$inet_tcp(0x2, 0x1, 0x0) munmap(&(0x7f00000c5000/0x3000)=nil, 0x3000) bind$inet(r0, &(0x7f0000000100)={0x2, 0x4e20, @remote}, 0x10) setsockopt$sock_int(r0, 0x1, 0x3c, &(0x7f0000000440)=0x1, 0xffe6) sendto$inet(r0, 0x0, 0x0, 0x20000000, &(0x7f0000000080)={0x2, 0x4e20, @empty}, 0x10) r1 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(r1, 0x0, 0x40, &(0x7f0000000a00)=ANY=[@ANYBLOB="6d616e676c6500000000000000000000000000000000000000000000000000001f00000006000000a803000000000000100300009800000098000000300100001003000010030000100300001003000010030000060000000000000000000000ffffffffac1e000100000000000000006e657464657673696d300000000000007665746831000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000700098000000000000000000000000000000000000000000280054544c000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000700098000000000000000000000000000000000000000000280054544c0000000000000000000000000000000000000000000000000000000000000000000000ac1414aaac1414aa00000000000000006270713000000000000000000000000065727370616e30000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800434845434b53554d000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000b0000000000000000000000000000000000000000000400052415445455354000000000000000000000000000000000000000000000073797a310000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000700098000000000000000000000000000000000000000000280045434e0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000000feffffff"], 0x1) socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(0xffffffffffffffff, 0x6, 0x1d, 0x0, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) sendto$inet(r0, &(0x7f0000000140)="7c0d111317b1ff8ec8f29f81319ec5b10d0d000000efd9448dbef1ffb4e3a6af87131512da528f6235fe35d3053b5cb4877c1b89bbf83f6d749d5b00679601a3abdc204cf1ad797252bb0c7b43e3e9763221cb2c8d76f824f4bea338f53aa75703f465e50e434e2193900c39ab79d37cc0ce7a", 0x2fdf442dff3bb63, 0x401c005, 0x0, 0xffffffffffffff36) [ 993.186019][T18266] netlink: 'syz-executor.2': attribute type 4 has an invalid length. 08:10:09 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x196, 0x0, 0x0, 0x0) ioctl$KVM_GET_XCRS(0xffffffffffffffff, 0x8188aea6, &(0x7f0000000000)=ANY=[@ANYBLOB="010002d59400000500ade76e876e03c8cc0000"]) ioctl$KVM_RUN(r2, 0xae80, 0xd00) [ 993.301820][T18266] netlink: 'syz-executor.2': attribute type 4 has an invalid length. 08:10:09 executing program 2: pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) syz_mount_image$vfat(&(0x7f0000000440)='h\xcc?3\xc2', &(0x7f0000000400)='./file0\x00', 0xfffffffffffffffa, 0x1, &(0x7f00000003c0)=[{&(0x7f0000000080)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x280001c, 0x0) r1 = open(&(0x7f0000000300)='./file0\x00', 0x0, 0x0) fchdir(r1) creat(&(0x7f0000000140)='./bus\x00', 0x0) mkdir(&(0x7f0000000240)='./file1\x00', 0x0) mkdir(&(0x7f0000000280)='./file0\x00', 0x0) r2 = open(&(0x7f00000009c0)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x800002, 0x11, r2, 0x0) r3 = creat(&(0x7f00000002c0)='./bus\x00', 0x0) fcntl$setstatus(r3, 0x4, 0x6100) ftruncate(r3, 0x8200) write$cgroup_type(r3, &(0x7f0000000200)='threaded\x00', 0x175d900f) write$binfmt_misc(r0, &(0x7f0000000140)=ANY=[], 0x4240a2a0) [ 993.434790][T18294] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 993.463878][T18294] x_tables: duplicate underflow at hook 1 [ 993.501327][T18296] x_tables: duplicate underflow at hook 1 08:10:09 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x196, 0x0, 0x0, 0x0) ioctl$KVM_GET_XCRS(0xffffffffffffffff, 0x8188aea6, &(0x7f0000000000)=ANY=[@ANYBLOB="010002d59400000500ade76e876e03c8cc0000"]) ioctl$KVM_RUN(r2, 0xae80, 0xe00) 08:10:09 executing program 3: 08:10:09 executing program 2: pipe(&(0x7f0000000300)) syz_mount_image$vfat(&(0x7f0000000440)='vfat\x00', &(0x7f0000000400)='./file0\x00', 0xfffffffffffffffa, 0x1, &(0x7f00000003c0)=[{&(0x7f0000000080)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x280001c, 0x0) r0 = open(&(0x7f0000000300)='./file0\x00', 0x0, 0x0) fchdir(r0) creat(&(0x7f0000000140)='./bus\x00', 0x0) mkdir(&(0x7f0000000240)='./file1\x00', 0x0) r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/pfkey\x00', 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x552, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, r1}, 0x78) getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, &(0x7f0000000440)={{{@in, @in6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@ipv4={[], [], @remote}}, 0x0, @in=@initdev}}, &(0x7f0000000380)=0xe8) r3 = socket$inet(0x2, 0x1, 0x0) setsockopt(r3, 0x0, 0x40, &(0x7f0000000000), 0x18) fstat(r3, &(0x7f0000000640)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) lsetxattr$system_posix_acl(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='system.posix_acl_access\x00', &(0x7f00000003c0)={{}, {0x1, 0x4}, [{}, {0x2, 0x1, r2}], {0x4, 0x2}, [{0x8, 0x4, r4}], {0x10, 0x2}, {0x20, 0x2}}, 0x3c, 0x1) getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, &(0x7f0000000440)={{{@in, @in6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@ipv4={[], [], @remote}}, 0x0, @in=@initdev}}, &(0x7f0000000380)=0xe8) r6 = socket$inet(0x2, 0x1, 0x0) setsockopt(r6, 0x0, 0x40, &(0x7f0000000000), 0x18) fstat(r6, &(0x7f0000000640)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) lsetxattr$system_posix_acl(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='system.posix_acl_access\x00', &(0x7f00000003c0)={{}, {0x1, 0x4}, [{}, {0x2, 0x1, r5}], {0x4, 0x2}, [{0x8, 0x4, r7}], {0x10, 0x2}, {0x20, 0x2}}, 0x3c, 0x1) write$FUSE_DIRENTPLUS(r1, &(0x7f0000000480)=ANY=[@ANYBLOB="6001000000000000010000000000000000000000000000000000000000000000f800000000000000030000000000000004000000ffff000005000000000000000101000000000000040000000000000001000000000000000600000000000000010000000000000001010000001000000700000002000000ffffff7f", @ANYRES32=0xee01, @ANYRES32=r4, @ANYBLOB="090000000600000000000000020000000000000096040000000000000a00000002000000766d6e6574302e656d30000000000000000000000000000001000000000000006200000000000000040000000000000000010000020000000100000000000000090000000000000004000000000000001f000000000000003f00000000000000ad91aa44000000007ff1ffff0700000001000000030000002b0c0080", @ANYRES32=0xee00, @ANYRES32=r7, @ANYBLOB="010000800500000000000000020000000000000000000000010000000b000000c8080000747275737465643a232a5b0000000000"], 0x160) mkdir(&(0x7f0000000280)='./file0\x00', 0x0) r8 = open(&(0x7f00000009c0)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x800002, 0x11, r8, 0x0) r9 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/pfkey\x00', 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x552, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, r9}, 0x78) ioctl$sock_rose_SIOCADDRT(r9, 0x890b, &(0x7f0000000180)={@remote={0xcc, 0xcc, 0xcc, 0xcc, 0x1}, 0x5d, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @netrom={'nr', 0x0}, 0x2, [@bcast, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @null, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast]}) creat(&(0x7f00000002c0)='./bus\x00', 0x0) sched_setscheduler(0x0, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x2a939}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r10 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x200000e, 0x13, r10, 0x0) 08:10:15 executing program 0: gettid() r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(r0, 0x40086602, 0x400007) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_pid(0xffffffffffffffff, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x6}, 0x3c) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x40082406, 0x0) perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) write$cgroup_subtree(r1, &(0x7f0000000000)=ANY=[], 0x32600) write$cgroup_subtree(r1, &(0x7f0000000000)=ANY=[@ANYBLOB], 0xda00) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000080)='cpu.stat\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x7fff}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffc}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) write$cgroup_int(0xffffffffffffffff, &(0x7f0000000200), 0x43400) ioctl$PERF_EVENT_IOC_MODIFY_ATTRIBUTES(r1, 0x4008240b, &(0x7f0000000280)={0x0, 0x70, 0xff, 0x1, 0x0, 0x3, 0x0, 0x100000000, 0xc17d06253f1d94fb, 0x2, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x8000, 0x4, @perf_config_ext={0x4, 0x1f}, 0x800, 0x8239, 0x7fff, 0x1, 0x1000, 0x9, 0x7}) 08:10:15 executing program 1: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x552, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78) setsockopt$inet_mreqsrc(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000100)='./file0\x00', 0x40c2, 0x40) r2 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) write(r1, &(0x7f0000000600)="34fd98aa1d0e7adec937a5f331a75f487934f50242a0751944936972896c29a5068c8ecba1aa0a4e2a631b5180e1fbde79f4502dc4c4a1fba9dcd9ed83e639aefa1b87631c33d1a82cb0c0035676ddfeb0fe7984d7519b0f839d497fc9d64ef14d1de22220ff2623df4950134b9fb734a52adad95f131cce3672a9d7d7b400d2c62810b5f20351639330948107bf8d4534a03ac389455c54d8eb4d609b3e858b7213b38eb01f0eeaba3739ae927916e28da6a79a3fd5e32d30ab30bf959d4596e5ffbff6789a650b9e7d248d1ba849012336a4f3ef8fab07a8f5b81bb0bc45b2174538315ca12b7c723b2157562564a8a1f19d28179f8c565448e0e921b8c3e6fc4adaafa8b929ad077f633325b6a6f71a586cabc4883e03e19315f946b277858593a7367e232202fe9ad656c6768a1517da7f0498b48cb078e929fb11db0cc551f754bffc4859dd89a396915cc809b07d448573098409ea21371056f67ef4114ec10547f498d24513fe594308bf022868ad21e85bba811942fdc45161a1a8a7fe00d5c6b05ed7954f631bbd12a5c9a5cfa5965e0595de608b04ebe02b3fcbf3b9f57807a1a7ad8528992e2ec65949da2f4a0478dfd3ae52639c15d8aeaa351da6d393b58c772168fae604d097fef4d6b9360eb169a0b0ee70cdc22435a003e68698f61b3b63b1f51011bc8f4ef944c1de821785f670124a1c6ed18335d63412", 0x200) sendfile(r1, r2, 0x0, 0x7fffffa7) r3 = open(&(0x7f0000000040)='./file0\x00', 0x141042, 0x0) sendfile(r3, 0xffffffffffffffff, 0x0, 0xffffffff) 08:10:15 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x196, 0x0, 0x0, 0x0) ioctl$KVM_GET_XCRS(0xffffffffffffffff, 0x8188aea6, &(0x7f0000000000)=ANY=[@ANYBLOB="010002d59400000500ade76e876e03c8cc0000"]) ioctl$KVM_RUN(r2, 0xae80, 0xf00) 08:10:15 executing program 3: 08:10:15 executing program 2: pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) syz_mount_image$vfat(&(0x7f0000000440)='vfat\x00', &(0x7f0000000400)='./file0\x00', 0xffffffffbffffffa, 0x1, &(0x7f00000001c0)=[{&(0x7f0000000180)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x280001c, 0x0) r1 = open(&(0x7f0000000300)='./file0\x00', 0x0, 0x0) fchdir(r1) r2 = creat(&(0x7f0000000140)='./bus\x00', 0x0) mkdir(&(0x7f0000000240)='./file1\x00', 0x0) mkdir(&(0x7f0000000280)='./file0\x00', 0x0) r3 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/pfkey\x00', 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x552, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, r3}, 0x78) ioctl$sock_kcm_SIOCKCMCLONE(r2, 0x89e2, &(0x7f0000000000)={r3}) getsockname(r4, &(0x7f00000000c0)=@nl, &(0x7f0000000040)=0x80) r5 = open(&(0x7f00000009c0)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x800002, 0x11, r5, 0x0) r6 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/pfkey\x00', 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x552, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, r6}, 0x78) ioctl$SNDRV_PCM_IOCTL_STATUS_EXT32(r6, 0xc06c4124, &(0x7f0000000340)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}) r7 = creat(&(0x7f00000002c0)='./bus\x00', 0x0) fcntl$setstatus(r7, 0x4, 0x6100) ftruncate(r7, 0x8200) write$cgroup_type(r7, &(0x7f0000000200)='threaded\x00', 0x175d900f) write$binfmt_misc(r0, &(0x7f0000000140)=ANY=[], 0x4240a2a0) 08:10:15 executing program 5: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {&(0x7f0000000000)="6653070000053c07bc3376003639405cb4aed1e68f7d368b3fb62f00000000", 0x1f}], 0x3, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) 08:10:15 executing program 3: [ 999.418098][ T27] audit: type=1800 audit(1577520615.151:599): pid=18332 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="file0" dev="loop1" ino=527 res=0 [ 999.440010][ T27] audit: type=1804 audit(1577520615.151:600): pid=18332 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir643497950/syzkaller.E8iwYA/205/file0/file0" dev="loop1" ino=527 res=1 [ 999.496302][ T27] audit: type=1804 audit(1577520615.231:601): pid=18343 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir643497950/syzkaller.E8iwYA/205/file0/file0" dev="loop1" ino=527 res=1 08:10:15 executing program 3: 08:10:15 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x196, 0x0, 0x0, 0x0) ioctl$KVM_GET_XCRS(0xffffffffffffffff, 0x8188aea6, &(0x7f0000000000)=ANY=[@ANYBLOB="010002d59400000500ade76e876e03c8cc0000"]) ioctl$KVM_RUN(r2, 0xae80, 0x1100) 08:10:15 executing program 3: 08:10:15 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x196, 0x0, 0x0, 0x0) ioctl$KVM_GET_XCRS(0xffffffffffffffff, 0x8188aea6, &(0x7f0000000000)=ANY=[@ANYBLOB="010002d59400000500ade76e876e03c8cc0000"]) ioctl$KVM_RUN(r2, 0xae80, 0x1200) 08:10:15 executing program 2: pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) syz_mount_image$vfat(&(0x7f0000000440)='vfat\x00', &(0x7f0000000400)='./file0\x00', 0xfffffffffffffffa, 0x1, &(0x7f00000003c0)=[{&(0x7f0000000080)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x280001c, 0x0) r1 = open(&(0x7f0000000300)='./file0\x00', 0x0, 0x0) fchdir(r1) creat(&(0x7f0000000140)='./bus\x00', 0x0) mkdir(&(0x7f0000000240)='./file1\x00', 0x0) mkdir(&(0x7f0000000280)='./file0\x00', 0x0) r2 = open(&(0x7f00000009c0)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x800002, 0x11, r2, 0x0) r3 = creat(&(0x7f00000002c0)='./bus\x00', 0x0) fcntl$setstatus(r3, 0x4, 0x6100) ftruncate(r3, 0x8200) write$cgroup_type(r3, &(0x7f0000000200)='threaded\x00', 0x175d900f) write$binfmt_misc(r0, &(0x7f0000000140)=ANY=[], 0x4240a2a0) 08:10:22 executing program 0: gettid() r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(r0, 0x40086602, 0x400007) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_pid(0xffffffffffffffff, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x6}, 0x3c) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x40082406, 0x0) perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r1, &(0x7f0000000000)=ANY=[@ANYBLOB], 0xda00) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000080)='cpu.stat\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x7fff}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffc}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) write$cgroup_int(r2, &(0x7f0000000200), 0x43400) ioctl$PERF_EVENT_IOC_MODIFY_ATTRIBUTES(r1, 0x4008240b, &(0x7f0000000280)={0x0, 0x70, 0xff, 0x1, 0x0, 0x3, 0x0, 0x100000000, 0xc17d06253f1d94fb, 0x2, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x8000, 0x4, @perf_config_ext={0x4, 0x1f}, 0x800, 0x8239, 0x7fff, 0x1, 0x1000, 0x9, 0x7}) 08:10:22 executing program 3: 08:10:22 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x196, 0x0, 0x0, 0x0) ioctl$KVM_GET_XCRS(0xffffffffffffffff, 0x8188aea6, &(0x7f0000000000)=ANY=[@ANYBLOB="010002d59400000500ade76e876e03c8cc0000"]) ioctl$KVM_RUN(r2, 0xae80, 0x1300) 08:10:22 executing program 2: pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) syz_mount_image$vfat(&(0x7f0000000440)='vfat\x00', &(0x7f0000000400)='./file0\x00', 0xfffffffffffffffa, 0x1, &(0x7f00000003c0)=[{&(0x7f0000000080)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x280001c, 0x0) r1 = open(&(0x7f0000000300)='./file0\x00', 0x0, 0x0) fchdir(r1) creat(&(0x7f0000000140)='./bus\x00', 0x0) mkdir(&(0x7f0000000240)='./file1\x00', 0x0) mkdir(&(0x7f0000000280)='./file0\x00', 0x0) r2 = open(&(0x7f00000009c0)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x800002, 0x11, r2, 0x0) r3 = creat(&(0x7f00000002c0)='./bus\x00', 0x0) lsetxattr$trusted_overlay_nlink(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='trusted.overlay.nlink\x00', &(0x7f00000000c0)={'L-', 0x5}, 0x16, 0x1) fcntl$setstatus(r3, 0x4, 0x6100) ftruncate(r3, 0x8200) write$cgroup_type(r3, &(0x7f0000000200)='threaded\x00', 0x175d900f) write$binfmt_misc(r0, &(0x7f0000000140)=ANY=[], 0x4240a2a0) 08:10:22 executing program 1: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x552, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78) setsockopt$inet_mreqsrc(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000100)='./file0\x00', 0x40c2, 0x40) r2 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) write(r1, &(0x7f0000000600)="34fd98aa1d0e7adec937a5f331a75f487934f50242a0751944936972896c29a5068c8ecba1aa0a4e2a631b5180e1fbde79f4502dc4c4a1fba9dcd9ed83e639aefa1b87631c33d1a82cb0c0035676ddfeb0fe7984d7519b0f839d497fc9d64ef14d1de22220ff2623df4950134b9fb734a52adad95f131cce3672a9d7d7b400d2c62810b5f20351639330948107bf8d4534a03ac389455c54d8eb4d609b3e858b7213b38eb01f0eeaba3739ae927916e28da6a79a3fd5e32d30ab30bf959d4596e5ffbff6789a650b9e7d248d1ba849012336a4f3ef8fab07a8f5b81bb0bc45b2174538315ca12b7c723b2157562564a8a1f19d28179f8c565448e0e921b8c3e6fc4adaafa8b929ad077f633325b6a6f71a586cabc4883e03e19315f946b277858593a7367e232202fe9ad656c6768a1517da7f0498b48cb078e929fb11db0cc551f754bffc4859dd89a396915cc809b07d448573098409ea21371056f67ef4114ec10547f498d24513fe594308bf022868ad21e85bba811942fdc45161a1a8a7fe00d5c6b05ed7954f631bbd12a5c9a5cfa5965e0595de608b04ebe02b3fcbf3b9f57807a1a7ad8528992e2ec65949da2f4a0478dfd3ae52639c15d8aeaa351da6d393b58c772168fae604d097fef4d6b9360eb169a0b0ee70cdc22435a003e68698f61b3b63b1f51011bc8f4ef944c1de821785f670124a1c6ed18335d63412", 0x200) sendfile(r1, r2, 0x0, 0x7fffffa7) r3 = open(&(0x7f0000000040)='./file0\x00', 0x141042, 0x0) sendfile(r3, r1, 0x0, 0x0) 08:10:22 executing program 5: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {&(0x7f0000000000)="6653070000053c07bc3376003639405cb4aed1e68f7d368b3fb62f00000000", 0x1f}], 0x3, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) 08:10:22 executing program 3: [ 1006.836946][ T27] audit: type=1800 audit(1577520622.571:602): pid=18392 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="file0" dev="loop1" ino=528 res=0 08:10:22 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x196, 0x0, 0x0, 0x0) ioctl$KVM_GET_XCRS(0xffffffffffffffff, 0x8188aea6, &(0x7f0000000000)=ANY=[@ANYBLOB="010002d59400000500ade76e876e03c8cc0000"]) ioctl$KVM_RUN(r2, 0xae80, 0x1400) [ 1006.905536][ T27] audit: type=1804 audit(1577520622.571:603): pid=18392 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir643497950/syzkaller.E8iwYA/206/file0/file0" dev="loop1" ino=528 res=1 [ 1006.931148][ T27] audit: type=1804 audit(1577520622.631:604): pid=18404 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir643497950/syzkaller.E8iwYA/206/file0/file0" dev="loop1" ino=528 res=1 08:10:22 executing program 2: pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) syz_mount_image$vfat(&(0x7f0000000440)='vfat\x00', &(0x7f0000000400)='./file0\x00', 0xfffffffffffffffa, 0x1, &(0x7f00000003c0)=[{&(0x7f0000000080)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x280001c, 0x0) r1 = open(&(0x7f0000000300)='./file0\x00', 0x0, 0x0) fchdir(r1) creat(&(0x7f0000000140)='./bus\x00', 0x0) mkdir(&(0x7f0000000240)='./file1\x00', 0x0) mkdir(&(0x7f0000000280)='./file0\x00', 0x0) r2 = open(&(0x7f00000009c0)='./bus\x00', 0x141042, 0x0) r3 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_S_EXT_CTRLS(r3, 0xc0205648, &(0x7f0000000080)={0x0, 0x7}) close(r3) r4 = syz_open_dev$media(&(0x7f0000000040)='/dev/media#\x00', 0x0, 0x2a00) r5 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000100)='net/route\x00') renameat(r4, &(0x7f00000000c0)='./file2\x00', r5, &(0x7f0000000180)='./file1\x00') mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x800002, 0x11, r2, 0x0) r6 = creat(&(0x7f00000002c0)='./bus\x00', 0x0) fcntl$setstatus(r6, 0x4, 0x6100) ftruncate(r6, 0x8200) write$cgroup_type(r6, &(0x7f0000000200)='threaded\x00', 0x175d900f) r7 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_S_EXT_CTRLS(r7, 0xc0205648, &(0x7f0000000080)={0x0, 0x7}) fsetxattr$security_evm(r7, &(0x7f00000001c0)='security.evm\x00', &(0x7f0000000340)=@sha1={0x1, "5a868adf12569ff6b35c5395fc0ea476a3945da3"}, 0x15, 0x2) write$binfmt_misc(r0, &(0x7f0000000140)=ANY=[], 0x4240a2a0) r8 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/pfkey\x00', 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x552, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, r8}, 0x78) ioctl$SIOCX25GSUBSCRIP(r8, 0x89e0, &(0x7f0000000480)={'ipddp0\x00', 0x7e122b37, 0x9}) 08:10:22 executing program 3: 08:10:23 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x196, 0x0, 0x0, 0x0) ioctl$KVM_GET_XCRS(0xffffffffffffffff, 0x8188aea6, &(0x7f0000000000)=ANY=[@ANYBLOB="010002d59400000500ade76e876e03c8cc0000"]) ioctl$KVM_RUN(r2, 0xae80, 0x1500) 08:10:23 executing program 3: 08:10:28 executing program 0: gettid() r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(r0, 0x40086602, 0x400007) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_pid(0xffffffffffffffff, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x6}, 0x3c) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x40082406, 0x0) perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r1, &(0x7f0000000000)=ANY=[@ANYBLOB], 0xda00) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000080)='cpu.stat\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x7fff}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffc}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) write$cgroup_int(r2, &(0x7f0000000200), 0x43400) ioctl$PERF_EVENT_IOC_MODIFY_ATTRIBUTES(r1, 0x4008240b, &(0x7f0000000280)={0x0, 0x70, 0xff, 0x1, 0x0, 0x3, 0x0, 0x100000000, 0xc17d06253f1d94fb, 0x2, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x8000, 0x4, @perf_config_ext={0x4, 0x1f}, 0x800, 0x8239, 0x7fff, 0x1, 0x1000, 0x9, 0x7}) 08:10:28 executing program 3: 08:10:28 executing program 2: pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) syz_mount_image$vfat(&(0x7f0000000440)='vfat\x00', &(0x7f0000000400)='./file0\x00', 0xfffffffffffffffa, 0x1, &(0x7f00000003c0)=[{&(0x7f0000000080)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x280001c, 0x0) r1 = open(&(0x7f0000000300)='./file0\x00', 0x0, 0x0) fchdir(r1) creat(&(0x7f0000000140)='./bus\x00', 0x0) mkdir(&(0x7f0000000240)='./file1\x00', 0x0) mkdir(&(0x7f0000000280)='./file0\x00', 0x0) r2 = open(&(0x7f00000009c0)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x800002, 0x11, r2, 0x0) r3 = creat(&(0x7f00000002c0)='./bus\x00', 0x0) r4 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_S_EXT_CTRLS(r4, 0xc0205648, &(0x7f0000000080)={0x0, 0x7}) sendfile(r2, r4, &(0x7f0000000000)=0x9, 0x9) fcntl$setstatus(r3, 0x4, 0x6100) ftruncate(r3, 0x8200) write$cgroup_type(r3, &(0x7f0000000200)='threaded\x00', 0x175d900f) write$binfmt_misc(r0, &(0x7f0000000140)=ANY=[], 0x4240a2a0) 08:10:28 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x196, 0x0, 0x0, 0x0) ioctl$KVM_GET_XCRS(0xffffffffffffffff, 0x8188aea6, &(0x7f0000000000)=ANY=[@ANYBLOB="010002d59400000500ade76e876e03c8cc0000"]) ioctl$KVM_RUN(r2, 0xae80, 0x1600) 08:10:28 executing program 1: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x552, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78) setsockopt$inet_mreqsrc(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000100)='./file0\x00', 0x40c2, 0x40) r2 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) write(r1, &(0x7f0000000600)="34fd98aa1d0e7adec937a5f331a75f487934f50242a0751944936972896c29a5068c8ecba1aa0a4e2a631b5180e1fbde79f4502dc4c4a1fba9dcd9ed83e639aefa1b87631c33d1a82cb0c0035676ddfeb0fe7984d7519b0f839d497fc9d64ef14d1de22220ff2623df4950134b9fb734a52adad95f131cce3672a9d7d7b400d2c62810b5f20351639330948107bf8d4534a03ac389455c54d8eb4d609b3e858b7213b38eb01f0eeaba3739ae927916e28da6a79a3fd5e32d30ab30bf959d4596e5ffbff6789a650b9e7d248d1ba849012336a4f3ef8fab07a8f5b81bb0bc45b2174538315ca12b7c723b2157562564a8a1f19d28179f8c565448e0e921b8c3e6fc4adaafa8b929ad077f633325b6a6f71a586cabc4883e03e19315f946b277858593a7367e232202fe9ad656c6768a1517da7f0498b48cb078e929fb11db0cc551f754bffc4859dd89a396915cc809b07d448573098409ea21371056f67ef4114ec10547f498d24513fe594308bf022868ad21e85bba811942fdc45161a1a8a7fe00d5c6b05ed7954f631bbd12a5c9a5cfa5965e0595de608b04ebe02b3fcbf3b9f57807a1a7ad8528992e2ec65949da2f4a0478dfd3ae52639c15d8aeaa351da6d393b58c772168fae604d097fef4d6b9360eb169a0b0ee70cdc22435a003e68698f61b3b63b1f51011bc8f4ef944c1de821785f670124a1c6ed18335d63412", 0x200) sendfile(r1, r2, 0x0, 0x7fffffa7) r3 = open(&(0x7f0000000040)='./file0\x00', 0x141042, 0x0) sendfile(r3, r1, 0x0, 0x0) 08:10:28 executing program 5: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {&(0x7f0000000000)="6653070000053c07bc3376003639405cb4aed1e68f7d368b3fb62f00000000", 0x1f}], 0x3, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) [ 1013.160630][ T27] audit: type=1800 audit(1577520628.891:605): pid=18442 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="file0" dev="loop1" ino=529 res=0 08:10:28 executing program 3: 08:10:29 executing program 2: pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) syz_mount_image$vfat(&(0x7f0000000440)='vfat\x00', &(0x7f0000000400)='./file0\x00', 0xfffffffffffffffa, 0x1, &(0x7f00000003c0)=[{&(0x7f0000000080)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x280001c, 0x0) r1 = open(&(0x7f0000000300)='./file0\x00', 0x0, 0x0) fchdir(r1) creat(&(0x7f0000000140)='./bus\x00', 0x0) mkdir(&(0x7f0000000240)='./file1\x00', 0x0) mkdir(&(0x7f0000000280)='./file0\x00', 0x0) r2 = open(&(0x7f00000009c0)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x800002, 0x11, r2, 0x0) r3 = creat(&(0x7f00000002c0)='./bus\x00', 0x0) fcntl$setstatus(r3, 0x4, 0x6100) ftruncate(r3, 0x8200) write$cgroup_type(r3, &(0x7f0000000200)='threaded\x00', 0x175d900f) write$binfmt_misc(r0, &(0x7f0000000140)=ANY=[], 0x4240a2a0) r4 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/pfkey\x00', 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x552, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, r4}, 0x78) ioctl$SNDRV_RAWMIDI_IOCTL_INFO(r4, 0x810c5701, &(0x7f0000000480)) 08:10:29 executing program 3: [ 1013.340539][ T27] audit: type=1804 audit(1577520628.891:606): pid=18442 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir643497950/syzkaller.E8iwYA/207/file0/file0" dev="loop1" ino=529 res=1 08:10:29 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x196, 0x0, 0x0, 0x0) ioctl$KVM_GET_XCRS(0xffffffffffffffff, 0x8188aea6, &(0x7f0000000000)=ANY=[@ANYBLOB="010002d59400000500ade76e876e03c8cc0000"]) ioctl$KVM_RUN(r2, 0xae80, 0x1700) 08:10:29 executing program 3: r0 = socket$kcm(0x10, 0x3, 0x0) sendmsg$kcm(r0, &(0x7f0000000280)={0x0, 0x3f00, &(0x7f0000000040)=[{&(0x7f00000002c0)="2e000000130081c5e4050cecdb4cb90407255e431a00000000fffffff00200000600b0efb07ab30004000c0004ff", 0x2e}], 0x1}, 0x0) [ 1013.472890][ T27] audit: type=1804 audit(1577520628.951:607): pid=18452 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir643497950/syzkaller.E8iwYA/207/file0/file0" dev="loop1" ino=529 res=1 08:10:29 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r1 = openat$null(0xffffffffffffff9c, 0x0, 0x0, 0x0) writev(0xffffffffffffffff, 0x0, 0x0) ioctl$sock_SIOCGIFVLAN_GET_VLAN_INGRESS_PRIORITY_CMD(r1, 0x8982, &(0x7f0000000180)) sched_setaffinity(0x0, 0x3d31, &(0x7f0000000200)=0xa000000000000005) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000080)='net/dev_snmp6\x00') r3 = syz_open_dev$tty20(0xc, 0x4, 0x0) r4 = dup3(r3, r2, 0x0) ioctl$TCXONC(0xffffffffffffffff, 0x4bfa, 0x7fffffffefff) ioctl$ASHMEM_SET_SIZE(r4, 0x40087703, 0xcd) symlink(&(0x7f00000000c0)='..', &(0x7f0000000040)='./file0\x00') r5 = syz_open_procfs(0x0, 0x0) r6 = syz_open_dev$tty20(0xc, 0x4, 0x0) r7 = dup3(r6, r5, 0x0) ioctl$TCXONC(r7, 0x4bfa, 0x7fffffffefff) setsockopt$inet_sctp6_SCTP_PARTIAL_DELIVERY_POINT(r7, 0x84, 0x13, &(0x7f0000000100)=0x7, 0x4) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000200)='devpts\x00E\xe6\xcb\xf6~\x11mS,!\xd7\xc5_\x96j\xc3\xcb\xe8@\x8a\xd7\x0f\xbc\\\xbe\x9b2\xc4\x8cp\xe8\xe2\xdf\xdf\xb6\xc6}\xde\x0e9\xd9\x8b\xf6e\x04g7T:-*w\xf7I>#htW\xeac_\xf5\x0e\xd7\xab\x15\b\x02 \xcdu\xbf\xfaho>\xd7U\xfc\x97L\xe0\'\xf4\x8e\xd0\x00'/124, 0x0, 0x0) chroot(&(0x7f0000000140)='./file0\x00') umount2(&(0x7f0000000080)='./file0\x00', 0x0) ioctl$NBD_SET_FLAGS(r1, 0xab0a, 0x7) r8 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r9 = ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r8, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r8, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x11d000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r9, &(0x7f0000000000/0x18000)=nil, 0x0, 0x196, 0x0, 0x0, 0x0) 08:10:37 executing program 0: gettid() r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(r0, 0x40086602, 0x400007) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_pid(0xffffffffffffffff, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x6}, 0x3c) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x40082406, 0x0) perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r1, &(0x7f0000000000)=ANY=[@ANYBLOB], 0xda00) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000080)='cpu.stat\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x7fff}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffc}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) write$cgroup_int(r2, &(0x7f0000000200), 0x43400) ioctl$PERF_EVENT_IOC_MODIFY_ATTRIBUTES(r1, 0x4008240b, &(0x7f0000000280)={0x0, 0x70, 0xff, 0x1, 0x0, 0x3, 0x0, 0x100000000, 0xc17d06253f1d94fb, 0x2, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x8000, 0x4, @perf_config_ext={0x4, 0x1f}, 0x800, 0x8239, 0x7fff, 0x1, 0x1000, 0x9, 0x7}) 08:10:37 executing program 2: pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) syz_mount_image$vfat(&(0x7f0000000440)='vfat\x00', &(0x7f0000000400)='./file0\x00', 0xfffffffffffffffa, 0x1, &(0x7f00000003c0)=[{&(0x7f0000000080)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x280001c, 0x0) r1 = open(&(0x7f0000000300)='./bus\x00', 0x0, 0xe7ed836db1377672) fchdir(r1) r2 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_S_EXT_CTRLS(r2, 0xc0205648, &(0x7f0000000080)={0x0, 0x7}) fcntl$dupfd(r1, 0x0, r2) ioctl$PPPIOCGDEBUG(0xffffffffffffffff, 0x80047441, &(0x7f0000000040)) creat(&(0x7f0000000140)='./bus\x00', 0x0) mkdir(&(0x7f0000000240)='./file1\x00', 0x0) mkdir(&(0x7f0000000280)='./file0\x00', 0x0) r3 = open(&(0x7f00000009c0)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x800002, 0x11, r3, 0x0) r4 = creat(&(0x7f00000002c0)='./bus\x00', 0x0) r5 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_S_EXT_CTRLS(r5, 0xc0205648, &(0x7f0000000080)={0x0, 0x7}) r6 = dup2(r5, r0) ioctl$EVIOCSKEYCODE_V2(r6, 0x40284504, &(0x7f00000000c0)={0x9, 0x0, 0xff, 0x8000, "9445724f9ff74085f6092024cb86b606419bbcd92c1135e01180342f5d57d33a"}) fcntl$setstatus(r4, 0x4, 0x6100) ftruncate(r4, 0x8200) write$cgroup_type(r4, &(0x7f0000000200)='threaded\x00', 0x175d900f) write$binfmt_misc(r0, &(0x7f0000000140)=ANY=[], 0x4240a2a0) 08:10:37 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x196, 0x0, 0x0, 0x0) ioctl$KVM_GET_XCRS(0xffffffffffffffff, 0x8188aea6, &(0x7f0000000000)=ANY=[@ANYBLOB="010002d59400000500ade76e876e03c8cc0000"]) ioctl$KVM_RUN(r2, 0xae80, 0x1800) 08:10:37 executing program 1: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x552, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78) setsockopt$inet_mreqsrc(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000100)='./file0\x00', 0x40c2, 0x40) r2 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) write(r1, &(0x7f0000000600)="34fd98aa1d0e7adec937a5f331a75f487934f50242a0751944936972896c29a5068c8ecba1aa0a4e2a631b5180e1fbde79f4502dc4c4a1fba9dcd9ed83e639aefa1b87631c33d1a82cb0c0035676ddfeb0fe7984d7519b0f839d497fc9d64ef14d1de22220ff2623df4950134b9fb734a52adad95f131cce3672a9d7d7b400d2c62810b5f20351639330948107bf8d4534a03ac389455c54d8eb4d609b3e858b7213b38eb01f0eeaba3739ae927916e28da6a79a3fd5e32d30ab30bf959d4596e5ffbff6789a650b9e7d248d1ba849012336a4f3ef8fab07a8f5b81bb0bc45b2174538315ca12b7c723b2157562564a8a1f19d28179f8c565448e0e921b8c3e6fc4adaafa8b929ad077f633325b6a6f71a586cabc4883e03e19315f946b277858593a7367e232202fe9ad656c6768a1517da7f0498b48cb078e929fb11db0cc551f754bffc4859dd89a396915cc809b07d448573098409ea21371056f67ef4114ec10547f498d24513fe594308bf022868ad21e85bba811942fdc45161a1a8a7fe00d5c6b05ed7954f631bbd12a5c9a5cfa5965e0595de608b04ebe02b3fcbf3b9f57807a1a7ad8528992e2ec65949da2f4a0478dfd3ae52639c15d8aeaa351da6d393b58c772168fae604d097fef4d6b9360eb169a0b0ee70cdc22435a003e68698f61b3b63b1f51011bc8f4ef944c1de821785f670124a1c6ed18335d63412", 0x200) sendfile(r1, r2, 0x0, 0x7fffffa7) r3 = open(&(0x7f0000000040)='./file0\x00', 0x141042, 0x0) sendfile(r3, r1, 0x0, 0x0) 08:10:37 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r1 = openat$null(0xffffffffffffff9c, 0x0, 0x0, 0x0) writev(0xffffffffffffffff, 0x0, 0x0) ioctl$sock_SIOCGIFVLAN_GET_VLAN_INGRESS_PRIORITY_CMD(r1, 0x8982, &(0x7f0000000180)) sched_setaffinity(0x0, 0x3d31, &(0x7f0000000200)=0xa000000000000005) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000080)='net/dev_snmp6\x00') r3 = syz_open_dev$tty20(0xc, 0x4, 0x0) r4 = dup3(r3, r2, 0x0) ioctl$TCXONC(0xffffffffffffffff, 0x4bfa, 0x7fffffffefff) ioctl$ASHMEM_SET_SIZE(r4, 0x40087703, 0xcd) symlink(&(0x7f00000000c0)='..', &(0x7f0000000040)='./file0\x00') r5 = syz_open_procfs(0x0, 0x0) r6 = syz_open_dev$tty20(0xc, 0x4, 0x0) r7 = dup3(r6, r5, 0x0) ioctl$TCXONC(r7, 0x4bfa, 0x7fffffffefff) setsockopt$inet_sctp6_SCTP_PARTIAL_DELIVERY_POINT(r7, 0x84, 0x13, &(0x7f0000000100)=0x7, 0x4) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000200)='devpts\x00E\xe6\xcb\xf6~\x11mS,!\xd7\xc5_\x96j\xc3\xcb\xe8@\x8a\xd7\x0f\xbc\\\xbe\x9b2\xc4\x8cp\xe8\xe2\xdf\xdf\xb6\xc6}\xde\x0e9\xd9\x8b\xf6e\x04g7T:-*w\xf7I>#htW\xeac_\xf5\x0e\xd7\xab\x15\b\x02 \xcdu\xbf\xfaho>\xd7U\xfc\x97L\xe0\'\xf4\x8e\xd0\x00'/124, 0x0, 0x0) chroot(&(0x7f0000000140)='./file0\x00') umount2(&(0x7f0000000080)='./file0\x00', 0x0) ioctl$NBD_SET_FLAGS(r1, 0xab0a, 0x7) r8 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r9 = ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r8, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r8, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x11d000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r9, &(0x7f0000000000/0x18000)=nil, 0x0, 0x196, 0x0, 0x0, 0x0) 08:10:37 executing program 5: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {&(0x7f0000000000)="6653070000053c07bc3376003639405cb4aed1e68f7d368b3fb62f00000000", 0x1f}], 0x3, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) [ 1021.600492][ T27] audit: type=1800 audit(1577520637.331:608): pid=18493 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="file0" dev="loop1" ino=530 res=0 [ 1021.640655][ T27] audit: type=1804 audit(1577520637.361:609): pid=18493 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir643497950/syzkaller.E8iwYA/208/file0/file0" dev="loop1" ino=530 res=1 [ 1021.823099][ T27] audit: type=1804 audit(1577520637.411:610): pid=18504 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir643497950/syzkaller.E8iwYA/208/file0/file0" dev="loop1" ino=530 res=1 [ 1021.946694][ T27] audit: type=1804 audit(1577520637.551:611): pid=18509 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir048680357/syzkaller.hecpVM/232/bus" dev="sda1" ino=16709 res=1 08:10:37 executing program 2: pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) syz_mount_image$vfat(&(0x7f0000000440)='vfat\x00', &(0x7f0000000400)='./file0\x00', 0xfffffffffffffffa, 0x1, &(0x7f00000003c0)=[{&(0x7f0000000080)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x280001c, 0x0) r1 = open(&(0x7f0000000300)='./file0\x00', 0x100, 0x0) fchdir(r1) creat(&(0x7f0000000140)='./bus\x00', 0x0) mkdir(&(0x7f0000000240)='./file1\x00', 0x0) mkdir(&(0x7f0000000280)='./file0\x00', 0x0) r2 = open(&(0x7f00000009c0)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x800002, 0x11, r2, 0x0) r3 = creat(&(0x7f00000002c0)='./bus\x00', 0x0) fcntl$setstatus(r3, 0x4, 0x6100) ftruncate(r3, 0x8200) write$cgroup_type(r3, &(0x7f0000000200)='threaded\x00', 0x175d900f) write$binfmt_misc(r0, &(0x7f0000000140)=ANY=[], 0x4240a2a0) 08:10:37 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x196, 0x0, 0x0, 0x0) ioctl$KVM_GET_XCRS(0xffffffffffffffff, 0x8188aea6, &(0x7f0000000000)=ANY=[@ANYBLOB="010002d59400000500ade76e876e03c8cc0000"]) ioctl$KVM_RUN(r2, 0xae80, 0x1900) [ 1022.062321][ T27] audit: type=1804 audit(1577520637.551:612): pid=18509 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir048680357/syzkaller.hecpVM/232/bus" dev="sda1" ino=16709 res=1 [ 1022.142953][ T27] audit: type=1804 audit(1577520637.601:613): pid=18501 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir048680357/syzkaller.hecpVM/232/bus" dev="sda1" ino=16709 res=1 08:10:37 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r1 = openat$null(0xffffffffffffff9c, 0x0, 0x0, 0x0) writev(0xffffffffffffffff, 0x0, 0x0) ioctl$sock_SIOCGIFVLAN_GET_VLAN_INGRESS_PRIORITY_CMD(r1, 0x8982, &(0x7f0000000180)) sched_setaffinity(0x0, 0x3d31, &(0x7f0000000200)=0xa000000000000005) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000080)='net/dev_snmp6\x00') r3 = syz_open_dev$tty20(0xc, 0x4, 0x0) r4 = dup3(r3, r2, 0x0) ioctl$TCXONC(0xffffffffffffffff, 0x4bfa, 0x7fffffffefff) ioctl$ASHMEM_SET_SIZE(r4, 0x40087703, 0xcd) symlink(&(0x7f00000000c0)='..', &(0x7f0000000040)='./file0\x00') r5 = syz_open_procfs(0x0, 0x0) r6 = syz_open_dev$tty20(0xc, 0x4, 0x0) r7 = dup3(r6, r5, 0x0) ioctl$TCXONC(r7, 0x4bfa, 0x7fffffffefff) setsockopt$inet_sctp6_SCTP_PARTIAL_DELIVERY_POINT(r7, 0x84, 0x13, &(0x7f0000000100)=0x7, 0x4) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000200)='devpts\x00E\xe6\xcb\xf6~\x11mS,!\xd7\xc5_\x96j\xc3\xcb\xe8@\x8a\xd7\x0f\xbc\\\xbe\x9b2\xc4\x8cp\xe8\xe2\xdf\xdf\xb6\xc6}\xde\x0e9\xd9\x8b\xf6e\x04g7T:-*w\xf7I>#htW\xeac_\xf5\x0e\xd7\xab\x15\b\x02 \xcdu\xbf\xfaho>\xd7U\xfc\x97L\xe0\'\xf4\x8e\xd0\x00'/124, 0x0, 0x0) chroot(&(0x7f0000000140)='./file0\x00') umount2(&(0x7f0000000080)='./file0\x00', 0x0) ioctl$NBD_SET_FLAGS(r1, 0xab0a, 0x7) r8 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r9 = ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r8, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r8, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x11d000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r9, &(0x7f0000000000/0x18000)=nil, 0x0, 0x196, 0x0, 0x0, 0x0) [ 1022.189618][ T27] audit: type=1804 audit(1577520637.601:614): pid=18501 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir048680357/syzkaller.hecpVM/232/bus" dev="sda1" ino=16709 res=1 08:10:38 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x196, 0x0, 0x0, 0x0) ioctl$KVM_GET_XCRS(0xffffffffffffffff, 0x8188aea6, &(0x7f0000000000)=ANY=[@ANYBLOB="010002d59400000500ade76e876e03c8cc0000"]) ioctl$KVM_RUN(r2, 0xae80, 0x1a00) 08:10:38 executing program 2: pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) syz_mount_image$vfat(&(0x7f0000000440)='vfat\x00', &(0x7f0000000400)='./file0\x00', 0xfffffffffffffffa, 0x1, &(0x7f00000003c0)=[{&(0x7f0000000080)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x280001c, 0x0) r1 = open(&(0x7f0000000300)='./file0\x00', 0x400, 0x20) fchdir(r1) creat(&(0x7f0000000140)='./bus\x00', 0x0) mkdir(&(0x7f0000000240)='./file1\x00', 0x0) mkdir(&(0x7f0000000280)='./file0\x00', 0x0) r2 = open(&(0x7f00000009c0)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x800002, 0x11, r2, 0x0) r3 = creat(&(0x7f00000002c0)='./bus\x00', 0x0) fcntl$setstatus(r3, 0x4, 0x6100) ftruncate(r3, 0x8200) write$cgroup_type(r3, &(0x7f0000000200)='threaded\x00', 0x175d900f) write$binfmt_misc(r0, &(0x7f0000000140)=ANY=[], 0x4240a2a0) 08:10:38 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x196, 0x0, 0x0, 0x0) ioctl$KVM_GET_XCRS(0xffffffffffffffff, 0x8188aea6, &(0x7f0000000000)=ANY=[@ANYBLOB="010002d59400000500ade76e876e03c8cc0000"]) ioctl$KVM_RUN(r2, 0xae80, 0x1b00) 08:10:45 executing program 0: gettid() r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(r0, 0x40086602, 0x400007) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_pid(0xffffffffffffffff, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x6}, 0x3c) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x40082406, 0x0) write$cgroup_subtree(r1, &(0x7f0000000000)=ANY=[], 0x32600) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r1, &(0x7f0000000000)=ANY=[@ANYBLOB], 0xda00) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000080)='cpu.stat\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x7fff}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffc}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) write$cgroup_int(r2, &(0x7f0000000200), 0x43400) ioctl$PERF_EVENT_IOC_MODIFY_ATTRIBUTES(r1, 0x4008240b, &(0x7f0000000280)={0x0, 0x70, 0xff, 0x1, 0x0, 0x3, 0x0, 0x100000000, 0xc17d06253f1d94fb, 0x2, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x8000, 0x4, @perf_config_ext={0x4, 0x1f}, 0x800, 0x8239, 0x7fff, 0x1, 0x1000, 0x9, 0x7}) 08:10:45 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r1 = openat$null(0xffffffffffffff9c, 0x0, 0x0, 0x0) writev(0xffffffffffffffff, 0x0, 0x0) ioctl$sock_SIOCGIFVLAN_GET_VLAN_INGRESS_PRIORITY_CMD(r1, 0x8982, &(0x7f0000000180)) sched_setaffinity(0x0, 0x3d31, &(0x7f0000000200)=0xa000000000000005) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000080)='net/dev_snmp6\x00') r3 = syz_open_dev$tty20(0xc, 0x4, 0x0) r4 = dup3(r3, r2, 0x0) ioctl$TCXONC(0xffffffffffffffff, 0x4bfa, 0x7fffffffefff) ioctl$ASHMEM_SET_SIZE(r4, 0x40087703, 0xcd) symlink(&(0x7f00000000c0)='..', &(0x7f0000000040)='./file0\x00') r5 = syz_open_procfs(0x0, 0x0) r6 = syz_open_dev$tty20(0xc, 0x4, 0x0) r7 = dup3(r6, r5, 0x0) ioctl$TCXONC(r7, 0x4bfa, 0x7fffffffefff) setsockopt$inet_sctp6_SCTP_PARTIAL_DELIVERY_POINT(r7, 0x84, 0x13, &(0x7f0000000100)=0x7, 0x4) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000200)='devpts\x00E\xe6\xcb\xf6~\x11mS,!\xd7\xc5_\x96j\xc3\xcb\xe8@\x8a\xd7\x0f\xbc\\\xbe\x9b2\xc4\x8cp\xe8\xe2\xdf\xdf\xb6\xc6}\xde\x0e9\xd9\x8b\xf6e\x04g7T:-*w\xf7I>#htW\xeac_\xf5\x0e\xd7\xab\x15\b\x02 \xcdu\xbf\xfaho>\xd7U\xfc\x97L\xe0\'\xf4\x8e\xd0\x00'/124, 0x0, 0x0) chroot(&(0x7f0000000140)='./file0\x00') umount2(&(0x7f0000000080)='./file0\x00', 0x0) ioctl$NBD_SET_FLAGS(r1, 0xab0a, 0x7) r8 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r9 = ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r8, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r8, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x11d000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r9, &(0x7f0000000000/0x18000)=nil, 0x0, 0x196, 0x0, 0x0, 0x0) 08:10:45 executing program 1: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) timerfd_create(0x0, 0x1000) 08:10:45 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x196, 0x0, 0x0, 0x0) ioctl$KVM_GET_XCRS(0xffffffffffffffff, 0x8188aea6, &(0x7f0000000000)=ANY=[@ANYBLOB="010002d59400000500ade76e876e03c8cc0000"]) ioctl$KVM_RUN(r2, 0xae80, 0x1c00) 08:10:45 executing program 2: pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) syz_mount_image$vfat(&(0x7f0000000440)='vfat\x00', &(0x7f0000000400)='./file0\x00', 0xfffffffffffffffa, 0x1, &(0x7f00000003c0)=[{&(0x7f0000000080)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x280001c, 0x0) r1 = open(&(0x7f0000000300)='./file0\x00', 0x0, 0x0) fchdir(r1) creat(&(0x7f0000000140)='./bus\x00', 0x0) mkdir(&(0x7f0000000240)='./file1\x00', 0x0) mkdir(&(0x7f0000000280)='./file0\x00', 0x0) r2 = open(&(0x7f00000009c0)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x800002, 0x11, r2, 0x0) r3 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_S_EXT_CTRLS(r3, 0xc0205648, &(0x7f0000000080)={0x0, 0x7}) fsetxattr$security_ima(r3, &(0x7f0000000000)='security.ima\x00', &(0x7f0000000040)=ANY=[@ANYBLOB="04001fc1ca070000000000"], 0xf, 0x1) r4 = creat(&(0x7f00000002c0)='./bus\x00', 0x0) fcntl$setstatus(r4, 0x4, 0x6100) ftruncate(r4, 0x8200) write$cgroup_type(r4, &(0x7f0000000200)='threaded\x00', 0x175d900f) write$binfmt_misc(r0, &(0x7f0000000140)=ANY=[], 0x4240a2a0) 08:10:45 executing program 5: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {&(0x7f0000000000)="6653070000053c07bc3376003639405cb4aed1e68f7d368b3fb62f00000000", 0x1f}], 0x3, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) 08:10:45 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0xffffffffffffff76, 0x0, 0x0, 0x0) ioctl$KVM_SET_CLOCK(r1, 0xae78, &(0x7f00000000c0)) 08:10:45 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x196, 0x0, 0x0, 0x0) ioctl$KVM_GET_XCRS(0xffffffffffffffff, 0x8188aea6, &(0x7f0000000000)=ANY=[@ANYBLOB="010002d59400000500ade76e876e03c8cc0000"]) ioctl$KVM_RUN(r2, 0xae80, 0x1d00) 08:10:45 executing program 2: pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) syz_mount_image$vfat(&(0x7f0000000440)='vfat\x00', &(0x7f0000000400)='./file0\x00', 0xfffffffffffffffa, 0x1, &(0x7f00000003c0)=[{&(0x7f0000000080)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x280001c, 0x0) r1 = open(&(0x7f0000000300)='./file0\x00', 0x0, 0x0) fchdir(r1) creat(&(0x7f0000000140)='./bus\x00', 0x0) mkdir(&(0x7f0000000240)='./file1\x00', 0x0) mkdir(&(0x7f0000000280)='./file0\x00', 0x0) r2 = open(&(0x7f0000000000)='./bus\x00', 0x40042, 0xee) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x800002, 0x11, r2, 0x0) r3 = creat(&(0x7f00000002c0)='./bus\x00', 0x0) fcntl$setstatus(r3, 0x4, 0x6100) ftruncate(r3, 0x8200) write$cgroup_type(r3, &(0x7f0000000200)='threaded\x00', 0x175d900f) write$binfmt_misc(r0, &(0x7f0000000140)=ANY=[], 0x4240a2a0) 08:10:46 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x196, 0x0, 0x0, 0x0) ioctl$KVM_GET_XCRS(0xffffffffffffffff, 0x8188aea6, &(0x7f0000000000)=ANY=[@ANYBLOB="010002d59400000500ade76e876e03c8cc0000"]) ioctl$KVM_RUN(r2, 0xae80, 0x1e00) 08:10:46 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x17, 0x4, &(0x7f0000000040)=@framed={{0xffffffb4, 0x6cb3210000000000, 0x0, 0x0, 0x0, 0x6e}, [@ldst={0x3, 0x0, 0x3, 0x1c10a1, 0x0, 0x2}]}, &(0x7f0000003ff6)='G\x00', 0x5, 0x100b0, &(0x7f000000cf3d)=""/195}, 0x48) 08:10:46 executing program 3: pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) syz_mount_image$vfat(&(0x7f0000000440)='vfat\x00', &(0x7f0000000400)='./file0\x00', 0xfffffffffffffffa, 0x1, &(0x7f00000003c0)=[{&(0x7f0000000080)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x280001c, 0x0) r1 = open(&(0x7f0000000300)='./file0\x00', 0x100, 0x0) fchdir(r1) creat(&(0x7f0000000140)='./bus\x00', 0x0) mkdir(&(0x7f0000000240)='./file1\x00', 0x0) mkdir(&(0x7f0000000280)='./file0\x00', 0x0) r2 = open(&(0x7f00000009c0)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x800002, 0x11, r2, 0x0) r3 = creat(&(0x7f00000002c0)='./bus\x00', 0x0) fcntl$setstatus(r3, 0x4, 0x6100) ftruncate(r3, 0x8200) write$cgroup_type(r3, &(0x7f0000000200)='threaded\x00', 0x175d900f) write$binfmt_misc(r0, &(0x7f0000000140)=ANY=[], 0x4240a2a0) [ 1030.868894][T18616] FAT-fs (loop3): error, fat_get_cluster: invalid cluster chain (i_pos 17) [ 1030.877656][T18616] FAT-fs (loop3): Filesystem has been set read-only [ 1030.884845][T18616] FAT-fs (loop3): error, fat_get_cluster: invalid cluster chain (i_pos 17) [ 1030.893616][T18616] FAT-fs (loop3): error, fat_get_cluster: invalid cluster chain (i_pos 17) [ 1030.902938][T18616] FAT-fs (loop3): error, fat_get_cluster: invalid cluster chain (i_pos 17) [ 1030.911604][T18616] FAT-fs (loop3): error, fat_get_cluster: invalid cluster chain (i_pos 17) [ 1030.921777][T18616] FAT-fs (loop3): error, fat_get_cluster: invalid cluster chain (i_pos 17) [ 1030.930759][T18616] FAT-fs (loop3): error, fat_get_cluster: invalid cluster chain (i_pos 17) [ 1030.940200][T18616] FAT-fs (loop3): error, fat_get_cluster: invalid cluster chain (i_pos 17) [ 1030.948858][T18616] FAT-fs (loop3): error, fat_get_cluster: invalid cluster chain (i_pos 17) [ 1030.957620][T18616] FAT-fs (loop3): error, fat_get_cluster: invalid cluster chain (i_pos 17) 08:10:53 executing program 0: gettid() r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(r0, 0x40086602, 0x400007) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_pid(0xffffffffffffffff, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x6}, 0x3c) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x40082406, 0x0) write$cgroup_subtree(r1, &(0x7f0000000000)=ANY=[], 0x32600) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r1, &(0x7f0000000000)=ANY=[@ANYBLOB], 0xda00) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000080)='cpu.stat\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x7fff}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffc}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) write$cgroup_int(r2, &(0x7f0000000200), 0x43400) ioctl$PERF_EVENT_IOC_MODIFY_ATTRIBUTES(r1, 0x4008240b, &(0x7f0000000280)={0x0, 0x70, 0xff, 0x1, 0x0, 0x3, 0x0, 0x100000000, 0xc17d06253f1d94fb, 0x2, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x8000, 0x4, @perf_config_ext={0x4, 0x1f}, 0x800, 0x8239, 0x7fff, 0x1, 0x1000, 0x9, 0x7}) 08:10:53 executing program 2: pipe(&(0x7f0000000300)) r0 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_S_EXT_CTRLS(r0, 0xc0205648, &(0x7f0000000080)={0x0, 0x7}) ioctl$VIDIOC_S_PARM(r0, 0xc0cc5616, &(0x7f0000000480)={0xc, @output={0x1000, 0x2, {0x9, 0x5}, 0x6, 0x20}}) syz_mount_image$vfat(&(0x7f0000000440)='vfat\x00', &(0x7f0000000400)='./file0\x00', 0xfffffffffffffffa, 0x1, &(0x7f00000003c0)=[{&(0x7f0000000080)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x280001c, 0x0) r1 = open(&(0x7f0000000300)='./file0\x00', 0x0, 0x0) fchdir(r1) creat(&(0x7f0000000140)='./bus\x00', 0x0) mkdir(&(0x7f0000000240)='./file1\x00', 0x0) mkdir(&(0x7f0000000280)='./file0\x00', 0x0) r2 = open(&(0x7f00000009c0)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x800002, 0x11, r2, 0x0) r3 = creat(&(0x7f00000002c0)='./bus\x00', 0x0) fcntl$setstatus(r3, 0x4, 0x6100) ftruncate(r3, 0x8200) write$cgroup_type(r3, &(0x7f0000000200)='threaded\x00', 0x175d900f) r4 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_S_EXT_CTRLS(r4, 0xc0205648, &(0x7f0000000080)={0x0, 0x7}) write$binfmt_misc(r4, &(0x7f0000000100)=ANY=[], 0xffffffffffffffab) 08:10:53 executing program 1 (fault-call:10 fault-nth:0): syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x552, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78) setsockopt$inet_mreqsrc(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000100)='./file0\x00', 0x40c2, 0x40) r2 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) write(r1, &(0x7f0000000600)="34fd98aa1d0e7adec937a5f331a75f487934f50242a0751944936972896c29a5068c8ecba1aa0a4e2a631b5180e1fbde79f4502dc4c4a1fba9dcd9ed83e639aefa1b87631c33d1a82cb0c0035676ddfeb0fe7984d7519b0f839d497fc9d64ef14d1de22220ff2623df4950134b9fb734a52adad95f131cce3672a9d7d7b400d2c62810b5f20351639330948107bf8d4534a03ac389455c54d8eb4d609b3e858b7213b38eb01f0eeaba3739ae927916e28da6a79a3fd5e32d30ab30bf959d4596e5ffbff6789a650b9e7d248d1ba849012336a4f3ef8fab07a8f5b81bb0bc45b2174538315ca12b7c723b2157562564a8a1f19d28179f8c565448e0e921b8c3e6fc4adaafa8b929ad077f633325b6a6f71a586cabc4883e03e19315f946b277858593a7367e232202fe9ad656c6768a1517da7f0498b48cb078e929fb11db0cc551f754bffc4859dd89a396915cc809b07d448573098409ea21371056f67ef4114ec10547f498d24513fe594308bf022868ad21e85bba811942fdc45161a1a8a7fe00d5c6b05ed7954f631bbd12a5c9a5cfa5965e0595de608b04ebe02b3fcbf3b9f57807a1a7ad8528992e2ec65949da2f4a0478dfd3ae52639c15d8aeaa351da6d393b58c772168fae604d097fef4d6b9360eb169a0b0ee70cdc22435a003e68698f61b3b63b1f51011bc8f4ef944c1de821785f670124a1c6ed18335d63412", 0x200) sendfile(r1, r2, 0x0, 0x7fffffa7) r3 = open(&(0x7f0000000040)='./file0\x00', 0x141042, 0x0) sendfile(r3, r1, 0x0, 0xffffffff) 08:10:53 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x196, 0x0, 0x0, 0x0) ioctl$KVM_GET_XCRS(0xffffffffffffffff, 0x8188aea6, &(0x7f0000000000)=ANY=[@ANYBLOB="010002d59400000500ade76e876e03c8cc0000"]) ioctl$KVM_RUN(r2, 0xae80, 0x4000) 08:10:53 executing program 3: socket$inet_udplite(0x2, 0x2, 0x88) mkdir(&(0x7f0000fd5ff8)='./file0\x00', 0x0) unshare(0x40600) pwritev(0xffffffffffffffff, &(0x7f0000000080)=[{&(0x7f0000000140)="99", 0x1}], 0x1, 0x0) r0 = socket$netlink(0x10, 0x3, 0x2) r1 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x1, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3f, 0x0, 0x20000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = memfd_create(&(0x7f00000001c0)='-B\xd5NI\xc5j\xbappp\xf0\b\x84\xa2m\x00:)\x00\xbb\x8d\xac\xacva}knh#\xcb)\x0f\xc8\xc0:\x9cc\x10d\xee\xa9\x8bCc\xad\x89\x9ck\xde\xc5\xe96\xddU\xa9=\xcdJx\xaa\x8f~\xb90a\xa9\xb2\x04K\x98\x93?\x88Q\xf7\xd6\x1d\xa1\xce\x8b\x19\xea\xef\xe3\xab\xb6\xa5$4\xd6\xfe7\x0f\xe7\xd9$\xce \xabN\xae\xc9\xbd\xd3g@\xe1\'s\x0e\x90\xf2\xcdr\xb8(', 0x0) pwrite64(r2, &(0x7f000003bfff)='/', 0x1, 0x0) mmap(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x4, 0x11, r2, 0x0) r3 = syz_genetlink_get_family_id$tipc(&(0x7f0000000180)='TIPC\x00') sendmsg$TIPC_CMD_GET_NODES(r0, &(0x7f00000002c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000280)={&(0x7f0000000240)={0x1c, r3, 0x400, 0x70bd2a, 0x25dfdbfb, {}, ["", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x8001}, 0x80) lseek(r1, 0x0, 0x1) readahead(r1, 0x4, 0x2) sendfile(r2, r2, &(0x7f0000000440), 0x20) symlink(&(0x7f0000001000)='./file0\x00', &(0x7f0000000080)='./file0\x00') mount(0x0, 0x0, 0x0, 0x2000080000003f7c, 0x0) pivot_root(&(0x7f0000000380)='./file1\x00', &(0x7f00000003c0)='./file0/file0/file0\x00') perf_event_open(&(0x7f00000000c0)={0x1, 0x6, 0x0, 0x0, 0x0, 0xfb, 0x0, 0x7f, 0x80, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x3, @perf_bp={&(0x7f0000000300), 0x4}, 0x20095, 0x0, 0x0, 0x0, 0x0, 0x6}, 0x0, 0xd, r1, 0x0) r4 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r4, &(0x7f0000000140)={0xa, 0x4e24, 0x1, @dev, 0x5}, 0x1c) r5 = syz_open_procfs(0x0, &(0x7f0000000040)='net/protocols\x00') write$UHID_CREATE2(0xffffffffffffffff, &(0x7f0000000300)=ANY=[], 0x0) ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, &(0x7f00000005c0)) sendfile(r4, r5, 0x0, 0x8607) 08:10:53 executing program 5: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {&(0x7f0000000000)="6653070000053c07bc3376003639405cb4aed1e68f7d368b3fb62f00000000", 0x1f}], 0x3, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) [ 1037.490682][ T27] audit: type=1800 audit(1577520653.221:615): pid=18633 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="file0" dev="loop1" ino=534 res=0 [ 1037.582746][ T27] audit: type=1804 audit(1577520653.251:616): pid=18645 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir643497950/syzkaller.E8iwYA/212/file0/file0" dev="loop1" ino=534 res=1 [ 1037.601866][T18645] FAULT_INJECTION: forcing a failure. [ 1037.601866][T18645] name failslab, interval 1, probability 0, space 0, times 0 08:10:53 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x196, 0x0, 0x0, 0x0) ioctl$KVM_GET_XCRS(0xffffffffffffffff, 0x8188aea6, &(0x7f0000000000)=ANY=[@ANYBLOB="010002d59400000500ade76e876e03c8cc0000"]) ioctl$KVM_RUN(r2, 0xae80, 0xe803) [ 1037.612157][ T27] audit: type=1804 audit(1577520653.321:617): pid=18645 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir643497950/syzkaller.E8iwYA/212/file0/file0" dev="loop1" ino=534 res=1 [ 1037.699127][T18645] CPU: 0 PID: 18645 Comm: syz-executor.1 Not tainted 5.5.0-rc1-syzkaller #0 [ 1037.707862][T18645] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1037.717943][T18645] Call Trace: [ 1037.721244][T18645] dump_stack+0x11d/0x181 [ 1037.725729][T18645] should_fail.cold+0xa/0x1a [ 1037.730384][T18645] __should_failslab+0xee/0x130 [ 1037.735358][T18645] should_failslab+0x9/0x14 [ 1037.739894][T18645] kmem_cache_alloc_trace+0x2a/0x5d0 [ 1037.745404][T18645] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1037.751718][T18645] ? __sanitizer_cov_trace_switch+0x49/0x80 [ 1037.757625][T18645] alloc_pipe_info+0xf8/0x3b0 [ 1037.762375][T18645] splice_direct_to_actor+0x4b3/0x540 [ 1037.767763][T18645] ? generic_pipe_buf_nosteal+0x20/0x20 [ 1037.773337][T18645] ? security_file_permission+0x88/0x280 [ 1037.778991][T18645] ? rw_verify_area+0xee/0x250 [ 1037.783839][T18645] do_splice_direct+0x161/0x1e0 [ 1037.788706][T18645] do_sendfile+0x384/0x7f0 [ 1037.793142][T18645] __x64_sys_sendfile64+0x12a/0x140 [ 1037.798377][T18645] do_syscall_64+0xcc/0x3a0 [ 1037.803048][T18645] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1037.808938][T18645] RIP: 0033:0x45a919 [ 1037.812904][T18645] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1037.832511][T18645] RSP: 002b:00007f8e91f37c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 1037.841069][T18645] RAX: ffffffffffffffda RBX: 00007f8e91f37c90 RCX: 000000000045a919 08:10:53 executing program 2: pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) syz_mount_image$vfat(&(0x7f0000000440)='vfat\x00', &(0x7f0000000400)='./file0\x00', 0xfffffffffffffffa, 0x1, &(0x7f00000003c0)=[{&(0x7f0000000080)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x280001c, 0x0) r1 = open(&(0x7f0000000300)='./file0\x00', 0x0, 0x0) fchdir(r1) creat(&(0x7f0000000140)='./bus\x00', 0x0) mkdir(&(0x7f0000000240)='./file1\x00', 0x0) mkdir(&(0x7f0000000280)='./file0\x00', 0x0) r2 = open(&(0x7f00000009c0)='./bus\x00', 0x141042, 0x0) r3 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/pfkey\x00', 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x552, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, r3}, 0x78) open_tree(r3, &(0x7f0000000000)='./bus\x00', 0x80103) prctl$PR_SET_SECCOMP(0x16, 0x0, &(0x7f0000000100)={0x1, &(0x7f0000000040)=[{0x0, 0x1, 0xfc, 0x1}]}) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x800002, 0x11, r2, 0x0) r4 = creat(&(0x7f00000002c0)='./bus\x00', 0x0) fcntl$setstatus(r4, 0x4, 0x6100) ftruncate(r4, 0x8200) write$cgroup_type(r4, &(0x7f0000000200)='threaded\x00', 0x175d900f) write$binfmt_misc(r0, &(0x7f0000000140)=ANY=[], 0x4240a2a0) lsetxattr$security_selinux(&(0x7f0000000180)='./bus\x00', &(0x7f00000001c0)='security.selinux\x00', &(0x7f0000000340)='system_u:object_r:var_spool_t:s0\x00', 0x21, 0x0) 08:10:53 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1ff, 0x1}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe2(&(0x7f0000000080), 0x4000) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4da72aca94d883e2ff29e1f446b573d4d53cf93079a48da1a1c5567b7ada164cdaee35e2625a386cddb707f54ffefc19be68b6331da2aeb208e521a3dde5939ab25a932fae347233a6d5b7e4c2965ef5590b75b2a4e57b36ef708f7d12a835823727054b250cb14bf6575a000000000000007e7525e55793e7dc4009c61b487845b1de", 0xca, 0x10000}], 0x0, 0x0) ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, 0x0) [ 1037.849385][T18645] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000006 [ 1037.857359][T18645] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 [ 1037.865365][T18645] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007f8e91f386d4 [ 1037.873343][T18645] R13: 00000000004c925e R14: 00000000004e0f88 R15: 0000000000000007 [ 1038.179089][T18666] BTRFS: device fsid fff6f2a2-2997-48ae-b81e-1b00b10efd9a devid 222 transid 18438444790640683687 /dev/loop3 scanned by syz-executor.3 (18666) 08:10:54 executing program 2: pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) syz_mount_image$vfat(&(0x7f0000000440)='vfat\x00', &(0x7f0000000400)='./file0\x00', 0xfffffffffffffffa, 0x1, &(0x7f00000003c0)=[{&(0x7f0000000080)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x280001c, 0x0) r1 = open(&(0x7f0000000300)='./file0\x00', 0x0, 0x0) fchdir(r1) creat(&(0x7f0000000140)='./bus\x00', 0x0) mkdir(&(0x7f0000000240)='./file1\x00', 0x0) mkdir(&(0x7f0000000280)='./file0\x00', 0x0) r2 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/pfkey\x00', 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x552, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, r2}, 0x78) getsockopt$inet_sctp6_SCTP_AUTO_ASCONF(r2, 0x84, 0x1e, &(0x7f0000000040), &(0x7f0000000180)=0x4) r3 = open(&(0x7f00000009c0)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x800002, 0x11, r3, 0x0) r4 = creat(&(0x7f00000002c0)='./bus\x00', 0x0) fcntl$setstatus(r4, 0x4, 0x6100) ftruncate(r4, 0x8200) write$cgroup_type(r4, &(0x7f0000000200)='tEread@\x00\x1a', 0x9) r5 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/pfkey\x00', 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x552, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, r5}, 0x78) r6 = socket$inet_sctp(0x2, 0x1, 0x84) r7 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r7, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [0x0]}, &(0x7f000095dffc)=0x8) getsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(r6, 0x84, 0xa, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r8}, &(0x7f0000000100)=0x20) setsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r5, 0x84, 0x22, &(0x7f0000000000)={0x2, 0x8000, 0x1ff, 0x80, r8}, 0x10) write$binfmt_misc(r0, &(0x7f0000000140)=ANY=[], 0x4240a2a0) 08:10:54 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x196, 0x0, 0x0, 0x0) ioctl$KVM_GET_XCRS(0xffffffffffffffff, 0x8188aea6, &(0x7f0000000000)=ANY=[@ANYBLOB="010002d59400000500ade76e876e03c8cc0000"]) ioctl$KVM_RUN(r2, 0xae80, 0x231860) [ 1038.306045][T18666] BTRFS error (device loop3): unsupported checksum algorithm: 18459 08:10:54 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x196, 0x0, 0x0, 0x0) ioctl$KVM_GET_XCRS(0xffffffffffffffff, 0x8188aea6, &(0x7f0000000000)=ANY=[@ANYBLOB="010002d59400000500ade76e876e03c8cc0000"]) ioctl$KVM_RUN(r2, 0xae80, 0x80ffff) [ 1038.396800][T18666] BTRFS error (device loop3): open_ctree failed [ 1038.488830][T18672] BTRFS: device fsid fff6f2a2-2997-48ae-b81e-1b00b10efd9a devid 222 transid 18438444790640683687 /dev/loop3 scanned by syz-executor.3 (18672) [ 1038.569476][T18672] BTRFS error (device loop3): unsupported checksum algorithm: 18459 [ 1038.662368][T18672] BTRFS error (device loop3): open_ctree failed 08:11:03 executing program 0: gettid() r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(r0, 0x40086602, 0x400007) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_pid(0xffffffffffffffff, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x6}, 0x3c) write$cgroup_subtree(r1, &(0x7f0000000000)=ANY=[], 0x32600) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r1, &(0x7f0000000000)=ANY=[@ANYBLOB], 0xda00) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000080)='cpu.stat\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x7fff}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffc}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) write$cgroup_int(r2, &(0x7f0000000200), 0x43400) ioctl$PERF_EVENT_IOC_MODIFY_ATTRIBUTES(r1, 0x4008240b, &(0x7f0000000280)={0x0, 0x70, 0xff, 0x1, 0x0, 0x3, 0x0, 0x100000000, 0xc17d06253f1d94fb, 0x2, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x8000, 0x4, @perf_config_ext={0x4, 0x1f}, 0x800, 0x8239, 0x7fff, 0x1, 0x1000, 0x9, 0x7}) 08:11:03 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x196, 0x0, 0x0, 0x0) ioctl$KVM_GET_XCRS(0xffffffffffffffff, 0x8188aea6, &(0x7f0000000000)=ANY=[@ANYBLOB="010002d59400000500ade76e876e03c8cc0000"]) ioctl$KVM_RUN(r2, 0xae80, 0x1000000) 08:11:03 executing program 2: pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) syz_mount_image$vfat(&(0x7f0000000440)='vfat\x00', &(0x7f0000000400)='./file0\x00', 0xfffffffffffffffa, 0x1, &(0x7f00000003c0)=[{&(0x7f0000000080)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x280001c, 0x0) r1 = open(&(0x7f0000000300)='./file0\x00', 0x0, 0x0) fchdir(r1) creat(&(0x7f0000000140)='./bus\x00', 0x0) mkdir(&(0x7f0000000240)='./file1\x00', 0x0) mkdir(&(0x7f0000000280)='./file0\x00', 0x0) r2 = open(&(0x7f00000009c0)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x800002, 0x11, r2, 0x0) r3 = creat(&(0x7f00000002c0)='./bus\x00', 0x0) fcntl$setstatus(r3, 0x4, 0x6100) ftruncate(r3, 0x8200) recvmsg$can_bcm(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000000)=@caif, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000480)=""/179, 0xb3}, {&(0x7f0000000540)=""/135, 0x87}], 0x2, &(0x7f0000000180)=""/96, 0x60}, 0x40000140) write$cgroup_type(r3, &(0x7f0000000200)='threaded\x00', 0x175d900f) write$binfmt_misc(r0, &(0x7f0000000140)=ANY=[], 0x4240a2a0) 08:11:03 executing program 1 (fault-call:10 fault-nth:1): syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x552, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78) setsockopt$inet_mreqsrc(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000100)='./file0\x00', 0x40c2, 0x40) r2 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) write(r1, &(0x7f0000000600)="34fd98aa1d0e7adec937a5f331a75f487934f50242a0751944936972896c29a5068c8ecba1aa0a4e2a631b5180e1fbde79f4502dc4c4a1fba9dcd9ed83e639aefa1b87631c33d1a82cb0c0035676ddfeb0fe7984d7519b0f839d497fc9d64ef14d1de22220ff2623df4950134b9fb734a52adad95f131cce3672a9d7d7b400d2c62810b5f20351639330948107bf8d4534a03ac389455c54d8eb4d609b3e858b7213b38eb01f0eeaba3739ae927916e28da6a79a3fd5e32d30ab30bf959d4596e5ffbff6789a650b9e7d248d1ba849012336a4f3ef8fab07a8f5b81bb0bc45b2174538315ca12b7c723b2157562564a8a1f19d28179f8c565448e0e921b8c3e6fc4adaafa8b929ad077f633325b6a6f71a586cabc4883e03e19315f946b277858593a7367e232202fe9ad656c6768a1517da7f0498b48cb078e929fb11db0cc551f754bffc4859dd89a396915cc809b07d448573098409ea21371056f67ef4114ec10547f498d24513fe594308bf022868ad21e85bba811942fdc45161a1a8a7fe00d5c6b05ed7954f631bbd12a5c9a5cfa5965e0595de608b04ebe02b3fcbf3b9f57807a1a7ad8528992e2ec65949da2f4a0478dfd3ae52639c15d8aeaa351da6d393b58c772168fae604d097fef4d6b9360eb169a0b0ee70cdc22435a003e68698f61b3b63b1f51011bc8f4ef944c1de821785f670124a1c6ed18335d63412", 0x200) sendfile(r1, r2, 0x0, 0x7fffffa7) r3 = open(&(0x7f0000000040)='./file0\x00', 0x141042, 0x0) sendfile(r3, r1, 0x0, 0xffffffff) 08:11:03 executing program 3: r0 = socket$inet(0x10, 0x3, 0x0) sendmsg(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f00000003c0)="24000000180007431dfffd946f6105000a00050a1f000007002808080800020020000000", 0x24}], 0x1}, 0x0) r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/pfkey\x00', 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x552, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, r1}, 0x78) r2 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00') sendmsg$IPVS_CMD_NEW_DEST(r1, &(0x7f0000000240)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000200)={&(0x7f00000000c0)={0x138, r2, 0x708, 0x70bd2b, 0x25dfdbfb, {}, [@IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x7ff}, @IPVS_CMD_ATTR_DAEMON={0x44, 0x3, [@IPVS_DAEMON_ATTR_MCAST_TTL={0x8, 0x8, 0x7}, @IPVS_DAEMON_ATTR_MCAST_TTL={0x8, 0x8, 0x6}, @IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'bridge_slave_1\x00'}, @IPVS_DAEMON_ATTR_MCAST_GROUP6={0x14, 0x6, @loopback}, @IPVS_DAEMON_ATTR_MCAST_TTL={0x8, 0x8, 0xe3}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x5306}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x5}, @IPVS_CMD_ATTR_SERVICE={0x14, 0x1, [@IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}, @IPVS_SVC_ATTR_PORT={0x8, 0x4, 0x4e23}]}, @IPVS_CMD_ATTR_DEST={0x40, 0x2, [@IPVS_DEST_ATTR_INACT_CONNS={0x8, 0x8, 0xfff}, @IPVS_DEST_ATTR_PORT={0x8, 0x2, 0x4e23}, @IPVS_DEST_ATTR_TUN_PORT={0x8, 0xe, 0x4e24}, @IPVS_DEST_ATTR_ACTIVE_CONNS={0x8, 0x7, 0xffffffff}, @IPVS_DEST_ATTR_PERSIST_CONNS={0x8, 0x9, 0xc5f2}, @IPVS_DEST_ATTR_ADDR={0x14, 0x1, @ipv6=@rand_addr="9be773de3a42b786bf5588763c5f7b4a"}]}, @IPVS_CMD_ATTR_DEST={0x14, 0x2, [@IPVS_DEST_ATTR_TUN_TYPE={0x8, 0xd, 0x1}, @IPVS_DEST_ATTR_FWD_METHOD={0x8}]}, @IPVS_CMD_ATTR_DAEMON={0xc, 0x3, [@IPVS_DAEMON_ATTR_MCAST_TTL={0x8, 0x8, 0x1}]}, @IPVS_CMD_ATTR_SERVICE={0x54, 0x1, [@IPVS_SVC_ATTR_PROTOCOL={0x8, 0x2, 0x33}, @IPVS_SVC_ATTR_FWMARK={0x8, 0x5, 0x4}, @IPVS_SVC_ATTR_TIMEOUT={0x8, 0x8, 0x8}, @IPVS_SVC_ATTR_SCHED_NAME={0xc, 0x6, 'lblcr\x00'}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv4=@multicast1}, @IPVS_SVC_ATTR_FWMARK={0x8}, @IPVS_SVC_ATTR_SCHED_NAME={0x8, 0x6, 'wlc\x00'}, @IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x4f}]}]}, 0x138}, 0x1, 0x0, 0x0, 0x11}, 0x8854) r3 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/pfkey\x00', 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x552, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, r3}, 0x78) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r3, 0x6, 0x1d, &(0x7f0000000280)={0x0, 0x401, 0x10001, 0x6, 0x7}, 0x14) 08:11:03 executing program 5: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000000)="6653070000053c07bc3376003639405cb4aed1e68f7d368b3fb62f00000000", 0x1f}], 0x4, 0x0) ptrace$setopts(0xffffffffffffffff, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) 08:11:03 executing program 5: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000000)="6653070000053c07bc3376003639405cb4aed1e68f7d368b3fb62f00000000", 0x1f}], 0x4, 0x0) ptrace$setopts(0xffffffffffffffff, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) [ 1047.997979][T18716] IPv6: NLM_F_CREATE should be specified when creating new route [ 1048.059135][T18716] IPv6: Can't replace route, no match found [ 1048.069475][ T27] audit: type=1800 audit(1577520663.801:618): pid=18724 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="file0" dev="loop1" ino=535 res=0 08:11:03 executing program 3: r0 = syz_open_dev$video(&(0x7f0000000100)='/dev/video#\x00', 0x7f, 0x0) ioctl$VIDIOC_G_AUDIO(r0, 0x80345621, 0x0) 08:11:03 executing program 5: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000000)="6653070000053c07bc3376003639405cb4aed1e68f7d368b3fb62f00000000", 0x1f}], 0x4, 0x0) ptrace$setopts(0xffffffffffffffff, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) [ 1048.152353][ T27] audit: type=1804 audit(1577520663.831:619): pid=18724 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir643497950/syzkaller.E8iwYA/213/file0/file0" dev="loop1" ino=535 res=1 [ 1048.160290][T18736] FAULT_INJECTION: forcing a failure. [ 1048.160290][T18736] name failslab, interval 1, probability 0, space 0, times 0 08:11:04 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x196, 0x0, 0x0, 0x0) ioctl$KVM_GET_XCRS(0xffffffffffffffff, 0x8188aea6, &(0x7f0000000000)=ANY=[@ANYBLOB="010002d59400000500ade76e876e03c8cc0000"]) ioctl$KVM_RUN(r2, 0xae80, 0x2000000) [ 1048.261833][T18736] CPU: 1 PID: 18736 Comm: syz-executor.1 Not tainted 5.5.0-rc1-syzkaller #0 [ 1048.271089][T18736] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1048.281149][T18736] Call Trace: [ 1048.284454][T18736] dump_stack+0x11d/0x181 [ 1048.288888][T18736] should_fail.cold+0xa/0x1a [ 1048.293650][T18736] __should_failslab+0xee/0x130 [ 1048.298551][T18736] should_failslab+0x9/0x14 [ 1048.303325][T18736] __kmalloc+0x53/0x690 [ 1048.307499][T18736] ? kmem_cache_alloc_trace+0x1e9/0x5d0 [ 1048.313133][T18736] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1048.319436][T18736] ? __sanitizer_cov_trace_switch+0x49/0x80 [ 1048.325391][T18736] ? alloc_pipe_info+0x20e/0x3b0 [ 1048.330459][T18736] alloc_pipe_info+0x20e/0x3b0 [ 1048.335301][T18736] splice_direct_to_actor+0x4b3/0x540 [ 1048.340891][T18736] ? generic_pipe_buf_nosteal+0x20/0x20 [ 1048.347105][T18736] ? security_file_permission+0x88/0x280 [ 1048.352762][T18736] ? rw_verify_area+0xee/0x250 [ 1048.357560][T18736] do_splice_direct+0x161/0x1e0 [ 1048.362516][T18736] do_sendfile+0x384/0x7f0 [ 1048.367358][T18736] __x64_sys_sendfile64+0x12a/0x140 [ 1048.372606][T18736] do_syscall_64+0xcc/0x3a0 [ 1048.377134][T18736] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1048.383065][T18736] RIP: 0033:0x45a919 [ 1048.387028][T18736] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 08:11:04 executing program 5: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000000)="6653070000053c07bc3376003639405cb4aed1e68f7d368b3fb62f00000000", 0x1f}], 0x4, 0x0) ptrace$setopts(0x4206, 0x0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) [ 1048.406671][T18736] RSP: 002b:00007f8e91f37c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 1048.415233][T18736] RAX: ffffffffffffffda RBX: 00007f8e91f37c90 RCX: 000000000045a919 [ 1048.423218][T18736] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000006 [ 1048.431221][T18736] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 [ 1048.439358][T18736] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007f8e91f386d4 [ 1048.448217][T18736] R13: 00000000004c925e R14: 00000000004e0f88 R15: 0000000000000007 08:11:04 executing program 2: pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) syz_mount_image$vfat(&(0x7f0000000440)='vfat\x00', &(0x7f0000000400)='./file0\x00', 0xfffffffffffffffa, 0x1, &(0x7f00000003c0)=[{&(0x7f0000000080)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x280001c, 0x0) r1 = open(&(0x7f0000000300)='./file0\x00', 0x0, 0x0) fchdir(r1) creat(&(0x7f0000000140)='./bus\x00', 0x0) mkdir(&(0x7f0000000240)='./file1\x00', 0x0) mkdir(&(0x7f0000000280)='./file0\x00', 0x0) r2 = open(&(0x7f00000009c0)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x800002, 0x11, r2, 0x0) r3 = creat(&(0x7f00000002c0)='./bus\x00', 0x0) fcntl$setstatus(r3, 0x4, 0x6100) ftruncate(r3, 0x8200) write$cgroup_type(r3, &(0x7f0000000200)='threaded\x00', 0x175d900f) write$binfmt_misc(r0, &(0x7f0000000140)=ANY=[], 0x4240a2a0) [ 1048.505213][ T27] audit: type=1804 audit(1577520663.891:620): pid=18736 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir643497950/syzkaller.E8iwYA/213/file0/file0" dev="loop1" ino=535 res=1 08:11:11 executing program 5: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000000)="6653070000053c07bc3376003639405cb4aed1e68f7d368b3fb62f00000000", 0x1f}], 0x4, 0x0) ptrace$setopts(0x4206, 0x0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) 08:11:11 executing program 3: 08:11:11 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x196, 0x0, 0x0, 0x0) ioctl$KVM_GET_XCRS(0xffffffffffffffff, 0x8188aea6, &(0x7f0000000000)=ANY=[@ANYBLOB="010002d59400000500ade76e876e03c8cc0000"]) ioctl$KVM_RUN(r2, 0xae80, 0x3000000) 08:11:11 executing program 1 (fault-call:10 fault-nth:2): syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x552, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78) setsockopt$inet_mreqsrc(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000100)='./file0\x00', 0x40c2, 0x40) r2 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) write(r1, &(0x7f0000000600)="34fd98aa1d0e7adec937a5f331a75f487934f50242a0751944936972896c29a5068c8ecba1aa0a4e2a631b5180e1fbde79f4502dc4c4a1fba9dcd9ed83e639aefa1b87631c33d1a82cb0c0035676ddfeb0fe7984d7519b0f839d497fc9d64ef14d1de22220ff2623df4950134b9fb734a52adad95f131cce3672a9d7d7b400d2c62810b5f20351639330948107bf8d4534a03ac389455c54d8eb4d609b3e858b7213b38eb01f0eeaba3739ae927916e28da6a79a3fd5e32d30ab30bf959d4596e5ffbff6789a650b9e7d248d1ba849012336a4f3ef8fab07a8f5b81bb0bc45b2174538315ca12b7c723b2157562564a8a1f19d28179f8c565448e0e921b8c3e6fc4adaafa8b929ad077f633325b6a6f71a586cabc4883e03e19315f946b277858593a7367e232202fe9ad656c6768a1517da7f0498b48cb078e929fb11db0cc551f754bffc4859dd89a396915cc809b07d448573098409ea21371056f67ef4114ec10547f498d24513fe594308bf022868ad21e85bba811942fdc45161a1a8a7fe00d5c6b05ed7954f631bbd12a5c9a5cfa5965e0595de608b04ebe02b3fcbf3b9f57807a1a7ad8528992e2ec65949da2f4a0478dfd3ae52639c15d8aeaa351da6d393b58c772168fae604d097fef4d6b9360eb169a0b0ee70cdc22435a003e68698f61b3b63b1f51011bc8f4ef944c1de821785f670124a1c6ed18335d63412", 0x200) sendfile(r1, r2, 0x0, 0x7fffffa7) r3 = open(&(0x7f0000000040)='./file0\x00', 0x141042, 0x0) sendfile(r3, r1, 0x0, 0xffffffff) 08:11:11 executing program 0: gettid() r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(r0, 0x40086602, 0x400007) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_pid(0xffffffffffffffff, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x6}, 0x3c) write$cgroup_subtree(r1, &(0x7f0000000000)=ANY=[], 0x32600) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r1, &(0x7f0000000000)=ANY=[@ANYBLOB], 0xda00) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000080)='cpu.stat\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x7fff}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffc}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) write$cgroup_int(r2, &(0x7f0000000200), 0x43400) ioctl$PERF_EVENT_IOC_MODIFY_ATTRIBUTES(r1, 0x4008240b, &(0x7f0000000280)={0x0, 0x70, 0xff, 0x1, 0x0, 0x3, 0x0, 0x100000000, 0xc17d06253f1d94fb, 0x2, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x8000, 0x4, @perf_config_ext={0x4, 0x1f}, 0x800, 0x8239, 0x7fff, 0x1, 0x1000, 0x9, 0x7}) 08:11:11 executing program 2: pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) syz_mount_image$vfat(&(0x7f0000000440)='vfat\x00', &(0x7f0000000400)='./file0\x00', 0xfffffffffffffffa, 0x1, &(0x7f00000003c0)=[{&(0x7f0000000080)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x280001c, 0x0) r1 = open(&(0x7f0000000300)='./file0\x00', 0x0, 0x0) fchdir(r1) creat(&(0x7f0000000140)='./bus\x00', 0x0) mkdir(&(0x7f0000000240)='./file1\x00', 0x0) mkdir(&(0x7f0000000280)='./file0\x00', 0x0) r2 = open(&(0x7f00000009c0)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x800002, 0x11, r2, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00') sendmsg$IPVS_CMD_NEW_DAEMON(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000240)={0x44, r4, 0x1, 0x0, 0x0, {}, [@IPVS_CMD_ATTR_DAEMON={0x30, 0x3, [@IPVS_DAEMON_ATTR_SYNC_MAXLEN={0x8, 0x4, 0x2d}, @IPVS_DAEMON_ATTR_SYNC_ID={0x8}, @IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'vcan0\x00'}, @IPVS_DAEMON_ATTR_STATE={0x8}]}]}, 0x44}}, 0x0) sendmsg$IPVS_CMD_FLUSH(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000100)={&(0x7f0000000180)={0x60, r4, 0x400, 0x70bd28, 