioctl$ASHMEM_GET_PIN_STATUS(r1, 0x7709, 0x0)
ioctl$KVM_GET_EMULATED_CPUID(r1, 0xc008ae09, &(0x7f0000000040)=""/12)
lseek(r0, 0x0, 0x2)
r4 = syz_open_dev$vcsa(&(0x7f0000000080)='/dev/vcsa#\x00', 0x3, 0x151000)
r5 = open(&(0x7f0000000240)='./bus\x00', 0x40100, 0x2)
ioctl$KVM_GET_FPU(r5, 0x81a0ae8c, &(0x7f0000000580))
write$P9_RWRITE(r4, &(0x7f00000000c0)={0xb, 0x77, 0x1, 0x10ad}, 0xb)
r6 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r6, 0x0, 0x8400fffffffa)
sendfile(r0, r6, 0x0, 0xffffffff)

[ 2805.171071] audit: type=1804 audit(1591347339.331:748): pid=21685 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.3" name="/root/syzkaller-testdir891778437/syzkaller.7QqUtx/912/bus" dev="sda1" ino=16073 res=1
[ 2805.401262] audit: type=1804 audit(1591347339.561:749): pid=21687 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.5" name="/root/syzkaller-testdir619757868/syzkaller.NyDZSH/3778/bus" dev="sda1" ino=16609 res=1
[ 2805.433915] audit: type=1804 audit(1591347339.571:750): pid=21687 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.5" name="/root/syzkaller-testdir619757868/syzkaller.NyDZSH/3778/bus" dev="sda1" ino=16609 res=1
[ 2805.463966] audit: type=1804 audit(1591347339.621:751): pid=21688 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="ToMToU" comm="syz-executor.2" name="/root/syzkaller-testdir440013971/syzkaller.BGz3RF/4632/bus" dev="sda1" ino=16436 res=1
08:55:39 executing program 2:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140))
r1 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/btrfs-control\x00', 0x0, 0x0)
ioctl$ASHMEM_GET_PIN_STATUS(r1, 0x7709, 0x0)
fcntl$dupfd(r1, 0x406, r0)
r2 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
fcntl$setstatus(r2, 0x4, 0x46000)
io_setup(0x2349, &(0x7f0000000240)=<r3=>0x0)
io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x80000000000000, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7}])
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x3, 0x2)
r4 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r4, 0x0, 0x8400fffffffa)
r5 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
fcntl$setstatus(r5, 0x4, 0x46000)
io_setup(0x2349, &(0x7f0000000240)=<r6=>0x0)
io_submit(r6, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x80000000000000, 0x1, 0x0, r5, &(0x7f0000000000), 0x377140be6b5ef4c7}])
sendfile(r5, r4, 0x0, 0xffffffff)

08:55:40 executing program 2:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = fcntl$dupfd(r2, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r4 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
r5 = socket$inet_udplite(0x2, 0x2, 0x88)
getsockopt$sock_cred(r5, 0x1, 0x11, &(0x7f0000000240)={0x0, <r6=>0x0}, &(0x7f0000000280)=0x5)
setuid(r6)
r7 = socket$inet_udplite(0x2, 0x2, 0x88)
getsockopt$sock_cred(r7, 0x1, 0x11, &(0x7f0000000240)={0x0, <r8=>0x0}, &(0x7f0000000280)=0x5)
setuid(r8)
syz_mount_image$f2fs(&(0x7f0000000040)='f2fs\x00', &(0x7f0000000080)='./bus\x00', 0x10001, 0x6, &(0x7f0000000400)=[{&(0x7f00000000c0)="fb5d1292234c1e6ae67508e0297aa945f27dffda643a6eeec669826a07e40fee4fede70bf2dc1ffa754857b8baeb878a5a12fc8e", 0x34, 0x800}, {&(0x7f0000000180)="ff9d463c848804e5c6a9ad724c1a9f9982559a42ea7bef8a3585d9ab347cf6840d6e9a2fd7a3f0bb39495280e42ab27ea0178b4ba9136eb4b81df74fd622037b5a0362413d5ae1048683169fc83b67c41d41dc2c27115bc6713f7fd5540aa3c515dcf95285ebac87ffc87ac1184105e4bfa6d07b1646b1c9f3b0664af415b5820aa5ab958ea2584daa63295f143a8fef91dfc0a7a9d5cf760b87d320b0209b8917bc35ae1eb2ad2619e1e13154f1a508cfb467f4ce2489e633e86c91a98fadd5615fed48ece3dff72c23bd225e59920867b03377689d210330", 0xd9}, {&(0x7f0000000100)="ced13fa36bb00604871bc227b5b53735f9746bed284c265b5d486799f4564639d4075592796481a83dd6f1a3d5", 0x2d, 0x2}, {&(0x7f0000000300)="238ce4a6af4b3d4a4180ddf1eaf8c71ee60ca55ce2b7d0191f696bc745ab002e8808e4b4a2f42eb25f8f5cd511ee8e417aa553dde7a9feb9ac9bd0dc5607384c6b6de7598360b14e685834b3f4d66843411838f389d18e0bf6a65486637444fddeb9d2cff9cb5550f4928a6c3546a1dcf03205ce59dba2a5f6b6", 0x7a, 0x10000}, {&(0x7f0000000380)="e0d09dff46516b96c0cc7d4797cc724ba5ad2cbb0a20bd602e4cb1753ee1db686bc6d8ab8ac1bc029d57fa3205e82c1d26a34c83c6d13dcdca52f985dcc115b793da37e026571f108445d497bad678a20e878d6f3c49699c4328fcc446669ad4a24b15e7af69b4cdd00a3ffdd446a6850c", 0x71, 0x4}, {&(0x7f0000000280)="4d65d2b0eec34c2e152ed2e9969b5d746db5904dc28cb6af31c51a31b35322a9579b30ea451dc071dfcad07d399b897150d733fb", 0x34, 0x3ff}], 0x4, &(0x7f00000004c0)=ANY=[@ANYBLOB='acl,prjquota=\'md5sum,[(,disable_roll_forward,user_xattr,fowner=', @ANYRESDEC=0xee01, @ANYBLOB=',euid>', @ANYRESDEC=r6, @ANYBLOB=',audit,fowner<', @ANYRESDEC=r8, @ANYBLOB="2c6473746166665f752c00000000000000fff60000"])
sendfile(r0, r4, 0x0, 0x8400fffffffa)
sendfile(r0, r4, 0x0, 0xffffffff)

08:55:40 executing program 3:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r1, 0x0, 0x0)
sendfile(r0, r1, 0x0, 0xffffffff)

08:55:40 executing program 5:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6900)
r1 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/btrfs-control\x00', 0x0, 0x0)
ioctl$ASHMEM_GET_PIN_STATUS(r1, 0x7709, 0x0)
r2 = dup(r1)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket$netlink(0x10, 0x3, 0x0)
r5 = socket$netlink(0x10, 0x3, 0x0)
r6 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r6, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, <r7=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="48000000100005070000000000000000400000005281a4dbfd1b1473ccc3d2eb419bccd99ded64639d6026956a37db5169bf2fa44d12c1df6bd55682946a7357344492dd5b7d0f0965c984107a2b5c0f1ad934a461c034d8146ec412fb40838e662f8abc6135c4ddfe7f630b22eec5a790d00f85c2210cbdca841a074d180fe9964e2c4c76c64ad52db1f73505f5187fff88572e6d0637b2fb4a803bf43dbfb66452213e0d9110c2307b1dd8b6679e25e934970e450b0feefd5841d3ab0bfdc471d8678e5afb64f2630f89e3ee093a04b4666cc26f95631777f4e6c01cc44f44794d7eb4872ffb0fdb066fb5780152aa1ce61f922e4a27b3d694e518ede4e393a77aa1ec3f86a612affa7adf2b2294b06a", @ANYRES32=r7, @ANYRESHEX], 0x48}}, 0x4004)
sendmsg$nl_route_sched(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000340)=ANY=[@ANYBLOB="4c00000024001d0f000000000000000000040000", @ANYRES32=r7, @ANYBLOB="00000000f1ffffff060000000d00010066715f636f64656c"], 0x4c}}, 0x0)
sendmsg$nl_route_sched(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000640)=@newtfilter={0x24, 0x2a, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r7}}, 0x24}}, 0x0)
ioctl$ifreq_SIOCGIFINDEX_team(r2, 0x8933, &(0x7f0000000040)={'team0\x00', r7})
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r8 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r8, 0x0, 0x8400fffffffa)
sendfile(r0, r8, 0x0, 0xffffffff)

[ 2806.656488] nla_parse: 1 callbacks suppressed
[ 2806.656495] netlink: 40 bytes leftover after parsing attributes in process `syz-executor.5'.
[ 2806.659504] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.5'.
08:55:41 executing program 0:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = fcntl$dupfd(r2, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r4 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r4, 0x0, 0x8400fffffffa)
sendfile(r0, r4, 0x0, 0xffffffff)
ioctl$SCSI_IOCTL_GET_PCI(r4, 0x5387, &(0x7f0000000040))

08:55:41 executing program 2:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = fcntl$dupfd(r2, 0x0, r1)
r4 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/btrfs-control\x00', 0x0, 0x0)
ioctl$ASHMEM_GET_PIN_STATUS(r4, 0x7709, 0x0)
ioctl$FS_IOC_REMOVE_ENCRYPTION_KEY(r4, 0xc0406618, &(0x7f0000000080)={{0x1, 0x0, @descriptor="ab03549e32bd9ce5"}})
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r5 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendmsg$NL80211_CMD_GET_WIPHY(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x24, 0x0, 0x4, 0x0, 0x0, {}, [@NL80211_ATTR_WIPHY={0x8, 0x1, 0x2}, @NL80211_ATTR_IFINDEX={0x8}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_SET_KEY(0xffffffffffffffff, &(0x7f00000002c0)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0xd6851cadc5e69bb9}, 0xc, &(0x7f0000000280)={&(0x7f0000000380)=ANY=[@ANYRES32=r3, @ANYRES16, @ANYBLOB="08002dbd700000000000000004000800ff34b328beffb400080009914ec2848b", @ANYRESHEX, @ANYRES64], 0x34}, 0x1, 0x0, 0x0, 0x80}, 0x800)
getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x15, &(0x7f0000000100)={@remote}, &(0x7f0000000180)=0x14)
sendmsg$NL80211_CMD_SET_MESH_CONFIG(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000300)={&(0x7f0000000400)={0xd4, 0x0, 0x8, 0x70bd2b, 0x25dfdbfb, {}, [@NL80211_ATTR_MESH_CONFIG={0x34, 0x23, 0x0, 0x1, [@NL80211_MESHCONF_HWMP_MAX_PREQ_RETRIES={0x5, 0x8, 0x8}, @NL80211_MESHCONF_HWMP_MAX_PREQ_RETRIES={0x5, 0x8, 0x4}, @NL80211_MESHCONF_MAX_PEER_LINKS={0x6, 0x4, 0xfe}, @NL80211_MESHCONF_HWMP_RANN_INTERVAL={0x6, 0x10, 0x4}, @NL80211_MESHCONF_POWER_MODE={0x8, 0x1a, 0x2}, @NL80211_MESHCONF_TTL={0x5, 0x6, 0x4}]}, @NL80211_ATTR_WDEV={0xc, 0x99, {0x7, 0x2}}, @NL80211_ATTR_MESH_CONFIG={0xc, 0x23, 0x0, 0x1, [@NL80211_MESHCONF_HWMP_RANN_INTERVAL={0x6, 0x10, 0x2}]}, @NL80211_ATTR_MESH_CONFIG={0x54, 0x23, 0x0, 0x1, [@NL80211_MESHCONF_PLINK_TIMEOUT={0x8, 0x1c, 0x6}, @NL80211_MESHCONF_ELEMENT_TTL={0x5, 0xf, 0x2}, @NL80211_MESHCONF_AWAKE_WINDOW={0x6, 0x1b, 0xcc42}, @NL80211_MESHCONF_HWMP_PATH_TO_ROOT_TIMEOUT={0x8, 0x17, 0x10000}, @NL80211_MESHCONF_SYNC_OFFSET_MAX_NEIGHBOR={0x8, 0x15, 0x3a}, @NL80211_MESHCONF_HOLDING_TIMEOUT={0x6, 0x3, 0xe8}, @NL80211_MESHCONF_HWMP_MAX_PREQ_RETRIES={0x5, 0x8, 0xfd}, @NL80211_MESHCONF_RETRY_TIMEOUT={0x6, 0x1, 0x3a}, @NL80211_MESHCONF_HWMP_PREQ_MIN_INTERVAL={0x6, 0xc, 0x80}, @NL80211_MESHCONF_AWAKE_WINDOW={0x6, 0x1b, 0x6}]}, @NL80211_ATTR_WDEV={0xc, 0x99, {0xffffffff, 0x1}}, @NL80211_ATTR_WDEV={0xc, 0x99, {0xfefffeff, 0x3}}, @NL80211_ATTR_WIPHY={0x8, 0x1, 0x1}]}, 0xd4}, 0x1, 0x0, 0x0, 0x40}, 0x50)
sendfile(r0, r5, 0x0, 0x8400fffffffa)
sendfile(r0, r5, 0x0, 0xffffffff)
r6 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/btrfs-control\x00', 0x0, 0x0)
ioctl$ASHMEM_GET_PIN_STATUS(r6, 0x7709, 0x0)
ioctl$sock_SIOCGIFVLAN_SET_VLAN_INGRESS_PRIORITY_CMD(r6, 0x8982, &(0x7f0000000040)={0x2, 'caif0\x00', {0x52}, 0x4})

08:55:41 executing program 1:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040))
syz_init_net_socket$x25(0x9, 0x5, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200)
io_setup(0x2349, &(0x7f0000000240)=<r1=>0x0)
io_submit(r1, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x80000000000000, 0x1, 0x0, 0xffffffffffffffff, &(0x7f0000000000), 0x377140be6b5ef4c7}])
r2 = socket$inet6_sctp(0xa, 0x5, 0x84)
shutdown(r2, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r2, 0x84, 0x6f, &(0x7f0000000040)={0x0, 0xfffffca5, &(0x7f0000000300)=[@in={0x2, 0x4e22, @dev={0xac, 0x14, 0x14, 0x2a}}, @in6={0xa, 0x4e23, 0x0, @ipv4={[], [], @empty}, 0x5}, @in={0x2, 0x4e23, @multicast2}, @in={0x2, 0x4e20, @loopback}, @in6={0xa, 0x4e20, 0x4, @dev={0xfe, 0x80, [], 0x36}, 0x5}, @in={0x2, 0x4e22, @initdev={0xac, 0x1e, 0x0, 0x0}}, @in6={0xa, 0x4e21, 0x1, @mcast1, 0xffffffff}]}, &(0x7f0000000180)=0x10)
r3 = socket$inet(0x2, 0x80001, 0x84)
getsockopt$inet_sctp_SCTP_MAX_BURST(r3, 0x84, 0x14, &(0x7f00000000c0)=@assoc_value={<r4=>0x0}, &(0x7f0000000100)=0xfffffdeb)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r2, 0x84, 0x7d, &(0x7f0000000240)={r4}, 0x9c)
setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, &(0x7f0000000080)={r4, 0x8}, 0xc)
fcntl$setstatus(r0, 0x4, 0x6900)
syz_mount_image$msdos(&(0x7f0000000040)='msdos\x00', &(0x7f0000000100)='./file0\x00', 0xffc00000, 0x1, &(0x7f0000000180)=[{&(0x7f0000000000)="0400000900000000666174000404090a0200027400f801", 0x17}], 0x0, &(0x7f0000000480)={[{@fat=@nocase='nocase'}]})
r5 = syz_open_dev$tty1(0xc, 0x4, 0x1)
sendfile(r5, 0xffffffffffffffff, 0x0, 0x800000080004103)

08:55:41 executing program 3:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r1, 0x0, 0x0)
sendfile(r0, r1, 0x0, 0xffffffff)

08:55:41 executing program 1:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040))
syz_init_net_socket$x25(0x9, 0x5, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200)
io_setup(0x2349, &(0x7f0000000240)=<r1=>0x0)
io_submit(r1, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x80000000000000, 0x1, 0x0, 0xffffffffffffffff, &(0x7f0000000000), 0x377140be6b5ef4c7}])
r2 = socket$inet6_sctp(0xa, 0x5, 0x84)
shutdown(r2, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r2, 0x84, 0x6f, &(0x7f0000000040)={0x0, 0xfffffca5, &(0x7f0000000300)=[@in={0x2, 0x4e22, @dev={0xac, 0x14, 0x14, 0x2a}}, @in6={0xa, 0x4e23, 0x0, @ipv4={[], [], @empty}, 0x5}, @in={0x2, 0x4e23, @multicast2}, @in={0x2, 0x4e20, @loopback}, @in6={0xa, 0x4e20, 0x4, @dev={0xfe, 0x80, [], 0x36}, 0x5}, @in={0x2, 0x4e22, @initdev={0xac, 0x1e, 0x0, 0x0}}, @in6={0xa, 0x4e21, 0x1, @mcast1, 0xffffffff}]}, &(0x7f0000000180)=0x10)
r3 = socket$inet(0x2, 0x80001, 0x84)
getsockopt$inet_sctp_SCTP_MAX_BURST(r3, 0x84, 0x14, &(0x7f00000000c0)=@assoc_value={<r4=>0x0}, &(0x7f0000000100)=0xfffffdeb)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r2, 0x84, 0x7d, &(0x7f0000000240)={r4}, 0x9c)
setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, &(0x7f0000000080)={r4, 0x8}, 0xc)
fcntl$setstatus(r0, 0x4, 0x6900)
syz_mount_image$msdos(&(0x7f0000000040)='msdos\x00', &(0x7f0000000100)='./file0\x00', 0xffc00000, 0x1, &(0x7f0000000180)=[{&(0x7f0000000000)="0400000900000000666174000404090a0200027400f801", 0x17}], 0x0, &(0x7f0000000480)={[{@fat=@nocase='nocase'}]})
r5 = syz_open_dev$tty1(0xc, 0x4, 0x1)
sendfile(r5, 0xffffffffffffffff, 0x0, 0x800000080004103)

08:55:41 executing program 1:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040))
syz_init_net_socket$x25(0x9, 0x5, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200)
io_setup(0x2349, &(0x7f0000000240)=<r1=>0x0)
io_submit(r1, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x80000000000000, 0x1, 0x0, 0xffffffffffffffff, &(0x7f0000000000), 0x377140be6b5ef4c7}])
r2 = socket$inet6_sctp(0xa, 0x5, 0x84)
shutdown(r2, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r2, 0x84, 0x6f, &(0x7f0000000040)={0x0, 0xfffffca5, &(0x7f0000000300)=[@in={0x2, 0x4e22, @dev={0xac, 0x14, 0x14, 0x2a}}, @in6={0xa, 0x4e23, 0x0, @ipv4={[], [], @empty}, 0x5}, @in={0x2, 0x4e23, @multicast2}, @in={0x2, 0x4e20, @loopback}, @in6={0xa, 0x4e20, 0x4, @dev={0xfe, 0x80, [], 0x36}, 0x5}, @in={0x2, 0x4e22, @initdev={0xac, 0x1e, 0x0, 0x0}}, @in6={0xa, 0x4e21, 0x1, @mcast1, 0xffffffff}]}, &(0x7f0000000180)=0x10)
r3 = socket$inet(0x2, 0x80001, 0x84)
getsockopt$inet_sctp_SCTP_MAX_BURST(r3, 0x84, 0x14, &(0x7f00000000c0)=@assoc_value={<r4=>0x0}, &(0x7f0000000100)=0xfffffdeb)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r2, 0x84, 0x7d, &(0x7f0000000240)={r4}, 0x9c)
setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, &(0x7f0000000080)={r4, 0x8}, 0xc)
fcntl$setstatus(r0, 0x4, 0x6900)
syz_mount_image$msdos(&(0x7f0000000040)='msdos\x00', &(0x7f0000000100)='./file0\x00', 0xffc00000, 0x1, &(0x7f0000000180)=[{&(0x7f0000000000)="0400000900000000666174000404090a0200027400f801", 0x17}], 0x0, &(0x7f0000000480)={[{@fat=@nocase='nocase'}]})
r5 = syz_open_dev$tty1(0xc, 0x4, 0x1)
sendfile(r5, 0xffffffffffffffff, 0x0, 0x800000080004103)

08:55:41 executing program 1:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040))
syz_init_net_socket$x25(0x9, 0x5, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200)
io_setup(0x2349, &(0x7f0000000240)=<r1=>0x0)
io_submit(r1, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x80000000000000, 0x1, 0x0, 0xffffffffffffffff, &(0x7f0000000000), 0x377140be6b5ef4c7}])
r2 = socket$inet6_sctp(0xa, 0x5, 0x84)
shutdown(r2, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r2, 0x84, 0x6f, &(0x7f0000000040)={0x0, 0xfffffca5, &(0x7f0000000300)=[@in={0x2, 0x4e22, @dev={0xac, 0x14, 0x14, 0x2a}}, @in6={0xa, 0x4e23, 0x0, @ipv4={[], [], @empty}, 0x5}, @in={0x2, 0x4e23, @multicast2}, @in={0x2, 0x4e20, @loopback}, @in6={0xa, 0x4e20, 0x4, @dev={0xfe, 0x80, [], 0x36}, 0x5}, @in={0x2, 0x4e22, @initdev={0xac, 0x1e, 0x0, 0x0}}, @in6={0xa, 0x4e21, 0x1, @mcast1, 0xffffffff}]}, &(0x7f0000000180)=0x10)
r3 = socket$inet(0x2, 0x80001, 0x84)
getsockopt$inet_sctp_SCTP_MAX_BURST(r3, 0x84, 0x14, &(0x7f00000000c0)=@assoc_value={<r4=>0x0}, &(0x7f0000000100)=0xfffffdeb)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r2, 0x84, 0x7d, &(0x7f0000000240)={r4}, 0x9c)
setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, &(0x7f0000000080)={r4, 0x8}, 0xc)
fcntl$setstatus(r0, 0x4, 0x6900)
syz_mount_image$msdos(&(0x7f0000000040)='msdos\x00', &(0x7f0000000100)='./file0\x00', 0xffc00000, 0x1, &(0x7f0000000180)=[{&(0x7f0000000000)="0400000900000000666174000404090a0200027400f801", 0x17}], 0x0, &(0x7f0000000480)={[{@fat=@nocase='nocase'}]})
r5 = syz_open_procfs(0x0, &(0x7f0000000080)='mountinfo\x00')
sendfile(0xffffffffffffffff, r5, 0x0, 0x800000080004103)