0x25dfdbfc, {}, [@IPVS_CMD_ATTR_DAEMON={0x4}, @IPVS_CMD_ATTR_DEST={0x3c, 0x2, [@IPVS_DEST_ATTR_PORT={0x8, 0x2, 0x4e20}, @IPVS_DEST_ATTR_PERSIST_CONNS={0x8, 0x9, 0x5}, @IPVS_DEST_ATTR_L_THRESH={0x8, 0x6, 0x5274}, @IPVS_DEST_ATTR_ACTIVE_CONNS={0x8, 0x7, 0xd8b3}, @IPVS_DEST_ATTR_PORT={0x8, 0x2, 0x4e21}, @IPVS_DEST_ATTR_U_THRESH={0x8, 0x5, 0x1}, @IPVS_DEST_ATTR_FWD_METHOD={0x8, 0x3, 0x2}]}, @IPVS_CMD_ATTR_DEST={0xc, 0x2, [@IPVS_DEST_ATTR_PORT={0x8, 0x2, 0x4e22}]}]}, 0x60}, 0x1, 0x0, 0x0, 0x20008920}, 0x80) r5 = creat(&(0x7f00000002c0)='./bus\x00', 0x0) fcntl$setstatus(r5, 0x4, 0x6100) ftruncate(r5, 0x8200) write$cgroup_type(r5, &(0x7f0000000200)='threaded\x00', 0x175d900f) r6 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/pfkey\x00', 0x0, 0x0) r7 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_S_EXT_CTRLS(r7, 0xc0205648, &(0x7f0000000080)={0x0, 0x7}) r8 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_S_EXT_CTRLS(r8, 0xc0205648, &(0x7f0000000080)={0x0, 0x7}) ioctl$VIDIOC_TRY_EXT_CTRLS(r7, 0xc0205649, &(0x7f0000000480)={0x1090000, 0x8000, 0x1, r8, 0x0, &(0x7f0000000380)={0x9a0908, 0x0, [], @value64=0x10000000000000}}) write$P9_RREADLINK(r9, &(0x7f00000004c0)={0x10, 0x17, 0x2, {0x7, './file1'}}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x552, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, r6}, 0x78) ioctl$BLKROTATIONAL(r6, 0x127e, &(0x7f0000000000)) write$binfmt_misc(r0, &(0x7f0000000140)=ANY=[], 0x4240a2a0) 08:11:11 executing program 5: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000000)="6653070000053c07bc3376003639405cb4aed1e68f7d368b3fb62f00000000", 0x1f}], 0x4, 0x0) ptrace$setopts(0x4206, 0x0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) 08:11:11 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x196, 0x0, 0x0, 0x0) ioctl$KVM_GET_XCRS(0xffffffffffffffff, 0x8188aea6, &(0x7f0000000000)=ANY=[@ANYBLOB="010002d59400000500ade76e876e03c8cc0000"]) ioctl$KVM_RUN(r2, 0xae80, 0x4000000) [ 1055.471223][ T27] audit: type=1800 audit(1577520671.201:621): pid=18781 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="file0" dev="loop1" ino=536 res=0 08:11:11 executing program 5: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000000)="6653070000053c07bc3376003639405cb4aed1e68f7d368b3fb62f00000000", 0x1f}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(0x0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) [ 1055.584191][ T27] audit: type=1804 audit(1577520671.271:622): pid=18781 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir643497950/syzkaller.E8iwYA/214/file0/file0" dev="loop1" ino=536 res=1 [ 1055.609109][T18780] netlink: 'syz-executor.2': attribute type 4 has an invalid length. [ 1055.691379][T18795] FAULT_INJECTION: forcing a failure. [ 1055.691379][T18795] name failslab, interval 1, probability 0, space 0, times 0 08:11:11 executing program 3: [ 1055.788287][T18795] CPU: 0 PID: 18795 Comm: syz-executor.1 Not tainted 5.5.0-rc1-syzkaller #0 [ 1055.797022][T18795] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1055.807084][T18795] Call Trace: [ 1055.810402][T18795] dump_stack+0x11d/0x181 [ 1055.814938][T18795] should_fail.cold+0xa/0x1a [ 1055.819640][T18795] __should_failslab+0xee/0x130 [ 1055.824513][T18795] should_failslab+0x9/0x14 [ 1055.829033][T18795] kmem_cache_alloc+0x29/0x5d0 [ 1055.833811][T18795] ? __sanitizer_cov_trace_switch+0x49/0x80 [ 1055.839725][T18795] ? perf_log_itrace_start+0x270/0x270 [ 1055.845210][T18795] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1055.851470][T18795] ? iov_iter_alignment+0x145/0x4f0 [ 1055.856691][T18795] do_blockdev_direct_IO+0x27b/0x78c0 [ 1055.862091][T18795] ? _raw_spin_unlock_irq+0x68/0x80 [ 1055.867364][T18795] ? finish_task_switch+0x7b/0x260 [ 1055.872496][T18795] ? switch_mm_irqs_off+0x1a1/0x5f0 [ 1055.877741][T18795] ? __schedule+0x30e/0x690 [ 1055.882669][T18795] ? fat_add_cluster+0xd0/0xd0 [ 1055.887467][T18795] ? __sanitizer_cov_trace_switch+0x49/0x80 [ 1055.893468][T18795] ? write_comp_data+0x19/0x70 [ 1055.898253][T18795] ? __mark_inode_dirty+0x285/0x940 [ 1055.903473][T18795] ? fat_add_cluster+0xd0/0xd0 [ 1055.908257][T18795] __blockdev_direct_IO+0x86/0xa0 [ 1055.913300][T18795] fat_direct_IO+0x109/0x180 [ 1055.917908][T18795] ? touch_atime+0x83/0x190 [ 1055.922549][T18795] generic_file_read_iter+0x1b0/0x1440 [ 1055.928031][T18795] ? mntput_no_expire+0xa4/0x520 [ 1055.932990][T18795] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1055.939281][T18795] ? iov_iter_pipe+0xfa/0x120 [ 1055.943981][T18795] generic_file_splice_read+0x35c/0x500 [ 1055.949595][T18795] do_splice_to+0xf2/0x130 [ 1055.954027][T18795] ? add_to_pipe+0x1c0/0x1c0 [ 1055.958638][T18795] ? add_to_pipe+0x1c0/0x1c0 [ 1055.963251][T18795] splice_direct_to_actor+0x1b6/0x540 [ 1055.968643][T18795] ? generic_pipe_buf_nosteal+0x20/0x20 [ 1055.974345][T18795] do_splice_direct+0x161/0x1e0 [ 1055.979235][T18795] do_sendfile+0x384/0x7f0 [ 1055.983677][T18795] __x64_sys_sendfile64+0x12a/0x140 [ 1055.988914][T18795] do_syscall_64+0xcc/0x3a0 [ 1055.993539][T18795] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1055.999519][T18795] RIP: 0033:0x45a919 [ 1056.003431][T18795] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1056.023405][T18795] RSP: 002b:00007f8e91f37c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 08:11:11 executing program 2: pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) syz_mount_image$vfat(&(0x7f0000000440)='vfat\x00', &(0x7f0000000400)='./file0\x00', 0xfffffffffffffffa, 0x1, &(0x7f00000003c0)=[{&(0x7f0000000080)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x280001c, 0x0) r1 = open(&(0x7f0000000300)='./file0\x00', 0x0, 0x0) fchdir(r1) creat(&(0x7f0000000140)='./bus\x00', 0x0) mkdir(&(0x7f0000000240)='./file1\x00', 0x0) mkdir(&(0x7f0000000280)='./file0\x00', 0x0) r2 = open(&(0x7f00000009c0)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x800002, 0x11, r2, 0x0) r3 = creat(&(0x7f00000002c0)='./bus\x00', 0x0) fcntl$setstatus(r3, 0x4, 0x6100) ftruncate(r3, 0x8200) r4 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer2\x00', 0x40000, 0x0) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000340)={r4, 0xc0, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)=0x6, 0x0, 0x0, 0x0, &(0x7f00000000c0)={0x4, 0x3}, 0x0, 0x0, &(0x7f0000000100)={0x3, 0xe, 0x6}, &(0x7f0000000180)=0xf490, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)=0x1}}, 0x10) write$cgroup_type(r3, &(0x7f0000000200)='threaded\x00', 0x175d900f) write$binfmt_misc(r0, &(0x7f0000000140)=ANY=[], 0x4240a2a0) 08:11:11 executing program 3: 08:11:11 executing program 2: pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) syz_mount_image$vfat(&(0x7f0000000440)='vfat\x00', &(0x7f0000000400)='./file0\x00', 0xfffffffffffffffa, 0x1, &(0x7f00000003c0)=[{&(0x7f0000000080)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x280001c, 0x0) r2 = open(&(0x7f0000000300)='./file0\x00', 0x0, 0x0) fchdir(r2) ioctl$SNDRV_SEQ_IOCTL_DELETE_PORT(0xffffffffffffffff, 0x40a85321, &(0x7f0000000480)={{0x3, 0x4}, 'port1\x00', 0x80, 0xc0010, 0xd90d, 0x7fff, 0x936c, 0x7, 0x2, 0x0, 0x529537a865499194, 0x1}) creat(&(0x7f0000000140)='./bus\x00', 0x0) mkdir(&(0x7f0000000240)='./file1\x00', 0x0) mkdir(&(0x7f0000000280)='./file0\x00', 0x0) r3 = open(&(0x7f00000009c0)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x800002, 0x11, r3, 0x0) r4 = creat(&(0x7f00000002c0)='./bus\x00', 0x0) r5 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/pfkey\x00', 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x552, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, r5}, 0x78) getsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX3(r5, 0x84, 0x6f, &(0x7f00000000c0)={0x0, 0x74, &(0x7f0000000000)=[@in6={0xa, 0x4e23, 0xfffffffc, @remote}, @in={0x2, 0x4e24, @multicast2}, @in6={0xa, 0x4e24, 0x0, @ipv4={[], [], @rand_addr=0x7fffffff}, 0x7}, @in6={0xa, 0x4e24, 0xe27, @ipv4={[], [], @broadcast}, 0x4}, @in={0x2, 0x4e21, @multicast1}]}, &(0x7f0000000100)=0x10) getsockopt$inet_sctp6_SCTP_GET_PEER_ADDR_INFO(r0, 0x84, 0xf, &(0x7f0000000540)={r6, @in={{0x2, 0x4e21, @broadcast}}, 0x80000000, 0x0, 0xffffffff, 0x2, 0x1}, &(0x7f0000000180)=0x98) fcntl$setstatus(r4, 0x4, 0x6100) ftruncate(r4, 0x8200) write$cgroup_type(r4, &(0x7f0000000200)='threaded\x00', 0x175d900f) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) [ 1056.031847][T18795] RAX: ffffffffffffffda RBX: 00007f8e91f37c90 RCX: 000000000045a919 [ 1056.039835][T18795] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000006 [ 1056.047919][T18795] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 [ 1056.055898][T18795] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007f8e91f386d4 [ 1056.063894][T18795] R13: 00000000004c925e R14: 00000000004e0f88 R15: 0000000000000007 08:11:11 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x196, 0x0, 0x0, 0x0) ioctl$KVM_GET_XCRS(0xffffffffffffffff, 0x8188aea6, &(0x7f0000000000)=ANY=[@ANYBLOB="010002d59400000500ade76e876e03c8cc0000"]) ioctl$KVM_RUN(r2, 0xae80, 0x5000000) [ 1056.096295][ T27] audit: type=1804 audit(1577520671.381:623): pid=18795 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir643497950/syzkaller.E8iwYA/214/file0/file0" dev="loop1" ino=536 res=1 08:11:11 executing program 3: 08:11:12 executing program 1 (fault-call:10 fault-nth:3): syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x552, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78) setsockopt$inet_mreqsrc(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000100)='./file0\x00', 0x40c2, 0x40) r2 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) write(r1, &(0x7f0000000600)="34fd98aa1d0e7adec937a5f331a75f487934f50242a0751944936972896c29a5068c8ecba1aa0a4e2a631b5180e1fbde79f4502dc4c4a1fba9dcd9ed83e639aefa1b87631c33d1a82cb0c0035676ddfeb0fe7984d7519b0f839d497fc9d64ef14d1de22220ff2623df4950134b9fb734a52adad95f131cce3672a9d7d7b400d2c62810b5f20351639330948107bf8d4534a03ac389455c54d8eb4d609b3e858b7213b38eb01f0eeaba3739ae927916e28da6a79a3fd5e32d30ab30bf959d4596e5ffbff6789a650b9e7d248d1ba849012336a4f3ef8fab07a8f5b81bb0bc45b2174538315ca12b7c723b2157562564a8a1f19d28179f8c565448e0e921b8c3e6fc4adaafa8b929ad077f633325b6a6f71a586cabc4883e03e19315f946b277858593a7367e232202fe9ad656c6768a1517da7f0498b48cb078e929fb11db0cc551f754bffc4859dd89a396915cc809b07d448573098409ea21371056f67ef4114ec10547f498d24513fe594308bf022868ad21e85bba811942fdc45161a1a8a7fe00d5c6b05ed7954f631bbd12a5c9a5cfa5965e0595de608b04ebe02b3fcbf3b9f57807a1a7ad8528992e2ec65949da2f4a0478dfd3ae52639c15d8aeaa351da6d393b58c772168fae604d097fef4d6b9360eb169a0b0ee70cdc22435a003e68698f61b3b63b1f51011bc8f4ef944c1de821785f670124a1c6ed18335d63412", 0x200) sendfile(r1, r2, 0x0, 0x7fffffa7) r3 = open(&(0x7f0000000040)='./file0\x00', 0x141042, 0x0) sendfile(r3, r1, 0x0, 0xffffffff) [ 1056.479237][ T27] audit: type=1800 audit(1577520672.211:624): pid=18831 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="file0" dev="loop1" ino=537 res=0 [ 1056.499859][ T27] audit: type=1804 audit(1577520672.211:625): pid=18831 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir643497950/syzkaller.E8iwYA/215/file0/file0" dev="loop1" ino=537 res=1 [ 1056.553973][T18835] FAULT_INJECTION: forcing a failure. [ 1056.553973][T18835] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1056.570321][ T27] audit: type=1804 audit(1577520672.281:626): pid=18835 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir643497950/syzkaller.E8iwYA/215/file0/file0" dev="loop1" ino=537 res=1 [ 1056.595041][T18835] CPU: 1 PID: 18835 Comm: syz-executor.1 Not tainted 5.5.0-rc1-syzkaller #0 [ 1056.603845][T18835] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1056.614030][T18835] Call Trace: [ 1056.617431][T18835] dump_stack+0x11d/0x181 [ 1056.621756][T18835] should_fail.cold+0xa/0x1a [ 1056.626388][T18835] should_fail_alloc_page+0x50/0x60 [ 1056.631591][T18835] __alloc_pages_nodemask+0xd2/0x310 [ 1056.637066][T18835] alloc_pages_current+0xd1/0x170 [ 1056.642151][T18835] push_pipe+0x170/0x320 [ 1056.646710][T18835] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 1056.652448][T18835] iov_iter_get_pages+0x481/0x8aa [ 1056.657481][T18835] ? blk_start_plug+0x62/0x120 [ 1056.662249][T18835] do_blockdev_direct_IO+0x372e/0x78c0 [ 1056.667711][T18835] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1056.673960][T18835] ? tomoyo_domain_quota_is_ok+0x1e1/0x2b0 [ 1056.679771][T18835] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1056.686002][T18835] ? tomoyo_supervisor+0x170/0xd20 [ 1056.691114][T18835] ? fat_add_cluster+0xd0/0xd0 [ 1056.695885][T18835] ? write_comp_data+0x19/0x70 [ 1056.700642][T18835] ? __mark_inode_dirty+0x285/0x940 [ 1056.705864][T18835] ? fat_add_cluster+0xd0/0xd0 [ 1056.710620][T18835] __blockdev_direct_IO+0x86/0xa0 [ 1056.715670][T18835] fat_direct_IO+0x109/0x180 [ 1056.720271][T18835] ? touch_atime+0x83/0x190 [ 1056.724797][T18835] generic_file_read_iter+0x1b0/0x1440 [ 1056.730377][T18835] ? mntput_no_expire+0xa4/0x520 [ 1056.735349][T18835] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1056.741617][T18835] ? iov_iter_pipe+0xfa/0x120 [ 1056.746287][T18835] generic_file_splice_read+0x35c/0x500 [ 1056.751883][T18835] do_splice_to+0xf2/0x130 [ 1056.756407][T18835] ? add_to_pipe+0x1c0/0x1c0 [ 1056.760995][T18835] ? add_to_pipe+0x1c0/0x1c0 [ 1056.765580][T18835] splice_direct_to_actor+0x1b6/0x540 [ 1056.770939][T18835] ? generic_pipe_buf_nosteal+0x20/0x20 [ 1056.776475][T18835] do_splice_direct+0x161/0x1e0 [ 1056.781390][T18835] do_sendfile+0x384/0x7f0 [ 1056.785796][T18835] __x64_sys_sendfile64+0x12a/0x140 [ 1056.791133][T18835] do_syscall_64+0xcc/0x3a0 [ 1056.795637][T18835] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1056.801612][T18835] RIP: 0033:0x45a919 [ 1056.805504][T18835] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1056.825481][T18835] RSP: 002b:00007f8e91f37c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 1056.834082][T18835] RAX: ffffffffffffffda RBX: 00007f8e91f37c90 RCX: 000000000045a919 [ 1056.842099][T18835] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000006 [ 1056.850226][T18835] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 [ 1056.858189][T18835] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007f8e91f386d4 [ 1056.866251][T18835] R13: 00000000004c925e R14: 00000000004e0f88 R15: 0000000000000007 08:11:19 executing program 0: gettid() r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(r0, 0x40086602, 0x400007) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_pid(0xffffffffffffffff, 0x0, 0x0) write$cgroup_subtree(r1, &(0x7f0000000000)=ANY=[], 0x32600) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r1, &(0x7f0000000000)=ANY=[@ANYBLOB], 0xda00) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000080)='cpu.stat\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x7fff}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffc}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) write$cgroup_int(r2, &(0x7f0000000200), 0x43400) ioctl$PERF_EVENT_IOC_MODIFY_ATTRIBUTES(r1, 0x4008240b, &(0x7f0000000280)={0x0, 0x70, 0xff, 0x1, 0x0, 0x3, 0x0, 0x100000000, 0xc17d06253f1d94fb, 0x2, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x8000, 0x4, @perf_config_ext={0x4, 0x1f}, 0x800, 0x8239, 0x7fff, 0x1, 0x1000, 0x9, 0x7}) 08:11:19 executing program 5: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000000)="6653070000053c07bc3376003639405cb4aed1e68f7d368b3fb62f00000000", 0x1f}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(0x0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) 08:11:19 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x196, 0x0, 0x0, 0x0) ioctl$KVM_GET_XCRS(0xffffffffffffffff, 0x8188aea6, &(0x7f0000000000)=ANY=[@ANYBLOB="010002d59400000500ade76e876e03c8cc0000"]) ioctl$KVM_RUN(r2, 0xae80, 0x6000000) 08:11:19 executing program 3: 08:11:19 executing program 2: pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) syz_mount_image$vfat(&(0x7f0000000440)='vfat\x00', &(0x7f0000000400)='./file0\x00', 0xfffffffffffffffa, 0x1, &(0x7f00000003c0)=[{&(0x7f0000000080)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x280001c, 0x0) r1 = open(&(0x7f0000000300)='./file0\x00', 0x0, 0x0) fchdir(r1) creat(&(0x7f0000000140)='./bus\x00', 0x0) mkdir(&(0x7f0000000240)='./file1\x00', 0x0) mkdir(&(0x7f0000000280)='./file0\x00', 0x0) r2 = open(&(0x7f00000009c0)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x800002, 0x11, r2, 0x0) r3 = creat(&(0x7f00000002c0)='./bus\x00', 0x0) fcntl$setstatus(r3, 0x4, 0x6100) ftruncate(r3, 0x8200) r4 = syz_init_net_socket$nfc_llcp(0x27, 0xfbd6dd22ebb72126, 0x1) connect$nfc_llcp(r4, &(0x7f0000000800)={0x27, 0x1, 0xfffffffe, 0x3, 0x0, 0xff, "ded52d07b874ef9c3fd71e4c6a4bcb9dd5b4bf555ed5c0f99649d5018c95ad5e5ab89cc7b4efcfe3c505407fe72f5c2be6c7f0d50dd1fc52092b90de2eaa8f", 0x9}, 0x60) write$cgroup_type(r3, &(0x7f0000000200)='threaded\x00', 0x175d900f) write$binfmt_misc(r0, &(0x7f0000000140)=ANY=[], 0x4240a2a0) 08:11:19 executing program 1 (fault-call:10 fault-nth:4): syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x552, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78) setsockopt$inet_mreqsrc(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000100)='./file0\x00', 0x40c2, 0x40) r2 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) write(r1, &(0x7f0000000600)="34fd98aa1d0e7adec937a5f331a75f487934f50242a0751944936972896c29a5068c8ecba1aa0a4e2a631b5180e1fbde79f4502dc4c4a1fba9dcd9ed83e639aefa1b87631c33d1a82cb0c0035676ddfeb0fe7984d7519b0f839d497fc9d64ef14d1de22220ff2623df4950134b9fb734a52adad95f131cce3672a9d7d7b400d2c62810b5f20351639330948107bf8d4534a03ac389455c54d8eb4d609b3e858b7213b38eb01f0eeaba3739ae927916e28da6a79a3fd5e32d30ab30bf959d4596e5ffbff6789a650b9e7d248d1ba849012336a4f3ef8fab07a8f5b81bb0bc45b2174538315ca12b7c723b2157562564a8a1f19d28179f8c565448e0e921b8c3e6fc4adaafa8b929ad077f633325b6a6f71a586cabc4883e03e19315f946b277858593a7367e232202fe9ad656c6768a1517da7f0498b48cb078e929fb11db0cc551f754bffc4859dd89a396915cc809b07d448573098409ea21371056f67ef4114ec10547f498d24513fe594308bf022868ad21e85bba811942fdc45161a1a8a7fe00d5c6b05ed7954f631bbd12a5c9a5cfa5965e0595de608b04ebe02b3fcbf3b9f57807a1a7ad8528992e2ec65949da2f4a0478dfd3ae52639c15d8aeaa351da6d393b58c772168fae604d097fef4d6b9360eb169a0b0ee70cdc22435a003e68698f61b3b63b1f51011bc8f4ef944c1de821785f670124a1c6ed18335d63412", 0x200) sendfile(r1, r2, 0x0, 0x7fffffa7) r3 = open(&(0x7f0000000040)='./file0\x00', 0x141042, 0x0) sendfile(r3, r1, 0x0, 0xffffffff) 08:11:19 executing program 3: [ 1064.193238][ T27] audit: type=1800 audit(1577520679.931:627): pid=18848 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="file0" dev="loop1" ino=538 res=0 08:11:20 executing program 3: [ 1064.289912][T18861] FAULT_INJECTION: forcing a failure. [ 1064.289912][T18861] name fail_page_alloc, interval 1, probability 0, space 0, times 0 08:11:20 executing program 3: [ 1064.325256][ T27] audit: type=1804 audit(1577520679.951:628): pid=18861 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir643497950/syzkaller.E8iwYA/216/file0/file0" dev="loop1" ino=538 res=1 08:11:20 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x196, 0x0, 0x0, 0x0) ioctl$KVM_GET_XCRS(0xffffffffffffffff, 0x8188aea6, &(0x7f0000000000)=ANY=[@ANYBLOB="010002d59400000500ade76e876e03c8cc0000"]) ioctl$KVM_RUN(r2, 0xae80, 0x7000000) 08:11:20 executing program 2: pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) syz_mount_image$vfat(&(0x7f0000000440)='vfat\x00', &(0x7f0000000040)='./file0\x00', 0xfffffffffffffffa, 0x0, &(0x7f00000003c0), 0x280001c, 0x0) r2 = open(&(0x7f0000000300)='./file0\x00', 0x0, 0x0) r3 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/pfkey\x00', 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x552, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, r3}, 0x78) ioctl$PPPOEIOCDFWD(r3, 0xb101, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000001000/0x2000)=nil, 0x2000, 0x3000008, 0x10, r0, 0x0) fchdir(r2) creat(&(0x7f0000000140)='./bus\x00', 0x0) mkdir(&(0x7f0000000240)='./file1\x00', 0x0) mkdir(&(0x7f0000000280)='./file0\x00', 0x0) r4 = open(&(0x7f00000009c0)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x800002, 0x11, r4, 0x0) r5 = creat(&(0x7f00000002c0)='./bus\x00', 0x0) fcntl$setstatus(r5, 0x4, 0x6100) ftruncate(r5, 0x8200) write$cgroup_type(r5, &(0x7f0000000200)='threaded\x00', 0x175d900f) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) [ 1064.386708][T18861] CPU: 1 PID: 18861 Comm: syz-executor.1 Not tainted 5.5.0-rc1-syzkaller #0 [ 1064.395433][T18861] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1064.405490][T18861] Call Trace: [ 1064.408880][T18861] dump_stack+0x11d/0x181 [ 1064.413257][T18861] should_fail.cold+0xa/0x1a [ 1064.417945][T18861] should_fail_alloc_page+0x50/0x60 [ 1064.423241][T18861] __alloc_pages_nodemask+0xd2/0x310 [ 1064.428557][T18861] alloc_pages_current+0xd1/0x170 [ 1064.433656][T18861] push_pipe+0x170/0x320 [ 1064.437973][T18861] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 1064.443708][T18861] iov_iter_get_pages+0x481/0x8aa [ 1064.448797][T18861] ? blk_start_plug+0x62/0x120 [ 1064.453623][T18861] do_blockdev_direct_IO+0x372e/0x78c0 [ 1064.459106][T18861] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1064.465440][T18861] ? tomoyo_domain_quota_is_ok+0x1e1/0x2b0 [ 1064.471275][T18861] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1064.477629][T18861] ? tomoyo_supervisor+0x170/0xd20 [ 1064.482773][T18861] ? fat_add_cluster+0xd0/0xd0 [ 1064.487635][T18861] ? write_comp_data+0x19/0x70 [ 1064.492410][T18861] ? __mark_inode_dirty+0x285/0x940 [ 1064.497708][T18861] ? fat_add_cluster+0xd0/0xd0 [ 1064.502583][T18861] __blockdev_direct_IO+0x86/0xa0 [ 1064.507675][T18861] fat_direct_IO+0x109/0x180 [ 1064.512292][T18861] ? touch_atime+0x83/0x190 [ 1064.516950][T18861] generic_file_read_iter+0x1b0/0x1440 [ 1064.522435][T18861] ? mntput_no_expire+0xa4/0x520 [ 1064.527394][T18861] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1064.533633][T18861] ? iov_iter_pipe+0xfa/0x120 [ 1064.538381][T18861] generic_file_splice_read+0x35c/0x500 [ 1064.543952][T18861] do_splice_to+0xf2/0x130 [ 1064.548386][T18861] ? add_to_pipe+0x1c0/0x1c0 [ 1064.552983][T18861] ? add_to_pipe+0x1c0/0x1c0 [ 1064.557577][T18861] splice_direct_to_actor+0x1b6/0x540 [ 1064.562999][T18861] ? generic_pipe_buf_nosteal+0x20/0x20 [ 1064.568556][T18861] do_splice_direct+0x161/0x1e0 [ 1064.573506][T18861] do_sendfile+0x384/0x7f0 [ 1064.577933][T18861] __x64_sys_sendfile64+0x12a/0x140 [ 1064.583232][T18861] do_syscall_64+0xcc/0x3a0 [ 1064.587743][T18861] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1064.593646][T18861] RIP: 0033:0x45a919 [ 1064.597560][T18861] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1064.617268][T18861] RSP: 002b:00007f8e91f37c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 1064.625688][T18861] RAX: ffffffffffffffda RBX: 00007f8e91f37c90 RCX: 000000000045a919 08:11:20 executing program 3: [ 1064.633657][T18861] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000006 [ 1064.642092][T18861] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 [ 1064.650065][T18861] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007f8e91f386d4 [ 1064.658657][T18861] R13: 00000000004c925e R14: 00000000004e0f88 R15: 0000000000000007 [ 1064.713760][ T27] audit: type=1804 audit(1577520680.021:629): pid=18861 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir643497950/syzkaller.E8iwYA/216/file0/file0" dev="loop1" ino=538 res=1 08:11:29 executing program 0: gettid() r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(r0, 0x40086602, 0x400007) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_pid(0xffffffffffffffff, 0x0, 0x0) write$cgroup_subtree(r1, &(0x7f0000000000)=ANY=[], 0x32600) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r1, &(0x7f0000000000)=ANY=[@ANYBLOB], 0xda00) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000080)='cpu.stat\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x7fff}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffc}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) write$cgroup_int(r2, &(0x7f0000000200), 0x43400) ioctl$PERF_EVENT_IOC_MODIFY_ATTRIBUTES(r1, 0x4008240b, &(0x7f0000000280)={0x0, 0x70, 0xff, 0x1, 0x0, 0x3, 0x0, 0x100000000, 0xc17d06253f1d94fb, 0x2, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x8000, 0x4, @perf_config_ext={0x4, 0x1f}, 0x800, 0x8239, 0x7fff, 0x1, 0x1000, 0x9, 0x7}) 08:11:29 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x196, 0x0, 0x0, 0x0) ioctl$KVM_GET_XCRS(0xffffffffffffffff, 0x8188aea6, &(0x7f0000000000)=ANY=[@ANYBLOB="010002d59400000500ade76e876e03c8cc0000"]) ioctl$KVM_RUN(r2, 0xae80, 0x8000000) 08:11:29 executing program 3: 08:11:29 executing program 2: pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) syz_mount_image$vfat(&(0x7f0000000440)='vfat\x00', &(0x7f0000000400)='./file0\x00', 0xfffffffffffffffa, 0x1, &(0x7f00000003c0)=[{&(0x7f0000000080)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x280001c, 0x0) r1 = open(&(0x7f0000000300)='./file0\x00', 0x0, 0x0) fchdir(r1) creat(&(0x7f0000000140)='./bus\x00', 0x0) mkdir(&(0x7f0000000240)='./file1\x00', 0x0) mkdir(&(0x7f0000000280)='./file0\x00', 0x0) r2 = open(&(0x7f00000009c0)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x800002, 0x11, r2, 0x0) r3 = openat$vcsa(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vcsa\x00', 0x660081, 0x0) name_to_handle_at(r3, &(0x7f0000000040)='./file0\x00', &(0x7f0000000480)={0x9e, 0x80, "2d6c3d5d912f9a735623182bf28a37dc0eaa46885db2c35fcc713b7a70812e94d3b96546ddd4a7f168cdaff797076754b409a4b6116a69b6508f41f08aa261e6e6ec78aef893397d7ff7c2486b0392f980bc1be4670c958b88ff6a9683a10ab22d8cb5518266012f3348829009431f743805fc9bdb331c05ace4ae96bb5cb576156a2f0904a6988b05dbe9c113190b5c610843b8b20f"}, &(0x7f00000000c0), 0x1000) r4 = creat(&(0x7f00000002c0)='./bus\x00', 0x0) fcntl$setstatus(r4, 0x4, 0x6100) ftruncate(r4, 0x8200) write$cgroup_type(r4, &(0x7f0000000200)='threaded\x00', 0x175d900f) write$binfmt_misc(r0, &(0x7f0000000140)=ANY=[], 0x4240a2a0) 08:11:29 executing program 1 (fault-call:10 fault-nth:5): syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x552, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78) setsockopt$inet_mreqsrc(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000100)='./file0\x00', 0x40c2, 0x40) r2 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) write(r1, &(0x7f0000000600)="34fd98aa1d0e7adec937a5f331a75f487934f50242a0751944936972896c29a5068c8ecba1aa0a4e2a631b5180e1fbde79f4502dc4c4a1fba9dcd9ed83e639aefa1b87631c33d1a82cb0c0035676ddfeb0fe7984d7519b0f839d497fc9d64ef14d1de22220ff2623df4950134b9fb734a52adad95f131cce3672a9d7d7b400d2c62810b5f20351639330948107bf8d4534a03ac389455c54d8eb4d609b3e858b7213b38eb01f0eeaba3739ae927916e28da6a79a3fd5e32d30ab30bf959d4596e5ffbff6789a650b9e7d248d1ba849012336a4f3ef8fab07a8f5b81bb0bc45b2174538315ca12b7c723b2157562564a8a1f19d28179f8c565448e0e921b8c3e6fc4adaafa8b929ad077f633325b6a6f71a586cabc4883e03e19315f946b277858593a7367e232202fe9ad656c6768a1517da7f0498b48cb078e929fb11db0cc551f754bffc4859dd89a396915cc809b07d448573098409ea21371056f67ef4114ec10547f498d24513fe594308bf022868ad21e85bba811942fdc45161a1a8a7fe00d5c6b05ed7954f631bbd12a5c9a5cfa5965e0595de608b04ebe02b3fcbf3b9f57807a1a7ad8528992e2ec65949da2f4a0478dfd3ae52639c15d8aeaa351da6d393b58c772168fae604d097fef4d6b9360eb169a0b0ee70cdc22435a003e68698f61b3b63b1f51011bc8f4ef944c1de821785f670124a1c6ed18335d63412", 0x200) sendfile(r1, r2, 0x0, 0x7fffffa7) r3 = open(&(0x7f0000000040)='./file0\x00', 0x141042, 0x0) sendfile(r3, r1, 0x0, 0xffffffff) 08:11:29 executing program 5: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000000)="6653070000053c07bc3376003639405cb4aed1e68f7d368b3fb62f00000000", 0x1f}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(0x0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) 08:11:29 executing program 3: [ 1073.547440][ T27] audit: type=1800 audit(1577520689.271:630): pid=18906 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="file0" dev="loop1" ino=539 res=0 08:11:29 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x196, 0x0, 0x0, 0x0) ioctl$KVM_GET_XCRS(0xffffffffffffffff, 0x8188aea6, &(0x7f0000000000)=ANY=[@ANYBLOB="010002d59400000500ade76e876e03c8cc0000"]) ioctl$KVM_RUN(r2, 0xae80, 0x9000000) [ 1073.632618][ T27] audit: type=1804 audit(1577520689.281:631): pid=18906 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir643497950/syzkaller.E8iwYA/217/file0/file0" dev="loop1" ino=539 res=1 [ 1073.714294][T18914] FAULT_INJECTION: forcing a failure. [ 1073.714294][T18914] name fail_page_alloc, interval 1, probability 0, space 0, times 0 08:11:29 executing program 3: [ 1073.808427][ T27] audit: type=1804 audit(1577520689.421:632): pid=18914 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir643497950/syzkaller.E8iwYA/217/file0/file0" dev="loop1" ino=539 res=1 [ 1073.870121][T18914] CPU: 0 PID: 18914 Comm: syz-executor.1 Not tainted 5.5.0-rc1-syzkaller #0 [ 1073.878844][T18914] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1073.888962][T18914] Call Trace: [ 1073.892348][T18914] dump_stack+0x11d/0x181 [ 1073.896703][T18914] should_fail.cold+0xa/0x1a [ 1073.901345][T18914] should_fail_alloc_page+0x50/0x60 [ 1073.906597][T18914] __alloc_pages_nodemask+0xd2/0x310 [ 1073.911904][T18914] alloc_pages_current+0xd1/0x170 [ 1073.916953][T18914] push_pipe+0x170/0x320 [ 1073.921302][T18914] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 1073.927042][T18914] iov_iter_get_pages+0x481/0x8aa [ 1073.932113][T18914] ? blk_start_plug+0x62/0x120 [ 1073.936982][T18914] do_blockdev_direct_IO+0x372e/0x78c0 [ 1073.942463][T18914] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1073.948711][T18914] ? tomoyo_domain_quota_is_ok+0x1e1/0x2b0 [ 1073.954594][T18914] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1073.960874][T18914] ? tomoyo_supervisor+0x170/0xd20 [ 1073.966209][T18914] ? fat_add_cluster+0xd0/0xd0 [ 1073.971000][T18914] ? write_comp_data+0x19/0x70 [ 1073.975777][T18914] ? __mark_inode_dirty+0x285/0x940 [ 1073.981200][T18914] ? fat_add_cluster+0xd0/0xd0 [ 1073.986041][T18914] __blockdev_direct_IO+0x86/0xa0 [ 1073.991147][T18914] fat_direct_IO+0x109/0x180 [ 1073.995759][T18914] ? touch_atime+0x83/0x190 [ 1074.000311][T18914] generic_file_read_iter+0x1b0/0x1440 [ 1074.005815][T18914] ? __mod_memcg_state+0x9a/0x120 [ 1074.010988][T18914] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1074.017279][T18914] ? __this_cpu_preempt_check+0x45/0x140 [ 1074.022930][T18914] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1074.029534][T18914] ? iov_iter_pipe+0xfa/0x120 [ 1074.034296][T18914] generic_file_splice_read+0x35c/0x500 [ 1074.040130][T18914] do_splice_to+0xf2/0x130 [ 1074.044550][T18914] ? add_to_pipe+0x1c0/0x1c0 [ 1074.049160][T18914] ? add_to_pipe+0x1c0/0x1c0 [ 1074.053769][T18914] splice_direct_to_actor+0x1b6/0x540 [ 1074.059142][T18914] ? generic_pipe_buf_nosteal+0x20/0x20 [ 1074.064792][T18914] do_splice_direct+0x161/0x1e0 [ 1074.069655][T18914] do_sendfile+0x384/0x7f0 [ 1074.074161][T18914] __x64_sys_sendfile64+0x12a/0x140 [ 1074.079588][T18914] do_syscall_64+0xcc/0x3a0 [ 1074.084238][T18914] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1074.090119][T18914] RIP: 0033:0x45a919 [ 1074.094048][T18914] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 08:11:29 executing program 2: pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) syz_mount_image$vfat(&(0x7f0000000440)='vfat\x00', &(0x7f0000000400)='./file0\x00', 0xfffffffffffffffa, 0x1, &(0x7f00000003c0)=[{&(0x7f0000000080)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x280001c, 0x0) r1 = open(&(0x7f0000000300)='./file0\x00', 0x0, 0x0) fchdir(r1) creat(&(0x7f0000000140)='./bus\x00', 0x0) mkdir(&(0x7f0000000240)='./file1\x00', 0x0) mkdir(&(0x7f0000000280)='./file0\x00', 0x0) r2 = open(&(0x7f00000009c0)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x800002, 0x11, r2, 0x0) r3 = creat(&(0x7f00000002c0)='./bus\x00', 0x0) r4 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/pfkey\x00', 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x552, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, r4}, 0x78) r5 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/pfkey\x00', 0x0, 0x0) r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x552, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, r5}, 0x78) statx(r5, &(0x7f0000000340)='./file0\x00', 0x2000, 0x881, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0}) ioctl$VIDIOC_S_EXT_CTRLS(0xffffffffffffffff, 0xc0205648, &(0x7f0000000780)={0xa20000, 0xde2a, 0x0, r6, 0x0, &(0x7f0000000740)={0xa20920, 0xffff, [], @p_u16=&(0x7f0000000700)=0xeaf3}}) getsockopt$inet6_IPV6_IPSEC_POLICY(r5, 0x29, 0x22, &(0x7f0000000440)={{{@in, @in6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@ipv4={[], [], @remote}}, 0x0, @in=@initdev}}, &(0x7f0000000380)=0xfffffffffffffe94) r9 = socket$inet(0x2, 0x1, 0x0) setsockopt(r9, 0x0, 0x40, &(0x7f0000000000), 0x18) fstat(r9, &(0x7f0000000640)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) lsetxattr$system_posix_acl(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='system.posix_acl_access\x00', &(0x7f00000003c0)=ANY=[@ANYBLOB='\x00'/16, @ANYRES32=0x0, @ANYBLOB="02000100", @ANYRES32=r8, @ANYBLOB="040002000000000008000400", @ANYRES32=r10, @ANYBLOB="10000200000000002000020000000000"], 0x3c, 0x1) stat(&(0x7f0000000380)='./file1\x00', &(0x7f0000000580)={0x0, 0x0, 0x0, 0x0, 0x0}) mount$fuseblk(&(0x7f0000000100)='/dev/loop0\x00', &(0x7f0000000180)='./file1\x00', &(0x7f00000001c0)='fuseblk\x00', 0x41000, &(0x7f0000000600)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r4, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=r7, @ANYBLOB=',group_id=', @ANYRESDEC=r10, @ANYBLOB="2c64656609bc6cb95461756c745f7065556d697373696f6e8e000000636c6162d96c2c646f6e745f686173680c6673636f6e746578743d73797361646d5f75", @ANYRESDEC=r11, @ANYBLOB=',\x00']) fcntl$setstatus(r3, 0x4, 0x6100) ftruncate(r3, 0x8200) r12 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_S_EXT_CTRLS(r12, 0xc0205648, &(0x7f0000000080)={0x0, 0x7}) ioctl$VIDIOC_QUERYBUF(r12, 0xc0585609, &(0x7f0000000000)={0x9, 0x8, 0x4, 0x8, 0xfffffff8, {0x77359400}, {0x3, 0x2, 0x6, 0xff, 0x2, 0xe0, "7ba7c6b0"}, 0x8, 0x4, @offset=0x3, 0xc719, 0x0, 0xffffffffffffffff}) ioctl$KVM_SET_MP_STATE(r13, 0x4004ae99, &(0x7f00000000c0)=0x3) write$cgroup_type(r3, &(0x7f0000000200)='threaded\x00', 0x175d900f) write$binfmt_misc(r0, &(0x7f0000000140)=ANY=[], 0x4240a2a0) 08:11:29 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_CLOCK(r1, 0x4030ae7b, 0x0) 08:11:29 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x196, 0x0, 0x0, 0x0) ioctl$KVM_GET_XCRS(0xffffffffffffffff, 0x8188aea6, &(0x7f0000000000)=ANY=[@ANYBLOB="010002d59400000500ade76e876e03c8cc0000"]) ioctl$KVM_RUN(r2, 0xae80, 0xa000000) [ 1074.113645][T18914] RSP: 002b:00007f8e91f37c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 1074.122050][T18914] RAX: ffffffffffffffda RBX: 00007f8e91f37c90 RCX: 000000000045a919 [ 1074.130100][T18914] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000006 [ 1074.138179][T18914] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 [ 1074.146153][T18914] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007f8e91f386d4 [ 1074.154118][T18914] R13: 00000000004c925e R14: 00000000004e0f88 R15: 0000000000000007 08:11:35 executing program 1 (fault-call:10 fault-nth:6): syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x552, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78) setsockopt$inet_mreqsrc(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000100)='./file0\x00', 0x40c2, 0x40) r2 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) write(r1, &(0x7f0000000600)="34fd98aa1d0e7adec937a5f331a75f487934f50242a0751944936972896c29a5068c8ecba1aa0a4e2a631b5180e1fbde79f4502dc4c4a1fba9dcd9ed83e639aefa1b87631c33d1a82cb0c0035676ddfeb0fe7984d7519b0f839d497fc9d64ef14d1de22220ff2623df4950134b9fb734a52adad95f131cce3672a9d7d7b400d2c62810b5f20351639330948107bf8d4534a03ac389455c54d8eb4d609b3e858b7213b38eb01f0eeaba3739ae927916e28da6a79a3fd5e32d30ab30bf959d4596e5ffbff6789a650b9e7d248d1ba849012336a4f3ef8fab07a8f5b81bb0bc45b2174538315ca12b7c723b2157562564a8a1f19d28179f8c565448e0e921b8c3e6fc4adaafa8b929ad077f633325b6a6f71a586cabc4883e03e19315f946b277858593a7367e232202fe9ad656c6768a1517da7f0498b48cb078e929fb11db0cc551f754bffc4859dd89a396915cc809b07d448573098409ea21371056f67ef4114ec10547f498d24513fe594308bf022868ad21e85bba811942fdc45161a1a8a7fe00d5c6b05ed7954f631bbd12a5c9a5cfa5965e0595de608b04ebe02b3fcbf3b9f57807a1a7ad8528992e2ec65949da2f4a0478dfd3ae52639c15d8aeaa351da6d393b58c772168fae604d097fef4d6b9360eb169a0b0ee70cdc22435a003e68698f61b3b63b1f51011bc8f4ef944c1de821785f670124a1c6ed18335d63412", 0x200) sendfile(r1, r2, 0x0, 0x7fffffa7) r3 = open(&(0x7f0000000040)='./file0\x00', 0x141042, 0x0) sendfile(r3, r1, 0x0, 0xffffffff) 08:11:35 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x196, 0x0, 0x0, 0x0) ioctl$KVM_GET_XCRS(0xffffffffffffffff, 0x8188aea6, &(0x7f0000000000)=ANY=[@ANYBLOB="010002d59400000500ade76e876e03c8cc0000"]) ioctl$KVM_RUN(r2, 0xae80, 0xb000000) 08:11:35 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r1, &(0x7f0000000500)={0xa, 0x2}, 0x1c) listen(r1, 0x0) connect$inet(r0, &(0x7f0000000000)={0x2, 0x2, @loopback}, 0x10) accept4$inet6(r1, 0x0, 0x0, 0x0) 08:11:35 executing program 2: pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) syz_mount_image$vfat(&(0x7f0000000440)='vfat\x00', &(0x7f0000000400)='./file0\x00', 0xfffffffffffffffa, 0x1, &(0x7f00000003c0)=[{&(0x7f0000000080)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x280001c, 0x0) r1 = open(&(0x7f0000000300)='./file0\x00', 0x0, 0x0) fchdir(r1) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = socket$inet_udp(0x2, 0x2, 0x0) close(r4) write$cgroup_int(r3, &(0x7f0000000000), 0x35c) syz_open_procfs(0x0, &(0x7f00000000c0)='coredump_filter\x00') write$binfmt_misc(r3, &(0x7f0000000f00)=ANY=[@ANYRESDEC, @ANYRESOCT, @ANYRESDEC, @ANYRESOCT, @ANYRESHEX=0x0, @ANYRESOCT, @ANYBLOB="a69215d66d4a464b71947a54c7887c4b9c8aa5e01353a843034dd0a5ab21aed9cc31d1176e688c8ad3dad2d727d9483bd4a59d7bc58856ef2f0db4c363e22788c9eeb35a957762178f1d8df427870875dc3ae1560bea768823e9f207efc6ae2b76bb3a3b6be2c2bb34eaebe1ee41377522290c00aba1964d9c63e4a01ed6e491b9e0693ee1f87b56f2bbb722761d2936da9931455c3127db294fda4f4a657a6359cbb6099514535787a2a123fc54a1b8e3ed391c3ac1aa548f8fdcafadf2835aa5cbc663e41380f12d48339f24b2221861100b01005bfec07a62245e8949d0aa9e4f0c740b4659541b4c09ce3e66f69bab0c04ac0e1cebdd371a6e31f2580bdcc0262db8f90334a9f54f2c7859c6d67877b4ebf9731f3d6e702bc2e78d0e0a9daecee218911d71b7f7ad1bb14f4eba3cd933976bdbc4ce18ea52a9c5b021d5fda7418a155c4059b1907964e21f58fb4b48f887c97f7bb0e26051081e17c5b2092ead0e7756a5ab3a6177d4eee21dc4e3ec2e9f22e4eca3cd7dd98d484f79e61ca4d4b47f53fd1538c361016f687ed8bbd626b4322284905fc87054f1eebbf470bab5c7dd273d99efa62ccd6b4524fec4072993e7996190097e0d48d162e945883821de5a2563fbfa166f659e9964ed7ee17650851e84d17fbac9b249d0ba3dff0eaed3aeafc876cf1a095da9c490796fa860b9b7a39e81955768276ce72346585093b3eb833636c58ca8031ac31943c39758bc25348e3fd13f8f317f86c0c6cbb75c774ced9d5c7ac3c2136152f59bd32574bc00f8c262fc7eae8d926c416385103cf67a17d452a82cde3256fe7beccb36bcced6b77bfedadda762061fec9315c104c656413474c600cb1ee9bb60a8abbe205f779718aa75aaebbe6f9183e1d182d04c9c498cc8c6828c4b6a3de8c905d7729fd4e80d05fe1ad027a2b2b489ea575e978c8d7e39091d0e324344ba5ee7b6087ed98165e23cd05204787b46b11643f3680d2a3ac363ce537c234c3e68f829c0a321bbaa612ddf06c6fa4997795306bc70487f37c2df8e66170028717680d5c0ede474daa7e019b845dcca26a1acffccc0e41a278b4df2d4de602ceae6f7031c9515c9b2f65e7a4e674a5bb6b9f037b9e8cc65dbf868c89c24e93e91ba28f016e6c11c983bac8637cd5abbb906d7634edf961ca423a610e7ddf3b323f6946d6f012abdaa7e49797df3412e4f86f39578d5e4d8368ba7703cf8975d78039117be4b8bc4a19caf1695ad30f2b3c6d71a8143d0c3d46631d5f9a78d5dbed8a991d561dfe342a9195c3c5a727955c66f6fae32d4f2de0d16c7823ea96e337a48816e714733095197ea8cc4ce612d0ae1a1331f30258dc7994cd885120591096f234a95bb2c488073b4dd7ea53132d5992642bc6e93825fb43fa745f8203e5f926d4f29cf0f77e207bf4e7ee98850c423d6f8fee07cf680dc1bffbeab98e8bc85942b1fa62d4849e3f776c898c5676f90b45e9f29a2840856523582f6f40df123ca84ec44ba73e75365e8de3933b75aed611d4dfa915184dd4a6260261c58899ba666aedc2c7e874c6da3a4084404f8ab53e6cfca6cea5c4eae9c75c504b9ab6d6c22cb564d25129fac5301e670e565168887a01aa780fc0c1b9dc233aa8aff11f3d92c05ec18e7f7b36d0c6ada355e26a35416ecc10959151b4ff57f72be59a605bc7baf31f5469eca826f677094d0708d9ba933c4a12f7e7071c29843c4ef5fe883eee907b19998ead8b759ae1e0b0330299f6bc51828c796cfc6657f0a822d139f5d6f5f2650f0523511be5a67e33e6d1d23d02b26c9a20fab2eb6dbf29591052e71fc3647ef60c364f7be2604de96c6a87eceb34795ef47541122aa59263b3126807c70ed6935c4826573d70ccecd7c340c37015a30f4bfafa789c66477b12646315d78fd0e1dc8af1870574bd793f9da7a2314f9e3269e70bbbae59e4c95151a8919c4e68fc7c077ab86a2a12b78c3177103856c52874a57a440f9f0ffd91fb84e56c5ceb5e5b771e90e9d3d412f7258e4ff7180ee79f444013de8de7401fa2c5139977821cf6456d2547c23e143e8de59b5256eb5b40c3e557e7b32492b01101218ad6ae0ded216365541dd24927da665fcde04d19b4a45277c3d1f23c09ec1498cd83dc544c0b9799077ed9248006d6589a1d1d2da4fabe3f823d600f127a42745634c2b4670dbb7e2d97c1660c2e343924c46f05534a0627a995a44ea9019a0fe0ffce729f0bb36ca9875f941659717ef4c91a52f128104e1b9d99e5f6b9fa7ddd6a12fbe0b59a4e062595615972f26a35804c52716b414c69c736bca6ea95ac4ce278a9085b2f69baf97f6804ef60dfd44a6994c734a953e92c336a8a82503cccbb9049edd15152eda82f8a979452ef063fbb3dcf4d7ae6eb724632650f13ecb05ca8b945ed9de1270a0396263187a3ccae8fdfe19c6b7f870d4ad7cea4e8c35e1a4f60122b0e25dc2802bf47fe7dfdd8598c62f8c6f8cfb5afa8992ffa071bc4a031771479d470eed23853a48256263335939d1605d7cac3b02eda33bda996a72bab926f13c6ded5138f24f66a716e59f093ee8c11f0cad28784799d02a53d863bdd38cfe686403aa18cab6ad295c64ed6ee46b17dac2e764315fd1f8be4636fa4fc6cfcf2c7d471c09806f6e25d01eb16003b4ce1b7ab8cb3153ac8b26558a8e879672e24be6e03a8f3f8217f925844c59602db90282e83d8a0f5b5b780c1d11dbdb6c41cb8bbacbcf5c7b161080c418463cae57f2e613af09b056d6d2c0abc253e27aef25be5745b0ee738e91ef0b10ff2444cd18377081e02a553b4048d5acc0917394e8a66010ecfdf19b89944eb8c5fce6dc44128346a83b880b3a685a0433a36d5d80f5e487eac9608afd087121db30ed62257f679a5ff9dc55289d2832b1f8d01d45d581948fbfd92b6fc66446bae91f9a64f36079c0c4507fe725fff8754e8b4c0ac43f352631dc35581ed126e5a123ced96977f7b635a2b2b3a425916a3ad4f679603e5d48e807cc29157bb2766af309f197124c1581fe8c4a25aad35d914847b36e6e6ae8d7d478eba682ad617994d42a13109923934941891e74384c80b28450c0f38ffb69a2810b7fc3cf22b6b672e1752a62a8a6feabd41cd969f9a995056d8a163a5261b51bfee975bf88f055e6b99467b1097f15fd1e17a201acaebc3b4e662d7e7e25d0ee87b3926beb5254aa3c91cc64ddb8b6f63966aa63e7a07fdf86be57b2370b523ce72f3f0872ebc7d084d1e62352ef93ec1e5ce14f334cd126c48997e2d72ae2d9534264df2b22cc009a30240eca7063cf2d917647a47d694b8fe3db3f56455c16ae73948bf3cf4914df0965b1f27035f3a6a0bc1934d2c5a808218ed95aea8fdb831302a13da63cc29ab53ad8c8bea2c1f31a52e99fc7a3e559583f2932b48b50740c44b68185098fe08398c2424b95a804ea0fe6b10c925f8ad83c8dfe10022daca1f8371fb1b21255497e39c5f6b86851dbfd0aec2b3726e10646481309aab27af09792352afc419094e0a0c8daf827fe4ad055f9182fd8fdb2b9ecfe63e043b721998a3fa6d3521b0436be1796c6734b8f5a013d3053f59048bfd55f35f75c9bc058cec776fe7ff19f95f771c59a6d61638ee125fd93f192eaeddbed8edb179711c67e25dc2a6de074781ae95d350a780c2c65222129ef25709eb6b524fb40110bbb0cec647b4a3c438b59ae5d122a8396de50977e0878c82e612dc905c3904f7a52fb33fb18c1984a2135ea2870bceed3363fb879ac46b3990ec382971c4ac997a1ea118758600cd2bf6207d9b9d1ffee823473757304ba050cd2145320b9bef31f80edc6d610f488d5da6bc802cff3c3a0c3b6d1bd6e46126e8794b98364d1326372f4a72c7294a7c722cdc3e17ecd8d7375df3529bdf3535cca1295f4d724c3f4247d71b0b0fffec8789d52e4ce80f831ce8eec5aeb2e4cdc8047a56a752b79e1e7a76e9f612b59e60bf2bb0fd789566fb432db0cbcf4231747fe31b6d55f590541be04a3e35068789a359b64fcdcd4c0c318aae00e7252798340d39581f68c201627c39c3c7e2c198f30b369508bb3889edd1bedd6b494da78c448f346f05f1ec9c2b145530fdf31dcc26adf6cb5c5628fe91b38c6be11eab4f632b19befe6e33f0e3f198fdc67f5e41b48f98c5db2bb2a1439fa7117a3fe9f05893b0af1ebb4f9288ae09358898588f516444a99e2e70afff88a4e20b11eb8d2ab2f2913278e83ef45c64d7ee28d57dc29dd527c47cad3727009aeb642e1ad6d6f85c48fb7fcd0b62d3b18c48f82fd1d8511556209001cdb44792e0c523448c141140d4556cfdd67aa3d61ed773228bb4aed8374510b59637997be05105856c31c666c9b2de7bafe"], 0xca5) splice(r2, 0x0, r4, 0x0, 0x8100000, 0x0) creat(&(0x7f0000000140)='./bus\x00', 0x0) mkdir(&(0x7f0000000240)='./file1\x00', 0x0) mkdir(&(0x7f0000000280)='./file0\x00', 0x0) r5 = open(&(0x7f00000009c0)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x800002, 0x11, r5, 0x0) r6 = creat(&(0x7f00000002c0)='./bus\x00', 0x0) ioctl$KVM_SIGNAL_MSI(r6, 0x4020aea5, &(0x7f0000000000)={0xd000, 0xf000, 0x7, 0x2, 0x8}) fcntl$setstatus(r6, 0x4, 0x6100) ftruncate(r6, 0x8200) write$binfmt_misc(r0, &(0x7f0000000140)=ANY=[], 0x4240a2a0) 08:11:35 executing program 0: gettid() r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(r0, 0x40086602, 0x400007) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_pid(0xffffffffffffffff, 0x0, 0x0) write$cgroup_subtree(r1, &(0x7f0000000000)=ANY=[], 0x32600) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r1, &(0x7f0000000000)=ANY=[@ANYBLOB], 0xda00) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000080)='cpu.stat\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x7fff}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffc}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) write$cgroup_int(r2, &(0x7f0000000200), 0x43400) ioctl$PERF_EVENT_IOC_MODIFY_ATTRIBUTES(r1, 0x4008240b, &(0x7f0000000280)={0x0, 0x70, 0xff, 0x1, 0x0, 0x3, 0x0, 0x100000000, 0xc17d06253f1d94fb, 0x2, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x8000, 0x4, @perf_config_ext={0x4, 0x1f}, 0x800, 0x8239, 0x7fff, 0x1, 0x1000, 0x9, 0x7}) 08:11:35 executing program 5: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000000)="6653070000053c07bc3376003639405cb4aed1e68f7d368b3fb62f00000000", 0x1f}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x0) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) [ 1079.831101][ C0] TCP: request_sock_TCP: Possible SYN flooding on port 2. Sending cookies. Check SNMP counters. [ 1079.834962][ T27] audit: type=1800 audit(1577520695.561:633): pid=18958 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="file0" dev="loop1" ino=540 res=0 [ 1079.865430][ T27] audit: type=1804 audit(1577520695.601:634): pid=18958 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir643497950/syzkaller.E8iwYA/218/file0/file0" dev="loop1" ino=540 res=1 [ 1079.881474][ C0] TCP: request_sock_TCP: Possible SYN flooding on port 2. Sending cookies. Check SNMP counters. [ 1079.914429][ T27] audit: type=1804 audit(1577520695.651:635): pid=18968 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir643497950/syzkaller.E8iwYA/218/file0/file0" dev="loop1" ino=540 res=1 [ 1079.945144][T18968] FAULT_INJECTION: forcing a failure. [ 1079.945144][T18968] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1080.029871][T18968] CPU: 0 PID: 18968 Comm: syz-executor.1 Not tainted 5.5.0-rc1-syzkaller #0 [ 1080.038623][T18968] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1080.048694][T18968] Call Trace: [ 1080.051995][T18968] dump_stack+0x11d/0x181 [ 1080.056355][T18968] should_fail.cold+0xa/0x1a [ 1080.060971][T18968] should_fail_alloc_page+0x50/0x60 [ 1080.066202][T18968] __alloc_pages_nodemask+0xd2/0x310 [ 1080.071793][T18968] alloc_pages_current+0xd1/0x170 [ 1080.076832][T18968] push_pipe+0x170/0x320 [ 1080.081081][T18968] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 1080.086809][T18968] iov_iter_get_pages+0x481/0x8aa [ 1080.091847][T18968] ? blk_start_plug+0x62/0x120 [ 1080.096624][T18968] do_blockdev_direct_IO+0x372e/0x78c0 [ 1080.102116][T18968] ? perf_iterate_sb+0x9a/0x530 [ 1080.107013][T18968] ? perf_log_itrace_start+0x270/0x270 [ 1080.112489][T18968] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1080.118876][T18968] ? __this_cpu_preempt_check+0x45/0x140 [ 1080.124562][T18968] ? fat_add_cluster+0xd0/0xd0 [ 1080.129378][T18968] ? write_comp_data+0x19/0x70 [ 1080.134155][T18968] ? __mark_inode_dirty+0x285/0x940 [ 1080.139357][T18968] ? fat_add_cluster+0xd0/0xd0 [ 1080.144128][T18968] __blockdev_direct_IO+0x86/0xa0 [ 1080.149205][T18968] fat_direct_IO+0x109/0x180 [ 1080.153923][T18968] ? touch_atime+0x83/0x190 [ 1080.158466][T18968] generic_file_read_iter+0x1b0/0x1440 [ 1080.163938][T18968] ? mntput_no_expire+0xa4/0x520 [ 1080.168938][T18968] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1080.175197][T18968] ? iov_iter_pipe+0xfa/0x120 [ 1080.179910][T18968] generic_file_splice_read+0x35c/0x500 [ 1080.185561][T18968] do_splice_to+0xf2/0x130 [ 1080.189999][T18968] ? add_to_pipe+0x1c0/0x1c0 [ 1080.194612][T18968] ? add_to_pipe+0x1c0/0x1c0 [ 1080.199292][T18968] splice_direct_to_actor+0x1b6/0x540 [ 1080.204768][T18968] ? generic_pipe_buf_nosteal+0x20/0x20 [ 1080.210343][T18968] do_splice_direct+0x161/0x1e0 [ 1080.215298][T18968] do_sendfile+0x384/0x7f0 [ 1080.219842][T18968] __x64_sys_sendfile64+0x12a/0x140 [ 1080.225158][T18968] do_syscall_64+0xcc/0x3a0 [ 1080.229674][T18968] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1080.235575][T18968] RIP: 0033:0x45a919 [ 1080.239563][T18968] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1080.259187][T18968] RSP: 002b:00007f8e91f37c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 1080.267621][T18968] RAX: ffffffffffffffda RBX: 00007f8e91f37c90 RCX: 000000000045a919 08:11:35 executing program 2: pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) syz_mount_image$vfat(&(0x7f0000000000)='\xd4Y\x00', &(0x7f0000000400)='./file0\x00', 0xfffffffffffffffa, 0x1, &(0x7f00000003c0)=[{&(0x7f0000000080)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x280001c, 0x0) r1 = open(&(0x7f0000000300)='./file0\x00', 0x0, 0x0) fchdir(r1) creat(&(0x7f0000000140)='./bus\x00', 0x0) mkdir(&(0x7f0000000240)='./file1\x00', 0x0) mkdir(&(0x7f0000000280)='./file0\x00', 0x0) r2 = open(&(0x7f00000009c0)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x800002, 0x11, r2, 0x0) r3 = creat(&(0x7f00000002c0)='./bus\x00', 0x0) fcntl$setstatus(r3, 0x4, 0x6100) ftruncate(r3, 0x8200) write$cgroup_type(r3, &(0x7f0000000200)='threaded\x00', 0x175d900f) write$binfmt_misc(r0, &(0x7f0000000140)=ANY=[], 0x4240a2a0) 08:11:36 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x9, 0x4, &(0x7f0000000040)=@framed={{0xffffffb4, 0x6cb3210000000000, 0x0, 0x0, 0x0, 0x6e}, [@ldst={0x3, 0x0, 0x3, 0x1c10a1}], {0x95, 0x0, 0x0, 0x30}}, &(0x7f0000003ff6)='G\x00', 0x5, 0x100b0, &(0x7f000000cf3d)=""/195}, 0x48) 08:11:36 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x196, 0x0, 0x0, 0x0) ioctl$KVM_GET_XCRS(0xffffffffffffffff, 0x8188aea6, &(0x7f0000000000)=ANY=[@ANYBLOB="010002d59400000500ade76e876e03c8cc0000"]) ioctl$KVM_RUN(r2, 0xae80, 0xc000000) [ 1080.275603][T18968] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000006 [ 1080.283584][T18968] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 [ 1080.291874][T18968] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007f8e91f386d4 [ 1080.300013][T18968] R13: 00000000004c925e R14: 00000000004e0f88 R15: 0000000000000007 08:11:36 executing program 2: prctl$PR_SET_NAME(0xf, &(0x7f0000000100)='nodev*self/,posix_acl_access:^!\xa0eth1\x00') pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) syz_mount_image$vfat(&(0x7f0000000440)='vfat\x00', &(0x7f0000000400)='./file0\x00', 0xfffffffffffffffa, 0x1, &(0x7f00000003c0)=[{&(0x7f0000000080)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x280001c, 0x0) r1 = open(&(0x7f0000000300)='./file0\x00', 0x0, 0x0) fchdir(r1) creat(&(0x7f0000000140)='./bus\x00', 0x0) mkdir(&(0x7f0000000240)='./file1\x00', 0x0) mkdir(&(0x7f0000000280)='./file0\x00', 0x0) r2 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/pfkey\x00', 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x552, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, r2}, 0x78) ioctl$CAPI_GET_FLAGS(r2, 0x80044323, &(0x7f0000000040)) r3 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/pfkey\x00', 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x552, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, r3}, 0x78) ioctl$SNDCTL_DSP_GETODELAY(r3, 0x80045017, &(0x7f0000000180)) unlink(&(0x7f0000000000)='./file1\x00') r4 = open(&(0x7f00000009c0)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x800002, 0x11, r4, 0x0) r5 = creat(&(0x7f00000002c0)='./bus\x00', 0x0) fcntl$setstatus(r5, 0x4, 0x6100) ftruncate(r5, 0x8200) write$cgroup_type(r5, &(0x7f0000000200)='threaded\x00', 0x175d900f) r6 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_S_EXT_CTRLS(r6, 0xc0205648, &(0x7f0000000080)={0x0, 0x7}) r7 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_S_EXT_CTRLS(r7, 0xc0205648, &(0x7f0000000080)={0x0, 0x7}) r8 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_S_EXT_CTRLS(r8, 0xc0205648, &(0x7f0000000080)={0x0, 0x7}) r9 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_S_EXT_CTRLS(r9, 0xc0205648, &(0x7f0000000080)={0x0, 0x7}) write$binfmt_misc(r0, &(0x7f0000000680)=ANY=[@ANYPTR=&(0x7f0000000640)=ANY=[@ANYPTR64=&(0x7f00000007c0)=ANY=[@ANYRES32=r7, @ANYBLOB="06f8e0ebb0b970297d663fd3bca8cec2dba61b7a30ef407e74700de733c14b148b5d0474c219e1ead91c8269219584273df39a4cd066e4905bcb624941e01f1c711c680e4263ac122d063ef6c39653134f03e4fcc6fede161e14c23859e660d5ccdbbf192a63fc74606918a071663217cb24f18362dd8c1ac5a2ba76ded5e6c040c75dfbda7573c776d3589f000000000000", @ANYRES32=0x0, @ANYRES64=r8, @ANYRESOCT=0x0, @ANYPTR]], @ANYRESOCT=r6, @ANYRES16=0x0, @ANYRES64=r9], 0x6848719e7a07b537) [ 1080.361177][T18958] FAT-fs (loop1): error, fat_get_cluster: invalid cluster chain (i_pos 17) [ 1080.379356][T18958] FAT-fs (loop1): Filesystem has been set read-only [ 1080.386607][T18958] FAT-fs (loop1): error, fat_free: invalid cluster chain (i_pos 17) 08:11:36 executing program 3: socket$inet(0xa, 0x0, 0x84) unshare(0x40600) getpgid(0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, 0x0, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$tipc(&(0x7f0000000000)='TIPC\x00') sendmsg$TIPC_CMD_SET_NETID(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000600)={&(0x7f00000005c0)={0x24, r2, 0x5}, 0x24}}, 0x0) sendmsg$TIPC_CMD_SET_NETID(r0, &(0x7f00000002c0)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000240)={0x0}, 0x1, 0x0, 0x0, 0x4080}, 0x10840) socket$nl_route(0x10, 0x3, 0x0) openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, 0x0) creat(0x0, 0x0) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0x0) setsockopt$sock_linger(0xffffffffffffffff, 0x1, 0x3c, 0x0, 0x0) listen(0xffffffffffffffff, 0x8) dup(0xffffffffffffffff) 08:11:36 executing program 1 (fault-call:10 fault-nth:7): syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x552, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78) setsockopt$inet_mreqsrc(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000100)='./file0\x00', 0x40c2, 0x40) r2 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) write(r1, &(0x7f0000000600)="34fd98aa1d0e7adec937a5f331a75f487934f50242a0751944936972896c29a5068c8ecba1aa0a4e2a631b5180e1fbde79f4502dc4c4a1fba9dcd9ed83e639aefa1b87631c33d1a82cb0c0035676ddfeb0fe7984d7519b0f839d497fc9d64ef14d1de22220ff2623df4950134b9fb734a52adad95f131cce3672a9d7d7b400d2c62810b5f20351639330948107bf8d4534a03ac389455c54d8eb4d609b3e858b7213b38eb01f0eeaba3739ae927916e28da6a79a3fd5e32d30ab30bf959d4596e5ffbff6789a650b9e7d248d1ba849012336a4f3ef8fab07a8f5b81bb0bc45b2174538315ca12b7c723b2157562564a8a1f19d28179f8c565448e0e921b8c3e6fc4adaafa8b929ad077f633325b6a6f71a586cabc4883e03e19315f946b277858593a7367e232202fe9ad656c6768a1517da7f0498b48cb078e929fb11db0cc551f754bffc4859dd89a396915cc809b07d448573098409ea21371056f67ef4114ec10547f498d24513fe594308bf022868ad21e85bba811942fdc45161a1a8a7fe00d5c6b05ed7954f631bbd12a5c9a5cfa5965e0595de608b04ebe02b3fcbf3b9f57807a1a7ad8528992e2ec65949da2f4a0478dfd3ae52639c15d8aeaa351da6d393b58c772168fae604d097fef4d6b9360eb169a0b0ee70cdc22435a003e68698f61b3b63b1f51011bc8f4ef944c1de821785f670124a1c6ed18335d63412", 0x200) sendfile(r1, r2, 0x0, 0x7fffffa7) r3 = open(&(0x7f0000000040)='./file0\x00', 0x141042, 0x0) sendfile(r3, r1, 0x0, 0xffffffff) 08:11:36 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x196, 0x0, 0x0, 0x0) ioctl$KVM_GET_XCRS(0xffffffffffffffff, 0x8188aea6, &(0x7f0000000000)=ANY=[@ANYBLOB="010002d59400000500ade76e876e03c8cc0000"]) ioctl$KVM_RUN(r2, 0xae80, 0xd000000) 08:11:36 executing program 2: pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) syz_mount_image$vfat(&(0x7f0000000440)='vfat\x00', &(0x7f0000000400)='./file0\x00', 0xfffffffffffffffa, 0x1, &(0x7f00000003c0)=[{&(0x7f0000000080)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x280001c, 0x0) r1 = open(&(0x7f0000000300)='./file0\x00', 0x0, 0x0) fchdir(r1) creat(&(0x7f0000000140)='./bus\x00', 0x0) mkdir(&(0x7f0000000240)='./file1\x00', 0x0) mkdir(&(0x7f0000000280)='./file0\x00', 0x60) r2 = open(&(0x7f00000009c0)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x800002, 0x11, r2, 0x0) r3 = creat(&(0x7f00000002c0)='./bus\x00', 0x0) fcntl$setstatus(r3, 0x4, 0x6100) ftruncate(r3, 0x8200) write$cgroup_type(r3, &(0x7f0000000200)='threaded\x00', 0x175d900f) write$binfmt_misc(r0, &(0x7f0000000140)=ANY=[], 0x4240a2a0) [ 1080.777508][ T27] audit: type=1800 audit(1577520696.511:636): pid=19011 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="file0" dev="loop1" ino=541 res=0 08:11:36 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x196, 0x0, 0x0, 0x0) ioctl$KVM_GET_XCRS(0xffffffffffffffff, 0x8188aea6, &(0x7f0000000000)=ANY=[@ANYBLOB="010002d59400000500ade76e876e03c8cc0000"]) ioctl$KVM_RUN(r2, 0xae80, 0xe000000) [ 1080.963648][T19017] FAULT_INJECTION: forcing a failure. [ 1080.963648][T19017] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1080.969037][ T27] audit: type=1804 audit(1577520696.551:637): pid=19017 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir643497950/syzkaller.E8iwYA/219/file0/file0" dev="loop1" ino=541 res=1 [ 1081.032393][T19017] CPU: 0 PID: 19017 Comm: syz-executor.1 Not tainted 5.5.0-rc1-syzkaller #0 [ 1081.041127][T19017] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1081.051207][T19017] Call Trace: [ 1081.054631][T19017] dump_stack+0x11d/0x181 [ 1081.059043][T19017] should_fail.cold+0xa/0x1a [ 1081.063658][T19017] should_fail_alloc_page+0x50/0x60 [ 1081.068863][T19017] __alloc_pages_nodemask+0xd2/0x310 [ 1081.074191][T19017] alloc_pages_current+0xd1/0x170 [ 1081.079232][T19017] push_pipe+0x170/0x320 [ 1081.083518][T19017] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 1081.089369][T19017] iov_iter_get_pages+0x481/0x8aa [ 1081.094404][T19017] ? blk_start_plug+0x62/0x120 [ 1081.099256][T19017] do_blockdev_direct_IO+0x372e/0x78c0 [ 1081.104753][T19017] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1081.111028][T19017] ? tomoyo_domain_quota_is_ok+0x1e1/0x2b0 [ 1081.116870][T19017] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1081.123125][T19017] ? tomoyo_supervisor+0x170/0xd20 [ 1081.128334][T19017] ? fat_add_cluster+0xd0/0xd0 [ 1081.133120][T19017] ? write_comp_data+0x19/0x70 [ 1081.138064][T19017] ? __mark_inode_dirty+0x285/0x940 [ 1081.143278][T19017] ? fat_add_cluster+0xd0/0xd0 [ 1081.148060][T19017] __blockdev_direct_IO+0x86/0xa0 [ 1081.153097][T19017] fat_direct_IO+0x109/0x180 [ 1081.157751][T19017] ? touch_atime+0x83/0x190 [ 1081.162298][T19017] generic_file_read_iter+0x1b0/0x1440 08:11:36 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x196, 0x0, 0x0, 0x0) ioctl$KVM_GET_XCRS(0xffffffffffffffff, 0x8188aea6, &(0x7f0000000000)=ANY=[@ANYBLOB="010002d59400000500ade76e876e03c8cc0000"]) ioctl$KVM_RUN(r2, 0xae80, 0xf000000) [ 1081.165211][ T27] audit: type=1804 audit(1577520696.651:638): pid=19017 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir643497950/syzkaller.E8iwYA/219/file0/file0" dev="loop1" ino=541 res=1 [ 1081.167762][T19017] ? mntput_no_expire+0xa4/0x520 [ 1081.167835][T19017] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1081.203711][T19017] ? iov_iter_pipe+0xfa/0x120 [ 1081.208413][T19017] generic_file_splice_read+0x35c/0x500 [ 1081.213977][T19017] do_splice_to+0xf2/0x130 [ 1081.218394][T19017] ? add_to_pipe+0x1c0/0x1c0 [ 1081.223053][T19017] ? add_to_pipe+0x1c0/0x1c0 [ 1081.227791][T19017] splice_direct_to_actor+0x1b6/0x540 [ 1081.233300][T19017] ? generic_pipe_buf_nosteal+0x20/0x20 [ 1081.238869][T19017] do_splice_direct+0x161/0x1e0 [ 1081.243844][T19017] do_sendfile+0x384/0x7f0 [ 1081.248279][T19017] __x64_sys_sendfile64+0x12a/0x140 [ 1081.253497][T19017] do_syscall_64+0xcc/0x3a0 [ 1081.258086][T19017] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1081.263978][T19017] RIP: 0033:0x45a919 [ 1081.267959][T19017] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1081.287562][T19017] RSP: 002b:00007f8e91f37c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 1081.295973][T19017] RAX: ffffffffffffffda RBX: 00007f8e91f37c90 RCX: 000000000045a919 [ 1081.304014][T19017] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000006 [ 1081.312586][T19017] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 [ 1081.320551][T19017] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007f8e91f386d4 [ 1081.328616][T19017] R13: 00000000004c925e R14: 00000000004e0f88 R15: 0000000000000007 [ 1081.361878][T19011] FAT-fs (loop1): error, fat_get_cluster: invalid cluster chain (i_pos 17) [ 1081.371622][T19011] FAT-fs (loop1): Filesystem has been set read-only [ 1081.379031][T19011] FAT-fs (loop1): error, fat_get_cluster: invalid cluster chain (i_pos 17) 08:11:41 executing program 0: gettid() r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(r0, 0x40086602, 0x400007) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x6}, 0x3c) write$cgroup_subtree(r1, &(0x7f0000000000)=ANY=[], 0x32600) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r1, &(0x7f0000000000)=ANY=[@ANYBLOB], 0xda00) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000080)='cpu.stat\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x7fff}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffc}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) write$cgroup_int(r2, &(0x7f0000000200), 0x43400) ioctl$PERF_EVENT_IOC_MODIFY_ATTRIBUTES(r1, 0x4008240b, &(0x7f0000000280)={0x0, 0x70, 0xff, 0x1, 0x0, 0x3, 0x0, 0x100000000, 0xc17d06253f1d94fb, 0x2, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x8000, 0x4, @perf_config_ext={0x4, 0x1f}, 0x800, 0x8239, 0x7fff, 0x1, 0x1000, 0x9, 0x7}) 08:11:41 executing program 5: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000000)="6653070000053c07bc3376003639405cb4aed1e68f7d368b3fb62f00000000", 0x1f}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x0) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) 08:11:41 executing program 3: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) getsockopt$inet6_int(r0, 0x29, 0x31, 0x0, &(0x7f0000000180)) 08:11:41 executing program 1 (fault-call:10 fault-nth:8): syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x552, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78) setsockopt$inet_mreqsrc(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000100)='./file0\x00', 0x40c2, 0x40) r2 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) write(r1, &(0x7f0000000600)="34fd98aa1d0e7adec937a5f331a75f487934f50242a0751944936972896c29a5068c8ecba1aa0a4e2a631b5180e1fbde79f4502dc4c4a1fba9dcd9ed83e639aefa1b87631c33d1a82cb0c0035676ddfeb0fe7984d7519b0f839d497fc9d64ef14d1de22220ff2623df4950134b9fb734a52adad95f131cce3672a9d7d7b400d2c62810b5f20351639330948107bf8d4534a03ac389455c54d8eb4d609b3e858b7213b38eb01f0eeaba3739ae927916e28da6a79a3fd5e32d30ab30bf959d4596e5ffbff6789a650b9e7d248d1ba849012336a4f3ef8fab07a8f5b81bb0bc45b2174538315ca12b7c723b2157562564a8a1f19d28179f8c565448e0e921b8c3e6fc4adaafa8b929ad077f633325b6a6f71a586cabc4883e03e19315f946b277858593a7367e232202fe9ad656c6768a1517da7f0498b48cb078e929fb11db0cc551f754bffc4859dd89a396915cc809b07d448573098409ea21371056f67ef4114ec10547f498d24513fe594308bf022868ad21e85bba811942fdc45161a1a8a7fe00d5c6b05ed7954f631bbd12a5c9a5cfa5965e0595de608b04ebe02b3fcbf3b9f57807a1a7ad8528992e2ec65949da2f4a0478dfd3ae52639c15d8aeaa351da6d393b58c772168fae604d097fef4d6b9360eb169a0b0ee70cdc22435a003e68698f61b3b63b1f51011bc8f4ef944c1de821785f670124a1c6ed18335d63412", 0x200) sendfile(r1, r2, 0x0, 0x7fffffa7) r3 = open(&(0x7f0000000040)='./file0\x00', 0x141042, 0x0) sendfile(r3, r1, 0x0, 0xffffffff) 08:11:41 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x196, 0x0, 0x0, 0x0) ioctl$KVM_GET_XCRS(0xffffffffffffffff, 0x8188aea6, &(0x7f0000000000)=ANY=[@ANYBLOB="010002d59400000500ade76e876e03c8cc0000"]) ioctl$KVM_RUN(r2, 0xae80, 0x10000000) 08:11:41 executing program 2: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00') sendmsg$IPVS_CMD_NEW_DAEMON(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000240)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000000000000900000030000300080004002d0000000800030000000000140002007663616e3000000000000008000100"/62], 0x44}}, 0x0) sendmsg$IPVS_CMD_GET_CONFIG(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f00000000c0), 0xc, &(0x7f0000000180)={&(0x7f0000000100)={0x1c, r1, 0x400, 0x70bd2b, 0x25dfdbfb, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP={0x8}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4}, 0x4000000) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) syz_mount_image$vfat(&(0x7f0000000440)='vfat\x00', &(0x7f0000000400)='./file0\x00', 0xfffffffffffffffa, 0x1, &(0x7f00000003c0)=[{&(0x7f0000000080)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x280001c, 0x0) r3 = open(&(0x7f0000000000)='./file0\x00', 0x0, 0x2) fchdir(r3) creat(&(0x7f0000000140)='./bus\x00', 0x0) mkdir(&(0x7f0000000240)='./file1\x00', 0x0) mkdir(&(0x7f0000000280)='./file0\x00', 0x0) r4 = open(&(0x7f0000000040)='./file1\x00', 0x20000, 0x0) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x800002, 0x11, r4, 0x0) r5 = creat(&(0x7f00000002c0)='./bus\x00', 0x0) fcntl$setstatus(r5, 0x4, 0x6100) ftruncate(r5, 0x8200) write$cgroup_type(r5, &(0x7f0000000200)='threaded\x00', 0x175d900f) write$binfmt_misc(r2, &(0x7f0000000140)=ANY=[], 0x4240a2a0) [ 1086.282751][T19057] netlink: 'syz-executor.2': attribute type 4 has an invalid length. [ 1086.306727][T19057] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.2'. 