[ 2807.544441] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.5'.
08:55:41 executing program 1:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040))
syz_init_net_socket$x25(0x9, 0x5, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200)
io_setup(0x2349, &(0x7f0000000240)=<r1=>0x0)
io_submit(r1, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x80000000000000, 0x1, 0x0, 0xffffffffffffffff, &(0x7f0000000000), 0x377140be6b5ef4c7}])
r2 = socket$inet6_sctp(0xa, 0x5, 0x84)
shutdown(r2, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r2, 0x84, 0x6f, &(0x7f0000000040)={0x0, 0xfffffca5, &(0x7f0000000300)=[@in={0x2, 0x4e22, @dev={0xac, 0x14, 0x14, 0x2a}}, @in6={0xa, 0x4e23, 0x0, @ipv4={[], [], @empty}, 0x5}, @in={0x2, 0x4e23, @multicast2}, @in={0x2, 0x4e20, @loopback}, @in6={0xa, 0x4e20, 0x4, @dev={0xfe, 0x80, [], 0x36}, 0x5}, @in={0x2, 0x4e22, @initdev={0xac, 0x1e, 0x0, 0x0}}, @in6={0xa, 0x4e21, 0x1, @mcast1, 0xffffffff}]}, &(0x7f0000000180)=0x10)
r3 = socket$inet(0x2, 0x80001, 0x84)
getsockopt$inet_sctp_SCTP_MAX_BURST(r3, 0x84, 0x14, &(0x7f00000000c0)=@assoc_value={<r4=>0x0}, &(0x7f0000000100)=0xfffffdeb)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r2, 0x84, 0x7d, &(0x7f0000000240)={r4}, 0x9c)
setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, &(0x7f0000000080)={r4, 0x8}, 0xc)
fcntl$setstatus(r0, 0x4, 0x6900)
syz_mount_image$msdos(&(0x7f0000000040)='msdos\x00', &(0x7f0000000100)='./file0\x00', 0xffc00000, 0x1, &(0x7f0000000180)=[{&(0x7f0000000000)="0400000900000000666174000404090a0200027400f801", 0x17}], 0x0, &(0x7f0000000480)={[{@fat=@nocase='nocase'}]})
r5 = syz_open_procfs(0x0, &(0x7f0000000080)='mountinfo\x00')
sendfile(0xffffffffffffffff, r5, 0x0, 0x800000080004103)

[ 2807.661844] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.5'.
08:55:42 executing program 5:
r0 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/btrfs-control\x00', 0x0, 0x0)
ioctl$ASHMEM_GET_PIN_STATUS(r0, 0x7709, 0x0)
ioctl$SNDCTL_DSP_SETTRIGGER(r0, 0x40045010, &(0x7f0000000040)=0x80000001)
r1 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6900)
ftruncate(r1, 0x800)
lseek(r1, 0x0, 0x2)
r2 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x8400fffffffa)
sendfile(r1, r2, 0x0, 0xffffffff)

08:55:42 executing program 3:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r1, 0x0, 0x0)
sendfile(r0, r1, 0x0, 0xffffffff)

08:55:42 executing program 1:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040))
syz_init_net_socket$x25(0x9, 0x5, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200)
io_setup(0x2349, &(0x7f0000000240)=<r1=>0x0)
io_submit(r1, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x80000000000000, 0x1, 0x0, 0xffffffffffffffff, &(0x7f0000000000), 0x377140be6b5ef4c7}])
r2 = socket$inet6_sctp(0xa, 0x5, 0x84)
shutdown(r2, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r2, 0x84, 0x6f, &(0x7f0000000040)={0x0, 0xfffffca5, &(0x7f0000000300)=[@in={0x2, 0x4e22, @dev={0xac, 0x14, 0x14, 0x2a}}, @in6={0xa, 0x4e23, 0x0, @ipv4={[], [], @empty}, 0x5}, @in={0x2, 0x4e23, @multicast2}, @in={0x2, 0x4e20, @loopback}, @in6={0xa, 0x4e20, 0x4, @dev={0xfe, 0x80, [], 0x36}, 0x5}, @in={0x2, 0x4e22, @initdev={0xac, 0x1e, 0x0, 0x0}}, @in6={0xa, 0x4e21, 0x1, @mcast1, 0xffffffff}]}, &(0x7f0000000180)=0x10)
r3 = socket$inet(0x2, 0x80001, 0x84)
getsockopt$inet_sctp_SCTP_MAX_BURST(r3, 0x84, 0x14, &(0x7f00000000c0)=@assoc_value={<r4=>0x0}, &(0x7f0000000100)=0xfffffdeb)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r2, 0x84, 0x7d, &(0x7f0000000240)={r4}, 0x9c)
setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, &(0x7f0000000080)={r4, 0x8}, 0xc)
fcntl$setstatus(r0, 0x4, 0x6900)
syz_mount_image$msdos(&(0x7f0000000040)='msdos\x00', &(0x7f0000000100)='./file0\x00', 0xffc00000, 0x1, &(0x7f0000000180)=[{&(0x7f0000000000)="0400000900000000666174000404090a0200027400f801", 0x17}], 0x0, &(0x7f0000000480)={[{@fat=@nocase='nocase'}]})
r5 = syz_open_procfs(0x0, &(0x7f0000000080)='mountinfo\x00')
sendfile(0xffffffffffffffff, r5, 0x0, 0x800000080004103)

08:55:42 executing program 0:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = fcntl$dupfd(r2, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
r4 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r4, 0x0, 0x8400fffffffa)
sendfile(r0, r4, 0x0, 0xffffffff)

08:55:42 executing program 2:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = fcntl$dupfd(r2, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r4 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r4, 0x0, 0x8400fffffffa)
r5 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
fcntl$setstatus(r5, 0x4, 0x46000)
io_setup(0x2349, &(0x7f0000000240)=<r6=>0x0)
io_submit(r6, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x80000000000000, 0x1, 0x0, r5, &(0x7f0000000000), 0x377140be6b5ef4c7}])
ioctl$TIOCGSOFTCAR(r5, 0x5419, &(0x7f0000000040))
sendfile(r0, r4, 0x0, 0xffffffff)

08:55:42 executing program 1:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040))
syz_init_net_socket$x25(0x9, 0x5, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200)
io_setup(0x2349, &(0x7f0000000240)=<r1=>0x0)
io_submit(r1, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x80000000000000, 0x1, 0x0, 0xffffffffffffffff, &(0x7f0000000000), 0x377140be6b5ef4c7}])
r2 = socket$inet6_sctp(0xa, 0x5, 0x84)
shutdown(r2, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r2, 0x84, 0x6f, &(0x7f0000000040)={0x0, 0xfffffca5, &(0x7f0000000300)=[@in={0x2, 0x4e22, @dev={0xac, 0x14, 0x14, 0x2a}}, @in6={0xa, 0x4e23, 0x0, @ipv4={[], [], @empty}, 0x5}, @in={0x2, 0x4e23, @multicast2}, @in={0x2, 0x4e20, @loopback}, @in6={0xa, 0x4e20, 0x4, @dev={0xfe, 0x80, [], 0x36}, 0x5}, @in={0x2, 0x4e22, @initdev={0xac, 0x1e, 0x0, 0x0}}, @in6={0xa, 0x4e21, 0x1, @mcast1, 0xffffffff}]}, &(0x7f0000000180)=0x10)
r3 = socket$inet(0x2, 0x80001, 0x84)
getsockopt$inet_sctp_SCTP_MAX_BURST(r3, 0x84, 0x14, &(0x7f00000000c0)=@assoc_value={<r4=>0x0}, &(0x7f0000000100)=0xfffffdeb)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r2, 0x84, 0x7d, &(0x7f0000000240)={r4}, 0x9c)
setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, &(0x7f0000000080)={r4, 0x8}, 0xc)
fcntl$setstatus(r0, 0x4, 0x6900)
r5 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r6 = syz_open_procfs(0x0, &(0x7f0000000080)='mountinfo\x00')
sendfile(r5, r6, 0x0, 0x800000080004103)

08:55:42 executing program 0:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = fcntl$dupfd(r2, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
r4 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
fcntl$setstatus(r4, 0x4, 0x46000)
io_setup(0x2349, &(0x7f0000000240)=<r5=>0x0)
io_submit(r5, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x80000000000000, 0x1, 0x0, r4, &(0x7f0000000000), 0x377140be6b5ef4c7}])
r6 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000680)='/dev/vga_arbiter\x00', 0x400, 0x0)
setsockopt$packet_fanout_data(r6, 0x107, 0x16, &(0x7f0000000740)={0xa, &(0x7f00000006c0)=[{0x0, 0x4, 0x7, 0x2}, {0x2800, 0x3f, 0x85, 0x8000}, {0x9b69, 0x3, 0x2, 0x3}, {0x3f, 0x5a, 0xfe, 0x1}, {0x3, 0xc0, 0x2b, 0x1}, {0x0, 0xf4, 0x0, 0x7}, {0xfffa, 0x7, 0x4, 0x5}, {0x20, 0xff, 0x5, 0x80000001}, {0x3, 0x81, 0x1, 0x7}, {0x59f, 0x8, 0x8, 0x10001}]}, 0x10)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000280)={r4, 0xc0, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)=0x5, 0x0, 0x0, 0x0, &(0x7f0000000080)={0x9, 0x3}, 0x0, 0x0, &(0x7f00000000c0)={0x1, 0xd, 0x2, 0xffff}, &(0x7f0000000100)=0x4, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000180)=0x9}}, 0x10)
lseek(r0, 0x0, 0x2)
r7 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r7, 0x0, 0x8400fffffffa)
sendfile(r0, r7, 0x0, 0xffffffff)

08:55:42 executing program 0:
r0 = creat(&(0x7f0000000040)='./bus\x00', 0x7f)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = fcntl$dupfd(r2, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r4 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r4, 0x0, 0x8400fffffffa)
sendfile(r0, r4, 0x0, 0xffffffff)
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0)
r6 = creat(&(0x7f00000001c0)='./bus\x00', 0x15e)
getsockopt$X25_QBITINCL(r6, 0x106, 0x1, &(0x7f0000000200), &(0x7f0000000240)=0x4)
write$FUSE_INTERRUPT(r5, &(0x7f0000000080)={0x10}, 0x10)
r7 = dup2(0xffffffffffffffff, r5)
r8 = syz_genetlink_get_family_id$tipc(&(0x7f0000000340)='TIPC\x00')
sendmsg$TIPC_CMD_SET_NODE_ADDR(r7, &(0x7f0000000400)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f00000003c0)={&(0x7f0000000380)={0x24, r8, 0x300, 0x70bd29, 0x25dfdbfe, {{}, {}, {0x8, 0x11, 0x4}}, ["", "", "", "", "", "", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x80}, 0x4004080)
sendmsg$TIPC_CMD_GET_REMOTE_MNG(r4, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x1c, r8, 0x4, 0x70bd28, 0x25dfdbfc, {}, ["", "", "", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000}, 0x2004a884)

08:55:43 executing program 3:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
sendfile(0xffffffffffffffff, r1, 0x0, 0xffffffff)

[ 2808.906939] kauditd_printk_skb: 31 callbacks suppressed
[ 2808.906949] audit: type=1804 audit(1591347343.071:783): pid=21769 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="ToMToU" comm="syz-executor.2" name="/root/syzkaller-testdir440013971/syzkaller.BGz3RF/4636/bus" dev="sda1" ino=16642 res=1
08:55:43 executing program 2:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = fcntl$dupfd(r2, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r4 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r4, 0x0, 0x8400fffffffa)
sendfile(r0, r4, 0x0, 0xffffffff)

[ 2808.943951] audit: type=1804 audit(1591347343.101:784): pid=21771 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="ToMToU" comm="syz-executor.2" name="/root/syzkaller-testdir440013971/syzkaller.BGz3RF/4636/bus" dev="sda1" ino=16642 res=1
[ 2808.945964] audit: type=1804 audit(1591347343.111:785): pid=21769 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.2" name="/root/syzkaller-testdir440013971/syzkaller.BGz3RF/4636/bus" dev="sda1" ino=16642 res=1
[ 2808.987167] audit: type=1804 audit(1591347343.151:786): pid=21774 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.3" name="/root/syzkaller-testdir891778437/syzkaller.7QqUtx/916/bus" dev="sda1" ino=16296 res=1
08:55:43 executing program 5:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r1 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x46000)
io_setup(0x2349, &(0x7f0000000240)=<r2=>0x0)
io_submit(r2, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x80000000000000, 0x1, 0x0, r1, &(0x7f0000000000), 0x377140be6b5ef4c7}])
ioctl$VIDIOC_DECODER_CMD(r1, 0xc0485660, &(0x7f0000000040)={0x6, 0x1, @start={0x1}})
r3 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
ioctl$sock_inet_SIOCSIFADDR(r1, 0x8916, &(0x7f0000000100)={'erspan0\x00', {0x2, 0x4e24, @broadcast}})
sendfile(r0, r3, 0x0, 0x8400fffffffa)
sendfile(r0, r3, 0x0, 0xffffffff)

[ 2809.129601] audit: type=1804 audit(1591347343.291:787): pid=21779 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.2" name="/root/syzkaller-testdir440013971/syzkaller.BGz3RF/4637/bus" dev="sda1" ino=16297 res=1
[ 2809.133987] audit: type=1804 audit(1591347343.291:788): pid=21776 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="ToMToU" comm="syz-executor.5" name="/root/syzkaller-testdir619757868/syzkaller.NyDZSH/3780/bus" dev="sda1" ino=15783 res=1
08:55:43 executing program 0:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = fcntl$dupfd(r2, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
fcntl$setstatus(0xffffffffffffffff, 0x4, 0x6c00)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r4 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/btrfs-control\x00', 0x0, 0x0)
ioctl$ASHMEM_GET_PIN_STATUS(r4, 0x7709, 0x0)
r5 = syz_open_pts(r4, 0x173201)
fsetxattr$trusted_overlay_upper(r5, &(0x7f0000000180)='trusted.overlay.upper\x00', &(0x7f0000000200)=ANY=[@ANYRES32=r2, @ANYRESOCT=r2], 0x1a, 0x6)
r6 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/btrfs-control\x00', 0x111200, 0x0)
ioctl$ASHMEM_GET_PIN_STATUS(r6, 0x7709, 0x0)
setsockopt$inet6_tcp_TCP_CONGESTION(0xffffffffffffffff, 0x6, 0xd, &(0x7f00000001c0)='lp\x00', 0x3)
ioctl$sock_kcm_SIOCKCMCLONE(r4, 0x89e2, &(0x7f00000000c0)={<r7=>r6})
setsockopt$inet6_int(r7, 0x29, 0x4a, &(0x7f0000000100), 0x4)
fsetxattr$security_selinux(r4, &(0x7f0000000040)='security.selinux\x00', &(0x7f0000000080)='system_u:object_r:root_t:s0\x00', 0x1c, 0x1)
r8 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r8, 0x0, 0x8400fffffffa)
sendfile(r0, r8, 0x0, 0xffffffff)

[ 2809.151288] audit: type=1804 audit(1591347343.311:789): pid=21757 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.5" name="/root/syzkaller-testdir619757868/syzkaller.NyDZSH/3780/bus" dev="sda1" ino=15783 res=1
08:55:43 executing program 3:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
sendfile(0xffffffffffffffff, r1, 0x0, 0xffffffff)

[ 2809.212094] audit: type=1804 audit(1591347343.371:790): pid=21768 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="ToMToU" comm="syz-executor.0" name="/root/syzkaller-testdir384449744/syzkaller.8GxjaF/4351/bus" dev="sda1" ino=16609 res=1
08:55:44 executing program 5:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
r1 = shmget$private(0x0, 0x3000, 0x10, &(0x7f0000ffb000/0x3000)=nil)
shmctl$SHM_UNLOCK(r1, 0xc)
ioctl$sock_SIOCSIFBR(0xffffffffffffffff, 0x8941, &(0x7f00000000c0)=@get={0x1, &(0x7f0000000040)=""/124, 0x5})
lseek(r0, 0x0, 0x2)
r2 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r2, 0x0, 0x8400fffffffa)
sendfile(r0, r2, 0x0, 0xffffffff)

[ 2809.218153] audit: type=1804 audit(1591347343.381:791): pid=21764 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.0" name="/root/syzkaller-testdir384449744/syzkaller.8GxjaF/4351/bus" dev="sda1" ino=16609 res=1
[ 2809.267157] audit: type=1804 audit(1591347343.431:792): pid=21768 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="ToMToU" comm="syz-executor.0" name="/root/syzkaller-testdir384449744/syzkaller.8GxjaF/4351/bus" dev="sda1" ino=16609 res=1
08:55:44 executing program 2:
r0 = creat(&(0x7f0000000040)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = fcntl$dupfd(r2, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
r4 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/btrfs-control\x00', 0x0, 0x0)
ioctl$ASHMEM_GET_PIN_STATUS(r4, 0x7709, 0x0)
r5 = socket$inet6_sctp(0xa, 0x5, 0x84)
shutdown(r5, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r5, 0x84, 0x6f, &(0x7f0000000040)={0x0, 0xfffffca5, &(0x7f0000000300)=[@in={0x2, 0x4e22, @dev={0xac, 0x14, 0x14, 0x2a}}, @in6={0xa, 0x4e23, 0x0, @ipv4={[], [], @empty}, 0x5}, @in={0x2, 0x4e23, @multicast2}, @in={0x2, 0x4e20, @loopback}, @in6={0xa, 0x4e20, 0x4, @dev={0xfe, 0x80, [], 0x36}, 0x5}, @in={0x2, 0x4e22, @initdev={0xac, 0x1e, 0x0, 0x0}}, @in6={0xa, 0x4e21, 0x1, @mcast1, 0xffffffff}]}, &(0x7f0000000180)=0x10)
r6 = socket$inet(0x2, 0x80001, 0x84)
getsockopt$inet_sctp_SCTP_MAX_BURST(r6, 0x84, 0x14, &(0x7f00000000c0)=@assoc_value={<r7=>0x0}, &(0x7f0000000100)=0xfffffdeb)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r5, 0x84, 0x7d, &(0x7f0000000240)={r7}, 0x9c)
setsockopt$inet_sctp6_SCTP_AUTH_KEY(r4, 0x84, 0x17, &(0x7f00000003c0)=ANY=[@ANYRES32=r7, @ANYBLOB="3d0a6000490477510f14d37b4bad28da18b8408db5ef882e66bc8ce8068867dd79499eee4ac2272d7159e00208595327ec498641c6e5c0edbbec91a3a0c198af4c0a359721264b34997250210c3b1046f864833516872bdb27455182045cc61822b41169129e8613312001356dc5acd9c07e4aebf0996e565bc7cedbad1f8a89c43cd7ec1b579f5b5692d937c39a8ac0727c7cfdeba64cb2a584f17c9d13a32e38a156d38db6502e62f4f1dd73ce5dc3d21e0418001000001dae196f0693d4d14b1850902795bac3d863d352078b597ffb92916ca6cebf0ef397ffab4e59022777132fdb4e1a240a8948e354a5e5faf0568e5013aac31edd4282b3f93b1b5ac01701c3f91b3213a23bbb4e02185f2d1016fb7122e4545b00000000000000000000000000c3ba9a8ac4e8f4d1b364e5c4f37a2ca47846f448ca47284e2fc6ecf3ba7dcdd842e0a7b2ead0778f997119be25e444b26086134999d8f767149e0fb24f19035a0002e2499cd1e88233c2aaeb178431cf2858fc18406ccf81d5552b7ae089d66192156f876691ffc4280264e75b6187e05f28b1a63273bc5df4cc186c5a2f1a15354064452142e21fce81ae801a38c8201089cfaa04ad562d76397ee01bee77e16b6db5f50b43c6804677d06427d6d4853bfe3a1523daca0b4e76444d32d4e59e0c15dadd4bbf6e227dd69f5172d6d2d7e5526a91075ab64c1a3c6eadd6eb6f8851ba89232b5e1f1ef79456d3cc3663224dbc2a237e5dc63a57ef1d"], 0x68)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r8 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r8, 0x0, 0x8400fffffffa)
sendfile(r0, r8, 0x0, 0xffffffff)

08:55:44 executing program 3:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
sendfile(0xffffffffffffffff, r1, 0x0, 0xffffffff)

08:55:45 executing program 0:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = fcntl$dupfd(r2, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r4 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
r5 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
fcntl$setstatus(r5, 0x4, 0x46000)
rt_sigprocmask(0x2, &(0x7f0000000180)={[0x81]}, &(0x7f00000001c0), 0x8)
io_setup(0x2349, &(0x7f0000000240)=<r6=>0x0)
io_submit(r6, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x80000000000000, 0x1, 0x0, r5, &(0x7f0000000000), 0x377140be6b5ef4c7}])
r7 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r7, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000000)={<r8=>0xffffffffffffffff}, 0x13f}}, 0xffaf)
write$RDMA_USER_CM_CMD_QUERY(r7, &(0x7f0000000040)={0x13, 0x10, 0x7, {0x0, r8, 0x2}}, 0x18)
write$RDMA_USER_CM_CMD_DISCONNECT(r5, &(0x7f0000000040)={0xa, 0x4, 0xfa00, {r8}}, 0xc)
sendfile(r0, r4, 0x0, 0x8400fffffffa)
sendfile(r0, r4, 0x0, 0xffffffff)

08:55:45 executing program 1:
creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040))
syz_init_net_socket$x25(0x9, 0x5, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200)
io_setup(0x2349, &(0x7f0000000240)=<r0=>0x0)
io_submit(r0, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x80000000000000, 0x1, 0x0, 0xffffffffffffffff, &(0x7f0000000000), 0x377140be6b5ef4c7}])
r1 = socket$inet6_sctp(0xa, 0x5, 0x84)
shutdown(r1, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f0000000040)={0x0, 0xfffffca5, &(0x7f0000000300)=[@in={0x2, 0x4e22, @dev={0xac, 0x14, 0x14, 0x2a}}, @in6={0xa, 0x4e23, 0x0, @ipv4={[], [], @empty}, 0x5}, @in={0x2, 0x4e23, @multicast2}, @in={0x2, 0x4e20, @loopback}, @in6={0xa, 0x4e20, 0x4, @dev={0xfe, 0x80, [], 0x36}, 0x5}, @in={0x2, 0x4e22, @initdev={0xac, 0x1e, 0x0, 0x0}}, @in6={0xa, 0x4e21, 0x1, @mcast1, 0xffffffff}]}, &(0x7f0000000180)=0x10)
r2 = socket$inet(0x2, 0x80001, 0x84)
getsockopt$inet_sctp_SCTP_MAX_BURST(r2, 0x84, 0x14, &(0x7f00000000c0)=@assoc_value={<r3=>0x0}, &(0x7f0000000100)=0xfffffdeb)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x7d, &(0x7f0000000240)={r3}, 0x9c)
setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, &(0x7f0000000080)={r3, 0x8}, 0xc)
r4 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r5 = syz_open_procfs(0x0, &(0x7f0000000080)='mountinfo\x00')
sendfile(r4, r5, 0x0, 0x800000080004103)

08:55:45 executing program 0:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = fcntl$dupfd(r2, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r4 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r4, 0x0, 0x8400fffffffa)
sendfile(r0, r4, 0x0, 0xffffffff)
r5 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/btrfs-control\x00', 0x0, 0x0)
ioctl$ASHMEM_GET_PIN_STATUS(r5, 0x7709, 0x0)
open_by_handle_at(r5, &(0x7f0000000040)={0x36, 0xee25, "df70fa5daf4e0f11f71db208cdbfbcf18d0908110d26ea6696676330dcbb4af747e625eb21281644f00909f7e10f"}, 0x1140)

08:55:45 executing program 5:
syz_emit_ethernet(0x2a, &(0x7f0000000240)={@broadcast, @broadcast, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x2f, 0x0, @broadcast, @local}, {0x0, 0x0, 0x8}}}}}, 0x0)
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0xffffffff)

08:55:45 executing program 2:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = fcntl$dupfd(r2, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r4 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r4, 0x0, 0x8400fffffffa)
sendfile(r0, r4, 0x0, 0xffffffff)

08:55:45 executing program 3:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
sendfile(r0, 0xffffffffffffffff, 0x0, 0xffffffff)

08:55:46 executing program 2:
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = fcntl$dupfd(r1, 0x0, r0)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
fcntl$setstatus(0xffffffffffffffff, 0x4, 0x6900)
ftruncate(0xffffffffffffffff, 0x800)
lseek(0xffffffffffffffff, 0x0, 0x2)
r3 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(0xffffffffffffffff, r3, 0x0, 0x8400fffffffa)
sendfile(0xffffffffffffffff, r3, 0x0, 0xffffffff)

08:55:46 executing program 3:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
sendfile(r0, 0xffffffffffffffff, 0x0, 0xffffffff)

08:55:46 executing program 0:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$sock_SIOCGIFCONF(r1, 0x8912, &(0x7f0000000080)=@buf={0xea, &(0x7f0000000180)="76897043b43b3c715237485879da6397fbf2237e5abeeee5cb4a8fd416cab516e766b89a2b96685f38b2703cd3c5f543ad016eed020268bc23f47c7e9bc5c7a95533dc2b975a0b48367a291a0dbdbdafc70825ce8e8750c1ae948f1c8b52392964872a023d2c301ac62949d02091562f7151bb099914b8bcd102c7ffb4c62cbb900462a3a4e2165c552fc6ae28d00db5049b44478cf0017b11f0122efa807fded422683de1a201eb57b955fd9aea67cc5b89a158a083e5252ad8e4b3cb4ada73fe47530b38a689701349f6792e21e1a76a447ef6e9a25859c1b5703e4ff0c519ec79b79a0b39ed2e6c1e"})
r3 = fcntl$dupfd(r2, 0x0, r1)
r4 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000040)='/dev/nvram\x00', 0xc0800, 0x0)
ioctl$LOOP_SET_DIRECT_IO(r4, 0x4c08, 0x3)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r5 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r5, 0x0, 0x8400fffffffa)
sendfile(r0, r5, 0x0, 0xffffffff)

08:55:46 executing program 2:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = fcntl$dupfd(r2, 0x0, r1)
r4 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/asound/timers\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r4, 0x4018620d, &(0x7f0000000080)={0x73622a85, 0x5})
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r5 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r5, 0x0, 0x8400fffffffa)
sendfile(r0, r5, 0x0, 0xffffffff)

08:55:47 executing program 5:
r0 = creat(&(0x7f00000000c0)='./bus/file0\x00', 0x4)
bpf$BPF_MAP_GET_NEXT_ID(0xc, &(0x7f0000000000)={0x3, 0x59}, 0xc)
fcntl$setstatus(r0, 0x4, 0x6900)
r1 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/btrfs-control\x00', 0x0, 0x0)
ioctl$ASHMEM_GET_PIN_STATUS(r1, 0x7709, 0x0)
r2 = syz_genetlink_get_family_id$smc(&(0x7f00000009c0)='SMC_PNETID\x00')
sendmsg$SMC_PNETID_ADD(0xffffffffffffffff, &(0x7f00000003c0)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000380)={&(0x7f0000000200)={0x64, r2, 0x0, 0x70bd25, 0x0, {}, [@SMC_PNETID_IBPORT={0x5, 0x4, 0x1}, @SMC_PNETID_ETHNAME={0x14, 0x2, 'veth1\x00'}, @SMC_PNETID_IBPORT={0x5}, @SMC_PNETID_NAME={0x9, 0x1, 'syz2\x00'}, @SMC_PNETID_ETHNAME={0x14, 0x2, 'hsr0\x00'}, @SMC_PNETID_IBNAME={0x9, 0x3, 'syz1\x00'}]}, 0x64}, 0x1, 0x0, 0x0, 0x4000010}, 0x20)
sendmsg$SMC_PNETID_ADD(r1, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x28, r2, 0x100, 0x70bd28, 0x25dfdbfd, {}, [@SMC_PNETID_IBPORT={0x5, 0x4, 0x1}, @SMC_PNETID_NAME={0x9, 0x1, 'syz2\x00'}]}, 0x28}, 0x1, 0x0, 0x0, 0x40001}, 0x4000040)
openat$vim2m(0xffffffffffffff9c, &(0x7f0000000280)='/dev/video35\x00', 0x2, 0x0)
r3 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
fcntl$setstatus(r3, 0x4, 0x46000)
io_setup(0x2349, &(0x7f0000000240)=<r4=>0x0)
io_submit(r4, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x80000000000000, 0x1, 0x0, r3, &(0x7f0000000000), 0x377140be6b5ef4c7}])
ftruncate(r3, 0x800)
lseek(r0, 0x0, 0x2)
r5 = open(&(0x7f0000000040)='./bus/file0\x00', 0x0, 0x0)
sendfile(r0, r5, 0x0, 0x8400fffffffa)
r6 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000300)='/dev/bsg\x00', 0x40000, 0x0)
ioctl$USBDEVFS_DISCONNECT_CLAIM(r6, 0x8108551b, &(0x7f0000000400)={0x1, 0x0, "f2f9c1d11da05cbe949f259581b9439b09c3731a57fb60ee3bcd8128c8df7d179314846604960fa3eb14013579e4e76d7d3ef515432c2f50bac919c55d93b5784f8fcd2eaf2d54a3f5210833b6e7f25ec808842bcb5d51819823198e382681d487a24b7fd0b84a5694def61c8e39a0d77b903098199a3f1b04db97148b1e20556d257bae895d286303aa61771c4d007b48fa41b7fedfff16617999521c4babee409db017862752e1745b7244d0323ff84763d115b2717bc70eaa0deea53a46f5f51358a587f7d863f02f6516742b5934e19ff510b3d001048d4a47e36195533f7aa2787cac66b56b9967fae9896f10d5a056c7e0fca2d6ce466bd6e7dcc6cb35"})
sendfile(r0, r5, 0x0, 0xffffffff)

08:55:47 executing program 3:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
sendfile(r0, 0xffffffffffffffff, 0x0, 0xffffffff)

08:55:47 executing program 0:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = fcntl$dupfd(r2, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
getsockopt$MISDN_TIME_STAMP(r0, 0x0, 0x1, &(0x7f0000000040), &(0x7f0000000080)=0x4)
lseek(r0, 0x0, 0x2)
r4 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r2, 0x0, 0x8400fffffffa)
sendfile(r0, r4, 0x0, 0xffffffff)

08:55:48 executing program 1:
creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040))
syz_init_net_socket$x25(0x9, 0x5, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200)
io_setup(0x2349, &(0x7f0000000240)=<r0=>0x0)
io_submit(r0, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x80000000000000, 0x1, 0x0, 0xffffffffffffffff, &(0x7f0000000000), 0x377140be6b5ef4c7}])
r1 = socket$inet6_sctp(0xa, 0x5, 0x84)
shutdown(r1, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f0000000040)={0x0, 0xfffffca5, &(0x7f0000000300)=[@in={0x2, 0x4e22, @dev={0xac, 0x14, 0x14, 0x2a}}, @in6={0xa, 0x4e23, 0x0, @ipv4={[], [], @empty}, 0x5}, @in={0x2, 0x4e23, @multicast2}, @in={0x2, 0x4e20, @loopback}, @in6={0xa, 0x4e20, 0x4, @dev={0xfe, 0x80, [], 0x36}, 0x5}, @in={0x2, 0x4e22, @initdev={0xac, 0x1e, 0x0, 0x0}}, @in6={0xa, 0x4e21, 0x1, @mcast1, 0xffffffff}]}, &(0x7f0000000180)=0x10)
r2 = socket$inet(0x2, 0x80001, 0x84)
getsockopt$inet_sctp_SCTP_MAX_BURST(r2, 0x84, 0x14, &(0x7f00000000c0)=@assoc_value={<r3=>0x0}, &(0x7f0000000100)=0xfffffdeb)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x7d, &(0x7f0000000240)={r3}, 0x9c)
r4 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r5 = syz_open_procfs(0x0, &(0x7f0000000080)='mountinfo\x00')
sendfile(r4, r5, 0x0, 0x800000080004103)

08:55:48 executing program 2:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = fcntl$dupfd(r2, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
ioctl$KVM_SET_TSS_ADDR(r0, 0xae47, 0x0)
ioctl$ASHMEM_GET_PIN_STATUS(0xffffffffffffffff, 0x7709, 0x0)
setsockopt$inet_sctp6_SCTP_NODELAY(0xffffffffffffffff, 0x84, 0x3, &(0x7f0000000040)=0x1, 0x4)
r4 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r4, 0x0, 0x8400fffffffa)
sendfile(r0, r4, 0x0, 0xffffffff)

08:55:48 executing program 5:
r0 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/btrfs-control\x00', 0x0, 0x0)
ioctl$ASHMEM_GET_PIN_STATUS(r0, 0x7709, 0x0)
ioctl$DRM_IOCTL_MODE_PAGE_FLIP(r0, 0xc01864b0, &(0x7f0000000040)={0x69b, 0x400, 0x1, 0xffffffff, 0x6})
r1 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6900)
ftruncate(r1, 0x800)
lseek(r1, 0x0, 0x2)
r2 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x8400fffffffa)
sendfile(r1, r2, 0x0, 0xffffffff)

[ 2814.291683] kauditd_printk_skb: 39 callbacks suppressed
[ 2814.291693] audit: type=1804 audit(1591347348.452:832): pid=21873 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.2" name="/root/syzkaller-testdir440013971/syzkaller.BGz3RF/4642/bus" dev="sda1" ino=16849 res=1
08:55:48 executing program 3:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0x0)

[ 2814.453196] audit: type=1804 audit(1591347348.612:833): pid=21877 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.5" name="/root/syzkaller-testdir619757868/syzkaller.NyDZSH/3785/bus" dev="sda1" ino=16930 res=1
08:55:48 executing program 5:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x5)
setsockopt$inet6_MCAST_JOIN_GROUP(r0, 0x29, 0x2a, &(0x7f0000000040)={0x3, {{0xa, 0xff00, 0x4, @private1={0xfc, 0x1, [], 0x1}, 0x9}}}, 0x88)
lseek(r0, 0xfffffffffffffffd, 0x3)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0xffffffff)
ioctl$sock_SIOCGIFVLAN_GET_VLAN_INGRESS_PRIORITY_CMD(r0, 0x8982, &(0x7f0000000100))

[ 2814.540113] audit: type=1804 audit(1591347348.702:834): pid=21881 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="ToMToU" comm="syz-executor.0" name="/root/syzkaller-testdir384449744/syzkaller.8GxjaF/4356/bus" dev="sda1" ino=16042 res=1
08:55:48 executing program 0:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = fcntl$dupfd(r2, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r4 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
r5 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
fcntl$setstatus(r5, 0x4, 0x46000)
io_setup(0x2349, &(0x7f0000000240)=<r6=>0x0)
io_submit(r6, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x80000000000000, 0x1, 0x0, r5, &(0x7f0000000000), 0x377140be6b5ef4c7}])
sendfile(r3, r0, 0x0, 0x108400fffffff9)
sendfile(r0, r4, 0x0, 0xffffffff)

[ 2814.559733] audit: type=1804 audit(1591347348.722:835): pid=21881 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.0" name="/root/syzkaller-testdir384449744/syzkaller.8GxjaF/4356/bus" dev="sda1" ino=16042 res=1
[ 2814.575883] audit: type=1804 audit(1591347348.742:836): pid=21882 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.3" name="/root/syzkaller-testdir891778437/syzkaller.7QqUtx/922/bus" dev="sda1" ino=16818 res=1
08:55:48 executing program 0:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = fcntl$dupfd(r2, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r4 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
syz_open_dev$vcsa(&(0x7f0000000040)='/dev/vcsa#\x00', 0x5, 0x1)
sendfile(r0, r4, 0x0, 0x8400fffffffa)
sendfile(r0, r4, 0x0, 0xffffffff)

[ 2814.745966] audit: type=1804 audit(1591347348.912:837): pid=21885 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.0" name="/root/syzkaller-testdir384449744/syzkaller.8GxjaF/4357/bus" dev="sda1" ino=16299 res=1
[ 2814.748201] audit: type=1804 audit(1591347348.912:838): pid=21885 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="ToMToU" comm="syz-executor.0" name="/root/syzkaller-testdir384449744/syzkaller.8GxjaF/4357/bus" dev="sda1" ino=16299 res=1
08:55:49 executing program 0:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = fcntl$dupfd(r2, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r4 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x52)
sendfile(r0, r4, 0x0, 0x8400fffffffa)
sendfile(r0, r4, 0x0, 0xffffffff)

[ 2814.761443] audit: type=1804 audit(1591347348.922:839): pid=21885 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.0" name="/root/syzkaller-testdir384449744/syzkaller.8GxjaF/4357/bus" dev="sda1" ino=16299 res=1
[ 2814.762444] audit: type=1804 audit(1591347348.922:840): pid=21886 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="ToMToU" comm="syz-executor.0" name="/root/syzkaller-testdir384449744/syzkaller.8GxjaF/4357/bus" dev="sda1" ino=16299 res=1
[ 2814.908440] audit: type=1804 audit(1591347349.072:841): pid=21891 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.0" name="/root/syzkaller-testdir384449744/syzkaller.8GxjaF/4358/bus" dev="sda1" ino=16977 res=1
08:55:49 executing program 5:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(0xffffffffffffffff, 0x0, 0x0)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0xffffffff)
r2 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ubi_ctrl\x00', 0x143c00, 0x0)
ioctl$TIOCGRS485(r2, 0x542e, &(0x7f0000000080))
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000100)='nl80211\x00')
sendmsg$NL80211_CMD_GET_WIPHY(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x24, r3, 0x4, 0x0, 0x0, {}, [@NL80211_ATTR_WIPHY={0x8, 0x1, 0x2}, @NL80211_ATTR_IFINDEX={0x8}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_SET_KEY(0xffffffffffffffff, &(0x7f00000002c0)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000280)={&(0x7f00000004c0)=ANY=[@ANYBLOB="34009a67c0ceda57ac584b922eadd6f06c7b37a6cd0000ff08e2b89e1a00"/39, @ANYRES16=r3, @ANYBLOB="08002dbd7000ffdbdf250a00000008003700000000000f000a00302dee441434b328beffb4000800090001ac0f00"], 0x34}, 0x1, 0x0, 0x0, 0x80}, 0x8000)
sendmsg$NL80211_CMD_GET_MPATH(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000280)={&(0x7f0000000200)={0x14, r3, 0x1, 0x70bd25, 0x25dfdbfd}, 0x14}, 0x1, 0x0, 0x0, 0x400c040}, 0x0)
r4 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
fcntl$setstatus(r4, 0x4, 0x46000)
io_setup(0x2349, &(0x7f0000000240)=<r5=>0x0)
io_submit(r5, 0x2, &(0x7f0000000400)=[&(0x7f00000000c0)={0x0, 0x0, 0x80000000000000, 0x1, 0x0, r4}, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x2, 0x1, 0xffffffffffffffff, &(0x7f0000000340)="9b2e1d6f5fbecbdadfece0fcdaaed9fcad3c5f21636989fd931dc638da35d7f7ce2038690b2282ada0b2445968f7972618d0b78f8e1ed7456460e3c6017d70dabf96589c555ad735f1854d0618af85a6bc5958258aeff26035b4de36797ecaa14410de9c704d36061e4a47691755fa308455e9d219", 0x75, 0x1}])
r6 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/btrfs-control\x00', 0x0, 0x0)
ioctl$ASHMEM_GET_PIN_STATUS(r6, 0x7709, 0x0)
sendmsg$IPSET_CMD_DESTROY(r6, &(0x7f00000001c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000140)={&(0x7f0000000180)={0x34, 0x3, 0x6, 0x3, 0x0, 0x0, {0x0, 0x0, 0x1}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x34}, 0x1, 0x0, 0x0, 0x4000801}, 0x4040)

08:55:49 executing program 2:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = fcntl$dupfd(r2, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
ioctl$SNDRV_PCM_IOCTL_DROP(r0, 0x4143, 0x0)
r4 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r4, 0x0, 0x8400fffffff9)
sendfile(r0, r4, 0x0, 0xffffffff)

08:55:49 executing program 3:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0x0)

08:55:49 executing program 5:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
lstat(&(0x7f0000000040)='./bus/file0\x00', &(0x7f0000000080))
sendfile(r0, r1, 0x0, 0x8400fffffffa)
unlink(&(0x7f0000000100)='./bus\x00')
sendfile(r0, r1, 0x0, 0xffffffff)

08:55:50 executing program 1:
creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040))
syz_init_net_socket$x25(0x9, 0x5, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200)
io_setup(0x2349, &(0x7f0000000240)=<r0=>0x0)
io_submit(r0, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x80000000000000, 0x1, 0x0, 0xffffffffffffffff, &(0x7f0000000000), 0x377140be6b5ef4c7}])
r1 = socket$inet6_sctp(0xa, 0x5, 0x84)
shutdown(r1, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f0000000040)={0x0, 0xfffffca5, &(0x7f0000000300)=[@in={0x2, 0x4e22, @dev={0xac, 0x14, 0x14, 0x2a}}, @in6={0xa, 0x4e23, 0x0, @ipv4={[], [], @empty}, 0x5}, @in={0x2, 0x4e23, @multicast2}, @in={0x2, 0x4e20, @loopback}, @in6={0xa, 0x4e20, 0x4, @dev={0xfe, 0x80, [], 0x36}, 0x5}, @in={0x2, 0x4e22, @initdev={0xac, 0x1e, 0x0, 0x0}}, @in6={0xa, 0x4e21, 0x1, @mcast1, 0xffffffff}]}, &(0x7f0000000180)=0x10)
r2 = socket$inet(0x2, 0x80001, 0x84)
getsockopt$inet_sctp_SCTP_MAX_BURST(r2, 0x84, 0x14, &(0x7f00000000c0)=@assoc_value, &(0x7f0000000100)=0xfffffdeb)
r3 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r4 = syz_open_procfs(0x0, &(0x7f0000000080)='mountinfo\x00')
sendfile(r3, r4, 0x0, 0x800000080004103)

08:55:50 executing program 0:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
listxattr(&(0x7f0000000100)='./bus\x00', &(0x7f0000000180)=""/57, 0x39)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = fcntl$dupfd(r2, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
ioctl$KVM_SET_CLOCK(r3, 0x4030ae7b, &(0x7f0000000040)={0x8000000000, 0x3})
r4 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
fcntl$setstatus(r4, 0x4, 0x46000)
r5 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/btrfs-control\x00', 0x0, 0x0)
ioctl$ASHMEM_GET_PIN_STATUS(r5, 0x7709, 0x0)
ioctl$USBDEVFS_GETDRIVER(r5, 0x41045508, &(0x7f0000000300)={0x0, "d707be4c025f1989aece83075b0031ebc519338c49e07a3743d75f0c36bbe604e2e9525647260858d0cf4509958ebc73dd74cea560b45a68a30f8ad7c5eab1c347ab1d05485a5df876c50329001b83b55726580a920ee6f99cd5392df7f1ed9ef2fe054a4ca384e940d97783ff79da776bfd5900d674247106821ee57932b047164d52ee16b8791470ff0bc963b6c0184da8465d7987b9798b5b14b2d50ed0307ea93443398f530b3ded3629a04938ecfd8cbb790e5f32f0c9b09f46a4bd6e6b185c6d06dfc6e9b1a75c4fb63925111dd7b4ae35f1a528eb711819b2353b5e3fe191e72de31c9a2032e08938446dffb46f57c44488c0929ca1d547e754e260dc"})
io_setup(0x2349, &(0x7f0000000240)=<r6=>0x0)
io_submit(r6, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x80000000000000, 0x1, 0x0, r4, &(0x7f0000000000), 0x377140be6b5ef4c7}])
ioctl$VT_GETSTATE(r4, 0x5603, &(0x7f0000000080)={0xf000, 0x0, 0x9})
lseek(r0, 0x2, 0x2)
r7 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r7, 0x0, 0x8400fffffffa)
sendfile(r0, r7, 0x0, 0xffffffff)

08:55:50 executing program 2:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = fcntl$dupfd(r2, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r4 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r4, 0x0, 0x8400fffffffa)
r5 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
fcntl$setstatus(r5, 0x4, 0x46000)
io_setup(0x2349, &(0x7f0000000240)=<r6=>0x0)
io_submit(r6, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x80000000000000, 0x1, 0x0, r5, &(0x7f0000000000), 0x377140be6b5ef4c7}])
setsockopt$bt_BT_POWER(r5, 0x112, 0x9, &(0x7f0000000040)=0x81, 0x1)
sendfile(r0, r4, 0x0, 0xffffffff)

08:55:50 executing program 3:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0x0)

08:55:50 executing program 0:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = fcntl$dupfd(r2, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
r4 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
fcntl$setstatus(r4, 0x4, 0x46000)
io_setup(0x2349, &(0x7f0000000240)=<r5=>0x0)
io_submit(r5, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x80000000000000, 0x1, 0x0, r4, &(0x7f0000000000), 0x377140be6b5ef4c7}])
fcntl$setstatus(r4, 0x4, 0x0)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r6 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r6, 0x0, 0x8400fffffffa)
sendfile(r0, r6, 0x0, 0xffffffff)

08:55:50 executing program 2:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = fcntl$dupfd(r2, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r4 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r4, 0x0, 0x8400fffffffa)
r5 = openat$vcsa(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vcsa\x00', 0x100, 0x0)
r6 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r6, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000000)={<r7=>0xffffffffffffffff}, 0x13f}}, 0xffaf)
write$RDMA_USER_CM_CMD_QUERY(r6, &(0x7f0000000040)={0x13, 0x10, 0x7, {0x0, r7, 0x2}}, 0x18)
write$RDMA_USER_CM_CMD_SET_OPTION(r4, &(0x7f00000000c0)={0xe, 0x18, 0xfa00, @id_tos={&(0x7f0000000080)=0x8, r7, 0x0, 0x0, 0x1}}, 0x20)
ioctl$VT_RELDISP(r5, 0x5605)
sendfile(r0, r2, 0x0, 0xffffffff)