08:11:42 executing program 3: gettid() r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(r0, 0x40086602, 0x400007) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_pid(0xffffffffffffffff, 0x0, 0x0) write$cgroup_subtree(r1, &(0x7f0000000000)=ANY=[], 0x32600) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r1, &(0x7f0000000000)=ANY=[@ANYBLOB], 0xda00) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000080)='cpu.stat\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x7fff}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffc}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) write$cgroup_int(r2, &(0x7f0000000200), 0x43400) ioctl$PERF_EVENT_IOC_MODIFY_ATTRIBUTES(r1, 0x4008240b, &(0x7f0000000280)={0x0, 0x70, 0xff, 0x1, 0x0, 0x3, 0x0, 0x100000000, 0xc17d06253f1d94fb, 0x2, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x8000, 0x4, @perf_config_ext={0x4, 0x1f}, 0x800, 0x8239, 0x7fff, 0x1, 0x1000, 0x9, 0x7}) [ 1086.359355][ T27] audit: type=1800 audit(1577520702.091:639): pid=19053 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="file0" dev="loop1" ino=542 res=0 08:11:42 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x196, 0x0, 0x0, 0x0) ioctl$KVM_GET_XCRS(0xffffffffffffffff, 0x8188aea6, &(0x7f0000000000)=ANY=[@ANYBLOB="010002d59400000500ade76e876e03c8cc0000"]) ioctl$KVM_RUN(r2, 0xae80, 0x11000000) [ 1086.505166][ T27] audit: type=1804 audit(1577520702.131:640): pid=19066 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir643497950/syzkaller.E8iwYA/220/file0/file0" dev="loop1" ino=542 res=1 [ 1086.572591][ T27] audit: type=1804 audit(1577520702.311:641): pid=19066 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir643497950/syzkaller.E8iwYA/220/file0/file0" dev="loop1" ino=542 res=1 [ 1086.574489][T19066] FAULT_INJECTION: forcing a failure. [ 1086.574489][T19066] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1086.626618][T19066] CPU: 0 PID: 19066 Comm: syz-executor.1 Not tainted 5.5.0-rc1-syzkaller #0 [ 1086.635351][T19066] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1086.645433][T19066] Call Trace: [ 1086.648742][T19066] dump_stack+0x11d/0x181 [ 1086.653113][T19066] should_fail.cold+0xa/0x1a [ 1086.657803][T19066] should_fail_alloc_page+0x50/0x60 [ 1086.663025][T19066] __alloc_pages_nodemask+0xd2/0x310 [ 1086.668332][T19066] alloc_pages_current+0xd1/0x170 [ 1086.673433][T19066] push_pipe+0x170/0x320 [ 1086.677700][T19066] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 1086.683448][T19066] iov_iter_get_pages+0x481/0x8aa [ 1086.688831][T19066] ? blk_start_plug+0x62/0x120 [ 1086.693780][T19066] do_blockdev_direct_IO+0x372e/0x78c0 [ 1086.699244][T19066] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1086.705592][T19066] ? tomoyo_domain_quota_is_ok+0x1e1/0x2b0 [ 1086.711551][T19066] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1086.717817][T19066] ? tomoyo_supervisor+0x170/0xd20 08:11:42 executing program 3: gettid() r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(r0, 0x40086602, 0x400007) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_pid(0xffffffffffffffff, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x6}, 0x3c) write$cgroup_subtree(r1, &(0x7f0000000000)=ANY=[], 0x32600) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r1, &(0x7f0000000000)=ANY=[@ANYBLOB], 0xda00) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000080)='cpu.stat\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x7fff}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffc}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) write$cgroup_int(r2, &(0x7f0000000200), 0x43400) ioctl$PERF_EVENT_IOC_MODIFY_ATTRIBUTES(r1, 0x4008240b, &(0x7f0000000280)={0x0, 0x70, 0xff, 0x1, 0x0, 0x3, 0x0, 0x100000000, 0xc17d06253f1d94fb, 0x2, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x8000, 0x4, @perf_config_ext={0x4, 0x1f}, 0x800, 0x8239, 0x7fff, 0x1, 0x1000, 0x9, 0x7}) [ 1086.723048][T19066] ? fat_add_cluster+0xd0/0xd0 [ 1086.727849][T19066] ? write_comp_data+0x19/0x70 [ 1086.733195][T19066] ? __mark_inode_dirty+0x285/0x940 [ 1086.738417][T19066] ? fat_add_cluster+0xd0/0xd0 [ 1086.743201][T19066] __blockdev_direct_IO+0x86/0xa0 [ 1086.748235][T19066] fat_direct_IO+0x109/0x180 [ 1086.752851][T19066] ? touch_atime+0x83/0x190 [ 1086.757372][T19066] generic_file_read_iter+0x1b0/0x1440 [ 1086.762842][T19066] ? mntput_no_expire+0xa4/0x520 [ 1086.767800][T19066] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1086.774058][T19066] ? iov_iter_pipe+0xfa/0x120 [ 1086.778790][T19066] generic_file_splice_read+0x35c/0x500 [ 1086.784430][T19066] do_splice_to+0xf2/0x130 [ 1086.788874][T19066] ? add_to_pipe+0x1c0/0x1c0 [ 1086.793482][T19066] ? add_to_pipe+0x1c0/0x1c0 [ 1086.798093][T19066] splice_direct_to_actor+0x1b6/0x540 [ 1086.803512][T19066] ? generic_pipe_buf_nosteal+0x20/0x20 [ 1086.809177][T19066] do_splice_direct+0x161/0x1e0 [ 1086.814065][T19066] do_sendfile+0x384/0x7f0 [ 1086.818560][T19066] __x64_sys_sendfile64+0x12a/0x140 [ 1086.823792][T19066] do_syscall_64+0xcc/0x3a0 [ 1086.828322][T19066] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1086.834224][T19066] RIP: 0033:0x45a919 [ 1086.838136][T19066] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1086.857855][T19066] RSP: 002b:00007f8e91f37c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 1086.866282][T19066] RAX: ffffffffffffffda RBX: 00007f8e91f37c90 RCX: 000000000045a919 [ 1086.874271][T19066] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000006 [ 1086.882265][T19066] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 [ 1086.890282][T19066] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007f8e91f386d4 [ 1086.898270][T19066] R13: 00000000004c925e R14: 00000000004e0f88 R15: 0000000000000007 08:11:42 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x196, 0x0, 0x0, 0x0) ioctl$KVM_GET_XCRS(0xffffffffffffffff, 0x8188aea6, &(0x7f0000000000)=ANY=[@ANYBLOB="010002d59400000500ade76e876e03c8cc0000"]) ioctl$KVM_RUN(r2, 0xae80, 0x12000000) 08:11:42 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x4, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x100000000000094}}, 0x0, 0xb, 0xffffffffffffffff, 0xdf3b0ad68f138f46) r0 = syz_open_dev$dri(&(0x7f00000001c0)='/dev/dri/card#\x00', 0x1, 0x0) ioctl$DRM_IOCTL_MODE_SETCRTC(r0, 0xc06864a2, &(0x7f0000000000)={0x0, 0x0, 0x20}) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000080)='./cgroup.cpu/syz0\x00', 0x1ff) request_key(0x0, &(0x7f0000000140)={'\x00\x15 ', 0x1}, &(0x7f0000000180)='./cgroup.cp/syz0\x00', 0xfffffffffffffffc) keyctl$invalidate(0x15, 0x0) getsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(0xffffffffffffff9c, 0x84, 0x9, &(0x7f0000000940)={0x0, @in6={{0xa, 0x4e23, 0x1, @mcast2, 0x40}}, 0x0, 0x0, 0x0, 0x0, 0x144}, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket(0x2, 0x3, 0xf9) r3 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer\x00', 0x601, 0x0) dup2(r2, r3) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) r5 = socket$kcm(0x2, 0x2, 0x73) shutdown(r5, 0x0) recvmmsg(r5, &(0x7f00000005c0)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}], 0x2, 0x40030020, 0x0) r6 = socket$inet6_tcp(0xa, 0x1, 0x0) listen(r6, 0x0) sendto$inet6(r4, 0x0, 0x0, 0x20000004, &(0x7f0000b63fe4), 0x19) r7 = dup2(0xffffffffffffffff, r4) accept4(r7, 0x0, 0x0, 0x0) ioctl$VIDIOC_TRY_EXT_CTRLS(r1, 0xc0205649, &(0x7f0000000280)={0xf3d0004, 0x2, 0xea}) pipe2(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) io_uring_enter(r8, 0x0, 0x0, 0x0, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_GET_ASSOC_NUMBER(0xffffffffffffffff, 0x84, 0x1c, &(0x7f00000000c0), &(0x7f0000000100)=0x4) r9 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IP_VS_SO_SET_STOPDAEMON(r9, 0x0, 0x48c, &(0x7f0000000080)={0x0, 'veth1\x00'}, 0xf62c3dc8da425be8) ioctl$VIDIOC_S_EXT_CTRLS(0xffffffffffffffff, 0xc0205648, &(0x7f0000000240)={0xf000000, 0x6, 0x9a, 0xffffffffffffffff, 0x0, &(0x7f0000000200)={0x9a0915, 0x7ff, [], @value64=0x6e49}}) getsockopt$nfc_llcp(r10, 0x118, 0xb, &(0x7f0000000340)=""/88, 0x58) ioctl(r9, 0x800000000008982, &(0x7f0000000080)) socket(0x9, 0x0, 0x0) 08:11:42 executing program 3: io_setup(0x9, &(0x7f0000000380)=0x0) r1 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer\x00', 0x20081, 0x0) io_submit(r0, 0x1, &(0x7f0000000180)=[&(0x7f0000000000)={0x0, 0x0, 0x0, 0x5, 0x0, r1, 0x0}]) r2 = syz_open_dev$usbmon(&(0x7f0000000080)='/dev/usbmon#\x00', 0x0, 0x9995b68b6f0c1a26) ioctl$SNDRV_CTL_IOCTL_RAWMIDI_NEXT_DEVICE(r2, 0xc0045540, &(0x7f00000000c0)=0x401) ioctl$RTC_SET_TIME(r1, 0x4024700a, &(0x7f0000000200)={0xe, 0x8, 0x13, 0xa, 0x3, 0xfffffff9, 0x0, 0xc9, 0xffffffffffffffff}) writev(r1, &(0x7f00000025c0)=[{&(0x7f0000000100)="9ceb74eb2c146aac8a3616ae2ebef1eff528fb0a2b470df3e49b33399a592fcbb392222381bd44a5f056f934ba5b1b89a3be390a6cf42c4e6ba2133cf741eb4b4cae787752268f24a6cb5e4789ab8b3a1bc4a6ce4ded0ff2414fd5f9474d63dc5ca6cebe62d8680981abe6edbc9af09a1a6f3a4e87f508a14c42485cd385bc756eff0880f9de06682344fec5d24bc061eea73785853462255fba9d424813e2bdf4d67a2a0143f27e907e42792df04b51ddeb16d72b2f2898d61397d24c37f962ef0cd665d03c605d9979fe2d11308cd37ba1813ce580dfbac36d5b4046ec1908a1f460d67dfb68f8045808e5", 0xec}], 0x1) 08:11:48 executing program 0: gettid() r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(r0, 0x40086602, 0x400007) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x6}, 0x3c) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0x32600) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB], 0xda00) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000080)='cpu.stat\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x7fff}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffc}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) write$cgroup_int(r1, &(0x7f0000000200), 0x43400) ioctl$PERF_EVENT_IOC_MODIFY_ATTRIBUTES(0xffffffffffffffff, 0x4008240b, &(0x7f0000000280)={0x0, 0x70, 0xff, 0x1, 0x0, 0x3, 0x0, 0x100000000, 0xc17d06253f1d94fb, 0x2, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x8000, 0x4, @perf_config_ext={0x4, 0x1f}, 0x800, 0x8239, 0x7fff, 0x1, 0x1000, 0x9, 0x7}) 08:11:48 executing program 3: clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) setxattr(&(0x7f0000000000)='\x00', &(0x7f0000000100)=@known='trusted.syz\x00', &(0x7f0000000200)='wfdno', 0x5, 0x0) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000140)='9p\x00', 0x0, &(0x7f0000000180)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r2}, 0x2c, {[{@version_L='version=9p2000.L'}]}}) connect$unix(r1, &(0x7f0000000080)=@abs={0x4521ffd8e78e6b8b, 0x0, 0x4e21}, 0x6e) r3 = openat$null(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/null\x00', 0xf080c0352a2c819a, 0x0) timer_create(0x0, &(0x7f0000000300)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000080)) r4 = socket$packet(0x11, 0x3, 0x300) recvfrom$packet(r4, 0x0, 0x0, 0x0, 0x0, 0x0) timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000200)=0x0) timer_settime(r5, 0x0, &(0x7f0000000180)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) inotify_add_watch(r3, &(0x7f0000000400)='./file0\x00', 0x100002c) setxattr$trusted_overlay_upper(&(0x7f0000000280)='./file0\x00', &(0x7f00000002c0)='trusted.overlay.upper\x00', &(0x7f0000000300)=ANY=[@ANYBLOB="00fbaa04ebecf24b69c0fb304c549bdd9f237b25cf6beafa0557595d24341cc38e615782db18d97d98aa08009c6df5052ec3f95b87f08513c2c69c5c7b1613b9ac7d810eef62acdce77f4635ff160d2fbca9d4bb716ca0d335d418dcda0c6553e948c3c6e64aeb179cfc07b7145d9cc7ee95bd36a3555aeeeb780eea554e64bed4f73be940908deba5a3f8abca385b006e856ad01ec9df534ed06ecd7f6004f01e1fe02bcf7b0c9d800f"], 0xaa, 0x5) 08:11:48 executing program 5: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000000)="6653070000053c07bc3376003639405cb4aed1e68f7d368b3fb62f00000000", 0x1f}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x0) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) 08:11:48 executing program 2: pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) syz_mount_image$vfat(&(0x7f0000000440)='vfat\x00', &(0x7f0000000400)='./file0\x00', 0xfffffffffffffffa, 0x1, &(0x7f00000003c0)=[{&(0x7f0000000080)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x280001c, 0x0) r1 = open(&(0x7f0000000300)='./file0\x00', 0x0, 0x0) fchdir(r1) creat(&(0x7f0000000140)='./bus\x00', 0x0) mkdir(&(0x7f0000000240)='./file1\x00', 0x0) mkdir(&(0x7f0000000280)='./file0\x00', 0x0) r2 = open(&(0x7f00000009c0)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x800002, 0x11, r2, 0x0) r3 = creat(&(0x7f00000002c0)='./bus\x00', 0x0) fcntl$setstatus(r3, 0x4, 0x6100) openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) r4 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_S_EXT_CTRLS(r4, 0xc0205648, &(0x7f0000000080)={0x0, 0x7}) r5 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_S_EXT_CTRLS(r5, 0xc0205648, &(0x7f0000000080)={0x0, 0x7}) ftruncate(r5, 0x2) write$cgroup_type(r3, &(0x7f0000000200)='threaded\x00', 0x175d900f) write$binfmt_misc(r0, &(0x7f0000000140)=ANY=[], 0x4240a2a0) 08:11:48 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x196, 0x0, 0x0, 0x0) ioctl$KVM_GET_XCRS(0xffffffffffffffff, 0x8188aea6, &(0x7f0000000000)=ANY=[@ANYBLOB="010002d59400000500ade76e876e03c8cc0000"]) ioctl$KVM_RUN(r2, 0xae80, 0x13000000) 08:11:48 executing program 1 (fault-call:10 fault-nth:9): syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x552, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78) setsockopt$inet_mreqsrc(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000100)='./file0\x00', 0x40c2, 0x40) r2 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) write(r1, &(0x7f0000000600)="34fd98aa1d0e7adec937a5f331a75f487934f50242a0751944936972896c29a5068c8ecba1aa0a4e2a631b5180e1fbde79f4502dc4c4a1fba9dcd9ed83e639aefa1b87631c33d1a82cb0c0035676ddfeb0fe7984d7519b0f839d497fc9d64ef14d1de22220ff2623df4950134b9fb734a52adad95f131cce3672a9d7d7b400d2c62810b5f20351639330948107bf8d4534a03ac389455c54d8eb4d609b3e858b7213b38eb01f0eeaba3739ae927916e28da6a79a3fd5e32d30ab30bf959d4596e5ffbff6789a650b9e7d248d1ba849012336a4f3ef8fab07a8f5b81bb0bc45b2174538315ca12b7c723b2157562564a8a1f19d28179f8c565448e0e921b8c3e6fc4adaafa8b929ad077f633325b6a6f71a586cabc4883e03e19315f946b277858593a7367e232202fe9ad656c6768a1517da7f0498b48cb078e929fb11db0cc551f754bffc4859dd89a396915cc809b07d448573098409ea21371056f67ef4114ec10547f498d24513fe594308bf022868ad21e85bba811942fdc45161a1a8a7fe00d5c6b05ed7954f631bbd12a5c9a5cfa5965e0595de608b04ebe02b3fcbf3b9f57807a1a7ad8528992e2ec65949da2f4a0478dfd3ae52639c15d8aeaa351da6d393b58c772168fae604d097fef4d6b9360eb169a0b0ee70cdc22435a003e68698f61b3b63b1f51011bc8f4ef944c1de821785f670124a1c6ed18335d63412", 0x200) sendfile(r1, r2, 0x0, 0x7fffffa7) r3 = open(&(0x7f0000000040)='./file0\x00', 0x141042, 0x0) sendfile(r3, r1, 0x0, 0xffffffff) [ 1092.789037][ T27] audit: type=1800 audit(1577520708.521:642): pid=19121 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="file0" dev="loop1" ino=543 res=0 [ 1092.882479][T19131] FAULT_INJECTION: forcing a failure. [ 1092.882479][T19131] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1092.895953][ T27] audit: type=1804 audit(1577520708.551:643): pid=19121 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir643497950/syzkaller.E8iwYA/221/file0/file0" dev="loop1" ino=543 res=1 [ 1092.899964][T19131] CPU: 0 PID: 19131 Comm: syz-executor.1 Not tainted 5.5.0-rc1-syzkaller #0 08:11:48 executing program 3: socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={'v\x06\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xbdh\x00', 0x43732e5398416f1a}) ioctl$TUNSETQUEUE(r1, 0x400454d9, &(0x7f0000000280)={'veth1_to_team\x00', 0x400}) ioctl$TUNATTACHFILTER(r1, 0x401054d5, &(0x7f0000000200)={0x1, &(0x7f0000000180)=[{}]}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000000)={'vet\x00\x00\x00\x00\x00\x00\x00\x00\x00\xbdh\x00', 0x43732e5398416f1a}) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000000)={'vet\x00\x00\x00\x00\x00\x00\x00\x00\x00\xbdh\x00', 0x43732e5398416f1a}) [ 1092.929991][T19131] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1092.940190][T19131] Call Trace: [ 1092.943579][T19131] dump_stack+0x11d/0x181 [ 1092.947969][T19131] should_fail.cold+0xa/0x1a [ 1092.952600][T19131] should_fail_alloc_page+0x50/0x60 [ 1092.957824][T19131] __alloc_pages_nodemask+0xd2/0x310 [ 1092.963154][T19131] alloc_pages_current+0xd1/0x170 [ 1092.968297][T19131] push_pipe+0x170/0x320 [ 1092.972567][T19131] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 1092.978307][T19131] iov_iter_get_pages+0x481/0x8aa [ 1092.983358][T19131] ? blk_start_plug+0x62/0x120 [ 1092.988131][T19131] do_blockdev_direct_IO+0x372e/0x78c0 [ 1092.993604][T19131] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1092.999970][T19131] ? tomoyo_domain_quota_is_ok+0x1e1/0x2b0 [ 1093.005832][T19131] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1093.012090][T19131] ? tomoyo_supervisor+0x170/0xd20 [ 1093.017271][T19131] ? fat_add_cluster+0xd0/0xd0 [ 1093.022053][T19131] ? write_comp_data+0x19/0x70 [ 1093.026835][T19131] ? __mark_inode_dirty+0x285/0x940 [ 1093.032047][T19131] ? fat_add_cluster+0xd0/0xd0 [ 1093.036849][T19131] __blockdev_direct_IO+0x86/0xa0 [ 1093.041900][T19131] fat_direct_IO+0x109/0x180 [ 1093.046611][T19131] ? touch_atime+0x83/0x190 [ 1093.051163][T19131] generic_file_read_iter+0x1b0/0x1440 [ 1093.056670][T19131] ? mntput_no_expire+0xa4/0x520 [ 1093.061728][T19131] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1093.067990][T19131] ? iov_iter_pipe+0xfa/0x120 [ 1093.072689][T19131] generic_file_splice_read+0x35c/0x500 [ 1093.076736][ T27] audit: type=1804 audit(1577520708.611:644): pid=19131 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir643497950/syzkaller.E8iwYA/221/file0/file0" dev="loop1" ino=543 res=1 [ 1093.078641][T19131] do_splice_to+0xf2/0x130 [ 1093.107746][T19131] ? add_to_pipe+0x1c0/0x1c0 [ 1093.112353][T19131] ? add_to_pipe+0x1c0/0x1c0 [ 1093.117765][T19131] splice_direct_to_actor+0x1b6/0x540 [ 1093.123266][T19131] ? generic_pipe_buf_nosteal+0x20/0x20 [ 1093.128844][T19131] do_splice_direct+0x161/0x1e0 08:11:48 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x196, 0x0, 0x0, 0x0) ioctl$KVM_GET_XCRS(0xffffffffffffffff, 0x8188aea6, &(0x7f0000000000)=ANY=[@ANYBLOB="010002d59400000500ade76e876e03c8cc0000"]) ioctl$KVM_RUN(r2, 0xae80, 0x14000000) 08:11:48 executing program 2: pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) syz_mount_image$vfat(&(0x7f0000000440)='vnat\x00', &(0x7f0000000400)='./file0\x00', 0xfffff7fffffffff7, 0x0, &(0x7f00000003c0), 0x300000, 0x0) r1 = open(&(0x7f0000000300)='./file0\x00', 0x0, 0x0) fchdir(r1) creat(&(0x7f0000000140)='./bus\x00', 0x0) mkdir(&(0x7f0000000240)='./file1\x00', 0x0) mkdir(&(0x7f0000000280)='./file0\x00', 0x0) r2 = open(&(0x7f00000009c0)='./bus\x00', 0x9c784e7eb241e4cd, 0x0) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x800002, 0x11, r2, 0x0) r3 = creat(&(0x7f00000002c0)='./bus\x00', 0x0) r4 = socket$netlink(0x10, 0x3, 0x8) r5 = syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0)='IPVS\x00') sendmsg$IPVS_CMD_ZERO(r4, &(0x7f0000000680)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000640)={&(0x7f0000000580)={0xbc, r5, 0x400, 0x70bd29, 0x25dfdbfc, {}, [@IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x800}, @IPVS_CMD_ATTR_DAEMON={0x20, 0x3, [@IPVS_DAEMON_ATTR_SYNC_MAXLEN={0x8, 0x4, 0xfb}, @IPVS_DAEMON_ATTR_MCAST_GROUP6={0x14, 0x6, @mcast1}]}, @IPVS_CMD_ATTR_DEST={0x40, 0x2, [@IPVS_DEST_ATTR_FWD_METHOD={0x8, 0x3, 0x2}, @IPVS_DEST_ATTR_FWD_METHOD={0x8, 0x3, 0x1}, @IPVS_DEST_ATTR_PORT={0x8, 0x2, 0x4e20}, @IPVS_DEST_ATTR_FWD_METHOD={0x8, 0x3, 0x2}, @IPVS_DEST_ATTR_ADDR={0x14, 0x1, @ipv6=@empty}, @IPVS_DEST_ATTR_TUN_TYPE={0x8, 0xd, 0x1}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x8}, @IPVS_CMD_ATTR_SERVICE={0xc, 0x1, [@IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x1000}, @IPVS_CMD_ATTR_DEST={0x1c, 0x2, [@IPVS_DEST_ATTR_L_THRESH={0x8, 0x6, 0x400}, @IPVS_DEST_ATTR_INACT_CONNS={0x8, 0x8, 0x7f}, @IPVS_DEST_ATTR_TUN_TYPE={0x8}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x4}]}, 0xbc}, 0x1, 0x0, 0x0, 0x40000}, 0x4) fcntl$setstatus(r3, 0x4, 0x6100) ftruncate(r3, 0x8200) write$cgroup_type(r3, &(0x7f0000000200)='threaded\x00', 0x175d900f) write$binfmt_misc(r0, &(0x7f0000000140)=ANY=[], 0x4240a2a0) [ 1093.133725][T19131] do_sendfile+0x384/0x7f0 [ 1093.138171][T19131] __x64_sys_sendfile64+0x12a/0x140 [ 1093.143395][T19131] do_syscall_64+0xcc/0x3a0 [ 1093.147983][T19131] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1093.153892][T19131] RIP: 0033:0x45a919 [ 1093.157806][T19131] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1093.177420][T19131] RSP: 002b:00007f8e91f37c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 1093.185913][T19131] RAX: ffffffffffffffda RBX: 00007f8e91f37c90 RCX: 000000000045a919 [ 1093.193892][T19131] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000006 [ 1093.201923][T19131] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 [ 1093.209907][T19131] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007f8e91f386d4 [ 1093.218176][T19131] R13: 00000000004c925e R14: 00000000004e0f88 R15: 0000000000000007 08:11:49 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x196, 0x0, 0x0, 0x0) ioctl$KVM_GET_XCRS(0xffffffffffffffff, 0x8188aea6, &(0x7f0000000000)=ANY=[@ANYBLOB="010002d59400000500ade76e876e03c8cc0000"]) ioctl$KVM_RUN(r2, 0xae80, 0x15000000) 08:11:49 executing program 3: r0 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x6000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x200000000000df8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_open_dev$mice(&(0x7f00000000c0)='/dev/input/mice\x00', 0x0, 0x800) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket(0x11, 0x800000003, 0x0) bind(r3, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) getsockname$packet(r3, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000140)=0x14) sendmsg$nl_route_sched(r2, &(0x7f0000000280)={0x0, 0x6558, &(0x7f00000002c0)={&(0x7f0000000780)=ANY=[@ANYBLOB="d00800002400ffffff7f00000000ffffa6fffff7", @ANYRES32=r4, @ANYBLOB="00000000f1ffffff000000000800010063627100a408020004040600030000000500000000700300fdffffffffff00001f0000000500000000020000010000000000100083000000fdffffff07000000084900000100000002000000cf000000feffffff080000000180000003000000090000000200000000274a49ef6949a7bb000000050000000100000004000000ff7f000000000000000400000002000004000000ff0f0000f44f350001000000010400005eb768350100000008000000ffffffffc38d00001f000000040008830600000000000100f7ffffff030000000080ffff050000000600000006000000a900000000000000c0000000c0ffffff08000000018000000101000006000000b300000000000020050000000104000004000000070000000800000001010000c22e0000c0ffffff0500000004000000060000000900000008000000f7ffffff0800000003000000080000000400000001000080040000000400000000100000040000000700000009000000fcffffff01000000010000000900000000020000060e0000080000000200000002000000090000000800000007000000ab000000fb00000007000000ff0100000800000001040000070000000300000009000000ff07000008000000ffff0000a90100000900000005000000200000000500000001000000070000008eb7000000000080010000000000000007000000fffffffffcffffff01f0ffff000000003f00000003000000000100000080000000800000030000000500000005000000ffffffff0700000015ba000004000000070000000300000003000000ffffffff04000000554f00006ff800000700000003000000000200000600000008000000b300000006000000000000000007000001010000030000000080000000040000730a000001000080010000009e0c0000000800000100008000000000000000004000000000fefffff67d000004000000ff01000002000000000000004000000040000000ed000000010001000e0a05000000000000020000040000000600000002000000ff7f00000100000001000000060000007f000000020000000004000004000000090000009000000008000000b6000000040000000400000005000000f50a0000ffff0000060000008ff9ffff070000001eaaffff3f0000008000000000000000ff0c0000ff7f0000030000007f0000002d0000000800000000010000ff070000ffffffff2bab000002000000ace800000500000000000000e1bf934d070000001f000d000300000004000000070000000900000005000000030000000200000087d400000200000008000000000100007f0000000e000000080000000200000007000000ffffff7f06000000000000000500000001000000820000001f0000000004000001000000faffffff0500000006000000070000000300000010000500810306009fff04000800000004040600d90b0000ff00000005000000040000001ba2cc3b00000080010000003f000000ff0f0000bd52c97303000000be060000fffffffffffeffff7f000000ff0000008100000000db040009000000070000000300000000000000060000008f5e0000010000000002000006000000010100000200000007000000000000e03189000001040000000800000600000004000000080000000400000002000000c00000000800000008000000f7ffffff05000000810000004d00000001000080eb0700001f000000090000000800000001000000000000000000000002000000ffff00000100000002000000000000e0a000000040000000ff000000f7ffffff0500000009000000070000000600000028080000030000000600000004000000be00000003000000070000000500000038080000faffffffffffffff47b5554d001000008100000007000000ffffffff040000000100000002000000566b00002000000004000000020000008b01000001000000ffff000004000000ff0f0000050000002000000003000000e40d000007000000f8ffffff200000003f000000387f00000700000007000000c10a000009000000040000000400000000000000008000000100008009000000370b000000000080ff07000006000000bb7900000400000002000000ffffff7f0300000000000000090000000700000005000000000000807f0000000900000008000000fad4ffffff01000001010000010000003f0000000400000020f2ffff01000100ffff0000010000000200000008000000fbfffffff9ffffff040000004d000000060000000200000002000000070000004e0d0000000200000800000035000000300e00000700000000040000020000000180000020000000f2ffffff070000000500000000010000fffffeff0900000000080000070000000800000009000000ff7f00000900000004000000040000000000000006000000050000000100000009000000080000007e0700000300000000800000bf16000002000006000000ffee0000000100000000000000001000006305000000000000000000007f00000010080000000000000100008002000000080000000101000003000000ffffff7ffffffffff7ffffff0600000003000000a6060000ff0300000700000001800000090000000200000000000000040000000080ffff00020000070000000500000001000100000000800000af06060000002b0a000005000000010000000500000009000000040000000500000002000000ffffff7ff30000000800000002000000ffff0000ff070000810000004000000075fc000009000000fbffffff0500000000000000810000000100000080000000d05e0000020000001f00000000000000ff010000451e00002d00000000000000ff0000001000030008001000ff070000010000001800010039031c020101000001000000000000060500000010000200e002807104000000ff03000018000100080d1e02800000000700000024709a02ff7f000010000500010000000000000007000000100003001f0003000700000001010000180001000501040009000000040000000104000000000000f2275eef7138e6d8404ee35c1c03d0a7e3015b89e6e440ebafa27d5b8188804cd5beea2fda73c030f26439c9e4f2e27a824bfb4415f2af99b482560d1a447df28d8d838ad1a39caf40dc96c5f134529d47c0604f66f8714f8ee51165c4b029a7dc7e2f90de64a234d9098b06231c71bc79c43de912eb17614cf75d8c49152a801ac9a1326f0e334e0534faa8d8704d03c25495230a2ed4feb5298d99c124310dd8d4054c8be6bdb8bcede3d1552b08c169755c508c65ff8e1c50711a38d9a451eb650df96535fcc7669eb1f0f7fc5135a05b389610d33df49e9d1d3808c8fa0524b1caa582c913fedb22de15fbc7e7890faa48e6205a74bf817d48ea3dc9cddb6acc14b94522ccce95a27379b1ced543ad45de5016647e86154fd92670b9fc95ff90ea60fcf349981185b11322c4a48276eea082e4be45b9125653ba5f8ad8500d0d768b2de6b9e198568ecd526a1ba44c9180104fa91e55e31181b4acad815ef766bc8604c30c715da309a185645439aaabb542625905dc77193d45cde1978dc9c67cea6b01d2d4a28b13fc1e71d1f2a38537c44b629790b1305371c9e705771da5555c743b5b4adea2b95aa708f41e7a713277f5422f2bb669861730554e266f4ae61e0377f517b23ae4821e04e500cf998be043bab81fa38368a555f4a381eab2a692e06a4ca80bcb7570518078eb76bd313b23d0708cd26017f5a6"], 0x8d0}}, 0x0) bind$can_j1939(r1, &(0x7f0000000100)={0x1d, r4, 0x1, {0x68218226ac896240, 0xff, 0x4}, 0xff}, 0x18) r5 = perf_event_open(&(0x7f0000000140)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r5, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r0, 0x2405, r5) r6 = socket$inet6_udp(0xa, 0x2, 0x0) setresuid(0x0, 0x0, 0x0) r7 = socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$dupfd(r7, 0x0, r7) ioctl$sock_inet6_SIOCSIFADDR(r7, 0x8916, &(0x7f00000001c0)={@remote={0xfe, 0x80, [0x4]}, 0x6, r4}) connect$inet6(r6, &(0x7f0000000000)={0xa, 0x0, 0x0, @remote, 0x3}, 0x1c) ioctl$TIOCEXCL(r5, 0x540c) r8 = socket$l2tp(0x18, 0x1, 0x1) connect$l2tp(r8, &(0x7f0000000040)=@pppol2tpv3={0x18, 0x1, {0x0, r6, {0x2, 0x0, @multicast2}, 0x4}}, 0x2e) r9 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000240)='/dev/nvram\x00', 0x400000, 0x0) r10 = socket(0x11, 0x800000003, 0x0) bind(r10, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) getsockname$packet(r10, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000140)=0x14) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000001280)=ANY=[@ANYBLOB="d00800002400ffffff7f00000000ffffa6fffff7", @ANYRES32=r11, @ANYBLOB="0000000bf1ffffff000000000800010063627100a408020004040600030000000500000000700300fdffffffffff00001f0000000500000000010000000000100083000000fdffffff07000000084900000100000002000000cf000000feffffff0800003326f6000180000003000000090000000200000000274a49ef6949a7bb000000050000000100000004000000ff7f000000000000000400000002000004000000ff0f0000f44f350001000000010400005eb768350100000008000000ffffffffc38d00001f000000040008830600000000000100f7ffffff030000000080ffff050000000600000006000000a900000000000000c0000000c0ffffff08000000018000000101000006000000b300000000000020050000000104000004000000070000000800000001010000c22e0000c0ffffff0500000004000000060000000900000008000000f7ffffff0800000003000000080000000400000001030080040000000400000000100000040000000700000009000000fcffffff01000000010000000900000000020000060e0000080000000200000002000000090000000800000007000000ab000000fb00000007000000ff0100000800000001040000070000000300000009000000ff07000008000000ffff0000a90100000900000005000000200000000500000001000000070000008eb7000000000080010000000000000007000000fffffffffcffffff01f0ffff000000003f00000003000000000100000080000000800000030000000500000005000000ffffffff0700000015ba000004000000070000000300000003000000ffffffff04000000554f00006ff800000700000003000000000200000600000008000000b300000006000000000000000007000001010000030000000080000000040000730a000001000080010000009e0c0000000800000100008000000000000000004000000000fefffff67d000004000000ff01000002000000000000004000000040000000ed000000010001000e0a05000000000000020000040000000600000002000000ff7f00000100000001000000060000007f000000020000000004000004000000090000009000000008000000b6000000040000000400000005000000f50a0000ffff0000060000008ff9ffff070000001eaaffff3f0000008000000000000000ff0c0000ff7f0000030000007f0000002d0000000800000000010000ff070000ffffffff2bab000002000000ace800000500000000000000e1bf934d070000001f000d000300000004000000070000000900000005000000030000000200000087d400000200000008000000000100007f0000000e000000080000000200000007000000ffffff7f06000000000000000500000001000000820000001f0000000004000001000000faffffff0500000006000000070000000300000010000500810306009fff04000800000004040600d90b0000ff00000005000000040000001ba2cc3b00000080010000003f000000ff0f00201152c97303000000be060000fffffffffffeffff7f000000ff0000008100000000db040009000000070000000300000000000000060000008f5e0000010000000002000006000000010100000200000007000000000000e03189000001040000000800000600000004000000080000000400000002000000c00000000800000008000000f7ffffff05000000810000004d00000001000080eb0700001f000000090000000597000001000000000000000000000002000000ffff00000100000002000000000000e0a000000040000000ff000000f7ffffff0500000009000000070000000600000028080000030000000600000004000000be00000003000000070000000500000038080000faffffffffffffff47b5554d001000008100000007000000ffffffff040000000100000002000000566b00002000000004000000020000008b01000001000000ffff000004000000ff0f0000050000002000000003000000e40d000007000000f8ffffff200000003f000000387f00000700000007000000c10a000009000000040000000400000000000000008000000100008009000000370b000000000080ff07000006000000bb7900000400000002000000ffffff7f0300000000000000090000000700000005000000000000807f0000000900000008000000fad4ffffff01000001010000010000003f0000000400000020f2ffff01000100ffff0000010000000200000008000000fbfffffff9ffffff040000004d000000060000000200000002000000070000004e0d0000000200000800000035000000300e00000700000000040000020000000180000020000000f2ffffff070000000500000000010000fffffeff0900000000080000070000000800000009000000ff7f00000900000004000000040000000000000006000000050000000100000009000000080000007e0700000300000000800000bf16000002000006000000ffee0000000100000000000000001000006305000000000000000000007f00000010080000000000000100008002000000080000000101000003000000ffffff7ffffffffff7ffffff0600000003000000a6060000ff0300000700000001800000090000000200000000000000040000000080ffff00020000070000000500000001000100000000800000af06060000002b0a000005000000010000000500000009000000040000000500000002000000ffffff7ff30000000800000002000000ffff0000ff070000810000004000000075fc000009000000fbffffff0500000000000000810000000100000080000000d05e0000020000001f00000000000000ff010000451e00002d00000000000000ff0000001000030008001000ff070000010000001800010039031c020101000001000000000000060500000010000200e002807104000000ff03000018000100080d1e02800000000700000024709a02ff7f000010000500010000000000e0ff07000000100003001f0003000700000001010000180001000501040009000000040000000104000000000000f2275eef7138e6d8404ee35c1c03d0a7e3015b89e6e440ebafa27d5b8188804cd5beea2fda73c030f26439c9e4f2e27a824bfb4415f2af99b482560d1a447df28d8d838ad1a39caf40dc96c5f134529d47c0604f66f8714f8ee51165c4b029a7dc7e2f90de64a234d9098b06231c71bc79c43de912eb17614cf75d8c49152a801ac9a1326f0e334e0534faa8d8704d03c25495230a2ed4feb5298d99c124310dd8d4054c8be6bdb8bcede3d1552b08c169755c508c65ff8e1c50711a38d9a451eb650df96535fcc7669eb1f0f7fc5135a05b389610d33df49e9d1d3808c8fa0524b1caa582c913fedb22de15fbc7e7890faa48e6205a74bf817d48ea3dc9cddb6acc14b94522ccce95a27379b1ced543ad45de5016647e86154fd92670b9fc95ff90ea60fcf349981185b11322c4a48276eea082e4be45b9125653ba5f8ad8500d0d768b2de6b9e198568ecd526a1ba44c9180104fa91e55e31181b4acad815ef766bc8604c30c715da309a185645439aaabb542625905dc77193d45cde1978dc9c67cea6b01d2d4a28b13fc1e71d1f2a38537c44b629790b1305371c9e705771da5555c743b5b4adea2b95aa708f41e7a713277f5422f2bb669861730554e266f4ae61e0377f517b23ae4821e04e500cf998be043bab81fa38368a555f4a381eab2a692e06a4ca80bcb7570518078eb76bd313b23d0708cd26017f5a61b25a4fd45c27d7c3c7b21"], 0x8d0}}, 0x0) ioctl$sock_inet6_SIOCADDRT(r9, 0x890b, &(0x7f0000000300)={@loopback, @initdev={0xfe, 0x88, [], 0x1, 0x0}, @rand_addr="71675a3e2798aa4448ce7864cff6ef01", 0x101, 0x7, 0x2, 0x0, 0x1ff, 0x82, r11}) sendmmsg(r8, &(0x7f0000005fc0), 0x800000000000059, 0x0) 08:11:49 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x196, 0x0, 0x0, 0x0) ioctl$KVM_GET_XCRS(0xffffffffffffffff, 0x8188aea6, &(0x7f0000000000)=ANY=[@ANYBLOB="010002d59400000500ade76e876e03c8cc0000"]) ioctl$KVM_RUN(r2, 0xae80, 0x16000000) 08:11:58 executing program 0: gettid() r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(r0, 0x40086602, 0x400007) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x6}, 0x3c) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0x32600) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB], 0xda00) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000080)='cpu.stat\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x7fff}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffc}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) write$cgroup_int(r1, &(0x7f0000000200), 0x43400) ioctl$PERF_EVENT_IOC_MODIFY_ATTRIBUTES(0xffffffffffffffff, 0x4008240b, &(0x7f0000000280)={0x0, 0x70, 0xff, 0x1, 0x0, 0x3, 0x0, 0x100000000, 0xc17d06253f1d94fb, 0x2, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x8000, 0x4, @perf_config_ext={0x4, 0x1f}, 0x800, 0x8239, 0x7fff, 0x1, 0x1000, 0x9, 0x7}) 08:11:58 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x196, 0x0, 0x0, 0x0) ioctl$KVM_GET_XCRS(0xffffffffffffffff, 0x8188aea6, &(0x7f0000000000)=ANY=[@ANYBLOB="010002d59400000500ade76e876e03c8cc0000"]) ioctl$KVM_RUN(r2, 0xae80, 0x17000000) 08:11:58 executing program 1 (fault-call:10 fault-nth:10): syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x552, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78) setsockopt$inet_mreqsrc(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000100)='./file0\x00', 0x40c2, 0x40) r2 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) write(r1, &(0x7f0000000600)="34fd98aa1d0e7adec937a5f331a75f487934f50242a0751944936972896c29a5068c8ecba1aa0a4e2a631b5180e1fbde79f4502dc4c4a1fba9dcd9ed83e639aefa1b87631c33d1a82cb0c0035676ddfeb0fe7984d7519b0f839d497fc9d64ef14d1de22220ff2623df4950134b9fb734a52adad95f131cce3672a9d7d7b400d2c62810b5f20351639330948107bf8d4534a03ac389455c54d8eb4d609b3e858b7213b38eb01f0eeaba3739ae927916e28da6a79a3fd5e32d30ab30bf959d4596e5ffbff6789a650b9e7d248d1ba849012336a4f3ef8fab07a8f5b81bb0bc45b2174538315ca12b7c723b2157562564a8a1f19d28179f8c565448e0e921b8c3e6fc4adaafa8b929ad077f633325b6a6f71a586cabc4883e03e19315f946b277858593a7367e232202fe9ad656c6768a1517da7f0498b48cb078e929fb11db0cc551f754bffc4859dd89a396915cc809b07d448573098409ea21371056f67ef4114ec10547f498d24513fe594308bf022868ad21e85bba811942fdc45161a1a8a7fe00d5c6b05ed7954f631bbd12a5c9a5cfa5965e0595de608b04ebe02b3fcbf3b9f57807a1a7ad8528992e2ec65949da2f4a0478dfd3ae52639c15d8aeaa351da6d393b58c772168fae604d097fef4d6b9360eb169a0b0ee70cdc22435a003e68698f61b3b63b1f51011bc8f4ef944c1de821785f670124a1c6ed18335d63412", 0x200) sendfile(r1, r2, 0x0, 0x7fffffa7) r3 = open(&(0x7f0000000040)='./file0\x00', 0x141042, 0x0) sendfile(r3, r1, 0x0, 0xffffffff) 08:11:58 executing program 3: r0 = socket$packet(0x11, 0x2, 0x300) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet(0xa, 0x801, 0x84) connect$inet(r2, &(0x7f0000004cc0)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10) r3 = socket$inet(0x10, 0x2, 0x0) ioctl$sock_ifreq(r3, 0x8971, &(0x7f0000000000)={'tunl0\x00', @ifru_map}) listen(r2, 0x83) r4 = accept4(r2, 0x0, 0x0, 0x0) getsockopt$inet_buf(r4, 0x84, 0x76, &(0x7f0000dcffe8)=""/11, &(0x7f0000000080)=0x19a) 08:11:58 executing program 2: pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) syz_mount_image$vfat(&(0x7f0000000440)='vfat\x00', &(0x7f0000000400)='./file0\x00', 0xfffffffffffffffa, 0x1, &(0x7f00000003c0)=[{&(0x7f0000000080)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x280001c, 0x0) r1 = open(&(0x7f0000000300)='./file0\x00', 0x0, 0x0) fchdir(r1) creat(&(0x7f0000000140)='./bus\x00', 0x0) mkdir(&(0x7f0000000240)='./file1\x00', 0x0) mkdir(&(0x7f0000000280)='./file0\x00', 0x0) r2 = open(&(0x7f00000009c0)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x800002, 0x11, r2, 0x0) r3 = creat(&(0x7f00000002c0)='./bus\x00', 0x0) fcntl$setstatus(r3, 0x4, 0x6100) ftruncate(r3, 0x8200) mount$overlay(0x0, &(0x7f0000000000)='./bus\x00', &(0x7f0000000040)='overlay\x00', 0x12034, &(0x7f00000000c0)={[{@default_permissions='default_permissions'}, {@index_on='index=on'}, {@index_on='index=on'}, {@redirect_dir={'redirect_dir', 0x3d, './file0'}}], [{@context={'context', 0x3d, 'system_u'}}]}) write$cgroup_type(r3, &(0x7f0000000200)='threaded\x00', 0x175d900f) write$binfmt_misc(r0, &(0x7f0000000140)=ANY=[], 0x4240a2a0) 08:11:58 executing program 5: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000000)="6653070000053c07bc3376003639405cb4aed1e68f7d368b3fb62f00000000", 0x1f}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0xffffffffffffffff, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) [ 1103.238166][ T27] audit: type=1800 audit(1577520718.971:645): pid=19188 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="file0" dev="loop1" ino=544 res=0 08:11:59 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x196, 0x0, 0x0, 0x0) ioctl$KVM_GET_XCRS(0xffffffffffffffff, 0x8188aea6, &(0x7f0000000000)=ANY=[@ANYBLOB="010002d59400000500ade76e876e03c8cc0000"]) ioctl$KVM_RUN(r2, 0xae80, 0x18000000) 08:11:59 executing program 3: syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$SIOCX25SSUBSCRIP(r2, 0x89e1, 0x0) r3 = creat(&(0x7f00000002c0)='./bus\x00', 0x0) fcntl$setstatus(r3, 0x4, 0x6100) ftruncate(r3, 0x8200) write$cgroup_type(r3, &(0x7f0000000200)='threaded\x00', 0x175d900f) [ 1103.338233][ T27] audit: type=1804 audit(1577520719.011:646): pid=19188 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir643497950/syzkaller.E8iwYA/222/file0/file0" dev="loop1" ino=544 res=1 [ 1103.440090][ T27] audit: type=1804 audit(1577520719.121:647): pid=19204 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir643497950/syzkaller.E8iwYA/222/file0/file0" dev="loop1" ino=544 res=1 08:11:59 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x196, 0x0, 0x0, 0x0) ioctl$KVM_GET_XCRS(0xffffffffffffffff, 0x8188aea6, &(0x7f0000000000)=ANY=[@ANYBLOB="010002d59400000500ade76e876e03c8cc0000"]) ioctl$KVM_RUN(r2, 0xae80, 0x19000000) 08:11:59 executing program 2: pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) syz_mount_image$vfat(&(0x7f0000000440)='vfat\x00', &(0x7f0000000400)='./file0\x00', 0xfffffffffffffffa, 0x1, &(0x7f00000003c0)=[{&(0x7f0000000080)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x280001c, 0x0) r1 = open(&(0x7f0000000300)='./file0\x00', 0x80, 0x0) fchdir(r1) creat(&(0x7f0000000140)='./bus\x00', 0x0) mkdir(&(0x7f0000000240)='./file1\x00', 0x0) mkdir(&(0x7f0000000280)='./file0\x00', 0x0) r2 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/pfkey\x00', 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x552, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, r2}, 0x78) ioctl$TIOCCONS(r2, 0x541d) r3 = open(&(0x7f00000009c0)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x800002, 0x11, r3, 0x0) r4 = creat(&(0x7f00000002c0)='./bus\x00', 0x0) fcntl$setstatus(r4, 0x4, 0x6100) ftruncate(r4, 0x8200) write$cgroup_type(r4, &(0x7f0000000200)='threaded\x00', 0x175d900f) write$binfmt_misc(r0, &(0x7f0000000140)=ANY=[], 0x4240a2a0) 08:11:59 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x196, 0x0, 0x0, 0x0) ioctl$KVM_GET_XCRS(0xffffffffffffffff, 0x8188aea6, &(0x7f0000000000)=ANY=[@ANYBLOB="010002d59400000500ade76e876e03c8cc0000"]) ioctl$KVM_RUN(r2, 0xae80, 0x1a000000) 08:11:59 executing program 1: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x552, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78) setsockopt$inet_mreqsrc(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000100)='./file0\x00', 0x40c2, 0x40) r2 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) write(r1, &(0x7f0000000600)="34fd98aa1d0e7adec937a5f331a75f487934f50242a0751944936972896c29a5068c8ecba1aa0a4e2a631b5180e1fbde79f4502dc4c4a1fba9dcd9ed83e639aefa1b87631c33d1a82cb0c0035676ddfeb0fe7984d7519b0f839d497fc9d64ef14d1de22220ff2623df4950134b9fb734a52adad95f131cce3672a9d7d7b400d2c62810b5f20351639330948107bf8d4534a03ac389455c54d8eb4d609b3e858b7213b38eb01f0eeaba3739ae927916e28da6a79a3fd5e32d30ab30bf959d4596e5ffbff6789a650b9e7d248d1ba849012336a4f3ef8fab07a8f5b81bb0bc45b2174538315ca12b7c723b2157562564a8a1f19d28179f8c565448e0e921b8c3e6fc4adaafa8b929ad077f633325b6a6f71a586cabc4883e03e19315f946b277858593a7367e232202fe9ad656c6768a1517da7f0498b48cb078e929fb11db0cc551f754bffc4859dd89a396915cc809b07d448573098409ea21371056f67ef4114ec10547f498d24513fe594308bf022868ad21e85bba811942fdc45161a1a8a7fe00d5c6b05ed7954f631bbd12a5c9a5cfa5965e0595de608b04ebe02b3fcbf3b9f57807a1a7ad8528992e2ec65949da2f4a0478dfd3ae52639c15d8aeaa351da6d393b58c772168fae604d097fef4d6b9360eb169a0b0ee70cdc22435a003e68698f61b3b63b1f51011bc8f4ef944c1de821785f670124a1c6ed18335d63412", 0x200) sendfile(r1, r2, 0x0, 0x7fffffa7) r3 = open(&(0x7f0000000040)='./file0\x00', 0x141042, 0x0) sendfile(r3, r1, 0x0, 0xffffffff) [ 1104.274285][ T27] audit: type=1800 audit(1577520720.011:648): pid=19247 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="file0" dev="loop1" ino=546 res=0 [ 1104.300371][ T27] audit: type=1804 audit(1577520720.031:649): pid=19247 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir643497950/syzkaller.E8iwYA/223/file0/file0" dev="loop1" ino=546 res=1 [ 1104.365993][ T27] audit: type=1804 audit(1577520720.101:650): pid=19252 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir643497950/syzkaller.E8iwYA/223/file0/file0" dev="loop1" ino=546 res=1 08:12:06 executing program 0: gettid() r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(r0, 0x40086602, 0x400007) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x6}, 0x3c) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0x32600) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB], 0xda00) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000080)='cpu.stat\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x7fff}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffc}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) write$cgroup_int(r1, &(0x7f0000000200), 0x43400) ioctl$PERF_EVENT_IOC_MODIFY_ATTRIBUTES(0xffffffffffffffff, 0x4008240b, &(0x7f0000000280)={0x0, 0x70, 0xff, 0x1, 0x0, 0x3, 0x0, 0x100000000, 0xc17d06253f1d94fb, 0x2, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x8000, 0x4, @perf_config_ext={0x4, 0x1f}, 0x800, 0x8239, 0x7fff, 0x1, 0x1000, 0x9, 0x7}) 08:12:06 executing program 2: pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) syz_mount_image$vfat(&(0x7f0000000440)='vfat\x00', &(0x7f0000000400)='./file0\x00', 0xfffffffffffffffa, 0x1, &(0x7f00000003c0)=[{&(0x7f0000000080)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x280001c, 0x0) r1 = open(&(0x7f0000000300)='./file0\x00', 0x0, 0x0) fchdir(r1) creat(&(0x7f0000000140)='./bus\x00', 0x0) mkdir(&(0x7f0000000240)='./file1\x00', 0x0) mkdir(&(0x7f0000000280)='./file0\x00', 0x0) r2 = open(&(0x7f00000009c0)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x800002, 0x11, r2, 0x0) r3 = creat(&(0x7f00000002c0)='./bus\x00', 0x0) fcntl$setstatus(r3, 0x4, 0x6100) ftruncate(r3, 0x8200) syz_mount_image$exfat(&(0x7f0000000000)='exfat\x00', &(0x7f0000000040)='./file1\x00', 0x7fff, 0x3, &(0x7f0000000340)=[{&(0x7f00000000c0)="96bcecb95d33a00f029111d72684674fecd626c1e51597d718d47ca5711e84c2b7a92fc2cd92ba2619d57f51bbfc2719cea12681a74efbe97cc1db9a130c27aa35a063bdbe353b0399bb866c0f7033a35e319b229a594e29ec2790b4073723c01a5ab7b80a7243b4a2a09402d0d4984f4e569a7190c71f70f7f52cc27163", 0x7e, 0x6}, {&(0x7f0000000180)="dbce5e888fc5a7784ddbc5ce62d7de2745a259eda8ff28838b53d7763bea92d52193a032ad", 0x25, 0x1000}, {&(0x7f0000000a00)="9b0db58853b9206ef14c68571d6a5aa20b6c5463232ecade47962fe8cc981804c2d6f36e6f9c128622d07113b85d9333e5f9949fb70c2c290f023d419fbc7830809ef3b4d13fd8aa4f6a126a42314477e0def9108e4943ffdb523402eb2f6155fa016f5163ffb9c4d9dc943c87eba998444d0310605f832757e166bc6ff8c0c0329f2221e3ee4fb5279ea73151b4dc2abb885409e8181d2ed93274bbac317115bc5dfa66fb540c3bf902936ade7fb9d9ce6ef77743a48787c15d2127143ee04825515e333f4101ac6c8ce9a5edd4595bcf6525eb38a81493b20e558eb1abf00c6501ff97237c12e402a8a9ee7b515149ed4f2fb623055ccd72d42d62777eeb2bf1a12099d76fa0b988447671996289a37fb3d0bb7814954b9c663397af416535654be2c83490a81f667931e5881e20b5554e766cd80c90672a1966f47ffc6504bc433a7a9781501767166dfafd0bb96142adbc4210ddd689352917aac95e0b878756a6466a3e49d6dd48e637654bc69b86f00a14a04ea8571cb6671ad31a9ec02c74286972de7e38a76687c7db1cf23cac81c04d63a7ed8ca2fd7520fd87a411d150a6bb4b52e81de84419f252691d2a73f0fd0a698c65e4627d6ae257b5a67abee305cf8f18212df9e0e1e4debd6da316b70b854d14c1526868b402738ffadb031d610e68fa84afa7bf36ffc4520eadcb9a3c0230df037ff472db4d4daced73e3479e59a24a9510d5a9f8ed7cd135a33664e4d43b7804a28a5dddc5c0f0fcfb3347d341b26d4158bcffcb8dd1d7978b5a401a4150c4555097b354f7b4eaf6ffdc9bf0cf59810bb8eab56d3e6abae6f8d9ddd6daad4463822ea7661a4b92fe556ef83610fb314cc7d59e803415230017f4dbb9ca75341c906c0c30b3d07d4f88717a5f7ab0b2d5ca288ec91f77674d83bac013e0759e088e3be5a72683544d73dba036918d3b523df7b467b75242fe84efca6034048e51c36f1c460522b3bf182ce242610922513ec0f7baf1ce014eeac8c2f3652e133f790e609c51dc9e7da04339d8ef739ccae8f1109906b750b9b66457264a2785285ee21b7ae3313667cb0bc60137563d1afc8287ddbacc0786bce2dbbee1fd2ad2576ef7d00d2b5d1a5bf5949823153d25712f7302ca9a194bcb6159330beac701f467128e7c39c1e3fc8c5ad83dbd63a957f841a2d0480633e44f0c5114d4b54e7d8d1817e4bc55e6d799f977ae4a4efeecc7a419ff7dd4357e093fb4af25917ce82d09362f757a596663d7a3ee5a1d53830a9ef2b8d2f132a5d6e7e638874119ffe48f82481bdd6b0ac6f53bab61c6b670a4a8dfa5323db5902197e2466e64c588660e5f30155dca85da9510ca724d652f0c5654ac50e84f460837f7e2b0b27a6df527118e0b6cc27a5ef12c6644ad4ce6df9527786dcfdb292203873c9661296ce56630978d5c618b070a12729c0fa210a2fb0dcd4c4e61dbbc08d06ac4bc217d7aec6a3570738145a0e8aa4efa1f58cb3850dbafca99013112011ae538d68f8dd9e476765994f54ee9c3679b056e76a9b39d1152ce486faf96c85c081cc0e29ecad38ef07d357a172bed65f45e6ac62426860594b5f2f91c3c7eceb3264ef1884aa469d9ef79d069c6dc80671d67ea39e7f89608060d05b3a77d18f4b3af6deb365f95a7a3c8f00f41c7b740b992f904b551cded0301d545e89dd0e8f0c549e4180ac32b373193238857a8de77ba2c9b26e74374541674be61945f86fe8fded23b3c092529a071c1c068b2a795857ca3fcbf4788f559ef7c3a72d1a2044d3b87cb87bcabccbb43b6ca58941478e89f20214d1e82da8ce05155673e1601eed3122de90130800b678dbdfe6ada8d15fbe27434dd3837be5e4a08944ed9623998672bd4a1b84e4739456aebf08e8202bf809d73ea2ec7134b59a6100d8f202ecd58c42e80428936137a759800b34637bd6525a88e5bf703f15df2eacf631f30c1351bf79331f2d04defb1d4a2e4f04bbf21fc4c6f03f33b4532c2f9e76a2e1f5b514b7675cfc9ea09920d7fbbd6575d07652cd92fdeaed6ad3f1b92db8bf60810871dcd358a43ead96e3e5f4b1a37eeb21088310940006db09c623c07cd70f4a35aa45d17b9eead7dd7960583baa35212e8702ef5dc165b4648a8a7a039e9ae8560327e0862666163b672761e3368babedf30ab2ceee8824b644eac9f03793d70062f807d34e0a412bbe76632b163661ddf6882955218d0516fc5b4e01a8c0883f00a86c2e8a4f939bc3b34fa9386ae2077fd534d0f8729715c48f12886f0ac6ea5e7ce0b788a289f5263b882aa9ec33f6f54d2fbcd91ea11cf834602c46f67b537518fddfece784992459d38c98277fcfa85f6a65ecaf40160f0cbbadabb7fd9990572c3c898e8892ff52a94edd9a4c80fef5dc84417399aa05a6a88d8963afbd139bac9ad1328eed82c81863af6bc2c370e2362eb7c3c0616ed0d1272692877fcb4f20bf9bad0d67678e3a424345a2e8a533a651ec6f4612455aef93669103d494805d698a4066b870f5fe759cce3b33bb2006b0b643ba64b54425e0ef9b29fd6e9f3d764207ba5d4bcf68b17bea5d897ed73f4d14b5463734f47ed31404138591c72a7bff3899112d7775c759f09ab7faf510fb8429476742f0dd7fee0c136ecffb9fe1acbcbdf3bb5dd06a06f8fcd8ff20551e5046b7af4baa1cf839871d56d5955027cd9f877cfceee2190da6b4a296c2fc714bd2cc3512693779a021bde28ce27aff4a504396b4ce0593ddd7a00770df0a08adce441303f02b9b51ca6fd8c3d70a0527b2bb410385a1ece0f549f217ac716c0b00585e0c2fce4a56ab8f1482fa15455bbc92bb8eb8ff103be2949734923f6fe340003996f604dd24390ab7a01c80a2f08d0866fa4108451947076692277e3846f5145861aebebdd61dc6ad008e78baff53eaae5aba05d96fdabc22708f234d7d1d0180811c4c3fb0b61ff7df4052ce37fc82cf978d3019083522aa887114ebd1b39d13ab978b04624256adefeb7b4751aa54be8ea4d4040b89fa066982ba8e79c17302ee854e07fdee096fc107039318a1626615bec5333e9b6513eefefa81a4c2a683c84ae08ae985e5b54b02f186c0ef6e9fe862027fd492392db7b1c37361e1761825d74674ae94c20e74519692bb37b37a5e8c1ad58785b16525e393d313c8cfb38563b1f8e36c48cf0b058c6e439f997cb7efbc5671d66b2773fd5ff1f49bc291c83a56aac8297c34fe60cec8fe7be2ff8c3044e26770c9f9bd7ca0d2169a371e1d92de81b8b9042b024ec24f7ad5d2a7207a126e19a8e1378f46bd307ebfc5597f3be13c7be74a8771a13ebeea8a84691ebb5e8f8563aec52b75a23f3d7e0ed82a8720a6ba1c09b72ae5eaaf3c486c1e19aa1d17c29d8601cde6ac319b0c1f19f2a495b3af258768a5a6f90c86342ebed24746b9e24b778847004428585ed8a76a9481d9375220f6db097ae9ba4dd3d40b4e124a8b743de0ba5bfe85a00846a190c5d1e08bf7f1092957a360202fe53165f6315d7d9b6dc12ec96fe6d962d70f247b84545c94ec86fa761b6162ab45cc92778cbf9f980eef920786d8311fd4bbd5ff596c882fc8e809feecaa524832876fcdde24727830ed1408696c97429ee6efb7dba6acd7498dd0b771c884d1db3aa3bf8fbf8702ab1bd773aadd5fd333eed6eec46909a8cd6431a48c08ed117b44027e4c1d1f008e8f19b111220efab42b6f239882c8801b4ed1bc1892bc45d4f91932cc39edc182abeea91e21a45090ddccd857f335993a969046919b9585ba79d4087df59e5b4807e7d8f4661987b4bfdb1e86f77ff24346d899de7c14db2e6024aaad9a1e69fcb977efe55cad57618f6b8642749cd2221dcc25a3502ff4c6c54664d9ed7a75fe6a8be3e61d219322c3c6b3fe3f3b770b3ec8226c78884bd8eccdf9aeb2efc1b8cb85f507b024193f1e0772f26635755d49e2838e57b79fbfbd1de86f3e0eb15d80a9dd625e9bd850686ea6328cc93476a53eaa9b14945accfd730a9d532c6e3c6f71649a95815485609e65b8732bdfc1b62153e1fe7cf95febde9335364f74c04151819680a4bfb3438e592914468b458cefd88a1fade1ea406ba4160ff38289d8bb728e3f2ce363f29bf7c484e2f1fc84faa0f898f786f7c147df36719c16d0c9dd4d77105b5adf29a5b534e9dcd8d2c9a91697eee0adf0d37b39ae1c5b2eb76ecc7ac91bfa13b358e7454157b62821279f529f219509757b2988ae150212d3f00468573e6c4f1eb979dc287902f1dea41184e06c415051f50b0d6de08ab30f424f1c4ab4d760e343815fd2d60510b883c4f0eeb20e07fd4a5c29cd7dea635607a5e1192e500e414072ffc8eb260fca76d84d3d927e7119c65eaff3b0283705a57eae9174877b59e168f75ef9f808e536e58cd60d30c71117d82b15580b2abf53bdb82c130e41b535db280fcd56086cda303e3bf8c8e74713016c8d9b8c77786985594511623cc8da08375ab2d74d105a803d3b0301082e07b21ba74b879e0dc408957e586c2b65dea01c48402a597b026e69566421d6aed1a7e1d243fa6b67ec7aca4896d9a4c95ff703bc669c766d891ae51d8551df1ccc8bb38f3f2938c40fd0bd84437235d73253817be3ae4ca964369603ecb416b8e2c1e7c1b6c45af9b67d05fb09f406002d039204edd2cdf9d7dc1d886f9005c117ee2ef9e14ff1ca3073ba5d8c196f8758c0ae9e5a500c81222d5941492316c387a55cdd4351247a465abe5a6f259134d07a5cdf3f272375cdd7db2729b0606827db07aa4ebba0d46b2bfd4d0a166fe5189ada815acd6874a1e73c0fe3b2ce0ec31e4a660e7ea38906a7a28cc7c1294fa5b943e956d0032cb714207de96c2f2a4bd4959a771113bc91cf1ac2bc578668cc6d6a9ed31b59542f27ea83fb41cc174461e54287b4ea9adc93f4ea0b13d51a3d3ac10628df4fe847c4f4e9e678b3e525040d03aff9264f28fba9143a78c5c1a8b44048622115cdbeb0c9467bca7a072f0199f307fa7f0686b1bda65f4783405ea7f6d1ae9fa714a2dd04f4eba7f4d97b56a1ae501c9a2cc642a5298283435eb86d2f86a0096129599302dbf2858eeab0e17eb3a06d240c859a8497ad8831d04d63cdc5e0453fc88bdb4b2aabbf87864fdde83d69e22665b4da129ffe8aa3a3e977adedaf6f7434996c1aaf4b1203aa313258586bce23602a92f06a6fe1f40e81c2e7258c1e392a6153d534fb48daffae55bcf4019de5a89b55b594f554c6009333338f8280064aa22e9517f383789e40e782b2a9fddaad11e7540d923cf6f1f27c61a2a88021b4db0acfedb2e25ae81b99c86c82a057a97d911a164c23418dfd5c5ecfeafd1970df5626bc254296cd73c46b9bc0002ed9c6543f11b2a73048b73b49da1d61757164e00811d825f664e8407a4acc19f7938f7d159bce806154d08f13183ad67a1347ab502a8b51901fda7bec6eafe8dd70fa1717564e286cb13e325d5261ed1698432b9e714bb43114a22535849a3b3ee63591c6452ea1bfa499d1d2d61027ec0e41d262822ff45bcb9218719f2da129a4a843b996c8ba996c7adfd0a2a8784f559d83d4398d86b58bb3de902a86a0888f851fbe346a9c7dab6a0b34ec2b3503a370767cdf4555bcfdeb9aed723b335471769f6b9f3e636881391b68dd8002727c845de737b0603bca103cd270215c19286c7d9797beec3200a16f831f4c95cd0ebd9e0f03726b4d8d6282f6d5e0fea9ab4fea18e313abbb533ade533ea729545df1b0e82a638ebe74aa9", 0x1000, 0x4}], 0x100000, &(0x7f0000000480)={[{@gid={'gid'}}, {@umask={'umask'}}, {@umask={'umask', 0x3d, 0x2161dea1}}, {@discard='discard'}], [{@fscontext={'fscontext', 0x3d, 'staff_u'}}]}) write$cgroup_type(r3, &(0x7f0000000200)='threaded\x00', 0x175d900f) write$binfmt_misc(r0, &(0x7f0000000140)=ANY=[], 0x4240a2a0) 08:12:06 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x196, 0x0, 0x0, 0x0) ioctl$KVM_GET_XCRS(0xffffffffffffffff, 0x8188aea6, &(0x7f0000000000)=ANY=[@ANYBLOB="010002d59400000500ade76e876e03c8cc0000"]) ioctl$KVM_RUN(r2, 0xae80, 0x1b000000) 08:12:06 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r0, &(0x7f0000004840)=[{{&(0x7f0000000540)=@isdn, 0x80, &(0x7f00000005c0)=[{&(0x7f0000000780)=""/4096, 0x1000}, {&(0x7f00000006c0)=""/132, 0x84}], 0x2, &(0x7f0000002e80)=""/51, 0xfffffd85}}, {{&(0x7f0000002ec0)=@nfc_llcp, 0x80, &(0x7f00000032c0)=[{0x0, 0xffffffffffffffd2}, {&(0x7f00000002c0)=""/130, 0x82}, {&(0x7f00000030c0)=""/207, 0xcf}], 0x3, &(0x7f0000003300)=""/4096, 0x1000}, 0xffffff9a}, {{&(0x7f0000004300)=@caif=@util, 0x80, 0x0, 0x71, &(0x7f0000000600)=""/168, 0xa8}, 0x3}], 0x3, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x2a3dca46) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) preadv(0xffffffffffffffff, &(0x7f0000000400), 0x0, 0x10400003) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x41, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x3) r3 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3) r4 = dup(r3) ioctl$PERF_EVENT_IOC_SET_FILTER(r4, 0x8b04, &(0x7f0000000100)='wlan0\x00f\x14\xd96\x9e\x87\xbd\x8c\x9dyu\x8c9?bs\xafS\xad6\xd8\n\x87\x90\b\x8fD\x91(\x02d\x7f\xf4\xb2\xebd\xa9\x1e') 08:12:06 executing program 1: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x552, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78) setsockopt$inet_mreqsrc(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000100)='./file0\x00', 0x40c2, 0x40) r2 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) write(r1, &(0x7f0000000600)="34fd98aa1d0e7adec937a5f331a75f487934f50242a0751944936972896c29a5068c8ecba1aa0a4e2a631b5180e1fbde79f4502dc4c4a1fba9dcd9ed83e639aefa1b87631c33d1a82cb0c0035676ddfeb0fe7984d7519b0f839d497fc9d64ef14d1de22220ff2623df4950134b9fb734a52adad95f131cce3672a9d7d7b400d2c62810b5f20351639330948107bf8d4534a03ac389455c54d8eb4d609b3e858b7213b38eb01f0eeaba3739ae927916e28da6a79a3fd5e32d30ab30bf959d4596e5ffbff6789a650b9e7d248d1ba849012336a4f3ef8fab07a8f5b81bb0bc45b2174538315ca12b7c723b2157562564a8a1f19d28179f8c565448e0e921b8c3e6fc4adaafa8b929ad077f633325b6a6f71a586cabc4883e03e19315f946b277858593a7367e232202fe9ad656c6768a1517da7f0498b48cb078e929fb11db0cc551f754bffc4859dd89a396915cc809b07d448573098409ea21371056f67ef4114ec10547f498d24513fe594308bf022868ad21e85bba811942fdc45161a1a8a7fe00d5c6b05ed7954f631bbd12a5c9a5cfa5965e0595de608b04ebe02b3fcbf3b9f57807a1a7ad8528992e2ec65949da2f4a0478dfd3ae52639c15d8aeaa351da6d393b58c772168fae604d097fef4d6b9360eb169a0b0ee70cdc22435a003e68698f61b3b63b1f51011bc8f4ef944c1de821785f670124a1c6ed18335d63412", 0x200) sendfile(r1, r2, 0x0, 0x7fffffa7) r3 = open(&(0x7f0000000040)='./file0\x00', 0x141042, 0x0) sendfile(r3, r1, 0x0, 0x10) 08:12:06 executing program 5: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000000)="6653070000053c07bc3376003639405cb4aed1e68f7d368b3fb62f00000000", 0x1f}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0xffffffffffffffff, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) [ 1110.623020][ T27] audit: type=1800 audit(1577520726.361:651): pid=19261 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="file0" dev="loop1" ino=547 res=0 [ 1110.730064][ T27] audit: type=1804 audit(1577520726.361:652): pid=19261 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir643497950/syzkaller.E8iwYA/224/file0/file0" dev="loop1" ino=547 res=1 08:12:06 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x196, 0x0, 0x0, 0x0) ioctl$KVM_GET_XCRS(0xffffffffffffffff, 0x8188aea6, &(0x7f0000000000)=ANY=[@ANYBLOB="010002d59400000500ade76e876e03c8cc0000"]) ioctl$KVM_RUN(r2, 0xae80, 0x1c000000) 08:12:06 executing program 2: pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000400)='./file0\x00', 0x2, 0x1, &(0x7f00000003c0)=[{&(0x7f0000000080)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16, 0x1}], 0x40000, 0x0) r2 = socket$pptp(0x18, 0x1, 0x2) ioctl$sock_SIOCGIFVLAN_SET_VLAN_INGRESS_PRIORITY_CMD(r2, 0x8982, &(0x7f0000000180)={0x2, 'ipddp0\x00', {0x4}, 0x7}) r3 = open(&(0x7f0000000300)='./file0\x00', 0x0, 0x0) ioctl$VIDIOC_DECODER_CMD(r1, 0xc0485660, &(0x7f00000000c0)={0x96c76388b308611, 0xbcf7ee2e557e5931, @raw_data=[0x6, 0xffffffff, 0x8, 0x11675e91, 0x6, 0x6, 0xee, 0x7b0, 0x2fa, 0xff, 0x7f, 0x101, 0x9, 0x3, 0x4be, 0x81]}) fchdir(r3) creat(&(0x7f0000000140)='./bus\x00', 0x0) mkdir(&(0x7f0000000240)='./file1\x00', 0x0) mkdir(&(0x7f0000000280)='./file0\x00', 0x0) getdents64(0xffffffffffffffff, 0xfffffffffffffffe, 0x0) r4 = open(&(0x7f00000009c0)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x800002, 0x11, r4, 0x0) r5 = creat(&(0x7f00000002c0)='./bus\x00', 0x0) fcntl$setstatus(r5, 0x4, 0x6100) ftruncate(r5, 0x8200) write$cgroup_type(r0, &(0x7f0000000200)='\xda>$\x9a#\"b\xb8\x00', 0x9) ioctl$FS_IOC_RESVSP(0xffffffffffffffff, 0x40305828, &(0x7f0000000040)={0x0, 0x2, 0x8, 0xffffffff}) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) [ 1110.801940][ T27] audit: type=1804 audit(1577520726.441:653): pid=19279 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir643497950/syzkaller.E8iwYA/224/file0/file0" dev="loop1" ino=547 res=1 08:12:06 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x196, 0x0, 0x0, 0x0) ioctl$KVM_GET_XCRS(0xffffffffffffffff, 0x8188aea6, &(0x7f0000000000)=ANY=[@ANYBLOB="010002d59400000500ade76e876e03c8cc0000"]) ioctl$KVM_RUN(r2, 0xae80, 0x1d000000) 08:12:06 executing program 2: pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) syz_mount_image$vfat(&(0x7f0000000440)='vfat\x00', &(0x7f0000000400)='./file0\x00', 0xfffffffffffffffa, 0x1, &(0x7f00000003c0)=[{&(0x7f0000000080)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x280001c, 0x0) r1 = open(&(0x7f0000000300)='./file0\x00', 0x0, 0x0) fchdir(r1) creat(&(0x7f0000000140)='./bus\x00', 0x0) mkdir(&(0x7f0000000240)='./file1\x00', 0x0) mkdir(&(0x7f0000000280)='./file0\x00', 0x0) r2 = open(&(0x7f00000009c0)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x800002, 0x11, r2, 0x0) r3 = creat(&(0x7f00000002c0)='./bus\x00', 0x0) socket$inet_udplite(0x2, 0x2, 0x88) fcntl$setstatus(r3, 0x4, 0x6100) ftruncate(r3, 0x8200) write$cgroup_type(r3, &(0x7f0000000200)='threaded\x00', 0x175d900f) r4 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/pfkey\x00', 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x552, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, r4}, 0x78) sendmsg$sock(r4, &(0x7f0000000180)={&(0x7f0000000000)=@ax25={{0x3, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, 0x6}, [@bcast, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @default]}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000480)="dc7e9484263613bda03e17fb3db6ff10b04bf3d33bfd197428ce33a33f2e999ca4659243e7328c42ab12d12678c6e66470b80af7b1b679f071ede64eb81d7e6f24730b86063138d2af3d48a2f613419eee4edceae9e5f84ef79fd9692e9e9d2a32251ee5fda8375cd06713b480efd1ebca2423aa6443aace8fb0199edd1f0e770d98a2ba1acca3f26d9975c47b20200c02f4764a7f2732b9dc7c2e40de20559347ee964a52f816afdacf65b7f5fbaea09328ba8340f96493c50608c1c206dcae66bab333281e0fc54c2c893effe47cef", 0xd0}, {&(0x7f0000000a00)="89f055f4a69e361287bbee08f22528960bffe053ccbb50ee90b6118d2ac9be4b25995e03f5e5f82ebd2c45c2307e7b542a935e0816b5083fde504156e08519cb44d4dd32535b77e33a90b86ced25a61f897bae775360d407f7eee66ddd8a5f57941f6f99e1756121a6153d8499de3f18a16c83752aad1e09f8701d750f12b773fb87e3784ff1c6c2bbf47d8b5fd62a67d5b057d9478cb44694af9ee6aaca56ebf2a22a1e8c90c0c7851e0c6379c1148f0dd68d0ae369ce68c12ac03afe2f272a8cc4bd2476e5ce1eb7964597f9b2241809d5932d50209d62247807446ffedc851cfb35cdffa207571208442aebf2ae77eab821389770c2bde9b00960b2f14a3bfac4d9a95d97627a8af2f14f232ef02fe00d438821ab1a878ad0d543f0c5dce1f1e0d480b5ba145139ca79e9055280ebb6c1577e041cf4192bf61382e132f99d0d7560136229f7f4bb62854cce5e3d9a3db406ccb338efff0c1bcc840f16c0e7a3c2fe05e86db0d2863af84f0f2f46ae7539da0ec31ad3d9f5ac894a7b238d04b828638a2f88e579893cbbee518da63c9a329aa0198e08c1ff72f48d3baac9fda3d2c9cb0216c05886c2483a8b105c99d2242e6cca9e62e7404b0471d431cb0c41c44f7e7bd14f1d21dfa9305e713aad31bdfd8fd3b32d7115cad7e385488f0e02efcde124effa0691c2153176941cc283c433929e66b6bcd801da30f40f1559db2d63f0c84889609b09be816d4a930555c667cc17f60d26f6aa12fd5118a53bae0840fd649eda5b66aa26688ade5b2733eaf7835b851fcb4735791a7d2e0d032baf26ea440a24b5db31d3c2e99be62cc62c8426608eb336f4a0df75252a72c78b93a9ad6be94b77bbfa23beaa38accbe78315cac1395c418998c72218cd7a6c48d43ccff4bb4890053a6ebac9f778b7981631794038c7c4c9ca929b736a59eb107765eefc90724352b7dee1b3e2ca527852491c2bd71db7466d3025c5ea67f0b942be10e12bbf08fc7dd09e4f14496c78c5397a2b9ada488d3e54b94216e4363514364c819a75e965925637b9afaf64bf59c8156ed9358eb62fa9bffccd7f0e64ade3bf225f2e3bdae46553f1099f23306937465a97b14b8b5b43bdb095741fc912ebdeb1e515c4bd3b420cb07630ae104235901d0200fed36eef95666764782269b8f62662dc31d48b5f640c2ca5f8bc4de8bd5b06c80e65e59185b334d7e0f0a0d5e1bec3093d28e5ef03a3155953d5ce1bcb598571d648903d138486199eacbb04cb84d68a950b0382cd7599b8312d9f5241ece8d4738719bd50ecc295862df92a93a3372d83264e1760f9b10497a017431826ec907e5e1e3ceef773c96d157658328adca9a4f23fbc3f540b99dd299450812ab504b4b486c84cc2dd180295dc4f690210136384482da547e8527e69cfb54fdb895b755b592092e183ad53368825cb2b2e31bc51fe6a34cf586752339319ad5d84466e87df553a85bc15e1e77fe7b317aab4d22a358ba12feb43a6dcc6a2be92df572b8f951fc8544084339dde235a7f180991c0e9a065298229e83c56fb565ddc1eb433aebb5374228681251f3eb006e46763172466ffcf47392ca6586cedd8cce9ffe83be3411b4850085b15cb806933e0d7806ef9c8f2dfad4c88a33e5f50a4a1d2cb851d00fc839ce4e1538a974b119db0a45adba6ecd2ef5bb2b11f8b21566e212305c33c8b6b798f2a49c4ae0272634b7981dde626a43eb1f12b40196be61d333db962d50ccf77e1b16664453d724509ef234091433b95b018c65590a1cad4dd2e17e4a010a1d462f6cebeb2df4eccae2c3a3bd374abd525a680a551a249e6782981232f1f37492194f2a3fbd91d8d43ec577ea44ece298ea620fa124df2f241117fefcdb8132278bb1213235808c8bdbde6ccd97804a4438c66f49134b5a6bfc16aa99c33a9918e9520161db58b17f9999901ac5c1345b6ea5d669847b730f2bf5ae217944467033f91361dd2ed90a63b2a4793b74cf7614a91a5e9836a31b4466f045f305758d0b6409a64c12dd6755d2aea2a2ca17b5931c911e59d141f039536df8fdbc3b2dffb8893de4e2b94960612086751e5be4e5e46141e347448abdcb695616d4042eb6cf5f6c5eff57c2936c087d86ec500a58104a7502d12e6cc22ad742c54d8c1c2a94359f8c8cf4dfb2c4677dd521539747939e7e59e70cd2bcd692932463e19eb9bfeb2302d4ceed8b7e6c0783bb81472b5e574cdb0ddd142c9b4a4408266d1be6af689fd236156778a3e2536b60b928b487162efadb47d2417dd78ad5c2558dbccb2311fc06572f7bd2b9f79f49afcc421afce73a2fcfa9fd9eed4866972f42c35d1117d42fc895b274afc1102d8ea44cae150c9fd2a18203b5af39cd33c7f94406eeb25018cfcf29ee6d52ee25a3f9527b197f841e0e20a24197e5e4cb222a1786f7917ca05783728fc35aed714f0583868756baa372b7cd1ea5423b0a2ed1a642ac77d52154cc91ad57f88411b8dca8eab55476a91c847ae54c0835b0ba9e1f90c9bf362cbc28a27fe5460ff43347474c9ce7b4f36f17000f0820349cba563bd3ee8ea5702bb46adaa4f50d685ef0b16dc181d174a7f2c921abccd48b39ac6d91a2ab140f6e7c1660945e77b1717ea84c0862bc7f83f848e6fdf35d88a6d895a0623423d7a62aa5f52b1ed59324afe5b7203d369a6de9b78e15bbeb03ebb90b7c4aba790303fe6f75793225592019b4d30e45f70353e9bda1618b5252451a557dd05a9d1c5e7d60607346ba078800cfa34001fdba84bbd5d478208d874e8d5b53dcf4c8359da7ba425c6db7292690dfede08c1cffaf737910a13caf23e182fea6f8548593bde66a7197d0c70a80438ab09144ae783c992391e35afdf99eb430b2910177540072572997fed25d664dbab0bf2390782cf58c0068e2f23b12330fc07a81da6e3ccf8830958d4e8081a03aad25d1c5ea0ad97fd430cbd9019705c010da208139374b5ec19f22a9349581ccb806b58c426c30a6eda369ac03dd9c12dddb94ffb14f36bcb064d324b11ffe7c241ebc2b20aa52f138884f72b731de6fc0ea2311f577f9681395a9677c5b171762b925c856273089b9b98158926516c92d72d07c0c6adc9daff4dcec0b8b09916b9cdb25e4feafeb47fb59091f9534cbe2c54c0854d9f08e9fcc077a3d439098583b072497ef8b46978ac304d67be9fde105c4bbe59561f818e1c16a2dd82e2113b388272715c1ac19ab55148ef3c45a6972f15d6e37667780e4d18091f2e13f5a22151f7584a2b3ff0f7cca04878dd4b2523bc3e7fb9f754f5b56544130a5b9871735354d15f9ee2d82d0977d5227e2e7250af31aa69c86d7ccb4ed81de3ff0756550c99dbdb220aad9d4d363d2a52296774cd2387b0ea09c33b35ddf5b14d8afc580885ec85f45c4d0996fdf075bd26ab2b43c46e5153da63d95b7d1b7e34c2152bb97c9f8311b03d07a24a128c8a8ba0dcd2526c24da12e183142ca110d52c1903f4ffff4b3b38ba3525592d410aa03afc0a2dc1f94a50656c0fc2dcf7afbec2ffbd6764e918e945ba71b55f65f0ce302a41a28865ef0cfd9b02c34f020ccfc36fcc80fcf430359a43413bf383dac016e40a4859486322f50656cac8fb3779a6b70bbd21a1d3affb17258cf1f5e450c4efa5aad2d3ef5106cc6a5e095576bc53e6f2b736b74a0267c0a7a45c43f5ca1ebacc8f333707b760e49db17b0dce8842bc3833fb3da2e7a22cabe8c461ef29176dca4da1014ebb899bc2249b18d65d1ba17b4ff2df71f097f25ee70125ae553319ffeb52e509fdb421f29f18f4209083c88ae372064e96e7206975ee777f41641d3f4df054702ba2689aeba22e570bf6f8a1f9167793b4497b435106623eb3e568fe09f36b164285ec80375915044c8cfcae15d2f00dd3d55d9882e0c2f4be61f31f14e6fa6a5243dc323766d0db1b608cafa41691008ba412242814bb94e3fcca2f922ec5cf30836803f9eb8d99938dc9435a3357fce2d78698501d15ba63cd673c585d2a8bd06f72baf9c5fb7a6701363823a3863d67fe361ad11da83487199fa54b0d5538d81e7e6285263e543003a12c3eeb4df9a16db22d8cedc0b465b858931caa63b5b134ba36ca17d756914a69652298cd413eb3553c0a9c7863fb80d7dffb08ea3467a5fd3672f15cbe1fc9866ed04bf0c7e22abd98c8c1962392e033f9344d3a74cb6135f98759ee7ed59671b71b29135f1dc8f09fd716f558bf7fc31c28a9008056ef7e59380354ed3a0ceeedeb8fe7c7634c1cea71ac163caf77cfc01d6725cb70ac31dab301148509ea1b70bf98f8aba859e62644c3f15b7bf833df1cc9f0a3e10eb93fc639eae8ade7f1ca2fde69fe8965a9c2313bf62dd49098f604547da8614fe7487447cdd37c638bcea1417514d08ae1281a5eb5caab9242d9c08893923a0200f969d32978f7f6e620a1403e8bd31b60b9560800fe6b150eea86864f6feea8c47cf688253a5a1cc316b5bd7d12b1c9594728bffb281a80f01337f6871f470b1db3465f1335b7e1738f16b253ed9c274da193b6e627dcda9615a10852a828c6c86e13d6901e654e1867f571f02116f80d1dbee94817964261be591c77cfe8b98a143af0ec537360fb130f081bf118494e655a5eb1aa20540bd93fd199e57b843ebb0265cca6c07701b33224b6bcb29116a6c92a8056ea272968611409234d11f4d1c9731bfc5274992cf5945ca5ec5d520b4628789ecd16e6fbbe9af4ac8376e6e01b463f42bad03fadc9f561507dbee76a29373c8b357083a0b59bacc758adbd188eea39d12b3842e7ef52891e374d27280e24680d74c126794e660f6e0e3b1f5aa4e3a2948c3558681ddd8332477440149a0b428808c1591b73e0494d822384520c233a632951b814b6be34ee1d7d25eed0ef939a4e5687be9c6beb2c0c1a8ad3c8d20b172b7d06d501ef01f416daf4555cd48af5d7bee234115827a156d12ed735953fd962ffa78356265eb6833df594b1b353e7d44a40f71bfa3c83971580c157b71cd173a7c2db2530987b10391c067d98885f87f37136006d98811de88b9effb7a956ed5bde4492747327eb3db0cce8becbda7b1691c2d6f614b3956bb68a0e9a16b3aabc03d28aa56257f8a060578d3283efb989915c15efc0d2fdae989b6b3dbc467550e14238ad4654213ed301dc7f46b5c95e175fb0dff56b2df18ded62f80c16f4668c5557b76599d3b7fe50969a117625242c5dbc9b86e4812fbdb55c67dfbfeb9390fa5de9f41ad8634c9eb1c2eee5f66c2a799d4a516ef01d778ec2fa678a90347628fedaf6be486cd3e0dbc9d1762c39678c5c505ef09cda56eadd810fe4129ad498f28f6bd86aaf18569730be5a595213df7add46a5c1a1f13cf4c4e80ac947d956a96fe7d8aae5b613773edef8ab09bd64e477d9c142d8a730dd0db7eeae9f5a66a8f08fae792a05498747ce3f984e1938610a445be07552eabcd4123e3a7629a0caf2e72dfce3d111e9bf453607b69643a3248bdddb375b62bd5ad94367bb3cc380cbac7364135561c5eb94a66d9fb8425641d1946515109c75f77c9829638b0df30d84e2c97ffcd316da96da2cda614af04b64e80fba981a97d5dccb4664d2f6521eec03a26999e7ec98f3142f6f34469609b14dc7967bdb88ea93191d39531acb266889bc184686b32b07dc4cb6aec48f0e4905fa67c777c37e5e5dac85a2856adf82a665ddeff0f5200918a66cb648783bddedfcef02257ad194e7ac1266ca9daecb6323e690c22b885e37", 0x1000}], 0x2, &(0x7f0000000100)=[@timestamping={{0x14, 0x1, 0x25, 0x401}}], 0x18}, 0x30) write$binfmt_misc(r0, &(0x7f0000000140)=ANY=[], 0x4240a2a0) 08:12:07 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x196, 0x0, 0x0, 0x0) ioctl$KVM_GET_XCRS(0xffffffffffffffff, 0x8188aea6, &(0x7f0000000000)=ANY=[@ANYBLOB="010002d59400000500ade76e876e03c8cc0000"]) ioctl$KVM_RUN(r2, 0xae80, 0x1e000000) [ 1111.357301][ T27] audit: type=1804 audit(1577520727.091:654): pid=19279 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir643497950/syzkaller.E8iwYA/224/file0/file0" dev="loop1" ino=547 res=1 08:12:07 executing program 3: setsockopt$inet6_tcp_TCP_QUEUE_SEQ(0xffffffffffffffff, 0x6, 0x15, &(0x7f0000000000)=0x4, 0x4) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$TUNSETQUEUE(0xffffffffffffffff, 0x400454d9, &(0x7f0000000100)={'nlmon\t\x00\x7f\xed\xb1[\xe5\xa3\xcd\xb6\x00'}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f0000000180)={0x0, 0x0, @pic={0x0, 0x5}}) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000480)={[0x0, 0x0, 0x0, 0x20, 0x0, 0x0, 0x10], 0x0, 0x200}) getsockopt$ARPT_SO_GET_REVISION_TARGET(0xffffffffffffffff, 0x0, 0x63, &(0x7f0000000080)={'IDLETIMER\x00'}, 0x0) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000140)) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 1111.410876][ T27] audit: type=1804 audit(1577520727.141:655): pid=19317 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir643497950/syzkaller.E8iwYA/224/file0/file0" dev="loop1" ino=547 res=1 [ 1111.436865][ T27] audit: type=1804 audit(1577520727.141:656): pid=19279 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir643497950/syzkaller.E8iwYA/224/file0/file0" dev="loop1" ino=547 res=1 [ 1111.613146][T19323] picdev_read: 208 callbacks suppressed [ 1111.613193][T19323] kvm: pic: non byte read [ 1111.623928][T19323] kvm: pic: non byte write [ 1111.632737][T19323] kvm: pic: level sensitive irq not supported [ 1111.632861][T19323] kvm: pic: non byte read [ 1111.666102][T19323] kvm: pic: non byte write [ 1111.671006][T19323] kvm: pic: non byte read [ 1111.675898][T19323] kvm: pic: non byte write [ 1111.680487][T19323] kvm: pic: level sensitive irq not supported [ 1111.680578][T19323] kvm: pic: non byte read [ 1111.700090][T19323] kvm: pic: non byte write [ 1111.705287][T19323] kvm: pic: single mode not supported [ 1111.705294][T19323] kvm: pic: level sensitive irq not supported [ 1111.710836][T19323] kvm: pic: non byte read [ 1111.721467][T19323] kvm: pic: non byte write [ 1111.726118][T19323] kvm: pic: level sensitive irq not supported [ 1111.726204][T19323] kvm: pic: non byte read [ 1111.737151][T19323] kvm: pic: non byte write [ 1111.741730][T19323] kvm: pic: level sensitive irq not supported [ 1111.741864][T19323] kvm: pic: non byte read [ 1111.752964][T19323] kvm: pic: non byte write [ 1111.757489][T19323] kvm: pic: level sensitive irq not supported [ 1111.757593][T19323] kvm: pic: non byte read [ 1111.768484][T19323] kvm: pic: non byte write [ 1111.773237][T19323] kvm: pic: level sensitive irq not supported [ 1111.773360][T19323] kvm: pic: non byte read [ 1111.783950][T19323] kvm: pic: non byte write [ 1111.788530][T19323] kvm: pic: level sensitive irq not supported [ 1111.788684][T19323] kvm: pic: non byte read [ 1111.799257][T19323] kvm: pic: non byte write [ 1111.803885][T19323] kvm: pic: level sensitive irq not supported [ 1111.804112][T19323] kvm: pic: level sensitive irq not supported [ 1111.812188][T19323] kvm: pic: single mode not supported [ 1111.832826][T19323] kvm: pic: single mode not supported 08:12:14 executing program 0: gettid() openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x6}, 0x3c) write$cgroup_subtree(r0, &(0x7f0000000000)=ANY=[], 0x32600) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r0, &(0x7f0000000000)=ANY=[@ANYBLOB], 0xda00) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000080)='cpu.stat\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x7fff}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffc}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) write$cgroup_int(r1, &(0x7f0000000200), 0x43400) ioctl$PERF_EVENT_IOC_MODIFY_ATTRIBUTES(r0, 0x4008240b, &(0x7f0000000280)={0x0, 0x70, 0xff, 0x1, 0x0, 0x3, 0x0, 0x100000000, 0xc17d06253f1d94fb, 0x2, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x8000, 0x4, @perf_config_ext={0x4, 0x1f}, 0x800, 0x8239, 0x7fff, 0x1, 0x1000, 0x9, 0x7}) 08:12:14 executing program 1: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x552, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78) setsockopt$inet_mreqsrc(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000100)='./file0\x00', 0x40c2, 0x40) r2 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) write(r1, &(0x7f0000000600)="34fd98aa1d0e7adec937a5f331a75f487934f50242a0751944936972896c29a5068c8ecba1aa0a4e2a631b5180e1fbde79f4502dc4c4a1fba9dcd9ed83e639aefa1b87631c33d1a82cb0c0035676ddfeb0fe7984d7519b0f839d497fc9d64ef14d1de22220ff2623df4950134b9fb734a52adad95f131cce3672a9d7d7b400d2c62810b5f20351639330948107bf8d4534a03ac389455c54d8eb4d609b3e858b7213b38eb01f0eeaba3739ae927916e28da6a79a3fd5e32d30ab30bf959d4596e5ffbff6789a650b9e7d248d1ba849012336a4f3ef8fab07a8f5b81bb0bc45b2174538315ca12b7c723b2157562564a8a1f19d28179f8c565448e0e921b8c3e6fc4adaafa8b929ad077f633325b6a6f71a586cabc4883e03e19315f946b277858593a7367e232202fe9ad656c6768a1517da7f0498b48cb078e929fb11db0cc551f754bffc4859dd89a396915cc809b07d448573098409ea21371056f67ef4114ec10547f498d24513fe594308bf022868ad21e85bba811942fdc45161a1a8a7fe00d5c6b05ed7954f631bbd12a5c9a5cfa5965e0595de608b04ebe02b3fcbf3b9f57807a1a7ad8528992e2ec65949da2f4a0478dfd3ae52639c15d8aeaa351da6d393b58c772168fae604d097fef4d6b9360eb169a0b0ee70cdc22435a003e68698f61b3b63b1f51011bc8f4ef944c1de821785f670124a1c6ed18335d63412", 0x200) sendfile(r1, r2, 0x0, 0x7fffffa7) r3 = open(&(0x7f0000000040)='./file0\x00', 0x141042, 0x0) sendfile(r3, r1, 0x0, 0x12c00) 08:12:14 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x196, 0x0, 0x0, 0x0) ioctl$KVM_GET_XCRS(0xffffffffffffffff, 0x8188aea6, &(0x7f0000000000)=ANY=[@ANYBLOB="010002d59400000500ade76e876e03c8cc0000"]) ioctl$KVM_RUN(r2, 0xae80, 0x40000000) 08:12:14 executing program 2: pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) syz_mount_image$vfat(&(0x7f0000000440)='vfat\x00', &(0x7f0000000400)='./file0\x00', 0xfffffffffffffffa, 0x1, &(0x7f00000003c0)=[{&(0x7f0000000080)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x280001c, 0x0) r1 = open(&(0x7f0000000300)='./file0\x00', 0x0, 0x0) fchdir(r1) creat(&(0x7f0000000140)='./bus\x00', 0x0) mkdir(&(0x7f0000000240)='./file1\x00', 0x0) mkdir(&(0x7f0000000280)='./file0\x00', 0x0) r2 = open(&(0x7f00000009c0)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x800002, 0x11, r2, 0x0) r3 = creat(&(0x7f00000002c0)='./bus\x00', 0x0) fcntl$setstatus(r3, 0x4, 0x6100) ftruncate(r3, 0x8200) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f0000000000)={0xffffffffffffffff}) ioctl$FS_IOC_SETFLAGS(r4, 0x40086602, &(0x7f0000000040)=0x3) write$cgroup_type(r3, &(0x7f0000000200)='threaded\x00', 0x175d900f) r5 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_S_EXT_CTRLS(r5, 0xc0205648, &(0x7f0000000080)={0x0, 0x7}) pipe2(&(0x7f0000000100)={0xffffffffffffffff}, 0x84800) ioctl$VIDIOC_EXPBUF(r5, 0xc0405610, &(0x7f00000000c0)={0xa, 0x4, 0x2, 0x80800, r6}) write$binfmt_misc(r0, &(0x7f0000000140)=ANY=[], 0x4240a2a0) 08:12:14 executing program 3: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000940)={0x26, 'hash\x00', 0x0, 0x0, 'sha384-generic\x00'}, 0x58) r1 = accept4(r0, 0x0, 0x0, 0x0) recvfrom$x25(r1, &(0x7f00000000c0)=""/77, 0x4d, 0x0, &(0x7f0000000180)={0x9, @remote={[], 0x3}}, 0x71c000) 08:12:14 executing program 5: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000000)="6653070000053c07bc3376003639405cb4aed1e68f7d368b3fb62f00000000", 0x1f}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0xffffffffffffffff, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) 08:12:14 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) r4 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000000)='/dev/cuse\x00', 0x2, 0x0) read$FUSE(r4, &(0x7f0000000240), 0x2305e2b7) ppoll(&(0x7f00000000c0)=[{r4}, {r2}, {r3}], 0x3, &(0x7f0000000100), 0x0, 0x0) [ 1111.838447][T19323] kvm: pic: single mode not supported [ 1119.041873][ T27] audit: type=1800 audit(1577520734.771:657): pid=19348 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="file0" dev="loop1" ino=548 res=0 [ 1119.068731][ T27] audit: type=1804 audit(1577520734.771:658): pid=19348 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir643497950/syzkaller.E8iwYA/225/file0/file0" dev="loop1" ino=548 res=1 08:12:14 executing program 3: perf_event_open(&(0x7f0000000000)={0x1000000002, 0x70, 0x800000000000013, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$apparmor_thread_exec(0xffffffffffffff9c, &(0x7f0000000240)='/proc/thread-self/attr/exec\x00', 0x2, 0x0) write$apparmor_exec(r0, &(0x7f0000000000)={'stack ', ':\x95\x1f'}, 0x9) [ 1119.162753][ T27] audit: type=1804 audit(1577520734.901:659): pid=19362 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir643497950/syzkaller.E8iwYA/225/file0/file0" dev="loop1" ino=548 res=1 08:12:14 executing program 2: pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) syz_mount_image$vfat(&(0x7f0000000440)='vfat\x00', &(0x7f0000000400)='./file0\x00', 0xfffffffffffffffa, 0x1, &(0x7f00000003c0)=[{&(0x7f0000000080)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x280001c, 0x0) statx(r0, &(0x7f0000000000)='./file0\x00', 0x0, 0x20, &(0x7f0000000480)) r1 = open(&(0x7f0000000300)='./file0\x00', 0x0, 0x0) fchdir(r1) creat(&(0x7f0000000140)='./bus\x00', 0x0) mkdir(&(0x7f0000000240)='./file1\x00', 0x0) mkdir(&(0x7f0000000040)='./file0\x00', 0x3) r2 = open(&(0x7f00000009c0)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x800002, 0x11, r2, 0x0) r3 = creat(&(0x7f00000002c0)='./bus\x00', 0x0) fcntl$setstatus(r3, 0x4, 0x6100) ftruncate(r3, 0x8200) r4 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/pfkey\x00', 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x552, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, r4}, 0x78) ioctl$KVM_SET_MSRS(r4, 0x4008ae89, &(0x7f00000000c0)={0x7, 0x0, [{0x3f1, 0x0, 0x8}, {0x60008819, 0x0, 0x3}, {0x83b, 0x0, 0x81}, {0xdc7, 0x0, 0x20}, {0xa91, 0x0, 0x6}, {0xbc8, 0x0, 0x20}, {0x37e}]}) write$cgroup_type(r3, &(0x7f0000000200)='threaded\x00', 0x175d900f) write$binfmt_misc(r0, &(0x7f0000000140)=ANY=[], 0x4240a2a0) 08:12:15 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x196, 0x0, 0x0, 0x0) ioctl$KVM_GET_XCRS(0xffffffffffffffff, 0x8188aea6, &(0x7f0000000000)=ANY=[@ANYBLOB="010002d59400000500ade76e876e03c8cc0000"]) ioctl$KVM_RUN(r2, 0xae80, 0x60182300) [ 1119.516112][ T27] audit: type=1400 audit(1577520735.251:660): apparmor="DENIED" operation="stack_onexec" info="label not found" error=-2 profile="unconfined" name=3A951F pid=19369 comm="syz-executor.3" 08:12:15 executing program 2: pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) syz_mount_image$vfat(&(0x7f0000000440)='vfat\x00', &(0x7f0000000400)='./file0\x00', 0xfffffffffffffffa, 0x1, &(0x7f00000003c0)=[{&(0x7f0000000080)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x280001c, 0x0) r1 = open(&(0x7f0000000300)='./file0\x00', 0x0, 0x0) fchdir(r1) creat(&(0x7f00000000c0)='./file1\x00', 0x8) mkdir(&(0x7f0000000240)='./file1\x00', 0x0) write$cgroup_int(0xffffffffffffffff, &(0x7f0000000000)=0x200, 0x12) mkdir(&(0x7f0000000280)='./file0\x00', 0x0) openat$bsg(0xffffffffffffff9c, &(0x7f0000000040)='/dev/bsg\x00', 0x208000, 0x0) r2 = open(&(0x7f00000009c0)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x800002, 0x11, r2, 0x0) r3 = creat(&(0x7f00000002c0)='./bus\x00', 0x0) fcntl$setstatus(r3, 0x4, 0x6100) ftruncate(r3, 0x8200) r4 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/pfkey\x00', 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x552, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, r4}, 0x78) write$cgroup_type(r4, &(0x7f0000000200)='threaded\x00', 0x9) write$binfmt_misc(r0, &(0x7f0000000140)=ANY=[], 0x4240a2a0) 08:12:15 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x196, 0x0, 0x0, 0x0) ioctl$KVM_GET_XCRS(0xffffffffffffffff, 0x8188aea6, &(0x7f0000000000)=ANY=[@ANYBLOB="010002d59400000500ade76e876e03c8cc0000"]) ioctl$KVM_RUN(r2, 0xae80, 0xe8030000) [ 1119.772750][ T27] audit: type=1804 audit(1577520735.511:661): pid=19362 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir643497950/syzkaller.E8iwYA/225/file0/file0" dev="loop1" ino=548 res=1 [ 1119.895307][ T27] audit: type=1804 audit(1577520735.541:662): pid=19389 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir643497950/syzkaller.E8iwYA/225/file0/file0" dev="loop1" ino=548 res=1 [ 1119.975030][ T27] audit: type=1804 audit(1577520735.541:663): pid=19362 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir643497950/syzkaller.E8iwYA/225/file0/file0" dev="loop1" ino=548 res=1 08:12:20 executing program 0: gettid() openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x6}, 0x3c) write$cgroup_subtree(r0, &(0x7f0000000000)=ANY=[], 0x32600) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r0, &(0x7f0000000000)=ANY=[@ANYBLOB], 0xda00) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000080)='cpu.stat\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x7fff}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffc}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) write$cgroup_int(r1, &(0x7f0000000200), 0x43400) ioctl$PERF_EVENT_IOC_MODIFY_ATTRIBUTES(r0, 0x4008240b, &(0x7f0000000280)={0x0, 0x70, 0xff, 0x1, 0x0, 0x3, 0x0, 0x100000000, 0xc17d06253f1d94fb, 0x2, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x8000, 0x4, @perf_config_ext={0x4, 0x1f}, 0x800, 0x8239, 0x7fff, 0x1, 0x1000, 0x9, 0x7}) 08:12:20 executing program 3: r0 = socket$inet6(0xa, 0x80003, 0x6b) ioctl(r0, 0x1000008912, &(0x7f00000001c0)="0805b5055e0bcfe8474071") r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r1, &(0x7f0000000280)={0x0, 0xffffffffffffffa2, &(0x7f0000000100)={&(0x7f0000000300)={0x14, 0x6a, 0x1, 0x0, 0x0, {0x0, 0x2}}, 0x14}}, 0x0) 08:12:20 executing program 1: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x552, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78) setsockopt$inet_mreqsrc(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000100)='./file0\x00', 0x40c2, 0x40) r2 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) write(r1, &(0x7f0000000600)="34fd98aa1d0e7adec937a5f331a75f487934f50242a0751944936972896c29a5068c8ecba1aa0a4e2a631b5180e1fbde79f4502dc4c4a1fba9dcd9ed83e639aefa1b87631c33d1a82cb0c0035676ddfeb0fe7984d7519b0f839d497fc9d64ef14d1de22220ff2623df4950134b9fb734a52adad95f131cce3672a9d7d7b400d2c62810b5f20351639330948107bf8d4534a03ac389455c54d8eb4d609b3e858b7213b38eb01f0eeaba3739ae927916e28da6a79a3fd5e32d30ab30bf959d4596e5ffbff6789a650b9e7d248d1ba849012336a4f3ef8fab07a8f5b81bb0bc45b2174538315ca12b7c723b2157562564a8a1f19d28179f8c565448e0e921b8c3e6fc4adaafa8b929ad077f633325b6a6f71a586cabc4883e03e19315f946b277858593a7367e232202fe9ad656c6768a1517da7f0498b48cb078e929fb11db0cc551f754bffc4859dd89a396915cc809b07d448573098409ea21371056f67ef4114ec10547f498d24513fe594308bf022868ad21e85bba811942fdc45161a1a8a7fe00d5c6b05ed7954f631bbd12a5c9a5cfa5965e0595de608b04ebe02b3fcbf3b9f57807a1a7ad8528992e2ec65949da2f4a0478dfd3ae52639c15d8aeaa351da6d393b58c772168fae604d097fef4d6b9360eb169a0b0ee70cdc22435a003e68698f61b3b63b1f51011bc8f4ef944c1de821785f670124a1c6ed18335d63412", 0x200) sendfile(r1, r2, 0x0, 0x7fffffa7) r3 = open(&(0x7f0000000040)='./file0\x00', 0x141042, 0x0) sendfile(r3, r1, 0x0, 0x13200) 08:12:20 executing program 2: pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) syz_mount_image$vfat(&(0x7f0000000440)='vfat\x00', &(0x7f0000000400)='./file0\x00', 0xfffffffffffffffa, 0x1, &(0x7f00000003c0)=[{&(0x7f0000000080)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x280001c, 0x0) r1 = open(&(0x7f0000000300)='./file0\x00', 0x0, 0x0) fchdir(r1) creat(&(0x7f0000000140)='./bus\x00', 0x0) ioctl$KDGETLED(0xffffffffffffffff, 0x4b31, &(0x7f0000000d40)) mkdir(&(0x7f0000000240)='./file1\x00', 0x0) mkdir(&(0x7f0000000280)='./file0\x00', 0x0) r2 = open(&(0x7f00000009c0)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x800002, 0x11, r2, 0x0) r3 = creat(&(0x7f00000002c0)='./bus\x00', 0x0) r4 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/pfkey\x00', 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x552, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, r4}, 0x78) ioctl$BLKREPORTZONE(r4, 0xc0101282, &(0x7f00000027c0)={0x1000, 0x1, 0x0, [{0x3, 0x8, 0x10001, 0xe1, 0x5, 0x80, 0x80}]}) fcntl$setstatus(r3, 0x4, 0x6100) ftruncate(r3, 0x8200) r5 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/pfkey\x00', 0x0, 0x0) sendmsg$nl_generic(r2, &(0x7f0000000e00)={&(0x7f0000000d80)={0x10, 0x0, 0x0, 0x4084088}, 0xc, &(0x7f0000000dc0)={&(0x7f00000014c0)={0x12c8, 0x35, 0x4, 0x70bd25, 0x25dfdbfd, {0x3}, [@typed={0x8, 