08:55:51 executing program 5:
r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x46000)
io_setup(0x2349, &(0x7f0000000240))
io_submit(0x0, 0x0, &(0x7f0000000540))
setsockopt$inet6_dccp_buf(r0, 0x21, 0xf, &(0x7f0000000040)="fa9edb5c124ed25e544d64dae6829013c3c6cd81cf8ce4fff97cc0991c7bef4bf6436dc848a106a31aa41d740edacff898cc25fbf5ca1d845cdc3db6e8fdd7b4e05f8996a5839f7408c5b86d8c879a877f8b4c96f1792f0f6d52", 0x5a)
r1 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
r2 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/btrfs-control\x00', 0x0, 0x0)
ioctl$ASHMEM_GET_PIN_STATUS(r2, 0x7709, 0x0)
r3 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/btrfs-control\x00', 0x0, 0x0)
ioctl$ASHMEM_GET_PIN_STATUS(r3, 0x7709, 0x0)
fcntl$setstatus(0xffffffffffffffff, 0x4, 0x46000)
ftruncate(r1, 0x800)
ioctl$KDGETKEYCODE(r1, 0x4b4c, &(0x7f0000000100)={0xe3e, 0x5})
r4 = socket$phonet(0x23, 0x2, 0x1)
lseek(r4, 0x8000000000104, 0x4)
r5 = accept4$unix(r1, 0x0, &(0x7f0000000280), 0x800)
getsockopt$IP_VS_SO_GET_SERVICE(r5, 0x0, 0x483, &(0x7f0000000300), &(0x7f0000000380)=0x68)
r6 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(0xffffffffffffffff, r2, 0x0, 0xff)
sendfile(r1, r6, 0x0, 0xffffffff)

08:55:51 executing program 3:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = fcntl$dupfd(r2, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r4 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r4, 0x0, 0x8400fffffffa)
sendfile(r0, r4, 0x0, 0xffffffff)
ioctl$SCSI_IOCTL_GET_PCI(r4, 0x5387, &(0x7f0000000040))

08:55:51 executing program 2:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = fcntl$dupfd(r2, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
getsockopt$nfc_llcp(r3, 0x118, 0x3, &(0x7f0000000040)=""/108, 0x6c)
r4 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
fcntl$setstatus(r4, 0x4, 0x46000)
io_setup(0x2349, &(0x7f0000000240)=<r5=>0x0)
io_submit(r5, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x80000000000000, 0x1, 0x0, r4, &(0x7f0000000000), 0x377140be6b5ef4c7}])
dup3(r4, r2, 0x80000)
r6 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r6, 0x0, 0x8400fffffffa)
sendfile(r0, r6, 0x0, 0xffffffff)

08:55:52 executing program 0:
semget(0x3, 0x2, 0x400)
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000240)={0x0, <r1=>0x0}, &(0x7f0000000280)=0x5)
setuid(r1)
r2 = socket$inet_udplite(0x2, 0x2, 0x88)
getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000000240)={0x0, <r3=>0x0}, &(0x7f0000000280)=0x5)
setuid(r3)
r4 = socket$inet_udplite(0x2, 0x2, 0x88)
getsockopt$sock_cred(r4, 0x1, 0x11, &(0x7f0000000240)={0x0, <r5=>0x0}, &(0x7f0000000280)=0x5)
setuid(r5)
syz_mount_image$ext4(&(0x7f0000000040)='ext2\x00', &(0x7f0000000080)='./bus\x00', 0x48a, 0x3, &(0x7f00000001c0)=[{&(0x7f00000000c0)="866a41f379", 0x5, 0x200}, {&(0x7f0000000100)="ad1cc94ae026ad317a17d20e4fc8ad11e7ad7e903957c856db", 0x19, 0xffffffff}, {&(0x7f0000000180)="aa16cdfaadf7ba3d2e6f4d2b13056e45fc756417b692bf6090f9a228e8c31cd8134a1ed58885f6b8ecbe54da951b4a", 0x2f, 0x40}], 0x24000, &(0x7f0000000440)={[{@usrjquota='usrjquota='}, {@jqfmt_vfsold='jqfmt=vfsold'}, {@data_journal='data=journal'}, {@debug='debug'}, {@minixdf='minixdf'}, {@dioread_nolock='dioread_nolock'}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x2}}], [{@smackfsfloor={'smackfsfloor', 0x3d, 'em0-\\#ppp0{'}}, {@uid_eq={'uid', 0x3d, r1}}, {@obj_type={'obj_type', 0x3d, 'vboxnet0'}}, {@mask={'mask', 0x3d, '^MAY_APPEND'}}, {@smackfshat={'smackfshat', 0x3d, 'em1md5sum-'}}, {@obj_role={'obj_role', 0x3d, 'dioread_nolock'}}, {@euid_lt={'euid<', r5}}, {@obj_user={'obj_user', 0x3d, '['}}]})
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
r8 = fcntl$dupfd(r7, 0x0, r6)
ioctl$PERF_EVENT_IOC_ENABLE(r8, 0x8912, 0x400200)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r9 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r9, 0x0, 0x8400fffffffa)
sendfile(r0, r9, 0x0, 0xffffffff)

08:55:52 executing program 2:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = fcntl$dupfd(r2, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r4 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
r5 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
fcntl$setstatus(r5, 0x4, 0x46000)
io_setup(0x2349, &(0x7f0000000240)=<r6=>0x0)
io_submit(r6, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x80000000000000, 0x1, 0x0, r5, &(0x7f0000000000), 0x377140be6b5ef4c7}])
ioctl$DRM_IOCTL_ADD_CTX(r5, 0xc0086420, &(0x7f0000000040)={<r7=>0x0})
ioctl$DRM_IOCTL_SET_SAREA_CTX(r4, 0x4010641c, &(0x7f0000000080)={r7, &(0x7f0000000180)=""/235})
sendfile(r0, r4, 0x0, 0x8400fffffffa)
sendfile(r0, r4, 0x0, 0xffffffff)

08:55:52 executing program 5:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendmsg$IPCTNL_MSG_EXP_DELETE(r0, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000100)={&(0x7f0000000080)={0x44, 0x2, 0x2, 0x401, 0x0, 0x0, {0xc, 0x0, 0x8}, [@CTA_EXPECT_ZONE={0x0, 0x7, 0x1, 0x0, 0x2}, @CTA_EXPECT_HELP_NAME={0xf, 0x6, 'tftp-20000\x00'}, @CTA_EXPECT_ZONE={0x0, 0x7, 0x1, 0x0, 0x4}, @CTA_EXPECT_ZONE={0x6, 0x7, 0x1, 0x0, 0x3}, @CTA_EXPECT_ZONE={0x6, 0x7, 0x1, 0x0, 0x1}]}, 0x44}, 0x1, 0x0, 0x0, 0x800}, 0x48c0)
r2 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000180)='/dev/sequencer\x00', 0x48400, 0x0)
ioctl$IOC_PR_CLEAR(r2, 0x401070cd, &(0x7f00000001c0)={0x83f})
sendfile(r0, r1, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0xffffffff)

08:55:52 executing program 1:
creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040))
syz_init_net_socket$x25(0x9, 0x5, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200)
io_setup(0x2349, &(0x7f0000000240)=<r0=>0x0)
io_submit(r0, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x80000000000000, 0x1, 0x0, 0xffffffffffffffff, &(0x7f0000000000), 0x377140be6b5ef4c7}])
r1 = socket$inet6_sctp(0xa, 0x5, 0x84)
shutdown(r1, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f0000000040)={0x0, 0xfffffca5, &(0x7f0000000300)=[@in={0x2, 0x4e22, @dev={0xac, 0x14, 0x14, 0x2a}}, @in6={0xa, 0x4e23, 0x0, @ipv4={[], [], @empty}, 0x5}, @in={0x2, 0x4e23, @multicast2}, @in={0x2, 0x4e20, @loopback}, @in6={0xa, 0x4e20, 0x4, @dev={0xfe, 0x80, [], 0x36}, 0x5}, @in={0x2, 0x4e22, @initdev={0xac, 0x1e, 0x0, 0x0}}, @in6={0xa, 0x4e21, 0x1, @mcast1, 0xffffffff}]}, &(0x7f0000000180)=0x10)
socket$inet(0x2, 0x80001, 0x84)
r2 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r3 = syz_open_procfs(0x0, &(0x7f0000000080)='mountinfo\x00')
sendfile(r2, r3, 0x0, 0x800000080004103)

08:55:52 executing program 2:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = fcntl$dupfd(r2, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
fcntl$setstatus(r0, 0x4, 0x6900)
r4 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
fcntl$setstatus(r4, 0x4, 0x46000)
io_setup(0x2349, &(0x7f0000000240)=<r5=>0x0)
io_submit(r5, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x80000000000000, 0x1, 0x0, r4, &(0x7f0000000000), 0x377140be6b5ef4c7}])
sendmsg$IPCTNL_MSG_EXP_NEW(r4, &(0x7f00000000c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000080)={&(0x7f0000000180)={0x11c, 0x0, 0x2, 0x101, 0x0, 0x0, {0x3, 0x0, 0x3}, [@CTA_EXPECT_CLASS={0x8}, @CTA_EXPECT_TIMEOUT={0x8, 0x4, 0x1, 0x0, 0x800}, @CTA_EXPECT_NAT={0xe0, 0xa, 0x0, 0x1, [@CTA_EXPECT_NAT_TUPLE={0x34, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @rand_addr=0x64010102}, {0x8, 0x2, @rand_addr=0x64010101}}}, @CTA_TUPLE_ZONE={0x6}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x2f}}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x3}]}, @CTA_EXPECT_NAT_DIR={0x8}, @CTA_EXPECT_NAT_DIR={0x8}, @CTA_EXPECT_NAT_DIR={0x8, 0x1, 0x1, 0x0, 0x1}, @CTA_EXPECT_NAT_DIR={0x8}, @CTA_EXPECT_NAT_TUPLE={0x80, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev={0xac, 0x14, 0x14, 0x30}}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x1}, @CTA_TUPLE_ZONE={0x6}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x2f}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x6}}, @CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @rand_addr=0x64010102}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @local}, {0x14, 0x4, @loopback}}}]}, @CTA_EXPECT_NAT_DIR={0x8}]}, @CTA_EXPECT_CLASS={0x8, 0x9, 0x1, 0x0, 0x9}, @CTA_EXPECT_FN={0x8, 0xb, 'sip\x00'}, @CTA_EXPECT_ZONE={0x6, 0x7, 0x1, 0x0, 0x1}]}, 0x11c}, 0x1, 0x0, 0x0, 0x44010}, 0x20000000)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r6 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r6, 0x0, 0x8400fffffffa)
sendfile(r0, r6, 0x0, 0xffffffff)

08:55:52 executing program 0:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
openat$pfkey(0xffffffffffffff9c, &(0x7f0000000100)='/proc/self/net/pfkey\x00', 0x2, 0x0)
r3 = openat$full(0xffffffffffffff9c, &(0x7f0000000180)='/dev/full\x00', 0x180, 0x0)
accept$unix(r3, &(0x7f0000000040)=@abs, &(0x7f00000000c0)=0x6e)
r4 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/btrfs-control\x00', 0x0, 0x0)
ioctl$ASHMEM_GET_PIN_STATUS(r4, 0x7709, 0x0)
bpf$OBJ_PIN_MAP(0x6, &(0x7f0000000300)={&(0x7f0000000280)='./bus\x00', r4}, 0x10)
r5 = fcntl$dupfd(r2, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
r6 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/btrfs-control\x00', 0x0, 0x0)
ioctl$ASHMEM_GET_PIN_STATUS(r6, 0x7709, 0x0)
lseek(r6, 0xfffffffffffffffd, 0x2)
r7 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
lsetxattr$security_capability(&(0x7f00000001c0)='./bus\x00', &(0x7f0000000200)='security.capability\x00', &(0x7f0000000240)=@v1={0x1000000, [{0xfffff800, 0x6cf8}]}, 0xc, 0x3)
sendfile(r0, r7, 0x0, 0x8400fffffffa)
sendfile(r0, r7, 0x0, 0xffffffff)

08:55:52 executing program 0:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = fcntl$dupfd(r2, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
ioctl$SNDRV_PCM_IOCTL_UNLINK(r0, 0x4161, 0x0)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r4 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r4, 0x0, 0x8400fffffffa)
sendfile(r0, r4, 0x0, 0xffffffff)

08:55:53 executing program 3 (fault-call:6 fault-nth:0):
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0xffffffff)

[ 2819.065622] FAULT_INJECTION: forcing a failure.
[ 2819.065622] name failslab, interval 1, probability 0, space 0, times 0
[ 2819.065680] CPU: 0 PID: 21992 Comm: syz-executor.3 Not tainted 4.14.183-syzkaller #0
[ 2819.065688] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2819.065693] Call Trace:
[ 2819.065716]  dump_stack+0x1b2/0x283
[ 2819.065735]  should_fail.cold+0x10a/0x154
[ 2819.065755]  should_failslab+0xd6/0x130
[ 2819.065770]  kmem_cache_alloc_trace+0x2b7/0x3f0
[ 2819.065787]  alloc_pipe_info+0xaa/0x380
[ 2819.065804]  splice_direct_to_actor+0x581/0x730
[ 2819.065817]  ? avc_policy_seqno+0x5/0x10
[ 2819.065826]  ? generic_pipe_buf_nosteal+0x10/0x10
08:55:53 executing program 2:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = fcntl$dupfd(r2, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
r4 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
fcntl$setstatus(r4, 0x4, 0x46000)
io_setup(0x2349, &(0x7f0000000240)=<r5=>0x0)
io_submit(r5, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x80000000000000, 0x1, 0x0, r4, &(0x7f0000000000), 0x377140be6b5ef4c7}])
fchmod(r4, 0x4)
lseek(r0, 0x0, 0x2)
r6 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r6, 0x0, 0x8400fffffffa)
sendfile(r0, r6, 0x0, 0xffffffff)

[ 2819.065841]  ? do_splice_to+0x150/0x150
[ 2819.065853]  ? rw_verify_area+0xe1/0x290
[ 2819.065872]  do_splice_direct+0x164/0x210
[ 2819.065885]  ? splice_direct_to_actor+0x730/0x730
[ 2819.065903]  ? rcu_read_lock_sched_held+0x10a/0x130
[ 2819.065913]  ? rcu_sync_lockdep_assert+0x69/0xa0
08:55:53 executing program 5:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
write$eventfd(r0, &(0x7f0000000040), 0x8)
r1 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/btrfs-control\x00', 0x0, 0x0)
ioctl$ASHMEM_GET_PIN_STATUS(r1, 0x7709, 0x0)
r2 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/btrfs-control\x00', 0x0, 0x0)
ioctl$ASHMEM_GET_PIN_STATUS(r2, 0x7709, 0x0)
sendfile(r1, r2, &(0x7f00000000c0)=0x200, 0x9)
r3 = open(&(0x7f0000000000)='./bus\x00', 0x48042, 0x0)
sendfile(r0, r3, 0x0, 0x8400fffffffa)
sendfile(r0, r0, 0x0, 0xffffffff)
openat$ion(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ion\x00', 0x1, 0x0)
ioctl$SNDRV_CTL_IOCTL_RAWMIDI_PREFER_SUBDEVICE(r2, 0x40045542, &(0x7f0000000100))

[ 2819.065928]  do_sendfile+0x469/0xaf0
[ 2819.065948]  ? do_compat_pwritev64+0x140/0x140
[ 2819.065969]  SyS_sendfile64+0xff/0x110
[ 2819.065980]  ? SyS_sendfile+0x130/0x130
08:55:53 executing program 0:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = fcntl$dupfd(r2, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
r4 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/btrfs-control\x00', 0x0, 0x0)
r5 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
fcntl$setstatus(r5, 0x4, 0x46000)
io_submit(0x0, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x80000000000000, 0x1, 0x0, 0xffffffffffffffff, &(0x7f0000000000), 0x377140be6b5ef4c7}])
fremovexattr(0xffffffffffffffff, &(0x7f0000000080)=@known='trusted.overlay.opaque\x00')
io_setup(0x2349, &(0x7f0000000240)=<r6=>0x0)
io_submit(r6, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x80000000000000, 0x1, 0x0, r5, &(0x7f0000000000), 0x377140be6b5ef4c7}])
fcntl$F_GET_RW_HINT(r5, 0x40b, &(0x7f0000000040))
ioctl$ASHMEM_GET_PIN_STATUS(r4, 0x7709, 0x0)
ioctl$FS_IOC_GETFSMAP(r4, 0xc0c0583b, &(0x7f0000000300)=ANY=[@ANYBLOB="00000000000000000700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010001000800000000000018000000008400000000000000050000000000000011f2ffffffffffff0000000000000000000000000000000000000000000000007f00000000000000e2000000000000008100000000000000f80000000000000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000500000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001b000000000000000000000000000000000000000000000000000000000000000000000000000000000000520600"/640])
lseek(r0, 0x0, 0x2)
r7 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r7, 0x0, 0x8400fffffffa)
sendfile(r0, r7, 0x0, 0xffffffff)

08:55:53 executing program 2:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = fcntl$dupfd(r2, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r4 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r4, 0x0, 0x8400fffffffa)
sendfile(r0, r4, 0x0, 0xffffffff)
write$selinux_attr(r0, &(0x7f0000000040)='system_u:object_r:mnt_t:s0\x00', 0x1b)

[ 2819.065991]  ? do_syscall_64+0x4c/0x640
[ 2819.066001]  ? SyS_sendfile+0x130/0x130
[ 2819.066014]  do_syscall_64+0x1d5/0x640
08:55:53 executing program 3 (fault-call:6 fault-nth:1):
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0xffffffff)

[ 2819.066032]  entry_SYSCALL_64_after_hwframe+0x46/0xbb
[ 2819.066040] RIP: 0033:0x45ca69
[ 2819.066046] RSP: 002b:00007fd713cbac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[ 2819.066057] RAX: ffffffffffffffda RBX: 00000000004fc580 RCX: 000000000045ca69
08:55:54 executing program 0:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = fcntl$dupfd(r2, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r4 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x41)
sendfile(r0, r4, 0x0, 0x8400fffffffa)
bind$vsock_stream(r3, &(0x7f00000001c0)={0x28, 0x0, 0x2711, @hyper}, 0x10)
sendfile(r0, r4, 0x0, 0xffffffff)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080)='nl80211\x00')
sendmsg$NL80211_CMD_STOP_AP(r4, &(0x7f0000000180)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x38, r5, 0x200, 0x70bd2b, 0x25dfdbfc, {}, [@NL80211_ATTR_AKM_SUITES={0x24, 0x4c, [0xfac11, 0xfac04, 0x0, 0xfac03, 0xfac0c, 0xfac10, 0xfac0f, 0xfac09]}]}, 0x38}, 0x1, 0x0, 0x0, 0x4000}, 0xc054)

[ 2819.066068] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000003
[ 2819.066075] RBP: 000000000078bfa0 R08: 0000000000000000 R09: 0000000000000000
[ 2819.066082] R10: 00000000ffffffff R11: 0000000000000246 R12: 0000000000000005
[ 2819.066088] R13: 00000000000008dc R14: 00000000004cba56 R15: 00007fd713cbb6d4
[ 2819.300889] kauditd_printk_skb: 46 callbacks suppressed
[ 2819.300899] audit: type=1804 audit(1591347353.462:888): pid=21996 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="ToMToU" comm="syz-executor.2" name="/root/syzkaller-testdir440013971/syzkaller.BGz3RF/4648/bus" dev="sda1" ino=16898 res=1
[ 2819.331657] audit: type=1804 audit(1591347353.492:889): pid=21996 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="ToMToU" comm="syz-executor.2" name="/root/syzkaller-testdir440013971/syzkaller.BGz3RF/4648/bus" dev="sda1" ino=16898 res=1
[ 2819.349146] audit: type=1804 audit(1591347353.512:890): pid=21996 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.2" name="/root/syzkaller-testdir440013971/syzkaller.BGz3RF/4648/bus" dev="sda1" ino=16898 res=1
[ 2819.445495] audit: type=1804 audit(1591347353.612:891): pid=21999 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="ToMToU" comm="syz-executor.0" name="/root/syzkaller-testdir384449744/syzkaller.8GxjaF/4364/bus" dev="sda1" ino=17025 res=1
[ 2819.453849] audit: type=1804 audit(1591347353.612:892): pid=21987 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.0" name="/root/syzkaller-testdir384449744/syzkaller.8GxjaF/4364/bus" dev="sda1" ino=17025 res=1
08:55:54 executing program 3 (fault-call:6 fault-nth:2):
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0xffffffff)

[ 2819.666287] audit: type=1804 audit(1591347353.822:893): pid=22002 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.2" name="/root/syzkaller-testdir440013971/syzkaller.BGz3RF/4649/bus" dev="sda1" ino=16297 res=1
[ 2819.693225] audit: type=1804 audit(1591347353.852:894): pid=22004 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.2" name="/root/syzkaller-testdir440013971/syzkaller.BGz3RF/4649/bus" dev="sda1" ino=16297 res=1
[ 2819.829347] audit: type=1804 audit(1591347353.992:895): pid=22010 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.2" name="/root/syzkaller-testdir440013971/syzkaller.BGz3RF/4650/bus" dev="sda1" ino=15983 res=1
[ 2819.842517] audit: type=1804 audit(1591347354.002:896): pid=22009 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.0" name="/root/syzkaller-testdir384449744/syzkaller.8GxjaF/4365/bus" dev="sda1" ino=16866 res=1
[ 2819.867497] audit: type=1804 audit(1591347354.032:897): pid=22009 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.0" name="/root/syzkaller-testdir384449744/syzkaller.8GxjaF/4365/bus" dev="sda1" ino=16866 res=1
[ 2819.964964] FAULT_INJECTION: forcing a failure.
[ 2819.964964] name failslab, interval 1, probability 0, space 0, times 0
[ 2819.964978] CPU: 1 PID: 22018 Comm: syz-executor.3 Not tainted 4.14.183-syzkaller #0
[ 2819.964985] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2819.964989] Call Trace:
[ 2819.965014]  dump_stack+0x1b2/0x283
[ 2819.965034]  should_fail.cold+0x10a/0x154
[ 2819.965052]  should_failslab+0xd6/0x130
[ 2819.965064]  __kmalloc+0x2c1/0x400
[ 2819.965072]  ? alloc_pipe_info+0x156/0x380
[ 2819.965084]  alloc_pipe_info+0x156/0x380
[ 2819.965099]  splice_direct_to_actor+0x581/0x730
[ 2819.965114]  ? avc_policy_seqno+0x5/0x10
[ 2819.965123]  ? generic_pipe_buf_nosteal+0x10/0x10
[ 2819.965136]  ? do_splice_to+0x150/0x150
[ 2819.965147]  ? rw_verify_area+0xe1/0x290
[ 2819.965161]  do_splice_direct+0x164/0x210
[ 2819.965174]  ? splice_direct_to_actor+0x730/0x730
[ 2819.965191]  ? rcu_read_lock_sched_held+0x10a/0x130
[ 2819.965201]  ? rcu_sync_lockdep_assert+0x69/0xa0
[ 2819.965215]  do_sendfile+0x469/0xaf0
[ 2819.965234]  ? do_compat_pwritev64+0x140/0x140
[ 2819.965254]  SyS_sendfile64+0xff/0x110
[ 2819.965266]  ? SyS_sendfile+0x130/0x130
[ 2819.965277]  ? do_syscall_64+0x4c/0x640
[ 2819.965287]  ? SyS_sendfile+0x130/0x130
[ 2819.965299]  do_syscall_64+0x1d5/0x640
[ 2819.965318]  entry_SYSCALL_64_after_hwframe+0x46/0xbb
[ 2819.965327] RIP: 0033:0x45ca69
[ 2819.965333] RSP: 002b:00007fd713cbac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[ 2819.965345] RAX: ffffffffffffffda RBX: 00000000004fc580 RCX: 000000000045ca69
[ 2819.965351] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000003
[ 2819.965358] RBP: 000000000078bfa0 R08: 0000000000000000 R09: 0000000000000000
[ 2819.965364] R10: 00000000ffffffff R11: 0000000000000246 R12: 0000000000000005
[ 2819.965371] R13: 00000000000008dc R14: 00000000004cba56 R15: 00007fd713cbb6d4
[ 2820.865497] FAULT_INJECTION: forcing a failure.
[ 2820.865497] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 2820.865510] CPU: 1 PID: 22030 Comm: syz-executor.3 Not tainted 4.14.183-syzkaller #0
[ 2820.865518] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2820.865523] Call Trace:
[ 2820.865547]  dump_stack+0x1b2/0x283
[ 2820.865567]  should_fail.cold+0x10a/0x154
[ 2820.865586]  __alloc_pages_nodemask+0x22b/0x2730
[ 2820.865603]  ? check_preemption_disabled+0x35/0x240
[ 2820.865618]  ? perf_trace_lock+0x109/0x4b0
[ 2820.865633]  ? perf_trace_lock_acquire+0x4b0/0x4b0
[ 2820.865645]  ? gfp_pfmemalloc_allowed+0x150/0x150
[ 2820.865653]  ? HARDIRQ_verbose+0x10/0x10
[ 2820.865664]  ? __radix_tree_lookup+0x19f/0x2d0
[ 2820.865677]  ? find_get_entry+0x31b/0x660
[ 2820.865694]  ? lock_downgrade+0x6e0/0x6e0
[ 2820.865719]  alloc_pages_current+0xe7/0x1e0
[ 2820.865734]  __page_cache_alloc+0x243/0x3c0
[ 2820.865751]  generic_file_read_iter+0x10e5/0x21d0
[ 2820.865778]  ext4_file_read_iter+0x14b/0x330
[ 2820.865794]  generic_file_splice_read+0x374/0x5d0
[ 2820.865809]  ? add_to_pipe+0x350/0x350
[ 2820.865825]  ? avc_policy_seqno+0x5/0x10
[ 2820.865836]  ? selinux_file_permission+0x7a/0x440
[ 2820.865855]  ? rw_verify_area+0xe1/0x290
[ 2820.865865]  ? add_to_pipe+0x350/0x350
[ 2820.865876]  do_splice_to+0xfb/0x150
[ 2820.865886]  ? alloc_pipe_info+0x294/0x380
[ 2820.865898]  splice_direct_to_actor+0x20a/0x730
[ 2820.865912]  ? generic_pipe_buf_nosteal+0x10/0x10
[ 2820.865927]  ? do_splice_to+0x150/0x150
[ 2820.865938]  ? rw_verify_area+0xe1/0x290
[ 2820.865953]  do_splice_direct+0x164/0x210
[ 2820.865966]  ? splice_direct_to_actor+0x730/0x730
[ 2820.865983]  ? rcu_read_lock_sched_held+0x10a/0x130
[ 2820.865993]  ? rcu_sync_lockdep_assert+0x69/0xa0
[ 2820.866006]  do_sendfile+0x469/0xaf0
[ 2820.866025]  ? do_compat_pwritev64+0x140/0x140
[ 2820.866045]  SyS_sendfile64+0xff/0x110
[ 2820.866056]  ? SyS_sendfile+0x130/0x130
[ 2820.866066]  ? do_syscall_64+0x4c/0x640
[ 2820.866076]  ? SyS_sendfile+0x130/0x130
[ 2820.866087]  do_syscall_64+0x1d5/0x640
[ 2820.866105]  entry_SYSCALL_64_after_hwframe+0x46/0xbb
[ 2820.866113] RIP: 0033:0x45ca69
[ 2820.866119] RSP: 002b:00007fd713cbac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[ 2820.866130] RAX: ffffffffffffffda RBX: 00000000004fc580 RCX: 000000000045ca69
[ 2820.866137] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000003
[ 2820.866143] RBP: 000000000078bfa0 R08: 0000000000000000 R09: 0000000000000000
[ 2820.866149] R10: 00000000ffffffff R11: 0000000000000246 R12: 0000000000000005
[ 2820.866156] R13: 00000000000008dc R14: 00000000004cba56 R15: 00007fd713cbb6d4
08:55:56 executing program 1:
creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040))
syz_init_net_socket$x25(0x9, 0x5, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200)
io_setup(0x2349, &(0x7f0000000240)=<r0=>0x0)
io_submit(r0, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x80000000000000, 0x1, 0x0, 0xffffffffffffffff, &(0x7f0000000000), 0x377140be6b5ef4c7}])
r1 = socket$inet6_sctp(0xa, 0x5, 0x84)
shutdown(r1, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f0000000040)={0x0, 0xfffffca5, &(0x7f0000000300)=[@in={0x2, 0x4e22, @dev={0xac, 0x14, 0x14, 0x2a}}, @in6={0xa, 0x4e23, 0x0, @ipv4={[], [], @empty}, 0x5}, @in={0x2, 0x4e23, @multicast2}, @in={0x2, 0x4e20, @loopback}, @in6={0xa, 0x4e20, 0x4, @dev={0xfe, 0x80, [], 0x36}, 0x5}, @in={0x2, 0x4e22, @initdev={0xac, 0x1e, 0x0, 0x0}}, @in6={0xa, 0x4e21, 0x1, @mcast1, 0xffffffff}]}, &(0x7f0000000180)=0x10)
r2 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r3 = syz_open_procfs(0x0, &(0x7f0000000080)='mountinfo\x00')
sendfile(r2, r3, 0x0, 0x800000080004103)

08:55:56 executing program 2:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = fcntl$dupfd(r2, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
fcntl$setstatus(r0, 0x4, 0x6900)
r4 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/btrfs-control\x00', 0x0, 0x0)
ioctl$ASHMEM_GET_PIN_STATUS(r4, 0x7709, 0x0)
ioctl$SECCOMP_IOCTL_NOTIF_RECV(r4, 0xc0502100, &(0x7f0000000040))
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r5 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r5, 0x0, 0x8400fffffffa)
sendfile(r0, r5, 0x0, 0xffffffff)

08:55:56 executing program 5:
r0 = creat(&(0x7f0000000040)='./bus\x00', 0x5c)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
ioctl$sock_SIOCADDDLCI(r0, 0x8980, &(0x7f00000000c0)={'wg0\x00', 0x6})
r1 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0xffffffff)
r2 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/btrfs-control\x00', 0x0, 0x0)
ioctl$ASHMEM_GET_PIN_STATUS(r2, 0x7709, 0x0)
ioctl$SOUND_PCM_READ_CHANNELS(r2, 0x80045006, &(0x7f0000000080))

08:55:56 executing program 0:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = fcntl$dupfd(r2, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
getsockopt$ax25_int(r3, 0x101, 0xc, &(0x7f0000000200), &(0x7f0000000240)=0x4)
signalfd(r1, &(0x7f0000000100)={[0x81]}, 0x8)
r4 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000040)='/dev/snapshot\x00', 0x400000, 0x0)
r5 = syz_open_procfs(0x0, &(0x7f0000000180)='net/icmp6\x00')
preadv(r5, &(0x7f0000000480), 0x10000000000002a1, 0x10400003)
r6 = syz_genetlink_get_family_id$wireguard(&(0x7f0000000100)='wireguard\x00')
sendmsg$WG_CMD_GET_DEVICE(r5, &(0x7f00000001c0)={&(0x7f0000000040), 0xc, &(0x7f0000000180)={&(0x7f0000000a00)=ANY=[@ANYBLOB="1e929ca1a4c029383bd50a39a450211bdd", @ANYRES16=r6, @ANYBLOB="000228bd7000ffdbdf2500000000b40c08804801008008000300060000002c010980a0000080060001000a00000014000200fc0200000000000000000000000000000500030000000000060001000a00000014000200fe8800000000000000000000000001010500030002000000060001000200040008000200ac1e01010500030002000000060001000a00000014000200fc0200000000000000000000000000010500030002000000060001000200000008000200ffffffff050003000300000088000080060001000200000008000200e00000020500030001000000060001000200000008000200ac1414bb0500030001000000060001000200000008000200000000000500030000000000060001000a00000014000200fe8000000000000000000000000000bb0500030000000000060001000200000008000200ac1414bb050003000200000006000500080000000800030006000000200000801400040002004e21e0000002000000000000000008000a00010000002404008008000a000100000008000a000100000008000a0001000000240001000000000000000000000000000000000000000000000000000000000000000000140004000200a0fb000000000000000000000000200004000a004e240000002bfe800000000000000000000000000040ff00000024000100d1732899f611cd8994034d7f413dc957630e5493c285aca40065cb6311be696b240002007669ddadf3a979960d3a258d451b4b8f8628f72287295f22a81a530fb2c3777944030980dc000080060001000a00000014000200fe8000000000000000000000000000bb0500030003000000060001000a00000014000200fe80000000000000000000000000002a0500030000000000060001000200000008000200ac1414340500030002000000060001000200000008000200ac1414300500030002000000060001000a00000014000200fe8800000000000000000000000000010500030002000000060001000a00000014000200000000000000000000000000000000010500030003000000060001000200000008000200ac1414c50500030002000000000100800600010002000000080002007f0000010500030000000000060001000a00000014000200200100000000000000000000000000020500030002000000060001000a00000014000200ff02000000000000000000000000000105000300000000000600010002000000080002007f0000010500030003000000060001000200000008000200e00000010500030000000000060001000200000008000200ffffffff05000300030000000600010002000000080002007f0000010500030003000000060001000200000008000200ffffffff0500030001000000060001000a00000014000200fc01000000000000000000000000000105000300000000000c010080060001000a00000014000200fc0100000000000000000000000000000500030001000000060001000a00000014000200000000000000000000000000000000010500030000000000060001000a00000014000200fc0000000000000000000000000000000500030003000000060001000a00000014000200fc0200000000000000000000000000010500030002000000060001000200000008000200ac1e00010500030003000000060001000200000008000200ac1414bb0500030001000000060001000a0000001400020000000000000000000000ffffffffffff0500030003000000060001000a00000014000200ff020000000000000000000000000001050003000100000058000080060001000200000008000200ac14143b0500030001000000060001000a00000014000200fc0100000000000000000000000000000500030002000000060001000200000008000200e0000002050003000200000024000100f44da367a88ee6564f020211456727082f5cebee8b1bf5eb7337341b459b39223800008008000a000100000024000100d1732899f611cd8994034d7f413dc957630e5493c285aca40065cb6311be696b06000500340c00001806008024000200ea4c07c4877fefeaa6bc4f58367ace4ff372c11b94d59b12189c062bca25473acc01098064000080060001000a0000001400020000000000000000000000ffffac1414aa0500030001000000060001000a00000014000200ff0200000000000000000000000000010500030002000000060001000200000008000200ac1414bb0500030002000000e8000080060001000200000008000200000000000500030002000000060001000a00000014000200ff0200000000000000000000000000010500030000000000060001000200000008000200ffffffff0500030000000000060001000a00000014000200ff0200000000000000000000000000010500030002000000060001000200000008000200000000000500030002000000060001000200000008000200e000000105000300000000000600010002000000080002007f0000010500030003000000060001000a000000140002002001000000000000000000000000000205000300010000007c0000800600010002000000080002000a0101010500030003000000060001000a00000014000200fc0100000000000000000000000000010500030002000000060001000a00000014000200ff0100000000000000000000000000010500030007000000060001000200000008000200e0000002050003000000000008000a00010000001c04098064000080060001000200000008000200ac1414aa0500030000000000060001000a00000014000200fe8800000000000000000000000001010500030002000000060001000a0000001400020000000000000000000000ffff64010102050003000100000058000080060001000a00000014000200fc0000000000000000000000000000000500030000001800060001000200000008000200ac1e01010500030003000000060001000200000008000200ac14142a050003000300000094000080060001000a00000014000200fe8000000000000000000000000000aa0500030003000000060001000200000008000200ac1414bb0500030003000000060001000a00000014000200fe80000000000000000000000000004005000300010000000600010002000000080002000a0101010500030002000000060001000200000008000200ac1414aa050003000000000058000080060001000200000008000200ac1414aa0500030002000000060001000a00000014000200fc0200000000000000000000000000010500030001000000060001000200000008000200e0000001050003000000000094000080060001000a0000001400020000000000000000000000ffffac1e01010500030001000000060001000a00000014000200fc0100000000000000000000000000010500030003000000060001000a00000014000200fe8000000000000000000000000000aa0500030001000000060001000a0000001400020000000000000000000000ffff640101000500030002000000dc000080060001000200000008000200ac1414270500030002000000060001000a00000014000200000000000000000000000000000000010500030002000000060001000a00000014000200fe8000000000000000000000000000aa05000300010000000600010002000000080002000a0101020500030000000000060001000200000008000200ac1414aa0500030002000000060001000a00000014000200fc0100000000000000000000000000000500030003000000060001000a00000014000200fe80000000000000000000000000000d050003000100000000010080060001000a00000014000200ff02000000000000000000000000000105000300000000000600010002000000080002007f0000010500030002000000060001000a00000014000200000000000000000000000000000000000500030003000000060001000a00000014000200ff01000000000000000000000000000105000300020000000600010002000000080002007f0000010500030002000000060001000a00000014000200fe8000000000000000000000000000210500030001000000060001000a00000014000200ff0200000000000000000000000000010500030000000000060001000200000008000200000000000500030001000000d40000801400040002004e22ac1e010100000000000000000684020000000000000004000a004e2400000001200100000000000000000000000000020200000008000a000100000024000100dbffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff24000200bc7cf80d3387038e4bb6a7bcc8dc72200fbf09cd82bb41492c7c9f2962249f811400040002004e200a010102000000000000000006000500040000000600050008000000200004000a004e210000000900000000000000000000ffff64010100200000001a754a76d924c903f86c9dfe953afa5e147a1345f9ba302dba9071e38e4e4257b9f1720a0db506b6141106f8d1276f48cedda492512cb57dd92084adce24402a96b3a524c6add7fa"], 0xcc8}}, 0x4008083)
sendmsg$WG_CMD_SET_DEVICE(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000440)={&(0x7f0000000340)={0xcc, r6, 0x100, 0x70bd26, 0x25dfdbfe, {}, [@WGDEVICE_A_IFNAME={0x14, 0x2, 'wg1\x00'}, @WGDEVICE_A_PEERS={0xa4, 0x8, 0x0, 0x1, [{0x18, 0x0, 0x0, 0x1, [@WGPEER_A_ENDPOINT4={0x14, 0x4, {0x2, 0x4e20, @local}}]}, {0x88, 0x0, 0x0, 0x1, [@WGPEER_A_ALLOWEDIPS={0x44, 0x9, 0x0, 0x1, [{0x40, 0x0, 0x0, 0x1, [@ipv4={{0x6}, {0x8, 0x2, @private=0xa010102}, {0x5, 0x3, 0x3}}, @ipv6={{0x6}, {0x14, 0x2, @loopback}, {0x5, 0x3, 0x3}}]}]}, @WGPEER_A_PRESHARED_KEY={0x24, 0x2, "77db3b678e372177aa2ddd56f2c7e73ffda23f77387775369c468f65cb098335"}, @WGPEER_A_PROTOCOL_VERSION={0x8}, @WGPEER_A_ENDPOINT4={0x14, 0x4, {0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1f}}}]}]}]}, 0xcc}, 0x1, 0x0, 0x0, 0x24040840}, 0x20008010)
ioctl$DRM_IOCTL_MODE_ATOMIC(r4, 0xc03864bc, &(0x7f00000001c0)={0x200, 0x7, &(0x7f0000000080)=[0x8, 0x4c00, 0xa02e, 0x9, 0x3, 0x7fffffff, 0xfff], &(0x7f00000000c0)=[0x5, 0x8000, 0x0, 0xd86], &(0x7f0000000100), &(0x7f0000000180)=[0xfff, 0x5, 0xfff, 0x1c14, 0x3f, 0x51], 0x0, 0x4})
lseek(r0, 0x6, 0x0)
r7 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r7, 0x0, 0x8400fffffffa)
mknod$loop(&(0x7f0000000280)='\x00', 0x80, 0x0)
sendfile(r0, r7, 0x0, 0xffffffff)

08:55:56 executing program 3:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
ioctl$EXT4_IOC_MIGRATE(r0, 0x6609)
r1 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x46000)
io_setup(0x2349, &(0x7f0000000240)=<r2=>0x0)
io_submit(r2, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x80000000000000, 0x1, 0x0, r1, &(0x7f0000000000), 0x377140be6b5ef4c7}])
lseek(r1, 0x5, 0x2)
r3 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x22)
sendfile(r0, r3, 0x0, 0x8400fffffffa)
sendfile(r0, r3, 0x0, 0xffffffff)

08:55:56 executing program 4:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0xc0)
fcntl$setstatus(r0, 0x4, 0x6900)
r1 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/btrfs-control\x00', 0x0, 0x0)
ioctl$ASHMEM_GET_PIN_STATUS(r1, 0x7709, 0x0)
ioctl$DRM_IOCTL_AGP_ALLOC(r0, 0xc0206434, &(0x7f00000000c0)={0x8, <r2=>0x0, 0x2, 0x200})
ioctl$DRM_IOCTL_SG_FREE(r1, 0x40106439, &(0x7f0000000100)={0x0, r2})
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r3 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r3, 0x0, 0x8400fffffffa)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000080)={0x5, &(0x7f0000000040)=[{0x7fff, 0x9, 0x7, 0xdb}, {0x2, 0x0, 0x3, 0x2}, {0x4, 0x8, 0x0, 0x2}, {0xfff, 0x6, 0x7f, 0x4}, {0x0, 0x5, 0x2, 0xfff}]})
sendfile(r0, r3, 0x0, 0xffffffff)

08:55:57 executing program 3:
r0 = creat(&(0x7f0000000040)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0xffffffff)

08:55:57 executing program 0:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = fcntl$dupfd(r2, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r4 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r4, 0x0, 0x8400fffffffa)
sendfile(r0, r4, 0x0, 0xffffffff)
r5 = getpid()
sched_setattr(r5, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r3, 0xc1105517, &(0x7f0000000180)={{0x0, 0x0, 0x7fff, 0xfffffff9, '\x00', 0xffffffff}, 0x4, 0x762, 0x8, r5, 0x7, 0x9, 'syz0\x00', &(0x7f0000000040)=['\x00', 'losecurity\x00', '\x00', 'bdev\x00', '#:[wlan0--+\x00', 'wlan1\x00', 'GPL*#userem0trusted\x00'], 0x38, [], [0x9e, 0x974d, 0x3, 0x800]})
open(&(0x7f0000000080)='./bus\x00', 0x444c1, 0x8)

08:55:57 executing program 4:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x2000)
ftruncate(r0, 0x800)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0)
write$FUSE_INTERRUPT(r1, &(0x7f0000000080)={0x10}, 0x10)
r2 = dup2(0xffffffffffffffff, r1)
r3 = syz_genetlink_get_family_id$tipc(&(0x7f0000000340)='TIPC\x00')
sendmsg$TIPC_CMD_SET_NODE_ADDR(r2, &(0x7f0000000400)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f00000003c0)={&(0x7f0000000380)={0x24, r3, 0x300, 0x70bd29, 0x25dfdbfe, {{}, {}, {0x8, 0x11, 0x4}}, ["", "", "", "", "", "", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x80}, 0x4004080)
sendmsg$TIPC_CMD_SHOW_LINK_STATS(r0, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x28, r3, 0x400, 0x70bd26, 0x25dfdbfd, {{}, {}, {0xc, 0x14, 'syz0\x00'}}, ["", "", "", "", ""]}, 0x28}, 0x1, 0x0, 0x0, 0x4001}, 0x8000)
lseek(r0, 0x0, 0x2)
r4 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r4, 0x0, 0x8400fffffffa)
sendfile(r0, r4, 0x0, 0xffffffff)

08:55:58 executing program 2:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x80)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = fcntl$dupfd(r2, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
getsockopt$ARPT_SO_GET_REVISION_TARGET(r0, 0x0, 0x63, &(0x7f0000000040)={'ah\x00'}, &(0x7f0000000080)=0x1e)
lseek(r0, 0x0, 0x2)
ioctl$EXT4_IOC_MIGRATE(0xffffffffffffffff, 0x6609)
r4 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
r5 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000400)='/dev/btrfs-control\x00', 0x0, 0x0)
ioctl$ASHMEM_GET_PIN_STATUS(r5, 0x7709, 0x0)
bpf$MAP_DELETE_BATCH(0x1b, &(0x7f0000000180)={&(0x7f0000000100)="53f3d56c3b4dc710d8f37c8575897e0e00000000", &(0x7f0000000480)=""/59, &(0x7f00000001c0)="49b289e84a8956907061fa7ba94a1f381cb6a4a8d1188223d5db57ff3d184cb20a843e5fbaf85a6ab0e19679c669a6c715b6b98e986ecf97b8983d70c8391a09777c75fcc669a3da70725832d4aa1ab2c7f08ae357adb8700989199f399e75db88cbfb8d318d4d", &(0x7f0000000500)="7e0d60c161dc16b706431613cfe343563abeb141d331887bd87719ba80797e5e7fce8ef385b62d24fd8036522208a14132b9d1bd0704ab7ccfbe305a4f08e4bb780b000000000000000000", 0x8}, 0x38)
sendfile(r0, r4, 0x0, 0x8400fffffffa)
ioctl$PERF_EVENT_IOC_ID(r3, 0x80082407, &(0x7f00000000c0))
sendfile(r0, r4, 0x0, 0xffffffff)
socket$inet(0x2, 0x80001, 0x84)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000440)=@assoc_value={<r6=>0x0}, &(0x7f0000000100)=0x8)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(0xffffffffffffffff, 0x84, 0x7d, &(0x7f0000000240)={r6}, 0x9c)
setsockopt$inet_sctp_SCTP_SET_PEER_PRIMARY_ADDR(0xffffffffffffffff, 0x84, 0x5, &(0x7f0000000340)={r6, @in6={{0xa, 0x4e24, 0x5, @private0={0xfc, 0x0, [], 0x1}, 0x1}}}, 0x84)

08:55:58 executing program 3:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x7fd)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0xffffffff)
r2 = openat$ocfs2_control(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ocfs2_control\x00', 0x400, 0x0)
r3 = getpid()
ioctl$SNDRV_CTL_IOCTL_ELEM_INFO(r2, 0xc1105511, &(0x7f0000000100)={{0x7, 0x3, 0x32, 0x401, '\x00', 0x4b0de090}, 0x0, 0x4, 0x8, r3, 0x8, 0x9, 'syz1\x00', &(0x7f0000000080)=['keyringwlan0\x00', 'vboxnet1[@vboxnet0.,\'@procvboxnet0security:!cpusetwlan0-\x00', '\x00', '\x00', '*lo\x00', 'vmnet0selinux\x00', 'em1\x10\x87$posix_acl_access\'GPLwlan0(\x00', '#{*\x00'], 0x7f, [], [0x9, 0x81, 0xa6b2, 0x8a]})