0x83, @u32=0x8f88}, @generic="c8e0a7c8ac434cc5d4de82dae3e0bd6652cd57ad24fef1b2a2a402f5154a461a195cdc87017507d6ad0553bf77c97560cee0392521b58ff5e018cb214f9912990e28aa801e44dcb08449d346fd732d14d4693e96a603050a607413fdf5502fae79ec8173906d51cacda798ca2cffabdb81ca744a120c9d2d94d9e192a9733263e42e178b54c177c9fa3c5ce5a8cf4956baf54a9052018c9c011aa76fa9ea1a16ac759c8cf5cd5bd8b98be2d0d6f13c81af53795a1a4b121d5551e55cf33e4a735c496ea8a7035eea4d399681d0ffc9ae1e4801f1200a1c724d916da81d89af8d5e557d76d7eba23b26471f00492b23b7afbf58e4b75dbb57a08cd6df8c28b69a2637d822f8f729f00c5020677a582d974e88e1826c0600333f343f1ebb726f70a3824cc0293f0e1e1abba2ba14adb0542b057a123a781388ba84f752f88c5583ce81b7e659be0476a3bfcd4df856b7d755be472ee91ff6eeb3ea357dd4ec65a0f2a6b8714e6f2877186fc591ebf9ce34659e4a994557d45dc6be8c5b60080e4546201277a90abf56817d96c4c6e3e878b0c5e9c41bd1d26d0048cd956ad709334c79b2d0428d801acff6d81138e3038a330f27c3a84bdc14f9024c54d38b2fd338dbc8cccce3545376ef524a8f5ad4caba8aeffd7eeda5bfb55435572261e50dcaf54b9f7cb08e64809ab9e75972f5f57017047ecd6cc1a2b11129dc05a0be863100bbd67d98df982ad42deb63c863670edb8b1b148bebd688f48785cb291a4d365e18d325267ee07cbe672edc6fa626b5f0125cd3ff259c943b3c82dc9d26351ecfcbe5af615d74d1aca422038e3a1e3bdbd70c55bb9709d0b18cef368d497fb7fd86f37235e5cbcc36c5195d9153b76e4a54dc703f21ca1b1b64dbdb3113e79041254c0f4d2e8263197d0425d668dd268045332d39ffa06e4d9ee65ed87cf7a05b460709f78156b7d48fcb0997ebde9c8a0f58d34898e18ee2f4ce6267917d76b483b730f915aabc92cd78537e67b19ead26dad96a11e92d5782fbbdc2beb9f9d11644bef6b69ffb1239dd276cb8a00314859ea1084c8f7f280963d27389a26a0da4fa4c29457b2e94e100cd41216ed9aa5bd6228fb634ea1030202aae3cbfb17d83331e7275390f1f75588595d73996374f38dd4199cc71e96784b78cfc047b3267ea47753a4ce4b43c85ad0055d6f476b482436bb9fd01a88b304bba28615514fecf047eaca45af019064864249707987ff3f9726924ff0b54808bcd01f639ba0a7d1b7e5d3c85bdd679888c863fed0b5460c422d5e9075a6b76907b59365fdd669ef231b0a35f3b9b973d15afd2b5e7892f27ffe63541ec5163b76f37de8454fc5ec7fbbfb1505474dfc8309cf71cc14dc80f0557dc6848ee2d8161c4aed1b125cfe599c09367c31b48dfa53a6f7ee29631159064b6e8c8a8a3b4309f0419b5e5c82b21231b8658394146d6febcb191d04c45283d3e7d7ae8b58bfd155a49a27628b977e22c233c5ac07bfe79f64aa17a0220c3322b8d447798b96aa2a12ee2d7cce86ca61a662ad1c0f7ad816d1b80b134560918ec5d0d9041266c8686d6af4d311b2204e3d12e93eff9ae22373ce12f125af0543598e276e43063b25bf6206ba41a7752e5e2673a31f032f4b6e74c17de7c411af278c23fb217afc2a50eb8f103c22197a796ab7d6f04cb99951236e9bc5a8a3b8055ec2bd224869567cf3cdbfc640dcbb26b0606aff40a26a628d9316c9de9c6daccb52f5011dc182d38410d5c163e88baf5e64c1304e93fea2e17e55208e5392fe005aa7a215b9cdbcac4ea9f2997e71b8a7894b13aa00e3c8e280eb910c303b2fe7b269ba9d8537571344901465bd3f9d04af33c34f3aeb407707d5092ca601084a538178239b772c860e539f9d7632d3dc7229e04710aa5b6b48078d535fc26426f8ea434814fec7bbf7bfe5d9b8446813f0e5e8347da603032856fc0d156eef3014fbe9e356ed3b5c0154d85d02964540e3afb79079d4992455949e6b343c4cf4aebf1bded3670e94e365f53b78dffa6b547edb36c85b71bc23b346f7b1f984f22dbc92a2d2cefa91105ee3a072e95716ef37436491e9cff4e30d46ece32cabdc087927df601606132564cebfb264c98a22eb8dc971b05388ca2d27fec288f15615cdc8f5d209ec895b6d784b889996a7c9de790d12d52c354f3129f0fcc2908dcdb4b20727e93918b86d5b4cf745406725aefcc45cf6f36bffd59079e373b41bf78749ef8a180652c3f62e9535dc7d3a0ee17bdbda836555f92fbca5d8e4cf6e56bd6cea475245b9c7dac9af851827e7cb1d47a323d017e4c0cc0279bda01c069f4995b99a12402a75a3fe7a3fe7a2a4dc2cabc172cb87430c33611b7fbb7a9cba6f3661ca9cb2b6a1241b58dcdaaefa10ae39f3e5b52f09b838d686ba4ea0d37f66d593af35c6669f35757735ff1c7e311d5774c6568d0d92360de8f3cc777e75223d8e9a414bd6bf34a4cc1b31531f7f178c471ade8ad7810d38e05ee9e0ed85546679f3c29be299064f41693be3a93d061a728f333d4b2511061bf39de85964ec26d2538fd8f9e50581f6ac238300e8bd0564719a66cc2f824bf7baa400935c26bcbe47208b1441c13978f582d218dd37c5edde3d0974a7f484823823ecd7d1a0f73599973fa3ffebc92b27819c48a96a677dde1044c69558d6f9daa4ffda5185aaccea7af35c74d531bfa94ab4cb4a6288d0a4da99480f8ed0947b38220626544047489f5195a69bc0d75e5387fcb69ab6570c26080ace3e777b1b310197d453f64ee2bd6126b99e129edb225291b957ab5349a248eecd9b429ad6152f316a1b00be6201b29e526a93007f391d5b1e2cc2b7532375a16b4dafe8f85835f1de9af65fae19737e4d8648b1b05955356c508b3ed5658ecfa5effe013afe3e0165cfa8fd3179d44d9a08c179054ab4d790a850b8cc2384bbf73bf26513580f8b8a009c757a77ad9c30fe320e5c742e338ee9f03e7eaab9453169bffbf1e6e8e7e6962da7e7bab654d220300d1bcedba6b65aae0a0ac5cc8ee519ecb5fdb81f5a0d6b718f5717290d33f0a5de4f2b0c25894e4a07c3ede6e332054f15335d56ac42844212f8ab3d6d4e2e240660f87220e7a2202adabdf54ab5534199bc1dc1deaa23850db951dfcfd587edfc834328cca51bf72a2efa9221f2cc07c03ef738f1eb5f01357589dcce92cc05827288ca0b5e15ec7379f944bed1b38602cbf9d5c7ba548e8d4405ea26c586967cb3a74246a0089eec04dd232ba7141d02f0612cc4ac31f42a749bdc1e051b5733f0576c7f2ebd347f53ce876683a7e1b5457cb93a09de26fafa07fa43f0abf80da676678ea30647a744055f3ea979de90f84d51b387e553f4011a8d525b80bb2937d58015edf118acdb24f5db75e83c23ab04283092dd2cf199e3bfb194671088e980b8f81712dfe329cde3588f8fe850725fbe685c45fc91384ef228b46b7e34a8057633d40862204ff22fd551c2a05c3a5dd053d1ded7b9b21a51e5367e8e692b48666b4901a1631e0e187528ac81c8a1832d7a425fe8e1a512570707248ba10af3b27354642fa6101ed1dc5d635070baa48ef05fae5d3512db8efb5aa29ad46643e69c6260ab9aa35c10a8553cf1b1bdb53f169a964771997603ecc9b9b2e82542f2d61c57953ddcbd8aa9a947a63d592f88c68a2f6ba671066ce9d116b860fe52c7c756cc857a1e7fa955819084f065ec684619a955f5c0c7739cb4e22b9eea4d82be14132439599fda33325981e62775e6e5d596fe4a26af629fe43751417e5febc8e8f385f9151e9fa6ed86dc33d0e91c3308a3885a6ac75a1456c19e44c4a0834d425c747b3be19433926467702b80ed6cda01a059db0656f1f591dfcc2b05f486ae7fe8e27f8e99470f13348c213a9273d6ba90f87a470b5c65ce8ac0e3bda8a6b89c57accf8c05990c5649bf0e61aff4f7a67718514d7c100a7179c1793cd576a28fc937e30816345eac3c46f2282290cfe77e64ec832be630433984f4d681e43291b0667c2ba806a8d179f1df5e44de352d9d0ac7b98c2d65aeca28b6232ad6dc7692e59fb5c53e9d6729745ad41a821be559d98ff8967eec280d3897a823084eb8856ad2e3e32ab0c1f52bf017123ef0084d98d525addf4e898d823d83e505931a064208be15f647c5fc96be2789e5971fee8ff11f628052d59482aa4867bf49405adc5fca06039e3552868216541b32a6408585b943efc44d9daf55ab96db6de2be7b7ed0e1dcda31b57ad043469763db7172c63f403dbe2f9c1e0cea32b986b6adbac65daf9aec5e1efd109225f4ecb52d8ffbc1b4ba048a9ae1b48495840d69c6c71a7122dde2badda41f5990b7557a498b4244fd4cb2dd05678f68937ba2614a8c6304f84492c20beb081240d4342b735588d322af2b247284e591d1994254d3ad19a985d980b62f84dd45138a7539bbb5b11eb12fd1383b8fc841608ce2c78ffd2590a0fbabdde9bafdc6cecdae962a1ee0d6d0bcd463ba2a7ef2fd3e8685461a565fcf5726f4b6d6a1c65a6f350eb077587597e71cf026eae975fee0a21c9a0cffaa74e410d7c5fa6f128e81689f461b93d356caf5b9c43cd414d4782e56df9a156fec76395633b5153c917c625c2cd52ae170c6043b7323dabc1c2f9ae9c4969165e63db49a637d07192d3b5d1f0118822072065c7a92e3ada3df7851612059718ff5572e7c0ab66291e17f85adc3a1cd7163186fb286f8aa13e04f273e5cc919eb9c0c6ff759269221ec6a263369c4d37e616e031d92ef98a0b8f9609bc842e18e6c3ef574d380f68596d94fb97d24fa95c9904afa87a8c1a2bbb60a3e619ebdc7530fcc1d7f3da7fae22064512c7c804186e13ee552de918fbaf16f5f0ca64a88ed798e5e558988b3d1225c13901dc3d27d2505f11d7cf9cc9d36e5d7e4403d1da4354e367481bf03f81ad60bf619f58619511c2e106da2921add39ee0a190f86fe079ceae5c453e643c4806befa4cfc33f3b0fb6d87148fa423486789e359330e7b88bf0c2215b6491a34f7979c5b5f3e63913591d0db56ed8667ba7eb50d28824003bbf01250a01bf022e91e6b612b56fc994bc1b5062097d5f5234294272bf4e4d5a253d574be0ab442aa8b122f85a194a2bfc055610c4db6310d3fe202273195dbc221ab381cea5a5be9e1bc404964870c9905698159c199433068087961d63ac4b18ae9702525a013043c9b3e3bb1415dcd1750e963b668491beed9f81788629a34ac05ae0d253ef1ce2b485896d3808adf0e34b1b5a4d13772fc0b9c759ac0deb3575fab21d570260918d956efe4d856d89c63cd32f80eae266091bbaa681c52ef5e91e24715fb963640ceaffd033d27b470554b74114da59c68636048f1a662fb69d7a379369773346ffe6bb2b27f4a8b2ebbba75a4543cfd97669702ae80710e9538c1043f03105c1c38f34395319ca0ffbd549de79ed68fe3c0c160f3ba91fd871308cf375efab8f195423e3755278cd5908135810363dff4f4288de87cdd48f791c7f3df0388221fc8040947975c85f05b8576136f716eee79d4409ed66ecc446c93a070b9f41f6a84e090925d35ec21158aae2a1813f9d0cd39f7fb7740d3608173072a59cc7fb83b11df2d69947363a690ba9dbc47ae5259613f5ac3d8d8181d9d0b2238cdcf444bb4f80e9e70862ee47ad6dd36140d2304b6cb1fe19a2ecb76e37b55ff54c1ee2896d4187b0ba81d47a9ddf72bf18601a4773dd59b220c0d08e08886370ede9e45a1881b", @nested={0x2ac, 0x7, [@typed={0x8, 0x19, @u32=0x3}, @generic="b5fb5f37bff997c04252147061e3b112a2f0fdad3062240eff4afc44fcb8da2fa5958a2fbcf553a3b6fe849ba2adf280c5839c4ac951bac01534afeb46cb4fb5fbfa7b4f5466f179b26f19d3e7b57947be07", @generic="864a4a524d9841fca16735598fd950a42b3d38222f824a8c2a7565dc37b492b0d474680089c295d395626cc39f0b0053da8c9e370129c18ec1be5c660c62ba624274092bb61e9bc37b15f8a5296b93a2c5c6675cdd419a765ea4666935d8beac8b32d350fa709e099f77f03a51a9623f680d7daeb17eb5da99e49e1b439ae6401f37b3afb8aecc54ce1ce8f91cce593b4abe5f7b3141bfbe855abea90be93bba3b48faf55cd37e5a4add73ae0ccccf62b51e4ce0ff16a17ca408a579158d1ae12715eab0a0e4f6b777df4749e2bfadaa339f4bc2709f47b80d057fcc0df9eb78ad9bb69f20d62714d94466b4358207fc7c", @generic="43ef6960eb208cb39361135103e7628748a7dbd726b889a4db3fcb7086b8e6eb510aecdee33f3dc53c4f9ab097e6ce35a9428a1ac3886f1ecdccf6d1e7299cf4d61943cb5599c64bb79333", @typed={0x4, 0x36}, @typed={0x94, 0x4d, @binary="1c12a412d7ea866694a23fd3419c3434a049d53ae7179886d3bab84e3fe968c0710ffb4c33b88be90b1ee2593ae04d500f33f1bd05f2b11ed47eabc66e89cb27135f3e86f28a64974c763098960d9638934edecae0bd288dee569e33c9dab98023404d553880f281d210839b8196b87aab76f91dd2a45d66673d24effaa32192cde88dd4aea2d1cd4a8636ea7fcec2"}, @generic="7fd03e44145d6b529a7394f0a02b72594b94617e38582ea8534df28333b71f8e9b64573ed58712ca200ce9c329b59cb809be88395a7aa1886f2d9494b830e79606a5b813e4d2506c0b8f043b9ccdba44e5370c434ef3ba1896478ba73ed0a4c1600f1b0b95c0c707e89a7eb50ad9000179a52eb6834e56b3c5"]}]}, 0x12c8}, 0x1, 0x0, 0x0, 0x8000}, 0x20040810) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x552, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, r5}, 0x78) clock_gettime(0x0, &(0x7f0000001340)={0x0, 0x0}) recvmmsg(r5, &(0x7f0000001240)=[{{&(0x7f0000000000)=@ethernet={0x0, @dev}, 0x80, &(0x7f0000000340)=[{&(0x7f0000000480)=""/152, 0x98}, {&(0x7f00000000c0)}, {&(0x7f0000000180)=""/79, 0x4f}, {&(0x7f0000000100)=""/27, 0x1b}], 0x4, &(0x7f0000000380)=""/29, 0x1d}, 0x763}, {{&(0x7f0000000540)=@in={0x2, 0x0, @remote}, 0x80, &(0x7f0000000b80)=[{&(0x7f00000005c0)=""/223, 0xdf}, {&(0x7f00000006c0)=""/193, 0xc1}, {&(0x7f00000007c0)=""/95, 0x5f}, {&(0x7f0000000840)=""/80, 0x50}, {&(0x7f00000008c0)=""/182, 0xb6}, {&(0x7f0000000a00)=""/201, 0xc9}, {&(0x7f0000000b00)=""/107, 0x6b}], 0x7}, 0xfffff000}, {{0x0, 0x0, &(0x7f0000000980)=[{&(0x7f0000000c00)=""/254, 0xfe}, {&(0x7f0000000d00)=""/64, 0x40}], 0x2, &(0x7f0000001400)=""/161, 0xa1}, 0xffffffff}, {{&(0x7f0000000e40)=@nfc, 0x80, &(0x7f0000001180)=[{&(0x7f0000000ec0)=""/11, 0xb}, {&(0x7f0000000f00)=""/58, 0x3a}, {&(0x7f0000000f40)=""/110, 0x6e}, {&(0x7f0000000fc0)=""/111, 0x6f}, {&(0x7f0000001040)=""/191, 0xbf}, {&(0x7f0000001100)=""/113, 0x71}], 0x6, &(0x7f0000001200)=""/10, 0xa}, 0x40}], 0x400000000000044, 0x2000, &(0x7f0000001380)={r6, r7+30000000}) r8 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000013c0)='/dev/hwrng\x00', 0x400000, 0x0) r9 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_S_EXT_CTRLS(r9, 0xc0205648, &(0x7f0000000080)={0x0, 0x7}) dup2(r8, r9) write$cgroup_type(r3, &(0x7f0000000200)='threaded\x00', 0x175d900f) write$binfmt_misc(r0, &(0x7f0000000140)=ANY=[], 0x4240a2a0) 08:12:20 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x196, 0x0, 0x0, 0x0) ioctl$KVM_GET_XCRS(0xffffffffffffffff, 0x8188aea6, &(0x7f0000000000)=ANY=[@ANYBLOB="010002d59400000500ade76e876e03c8cc0000"]) ioctl$KVM_RUN(r2, 0xae80, 0xfdfdffff) 08:12:20 executing program 5: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000000)="6653070000053c07bc3376003639405cb4aed1e68f7d368b3fb62f00000000", 0x1f}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, 0x0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) 08:12:21 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(0xffffffffffffffff, 0x4010ae67, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_DEBUGREGS(r2, 0x4080aea2, &(0x7f0000000080)={[], 0x0, 0x0, 0x19c82e4c}) [ 1125.339112][ T27] audit: type=1800 audit(1577520741.071:664): pid=19411 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="file0" dev="loop1" ino=549 res=0 [ 1125.457868][ T27] audit: type=1804 audit(1577520741.111:665): pid=19422 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir643497950/syzkaller.E8iwYA/226/file0/file0" dev="loop1" ino=549 res=1 [ 1125.512656][T19411] FAT-fs (loop1): error, fat_get_cluster: invalid cluster chain (i_pos 17) 08:12:21 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x196, 0x0, 0x0, 0x0) ioctl$KVM_GET_XCRS(0xffffffffffffffff, 0x8188aea6, &(0x7f0000000000)=ANY=[@ANYBLOB="010002d59400000500ade76e876e03c8cc0000"]) ioctl$KVM_RUN(r2, 0xae80, 0xffff8000) 08:12:21 executing program 3: prlimit64(0x0, 0x0, 0x0, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3) r1 = dup(r0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x8b04, &(0x7f0000000100)='wlan0\x00f\x14\xd96\x9e\x87\xbd\x8c\x9dyu\x8c9?bs\xafS\xad6\xd8\n\x87\x90\b\x8fD\x91(\x02d\x7f\xf4\xb2\xebd\xa9\x1e') 08:12:21 executing program 2: pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) syz_mount_image$vfat(&(0x7f0000000440)='vfat\x00', &(0x7f0000000400)='./file0\x00', 0xfffffffffffffffa, 0x1, &(0x7f00000003c0)=[{&(0x7f0000000080)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x280001c, 0x0) r1 = open(&(0x7f0000000300)='./file0\x00', 0x0, 0x0) fchdir(r1) r2 = creat(&(0x7f0000000140)='./bus\x00', 0x0) mkdir(&(0x7f0000000240)='./file1\x00', 0x0) mkdir(&(0x7f0000000280)='./file0\x00', 0x0) r3 = open(&(0x7f00000009c0)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x800002, 0x11, r3, 0x0) r4 = creat(&(0x7f00000002c0)='./bus\x00', 0x0) fcntl$setstatus(r4, 0x4, 0x6100) lstat(&(0x7f0000000000)='./bus\x00', &(0x7f00000000c0)) ftruncate(r4, 0x8200) write$cgroup_type(r4, &(0x7f0000000200)='threaded\x00', 0x175d900f) ioctl$RTC_ALM_SET(r2, 0x40247007, 0xfffffffffffffffd) write$binfmt_misc(r0, &(0x7f0000000140)=ANY=[], 0x4240a2a0) [ 1125.579656][T19411] FAT-fs (loop1): Filesystem has been set read-only [ 1125.589487][ T27] audit: type=1804 audit(1577520741.191:666): pid=19422 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir643497950/syzkaller.E8iwYA/226/file0/file0" dev="loop1" ino=549 res=1 [ 1125.603688][T19411] FAT-fs (loop1): error, fat_get_cluster: invalid cluster chain (i_pos 17) [ 1125.663745][T19422] FAT-fs (loop1): error, fat_get_cluster: invalid cluster chain (i_pos 17) 08:12:21 executing program 1: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x552, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78) setsockopt$inet_mreqsrc(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000100)='./file0\x00', 0x40c2, 0x40) r2 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) write(r1, &(0x7f0000000600)="34fd98aa1d0e7adec937a5f331a75f487934f50242a0751944936972896c29a5068c8ecba1aa0a4e2a631b5180e1fbde79f4502dc4c4a1fba9dcd9ed83e639aefa1b87631c33d1a82cb0c0035676ddfeb0fe7984d7519b0f839d497fc9d64ef14d1de22220ff2623df4950134b9fb734a52adad95f131cce3672a9d7d7b400d2c62810b5f20351639330948107bf8d4534a03ac389455c54d8eb4d609b3e858b7213b38eb01f0eeaba3739ae927916e28da6a79a3fd5e32d30ab30bf959d4596e5ffbff6789a650b9e7d248d1ba849012336a4f3ef8fab07a8f5b81bb0bc45b2174538315ca12b7c723b2157562564a8a1f19d28179f8c565448e0e921b8c3e6fc4adaafa8b929ad077f633325b6a6f71a586cabc4883e03e19315f946b277858593a7367e232202fe9ad656c6768a1517da7f0498b48cb078e929fb11db0cc551f754bffc4859dd89a396915cc809b07d448573098409ea21371056f67ef4114ec10547f498d24513fe594308bf022868ad21e85bba811942fdc45161a1a8a7fe00d5c6b05ed7954f631bbd12a5c9a5cfa5965e0595de608b04ebe02b3fcbf3b9f57807a1a7ad8528992e2ec65949da2f4a0478dfd3ae52639c15d8aeaa351da6d393b58c772168fae604d097fef4d6b9360eb169a0b0ee70cdc22435a003e68698f61b3b63b1f51011bc8f4ef944c1de821785f670124a1c6ed18335d63412", 0x200) sendfile(r1, r2, 0x0, 0x7fffffa7) r3 = open(&(0x7f0000000040)='./file0\x00', 0x141042, 0x0) sendfile(r3, r1, 0x0, 0x2c0100) 08:12:21 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$devlink(&(0x7f0000000300)='devlink\x00') r2 = socket$inet6(0xa, 0x80003, 0x6b) ioctl(r2, 0x1000008912, &(0x7f00000001c0)="0805b5055e0bcfe8474071") sendmsg$DEVLINK_CMD_PORT_GET(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000000)={0x3c, r1, 0x9, 0x0, 0x0, {}, [{{@nsim={{0x10, 0x1, 'netdevsim\x00'}, {0x10, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x2}}}]}, 0x3c}}, 0x0) [ 1126.035117][ T27] audit: type=1800 audit(1577520741.771:667): pid=19463 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="file0" dev="loop1" ino=550 res=0 [ 1126.083861][ T27] audit: type=1804 audit(1577520741.771:668): pid=19463 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir643497950/syzkaller.E8iwYA/227/file0/file0" dev="loop1" ino=550 res=1 [ 1126.127839][ T27] audit: type=1804 audit(1577520741.861:669): pid=19468 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir643497950/syzkaller.E8iwYA/227/file0/file0" dev="loop1" ino=550 res=1 [ 1126.158278][T19463] FAT-fs (loop1): error, fat_get_cluster: invalid cluster chain (i_pos 17) [ 1126.167147][T19463] FAT-fs (loop1): Filesystem has been set read-only [ 1126.173924][T19463] FAT-fs (loop1): error, fat_get_cluster: invalid cluster chain (i_pos 17) 08:12:27 executing program 0: gettid() openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x6}, 0x3c) write$cgroup_subtree(r0, &(0x7f0000000000)=ANY=[], 0x32600) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r0, &(0x7f0000000000)=ANY=[@ANYBLOB], 0xda00) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000080)='cpu.stat\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x7fff}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffc}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) write$cgroup_int(r1, &(0x7f0000000200), 0x43400) ioctl$PERF_EVENT_IOC_MODIFY_ATTRIBUTES(r0, 0x4008240b, &(0x7f0000000280)={0x0, 0x70, 0xff, 0x1, 0x0, 0x3, 0x0, 0x100000000, 0xc17d06253f1d94fb, 0x2, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x8000, 0x4, @perf_config_ext={0x4, 0x1f}, 0x800, 0x8239, 0x7fff, 0x1, 0x1000, 0x9, 0x7}) 08:12:27 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x196, 0x0, 0x0, 0x0) ioctl$KVM_GET_XCRS(0xffffffffffffffff, 0x8188aea6, &(0x7f0000000000)=ANY=[@ANYBLOB="010002d59400000500ade76e876e03c8cc0000"]) ioctl$KVM_RUN(r2, 0xae80, 0xfffffdfd) 08:12:27 executing program 2: pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) syz_mount_image$vfat(&(0x7f0000000440)='vfat\x00', &(0x7f0000000400)='./file0\x00', 0xfffffffffffffffa, 0x1, &(0x7f00000003c0)=[{&(0x7f0000000080)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x280001c, 0x0) r1 = open(&(0x7f0000000300)='./file0\x00', 0x0, 0x0) fchdir(r1) r2 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/pfkey\x00', 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x552, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, r2}, 0x78) getsockname(r2, &(0x7f0000000000)=@pppol2tpin6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @initdev}}}, &(0x7f00000000c0)=0x80) getsockopt$IP6T_SO_GET_REVISION_TARGET(r3, 0x29, 0x45, &(0x7f0000000100)={'ah\x00'}, &(0x7f0000000180)=0xffffffffffffff58) creat(&(0x7f0000000140)='./bus\x00', 0x0) mkdir(&(0x7f0000000240)='./file1\x00', 0x0) mkdir(&(0x7f0000000280)='./file0\x00', 0x0) r4 = open(&(0x7f00000009c0)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x800002, 0x11, r4, 0x0) r5 = creat(&(0x7f00000002c0)='./bus\x00', 0x0) fcntl$setstatus(r5, 0x4, 0x6100) ftruncate(r5, 0x8200) write$cgroup_type(r5, &(0x7f0000000200)='threaded\x00', 0x175d900f) write$binfmt_misc(r0, &(0x7f0000000140)=ANY=[], 0x4240a2a0) 08:12:27 executing program 1: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x552, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78) setsockopt$inet_mreqsrc(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000100)='./file0\x00', 0x40c2, 0x40) r2 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) write(r1, &(0x7f0000000600)="34fd98aa1d0e7adec937a5f331a75f487934f50242a0751944936972896c29a5068c8ecba1aa0a4e2a631b5180e1fbde79f4502dc4c4a1fba9dcd9ed83e639aefa1b87631c33d1a82cb0c0035676ddfeb0fe7984d7519b0f839d497fc9d64ef14d1de22220ff2623df4950134b9fb734a52adad95f131cce3672a9d7d7b400d2c62810b5f20351639330948107bf8d4534a03ac389455c54d8eb4d609b3e858b7213b38eb01f0eeaba3739ae927916e28da6a79a3fd5e32d30ab30bf959d4596e5ffbff6789a650b9e7d248d1ba849012336a4f3ef8fab07a8f5b81bb0bc45b2174538315ca12b7c723b2157562564a8a1f19d28179f8c565448e0e921b8c3e6fc4adaafa8b929ad077f633325b6a6f71a586cabc4883e03e19315f946b277858593a7367e232202fe9ad656c6768a1517da7f0498b48cb078e929fb11db0cc551f754bffc4859dd89a396915cc809b07d448573098409ea21371056f67ef4114ec10547f498d24513fe594308bf022868ad21e85bba811942fdc45161a1a8a7fe00d5c6b05ed7954f631bbd12a5c9a5cfa5965e0595de608b04ebe02b3fcbf3b9f57807a1a7ad8528992e2ec65949da2f4a0478dfd3ae52639c15d8aeaa351da6d393b58c772168fae604d097fef4d6b9360eb169a0b0ee70cdc22435a003e68698f61b3b63b1f51011bc8f4ef944c1de821785f670124a1c6ed18335d63412", 0x200) sendfile(r1, r2, 0x0, 0x7fffffa7) r3 = open(&(0x7f0000000040)='./file0\x00', 0x141042, 0x0) sendfile(r3, r1, 0x0, 0x320100) 08:12:27 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) read$FUSE(0xffffffffffffffff, 0x0, 0x0) dup(0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) getresuid(&(0x7f0000000240), &(0x7f00000002c0), &(0x7f0000000300)) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) dup(r2) getresuid(&(0x7f0000000240), 0x0, 0x0) getresgid(0x0, 0x0, &(0x7f0000000100)) getresuid(0x0, 0x0, &(0x7f0000000300)) fsetxattr$system_posix_acl(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) getgid() syz_open_dev$sndctrl(0x0, 0x400, 0x0) 08:12:27 executing program 5: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000000)="6653070000053c07bc3376003639405cb4aed1e68f7d368b3fb62f00000000", 0x1f}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, 0x0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) [ 1131.747640][ T27] audit: type=1800 audit(1577520747.481:670): pid=19486 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="file0" dev="loop1" ino=551 res=0 08:12:27 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_CLOCK(r1, 0x8070ae9f, 0x0) [ 1131.830056][ T27] audit: type=1804 audit(1577520747.511:671): pid=19486 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir643497950/syzkaller.E8iwYA/228/file0/file0" dev="loop1" ino=551 res=1 08:12:27 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x196, 0x0, 0x0, 0x0) ioctl$KVM_GET_XCRS(0xffffffffffffffff, 0x8188aea6, &(0x7f0000000000)=ANY=[@ANYBLOB="010002d59400000500ade76e876e03c8cc0000"]) ioctl$KVM_RUN(r2, 0xae80, 0x200000003) 08:12:27 executing program 2: pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) syz_mount_image$vfat(&(0x7f0000000440)='vfat\x00', &(0x7f0000000400)='./file0\x00', 0xfffffffffffffffa, 0x1, &(0x7f00000003c0)=[{&(0x7f0000000080)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x280001c, 0x0) r1 = open(&(0x7f0000000300)='./file0\x00', 0x0, 0x0) fchdir(r1) bind$inet(r1, &(0x7f0000000000)={0x2, 0x4e23, @broadcast}, 0x10) creat(&(0x7f0000000140)='./bus\x00', 0x0) mkdir(&(0x7f0000000240)='./file1\x00', 0x0) mkdir(&(0x7f0000000280)='./file0\x00', 0x0) r2 = open(&(0x7f00000009c0)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x800002, 0x11, r2, 0x0) r3 = creat(&(0x7f00000002c0)='./bus\x00', 0x0) fcntl$setstatus(r3, 0x4, 0x6100) ftruncate(r3, 0x8200) write$cgroup_type(r3, &(0x7f0000000200)='threaded\x00', 0x175d900f) setsockopt$bt_BT_CHANNEL_POLICY(r0, 0x112, 0xa, &(0x7f0000000040)=0x6, 0x4) write$binfmt_misc(r0, &(0x7f0000000140)=ANY=[], 0x4240a2a0) [ 1132.087835][ T27] audit: type=1804 audit(1577520747.561:672): pid=19495 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir643497950/syzkaller.E8iwYA/228/file0/file0" dev="loop1" ino=551 res=1 08:12:27 executing program 3: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x552, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78) setsockopt$inet_mreqsrc(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000100)='./file0\x00', 0x40c2, 0x40) r2 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) write(r1, &(0x7f0000000600)="34fd98aa1d0e7adec937a5f331a75f487934f50242a0751944936972896c29a5068c8ecba1aa0a4e2a631b5180e1fbde79f4502dc4c4a1fba9dcd9ed83e639aefa1b87631c33d1a82cb0c0035676ddfeb0fe7984d7519b0f839d497fc9d64ef14d1de22220ff2623df4950134b9fb734a52adad95f131cce3672a9d7d7b400d2c62810b5f20351639330948107bf8d4534a03ac389455c54d8eb4d609b3e858b7213b38eb01f0eeaba3739ae927916e28da6a79a3fd5e32d30ab30bf959d4596e5ffbff6789a650b9e7d248d1ba849012336a4f3ef8fab07a8f5b81bb0bc45b2174538315ca12b7c723b2157562564a8a1f19d28179f8c565448e0e921b8c3e6fc4adaafa8b929ad077f633325b6a6f71a586cabc4883e03e19315f946b277858593a7367e232202fe9ad656c6768a1517da7f0498b48cb078e929fb11db0cc551f754bffc4859dd89a396915cc809b07d448573098409ea21371056f67ef4114ec10547f498d24513fe594308bf022868ad21e85bba811942fdc45161a1a8a7fe00d5c6b05ed7954f631bbd12a5c9a5cfa5965e0595de608b04ebe02b3fcbf3b9f57807a1a7ad8528992e2ec65949da2f4a0478dfd3ae52639c15d8aeaa351da6d393b58c772168fae604d097fef4d6b9360eb169a0b0ee70cdc22435a003e68698f61b3b63b1f51011bc8f4ef944c1de821785f670124a1c6ed18335d63412", 0x200) sendfile(r1, r2, 0x0, 0x7fffffa7) r3 = open(&(0x7f0000000040)='./file0\x00', 0x141042, 0x0) sendfile(r3, r1, 0x0, 0x12c00) 08:12:28 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x196, 0x0, 0x0, 0x0) ioctl$KVM_GET_XCRS(0xffffffffffffffff, 0x8188aea6, &(0x7f0000000000)=ANY=[@ANYBLOB="010002d59400000500ade76e876e03c8cc0000"]) ioctl$KVM_RUN(r2, 0xae80, 0x7f6dbbfad700) 08:12:28 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x196, 0x0, 0x0, 0x0) ioctl$KVM_GET_XCRS(0xffffffffffffffff, 0x8188aea6, &(0x7f0000000000)=ANY=[@ANYBLOB="010002d59400000500ade76e876e03c8cc0000"]) ioctl$KVM_RUN(r2, 0xae80, 0x10000000000000) [ 1132.506740][ T27] audit: type=1804 audit(1577520748.241:673): pid=19495 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir643497950/syzkaller.E8iwYA/228/file0/file0" dev="loop1" ino=551 res=1 [ 1132.692943][ T27] audit: type=1804 audit(1577520748.251:674): pid=19495 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir643497950/syzkaller.E8iwYA/228/file0/file0" dev="loop1" ino=551 res=1 [ 1132.830262][ T27] audit: type=1804 audit(1577520748.261:675): pid=19495 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir643497950/syzkaller.E8iwYA/228/file0/file0" dev="loop1" ino=551 res=1 [ 1132.916998][ T27] audit: type=1800 audit(1577520748.261:676): pid=19526 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.3" name="file0" dev="loop3" ino=552 res=0 [ 1132.949093][ T27] audit: type=1804 audit(1577520748.281:677): pid=19526 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir040667840/syzkaller.2WQcgv/111/file0/file0" dev="loop3" ino=552 res=1 [ 1132.981837][ T27] audit: type=1804 audit(1577520748.351:678): pid=19538 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.3" name="/root/syzkaller-testdir040667840/syzkaller.2WQcgv/111/file0/file0" dev="loop3" ino=552 res=1 08:12:36 executing program 1: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x552, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78) setsockopt$inet_mreqsrc(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000100)='./file0\x00', 0x40c2, 0x40) r2 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) write(r1, &(0x7f0000000600)="34fd98aa1d0e7adec937a5f331a75f487934f50242a0751944936972896c29a5068c8ecba1aa0a4e2a631b5180e1fbde79f4502dc4c4a1fba9dcd9ed83e639aefa1b87631c33d1a82cb0c0035676ddfeb0fe7984d7519b0f839d497fc9d64ef14d1de22220ff2623df4950134b9fb734a52adad95f131cce3672a9d7d7b400d2c62810b5f20351639330948107bf8d4534a03ac389455c54d8eb4d609b3e858b7213b38eb01f0eeaba3739ae927916e28da6a79a3fd5e32d30ab30bf959d4596e5ffbff6789a650b9e7d248d1ba849012336a4f3ef8fab07a8f5b81bb0bc45b2174538315ca12b7c723b2157562564a8a1f19d28179f8c565448e0e921b8c3e6fc4adaafa8b929ad077f633325b6a6f71a586cabc4883e03e19315f946b277858593a7367e232202fe9ad656c6768a1517da7f0498b48cb078e929fb11db0cc551f754bffc4859dd89a396915cc809b07d448573098409ea21371056f67ef4114ec10547f498d24513fe594308bf022868ad21e85bba811942fdc45161a1a8a7fe00d5c6b05ed7954f631bbd12a5c9a5cfa5965e0595de608b04ebe02b3fcbf3b9f57807a1a7ad8528992e2ec65949da2f4a0478dfd3ae52639c15d8aeaa351da6d393b58c772168fae604d097fef4d6b9360eb169a0b0ee70cdc22435a003e68698f61b3b63b1f51011bc8f4ef944c1de821785f670124a1c6ed18335d63412", 0x200) sendfile(r1, r2, 0x0, 0x7fffffa7) r3 = open(&(0x7f0000000040)='./file0\x00', 0x141042, 0x0) sendfile(r3, r1, 0x0, 0xf2ff7f) 08:12:36 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x196, 0x0, 0x0, 0x0) ioctl$KVM_GET_XCRS(0xffffffffffffffff, 0x8188aea6, &(0x7f0000000000)=ANY=[@ANYBLOB="010002d59400000500ade76e876e03c8cc0000"]) ioctl$KVM_RUN(r2, 0xae80, 0x80ffff00000000) 08:12:36 executing program 0: gettid() ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40086602, 0x400007) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x6}, 0x3c) write$cgroup_subtree(r0, &(0x7f0000000000)=ANY=[], 0x32600) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r0, &(0x7f0000000000)=ANY=[@ANYBLOB], 0xda00) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000080)='cpu.stat\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x7fff}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffc}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) write$cgroup_int(r1, &(0x7f0000000200), 0x43400) ioctl$PERF_EVENT_IOC_MODIFY_ATTRIBUTES(r0, 0x4008240b, &(0x7f0000000280)={0x0, 0x70, 0xff, 0x1, 0x0, 0x3, 0x0, 0x100000000, 0xc17d06253f1d94fb, 0x2, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x8000, 0x4, @perf_config_ext={0x4, 0x1f}, 0x800, 0x8239, 0x7fff, 0x1, 0x1000, 0x9, 0x7}) 08:12:36 executing program 2: pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) syz_mount_image$vfat(&(0x7f0000000440)='vfat\x00', &(0x7f0000000400)='./file0\x00', 0xfffffffffffffffa, 0x1, &(0x7f00000003c0)=[{&(0x7f0000000080)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x280001c, 0x0) r1 = open(&(0x7f0000000300)='./file0\x00', 0x0, 0x0) fchdir(r1) creat(&(0x7f0000000100)='./bus\x00', 0x40) mkdir(&(0x7f0000000240)='./file1\x00', 0x0) mkdir(&(0x7f0000000280)='./file0\x00', 0x0) r2 = open(&(0x7f00000009c0)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x800002, 0x11, r2, 0x0) r3 = creat(&(0x7f00000002c0)='./bus\x00', 0x0) fcntl$setstatus(r3, 0x4, 0x6100) ftruncate(r3, 0x8200) write$cgroup_type(r3, &(0x7f0000000200)='threaded\x00', 0x175d900f) r4 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_S_EXT_CTRLS(r4, 0xc0205648, &(0x7f0000000080)={0x0, 0x7}) r5 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) r6 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) r7 = request_key(&(0x7f0000000140)='user\x00', &(0x7f0000000180)={'syz', 0x0}, &(0x7f00000001c0), 0xfffffffffffffff8) r8 = add_key(0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc) keyctl$dh_compute(0x17, &(0x7f0000000500)={0x0, 0x0, r8}, 0x0, 0x0, 0x0) r9 = request_key(&(0x7f0000000340)='trusted\x00', &(0x7f0000000380)={'syz', 0x3}, &(0x7f0000000480)='\x00', r8) keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, r7, 0x0, &(0x7f00000004c0)=@chain={'key_or_keyring:', r9, ':chain\x00'}) ioctl$VIDIOC_S_EXT_CTRLS(r6, 0xc0205648, &(0x7f0000000080)={0x0, 0x7}) ioctl$VIDIOC_S_EXT_CTRLS(r6, 0xc0205648, &(0x7f0000000080)={0x0, 0x7}) dup2(r4, r5) r10 = openat$random(0xffffffffffffff9c, &(0x7f0000000040)='/dev/urandom\x00', 0x8c800, 0x0) ioctl$RNDCLEARPOOL(r10, 0x5206, &(0x7f00000000c0)) write$binfmt_misc(r0, &(0x7f0000000140)=ANY=[], 0x4240a2a0) 08:12:36 executing program 3: r0 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) syz_open_dev$media(0x0, 0x0, 0x2400) r1 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) r2 = open(&(0x7f0000000100)='./file0\x00', 0x8040, 0x0) fcntl$setlease(r2, 0x400, 0x0) fcntl$setlease(r2, 0x10, 0x70e000) ioctl$KVM_GET_NESTED_STATE(r2, 0xc080aebe, 0x0) ioctl$DRM_IOCTL_AGP_ALLOC(r0, 0xc0206434, &(0x7f0000000240)={0x713e, 0x0, 0x10001, 0x100}) pwritev(r1, &(0x7f0000001380)=[{&(0x7f0000003040)="02", 0x1}], 0x1, 0x0) r3 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fcntl$setstatus(r3, 0x4, 0x42000) lstat(0x0, &(0x7f0000000b00)) r4 = open(&(0x7f0000000100)='./file0\x00', 0x8040, 0x0) r5 = socket$netlink(0x10, 0x3, 0x4) setsockopt$netlink_NETLINK_LISTEN_ALL_NSID(r5, 0x10e, 0x8, &(0x7f0000000000)=0x800, 0x4) fcntl$setlease(r4, 0x400, 0x0) fcntl$setlease(0xffffffffffffffff, 0x10, 0x0) write$P9_RRENAME(r4, 0x0, 0x0) sendmsg$unix(0xffffffffffffffff, &(0x7f0000000d40)={&(0x7f0000000180)=@file={0x0, './file0\x00'}, 0x6e, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x6010) ioprio_set$pid(0x0, 0x0, 0x0) fallocate(r1, 0x20, 0x0, 0xfffffeff000) write$FUSE_ENTRY(r0, &(0x7f00000000c0)={0x90}, 0x90) r6 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) fallocate(r6, 0x0, 0x40000000, 0x10000101) r7 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_S_EXT_CTRLS(r7, 0xc0205648, &(0x7f0000000080)={0x0, 0x7}) r8 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000200)='/dev/autofs\x00', 0x81000, 0x0) ioctl$VIDIOC_G_ENC_INDEX(r8, 0x8818564c, &(0x7f0000003080)) 08:12:36 executing program 5: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000000)="6653070000053c07bc3376003639405cb4aed1e68f7d368b3fb62f00000000", 0x1f}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, 0x0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) [ 1141.178100][ T27] audit: type=1800 audit(1577520756.911:679): pid=19562 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="file0" dev="loop1" ino=553 res=0 08:12:37 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x196, 0x0, 0x0, 0x0) ioctl$KVM_GET_XCRS(0xffffffffffffffff, 0x8188aea6, &(0x7f0000000000)=ANY=[@ANYBLOB="010002d59400000500ade76e876e03c8cc0000"]) ioctl$KVM_RUN(r2, 0xae80, 0xd7fabb6d7f0000) [ 1141.278134][ T27] audit: type=1804 audit(1577520756.941:680): pid=19573 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir643497950/syzkaller.E8iwYA/229/file0/file0" dev="loop1" ino=553 res=1 08:12:37 executing program 2: pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000400)='./file0\x00', 0xfffffffffffffffa, 0x1, &(0x7f00000003c0)=[{&(0x7f0000000080)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16, 0xfffffffffffffffe}], 0x280003c, 0x0) r1 = open(&(0x7f0000000300)='./file0\x00', 0x0, 0x0) fchdir(r1) creat(&(0x7f0000000140)='./bus\x00', 0x0) mkdir(&(0x7f0000000240)='./file1\x00', 0x0) mkdir(&(0x7f0000000280)='./file0\x00', 0x0) r2 = open(&(0x7f00000009c0)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x800002, 0x11, r2, 0x0) r3 = creat(&(0x7f00000002c0)='./bus\x00', 0x0) fcntl$setstatus(r3, 0x4, 0x6100) ftruncate(r3, 0x8200) write$cgroup_type(r3, &(0x7f0000000200)='threaded\x00', 0x175d900f) write$binfmt_misc(r0, &(0x7f0000000140)=ANY=[], 0x4240a2a0) [ 1141.334313][T19562] FAT-fs (loop1): error, fat_get_cluster: invalid cluster chain (i_pos 17) [ 1141.374393][T19562] FAT-fs (loop1): Filesystem has been set read-only [ 1141.410278][T19562] FAT-fs (loop1): error, fat_get_cluster: invalid cluster chain (i_pos 17) [ 1141.432455][ T27] audit: type=1804 audit(1577520757.011:681): pid=19573 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir643497950/syzkaller.E8iwYA/229/file0/file0" dev="loop1" ino=553 res=1 08:12:37 executing program 1: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x552, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78) setsockopt$inet_mreqsrc(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000100)='./file0\x00', 0x40c2, 0x40) r2 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) write(r1, &(0x7f0000000600)="34fd98aa1d0e7adec937a5f331a75f487934f50242a0751944936972896c29a5068c8ecba1aa0a4e2a631b5180e1fbde79f4502dc4c4a1fba9dcd9ed83e639aefa1b87631c33d1a82cb0c0035676ddfeb0fe7984d7519b0f839d497fc9d64ef14d1de22220ff2623df4950134b9fb734a52adad95f131cce3672a9d7d7b400d2c62810b5f20351639330948107bf8d4534a03ac389455c54d8eb4d609b3e858b7213b38eb01f0eeaba3739ae927916e28da6a79a3fd5e32d30ab30bf959d4596e5ffbff6789a650b9e7d248d1ba849012336a4f3ef8fab07a8f5b81bb0bc45b2174538315ca12b7c723b2157562564a8a1f19d28179f8c565448e0e921b8c3e6fc4adaafa8b929ad077f633325b6a6f71a586cabc4883e03e19315f946b277858593a7367e232202fe9ad656c6768a1517da7f0498b48cb078e929fb11db0cc551f754bffc4859dd89a396915cc809b07d448573098409ea21371056f67ef4114ec10547f498d24513fe594308bf022868ad21e85bba811942fdc45161a1a8a7fe00d5c6b05ed7954f631bbd12a5c9a5cfa5965e0595de608b04ebe02b3fcbf3b9f57807a1a7ad8528992e2ec65949da2f4a0478dfd3ae52639c15d8aeaa351da6d393b58c772168fae604d097fef4d6b9360eb169a0b0ee70cdc22435a003e68698f61b3b63b1f51011bc8f4ef944c1de821785f670124a1c6ed18335d63412", 0x200) sendfile(r1, r2, 0x0, 0x7fffffa7) r3 = open(&(0x7f0000000040)='./file0\x00', 0x141042, 0x0) sendfile(r3, r1, 0x0, 0x1000000) 08:12:37 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x196, 0x0, 0x0, 0x0) ioctl$KVM_GET_XCRS(0xffffffffffffffff, 0x8188aea6, &(0x7f0000000000)=ANY=[@ANYBLOB="010002d59400000500ade76e876e03c8cc0000"]) ioctl$KVM_RUN(r2, 0xae80, 0x100000000000000) [ 1141.624826][ T27] audit: type=1800 audit(1577520757.361:682): pid=19557 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed comm="syz-executor.3" name="bus" dev="sda1" ino=16769 res=0 [ 1141.665390][ T27] audit: type=1800 audit(1577520757.361:683): pid=19581 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed comm="syz-executor.3" name="bus" dev="sda1" ino=16769 res=0 08:12:37 executing program 2: pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) syz_mount_image$vfat(&(0x7f0000000440)='vfat\x00', &(0x7f0000000400)='./file0\x00', 0xfffffffffffffffa, 0x1, &(0x7f00000003c0)=[{&(0x7f0000000080)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x280001c, 0x0) r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/pfkey\x00', 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x552, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, r1}, 0x78) ioctl$sock_x25_SIOCADDRT(r1, 0x890b, &(0x7f0000000480)={@remote={[], 0x2}, 0x9, 'ip_vti0\x00'}) ioctl$SIOCAX25CTLCON(r1, 0x89e8, &(0x7f0000000000)={@rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @default, 0x3, 0xa58, 0x8, [@remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @bcast, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @bcast, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @bcast]}) r2 = open(&(0x7f0000000300)='./file0\x00', 0x0, 0x0) fchdir(r2) creat(&(0x7f0000000140)='./bus\x00', 0x0) mkdir(&(0x7f0000000240)='./file1\x00', 0x0) mkdir(&(0x7f0000000280)='./file0\x00', 0x0) r3 = open(&(0x7f00000009c0)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x800002, 0x11, r3, 0x0) r4 = creat(&(0x7f00000002c0)='./bus\x00', 0x0) fcntl$setstatus(r4, 0x4, 0x6100) ftruncate(r4, 0x8200) write$cgroup_type(r4, &(0x7f0000000200)='threaded\x00', 0x175d900f) write$binfmt_misc(r0, &(0x7f0000000140)=ANY=[], 0x4240a2a0) [ 1141.711566][ T27] audit: type=1800 audit(1577520757.361:684): pid=19583 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed comm="syz-executor.3" name="bus" dev="sda1" ino=16769 res=0 08:12:37 executing program 3: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x11, 0x800000003, 0x0) bind(r1, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) r2 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/pfkey\x00', 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x552, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, r2}, 0x78) r3 = socket$inet_sctp(0x2, 0x1, 0x84) r4 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r4, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [0x0]}, &(0x7f000095dffc)=0x8) getsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(r3, 0x84, 0xa, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r5}, &(0x7f0000000100)=0x20) r6 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000180)='/dev/snapshot\x00', 0x0, 0x0) r7 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/pfkey\x00', 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x552, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, r7}, 0x78) ioctl$DRM_IOCTL_AGP_ALLOC(r7, 0xc0206434, &(0x7f0000000200)={0x6, 0x0, 0x2, 0x7}) ioctl$DRM_IOCTL_AGP_BIND(r6, 0x40106436, &(0x7f0000000240)={r8, 0x1b}) getsockopt$inet_sctp_SCTP_PARTIAL_DELIVERY_POINT(r2, 0x84, 0x13, &(0x7f0000000000)={r5}, &(0x7f0000000100)=0x8) getsockname$packet(r1, &(0x7f0000000040)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000140)=0x14) sendmsg$nl_route_sched(r0, &(0x7f0000000280)={0x0, 0x6558, &(0x7f00000002c0)={&(0x7f0000000780)=ANY=[@ANYBLOB="d00800002400ffffff7f00000000ffffa6fffff7", @ANYRES32=r9, @ANYBLOB="00000000f1ffffff000000000800010063627100a408020004040600030000000500000000700300fdffffffffff00001f0000000500000000020000010000000000100083000000fdffffff07000000084900000100000002000000cf000000feffffff080000000180000003000000090000000200000000274a49ef6949a7bb000000050000000100000004000000ff7f000000000000000400000002000004000000ff0f0000f44f350001000000010400005eb768350100000008000000ffffffffc38d00001f000000040008830600000000000100f7ffffff030000000080ffff050000000600000006000000a900000000000000c0000000c0ffffff08000000018000000101000006000000b300000000000020050000000104000004000000070000000800000001010000c22e0000c0ffffff0500000004000000060000000900000008000000f7ffffff0800000003000000080000000400000001000080040000000400000000100000040000000700000009000000fcffffff01000000010000000900000000020000060e0000080000000200000002000000090000000800000007000000ab000000fb00000007000000ff0100000800000001040000070000000300000009000000ff07000008000000ffff0000a90100000900000005000000200000000500000001000000070000008eb7000000000080010000000000000007000000fffffffffcffffff01f0ffff000000003f00000003000000000100000080000000800000030000000500000005000000ffffffff0700000015ba000004000000070000000300000003000000ffffffff04000000554f00006ff800000700000003000000000200000600000008000000b300000006000000000000000007000001010000030000000080000000040000730a000001000080010000009e0c0000000800000100008000000000000000004000000000fefffff67d000004000000ff01000002000000000000004000000040000000ed000000010001000e0a05000000000000020000040000000600000002000000ff7f00000100000001000000060000007f000000020000000004000004000000090000009000000008000000b6000000040000000400000005000000f50a0000ffff0000060000008ff9ffff070000001eaaffff3f0000008000000000000000ff0c0000ff7f0000030000007f0000002d0000000800000000010000ff070000ffffffff2bab000002000000ace800000500000000000000e1bf934d070000001f000d000300000004000000070000000900000005000000030000000200000087d400000200000008000000000100007f0000000e000000080000000200000007000000ffffff7f06000000000000000500000001000000820000001f0000000004000001000000faffffff0500000006000000070000000300000010000500810306009fff04000800000004040600d90b0000ff00000005000000040000001ba2cc3b00000080010000003f000000ff0f0000bd52c97303000000be060000fffffffffffeffff7f000000ff0000008100000000db040009000000070000000300000000000000060000008f5e0000010000000002000006000000010100000200000007000000000000e03189000001040000000800000600000004000000080000000400000002000000c00000000800000008000000f7ffffff05000000810000004d00000001000080eb0700001f000000090000000800000001000000000000000000000002000000ffff00000100000002000000000000e0a000000040000000ff000000f7ffffff0500000009000000070000000600000028080000030000000600000004000000be00000003000000070000000500000038080000faffffffffffffff47b5554d001000008100000007000000ffffffff040000000100000002000000566b00002000000004000000020000008b01000001000000ffff000004000000ff0f0000050000002000000003000000e40d000007000000f8ffffff200000003f000000387f00000700000007000000c10a000009000000040000000400000000000000008000000100008009000000370b000000000080ff07000006000000bb7900000400000002000000ffffff7f0300000000000000090000000700000005000000000000807f0000000900000008000000fad4ffffff01000001010000010000003f0000000400000020f2ffff01000100ffff0000010000000200000008000000fbfffffff9ffffff040000004d000000060000000200000002000000070000004e0d0000000200000800000035000000300e00000700000000040000020000000180000020000000f2ffffff070000000500000000010000fffffeff0900000000080000070000000800000009000000ff7f00000900000004000000040000000000000006000000050000000100000009000000080000007e0700000300000000800000bf16000002000006000000ffee0000000100000000000000001000006305000000000000000000007f00000010080000000000000100008002000000080000000101000003000000ffffff7ffffffffff7ffffff0600000003000000a6060000ff0300000700000001800000090000000200000000000000040000000080ffff00020000070000000500000001000100000000800000af06060000002b0a000005000000010000000500000009000000040000000500000002000000ffffff7ff30000000800000002000000ffff0000ff070000810000004000000075fc000009000000fbffffff0500000000000000810000000100000080000000d05e0000020000001f00000000000000ff010000451e00002d00000000000000ff0000001000030008001000ff070000010000001800010039031c020101000001000000000000060500000010000200e002807104000000ff03000018000100080d1e02800000000700000024709a02ff7f000010000500010000000000000007000000100003001f0003000700000001010000180001000501040009000000040000000104000000000000f2275eef7138e6d8404ee35c1c03d0a7e3015b89e6e440ebafa27d5b8188804cd5beea2fda73c030f26439c9e4f2e27a824bfb4415f2af99b482560d1a447df28d8d838ad1a39caf40dc96c5f134529d47c0604f66f8714f8ee51165c4b029a7dc7e2f90de64a234d9098b06231c71bc79c43de912eb17614cf75d8c49152a801ac9a1326f0e334e0534faa8d8704d03c25495230a2ed4feb5298d99c124310dd8d4054c8be6bdb8bcede3d1552b08c169755c508c65ff8e1c50711a38d9a451eb650df96535fcc7669eb1f0f7fc5135a05b389610d33df49e9d1d3808c8fa0524b1caa582c913fedb22de15fbc7e7890faa48e6205a74bf817d48ea3dc9cddb6acc14b94522ccce95a27379b1ced543ad45de5016647e86154fd92670b9fc95ff90ea60fcf349981185b11322c4a48276eea082e4be45b9125653ba5f8ad8500d0d768b2de6b9e198568ecd526a1ba44c9180104fa91e55e31181b4acad815ef766bc8604c30c715da309a185645439aaabb542625905dc77193d45cde1978dc9c67cea6b01d2d4a28b13fc1e71d1f2a38537c44b629790b1305371c9e705771da5555c743b5b4adea2b95aa708f41e7a713277f5422f2bb669861730554e266f4ae61e0377f517b23ae4821e04e500cf998be043bab81fa38368a555f4a381eab2a692e06a4ca80bcb7570518078eb76bd313b23d0708cd26017f5a6"], 0x8d0}}, 0x0) socket$netlink(0x10, 0x3, 0x0) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, 0x0}, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) connect$l2tp(0xffffffffffffffff, 0x0, 0x0) 08:12:37 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x196, 0x0, 0x0, 0x0) ioctl$KVM_GET_XCRS(0xffffffffffffffff, 0x8188aea6, &(0x7f0000000000)=ANY=[@ANYBLOB="010002d59400000500ade76e876e03c8cc0000"]) ioctl$KVM_RUN(r2, 0xae80, 0x200000000000000) [ 1141.901248][ T27] audit: type=1800 audit(1577520757.631:685): pid=19604 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="file0" dev="sda1" ino=16523 res=0 [ 1142.020349][ T27] audit: type=1804 audit(1577520757.671:686): pid=19596 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir643497950/syzkaller.E8iwYA/230/file0/file0" dev="sda1" ino=16523 res=1 [ 1142.106999][ T27] audit: type=1804 audit(1577520757.751:687): pid=19604 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir643497950/syzkaller.E8iwYA/230/file0/file0" dev="sda1" ino=16523 res=1 [ 1142.598406][ T27] audit: type=1804 audit(1577520758.331:688): pid=19624 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir643497950/syzkaller.E8iwYA/230/file0/file0" dev="sda1" ino=16523 res=1 08:12:45 executing program 0: gettid() ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40086602, 0x400007) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x6}, 0x3c) write$cgroup_subtree(r0, &(0x7f0000000000)=ANY=[], 0x32600) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r0, &(0x7f0000000000)=ANY=[@ANYBLOB], 0xda00) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000080)='cpu.stat\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x7fff}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffc}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) write$cgroup_int(r1, &(0x7f0000000200), 0x43400) ioctl$PERF_EVENT_IOC_MODIFY_ATTRIBUTES(r0, 0x4008240b, &(0x7f0000000280)={0x0, 0x70, 0xff, 0x1, 0x0, 0x3, 0x0, 0x100000000, 0xc17d06253f1d94fb, 0x2, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x8000, 0x4, @perf_config_ext={0x4, 0x1f}, 0x800, 0x8239, 0x7fff, 0x1, 0x1000, 0x9, 0x7}) 08:12:45 executing program 2: pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) syz_mount_image$vfat(&(0x7f0000000440)='vfat\x00', &(0x7f0000000400)='./file0\x00', 0xfffffffffffffffa, 0x1, &(0x7f00000003c0)=[{&(0x7f0000000080)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x280001c, 0x0) r2 = open(&(0x7f0000000300)='./file0\x00', 0x0, 0x0) fchdir(r2) creat(&(0x7f0000000140)='./bus\x00', 0x0) mkdir(&(0x7f0000000240)='./file1\x00', 0x0) mkdir(&(0x7f0000000280)='./file0\x00', 0x0) r3 = open(&(0x7f00000009c0)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x800002, 0x11, r3, 0x0) r4 = creat(&(0x7f00000002c0)='./bus\x00', 0x0) fcntl$setstatus(r4, 0x4, 0x6100) ftruncate(r4, 0x8200) write$cgroup_type(r4, &(0x7f0000000200)='threaded\x00', 0x175d900f) r5 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_S_EXT_CTRLS(r5, 0xc0205648, &(0x7f0000000080)={0x0, 0x7, 0x0, 0xffffffffffffffff}) r7 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_S_EXT_CTRLS(r7, 0xc0205648, &(0x7f0000000080)={0x0, 0x7}) r8 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_S_EXT_CTRLS(r8, 0xc0205648, &(0x7f0000000080)={0x0, 0x7}) write$binfmt_misc(r1, &(0x7f00000005c0)=ANY=[@ANYPTR64=&(0x7f0000000180)=ANY=[], @ANYBLOB="6c390ab8f2734886654d3c4f38a6a9a6f15ba18d3693f582e50fe3d1fd5c27523f784909fa4bb71dfed30b8ed386fc7f37648d63fdd740836327e37e420df78872e439196330995195388dc70f711bcf3ac6909426348c2b619f7c3c2eb7187a2a75fa03bcd7a89f2eedbff88d561ced24310a9cb9e0a34e03ab02a2fcdcf0a08d4bd5a800bab3bb3ca5fcb078955925ca3dacf8820480d6ebf49991daa9f797ea8d1fd0eb7d2c2136797776b60d9598d05cea4150dd79627adc4ea3b6dc7521b86fb771448f6a449a120b1a73f66c53fed07d90d24e", @ANYPTR=&(0x7f00000000c0)=ANY=[@ANYRES16=r0, @ANYRESDEC=r6], @ANYRESOCT, @ANYRES32, @ANYPTR, @ANYPTR=&(0x7f0000000100)=ANY=[@ANYRESDEC=r8]], 0x111) 08:12:45 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x196, 0x0, 0x0, 0x0) ioctl$KVM_GET_XCRS(0xffffffffffffffff, 0x8188aea6, &(0x7f0000000000)=ANY=[@ANYBLOB="010002d59400000500ade76e876e03c8cc0000"]) ioctl$KVM_RUN(r2, 0xae80, 0x300000000000000) 08:12:45 executing program 3: times(&(0x7f0000000000)) io_setup(0x9, &(0x7f0000000240)) r0 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/ipv4/vs/cache_bypass\x00', 0x2, 0x0) r1 = socket$inet_sctp(0x2, 0x1, 0x84) r2 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r2, 0x84, 0x1d, &(0x7f000095dff8)=ANY=[@ANYBLOB="016e0000", @ANYRES32=0x0], &(0x7f000095dffc)=0x8) getsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(r1, 0x84, 0xa, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r3}, &(0x7f0000000100)=0x20) setsockopt$inet_sctp6_SCTP_AUTH_DELETE_KEY(r0, 0x84, 0x19, &(0x7f0000000100)={r3, 0x400}, 0x8) r4 = socket$unix(0x1, 0x5, 0x0) r5 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/pfkey\x00', 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x552, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, r5}, 0x78) getsockname$packet(0xffffffffffffffff, &(0x7f0000000180)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @local}, &(0x7f00000001c0)=0x14) setsockopt$inet6_IPV6_PKTINFO(r5, 0x29, 0x32, &(0x7f0000000200)={@dev={0xfe, 0x80, [], 0x1c}, r6}, 0x14) r7 = socket$unix(0x1, 0x1, 0x0) r8 = dup2(r7, r4) ioctl$PERF_EVENT_IOC_ENABLE(r8, 0x8912, 0x400200) io_setup(0x1, &(0x7f0000e4b000)) 08:12:45 executing program 1: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x552, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78) setsockopt$inet_mreqsrc(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000100)='./file0\x00', 0x40c2, 0x40) r2 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) write(r1, &(0x7f0000000600)="34fd98aa1d0e7adec937a5f331a75f487934f50242a0751944936972896c29a5068c8ecba1aa0a4e2a631b5180e1fbde79f4502dc4c4a1fba9dcd9ed83e639aefa1b87631c33d1a82cb0c0035676ddfeb0fe7984d7519b0f839d497fc9d64ef14d1de22220ff2623df4950134b9fb734a52adad95f131cce3672a9d7d7b400d2c62810b5f20351639330948107bf8d4534a03ac389455c54d8eb4d609b3e858b7213b38eb01f0eeaba3739ae927916e28da6a79a3fd5e32d30ab30bf959d4596e5ffbff6789a650b9e7d248d1ba849012336a4f3ef8fab07a8f5b81bb0bc45b2174538315ca12b7c723b2157562564a8a1f19d28179f8c565448e0e921b8c3e6fc4adaafa8b929ad077f633325b6a6f71a586cabc4883e03e19315f946b277858593a7367e232202fe9ad656c6768a1517da7f0498b48cb078e929fb11db0cc551f754bffc4859dd89a396915cc809b07d448573098409ea21371056f67ef4114ec10547f498d24513fe594308bf022868ad21e85bba811942fdc45161a1a8a7fe00d5c6b05ed7954f631bbd12a5c9a5cfa5965e0595de608b04ebe02b3fcbf3b9f57807a1a7ad8528992e2ec65949da2f4a0478dfd3ae52639c15d8aeaa351da6d393b58c772168fae604d097fef4d6b9360eb169a0b0ee70cdc22435a003e68698f61b3b63b1f51011bc8f4ef944c1de821785f670124a1c6ed18335d63412", 0x200) sendfile(r1, r2, 0x0, 0x7fffffa7) r3 = open(&(0x7f0000000040)='./file0\x00', 0x141042, 0x0) sendfile(r3, r1, 0x0, 0x7ffff200) 08:12:45 executing program 5: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000000)="6653070000053c07bc3376003639405cb4aed1e68f7d368b3fb62f00000000", 0x1f}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xffffffffffffffff, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) [ 1149.437905][ T27] kauditd_printk_skb: 1 callbacks suppressed [ 1149.437999][ T27] audit: type=1800 audit(1577520765.171:690): pid=19642 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="file0" dev="loop1" ino=554 res=0 08:12:45 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x3f, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x2000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5219, 0x2, @perf_bp={&(0x7f00000000c0)}, 0x5409, 0x0, 0x0, 0x0, 0x40000000000000, 0x3}, 0x0, 0xfffffffffffffffb, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=ANY=[@ANYBLOB="280000001000010800"/20, @ANYRES32=0x0, @ANYBLOB="000000000000000008001b0f00000000"], 0x28}}, 0x0) [ 1149.509923][ T27] audit: type=1804 audit(1577520765.201:691): pid=19642 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir643497950/syzkaller.E8iwYA/231/file0/file0" dev="loop1" ino=554 res=1 08:12:45 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x196, 0x0, 0x0, 0x0) ioctl$KVM_GET_XCRS(0xffffffffffffffff, 0x8188aea6, &(0x7f0000000000)=ANY=[@ANYBLOB="010002d59400000500ade76e876e03c8cc0000"]) ioctl$KVM_RUN(r2, 0xae80, 0x300000002000000) 08:12:45 executing program 3: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000001c0), 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000003c0)='./cgroup\x00', 0x200002, 0x0) fchdir(r0) getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, &(0x7f0000000580)={{{@in6=@mcast2, @in=@initdev}}, {{@in6}, 0x0, @in6=@initdev}}, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000080)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) umount2(&(0x7f0000000540)='./file0\x00', 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) r2 = dup(0xffffffffffffffff) shutdown(r1, 0x0) ioctl$RTC_WKALM_RD(0xffffffffffffffff, 0x80287010, 0x0) msgctl$MSG_INFO(0x0, 0xc, &(0x7f0000000980)=""/34) pipe2(0x0, 0x0) r3 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/pfkey\x00', 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x552, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, r3}, 0x78) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000180)={0x0, 0x18, 0xfa00, {0x4, &(0x7f0000000140)={0xffffffffffffffff}, 0x13f, 0x2}}, 0x20) write$RDMA_USER_CM_CMD_MIGRATE_ID(r3, &(0x7f0000000200)={0x12, 0x10, 0xfa00, {&(0x7f00000000c0), r4, r2}}, 0x18) [ 1149.815598][ T27] audit: type=1804 audit(1577520765.241:692): pid=19655 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir643497950/syzkaller.E8iwYA/231/file0/file0" dev="loop1" ino=554 res=1 08:12:45 executing program 2: pipe(&(0x7f0000000300)) syz_mount_image$vfat(&(0x7f0000000440)='vfat\x00', &(0x7f0000000400)='./file0\x00', 0xfffffffffffffffa, 0x1, &(0x7f00000003c0)=[{&(0x7f0000000080)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x200000, 0x0) r0 = open(&(0x7f0000000300)='./file0\x00', 0x0, 0x0) fchdir(r0) creat(&(0x7f0000000140)='./bus\x00', 0x0) mkdir(&(0x7f0000000240)='./file1\x00', 0x0) mkdir(&(0x7f0000000280)='./file0\x00', 0x0) r1 = open(&(0x7f00000009c0)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x800002, 0x11, r1, 0x0) r2 = creat(&(0x7f00000002c0)='./bus\x00', 0x0) fcntl$setstatus(r2, 0x4, 0x6100) ftruncate(r2, 0x8200) write$cgroup_type(r2, &(0x7f0000000200)='threaded\x00', 0x175d900f) r3 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_S_EXT_CTRLS(r3, 0xc0205648, &(0x7f0000000080)={0x0, 0x7}) r4 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_S_EXT_CTRLS(r4, 0xc0205648, &(0x7f0000000080)={0x0, 0x7}) write$binfmt_misc(r4, &(0x7f0000000000)=ANY=[], 0x0) 08:12:45 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x196, 0x0, 0x0, 0x0) ioctl$KVM_GET_XCRS(0xffffffffffffffff, 0x8188aea6, &(0x7f0000000000)=ANY=[@ANYBLOB="010002d59400000500ade76e876e03c8cc0000"]) ioctl$KVM_RUN(r2, 0xae80, 0x400000000000000) [ 1150.203705][ T27] audit: type=1804 audit(1577520765.941:693): pid=19655 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir643497950/syzkaller.E8iwYA/231/file0/file0" dev="loop1" ino=554 res=1 [ 1150.265528][ T27] audit: type=1804 audit(1577520765.971:694): pid=19685 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir643497950/syzkaller.E8iwYA/231/file0/file0" dev="loop1" ino=554 res=1 08:12:46 executing program 1: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x552, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78) setsockopt$inet_mreqsrc(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000100)='./file0\x00', 0x40c2, 0x40) r2 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) write(r1, &(0x7f0000000600)="34fd98aa1d0e7adec937a5f331a75f487934f50242a0751944936972896c29a5068c8ecba1aa0a4e2a631b5180e1fbde79f4502dc4c4a1fba9dcd9ed83e639aefa1b87631c33d1a82cb0c0035676ddfeb0fe7984d7519b0f839d497fc9d64ef14d1de22220ff2623df4950134b9fb734a52adad95f131cce3672a9d7d7b400d2c62810b5f20351639330948107bf8d4534a03ac389455c54d8eb4d609b3e858b7213b38eb01f0eeaba3739ae927916e28da6a79a3fd5e32d30ab30bf959d4596e5ffbff6789a650b9e7d248d1ba849012336a4f3ef8fab07a8f5b81bb0bc45b2174538315ca12b7c723b2157562564a8a1f19d28179f8c565448e0e921b8c3e6fc4adaafa8b929ad077f633325b6a6f71a586cabc4883e03e19315f946b277858593a7367e232202fe9ad656c6768a1517da7f0498b48cb078e929fb11db0cc551f754bffc4859dd89a396915cc809b07d448573098409ea21371056f67ef4114ec10547f498d24513fe594308bf022868ad21e85bba811942fdc45161a1a8a7fe00d5c6b05ed7954f631bbd12a5c9a5cfa5965e0595de608b04ebe02b3fcbf3b9f57807a1a7ad8528992e2ec65949da2f4a0478dfd3ae52639c15d8aeaa351da6d393b58c772168fae604d097fef4d6b9360eb169a0b0ee70cdc22435a003e68698f61b3b63b1f51011bc8f4ef944c1de821785f670124a1c6ed18335d63412", 0x200) sendfile(r1, r2, 0x0, 0x7fffffa7) r3 = open(&(0x7f0000000040)='./file0\x00', 0x141042, 0x0) sendfile(r3, r1, 0x0, 0xffff0010) [ 1150.365919][ T27] audit: type=1804 audit(1577520765.971:695): pid=19655 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir643497950/syzkaller.E8iwYA/231/file0/file0" dev="loop1" ino=554 res=1 [ 1150.519883][ T27] audit: type=1800 audit(1577520766.251:696): pid=19699 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="file0" dev="loop1" ino=555 res=0 [ 1150.577960][ T27] audit: type=1804 audit(1577520766.281:697): pid=19703 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir643497950/syzkaller.E8iwYA/232/file0/file0" dev="loop1" ino=555 res=1 [ 1150.618036][ T27] audit: type=1804 audit(1577520766.341:698): pid=19703 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir643497950/syzkaller.E8iwYA/232/file0/file0" dev="loop1" ino=555 res=1 [ 1151.273305][ T27] audit: type=1804 audit(1577520767.011:699): pid=19703 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir643497950/syzkaller.E8iwYA/232/file0/file0" dev="loop1" ino=555 res=1 08:12:52 executing program 0: gettid() ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40086602, 0x400007) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x6}, 0x3c) write$cgroup_subtree(r0, &(0x7f0000000000)=ANY=[], 0x32600) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r0, &(0x7f0000000000)=ANY=[@ANYBLOB], 0xda00) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000080)='cpu.stat\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x7fff}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffc}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) write$cgroup_int(r1, &(0x7f0000000200), 0x43400) ioctl$PERF_EVENT_IOC_MODIFY_ATTRIBUTES(r0, 0x4008240b, &(0x7f0000000280)={0x0, 0x70, 0xff, 0x1, 0x0, 0x3, 0x0, 0x100000000, 0xc17d06253f1d94fb, 0x2, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x8000, 0x4, @perf_config_ext={0x4, 0x1f}, 0x800, 0x8239, 0x7fff, 0x1, 0x1000, 0x9, 0x7}) 08:12:52 executing program 3: creat(0x0, 0x1) ioctl$TUNGETVNETHDRSZ(0xffffffffffffffff, 0x800454d7, &(0x7f00000002c0)) write$RDMA_USER_CM_CMD_RESOLVE_IP(0xffffffffffffffff, &(0x7f0000000300)={0x3, 0x40, 0xfa00, {{0xa, 0x0, 0x0, @remote}, {0xa, 0x0, 0x0, @dev={0xfe, 0x80, [], 0x10}, 0x4}}}, 0xfffffffffffffebe) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x18, 0xfa00, {0x0, 0x0, 0x2}}, 0x20) write$RDMA_USER_CM_CMD_DESTROY_ID(0xffffffffffffffff, 0x0, 0x0) r0 = socket$inet6_udp(0xa, 0x2, 0x0) fcntl$getownex(r0, 0x10, &(0x7f0000000000)) prctl$PR_SET_PTRACER(0x59616d61, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$audio(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/audio\x00', 0x42200, 0x0) close(r1) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ppoll(&(0x7f0000000140)=[{}, {r2}], 0x2, 0x0, 0x0, 0x0) r3 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/pfkey\x00', 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x552, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, r3}, 0x78) r4 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/pfkey\x00', 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x552, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, r4}, 0x78) ioctl$sock_bt_bnep_BNEPCONNADD(r3, 0x400442c8, &(0x7f0000000200)=ANY=[@ANYRES32=r4, @ANYBLOB="1f0000000100b1a8047957106d5713eca4442941fee2ef8a27588d47449d89676a19b1af2c4a0d257e6719a6b831e5fa0791d03e35e0"]) ioctl$RNDGETENTCNT(0xffffffffffffffff, 0x80045200, &(0x7f0000000140)) execve(0x0, 0x0, 0x0) socket(0x10, 0x3, 0x0) r5 = syz_open_dev$cec(&(0x7f0000000040)='/dev/cec#\x00', 0xffffffffffffffff, 0x2) close(r5) io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) socket(0x3, 0x80000, 0x0) r6 = socket$inet_tcp(0x2, 0x1, 0x0) r7 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/pfkey\x00', 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x552, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, r7}, 0x78) r8 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/pfkey\x00', 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x552, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, r8}, 0x78) write$RDMA_USER_CM_CMD_CREATE_ID(r8, &(0x7f0000000280)={0x0, 0x18, 0xfa00, {0x2, &(0x7f0000000240)={0xffffffffffffffff}, 0x13f, 0x1}}, 0x20) write$RDMA_USER_CM_CMD_DISCONNECT(r7, &(0x7f0000000380)={0xa, 0x4, 0xfa00, {r9}}, 0xc) setsockopt$IP_VS_SO_SET_STOPDAEMON(r6, 0x0, 0x48c, &(0x7f0000000080)={0x0, 'veth1\x00'}, 0xf62c3dc8da425be8) ioctl(0xffffffffffffffff, 0x800000000008982, 0x0) socket$inet(0x10, 0x2, 0x0) 08:12:52 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x196, 0x0, 0x0, 0x0) ioctl$KVM_GET_XCRS(0xffffffffffffffff, 0x8188aea6, &(0x7f0000000000)=ANY=[@ANYBLOB="010002d59400000500ade76e876e03c8cc0000"]) ioctl$KVM_RUN(r2, 0xae80, 0x500000000000000) 08:12:52 executing program 2: r0 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_S_EXT_CTRLS(r0, 0xc0205648, &(0x7f0000000080)={0x0, 0x7}) r1 = fcntl$dupfd(r0, 0x406, 0xffffffffffffffff) ioctl$UI_SET_MSCBIT(r1, 0x40045568, 0x2a) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) syz_mount_image$vfat(&(0x7f0000000440)='vfat\x00', &(0x7f0000000400)='./file0\x00', 0xfffffffffffffffa, 0x1, &(0x7f00000003c0)=[{&(0x7f0000000080)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x280001c, 0x0) r3 = open(&(0x7f0000000300)='./file0\x00', 0x0, 0x0) fchdir(r3) r4 = creat(&(0x7f0000000140)='./bus\x00', 0x0) mkdir(&(0x7f0000000240)='./file1\x00', 0x0) mkdir(&(0x7f0000000280)='./file0\x00', 0x0) r5 = openat$cgroup_subtree(r4, &(0x7f0000000000)='cgroup.subtree_control\x00', 0x2, 0x0) fcntl$setstatus(r5, 0x4, 0x400) r6 = open(&(0x7f00000009c0)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x800002, 0x11, r6, 0x0) r7 = creat(&(0x7f00000002c0)='./bus\x00', 0x0) fcntl$setstatus(r7, 0x4, 0x6100) ftruncate(r7, 0x8200) write$cgroup_type(r7, &(0x7f0000000200)='threaded\x00', 0x175d900f) write$binfmt_misc(r2, &(0x7f0000000140)=ANY=[], 0x4240a2a0) 08:12:52 executing program 1: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x552, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78) setsockopt$inet_mreqsrc(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000100)='./file0\x00', 0x40c2, 0x40) r2 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) write(r1, &(0x7f0000000600)="34fd98aa1d0e7adec937a5f331a75f487934f50242a0751944936972896c29a5068c8ecba1aa0a4e2a631b5180e1fbde79f4502dc4c4a1fba9dcd9ed83e639aefa1b87631c33d1a82cb0c0035676ddfeb0fe7984d7519b0f839d497fc9d64ef14d1de22220ff2623df4950134b9fb734a52adad95f131cce3672a9d7d7b400d2c62810b5f20351639330948107bf8d4534a03ac389455c54d8eb4d609b3e858b7213b38eb01f0eeaba3739ae927916e28da6a79a3fd5e32d30ab30bf959d4596e5ffbff6789a650b9e7d248d1ba849012336a4f3ef8fab07a8f5b81bb0bc45b2174538315ca12b7c723b2157562564a8a1f19d28179f8c565448e0e921b8c3e6fc4adaafa8b929ad077f633325b6a6f71a586cabc4883e03e19315f946b277858593a7367e232202fe9ad656c6768a1517da7f0498b48cb078e929fb11db0cc551f754bffc4859dd89a396915cc809b07d448573098409ea21371056f67ef4114ec10547f498d24513fe594308bf022868ad21e85bba811942fdc45161a1a8a7fe00d5c6b05ed7954f631bbd12a5c9a5cfa5965e0595de608b04ebe02b3fcbf3b9f57807a1a7ad8528992e2ec65949da2f4a0478dfd3ae52639c15d8aeaa351da6d393b58c772168fae604d097fef4d6b9360eb169a0b0ee70cdc22435a003e68698f61b3b63b1f51011bc8f4ef944c1de821785f670124a1c6ed18335d63412", 0x200) sendfile(r1, r2, 0x0, 0x7fffffa7) r3 = open(&(0x7f0000000040)='./file0\x00', 0x141042, 0x0) sendfile(r3, r1, 0x0, 0xffffff10) 08:12:52 executing program 5: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000000)="6653070000053c07bc3376003639405cb4aed1e68f7d368b3fb62f00000000", 0x1f}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xffffffffffffffff, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) [ 1156.835628][ T27] kauditd_printk_skb: 1 callbacks suppressed [ 1156.835646][ T27] audit: type=1800 audit(1577520772.571:701): pid=19722 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="file0" dev="loop1" ino=556 res=0 08:12:52 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x196, 0x0, 0x0, 0x0) ioctl$KVM_GET_XCRS(0xffffffffffffffff, 0x8188aea6, &(0x7f0000000000)=ANY=[@ANYBLOB="010002d59400000500ade76e876e03c8cc0000"]) ioctl$KVM_RUN(r2, 0xae80, 0x600000000000000) [ 1156.962868][T19722] FAT-fs (loop1): error, fat_get_cluster: invalid cluster chain (i_pos 17) [ 1157.001836][ T27] audit: type=1804 audit(1577520772.601:702): pid=19732 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir643497950/syzkaller.E8iwYA/233/file0/file0" dev="loop1" ino=556 res=1 08:12:52 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x196, 0x0, 0x0, 0x0) ioctl$KVM_GET_XCRS(0xffffffffffffffff, 0x8188aea6, &(0x7f0000000000)=ANY=[@ANYBLOB="010002d59400000500ade76e876e03c8cc0000"]) ioctl$KVM_RUN(r2, 0xae80, 0x700000000000000) [ 1157.055585][T19722] FAT-fs (loop1): Filesystem has been set read-only [ 1157.072562][T19722] FAT-fs (loop1): error, fat_free: invalid cluster chain (i_pos 17) 08:12:52 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) syz_emit_ethernet(0x2a, &(0x7f0000000140)={@local, @remote, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x0, 0x0, @local, @broadcast=0xe0000001}, @icmp}}}}, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) recvfrom$inet(r0, 0x0, 0x0, 0x2, 0x0, 0x800e005b5) 08:12:52 executing program 2: pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) syz_mount_image$vfat(&(0x7f0000000440)='vfat\x00', &(0x7f0000000400)='./file0\x00', 0xfffffffffffffffa, 0x1, &(0x7f00000003c0)=[{&(0x7f0000000080)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x280001c, 0x0) r1 = open(&(0x7f0000000300)='./file0\x00', 0x0, 0x0) fchdir(r1) creat(&(0x7f0000000140)='./bus\x00', 0x0) mkdir(&(0x7f0000000240)='./file1\x00', 0x0) mkdir(&(0x7f0000000280)='./file0\x00', 0x0) r2 = open(&(0x7f00000009c0)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x800002, 0x11, r2, 0x0) r3 = creat(&(0x7f00000002c0)='./bus\x00', 0x0) fcntl$setstatus(r3, 0x4, 0x6100) ftruncate(r3, 0x8200) recvmmsg(r1, &(0x7f0000004b00)=[{{&(0x7f0000000000)=@pppoe={0x18, 0x0, {0x0, @random}}, 0x80, &(0x7f0000000180)=[{&(0x7f0000000a00)=""/4096, 0x1000}, {&(0x7f0000000100)=""/23, 0x17}, {&(0x7f0000000480)=""/173, 0xad}], 0x3}}, {{&(0x7f0000000340)=@can, 0x80, &(0x7f0000000700)=[{&(0x7f0000000540)=""/118, 0x76}, {&(0x7f00000005c0)=""/123, 0x7b}, {&(0x7f00000001c0)=""/11, 0xb}, {&(0x7f0000000640)=""/163, 0xa3}], 0x4, &(0x7f0000000740)=""/30, 0x1e}, 0x5}, {{0x0, 0x0, &(0x7f0000002c40)=[{&(0x7f0000000780)=""/139, 0x8b}, {&(0x7f0000001a00)=""/4096, 0x1000}, {&(0x7f0000000840)=""/97, 0x61}, {&(0x7f00000008c0)=""/108, 0x6c}, {&(0x7f0000000940)=""/71, 0x47}, {&(0x7f0000002a00)=""/231, 0xe7}, {&(0x7f0000002b00)=""/223, 0xdf}, {&(0x7f0000002c00)=""/51, 0x33}], 0x8, &(0x7f0000002cc0)=""/83, 0x53}, 0x17}, {{&(0x7f0000002d40)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x80, &(0x7f0000003200)=[{&(0x7f0000002dc0)=""/17, 0x11}, {&(0x7f0000002e00)=""/102, 0x66}, {&(0x7f0000002e80)=""/171, 0xab}, {&(0x7f0000002f40)=""/215, 0xd7}, {&(0x7f0000003040)=""/188, 0xbc}, {&(0x7f0000003100)=""/197, 0xc5}], 0x6, &(0x7f0000003280)=""/205, 0xcd}, 0x8}, {{&(0x7f0000003380)=@pppol2tpin6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @loopback}}}, 0x80, &(0x7f0000004780)=[{&(0x7f0000003400)=""/85, 0x55}, {&(0x7f0000003480)=""/255, 0xff}, {&(0x7f0000003580)=""/4096, 0x1000}, {&(0x7f0000004580)=""/213, 0xd5}, {&(0x7f0000004680)=""/246, 0xf6}], 0x5, &(0x7f0000004800)=""/31, 0x1f}, 0x2}, {{&(0x7f0000004840)=@isdn, 0x80, &(0x7f0000004900)=[{&(0x7f00000048c0)=""/38, 0x26}], 0x1, &(0x7f0000004940)=""/228, 0xe4}, 0x7e9}, {{0x0, 0x0, &(0x7f0000004a80)=[{&(0x7f0000004a40)=""/27, 0x1b}], 0x1, &(0x7f0000004ac0)=""/62, 0x3e}}], 0x7, 0x40002002, &(0x7f0000004cc0)) write$cgroup_type(r3, &(0x7f0000000200)='threaded\x00', 0x175d900f) write$binfmt_misc(r0, &(0x7f0000000140)=ANY=[], 0x4240a2a0) [ 1157.089170][ T27] audit: type=1804 audit(1577520772.661:703): pid=19732 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir643497950/syzkaller.E8iwYA/233/file0/file0" dev="loop1" ino=556 res=1 08:12:52 executing program 1: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x552, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78) setsockopt$inet_mreqsrc(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000100)='./file0\x00', 0x40c2, 0x40) r2 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) write(r1, &(0x7f0000000600)="34fd98aa1d0e7adec937a5f331a75f487934f50242a0751944936972896c29a5068c8ecba1aa0a4e2a631b5180e1fbde79f4502dc4c4a1fba9dcd9ed83e639aefa1b87631c33d1a82cb0c0035676ddfeb0fe7984d7519b0f839d497fc9d64ef14d1de22220ff2623df4950134b9fb734a52adad95f131cce3672a9d7d7b400d2c62810b5f20351639330948107bf8d4534a03ac389455c54d8eb4d609b3e858b7213b38eb01f0eeaba3739ae927916e28da6a79a3fd5e32d30ab30bf959d4596e5ffbff6789a650b9e7d248d1ba849012336a4f3ef8fab07a8f5b81bb0bc45b2174538315ca12b7c723b2157562564a8a1f19d28179f8c565448e0e921b8c3e6fc4adaafa8b929ad077f633325b6a6f71a586cabc4883e03e19315f946b277858593a7367e232202fe9ad656c6768a1517da7f0498b48cb078e929fb11db0cc551f754bffc4859dd89a396915cc809b07d448573098409ea21371056f67ef4114ec10547f498d24513fe594308bf022868ad21e85bba811942fdc45161a1a8a7fe00d5c6b05ed7954f631bbd12a5c9a5cfa5965e0595de608b04ebe02b3fcbf3b9f57807a1a7ad8528992e2ec65949da2f4a0478dfd3ae52639c15d8aeaa351da6d393b58c772168fae604d097fef4d6b9360eb169a0b0ee70cdc22435a003e68698f61b3b63b1f51011bc8f4ef944c1de821785f670124a1c6ed18335d63412", 0x200) sendfile(r1, r2, 0x0, 0x7fffffa7) r3 = open(&(0x7f0000000040)='./file0\x00', 0x141042, 0x0) sendfile(r3, r1, 0x0, 0xfffffff0) 08:12:53 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x196, 0x0, 0x0, 0x0) ioctl$KVM_GET_XCRS(0xffffffffffffffff, 0x8188aea6, &(0x7f0000000000)=ANY=[@ANYBLOB="010002d59400000500ade76e876e03c8cc0000"]) ioctl$KVM_RUN(r2, 0xae80, 0x800000000000000) [ 1157.413039][ T27] audit: type=1800 audit(1577520773.151:704): pid=19764 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="file0" dev="loop1" ino=557 res=0 [ 1157.448780][ T27] audit: type=1804 audit(1577520773.151:705): pid=19764 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir643497950/syzkaller.E8iwYA/234/file0/file0" dev="loop1" ino=557 res=1 [ 1157.516586][T19764] FAT-fs (loop1): error, fat_get_cluster: invalid cluster chain (i_pos 17) [ 1157.534427][T19764] FAT-fs (loop1): Filesystem has been set read-only [ 1157.536719][ T27] audit: type=1804 audit(1577520773.231:706): pid=19775 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir643497950/syzkaller.E8iwYA/234/file0/file0" dev="loop1" ino=557 res=1 [ 1157.562516][T19764] FAT-fs (loop1): error, fat_get_cluster: invalid cluster chain (i_pos 17) [ 1157.588342][T19775] FAT-fs (loop1): error, fat_get_cluster: invalid cluster chain (i_pos 17) 08:12:58 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x196, 0x0, 0x0, 0x0) ioctl$KVM_GET_XCRS(0xffffffffffffffff, 0x8188aea6, &(0x7f0000000000)=ANY=[@ANYBLOB="010002d59400000500ade76e876e03c8cc0000"]) ioctl$KVM_RUN(r2, 0xae80, 0x900000000000000) 08:12:58 executing program 2: pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) syz_mount_image$vfat(&(0x7f0000000440)='vfat\x00', &(0x7f0000000400)='./file0\x00', 0xfffffffffffffffa, 0x1, &(0x7f00000003c0)=[{&(0x7f0000000080)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x280001c, 0x0) r1 = open(&(0x7f0000000300)='./file0\x00', 0x0, 0x0) fchdir(r1) creat(&(0x7f0000000140)='./bus\x00', 0x0) mkdir(&(0x7f0000000240)='./file1\x00', 0x0) mkdir(&(0x7f0000000280)='./file0\x00', 0x0) r2 = open(&(0x7f00000009c0)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x800002, 0x11, r2, 0x0) r3 = creat(&(0x7f00000002c0)='./bus\x00', 0x0) fcntl$setstatus(r3, 0x4, 0x6100) ftruncate(r3, 0x8200) ioctl$KVM_ARM_SET_DEVICE_ADDR(r2, 0x4010aeab, &(0x7f0000000000)={0x5, 0x1}) write$cgroup_type(r3, &(0x7f0000000200)='threaded\x00', 0x175d900f) write$binfmt_misc(r0, &(0x7f0000000140)=ANY=[], 0x4240a2a0) 08:12:58 executing program 1: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x552, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78) setsockopt$inet_mreqsrc(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000100)='./file0\x00', 0x40c2, 0x40) r2 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) r3 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) write(r3, &(0x7f0000000600)="34fd98aa1d0e7adec937a5f331a75f487934f50242a0751944936972896c29a5068c8ecba1aa0a4e2a631b5180e1fbde79f4502dc4c4a1fba9dcd9ed83e639aefa1b87631c33d1a82cb0c0035676ddfeb0fe7984d7519b0f839d497fc9d64ef14d1de22220ff2623df4950134b9fb734a52adad95f131cce3672a9d7d7b400d2c62810b5f20351639330948107bf8d4534a03ac389455c54d8eb4d609b3e858b7213b38eb01f0eeaba3739ae927916e28da6a79a3fd5e32d30ab30bf959d4596e5ffbff6789a650b9e7d248d1ba849012336a4f3ef8fab07a8f5b81bb0bc45b2174538315ca12b7c723b2157562564a8a1f19d28179f8c565448e0e921b8c3e6fc4adaafa8b929ad077f633325b6a6f71a586cabc4883e03e19315f946b277858593a7367e232202fe9ad656c6768a1517da7f0498b48cb078e929fb11db0cc551f754bffc4859dd89a396915cc809b07d448573098409ea21371056f67ef4114ec10547f498d24513fe594308bf022868ad21e85bba811942fdc45161a1a8a7fe00d5c6b05ed7954f631bbd12a5c9a5cfa5965e0595de608b04ebe02b3fcbf3b9f57807a1a7ad8528992e2ec65949da2f4a0478dfd3ae52639c15d8aeaa351da6d393b58c772168fae604d097fef4d6b9360eb169a0b0ee70cdc22435a003e68698f61b3b63b1f51011bc8f4ef944c1de821785f670124a1c6ed18335d63412", 0xffc2) sendfile(r1, r2, 0x0, 0x7fffffa7) r4 = open(&(0x7f0000000040)='./file0\x00', 0x141042, 0x0) r5 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/pfkey\x00', 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x552, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, r5}, 0x78) setsockopt$inet_group_source_req(r5, 0x0, 0x4, &(0x7f0000000300)={0xffff0751, {{0x2, 0x4e22, @multicast2}}, {{0x2, 0x4e20, @empty}}}, 0x108) sendfile(r4, r1, 0x0, 0xffffffff) 08:12:58 executing program 0: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(r0, 0x40086602, 0x400007) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x6}, 0x3c) write$cgroup_subtree(r1, &(0x7f0000000000)=ANY=[], 0x32600) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r1, &(0x7f0000000000)=ANY=[@ANYBLOB], 0xda00) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000080)='cpu.stat\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x7fff}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffc}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) write$cgroup_int(r2, &(0x7f0000000200), 0x43400) ioctl$PERF_EVENT_IOC_MODIFY_ATTRIBUTES(r1, 0x4008240b, &(0x7f0000000280)={0x0, 0x70, 0xff, 0x1, 0x0, 0x3, 0x0, 0x100000000, 0xc17d06253f1d94fb, 0x2, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x8000, 0x4, @perf_config_ext={0x4, 0x1f}, 0x800, 0x8239, 0x7fff, 0x1, 0x1000, 0x9, 0x7}) 08:12:58 executing program 3: mkdir(&(0x7f0000002000)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0) symlink(&(0x7f0000000140)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38//../file0\x00', &(0x7f00000002c0)='./file0\x00') perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_misc(r0, &(0x7f0000000140)=ANY=[], 0xffd7) creat(&(0x7f0000000780)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38//../file0\x00', 0x0) unlink(&(0x7f0000000040)='./file0\x00') 08:12:58 executing program 5: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000000)="6653070000053c07bc3376003639405cb4aed1e68f7d368b3fb62f00000000", 0x1f}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xffffffffffffffff, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) [ 1163.195273][ T27] audit: type=1800 audit(1577520778.931:707): pid=19792 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="file0" dev="loop1" ino=558 res=0 08:12:58 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x196, 0x0, 0x0, 0x0) ioctl$KVM_GET_XCRS(0xffffffffffffffff, 0x8188aea6, &(0x7f0000000000)=ANY=[@ANYBLOB="010002d59400000500ade76e876e03c8cc0000"]) ioctl$KVM_RUN(r2, 0xae80, 0xa00000000000000) [ 1163.343883][ T27] audit: type=1804 audit(1577520778.961:708): pid=19792 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir643497950/syzkaller.E8iwYA/235/file0/file0" dev="loop1" ino=558 res=1 08:12:59 executing program 1: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1a, 0x16, 0x0, 0x0, 0x0, 0xffcb, 0x0, 0x41100, 0x3, [], 0x0, 