08:55:58 executing program 5:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0xffffffff)
r2 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/btrfs-control\x00', 0x0, 0x0)
ioctl$ASHMEM_GET_PIN_STATUS(r2, 0x7709, 0x0)
ioctl$VFIO_IOMMU_MAP_DMA(r2, 0x3b71, &(0x7f0000000040)={0x20, 0x1, 0x1, 0x3ff, 0x1000})
r3 = openat$zero(0xffffffffffffff9c, &(0x7f0000000080)='/dev/zero\x00', 0x22000, 0x0)
r4 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/btrfs-control\x00', 0x0, 0x0)
ioctl$ASHMEM_GET_PIN_STATUS(r4, 0x7709, 0x0)
ioctl$LOOP_CHANGE_FD(r3, 0x4c06, r4)

[ 2824.366851] kauditd_printk_skb: 29 callbacks suppressed
[ 2824.366861] audit: type=1804 audit(1591347358.532:927): pid=22085 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.5" name="/root/syzkaller-testdir619757868/syzkaller.NyDZSH/3793/bus" dev="sda1" ino=16997 res=1
[ 2824.700930] audit: type=1804 audit(1591347358.862:928): pid=22088 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="ToMToU" comm="syz-executor.4" name="/root/syzkaller-testdir787812507/syzkaller.VZIQUG/4511/bus" dev="sda1" ino=17139 res=1
[ 2824.763532] audit: type=1804 audit(1591347358.922:929): pid=22082 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="ToMToU" comm="syz-executor.2" name="/root/syzkaller-testdir440013971/syzkaller.BGz3RF/4652/bus" dev="sda1" ino=16125 res=1
[ 2824.777317] audit: type=1804 audit(1591347358.942:930): pid=22082 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.2" name="/root/syzkaller-testdir440013971/syzkaller.BGz3RF/4652/bus" dev="sda1" ino=16125 res=1
08:55:59 executing program 1:
creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040))
syz_init_net_socket$x25(0x9, 0x5, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200)
io_setup(0x2349, &(0x7f0000000240)=<r0=>0x0)
io_submit(r0, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x80000000000000, 0x1, 0x0, 0xffffffffffffffff, &(0x7f0000000000), 0x377140be6b5ef4c7}])
r1 = socket$inet6_sctp(0xa, 0x5, 0x84)
shutdown(r1, 0x0)
r2 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r3 = syz_open_procfs(0x0, &(0x7f0000000080)='mountinfo\x00')
sendfile(r2, r3, 0x0, 0x800000080004103)

08:55:59 executing program 3:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
r2 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/btrfs-control\x00', 0x0, 0x0)
ioctl$ASHMEM_GET_PIN_STATUS(r2, 0x7709, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nvme-fabrics\x00', 0x0, 0x0)
r4 = socket$netlink(0x10, 0x3, 0x0)
r5 = socket$netlink(0x10, 0x3, 0x0)
r6 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r6, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, <r7=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r7, @ANYBLOB="0000000000000000280012000c00010076657468"], 0x48}}, 0x0)
sendmsg$nl_route_sched(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000400)=ANY=[@ANYBLOB="4c00000024001d0f000000000000000000040000", @ANYRES32=r7, @ANYBLOB="00000000f106000006000000206671df0ed1607cf896c56f64656ca56c80f01f891cf24516f0d362faf37c032ca11ffa4e48f9cd2f71e607da5e7a77c2eceb814b7492c2f01f3f3f9df098a59091bd5433e3bf3ce9fb6626e70e293e74ffae8fa74141258032d4c066cf37e6bfeebbd67c4816c4b6836e83b91653e168f73a9b913d3bad0d9210a1567ee9872a19"], 0x4c}}, 0x0)
sendmsg$nl_route_sched(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000000c0)=ANY=[@ANYBLOB="240000002a0600"/21, @ANYRES32=r7, @ANYBLOB='\x00'/12], 0x24}}, 0x0)
setsockopt$inet_mreqn(r2, 0x0, 0x23, &(0x7f0000000040)={@remote, @dev={0xac, 0x14, 0x14, 0x1b}, r7}, 0xc)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0xffffffff)

08:55:59 executing program 0:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000240)='/dev/sequencer\x00', 0x204000, 0x0)
r4 = syz_genetlink_get_family_id$netlbl_calipso(&(0x7f0000000500)='NLBL_CALIPSO\x00')
sendmsg$NLBL_CALIPSO_C_REMOVE(r3, &(0x7f0000000600)={&(0x7f0000000640)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f00000005c0)={&(0x7f0000000540)=ANY=[@ANYBLOB='\x00\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="01002dbd700002dcdf2502000000080001000000000008000100020000000800010000000000080001000000000008000200020000000800010003000000"], 0x44}, 0x1, 0x0, 0x0, 0x40800}, 0x80)
sendmsg$NLBL_CALIPSO_C_LISTALL(r0, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x34, r4, 0x800, 0x70bd25, 0x25dfdbfb, {}, [@NLBL_CALIPSO_A_MTYPE={0x8}, @NLBL_CALIPSO_A_MTYPE={0x8}, @NLBL_CALIPSO_A_MTYPE={0x8}, @NLBL_CALIPSO_A_DOI={0x8, 0x1, 0x2}]}, 0x34}, 0x1, 0x0, 0x0, 0x48404}, 0x2004c0c0)
r5 = fcntl$dupfd(r2, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r6 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r6, 0x0, 0x8400fffffffa)
sendfile(r0, r6, 0x0, 0xffffffff)

08:55:59 executing program 2:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = fcntl$dupfd(r2, 0x406, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
r4 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/btrfs-control\x00', 0x84000, 0x0)
ioctl$ASHMEM_GET_PIN_STATUS(r4, 0x7709, 0x0)
ioctl$SNDRV_CTL_IOCTL_PVERSION(r4, 0x80045500, &(0x7f0000000040))
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
socket$key(0xf, 0x3, 0x2)
lseek(r0, 0x0, 0x2)
r5 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r5, 0x0, 0x8400fffffffa)
r6 = getpid()
sched_setattr(r6, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x46}, 0x0)
r7 = getpgid(r6)
ptrace$peek(0xfb46856c75bdcdaa, r7, &(0x7f0000000080))
sendfile(r0, r5, 0x0, 0xffffffff)

08:55:59 executing program 4:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
r2 = ioctl$TUNGETDEVNETNS(r1, 0x54e3, 0x0)
sendfile(r2, r1, 0x0, 0x8000000fffffffb)
r3 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/btrfs-control\x00', 0x0, 0x0)
ioctl$ASHMEM_GET_PIN_STATUS(r3, 0x7709, 0x0)
ioctl$SOUND_OLD_MIXER_INFO(r3, 0x80304d65, &(0x7f0000000040))

[ 2824.837707] audit: type=1804 audit(1591347359.002:931): pid=22089 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.4" name="/root/syzkaller-testdir787812507/syzkaller.VZIQUG/4511/bus" dev="sda1" ino=17139 res=1
[ 2824.980635] audit: type=1804 audit(1591347359.142:932): pid=22098 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.4" name="/root/syzkaller-testdir787812507/syzkaller.VZIQUG/4512/bus" dev="sda1" ino=17265 res=1
[ 2825.037466] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.3'.
[ 2825.139817] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=1578 sclass=netlink_route_socket pid=22110 comm=syz-executor.3
[ 2825.140450] netlink: 40 bytes leftover after parsing attributes in process `syz-executor.3'.
[ 2825.156551] audit: type=1804 audit(1591347359.142:933): pid=22099 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.2" name="/root/syzkaller-testdir440013971/syzkaller.BGz3RF/4653/bus" dev="sda1" ino=17282 res=1
[ 2825.366910] audit: type=1804 audit(1591347359.192:934): pid=22100 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.3" name="/root/syzkaller-testdir891778437/syzkaller.7QqUtx/932/bus" dev="sda1" ino=17299 res=1
[ 2825.367939] audit: type=1804 audit(1591347359.202:935): pid=22101 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.0" name="/root/syzkaller-testdir384449744/syzkaller.8GxjaF/4369/bus" dev="sda1" ino=17313 res=1
08:55:59 executing program 5:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x20000, 0x0)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0xffffffff)
fcntl$setstatus(0xffffffffffffffff, 0x4, 0x46000)
io_setup(0x2349, &(0x7f0000000240)=<r2=>0x0)
io_submit(r2, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x80000000000000, 0x1, 0x0, 0xffffffffffffffff, &(0x7f0000000000), 0x377140be6b5ef4c7}])
ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000040)=<r3=>0x0)
r4 = getpid()
sched_setattr(r4, &(0x7f0000000040)={0x38, 0x6, 0x8, 0x6, 0x9, 0x0, 0x0, 0xffffffffffffffff}, 0x0)
r5 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
fcntl$setstatus(r5, 0x4, 0x46000)
io_setup(0x2349, &(0x7f0000000100)=<r6=>0x0)
io_submit(r6, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x80000000000000, 0x1, 0x0, r5, &(0x7f0000000000), 0x377140be6b5ef4c7}])
r7 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/btrfs-control\x00', 0x0, 0x0)
ioctl$ASHMEM_GET_PIN_STATUS(r7, 0x7709, 0x0)
kcmp$KCMP_EPOLL_TFD(r3, r4, 0x7, r5, &(0x7f0000000080)={r1, r7, 0x4})

[ 2825.370037] audit: type=1804 audit(1591347359.492:936): pid=22087 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="ToMToU" comm="syz-executor.5" name="/root/syzkaller-testdir619757868/syzkaller.NyDZSH/3793/bus" dev="sda1" ino=16997 res=1
08:56:00 executing program 4:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
r2 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
fcntl$setstatus(r2, 0x4, 0x46000)
io_setup(0x2349, &(0x7f0000000240)=<r3=>0x0)
io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x80000000000000, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7}])
sendfile(r2, r1, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0xffffffff)

08:56:00 executing program 0:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = fcntl$dupfd(r2, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r4 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r4, 0x0, 0x8400fffffffa)
sendfile(r0, r4, 0x0, 0x7fffffff)

08:56:00 executing program 3:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
r1 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x46000)
io_setup(0x2349, &(0x7f0000000240)=<r2=>0x0)
io_submit(r2, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x80000000000000, 0x1, 0x0, r1, &(0x7f0000000000), 0x377140be6b5ef4c7}])
ioctl$VIDIOC_G_JPEGCOMP(r1, 0x808c563d, &(0x7f0000000040))
lseek(r0, 0x0, 0x2)
r3 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r3, 0x0, 0x8400fffffffa)
sendfile(r0, r3, 0x0, 0xffffffff)

[ 2825.848464] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.3'.
[ 2825.848809] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=1578 sclass=netlink_route_socket pid=22106 comm=syz-executor.3
08:56:00 executing program 2:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = fcntl$dupfd(r2, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r4 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
set_robust_list(&(0x7f00000001c0)={&(0x7f0000000180)={&(0x7f0000000100)}, 0x1}, 0x18)
sendfile(r0, r4, 0x0, 0x8400fffffffa)
r5 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/btrfs-control\x00', 0x0, 0x0)
ioctl$ASHMEM_GET_PIN_STATUS(r5, 0x7709, 0x0)
ioctl$VIDIOC_TRY_EXT_CTRLS(r5, 0xc0205649, &(0x7f00000000c0)={0x9f0000, 0x4, 0x2, r4, 0x0, &(0x7f0000000080)={0x990a2c, 0x5ca, [], @p_u16=&(0x7f0000000040)=0x4}})
sendfile(r0, r4, 0x0, 0xffffffff)

08:56:00 executing program 3:
r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binderN(0x0, 0x0, 0x0)
r2 = dup2(r1, r0)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
r4 = fcntl$dupfd(r3, 0x0, r3)
r5 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0x81, 0x40100)
ioctl$EVIOCGLED(r5, 0x80404519, &(0x7f0000000080)=""/212)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000280)={0x74, 0x0, &(0x7f0000001780)=[@request_death, @free_buffer, @free_buffer, @transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x48, 0x0, &(0x7f0000000580)="074ae285b121c014e29ee688b91e3113acb1225b10775797bf393700d11715db33aad153ea9009075a7d21cc38287e9d74c3a3af9fa9839a90c1db7903c83de9f28679b520ab1c1f"})
r6 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
fcntl$setstatus(r6, 0x4, 0x6900)
ftruncate(r6, 0x800)
lseek(r6, 0x0, 0x2)
r7 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r6, r7, 0x0, 0x8400fffffffa)
sendfile(r6, r7, 0x0, 0xffffffff)

08:56:00 executing program 4:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
r1 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/btrfs-control\x00', 0x0, 0x0)
ioctl$ASHMEM_GET_PIN_STATUS(r1, 0x7709, 0x0)
fcntl$setstatus(r1, 0x4, 0x4c00)
r2 = socket$netlink(0x10, 0x3, 0x0)
getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000000280)={0x0, 0x0, <r3=>0x0}, &(0x7f0000cab000)=0xc)
syz_mount_image$hfs(&(0x7f0000000000)='hfs\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f00000002c0)={[{@gid={'gid', 0x3d, r3}}]})
r4 = getpid()
sched_setattr(r4, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0)
r5 = socket$netlink(0x10, 0x3, 0x0)
getsockopt$sock_cred(r5, 0x1, 0x11, &(0x7f0000000280)={0x0, 0x0, <r6=>0x0}, &(0x7f0000cab000)=0xc)
syz_mount_image$hfs(&(0x7f0000000000)='hfs\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f00000002c0)={[{@gid={'gid', 0x3d, r6}}]})
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000001ac0)=[{&(0x7f0000000100)=@file={0x1, './bus\x00'}, 0x6e, &(0x7f0000001680)=[{&(0x7f0000000180)="8cb45f5fe574fc77ac61cdee00589a5c1e0c2ff792ce28e1acd44de4a8f808f3a2939784a99613c6900c14b9fb1b2b13b616995815eb215b6be3254d82be3534442dcbd45fb8ce5b924cd623feb9fc62ce5467d05a8f1017cfef6a653420d1e1a2e6fd4beb1cb76d59fb9b529c53d54417792a0bc95f854ffe6a01a9d2430e8008295cbfea78259a3579c5464d7dc0f460aedc34309de3e9377759aac007f553e4c20e7655b2d2762770971db6c67e", 0xaf}, {&(0x7f0000000300)="24d8ede9dda4cb79af68f5ef0a1545855f8d607b6803dd9267c63582ee7c6fb5cf7889207638ba3432a44114b6063d50df4b090e5572b7bb75023c368fd0c88b7bd576dd2dacc7af18782ff5474bf56476acd120d7f830e65d63e821ca46b47bfbcead31f64a0e5d1c2340d7ccf35b627a8fb23484783b2273e32d7e36f41f16751e0c47220223baf7e295be838b23cd64b8a411bd255d01cf70bb782d2263cbe9484616b077a0f15ac1c12408a0580471", 0xb1}, {&(0x7f0000000240)="2442fcf5fdb3719449118c483f0e6505f9c186159c610c3f754f5c1a58aaab2e7ce92a87f685eacc9f00887e758ab76653999d2957877fe72b6316d53590e568ab436c13e28c55ba129e28", 0x4b}, {&(0x7f00000003c0)="08f9555257c14d1f7247f733cc967c00d165de7b0aa09703ae8463ba9b6e6c02570cb1c5afb9304ed073dd59663e03b8efd10a3f076acaadf56437bfce60c86976158088893d5a6554420cc1970c1a98302d5c1530d9fc5899225730b4b92ba083069b17", 0x64}, {&(0x7f0000000440)="4f9178b7fc1c69dde156de21e52308229e0c455f5814168d7a7092ab0d23d44eb7b75a0ea80df6426abcb10144747390c4cebf7641b18ca29ba23f1d035ba2e680077527bad6c32acebd428d5dd86ddf5b195c8126ad87fb03ae2f2cd11749d9a5ac7987eba423cde8a578cb89cd9bcf987d37522b65f5726e95cc8ae8cc4fd578442001e42d5452d44385c2e5e6734d56407b4a", 0x94}, {&(0x7f0000000500)="a68f1ff6807b33d67816ad279bb585252bbc80c067ae4ef214ea72478c0eadf7a2455f56b4dde50b496a47bd046be3f82e577a7ca6e73e75007ecc90673d0843733355d3bb42b761148bb5ebb81b82ddd71d1b498ca8f8205b112cd2f29673bce507820ed1278ee042f248a3379cb614478b1bec0978aa1d29cad280f526", 0x7e}, {&(0x7f0000000580)="6702cd17dc1956ad64b2c24b9da9f4619789c50563c999d68bee472bd63389cbb847ea5dc8f48decc0ba150a6ba6273973bb79384ee9b905cea2d1bbdb35d292d700b38d9bbaf5901f32e64fdc882716ae3832a768f48a2d0723e26ea7011a42da30c77bef43c57d655700c275f9caae178052f1e7e99bc090f1724365af179c99ebf3fd62d641340f7b481ca3fe295eaddb44387c70308aeaaaf73828fdc43491c17a81edc4ea542029e897e82906a24d74db40df64db913437e6bd8de95983e5bdcd16431195fc7f66f7f47e133dd4589c0116275599ee6a45c78ae0fb5341e017", 0xe2}, {&(0x7f0000000680)="694640cd582306bf2defbcb66d6089dbc826e4f076ab5dd30a22179f97cdb1b831db6cf93eb0d95b65b4a4d1380c0c1f46e404a3c9e9821afe715dd8ac094e8ea123fe2bcefa08c3e34e22fce6a4ff8ea1f1e586e21245bf25d1c8bc7a5691efb17e09964759ced84513b3e8b62199b1a4dd939d65923e63f315a28741e440ca3c4242e461328b7c9e4485fe8b310cf063d48a4b24cd4173029b6650569d564d8ad01cc705192c1928dae659dc7851d6cfb59c4d6bfc6fc92af92c0ddc07154fc64ad5366432e2dd4ccaadd9098d034f889383d1587c13fdde9b743719fec30c2f3954d65538cbebe13c2ec66b80b3fcb75fec3cfbb0f0acfdb9cdf34f1c7c49feceb09b92e07c0f06260fc2a07f20e9d77d30b315e531b3b7cf351b0d213e6ee712902bae7b1641cc397a911c3eb4ef2e3159388aa6eee19fd9e8faa5f44fc3805b6fb98f810405f8d58f792239b246affc342afdc0907c80c856a40ab7cb8e6ee4e32e291aaefbd46c5de3a883cf3c0cda49dc163c807fc4277ab6b6cefdb2085241465fb12fe75755ac2b4c4647096412cd302c8d08be0569fdcce9e8f9017d509445612f39e79b3b0f21ca8fec40068f9fbf99c0f562ecbab2e60d6a140bcb60d5cf34bad9f7f041a8653f846f09daf351f918d2dae4f78ea5dda1857c471506f8dad11af20dc88db2f48a0be6ada8efca4648989d7b027dd619ba68e28a3eeb6e67851753eed65c66a8378798ec7a88b85b92cb097ad33bb7d13c226ce4d42b9e5a9badcd5aba591caaf74d01a2497946c7126c09009a4f1e385f3282c6852ab0bf307e25011f733284fbbb1ba45d6ec6b4811962005839b5a7eabd1d1c8cefc98d4e0480be6c3c7ec305939394b553d55ad986eeb91eeb0bf5b15a3c001779d4878cf098e63468f9b3c3c2ed43970cf50a2fe2cb2d59b42e59359ad5e92d633d9b2a3550eb0d2765e370e9769bf263d67657a6ef5eb963f889785c7e9dbe1026e61868983a75a0a36807a61bb8e95ffe3a61731ecc0c93c8e949804fac4b1dd8b32ba34e78297c8c300eae75e01b9f511ca8138ef4a82ede0992e158717ec5b7cf5f75b2c655e8d7b2910b3eb240da39da63f4e07ee8036943b04dd75f364fbe1c8e75a855458015c15f3f72f57758fdf6d6afaaacf62e9136a9bb5a30dc9e4f9cffdd57ea3dc8158ab8132f39257167ab70202b22bbed6681a0770519730d0a5895fd28692668fc56260aa7f49abda2df727fb7378da2588be543017ba6457f83d6efc8baf2997d273365496a3270b25e2d7bd137bf1d639ea712866e9f06c6848c34e7c302e92d5092e8e184e5618d3b5cbbb1d1b363cb709b3c78e57fd691ff9105a2c4cb1647a10d48988b7707ec3d2399e85d62f05659370459230b2ba55dec905b7622b9bf152f918ab3bf194d0440346253e22649761907aff330afe5b24ce2fb2a30b850a8987e215f001d84519054d79e8107cfe41ca5170a1316a96e953decd1bf9068a9c72056b2528849d7ef685aa0e3ea5eb747dc8788fb7032cf11c8bc7339a9231c418f69031fa6e497359d585a6813e2cff39b9e6d2593d8ecc3c30f017e22959e09396480a12c699d239e78fca4de3a387892ee7c1f38173d8c40da7191aa4c50d9e6e64bf4ec0c91efdff0620911d1dd5ab62bcf95e330e2dd527cf1aaf2a15e5ac2b7e3dd65bb479eef3440fdb890180eaf046e74afefdc3fdc791e0d3227d0032fd02d3954306a867fbfc1afd70bf8fb4a48b0044c8f792dbb7f1cc65ca4191c2548f0300136d540b8beb42b5013f4b0047ab716fdb578399120707b480aba5f90a2a25706263c593b41b58e2841c805171ce06f27039db9298f4d3f2570d68b385e006a11500be1b30af965877ab12917cca2cf2b3b757a3ee1831d701b6c65bdbca2284c8ddbe29fbd65a117b3b6fd9a00e7c8d776440ce763ae433fc673da324dde485f6e3ce1a342f704e76646ece0989bd05f48f713ccf4be7dbaa09978eb8766d41d2eeeed37ecd0a022e1f50c3317c2e943890c6e47ca2d2b1f9c8af089f05140fc8ea002087538de117342d660dc2af1e7bd5145c7585ba8f90eb623b6a49e2c168e625bf71307c066be0c1404aa7672b8d8065a4e39b15a2dff3f5e45b57b21b6abbdf4fff33f3929fb4c2ca293e7f7f686c209287cc19d59a1a5dc91895f18a4381133eb62d4d446b8a5f7d7752278e905b842fcff0ccbd6ca4f109ea294e85c642636a186f13e957ea8dbe45c6a2b106f3d9c3c292cb2249daa43b3ca8cbc1d2f7ca9dd92c4aa67e6347415b0ec520dffd9bddecaed1df2c04b351efa01044c280698e486e5b61224e319f23c60f4f2cd037acd7501886c912e674293eb23193638606e6cd7a8db71e775ff7482d607ec40b6a9aa2679c43e228575373769cedbbeaac7a233410dee8f258ef715e419e95164120af45a74b07c7b3be07d565a85e1f0bdc4fd39e23287491132c3d743541ba23569a5b10cb797f3fa509e637f49c7e64ab143c32c0a59f58a144a5e5199880f71f09e31db87550fe385714cb33d24b13e6879792e71af55e100fd0f088078eead097006fb17bbd4c805af76a8538b3701bdafe4d7cec599594ea7e077d592e2b6be4c4ee2af9bcd23d58c6b62e5aff55af1547dc5194dafbd6ae1897195690dc94e0d0db42146c417b708f279495814fe9358165ebac66251ff6a2808e9e12f2831c60a27e9af1b78f2a77145fdaeb684c6da89031eba4534e562165f8eb17642f18947c448d6a431a29ccf64e3cfe0740e4c3e2c7a3cbd865dff0edf12e8a60e75e5720881c9c1726d3f755256caf5a60a0edbc1bb9c5d14d6b0dd9f5198ade47c41b8d97cab72d17807e1053241528f0609c79302c3cb0abc3ae2ec8cb80fb078dd625fb6fbe3e5db5546edf19c9185a9cfb0a51d5eb6eb0e76590a0482ec0a99117387e49466f97f2c149e6adc7002b4c9d7c5082bc07f3e78674eafaeda71b318dce3172d0a4ed56f5d8b34c992d5f5f875492fdb3d610bcd83f124efd7711c8fad1e6bf6df381d8385c183c955709d2253c55a191e3a3930f1f7318b54130b5f2ee0aecb6405e5e7c68d2e2083b619705b89cfc49478e31eb7e08299ebe0b079ff27ad616e10c0a28045db388f08069cf02ef8bcec551df4a9ce3da0adaa622b3eff78b05bb787614c37e5abcc2df32cf897eb9bbbfed361314256d0986ba8927b6cef22dff0fffaca13d8b20619bb241d29c1f1abe7544f0fcd46e9ebfdb680ce06b5873902422608bdab377fb2e3baeb50eedc8adafbc06e303e55ae9b79044360229999976865d1deecf440b008d3f4a60e2ea698bd567069b90d12d9a766d68e5cfb25101ea2f8b11695f98bb47645e73d0cb81e9933c0f714443b827327d3fd9f3ebec3d25880c016d62d40ea95bd1fcec0d7df362d8c063a72765ee1a41d6b812fe123e9b0d84583698d12c2f037fda64725b2acc55f9c1f10d6410267520a249de86a044e809d9077f4dc352e3f18745c1fd8f1491415afe901dd1513511274bdd3a35e0f6ef327519f4103788af9c5db015a21b069361915d3fef3fd53e1470614aea544a72ef10d545f4531959a273456c553155958c54ef4f8a303e9660066224d8323b3f29c265df94af4ad4942730d960250051ba55145f59756c26c1ab04ef8197013c5fb34fcb8aa55c5fefd7fad70484605237799d9bcf2c0ac705181ff1fa09e5ca2ab0c9d18e36ff9d8522806e24a008f85692646726816d6fce320f29473e020b293a5c9e45223cdf15c552acc3a2c63854302e1c6515e1da2b434ba560b4acbf7e2ab742b28b869259642ae209b51ff88f35dda402b9fd34e2bb096fa220a519466b2e5cc3978b182e562fef3388740a58c67e8106be34caa0e53943d5c770b97df045a9fff69d9ab2b92f70dd34f079f7f7c65aba1325938c529e0e742e83e98569ccbed6e4e8622a6db7ef7cc5d2529c8dced05d9445843fc95441667d35a35915557fb959431e122ecbc40422df2f1934ad0bf2588f326f99d2a95f84e88eac6727e392190eead08d6ae225a4ab36996939fa44b26c2b421dd70ac6a1259ddd57eb394e10fe96e61fd68536eaf6ba28b960a5398b275af5f8b2b480853be3abce9d8292c5367c4d86efbee55e2105f08414143e99584ef8bf5ec93320b0b4f7a84b2e99945052bd05acd77ad7cb38404f4851b92fe47c621bc52ccc29302151dede98eb77187115be4cf302ee30165d8a13459f40d7650c1a425d14cb848567cbaa7d3a628021b6be533ca6be87d460956633b431cd45bdb0cb5e1bdac948a090c8f289bd930ff80ebdb8daca1845ea92cdecd55c159abbf8e4683464dfab5a1bcb82233185dcd9f1c6e36607be90a1f92326d0ee6a6a59ef6901a4fb1211943328cd438af82b801faf84c466184a10099707137757235b41d8454660179a476eaf3e5d6e1c0e9e977a2c3c2c46b1f2cca775797ca75ead4844bec7722a108c8e890544846fbb8226d212e990e6e648c02de7080eec081752766155e69a80b9404faec98ae94816e396634d9372f82e95341a5aa46b656adcf796d150a1e5e91a20d698a8bd799ef289e9dcd52186c3c635f52a58d6d6a324d7943104e95940ba285877cc1ffd2a6eb7160fdaf3e8c595d81f932c3cab64f253c3e1536e060f17e828bf4ad426a9d892c5132bc3588e8e34dbac86f275bb017e5fe97fe35eb108ef9184606433f0dbe827e0b86f2871c89cd230580c36b213459cbad6b13c90e793232d6e891d238960364695751a196a8de2e0691e847e2e2e13a3584fadb3ecb86dec0be971810331451b18b2b418064f0cc2a2f24bc7f2e8e09971dfafc7483c50cebc9ac98d790c48d1a6913345399a8b5dd3b6cf4554d02197c21f935d60b3b00006e9cc9582349c06012d33e9f34a946125a63b55edee6d047331404019ce822b594b518541622e81d81ada9f59bf5a61b003b37251a71a7f18b8dd555158d8ca60c5246d82d3bce2520ae9ed64ce56e1d00b08ac8927ea36c08ffb8100c471b3f37ef9a111c9deabac8bbe4557699148a3c736427f056efe535d25276d272042c4f8182407f4713e198630e8c45e8ed25bc5604e33390ce3754dc6e42c45d744c089b2f5054ffc4b42bb11c1f72b4764faa436cdfee77c011fee25aad25d17a0736916832be6f8edcb9e2a3071c99dc9f196957a756b65a9fac41ccfe398724e587fcc3d8ee64ef858027198fa7f1d4f2926f4a8e67ab143f3b835667df6de0655ff46eef4e9a497b01c3f9ce467d727573a350e6dc77b0c2d9b64a2992197f27d2444c2d01a2a895b25241cf78f480ed2b7e8a9c9f029a0bbf8a759285ef3eec16b85ea447480ab560ef19d734850d7b668ec76e3f439a37cd2b42a2d1397d1db1821fc42ec757da9b8be80c52b1f162f58e9c6a8b8ab2f4d9274c8762df249f62d5628cc58e2442fea10eb6d62418929ab9b3d0b9c25762772d6eb012cc64ae258efcef54938d7e75e136ccc3be8f3716bfea558d9214fb948ca39ba1fda9239115e0f60b3faa7d4687ca3dfbe099e92e92417f18bc068d11a4f2320134dfe2e359771629d5c2e091345d56cc5d8da4a9f31df832b9125a98493692c1d9c7bc8464a7e192cc146b90dc19ff460e74714da7d751d188cfcd75dc01c455253d310d8bb483fa2e293ced1b37ae195f44af4c8fc37abc0b39c58faec7c49484df4999c3551a612d1c031ff4dd0f3a3bcd79590b0daba761c52cae95c5251334867c1730e6eab700a3ac0a", 0x1000}], 0x8, &(0x7f00000019c0)=[@rights={{0x28, 0x1, 0x1, [r0, r1, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @cred={{0x1c}}, @cred={{0x1c}}, @rights={{0x1c, 0x1, 0x1, [r0, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c, 0x1, 0x2, {0x0, 0x0, r3}}}, @cred={{0x1c, 0x1, 0x2, {r4, 0x0, r6}}}], 0xe8, 0x8004}], 0x1, 0x0)
r7 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000040)='/dev/bsg\x00', 0x6a6e2cd607c49fd7, 0x0)
write$UHID_DESTROY(r7, &(0x7f0000000080), 0x4)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r8 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r8, 0x0, 0x8400fffffffa)
sendfile(r0, r8, 0x0, 0xffffffff)

08:56:01 executing program 5:
prctl$PR_SET_FPEMU(0xa, 0x2)
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0xffffffff)

08:56:01 executing program 0:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = fcntl$dupfd(r2, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r4 = open(&(0x7f0000000000)='./bus\x00', 0x100, 0x0)
sendfile(r0, r4, 0x0, 0x8400fffffffa)
sendfile(r0, r4, 0x0, 0xffffffff)

08:56:01 executing program 2:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = fcntl$dupfd(r2, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
fcntl$setstatus(r0, 0x4, 0x6900)
umount2(&(0x7f0000000180)='./bus\x00', 0x0)
ftruncate(r0, 0x800)
ioctl(r1, 0xff, &(0x7f0000000040)="fb496f6651c173d80396a9d039de4bffe9baf64030083f7601d78e95839c2535746e1be11fa34d3076878d98e0597230f6d6d64e5cdb4f88f44aa6f0bb1ba967549245398ca6cfe4f4a884be66286308de87695d26c2dd05f56ce12b18bca7ec33b62c09fec290b5891e0c373258498637bca8bed7a74abd2e3851ff0ddf3278014760050310a680cfa6650fdeb49764ab681c5a474cbd")
lseek(r0, 0x0, 0x2)
r4 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r4, 0x0, 0x8400fffffffa)
sendfile(r0, r4, 0x0, 0xffffffff)
r5 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/btrfs-control\x00', 0x0, 0x0)
ioctl$ASHMEM_GET_PIN_STATUS(r5, 0x7709, 0x0)
ioctl$FS_IOC_REMOVE_ENCRYPTION_KEY_ALL_USERS(r5, 0xc0406619, &(0x7f0000000100)={{0x2, 0x0, @descriptor="c08cac97c63d64d5"}})

08:56:01 executing program 3:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6900)
r1 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x46000)
io_setup(0x2349, &(0x7f0000000240)=<r2=>0x0)
io_submit(r2, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x80000000000000, 0x1, 0x0, r1, &(0x7f0000000000), 0x377140be6b5ef4c7}])
ioctl$KVM_GET_SUPPORTED_CPUID(r1, 0xc008ae05, &(0x7f0000000100)=""/229)
ftruncate(r0, 0x800)
r3 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/btrfs-control\x00', 0x0, 0x0)
ioctl$ASHMEM_GET_PIN_STATUS(r3, 0x7709, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$FS_IOC_SET_ENCRYPTION_POLICY(0xffffffffffffffff, 0x800c6613, &(0x7f0000000280)=@v2={0x2, @aes128, 0x4, [], "ca581a915dd1122fb5fd51fc7195c3fc"})
r5 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00')
sendmsg$TIPC_NL_LINK_SET(r4, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000840)={0x24, r5, 0x1, 0x0, 0x0, {}, [@TIPC_NLA_LINK={0x10, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz0\x00'}]}]}, 0x24}}, 0x0)
sendmsg$TIPC_NL_MON_PEER_GET(r3, &(0x7f0000000240)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2140008}, 0xc, &(0x7f0000000200)={&(0x7f00000004c0)=ANY=[@ANYBLOB="e7a89773285e98e4d04a21ff7a6753ee60cd9435cfa0110e079cac36895eb638143b120d63ed5955d48cd4284334f6eb2a5c8829aba15c004087ec599931c10a67f214687a3ad8683d3618b2ce0f3e23f2489e882db60addf7064e66d0ec82af7a547d7535dfaa2a034a6dc3bf279b202c835afb7c49a940102b139d9766b24be7bbcb5d1f99c548789226fb00271ad195ec54b79dc3a7b085463f4c6188d8f219d1aadd8c6c985e6b7ed1f1ec2d11f2b2d9b56774be66e042a6e92fe43028bcc5c6f0858feac076e601558fc9a7c82912983d84a72337ea", @ANYRES16=r5, @ANYBLOB="000427bd7000fddbdf251300000034000280080002000600000004000400040004000400040008000200020000000400040008000100040000000800020004000000380007800c0003001f0000000000000008000200940000000c00030001000000000000000c000300020000000000000008000100040000007400028008000100ff03000008000200070000000400040004000400340003800800010000000000080001000200000008000100b4000000080001003d410000080001000000000008000100060000000400040004000400080002000600000008000200400200000c00038008000200ff0700003c00098008000200810000000800010001010000080002008000000008000100270a000008000100fdffffff08000100f7ffffff08000200080000001400028004000400080001000000000004000400"], 0x144}, 0x1, 0x0, 0x0, 0x10}, 0x804)
lseek(r0, 0x0, 0x2)
r6 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
readv(r4, &(0x7f0000000c00)=[{&(0x7f0000000300)=""/116, 0x74}, {&(0x7f0000000380)=""/135, 0x87}, {&(0x7f0000000080)=""/26, 0x1a}, {&(0x7f0000000700)=""/248, 0xf8}, {&(0x7f0000000880)=""/194, 0xc2}, {&(0x7f0000000980)=""/235, 0xeb}, {&(0x7f0000000a80)=""/96, 0x60}, {&(0x7f0000000b00)=""/215, 0xd7}], 0x8)
sendfile(r0, r6, 0x0, 0xffffffff)

08:56:01 executing program 4:
r0 = creat(&(0x7f0000000080)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6900)
r1 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/btrfs-control\x00', 0x0, 0x0)
ioctl$ASHMEM_GET_PIN_STATUS(r1, 0x7709, 0x0)
ioctl$VT_ACTIVATE(r1, 0x5606, 0x0)
ftruncate(r0, 0x7f)
r2 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/btrfs-control\x00', 0x0, 0x0)
ioctl$ASHMEM_GET_PIN_STATUS(r2, 0x7709, 0x0)
ioctl$EXT4_IOC_MOVE_EXT(r0, 0xc028660f, &(0x7f0000000040)={0x0, r2, 0xeb0, 0x5, 0x7fff, 0x9a5e})
r3 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000140)='/dev/sequencer\x00', 0x2fc7c2, 0x0)
ioctl$VIDIOC_SUBDEV_G_SELECTION(r3, 0xc040563d, &(0x7f0000000100)={0x1, 0x0, 0x102, 0x4, {0x80, 0x4, 0x7, 0x1}})
r4 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
fcntl$setstatus(r4, 0x4, 0x46000)
io_setup(0x2349, &(0x7f0000000240)=<r5=>0x0)
io_submit(r5, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x80000000000000, 0x1, 0x0, r4, &(0x7f0000000000), 0x377140be6b5ef4c7}])
ioctl$VIDIOC_QUERYCTRL(r4, 0xc0445624, &(0x7f0000000180)={0x1f, 0x4, "da3a64ebd7c0b91820b6ff2a15f65536c353c3d1b4d01a68fe72bb6c37508c1f", 0x7, 0x1, 0x0, 0x9, 0x82})
lseek(r0, 0x0, 0x2)
r6 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r6, 0x0, 0x8400fffffffa)
sendfile(r0, r6, 0x0, 0xffffffff)

08:56:01 executing program 1:
creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040))
syz_init_net_socket$x25(0x9, 0x5, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200)
io_setup(0x2349, &(0x7f0000000240)=<r0=>0x0)
io_submit(r0, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x80000000000000, 0x1, 0x0, 0xffffffffffffffff, &(0x7f0000000000), 0x377140be6b5ef4c7}])
socket$inet6_sctp(0xa, 0x5, 0x84)
r1 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r2 = syz_open_procfs(0x0, &(0x7f0000000080)='mountinfo\x00')
sendfile(r1, r2, 0x0, 0x800000080004103)

08:56:01 executing program 4:
r0 = creat(&(0x7f00000003c0)='./file0\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6900)
r1 = creat(&(0x7f00000001c0)='./bus\x00', 0x22)
fcntl$setstatus(r1, 0x4, 0x46000)
io_setup(0x2349, &(0x7f0000000240)=<r2=>0x0)
io_submit(r2, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x80000000000000, 0x5, 0x0, r1}])
getsockopt$inet6_opts(r1, 0x29, 0x3b, &(0x7f0000000040)=""/230, &(0x7f0000000140)=0xe6)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r3 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000200)='/dev/qat_adf_ctl\x00', 0x109000, 0x0)
r4 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/btrfs-control\x00', 0x0, 0x0)
ioctl$ASHMEM_GET_PIN_STATUS(r4, 0x7709, 0x0)
write$binfmt_aout(r4, &(0x7f0000000300)={{0x107, 0xf9, 0xe0, 0xfe, 0x40173, 0x81, 0x94, 0x3}, "0656546be5e8b3d2b7c0409148d8a443de84751615f4b20929f47c28ce972c7349bfa4e81f6c0dc2a400216c787c93443f409159d1551d15db66cb2be4e0a9337a69011200"/84}, 0xa)
sendfile(r0, r3, 0x0, 0x8400fffffffa)
sendfile(r0, r3, 0x0, 0xffffffff)
r5 = openat$vcsa(0xffffffffffffff9c, &(0x7f0000000180)='/dev/vcsa\x00', 0x200402, 0x0)
ioctl$TUNGETSNDBUF(r5, 0x800454d3, &(0x7f0000000280))

08:56:02 executing program 4:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0xffffffff)

08:56:02 executing program 2:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff)
r2 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000100)='/dev/cachefiles\x00', 0x301002, 0x0)
getsockopt$inet_sctp6_SCTP_HMAC_IDENT(r2, 0x84, 0x16, &(0x7f0000000300), &(0x7f0000000180)=0x4)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
ftruncate(r0, 0x800)
r3 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
fcntl$setstatus(r3, 0x4, 0x46000)
io_setup(0x2349, &(0x7f0000000240)=<r4=>0x0)
io_submit(r4, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x80000000000000, 0x1, 0x0, r3, &(0x7f0000000000), 0x377140be6b5ef4c7}])
setsockopt$inet_tcp_TCP_CONGESTION(r3, 0x6, 0xd, &(0x7f0000000200)='veno\x00', 0x5)
lseek(r0, 0x0, 0x2)
removexattr(&(0x7f0000000080)='./bus\x00', &(0x7f00000000c0)=@known='system.posix_acl_default\x00')
syz_open_dev$media(&(0x7f00000001c0)='/dev/media#\x00', 0x9, 0x40)
ioctl$VIDIOC_QUERYCAP(r1, 0x80685600, &(0x7f0000000340))
r5 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r5, 0x0, 0x8400fffffffa)
sendfile(r0, r5, 0x0, 0xffffffff)
set_thread_area(&(0x7f0000000280)={0x8, 0x100000, 0x1000, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1})
syz_open_dev$evdev(&(0x7f0000000040)='/dev/input/event#\x00', 0x8, 0x206100)

08:56:02 executing program 3:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
prctl$PR_GET_NO_NEW_PRIVS(0x27)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0xffffffff)

08:56:02 executing program 0:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = fcntl$dupfd(r2, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r4 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r4, 0x0, 0x8400fffffffa)
sendfile(r0, r4, 0x0, 0xffffffff)
ioctl$KDFONTOP_SET(0xffffffffffffffff, 0x4b72, &(0x7f0000000040)={0x0, 0x1, 0x19, 0x2, 0x112, &(0x7f0000000300)="204d6ac7c9e1f825e20265fefa2b93bff590f1fb864d90d8124988b1bcfa44952bdb8548363feb5a94a2ad6353c92eab73f7b6972186a7971a88777f856a6997addb06c15753eb529c6f62ab89537a2955b573bf1069d45f93c0953572595bc8c0064dce8e6c6d3a5f3ab2db4fd4bf2fc2a8eed01f1ff133a9bebfbe351090f52a98fa6e12465584328c433de99c67ea285bc0a947b3c0330f6547bf161e3d235d1db7f3b261c5e914b10cb58538909a583b494fc4c79b800f07bf2bafe4aed655ffb5ede34413741ceb5070f6e634f4e1d963ee9f35c34e8185cee58e223d6ef322e15a2259efe0fbc5b507a7b2d01ef9dfcae2d4f2b638ce0a3d41a0a767af762ea1304d47dc128cae6e07524dc87e585142e4ec4b4b8e986c0a030b021331fcf216793e4f828247b190039914ef6bb634cba5049d11834271eef5532c7bf1bf7a4f545d3118cb92c855155ab096958c61cf5bdafaaf4b56179a15e26222664be6227304446d45943ae20db2b51f3d771ea5dfa1b48a840c18794060828b41fba1f8f086bae66c07e4088a4a3a947849cb7152269a226cde3f8e407d8ebc8a7d9bd68566f8b327fb15c8bb138f834126bac734ddc412499535d1fe081b742ad242c99e0c61f1178c434d7c2fd4608e6ffe208cfa640152f212e272a686fad5c2196b83c69b78ee8ae342de4bda25eab7bc4c9e1498636eeb3555a88c5500d2473461fda5e0357909b94b3c9e782b2cedb9fe9741b37a1434504732c471dc5e421427e34dcf7c38000c1f86731ce31bf0caaf71a4f13aabe35e59764cc39f44c128706a0cd185a6cfd1029f859be8ff5a0368f5ecea10b3c64383225192b2b7e2f729993cd320924dbb159540752118f63de2a9c0951d808f1cec9f07f64b4b18fd66dc1f8c0e1f27ba7bcd0a8f2eff38b23819772d5200f57e638df5b3d141544f8cc8a511edbfdb41ea1894f8b8123ff15ae6ef3b5747e7914a3b146f584348738856a14aff7284481021d2c84a37d3c113e9bdfd959bd54c01838dbfc98a26696c32d24fe933de364fcc0f0e71233083c2b23787ce8854d2a358fd88fd82076eb0ff00d982781ff7eadbe01def580d908425c541604480c8e5fb204c4e812ba2a6e1db552896ff85c03d19f865be37a503c618111efebecef1aea8b18bd73ed124d1cb94d13571986501291de199248c0b445dc20954b10c13a347ec4a5e2efb34b53dc9fc9d62354bd6701a110a0924dc15e48861b8fe57be219754a61e0b0cb621f9421765311f2085b3f762017fe4a26b793010519015afcff98580ee798806964b8ff8e4c94a94be3d8b485ea323ab67c3555c43d67556cc7ab75e03f862645f2b5c80ec82ca9efdf034acd061ee53290a2bcf0b8afd8871a45e0946d8cbb199a3a36a9c80ddd64cbd2138125598bc93cdf5bbc7726d76cd5bcb98ee"})