0x13, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0xffffffffffffff05) setsockopt$inet_mreqsrc(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) fchdir(r0) ioctl$SNDRV_PCM_IOCTL_USER_PVERSION(r0, 0x40044104, &(0x7f0000000000)=0x91b) r1 = open(&(0x7f0000000100)='./file0\x00', 0x40c2, 0x40) r2 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) write(r1, &(0x7f0000000600)="34fd98aa1d0e7adec937a5f331a75f487934f50242a0751944936972896c29a5068c8ecba1aa0a4e2a631b5180e1fbde79f4502dc4c4a1fba9dcd9ed83e639aefa1b87631c33d1a82cb0c0035676ddfeb0fe7984d7519b0f839d497fc9d64ef14d1de22220ff2623df4950134b9fb734a52adad95f131cce3672a9d7d7b400d2c62810b5f20351639330948107bf8d4534a03ac389455c54d8eb4d609b3e858b7213b38eb01f0eeaba3739ae927916e28da6a79a3fd5e32d30ab30bf959d4596e5ffbff6789a650b9e7d248d1ba849012336a4f3ef8fab07a8f5b81bb0bc45b2174538315ca12b7c723b2157562564a8a1f19d28179f8c565448e0e921b8c3e6fc4adaafa8b929ad077f633325b6a6f71a586cabc4883e03e19315f946b277858593a7367e232202fe9ad656c6768a1517da7f0498b48cb078e929fb11db0cc551f754bffc4859dd89a396915cc809b07d448573098409ea21371056f67ef4114ec10547f498d24513fe594308bf022868ad21e85bba811942fdc45161a1a8a7fe00d5c6b05ed7954f631bbd12a5c9a5cfa5965e0595de608b04ebe02b3fcbf3b9f57807a1a7ad8528992e2ec65949da2f4a0478dfd3ae52639c15d8aeaa351da6d393b58c772168fae604d097fef4d6b9360eb169a0b0ee70cdc22435a003e68698f61b3b63b1f51011bc8f4ef944c1de821785f670124a1c6ed18335d63412", 0x200) sendfile(r1, r2, 0x0, 0x7fffffa7) r3 = open(&(0x7f0000000040)='./file0\x00', 0x141042, 0x0) sendfile(r3, r1, 0x0, 0xffffffff) 08:12:59 executing program 2: pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) syz_mount_image$vfat(&(0x7f0000000440)='vfat\x00', &(0x7f0000000400)='./file0\x00', 0xfffffffffffffff6, 0x1, &(0x7f00000003c0)=[{&(0x7f0000000080)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16, 0x8000000000000000}], 0x80, 0x0) r1 = open(&(0x7f0000000300)='./file0\x00', 0x0, 0x0) r2 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/pfkey\x00', 0x0, 0x0) syz_mount_image$exfat(&(0x7f0000000800)='exfat\x00', &(0x7f0000000840)='./file2\x00', 0x9, 0x6, &(0x7f0000001b40)=[{&(0x7f0000000880)="db3bb95b91a7733da699f8e87da22e214be49b7fbb50c7cb9382e8163161e655fecdf6b43340bd120fea5419ecf2ecf075661a868e79937502b3165c71dd2c35ff0379abfbb44dd658ab9fa4346015524b60d3312ac4ccd5", 0x58, 0xa7}, {&(0x7f0000000900)="9bbc566334b844bec688c419394018d691c0bf8198be48e537b8ec37c7698e3e4051eb9927ddc89116cca9728d5288b1d1e238b1996730aca118db923d3fd97e31c921fe2327fc326ddc3c65c5f495e5dce68dd820ac92793571e695ea2690300a299453f4a31293c53bfb915491fb759b655db923cbaa18", 0x78, 0x100000000}, {&(0x7f0000000a00)="a14b015577d957072333bca7ce3ef5f3c76a8b8442a26261b6bea36edfc37c3db2ab645488741c16132956db5704d65cad0c298aaca24ce1f42498a693c75095f4f79162f19088ab3cf342aee16a03f90b9c25b65074006a46e2a0f25835ba0ac9945bfb82ffc398d1d42b8ac3dc30c0cea152f529f672f151aad4383faead02f6fac8cff9ae95a3284e630bc4652257972bd757fa289502ed773e4ef616ddb1c3ff6563a18f4098a21f12030b68d23b1698c3ddf4a18164d0868a64d4378303bcb769c07bf7cc1e68081b8705d1a83e84db0ac1bb88c9b8b61cd2590084abd5", 0xe0, 0x8}, {&(0x7f0000000980)="7d40d88eda500833b5e356ecb04dc1185bfa2bd84b68586a1f3af86d040f433dc4a96c5d1acd5de662d65dbdc8b33c380501", 0x32, 0x5}, {&(0x7f0000000b00)="1c9ad72d39ca54396c364fa3fd2676a5c6a11a915bb3fb2a132ac4", 0x1b}, {&(0x7f0000000b40)="d9701b3ea05f634b3227913e7a0efa3f5a4c00c7b3075f244829cb99a66eaacd154fd1470004b09ef7707fd2378f581a08d93933af589f701bfae29f17e91c5f49c533d0906bd9cf4d035a8b934982b24a8f9b8d307db959b04960c332180cca6b956a0a12e91bda6a2a3e6c7df8375279f9d8a34356f513fc3e380b6b4ce7114c10b44d4c200804e6a0b720975635e77b35961affa756ccc80a6c7e6d6495e70fc3057a4e517ccf561272d7156b940eb1739855abea69789ff7688f4985a07d7dc978dfd7e5056db92ad41a2a4c57ec91d535bbe4559f3ca99df34b8eb084d481e5c5e5a9144266cad84e41287aa8f5bb83c0b300c61f022076332e309f3a1996bda3ef783625a57f55c86c86cdba552fa41b33b21ada4a4ec460741e1b59fc95d22657cfd73b1bcb1768c18d6ed8365258f133a8b6c3540dd633fb0fe93bbd6e914d5649c382f64c72feb8fcc4f645eaf5687fb1848f7275e0caaa21874113153b2024396d71fc0791b464bc3eb53181bc096a7458cbbcccc360f976478c934dfbf89b3b142b209ec01a69cb3aed3a067607263f9ecbdc3d264f65238e50fdb674e32cbd27f6b9d78c708fd6048f6c3f0aec9b7c3cc9bb1e4c294f89d96bfa715203d9ed4e0a7b7baa603acb5f1d635b726afa43a86b90d18e62581de703c1ad0dcd02d94d5ebbc3af6e9b89128b8f963c6d8e9e603114c0ca5cfa16b5925e462af8f230419eaedc717f67e314f526c9e47fbc4b7362fef1e8ae328bc1c6275a3fe758f85b8637641b2147d7f47917c5490e5e5dd1db1fd42762fcdcaa08b0638c22466c14ec13f70bfda9a1d68b564fca4449805ced46c3435e661598d1d0b6053409de14d0c19a071e44b81cc79c5f1503d42c9891ba25d32b5ad2660ccb815303096f24f7c32c4b959788cf61956d872ea8f4da85461a81603253e89a37003a469791196d18df97b2e2afa5409a8c510214aa7780a703384fa2a8e3cffb02a914fe84981634e55cb9a648c12be5f349f5462fe36207b9b4b5cc87b3706a740fc0b71b4bad523089aef9ae52ce7ef64427cca9301926c6302ddcff1ef99b529bb7bce01b30872633a27266abc343d1df7fa4dd99b93da54400c8ec849173f042c357a150e01b29c502d87fe3ae58fd8ffaccae989730d45766aff75bc9fafc8a2fb8739f37a5f723688b7685a0c333233f220c8c160d892b392d49dbef2114f3babc7fa6026d9c8bafe534cfee0175d139e623b85f1e85fa7c3d6012195d6e856dd3ab68b35cd18d95b8c8ab9c5e237387acc03378049a5f47a580c48cd026bbdd786b76d1d1b9193a5df64a2d842d68b9f71c218be3f9aa42d469f0b856d6ad753b811c748838b79c0ce15e1451b70b1488565054e2f746552fedd45579e0ece5315b5b0300c7d41e810675ed77e07c36ff56e628ea787feed288ff4f84f3da70e5f3a0e9f1b236bf04e08f8b38a53e3734f8a9d64ed44f832b4bd1a53495d5b86df2e81535e7067fcb270ae7ece55b3d07ff0de1b2a98b1d1fbf82a45b65ca92d41a0c535bdf43f3f0c283ea5f376a18cd19a4b4f870541d7f4008e3e6ee2b167064aa3af27e08931d413f02b90693af052fe1a5f3554abe3ba7faf748405d2a3142a9f0c339a7415332d929dea67de4caa486878883348a7163d15b00ea46b9f4c1ac4670109709e87c0b1adb9a6a045ed459bd941517804ff5c81be3896171980cece226eb18effaf0318c186bd981a1d312d69a5c64126f72ed2996a4bb1584ad4e14812d8ddddefe4f6ac2000f94da0ce0a11e8128067169a1acedb12613c718c4ff08822b629e77c99adcd6f6ee1a5d7447ed2902d968e7b08a8de2b93dbccd0edebcab8df6cbec77b7987e8b1be85054efcfe99dd2067e98745cfca5125852ac5f113b5885cc728e019b9f8d963c0434321a8c0d1ff20fbb1e3dfbef26f9e9492cda2b12c6832a034cb5c56dcff40a1de7e0367fd180a1d2b2f2fcc9eb515610fdceb958233d1f5553f4d83a2ad8c9dadac51ba05739aefcd42668d635576adb2c7fabecbf00f603958f232a69c580d7bad09c49c553c46c2d2fce55278405d6c7591fc5fcb41ee3c990b5c34894516b0a682067554f0c098efb9ed8ad2c09876ea828f11cdb1a0f4c4c092c67d5b72653aee174335da38b1f907dde870050ddb25a37bc85fdbc9726d9556b1e30e9a4a7f8b2c4ffcc8e301f70894c316f36d1fc80a4c60ebac6fc014299f642930c21f0d50201bde4a041f0978563bd76435455b7a3071ed97b6b0f54d832a5683e7b97d8912a2a0eccc112f575107389dced25e5504c1100829bf4c37c32231ea3bf98002aae3d1255cf37e28a7edbc2dc1f52cfe6b54af98a89bf984d39d0eb5e37c2a75ad778e2c0c3b0b9be6b0e45e51d35b9090e9019bc985c0c9181a44efc1ed49dd3c86bff08d9ea83ba3a9acd6fbbca38d82f670692c62633c27d5b5765aaca1ca3de00a4af162c09eedff48b3e422f441062ba882936e8357882a351b3910ff2dcb26280ac750f3792c3202881fe966345ea5daf69bd66bafb823c5c5a0d71c772b70b7bc5d77ab03bc7032a1dcccb9311a1bef0fd1b488a4a0aed04820d6c59e4b63581a7ef92a6fdae7aefe220a31e62e0e0bb340a04f1a71a3ec957e472d7dfaa79887b2758c17becf9be2c3e831903f3c8a1d7669ee9eb642ad0fe24db4fe829b4f9b00c29d77db9eff02d817c438e217a2a890c68b66da6662c16cbee3c6db9bcc991fee5bb3e60922397bd49feffe0a3ea71c25f504754a713791737c2c72901a0d5dbd557fbb77b8d9829f9ffaf9a4c9603558faff18a2ea4ea579b01b8aab008d944b822fdaecfb16763788375c61c1ff9020a054419b8be6518074be4679c6884fd5d510caed90d2ddf10bade9cb2598341053361fc88a0003cce32ad0a3d211b97ed3410230641332167918c6f6c2a5f8e683073845c55962734ecfb66f1cbf98c17e663f736f78cf1b5944a01914f90f33c9cd26583321535cf8493963d8347539b82cf2f1a8ea7093fa99365a7351fa101ae2c991de263d43736de03bf57d2f6d727351cd461a2faa47f15f7e37af5b24fc2cebf4dfb121e567e454b061a6c79a4ed1a2a1da9806c8392438c933735a153beede3c8d19f2f96db2829ee6fab84b7d460bade84019ffd880ed929833bca9f518a1ed61e4c302924aeedaca1663b37192ecc4c0ac43d2682b702a33a9299dd065cce992de92a0ad35aeda9dce3aabcc870535e9ddb9bd2115975805901e009eed2b0fdd62b017de4834a9cbb336dc5bf6dfcc9f85bcb75a7621411d0e741cab0b26b7a6cebfd3e0a708d131b408b98570f680f9b98c66b444eb5ef1a02e2c18f690649ea889be39246ad813ec59f2bcf5ff28e0530ac99156ff045a741ad0e96040b8b759c18d1b1619ee06c0c9a513c7630c43aaf2e6748d89cf3bd731b8022322321566e0e5488364a788b6a87584c7049af2f1cb53cb95e25073a24706b4b0758f4748ef243623cbc140e5e8d63ceabe7a1f50f224999cef1cbc5d64a6da3388b8bdca8dceee6b1c2d2da9064a11c0b790f049fc874b745281835adcff1a5c094f863d6b379933b73cc353978541b66eef231eb332809b3fed71a9e42fb031d1866d7b5135d993a5b155534d73805a64e3d95ff25012c7ecfe19f10c21db64a9ba0b34ff7cc2d51121ceb14a064c85e811de2cf6480b3d18cad0c1e4b91dd70c72675b49f1150abea1e73185f33cd3e421376ca9956c22ef9060480cad38ccbe7928f41fedf461fad12613e2ee11eb90a4cbf9703aa5e20cdc93ffb75cac4c0d2865b62e31a62aec968ed498a02e31a691aad4724a29e89c79a097fa6242ab2f47bc565ec3ad04f9ca94e8ebff23a7a22e69b7ecd9cd6c7e4f234af603c9068c8ca04c94659279c8e499ebbad71a2c00ded2ed74c5b04dd953cc78cdf276fdc58752222f547ba034b4284af52bc0bd0dd3e79cf5945bc1fceaa01d78c3642fe2fbf9160810e5133a26e839e56175cbefc9c6777b29b6c7364df511fd329c3247c6c8ac62949af1a2a7047da47db4b8297a664f17579832ff54dae84f2a7c096f7af060dda37dba07a6890b7db140230ce64021186b06bc52c442053224e057e3b193f77477dd90dcbb43972458a408994dfee5ab6a5425a317dfaa309de9389347738bcd50e1aeb34e909ca93ccda2cd06e1e21ce2868189ee46bcf0b1a6bea6353a3492bb6e94b0a0660a9aa75831c40f9ab71fe01a9c19544eafb9c56f745069883b44f7ffe75a850ffce019cb2c02d037932318e31c4904cbcb93cd0a4c6e1635c3c2bd5914f5620a74fe42c98b88b8792d85fafa6df0a8667f51a9dc463c452cc6b13bc827934dd098f3a5be22aa024ceb4aa1bdd43ff6744cd0cf950e74ad8444365994d2e453e6fb5c1f0343d33800b533ae18ed833601e16cced9ce07bfb7c186a09b5f7fb2a8727d90d0eaf89299b3935e3ebd9779507d3b2de311a97a619156f20ebc6db8178f78c27f453bbd018647874fca9ee6ac4fb90fbd5db29482ee527e3f755771c929b07d13c15a617469c3d89dfa7984008545c703ca2534522be331ed4533711fccb02d858aefdd91d3d9feee5e2510f862b7c37416aafd03baa50442156d3f68219ddbb0f0192c52f875fada0cb3ee74b7499c55d854788655d4c943dfa2c7d9646bb20ea0de08fab80dfca5e59ea5f9f4d730fde8c3450ed7e122fff4289581426e75418e64a5fd09a08e984666b688c69cbcac3abf4a5ee150dd1b86c8c9e23f23eaeb95dd578b0919f6a76e36b0dcb4fdc31cd8cb356a3019bf4e4da1bb70f70d3d7bd791ef4cbd65d262984a2fd01135d1b0c3d6e1a891c4887178d47fb345dea0e9d2eb6fe1dccb1db944fa62ca14c204f4b71c0469741ad288f261936450cd7db7d6c828e39a45fab13eca226a08442c86834c4ad2420d4182a5a0f29f7e3695ea10b075557a96f9ee4009757651f19085693c73c5164ba79fbb0978b82cbb5bcc0d54a9d2af150939f52d3cd9a8bf870454478ca8205957a99d4b547b1df4074f22df465aa3386b5addbde984ca160270a4d6184d8d736c915695f4a094ac3f62b1f86e0c2eb80bbf094867454b07dde9a1e7fce141f1a065f2cb76b378e067e8bf0ae6dd81fa33e9548b8485760c2e3759bc131b5dc6631b9cd03125db07b75ea5914452e02b041d4ee6083ac2a0e983a81cbeb60de93e0a05d61ac8c3c6e4045ad623dce343825ca17f58bc840573af5e707fb428365fe0ad98e15e2633d548c7ff2cb9ad1223c01c287384d11f973bcf968fea6a3ae14a20f162a4d7a915078f15d5fe75a04c0f1a2f017fca9c29a7838b1216bc6ca5a65bf82104ff1470e5c1264dfa1c9d9b722e91a5c8712c68b98ea1d798351d547e8176f6569a25d3586eb5bbf67bf8e75213115be9c0e507d1645731623dd515a09e4eddb634e7ab8d508277ec178c51cac6779e67585810461daefc18b1330a112c48b098d316c8ce02ce4ae5573cdbad29d1303dfd0536304d27913cb24b4e139c2c54f8f1380acf0562a6db194a6c58aa32ca360d1bf5a011eaa01c44032af845d4775a9947f277f85e19b8568c817460cc6ee15570632eb3a525053dc05f09257b5187d07ef1097cb5fb78ce1eddce175e75964bf940ae13fd595cd35c607171d7996a920e8b6eddaed33d504cad798440c183dab959e8ee70ce77c2fe11c4e399d2474e7b85fc82f37ceed1ca15eaa0beb245c6f41937f1c59fb214ef268de3c1f60685eee44f8", 0x1000, 0x8}], 0x30, &(0x7f0000001c00)={[{@iocharset={'iocharset', 0x3d, 'cp855'}}, {@codepage={'codepage', 0x3d, 'cp860'}}, {@discard='discard'}, {@discard='discard'}, {@dmask={'dmask', 0x3d, 0xffffffffffffffe1}}, {@codepage={'codepage', 0x3d, 'macceltic'}}], [{@defcontext={'defcontext', 0x3d, 'user_u'}}, {@fscontext={'fscontext', 0x3d, 'sysadm_u'}}, {@rootcontext={'rootcontext', 0x3d, 'unconfined_u'}}, {@context={'context', 0x3d, 'sysadm_u'}}, {@smackfsdef={'smackfsdef', 0x3d, 'trusted\xfbself.\xa6\x92!self'}}, {@fsname={'fsname', 0x3d, '#D7'}}]}) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x552, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, r2}, 0x78) sendmsg(r2, &(0x7f00000007c0)={&(0x7f0000000340)=@vsock={0x28, 0x0, 0x2710, @my=0x0}, 0x80, &(0x7f0000000780)=[{&(0x7f0000000580)="4ecdd759fe83ae2943b4ef9ae49e8dc1f395fab9ef7a7f14a2c7f6ca2b0450b36ccb62b71559ddcb90610c2e346b53336cd9c15dac656521e954cc4f4dea874b6d72aafff398810b8e4b3339d0d238fbff8c131b0e996d81767a11fa180c7fd859571122f84268043045bfb938e94d5113eaf8cdf67b01837480548de0217308902d116a9dd29566785b370d05d8f54f3ec699595217ea4997cc2b", 0x9b}, {&(0x7f00000001c0)="ba9b870caa2d9f775f3c25f639d981d3c941ad70afd263684e08fa0d604cdda8d094a0eb0120012984a34b95daf534f69b1bc680be5925f2645235cb960e63", 0x3f}, {&(0x7f0000000640)="ea772bb1b1da13c617f4b3fa02aa08e13e055dc555839e6bc8df2a1aaec810346fbbfa479e3b7013150f6aca3571cc5411dde68ead5ec572cb137e3acfb06b81677516c991e813b28abaf6f33af21da242ddc0939afa5708415475f3c5a39146db1227728308365183ded45b0bb0ec56fa9656930a56b6e6d30cd23a9b3b2530f664a7752dab770b0184517c6cceb616d82f086cb8c5b9ae748a23362f18b3b2dd6752a33d86b0c975cac393cbb92d82f70e07f5db94db1909c8599ed0cf4f26a3ec9a1e397fd073f852578ebd7a9ef03bfd317302d370a840b6672ff1366901a6b932cd4e57539d72921aab4cf730fba7", 0xf1}, {&(0x7f0000000740)="692157edffa28cd2bce2c709bc2ea4dae0a58bb8dd1cf1dccbdfb4aa9a161634", 0x20}], 0x4}, 0x20008000) r3 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/pfkey\x00', 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x552, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, r3}, 0x78) r4 = syz_genetlink_get_family_id$ipvs(&(0x7f0000001d80)='IPVS\x00') sendmsg$IPVS_CMD_SET_INFO(r0, &(0x7f0000001ec0)={&(0x7f0000001d40)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000001e80)={&(0x7f0000001dc0)={0x88, r4, 0x20, 0x70bd26, 0x25dfdbfe, {}, [@IPVS_CMD_ATTR_DEST={0x20, 0x2, [@IPVS_DEST_ATTR_ADDR={0x14, 0x1, @ipv6=@empty}, @IPVS_DEST_ATTR_L_THRESH={0x8, 0x6, 0x2}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0xfdb267c0}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x4}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x1}, @IPVS_CMD_ATTR_SERVICE={0x3c, 0x1, [@IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x7b}, @IPVS_SVC_ATTR_TIMEOUT={0x8, 0x8, 0x400}, @IPVS_SVC_ATTR_SCHED_NAME={0x8, 0x6, 'lc\x00'}, @IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x67}, @IPVS_SVC_ATTR_FWMARK={0x8}, @IPVS_SVC_ATTR_TIMEOUT={0x8, 0x8, 0x6}, @IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x22}]}]}, 0x88}, 0x1, 0x0, 0x0, 0x420b3d79ea3b6187}, 0xc170) ioctl$sock_inet_tcp_SIOCATMARK(r3, 0x8905, &(0x7f0000001d00)) fchdir(r1) r5 = creat(&(0x7f0000000140)='./bus\x00', 0x0) mkdir(&(0x7f0000000240)='./file1\x00', 0x0) syz_open_dev$char_usb(0xc, 0xb4, 0xfffffffffffff4de) ioctl$VIDIOC_G_FMT(r5, 0xc0d05604, &(0x7f0000000480)={0x2, @sliced={0x5, [0x6, 0x1c, 0x9, 0xfff, 0x5, 0x20, 0x6, 0x77, 0x3, 0x2, 0x1, 0x510, 0x8, 0x45, 0x47e, 0xc9b2, 0x6, 0xba58, 0x4, 0x4, 0x80, 0xd6b8, 0x2, 0xe8, 0x400, 0x81b, 0xfffa, 0x80, 0x1, 0x200, 0x6, 0x7ff, 0xffff, 0x1ff, 0x0, 0x1, 0x8, 0x4, 0x3, 0x1, 0x9, 0x8001, 0x9, 0xb260, 0x8, 0x20, 0x80, 0x8], 0x7}}) mkdir(&(0x7f0000000280)='./file0\x00', 0x0) r6 = open(&(0x7f00000009c0)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f000000a000/0x1000)=nil, 0x1000, 0x800012, 0x50, r6, 0x0) r7 = creat(&(0x7f00000002c0)='./bus\x00', 0x0) r8 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/pfkey\x00', 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x552, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, r8}, 0x78) ioctl$TIOCNXCL(r8, 0x540d) fcntl$setstatus(r7, 0x4, 0x6100) ftruncate(r7, 0x8200) write$cgroup_type(r7, &(0x7f0000000200)='threaded\x00', 0x175d900f) r9 = accept$nfc_llcp(r0, &(0x7f0000000000), &(0x7f00000000c0)=0x60) fsetxattr$security_selinux(r9, &(0x7f0000000100)='security.selinux\x00', &(0x7f0000000180)='system_u:object_r:crond_unit_file_t:s0\x00', 0x27, 0x0) write$binfmt_misc(r0, &(0x7f0000000140)=ANY=[], 0x4240a2a0) 08:12:59 executing program 3: prlimit64(0x0, 0x0, 0x0, 0x0) mkdir(&(0x7f0000002000)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0) write$binfmt_script(0xffffffffffffffff, &(0x7f0000000300)=ANY=[], 0x0) symlink(&(0x7f0000000140)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38//../file0\x00', &(0x7f00000002c0)='./file0\x00') perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) write$binfmt_misc(0xffffffffffffffff, &(0x7f0000000140)=ANY=[], 0xffd7) creat(&(0x7f0000000780)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38//../file0\x00', 0x0) unlink(&(0x7f0000000040)='./file0\x00') [ 1163.416525][ T27] audit: type=1804 audit(1577520779.001:709): pid=19792 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir643497950/syzkaller.E8iwYA/235/file0/file0" dev="loop1" ino=558 res=1 08:12:59 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x196, 0x0, 0x0, 0x0) ioctl$KVM_GET_XCRS(0xffffffffffffffff, 0x8188aea6, &(0x7f0000000000)=ANY=[@ANYBLOB="010002d59400000500ade76e876e03c8cc0000"]) ioctl$KVM_RUN(r2, 0xae80, 0xb00000000000000) [ 1163.472217][ T27] audit: type=1804 audit(1577520779.041:710): pid=19812 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir643497950/syzkaller.E8iwYA/235/file0/file0" dev="loop1" ino=558 res=1 [ 1163.657137][ T27] audit: type=1800 audit(1577520779.391:711): pid=19826 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="file0" dev="loop1" ino=559 res=0 08:12:59 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x196, 0x0, 0x0, 0x0) ioctl$KVM_GET_XCRS(0xffffffffffffffff, 0x8188aea6, &(0x7f0000000000)=ANY=[@ANYBLOB="010002d59400000500ade76e876e03c8cc0000"]) ioctl$KVM_RUN(r2, 0xae80, 0xc00000000000000) [ 1163.786630][ T27] audit: type=1804 audit(1577520779.461:712): pid=19835 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir643497950/syzkaller.E8iwYA/236/file0/file0" dev="loop1" ino=559 res=1 08:12:59 executing program 3: openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) openat$null(0xffffffffffffff9c, 0x0, 0x0, 0x0) writev(0xffffffffffffffff, 0x0, 0x0) ioctl$sock_SIOCGIFVLAN_GET_VLAN_INGRESS_PRIORITY_CMD(0xffffffffffffffff, 0x8982, &(0x7f0000000180)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0xcd) symlink(&(0x7f00000000c0)='..', &(0x7f0000000040)='./file0\x00') syz_open_procfs(0x0, &(0x7f0000000080)='net/dev_snmp6\x00') setsockopt$inet_sctp6_SCTP_PARTIAL_DELIVERY_POINT(0xffffffffffffffff, 0x84, 0x13, 0x0, 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000200)='devpts\x00E\xe6\xcb\xf6~\x11mS,!\xd7\xc5_\x96j\xc3\xcb\xe8@\x8a\xd7\x0f\xbc\\\xbe\x9b2\xc4\x8cp\xe8\xe2\xdf\xdf\xb6\xc6}\xde\x0e9\xd9\x8b\xf6e\x04g7T:-*w\xf7I>#htW\xeac_\xf5\x0e\xd7\xab\x15\b\x02 \xcdu\xbf\xfaho>\xd7U\xfc\x97L\xe0\'\xf4\x8e\xd0\x00'/124, 0x0, 0x0) chroot(&(0x7f0000000140)='./file0\x00') umount2(&(0x7f0000000080)='./file0\x00', 0x0) [ 1163.897130][T19826] FAT-fs (loop1): error, fat_get_cluster: invalid cluster chain (i_pos 17) [ 1163.910532][T19826] FAT-fs (loop1): Filesystem has been set read-only [ 1163.919974][T19826] FAT-fs (loop1): error, fat_get_cluster: invalid cluster chain (i_pos 17) [ 1163.929252][ T27] audit: type=1804 audit(1577520779.571:713): pid=19835 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir643497950/syzkaller.E8iwYA/236/file0/file0" dev="loop1" ino=559 res=1 [ 1163.966800][T19835] FAT-fs (loop1): error, fat_get_cluster: invalid cluster chain (i_pos 17) [ 1164.018850][T19835] FAT-fs (loop1): error, fat_get_cluster: invalid cluster chain (i_pos 17) 08:12:59 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x196, 0x0, 0x0, 0x0) ioctl$KVM_GET_XCRS(0xffffffffffffffff, 0x8188aea6, &(0x7f0000000000)=ANY=[@ANYBLOB="010002d59400000500ade76e876e03c8cc0000"]) ioctl$KVM_RUN(r2, 0xae80, 0xd00000000000000) [ 1164.059979][T19835] FAT-fs (loop1): error, fat_get_cluster: invalid cluster chain (i_pos 17) [ 1164.091332][T19835] FAT-fs (loop1): error, fat_get_cluster: invalid cluster chain (i_pos 17) 08:12:59 executing program 1: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x552, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78) setsockopt$inet_mreqsrc(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000100)='./file0\x00', 0x40c2, 0x40) r2 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) write(r1, &(0x7f0000000800)="34fd98aa1d0e7adec937a5f331a75f487934f50242a0751944936972896c29a5068c8ecba1aa0a4e2a631b5180e1fbde79f4502dc4c4a1fba9dcd9ed83e639aefa1b87631c33d1a82cb0c0035676ddfeb0fe7984d7519b0f839d497fc9d64ef14d1de22220ff2623df4950134b9fb734e52adad95f131cce3672a9d7d7b400d2c62810b5f20351639330948107bf8d4534a03ac389455c54d8eb4d4b9b3e858b7213b38eb01f0eeaba3739ae9279bf959d4596e5ffbff6789a650b9e7d248d1ba849012336a4f3ef8fab07a8f5b81bb0bc45b2174538315ca12b7c723b2157562564a8a1f19d28179f8c565448e0e921b8c3e6fc4adaafa8b929ad077f633325b6a6f71a586cab46b277858593a7367e232202fe9ad656c6768a1517da7f0498b48cb07ce929fb11db0cc551f754bffc4859dd89a396915cc809b07d448573098409ea21371056f67ef4114ec10547f498d24513fe594308bf022868ad21e85bba811942fdc45161a1a8a7fe00d5c6b05ed7954f631bbd12a5c9a5cfa5965e0595de608b04ebe02b3fcbf3b9f57807a1a7ad8528992e2ec659495ce94a0478dfd3ae52639c15d8aeaa351da6d393b58c772168fae604d097fef4d6b9360eb169a0b0ee70cdc22435a003e68698f61b3b63b1f51011bc8f4ef944c1de821785f670124a1c6ed18335d63412865db600c6f63d376c3e85fdc5dbc84956fb91b0cc923a2deed3d0bd7100d73b59074a0071b7e7b6cd024f2c0e1aa324107be8aa7760b3745b420a57f94ef80832d0da867e73c8e2c1a361733276f4011d0d1719dc71f32030c9c7165b91685a1c6a05f0d4dc70131e0e480c7d68d81aab017741a0d80deb2e36afa671506114eee3d5f555595351952cf347b4c5130770b71e9c37b1c55ca4d4e70664ac27e41018de634ebb00"/670, 0x29e) sendfile(r1, r2, 0x0, 0x7fffffa7) r3 = open(&(0x7f0000000040)='./file0\x00', 0x141042, 0x0) sendfile(r3, r1, 0x0, 0xffffffff) [ 1164.122307][ T27] audit: type=1800 audit(1577520779.841:714): pid=19835 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed comm="syz-executor.1" name="file0" dev="loop1" ino=559 res=0 [ 1164.307384][ T27] audit: type=1800 audit(1577520780.041:715): pid=19869 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="file0" dev="loop1" ino=560 res=0 [ 1164.341412][ T27] audit: type=1804 audit(1577520780.071:716): pid=19869 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir643497950/syzkaller.E8iwYA/237/file0/file0" dev="loop1" ino=560 res=1 08:13:05 executing program 0: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(r0, 0x40086602, 0x400007) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x6}, 0x3c) write$cgroup_subtree(r1, &(0x7f0000000000)=ANY=[], 0x32600) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r1, &(0x7f0000000000)=ANY=[@ANYBLOB], 0xda00) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000080)='cpu.stat\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x7fff}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffc}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) write$cgroup_int(r2, &(0x7f0000000200), 0x43400) ioctl$PERF_EVENT_IOC_MODIFY_ATTRIBUTES(r1, 0x4008240b, &(0x7f0000000280)={0x0, 0x70, 0xff, 0x1, 0x0, 0x3, 0x0, 0x100000000, 0xc17d06253f1d94fb, 0x2, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x8000, 0x4, @perf_config_ext={0x4, 0x1f}, 0x800, 0x8239, 0x7fff, 0x1, 0x1000, 0x9, 0x7}) 08:13:05 executing program 3: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000100)='/dev/uinput\x00', 0x0, 0x0) ioctl$UI_SET_SNDBIT(r0, 0x4004556d, 0x0) 08:13:05 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x196, 0x0, 0x0, 0x0) ioctl$KVM_GET_XCRS(0xffffffffffffffff, 0x8188aea6, &(0x7f0000000000)=ANY=[@ANYBLOB="010002d59400000500ade76e876e03c8cc0000"]) ioctl$KVM_RUN(r2, 0xae80, 0xe00000000000000) 08:13:05 executing program 2: pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) syz_mount_image$vfat(&(0x7f0000000440)='vfat\x00', &(0x7f0000000400)='./file0\x00', 0xfffffffffffffffa, 0x1, &(0x7f00000003c0)=[{&(0x7f0000000080)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x280001c, 0x0) r2 = open(&(0x7f0000000300)='./file0\x00', 0x0, 0x0) fchdir(r2) creat(&(0x7f0000000140)='./bus\x00', 0x0) mkdir(&(0x7f0000000240)='./file1\x00', 0x0) ioctl$VT_ACTIVATE(r0, 0x5606, 0x100000000) mkdir(&(0x7f0000000280)='./file0\x00', 0x0) r3 = open(&(0x7f00000009c0)='./bus\x00', 0x141042, 0x0) r4 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/pfkey\x00', 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x552, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, r4}, 0x78) r5 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r5, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0}, &(0x7f0000000280)=0x5) ioctl$sock_SIOCGIFVLAN_ADD_VLAN_CMD(r2, 0x8982, &(0x7f0000000380)={0x0, 'tunl0\x00', {0x3}, 0xb6}) setuid(r6) r7 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_S_EXT_CTRLS(r7, 0xc0205648, &(0x7f0000000080)={0x0, 0x7}) fstat(r7, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) stat(&(0x7f0000000340)='./bus\x00', &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0}) r10 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r10, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0}, &(0x7f0000000280)=0x5) setuid(r11) mount$fuseblk(&(0x7f0000000040)='/dev/loop0\x00', &(0x7f00000000c0)='./file0\x00', &(0x7f0000000100)='fuseblk\x00', 0x30000a, &(0x7f0000000500)={{'fd', 0x3d, r4}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {'user_id', 0x3d, r6}, 0x2c, {'group_id', 0x3d, r8}, 0x2c, {[{@blksize={'blksize', 0x3d, 0x1000}}, {@default_permissions='default_permissions'}, {@max_read={'max_read', 0x3d, 0x2}}, {@max_read={'max_read', 0x3d, 0x1f}}, {@allow_other='allow_other'}, {@allow_other='allow_other'}, {@blksize={'blksize'}}, {@max_read={'max_read', 0x3d, 0x85}}, {@max_read={'max_read', 0x3d, 0x8}}, {@allow_other='allow_other'}], [{@appraise_type='appraise_type=imasig'}, {@euid_eq={'euid', 0x3d, r9}}, {@smackfstransmute={'smackfstransmute', 0x3d, 'mime_type'}}, {@func={'func', 0x3d, 'FILE_MMAP'}}, {@context={'context', 0x3d, 'staff_u'}}, {@smackfshat={'smackfshat', 0x3d, ',GPL'}}, {@fowner_gt={'fowner>', r11}}, {@fsuuid={'fsuuid', 0x3d, {[0x63, 0x32, 0x66, 0x66, 0x8eac8b59b96d5cf6, 0x66, 0x0, 0x66], 0x2d, [0x66, 0x0, 0x66, 0x37], 0x2d, [0xd, 0x31, 0x65, 0x39], 0x2d, [0x35, 0x35, 0x35, 0x33], 0x2d, [0x32, 0x27, 0x33, 0xc4, 0x2e, 0x3, 0x39, 0x64]}}}, {@subj_type={'subj_type', 0x3d, 'threaded\x00'}}, {@dont_appraise='dont_appraise'}]}}) ioctl$EXT4_IOC_GROUP_ADD(0xffffffffffffffff, 0x40286608, &(0x7f0000000000)={0x1, 0x0, 0x7ff, 0x1a, 0x8, 0x800}) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x800002, 0x11, r3, 0x0) r12 = creat(&(0x7f00000002c0)='./bus\x00', 0x0) fcntl$setstatus(r12, 0x4, 0x6100) ftruncate(r12, 0x8200) write$cgroup_type(r12, &(0x7f0000000200)='threaded\x00', 0x175d900f) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) 08:13:05 executing program 1: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0xaaaaaaaaaaaaab3, &(0x7f0000000140)=[{&(0x7f0000000000)="eb2c9021ee6fcf8a81ebe5f11345bf24f6f1100204010002000270fff80741a79ceaf0", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x552, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78) setsockopt$inet_mreqsrc(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000100)='./file0\x00', 0x40c2, 0x0) r2 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) write(r1, &(0x7f0000000600)="34fd98aa1d0e7adec937a5f331a75f487934f50242a0751944936972896c29a5068c8ecba1aa0a4e2a631b5180e1fbde79f4502dc4c4a1fba9dcd9ed83e639aefa1b87631c33d1a82cb0c0035676ddfeb0fe7984d7519b0f839d497fc9d64ef14d1de22220ff2623df4950134b9fb734a52adad95f131cce3672a9d7d7b400d2c62810b5f20351639330948107bf8d4534a03ac389455c54d8eb4d609b3e858b7213b38eb01f0eeaba3739ae927916e28da6a79a3fd5e32d30ab30bf959d4596e5ffbff6789a650b9e7d248d1ba849012336a4f3ef8fab07a8f5b81bb0bc45b2174538315ca12b7c723b2157562564a8a1f19d28179f8c565448e0e921b8c3e6fc4adaafa8b929ad077f633325b6a6f71a586cabc4883e03e19315f946b277858593a7367e232202fe9ad656c6768a1517da7f0498b48cb078e929fb11db0cc551f754bffc4859dd89a396915cc809b07d448573098409ea21371056f67ef4114ec10547f498d24513fe594308bf022868ad21e85bba811942fdc45161a1a8a7fe00d5c6b05ed7954f631bbd12a5c9a5cfa5965e0595de608b04ebe02b3fcbf3b9f57807a1a7ad8528992e2ec65949da2f4a0478dfd3ae52639c15d8aeaa351da6d393b58c772168fae604d097fef4d6b9360eb169a0b0ee70cdc22435a003e68698f61b3b63b1f51011bc8f4ef944c1de821785f670124a1c6ed18335d63412", 0x200) sendfile(r1, r2, 0x0, 0x7fffffa7) r3 = open(&(0x7f0000000040)='./file0\x00', 0x141042, 0x0) sendfile(r3, r1, 0x0, 0xffffffff) 08:13:05 executing program 5: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000000)="6653070000053c07bc3376003639405cb4aed1e68f7d368b3fb62f00000000", 0x1f}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, 0x0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) 08:13:06 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r1 = openat$null(0xffffffffffffff9c, 0x0, 0x0, 0x0) writev(0xffffffffffffffff, 0x0, 0x0) ioctl$sock_SIOCGIFVLAN_GET_VLAN_INGRESS_PRIORITY_CMD(r1, 0x8982, &(0x7f0000000180)) sched_setaffinity(0x0, 0x3d31, &(0x7f0000000200)=0xa000000000000005) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = syz_open_procfs(0x0, 0x0) r3 = syz_open_dev$tty20(0xc, 0x4, 0x0) r4 = dup3(r3, r2, 0x0) ioctl$TCXONC(r4, 0x4bfa, 0x7fffffffefff) ioctl$ASHMEM_SET_SIZE(r4, 0x40087703, 0xcd) symlink(&(0x7f00000000c0)='..', &(0x7f0000000040)='./file0\x00') syz_open_procfs(0x0, &(0x7f0000000080)='net/dev_snmp6\x00') r5 = syz_open_dev$tty20(0xc, 0x4, 0x0) r6 = dup3(r5, 0xffffffffffffffff, 0x0) ioctl$TCXONC(r6, 0x4bfa, 0x7fffffffefff) setsockopt$inet_sctp6_SCTP_PARTIAL_DELIVERY_POINT(r6, 0x84, 0x13, &(0x7f0000000100)=0x7, 0x4) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000200)='devpts\x00E\xe6\xcb\xf6~\x11mS,!\xd7\xc5_\x96j\xc3\xcb\xe8@\x8a\xd7\x0f\xbc\\\xbe\x9b2\xc4\x8cp\xe8\xe2\xdf\xdf\xb6\xc6}\xde\x0e9\xd9\x8b\xf6e\x04g7T:-*w\xf7I>#htW\xeac_\xf5\x0e\xd7\xab\x15\b\x02 \xcdu\xbf\xfaho>\xd7U\xfc\x97L\xe0\'\xf4\x8e\xd0\x00'/124, 0x0, 0x0) chroot(&(0x7f0000000140)='./file0\x00') umount2(&(0x7f0000000080)='./file0\x00', 0x0) ioctl$NBD_SET_FLAGS(r1, 0xab0a, 0x7) r7 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r7, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r7, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x11d000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r8, &(0x7f0000000000/0x18000)=nil, 0x0, 0x196, 0x0, 0x0, 0x0) [ 1170.335544][ T27] kauditd_printk_skb: 4 callbacks suppressed [ 1170.335570][ T27] audit: type=1800 audit(1577520786.071:721): pid=19899 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="file0" dev="sda1" ino=16564 res=0 [ 1170.416136][ T27] audit: type=1804 audit(1577520786.111:722): pid=19899 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir643497950/syzkaller.E8iwYA/238/file0" dev="sda1" ino=16564 res=1 08:13:06 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x196, 0x0, 0x0, 0x0) ioctl$KVM_GET_XCRS(0xffffffffffffffff, 0x8188aea6, &(0x7f0000000000)=ANY=[@ANYBLOB="010002d59400000500ade76e876e03c8cc0000"]) ioctl$KVM_RUN(r2, 0xae80, 0xf00000000000000) [ 1170.457088][ T27] audit: type=1804 audit(1577520786.181:723): pid=19903 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir643497950/syzkaller.E8iwYA/238/file0" dev="sda1" ino=16564 res=1 08:13:06 executing program 2: pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) syz_mount_image$vfat(&(0x7f0000000440)='vfat\x00', &(0x7f0000000400)='./file0\x00', 0xfffffffffffffffa, 0x1, &(0x7f00000003c0)=[{&(0x7f0000000080)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x280001c, 0x0) r1 = open(&(0x7f0000000300)='./file0\x00', 0x0, 0x0) fchdir(r1) creat(&(0x7f0000000140)='./bus\x00', 0x0) mkdir(&(0x7f0000000240)='./file1\x00', 0x0) mkdir(&(0x7f0000000280)='./file0\x00', 0x0) r2 = open(&(0x7f00000009c0)='./bus\x00', 0x141042, 0x0) ioctl$KDSKBSENT(r0, 0x4b49, &(0x7f0000000480)={0x3, "fe4ebda60af0a830713abf3f9853305cc033cc7ba55edaccbe69e8d15b9b80f579088c35c70d06b7635d268651a732e45a2ebd65d9cbe8dabdb7b985081b9dee6dfc7b5c32618aea58160b45a43f5a09dce57fe248c1b26ba6d63d9502f82e2a1452952e8c5bfa1ea37d47e8894ea06652304fe3dadd4ce47a9de7f2fa43a1ebdefed9431d25ea0f9e2cce91374ba1d04bb65191355dda8aaa966e4b03b7bc6495f276e9a1cabd28f445c24403bdfe75ab1b3e85c9092592df0cfae8c2f4969ac6dd444af5c0c863a70d69f332b3ada63df97bb1943f7b1aa2604434f7433bf86d8b129bb74832b129b34bb1f8f27d52be6b388c74eed6e8c53ba76902aea4a5d4acf4082f7470eae88d5e9273696419815545d289d0b36e0a839e44a60be6c12f5a982de7d560fcb18517c09abcc177ea827df103e73d2e1d89f45f39aac1399c8a95c844945baddfa7470e7020836146228d9fad042810df2d31b8c6d83c2773cfacb3c370c3686663f2c6704dc5a9441fc99b07c6e2e32f704fc4ed70fbd8cbc7a074fa5eb378ed214f2a0b2242fdcd6fccdc621328e15bf82f351e17aab1383bdfa950ae8ce896159c4eb3621e03b2ebe026fe4822853ce94ac89712a6a0858337e000952f7a6d8e95fbd69c935d24914344802515a0dab2a3e0cd2b866a584267befff0c9fc24c9bf9eee2fd946875a4a5f5a6b2a3f56982658fb7efa12"}) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x800002, 0x11, r2, 0x0) r3 = creat(&(0x7f00000002c0)='./bus\x00', 0x0) fcntl$setstatus(r3, 0x4, 0x6100) ftruncate(r3, 0x8200) write$cgroup_type(r3, &(0x7f0000000200)='threaded\x00', 0x175d900f) r4 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_S_EXT_CTRLS(r4, 0xc0205648, &(0x7f0000000080)={0x0, 0x7}) ioctl$FS_IOC_SETFLAGS(r4, 0x40086602, &(0x7f0000000040)=0x8) fcntl$F_SET_FILE_RW_HINT(0xffffffffffffffff, 0x40e, &(0x7f0000000000)) write$binfmt_misc(r0, &(0x7f0000000140)=ANY=[], 0x4240a2a0) 08:13:06 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x196, 0x0, 0x0, 0x0) ioctl$KVM_GET_XCRS(0xffffffffffffffff, 0x8188aea6, &(0x7f0000000000)=ANY=[@ANYBLOB="010002d59400000500ade76e876e03c8cc0000"]) ioctl$KVM_RUN(r2, 0xae80, 0x1000000000000000) 08:13:06 executing program 3: openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/fuse\x00', 0x2, 0x0) r0 = socket$unix(0x1, 0x1, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) creat(&(0x7f0000000300)='./bus\x00', 0x0) syz_open_dev$sndseq(&(0x7f0000000080)='/dev/snd/seq\x00', 0x0, 0x0) socket$inet6(0xa, 0x2, 0x0) clock_gettime(0x0, &(0x7f00000003c0)={0x0, 0x0}) pselect6(0x40, &(0x7f0000000240), 0x0, &(0x7f0000000140)={0x1b0}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0) r3 = dup2(r1, r0) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) 08:13:06 executing program 2: pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) syz_mount_image$vfat(&(0x7f0000000440)='vfat\x00', &(0x7f0000000400)='./file0\x00', 0xfffffffffffffffa, 0x1, &(0x7f00000003c0)=[{&(0x7f0000000080)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x280001c, 0x0) r1 = open(&(0x7f0000000300)='./file0\x00', 0x0, 0x0) fchdir(r1) creat(&(0x7f0000000140)='./bus\x00', 0x0) mkdir(&(0x7f0000000240)='./file1\x00', 0x0) mkdir(&(0x7f0000000280)='./file0\x00', 0x0) r2 = open(&(0x7f00000009c0)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x800002, 0x11, r2, 0x0) r3 = creat(&(0x7f00000002c0)='./bus\x00', 0x0) r4 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/loop-control\x00', 0x0, 0x0) mmap(&(0x7f0000009000/0x1000)=nil, 0x1000, 0x8, 0x50, r4, 0x4eb2d000) r5 = fcntl$dupfd(r0, 0x0, 0xffffffffffffffff) ioctl$PPPIOCSMRRU(r5, 0x4004743b, &(0x7f0000000000)=0x8000) fcntl$setstatus(r3, 0x4, 0x6100) ftruncate(r3, 0x8200) r6 = syz_open_dev$mouse(&(0x7f0000000040)='/dev/input/mouse#\x00', 0x9, 0x117002) ioctl$DRM_IOCTL_ADD_CTX(0xffffffffffffffff, 0xc0086420, &(0x7f0000000440)={0x0}) ioctl$DRM_IOCTL_GET_SAREA_CTX(0xffffffffffffffff, 0xc010641d, &(0x7f0000000500)={r7, &(0x7f0000000480)=""/69}) r8 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/pfkey\x00', 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x552, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, r8}, 0x78) getpeername$inet6(r8, &(0x7f0000000340)={0xa, 0x0, 0x0, @remote}, &(0x7f0000000380)=0x1c) bind$unix(r6, &(0x7f0000000180)=@abs={0x1, 0x0, 0x4e24}, 0x6e) ioctl$DRM_IOCTL_LOCK(0xffffffffffffffff, 0x4008642a, &(0x7f0000000300)={r7, 0x17}) ioctl$DRM_IOCTL_LOCK(r6, 0x4008642a, &(0x7f0000000100)={r7, 0x27}) write$cgroup_type(r3, &(0x7f0000000200)='threaded\x00', 0x175d900f) write$binfmt_misc(r0, &(0x7f0000000140)=ANY=[], 0x4240a2a0) [ 1171.182675][ T27] audit: type=1804 audit(1577520786.921:724): pid=19939 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir643497950/syzkaller.E8iwYA/238/file0" dev="sda1" ino=16564 res=1 [ 1171.234131][ T27] audit: type=1804 audit(1577520786.961:725): pid=19940 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir643497950/syzkaller.E8iwYA/238/file0" dev="sda1" ino=16564 res=1 [ 1171.278236][ T27] audit: type=1804 audit(1577520786.971:726): pid=19939 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir643497950/syzkaller.E8iwYA/238/file0" dev="sda1" ino=16564 res=1 08:13:16 executing program 0: r0 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(r0, 0x40086602, 0x400007) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x6}, 0x3c) write$cgroup_subtree(r1, &(0x7f0000000000)=ANY=[], 0x32600) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r1, &(0x7f0000000000)=ANY=[@ANYBLOB], 0xda00) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000080)='cpu.stat\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x7fff}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffc}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) write$cgroup_int(r2, &(0x7f0000000200), 0x43400) ioctl$PERF_EVENT_IOC_MODIFY_ATTRIBUTES(r1, 0x4008240b, &(0x7f0000000280)={0x0, 0x70, 0xff, 0x1, 0x0, 0x3, 0x0, 0x100000000, 0xc17d06253f1d94fb, 0x2, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x8000, 0x4, @perf_config_ext={0x4, 0x1f}, 0x800, 0x8239, 0x7fff, 0x1, 0x1000, 0x9, 0x7}) 08:13:16 executing program 2: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_mount_image$vfat(&(0x7f0000000440)='vfat\x00', &(0x7f0000000400)='./file0\x00', 0xfffffffffffffffa, 0x1, &(0x7f00000003c0)=[{&(0x7f0000000080)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x280001c, 0x0) r1 = open(&(0x7f0000000300)='./file0\x00', 0x0, 0x0) fchdir(r1) creat(&(0x7f0000000140)='./bus\x00', 0x0) mkdir(&(0x7f0000000240)='./file1\x00', 0x0) mkdir(&(0x7f0000000280)='./file0\x00', 0x0) r2 = open(&(0x7f00000009c0)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x800002, 0x11, r2, 0x0) r3 = creat(&(0x7f00000002c0)='./bus\x00', 0x0) fcntl$setstatus(r3, 0x4, 0x6100) ftruncate(r3, 0x8200) r4 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/pfkey\x00', 0x0, 0x0) r5 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_S_EXT_CTRLS(r5, 0xc0205648, &(0x7f0000000080)={0x0, 0x7}) ioctl$VIDIOC_QBUF(0xffffffffffffffff, 0xc058560f, &(0x7f0000000600)={0x0, 0x7, 0x4, 0xf55ddc7b5424c9fe, 0x6, {}, {0x4, 0xdc2f5cd7a9bd0963, 0x42, 0x1f, 0x80, 0x9, "e81948b9"}, 0x81, 0x1, @offset, 0x3, 0x0, r5}) setsockopt$X25_QBITINCL(r6, 0x106, 0x1, &(0x7f0000000680), 0x4) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x552, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, r4}, 0x78) r7 = syz_open_pts(r4, 0x4000) ioctl$KDSKBMODE(r7, 0x4b45, &(0x7f0000000000)=0x4) write$cgroup_type(r3, &(0x7f0000000200)='threaded\x00', 0x175d900f) write$binfmt_misc(r0, &(0x7f0000000140)=ANY=[], 0x4240a2a0) 08:13:16 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x196, 0x0, 0x0, 0x0) ioctl$KVM_GET_XCRS(0xffffffffffffffff, 0x8188aea6, &(0x7f0000000000)=ANY=[@ANYBLOB="010002d59400000500ade76e876e03c8cc0000"]) ioctl$KVM_RUN(r2, 0xae80, 0x1100000000000000) 08:13:16 executing program 3: r0 = socket$inet6(0xa, 0x80003, 0x6b) ioctl(r0, 0x1000008912, &(0x7f0000000080)="0805b5055e0bcfe8474071") r1 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r1, 0x29, 0x20, &(0x7f0000000100)={@mcast2, 0x800, 0x0, 0x2000000000903, 0x1}, 0x2c) 08:13:16 executing program 5: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000000)="6653070000053c07bc3376003639405cb4aed1e68f7d368b3fb62f00000000", 0x1f}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, 0x0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) 08:13:16 executing program 1: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x100000, 0x0) r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x552, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0xc5}, 0x78) setsockopt$inet_mreqsrc(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) fchdir(r0) r1 = syz_open_procfs(0x0, &(0x7f0000000000)='projid_map\x00') ioctl$DRM_IOCTL_AGP_ALLOC(r0, 0xc0206434, &(0x7f0000000180)={0x1, 0x0, 0x0, 0x7}) ioctl$DRM_IOCTL_AGP_FREE(r1, 0x40206435, &(0x7f00000001c0)={0x3, r2, 0x10001, 0xdcf}) r3 = open(&(0x7f0000000100)='./file0\x00', 0x40c2, 0x40) r4 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) write(r3, &(0x7f0000000300)="34fd98aa1d0e7adec937a5f331a75f487934f50242a0751944936972896c29a5068c8ecba1aa0a4e2a631b5180e1fbde79f4502dc4c4a1fba9dcd9ed83e639aefa1b87631c33d1a82cb0c0035676ddfeb0fe7984d7519b0f839d497fc9d64ef14d1de22220ff2623df4950134b9fb734a52adad95f131cce3672a9d7d7b400d2c62810b5f20351639330948107bf8d4534a03ac389455c54d8eb4d609b3e858b7213b38eb01f0eeaba3739ae927916e28da6a79a3fd5e32d30ab30bf959d4596e5ffbff6789a650b9e7d248d1ba849012336a4f3ef8fab07a8f5b81bb0bc45b2174538315ca12b7c723b2157562564a8a1f19d28179f8c565448e0e921b8c3e6fc4adaafa8b929ad077f633325b6a6f71a586cabc4883e03e19315f946b277858593a7367e232202fe9ad656c6768a1517da7f0498b48cb078e929fb11db0cc551f754bffc4859dd89a396915cc809b07d448573098409ea21371056f67ef4114ec10547f498d24513fe594308bf022868ad21e85bba811942fdc45161a1a8a7fe00d5c6b05ed7954f631bbd12a5c9a5cfa5965e0595de608b04ebe02b3fcbf3b9f57807a1a7ad8528992e2ec65949da2f4a0478dfd3ae52639c15d8aeaa351da6d393b58c772168fae604d097fef4d6b9360eb169a0b0ee70cdc22435a003e68698f61b3b63b1f51011bc8f4ef944c1de821785f670124a1c6ed18335d63412", 0x200) sendfile(r3, r4, 0x0, 0x7fffffa7) r5 = open(&(0x7f0000000040)='./file0\x00', 0x141042, 0x0) sendfile(r5, r3, 0x0, 0xffffffff) [ 1180.871386][ T27] audit: type=1800 audit(1577520796.601:727): pid=19957 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="file0" dev="sda1" ino=16594 res=0 08:13:16 executing program 3: socketpair(0x2, 0x3, 0xff, &(0x7f00000000c0)) 08:13:16 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x196, 0x0, 0x0, 0x0) ioctl$KVM_GET_XCRS(0xffffffffffffffff, 0x8188aea6, &(0x7f0000000000)=ANY=[@ANYBLOB="010002d59400000500ade76e876e03c8cc0000"]) ioctl$KVM_RUN(r2, 0xae80, 0x1200000000000000) 08:13:16 executing program 2: pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) syz_mount_image$vfat(&(0x7f0000000440)='vfat\x00', &(0x7f0000000400)='./file0\x00', 0xfffffffffffffffa, 0x1, &(0x7f00000003c0)=[{&(0x7f0000000080)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x280001c, 0x0) r2 = open(&(0x7f0000000300)='./file0\x00', 0x0, 0x0) fchdir(r2) creat(&(0x7f0000000140)='./bus\x00', 0x0) mkdir(&(0x7f0000000240)='./file1\x00', 0x0) mkdir(&(0x7f0000000280)='./file0\x00', 0x0) socket$caif_seqpacket(0x25, 0x5, 0x5) r3 = open(&(0x7f00000009c0)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x800002, 0x11, r3, 0x0) r4 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/pfkey\x00', 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x552, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, r4}, 0x78) r5 = socket$inet_sctp(0x2, 0x1, 0x84) r6 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r6, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [0x0]}, &(0x7f000095dffc)=0x8) getsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(r5, 0x84, 0xa, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r7}, &(0x7f0000000100)=0x20) getsockopt$inet_sctp6_SCTP_GET_PEER_ADDRS(r0, 0x84, 0x6c, &(0x7f0000000480)={r7, 0xdd, "d2c96432c4dadc99b8b88ca0d620726dbbdd830f340a4631e835d2d6f13c29a7ae0c8ae8feee0cd6c5b5585935e3cb4dd2bdf83e2e37d03db41137d3afd20ca39a1d4ca7be9f79c090f5eafe339202edcf9845e26aa6a944cecdb0abe0e245dc3fbbe11ab35193bbcbaf400b4189b6617503892ce3d0266b3f3d09283787bfa942a335550108e1538c55df40ffe4dffdbf1f0c7ae17b557a5e0a151006f8b365ef2636a54802cf98c44cc249e429d99ad4d0192c999ca19b0f79f1f3cca15b8857cd390f480069372f54d94249a0cf93adf60d50d1bacb9a152ae40d10"}, &(0x7f0000000180)=0xe5) setsockopt$inet_sctp_SCTP_RESET_STREAMS(r4, 0x84, 0x77, &(0x7f00000001c0)={r8, 0x4, 0x4, [0x7, 0x1ff, 0x0, 0x3]}, 0x10) r9 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$FS_IOC_REMOVE_ENCRYPTION_KEY(r4, 0xc0406618, &(0x7f0000000340)={{0x1, 0x0, @descriptor="5411932d32110a54"}}) ioctl$VIDIOC_S_EXT_CTRLS(r9, 0xc0205648, &(0x7f0000000080)={0x0, 0x7}) ioctl$VIDIOC_G_EXT_CTRLS(r9, 0xc0205647, &(0x7f00000000c0)={0x9d0000, 0x10001, 0x4, r0, 0x0, &(0x7f0000000040)={0x9909e3, 0x400, [], @p_u32=&(0x7f0000000000)=0xd4}}) setsockopt$IP_VS_SO_SET_ZERO(r10, 0x0, 0x48f, &(0x7f0000000100)={0x47, @empty, 0x4e23, 0x0, 'wlc\x00', 0x10, 0x20000000, 0x39}, 0x2c) r11 = creat(&(0x7f00000002c0)='./bus\x00', 0x0) fcntl$setstatus(r11, 0x4, 0x6100) ftruncate(r11, 0x8200) write$cgroup_type(r11, &(0x7f0000000200)='threaded\x00', 0x175d900f) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) [ 1180.986678][ T27] audit: type=1804 audit(1577520796.661:728): pid=19957 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir643497950/syzkaller.E8iwYA/239/file0/file0" dev="sda1" ino=16594 res=1 [ 1181.057774][ T27] audit: type=1804 audit(1577520796.671:729): pid=19957 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir643497950/syzkaller.E8iwYA/239/file0/file0" dev="sda1" ino=16594 res=1 08:13:16 executing program 1: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000000)='./file0\x00', 0x400, 0x40) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x552, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78) setsockopt$inet_mreqsrc(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000100)='./file0\x00', 0x40c2, 0x40) r2 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) write(r1, &(0x7f0000000600)="34fd98aa1d0e7adec937a5f331a75f487934f50242a0751944936972896c29a5068c8ecba1aa0a4e2a631b5180e1fbde79f4502dc4c4a1fba9dcd9ed83e639aefa1b87631c33d1a82cb0c0035676ddfeb0fe7984d7519b0f839d497fc9d64ef14d1de22220ff2623df4950134b9fb734a52adad95f131cce3672a9d7d7b400d2c62810b5f20351639330948107bf8d4534a03ac389455c54d8eb4d609b3e858b7213b38eb01f0eeaba3739ae927916e28da6a79a3fd5e32d30ab30bf959d4596e5ffbff6789a650b9e7d248d1ba849012336a4f3ef8fab07a8f5b81bb0bc45b2174538315ca12b7c723b2157562564a8a1f19d28179f8c565448e0e921b8c3e6fc4adaafa8b929ad077f633325b6a6f71a586cabc4883e03e19315f946b277858593a7367e232202fe9ad656c6768a1517da7f0498b48cb078e929fb11db0cc551f754bffc4859dd89a396915cc809b07d448573098409ea21371056f67ef4114ec10547f498d24513fe594308bf022868ad21e85bba811942fdc45161a1a8a7fe00d5c6b05ed7954f631bbd12a5c9a5cfa5965e0595de608b04ebe02b3fcbf3b9f57807a1a7ad8528992e2ec65949da2f4a0478dfd3ae52639c15d8aeaa351da6d393b58c772168fae604d097fef4d6b9360eb169a0b0ee70cdc22435a003e68698f61b3b63b1f51011bc8f4ef944c1de821785f670124a1c6ed18335d63412", 0x200) r3 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_S_EXT_CTRLS(r3, 0xc0205648, &(0x7f0000000080)={0x0, 0x7}) ioctl$VIDIOC_G_PRIORITY(r3, 0x80045643, 0x3) sendfile(r1, r2, 0x0, 0x7fffffa7) r4 = open(&(0x7f0000000040)='./file0\x00', 0x141042, 0x0) sendfile(r4, r1, 0x0, 0xffffffff) [ 1181.088117][ T27] audit: type=1804 audit(1577520796.701:730): pid=19977 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir643497950/syzkaller.E8iwYA/239/file0/file0" dev="sda1" ino=16594 res=1 08:13:16 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) sched_setaffinity(0x0, 0x0, 0x0) syz_open_procfs(0x0, 0x0) syz_open_dev$tty20(0xc, 0x4, 0x0) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$TCXONC(0xffffffffffffffff, 0x4bfa, 0x0) ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0x0) symlink(&(0x7f00000000c0)='..', &(0x7f0000000040)='./file0\x00') syz_open_procfs(0x0, 0x0) r1 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) setsockopt$inet_sctp6_SCTP_PARTIAL_DELIVERY_POINT(r1, 0x84, 0x13, 0x0, 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000200)='devpts\x00E\xe6\xcb\xf6~\x11mS,!\xd7\xc5_\x96j\xc3\xcb\xe8@\x8a\xd7\x0f\xbc\\\xbe\x9b2\xc4\x8cp\xe8\xe2\xdf\xdf\xb6\xc6}\xde\x0e9\xd9\x8b\xf6e\x04g7T:-*w\xf7I>#htW\xeac_\xf5\x0e\xd7\xab\x15\b\x02 \xcdu\xbf\xfaho>\xd7U\xfc\x97L\xe0\'\xf4\x8e\xd0\x00'/124, 0x0, 0x0) chroot(&(0x7f0000000140)='./file0\x00') umount2(&(0x7f0000000080)='./file0\x00', 0x0) ioctl$NBD_SET_FLAGS(0xffffffffffffffff, 0xab0a, 0x0) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x11d000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, 0x0, 0x196, 0x0, 0x0, 0x0) [ 1181.275053][ T27] audit: type=1800 audit(1577520797.001:731): pid=19990 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="file0" dev="loop1" ino=561 res=0 08:13:17 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x196, 0x0, 0x0, 0x0) ioctl$KVM_GET_XCRS(0xffffffffffffffff, 0x8188aea6, &(0x7f0000000000)=ANY=[@ANYBLOB="010002d59400000500ade76e876e03c8cc0000"]) ioctl$KVM_RUN(r2, 0xae80, 0x1300000000000000) [ 1181.449536][ T27] audit: type=1804 audit(1577520797.011:732): pid=19990 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir643497950/syzkaller.E8iwYA/240/file0/file0" dev="loop1" ino=561 res=1 [ 1181.616436][ T27] audit: type=1804 audit(1577520797.071:733): pid=20000 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir643497950/syzkaller.E8iwYA/240/file0/file0" dev="loop1" ino=561 res=1 [ 1182.048507][ T27] audit: type=1804 audit(1577520797.781:734): pid=20000 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir643497950/syzkaller.E8iwYA/240/file0/file0" dev="loop1" ino=561 res=1 [ 1182.077495][ T27] audit: type=1804 audit(1577520797.811:735): pid=20019 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir643497950/syzkaller.E8iwYA/240/file0/file0" dev="loop1" ino=561 res=1 [ 1182.108022][ T27] audit: type=1804 audit(1577520797.811:736): pid=20018 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir643497950/syzkaller.E8iwYA/240/file0/file0" dev="loop1" ino=561 res=1 08:13:20 executing program 0: r0 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(r0, 0x40086602, 0x400007) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x6}, 0x3c) write$cgroup_subtree(r1, &(0x7f0000000000)=ANY=[], 0x32600) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r1, &(0x7f0000000000)=ANY=[@ANYBLOB], 0xda00) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000080)='cpu.stat\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x7fff}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffc}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) write$cgroup_int(r2, &(0x7f0000000200), 0x43400) ioctl$PERF_EVENT_IOC_MODIFY_ATTRIBUTES(r1, 0x4008240b, &(0x7f0000000280)={0x0, 0x70, 0xff, 0x1, 0x0, 0x3, 0x0, 0x100000000, 0xc17d06253f1d94fb, 0x2, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x8000, 0x4, @perf_config_ext={0x4, 0x1f}, 0x800, 0x8239, 0x7fff, 0x1, 0x1000, 0x9, 0x7}) 08:13:20 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x196, 0x0, 0x0, 0x0) ioctl$KVM_GET_XCRS(0xffffffffffffffff, 0x8188aea6, &(0x7f0000000000)=ANY=[@ANYBLOB="010002d59400000500ade76e876e03c8cc0000"]) ioctl$KVM_RUN(r2, 0xae80, 0x1400000000000000) 08:13:20 executing program 3: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socketpair(0x1e, 0x1, 0x0, &(0x7f0000000140)={0x0, 0x0}) close(r0) bpf$MAP_CREATE(0x0, &(0x7f0000000180)={0x0, 0x0, 0x3, 0xfffffffd}, 0x3c) setsockopt$sock_attach_bpf(r1, 0x10f, 0x87, &(0x7f0000000180), 0x4bd) socketpair(0x1e, 0x80005, 0x0, &(0x7f0000000340)={0x0, 0x0}) close(r2) setsockopt$sock_attach_bpf(r3, 0x10f, 0x87, &(0x7f0000000180), 0x127) sendmsg$tipc(r3, &(0x7f0000000500)={&(0x7f0000000280), 0x10, &(0x7f00000002c0)=[{&(0x7f0000001580)="276c5bd6f0db828036f59b152925d176a9e51a4722f8fd829657ff48969c3c5f309ceaf42e7b242b7fe4fa128061aec9827004000c31fd9e31cb1c79990c2b89045ea4dc3ad63a775c80850ea10827e8a40a6c8b5fa7cc514639bb99f13c6a3d0825a738a1a53433042c75230d368c95f8a0b5562b58ecf50fd78e5def7375cd62fb5728535bf371b2ffc7d8058398075e1d0a7a4451395c39f79c26b7287cebd130de7737e77714686b9d67d87a3cf8da02cc70fdc99c1a7c916ae542b9d5baaf1f9daa4fb845fd5d5cad2073a61ce51c345150f84b3900997296d55c7d394af17b01d445465ef377508a1a29a5d6b03b0da22c973f22814fb2a802d50fb1f051e7d95d53d598a0599ec79cd27123fa1d13b7996609d4548e81ef7b1e8de8f32593ef46c3081ab55929a3c1cb1fa28a485518391a76b7b80d5941aa42222cb6f25be29ebc938af75971ffffdd4dea114ac37f38e69cb670020a7448d99b7b5e3d09bcf2625c94d6599182ce9edb0bbfea111dae3b1c9d6cd3162ce0aaebcdcf22a8d29dca0d04ebf5944168f398c500915579070586dff7a2ec6d345d1f69a8c749740aea0dbb2d30c9f7e3afd498a886c906fe09a83322d8e94b3ebe288ec1601e6a16122fa44191b6b3f5315eb0b35cb628540438919b906502eeb7cacc7d15753e456b056e6145ab65ac7c01253f3c5663495a74a0598feed07436a72d3ee1185d0fbcf89e8c5d449e0216cab8110efe923be24366dffc65bb386e7f015bb40b6fd9abbf7180b217f88d99f168c113f3ff187c202e2ae32a0238e43af612678a44a3d8373b6dc6bf820f8bf73e6411c51152f51993c66effe25c6e72a3127da6996f13691ded659e1f9d6eab1124435750dfeb60de2b2d59d9196bda3a3c5cd5054b2960481d50ce28ac4159b54f3f26a9decfc8ab36b6110eda741e21c95e3631b3de40fd3c7828fb0e3c85070eb233d4d4b1b75e0167ec62e81f1a12a0cd2e02a7a43edb384e4d0d59744bbe86611575966efe25b4191f14a368a72c13aeb4de7caff7a9439b583d08714fd22a9b1ff08297a562a859e2d21dd4f8ecf6701bcd9a30d28909c52c56a8ef739f0841ae895ad858121b1ec82ae1bbec856730aba8e2f42841c33caa862fdf8b651d90055b6725e5bf0af348ec550ad23c5a3c15c7455fdb13a57a6e452bdebbeb32200ab7dce3fab98b206ec2571e3de8904bea2265288dbaec64359cb5cd926dc025343fff78e7bdab6f541a3d2b569f37b8339d14e706163854d01ba5380d648391740e1fc2e118557692796acf6e0fa8ab21c5657259bf05a8b510eb285f306c8cdd6e185094b0ff46ec71d5a9b8e344176f263730468db893eaba00c32bdafdb1ebdc3ec441abaf4e7b2db744411ae02f33b340a373ea1a485b88073c2da7bd6828bbe4028fef4c30088c9b28daf899741029da8f52d2927250c582f16ca173c0761ad74364f562f3106a15d17d34ff27abc49b8a7d9aa3d2d2bd5c406c9fe21e59ffad1a85c3d1283f983efaab087a92ce4bc66c934605b658f56857301278b09f5e22ba0034a3944ae27bd20cf9cd4a7d1973d4818716d0bf71d922d74ef68ede2604a98f6db652206e0a34ceed21cb950eebbee9686fc368e2b42f9417b22ab84c1a341630f962560900e02f20cc0ed618e657fe4ede15f9a105620dd2206dbd74ba7f061f2d058a127f5ecb72ad12264d81816d82169d668adf80bbdd279c684e11980f72ba126d0326dbfe6736d2b737069e0c5efb7e76276f10fa915907d91282084fa9a12c5636fd265ef705f49adc9924ffcc68742b17c9212fe8abcc49e4db91ee543a7fd438e59d030d6fa1c31ebe151f9c44af0069df608f0395159c41339aaf31b4c3e67526036c7f4d96fdd5afa5c4c85f2a6648098dccd6a49a8250e26bce3ca0e78976c961432783947e3a8ff5430af9cfebf3d2ee72153b7bd4d7f2cce79da6defba02cc5a73f7fa137c01a2cea52a961d9504d959aec7e2627fc33d07ef45bb8afbded876bee54c7f2feacf548bbab68a782e7bbcb6140d6c6b3fbe1108a6f4dd750c0424a9e1e0b8f239c4739f28463a23fe011cb8c98e25126c5693f19f16ab8a4b6351ff2955a397c3618ae47c78b2d123c334082f9aae0d7f9e7b761d58ef7e1f6dd20a23c7bcc3e84dbc75551573c425e5d56ca84e263b22c2ed5ff1255e500c1810574ff1af28114221fa6e72439d5fc117700bf5a7e01e2ffc0cfeabfddb8ae217a7033c9c8dce5a685ca7a0f4ceeb153ab2ae77652e1d73e9510f868b70270e386664ab4c45ddf353e61aef1ac0c673502b7e7faae557df3eaa5fd0a3a00c54f23723ce6406f616f678b6f789c57e09864895dd8a1e5da9ff0bc7be9f9174af99e157e4c71ed69c71783abb3ad18141d99e49ef32614b8ac29eb50f64b2355f4b599acbdf039877d68275a2ebeb0729791412dfd3194cc2cb4f045a4d2ac74afffec582df03ce4afd2aedc594c6cd34a4cd21d4ea653b04d49a8aa1e942df36b530c90d0c2c62ef8369677ce2ffd4304b0410ff9ef86be8afbf55adc6abca02acf03dcab2fe5339ab0eb9d79dfc4817c5e2c10676904192395d9b8552760b0fa79add2769284a0ef5ebc4d61e64dc9a8b2d4770cdb4be4345026f6d04549140f4bb01e8252eb06d70afd84247f8023a0cc31329499a0efcd8a79e0832992a96b437258ab186c6a9c8f2e55fe7319605453b888d928730a11a11b4f56eec25b4c18b2205aad508a9f6850e6e23103a517cf43af019d54593803b76a3529777a58441d781d2eb509fcb723ba3be91d12c809f0148095e2066e1b0f0656ceeb751ad610e265bd4bc1b67f5e521ef420420e9b7e137f29240d63a42d678c1739f33f39a09a0f4c5249f808f41152a07ce9bfcc94e35683bea83f82a5e34e1fef3f8ea2cf4c9f1c8ccef87d7f58fc1b4ace6cb667e62ed1f54f72b3a156551d96f9a16ff4864ae3a01dc86b5c65e6676493f07d7257b34d8c6c5851334a4542dd2bea4aef4f444b5f26ac89a27e3313a4a66bdad09382357f1adbd61d526a2541022814cc4b2515aec30f74729d1a5826a3206c02ccd6adfb6c2b6c7aee33b7213bdbc5878151b50d1a8fdc1b2b9b44a01606770028723c848e1faf60b89de5a2e72b7d19f7745f7c89989ab2a8174291ad7d0f2b172672aba9f4a1b42df53baf6d353b45d755eff7526efa8a87a2aeaf84d9a434e8844a98eab172fa474b353f19e1231aca846d93eb24e650e015a42c578d23d794c02304ff72e358ea5c75f6709e587951d3900b3b1066ddd4a2fe9186d0cfcfcc7e33e9b882e8c2242ba990face580f94d66bb6a5212190fba3c1f1e046738c422d9e94ed6671157af9145bcfe7fd0d431a7a7c84a3eec802794286e2dc2b59e93fcb09ea22a1e47ee8f0b3cf756fb67bc3676819cbc67396322ea6be61552533b52a2fd258e82dc7c57a09211cce3e785f5b4deacae7b9dcd48080c9edb03d935c9c9a426bb6d3ec71e559af61b796827b5e425c991d3485381e0842b35cb0ad91154f4a13117b35d2a9ebfcf0ef68d73093dd483923f7b3a00e9c04c0eec31effc9f908f38949e1766409fc9c8cc48f95d4d537520159dd794edb56e824d31c67d9c7cbefdb51860a8d1f859baa9bf5c2752d00b6969e94d47a88be798f6df9e6b5977a56206c33a38e74ac5de0b23489c9f5a037e13ae0194beb9f954c6b8ebefa78194a4e891c12ddb43019e60d9b8e7fe78df65a83671b76fd1a9c7be064c6d822bb0749d2162168821484ab78f906cb990167a2f9e19a33be2086dd55e54cb8b6dbcd6d1cc9b4c828472d55db6f175547f73db54d142f290ef99e8e26f2c6ebc7a53bfe31fe1eb2ac6a13dd0081debcc346cc0d3407ff158bc48a314a18b7fa781e32b66f9eaa792031567fa8d5c33fd85ebf85af958ef84c0c69f2bc3f842bff08b4b3112a6ac24a78c9476f15d40de489e50fb5e426167a10739db436cb1a63f5e7b3baf7c21c3506d3021c487ce4625f66a18468c89c3a9c94c7c1c2676e1f21a26bc393cf83e7bdf9bf66c2e9dd080574e1a80fe152124e5191c9367f22b4a712322986165964ccc2b016f0fc52e69d009a2f9fc13f344153f17bcebf937f59714f44dfdc11e69c7216cdb4f4d2143222e41d7415b3ef52e45477f62def841cea29c6258a2a2d8c7895712c51025ed7fd5d68bf8aa5a96fbbba98090dac42ad69522f47288af9f6f7acd2406c42706a940300ab41a59488966dc63f4ce8a6e6e7b18c1cf7b3e5013441ad0d7f201343e4a64da2cd513782877cb35d00f2113147ec4d7410971968daa76b1b9ad115c9ef6e8fe6abeb8b372806dbccb26f504f3fb8fb26c97fc6dcc7091f2f940e76fc121b39f215cb5ee96383b0ad5dcb2f7671e1d75612b3992a8bfd9ef25545b75845991f64a26c87a8abbdde668be3e6fb8ebdc31e73eb4eafda15215e0b545907a86c0fa3d5f1af4cf096cd7ec9c31dd57851203a2ce0c4cfecefe63e43ec9335f00fe3195965d0602bdf0fb36a8b4c6a538f18c002895f4d33968901c0228fbbfd250ae07075c9c3d8e3233027ca1ba82586797b9c3fd5c256c9562789f4393908ecba4bbd26a49672d71098198efe77b3661a2114c3b919330e67cd0ae6e90d88e1922750b6d36bde8926f9c635fbe0b1016f016af69965d762ebcab348ea4fe695007c9e1f91b8f7019a3206627751c8216dae9857569f152888ba8876b51d5d73bffb3c5544500e1121d72a0d2ca9b382bae36c36fdb5680b5973ec3529eefc2077654f5ec0021d473c221d544d6c0b56c48926ece451f01bd3b2746f6ccb0a44a2e934eefbc24c8f4ced796e4941bb6363d2bf0af8834e0dde49632c228477fcbae8d6667c5996aeb14eac620e35a1b3a3b29c4122c91f92a2f9917291c04cfb9ef91215d8b0dffccd082474c9a2ee26ab2139d4428c74efd41f820d671b4255253abad18028b4d19715ba084eaa884dcc975da4c316ac3f8c056a2dc1215bd1db2fd504169e6dab0494bc8e02d4374f061c517d424b0050b678fb240df83d19c0f9a71465541f706cf976f6f653a216dc290698158864c941067577cc0b54c8ccae532de0ec0ddc67d4a22f5c9dcee990b7ae21567991bb1fa1f83d51114f00248735a3b884311b695a65fe6671db499588fd69c79baa8962d6f4331e3dda9b3d7075b2240d58cbe88521c4bfab84066a6b69fbcbc3cb6cbf", 0x101d0}], 0x1, 0x0, 0x0, 0xa000a0}, 0x0) 08:13:20 executing program 2: pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) syz_mount_image$vfat(&(0x7f0000000440)='vfat\x00', &(0x7f0000000400)='./file0\x00', 0xfffffffffffffffa, 0x1, &(0x7f00000003c0)=[{&(0x7f0000000080)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x280001c, 0x0) r1 = open(&(0x7f0000000300)='./file0\x00', 0x0, 0x0) fchdir(r1) creat(&(0x7f0000000140)='./bus\x00', 0x0) mkdir(&(0x7f0000000240)='./file1\x00', 0x0) mkdir(&(0x7f0000000280)='./file0\x00', 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000000), &(0x7f0000000040)=0xc) r2 = open(&(0x7f00000009c0)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x800002, 0x11, r2, 0x0) r3 = creat(&(0x7f00000002c0)='./bus\x00', 0x0) fcntl$setstatus(r3, 0x4, 0x6100) ftruncate(r3, 0x8200) write$cgroup_type(r3, &(0x7f0000000200)='threaded\x00', 0x175d900f) write$binfmt_misc(r0, &(0x7f0000000140)=ANY=[], 0x4240a2a0) 08:13:20 executing program 1: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x552, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78) setsockopt$inet_mreqsrc(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000100)='./file0\x00', 0x40c2, 0x40) r2 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) write(r1, &(0x7f0000000600)="34fd98aa1d0e7adec937a5f331a75f487934f50242a0751944936972896c29a5068c8ecba1aa0a4e2a631b5180e1fbde79f4502dc4c4a1fba9dcd9ed83e639aefa1b87631c33d1a82cb0c0035676ddfeb0fe7984d7519b0f839d497fc9d64ef14d1de22220ff2623df4950134b9fb734a52adad95f131cce3672a9d7d7b400d2c62810b5f20351639330948107bf8d4534a03ac389455c54d8eb4d609b3e858b7213b38eb01f0eeaba3739ae927916e28da6a79a3fd5e32d30ab30bf959d4596e5ffbff6789a650b9e7d248d1ba849012336a4f3ef8fab07a8f5b81bb0bc45b2174538315ca12b7c723b2157562564a8a1f19d28179f8c565448e0e921b8c3e6fc4adaafa8b929ad077f633325b6a6f71a586cabc4883e03e19315f946b277858593a7367e232202fe9ad656c6768a1517da7f0498b48cb078e929fb11db0cc551f754bffc4859dd89a396915cc809b07d448573098409ea21371056f67ef4114ec10547f498d24513fe594308bf022868ad21e85bba811942fdc45161a1a8a7fe00d5c6b05ed7954f631bbd12a5c9a5cfa5965e0595de608b04ebe02b3fcbf3b9f57807a1a7ad8528992e2ec65949da2f4a0478dfd3ae52639c15d8aeaa351da6d393b58c772168fae604d097fef4d6b9360eb169a0b0ee70cdc22435a003e68698f61b3b63b1f51011bc8f4ef944c1de821785f670124a1c6ed18335d63412", 0x200) sendfile(r1, r2, 0x0, 0x7fffffa7) r3 = open(&(0x7f0000000040)='./file0\x00', 0x7ce739fd1290ef9, 0x45) sendfile(r3, r1, 0x0, 0xffffffff) 08:13:20 executing program 5: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000000)="6653070000053c07bc3376003639405cb4aed1e68f7d368b3fb62f00000000", 0x1f}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, 0x0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) 08:13:20 executing program 3: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000940)={0x26, 'hash\x00', 0x0, 0x0, 'sha384-generic\x00'}, 0x58) r1 = accept4(r0, 0x0, 0x0, 0x0) sendmsg(r1, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f00000001c0)="65ddb218a68b6a5df38eceabbd07d3f31d14f85a2e458117df8a5ed483daec0921778757e7ebeab3fd4304aaa5a54d79af076461f0d3381fd0d1995bb6b0aa253965af", 0x43}, {&(0x7f0000000080)="0c1932f2392d2f1056a305", 0xb}, {&(0x7f0000000240)="f3d9e64c110951ad95fc1f4415fc0c11dfbf6a7efb940ff0f886a4fe560938a26c52e92ea18779ad1572ec9c6793266b48f8", 0x32}], 0x3}, 0x0) 08:13:21 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x196, 0x0, 0x0, 0x0) ioctl$KVM_GET_XCRS(0xffffffffffffffff, 0x8188aea6, &(0x7f0000000000)=ANY=[@ANYBLOB="010002d59400000500ade76e876e03c8cc0000"]) ioctl$KVM_RUN(r2, 0xae80, 0x1500000000000000) 08:13:21 executing program 3: pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) syz_mount_image$vfat(&(0x7f0000000440)='vfat\x00', &(0x7f0000000400)='./file0\x00', 0xfffffffffffffffa, 0x1, &(0x7f00000003c0)=[{&(0x7f0000000080)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x280001c, 0x0) r1 = open(&(0x7f0000000300)='./file0\x00', 0x0, 0x0) fchdir(r1) creat(&(0x7f0000000140)='./bus\x00', 0x0) mkdir(&(0x7f0000000240)='./file1\x00', 0x0) mkdir(&(0x7f0000000280)='./file0\x00', 0x0) r2 = open(&(0x7f00000009c0)='./bus\x00', 0x141042, 0x0) ioctl$KDSKBSENT(r0, 0x4b49, &(0x7f0000000480)={0x3, "fe4ebda60af0a830713abf3f9853305cc033cc7ba55edaccbe69e8d15b9b80f579088c35c70d06b7635d268651a732e45a2ebd65d9cbe8dabdb7b985081b9dee6dfc7b5c32618aea58160b45a43f5a09dce57fe248c1b26ba6d63d9502f82e2a1452952e8c5bfa1ea37d47e8894ea06652304fe3dadd4ce47a9de7f2fa43a1ebdefed9431d25ea0f9e2cce91374ba1d04bb65191355dda8aaa966e4b03b7bc6495f276e9a1cabd28f445c24403bdfe75ab1b3e85c9092592df0cfae8c2f4969ac6dd444af5c0c863a70d69f332b3ada63df97bb1943f7b1aa2604434f7433bf86d8b129bb74832b129b34bb1f8f27d52be6b388c74eed6e8c53ba76902aea4a5d4acf4082f7470eae88d5e9273696419815545d289d0b36e0a839e44a60be6c12f5a982de7d560fcb18517c09abcc177ea827df103e73d2e1d89f45f39aac1399c8a95c844945baddfa7470e7020836146228d9fad042810df2d31b8c6d83c2773cfacb3c370c3686663f2c6704dc5a9441fc99b07c6e2e32f704fc4ed70fbd8cbc7a074fa5eb378ed214f2a0b2242fdcd6fccdc621328e15bf82f351e17aab1383bdfa950ae8ce896159c4eb3621e03b2ebe026fe4822853ce94ac89712a6a0858337e000952f7a6d8e95fbd69c935d24914344802515a0dab2a3e0cd2b866a584267befff0c9fc24c9bf9eee2fd946875a4a5f5a6b2a3f56982658fb7efa12"}) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x800002, 0x11, r2, 0x0) r3 = creat(&(0x7f00000002c0)='./bus\x00', 0x0) fcntl$setstatus(r3, 0x4, 0x6100) ftruncate(r3, 0x8200) write$cgroup_type(r3, &(0x7f0000000200)='threaded\x00', 0x175d900f) r4 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_S_EXT_CTRLS(r4, 0xc0205648, &(0x7f0000000080)={0x0, 0x7}) ioctl$FS_IOC_SETFLAGS(r4, 0x40086602, &(0x7f0000000040)=0x8) fcntl$F_SET_FILE_RW_HINT(0xffffffffffffffff, 0x40e, &(0x7f0000000000)) write$binfmt_misc(r0, &(0x7f0000000140)=ANY=[], 0x4240a2a0) 08:13:21 executing program 2: pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) syz_mount_image$vfat(&(0x7f0000000440)='vfat\x00', &(0x7f0000000400)='./bus\x00', 0xfffffffffffffffa, 0x0, &(0x7f00000003c0), 0x40000, 0x0) r1 = open(&(0x7f0000000300)='./file0\x00', 0x0, 0x0) fchdir(r1) creat(&(0x7f0000000140)='./bus\x00', 0x0) mkdir(&(0x7f0000000240)='./file1\x00', 0x0) mkdir(&(0x7f0000000280)='./file0\x00', 0x0) r2 = open(&(0x7f00000009c0)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x800002, 0x11, r2, 0x0) r3 = creat(&(0x7f00000002c0)='./bus\x00', 0x0) fcntl$setstatus(r3, 0x4, 0x6100) read$char_usb(0xffffffffffffffff, &(0x7f0000000480)=""/205, 0xcd) ftruncate(r3, 0x8200) write$cgroup_type(r3, &(0x7f0000000200)='threaded\x00', 0x175d900f) r4 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_S_EXT_CTRLS(r4, 0xc0205648, &(0x7f0000000080)={0x0, 0x7}) r5 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_S_EXT_CTRLS(r5, 0xc0205648, &(0x7f0000000080)={0x0, 0x7}) write$binfmt_misc(r0, &(0x7f00000000c0)=ANY=[@ANYRES16=r5, @ANYPTR64=&(0x7f0000000340)=ANY=[@ANYPTR=&(0x7f0000000100)=ANY=[], @ANYBLOB="29955d5c2e35b4f2a0e04f7ee72e583fedce005da21a59d99d500ddef9d14f5f386bdd3b24f2c8cd0dee3a8dc5d229e80ed776b53c89780ac25a160c7e10e92d4aac792338939648c98d3cad56e5111181f3b41c79399585af528b88352abe43872e8e1f8489caa0efea5eeb619a1445432f5790cc0d3d28280b8bcb8bfaab4c"], @ANYRES64=r4], 0x12) 08:13:21 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x196, 0x0, 0x0, 0x0) ioctl$KVM_GET_XCRS(0xffffffffffffffff, 0x8188aea6, &(0x7f0000000000)=ANY=[@ANYBLOB="010002d59400000500ade76e876e03c8cc0000"]) ioctl$KVM_RUN(r2, 0xae80, 0x1600000000000000) 08:13:21 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x196, 0x0, 0x0, 0x0) ioctl$KVM_GET_XCRS(0xffffffffffffffff, 0x8188aea6, &(0x7f0000000000)=ANY=[@ANYBLOB="010002d59400000500ade76e876e03c8cc0000"]) ioctl$KVM_RUN(r2, 0xae80, 0x1700000000000000) [ 1185.941076][T20070] FAT-fs (loop3): error, fat_get_cluster: invalid cluster chain (i_pos 17) [ 1185.966630][T20070] FAT-fs (loop3): Filesystem has been set read-only [ 1185.976935][T20070] FAT-fs (loop3): error, fat_get_cluster: invalid cluster chain (i_pos 17) [ 1185.996195][T20070] FAT-fs (loop3): error, fat_get_cluster: invalid cluster chain (i_pos 17) [ 1186.005412][T20070] FAT-fs (loop3): error, fat_get_cluster: invalid cluster chain (i_pos 17) [ 1186.015047][T20070] FAT-fs (loop3): error, fat_get_cluster: invalid cluster chain (i_pos 17) [ 1186.028344][T20070] FAT-fs (loop3): error, fat_get_cluster: invalid cluster chain (i_pos 17) [ 1186.037545][T20070] FAT-fs (loop3): error, fat_get_cluster: invalid cluster chain (i_pos 17) [ 1186.047137][T20070] FAT-fs (loop3): error, fat_get_cluster: invalid cluster chain (i_pos 17) [ 1186.055944][T20070] FAT-fs (loop3): error, fat_get_cluster: invalid cluster chain (i_pos 17) [ 1186.064566][T20070] FAT-fs (loop3): error, fat_get_cluster: invalid cluster chain (i_pos 17) 08:13:26 executing program 0: r0 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(r0, 0x40086602, 0x400007) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x6}, 0x3c) write$cgroup_subtree(r1, &(0x7f0000000000)=ANY=[], 0x32600) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r1, &(0x7f0000000000)=ANY=[@ANYBLOB], 0xda00) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000080)='cpu.stat\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x7fff}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffc}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) write$cgroup_int(r2, &(0x7f0000000200), 0x43400) ioctl$PERF_EVENT_IOC_MODIFY_ATTRIBUTES(r1, 0x4008240b, &(0x7f0000000280)={0x0, 0x70, 0xff, 0x1, 0x0, 0x3, 0x0, 0x100000000, 0xc17d06253f1d94fb, 0x2, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x8000, 0x4, @perf_config_ext={0x4, 0x1f}, 0x800, 0x8239, 0x7fff, 0x1, 0x1000, 0x9, 0x7}) 08:13:27 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x196, 0x0, 0x0, 0x0) ioctl$KVM_GET_XCRS(0xffffffffffffffff, 0x8188aea6, &(0x7f0000000000)=ANY=[@ANYBLOB="010002d59400000500ade76e876e03c8cc0000"]) ioctl$KVM_RUN(r2, 0xae80, 0x1800000000000000) 08:13:27 executing program 1: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x552, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78) bpf$OBJ_GET_PROG(0x7, &(0x7f0000000180)={&(0x7f0000000000)='./file0\x00', 0x0, 0x3c}, 0x10) setsockopt$inet_mreqsrc(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000100)='./file0\x00', 0x40c2, 0x40) r2 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) fcntl$F_SET_FILE_RW_HINT(r0, 0x40e, &(0x7f00000001c0)) write(r1, &(0x7f0000000600)="34fd98aa1d0e7adec937a5f331a75f487934f50242a0751944936972896c29a5068c8ecba1aa0a4e2a631b5180e1fbde79f4502dc4c4a1fba9dcd9ed83e639aefa1b87631c33d1a82cb0c0035676ddfeb0fe7984d7519b0f839d497fc9d64ef14d1de22220ff2623df4950134b9fb734a52adad95f131cce3672a9d7d7b400d2c62810b5f20351639330948107bf8d4534a03ac389455c54d8eb4d609b3e858b7213b38eb01f0eeaba3739ae927916e28da6a79a3fd5e32d30ab30bf959d4596e5ffbff6789a650b9e7d248d1ba849012336a4f3ef8fab07a8f5b81bb0bc45b2174538315ca12b7c723b2157562564a8a1f19d28179f8c565448e0e921b8c3e6fc4adaafa8b929ad077f633325b6a6f71a586cabc4883e03e19315f946b277858593a7367e232202fe9ad656c6768a1517da7f0498b48cb078e929fb11db0cc551f754bffc4859dd89a396915cc809b07d448573098409ea21371056f67ef4114ec10547f498d24513fe594308bf022868ad21e85bba811942fdc45161a1a8a7fe00d5c6b05ed7954f631bbd12a5c9a5cfa5965e0595de608b04ebe02b3fcbf3b9f57807a1a7ad8528992e2ec65949da2f4a0478dfd3ae52639c15d8aeaa351da6d393b58c772168fae604d097fef4d6b9360eb169a0b0ee70cdc22435a003e68698f61b3b63b1f51011bc8f4ef944c1de821785f670124a1c6ed18335d63412", 0x200) sendfile(r1, r2, 0x0, 0x7fffffa7) eventfd(0x7) r3 = open(&(0x7f0000000040)='./file0\x00', 0x141042, 0x0) sendfile(r3, r1, 0x0, 0xffffffff) 08:13:27 executing program 2: pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) syz_mount_image$vfat(&(0x7f0000000440)='vfat\x00', &(0x7f0000000400)='./file0\x00', 0xfffffffffffffffa, 0x1, &(0x7f00000003c0)=[{&(0x7f0000000080)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x280001c, 0x0) r1 = open(&(0x7f0000000300)='./file0\x00', 0x0, 0x0) fchdir(r1) creat(&(0x7f0000000140)='./bus\x00', 0x0) mkdir(&(0x7f0000000240)='./file1\x00', 0x0) ioctl$VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000480)={0x2, @raw_data="b5c6cfa03f8f0aee145131ea0b4b5c6c6688ba2b1589ca37a3b66f287169f305865c022395329ede7918dcc8b801643de1ed00a3260484b7c4d3292553cbb9586879a28d56fe52a9f5c6502842d2eb59e5e02679404d757431af45c7f4b64fa5d519387dbe7e6c316fbbb911a25ce55c608233d481e9dd309e8368fe05b6a80dcf6a7f0051c6143bf7c630e06acde26be4fdc218665807e74a30f3781af714d43e0e85ac3021bcd7fa045285ffc2cea66d2006a02cfd7b221858dafafd09cff2961780468c4e6c79"}) mkdir(&(0x7f0000000280)='./file0\x00', 0x0) r2 = open(&(0x7f00000009c0)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x800002, 0x11, r2, 0x0) r3 = creat(&(0x7f00000002c0)='./bus\x00', 0x0) fcntl$setstatus(r3, 0x4, 0x6100) ftruncate(r3, 0x8200) write$cgroup_type(r3, &(0x7f0000000200)='threaded\x00', 0x175d900f) write$binfmt_misc(r0, &(0x7f0000000140)=ANY=[], 0x4240a2a0) 08:13:27 executing program 3: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x552, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78) setsockopt$inet_mreqsrc(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000100)='./file0\x00', 0x40c2, 0x40) r2 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) write(r1, &(0x7f0000000600)="34fd98aa1d0e7adec937a5f331a75f487934f50242a0751944936972896c29a5068c8ecba1aa0a4e2a631b5180e1fbde79f4502dc4c4a1fba9dcd9ed83e639aefa1b87631c33d1a82cb0c0035676ddfeb0fe7984d7519b0f839d497fc9d64ef14d1de22220ff2623df4950134b9fb734a52adad95f131cce3672a9d7d7b400d2c62810b5f20351639330948107bf8d4534a03ac389455c54d8eb4d609b3e858b7213b38eb01f0eeaba3739ae927916e28da6a79a3fd5e32d30ab30bf959d4596e5ffbff6789a650b9e7d248d1ba849012336a4f3ef8fab07a8f5b81bb0bc45b2174538315ca12b7c723b2157562564a8a1f19d28179f8c565448e0e921b8c3e6fc4adaafa8b929ad077f633325b6a6f71a586cabc4883e03e19315f946b277858593a7367e232202fe9ad656c6768a1517da7f0498b48cb078e929fb11db0cc551f754bffc4859dd89a396915cc809b07d448573098409ea21371056f67ef4114ec10547f498d24513fe594308bf022868ad21e85bba811942fdc45161a1a8a7fe00d5c6b05ed7954f631bbd12a5c9a5cfa5965e0595de608b04ebe02b3fcbf3b9f57807a1a7ad8528992e2ec65949da2f4a0478dfd3ae52639c15d8aeaa351da6d393b58c772168fae604d097fef4d6b9360eb169a0b0ee70cdc22435a003e68698f61b3b63b1f51011bc8f4ef944c1de821785f670124a1c6ed18335d63412", 0x200) sendfile(r1, r2, 0x0, 0x7fffffa7) r3 = open(&(0x7f0000000040)='./file0\x00', 0x141042, 0x0) sendfile(r3, r1, 0x0, 0xfffffff0) 08:13:27 executing program 5: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000000)="6653070000053c07bc3376003639405cb4aed1e68f7d368b3fb62f00000000", 0x1f}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, 0x0) ptrace$cont(0x20, r0, 0x0, 0x0) [ 1191.427561][ T27] kauditd_printk_skb: 4 callbacks suppressed [ 1191.427581][ T27] audit: type=1800 audit(1577520807.161:741): pid=20106 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="file0" dev="loop1" ino=566 res=0 [ 1191.454126][ T27] audit: type=1804 audit(1577520807.171:742): pid=20106 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir643497950/syzkaller.E8iwYA/242/file0/file0" dev="loop1" ino=566 res=1 [ 1191.479470][ T27] audit: type=1800 audit(1577520807.181:743): pid=20107 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.3" name="file0" dev="loop3" ino=567 res=0 08:13:27 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x196, 0x0, 0x0, 0x0) ioctl$KVM_GET_XCRS(0xffffffffffffffff, 0x8188aea6, &(0x7f0000000000)=ANY=[@ANYBLOB="010002d59400000500ade76e876e03c8cc0000"]) ioctl$KVM_RUN(r2, 0xae80, 0x1900000000000000) [ 1191.548975][ T27] audit: type=1804 audit(1577520807.281:744): pid=20121 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir643497950/syzkaller.E8iwYA/242/file0/file0" dev="loop1" ino=566 res=1 [ 1191.579472][T20106] FAT-fs (loop1): error, fat_get_cluster: invalid cluster chain (i_pos 17) [ 1191.609086][T20106] FAT-fs (loop1): Filesystem has been set read-only [ 1191.627183][ T27] audit: type=1804 audit(1577520807.281:745): pid=20107 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir040667840/syzkaller.2WQcgv/131/file0/file0" dev="loop3" ino=567 res=1 [ 1191.640156][T20106] FAT-fs (loop1): error, fat_get_cluster: invalid cluster chain (i_pos 17) [ 1191.683495][T20106] FAT-fs (loop1): error, fat_get_cluster: invalid cluster chain (i_pos 17) [ 1191.705133][T20106] FAT-fs (loop1): error, fat_get_cluster: invalid cluster chain (i_pos 17) 08:13:27 executing program 2: pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) syz_mount_image$vfat(&(0x7f0000000440)='vfat\x00', &(0x7f0000000400)='./file0\x00', 0xfffffffffffffffa, 0x1, &(0x7f00000003c0)=[{&(0x7f0000000080)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x280089c, 0x0) r1 = open(&(0x7f0000000300)='./file0\x00', 0x0, 0x0) fchdir(r1) creat(&(0x7f0000000140)='./bus\x00', 0x0) mkdir(&(0x7f0000000240)='./file1\x00', 0x0) mkdir(&(0x7f0000000280)='./file0\x00', 0x0) r2 = open(&(0x7f00000009c0)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x800002, 0x11, r2, 0x0) r3 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_S_EXT_CTRLS(r3, 0xc0205648, &(0x7f0000000080)={0x0, 0x7}) read(r3, &(0x7f0000000000)=""/93, 0x5d) r4 = creat(&(0x7f00000002c0)='./bus\x00', 0x0) fcntl$setstatus(r4, 0x4, 0x6100) ftruncate(r4, 0x8200) write$cgroup_type(r4, &(0x7f0000000200)='threaded\x00', 0x175d900f) write$binfmt_misc(r0, &(0x7f0000000140)=ANY=[], 0x4240a2a0) [ 1191.727732][T20106] FAT-fs (loop1): error, fat_get_cluster: invalid cluster chain (i_pos 17) [ 1191.736826][T20106] FAT-fs (loop1): error, fat_get_cluster: invalid cluster chain (i_pos 17) [ 1191.749500][T20107] FAT-fs (loop3): error, fat_get_cluster: invalid cluster chain (i_pos 17) [ 1191.756764][T20121] FAT-fs (loop1): error, fat_get_cluster: invalid cluster chain (i_pos 17) [ 1191.767438][T20121] FAT-fs (loop1): error, fat_get_cluster: invalid cluster chain (i_pos 17) [ 1191.777027][T20121] FAT-fs (loop1): error, fat_get_cluster: invalid cluster chain (i_pos 17) [ 1191.795668][T20121] FAT-fs (loop1): error, fat_get_cluster: invalid cluster chain (i_pos 17) [ 1191.806718][ T27] audit: type=1804 audit(1577520807.401:746): pid=20127 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.3" name="/root/syzkaller-testdir040667840/syzkaller.2WQcgv/131/file0/file0" dev="loop3" ino=567 res=1 08:13:27 executing program 1: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x552, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78) setsockopt$inet_mreqsrc(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) fchdir(r0) r2 = open(&(0x7f0000000100)='./file0\x00', 0x40c2, 0x40) r3 