08:56:02 executing program 2:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff})
r2 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
fcntl$setstatus(r2, 0x4, 0x46000)
io_setup(0x2349, &(0x7f0000000240)=<r3=>0x0)
io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x80000000000000, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7}])
pipe(&(0x7f0000000040)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
r6 = fcntl$dupfd(r5, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200)
io_submit(0x0, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x80000000000000, 0x1, 0x0, 0xffffffffffffffff, &(0x7f0000000000), 0x377140be6b5ef4c7}])
mq_notify(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x32, 0x0, @thr={&(0x7f0000000300)="58d62eba77353caddefa3859c5945aa078f2b04e5675321ca646504771db7e1da1c30a2798e4e6ecc57139267dad74ab5a0c49a5d73fec454fc5b0f3e5596c8a6de9e8e18801bf09a0291576cd0d8388d73592479de0b200beacedf0d3d4b63d08208928243b03b0fe08f8c6c9c601d62c4fef9efcf68f2f8601a0973af9a1948445e36107005b3814c9f6838677d5f2a616a6973e8ea9a7da6929abb370c67015a3ebd40465163bdbfc6a91c0c49392f00cbdb59dcba0c833d5369b4a788f0d870413ec8190012d599bbf28c15a8c2f5f91f5e303f543dc65522488a5488a8a4797f743eae826865b074404", &(0x7f00000001c0)="66105145530016f53d9f"}})
write$P9_RCREATE(r4, &(0x7f0000000180)={0x18, 0x73, 0x2, {{0x40, 0x1, 0x2}, 0xff}}, 0x18)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r7 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r7, 0x0, 0x8400fffffffa)
clock_gettime(0x4, &(0x7f0000000280)={<r8=>0x0, <r9=>0x0})
setsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x42, &(0x7f0000000100)={r8, r9/1000+60000}, 0x10)
sendfile(r0, r7, 0x0, 0xffffffff)

08:56:03 executing program 5:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
r2 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/btrfs-control\x00', 0x0, 0x0)
ioctl$ASHMEM_GET_PIN_STATUS(r2, 0x7709, 0x0)
ioctl$TCSETAW(r2, 0x5407, &(0x7f0000000040)={0x40, 0x1, 0x7, 0x400, 0x1a, "18d44c451641b6b6"})
sendfile(r0, r1, 0x0, 0xffffffff)
creat(&(0x7f0000000080)='./bus\x00', 0x29)

08:56:03 executing program 4:
socket$nl_rdma(0x10, 0x3, 0x14)
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
r2 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
fcntl$setstatus(r2, 0x4, 0x46000)
r3 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
fcntl$setstatus(r3, 0x4, 0x46000)
io_setup(0x2349, &(0x7f0000000240)=<r4=>0x0)
io_submit(r4, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x80000000000000, 0x1, 0x0, r3, &(0x7f0000000000), 0x377140be6b5ef4c7}])
ioctl$sock_SIOCGPGRP(r3, 0x8904, &(0x7f0000000040))
io_setup(0x2349, &(0x7f0000000240)=<r5=>0x0)
io_submit(r5, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x80000000000000, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7}])
sendfile(r0, r2, 0x0, 0x6)
sendfile(r0, r1, 0x0, 0xffffffff)

08:56:03 executing program 4:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
r2 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/btrfs-control\x00', 0x0, 0x0)
ioctl$ASHMEM_GET_PIN_STATUS(r2, 0x7709, 0x0)
ioctl$VIDIOC_S_PRIORITY(r2, 0x40045644, 0x3)
sendfile(r0, r1, 0x0, 0xffffffff)

[ 2829.419720] kauditd_printk_skb: 64 callbacks suppressed
[ 2829.419730] audit: type=1804 audit(1591347363.583:1001): pid=22198 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="ToMToU" comm="syz-executor.0" name="/root/syzkaller-testdir384449744/syzkaller.8GxjaF/4372/bus" dev="sda1" ino=16124 res=1
08:56:03 executing program 0:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/btrfs-control\x00', 0x0, 0x0)
ioctl$ASHMEM_GET_PIN_STATUS(r3, 0x7709, 0x0)
dup2(r3, r1)
r4 = fcntl$dupfd(r2, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r5 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
r6 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/btrfs-control\x00', 0x0, 0x0)
ioctl$ASHMEM_GET_PIN_STATUS(r6, 0x7709, 0x0)
sendfile(r6, r5, 0x0, 0x8400fffffffb)
sendfile(r0, r5, 0x0, 0xffffffff)

[ 2829.422657] audit: type=1804 audit(1591347363.583:1002): pid=22212 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.4" name="/root/syzkaller-testdir787812507/syzkaller.VZIQUG/4519/bus" dev="sda1" ino=16051 res=1
[ 2829.432345] audit: type=1804 audit(1591347363.593:1003): pid=22213 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="ToMToU" comm="syz-executor.3" name="/root/syzkaller-testdir891778437/syzkaller.7QqUtx/936/bus" dev="sda1" ino=15988 res=1
08:56:04 executing program 2:
r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
ioctl$ASHMEM_GET_PIN_STATUS(0xffffffffffffffff, 0x7709, 0x0)
fdatasync(0xffffffffffffffff)
fcntl$setstatus(r0, 0x4, 0x46000)
io_setup(0x2349, &(0x7f0000000240)=<r1=>0x0)
io_submit(r1, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x80000000000000, 0x1, 0x0, r0, &(0x7f0000000000), 0x377140be6b5ef4c7}])
ioctl$RNDADDENTROPY(r0, 0x40085203, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000071000000010000002af47e373f5066d4ab281532b694ea9014ba30d98b45003aa4a3a5198b1f04ab106e4838969d81d721eca0eed51ff0ec7af3a5e9b1987a8c58061ba413a47e7481a813900a69a5633aa67ca29258f227dfa4adee6871f1a641ec371e181700"/121])
r2 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
r5 = fcntl$dupfd(r4, 0x0, r3)
ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200)
fcntl$setstatus(r2, 0x4, 0x6900)
ftruncate(r2, 0x800)
lseek(r2, 0x0, 0x2)
r6 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r2, r6, 0x0, 0x8400fffffffa)
r7 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000100)='/dev/btrfs-control\x00', 0xa040, 0x0)
ioctl$ASHMEM_GET_PIN_STATUS(r7, 0x7709, 0x0)
ioctl$FICLONE(r7, 0x40049409, r3)
sendfile(r2, r6, 0x0, 0xffffffff)

[ 2829.438433] audit: type=1804 audit(1591347363.603:1004): pid=22193 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.0" name="/root/syzkaller-testdir384449744/syzkaller.8GxjaF/4372/bus" dev="sda1" ino=16124 res=1
[ 2829.453048] audit: type=1804 audit(1591347363.613:1005): pid=22190 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.3" name="/root/syzkaller-testdir891778437/syzkaller.7QqUtx/936/bus" dev="sda1" ino=15988 res=1
[ 2829.683860] audit: type=1804 audit(1591347363.853:1006): pid=22219 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="ToMToU" comm="syz-executor.2" name="/root/syzkaller-testdir440013971/syzkaller.BGz3RF/4657/bus" dev="sda1" ino=16186 res=1
[ 2829.731357] audit: type=1804 audit(1591347363.893:1007): pid=22221 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.2" name="/root/syzkaller-testdir440013971/syzkaller.BGz3RF/4657/bus" dev="sda1" ino=16186 res=1
[ 2829.734934] audit: type=1804 audit(1591347363.903:1008): pid=22222 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.0" name="/root/syzkaller-testdir384449744/syzkaller.8GxjaF/4373/bus" dev="sda1" ino=16001 res=1
[ 2830.048463] audit: type=1804 audit(1591347364.193:1009): pid=22225 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.2" name="/root/syzkaller-testdir440013971/syzkaller.BGz3RF/4658/bus" dev="sda1" ino=15988 res=1
[ 2830.123018] audit: type=1804 audit(1591347364.283:1010): pid=22210 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="ToMToU" comm="syz-executor.5" name="/root/syzkaller-testdir619757868/syzkaller.NyDZSH/3796/bus" dev="sda1" ino=16117 res=1
08:56:05 executing program 1:
creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040))
syz_init_net_socket$x25(0x9, 0x5, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200)
io_setup(0x2349, &(0x7f0000000240)=<r0=>0x0)
io_submit(r0, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x80000000000000, 0x1, 0x0, 0xffffffffffffffff, &(0x7f0000000000), 0x377140be6b5ef4c7}])
r1 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r2 = syz_open_procfs(0x0, &(0x7f0000000080)='mountinfo\x00')
sendfile(r1, r2, 0x0, 0x800000080004103)

08:56:05 executing program 4:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$netlink(0x10, 0x3, 0x0)
r3 = socket$netlink(0x10, 0x3, 0x0)
openat$vimc2(0xffffffffffffff9c, &(0x7f0000000080)='/dev/video2\x00', 0x2, 0x0)
r4 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r5, @ANYBLOB="0000000000000000280012000c00010076657468"], 0x48}}, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000340)=ANY=[@ANYBLOB="4c00000024001d0f000000000000000000040000", @ANYRES32=r5, @ANYBLOB="00000000f1ffffff060000000d00010066715f636f64656c"], 0x4c}}, 0x40014)
sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000640)=@newtfilter={0x24, 0x2a, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5}}, 0x24}}, 0x0)
ioctl$sock_inet6_SIOCSIFADDR(r0, 0x8916, &(0x7f0000000040)={@private1={0xfc, 0x1, [], 0x1}, 0x52, r5})
lseek(r0, 0x0, 0x2)
r6 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r6, 0x0, 0x8400fffffffa)
sendfile(r0, r6, 0x0, 0xffffffff)

08:56:05 executing program 5:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0xffffffff)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = fcntl$dupfd(r2, 0x0, r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r3, 0x8933, &(0x7f0000000100)={'batadv_slave_1\x00', <r4=>0x0})
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000003c0)={0xffffffffffffffff, 0xc0, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)=0x5, 0x0, <r5=>0x0, 0x0, &(0x7f0000000200)={0x1, 0x5}, 0x0, 0x0, &(0x7f0000000240)={0x2, 0xf, 0x10001, 0xffffffcb}, &(0x7f0000000280)=0x9, 0x0, 0x0, 0x0, 0x0, &(0x7f00000002c0)=0xce9}}, 0x10)
r6 = socket$inet6_tcp(0xa, 0x1, 0x0)
r7 = fcntl$dupfd(r6, 0x0, r6)
ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x400200)
bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x14, 0xe, &(0x7f0000000000)=@framed={{0x18, 0x0, 0x0, 0x0, 0x9}, [@func={0x85, 0x0, 0x1, 0x0, 0x8}, @map_val={0x18, 0x9, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0xffffffff}, @map={0x18, 0x9}, @call={0x85, 0x0, 0x0, 0x12}, @initr0={0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, @alu={0x7, 0x0, 0x1, 0x0, 0x6, 0xffffffffffffffc0, 0x1}, @map_val={0x18, 0x3, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0xe58}]}, &(0x7f0000000080)='syzkaller\x00', 0x10000, 0x0, 0x0, 0x40f00, 0x0, [], r4, 0x8, 0xffffffffffffffff, 0x8, &(0x7f0000000140)={0x8, 0x3}, 0x8, 0x10, &(0x7f0000000180)={0x1, 0x2, 0x5, 0x5}, 0x10, r5, r7}, 0x78)
bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000000340)={0xffffffffffffffff, 0x10, &(0x7f0000000300)={&(0x7f0000000280)=""/13, 0xd, <r8=>r5}}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0xa, 0x7, &(0x7f0000000080)=ANY=[@ANYBLOB="95a81a0004000000850000001a000000181f0000", @ANYRES32=r1, @ANYBLOB="00000000000000001d4140001000000018220000", @ANYRES32, @ANYBLOB="00000000ff0f0000"], &(0x7f00000000c0)='GPL\x00', 0x5, 0xff, &(0x7f0000000100)=""/255, 0x41100, 0x3, [], 0x0, 0x0, r0, 0x8, &(0x7f0000000200)={0x0, 0x1}, 0x8, 0x10, &(0x7f0000000240)={0x5, 0x9, 0xd3, 0x1}, 0x10, r8}, 0x78)
ioctl$sock_inet_tcp_SIOCOUTQNSD(r1, 0x894b, &(0x7f0000000040))

08:56:05 executing program 2:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = fcntl$dupfd(r2, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
ioctl$VIDIOC_SUBSCRIBE_EVENT(r3, 0x4020565a, &(0x7f0000000040)={0x8001008, 0x1f})
lseek(r0, 0x0, 0x2)
r4 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r4, 0x0, 0x8400fffffffa)
sendfile(r0, r4, 0x0, 0xffffffff)

08:56:05 executing program 3:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r1 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vga_arbiter\x00', 0x420200, 0x0)
r2 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000240)='/dev/sequencer\x00', 0x204000, 0x0)
r3 = syz_genetlink_get_family_id$netlbl_calipso(&(0x7f0000000500)='NLBL_CALIPSO\x00')
sendmsg$NLBL_CALIPSO_C_REMOVE(r2, &(0x7f0000000600)={&(0x7f0000000640)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f00000005c0)={&(0x7f0000000540)=ANY=[@ANYBLOB='\x00\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="01002dbd700002dcdf2502000000080001000000000008000100020000000800010000000000080001000000000008000200020000000800010003000000"], 0x44}, 0x1, 0x0, 0x0, 0x40800}, 0x80)
sendmsg$NLBL_CALIPSO_C_ADD(r1, &(0x7f0000000140)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0xaa774784884cadbd}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x24, r3, 0x258, 0x70bd2d, 0x25dfdbfe, {}, [@NLBL_CALIPSO_A_MTYPE={0x8}, @NLBL_CALIPSO_A_MTYPE={0x8}]}, 0x24}, 0x1, 0x0, 0x0, 0x20040010}, 0x4000)
r4 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
r5 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
fcntl$setstatus(r5, 0x4, 0x46000)
io_setup(0x2349, &(0x7f0000000240)=<r6=>0x0)
io_submit(r6, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x80000000000000, 0x1, 0x0, r5, &(0x7f0000000000), 0x377140be6b5ef4c7}])
read$fb(r5, &(0x7f0000000180)=""/31, 0x1f)
sendfile(r0, r4, 0x0, 0x8400fffffffa)
sendfile(r0, r4, 0x0, 0xffffffff)

[ 2830.967323] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.4'.
08:56:05 executing program 0:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = fcntl$dupfd(r2, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0xffffffff)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r4 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r4, 0x0, 0x8400fffffffa)
r5 = socket$nl_route(0x10, 0x3, 0x0)
r6 = socket$netlink(0x10, 0x3, 0x0)
r7 = socket$netlink(0x10, 0x3, 0x7)
r8 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={0x0}}, 0x0)
getsockname$packet(r8, &(0x7f0000000100)={0x11, 0x0, <r9=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r9, @ANYBLOB="0000000000000000280012000c00010076657468"], 0x48}}, 0x0)
sendmsg$nl_route_sched(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000000c0)=ANY=[@ANYBLOB="4c00000024001d0f000000000000000000040000", @ANYRES32=r9, @ANYBLOB="0000f0fff0ffffff060000000d0001f6da51a1490066715f636f64656c"], 0x4c}}, 0x0)
sendmsg$nl_route_sched(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000380)=ANY=[@ANYBLOB='$\x00\x00\x00*\x00\'\r\x00'/20, @ANYRES32=r9, @ANYBLOB="0000000000005d179df6bdd93f04f494bf0119120000000000005a32cbd14a419fbe2d80da51ad155984cbcf5b4472de8077bb97fc631ac8cae1661a876f0cc2f5b0bd842b5939f195fe61898b20d344092b7e0244071423e536f7c32c53f1d3d1e883774c0d81388d5f591922450379b3619efe1038652515bdfa485b753b97243a60c164a9e4ad4f35cb03f5187e2f8bf8123e3250f241bfa6f1084d97bca820acda464974bfd23aab3f194e025636b02f95a0ea29ebddbe3bf0a74a3b82f0e3e9f45e8891469208ad26d5c8073662a6eebc5d8605390dc4bfbdadc4a0b78913a9b579bad2"], 0x24}}, 0x0)
sendmsg$ETHTOOL_MSG_STRSET_GET(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000240)={&(0x7f0000000500)=ANY=[@ANYBLOB="5ba00304", @ANYRES16=0x0, @ANYRES64=r7, @ANYRES64, @ANYBLOB="040003002800018008000100", @ANYRES32=0x0, @ANYRES64=0x0, @ANYRES64, @ANYBLOB], 0x4c}}, 0x0)
sendfile(r0, r4, 0x0, 0xffffffff)

08:56:05 executing program 3:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0xffffffff)
ioctl$SIOCRSSCAUSE(r1, 0x89e1, &(0x7f0000000040)=0x468)

[ 2831.065422] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.4'.
[ 2831.232019] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.0'.
[ 2831.823592] ------------[ cut here ]------------
[ 2831.823617] WARNING: CPU: 1 PID: 22242 at fs/ext4/inode.c:963 ext4_dio_get_block_overwrite+0x8d/0xc0
[ 2831.823623] Kernel panic - not syncing: panic_on_warn set ...
[ 2831.823623] 
[ 2831.823633] CPU: 1 PID: 22242 Comm: syz-executor.4 Not tainted 4.14.183-syzkaller #0
[ 2831.823638] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2831.823642] Call Trace:
[ 2831.823657]  dump_stack+0x1b2/0x283
[ 2831.823671]  panic+0x1f9/0x42d
[ 2831.823681]  ? add_taint.cold+0x16/0x16
[ 2831.823697]  ? ext4_dio_get_block_overwrite+0x8d/0xc0
[ 2831.823706]  ? __warn.cold+0x14/0x30
[ 2831.823721]  ? ext4_dio_get_block_overwrite+0x8d/0xc0
[ 2831.823731]  __warn.cold+0x2f/0x30
[ 2831.823742]  ? ist_end_non_atomic+0x10/0x10
[ 2831.823753]  ? ext4_dio_get_block_overwrite+0x8d/0xc0
[ 2831.823764]  report_bug+0x20a/0x248
[ 2831.823777]  do_error_trap+0x195/0x2d0
[ 2831.823788]  ? math_error+0x2d0/0x2d0
[ 2831.823800]  ? perf_trace_lock+0x109/0x4b0
[ 2831.823813]  ? ext4_issue_zeroout+0x150/0x150
[ 2831.823828]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 2831.823848]  invalid_op+0x1b/0x40
[ 2831.823860] RIP: 0010:ext4_dio_get_block_overwrite+0x8d/0xc0
[ 2831.823866] RSP: 0018:ffff88804ccf7308 EFLAGS: 00010246
[ 2831.823876] RAX: 0000000000040000 RBX: ffff88804ccf74b0 RCX: ffffc9000a525000
[ 2831.823882] RDX: 0000000000040000 RSI: ffffffff81be706d RDI: ffff888215f28618
[ 2831.823888] RBP: 000000000000007a R08: 0000000000000001 R09: 0000000000000001
[ 2831.823893] R10: ffff88804301a8f0 R11: ffff88804301a040 R12: 0000000000000000
[ 2831.823899] R13: ffff88804301a040 R14: 000000000000007a R15: ffff88801ad715c0
[ 2831.823918]  ? ext4_dio_get_block_overwrite+0x8d/0xc0
[ 2831.823932]  ? ext4_dio_get_block_overwrite+0x8d/0xc0
[ 2831.823946]  __blockdev_direct_IO+0x3103/0xe97c
[ 2831.823984]  ? sb_init_dio_done_wq+0x80/0x80
[ 2831.824000]  ? _raw_spin_unlock_irqrestore+0xaf/0xe0
[ 2831.824020]  ? mark_held_locks+0xa6/0xf0
[ 2831.824037]  ? ext4_get_block_unwritten+0x30/0x30
[ 2831.824060]  ? call_rwsem_wake+0x17/0x30
[ 2831.824073]  ext4_direct_IO+0xeb8/0x1970
[ 2831.824100]  generic_file_direct_write+0x1df/0x420
[ 2831.824119]  __generic_file_write_iter+0x2a5/0x590
[ 2831.824135]  ext4_file_write_iter+0x279/0xd90
[ 2831.824150]  ? kasan_kmalloc.part.0+0x4f/0xd0
[ 2831.824159]  ? __kmalloc+0x15a/0x400
[ 2831.824170]  ? ext4_llseek+0x7c0/0x7c0
[ 2831.824180]  ? do_splice_direct+0x164/0x210
[ 2831.824188]  ? do_sendfile+0x469/0xaf0
[ 2831.824197]  ? SyS_sendfile64+0xff/0x110
[ 2831.824214]  do_iter_readv_writev+0x3df/0x600
[ 2831.824227]  ? clone_verify_area+0x1e0/0x1e0
[ 2831.824245]  ? rw_verify_area+0xe1/0x290
[ 2831.824257]  do_iter_write+0x152/0x550
[ 2831.824274]  ? rcu_lockdep_current_cpu_online+0xed/0x140
[ 2831.824289]  vfs_iter_write+0x70/0xa0
[ 2831.824303]  iter_file_splice_write+0x52e/0xa10
[ 2831.824326]  ? generic_file_splice_read+0x3de/0x5d0
[ 2831.824337]  ? vmsplice_to_user+0x1c0/0x1c0
[ 2831.824346]  ? add_to_pipe+0x350/0x350
[ 2831.824360]  ? avc_policy_seqno+0x5/0x10
[ 2831.824371]  ? selinux_file_permission+0x7a/0x440
[ 2831.824387]  ? rw_verify_area+0xe1/0x290
[ 2831.824404]  ? vmsplice_to_user+0x1c0/0x1c0
[ 2831.824417]  direct_splice_actor+0x115/0x160
[ 2831.824432]  splice_direct_to_actor+0x27e/0x730
[ 2831.824446]  ? generic_pipe_buf_nosteal+0x10/0x10
[ 2831.824460]  ? do_splice_to+0x150/0x150
[ 2831.824471]  ? rw_verify_area+0xe1/0x290
[ 2831.824483]  do_splice_direct+0x164/0x210
[ 2831.824495]  ? splice_direct_to_actor+0x730/0x730
[ 2831.824510]  ? rcu_read_lock_sched_held+0x10a/0x130
[ 2831.824520]  ? rcu_sync_lockdep_assert+0x69/0xa0
[ 2831.824533]  do_sendfile+0x469/0xaf0
[ 2831.824552]  ? do_compat_pwritev64+0x140/0x140
[ 2831.824562]  ? put_timespec64+0xaa/0xf0
[ 2831.824580]  SyS_sendfile64+0xff/0x110
[ 2831.824590]  ? SyS_sendfile+0x130/0x130
[ 2831.824601]  ? do_syscall_64+0x4c/0x640
[ 2831.824612]  ? SyS_sendfile+0x130/0x130
[ 2831.824623]  do_syscall_64+0x1d5/0x640
[ 2831.824642]  entry_SYSCALL_64_after_hwframe+0x46/0xbb
[ 2831.824650] RIP: 0033:0x45ca69
[ 2831.824656] RSP: 002b:00007ff5ac387c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[ 2831.824665] RAX: ffffffffffffffda RBX: 00000000004fc580 RCX: 000000000045ca69
[ 2831.824671] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 0000000000000003
[ 2831.824677] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000
[ 2831.824682] R10: 00008400fffffffa R11: 0000000000000246 R12: 00000000ffffffff
[ 2831.824686] R13: 00000000000008dc R14: 00000000004cba56 R15: 00007ff5ac3886d4
[ 2831.830852] Kernel Offset: disabled
[ 2832.254110] Rebooting in 86400 seconds..