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) write(r2, &(0x7f0000000600)="34fd98aa1d0e7adec937a5f331a75f487934f50242a0751944936972896c29a5068c8ecba1aa0a4e2a631b5180e1fbde79f4502dc4c4a1fba9dcd9ed83e639aefa1b87631c33d1a82cb0c0035676ddfeb0fe7984d7519b0f839d497fc9d64ef14d1de22220ff2623df4950134b9fb734a52adad95f131cce3672a9d7d7b400d2c62810b5f20351639330948107bf8d4534a03ac389455c54d8eb4d609b3e858b7213b38eb01f0eeaba3739ae927916e28da6a79a3fd5e32d30ab30bf959d4596e5ffbff6789a650b9e7d248d1ba849012336a4f3ef8fab07a8f5b81bb0bc45b2174538315ca12b7c723b2157562564a8a1f19d28179f8c565448e0e921b8c3e6fc4adaafa8b929ad077f633325b6a6f71a586cabc4883e03e19315f946b277858593a7367e232202fe9ad656c6768a1517da7f0498b48cb078e929fb11db0cc551f754bffc4859dd89a396915cc809b07d448573098409ea21371056f67ef4114ec10547f498d24513fe594308bf022868ad21e85bba811942fdc45161a1a8a7fe00d5c6b05ed7954f631bbd12a5c9a5cfa5965e0595de608b04ebe02b3fcbf3b9f57807a1a7ad8528992e2ec65949da2f4a0478dfd3ae52639c15d8aeaa351da6d393b58c772168fae604d097fef4d6b9360eb169a0b0ee70cdc22435a003e68698f61b3b63b1f51011bc8f4ef944c1de821785f670124a1c6ed18335d63412", 0x200) sendfile(r2, r3, 0x0, 0x7fffffa7) getsockopt$inet_sctp_SCTP_PR_ASSOC_STATUS(r0, 0x84, 0x73, &(0x7f00000001c0)={0x0, 0x5, 0x10, 0xc000000000000000, 0x7}, &(0x7f0000000240)=0x18) setsockopt$inet_sctp6_SCTP_CONTEXT(r2, 0x84, 0x11, &(0x7f0000000280)={r4, 0x2}, 0x8) r5 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_S_EXT_CTRLS(r5, 0xc0205648, &(0x7f0000000080)={0x0, 0x7}) dup2(r5, r1) r6 = open(&(0x7f0000000040)='./file0\x00', 0x141042, 0x0) sendfile(r6, r2, 0x0, 0xffffffff) r7 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/pfkey\x00', 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x552, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, r7}, 0x78) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000180)={r7, 0x28}, 0x10) [ 1191.836371][T20107] FAT-fs (loop3): Filesystem has been set read-only [ 1191.864336][ T27] audit: type=1800 audit(1577520807.481:747): pid=20106 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed comm="syz-executor.1" name="file0" dev="loop1" ino=566 res=0 08:13:27 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x196, 0x0, 0x0, 0x0) ioctl$KVM_GET_XCRS(0xffffffffffffffff, 0x8188aea6, &(0x7f0000000000)=ANY=[@ANYBLOB="010002d59400000500ade76e876e03c8cc0000"]) ioctl$KVM_RUN(r2, 0xae80, 0x1a00000000000000) [ 1191.869055][T20107] FAT-fs (loop3): error, fat_get_cluster: invalid cluster chain (i_pos 17) [ 1191.884163][ T27] audit: type=1800 audit(1577520807.541:748): pid=20121 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed comm="syz-executor.1" name="file0" dev="loop1" ino=566 res=0 [ 1191.911261][T20127] FAT-fs (loop3): error, fat_get_cluster: invalid cluster chain (i_pos 17) [ 1192.053564][ T27] audit: type=1800 audit(1577520807.791:749): pid=20139 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="file0" dev="loop1" ino=568 res=0 [ 1192.102360][ T27] audit: type=1804 audit(1577520807.801:750): pid=20139 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir643497950/syzkaller.E8iwYA/243/file0/file0" dev="loop1" ino=568 res=1 08:13:27 executing program 3: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x552, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78) setsockopt$inet_mreqsrc(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000100)='./file0\x00', 0x40c2, 0x40) r2 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) write(r1, &(0x7f0000000600)="34fd98aa1d0e7adec937a5f331a75f487934f50242a0751944936972896c29a5068c8ecba1aa0a4e2a631b5180e1fbde79f4502dc4c4a1fba9dcd9ed83e639aefa1b87631c33d1a82cb0c0035676ddfeb0fe7984d7519b0f839d497fc9d64ef14d1de22220ff2623df4950134b9fb734a52adad95f131cce3672a9d7d7b400d2c62810b5f20351639330948107bf8d4534a03ac389455c54d8eb4d609b3e858b7213b38eb01f0eeaba3739ae927916e28da6a79a3fd5e32d30ab30bf959d4596e5ffbff6789a650b9e7d248d1ba849012336a4f3ef8fab07a8f5b81bb0bc45b2174538315ca12b7c723b2157562564a8a1f19d28179f8c565448e0e921b8c3e6fc4adaafa8b929ad077f633325b6a6f71a586cabc4883e03e19315f946b277858593a7367e232202fe9ad656c6768a1517da7f0498b48cb078e929fb11db0cc551f754bffc4859dd89a396915cc809b07d448573098409ea21371056f67ef4114ec10547f498d24513fe594308bf022868ad21e85bba811942fdc45161a1a8a7fe00d5c6b05ed7954f631bbd12a5c9a5cfa5965e0595de608b04ebe02b3fcbf3b9f57807a1a7ad8528992e2ec65949da2f4a0478dfd3ae52639c15d8aeaa351da6d393b58c772168fae604d097fef4d6b9360eb169a0b0ee70cdc22435a003e68698f61b3b63b1f51011bc8f4ef944c1de821785f670124a1c6ed18335d63412", 0x200) sendfile(r1, r2, 0x0, 0x7fffffa7) r3 = open(&(0x7f0000000040)='./file0\x00', 0x141042, 0x0) sendfile(r3, r1, 0x0, 0xfffffff0) [ 1192.197606][T20139] FAT-fs (loop1): error, fat_get_cluster: invalid cluster chain (i_pos 17) [ 1192.220008][T20139] FAT-fs (loop1): Filesystem has been set read-only [ 1192.230300][T20139] FAT-fs (loop1): error, fat_free: invalid cluster chain (i_pos 17) 08:13:28 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x196, 0x0, 0x0, 0x0) ioctl$KVM_GET_XCRS(0xffffffffffffffff, 0x8188aea6, &(0x7f0000000000)=ANY=[@ANYBLOB="010002d59400000500ade76e876e03c8cc0000"]) ioctl$KVM_RUN(r2, 0xae80, 0x1b00000000000000) 08:13:36 executing program 0: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40086602, 0x400007) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x6}, 0x3c) write$cgroup_subtree(r0, &(0x7f0000000000)=ANY=[], 0x32600) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r0, &(0x7f0000000000)=ANY=[@ANYBLOB], 0xda00) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000080)='cpu.stat\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x7fff}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffc}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) write$cgroup_int(r1, &(0x7f0000000200), 0x43400) ioctl$PERF_EVENT_IOC_MODIFY_ATTRIBUTES(r0, 0x4008240b, &(0x7f0000000280)={0x0, 0x70, 0xff, 0x1, 0x0, 0x3, 0x0, 0x100000000, 0xc17d06253f1d94fb, 0x2, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x8000, 0x4, @perf_config_ext={0x4, 0x1f}, 0x800, 0x8239, 0x7fff, 0x1, 0x1000, 0x9, 0x7}) 08:13:36 executing program 2: pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) syz_mount_image$vfat(&(0x7f0000000440)='vfat\x00', &(0x7f0000000400)='./file0\x00', 0xfffffffffffffffa, 0x1, &(0x7f00000003c0)=[{&(0x7f0000000080)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x280001c, 0x0) r1 = open(&(0x7f0000000300)='./file0\x00', 0x0, 0x0) fchdir(r1) creat(&(0x7f0000000140)='./bus\x00', 0x0) mkdir(&(0x7f0000000240)='./file1\x00', 0x0) mkdir(&(0x7f0000000280)='./file0\x00', 0x0) r2 = open(&(0x7f00000009c0)='./bus\x00', 0x240000, 0x0) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x800002, 0x11, r2, 0x0) r3 = creat(&(0x7f00000002c0)='./bus\x00', 0x0) fcntl$setstatus(r3, 0x4, 0x6100) ftruncate(r3, 0x8200) r4 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/pfkey\x00', 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x552, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, r4}, 0x78) write$cgroup_type(r4, &(0x7f0000000040)='threaded\x00', 0x9) write$binfmt_misc(r0, &(0x7f0000000140)=ANY=[], 0x4240a2a0) chmod(&(0x7f0000000000)='./bus\x00', 0x2) 08:13:36 executing program 1: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x552, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78) setsockopt$inet_mreqsrc(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000000)='./file0\x00', 0x800, 0x34) r2 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) write(r1, &(0x7f0000000600)="34fd98aa1d0e7adec937a5f331a75f487934f50242a0751944936972896c29a5068c8ecba1aa0a4e2a631b5180e1fbde79f4502dc4c4a1fba9dcd9ed83e639aefa1b87631c33d1a82cb0c0035676ddfeb0fe7984d7519b0f839d497fc9d64ef14d1de22220ff2623df4950134b9fb734a52adad95f131cce3672a9d7d7b400d2c62810b5f20351639330948107bf8d4534a03ac389455c54d8eb4d609b3e858b7213b38eb01f0eeaba3739ae927916e28da6a79a3fd5e32d30ab30bf959d4596e5ffbff6789a650b9e7d248d1ba849012336a4f3ef8fab07a8f5b81bb0bc45b2174538315ca12b7c723b2157562564a8a1f19d28179f8c565448e0e921b8c3e6fc4adaafa8b929ad077f633325b6a6f71a586cabc4883e03e19315f946b277858593a7367e232202fe9ad656c6768a1517da7f0498b48cb078e929fb11db0cc551f754bffc4859dd89a396915cc809b07d448573098409ea21371056f67ef4114ec10547f498d24513fe594308bf022868ad21e85bba811942fdc45161a1a8a7fe00d5c6b05ed7954f631bbd12a5c9a5cfa5965e0595de608b04ebe02b3fcbf3b9f57807a1a7ad8528992e2ec65949da2f4a0478dfd3ae52639c15d8aeaa351da6d393b58c772168fae604d097fef4d6b9360eb169a0b0ee70cdc22435a003e68698f61b3b63b1f51011bc8f4ef944c1de821785f670124a1c6ed18335d63412", 0x200) sendfile(r1, r2, 0x0, 0x7fffffa7) r3 = open(&(0x7f0000000040)='./file0\x00', 0x141042, 0x0) sendfile(r3, r1, 0x0, 0xffffffff) 08:13:36 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x196, 0x0, 0x0, 0x0) ioctl$KVM_GET_XCRS(0xffffffffffffffff, 0x8188aea6, &(0x7f0000000000)=ANY=[@ANYBLOB="010002d59400000500ade76e876e03c8cc0000"]) ioctl$KVM_RUN(r2, 0xae80, 0x1c00000000000000) 08:13:36 executing program 3: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x552, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78) setsockopt$inet_mreqsrc(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) fchdir(r0) r2 = open(&(0x7f0000000100)='./file0\x00', 0x40c2, 0x40) r3 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) write(r2, &(0x7f0000000600)="34fd98aa1d0e7adec937a5f331a75f487934f50242a0751944936972896c29a5068c8ecba1aa0a4e2a631b5180e1fbde79f4502dc4c4a1fba9dcd9ed83e639aefa1b87631c33d1a82cb0c0035676ddfeb0fe7984d7519b0f839d497fc9d64ef14d1de22220ff2623df4950134b9fb734a52adad95f131cce3672a9d7d7b400d2c62810b5f20351639330948107bf8d4534a03ac389455c54d8eb4d609b3e858b7213b38eb01f0eeaba3739ae927916e28da6a79a3fd5e32d30ab30bf959d4596e5ffbff6789a650b9e7d248d1ba849012336a4f3ef8fab07a8f5b81bb0bc45b2174538315ca12b7c723b2157562564a8a1f19d28179f8c565448e0e921b8c3e6fc4adaafa8b929ad077f633325b6a6f71a586cabc4883e03e19315f946b277858593a7367e232202fe9ad656c6768a1517da7f0498b48cb078e929fb11db0cc551f754bffc4859dd89a396915cc809b07d448573098409ea21371056f67ef4114ec10547f498d24513fe594308bf022868ad21e85bba811942fdc45161a1a8a7fe00d5c6b05ed7954f631bbd12a5c9a5cfa5965e0595de608b04ebe02b3fcbf3b9f57807a1a7ad8528992e2ec65949da2f4a0478dfd3ae52639c15d8aeaa351da6d393b58c772168fae604d097fef4d6b9360eb169a0b0ee70cdc22435a003e68698f61b3b63b1f51011bc8f4ef944c1de821785f670124a1c6ed18335d63412", 0x200) sendfile(r2, r3, 0x0, 0x7fffffa7) getsockopt$inet_sctp_SCTP_PR_ASSOC_STATUS(r0, 0x84, 0x73, &(0x7f00000001c0)={0x0, 0x5, 0x10, 0xc000000000000000, 0x7}, &(0x7f0000000240)=0x18) setsockopt$inet_sctp6_SCTP_CONTEXT(r2, 0x84, 0x11, &(0x7f0000000280)={r4, 0x2}, 0x8) r5 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_S_EXT_CTRLS(r5, 0xc0205648, &(0x7f0000000080)={0x0, 0x7}) dup2(r5, r1) r6 = open(&(0x7f0000000040)='./file0\x00', 0x141042, 0x0) sendfile(r6, r2, 0x0, 0xffffffff) r7 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/pfkey\x00', 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x552, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, r7}, 0x78) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000180)={r7, 0x28}, 0x10) 08:13:36 executing program 5: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000000)="6653070000053c07bc3376003639405cb4aed1e68f7d368b3fb62f00000000", 0x1f}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, 0x0) ptrace$cont(0x20, r0, 0x0, 0x0) [ 1200.699473][ T27] kauditd_printk_skb: 4 callbacks suppressed [ 1200.699495][ T27] audit: type=1800 audit(1577520816.431:755): pid=20192 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.3" name="file0" dev="loop3" ino=570 res=0 [ 1200.760910][ T27] audit: type=1804 audit(1577520816.471:756): pid=20192 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir040667840/syzkaller.2WQcgv/133/file0/file0" dev="loop3" ino=570 res=1 [ 1200.829825][ T27] audit: type=1804 audit(1577520816.541:757): pid=20205 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.3" name="/root/syzkaller-testdir040667840/syzkaller.2WQcgv/133/file0/file0" dev="loop3" ino=570 res=1 08:13:36 executing program 1: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) llistxattr(&(0x7f0000000180)='./file0\x00', &(0x7f0000000300)=""/194, 0xc2) r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x552, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78) setsockopt$inet_mreqsrc(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000100)='./file0\x00', 0x40c2, 0x40) r2 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x7fffffa7) r3 = open(&(0x7f0000000040)='./file0\x00', 0x141042, 0x0) sendfile(r3, r1, 0x0, 0xffffffff) r4 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/pfkey\x00', 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x552, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, r4}, 0x78) write$nbd(r4, &(0x7f0000000580)=ANY=[@ANYBLOB="67446698010000000400000003000000e285c94e430e7f7eae61609c38442290ec027383ca610dd1e2a19ecfbfedecd404a36962d1cab52f977a30679de8f4bd2d4dfb7e72216731895f79e94f81f5f15bef34bb0d07fb90ae73a69f4a31953eaf9da79c30093c11f0e4b53c1f0dc4a9f984669f6a245054977d410d256d4a2031d430f2e31555686770b4ed9ccab5b210db219f703af1aa80b54ba76e343e687617bb2574bcc564357ecf2a07d1ee19a47c9e3a0aa0eca009d55b70e85b2db61406f2c2fb2391a5b07db9ff075835f62b2aeccbb576fc16c9df01ce9125d254528355054e4753ca85abcb8f373bf3e9d8a5e6755ec387ad4a8cb4c98bb61a736705e9b1603ab5768c3e236adc975073fe6535617f693b259789f9a716c2c670d576f2761a155938507f211cfe3c01165c2ce0a5f5264e8810720287ed155fc29887efda75d7ad9c7a000cf1530ad739b8a0cf03d9358bf8cdfaac17c5a49e4fe7f41285ca1f1333e0b10b95a9fd2c899702f320969f7629b4c5d4a4724c87a095e905eec3b47f807d5918495ec5a41a11b00875"], 0xf8) 08:13:36 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x196, 0x0, 0x0, 0x0) ioctl$KVM_GET_XCRS(0xffffffffffffffff, 0x8188aea6, &(0x7f0000000000)=ANY=[@ANYBLOB="010002d59400000500ade76e876e03c8cc0000"]) ioctl$KVM_RUN(r2, 0xae80, 0x1d00000000000000) [ 1201.201193][ T27] audit: type=1800 audit(1577520816.931:758): pid=20219 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="file0" dev="sda1" ino=16737 res=0 08:13:37 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x196, 0x0, 0x0, 0x0) ioctl$KVM_GET_XCRS(0xffffffffffffffff, 0x8188aea6, &(0x7f0000000000)=ANY=[@ANYBLOB="010002d59400000500ade76e876e03c8cc0000"]) ioctl$KVM_RUN(r2, 0xae80, 0x1e00000000000000) 08:13:37 executing program 1: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x552, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78) setsockopt$inet_mreqsrc(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000100)='./file0\x00', 0x40c2, 0x40) r2 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) write(r1, &(0x7f0000000600)="34fd98aa1d0e7adec937a5f331a75f487934f50242a0751944936972896c29a5068c8ecba1aa0a4e2a631b5180e1fbde79f4502dc4c4a1fba9dcd9ed83e639aefa1b87631c33d1a82cb0c0035676ddfeb0fe7984d7519b0f839d497fc9d64ef14d1de22220ff2623df4950134b9fb734a52adad95f131cce3672a9d7d7b400d2c62810b5f20351639330948107bf8d4534a03ac389455c54d8eb4d609b3e858b7213b38eb01f0eeaba3739ae927916e28da6a79a3fd5e32d30ab30bf959d4596e5ffbff6789a650b9e7d248d1ba849012336a4f3ef8fab07a8f5b81bb0bc45b2174538315ca12b7c723b2157562564a8a1f19d28179f8c565448e0e921b8c3e6fc4adaafa8b929ad077f633325b6a6f71a586cabc4883e03e19315f946b277858593a7367e232202fe9ad656c6768a1517da7f0498b48cb078e929fb11db0cc551f754bffc4859dd89a396915cc809b07d448573098409ea21371056f67ef4114ec10547f498d24513fe594308bf022868ad21e85bba811942fdc45161a1a8a7fe00d5c6b05ed7954f631bbd12a5c9a5cfa5965e0595de608b04ebe02b3fcbf3b9f57807a1a7ad8528992e2ec65949da2f4a0478dfd3ae52639c15d8aeaa351da6d393b58c772168fae604d097fef4d6b9360eb169a0b0ee70cdc22435a003e68698f61b3b63b1f51011bc8f4ef944c1de821785f670124a1c6ed18335d63412", 0x200) sendfile(r1, r2, 0x0, 0x7fffffa7) r3 = open(&(0x7f0000000040)='./file0\x00', 0x141042, 0x0) syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x4600) sendfile(r3, r1, 0x0, 0xffffffff) [ 1201.301647][ T27] audit: type=1804 audit(1577520816.941:759): pid=20219 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir643497950/syzkaller.E8iwYA/245/file0/file0" dev="sda1" ino=16737 res=1 [ 1201.406012][ T27] audit: type=1804 audit(1577520816.951:760): pid=20219 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir643497950/syzkaller.E8iwYA/245/file0/file0" dev="sda1" ino=16737 res=1 [ 1201.435539][ T27] audit: type=1804 audit(1577520816.971:761): pid=20213 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir643497950/syzkaller.E8iwYA/245/file0/file0" dev="sda1" ino=16737 res=1 08:13:37 executing program 2: pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) syz_mount_image$vfat(&(0x7f0000000440)='vfat\x00', &(0x7f0000000400)='./file0\x00', 0xfffffffffffffffa, 0x1, &(0x7f00000003c0)=[{&(0x7f0000000080)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x280001c, 0x0) r1 = openat$null(0xffffffffffffff9c, &(0x7f0000000380)='/dev/null\x00', 0x0, 0x0) ioctl$VHOST_RESET_OWNER(r1, 0xaf02, 0x0) r2 = open(&(0x7f0000000300)='./file0\x00', 0x0, 0x0) fchdir(r2) creat(&(0x7f0000000140)='./bus\x00', 0x0) mkdir(&(0x7f0000000240)='./file1\x00', 0x0) mkdir(&(0x7f0000000280)='./file0\x00', 0x0) r3 = open(&(0x7f00000009c0)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x800002, 0x11, r3, 0x0) r4 = creat(&(0x7f0000001c80)='./bus\x00', 0x40) newfstatat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0}, 0x100) r6 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r6, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0}, &(0x7f0000000280)=0x5) setuid(r7) mount$overlay(0x0, &(0x7f0000000180)='./file1\x00', &(0x7f00000001c0)='overlay\x00', 0x40, &(0x7f0000000500)=ANY=[@ANYBLOB='lowerdir=./bus,upperdir=./file2,upperdir=./bus,func=CREDS_CHECK,rootcontext=unconfined_u,obj_user=$]},uid<', @ANYRESDEC=r5, @ANYBLOB="2c636f6e746578743d73797306656d5f752c736d61636b66737472616e736d7574653d7468726561646564002c7569643d", @ANYRESDEC=r7, @ANYBLOB=',\x00']) clock_gettime(0x0, &(0x7f0000000000)={0x0, 0x0}) ioctl$VIDIOC_DQBUF(r3, 0xc0585611, &(0x7f00000000c0)={0x400, 0x2, 0x4, 0x2000, 0x3, {r8, r9/1000+30000}, {0x5, 0xc, 0x9, 0x0, 0x5, 0xab, "de0f3d37"}, 0xf7d, 0x0, @offset=0x1, 0x0, 0x0, 0xffffffffffffffff}) mknodat(r10, &(0x7f0000000040)='./file0\x00', 0x1000, 0x1) r11 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/pfkey\x00', 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x552, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, r11}, 0x78) recvmmsg(r11, &(0x7f0000001b40)=[{{&(0x7f0000000600)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000680)=""/251, 0xfb}, {&(0x7f0000000780)=""/4, 0x4}, {&(0x7f00000007c0)=""/127, 0x7f}], 0x3}, 0x100}, {{&(0x7f0000000880)=@vsock={0x28, 0x0, 0x0, @local}, 0x80, &(0x7f0000000980)=[{&(0x7f0000000a00)=""/4096, 0x1000}, {&(0x7f0000000900)=""/102, 0x66}], 0x2}, 0x6}, {{&(0x7f0000001a00)=@ethernet={0x0, @dev}, 0x80, &(0x7f0000001ac0)=[{&(0x7f0000001a80)=""/9, 0x9}], 0x1, &(0x7f0000001b00)=""/1, 0x1}, 0x587}], 0x3, 0x20, &(0x7f0000001c00)={0x0, 0x989680}) fcntl$setstatus(r4, 0x4, 0x6100) ftruncate(r4, 0x8200) write$cgroup_type(r4, &(0x7f0000000200)='threaded\x00', 0x175d900f) write$binfmt_misc(r0, &(0x7f0000000140)=ANY=[], 0x4240a2a0) 08:13:37 executing program 3: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x552, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78) setsockopt$inet_mreqsrc(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) fchdir(r0) r2 = open(&(0x7f0000000100)='./file0\x00', 0x40c2, 0x40) r3 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) write(r2, &(0x7f0000000600)="34fd98aa1d0e7adec937a5f331a75f487934f50242a0751944936972896c29a5068c8ecba1aa0a4e2a631b5180e1fbde79f4502dc4c4a1fba9dcd9ed83e639aefa1b87631c33d1a82cb0c0035676ddfeb0fe7984d7519b0f839d497fc9d64ef14d1de22220ff2623df4950134b9fb734a52adad95f131cce3672a9d7d7b400d2c62810b5f20351639330948107bf8d4534a03ac389455c54d8eb4d609b3e858b7213b38eb01f0eeaba3739ae927916e28da6a79a3fd5e32d30ab30bf959d4596e5ffbff6789a650b9e7d248d1ba849012336a4f3ef8fab07a8f5b81bb0bc45b2174538315ca12b7c723b2157562564a8a1f19d28179f8c565448e0e921b8c3e6fc4adaafa8b929ad077f633325b6a6f71a586cabc4883e03e19315f946b277858593a7367e232202fe9ad656c6768a1517da7f0498b48cb078e929fb11db0cc551f754bffc4859dd89a396915cc809b07d448573098409ea21371056f67ef4114ec10547f498d24513fe594308bf022868ad21e85bba811942fdc45161a1a8a7fe00d5c6b05ed7954f631bbd12a5c9a5cfa5965e0595de608b04ebe02b3fcbf3b9f57807a1a7ad8528992e2ec65949da2f4a0478dfd3ae52639c15d8aeaa351da6d393b58c772168fae604d097fef4d6b9360eb169a0b0ee70cdc22435a003e68698f61b3b63b1f51011bc8f4ef944c1de821785f670124a1c6ed18335d63412", 0x200) sendfile(r2, r3, 0x0, 0x7fffffa7) getsockopt$inet_sctp_SCTP_PR_ASSOC_STATUS(r0, 0x84, 0x73, &(0x7f00000001c0)={0x0, 0x5, 0x10, 0xc000000000000000, 0x7}, &(0x7f0000000240)=0x18) setsockopt$inet_sctp6_SCTP_CONTEXT(r2, 0x84, 0x11, &(0x7f0000000280)={r4, 0x2}, 0x8) r5 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_S_EXT_CTRLS(r5, 0xc0205648, &(0x7f0000000080)={0x0, 0x7}) dup2(r5, r1) r6 = open(&(0x7f0000000040)='./file0\x00', 0x141042, 0x0) sendfile(r6, r2, 0x0, 0xffffffff) r7 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/pfkey\x00', 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x552, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, r7}, 0x78) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000180)={r7, 0x28}, 0x10) [ 1201.701423][ T27] audit: type=1800 audit(1577520817.431:762): pid=20231 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="file0" dev="loop1" ino=572 res=0 [ 1201.809439][ T27] audit: type=1804 audit(1577520817.461:763): pid=20231 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir643497950/syzkaller.E8iwYA/246/file0/file0" dev="loop1" ino=572 res=1 [ 1201.855272][T20241] overlayfs: unrecognized mount option "func=CREDS_CHECK" or missing value [ 1201.934103][ T27] audit: type=1800 audit(1577520817.511:764): pid=20236 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.3" name="file0" dev="loop3" ino=573 res=0 08:13:43 executing program 0: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40086602, 0x400007) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x6}, 0x3c) write$cgroup_subtree(r0, &(0x7f0000000000)=ANY=[], 0x32600) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r0, &(0x7f0000000000)=ANY=[@ANYBLOB], 0xda00) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000080)='cpu.stat\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x7fff}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffc}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) write$cgroup_int(r1, &(0x7f0000000200), 0x43400) ioctl$PERF_EVENT_IOC_MODIFY_ATTRIBUTES(r0, 0x4008240b, &(0x7f0000000280)={0x0, 0x70, 0xff, 0x1, 0x0, 0x3, 0x0, 0x100000000, 0xc17d06253f1d94fb, 0x2, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x8000, 0x4, @perf_config_ext={0x4, 0x1f}, 0x800, 0x8239, 0x7fff, 0x1, 0x1000, 0x9, 0x7}) 08:13:43 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x196, 0x0, 0x0, 0x0) ioctl$KVM_GET_XCRS(0xffffffffffffffff, 0x8188aea6, &(0x7f0000000000)=ANY=[@ANYBLOB="010002d59400000500ade76e876e03c8cc0000"]) ioctl$KVM_RUN(r2, 0xae80, 0x4000000000000000) 08:13:43 executing program 2: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_mount_image$vfat(&(0x7f0000000440)='vfat\x00', &(0x7f0000000400)='./file0\x00', 0xfffffffffffffffa, 0x1, &(0x7f0000000000)=[{&(0x7f0000000080)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x280001c, 0x0) r1 = open(&(0x7f0000000300)='./file0\x00', 0x0, 0x0) fchdir(r1) creat(&(0x7f0000000140)='./bus\x00', 0x0) mkdir(&(0x7f0000000240)='./file1\x00', 0x0) mkdir(&(0x7f0000000280)='./file0\x00', 0x0) r2 = open(&(0x7f00000009c0)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x800002, 0x11, r2, 0x0) r3 = creat(&(0x7f00000002c0)='./bus\x00', 0x0) fcntl$setstatus(r3, 0x4, 0x6100) ftruncate(r3, 0x8200) write$cgroup_type(r3, &(0x7f0000000200)='threaded\x00', 0x175d900f) write$binfmt_misc(r0, &(0x7f0000000140)=ANY=[], 0x4240a2a0) 08:13:43 executing program 1: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x552, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78) setsockopt$inet_mreqsrc(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) fchdir(r0) r1 = socket(0x11, 0x800000003, 0x0) bind(r1, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000140)=0x14) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000001280)=ANY=[@ANYBLOB="d00800002400ffffff7f00000000ffffa6fffff7", @ANYRES32=r2, @ANYBLOB="0000000bf1ffffff000000000800010063627100a408020004040600030000000500000000700300fdffffffffff00001f0000000500000000010000000000100083000000fdffffff07000000084900000100000002000000cf000000feffffff0800003326f6000180000003000000090000000200000000274a49ef6949a7bb000000050000000100000004000000ff7f000000000000000400000002000004000000ff0f0000f44f350001000000010400005eb768350100000008000000ffffffffc38d00001f000000040008830600000000000100f7ffffff030000000080ffff050000000600000006000000a900000000000000c0000000c0ffffff08000000018000000101000006000000b300000000000020050000000104000004000000070000000800000001010000c22e0000c0ffffff0500000004000000060000000900000008000000f7ffffff0800000003000000080000000400000001030080040000000400000000100000040000000700000009000000fcffffff01000000010000000900000000020000060e0000080000000200000002000000090000000800000007000000ab000000fb00000007000000ff0100000800000001040000070000000300000009000000ff07000008000000ffff0000a90100000900000005000000200000000500000001000000070000008eb7000000000080010000000000000007000000fffffffffcffffff01f0ffff000000003f00000003000000000100000080000000800000030000000500000005000000ffffffff0700000015ba000004000000070000000300000003000000ffffffff04000000554f00006ff800000700000003000000000200000600000008000000b300000006000000000000000007000001010000030000000080000000040000730a000001000080010000009e0c0000000800000100008000000000000000004000000000fefffff67d000004000000ff01000002000000000000004000000040000000ed000000010001000e0a05000000000000020000040000000600000002000000ff7f00000100000001000000060000007f000000020000000004000004000000090000009000000008000000b6000000040000000400000005000000f50a0000ffff0000060000008ff9ffff070000001eaaffff3f0000008000000000000000ff0c0000ff7f0000030000007f0000002d0000000800000000010000ff070000ffffffff2bab000002000000ace800000500000000000000e1bf934d070000001f000d000300000004000000070000000900000005000000030000000200000087d400000200000008000000000100007f0000000e000000080000000200000007000000ffffff7f06000000000000000500000001000000820000001f0000000004000001000000faffffff0500000006000000070000000300000010000500810306009fff04000800000004040600d90b0000ff00000005000000040000001ba2cc3b00000080010000003f000000ff0f00201152c97303000000be060000fffffffffffeffff7f000000ff0000008100000000db040009000000070000000300000000000000060000008f5e0000010000000002000006000000010100000200000007000000000000e03189000001040000000800000600000004000000080000000400000002000000c00000000800000008000000f7ffffff05000000810000004d00000001000080eb0700001f000000090000000597000001000000000000000000000002000000ffff00000100000002000000000000e0a000000040000000ff000000f7ffffff0500000009000000070000000600000028080000030000000600000004000000be00000003000000070000000500000038080000faffffffffffffff47b5554d001000008100000007000000ffffffff040000000100000002000000566b00002000000004000000020000008b01000001000000ffff000004000000ff0f0000050000002000000003000000e40d000007000000f8ffffff200000003f000000387f00000700000007000000c10a000009000000040000000400000000000000008000000100008009000000370b000000000080ff07000006000000bb7900000400000002000000ffffff7f0300000000000000090000000700000005000000000000807f0000000900000008000000fad4ffffff01000001010000010000003f0000000400000020f2ffff01000100ffff0000010000000200000008000000fbfffffff9ffffff040000004d000000060000000200000002000000070000004e0d0000000200000800000035000000300e00000700000000040000020000000180000020000000f2ffffff070000000500000000010000fffffeff0900000000080000070000000800000009000000ff7f00000900000004000000040000000000000006000000050000000100000009000000080000007e0700000300000000800000bf16000002000006000000ffee0000000100000000000000001000006305000000000000000000007f00000010080000000000000100008002000000080000000101000003000000ffffff7ffffffffff7ffffff0600000003000000a6060000ff0300000700000001800000090000000200000000000000040000000080ffff00020000070000000500000001000100000000800000af06060000002b0a000005000000010000000500000009000000040000000500000002000000ffffff7ff30000000800000002000000ffff0000ff070000810000004000000075fc000009000000fbffffff0500000000000000810000000100000080000000d05e0000020000001f00000000000000ff010000451e00002d00000000000000ff0000001000030008001000ff070000010000001800010039031c020101000001000000000000060500000010000200e002807104000000ff03000018000100080d1e02800000000700000024709a02ff7f000010000500010000000000e0ff07000000100003001f0003000700000001010000180001000501040009000000040000000104000000000000f2275eef7138e6d8404ee35c1c03d0a7e3015b89e6e440ebafa27d5b8188804cd5beea2fda73c030f26439c9e4f2e27a824bfb4415f2af99b482560d1a447df28d8d838ad1a39caf40dc96c5f134529d47c0604f66f8714f8ee51165c4b029a7dc7e2f90de64a234d9098b06231c71bc79c43de912eb17614cf75d8c49152a801ac9a1326f0e334e0534faa8d8704d03c25495230a2ed4feb5298d99c124310dd8d4054c8be6bdb8bcede3d1552b08c169755c508c65ff8e1c50711a38d9a451eb650df96535fcc7669eb1f0f7fc5135a05b389610d33df49e9d1d3808c8fa0524b1caa582c913fedb22de15fbc7e7890faa48e6205a74bf817d48ea3dc9cddb6acc14b94522ccce95a27379b1ced543ad45de5016647e86154fd92670b9fc95ff90ea60fcf349981185b11322c4a48276eea082e4be45b9125653ba5f8ad8500d0d768b2de6b9e198568ecd526a1ba44c9180104fa91e55e31181b4acad815ef766bc8604c30c715da309a185645439aaabb542625905dc77193d45cde1978dc9c67cea6b01d2d4a28b13fc1e71d1f2a38537c44b629790b1305371c9e705771da5555c743b5b4adea2b95aa708f41e7a713277f5422f2bb669861730554e266f4ae61e0377f517b23ae4821e04e500cf998be043bab81fa38368a555f4a381eab2a692e06a4ca80bcb7570518078eb76bd313b23d0708cd26017f5a61b25a4fd45c27d7c3c7b21"], 0x8d0}}, 0x0) ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000180)={@initdev={0xfe, 0x88, [], 0x0, 0x0}, @remote, @mcast2, 0x800, 0x0, 0xdda2, 0xc80, 0x2, 0x80000000, r2}) r3 = open(&(0x7f0000000100)='./file0\x00', 0x40c2, 0x40) r4 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) write(r3, &(0x7f0000000600)="34fd98aa1d0e7adec937a5f331a75f487934f50242a0751944936972896c29a5068c8ecba1aa0a4e2a631b5180e1fbde79f4502dc4c4a1fba9dcd9ed83e639aefa1b87631c33d1a82cb0c0035676ddfeb0fe7984d7519b0f839d497fc9d64ef14d1de22220ff2623df4950134b9fb734a52adad95f131cce3672a9d7d7b400d2c62810b5f20351639330948107bf8d4534a03ac389455c54d8eb4d609b3e858b7213b38eb01f0eeaba3739ae927916e28da6a79a3fd5e32d30ab30bf959d4596e5ffbff6789a650b9e7d248d1ba849012336a4f3ef8fab07a8f5b81bb0bc45b2174538315ca12b7c723b2157562564a8a1f19d28179f8c565448e0e921b8c3e6fc4adaafa8b929ad077f633325b6a6f71a586cabc4883e03e19315f946b277858593a7367e232202fe9ad656c6768a1517da7f0498b48cb078e929fb11db0cc551f754bffc4859dd89a396915cc809b07d448573098409ea21371056f67ef4114ec10547f498d24513fe594308bf022868ad21e85bba811942fdc45161a1a8a7fe00d5c6b05ed7954f631bbd12a5c9a5cfa5965e0595de608b04ebe02b3fcbf3b9f57807a1a7ad8528992e2ec65949da2f4a0478dfd3ae52639c15d8aeaa351da6d393b58c772168fae604d097fef4d6b9360eb169a0b0ee70cdc22435a003e68698f61b3b63b1f51011bc8f4ef944c1de821785f670124a1c6ed18335d63412", 0x200) sendfile(r3, r4, 0x0, 0x7fffffa7) open(&(0x7f0000000040)='./file0\x00', 0x141042, 0x0) sendfile(0xffffffffffffffff, r3, 0x0, 0xffffffff) 08:13:43 executing program 3: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x552, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78) setsockopt$inet_mreqsrc(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) fchdir(r0) r2 = open(&(0x7f0000000100)='./file0\x00', 0x40c2, 0x40) r3 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) write(r2, &(0x7f0000000600)="34fd98aa1d0e7adec937a5f331a75f487934f50242a0751944936972896c29a5068c8ecba1aa0a4e2a631b5180e1fbde79f4502dc4c4a1fba9dcd9ed83e639aefa1b87631c33d1a82cb0c0035676ddfeb0fe7984d7519b0f839d497fc9d64ef14d1de22220ff2623df4950134b9fb734a52adad95f131cce3672a9d7d7b400d2c62810b5f20351639330948107bf8d4534a03ac389455c54d8eb4d609b3e858b7213b38eb01f0eeaba3739ae927916e28da6a79a3fd5e32d30ab30bf959d4596e5ffbff6789a650b9e7d248d1ba849012336a4f3ef8fab07a8f5b81bb0bc45b2174538315ca12b7c723b2157562564a8a1f19d28179f8c565448e0e921b8c3e6fc4adaafa8b929ad077f633325b6a6f71a586cabc4883e03e19315f946b277858593a7367e232202fe9ad656c6768a1517da7f0498b48cb078e929fb11db0cc551f754bffc4859dd89a396915cc809b07d448573098409ea21371056f67ef4114ec10547f498d24513fe594308bf022868ad21e85bba811942fdc45161a1a8a7fe00d5c6b05ed7954f631bbd12a5c9a5cfa5965e0595de608b04ebe02b3fcbf3b9f57807a1a7ad8528992e2ec65949da2f4a0478dfd3ae52639c15d8aeaa351da6d393b58c772168fae604d097fef4d6b9360eb169a0b0ee70cdc22435a003e68698f61b3b63b1f51011bc8f4ef944c1de821785f670124a1c6ed18335d63412", 0x200) sendfile(r2, r3, 0x0, 0x7fffffa7) getsockopt$inet_sctp_SCTP_PR_ASSOC_STATUS(r0, 0x84, 0x73, &(0x7f00000001c0)={0x0, 0x5, 0x10, 0xc000000000000000, 0x7}, &(0x7f0000000240)=0x18) setsockopt$inet_sctp6_SCTP_CONTEXT(r2, 0x84, 0x11, &(0x7f0000000280)={r4, 0x2}, 0x8) r5 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_S_EXT_CTRLS(r5, 0xc0205648, &(0x7f0000000080)={0x0, 0x7}) dup2(r5, r1) r6 = open(&(0x7f0000000040)='./file0\x00', 0x141042, 0x0) sendfile(r6, r2, 0x0, 0xffffffff) r7 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/pfkey\x00', 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x552, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, r7}, 0x78) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000180)={r7, 0x28}, 0x10) 08:13:43 executing program 5: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000000)="6653070000053c07bc3376003639405cb4aed1e68f7d368b3fb62f00000000", 0x1f}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, 0x0) ptrace$cont(0x20, r0, 0x0, 0x0) [ 1207.980964][ T27] kauditd_printk_skb: 6 callbacks suppressed [ 1207.980998][ T27] audit: type=1800 audit(1577520823.711:771): pid=20258 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="file0" dev="loop1" ino=574 res=0 08:13:43 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x196, 0x0, 0x0, 0x0) ioctl$KVM_GET_XCRS(0xffffffffffffffff, 0x8188aea6, &(0x7f0000000000)=ANY=[@ANYBLOB="010002d59400000500ade76e876e03c8cc0000"]) ioctl$KVM_RUN(r2, 0xae80, 0x6018230000000000) [ 1208.152372][ T27] audit: type=1804 audit(1577520823.721:772): pid=20258 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir643497950/syzkaller.E8iwYA/247/file0/file0" dev="loop1" ino=574 res=1 [ 1208.181970][ T27] audit: type=1800 audit(1577520823.761:773): pid=20263 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.3" name="file0" dev="loop3" ino=575 res=0 [ 1208.215928][ T27] audit: type=1804 audit(1577520823.771:774): pid=20263 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir040667840/syzkaller.2WQcgv/135/file0/file0" dev="loop3" ino=575 res=1 08:13:44 executing program 2: pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) syz_mount_image$vfat(&(0x7f0000000440)='vfat\x00', &(0x7f0000000400)='./file0\x00', 0xfffffffffffffffa, 0x1, &(0x7f00000003c0)=[{&(0x7f0000000080)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x280001c, 0x0) r1 = open(&(0x7f0000000300)='./file0\x00', 0x0, 0x0) fchdir(r1) creat(&(0x7f0000000140)='./bus\x00', 0x0) mkdir(&(0x7f0000000240)='./file1\x00', 0x0) mkdir(&(0x7f0000000280)='./file0\x00', 0x0) r2 = open(&(0x7f00000009c0)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x800002, 0x4010, r2, 0x0) r3 = creat(&(0x7f00000002c0)='./bus\x00', 0x0) fcntl$setstatus(r3, 0x4, 0x6100) ftruncate(r3, 0x8200) write$cgroup_type(r3, &(0x7f0000000200)='threaded\x00', 0x175d900f) write$binfmt_misc(r0, &(0x7f0000000140)=ANY=[], 0x4240a2a0) 08:13:44 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x196, 0x0, 0x0, 0x0) ioctl$KVM_GET_XCRS(0xffffffffffffffff, 0x8188aea6, &(0x7f0000000000)=ANY=[@ANYBLOB="010002d59400000500ade76e876e03c8cc0000"]) ioctl$KVM_RUN(r2, 0xae80, 0xa8bb040400c9ffff) [ 1208.354144][ T27] audit: type=1804 audit(1577520823.791:775): pid=20274 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir643497950/syzkaller.E8iwYA/247/file0/file0" dev="loop1" ino=574 res=1 [ 1208.439596][ T27] audit: type=1804 audit(1577520823.861:776): pid=20277 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.3" name="/root/syzkaller-testdir040667840/syzkaller.2WQcgv/135/file0/file0" dev="loop3" ino=575 res=1 08:13:44 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x196, 0x0, 0x0, 0x0) ioctl$KVM_GET_XCRS(0xffffffffffffffff, 0x8188aea6, &(0x7f0000000000)=ANY=[@ANYBLOB="010002d59400000500ade76e876e03c8cc0000"]) ioctl$KVM_RUN(r2, 0xae80, 0xe803000000000000) [ 1208.736746][ T27] audit: type=1804 audit(1577520824.471:777): pid=20274 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir643497950/syzkaller.E8iwYA/247/file0/file0" dev="loop1" ino=574 res=1 [ 1208.850524][ T27] audit: type=1804 audit(1577520824.541:778): pid=20274 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir643497950/syzkaller.E8iwYA/247/file0/file0" dev="loop1" ino=574 res=1 08:13:44 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x196, 0x0, 0x0, 0x0) ioctl$KVM_GET_XCRS(0xffffffffffffffff, 0x8188aea6, &(0x7f0000000000)=ANY=[@ANYBLOB="010002d59400000500ade76e876e03c8cc0000"]) ioctl$KVM_RUN(r2, 0xae80, 0xfdfdffff00000000) 08:13:44 executing program 3: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x552, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78) setsockopt$inet_mreqsrc(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) fchdir(r0) r2 = open(&(0x7f0000000100)='./file0\x00', 0x40c2, 0x40) r3 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) write(r2, &(0x7f0000000600)="34fd98aa1d0e7adec937a5f331a75f487934f50242a0751944936972896c29a5068c8ecba1aa0a4e2a631b5180e1fbde79f4502dc4c4a1fba9dcd9ed83e639aefa1b87631c33d1a82cb0c0035676ddfeb0fe7984d7519b0f839d497fc9d64ef14d1de22220ff2623df4950134b9fb734a52adad95f131cce3672a9d7d7b400d2c62810b5f20351639330948107bf8d4534a03ac389455c54d8eb4d609b3e858b7213b38eb01f0eeaba3739ae927916e28da6a79a3fd5e32d30ab30bf959d4596e5ffbff6789a650b9e7d248d1ba849012336a4f3ef8fab07a8f5b81bb0bc45b2174538315ca12b7c723b2157562564a8a1f19d28179f8c565448e0e921b8c3e6fc4adaafa8b929ad077f633325b6a6f71a586cabc4883e03e19315f946b277858593a7367e232202fe9ad656c6768a1517da7f0498b48cb078e929fb11db0cc551f754bffc4859dd89a396915cc809b07d448573098409ea21371056f67ef4114ec10547f498d24513fe594308bf022868ad21e85bba811942fdc45161a1a8a7fe00d5c6b05ed7954f631bbd12a5c9a5cfa5965e0595de608b04ebe02b3fcbf3b9f57807a1a7ad8528992e2ec65949da2f4a0478dfd3ae52639c15d8aeaa351da6d393b58c772168fae604d097fef4d6b9360eb169a0b0ee70cdc22435a003e68698f61b3b63b1f51011bc8f4ef944c1de821785f670124a1c6ed18335d63412", 0x200) sendfile(r2, r3, 0x0, 0x7fffffa7) getsockopt$inet_sctp_SCTP_PR_ASSOC_STATUS(r0, 0x84, 0x73, &(0x7f00000001c0)={0x0, 0x5, 0x10, 0xc000000000000000, 0x7}, &(0x7f0000000240)=0x18) setsockopt$inet_sctp6_SCTP_CONTEXT(r2, 0x84, 0x11, &(0x7f0000000280)={r4, 0x2}, 0x8) r5 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_S_EXT_CTRLS(r5, 0xc0205648, &(0x7f0000000080)={0x0, 0x7}) dup2(r5, r1) r6 = open(&(0x7f0000000040)='./file0\x00', 0x141042, 0x0) sendfile(r6, r2, 0x0, 0xffffffff) r7 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/pfkey\x00', 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x552, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, r7}, 0x78) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000180)={r7, 0x28}, 0x10) [ 1208.888797][ T27] audit: type=1804 audit(1577520824.541:779): pid=20274 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir643497950/syzkaller.E8iwYA/247/file0/file0" dev="loop1" ino=574 res=1 [ 1209.092009][ T27] audit: type=1800 audit(1577520824.821:780): pid=20318 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.3" name="file0" dev="loop3" ino=576 res=0 [ 1209.197365][T20318] FAT-fs (loop3): error, fat_get_cluster: invalid cluster chain (i_pos 17) [ 1209.206196][T20318] FAT-fs (loop3): Filesystem has been set read-only [ 1209.213374][T20318] FAT-fs (loop3): error, fat_get_cluster: invalid cluster chain (i_pos 17) [ 1209.222175][T20323] FAT-fs (loop3): error, fat_get_cluster: invalid cluster chain (i_pos 17) 08:13:54 executing program 0: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40086602, 0x400007) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x6}, 0x3c) write$cgroup_subtree(r0, &(0x7f0000000000)=ANY=[], 0x32600) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r0, &(0x7f0000000000)=ANY=[@ANYBLOB], 0xda00) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000080)='cpu.stat\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x7fff}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffc}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) write$cgroup_int(r1, &(0x7f0000000200), 0x43400) ioctl$PERF_EVENT_IOC_MODIFY_ATTRIBUTES(r0, 0x4008240b, &(0x7f0000000280)={0x0, 0x70, 0xff, 0x1, 0x0, 0x3, 0x0, 0x100000000, 0xc17d06253f1d94fb, 0x2, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x8000, 0x4, @perf_config_ext={0x4, 0x1f}, 0x800, 0x8239, 0x7fff, 0x1, 0x1000, 0x9, 0x7}) 08:13:54 executing program 1: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x552, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78) setsockopt$inet_mreqsrc(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) r0 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_S_EXT_CTRLS(r0, 0xc0205648, &(0x7f0000000080)={0x0, 0x7}) fchdir(r0) r1 = open(&(0x7f0000000100)='./file0\x00', 0x40c2, 0x40) r2 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) write(r1, &(0x7f0000000600)="34fd98aa1d0e7adec937a5f331a75f487934f50242a0751944936972896c29a5068c8ecba1aa0a4e2a631b5180e1fbde79f4502dc4c4a1fba9dcd9ed83e639aefa1b87631c33d1a82cb0c0035676ddfeb0fe7984d7519b0f839d497fc9d64ef14d1de22220ff2623df4950134b9fb734a52adad95f131cce3672a9d7d7b400d2c62810b5f20351639330948107bf8d4534a03ac389455c54d8eb4d609b3e858b7213b38eb01f0eeaba3739ae927916e28da6a79a3fd5e32d30ab30bf959d4596e5ffbff6789a650b9e7d248d1ba849012336a4f3ef8fab07a8f5b81bb0bc45b2174538315ca12b7c723b2157562564a8a1f19d28179f8c565448e0e921b8c3e6fc4adaafa8b929ad077f633325b6a6f71a586cabc4883e03e19315f946b277858593a7367e232202fe9ad656c6768a1517da7f0498b48cb078e929fb11db0cc551f754bffc4859dd89a396915cc809b07d448573098409ea21371056f67ef4114ec10547f498d24513fe594308bf022868ad21e85bba811942fdc45161a1a8a7fe00d5c6b05ed7954f631bbd12a5c9a5cfa5965e0595de608b04ebe02b3fcbf3b9f57807a1a7ad8528992e2ec65949da2f4a0478dfd3ae52639c15d8aeaa351da6d393b58c772168fae604d097fef4d6b9360eb169a0b0ee70cdc22435a003e68698f61b3b63b1f51011bc8f4ef944c1de821785f670124a1c6ed18335d63412", 0x200) sendfile(r1, r2, 0x0, 0x7fffffa7) r3 = open(&(0x7f0000000040)='./file0\x00', 0x141042, 0x0) sendfile(r3, r1, 0x0, 0xffffffff) 08:13:54 executing program 3: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x552, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78) bpf$OBJ_GET_PROG(0x7, &(0x7f0000000180)={&(0x7f0000000000)='./file0\x00', 0x0, 0x3c}, 0x10) setsockopt$inet_mreqsrc(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000100)='./file0\x00', 0x40c2, 0x40) r2 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) fcntl$F_SET_FILE_RW_HINT(r0, 0x40e, &(0x7f00000001c0)) write(r1, &(0x7f0000000600)="34fd98aa1d0e7adec937a5f331a75f487934f50242a0751944936972896c29a5068c8ecba1aa0a4e2a631b5180e1fbde79f4502dc4c4a1fba9dcd9ed83e639aefa1b87631c33d1a82cb0c0035676ddfeb0fe7984d7519b0f839d497fc9d64ef14d1de22220ff2623df4950134b9fb734a52adad95f131cce3672a9d7d7b400d2c62810b5f20351639330948107bf8d4534a03ac389455c54d8eb4d609b3e858b7213b38eb01f0eeaba3739ae927916e28da6a79a3fd5e32d30ab30bf959d4596e5ffbff6789a650b9e7d248d1ba849012336a4f3ef8fab07a8f5b81bb0bc45b2174538315ca12b7c723b2157562564a8a1f19d28179f8c565448e0e921b8c3e6fc4adaafa8b929ad077f633325b6a6f71a586cabc4883e03e19315f946b277858593a7367e232202fe9ad656c6768a1517da7f0498b48cb078e929fb11db0cc551f754bffc4859dd89a396915cc809b07d448573098409ea21371056f67ef4114ec10547f498d24513fe594308bf022868ad21e85bba811942fdc45161a1a8a7fe00d5c6b05ed7954f631bbd12a5c9a5cfa5965e0595de608b04ebe02b3fcbf3b9f57807a1a7ad8528992e2ec65949da2f4a0478dfd3ae52639c15d8aeaa351da6d393b58c772168fae604d097fef4d6b9360eb169a0b0ee70cdc22435a003e68698f61b3b63b1f51011bc8f4ef944c1de821785f670124a1c6ed18335d63412", 0x200) sendfile(r1, r2, 0x0, 0x7fffffa7) eventfd(0x7) r3 = open(&(0x7f0000000040)='./file0\x00', 0x141042, 0x0) sendfile(r3, r1, 0x0, 0xffffffff) 08:13:54 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x196, 0x0, 0x0, 0x0) ioctl$KVM_GET_XCRS(0xffffffffffffffff, 0x8188aea6, &(0x7f0000000000)=ANY=[@ANYBLOB="010002d59400000500ade76e876e03c8cc0000"]) ioctl$KVM_RUN(r2, 0xae80, 0xffffc9000404bba8) 08:13:54 executing program 2: pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) syz_mount_image$vfat(&(0x7f0000000440)='vfat\x00', &(0x7f0000000400)='./file0\x00', 0xfffffffffffffffa, 0x1, &(0x7f00000003c0)=[{&(0x7f0000000080)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x280001c, 0x0) r1 = open(&(0x7f0000000300)='./file0\x00', 0x0, 0x0) r2 = syz_open_dev$vcsn(&(0x7f0000000000)='/dev/vcs#\x00', 0x7, 0x42000) r3 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/pfkey\x00', 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x552, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, r3}, 0x78) ioctl$DRM_IOCTL_ADD_CTX(0xffffffffffffffff, 0xc0086420, &(0x7f0000000440)={0x0}) ioctl$DRM_IOCTL_GET_SAREA_CTX(0xffffffffffffffff, 0xc010641d, &(0x7f0000000500)={r4, &(0x7f0000000480)=""/69}) ioctl$DRM_IOCTL_LOCK(0xffffffffffffffff, 0x4008642a, &(0x7f0000000300)={r4, 0x17}) ioctl$DRM_IOCTL_DMA(r3, 0xc0406429, &(0x7f0000000380)={r4, 0x1, &(0x7f0000000040)=[0xdbb], &(0x7f0000000180)=[0x1ff, 0xf0d7, 0xec1f], 0x72, 0x1, 0x4, &(0x7f00000001c0)=[0x5], &(0x7f0000000340)=[0x3ff, 0xa75, 0x5, 0x78, 0x1]}) connect$unix(r2, &(0x7f00000000c0)=@file={0x1, './file0\x00'}, 0x6e) fchdir(r1) creat(&(0x7f0000000140)='./bus\x00', 0x0) mkdir(&(0x7f0000000240)='./file1\x00', 0x0) mkdir(&(0x7f0000000280)='./file0\x00', 0x0) r5 = open(&(0x7f00000009c0)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x800002, 0x11, r5, 0x0) r6 = creat(&(0x7f0000000540)='./file0\x00', 0x29) fcntl$setstatus(r6, 0x4, 0x6100) ftruncate(r6, 0x8200) write$cgroup_type(r6, &(0x7f0000000200)='threaded\x00', 0x175d900f) write$binfmt_misc(r0, &(0x7f0000000140)=ANY=[], 0x4240a2a0) 08:13:54 executing program 5: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000000)="6653070000053c07bc3376003639405cb4aed1e68f7d368b3fb62f00000000", 0x1f}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0xffffffffffffffff, r0, 0x0, 0x0) [ 1218.521110][ T27] kauditd_printk_skb: 2 callbacks suppressed [ 1218.521128][ T27] audit: type=1800 audit(1577520834.251:783): pid=20340 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.3" name="file0" dev="loop3" ino=577 res=0 08:13:54 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x196, 0x0, 0x0, 0x0) ioctl$KVM_GET_XCRS(0xffffffffffffffff, 0x8188aea6, &(0x7f0000000000)=ANY=[@ANYBLOB="010002d59400000500ade76e876e03c8cc0000"]) ioctl$KVM_RUN(r2, 0xae80, 0xffffffff00000000) [ 1218.632323][ T27] audit: type=1804 audit(1577520834.291:784): pid=20340 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir040667840/syzkaller.2WQcgv/137/file0/file0" dev="loop3" ino=577 res=1 08:13:54 executing program 1: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x552, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78) pipe(&(0x7f0000000000)) setsockopt$inet_mreqsrc(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000100)='./file0\x00', 0x40c2, 0x40) r2 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) write(r1, &(0x7f0000000600)="34fd98aa1d0e7adec937a5f331a75f487934f50242a0751944936972896c29a5068c8ecba1aa0a4e2a631b5180e1fbde79f4502dc4c4a1fba9dcd9ed83e639aefa1b87631c33d1a82cb0c0035676ddfeb0fe7984d7519b0f839d497fc9d64ef14d1de22220ff2623df4950134b9fb734a52adad95f131cce3672a9d7d7b400d2c62810b5f20351639330948107bf8d4534a03ac389455c54d8eb4d609b3e858b7213b38eb01f0eeaba3739ae927916e28da6a79a3fd5e32d30ab30bf959d4596e5ffbff6789a650b9e7d248d1ba849012336a4f3ef8fab07a8f5b81bb0bc45b2174538315ca12b7c723b2157562564a8a1f19d28179f8c565448e0e921b8c3e6fc4adaafa8b929ad077f633325b6a6f71a586cabc4883e03e19315f946b277858593a7367e232202fe9ad656c6768a1517da7f0498b48cb078e929fb11db0cc551f754bffc4859dd89a396915cc809b07d448573098409ea21371056f67ef4114ec10547f498d24513fe594308bf022868ad21e85bba811942fdc45161a1a8a7fe00d5c6b05ed7954f631bbd12a5c9a5cfa5965e0595de608b04ebe02b3fcbf3b9f57807a1a7ad8528992e2ec65949da2f4a0478dfd3ae52639c15d8aeaa351da6d393b58c772168fae604d097fef4d6b9360eb169a0b0ee70cdc22435a003e68698f61b3b63b1f51011bc8f4ef944c1de821785f670124a1c6ed18335d63412", 0x200) sendfile(r1, r2, 0x0, 0x7fffffa7) r3 = open(&(0x7f0000000040)='./file0\x00', 0x141042, 0x0) sendfile(r3, r1, 0x0, 0xffffffff) 08:13:54 executing program 2: pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) syz_mount_image$vfat(&(0x7f0000000440)='vfat\x00', &(0x7f0000000400)='./file0\x00', 0xfffffffffffffffa, 0x1, &(0x7f00000003c0)=[{&(0x7f0000000080)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x280001c, 0x0) r1 = open(&(0x7f0000000300)='./file0\x00', 0x0, 0x0) fchdir(r1) creat(&(0x7f0000000140)='./bus\x00', 0x0) r2 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/pfkey\x00', 0x0, 0x0) ioctl$TIOCGPGRP(r2, 0x540f, &(0x7f0000000000)=0x0) r4 = bpf$OBJ_GET_PROG(0x7, &(0x7f00000000c0)={&(0x7f0000000040)='./file0\x00', 0x0, 0x8}, 0x10) kcmp(0xffffffffffffffff, r3, 0x3, r1, r4) mkdir(&(0x7f0000000240)='./file1\x00', 0x0) mkdir(&(0x7f0000000280)='./file0\x00', 0x0) r5 = open(&(0x7f00000009c0)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x800002, 0x11, r5, 0x0) r6 = creat(&(0x7f00000002c0)='./bus\x00', 0x0) fcntl$setstatus(r6, 0x4, 0x6100) ftruncate(r6, 0x8200) write$cgroup_type(r6, &(0x7f0000000200)='threaded\x00', 0x175d900f) write$binfmt_misc(r0, &(0x7f0000000140)=ANY=[], 0x4240a2a0) [ 1218.760712][ T27] audit: type=1804 audit(1577520834.421:785): pid=20360 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.3" name="/root/syzkaller-testdir040667840/syzkaller.2WQcgv/137/file0/file0" dev="loop3" ino=577 res=1 08:13:54 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/de\xf2/kvm@', 0x80080, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x196, 0x0, 0x0, 0x0) ioctl$KVM_GET_XCRS(0xffffffffffffffff, 0x8188aea6, &(0x7f0000000000)=ANY=[@ANYBLOB="010002d59400000500ade76e876e03c883c9f5"]) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 1218.919761][ T27] audit: type=1800 audit(1577520834.651:786): pid=20370 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="file0" dev="loop1" ino=578 res=0 08:13:54 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r3 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/pfkey\x00', 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x552, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, r3}, 0x78) setsockopt$inet6_udp_int(r3, 0x11, 0x0, &(0x7f0000000040)=0x8, 0x4) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r4 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/pfkey\x00', 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x552, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, r4}, 0x78) r5 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/pfkey\x00', 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x552, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, r5}, 0x78) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_GET_XCRS(0xffffffffffffffff, 0x8188aea6, &(0x7f0000000000)=ANY=[@ANYBLOB="010002d59400000500ade76e876e03c8cc0000"]) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 1219.064770][ T27] audit: type=1804 audit(1577520834.651:787): pid=20370 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir643497950/syzkaller.E8iwYA/249/file0/file0" dev="loop1" ino=578 res=1 [ 1219.096061][T20375] FAT-fs (loop1): error, fat_get_cluster: invalid cluster chain (i_pos 17) 08:13:54 executing program 2: r0 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/pfkey\x00', 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x552, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, r0}, 0x78) r1 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000580)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f00000001c0)={0x0, 0x18, 0xfa00, {0x4, &(0x7f0000000140)={0xffffffffffffffff}, 0x2}}, 0x20) write$RDMA_USER_CM_CMD_RESOLVE_IP(r1, &(0x7f0000000200)={0x3, 0x40, 0xfa00, {{0xa, 0x0, 0x0, @mcast1}, {0xa, 0x0, 0x0, @mcast1}, r2}}, 0x48) write$RDMA_USER_CM_CMD_BIND_IP(r0, &(0x7f0000000000)={0x2, 0x28, 0xfa00, {0x0, {0xa, 0x4e22, 0x1, @loopback, 0x1}, r2}}, 0x30) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) syz_mount_image$vfat(&(0x7f0000000440)='vfat\x00', &(0x7f0000000400)='./file0\x00', 0xfffffffffffffffa, 0x1, &(0x7f00000003c0)=[{&(0x7f0000000080)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x280001c, 0x0) r5 = open(&(0x7f0000000300)='./file0\x00', 0x0, 0x0) fchdir(r5) creat(&(0x7f0000000140)='./bus\x00', 0x0) mkdir(&(0x7f0000000240)='./file1\x00', 0x0) mkdir(&(0x7f0000000280)='./file0\x00', 0x0) r6 = socket(0xa, 0xa, 0x7) r7 = socket(0x11, 0x800000003, 0x0) bind(r7, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000140)=0x14) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000001280)=ANY=[@ANYBLOB="d00800002400ffffff7f00000000ffffa6fffff7", @ANYRES32=r8, @ANYBLOB="0000000bf1ffffff000000000800010063627100a408020004040600030000000500000000700300fdffffffffff00001f0000000500000000010000000000100083000000fdffffff07000000084900000100000002000000cf000000feffffff0800003326f6000180000003000000090000000200000000274a49ef6949a7bb000000050000000100000004000000ff7f000000000000000400000002000004000000ff0f0000f44f350001000000010400005eb768350100000008000000ffffffffc38d00001f000000040008830600000000000100f7ffffff030000000080ffff050000000600000006000000a900000000000000c0000000c0ffffff08000000018000000101000006000000b300000000000020050000000104000004000000070000000800000001010000c22e0000c0ffffff0500000004000000060000000900000008000000f7ffffff0800000003000000080000000400000001030080040000000400000000100000040000000700000009000000fcffffff01000000010000000900000000020000060e0000080000000200000002000000090000000800000007000000ab000000fb00000007000000ff0100000800000001040000070000000300000009000000ff07000008000000ffff0000a90100000900000005000000200000000500000001000000070000008eb7000000000080010000000000000007000000fffffffffcffffff01f0ffff000000003f00000003000000000100000080000000800000030000000500000005000000ffffffff0700000015ba000004000000070000000300000003000000ffffffff04000000554f00006ff800000700000003000000000200000600000008000000b300000006000000000000000007000001010000030000000080000000040000730a000001000080010000009e0c0000000800000100008000000000000000004000000000fefffff67d000004000000ff01000002000000000000004000000040000000ed000000010001000e0a05000000000000020000040000000600000002000000ff7f00000100000001000000060000007f000000020000000004000004000000090000009000000008000000b6000000040000000400000005000000f50a0000ffff0000060000008ff9ffff070000001eaaffff3f0000008000000000000000ff0c0000ff7f0000030000007f0000002d0000000800000000010000ff070000ffffffff2bab000002000000ace800000500000000000000e1bf934d070000001f000d000300000004000000070000000900000005000000030000000200000087d400000200000008000000000100007f0000000e000000080000000200000007000000ffffff7f06000000000000000500000001000000820000001f0000000004000001000000faffffff0500000006000000070000000300000010000500810306009fff04000800000004040600d90b0000ff00000005000000040000001ba2cc3b00000080010000003f000000ff0f00201152c97303000000be060000fffffffffffeffff7f000000ff0000008100000000db040009000000070000000300000000000000060000008f5e0000010000000002000006000000010100000200000007000000000000e03189000001040000000800000600000004000000080000000400000002000000c00000000800000008000000f7ffffff05000000810000004d00000001000080eb0700001f000000090000000597000001000000000000000000000002000000ffff00000100000002000000000000e0a000000040000000ff000000f7ffffff0500000009000000070000000600000028080000030000000600000004000000be00000003000000070000000500000038080000faffffffffffffff47b5554d001000008100000007000000ffffffff040000000100000002000000566b00002000000004000000020000008b01000001000000ffff000004000000ff0f0000050000002000000003000000e40d000007000000f8ffffff200000003f000000387f00000700000007000000c10a000009000000040000000400000000000000008000000100008009000000370b000000000080ff07000006000000bb7900000400000002000000ffffff7f0300000000000000090000000700000005000000000000807f0000000900000008000000fad4ffffff01000001010000010000003f0000000400000020f2ffff01000100ffff0000010000000200000008000000fbfffffff9ffffff040000004d000000060000000200000002000000070000004e0d0000000200000800000035000000300e00000700000000040000020000000180000020000000f2ffffff070000000500000000010000fffffeff0900000000080000070000000800000009000000ff7f00000900000004000000040000000000000006000000050000000100000009000000080000007e0700000300000000800000bf16000002000006000000ffee0000000100000000000000001000006305000000000000000000007f00000010080000000000000100008002000000080000000101000003000000ffffff7ffffffffff7ffffff0600000003000000a6060000ff0300000700000001800000090000000200000000000000040000000080ffff00020000070000000500000001000100000000800000af06060000002b0a000005000000010000000500000009000000040000000500000002000000ffffff7ff30000000800000002000000ffff0000ff070000810000004000000075fc000009000000fbffffff0500000000000000810000000100000080000000d05e0000020000001f00000000000000ff010000451e00002d00000000000000ff0000001000030008001000ff070000010000001800010039031c020101000001000000000000060500000010000200e002807104000000ff03000018000100080d1e02800000000700000024709a02ff7f000010000500010000000000e0ff07000000100003001f0003000700000001010000180001000501040009000000040000000104000000000000f2275eef7138e6d8404ee35c1c03d0a7e3015b89e6e440ebafa27d5b8188804cd5beea2fda73c030f26439c9e4f2e27a824bfb4415f2af99b482560d1a447df28d8d838ad1a39caf40dc96c5f134529d47c0604f66f8714f8ee51165c4b029a7dc7e2f90de64a234d9098b06231c71bc79c43de912eb17614cf75d8c49152a801ac9a1326f0e334e0534faa8d8704d03c25495230a2ed4feb5298d99c124310dd8d4054c8be6bdb8bcede3d1552b08c169755c508c65ff8e1c50711a38d9a451eb650df96535fcc7669eb1f0f7fc5135a05b389610d33df49e9d1d3808c8fa0524b1caa582c913fedb22de15fbc7e7890faa48e6205a74bf817d48ea3dc9cddb6acc14b94522ccce95a27379b1ced543ad45de5016647e86154fd92670b9fc95ff90ea60fcf349981185b11322c4a48276eea082e4be45b9125653ba5f8ad8500d0d768b2de6b9e198568ecd526a1ba44c9180104fa91e55e31181b4acad815ef766bc8604c30c715da309a185645439aaabb542625905dc77193d45cde1978dc9c67cea6b01d2d4a28b13fc1e71d1f2a38537c44b629790b1305371c9e705771da5555c743b5b4adea2b95aa708f41e7a713277f5422f2bb669861730554e266f4ae61e0377f517b23ae4821e04e500cf998be043bab81fa38368a555f4a381eab2a692e06a4ca80bcb7570518078eb76bd313b23d0708cd26017f5a61b25a4fd45c27d7c3c7b21"], 0x8d0}}, 0x0) setsockopt$packet_add_memb(r6, 0x107, 0x1, &(0x7f0000000040)={r8, 0x1, 0x6, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}}, 0x10) r9 = open(&(0x7f00000009c0)='./bus\x00', 0x141042, 0x0) write$binfmt_elf64(r3, &(0x7f0000000a00)={{0x7f, 0x45, 0x4c, 0x46, 0x3, 0x6, 0x1, 0x2, 0x8001, 0x2, 0x3, 0x3, 0x2, 0x40, 0x200, 0x80, 0x8, 0x38, 0x5, 0x6, 0x0, 0x8}, [{0x6, 0x7, 0x5f06eb18, 0x1, 0x100000000, 0x10001, 0x9, 0xe00000000}], "7bfad37461a6c69dd628fa5c972eda463135fdd0c14a079f312d0519b7c58a8821483a88b07310532938721adad6e4bcd4d2a41d48c2859584e94ba28e6a0efe4e7ef0cff977f9b76de08abfb7ad48794096408fa90f3c7d1a7f042df7c320c703cf2147b9", [[], [], [], [], [], [], [], [], [], []]}, 0xadd) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x800002, 0x11, r9, 0x0) r10 = creat(&(0x7f00000002c0)='./bus\x00', 0x0) fcntl$setstatus(r10, 0x4, 0x6100) ftruncate(r10, 0x8200) write$cgroup_type(r10, &(0x7f0000000200)='threaded\x00', 0x175d900f) write$binfmt_misc(r4, &(0x7f0000000140)=ANY=[], 0x4240a2a0) [ 1219.150693][ T27] audit: type=1804 audit(1577520834.781:788): pid=20370 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir643497950/syzkaller.E8iwYA/249/file0/file0" dev="loop1" ino=578 res=1 [ 1219.165626][T20375] FAT-fs (loop1): Filesystem has been set read-only [ 1219.232626][T20375] FAT-fs (loop1): error, fat_get_cluster: invalid cluster chain (i_pos 17) 08:14:03 executing program 0: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(r0, 0x40086602, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x6}, 0x3c) write$cgroup_subtree(r1, &(0x7f0000000000)=ANY=[], 0x32600) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r1, &(0x7f0000000000)=ANY=[@ANYBLOB], 0xda00) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000080)='cpu.stat\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x7fff}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffc}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) write$cgroup_int(r2, &(0x7f0000000200), 0x43400) ioctl$PERF_EVENT_IOC_MODIFY_ATTRIBUTES(r1, 0x4008240b, &(0x7f0000000280)={0x0, 0x70, 0xff, 0x1, 0x0, 0x3, 0x0, 0x100000000, 0xc17d06253f1d94fb, 0x2, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x8000, 0x4, @perf_config_ext={0x4, 0x1f}, 0x800, 0x8239, 0x7fff, 0x1, 0x1000, 0x9, 0x7}) 08:14:03 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x1000, &(0x7f0000016000/0x1000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x196, 0x0, 0x0, 0x0) syz_open_dev$usbmon(&(0x7f0000000040)='/dev/usbmon#\x00', 0xffff, 0x800) ioctl$KVM_GET_XCRS(0xffffffffffffffff, 0x8188aea6, &(0x7f0000000000)=ANY=[@ANYBLOB="01000239ade5630500ade76e876e03c8cc0000"]) ioctl$KVM_RUN(r2, 0xae80, 0x0) 08:14:03 executing program 1: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x552, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78) setsockopt$inet_mreqsrc(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000100)='./file0\x00', 0x40c2, 0x40) r2 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) write(r1, &(0x7f0000000600)="34fd98aa1d0e7adec937a5f331a75f487934f50242a0751944936972896c29a5068c8ecba1aa0a4e2a631b5180e1fbde79f4502dc4c4a1fba9dcd9ed83e639aefa1b87631c33d1a82cb0c0035676ddfeb0fe7984d7519b0f839d497fc9d64ef14d1de22220ff2623df4950134b9fb734a52adad95f131cce3672a9d7d7b400d2c62810b5f20351639330948107bf8d4534a03ac389455c54d8eb4d609b3e858b7213b38eb01f0eeaba3739ae927916e28da6a79a3fd5e32d30ab30bf959d4596e5ffbff6789a650b9e7d248d1ba849012336a4f3ef8fab07a8f5b81bb0bc45b2174538315ca12b7c723b2157562564a8a1f19d28179f8c565448e0e921b8c3e6fc4adaafa8b929ad077f633325b6a6f71a586cabc4883e03e19315f946b277858593a7367e232202fe9ad656c6768a1517da7f0498b48cb078e929fb11db0cc551f754bffc4859dd89a396915cc809b07d448573098409ea21371056f67ef4114ec10547f498d24513fe594308bf022868ad21e85bba811942fdc45161a1a8a7fe00d5c6b05ed7954f631bbd12a5c9a5cfa5965e0595de608b04ebe02b3fcbf3b9f57807a1a7ad8528992e2ec65949da2f4a0478dfd3ae52639c15d8aeaa351da6d393b58c772168fae604d097fef4d6b9360eb169a0b0ee70cdc22435a003e68698f61b3b63b1f51011bc8f4ef944c1de821785f670124a1c6ed18335d63412", 0x200) sendfile(r1, r2, 0x0, 0x7fffffa7) r3 = open(&(0x7f0000000040)='./file0\x00', 0x141042, 0x0) sendfile(r3, r1, 0x0, 0xffffffff) r4 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_S_EXT_CTRLS(r4, 0xc0205648, &(0x7f0000000080)={0x0, 0x7}) r5 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r5, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0}, &(0x7f0000000280)=0x5) setuid(r6) getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, &(0x7f0000000440)={{{@in, @in6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@ipv4={[], [], @remote}}, 0x0, @in=@initdev}}, &(0x7f0000000380)=0xe8) r8 = socket$inet(0x2, 0x1, 0x0) setsockopt(r8, 0x0, 0x40, &(0x7f0000000000), 0x18) fstat(r8, &(0x7f0000000640)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) lsetxattr$system_posix_acl(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='system.posix_acl_access\x00', &(0x7f00000003c0)={{}, {0x1, 0x4}, [{}, {0x2, 0x1, r7}], {0x4, 0x2}, [{0x8, 0x4, r9}], {0x10, 0x2}, {0x20, 0x2}}, 0x3c, 0x1) fchown(r4, r6, r9) 08:14:03 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x9, 0x4, &(0x7f0000000040)=@framed={{0xffffffb4, 0x6cb3210000000000, 0x0, 0x0, 0x0, 0x6e}, [@ldst={0x3, 0x0, 0x3, 0x1c10a1, 0x0, 0x18}]}, &(0x7f0000003ff6)='G\x00', 0x5, 0x100b0, &(0x7f000000cf3d)=""/195}, 0x48) 08:14:03 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket$inet6(0xa, 0x3, 0x6) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) fanotify_mark(0xffffffffffffffff, 0x21, 0x30, 0xffffffffffffffff, 0x0) 08:14:03 executing program 5: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000000)="6653070000053c07bc3376003639405cb4aed1e68f7d368b3fb62f00000000", 0x1f}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0xffffffffffffffff, r0, 0x0, 0x0) 08:14:03 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x196, 0x0, 0x0, 0x0) ioctl$KVM_GET_XCRS(0xffffffffffffffff, 0x8188aea6, &(0x7f0000000000)=ANY=[@ANYBLOB="010002d59400000500ade76e876e173bcc0000"]) r3 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vcs\x00', 0x400, 0x0) ioctl$VT_RESIZE(r3, 0x5609, &(0x7f0000000080)={0x9, 0x8bb0, 0xff}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 08:14:03 executing program 2: r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x16006558, &(0x7f0000000080)=[{&(0x7f00000002c0)="2e00000010008102040f80ecdb4cb92e0a4800201a000000e8bd6efb250009000e0001000a0000ff050005001201", 0x2e}], 0x1}, 0x0) 08:14:03 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000240)={'ip6tnl0\x00', &(0x7f0000000200)=@ethtool_cmd={0x15}}) [ 1227.867639][ T27] audit: type=1800 audit(1577520843.601:789): pid=20421 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="file0" dev="loop1" ino=579 res=0 08:14:03 executing program 2: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) syz_emit_ethernet(0x3e, &(0x7f0000000000)={@broadcast, @local, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x30, 0x0, 0x0, 0x0, 0x1, 0x0, @multicast1}, @icmp=@parameter_prob={0x5, 0x0, 0x0, 0x0, 0x0, 0x6, {0x5, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @local}}}}}}, 0x0) setsockopt$inet_sctp_SCTP_AUTOCLOSE(0xffffffffffffffff, 0x84, 0x5, 0x0, 0x0) recvfrom$inet(r0, 0x0, 0x0, 0x0, 0x0, 0x800e00319) [ 1228.008350][ T27] audit: type=1804 audit(1577520843.641:790): pid=20430 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir643497950/syzkaller.E8iwYA/250/file0/file0" dev="loop1" ino=579 res=1 [ 1228.048837][T20421] FAT-fs (loop1): error, fat_get_cluster: invalid cluster chain (i_pos 17) 08:14:03 executing program 3: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket(0xa, 0x1, 0x0) close(r2) r3 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r3, 0x84, 0x6e, &(0x7f0000000180)=[@in6={0xa, 0x0, 0x0, @remote, 0x9}], 0x1c) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r3, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [0x0]}, &(0x7f000095dffc)=0x8) sendmmsg$inet_sctp(r2, &(0x7f0000002cc0)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000016c0)=[@sndinfo={0x20, 0x84, 0x2, {0x0, 0x4, 0x0, 0x0, r4}}], 0x20}], 0x1, 0x0) [ 1228.086342][ T27] audit: type=1804 audit(1577520843.701:791): pid=20430 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir643497950/syzkaller.E8iwYA/250/file0/file0" dev="loop1" ino=579 res=1 08:14:03 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) llistxattr(&(0x7f0000000080)='./file0\x00', &(0x7f00000001c0)=""/255, 0xff) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r2 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_TLS_TX(r2, 0x6, 0x1, &(0x7f0000000040)=@gcm_256={{0x608}, "6750883775ae77e0", "7b7208c1f0360963a3cbc26f3bc68190ce79bbe29c94d15a61200e9527f0ca8c", "3a4620b1", "5654f0b196090ab1"}, 0x38) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x196, 0x0, 0x0, 0x0) ioctl$KVM_GET_XCRS(0xffffffffffffffff, 0x8188aea6, &(0x7f0000000000)=ANY=[@ANYBLOB="010002d594001d0500ade76e877e03c8cc0000"]) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) [ 1228.145588][T20421] FAT-fs (loop1): Filesystem has been set read-only [ 1228.152925][T20421] FAT-fs (loop1): error, fat_get_cluster: invalid cluster chain (i_pos 17) [ 1228.161839][T20430] FAT-fs (loop1): error, fat_get_cluster: invalid cluster chain (i_pos 17) [ 1228.207669][T20421] FAT-fs (loop1): error, fat_get_cluster: invalid cluster chain (i_pos 17) [ 1228.238824][T20421] FAT-fs (loop1): error, fat_get_cluster: invalid cluster chain (i_pos 17) [ 1228.262344][T20421] FAT-fs (loop1): error, fat_get_cluster: invalid cluster chain (i_pos 17) [ 1228.292321][T20421] FAT-fs (loop1): error, fat_get_cluster: invalid cluster chain (i_pos 17) [ 1228.301463][ T27] audit: type=1800 audit(1577520844.031:792): pid=20421 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed comm="syz-executor.1" name="file0" dev="loop1" ino=579 res=0 08:14:14 executing program 0: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(r0, 0x40086602, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x6}, 0x3c) write$cgroup_subtree(r1, &(0x7f0000000000)=ANY=[], 0x32600) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r1, &(0x7f0000000000)=ANY=[@ANYBLOB], 0xda00) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000080)='cpu.stat\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x7fff}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffc}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) write$cgroup_int(r2, &(0x7f0000000200), 0x43400) ioctl$PERF_EVENT_IOC_MODIFY_ATTRIBUTES(r1, 0x4008240b, &(0x7f0000000280)={0x0, 0x70, 0xff, 0x1, 0x0, 0x3, 0x0, 0x100000000, 0xc17d06253f1d94fb, 0x2, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x8000, 0x4, @perf_config_ext={0x4, 0x1f}, 0x800, 0x8239, 0x7fff, 0x1, 0x1000, 0x9, 0x7}) 08:14:14 executing program 3: syz_mount_image$iso9660(&(0x7f0000000040)='iso9660\x00', &(0x7f0000000240)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f00000006c0)={[{@nojoliet='nojoliet'}, {@cruft='cruft'}]}) 08:14:14 executing program 1: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x0, &(0x7f0000000140), 0x80, 0x0) r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x19, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0xfffffffffffffffd) setsockopt$inet_mreqsrc(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000100)='./file0\x00', 0x40c2, 0x40) r2 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) write(r1, &(0x7f0000000600)="34fd98aa1d0e7adec937a5f331a75f487934f50242a0751944936972896c29a5068c8ecba1aa0a4e2a631b5180e1fbde79f4502dc4c4a1fba9dcd9ed83e639aefa1b87631c33d1a82cb0c0035676ddfeb0fe7984d7519b0f839d497fc9d64ef14d1de22220ff2623df4950134b9fb734a52adad95f131cce3672a9d7d7b400d2c62810b5f20351639330948107bf8d4534a03ac389455c54d8eb4d609b3e858b7213b38eb01f0eeaba3739ae927916e28da6a79a3fd5e32d30ab30bf959d4596e5ffbff6789a650b9e7d248d1ba849012336a4f3ef8fab07a8f5b81bb0bc45b2174538315ca12b7c723b2157562564a8a1f19d28179f8c565448e0e921b8c3e6fc4adaafa8b929ad077f633325b6a6f71a586cabc4883e03e19315f946b277858593a7367e232202fe9ad656c6768a1517da7f0498b48cb078e929fb11db0cc551f754bffc4859dd89a396915cc809b07d448573098409ea21371056f67ef4114ec10547f498d24513fe594308bf022868ad21e85bba811942fdc45161a1a8a7fe00d5c6b05ed7954f631bbd12a5c9a5cfa5965e0595de608b04ebe02b3fcbf3b9f57807a1a7ad8528992e2ec65949da2f4a0478dfd3ae52639c15d8aeaa351da6d393b58c772168fae604d097fef4d6b9360eb169a0b0ee70cdc22435a003e68698f61b3b63b1f51011bc8f4ef944c1de821785f670124a1c6ed18335d63412", 0x200) sendfile(r1, r2, 0x0, 0x7fffffa7) r3 = open(&(0x7f0000000040)='./file0\x00', 0x141042, 0x0) sendfile(r3, r1, 0x0, 0xffffffff) 08:14:14 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/pfkey\x00', 0x22000, 0x0) getresuid(&(0x7f0000000140)=0x0, &(0x7f00000000c0), &(0x7f0000000100)) ioctl$TUNSETOWNER(r1, 0x400454cc, r2) r3 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0xf000, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, 0x0, 0x196, 0x0, 0x0, 0x0) ioctl$KVM_GET_XCRS(0xffffffffffffffff, 0x8188aea6, &(0x7f0000000040)=ANY=[@ANYBLOB="01000200ade76e876e03c8cc94085407b6a8cf2fbd8778"]) ioctl$KVM_RUN(r4, 0xae80, 0x0) 08:14:14 executing program 2: 08:14:14 executing program 5: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000000)="6653070000053c07bc3376003639405cb4aed1e68f7d368b3fb62f00000000", 0x1f}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0xffffffffffffffff, r0, 0x0, 0x0) [ 1239.170880][T20481] FAT-fs (loop1): bogus number of reserved sectors 08:14:14 executing program 2: [ 1239.216893][T20477] ISOFS: Unable to identify CD-ROM format. [ 1239.226440][T20481] FAT-fs (loop1): Can't find a valid FAT filesystem [ 1239.278881][ T27] audit: type=1800 audit(1577520855.011:793): pid=20490 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="file0" dev="sda1" ino=16839 res=0 [ 1239.342420][T20477] ISOFS: Unable to identify CD-ROM format. 08:14:15 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x196, 0x0, 0x0, 0x0) ioctl$KVM_GET_XCRS(0xffffffffffffffff, 0x8188aea6, &(0x7f0000000000)=ANY=[@ANYBLOB="00000500ade76e876e03c80800000000000000"]) ioctl$KVM_RUN(r2, 0xae80, 0x0) 08:14:15 executing program 2: [ 1239.376945][ T27] audit: type=1804 audit(1577520855.061:794): pid=20496 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir643497950/syzkaller.E8iwYA/251/file0/file0" dev="sda1" ino=16839 res=1 [ 1239.402740][ T27] audit: type=1804 audit(1577520855.111:795): pid=20496 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir643497950/syzkaller.E8iwYA/251/file0/file0" dev="sda1" ino=16839 res=1 08:14:15 executing program 3: 08:14:15 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_GET_CLOCK(r1, 0x8030ae7c, &(0x7f0000000000)) 08:14:15 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000140)='/dev/bsg\x00', 0x3c2, 0x0) ioctl$PPPIOCATTACH(r2, 0x4004743d, &(0x7f00000001c0)=0x1) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_open_dev$media(&(0x7f0000000040)='/dev/media#\x00', 0x0, 0x80) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x10000, 0x2000, &(0x7f0000000000/0x2000)=nil}) r4 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/pfkey\x00', 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x552, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, r4}, 0x78) connect$bt_sco(r4, &(0x7f0000000080)={0x1f, {0x8, 0x1, 0x1f, 0x3, 0xee, 0x4}}, 0x8) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, 0x0, 0x196, 0x0, 0x0, 0x0) keyctl$update(0x2, 0x0, &(0x7f0000000100)="308b97511100e268a307b4cdc2055d221a359e2b4d6032caf885802255238c41635c1e", 0x23) ioctl$KVM_GET_XCRS(0xffffffffffffffff, 0x8188aea6, &(0x7f0000000000)=ANY=[@ANYBLOB="010002d59400000500ade76e876e03c8cc0000"]) ioctl$KVM_RUN(r3, 0xae80, 0x0) [ 1239.947429][T20481] FAT-fs (loop1): bogus number of reserved sectors [ 1239.962467][T20481] FAT-fs (loop1): Can't find a valid FAT filesystem [ 1240.033420][ T27] audit: type=1804 audit(1577520855.771:796): pid=20481 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir643497950/syzkaller.E8iwYA/251/file0/file0" dev="sda1" ino=16839 res=1 [ 1240.112968][ T27] audit: type=1804 audit(1577520855.771:797): pid=20496 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir643497950/syzkaller.E8iwYA/251/file0/file0" dev="sda1" ino=16839 res=1 [ 1240.138633][ T27] audit: type=1804 audit(1577520855.771:798): pid=20481 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir643497950/syzkaller.E8iwYA/251/file0/file0" dev="sda1" ino=16839 res=1 08:14:23 executing program 0: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(r0, 0x40086602, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x6}, 0x3c) write$cgroup_subtree(r1, &(0x7f0000000000)=ANY=[], 0x32600) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r1, &(0x7f0000000000)=ANY=[@ANYBLOB], 0xda00) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000080)='cpu.stat\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x7fff}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffc}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) write$cgroup_int(r2, &(0x7f0000000200), 0x43400) ioctl$PERF_EVENT_IOC_MODIFY_ATTRIBUTES(r1, 0x4008240b, &(0x7f0000000280)={0x0, 0x70, 0xff, 0x1, 0x0, 0x3, 0x0, 0x100000000, 0xc17d06253f1d94fb, 0x2, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x8000, 0x4, @perf_config_ext={0x4, 0x1f}, 0x800, 0x8239, 0x7fff, 0x1, 0x1000, 0x9, 0x7}) 08:14:23 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_RUN(r2, 0x81a0ae8c, 0x0) 08:14:23 executing program 2: r0 = add_key(&(0x7f0000000000)='id_resolver\x00', &(0x7f0000000080)={'syz', 0x0}, &(0x7f00000000c0)='\a', 0x1, 0xffffffffffffffff) keyctl$search(0xa, r0, &(0x7f00000001c0)='trusted\x00', &(0x7f0000000200)={'syz', 0x0}, r0) 08:14:23 executing program 1: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x552, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78) setsockopt$inet_mreqsrc(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000000)='./file0\x00', 0x101000, 0x24) r2 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) write(r1, &(0x7f0000000600)="34fd98aa1d0e7adec937a5f331a75f487934f50242a0751944936972896c29a5068c8ecba1aa0a4e2a631b5180e1fbde79f4502dc4c4a1fba9dcd9ed83e639aefa1b87631c33d1a82cb0c0035676ddfeb0fe7984d7519b0f839d497fc9d64ef14d1de22220ff2623df4950134b9fb734a52adad95f131cce3672a9d7d7b400d2c62810b5f20351639330948107bf8d4534a03ac389455c54d8eb4d609b3e858b7213b38eb01f0eeaba3739ae927916e28da6a79a3fd5e32d30ab30bf959d4596e5ffbff6789a650b9e7d248d1ba849012336a4f3ef8fab07a8f5b81bb0bc45b2174538315ca12b7c723b2157562564a8a1f19d28179f8c565448e0e921b8c3e6fc4adaafa8b929ad077f633325b6a6f71a586cabc4883e03e19315f946b277858593a7367e232202fe9ad656c6768a1517da7f0498b48cb078e929fb11db0cc551f754bffc4859dd89a396915cc809b07d448573098409ea21371056f67ef4114ec10547f498d24513fe594308bf022868ad21e85bba811942fdc45161a1a8a7fe00d5c6b05ed7954f631bbd12a5c9a5cfa5965e0595de608b04ebe02b3fcbf3b9f57807a1a7ad8528992e2ec65949da2f4a0478dfd3ae52639c15d8aeaa351da6d393b58c772168fae604d097fef4d6b9360eb169a0b0ee70cdc22435a003e68698f61b3b63b1f51011bc8f4ef944c1de821785f670124a1c6ed18335d63412", 0x200) sendfile(r1, r2, 0x0, 0x7fffffa7) r3 = open(&(0x7f0000000040)='./file0\x00', 0x49b253f9a952af44, 0x1) sendfile(r3, r1, 0x0, 0xffffffff) 08:14:23 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000400)={0x101fc, 0x0, 0x5000, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x196, 0x0, 0x0, 0x0) ioctl$KVM_GET_XCRS(0xffffffffffffffff, 0x8188aea6, &(0x7f0000000000)=ANY=[@ANYBLOB="010002d59400000500ade76e876e03c8dc0000"]) ioctl$KVM_RUN(r2, 0xae80, 0x0) clock_gettime(0x0, &(0x7f0000000040)={0x0, 0x0}) r5 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_S_EXT_CTRLS(r5, 0xc0205648, &(0x7f0000000080)={0x0, 0x7}) ioctl$VIDIOC_DQBUF(0xffffffffffffffff, 0xc0585611, &(0x7f0000000080)={0x2, 0x6, 0x4, 0x4000, 0x2, {r3, r4/1000+30000}, {0x145dd8c8a9731f0e, 0x1, 0xfc, 0x6, 0x6, 0x3f, "2f53bcf6"}, 0x0, 0x1, @offset=0x80, 0x1, 0x0, r5}) ioctl$CAPI_CLR_FLAGS(r6, 0x80044325, &(0x7f0000000100)=0x1) 08:14:23 executing program 5: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000000)="6653070000053c07bc3376003639405cb4aed1e68f7d368b3fb62f00000000", 0x1f}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, 0x0, 0x0, 0x0) 08:14:23 executing program 3: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000380)=ANY=[@ANYBLOB="b702000003000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x2ca}, 0x48) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpid() setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x10d, 0x2, 0x0, 0x0) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x10d, 0x2, &(0x7f0000000080), 0x252) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r0, 0x18000000000002a0, 0x2f9, 0x300, &(0x7f0000000040)="b90103000000f000009e0ff008001fffffe100004000633a77fbac141414e0000001be3e7d2a182fff", 0x0, 0x104, 0x6000000000000000}, 0x28) 08:14:23 executing program 2: openat$kvm(0xffffffffffffff9c, &(0x7f0000000240)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_GET_CLOCK(r1, 0x8030ae7c, &(0x7f0000000000)) mknod$loop(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) 08:14:23 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x22002, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x196, 0x0, 0x0, 0x0) ioctl$KVM_GET_XCRS(0xffffffffffffffff, 0x8188aea6, &(0x7f0000000000)=ANY=[@ANYBLOB="010002d59400000500ade76e876e03c8cc0000"]) ioctl$KVM_RUN(r2, 0xae80, 0x0) 08:14:23 executing program 1: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x552, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78) setsockopt$inet_mreqsrc(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000100)='./file0\x00', 0x40c2, 0x40) r2 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r2, &(0x7f0000000080)={0x0, 0x3b, &(0x7f00000000c0)=[{&(0x7f0000000000)="2e0000002e00815be00f80ecdb4cb9040d4865160800030040000000000004140e000a001500cd5edc2976d153b4", 0x235}], 0x1}, 0x0) r3 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) write(r1, &(0x7f0000000600)="34fd98aa1d0e7adec937a5f331a75f487934f50242a0751944936972896c29a5068c8ecba1aa0a4e2a631b5180e1fbde79f4502dc4c4a1fba9dcd9ed83e639aefa1b87631c33d1a82cb0c0035676ddfeb0fe7984d7519b0f839d497fc9d64ef14d1de22220ff2623df4950134b9fb734a52adad95f131cce3672a9d7d7b400d2c62810b5f20351639330948107bf8d4534a03ac389455c54d8eb4d609b3e858b7213b38eb01f0eeaba3739ae927916e28da6a79a3fd5e32d30ab30bf959d4596e5ffbff6789a650b9e7d248d1ba849012336a4f3ef8fab07a8f5b81bb0bc45b2174538315ca12b7c723b2157562564a8a1f19d28179f8c565448e0e921b8c3e6fc4adaafa8b929ad077f633325b6a6f71a586cabc4883e03e19315f946b277858593a7367e232202fe9ad656c6768a1517da7f0498b48cb078e929fb11db0cc551f754bffc4859dd89a396915cc809b07d448573098409ea21371056f67ef4114ec10547f498d24513fe594308bf022868ad21e85bba811942fdc45161a1a8a7fe00d5c6b05ed7954f631bbd12a5c9a5cfa5965e0595de608b04ebe02b3fcbf3b9f57807a1a7ad8528992e2ec65949da2f4a0478dfd3ae52639c15d8aeaa351da6d393b58c772168fae604d097fef4d6b9360eb169a0b0ee70cdc22435a003e68698f61b3b63b1f51011bc8f4ef944c1de821785f670124a1c6ed18335d63412", 0x200) sendfile(r1, r3, 0x0, 0x7fffffa7) r4 = open(&(0x7f0000000040)='./file0\x00', 0x141042, 0x0) sendfile(r4, r1, 0x0, 0xffffffff) 08:14:23 executing program 2: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x552, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78) setsockopt$inet_mreqsrc(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000100)='./file0\x00', 0x40c2, 0x40) r2 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) write(r1, &(0x7f0000000600)="34fd98aa1d0e7adec937a5f331a75f487934f50242a0751944936972896c29a5068c8ecba1aa0a4e2a631b5180e1fbde79f4502dc4c4a1fba9dcd9ed83e639aefa1b87631c33d1a82cb0c0035676ddfeb0fe7984d7519b0f839d497fc9d64ef14d1de22220ff2623df4950134b9fb734a52adad95f131cce3672a9d7d7b400d2c62810b5f20351639330948107bf8d4534a03ac389455c54d8eb4d609b3e858b7213b38eb01f0eeaba3739ae927916e28da6a79a3fd5e32d30ab30bf959d4596e5ffbff6789a650b9e7d248d1ba849012336a4f3ef8fab07a8f5b81bb0bc45b2174538315ca12b7c723b2157562564a8a1f19d28179f8c565448e0e921b8c3e6fc4adaafa8b929ad077f633325b6a6f71a586cabc4883e03e19315f946b277858593a7367e232202fe9ad656c6768a1517da7f0498b48cb078e929fb11db0cc551f754bffc4859dd89a396915cc809b07d448573098409ea21371056f67ef4114ec10547f498d24513fe594308bf022868ad21e85bba811942fdc45161a1a8a7fe00d5c6b05ed7954f631bbd12a5c9a5cfa5965e0595de608b04ebe02b3fcbf3b9f57807a1a7ad8528992e2ec65949da2f4a0478dfd3ae52639c15d8aeaa351da6d393b58c772168fae604d097fef4d6b9360eb169a0b0ee70cdc22435a003e68698f61b3b63b1f51011bc8f4ef944c1de821785f670124a1c6ed18335d63412", 0x200) sendfile(r1, r2, 0x0, 0x7fffffa7) r3 = open(&(0x7f0000000040)='./file0\x00', 0x141042, 0x0) sendfile(r3, r1, 0x0, 0xffff0010) [ 1247.936899][ T27] audit: type=1800 audit(1577520863.671:799): pid=20574 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="file0" dev="loop1" ino=580 res=0 [ 1248.030902][ T27] audit: type=1804 audit(1577520863.731:800): pid=20574 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir643497950/syzkaller.E8iwYA/253/file0/file0" dev="loop1" ino=580 res=1 [ 1248.056933][ T27] audit: type=1800 audit(1577520863.741:801): pid=20583 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.2" name="file0" dev="sda1" ino=16545 res=0 08:14:23 executing program 3: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{0x0, 0x0, 0x0}, 0x80008}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000001c0)='fdinfo/3\x00\xc9\xc9\xec\x80\xe3\xd7\x19)aF>\x11\x9ed\xa4IWj\xd4$,\x86\xf9\xa0r\x02A>\xb4p\xb0\xbe\xcf0\xb6\xaa\xc1\x00\x02\x9e\x9b\".O=\xf3\x86r\xffp\xcf\x93Z\xf5\xfe{\xd9L\x92\xc3\x1a\xafx\xd1s\xe4$\xf1\xd7\xc4V\x05\xb4\x8d\x86~\xed\xa1\x84W\x1d\t\x00\x00\x00\t\xb1]\x01\xf6\xfe\x0eP\xcex\xc6h\x16\x81\xb1\rO\f\xb0\xdd\x92b\x00\xacAp4\x93\xf02\xba\xe7\xed\xaeG\x1dL\xd8\x91/\xc5L\xc57\x94\xb4\xf6;\xb6\"b\xc0\xcf\xf6\xf6\x1a\xbe\f^gZ\va\x82\xf78\x8c\xa0=Q\x9cm\x0f\xf5\xdf\x9b\x1c7\r\xeb\x15\xc9\xd8/,\x0e\x11\xa6e2o\xe4^\x83\a\x9aLm)\xae\x10\xeb\xad\xed\x8d46\xa2]\xad\xf5\xf2L\xfae%\xc3[q\x11\xab\x1d\xa1\xda!M/\xa1\xd6\xc1\x84=\xef\xe6\x0f\xb9?\x93V\xb9\xe0V\xf1\x91\xdc\xc8,n\xfd\xcd\x93\xb6/\xd9K\x04\x99\nV\xb7\x02\xd5\x02\x84,\x817\xae\xb3\xf2!\x9a\xc41\x1a\x83\x82\xbf/\xd9O\x99\xec\xd3\x87M0\xf0\x19\x8b\xe8t\x82\xf6\b^\xf0\xb2SP\x18B\xb8\x98\x99\xec\x8e\xe1') r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ppp\x00', 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) r3 = fcntl$dupfd(r2, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$EVIOCGPROP(r1, 0xc004743e, &(0x7f00000002c0)=""/237) dup2(r1, r0) r4 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/pfkey\x00', 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x552, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, r4}, 0x78) setsockopt$inet_tcp_TLS_RX(r4, 0x6, 0x2, &(0x7f0000000000)=@gcm_256={{0x304}, "75257d67b9164e60", "6d564b954246f78908b185f8b44c6bb55bcca2d1dee065f334e74ae5d021eb59", "899e1f3c", "7e34a529de156417"}, 0x38) ioctl$sock_inet6_udp_SIOCOUTQ(0xffffffffffffffff, 0x5411, &(0x7f0000000100)) preadv(r0, &(0x7f00000017c0), 0x1a6, 0x0) [ 1248.080853][ T27] audit: type=1804 audit(1577520863.751:802): pid=20583 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir048680357/syzkaller.hecpVM/302/file0" dev="sda1" ino=16545 res=1 [ 1248.168230][T20574] FAT-fs (loop1): error, fat_get_cluster: invalid cluster chain (i_pos 17) [ 1248.188719][T20574] FAT-fs (loop1): Filesystem has been set read-only [ 1248.199689][T20574] FAT-fs (loop1): error, fat_get_cluster: invalid cluster chain (i_pos 17) [ 1248.209227][ T27] audit: type=1804 audit(1577520863.761:803): pid=20585 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir643497950/syzkaller.E8iwYA/253/file0/file0" dev="loop1" ino=580 res=1 [ 1248.246269][ T27] audit: type=1804 audit(1577520863.831:804): pid=20586 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir048680357/syzkaller.hecpVM/302/file0" dev="sda1" ino=16545 res=1 08:14:32 executing program 0: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(r0, 0x40086602, 0x400007) r1 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x7a05, 0x1700) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x6}, 0x3c) write$cgroup_subtree(r1, &(0x7f0000000000)=ANY=[], 0x32600) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r1, &(0x7f0000000000)=ANY=[@ANYBLOB], 0xda00) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000080)='cpu.stat\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x7fff}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffc}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) write$cgroup_int(r2, &(0x7f0000000200), 0x43400) ioctl$PERF_EVENT_IOC_MODIFY_ATTRIBUTES(r1, 0x4008240b, &(0x7f0000000280)={0x0, 0x70, 0xff, 0x1, 0x0, 0x3, 0x0, 0x100000000, 0xc17d06253f1d94fb, 0x2, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x8000, 0x4, @perf_config_ext={0x4, 0x1f}, 0x800, 0x8239, 0x7fff, 0x1, 0x1000, 0x9, 0x7}) 08:14:32 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r3 = syz_open_dev$vcsn(&(0x7f0000000140)='/dev/vcs#\x00', 0x5, 0x0) bpf$BPF_MAP_FREEZE(0x16, &(0x7f00000001c0)=r3, 0x4) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x196, 0x0, 0x0, 0x0) r4 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_S_EXT_CTRLS(r4, 0xc0205648, &(0x7f0000000080)={0x0, 0x7}) r5 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_S_EXT_CTRLS(r5, 0xc0205648, &(0x7f0000000080)={0x0, 0x7}) r6 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) r7 = syz_open_dev$mouse(&(0x7f0000000040)='/dev/input/mouse#\x00', 0x200, 0x22a002) setsockopt$inet_icmp_ICMP_FILTER(r7, 0x1, 0x1, &(0x7f0000000100)={0x7fffffff}, 0x4) ioctl$VIDIOC_S_EXT_CTRLS(r6, 0xc0205648, &(0x7f0000000080)={0x0, 0x7}) r8 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_S_EXT_CTRLS(r8, 0xc0205648, &(0x7f0000000080)={0x0, 0x7}) ioctl$VIDIOC_G_DV_TIMINGS(r8, 0xc0845658, &(0x7f0000000440)={0x0, @reserved}) r9 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_S_EXT_CTRLS(r9, 0xc0205648, &(0x7f0000000080)={0x0, 0x7}) ioctl$KVM_GET_XCRS(0xffffffffffffffff, 0x8188aea6, &(0x7f0000000280)=ANY=[@ANYBLOB="8dbd14e392ad290e6858b9194b4d7d5c1be3e3bb1828d512e976602e07777cb14ffcadeab37053a0", @ANYRESHEX=r4, @ANYPTR64=&(0x7f0000000040)=ANY=[], @ANYBLOB="976cf7f4381d8b967956b692f49541433e5e6a820da925e1fd47f904679557b60d9ddbdf04804f865a", @ANYRES64, @ANYRES32=r5, @ANYRES64, @ANYRES16, @ANYPTR=&(0x7f00000000c0)=ANY=[@ANYRES64=r6, @ANYRESOCT=r9]]) r10 = creat(&(0x7f0000000200)='./file0\x00', 0x40) r11 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_S_EXT_CTRLS(r11, 0xc0205648, &(0x7f0000000080)={0x0, 0x7}) ioctl$VIDIOC_TRY_EXT_CTRLS(r10, 0xc0205649, &(0x7f0000000340)={0x9f0000, 0x7, 0x2, r11, 0x0, &(0x7f0000000240)={0x9a0905, 0x7fff, [], @ptr}}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 08:14:32 executing program 1: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x552, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78) setsockopt$inet_mreqsrc(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000100)='./file0\x00', 0x40c2, 0x40) r2 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_S_EXT_CTRLS(r2, 0xc0205648, &(0x7f0000000080)={0x0, 0x7}) fcntl$F_SET_RW_HINT(r2, 0x40c, &(0x7f0000000240)=0x4) r3 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) r4 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/pfkey\x00', 0x412602, 0x0) r5 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_S_EXT_CTRLS(r5, 0xc0205648, &(0x7f0000000080)={0x0, 0x7}) r6 = dup3(0xffffffffffffffff, r5, 0x40000) getsockopt$IP6T_SO_GET_REVISION_MATCH(r6, 0x29, 0x44, &(0x7f0000000180)={'ipvs\x00'}, &(0x7f00000001c0)=0x1e) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x552, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, r4}, 0x78) ioctl$SIOCX25GCAUSEDIAG(r4, 0x89e6, &(0x7f0000000000)={0xff, 0x40}) write(r1, &(0x7f0000000600)="34fd98aa1d0e7adec937a5f331a75f487934f50242a0751944936972896c29a5068c8ecba1aa0a4e2a631b5180e1fbde79f4502dc4c4a1fba9dcd9ed83e639aefa1b87631c33d1a82cb0c0035676ddfeb0fe7984d7519b0f839d497fc9d64ef14d1de22220ff2623df4950134b9fb734a52adad95f131cce3672a9d7d7b400d2c62810b5f20351639330948107bf8d4534a03ac389455c54d8eb4d609b3e858b7213b38eb01f0eeaba3739ae927916e28da6a79a3fd5e32d30ab30bf959d4596e5ffbff6789a650b9e7d248d1ba849012336a4f3ef8fab07a8f5b81bb0bc45b2174538315ca12b7c723b2157562564a8a1f19d28179f8c565448e0e921b8c3e6fc4adaafa8b929ad077f633325b6a6f71a586cabc4883e03e19315f946b277858593a7367e232202fe9ad656c6768a1517da7f0498b48cb078e929fb11db0cc551f754bffc4859dd89a396915cc809b07d448573098409ea21371056f67ef4114ec10547f498d24513fe594308bf022868ad21e85bba811942fdc45161a1a8a7fe00d5c6b05ed7954f631bbd12a5c9a5cfa5965e0595de608b04ebe02b3fcbf3b9f57807a1a7ad8528992e2ec65949da2f4a0478dfd3ae52639c15d8aeaa351da6d393b58c772168fae604d097fef4d6b9360eb169a0b0ee70cdc22435a003e68698f61b3b63b1f51011bc8f4ef944c1de821785f670124a1c6ed18335d63412", 0x200) sendfile(r1, r3, 0x0, 0x7fffffa7) r7 = open(&(0x7f0000000040)='./file0\x00', 0x141042, 0x0) sendfile(r7, r1, 0x0, 0xffffffff) 08:14:32 executing program 3: ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, 0x0) getpid() perf_event_open(&(0x7f00000004c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6_sctp(0xa, 0x80000000000001, 0x84) setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r0, 0x84, 0x76, &(0x7f0000444ff8)={0x0, 0x7}, 0x8) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000cf6fe4)=[@in6={0xa, 0x4e23, 0xffffff01, @loopback}], 0x1c) setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r0, 0x84, 0x75, &(0x7f0000107ff8)={0x0, 0x10040000}, 0x8) connect$inet6(r0, &(0x7f00008c0000)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) setsockopt$inet_sctp6_SCTP_RESET_STREAMS(r0, 0x84, 0x77, &(0x7f000081e000)={0x0, 0x2, 0x80000000000000d5, [0x0]}, 0x2de) openat$vim2m(0xffffffffffffff9c, 0x0, 0x2, 0x0) 08:14:32 executing program 2: r0 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_S_EXT_CTRLS(r0, 0xc0205648, &(0x7f0000000080)={0x0, 0x7}) r1 = dup3(r0, 0xffffffffffffffff, 0x80000) perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xfd, 0x6, 0x5, 0x0, 0x0, 0x2, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, @perf_config_ext, 0x28c08, 0x0, 0x7f, 0x5, 0x7, 0x200}, 0x0, 0xc, r1, 0x0) r2 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_S_EXT_CTRLS(r2, 0xc0205648, &(0x7f0000000240)={0x0, 0x7, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000140)}) fsetxattr$trusted_overlay_upper(r2, &(0x7f00000002c0)='trusted.overlay.upper\x00', 0x0, 0x0, 0x1) socket$rxrpc(0x21, 0x2, 0xa) r3 = syz_open_dev$sg(&(0x7f00000003c0)='/dev/sg#\x00', 0x0, 0x5) ioctl$SG_IO(r3, 0x2285, 0x0) writev(r3, &(0x7f0000000000)=[{&(0x7f00000000c0)="aefdda9d246800005a90f57f07703aeff0f64ebbee07962c22772e11b44e65d766a83cf89441cb69d952f41bdd2ac8bb8c43b460", 0x34}, {&(0x7f0000000100)="aa1d484e24002000a84d4583671e120755272bb736be94d9fc56c9953fbd80630600097704a71e023a27", 0x2a}], 0x2) pipe(&(0x7f0000000080)={0xffffffffffffffff}) splice(r4, 0x0, 0xffffffffffffffff, 0x0, 0x100000000, 0x0) socketpair$unix(0x1, 0x0, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) getsockopt$sock_cred(r5, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0x1) setresuid(0x0, 0x0, 0x0) stat(0x0, 0x0) chown(&(0x7f0000000280)='./file0/file0/../file0\x00', r6, 0x0) sendfile(0xffffffffffffffff, r4, 0x0, 0x0) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mount$bpf(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f0000000340)='bpf\x00', 0x0, 0x0) r7 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000300)='/dev/dsp\x00', 0x808000, 0x0) ioctl$KVM_ENABLE_CAP(r7, 0x4068aea3, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000c00)={0x0}, 0x0) r9 = openat$full(0xffffffffffffff9c, &(0x7f0000000c80)='/dev/full\x00', 0x2, 0x0) perf_event_open(0x0, r8, 0x0, r9, 0xa) socketpair$unix(0x1, 0x5, 0x0, &(0x7f000001a000)={0xffffffffffffffff, 0xffffffffffffffff}) getsockopt$sock_cred(r10, 0x1, 0x11, &(0x7f0000000c00)={0x0}, 0x0) r12 = openat$full(0xffffffffffffff9c, &(0x7f0000000c80)='/dev/full\x00', 0x2, 0x0) perf_event_open(0x0, r11, 0x0, r12, 0xa) socketpair$unix(0x1, 0x5, 0x0, &(0x7f000001a000)) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0xa) pipe(&(0x7f0000000080)={0xffffffffffffffff}) splice(r13, 0x0, 0xffffffffffffffff, 0x0, 0x100000000, 0x0) ioctl$VIDIOC_DV_TIMINGS_CAP(0xffffffffffffffff, 0xc0905664, &(0x7f0000000180)={0x0, 0x0, [], @bt={0x0, 0x3, 0x0, 0x894, 0x4, 0x400, 0x66eea1a1b007f280, 0xd}}) ioctl$TIOCGSID(r13, 0x5429, &(0x7f0000000600)) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000680)={0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x2, &(0x7f0000000640)='.\x00', 0xffffffffffffffff}, 0x30) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000c00)={0x0}, 0x0) perf_event_open(0x0, r14, 0x0, 0xffffffffffffffff, 0xa) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0) r15 = openat$full(0xffffffffffffff9c, &(0x7f0000000c80)='/dev/full\x00', 0x2, 0x0) perf_event_open(0x0, 0x0, 0x0, r15, 0x0) clone3(&(0x7f00000008c0)={0x0, &(0x7f0000000700), &(0x7f0000000740), &(0x7f0000000780), {}, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000800)}, 0x40) getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(0xffffffffffffffff, 0x84, 0x6, &(0x7f0000000400)={0x0, @in={{0x2, 0x4e24, @broadcast}}}, 0x0) mount$bpf(0x20000000, 0x0, 0x0, 0x8a061, 0x0) 08:14:32 executing program 5: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000000)="6653070000053c07bc3376003639405cb4aed1e68f7d368b3fb62f00000000", 0x1f}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, 0x0, 0x0, 0x0) [ 1256.879459][ T27] audit: type=1800 audit(1577520872.611:805): pid=20609 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="file0" dev="loop1" ino=581 res=0 08:14:32 executing program 3: socket$inet6(0xa, 0x0, 0x0) r0 = socket$tipc(0x1e, 0x2, 0x0) bind$tipc(r0, &(0x7f0000000040)=@id={0x1e, 0x3, 0x0, {0x4e21}}, 0x10) r1 = open(&(0x7f0000000100)='./bus\x00', 0x141042, 0x0) pwritev(r1, &(0x7f0000000080), 0x0, 0x0) fallocate(r1, 0x20, 0x0, 0xfffffeff000) prctl$PR_MPX_ENABLE_MANAGEMENT(0x2b) fallocate(r1, 0x0, 0x0, 0x10000101) lseek(r1, 0x0, 0x3) r2 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_S_EXT_CTRLS(r2, 0xc0205648, &(0x7f0000000080)={0x0, 0x7, 0x0, 0xffffffffffffffff}) fcntl$setlease(r2, 0x400, 0x0) ioctl$TIOCGPTPEER(r3, 0x5441, 0x9) syz_open_dev$loop(0x0, 0x0, 0x0) [ 1256.965573][ T27] audit: type=1804 audit(1577520872.671:806): pid=20609 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir643497950/syzkaller.E8iwYA/254/file0/file0" dev="loop1" ino=581 res=1 [ 1257.034613][T20609] FAT-fs (loop1): error, fat_get_cluster: invalid cluster chain (i_pos 17) [ 1257.069088][T20609] FAT-fs (loop1): Filesystem has been set read-only [ 1257.098874][ T27] audit: type=1804 audit(1577520872.731:807): pid=20621 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir643497950/syzkaller.E8iwYA/254/file0/file0" dev="loop1" ino=581 res=1 [ 1257.133587][T20609] FAT-fs (loop1): error, fat_free: invalid cluster chain (i_pos 17) 08:14:32 executing program 2: r0 = syz_open_procfs(0x0, &(0x7f0000000240)='net/ip6_flowlabel\x00') recvmmsg(0xffffffffffffffff, &(0x7f00000036c0)=[{{0x0, 0x0, &(0x7f0000001c00)=[{&(0x7f0000001b80)=""/4, 0x4}], 0x1}}], 0x1, 0x0, 0x0) preadv(r0, &(0x7f00000001c0)=[{&(0x7f0000000000)=""/162, 0x2d}, {&(0x7f0000001c40)=""/4111, 0xffffffffffffff36}, {&(0x7f00000000c0)=""/196, 0xc4}], 0x3, 0xb16c) 08:14:32 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x101ff, 0x0, 0xd000, 0x1000, &(0x7f0000ffe000/0x1000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x196, 0x0, 0x0, 0x0) ioctl$KVM_GET_XCRS(0xffffffffffffffff, 0x8188aea6, &(0x7f0000000000)=ANY=[@ANYBLOB="010002d59400000500ade76e876e03c8cc0000"]) ioctl$KVM_RUN(r2, 0xae80, 0x0) 08:14:32 executing program 1: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x552, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78) setsockopt$inet_mreqsrc(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000100)='./file0\x00', 0x40c2, 0x40) r2 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) write(r1, &(0x7f0000000600)="34fd98aa1d0e7adec937a5f331a75f487934f50242a0751944936972896c29a5068c8ecba1aa0a4e2a631b5180e1fbde79f4502dc4c4a1fba9dcd9ed83e639aefa1b87631c33d1a82cb0c0035676ddfeb0fe7984d7519b0f839d497fc9d64ef14d1de22220ff2623df4950134b9fb734a52adad95f131cce3672a9d7d7b400d2c62810b5f20351639330948107bf8d4534a03ac389455c54d8eb4d609b3e858b7213b38eb01f0eeaba3739ae927916e28da6a79a3fd5e32d30ab30bf959d4596e5ffbff6789a650b9e7d248d1ba849012336a4f3ef8fab07a8f5b81bb0bc45b2174538315ca12b7c723b2157562564a8a1f19d28179f8c565448e0e921b8c3e6fc4adaafa8b929ad077f633325b6a6f71a586cabc4883e03e19315f946b277858593a7367e232202fe9ad656c6768a1517da7f0498b48cb078e929fb11db0cc551f754bffc4859dd89a396915cc809b07d448573098409ea21371056f67ef4114ec10547f498d24513fe594308bf022868ad21e85bba811942fdc45161a1a8a7fe00d5c6b05ed7954f631bbd12a5c9a5cfa5965e0595de608b04ebe02b3fcbf3b9f57807a1a7ad8528992e2ec65949da2f4a0478dfd3ae52639c15d8aeaa351da6d393b58c772168fae604d097fef4d6b9360eb169a0b0ee70cdc22435a003e68698f61b3b63b1f51011bc8f4ef944c1de821785f670124a1c6ed18335d63412", 0x200) sendfile(r1, r2, 0x0, 0x7fffffa7) r3 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/pfkey\x00', 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x552, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, r3}, 0x78) sendmsg$rds(r3, &(0x7f0000002b40)={&(0x7f0000000000)={0x2, 0x4e22, @multicast1}, 0x10, &(0x7f0000000240)=[{&(0x7f0000000800)=""/4096, 0x1000}, {&(0x7f0000001800)=""/4096, 0x1000}, {&(0x7f0000000300)=""/244, 0xf4}, {&(0x7f0000000180)=""/124, 0x7c}], 0x4, &(0x7f00000029c0)=[@mask_cswp={0x58, 0x114, 0x9, {{0x0, 0x1}, &(0x7f0000000280)=0x8, &(0x7f0000000400)=0x9, 0x714, 0x6, 0x9, 0x80000001, 0x20, 0x7}}, @fadd={0x58, 0x114, 0x6, {{0x5, 0x2}, &(0x7f0000000440), &(0x7f0000000480)=0x4, 0x4, 0x8, 0x5, 0x2, 0x23, 0x9}}, @rdma_args={0x48, 0x114, 0x1, {{0x2, 0xfff}, {&(0x7f00000004c0)=""/118, 0x76}, &(0x7f0000002900)=[{&(0x7f0000000580)=""/85, 0x55}, {&(0x7f0000002800)=""/121, 0x79}, {&(0x7f0000002880)=""/86, 0x56}], 0x3, 0x2, 0x7}}, @fadd={0x58, 0x114, 0x6, {{0xfffffff7, 0x9}, &(0x7f0000002940)=0x400, &(0x7f0000002980)=0x7, 0x4, 0x8000, 0x0, 0x7, 0x4, 0x3}}, @zcopy_cookie={0x18, 0x114, 0xc, 0x8000}], 0x168, 0x800}, 0x801) r4 = open(&(0x7f0000000040)='./file0\x00', 0x141042, 0x0) sendfile(r4, r1, 0x0, 0xffffffff) 08:14:33 executing program 3: write$binfmt_script(0xffffffffffffffff, 0x0, 0x0) r0 = creat(&(0x7f0000000000)='./bus\x00', 0x7fd04cba1071a52) r1 = creat(&(0x7f00000000c0)='./bus\x00', 0x0) write$apparmor_current(r1, &(0x7f0000000380)=ANY=[@ANYRES16], 0x1) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) lsetxattr$trusted_overlay_upper(&(0x7f0000000100)='./bus\x00', &(0x7f0000000200)='trusted.overlay.upper\x00', 0x0, 0x0, 0x0) r2 = open(&(0x7f0000000180)='./bus\x00', 0x0, 0x0) lsetxattr$security_selinux(&(0x7f0000000240)='./bus\x00', &(0x7f00000002c0)='security.selinux\x00', &(0x7f0000000340)='system_u:object_r:inetd_var_run_t:s0\x00', 0x25, 0x0) sendfile(r1, r2, 0x0, 0x8000fffffffe) creat(&(0x7f0000000080)='./bus\x00', 0x0) socket$packet(0x11, 0x0, 0x300) socket(0x0, 0x0, 0x0) getsockname$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, 0x0) r3 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_S_EXT_CTRLS(r3, 0xc0205648, &(0x7f0000000080)={0x0, 0x7}) r4 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_S_EXT_CTRLS(r4, 0xc0205648, &(0x7f0000000080)={0x0, 0x7}) ioctl$EXT4_IOC_MOVE_EXT(r3, 0xc028660f, &(0x7f0000000040)={0x0, r4, 0x100000001, 0x0, 0x4, 0x2}) lsetxattr$trusted_overlay_origin(&(0x7f0000000300)='./bus\x00', &(0x7f00000003c0)='trusted.overlay.origin\x00', &(0x7f0000000400)='y\x00', 0x2, 0x772811720e374013) getsockopt$ARPT_SO_GET_REVISION_TARGET(0xffffffffffffffff, 0x0, 0x63, &(0x7f0000000140)={'ah\x00'}, &(0x7f00000001c0)=0x1e) ioctl$EVIOCGBITSND(r0, 0x80404532, &(0x7f0000000280)=""/12) [ 1257.467088][ T27] audit: type=1804 audit(1577520873.201:808): pid=20652 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir040667840/syzkaller.2WQcgv/148/bus" dev="sda1" ino=16659 res=1 08:14:33 executing program 2: ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, 0x0) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fcntl$setstatus(r0, 0x4, 0x42800) add_key$keyring(&(0x7f0000000140)='keyring\x00', &(0x7f00000003c0)={'syz'}, 0x0, 0x0, 0xfffffffffffffffc) r1 = open(&(0x7f0000000400)='./file0\x00', 0x0, 0x0) mkdirat(r1, &(0x7f0000000440)='./file0\x00', 0x0) r2 = getpid() sched_setscheduler(r2, 0x5, &(0x7f0000000380)) getsockopt$inet_sctp6_SCTP_FRAGMENT_INTERLEAVE(r1, 0x84, 0x12, &(0x7f0000000100), &(0x7f0000000180)=0x4) syz_open_procfs(r2, 0x0) ioctl$VIDIOC_DV_TIMINGS_CAP(r1, 0xc0905664, &(0x7f0000000200)={0x0, 0x0, [], @bt={0x44, 0x8, 0x5, 0x0, 0x5, 0x8, 0x2, 0x8}}) r3 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/pfkey\x00', 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x552, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, r3}, 0x78) setsockopt$inet_pktinfo(r3, 0x0, 0x8, &(0x7f0000000080)={0x0, @loopback, @loopback}, 0xc) pipe(&(0x7f0000000140)) syz_open_procfs(0x0, 0x0) openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000)='/dev/hwrng\x00', 0x800, 0x0) r4 = syz_open_dev$dri(&(0x7f00000001c0)='/dev/dri/card#\x00', 0x1, 0x0) ioctl$DRM_IOCTL_MODE_SETCRTC(r4, 0xc06864a2, &(0x7f0000000000)={0x0, 0x0, 0x20, 0x0, 0x0, 0x0, 0x600}) r5 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) ioctl$DRM_IOCTL_ADD_CTX(r5, 0xc0086420, &(0x7f0000000440)) ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, &(0x7f0000000480)) ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, &(0x7f0000000300)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) sendfile(r6, 0xffffffffffffffff, 0x0, 0x320f) [ 1257.690839][ T27] audit: type=1804 audit(1577520873.301:809): pid=20655 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.3" name="/root/syzkaller-testdir040667840/syzkaller.2WQcgv/148/bus" dev="sda1" ino=16659 res=1 [ 1257.723026][T20653] FAT-fs (loop1): error, fat_get_cluster: invalid cluster chain (i_pos 17) [ 1257.785875][T20653] FAT-fs (loop1): Filesystem has been set read-only [ 1257.814145][T20653] FAT-fs (loop1): error, fat_get_cluster: invalid cluster chain (i_pos 17) [ 1257.827557][ T27] audit: type=1800 audit(1577520873.301:810): pid=20653 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="file0" dev="loop1" ino=582 res=0 [ 1257.885542][T20661] FAT-fs (loop1): error, fat_get_cluster: invalid cluster chain (i_pos 17) [ 1257.902103][ T27] audit: type=1804 audit(1577520873.321:811): pid=20653 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir643497950/syzkaller.E8iwYA/255/file0/file0" dev="loop1" ino=582 res=1 [ 1258.050967][ T27] audit: type=1804 audit(1577520873.411:812): pid=20661 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir643497950/syzkaller.E8iwYA/255/file0/file0" dev="loop1" ino=582 res=1 [ 1258.142352][ T27] audit: type=1804 audit(1577520873.471:813): pid=20664 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir040667840/syzkaller.2WQcgv/148/bus" dev="sda1" ino=16659 res=1 [ 1258.222430][ T27] audit: type=1804 audit(1577520873.481:814): pid=20655 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.3" name="/root/syzkaller-testdir040667840/syzkaller.2WQcgv/148/bus" dev="sda1" ino=16659 res=1 08:14:40 executing program 0: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(r0, 0x40086602, 0x400007) r1 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x7a05, 0x1700) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x6}, 0x3c) write$cgroup_subtree(r1, &(0x7f0000000000)=ANY=[], 0x32600) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r1, &(0x7f0000000000)=ANY=[@ANYBLOB], 0xda00) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000080)='cpu.stat\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x7fff}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffc}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) write$cgroup_int(r2, &(0x7f0000000200), 0x43400) ioctl$PERF_EVENT_IOC_MODIFY_ATTRIBUTES(r1, 0x4008240b, &(0x7f0000000280)={0x0, 0x70, 0xff, 0x1, 0x0, 0x3, 0x0, 0x100000000, 0xc17d06253f1d94fb, 0x2, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x8000, 0x4, @perf_config_ext={0x4, 0x1f}, 0x800, 0x8239, 0x7fff, 0x1, 0x1000, 0x9, 0x7}) 08:14:40 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r3 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/pfkey\x00', 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x552, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, r3}, 0x78) ioctl$UI_DEV_SETUP(r3, 0x405c5503, &(0x7f0000000040)={{0xfff, 0x3, 0x26, 0x7}, 'syz1\x00', 0x1b}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x196, 0x0, 0x0, 0x0) ioctl$KVM_GET_XCRS(0xffffffffffffffff, 0x8188aea6, &(0x7f0000000000)=ANY=[@ANYBLOB="010402d59400000500ade76e876e03c8cc0000"]) ioctl$KVM_RUN(r2, 0xae80, 0x0) 08:14:40 executing program 2: r0 = openat$md(0xffffffffffffff9c, &(0x7f0000000080)='/dev/md0\x00', 0x0, 0x0) r1 = syz_genetlink_get_family_id$tipc(&(0x7f00000001c0)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_WINDOW(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000500)={&(0x7f0000000480)={0x68, r1, 0x0, 0x70bd28, 0x25dfdbfb, {}, ["", "", "", "", "", ""]}, 0x68}, 0x1, 0x0, 0x0, 0x10000000}, 0x4054) sendmsg$TIPC_CMD_SET_NETID(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x2020100}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x24, r1, 0x8, 0x70bd28, 0x25dfdbfb, {{}, {}, {0x8, 0x2, 0x10}}, ["", "", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x0) r2 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000000)='cpuset.memory_pressure\x00', 0x0, 0x0) ioctl$TCGETA(r2, 0x5405, &(0x7f0000000040)) ioctl$BLKPG(r0, 0x40140921, &(0x7f0000001200)={0x0, 0x8, 0x3, 0x0}) 08:14:40 executing program 3: r0 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x81, 0x0, 0x0, 0x1, 0x6000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, @perf_bp={0x0}, 0x0, 0x0, 0x200000000000df8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r1, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r0, 0x2405, r1) open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0) remap_file_pages(&(0x7f00002ec000/0x200000)=nil, 0x200000, 0x0, 0x0, 0x0) sched_setattr(0x0, 0x0, 0x0) mbind(&(0x7f0000012000/0xc00000)=nil, 0xc00000, 0x0, 0x0, 0x0, 0x10000000002) r2 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/pfkey\x00', 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x552, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, r2}, 0x78) ioctl$PPPIOCGNPMODE(r2, 0xc008744c, &(0x7f0000000000)={0x802b}) 08:14:40 executing program 1: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/pfkey\x00', 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x552, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, r0}, 0x78) r1 = socket$inet_sctp(0x2, 0x1, 0x84) r2 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r2, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [0x0]}, &(0x7f000095dffc)=0x8) getsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(r1, 0x84, 0xa, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r3}, &(0x7f0000000100)=0x20) setsockopt$inet_sctp_SCTP_MAXSEG(r0, 0x84, 0xd, &(0x7f0000000000)=@assoc_id=r3, 0x4) r4 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x552, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78) setsockopt$inet_mreqsrc(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) fchdir(r4) r5 = open(&(0x7f0000000100)='./file0\x00', 0x40c2, 0x40) ioctl$DRM_IOCTL_MARK_BUFS(r4, 0x40206417, &(0x7f0000000180)={0x56a, 0xc69, 0x80000001, 0xfffffffe, 0x11, 0x10}) r6 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) write(r5, &(0x7f0000000600)="34fd98aa1d0e7adec937a5f331a75f487934f50242a0751944936972896c29a5068c8ecba1aa0a4e2a631b5180e1fbde79f4502dc4c4a1fba9dcd9ed83e639aefa1b87631c33d1a82cb0c0035676ddfeb0fe7984d7519b0f839d497fc9d64ef14d1de22220ff2623df4950134b9fb734a52adad95f131cce3672a9d7d7b400d2c62810b5f20351639330948107bf8d4534a03ac389455c54d8eb4d609b3e858b7213b38eb01f0eeaba3739ae927916e28da6a79a3fd5e32d30ab30bf959d4596e5ffbff6789a650b9e7d248d1ba849012336a4f3ef8fab07a8f5b81bb0bc45b2174538315ca12b7c723b2157562564a8a1f19d28179f8c565448e0e921b8c3e6fc4adaafa8b929ad077f633325b6a6f71a586cabc4883e03e19315f946b277858593a7367e232202fe9ad656c6768a1517da7f0498b48cb078e929fb11db0cc551f754bffc4859dd89a396915cc809b07d448573098409ea21371056f67ef4114ec10547f498d24513fe594308bf022868ad21e85bba811942fdc45161a1a8a7fe00d5c6b05ed7954f631bbd12a5c9a5cfa5965e0595de608b04ebe02b3fcbf3b9f57807a1a7ad8528992e2ec65949da2f4a0478dfd3ae52639c15d8aeaa351da6d393b58c772168fae604d097fef4d6b9360eb169a0b0ee70cdc22435a003e68698f61b3b63b1f51011bc8f4ef944c1de821785f670124a1c6ed18335d63412", 0x200) sendfile(r5, r6, 0x0, 0x7fffffa7) r7 = open(&(0x7f0000000040)='./file0\x00', 0x40, 0x0) sendfile(r7, r5, 0x0, 0xffffffff) 08:14:40 executing program 5: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000000)="6653070000053c07bc3376003639405cb4aed1e68f7d368b3fb62f00000000", 0x1f}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, 0x0, 0x0, 0x0) [ 1265.179035][T20681] md: could not open unknown-block(8,3). [ 1265.191685][T20681] md: md_import_device returned -6 [ 1265.247653][ T27] audit: type=1800 audit(1577520880.981:815): pid=20688 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="file0" dev="loop1" ino=583 res=0 [ 1265.339405][ T27] audit: type=1804 audit(1577520881.011:816): pid=20688 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir643497950/syzkaller.E8iwYA/256/file0/file0" dev="loop1" ino=583 res=1 08:14:41 executing program 4: r0 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000080)='/dev/cachefiles\x00', 0x1, 0x0) ioctl$USBDEVFS_CONTROL(r0, 0xc0185500, &(0x7f00000001c0)={0xa0, 0x2, 0x5, 0x3, 0xa6, 0x3f, &(0x7f00000000c0)="d14c9d71997cf307bfe35e2e8519f623390806d2885e5e8a2e35e08572fde497b799d07bcddc16820d2184041bc3f3f85baa38fcbee98473b8515d2a9a3349d42a39b92162cef45f72eeccd3a8486d126d68c169e7fde1cb3fbee1e6e527d02a22bb5287a13e97fb269efce00b83aa9b61cdff5ebd300bd99cdd98a1ee6c14da5a08d99fdfea433e8559c6399f42938d9a0c8b485ec58821f7c9f8dcefbe85def819f79acdbe"}) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_open_dev$cec(&(0x7f0000000040)='/dev/cec#\x00', 0x0, 0x2) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, 0x0, 0x196, 0x0, 0x0, 0x0) ioctl$KVM_GET_XCRS(0xffffffffffffffff, 0x8188aea6, &(0x7f0000000000)=ANY=[@ANYBLOB="010002d59400000500ade76e876e15c8cc0000"]) ioctl$KVM_RUN(r3, 0xae80, 0x0) 08:14:41 executing program 2: r0 = openat$md(0xffffffffffffff9c, &(0x7f0000000080)='/dev/md0\x00', 0x0, 0x0) r1 = syz_genetlink_get_family_id$tipc(&(0x7f00000001c0)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_WINDOW(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000500)={&(0x7f0000000480)={0x68, r1, 0x0, 0x70bd28, 0x25dfdbfb, {}, ["", "", "", "", "", ""]}, 0x68}, 0x1, 0x0, 0x0, 0x10000000}, 0x4054) sendmsg$TIPC_CMD_SET_NETID(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x2020100}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x24, r1, 0x8, 0x70bd28, 0x25dfdbfb, {{}, {}, {0x8, 0x2, 0x10}}, ["", "", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x0) r2 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000000)='cpuset.memory_pressure\x00', 0x0, 0x0) ioctl$TCGETA(r2, 0x5405, &(0x7f0000000040)) ioctl$BLKPG(r0, 0x40140921, &(0x7f0000001200)={0x0, 0x8, 0x3, 0x0}) [ 1265.471034][ T27] audit: type=1804 audit(1577520881.071:817): pid=20699 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir643497950/syzkaller.E8iwYA/256/file0/file0" dev="loop1" ino=583 res=1 [ 1265.549990][T20706] md: could not open unknown-block(8,3). [ 1265.556169][T20706] md: md_import_device returned -6 08:14:41 executing program 2: r0 = socket(0xa, 0x1, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'lo\x00', 0x0}) sendmsg$nl_route(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)=ANY=[@ANYBLOB="2c0000002800210100000000000000000a000000", @ANYRES32=r2, @ANYBLOB="2e000200fffedda36370ac3054000000000000013e952e69c396a9b88b6977a2e3ab05dc73696b5e3e39d6d6ade47fb196f5f07560c49bc508dae6f65b008d7848542c0c632bb2a599c8888187f94dea6c54c21c53d2681e1ca3f2132f09d9d9e5c28d5aa31db853a1ac34620ca372fd663227562c9533b938e48ea94702fce96ad4d1f1cb8678bcf10bd7b0711194943512"], 0x2c}}, 0x0) 08:14:41 executing program 3: r0 = dup(0xffffffffffffffff) r1 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_S_EXT_CTRLS(r1, 0xc0205648, &(0x7f0000000080)={0x0, 0x7}) fcntl$F_GET_FILE_RW_HINT(r1, 0x40d, &(0x7f0000000280)) r2 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1f190}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000140)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000200)='cgroup2\x00', 0x0, 0x0) r3 = open(&(0x7f0000000340)='./file0\x00', 0x0, 0x0) r4 = openat$cgroup_subtree(r3, &(0x7f0000000080)='cgroup.subtree_control\x00', 0x2, 0x0) socket$alg(0x26, 0x5, 0x0) write$cgroup_subtree(r4, &(0x7f0000000380)=ANY=[@ANYBLOB="2b7069647320412c5ec7b5d90762f8ba9fe8ee7e083311af7cb115b708409b4e9206cb06735d6d1ff4f4b97587bf6a4a706aee300fb8e7572bcd829a59c0045c564cf25a1f609e5ead08002125000000c8818253da71fa1bff7fd383cd04ca276a000000007c9bda4107b37664c98904cb9639bf4b91d78f4ce4035762ba803bb0aa07717d543e909d253ce36652d352ed9e0518d43a170ea8f70daf282682ea5e5a295e9d66f169f0dcd24a3d11c633af74dd3ac2ac46fd62ad075e989e5ab6f14a1d6e8f0d35ea51e18be5672af0b7f39f748ebddb0694fc063c33ad9848bde504b51b6ffbe28bc739b903263f6e020000aae0f4261ac0c2a9308f6f79c9a3d41a849aa6505fdfe3ff62519eec162f6e5124975a08d1100bac7cd1e2e539a168ddb0cff0be478ec28588168512fead72b7fecc4608a3044c0a85b87b036ed97a61ecbfca322eff3caeaa262dcfeaddff0ee65060479a962f2e2833ef64f1968e9b763593dbb917d231a51fc021a33b94912168d626482826211152ab2b77a6575584e032d94af82d7e6cf4ac7dbb40eaa78bab965aa712ff84ce44911fd6321ba5bd9ad52cb91402435eca433a8385eec1b40f0dad7110639e000000000000000000000000000007de38729ebc178329381c782d3a7f95dda9a0c0fb1eedbc6c5e0ff53eda8026e5c8ed85e7996e86a8b4ec48ad5adc860234a9c71b3d956a342ce0de5f6f6bdb7d80afe54ce088c7a6f4a3ba32f994b05ecec28af2c69c01a4f609dd751450d1d275ca79766a509b63592c3581ee1bf364382ab6133e118af7bbaee98fad9d4cadb245ad96acad8b5424e81a4b5e8d9ba89ea7cdfb00c74bb6f9c1ea7de4d2c7373c00b5e73237149e33b8bf2f9149cb5c60718979c381596c769125a9c159d8e9e85fb3f09b9a95cabc867da472d06d00f457197e6cd1e54d73a5f587d7a2f7f8ca70588fa07cf7ad247ee538e6bdab725f9d9eb4e484ee9a6a020e160c86d833830e41e72ade3b94258d546a2889f21680b05e7cc7d97501101ddd279ebf94d92ee66538d051bebe26fe2045d99555945374318615ef8f042056f3d8f61ea84b97ab5c60871cdb94167db715389ed5e4f7b1d2294c0524cd3e211ac69b272a08737aa36b6272b60b3f37e387a45cde2a73e7144eb03450b679ed341beac86721b0ebdd121aa7e37ee3a9f7649d81b96f9cd0f6d7902689d25d06524564f2b498e3380e3f96be2a15fe9dc1876b1ce9c695aa5cd5"], 0x6) r5 = gettid() ptrace$setopts(0x4206, r5, 0x0, 0x0) tkill(r5, 0x3c) ptrace$cont(0x18, r5, 0x0, 0x0) ptrace$setregs(0xd, r5, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r5, 0x0, 0x0) syz_open_procfs(r5, &(0x7f0000000700)='net/psched\x00') write$cgroup_subtree(r4, &(0x7f0000000240)=ANY=[@ANYBLOB="4b70ff7b6c99c469057320"], 0x6) fcntl$setstatus(r2, 0x4, 0x42000) r6 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_S_EXT_CTRLS(r6, 0xc0205648, &(0x7f0000000080)={0x0, 0x7}) ioctl$LOOP_CHANGE_FD(r0, 0x4c06, r6) ioctl$SIOCGETLINKNAME(r0, 0x89e0, &(0x7f00000002c0)) r7 = socket$nl_generic(0x10, 0x3, 0x10) r8 = syz_genetlink_get_family_id$tipc(&(0x7f0000000040)='TIPC\x00') socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_CMD_ENABLE_BEARER(r7, &(0x7f0000000100)={0x0, 0xf0ffffff, &(0x7f00000000c0)={&(0x7f0000000000)={0x40, r8, 0x42b}, 0x40}}, 0x0) fcntl$addseals(r7, 0x409, 0x19) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x1) getsockopt$packet_int(r3, 0x107, 0x0, &(0x7f0000000180), &(0x7f00000001c0)=0x4) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) [ 1265.686462][T20716] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.2'. 08:14:41 executing program 4: openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r0 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0x4000, 0x0) r1 = syz_open_dev$mice(&(0x7f0000000080)='/dev/input/mice\x00', 0x0, 0x20000) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, 0x0, 0x196, 0x0, 0x0, 0x0) ioctl$KVM_GET_XCRS(0xffffffffffffffff, 0x8188aea6, &(0x7f00000000c0)=ANY=[@ANYBLOB="010002d59400000500ade76e876e03c8cc0000de2689acb44eecd8317943b930e9db65859ce5c355a0655c7fbee79deb2c51f69379d7742d58c03fbe946cd697a58f12cfffb2bcf946e2b3c64d609f1032b3f96f176e46fbcadab7c92a925eac8d1dd5d40c9695466cba1e35b56625d47dc53b95d99a21ba1de457268cfd87d5025da8f86d0e94ab0369163e3ccacdda194adf99d900315cf0dd7b6ea52811932fdd5a6fd9ebcbe78322a7"]) prctl$PR_SET_MM_EXE_FILE(0x23, 0xd, 0xffffffffffffffff) mq_timedsend(r1, &(0x7f00000001c0)="283072124d9d06384ba83516fbbcaac8e03dca436eb957b9b089356c2be0f9fe721fc2af6f23c53be81ba1d711a7e7d9bb10c21bdfa8e0836b1909dbb1a06f210358c9d4de2d8efbcf522932d097a9565de3a4387a0014fede1b0da4ab40188c12e034048e52dd183b74a8ff787c332d7afd5dab5a5e4e7b4353e53c19a8a24192f2d1f8b5cabfc67ad7517b33ef11da3bbe5507fb30040b9db3b9eb3a76ac92e086", 0xa2, 0x10001, &(0x7f0000000000)) ioctl$KVM_IOEVENTFD(r0, 0x4040ae79, &(0x7f00000002c0)={0x1, &(0x7f0000000280), 0x2, r1, 0x1}) ioctl$KVM_RUN(r3, 0xae80, 0x0) 08:14:41 executing program 2: r0 = getpid() io_setup(0x3f, &(0x7f0000000100)=0x0) r2 = syz_open_procfs(0x0, &(0x7f00000002c0)='net/ptype\x00\xcc\xf8V\xfe~\xdc\x94\x8e\xf06Ff\x00\xab\xa5\xd6\xeaY\xc8\xb5F\xfa\xa1\xd2\xc4*,ZT') preadv(r2, &(0x7f00000001c0)=[{&(0x7f0000000000)=""/121, 0x79}], 0x1, 0x20) io_cancel(r1, 0x0, 0x0) sched_setscheduler(r0, 0x5, &(0x7f00000001c0)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/snapshot\x00', 0x20601, 0x2000000) open(0x0, 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_CMD_SHOW_STATS(0xffffffffffffffff, 0x0, 0x40000) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='net/ptype\x00\xcc\xf8V\xfe~\xdc\x94\x8e\xf06Ff\x00\xab\xa5\xd6\xeaY\xc8\xb5F\xfa\xa1\xd2\xc4*,ZT') preadv(r4, &(0x7f00000001c0)=[{&(0x7f0000000000)=""/121, 0x79}], 0x1, 0x20) ioctl$UI_BEGIN_FF_ERASE(r4, 0xc00c55ca, &(0x7f0000000380)={0x1}) eventfd(0x0) read$FUSE(0xffffffffffffffff, 0x0, 0x0) r5 = open(&(0x7f0000000600)='./bus\x00', 0x40042, 0x0) read$FUSE(r5, 0x0, 0x0) ioctl$sock_inet6_udp_SIOCOUTQ(0xffffffffffffffff, 0x5411, &(0x7f0000000040)) close(r3) write(0xffffffffffffffff, 0x0, 0x0) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000200)={'eql\x00', 0x100}) r6 = syz_open_procfs(0x0, &(0x7f00000002c0)='net/ptype\x00\xcc\xf8V\xfe~\xdc\x94\x8e\xf06Ff\x00\xab\xa5\xd6\xeaY\xc8\xb5F\xfa\xa1\xd2\xc4*,ZT') preadv(r6, &(0x7f00000001c0)=[{&(0x7f0000000000)=""/121, 0x79}], 0x1, 0x20) r7 = syz_genetlink_get_family_id$tipc(&(0x7f00000001c0)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_WINDOW(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000500)={&(0x7f0000000480)={0x68, r7, 0x0, 0x70bd28, 0x25dfdbfb, {}, ["", "", "", "", "", ""]}, 0x68}, 0x1, 0x0, 0x0, 0x10000000}, 0x4054) sendmsg$TIPC_CMD_SET_NODE_ADDR(r5, &(0x7f0000000240)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x1c00020}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)={0x24, r7, 0x20, 0x70bd2a, 0x25dfdbfb, {{}, {}, {0x8, 0x11, 0x4}}, ["", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x4000000}, 0x87ff1f74114ae608) ioctl$KVM_XEN_HVM_CONFIG(r6, 0x4038ae7a, &(0x7f00000000c0)={0x1, 0x0, &(0x7f0000000400)="4f52116a5bab223a2636750b45091dbfdc70a0987917cb95374723785967c83d997d7a5fb51cf49f155a423af59ae579eb0f61fb1efbc4ff761d8ebc5a43bb750abcac13b8a89a1ebd8b74635497ddfd420738314ebd25f2f19299c0312c673ab660125d7d7c352d195c145c2162dad16a5b948bed4ab586d267d7084592b9e64635f67dd81418412e34b93d342a3da6fa336cba6777d575e7374dd4a1cb2f19d7edd54d77865aa41686bf1342c8558aedcba45f87fd786f794a08", &(0x7f00000004c0)="6afee430f9ef3e0330122f3ed6a49347d0c1d4c676a6c1aed9d42f08c4ec4eb304d84b5fc15f46142c20d0e29852ad8d8d7650e6489ade62cd04bf5ac1fd692ba7773610997afa8626d53c46dae80361910d13c05b61ef72b2d060919854a83992ae8d1b00996328c6bfc388335f47e8447e3395aaa202f171a1f1253b4ad05dacbb7215ae067b56e25aa4a59e7c2b1b8db6807757ec26490817a72fc2cfb328e998e201d95e198d4448a2e37daf24b8609c9c8cd0520db2a1f0dfa9ea8a8927bbc25a8944a3d7efc87eaf38ee42ef0cca4fc1e979364cb49778cf2433", 0xbb, 0xdd}) ioctl$GIO_UNISCRNMAP(0xffffffffffffffff, 0x4b69, &(0x7f0000000280)=""/237) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000380)={0xffffffffffffffff}) r9 = dup(r8) ioctl$PERF_EVENT_IOC_ENABLE(r9, 0x8912, 0x400200) [ 1266.028473][ T27] audit: type=1804 audit(1577520881.761:818): pid=20699 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir643497950/syzkaller.E8iwYA/256/file0/file0" dev="loop1" ino=583 res=1 [ 1266.166981][ T27] audit: type=1804 audit(1577520881.811:819): pid=20699 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir643497950/syzkaller.E8iwYA/256/file0/file0" dev="loop1" ino=583 res=1 [ 1266.209376][ T27] audit: type=1804 audit(1577520881.821:820): pid=20699 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir643497950/syzkaller.E8iwYA/256/file0/file0" dev="loop1" ino=583 res=1 08:14:48 executing program 0: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(r0, 0x40086602, 0x400007) r1 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x7a05, 0x1700) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x6}, 0x3c) write$cgroup_subtree(r1, &(0x7f0000000000)=ANY=[], 0x32600) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r1, &(0x7f0000000000)=ANY=[@ANYBLOB], 0xda00) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000080)='cpu.stat\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x7fff}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffc}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) write$cgroup_int(r2, &(0x7f0000000200), 0x43400) ioctl$PERF_EVENT_IOC_MODIFY_ATTRIBUTES(r1, 0x4008240b, &(0x7f0000000280)={0x0, 0x70, 0xff, 0x1, 0x0, 0x3, 0x0, 0x100000000, 0xc17d06253f1d94fb, 0x2, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x8000, 0x4, @perf_config_ext={0x4, 0x1f}, 0x800, 0x8239, 0x7fff, 0x1, 0x1000, 0x9, 0x7}) 08:14:48 executing program 3: r0 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r0, &(0x7f00000001c0)={0xa, 0x4e23, 0x0, @remote}, 0x1c) listen(r0, 0x10001) r1 = socket$inet6_sctp(0xa, 0x800000000000001, 0x84) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r1, 0x84, 0x64, &(0x7f0000000200)=[@in6={0xa, 0x0, 0x0, @loopback}], 0x1c) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(r1, 0x84, 0x6b, &(0x7f000055bfe4)=[@in6={0xa, 0x4e23, 0x0, @loopback}], 0x1c) 08:14:48 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r3 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/pfkey\x00', 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x552, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, r3}, 0x78) ioctl$sock_SIOCGIFVLAN_GET_VLAN_VID_CMD(r3, 0x8982, &(0x7f0000000040)) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x196, 0x0, 0x0, 0x0) ioctl$KVM_GET_XCRS(0xffffffffffffffff, 0x8188aea6, &(0x7f0000000000)=ANY=[@ANYBLOB="010002d59400000500ade76e876e03c8cc0000"]) ioctl$KVM_RUN(r2, 0xae80, 0x0) 08:14:48 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x100020, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x9, 0x12}, 0x0, 0x0, 0x0, 0x0, 0x80000001, 0x1, 0xc52}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$kcm(0xa, 0x2, 0x73) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x275a, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x3, 0x8000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) setsockopt$inet_tcp_TCP_MD5SIG(0xffffffffffffffff, 0x6, 0xe, &(0x7f0000000480)={@in, 0x0, 0x20000000005, 0x2}, 0xd8) r1 = inotify_init() epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r1, 0x0) r2 = socket$inet6_sctp(0xa, 0x80000000000001, 0x84) setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r2, 0x84, 0x76, &(0x7f0000444ff8)={0x0, 0x7}, 0x8) setsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r2, 0x84, 0x22, &(0x7f0000000100)={0x6}, 0x10) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r2, 0x84, 0x64, &(0x7f0000cf6fe4)=[@in6={0xa, 0x4e23, 0x0, @loopback}], 0x1c) setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r2, 0x84, 0x75, &(0x7f0000107ff8)={0x0, 0x10040000}, 0x8) connect$inet6(r2, &(0x7f00008c0000)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) r3 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0x80000, 0x0) setsockopt$inet_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f0000000200)={@in={{0x2, 0x4e20, @initdev={0xac, 0x1e, 0x1, 0x0}}}, 0x0, 0x0, 0x21, 0x0, "e49e1d6318d67c67f097e2189257946c255ee634a14f09c466b430d4f1c70e27d17e56ad01566e8d5ffb2cb9bbf2111503ae20ee707e2e620f8f1f156acfc1c462a48ea2a4d203dbe4ac84c4c1ea8f14"}, 0xd8) sendmmsg(r2, &(0x7f000060d000)=[{{0x0, 0x0, &(0x7f0000c38ff0)=[{&(0x7f0000000080)='\x00', 0xfffffffffffffdfe}], 0x100000000000007e}}], 0x1, 0x5080) setsockopt$inet_sctp6_SCTP_RESET_STREAMS(r2, 0x84, 0x77, &(0x7f000081e000)=ANY=[@ANYRES32=0x0, @ANYBLOB], 0x2de) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x69) connect(r0, &(0x7f0000000180)=@in6={0xa, 0x0, 0x0, @dev, 0x6}, 0x80) sendmmsg$inet_sctp(r0, &(0x7f00000003c0), 0x3a301e0909ff6cd, 0x934) 08:14:48 executing program 5 (fault-call:12 fault-nth:0): prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000000)="6653070000053c07bc3376003639405cb4aed1e68f7d368b3fb62f00000000", 0x1f}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) 08:14:48 executing program 1: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0xffffffffffffff71) setsockopt$inet_mreqsrc(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000100)='./file0\x00', 0x40c2, 0x40) r2 = open$dir(&(0x7f0000000380)='./file0\x00', 0x141002, 0x10) write(r1, &(0x7f0000000600)="34fd98aa1d0e7adec937a5f331a75f487934f50242a0751944936972896c29a5068c8ecba1aa0a4e2a631b5180e1fbde79f4502dc4c4a1fba9dcd9ed83e639aefa1b87631c33d1a82cb0c0035676ddfeb0fe7984d7519b0f839d497fc9d64ef14d1de22220ff2623df4950134b9fb734a52adad95f131cce3672a9d7d7b400d2c62810b5f20351639330948107bf8d4534a03ac389455c54d8eb4d609b3e858b7213b38eb01f0eeaba3739ae927916e28da6a79a3fd5e32d30ab30bf959d4596e5ffbff6789a650b9e7d248d1ba849012336a4f3ef8fab07a8f5b81bb0bc45b2174538315ca12b7c723b2157562564a8a1f19d28179f8c565448e0e921b8c3e6fc4adaafa8b929ad077f633325b6a6f71a586cabc4883e03e19315f946b277858593a7367e232202fe9ad656c6768a1517da7f0498b48cb078e929fb11db0cc551f754bffc4859dd89a396915cc809b07d448573098409ea21371056f67ef4114ec10547f498d24513fe594308bf022868ad21e85bba811942fdc45161a1a8a7fe00d5c6b05ed7954f631bbd12a5c9a5cfa5965e0595de608b04ebe02b3fcbf3b9f57807a1a7ad8528992e2ec65949da2f4a0478dfd3ae52639c15d8aeaa351da6d393b58c772168fae604d097fef4d6b9360eb169a0b0ee70cdc22435a003e68698f61b3b63b1f51011bc8f4ef944c1de821785f670124a1c6ed18335d63412", 0x200) sendfile(r1, r2, 0x0, 0x7fffffa7) r3 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/pfkey\x00', 0x0, 0x0) r4 = creat(&(0x7f00000003c0)='./bus\x00', 0x9) fcntl$setstatus(r4, 0x4, 0x65400) r5 = socket$inet_sctp(0x2, 0x1, 0x84) r6 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r6, 0x84, 0x1d, &(0x7f000095dff8)=ANY=[@ANYBLOB="f51c0000", @ANYRES32=0x0], &(0x7f000095dffc)=0x8) getsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(r5, 0x84, 0xa, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r7}, &(0x7f0000000100)=0x20) setsockopt$inet_sctp_SCTP_AUTH_ACTIVE_KEY(r1, 0x84, 0x18, &(0x7f0000000340)={r7, 0x8}, 0x8) ioctl$EXT4_IOC_SETFLAGS(r4, 0x40086602, &(0x7f0000000000)=0xaa850ab34c804c98) io_setup(0x8, &(0x7f00000004c0)) r8 = creat(&(0x7f0000000240)='./file0/file0\x00', 0x0) io_setup(0x8, &(0x7f00000004c0)=0x0) io_submit(r9, 0xc2, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r8, &(0x7f0000000000), 0x10000, 0xc0000}]) io_submit(r9, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r4}]) r10 = creat(&(0x7f0000000040)='./bus\x00', 0x0) fcntl$setstatus(r10, 0x4, 0x65400) ioctl$EXT4_IOC_SETFLAGS(r10, 0x40086602, &(0x7f0000000000)=0xaa850ab34c804c98) io_submit(0x0, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r10, &(0x7f00000006c0)}]) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000600)={r10, 0xc0, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=0x1, 0x0, 0x0, 0x0, &(0x7f0000000140)={0x0, 0x3}, 0x0, 0x0, &(0x7f0000000200)={0x0, 0x1, 0x8, 0x10001}, &(0x7f0000000240), 0x0, 0x0, 0x0, 0x0, &(0x7f00000002c0)=0x2f}}, 0x10) bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000000680)={r4, 0x10, &(0x7f0000000640)={&(0x7f0000000440)=""/203, 0xcb, r11}}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x20000000000001d2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0xfffffd92, 0x10, 0x0, 0x0, r11}, 0x78) setsockopt$SO_RDS_TRANSPORT(r3, 0x114, 0x8, &(0x7f0000000240)=0xffffffffffffffff, 0x4) ioctl$SNDRV_PCM_IOCTL_WRITEN_FRAMES(r0, 0x40184152, &(0x7f00000001c0)={0x0, &(0x7f0000000180)=[&(0x7f0000000000)="b6543f796173b06c0df683030d3d7585eefcd189a84c5991024630024a3b9b1e9b970cafca9f385a355ede023136c25c57a9da9f7ed4"], 0xfffffffffffffff7}) r12 = gettid() prlimit64(r12, 0xd, &(0x7f0000000280)={0x3, 0x8}, &(0x7f0000000300)) r13 = open(&(0x7f0000000040)='./file0\x00', 0x141042, 0x0) sendfile(r13, r1, 0x0, 0xffffffff) [ 1272.497259][ T27] audit: type=1800 audit(1577520888.231:821): pid=20747 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="file0" dev="loop1" ino=584 res=0 08:14:48 executing program 3: fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) vmsplice(0xffffffffffffffff, 0x0, 0x0, 0x0) r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ttyS3\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$TCSETSW(r0, 0x5453, 0x0) clock_gettime(0x0, &(0x7f0000000000)={0x0, 0x0}) ioctl$VIDIOC_QBUF(0xffffffffffffffff, 0xc058560f, &(0x7f00000000c0)={0x908, 0x1, 0x4, 0x301, 0x8, {r1, r2/1000+10000}, {0x5, 0xc, 0x4, 0x6, 0x40, 0xf9, "6af23336"}, 0xa7c, 0x2, @userptr=0x9, 0x9}) 08:14:48 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dlm_plock\x00', 0x0, 0x0) ioctl$sock_bt_cmtp_CMTPCONNDEL(r2, 0x400443c9, &(0x7f0000000040)={{0x0, 0x3f, 0x4, 0x2, 0xcd, 0x47}, 0x6}) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, 0x0, 0x196, 0x0, 0x0, 0x0) openat$vfio(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vfio/vfio\x00', 0x80000, 0x0) r4 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_S_EXT_CTRLS(r4, 0xc0205648, &(0x7f0000000080)={0x0, 0x7}) r5 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_S_EXT_CTRLS(r5, 0xc0205648, &(0x7f0000000080)={0x0, 0x7}) r6 = dup(r2) setsockopt$l2tp_PPPOL2TP_SO_REORDERTO(r6, 0x111, 0x5, 0x4, 0x4) r7 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_S_EXT_CTRLS(r7, 0xc0205648, &(0x7f0000000080)={0x0, 0x7}) ioctl$KVM_GET_XCRS(0xffffffffffffffff, 0x8188aea6, &(0x7f00000001c0)=ANY=[@ANYPTR64=&(0x7f00000000c0)=ANY=[@ANYRESDEC=0x0, @ANYRESOCT=0x0, @ANYRES64=r2, @ANYRESHEX=0x0, @ANYPTR64, @ANYRESDEC]]) ioctl$KVM_RUN(r3, 0xae80, 0x0) 08:14:48 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000001140)=ANY=[@ANYBLOB="380000001000050700"/20, @ANYRES32=0x0, @ANYBLOB="007070700011fd02003d43b4000000000000000000000900000000000527248b966f3a581fa4ebb5f6323b605335ae90dae45c25d299f8d12983dabdc318d28408f40895807e832b11fd15b6570d6d7ede68a62d87eae1de627ba1c37a6dcdac6c70ade929727a6fc2c2950f60ba77706a1de7cce096cd5516775cbe29864949726bc393bf6336f41639841fc1102981d2e7e609ba1b2c94a73033c0634fa15ecd41ca75a0974aeecbd89ed56e572d7f57cf60e996", @ANYRES32], 0x38}}, 0x0) r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/pfkey\x00', 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x552, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, r1}, 0x78) r2 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/pfkey\x00', 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x552, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, r2}, 0x78) ioctl$KVM_SET_GUEST_DEBUG(r2, 0x4048ae9b, &(0x7f0000001240)={0x20000, 0x0, [0x8, 0x9, 0x9, 0xd218, 0x3, 0x1, 0x1]}) ioctl$MON_IOCX_GET(r1, 0x40189206, &(0x7f0000001100)={&(0x7f00000000c0), &(0x7f0000000100)=""/4096, 0x1000}) r3 = syz_open_dev$ndb(&(0x7f00000012c0)='/dev/nbd#\x00', 0x0, 0x4280) ioctl$NBD_CLEAR_QUE(r3, 0xab05) [ 1272.869995][T20776] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.3'. 08:14:48 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) mount(&(0x7f0000000040)=@sg0='/dev/sg0\x00', &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='fusectl\x00', 0x0, 0x0) r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/pfkey\x00', 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x552, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, r1}, 0x78) ioctl$CAPI_MANUFACTURER_CMD(r1, 0xc0104320, &(0x7f0000000100)={0x100000001, &(0x7f00000001c0)="7d03d760302b896ab281ecd627edfca97cfa7557783a808ed19301c023d8558585965c04b54f5e2940c7ecdf9d30bf942cc2873288c361c0a9b4fe883542f57fdc22aeab6c336fc5c22f6dad3ecbb4ca54d22cf4e109930ab43c3c67ea244b85d64ba57b041b4cc6b8cbf60a6095456196f9c5268f14fb30584fbf4b1da8fc104800c29a6412a1f2dceae91e"}) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) r4 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/pfkey\x00', 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x552, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, r4}, 0x78) r5 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/pfkey\x00', 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x552, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, r5}, 0x78) ioctl$VHOST_VSOCK_SET_RUNNING(r5, 0x4004af61, &(0x7f0000000280)=0x1) ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, 0x0, 0x196, 0x0, 0x0, 0x0) openat$hwrng(0xffffffffffffff9c, &(0x7f0000000140)='/dev/hwrng\x00', 0xa182, 0x0) ioctl$KVM_GET_XCRS(0xffffffffffffffff, 0x8188aea6, &(0x7f0000000000)=ANY=[@ANYBLOB="01000000"]) ioctl$KVM_RUN(r3, 0xae80, 0x0) 08:14:48 executing program 3: open(0x0, 0x0, 0x0) ioctl$FS_IOC_GET_ENCRYPTION_POLICY(0xffffffffffffffff, 0x400c6615, 0x0) ioctl$PIO_UNIMAP(0xffffffffffffffff, 0x4b67, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) perf_event_open(&(0x7f0000000140)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000440)=ANY=[@ANYBLOB="00422c4b811700000000678c390800000000000000000000000000000000000000000100000a83cecbab2e5795cb84144ffbd691f13cb5b58d6ed9c9f008cde91fb45611f99dbbccbdbda3734ab71b2ee0e648ee6b77d51643ccd8b3b0ce55a21dbc7ba56de802ae9a8d32"], 0x1}}, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000740)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000015000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x48, 0x0, 0x401, 0x0, 0x0, 0x0, 0xff, 0x0, 0x3f, 0x7, 0x0, 0x0, 0x108], 0x1f004}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x9) arch_prctl$ARCH_GET_CPUID(0x1011) bind$inet6(0xffffffffffffffff, 0x0, 0x0) r3 = creat(&(0x7f0000000080)='./file0\x00', 0x0) ioctl$FS_IOC_SETFLAGS(r3, 0x40086602, &(0x7f0000000000)) mkdir(0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000032000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000340)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r4 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000280)='cpuacct.stat\x00', 0x0, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) r5 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fcntl$setstatus(r5, 0x4, 0x42000) [ 1273.234533][ T27] audit: type=1804 audit(1577520888.971:822): pid=20760 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir643497950/syzkaller.E8iwYA/257/file0/file0" dev="loop1" ino=584 res=1 [ 1273.361365][ T27] audit: type=1804 audit(1577520889.001:823): pid=20770 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir643497950/syzkaller.E8iwYA/257/file0/file0" dev="loop1" ino=584 res=1 08:14:49 executing program 2: perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) setsockopt$inet_sctp6_SCTP_ASSOCINFO(0xffffffffffffffff, 0x84, 0x1, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x14) bind$inet6(0xffffffffffffffff, &(0x7f00002aafe4)={0xa, 0x4e23, 0x0, @ipv4}, 0x1c) listen(0xffffffffffffffff, 0x1d7) r0 = socket$inet_sctp(0x2, 0x801, 0x84) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(0xffffffffffffffff, 0x6, 0x14, 0x0, 0x0) sendmsg(r0, &(0x7f0000000180)={&(0x7f00000009c0)=@in={0x2, 0x4e23, @local}, 0x80, &(0x7f0000000980)=[{&(0x7f0000000a40)="b2", 0x1}], 0x1, 0x0, 0x0, 0x9000004}, 0x0) [ 1273.487249][ T27] audit: type=1804 audit(1577520889.071:824): pid=20793 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir643497950/syzkaller.E8iwYA/257/file0/file0" dev="loop1" ino=584 res=1 08:14:57 executing program 0: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(r0, 0x40086602, 0x400007) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) bpf$MAP_CREATE(0x0, 0x0, 0x0) write$cgroup_subtree(r1, &(0x7f0000000000)=ANY=[], 0x32600) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r1, &(0x7f0000000000)=ANY=[@ANYBLOB], 0xda00) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000080)='cpu.stat\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x7fff}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffc}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) write$cgroup_int(r2, &(0x7f0000000200), 0x43400) ioctl$PERF_EVENT_IOC_MODIFY_ATTRIBUTES(r1, 0x4008240b, &(0x7f0000000280)={0x0, 0x70, 0xff, 0x1, 0x0, 0x3, 0x0, 0x100000000, 0xc17d06253f1d94fb, 0x2, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x8000, 0x4, @perf_config_ext={0x4, 0x1f}, 0x800, 0x8239, 0x7fff, 0x1, 0x1000, 0x9, 0x7}) 08:14:57 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r3 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_S_EXT_CTRLS(r3, 0xc0205648, &(0x7f0000000080)={0x0, 0x7}) r4 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_S_EXT_CTRLS(r4, 0xc0205648, &(0x7f0000000080)={0x0, 0x7}) r5 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_S_EXT_CTRLS(r5, 0xc0205648, &(0x7f0000000080)={0x0, 0x7}) ppoll(&(0x7f0000000040)=[{r3, 0x20}, {r2, 0x8000}, {r1, 0x400}, {r0, 0x4}, {r4, 0x100}, {r5, 0x80}], 0x6, &(0x7f0000000080)={0x77359400}, &(0x7f00000000c0)={0x1}, 0x8) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x196, 0x0, 0x0, 0x0) ioctl$KVM_GET_XCRS(0xffffffffffffffff, 0x8188aea6, &(0x7f0000000000)=ANY=[@ANYBLOB="010002d59400000500ade76e876e03c8cc0000"]) ioctl$KVM_RUN(r2, 0xae80, 0x0) 08:14:57 executing program 1: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x552, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78) setsockopt$inet_mreqsrc(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) fchdir(r0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000180)={0x28, 0x0, &(0x7f0000000000)=[@acquire_done={0x40106309, 0x2}, @acquire_done={0x40106309, 0x1}], 0xec, 0x0, &(0x7f0000000300)="7cfdc128cc2bbcbdebe7f5f1f80e179a0d4fa8209c171131356e0c2f8ed6375d564b40a2315fdcf67099cee4009ad631a4fb0d6d845d9a520fe95c2d22515ff5c742f853203605264c92053de3fba432684a456a75c1a991fe9767e2d9fb6383b1ad2be93d30ccad61dd384d215aac8057002ffbf036462b1fd1e03d2555cf0508db4e387f46f87ecc928938a48d426875a2e0a3f5f6bfa53b07e0c61bb86c946c7ca411fb27e8eb5a1cea6300ded5ddcd1fecf229c9fba3e546ec89b7dc47539aae3ef6ec4a140ca149b3b1f594a5e2cdc42be094cd28905e7ebcd7c62b0f1290315c09df9aeece2cd1f290"}) r1 = open(&(0x7f0000000100)='./file0\x00', 0x40c2, 0x40) r2 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) write(r1, &(0x7f0000000600)="34fd98aa1d0e7adec937a5f331a75f487934f50242a0751944936972896c29a5068c8ecba1aa0a4e2a631b5180e1fbde79f4502dc4c4a1fba9dcd9ed83e639aefa1b87631c33d1a82cb0c0035676ddfeb0fe7984d7519b0f839d497fc9d64ef14d1de22220ff2623df4950134b9fb734a52adad95f131cce3672a9d7d7b400d2c62810b5f20351639330948107bf8d4534a03ac389455c54d8eb4d609b3e858b7213b38eb01f0eeaba3739ae927916e28da6a79a3fd5e32d30ab30bf959d4596e5ffbff6789a650b9e7d248d1ba849012336a4f3ef8fab07a8f5b81bb0bc45b2174538315ca12b7c723b2157562564a8a1f19d28179f8c565448e0e921b8c3e6fc4adaafa8b929ad077f633325b6a6f71a586cabc4883e03e19315f946b277858593a7367e232202fe9ad656c6768a1517da7f0498b48cb078e929fb11db0cc551f754bffc4859dd89a396915cc809b07d448573098409ea21371056f67ef4114ec10547f498d24513fe594308bf022868ad21e85bba811942fdc45161a1a8a7fe00d5c6b05ed7954f631bbd12a5c9a5cfa5965e0595de608b04ebe02b3fcbf3b9f57807a1a7ad8528992e2ec65949da2f4a0478dfd3ae52639c15d8aeaa351da6d393b58c772168fae604d097fef4d6b9360eb169a0b0ee70cdc22435a003e68698f61b3b63b1f51011bc8f4ef944c1de821785f670124a1c6ed18335d63412", 0x200) sendfile(r1, r2, 0x0, 0x7fffffa7) r3 = open(&(0x7f0000000040)='./file0\x00', 0x141042, 0x0) sendfile(r3, r1, 0x0, 0xffffffff) 08:14:57 executing program 2: r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000000380)=ANY=[@ANYBLOB="02010109080000000000000000000000030006001000000002000000e00000090000000000000000030005007217440502000000e000000100000000000000000d2c300778a6d0c82a2f8437e891c5e8f43479784498ddc94322499b88e8d6ede1d61cc62000bf49ec4cd32acb9814007559b72a3ac49eba42cb3938cc21297656f6761499ee73bd385dd8fc6248c019d86bf187dcaedfd016c96410890ce0f1b578e10dfa622b09fbc79e86edb3763adb945fd89a1b530c8b7446b6ebc6b3fef30d956a52efbaa454deed2a01672213c496071ed4c59479024323011806fb8a3998b6265efec09cb3c268b386b13dd323dfed21a8479c7ac25436a39d5395cf080000015dd5987f842a3083b9f87d9620e13c8c70eba46509de0100e4e84716b590032c410e0c71447aeff13e5efd2b472db6776020906dcaa809c75d92ce543dfc85532f63bf654192f447abcaaf6b2b9f9e11e4dfbdf8c0b7e12bd0120cbfcc699d604f93aa2ccd5ef594d61e64befccc1167d89ebe6e3a5c0814709baf5002fdb815e3829205964495c7ad284e892b01d90d7f254c6da428d3f037db5e7165adb2ce871cac402c7f859a789c273944c1d4a3f656d9473a26"], 0x40}}, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) r3 = socket$inet(0x2, 0x4, 0xff) getsockopt$sock_buf(r3, 0x1, 0x3b, &(0x7f00000001c0)=""/146, &(0x7f0000000040)=0x92) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) sendmsg$key(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)={0x2, 0x3, 0x0, 0x9, 0xa, 0x0, 0x0, 0x0, [@sadb_address={0x3, 0x6, 0x0, 0x0, 0x0, @in={0x2, 0x0, @multicast1=0xe0000009}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2}, @sadb_address={0x3, 0x5, 0x0, 0x0, 0x0, @in={0x2, 0x0, @multicast1}}]}, 0x50}}, 0x0) 08:14:57 executing program 3: pread64(0xffffffffffffffff, &(0x7f0000000040)=""/63, 0x3f, 0x0) r0 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/pfkey\x00', 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x552, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, r0}, 0x78) r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/pfkey\x00', 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x552, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, r1}, 0x78) ioctl$DRM_IOCTL_SET_UNIQUE(r1, 0x40106410, &(0x7f00000001c0)={0x58, &(0x7f0000000140)="b85da4918016ac56775eba69dc40acc4a5b9edbaf930a320b76c527d1675157494c96410ac108ddafa7ca7cdb632ebc7e5d7c594175fe4f52267c692a0127033458e1f958022b6803648beabf629c6243188cddab0aa211f"}) ioctl$UI_DEV_DESTROY(r0, 0x5502) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000100)='./file0\x00', 0x100000000000e002, 0x0, &(0x7f0000000280), 0x0, 0x0) 08:14:57 executing program 5: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000000)="6653070000053c07bc3376003639405cb4aed1e68f7d368b3fb62f00000000", 0x1f}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) [ 1281.814764][ T27] audit: type=1800 audit(1577520897.551:825): pid=20816 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="file0" dev="loop1" ino=586 res=0 [ 1281.852311][T20823] FAT-fs (loop3): bogus number of reserved sectors [ 1281.859063][T20823] FAT-fs (loop3): Can't find a valid FAT filesystem 08:14:57 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f00000000c0)=0x100000001, 0x4) connect$inet6(r0, &(0x7f0000000080), 0x1c) setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f00000001c0)='tls\x00', 0x4) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x10012, r1, 0x0) setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x1, &(0x7f0000000040)=@gcm_256={{}, "215e23b6e14a937e", "df40196f6317ffbc13846cbe59f4f1b8c255c35c6b898da733494d6ae33cbdfb", '\x00\x00@\x00', "64eb00"}, 0x38) [ 1281.894383][ T27] audit: type=1804 audit(1577520897.601:826): pid=20816 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir643497950/syzkaller.E8iwYA/258/file0/file0" dev="loop1" ino=586 res=1 [ 1281.950429][T20816] FAT-fs (loop1): error, fat_get_cluster: invalid cluster chain (i_pos 17) 08:14:57 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_GET_XCRS(0xffffffffffffffff, 0x8188aea6, &(0x7f0000000000)=ANY=[@ANYBLOB="010002d59400000500ade76e876e03c8cc0000"]) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 1281.980923][ T27] audit: type=1804 audit(1577520897.661:827): pid=20836 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir643497950/syzkaller.E8iwYA/258/file0/file0" dev="loop1" ino=586 res=1 [ 1282.014456][T20816] FAT-fs (loop1): Filesystem has been set read-only [ 1282.022968][T20816] FAT-fs (loop1): error, fat_get_cluster: invalid cluster chain (i_pos 17) 08:14:57 executing program 3: [ 1282.062402][T20836] FAT-fs (loop1): error, fat_get_cluster: invalid cluster chain (i_pos 17) [ 1282.095982][T20836] FAT-fs (loop1): error, fat_get_cluster: invalid cluster chain (i_pos 17) [ 1282.133203][T20836] FAT-fs (loop1): error, fat_get_cluster: invalid cluster chain (i_pos 17) [ 1282.169665][T20836] FAT-fs (loop1): error, fat_get_cluster: invalid cluster chain (i_pos 17) [ 1282.222735][ T27] audit: type=1800 audit(1577520897.961:828): pid=20836 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed comm="syz-executor.1" name="file0" dev="loop1" ino=586 res=0 08:14:58 executing program 2: 08:14:58 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x196, 0x0, 0x0, 0x0) r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0x6, 0x381040) ioctl$KVM_GET_SUPPORTED_CPUID(r3, 0xc008ae05, &(0x7f0000000080)=""/252) ioctl$KVM_GET_XCRS(0xffffffffffffffff, 0x8188aea6, &(0x7f0000000000)=ANY=[@ANYBLOB="010002d59400000500ade76e876e03c8cc0000"]) r4 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/pfkey\x00', 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x552, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, r4}, 0x78) ioctl$TCSETAW(r4, 0x5407, &(0x7f00000001c0)={0xe5a5, 0x1, 0x3, 0x3, 0x1, "3a18d14503bfece2"}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 08:14:58 executing program 3: [ 1282.281607][ T27] audit: type=1800 audit(1577520897.981:829): pid=20816 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed comm="syz-executor.1" name="file0" dev="loop1" ino=586 res=0 08:15:06 executing program 0: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(r0, 0x40086602, 0x400007) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) bpf$MAP_CREATE(0x0, 0x0, 0x0) write$cgroup_subtree(r1, &(0x7f0000000000)=ANY=[], 0x32600) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r1, &(0x7f0000000000)=ANY=[@ANYBLOB], 0xda00) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000080)='cpu.stat\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x7fff}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffc}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) write$cgroup_int(r2, &(0x7f0000000200), 0x43400) ioctl$PERF_EVENT_IOC_MODIFY_ATTRIBUTES(r1, 0x4008240b, &(0x7f0000000280)={0x0, 0x70, 0xff, 0x1, 0x0, 0x3, 0x0, 0x100000000, 0xc17d06253f1d94fb, 0x2, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x8000, 0x4, @perf_config_ext={0x4, 0x1f}, 0x800, 0x8239, 0x7fff, 0x1, 0x1000, 0x9, 0x7}) 08:15:06 executing program 2: 08:15:06 executing program 5: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000000)="6653070000053c07bc3376003639405cb4aed1e68f7d368b3fb62f00000000", 0x1f}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x2, 0x0) 08:15:06 executing program 1: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r1 = socket(0x11, 0x800000003, 0x0) bind(r1, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000140)=0x14) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000001280)=ANY=[@ANYBLOB="d00800002400ffffff7f00000000ffffa6fffff7", @ANYRES32=r2, @ANYBLOB="0000000bf1ffffff000000000800010063627100a408020004040600030000000500000000700300fdffffffffff00001f0000000500000000010000000000100083000000fdffffff07000000084900000100000002000000cf000000feffffff0800003326f6000180000003000000090000000200000000274a49ef6949a7bb000000050000000100000004000000ff7f000000000000000400000002000004000000ff0f0000f44f350001000000010400005eb768350100000008000000ffffffffc38d00001f000000040008830600000000000100f7ffffff030000000080ffff050000000600000006000000a900000000000000c0000000c0ffffff08000000018000000101000006000000b300000000000020050000000104000004000000070000000800000001010000c22e0000c0ffffff0500000004000000060000000900000008000000f7ffffff0800000003000000080000000400000001030080040000000400000000100000040000000700000009000000fcffffff01000000010000000900000000020000060e0000080000000200000002000000090000000800000007000000ab000000fb00000007000000ff0100000800000001040000070000000300000009000000ff07000008000000ffff0000a90100000900000005000000200000000500000001000000070000008eb7000000000080010000000000000007000000fffffffffcffffff01f0ffff000000003f00000003000000000100000080000000800000030000000500000005000000ffffffff0700000015ba000004000000070000000300000003000000ffffffff04000000554f00006ff800000700000003000000000200000600000008000000b300000006000000000000000007000001010000030000000080000000040000730a000001000080010000009e0c0000000800000100008000000000000000004000000000fefffff67d000004000000ff01000002000000000000004000000040000000ed000000010001000e0a05000000000000020000040000000600000002000000ff7f00000100000001000000060000007f000000020000000004000004000000090000009000000008000000b6000000040000000400000005000000f50a0000ffff0000060000008ff9ffff070000001eaaffff3f0000008000000000000000ff0c0000ff7f0000030000007f0000002d0000000800000000010000ff070000ffffffff2bab000002000000ace800000500000000000000e1bf934d070000001f000d000300000004000000070000000900000005000000030000000200000087d400000200000008000000000100007f0000000e000000080000000200000007000000ffffff7f06000000000000000500000001000000820000001f0000000004000001000000faffffff0500000006000000070000000300000010000500810306009fff04000800000004040600d90b0000ff00000005000000040000001ba2cc3b00000080010000003f000000ff0f00201152c97303000000be060000fffffffffffeffff7f000000ff0000008100000000db040009000000070000000300000000000000060000008f5e0000010000000002000006000000010100000200000007000000000000e03189000001040000000800000600000004000000080000000400000002000000c00000000800000008000000f7ffffff05000000810000004d00000001000080eb0700001f000000090000000597000001000000000000000000000002000000ffff00000100000002000000000000e0a000000040000000ff000000f7ffffff0500000009000000070000000600000028080000030000000600000004000000be00000003000000070000000500000038080000faffffffffffffff47b5554d001000008100000007000000ffffffff040000000100000002000000566b00002000000004000000020000008b01000001000000ffff000004000000ff0f0000050000002000000003000000e40d000007000000f8ffffff200000003f000000387f00000700000007000000c10a000009000000040000000400000000000000008000000100008009000000370b000000000080ff07000006000000bb7900000400000002000000ffffff7f0300000000000000090000000700000005000000000000807f0000000900000008000000fad4ffffff01000001010000010000003f0000000400000020f2ffff01000100ffff0000010000000200000008000000fbfffffff9ffffff040000004d000000060000000200000002000000070000004e0d0000000200000800000035000000300e00000700000000040000020000000180000020000000f2ffffff070000000500000000010000fffffeff0900000000080000070000000800000009000000ff7f00000900000004000000040000000000000006000000050000000100000009000000080000007e0700000300000000800000bf16000002000006000000ffee0000000100000000000000001000006305000000000000000000007f00000010080000000000000100008002000000080000000101000003000000ffffff7ffffffffff7ffffff0600000003000000a6060000ff0300000700000001800000090000000200000000000000040000000080ffff00020000070000000500000001000100000000800000af06060000002b0a000005000000010000000500000009000000040000000500000002000000ffffff7ff30000000800000002000000ffff0000ff070000810000004000000075fc000009000000fbffffff0500000000000000810000000100000080000000d05e0000020000001f00000000000000ff010000451e00002d00000000000000ff0000001000030008001000ff070000010000001800010039031c020101000001000000000000060500000010000200e002807104000000ff03000018000100080d1e02800000000700000024709a02ff7f000010000500010000000000e0ff07000000100003001f0003000700000001010000180001000501040009000000040000000104000000000000f2275eef7138e6d8404ee35c1c03d0a7e3015b89e6e440ebafa27d5b8188804cd5beea2fda73c030f26439c9e4f2e27a824bfb4415f2af99b482560d1a447df28d8d838ad1a39caf40dc96c5f134529d47c0604f66f8714f8ee51165c4b029a7dc7e2f90de64a234d9098b06231c71bc79c43de912eb17614cf75d8c49152a801ac9a1326f0e334e0534faa8d8704d03c25495230a2ed4feb5298d99c124310dd8d4054c8be6bdb8bcede3d1552b08c169755c508c65ff8e1c50711a38d9a451eb650df96535fcc7669eb1f0f7fc5135a05b389610d33df49e9d1d3808c8fa0524b1caa582c913fedb22de15fbc7e7890faa48e6205a74bf817d48ea3dc9cddb6acc14b94522ccce95a27379b1ced543ad45de5016647e86154fd92670b9fc95ff90ea60fcf349981185b11322c4a48276eea082e4be45b9125653ba5f8ad8500d0d768b2de6b9e198568ecd526a1ba44c9180104fa91e55e31181b4acad815ef766bc8604c30c715da309a185645439aaabb542625905dc77193d45cde1978dc9c67cea6b01d2d4a28b13fc1e71d1f2a38537c44b629790b1305371c9e705771da5555c743b5b4adea2b95aa708f41e7a713277f5422f2bb669861730554e266f4ae61e0377f517b23ae4821e04e500cf998be043bab81fa38368a555f4a381eab2a692e06a4ca80bcb7570518078eb76bd313b23d0708cd26017f5a61b25a4fd45c27d7c3c7b21"], 0x8d0}}, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [], r2, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78) setsockopt$inet_mreqsrc(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) fchdir(r0) r3 = open(&(0x7f0000000100)='./file0\x00', 0x40c2, 0x40) r4 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) write(r3, &(0x7f0000000600)="34fd98aa1d0e7adec937a5f331a75f487934f50242a0751944936972896c29a5068c8ecba1aa0a4e2a631b5180e1fbde79f4502dc4c4a1fba9dcd9ed83e639aefa1b87631c33d1a82cb0c0035676ddfeb0fe7984d7519b0f839d497fc9d64ef14d1de22220ff2623df4950134b9fb734a52adad95f131cce3672a9d7d7b400d2c62810b5f20351639330948107bf8d4534a03ac389455c54d8eb4d609b3e858b7213b38eb01f0eeaba3739ae927916e28da6a79a3fd5e32d30ab30bf959d4596e5ffbff6789a650b9e7d248d1ba849012336a4f3ef8fab07a8f5b81bb0bc45b2174538315ca12b7c723b2157562564a8a1f19d28179f8c565448e0e921b8c3e6fc4adaafa8b929ad077f633325b6a6f71a586cabc4883e03e19315f946b277858593a7367e232202fe9ad656c6768a1517da7f0498b48cb078e929fb11db0cc551f754bffc4859dd89a396915cc809b07d448573098409ea21371056f67ef4114ec10547f498d24513fe594308bf022868ad21e85bba811942fdc45161a1a8a7fe00d5c6b05ed7954f631bbd12a5c9a5cfa5965e0595de608b04ebe02b3fcbf3b9f57807a1a7ad8528992e2ec65949da2f4a0478dfd3ae52639c15d8aeaa351da6d393b58c772168fae604d097fef4d6b9360eb169a0b0ee70cdc22435a003e68698f61b3b63b1f51011bc8f4ef944c1de821785f670124a1c6ed18335d63412", 0x200) sendfile(r3, r4, 0x0, 0x7fffffa7) r5 = open(&(0x7f0000000040)='./file0\x00', 0x141042, 0x0) r6 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/pfkey\x00', 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x552, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, r6}, 0x78) getsockopt$inet_sctp6_SCTP_INITMSG(r6, 0x84, 0x2, &(0x7f0000000000), &(0x7f0000000180)=0x8) sendfile(r5, r3, 0x0, 0xffffffff) 08:15:06 executing program 3: 08:15:06 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r3 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/pfkey\x00', 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x552, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, r3}, 0x78) ioctl$PIO_FONTRESET(r3, 0x4b6d, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x196, 0x0, 0x0, 0x0) ioctl$KVM_GET_XCRS(0xffffffffffffffff, 0x8188aea6, &(0x7f0000000000)=ANY=[@ANYBLOB="010002d59400000500ade76e876e03c8cc0000"]) ioctl$KVM_RUN(r2, 0xae80, 0x0) 08:15:06 executing program 3: 08:15:07 executing program 2: socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(0xffffffffffffffff, 0x0, 0x0) connect$pppoe(0xffffffffffffffff, 0x0, 0x0) r0 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r0, &(0x7f0000000140)={0x18, 0x0, {0x5, @local, 'bridge0\x00'}}, 0x1e) ioctl$PPPOEIOCSFWD(r0, 0x4008b100, &(0x7f00000001c0)={0x18, 0x0, {0x2, @link_local, 'veth0\x00'}}) [ 1291.275611][ T27] audit: type=1800 audit(1577520907.011:830): pid=20886 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="file0" dev="loop1" ino=587 res=0 08:15:07 executing program 2: openat$nvram(0xffffffffffffff9c, &(0x7f0000000140)='/dev/nvram\x00', 0xa8aaa30f7a16457e, 0x0) [ 1291.398657][ T27] audit: type=1804 audit(1577520907.071:831): pid=20896 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir643497950/syzkaller.E8iwYA/259/file0/file0" dev="loop1" ino=587 res=1 08:15:07 executing program 3: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000380)=ANY=[@ANYBLOB="b702000003000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000"], &(0x7f0000000340)='syzkaller\x00'}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000000c0)={r0, 0x18000000000002e0, 0x22, 0x0, &(0x7f0000000280)="b95b03b700030000009e40f086dd1fffffe100004000633277fbac141416e0000001c699da153f08a0e6e380f60108f683317585d7473f1cab4439f0f570ff155bc5f73ba3f8bb99a6e8ded1ce485cf058105cd981b42493481cd659416a2e10c9119664f36eb00b33", 0x0, 0xfd, 0x6000000000000000}, 0x28) 08:15:07 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x196, 0x0, 0x0, 0x0) ioctl$KVM_GET_XCRS(0xffffffffffffffff, 0x8188aea6, &(0x7f0000000200)=ANY=[@ANYBLOB="0905003fd969471ae3e7e4ed7685567d6c0000b7c48347aef34ae9c51dd6f595296ad12e281be76e6a3b84ef66a170d9981c0460730b57e58ebd9aa6921cc624306fa05c0c86b6c21592a8c61700c3a814e726a25cb5758f828c77015e50617c522dda5c3909adf7d20642dd7fe6492789ea277f594bd1a52c598c6e7e1786c38ae7a5000000000000588d971bc635e6038743e59147cacf8ceafdbfe79df3e1ea27801a57a2f39ea43fa2dd09debbd990e50583f78bf06d03cdf0338cbb"]) ioctl$KVM_RUN(r2, 0xae80, 0x0) r3 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_S_EXT_CTRLS(r3, 0xc0205648, &(0x7f0000000080)={0x0, 0x2, 0x0, 0xffffffffffffffff}) r5 = dup3(0xffffffffffffffff, r3, 0x80000) bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f00000002c0)={r5, &(0x7f0000000040)="2bb6f817527b068d7aa9143b671517add1a3ec04c1d8cecd8f33414f89db7e591ff32f85e16755dc1ff3353949d8a6814cdb4bf67ec4c86d8a1e55672be5701d73903a3ac8fa253f606f164f986ffc4bd0ea852662e0ab451976ae161bf638da710be45a625b19771e03299b9098d89b26d3fcabf1ecdb26b4705a558565e9ec7e303c9873ef6dc34c5e72ef0764ad41464e6e8a867edf5ded34845d88d8f1d75bc18b65dc9190f1ec4e2c2001016bb93107418670", &(0x7f0000000100)=""/75}, 0x20) r6 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/pfkey\x00', 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x552, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, r6}, 0x78) r7 = geteuid() fstat(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) write$FUSE_ATTR(r4, &(0x7f0000000380)={0x78, 0x0, 0x6, {0x11cc, 0x1f, 0x0, {0x0, 0x0, 0x3ff, 0x9, 0x8, 0x1, 0x7fff, 0x9, 0x4, 0x2, 0x8, r7, r8, 0x10000, 0x2}}}, 0x78) 08:15:07 executing program 2: mknod(0x0, 0x0, 0x0) mount(0x0, 0x0, 0x0, 0x0, 0x0) creat(0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0x5, &(0x7f0000000500)=ANY=[@ANYBLOB="bf16000000000000b70700000100f0ff4870000000000000480000000000000095000000000000002ba728041598d6fbd30cb599e83d24a3aa81d36bb3019c13050000000000000026fb0b71d0e6adfefc41d86bd917487960717142fa9ea4318123741c0a0e168c1886d0d4d94f2f4e345c652fbc1626e3a2a2ad35806150ae0209e62f51ee988e6e0dc8ce974a22a550bdfd70800c86ae3b3e05df3ceb9fc464c2a100c788b277beee1cbf9b0a4def23d410f6296b32a8343881dcc7b1b85f3c3d44aeaccd3641110bec4e90a6341965c39e4b3449abe802f597eba9ffab3e05379e5aeb0597a13b3e22278d00031e5388ee5c867ddd58211d4ececb0cd2b6d357b8580218ce740068725837074e468ee23fcf49822775985bf31b715f5888b2153052ccb1a78a8b2b8c6ef48a71221ce3c601db96fe1a90374b8f883a2db630e0af6e80187cbebd5bbd6208bc064baef219787e784c3b12011ae7cd2b75614b4e9373fcf51814d5d4d3527268f50ce374341e30bc2400f8d1ef6358410c93e83d6536e43cc941f2102666d4c415a52e1b0866cf541dde3217e14531cfb7df6594b4b056358ab807dd0f5c84fbe550f97168660aa6da2fb008a76bde511a974fabb5fbc50bdd02a390e0922edef93ed7ecbe09666f61b8bd31df5326ce7218b73653e91f9f799a2c827548e5f83874dff41119430ae77c7441e71bb9307a3dafb12f2611ad360de54e480f9f4cf018aaafb4be34275c2f253321577fb043fae52142f06803cec4d7d5f2d53eb18eee0338516f9cc529d0bd0b4380c2b959e47ee5000000000000"], &(0x7f0000000140)='vS\xfdIG|\x8aL[\xf2\'\x9c\xea\xb1\xc0\xb1\x19\x91\x9d/Q\xd9\xe3T\xce\xdax;\x02%\xc5\x1c\xd5GA\xad[(\xbblZ\x01\x1dF\x92#]%sj\xd0i\xc6C\x1f&\xe2\xc5\xa5z\x7f\xe1 \xfb\xc27\x03\x84\x8e\xef\x82-\xfc$$\xaf\v\xbd\x95\x1e\x0f\xbeVI\xec\r!\f\x86\xf5\xfb[Y\x1e\xd4\xdfc\xb1\xc8\xa2\xc1/5\xffr\x1f\x80@\xb8F\xea\xde\x93\xa1\xcb6\xee\xf2\xce\x95\xf2\xfdxR\x17F\xad\xc1~\xa2\x97=O^o\"\xbb\xa8\x9746'}, 0x48) setsockopt$sock_attach_bpf(r0, 0x1, 0x32, &(0x7f0000000000)=r1, 0x4) r2 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$sock_int(r2, 0x1, 0x6, &(0x7f0000000140)=0x36, 0x4) ioctl$PERF_EVENT_IOC_PERIOD(0xffffffffffffffff, 0x8955, &(0x7f0000000000)=0x2) bind$inet(r2, &(0x7f0000000000)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x15}}, 0x10) connect$inet(r2, &(0x7f0000000200)={0x2, 0x0, @broadcast}, 0x10) sendmmsg(r2, &(0x7f0000007fc0), 0x4000000000001a8, 0x0) [ 1291.511561][ T27] audit: type=1804 audit(1577520907.161:832): pid=20896 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir643497950/syzkaller.E8iwYA/259/file0/file0" dev="loop1" ino=587 res=1 [ 1291.979728][ T27] audit: type=1804 audit(1577520907.711:833): pid=20896 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir643497950/syzkaller.E8iwYA/259/file0/file0" dev="loop1" ino=587 res=1 [ 1292.056233][ T27] audit: type=1804 audit(1577520907.751:834): pid=20926 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir643497950/syzkaller.E8iwYA/259/file0/file0" dev="loop1" ino=587 res=1 [ 1292.082403][ T27] audit: type=1804 audit(1577520907.751:835): pid=20896 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir643497950/syzkaller.E8iwYA/259/file0/file0" dev="loop1" ino=587 res=1 08:15:16 executing program 0: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(r0, 0x40086602, 0x400007) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) bpf$MAP_CREATE(0x0, 0x0, 0x0) write$cgroup_subtree(r1, &(0x7f0000000000)=ANY=[], 0x32600) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r1, &(0x7f0000000000)=ANY=[@ANYBLOB], 0xda00) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000080)='cpu.stat\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x7fff}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffc}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) write$cgroup_int(r2, &(0x7f0000000200), 0x43400) ioctl$PERF_EVENT_IOC_MODIFY_ATTRIBUTES(r1, 0x4008240b, &(0x7f0000000280)={0x0, 0x70, 0xff, 0x1, 0x0, 0x3, 0x0, 0x100000000, 0xc17d06253f1d94fb, 0x2, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x8000, 0x4, @perf_config_ext={0x4, 0x1f}, 0x800, 0x8239, 0x7fff, 0x1, 0x1000, 0x9, 0x7}) 08:15:16 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='\xaf\f\x00\x00\x00\x00\x00\x00\b', 0x80, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) eventfd(0xfffffff9) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r3 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/pfkey\x00', 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x552, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, r3}, 0x78) ioctl$SIOCX25SSUBSCRIP(r3, 0x89e1, &(0x7f0000000080)={'tunl0\x00', 0xffffffffffffffff, 0x3}) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x196, 0x0, 0x0, 0x0) ioctl$KVM_GET_XCRS(0xffffffffffffffff, 0x8188aea6, &(0x7f0000000000)=ANY=[@ANYBLOB="010002d5940000c8cc00"/19]) ioctl$KVM_RUN(r2, 0xae80, 0x0) 08:15:16 executing program 3: r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000000)='/dev/cuse\x00', 0x2, 0x0) write$FUSE_NOTIFY_INVAL_ENTRY(r0, &(0x7f00000000c0)={0x21, 0x3, 0x0, {0x0, 0x4000}}, 0x21) 08:15:16 executing program 2: r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/ttyS3\x00', 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='oom_adj\x00') ioctl$SNDRV_PCM_IOCTL_HW_REFINE_OLD(r2, 0xc1004110, &(0x7f0000000040)={0x80008, [0xdc4c, 0x5, 0x19], [{0x6, 0x3, 0x1, 0x1, 0x1}, {0x7, 0x6, 0x0, 0x1, 0x1, 0x1}, {0x3, 0x7f, 0x0, 0x1, 0x0, 0x1}, {0x1000000, 0x200000, 0x0, 0x0, 0x0, 0x1}, {0x6, 0x7f, 0x1, 0x1}, {0x5, 0x9, 0x1, 0x1, 0x1}, {0x6, 0x10000, 0x1}, {0x6, 0x3}, {0x6, 0x6}, {0xc62, 0x9, 0x1, 0x1, 0x1, 0x1}, {0x5, 0x40, 0x1, 0x1, 0x1, 0x1}, {0x1ff, 0x80, 0x1, 0x0, 0x1}], 0xfffffff9}) r3 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = socket$inet6(0xa, 0x1, 0x0) dup2(r4, r0) setsockopt$bt_hci_HCI_FILTER(r3, 0x0, 0x2, &(0x7f0000000140)={0xad8, [0xfffffffd, 0x7], 0x2}, 0x10) 08:15:16 executing program 1: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x552, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78) r1 = gettid() ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x3c) ptrace$cont(0x18, r1, 0x0, 0x0) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r1, 0x0, 0x0) get_robust_list(r1, &(0x7f0000000240)=&(0x7f00000001c0)={&(0x7f0000000180)={&(0x7f0000000000)}}, &(0x7f0000000280)=0x18) setsockopt$inet_mreqsrc(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) fchdir(r0) r2 = open(&(0x7f0000000100)='./file0\x00', 0x40c2, 0x40) r3 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_S_EXT_CTRLS(r3, 0xc0205648, &(0x7f0000000080)={0x0, 0x7}) ioctl$VIDIOC_G_OUTPUT(r3, 0x8004562e, &(0x7f00000005c0)) r4 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) write(r2, &(0x7f0000000600)="34fd98aa1d0e7adec937a5f331a75f487934f50242a0751944936972896c29a5068c8ecba1aa0a4e2a631b5180e1fbde79f4502dc4c4a1fba9dcd9ed83e639aefa1b87631c33d1a82cb0c0035676ddfeb0fe7984d7519b0f839d497fc9d64ef14d1de22220ff2623df4950134b9fb734a52adad95f131cce3672a9d7d7b400d2c62810b5f20351639330948107bf8d4534a03ac389455c54d8eb4d609b3e858b7213b38eb01f0eeaba3739ae927916e28da6a79a3fd5e32d30ab30bf959d4596e5ffbff6789a650b9e7d248d1ba849012336a4f3ef8fab07a8f5b81bb0bc45b2174538315ca12b7c723b2157562564a8a1f19d28179f8c565448e0e921b8c3e6fc4adaafa8b929ad077f633325b6a6f71a586cabc4883e03e19315f946b277858593a7367e232202fe9ad656c6768a1517da7f0498b48cb078e929fb11db0cc551f754bffc4859dd89a396915cc809b07d448573098409ea21371056f67ef4114ec10547f498d24513fe594308bf022868ad21e85bba811942fdc45161a1a8a7fe00d5c6b05ed7954f631bbd12a5c9a5cfa5965e0595de608b04ebe02b3fcbf3b9f57807a1a7ad8528992e2ec65949da2f4a0478dfd3ae52639c15d8aeaa351da6d393b58c772168fae604d097fef4d6b9360eb169a0b0ee70cdc22435a003e68698f61b3b63b1f51011bc8f4ef944c1de821785f670124a1c6ed18335d63412", 0x200) sendfile(r2, r4, 0x0, 0x7fffffa7) r5 = open(&(0x7f0000000040)='./file0\x00', 0x141042, 0x0) sendfile(r5, r2, 0x0, 0xffffffff) syz_mount_image$nfs(&(0x7f0000000300)='nfs\x00', &(0x7f0000000340)='./file0\x00', 0x2, 0x7, &(0x7f0000001a80)=[{&(0x7f0000000380)="2a5e9d9b42355a8bbde745c75bad95abffdfd7e258faf915", 0x18, 0x7}, {&(0x7f00000003c0)="a92a42e03848ded258fa9bfb3b6b083e1eb954999c7604588fa5b02052ea12725d3804907a13cbd58bd366471be5da6de88a364b9ce359fb43338178018b423d53df8bf5ae1243a8b263e74a826bb1475b3ec8a84a92c4947ddaaf6fe7921fb6956bddee61618de14a0aead6c8fb11556acf4e3a613dd3e467c6f10c29b1fa104ee1c6ee33a74e9cb09470e50821cdd2668a58029b754848f2802581d21e5ad7d59f3e33182c115dc036e6bd3a940f2dde8dd9712aa969075b20123ae39167fe8de7e2e637d82441917235d1f3", 0xcd, 0x816}, {&(0x7f0000000800)="1f93ebf4ccc4b5c329574719f65a56bafe6e377140cdd9bea6578072ba00237854c61a291c8259dc40cfd564aabef482a2ad5a5563c32a63727b0f3ae954fd7b16737c4ad2669627797f55c9d3c4cac1e4fe6177d08e02c372bccf1ea44833ef2e3d151b2a4ddd0745a4214bf6e6cea1be018981dd8111d94b78d7c0be9aa1e28906e82ff5847ae6e7d9f5b7dc5718f76523d97926ceff9f", 0x98, 0xbe}, {&(0x7f00000008c0)="cdbe2deff54d688e17e4b509e1aa1d274373a8cc50570161d2647c7222bf5b739cd82c088d9b1dcf44973bd2d9d96e10fad0972ea2315bb6d00137500349b8a9fa954fe921d12896ec31efbc77f93317b056eca7543e8aa33c99bc19c7d87e47f0af49d5dfe2ec1903c1088273be09b2cf2417d95d97bd724e7792725fe8c9581b32e293e42b32e2c6dcf9c1360b1476772307169316e7449092bab04d6f091fc4413759832d0f725a4a4c9516cb0bf149ec", 0xb2, 0x100000000}, {&(0x7f00000004c0)="958b8e7c4db6a174869557c7dc9d1a6cb9e77d8d7beb245be385fb73b24484f92e4ee0c7b6aaa2b3bb929cdf8276bbb7f90678743a84a2e46b618cb905a02d8e54535c71870bd3f9cb10e071fce3fefbecf6ea8dcc86340649d5d0ba50194e3051ed3ba5605bc5eba957929455415e592b8466670dd78423ae74", 0x7a, 0x1}, {&(0x7f0000000980)="649d6eebeba93f7fc1c2e8f022aeef99b1902b02b4e46b17e4332792663b6c51fa4ade9bdea26315584e4ed8850287f0c116742edb619452f6adb552a45cc4a3f7bb07fc33f5a5e9f7b76f93118dabab9e7046898e02ef1c28f459106fa04e246aa0136f968a5deba7fa14742b7379f28971b19a92f9132bb53400112c5d647344afea9fdc3eb9866e3e8816cb64fad4eb458deb8428e2415f53fd1f5d0fd56cdd5fd153951541dd3c613b4388a92fb722d1837511ff0576e5f60f5a92b0a40cf6818fe7b6cf754a018906385b6901531e15416fe983a488cdd4532ecb01a3431fe619cae2a25f5327dc155f72644516208efaa7eadca36dba30de0d2c011cf4cc66f06ef5067aa7295a25bc6ec6e9979e5c0291c564cf0e7e606ce35c93910e51f243f8c1e2d461644cc13f771b444efb1872220e866eb36c5ab0213d0175aaaf1d8a1006076921ed147df9eae02e9d7c66cc01cdca24471b536e3f9449ddaef5561a401fdeeb11ee508b45425f5cc51e9eb7c3c68332b229319e500de88d41ca07b9a14adccef20ea24e03d334dfd7314e62bac3f417161d2cb1d78e5ed659bdb59da91d67bcc76d9135c3fc56d00b78f1d549779d2bd4f423a6ccd543597d272bf147b6485889a4f56869a5df46bbd70273d8d47788f0a9c00d503cd5ff8ce29b62f7115d0939df95b1f04837bb8ac1ac6104ee3d85e44e9a8e5ae46c9393f7e744a44a9e98350999b354c8e4fb236d40a07411da71dc34e260c6e9fd1a3cf310e40e65bf2fe0eef05d4fe1588088f9debfc92dc72ba9311f9dda8da76d3189a179cde7fa2fc64601aff180972cf911172a619529b5de60d08d8c062966923beb52b7aa0d4ae50a044490ed83e28f3f2059cf248af6d04415e3f180aeb05710fc39956629988a00780a235395d84e573f359402de2ec4a0c3f4f35f97d8d792384b95b068dd0fce8cbfc364390974ca033f2cab0d84e4bcc6a2a5634a7b3aab8b606cd4d588d2cf0898d23f4f35e2efd8c68341ca730ebea40795c60a528b6ac2a24f178dfdf62f32d7d9b536aaebd26f87e720f49f688dddb40eff1da498ea9300f7192f1bc1468add17031324b5647a5c56a44f147d2b18f446056df1f2a5fc285644872473653a1abb30ea513951357fcd910947fdb5411e2851849ca06e12a9a16c8c1a5385477e103fd2bd8dc0834963a98a67eaf7240fdcf39d8cf960018520680fd1df39868cfb52efc105ef3e7c171b7a1bc84676e7a0247f92338283191ab1f9ec5a1d05545a0dc5fcac70821e481cd5dd04e5b19a4825c940886be1503b9c6c001cd81dbcded48d35553e5e391860d4b0f9633dcc530c41e8ffcbe4435e0b971e7235470ce505c01099d8634f26ef0687b2046d59a6bbcd9000eaa87a10600fbc81b00ca8dacaa6e184dacc7c65432fa41b22e10965378b9067a16f18a54edcbb0cfac3a1b165cf291d89c0dd789444040fe5ed56b35a5d914ce156c2139efcd9b97394819a264b28c9f418d5fccecc78ce34738b57902f7733d5b32d912b9a432793663267600d0f5d4dd01697dff17169ed14a1637cd266b4740428930141c07084ab79d8c0eec0f93a007697fad9eb05c1994c76f86d2bb515d44ce1d74b5a09b9a4c6c9f9a5078b12414d47e1dda21e7abbe0e2017af7864ee95006424b9c230594a31adf51c2519f9643e565524a60ec66a9c3083a2070409015e426aababafda7cebad7eed1271f24b368e90168638718398d94b618219511f9b5508791882a0e91ad3b941be83f1f3c7cef8ed45d44a4ff0872a27e74bd26622cce213e72a7e2a46d9e41005a6be09cc4b2d2c077d39d6904fbe00ad5a8ea2cb24d1c17d4187ebf96038f408024a8da03dd120b975e7a2a48a479d7938b9668ec8acbc2a8000b4c408e3b1b49a35c9a4d85ca03d0054874318505a6f9f14dc730c7fab3b8f3cb2ba477a088cb2fd15acce216bfec8878f27f45b2e065f66257ba1e1f4d513fdc547c6149a67dea95a1ddeb1e480f4bd8cc174d9545759ebbe3b9d3fc302766f9cb1fb5bf07b709974dfa91aa369348157096b76b4b235325b7abf5363183e77961fcb2c93f10afbda8315f41730131e548f239692253aa393e6561d65b8568dc734653916388a4b459158a2d8c7639c456b6767b1c87ca8f5bd9e9f0aaad7a0183d396a7f8bcd3f73fc2017f1ba2b07335b1af8741cb3faf3fa75cd144f5bfdf836ec50c79e339f7111cb8d4cf1b4272247a63948f2a289fb93a139a93bba30654f4ef86fdb15f08fcac1c2fe6e5890a7084cb1ea3bcb9bc01e92940d7fe94a6f9da01af2230b9cfc65b75cc0a99a5497f850208ec6921f2e4f9c9bcd033810a1218cb6e7bd57ecb5f258796ed81c4ca33e5acd87d7c311726cc782e46dc767d402d255df39246b553c2ab45651e3c075c47f11b747cbc312a4f3c511bba3fc1ed318577658523cabcb285e03bf21d33ef5a69de7e55e4fb9f7f7cb94b2ca5f7ae419740f53495f780204303f4d64049be75c04a17b172f4bb9c612751920bdddf360839cdbb1e0d75c02b3451971324c48b0eb718394de9db656cbc3a19497e2e0d9f80ae60f0f31828a8c434cc0ef86c1724de2e0ff532ad62a44a5df92ad31f600e7f7ccf49651ca8c8e7f7d860a30ec7976efabad7c235cbce5ba18ec72e770fc6cc790e9d5681b3bbeab8aa9bfdabf4bb0b84ca1ae68113788ca0221864e0831542881112fbf6c20bd4532eadab53b791a201076ce6b8eaf14a3eee8c110bc220c72121d8cb64ab977bff4b24ebafc532cb57e5e00de51bbd5efd58ea68acd3e87ae7a34e17fd0d65fb3ea433314032e466dd5be87b85dad2d2317bcf71af51a4105c69ea86d98a9ec5c99604720ffcd6ddb693f078b1531c742b5acf0b687334c8022049bfee4c4797ba99a77c7396a2535c20e0d6b96af65cb73811752077554ec7c8f6f51a3aa6dfbd6cfe92716777c2d459992f5879fe044a9da8823ebfa88866d2c34e47388f30c197be818996db2a06465fa53e0598739571dae477a46f902aceb21684364be9fd5102fddf27960797b8bedcfddd8400df788a1f6b700134eebdc22c033ae847a8e2953cdf4317a56cb1b0cb36095c9f90f73402a0433d8f5461106993d419d72fc8f8fd95d6e1c384dbdddab58eec6e7993f21dc5b07454fb11b4a6695ae8c7f8a2a26aeeaedcd5e409963311c7ca362ebfaf464a0ca05f3b5b2648a00c71bf54f64603565b29228c8d80105351b9e5a14014459f3459ca6ffc49443b5c99829268622b535a8fa845bf52740f2a9e6252fa5b94adf90e07d980ea9d883e4b314fd56b01d08a56d4a4acc3957597f4f10c6263acd309a76df76951194f9b7df3da8be666f7ff0ac03ad9c77eeba85fe1c3cc749db891cfa9e62454d4656939e90ba8969f70865c87c977b78e7bf1f2860346d0300a7ea7446887abd604a6a1b9ccee70f736904f2f44e3f06f8ea7844541d3b6b49deec29374b616cd74fff15378f19b43c937b1384a2b234534612fbb66f7f6700c5ca25ad221315f8d7178a41915909d1280bcf91f16f735b9e2e789ea100782ed03f065e7f6048cf51c9b1d64dc6a03fddbaea167a842df339256b0aee10751c577234b436559e5bceaccb830c62bc30ad2ffb0af4f0a2e5ff8bb96db7dd00eff3bd5764c93d650817426dc06852c9cc7915feb62c1fc70785a117cac1e461b52749bb23d8e329d20135cbe8811d473a8aae65e00e7e1026d6c0fa94daa974fda2cc80de18398b5cb32401a7a6b48e8345ae42cc9c7fb0d3e5bc6f1221c1eb716c5d5234fc06dd1c822d0b0f201d9419781417c9e02b7035003abec567570afb7df18b502083237a71ed845ddff553f4b7919c9dad35b55d20d7286c552d613e838c7dc06fc42a77c804b2c0d68f4d597a2643a1290fd2f3c1271581ca434fc0e13b5abb7e242fa6fa229906c7f4de6c604a95d1698c13b9552bc2c1599de0a463b6b02037711d5b44c698678a6de9d28a63aa726213f0e73a859464b22e3f0747f27fac263f6738947bfb3387de7bfbddc11b97fe2c6e8174bab559cb5cb76a868f19b47890a9c7ce91a6673f2219d777c962740bd9f85eed9f8fefe9c5674a70275555a4a2c1d5f06eea212b0d6eaaa6ad50dcc33f7a7e069959214d6fff6e14261bdadb464834b898d15c68d1dee416d9a79d01356e268bd13dd1256aeac4a3fee38e5ef1c069fcdf686773cdc68afc1a0538ec9871ee007ff9b12519d0dd11b22ffee2ea8c0bf0bf77e2f5cf1469a44c09154bd8abe986f064e73dd98ff543fe7ccc2bd6702d5decb3e468d9b6b8d5d43f98fa751d0a2f4e86b632234ead488971e132d65363a87a5341db1dca842f873b52e26bc4636e308d07d6e17eafaca000dc95880cd7feb4d725cdcc0f57130794710b999b05671d0a9c43f00d4c2ae41f8af846ebb05b3690f3106b9c952560a584389683d2fd399c9477a44e6149ac7d98d99a25b70bb9129c42a5f6146a7b324a565788b151a9dc91fe2bed5267fe021a0a384791c07469b184072c787402ec37fa924dcde5d063a330da96f62dc20d70703b076f5c57c9ceee7c95757309eef20c7f28973af7744300e8cb69477cf81d6277f5251212179065a39d167b547ebc6e93be61c85fd199a4e13080c6f681051c18f53e0691ff84f4d1e308195bb86ce79c1b70681ca22b3b63d524ba6134501c2dff9ef7a3ac56ab8617f63ee5272f16e823743ac0e6b87f3c4c4e10ad47ab170cd39c6821015387244ae8d5e05129dc787bce0f043691691d9ce0926db302953b409527f013d291226c6d96c0b579071bf040dc1df7fa81011ff04bd590dd0545f1c8a9859127026186c8d4f42eefbcca71603c901dd4ca71bd4e06ea275889cd902d3d5ced54707a27cb137386004678b9cc5c75ce251e3b71b2f79dc754d8a46a1c5f9c3792c55aa20ecf9046095a6899e50eec47b38455c7159cc86f8394ce45190625289f406f9362069849cb5cecf60bce6b3355006501a13c973f5a02a6c876fa99ac3a6b73c5476a6e83823a7a3f811f446324efef968706fcea076ea806184fd07415e901eec14ecf9a10f88e0bf00ee154c1607c5329a85ed40a0992f42433a2a3ec8793a5f09a19b28373c2e66a8ccd084f3d17198ee742ac7d004c95c9bac2f89f7b2fc672b4d206bd87b2456fd3aeb655f5dfcfb4f718a1f84f5a7f98cb3f6fd3085b954f8787287338d9b95009368d781871012368d5c0b467b9a2701503c5dba0c9d8c045ab5b32f214c2f74a47e921548dc652af230e8e47322904f2fd78ee90aac097239d21fffb5c775745fc20bf4713cbfbab3d391f93802f95ae11788a598a6a3180cf12c5eb2d8f96c2d2c716cb3dc1fb6018b243f3a48ec670282cb76c2cdd85b428cf39ec4074be576e3ced04f279f31967df03cd41e99bd8d90351a175551990e5fee686874f310fc423750eb46b363e36dd0c98edb31e021681ca750d92de8e271b429dc804cc74053c58cdb8246ce71b2edeac78f0fcfc7c420d11202f22ea9faf84192bcd0dd65cee3403404480d3e93222db77413d13800551dc1dc60e9a2e37c8e072deba69a1f7ef1f54a9a5eccf224f701c6611711a8a14ac5369e703ca0fad2cd387a1845ba53ee94daa6b3e08bde06e32a9eaf75e1a8a43b0eb5d1364ac15aa47730522fae7f9ffb0ab1c6cb46a2745ed2520ece7132310dddc90efda2ce5ea14e05c35bbf6330c16c8711ba8279c837b5abce3a0373790e308e57ef618f8ccb", 0x1000, 0x1}, {&(0x7f0000001980)="fd5138b7da7de466cc45a9f010247b70139935f61396c5736e878109c97a7689ae1e1f07993a4cba05556285363e4922671ce780239e98ee97189457b823f86bedf65cd711df9663f0f56204fa7dc930f8ecb6aad5958dbfa00416f9131ecb7b7362fc4a71e3c1f340cde5a72c735f20193407e0a2aa0d777501e685165de3f477e6d7e28315be497025d1d8e7f72c54533bfaf52a6026676e2ee8959c72bc5e24139a0471ff9c2ad32647cfb105ebfb06f4d44b63592a3a28d99ada4105a1365e265b55cfb7029e03e4492ddf04584f02293852792f0ff4d2e577a5f3", 0xdd, 0x40}], 0x4000020, &(0x7f0000000580)='vfat\x00') 08:15:16 executing program 5: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000000)="6653070000053c07bc3376003639405cb4aed1e68f7d368b3fb62f00000000", 0x1f}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x3, 0x0) 08:15:16 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0}, &(0x7f0000000280)=0x5) setuid(r1) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="b700000000000000660000000000000007000000000000009500000000000000f9c6352a4c918813c2a5ac88c7525c6df3d978fb77e7265850b9117e54c26b8868f1cda329d4ccf270d7b3057f466f99b8c4c42e54a6b2489fd6b4d542bcd41e20a8647017cc825c61fc27b64e854d2557bde180bb635bb660481f92e22676966a8ae9f525acde4bc5bd50443c763ac51b76892ab6f6b6ee7f645485f1b8e21823cd9626e7d898fb40d55c374bb3b8fd30c590cee87f717cf5a7b4be82c817f432aea8f25de8f1e3af57a82ac1ec3e5d8996d83709c7230fdb4b4418ca5cd41e1fb1caf5f639735dafa18cd2c69ca3d76f441ce457dac634876626167aaae2acca69519d"], &(0x7f0000003ff6)='OPL\x00', 0x1, 0xff06, &(0x7f000000cf3d)=""/195, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0xfffffffffffffe29}, 0x48) 08:15:16 executing program 1: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x1d7, 0x0, 0x0, 0x0, 0x552, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78) setsockopt$inet_mreqsrc(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000100)='./file0\x00', 0x40c2, 0x40) r2 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) write(r1, &(0x7f0000000600)="34fd98aa1d0e7adec937a5f331a75f487934f50242a0751944936972896c29a5068c8ecba1aa0a4e2a631b5180e1fbde79f4502dc4c4a1fba9dcd9ed83e639aefa1b87631c33d1a82cb0c0035676ddfeb0fe7984d7519b0f839d497fc9d64ef14d1de22220ff2623df4950134b9fb734a52adad95f131cce3672a9d7d7b400d2c62810b5f20351639330948107bf8d4534a03ac389455c54d8eb4d609b3e858b7213b38eb01f0eeaba3739ae927916e28da6a79a3fd5e32d30ab30bf959d4596e5ffbff6789a650b9e7d248d1ba849012336a4f3ef8fab07a8f5b81bb0bc45b2174538315ca12b7c723b2157562564a8a1f19d28179f8c565448e0e921b8c3e6fc4adaafa8b929ad077f633325b6a6f71a586cabc4883e03e19315f946b277858593a7367e232202fe9ad656c6768a1517da7f0498b48cb078e929fb11db0cc551f754bffc4859dd89a396915cc809b07d448573098409ea21371056f67ef4114ec10547f498d24513fe594308bf022868ad21e85bba811942fdc45161a1a8a7fe00d5c6b05ed7954f631bbd12a5c9a5cfa5965e0595de608b04ebe02b3fcbf3b9f57807a1a7ad8528992e2ec65949da2f4a0478dfd3ae52639c15d8aeaa351da6d393b58c772168fae604d097fef4d6b9360eb169a0b0ee70cdc22435a003e68698f61b3b63b1f51011bc8f4ef944c1de821785f670124a1c6ed18335d63412", 0x200) sendfile(r1, r2, 0x0, 0x7fffffa7) r3 = open(&(0x7f0000000040)='./file0\x00', 0x141042, 0x0) sendfile(r3, r1, 0x0, 0xffffffff) 08:15:16 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$TUNSETQUEUE(0xffffffffffffffff, 0x400454d9, &(0x7f0000000100)={'nlmon\t\x00\x7f\xed\xb1[\xe5\xa3\xcd\xb6\x00'}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) socketpair$unix(0x1, 0x40000000000001, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = fcntl$dupfd(r3, 0x0, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f0000000380)={0x0, 0x0, @ioapic={0x2806, 0x0, 0x0, 0x0, 0x0, [{}, {}, {}, {}, {}, {}, {}, {}, {}, {0x4}, {}, {}, {0x3}, {}, {}, {}, {0x0, 0x0, 0xff}]}}) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r6 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/pfkey\x00', 0x0, 0x0) msgget(0x3, 0x5f2) r7 = msgget(0x1, 0x8) msgctl$MSG_INFO(r7, 0xc, &(0x7f00000005c0)=""/235) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x552, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, r6}, 0x78) getsockopt$inet_sctp_SCTP_AUTO_ASCONF(r6, 0x84, 0x1e, &(0x7f0000000040), &(0x7f0000000080)=0x4) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000480)={[0x8, 0x0, 0x0, 0x20, 0x2, 0x0, 0xf], 0x100000, 0x593dc44a7e0510ee}) ioctl$SNDCTL_DSP_GETCAPS(r5, 0x8004500f, &(0x7f0000000000)) ioctl$KVM_RUN(r2, 0xae80, 0x0) 08:15:16 executing program 4: sched_yield() mlockall(0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x196, 0x0, 0x0, 0x0) r3 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/pfkey\x00', 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x552, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, r3}, 0x78) ioctl$BLKZEROOUT(r3, 0x127f, &(0x7f0000000040)={0x2, 0x1}) ioctl$KVM_GET_XCRS(0xffffffffffffffff, 0x8188aea6, &(0x7f0000000440)=ANY=[@ANYBLOB="0100e76e877303c8cc0000f99df9ecb70a0027cffdde2527193c6fa480aedbea32b1399df64d29a9d19320e294e064b17aca6c81b4615f88668afacd2ec53fa484ffdc2b38363cb2f904d6f1bc23959c9c904079e71883feb4cde0a173ddaab00fab485b4f2b25193d22d70105eb2aeb62c4b85c14c3e9be5c661bcba12f72117eb178827942c01c3067339d3e1d2edff4e6ff2c955ef6b838659ee79e201665560573678add20cadb67c3ce79c86ca3c376c725b5d3f73cbc713416a00619f9751a687aabc6ecf45642925f9192569b91268b022ab56d6a0ae316e94f22177ebc6626cf073de4dbd64f7f997e41c87bd31bdea03e2f079100000000000000c9d78f4e9503452274b4f0e322d61a03e535542e135d9f6c381b3fa9e76f3d7079be328c263b6b8aaca0e5b7a09df8"]) r4 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/pfkey\x00', 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x552, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, r4}, 0x78) ioctl$PPPIOCSFLAGS1(r4, 0x40047459, &(0x7f0000000100)=0x40) ioctl$KVM_RUN(r2, 0xae80, 0x0) 08:15:16 executing program 3: pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) writev(r1, &(0x7f0000000200)=[{&(0x7f00000000c0)="580000001400ad", 0x7}], 0x1) write$binfmt_elf64(r1, &(0x7f0000000180)=ANY=[@ANYBLOB="090000000600010005010d4147a7ac7518001000ff"], 0x15) close(r2) socket$netlink(0x10, 0x3, 0x16) r3 = socket$unix(0x1, 0x5, 0x0) r4 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_S_EXT_CTRLS(r4, 0xc0205648, &(0x7f0000000080)={0x0, 0x7}) fcntl$setflags(r4, 0x2, 0x1) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r7 = dup3(r6, r5, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x400200) bind$unix(r3, &(0x7f0000003000)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0xc) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0xfef0) splice(r0, 0x0, r2, 0x0, 0x80000001, 0x0) [ 1300.709262][T20956] set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. 08:15:16 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x196, 0x0, 0x0, 0x0) ioctl$KVM_GET_XCRS(0xffffffffffffffff, 0x8188aea6, &(0x7f0000000000)=ANY=[@ANYBLOB="010002d59400000500ade76e876e03c8cc0000"]) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 1300.917191][ T27] audit: type=1800 audit(1577520916.651:836): pid=20970 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="file0" dev="loop1" ino=588 res=0 [ 1300.970663][ T27] audit: type=1804 audit(1577520916.681:837): pid=20970 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir643497950/syzkaller.E8iwYA/261/file0/file0" dev="loop1" ino=588 res=1 [ 1301.153020][ T27] audit: type=1804 audit(1577520916.741:838): pid=20988 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir643497950/syzkaller.E8iwYA/261/file0/file0" dev="loop1" ino=588 res=1 [ 1301.593101][ T27] audit: type=1804 audit(1577520917.321:839): pid=20988 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir643497950/syzkaller.E8iwYA/261/file0/file0" dev="loop1" ino=588 res=1 [ 1301.630711][ T27] audit: type=1804 audit(1577520917.341:840): pid=21000 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir643497950/syzkaller.E8iwYA/261/file0/file0" dev="loop1" ino=588 res=1 [ 1301.665535][ T27] audit: type=1804 audit(1577520917.341:841): pid=20988 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir643497950/syzkaller.E8iwYA/261/file0/file0" dev="loop1" ino=588 res=1 08:15:24 executing program 0: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(r0, 0x40086602, 0x400007) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) bpf$MAP_CREATE(0x0, 0x0, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0x32600) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r1, &(0x7f0000000000)=ANY=[@ANYBLOB], 0xda00) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000080)='cpu.stat\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x7fff}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffc}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) write$cgroup_int(r2, &(0x7f0000000200), 0x43400) ioctl$PERF_EVENT_IOC_MODIFY_ATTRIBUTES(r1, 0x4008240b, &(0x7f0000000280)={0x0, 0x70, 0xff, 0x1, 0x0, 0x3, 0x0, 0x100000000, 0xc17d06253f1d94fb, 0x2, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x8000, 0x4, @perf_config_ext={0x4, 0x1f}, 0x800, 0x8239, 0x7fff, 0x1, 0x1000, 0x9, 0x7}) 08:15:24 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r3 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/pfkey\x00', 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x552, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, r3}, 0x78) syz_kvm_setup_cpu$x86(r3, r2, &(0x7f0000fe8000/0x18000)=nil, 0x0, 0x0, 0x4, 0x0, 0x16) ioctl$KVM_GET_XCRS(0xffffffffffffffff, 0x8188aea6, &(0x7f0000000000)=ANY=[@ANYBLOB="010002d59400000500ade76e876e03c8cc0000"]) ioctl$KVM_RUN(r2, 0xae80, 0x0) 08:15:24 executing program 2: r0 = open(&(0x7f0000000100)='./file0\x00', 0x10000, 0x0) r1 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) write(r0, &(0x7f0000000600)="34fd98aa1d0e7adec937a5f331a75f487934f50242a0751944936972896c29a5068c8ecba1aa0a4e2a631b5180e1fbde79f4502dc4c4a1fba9dcd9ed83e639aefa1b87631c33d1a82cb0c0035676ddfeb0fe7984d7519b0f839d497fc9d64ef14d1de22220ff2623df4950134b9fb734a52adad95f131cce3672a9d7d7b400d2c62810b5f20351639330948107bf8d4534a03ac389455c54d8eb4d609b3e858b7213b38eb01f0eeaba3739ae927916e28da6a79a3fd5e32d30ab30bf959d4596e5ffbff6789a650b9e7d248d1ba849012336a4f3ef8fab07a8f5b81bb0bc45b2174538315ca12b7c723b2157562564a8a1f19d28179f8c565448e0e921b8c3e6fc4adaafa8b929ad077f633325b6a6f71a586cabc4883e03e19315f946b277858593a7367e232202fe9ad656c6768a1517da7f0498b48cb078e929fb11db0cc551f754bffc4859dd89a396915cc809b07d448573098409ea21371056f67ef4114ec10547f498d24513fe594308bf022868ad21e85bba811942fdc45161a1a8a7fe00d5c6b05ed7954f631bbd12a5c9a5cfa5965e0595de608b04ebe02b3fcbf3b9f57807a1a7ad8528992e2ec65949da2f4a0478dfd3ae52639c15d8aeaa351da6d393b58c772168fae604d097fef4d6b9360eb169a0b0ee70cdc22435a003e68698f61b3b63b1f51011bc8f4ef944c1de821785f670124a1c6ed18335d63412", 0x200) sendfile(r0, r1, 0x0, 0x666d) sendfile(r0, r1, 0x0, 0xa195) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) r3 = dup(r2) bpf$OBJ_PIN_MAP(0x6, &(0x7f0000000040)={&(0x7f0000000000)='./file0\x00', r3}, 0x10) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) 08:15:24 executing program 3: r0 = socket$kcm(0x11, 0xa, 0x300) ioctl$FS_IOC_FSSETXATTR(r0, 0x401c5820, &(0x7f0000000280)={0xa1, 0x0, 0x9, 0x7fff, 0x4}) socket$kcm(0x10, 0x3, 0x0) mknod$loop(&(0x7f0000000080)='./file0\x00', 0x0, 0xffffffffffffffff) r1 = open(&(0x7f0000000080)='./file0\x00', 0x40002, 0x0) r2 = open$dir(&(0x7f0000000100)='./file0\x00', 0x4002, 0x0) write$FUSE_DIRENT(r1, &(0x7f0000000280)=ANY=[], 0x0) truncate(&(0x7f0000000240)='./file0\x00', 0x90002) r3 = syz_open_dev$sndpcmp(0x0, 0x8, 0x0) getsockname$packet(r3, &(0x7f0000000180), &(0x7f00000001c0)=0x14) sendfile(r1, r2, 0x0, 0x7fffffff) r4 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fcntl$setstatus(r4, 0x4, 0x42000) sendfile(r2, r2, &(0x7f0000000140)=0x8800, 0x8800000) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000004fc8)={0x0, 0x0, &(0x7f000000b000)={&(0x7f0000000300)=ANY=[@ANYBLOB="000000001000"/20, @ANYRES32=0x0, @ANYBLOB="0800000000000000a986d30f3ad834f91ee8accd9807d07cf68c78573e8e68d2d46df596bce6380be53a4611b61ea39421db7afb3237dd380c51b9731f98f3845aba3d46f79cc127b359fbd557239ecc18162360895634931ea4db98426d392bc1c167bf2472b3ae3ae221587abcf2a0940a3a0ae96528413d67181ecac393e799d3d13ad5b69a8ddd26bba9"]}}, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x4}, 0x2c) r5 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_S_EXT_CTRLS(r5, 0xc0205648, &(0x7f0000000080)={0x0, 0x7}) r6 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VFIO_SET_IOMMU(r1, 0x3b66, 0x3) ioctl$sock_SIOCOUTQ(0xffffffffffffffff, 0x5411, &(0x7f00000003c0)) ioctl$VIDIOC_S_EXT_CTRLS(r6, 0xc0205648, &(0x7f0000000080)={0x0, 0x7}) sendfile(r6, r3, &(0x7f00000002c0)=0x1000001, 0x6) syz_genetlink_get_family_id$tipc2(&(0x7f0000000200)='TIPCv2\x00') sendmsg$TIPC_NL_LINK_SET(r1, &(0x7f0000000440)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000400)={&(0x7f0000000880)=ANY=[@ANYBLOB="740100001789e1605cccd1a788a01489ce7e8cc7f509f67835d9cc95df892e8df53c2490a463371479274dce06444cd9fce79a74202c2c78e477b2f964fb0ecabfa33e5e5aaa1790a455535cc02894652e40bab1f2a327e913faafcddbf28d719d83dc0a2a5ca59c2a9435e68928bd324267d9e4c91b2116ad6420574ab0527ca8a26e1373b8559c2a237c3b841fe6fc393354c2281cd02208b40950cf848d487ffb97ebc9ba5c75dedaf052b2923ac8e3bdab50de20157c3e0eef3edab97a81e0afa6fe60f49ed4d1b3c187160ff48a23b5d77984e9eb77acce44e8fb4f4f8950efccc9f43500"/244, @ANYRES16=0x0, @ANYBLOB="000129bd7000fbdbdf25090000003000070008000200010000000c000400e3a400000000000008000200e4ffffff080002000000000008000200040000003c000200080001000300000004000400080001000100010008000200aa0000000400010000fe000008000200e73c00000400040008000100060000008c0004000c00010073797a30000000002400070008000300020000000800030020000000080003000300000008000300090000001400010062726f6164636173742d6c696e6b0000440007000800040000000000080001000d00000008000100060000000800020000010000080001001000000008000400060000000800020002000000080002000800000014000900080002005c0a000008000200c3f60000100007000c000400ff0100000000000030000700080002000800000008000100090000000c000300800a000000000000080002008100000008000200000000801400020008000100cc0000000400040004000400"], 0x174}, 0x1, 0x0, 0x0, 0x20040000}, 0x10840) 08:15:24 executing program 1: r0 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/pfkey\x00', 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x552, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, r0}, 0x78) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000180)={0x220, @time={0x7, 0x8000}, 0x5, {0x3d, 0x1}, 0x0, 0x2}) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r1 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x552, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78) setsockopt$inet_mreqsrc(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) fchdir(r1) r2 = open(&(0x7f0000000100)='./file0\x00', 0x40c2, 0x40) r3 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) r4 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) r5 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_S_EXT_CTRLS(r5, 0xc0205648, &(0x7f0000000080)={0x0, 0x7}) ioctl$VIDIOC_S_EXT_CTRLS(r5, 0xc0205648, &(0x7f0000000240)={0x9c0000, 0x7, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000000)={0x0, 0x0, [], @ptr=0xbfeb}}) r6 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_S_EXT_CTRLS(r6, 0xc0205648, &(0x7f0000000080)={0x0, 0x7}) ioctl$VIDIOC_S_EXT_CTRLS(r4, 0xc0205648, &(0x7f0000000080)={0x0, 0x7, 0x1, r6}) openat$md(0xffffffffffffff9c, &(0x7f0000000000)='/dev/md0\x00', 0x20000, 0x0) r7 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_S_EXT_CTRLS(r7, 0xc0205648, &(0x7f0000000080)={0x0, 0x7}) write(r7, &(0x7f0000000600)="34fd98aa1d0e7adec937a5f331a75f487934f50242a0751944936972896c29a5068c8ecba1aa0a4e2a631b5180e1fbde79f4502dc4c4a1fba9dcd9ed83e639aefa1b87631c33d1a82cb0c0035676ddfeb0fe7984d7519b0f839d497fc9d64ef14d1de22220ff2623df4950134b9fb734a52adad95f131cce3672a9d7d7b400d2a42810b5f20351639330948107bf8d4534a03ac389455c540eeaba3739ae927916e28da6a79a3fd5e32d30ab30bf959d4596e5ffbff6789a650b9e7d248d1ba849012336a4f3ef8fab07a8f5b81bb0bc45b2174538315ca12b7c723b2157562564a8a1f19d28179f8c565448e0e921b8c3e6fc4adaafa8b929ad077fff010000a6f71a586cabc4883e03e19315f946b277858593a7367e232202fe9ad656c6768a1517da7f0498b48cb078e929fb11db0cc551f754bffc4859dd89a396915cc809b07d448573098409ea21371056f67ef4114ec10547f498d24533fe594308bf022868ad21e85bba811942fdc45161a1a8a766febde40c0eb850fe00d5c6b05ed7954f631bbd12a5c9a5cfa5965e0595de608b04ebe02b3fcbf3b9f57807a1a7ad8528992e2ec65949da2f4a0478dfd3ae52639c15d8aeaa351da6d393b58c772168fae604d097fef4d6b9360eb169a0b0ee70cdc22435a003e68698f61b3b63b1f51011bc8f4ef944c1de821785f670124a00"/512, 0xfffffffffffffd95) sendfile(r2, r3, 0x0, 0x7fffffa7) r8 = open(&(0x7f0000000040)='./file0\x00', 0x141042, 0x0) sendfile(r8, r2, 0x0, 0xffffffff) r9 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_S_EXT_CTRLS(r9, 0xc0205648, &(0x7f0000000080)={0x0, 0x7}) ioctl$FS_IOC_GET_ENCRYPTION_POLICY_EX(r9, 0xc0096616, &(0x7f00000001c0)={0x3, [0x0, 0x0, 0x0]}) 08:15:24 executing program 5: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000000)="6653070000053c07bc3376003639405cb4aed1e68f7d368b3fb62f00000000", 0x1f}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0xb, 0x0) [ 1309.095202][ T27] audit: type=1800 audit(1577520924.831:842): pid=21015 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="file0" dev="loop1" ino=589 res=0 [ 1309.129167][ T27] audit: type=1804 audit(1577520924.851:843): pid=21015 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir643497950/syzkaller.E8iwYA/262/file0/file0" dev="loop1" ino=589 res=1 [ 1309.162286][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 1309.168120][ C0] protocol 88fb is buggy, dev hsr_slave_1 08:15:24 executing program 2: r0 = socket$inet6(0xa, 0x2, 0x0) sendmsg$inet6(r0, &(0x7f0000000240)={&(0x7f0000000140)={0xa, 0x4e24, 0x0, @remote}, 0x1c, 0x0, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1400000000000000290000003e000000000000000000000062ed6616755784f61b8d6900ab498e710fd3c9e9d89fdab1b0bf3f1aedcbe6eb009354e8828d4d"], 0x18}, 0x0) 08:15:24 executing program 1: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x3cd, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x552, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78) setsockopt$inet_mreqsrc(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000100)='./file0\x00', 0x40c2, 0x40) r2 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) write(r1, &(0x7f0000000600)="34fd98aa1d0e7adec937a5f331a75f487934f50242a0751944936972896c29a5068c8ecba1aa0a4e2a631b5180e1fbde79f4502dc4c4a1fba9dcd9ed83e639aefa1b87631c33d1a82cb0c0035676ddfeb0fe7984d7519b0f839d497fc9d64ef14d1de22220ff2623df4950134b9fb734a52adad95f131cce3672a9d7d7b400d2c62810b5f20351639330948107bf8d4534a03ac389455c54d8eb4d609b3e858b7213b38eb01f0eeaba3739ae927916e28da6a79a3fd5e32d30ab30bf959d4596e5ffbff6789a650b9e7d248d1ba849012336a4f3ef8fab07a8f5b81bb0bc45b2174538315ca12b7c723b2157562564a8a1f19d28179f8c565448e0e921b8c3e6fc4adaafa8b929ad077f633325b6a6f71a586cabc4883e03e19315f946b277858593a7367e232202fe9ad656c6768a1517da7f0498b48cb078e929fb11db0cc551f754bffc4859dd89a396915cc809b07d448573098409ea21371056f67ef4114ec10547f498d24513fe594308bf022868ad21e85bba811942fdc45161a1a8a7fe00d5c6b05ed7954f631bbd12a5c9a5cfa5965e0595de608b04ebe02b3fcbf3b9f57807a1a7ad8528992e2ec65949da2f4a0478dfd3ae52639c15d8aeaa351da6d393b58c772168fae604d097fef4d6b9360eb169a0b0ee70cdc22435a003e68698f61b3b63b1f51011bc8f4ef944c1de821785f670124a1c6ed18335d63412", 0x200) sendfile(r1, r2, 0x0, 0x7fffffa7) r3 = open(&(0x7f0000000040)='./file0\x00', 0x141042, 0x0) sendfile(r3, r1, 0x0, 0xffffffff) [ 1309.180876][ T27] audit: type=1804 audit(1577520924.861:844): pid=21015 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir643497950/syzkaller.E8iwYA/262/file0/file0" dev="loop1" ino=589 res=1 [ 1309.217620][ T27] audit: type=1804 audit(1577520924.901:845): pid=21015 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir643497950/syzkaller.E8iwYA/262/file0/file0" dev="loop1" ino=589 res=1 [ 1309.369718][ T27] audit: type=1800 audit(1577520925.101:846): pid=21036 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="file0" dev="sda1" ino=16680 res=0 08:15:25 executing program 2: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000001c0), 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000003c0)='./cgroup\x00', 0x200002, 0x0) fchdir(r0) getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, &(0x7f0000000580)={{{@in6=@mcast2, @in=@initdev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6}, 0x0, @in6=@initdev}}, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000080)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) ioctl$VIDIOC_PREPARE_BUF(0xffffffffffffffff, 0xc058565d, &(0x7f00000019c0)={0x1, 0x8, 0x4, 0x2000, 0x8, {}, {0x2, 0x8, 0x81, 0x5, 0x7, 0x2, "95bbab81"}, 0x43, 0x4, @offset=0x2, 0x4, 0x0, r0}) r3 = syz_genetlink_get_family_id$team(&(0x7f0000000500)='team\x00') r4 = socket(0x11, 0x800000003, 0x0) bind(r4, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000140)=0x14) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000001280)=ANY=[@ANYBLOB="d00800002400ffffff7f00000000ffffa6fffff7", @ANYRES32=r5, @ANYBLOB="0000000bf1ffffff000000000800010063627100a408020004040600030000000500000000700300fdffffffffff00001f0000000500000000010000000000100083000000fdffffff07000000084900000100000002000000cf000000feffffff0800003326f6000180000003000000090000000200000000274a49ef6949a7bb000000050000000100000004000000ff7f000000000000000400000002000004000000ff0f0000f44f350001000000010400005eb768350100000008000000ffffffffc38d00001f000000040008830600000000000100f7ffffff030000000080ffff050000000600000006000000a900000000000000c0000000c0ffffff08000000018000000101000006000000b300000000000020050000000104000004000000070000000800000001010000c22e0000c0ffffff0500000004000000060000000900000008000000f7ffffff0800000003000000080000000400000001030080040000000400000000100000040000000700000009000000fcffffff01000000010000000900000000020000060e0000080000000200000002000000090000000800000007000000ab000000fb00000007000000ff0100000800000001040000070000000300000009000000ff07000008000000ffff0000a90100000900000005000000200000000500000001000000070000008eb7000000000080010000000000000007000000fffffffffcffffff01f0ffff000000003f00000003000000000100000080000000800000030000000500000005000000ffffffff0700000015ba000004000000070000000300000003000000ffffffff04000000554f00006ff800000700000003000000000200000600000008000000b300000006000000000000000007000001010000030000000080000000040000730a000001000080010000009e0c0000000800000100008000000000000000004000000000fefffff67d000004000000ff01000002000000000000004000000040000000ed000000010001000e0a05000000000000020000040000000600000002000000ff7f00000100000001000000060000007f000000020000000004000004000000090000009000000008000000b6000000040000000400000005000000f50a0000ffff0000060000008ff9ffff070000001eaaffff3f0000008000000000000000ff0c0000ff7f0000030000007f0000002d0000000800000000010000ff070000ffffffff2bab000002000000ace800000500000000000000e1bf934d070000001f000d000300000004000000070000000900000005000000030000000200000087d400000200000008000000000100007f0000000e000000080000000200000007000000ffffff7f06000000000000000500000001000000820000001f0000000004000001000000faffffff0500000006000000070000000300000010000500810306009fff04000800000004040600d90b0000ff00000005000000040000001ba2cc3b00000080010000003f000000ff0f00201152c97303000000be060000fffffffffffeffff7f000000ff0000008100000000db040009000000070000000300000000000000060000008f5e0000010000000002000006000000010100000200000007000000000000e03189000001040000000800000600000004000000080000000400000002000000c00000000800000008000000f7ffffff05000000810000004d00000001000080eb0700001f000000090000000597000001000000000000000000000002000000ffff00000100000002000000000000e0a000000040000000ff000000f7ffffff0500000009000000070000000600000028080000030000000600000004000000be00000003000000070000000500000038080000faffffffffffffff47b5554d001000008100000007000000ffffffff040000000100000002000000566b00002000000004000000020000008b01000001000000ffff000004000000ff0f0000050000002000000003000000e40d000007000000f8ffffff200000003f000000387f00000700000007000000c10a000009000000040000000400000000000000008000000100008009000000370b000000000080ff07000006000000bb7900000400000002000000ffffff7f0300000000000000090000000700000005000000000000807f0000000900000008000000fad4ffffff01000001010000010000003f0000000400000020f2ffff01000100ffff0000010000000200000008000000fbfffffff9ffffff040000004d000000060000000200000002000000070000004e0d0000000200000800000035000000300e00000700000000040000020000000180000020000000f2ffffff070000000500000000010000fffffeff0900000000080000070000000800000009000000ff7f00000900000004000000040000000000000006000000050000000100000009000000080000007e0700000300000000800000bf16000002000006000000ffee0000000100000000000000001000006305000000000000000000007f00000010080000000000000100008002000000080000000101000003000000ffffff7ffffffffff7ffffff0600000003000000a6060000ff0300000700000001800000090000000200000000000000040000000080ffff00020000070000000500000001000100000000800000af06060000002b0a000005000000010000000500000009000000040000000500000002000000ffffff7ff30000000800000002000000ffff0000ff070000810000004000000075fc000009000000fbffffff0500000000000000810000000100000080000000d05e0000020000001f00000000000000ff010000451e00002d00000000000000ff0000001000030008001000ff070000010000001800010039031c020101000001000000000000060500000010000200e002807104000000ff03000018000100080d1e02800000000700000024709a02ff7f000010000500010000000000e0ff07000000100003001f0003000700000001010000180001000501040009000000040000000104000000000000f2275eef7138e6d8404ee35c1c03d0a7e3015b89e6e440ebafa27d5b8188804cd5beea2fda73c030f26439c9e4f2e27a824bfb4415f2af99b482560d1a447df28d8d838ad1a39caf40dc96c5f134529d47c0604f66f8714f8ee51165c4b029a7dc7e2f90de64a234d9098b06231c71bc79c43de912eb17614cf75d8c49152a801ac9a1326f0e334e0534faa8d8704d03c25495230a2ed4feb5298d99c124310dd8d4054c8be6bdb8bcede3d1552b08c169755c508c65ff8e1c50711a38d9a451eb650df96535fcc7669eb1f0f7fc5135a05b389610d33df49e9d1d3808c8fa0524b1caa582c913fedb22de15fbc7e7890faa48e6205a74bf817d48ea3dc9cddb6acc14b94522ccce95a27379b1ced543ad45de5016647e86154fd92670b9fc95ff90ea60fcf349981185b11322c4a48276eea082e4be45b9125653ba5f8ad8500d0d768b2de6b9e198568ecd526a1ba44c9180104fa91e55e31181b4acad815ef766bc8604c30c715da309a185645439aaabb542625905dc77193d45cde1978dc9c67cea6b01d2d4a28b13fc1e71d1f2a38537c44b629790b1305371c9e705771da5555c743b5b4adea2b95aa708f41e7a713277f5422f2bb669861730554e266f4ae61e0377f517b23ae4821e04e500cf998be043bab81fa38368a555f4a381eab2a692e06a4ca80bcb7570518078eb76bd313b23d0708cd26017f5a61b25a4fd45c27d7c3c7b21"], 0x8d0}}, 0x0) r6 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/pfkey\x00', 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x552, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, r6}, 0x78) getsockopt$inet6_IPV6_XFRM_POLICY(r6, 0x29, 0x23, &(0x7f0000001a40)={{{@in6=@ipv4={[], [], @dev}, @in6=@remote, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@mcast2}, 0x0, @in=@loopback}}, &(0x7f0000001b40)=0xe8) r8 = socket(0x11, 0x800000003, 0x0) bind(r8, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) getsockname$packet(r8, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000140)=0x14) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000001280)=ANY=[@ANYBLOB="d00800002400ffffff7f00000000ffffa6fffff7", @ANYRES32=r9, @ANYBLOB="0000000bf1ffffff000000000800010063627100a408020004040600030000000500000000700300fdffffffffff00001f0000000500000000010000000000100083000000fdffffff07000000084900000100000002000000cf000000feffffff0800003326f6000180000003000000090000000200000000274a49ef6949a7bb000000050000000100000004000000ff7f000000000000000400000002000004000000ff0f0000f44f350001000000010400005eb768350100000008000000ffffffffc38d00001f000000040008830600000000000100f7ffffff030000000080ffff050000000600000006000000a900000000000000c0000000c0ffffff08000000018000000101000006000000b300000000000020050000000104000004000000070000000800000001010000c22e0000c0ffffff0500000004000000060000000900000008000000f7ffffff0800000003000000080000000400000001030080040000000400000000100000040000000700000009000000fcffffff01000000010000000900000000020000060e0000080000000200000002000000090000000800000007000000ab000000fb00000007000000ff0100000800000001040000070000000300000009000000ff07000008000000ffff0000a90100000900000005000000200000000500000001000000070000008eb7000000000080010000000000000007000000fffffffffcffffff01f0ffff000000003f00000003000000000100000080000000800000030000000500000005000000ffffffff0700000015ba000004000000070000000300000003000000ffffffff04000000554f00006ff800000700000003000000000200000600000008000000b300000006000000000000000007000001010000030000000080000000040000730a000001000080010000009e0c0000000800000100008000000000000000004000000000fefffff67d000004000000ff01000002000000000000004000000040000000ed000000010001000e0a05000000000000020000040000000600000002000000ff7f00000100000001000000060000007f000000020000000004000004000000090000009000000008000000b6000000040000000400000005000000f50a0000ffff0000060000008ff9ffff070000001eaaffff3f0000008000000000000000ff0c0000ff7f0000030000007f0000002d0000000800000000010000ff070000ffffffff2bab000002000000ace800000500000000000000e1bf934d070000001f000d000300000004000000070000000900000005000000030000000200000087d400000200000008000000000100007f0000000e000000080000000200000007000000ffffff7f06000000000000000500000001000000820000001f0000000004000001000000faffffff0500000006000000070000000300000010000500810306009fff04000800000004040600d90b0000ff00000005000000040000001ba2cc3b00000080010000003f000000ff0f00201152c97303000000be060000fffffffffffeffff7f000000ff0000008100000000db040009000000070000000300000000000000060000008f5e0000010000000002000006000000010100000200000007000000000000e03189000001040000000800000600000004000000080000000400000002000000c00000000800000008000000f7ffffff05000000810000004d00000001000080eb0700001f000000090000000597000001000000000000000000000002000000ffff00000100000002000000000000e0a000000040000000ff000000f7ffffff0500000009000000070000000600000028080000030000000600000004000000be00000003000000070000000500000038080000faffffffffffffff47b5554d001000008100000007000000ffffffff040000000100000002000000566b00002000000004000000020000008b01000001000000ffff000004000000ff0f0000050000002000000003000000e40d000007000000f8ffffff200000003f000000387f00000700000007000000c10a000009000000040000000400000000000000008000000100008009000000370b000000000080ff07000006000000bb7900000400000002000000ffffff7f0300000000000000090000000700000005000000000000807f0000000900000008000000fad4ffffff01000001010000010000003f0000000400000020f2ffff01000100ffff0000010000000200000008000000fbfffffff9ffffff040000004d000000060000000200000002000000070000004e0d0000000200000800000035000000300e00000700000000040000020000000180000020000000f2ffffff070000000500000000010000fffffeff0900000000080000070000000800000009000000ff7f00000900000004000000040000000000000006000000050000000100000009000000080000007e0700000300000000800000bf16000002000006000000ffee0000000100000000000000001000006305000000000000000000007f00000010080000000000000100008002000000080000000101000003000000ffffff7ffffffffff7ffffff0600000003000000a6060000ff0300000700000001800000090000000200000000000000040000000080ffff00020000070000000500000001000100000000800000af06060000002b0a000005000000010000000500000009000000040000000500000002000000ffffff7ff30000000800000002000000ffff0000ff070000810000004000000075fc000009000000fbffffff0500000000000000810000000100000080000000d05e0000020000001f00000000000000ff010000451e00002d00000000000000ff0000001000030008001000ff070000010000001800010039031c020101000001000000000000060500000010000200e002807104000000ff03000018000100080d1e02800000000700000024709a02ff7f000010000500010000000000e0ff07000000100003001f0003000700000001010000180001000501040009000000040000000104000000000000f2275eef7138e6d8404ee35c1c03d0a7e3015b89e6e440ebafa27d5b8188804cd5beea2fda73c030f26439c9e4f2e27a824bfb4415f2af99b482560d1a447df28d8d838ad1a39caf40dc96c5f134529d47c0604f66f8714f8ee51165c4b029a7dc7e2f90de64a234d9098b06231c71bc79c43de912eb17614cf75d8c49152a801ac9a1326f0e334e0534faa8d8704d03c25495230a2ed4feb5298d99c124310dd8d4054c8be6bdb8bcede3d1552b08c169755c508c65ff8e1c50711a38d9a451eb650df96535fcc7669eb1f0f7fc5135a05b389610d33df49e9d1d3808c8fa0524b1caa582c913fedb22de15fbc7e7890faa48e6205a74bf817d48ea3dc9cddb6acc14b94522ccce95a27379b1ced543ad45de5016647e86154fd92670b9fc95ff90ea60fcf349981185b11322c4a48276eea082e4be45b9125653ba5f8ad8500d0d768b2de6b9e198568ecd526a1ba44c9180104fa91e55e31181b4acad815ef766bc8604c30c715da309a185645439aaabb542625905dc77193d45cde1978dc9c67cea6b01d2d4a28b13fc1e71d1f2a38537c44b629790b1305371c9e705771da5555c743b5b4adea2b95aa708f41e7a713277f5422f2bb669861730554e266f4ae61e0377f517b23ae4821e04e500cf998be043bab81fa38368a555f4a381eab2a692e06a4ca80bcb7570518078eb76bd313b23d0708cd26017f5a61b25a4fd45c27d7c3c7b21"], 0x8d0}}, 0x0) sendmsg$TEAM_CMD_PORT_LIST_GET(r2, &(0x7f0000001d40)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x1040000}, 0xc, &(0x7f0000001d00)={&(0x7f0000001b80)={0x158, r3, 0x2, 0x70bd2c, 0x25dfdbff, {}, [{{0x8, 0x1, r1}, {0xc0, 0x2, [{0x40, 0x1, @queue_id={{{0x24, 0x1, 'queue_id\x00'}, {0x8}, {0x8, 0x4, 0x4}}, {0x8, 0x6, r5}}}, {0x3c, 0x1, @enabled={{{0x24, 0x1, 'enabled\x00'}, {0x8}, {0x4}}, {0x8, 0x6, r7}}}, {0x40, 0x1, @lb_hash_stats={{{0x24, 0x1, 'lb_hash_stats\x00'}, {0x8}, {0x8, 0x4, 0x3}}, {0x8}}}]}}, {{0x8, 0x1, r9}, {0x74, 0x2, [{0x38, 0x1, @mcast_rejoin_interval={{0x24, 0x1, 'mcast_rejoin_interval\x00'}, {0x8}, {0x8, 0x4, 0x5}}}, {0x38, 0x1, @mcast_rejoin_count={{0x24, 0x1, 'mcast_rejoin_count\x00'}, {0x8}, {0x8, 0x4, 0x3ff}}}]}}]}, 0x158}, 0x1, 0x0, 0x0, 0x80}, 0x4) umount2(&(0x7f0000000540)='./file0\x00', 0x0) r10 = socket$inet_udp(0x2, 0x2, 0x0) r11 = dup(0xffffffffffffffff) shutdown(r10, 0x0) connect$bt_rfcomm(r11, &(0x7f0000000180)={0x1f, {0x81, 0x40, 0x0, 0xa2, 0x40, 0x4}, 0xa5}, 0xa) ioctl$RTC_WKALM_RD(0xffffffffffffffff, 0x80287010, 0x0) msgctl$MSG_INFO(0x0, 0xc, &(0x7f0000000980)=""/34) pipe2(0x0, 0x0) [ 1309.444969][ T27] audit: type=1804 audit(1577520925.171:847): pid=21036 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir643497950/syzkaller.E8iwYA/263/file0" dev="sda1" ino=16680 res=1 08:15:25 executing program 3: r0 = socket$kcm(0x11, 0xa, 0x300) ioctl$FS_IOC_FSSETXATTR(r0, 0x401c5820, &(0x7f0000000280)={0xa1, 0x0, 0x9, 0x7fff, 0x4}) socket$kcm(0x10, 0x3, 0x0) mknod$loop(&(0x7f0000000080)='./file0\x00', 0x0, 0xffffffffffffffff) r1 = open(&(0x7f0000000080)='./file0\x00', 0x40002, 0x0) r2 = open$dir(&(0x7f0000000100)='./file0\x00', 0x4002, 0x0) write$FUSE_DIRENT(r1, &(0x7f0000000280)=ANY=[], 0x0) truncate(&(0x7f0000000240)='./file0\x00', 0x90002) r3 = syz_open_dev$sndpcmp(0x0, 0x8, 0x0) getsockname$packet(r3, &(0x7f0000000180), &(0x7f00000001c0)=0x14) sendfile(r1, r2, 0x0, 0x7fffffff) r4 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fcntl$setstatus(r4, 0x4, 0x42000) sendfile(r2, r2, &(0x7f0000000140)=0x8800, 0x8800000) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000004fc8)={0x0, 0x0, &(0x7f000000b000)={&(0x7f0000000300)=ANY=[@ANYBLOB="000000001000"/20, @ANYRES32=0x0, @ANYBLOB="0800000000000000a986d30f3ad834f91ee8accd9807d07cf68c78573e8e68d2d46df596bce6380be53a4611b61ea39421db7afb3237dd380c51b9731f98f3845aba3d46f79cc127b359fbd557239ecc18162360895634931ea4db98426d392bc1c167bf2472b3ae3ae221587abcf2a0940a3a0ae96528413d67181ecac393e799d3d13ad5b69a8ddd26bba9"]}}, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x4}, 0x2c) r5 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_S_EXT_CTRLS(r5, 0xc0205648, &(0x7f0000000080)={0x0, 0x7}) r6 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VFIO_SET_IOMMU(r1, 0x3b66, 0x3) ioctl$sock_SIOCOUTQ(0xffffffffffffffff, 0x5411, &(0x7f00000003c0)) ioctl$VIDIOC_S_EXT_CTRLS(r6, 0xc0205648, &(0x7f0000000080)={0x0, 0x7}) sendfile(r6, r3, &(0x7f00000002c0)=0x1000001, 0x6) syz_genetlink_get_family_id$tipc2(&(0x7f0000000200)='TIPCv2\x00') sendmsg$TIPC_NL_LINK_SET(r1, &(0x7f0000000440)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000400)={&(0x7f0000000880)=ANY=[@ANYBLOB="740100001789e1605cccd1a788a01489ce7e8cc7f509f67835d9cc95df892e8df53c2490a463371479274dce06444cd9fce79a74202c2c78e477b2f964fb0ecabfa33e5e5aaa1790a455535cc02894652e40bab1f2a327e913faafcddbf28d719d83dc0a2a5ca59c2a9435e68928bd324267d9e4c91b2116ad6420574ab0527ca8a26e1373b8559c2a237c3b841fe6fc393354c2281cd02208b40950cf848d487ffb97ebc9ba5c75dedaf052b2923ac8e3bdab50de20157c3e0eef3edab97a81e0afa6fe60f49ed4d1b3c187160ff48a23b5d77984e9eb77acce44e8fb4f4f8950efccc9f43500"/244, @ANYRES16=0x0, @ANYBLOB="000129bd7000fbdbdf25090000003000070008000200010000000c000400e3a400000000000008000200e4ffffff080002000000000008000200040000003c000200080001000300000004000400080001000100010008000200aa0000000400010000fe000008000200e73c00000400040008000100060000008c0004000c00010073797a30000000002400070008000300020000000800030020000000080003000300000008000300090000001400010062726f6164636173742d6c696e6b0000440007000800040000000000080001000d00000008000100060000000800020000010000080001001000000008000400060000000800020002000000080002000800000014000900080002005c0a000008000200c3f60000100007000c000400ff0100000000000030000700080002000800000008000100090000000c000300800a000000000000080002008100000008000200000000801400020008000100cc0000000400040004000400"], 0x174}, 0x1, 0x0, 0x0, 0x20040000}, 0x10840) 08:15:25 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_S_EXT_CTRLS(r2, 0xc0205648, &(0x7f0000000080)={0x0, 0x7}) ioctl$FS_IOC_SETFSLABEL(r2, 0x41009432, &(0x7f00000001c0)="5e3b067339c3793d9ca5bc98953a540af7637afd3f15a57f7d8c78e65f3f890e75722a8c1db560456969d5fa9c9444a5fe122c5ef0741182b922cd13827fb8b8b4a346b82ddde2ea99f7a412b2c6ca5a63316bd930e2afef611e908eca685c61fc6f656132236387451352833055dfda19d833bac6552ec5bff769887a86e5c580d999e073e48ad02dc4515f53c1731a38b402a4707b560ff946b8fbaeec48b8be6ada4a0e0ffc4de1d36dfefab0f481a8f77b552be789d4f25cf1c53f75c8f5715c6fa8845e094d9b132b6abb53d531efc95a050e9e64dcfed57ef8fe7a2a4dd2c994086c0b5cf61ba5baee7e5372e8e2120251129a9d5e134fcaf3721ac78a") r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, 0x0, 0x196, 0x0, 0x0, 0x0) ioctl$KVM_GET_XCRS(0xffffffffffffffff, 0x8188aea6, &(0x7f0000000000)=ANY=[@ANYBLOB="010002d59400000500ade76e876e03c8cc0000"]) ioctl$KVM_RUN(r3, 0xae80, 0x0) r4 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/pfkey\x00', 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x61, 0x0, r4}, 0x78) fsconfig$FSCONFIG_SET_BINARY(r4, 0x2, &(0x7f0000000040)='eth1/keyring&*em0\x00', &(0x7f0000000080)="8a1e74f798a0aa2503ae7b05b57468d949672dba87f76d843fbe5d42d1ce86ae24806ac7c63f56745cf50d762fb29ed64450cb9581d82121ef26c8e89af6e987fde4c2bd6704aa73fac1192330b435c251a0f5b72f4c517415e4e225c0455758778dcb", 0x63) [ 1309.507062][ T27] audit: type=1804 audit(1577520925.241:848): pid=21043 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir643497950/syzkaller.E8iwYA/263/file0" dev="sda1" ino=16680 res=1 08:15:25 executing program 2: r0 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/pfkey\x00', 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x552, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, r0}, 0x78) ioctl$EVIOCGEFFECTS(r0, 0x80044584, &(0x7f0000000100)=""/41) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r1, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="2e48000035000505d25a80648c63940d0124fc60100010400a000000053582c137153e370948018000f01700d1bd", 0x33fe0}], 0x1}, 0x0) r2 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/pfkey\x00', 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x552, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, r2}, 0x78) setsockopt$kcm_KCM_RECV_DISABLE(r2, 0x119, 0x1, &(0x7f00000000c0)=0x2, 0x4) [ 1309.740660][T21056] netlink: zone id is out of range [ 1309.751887][T21056] netlink: zone id is out of range [ 1309.802272][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 1309.802434][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1309.808082][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 1309.819878][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 1309.874805][T21056] netlink: set zone limit has 8 unknown bytes [ 1310.137209][ T27] audit: type=1804 audit(1577520925.871:849): pid=21072 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir643497950/syzkaller.E8iwYA/263/file0" dev="sda1" ino=16680 res=1 [ 1310.162405][ T27] audit: type=1804 audit(1577520925.871:850): pid=21072 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir643497950/syzkaller.E8iwYA/263/file0" dev="sda1" ino=16680 res=1 [ 1310.187140][ T27] audit: type=1804 audit(1577520925.901:851): pid=21067 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir643497950/syzkaller.E8iwYA/263/file0" dev="sda1" ino=16680 res=1 08:15:31 executing program 0: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(r0, 0x40086602, 0x400007) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) bpf$MAP_CREATE(0x0, 0x0, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0x32600) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r1, &(0x7f0000000000)=ANY=[@ANYBLOB], 0xda00) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000080)='cpu.stat\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x7fff}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffc}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) write$cgroup_int(r2, &(0x7f0000000200), 0x43400) ioctl$PERF_EVENT_IOC_MODIFY_ATTRIBUTES(r1, 0x4008240b, &(0x7f0000000280)={0x0, 0x70, 0xff, 0x1, 0x0, 0x3, 0x0, 0x100000000, 0xc17d06253f1d94fb, 0x2, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x8000, 0x4, @perf_config_ext={0x4, 0x1f}, 0x800, 0x8239, 0x7fff, 0x1, 0x1000, 0x9, 0x7}) 08:15:31 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x196, 0x0, 0x0, 0x0) r3 = openat$vcsa(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vcsa\x00', 0x10000, 0x0) ioctl$IMHOLD_L1(r3, 0x80044948, &(0x7f0000000080)=0x7fff) ioctl$KVM_GET_XCRS(0xffffffffffffffff, 0x8188aea6, &(0x7f0000000000)=ANY=[@ANYBLOB="010002d59400000500ade76e876e03c8cc0000"]) ioctl$KVM_RUN(r2, 0xae80, 0x0) 08:15:31 executing program 3: close(0xffffffffffffffff) pipe(&(0x7f00000000c0)) openat$fuse(0xffffffffffffff9c, 0x0, 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0xfffffffffffffff8}, 0x200}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb9, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x13102001ffa, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$FS_IOC_GET_ENCRYPTION_PWSALT(0xffffffffffffffff, 0x40106614, 0x0) kexec_load(0x0, 0x0, &(0x7f0000000080), 0x0) r0 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RWALK(r0, &(0x7f00000003c0)=ANY=[@ANYRES64], 0x8) r1 = getpid() rt_tgsigqueueinfo(r1, r1, 0x16, &(0x7f0000000100)) ptrace$pokeuser(0x6, r1, 0x388, 0xffffffffffffffff) r2 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) openat$uinput(0xffffffffffffff9c, &(0x7f0000000180)='/dev/uinput\x00', 0x4, 0x0) r4 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_S_EXT_CTRLS(r4, 0xc0205648, &(0x7f0000000080)={0x0, 0x7}) r5 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_S_EXT_CTRLS(r5, 0xc0205648, &(0x7f0000000080)={0x0, 0x7}) r6 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_S_EXT_CTRLS(r6, 0xc0205648, &(0x7f0000000080)={0x0, 0x7}) r7 = dup3(r6, 0xffffffffffffffff, 0x80000) dup2(r7, r3) syz_genetlink_get_family_id$team(&(0x7f00000001c0)='team\x00') ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f0000000540)={'team0\x00'}) r8 = socket$nl_route(0x10, 0x3, 0x0) r9 = socket(0x11, 0x800000003, 0x0) bind(r9, 0x0, 0x0) getsockname$packet(0xffffffffffffffff, &(0x7f0000000040)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x0) sendmsg$nl_route_sched(r8, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000800)=ANY=[@ANYBLOB="d00800002400ffc9baffff941b000005ffffa6fffff7146f24f4962be7ef2e22df9b34495a51cbe525e50572ee3acdad1becb068bccf46f6ab43f7ec640b77940ec99f5d3490f8ffffff74f578095aefea", @ANYBLOB="00000000ffffffff000e00000800010063627100a408020004040600030000000500000000700300fdffffffffff00001f0000000500000000020000010000000000100083000000fdffffff07000000084900000100000002000000cf000000feffffff080000000180000003000000090000000200000000800000d00d337d05000000050000000100000004000000ff7f000000000000000400000002000004000000ff0f0000f44f350001000000010400005eb768350100000008000000ffffffffc38d00001f000000040000000600000000000100f7ffffff030000000080ffff050000000600000006000000a900000000000000c0000000c0ffffff08000000018000000101000006000000b300000000000020050000000104000004000000070000000800000001010000c22e0000c0ffffff0500000004000000060000000900000008000000f7ffffff0800000003000000080000000400000001000080040000000400000000100000040000000700000009000000fcffffff01000000010000000900000000020000060e0000080000000200000002000000090000000800000007000000ab000000fb00000007000000ff0100000800000001040000070000000300000009230000ff07000008000000ffff0000a90100000900000005000000200000000500000001000000070000008eb7000000000080010000000000000007000000fffffffffcffffff01f0ffff000000003f00000003000000000100000080000000800000030000000500000005000000ffffffff0700000015ba000004000000070000000300000003000000ffffffff04000000554f00006ff800000700000003000000000200000600000008000000b3000000060000004b0d00000500000001010000030000000080000000040000730a000001000080010000009e0c0000000800000100008000000000000000004000000000fefffff67d000004000000ff01000002000000000000004000000040000000ed000000010001000e0a00000020000000020000040000000600000002000000ff7f00000100000001000000060000007f000000020000000004000004000000090000009000000008000000b6000000040000000400000005000000f50a0000ffff0000060000008ff9ffff070000001eaaffff3f0000008000000000000000ff0c0000ff7f0000030000007f0000002d0000000800000000010000ff070000ffffffff2bab000002000000ace800000500000000000000e1bf934d070000001f0000000300000004000000070000000900000005000000030000000200000087d400000200000008000000000100007f0000000e000000080000000200000007000000ffffff7f06000000000000000500000001000000820000001f0000000004000001000000faffffff0500000006000000070000000300000010000500810306009fff04000800000004040600d90b0000ff00000005000000040000001ba2cc3b00000080010000003f000000ff0f0000bd52c97303000000be060000fffffffffffeffff7f000000ff0000008100000000db040009000000070000000300000000000000060000008f5e0000010000000002000006000000010100000200000007000000000000e03189000001040000000800000600000004000000080000000400000002000000c00000000800000008000000f7ffffff05000000810000004d00000001000080eb0700001f000000090000000800000001000000000000000000000002000000ffff00000100000002000000000000e0a000000040000000ff000000f7ffffff0500000009000000070000000600000028080000030000000600000004000000be00000003000000070000000500000038080000faffffffffffffff47b5554d001000008100000007000000ffffffff040000000100000002000000566b00002000000004000000020000008b01000001000000ffff000004000000ff0f0000050000002014000003000000e40d000007000000f8ffffff200000003f000000387f00000700000007000000c10a000009000000040000000400000000000000008000000100008009000000370b000000000080ff07000006000000bb7900000400000002000000ffffff7f0300000000000000090000000700000005000000000000807f0000000900000008000000fad4ffffff01000001010000010000003f0000000400000020f2ffff01000100ffff0000010000000200000008000000fbfffffff9ffffff040000004d000000060000000200000002000000070000004e0d0000000200000800000035000000300e00000700000000040000020000000180000020000000f2ffffff070000000500000000010000fffffeff0900000000080000070000000800000009000000ff7f00000900000004000000040000000000000006000000050000000100000009000000080000007e0700000300000000800000bf16000002000000d9c3ffffee0000000100000000000000001000006305000000000000000000007f00000010080000000000000100008002000000080000000101000003000000ffffff7ffffffffff7ffffff0600000003000000a6060000ff0300000700000001800000090000000200000000000000040000000080ffff00020000070000000500000001000100000000800000af06060000002b0a000005000000010000000500000009000000040000000500000002000000ffffff7ff30000000800000002000000ffff0000ff070000810000004000000075fc000009000000fbffffff0500000000000000810000000100000080000000d05e0000020000001f00000000000000ff010000451e00002d00000000000000ff0000001000030008001000ff070000010000001800010039031c020101000001000000000000060500000010000200e002807104000000ff03000018000100080d1e02800000000700000024709a02ff7f0000100005001f02df00e5b9fb0007000000100003001f000300070000000101000018fd010005010400090000000400000001040000000000000152d50f6365daeb9c99d09b44785c38ea0d1bcf51e44751de5a729eb37c5c10ce8b3da395baebea9fcdcba6a096515f9de8bb86fa5639e5abc7e282c2d89d6f019fe17ba6806fce8d21e78e20320e2bda8991ecfd0f06dbabd031b574b18d39c91514e2a8e10c11c133f37f713cc7ba213f0b431efd846bf8c97994e0809e66d6856cd0ffa6b821fae98fcc8c0f5f829312d5f6053f844fac4070e23dbc54361d6e1c3fca4dff868987651fe102a3079500129cf4f33b5f993e235d198f7a08967342bb"], 0x2}}, 0x0) r10 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r11 = ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r11, 0xae60) ioctl$KVM_CREATE_VCPU(r11, 0xae41, 0x0) r12 = dup3(0xffffffffffffffff, r11, 0x0) getsockname$packet(r12, &(0x7f0000000640)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000680)=0x14) r13 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r14 = ioctl$KVM_CREATE_VM(r13, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r14, 0xae60) r15 = ioctl$KVM_CREATE_VCPU(r14, 0xae41, 0x0) dup2(0xffffffffffffffff, r15) socket$nl_route(0x10, 0x3, 0x0) r16 = socket(0x11, 0x800000003, 0x0) bind(r16, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0xffffffffffffff24, &(0x7f00000002c0)={&(0x7f0000000180)=ANY=[], 0x3}}, 0x80) accept4$packet(0xffffffffffffffff, &(0x7f0000000780)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @local}, &(0x7f00000007c0)=0x14, 0x0) socket(0x9, 0x4, 0xfe) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000001200)=ANY=[@ANYBLOB="d00800002400ffffff7f00000005ffffa6fffff706e13bf95bfdeedd7915a8a6188dc939fbfcc5e01068dc08000000000000001b85e692ff5743ba6147780794fdc3a39a5f99e08e70cb10c2ad6a435e23e3a0a7377e1420dabbcc95261f40d2c6c82705c4af73f0", @ANYRES32, @ANYBLOB="00000000ffffffff000e00000800010063627100a408020004040600030000000500000000700300fdffffffffff00001f0000000500000000020000010000000000100083000000fdffffff07000000084900000100000002000000cf000000feffffff080000000180000003000000090000000200000000800000d00d337d05000000050000000100000004000000ff7f000000000000000400000002000004000000ff0f0000f44f350001000000010400005eb768350100000008000000ffffffffc38d00001f000000040000000600000000000100f7ffffff030000000080ffff050000000600000006000000a900000000000000c0000000c0ffffff08000000018000000101000006000000b300000000000020050000000104000004000000070000000800000001010000c22e0000c0ffffff0500000004000000060000000900000008000000f7ffffff0800000003000000080000000400000001000080040000000400000000100000040000000700000009000000fcffffff01000000010000000900000000020000060e0000080000000200000002000000090000000800000007000000ab000000fb00000007000000ff0100000800000001040000070000000300000009230000ff07000008000000ffff0000a90100000900000005000000200000000500000001000000070000008eb7000000000080010000000000000007000000fffffffffcffffff01f0ffff000000003f00000003000000000100000080000000800000030000000500000005000000ffffffff0700000015ba000004000000070000000300000003000000ffffffff04000000554f00006ff800000700000003000000000200000600000008000000b3000000060000004b0d00000500000001010000030000000080000000040000730a000001000080010000009e0c0000000800000100008000000000000000004000000000fefffff67d000004000000ff01000002000000000000004000000040000000ed000000010001000e0a00000020000000020000040000000600000002000000ff7f00000100000001000000060000007f000000020000000004000004000000090000009000000008000000b6000000040000000400000005000000f50a0000ffff0000060000008ff9ffff070000001eaaffff3f0000008000000000000000ff0c0000ff7f0000030000007f0000002d0000000800000000010000ff070000ffffffff2bab000002000000ace800000500000000000000e1bf934d070000001f0000000300000004000000070000000900000005000000030000000200000087d400000200000008000000000100007f0000000e000000080000000200000007000000ffffff7f06000000000000000500000001000000820000001f0000000004000001000000faffffff0500000006000000070000000300000010000500810306009fff04000800000004040600d90b0000ff00000005000000040000001ba2cc3b00000080010000003f000000ff0f0000bd52c97303000000be060000fffffffffffeffff7f000000ff0000008100000000db040009000000070000000300000000000000060000008f5e0000010000000002000006000000010100000200000007000000000000e03189000001040000000800000600000004000000080000000400000002000000c00000000800000008000000f7ffffff05000000810000004d00000001000080eb0700001f000000090000000800000001000000000000000000000002000000ffff00000100000002000000000000e0a000000040000000ff000000f7ffffff0500000009000000070000000600000028080000030000000600000004000000be00000003000000070000000500000038080000faffffffffffffff47b5554d001000008100000007000000ffffffff040000000100000002000000566b00002000000004000000020000008b01000001000000ffff000004000000ff0f0000050000002014000003000000e40d000007000000f8ffffff200000003f000000387f00000700000007000000c10a000009000000040000000400000000000000008000000100008009000000370b000000000080ff07000006000000bb7900000400000002000000ffffff7f0300000000000000090000000700000005000000000000807f0000000900000008000000fad4ffffff01000001010000010000003f0000000400000020f2ffff01000100ffff0000010000000200000008000000fbfffffff9ffffff040000004d000000060000000200000002000000070000004e0d0000000200000800000035000000300e00000700000000040000020000000180000020000000f2ffffff070000000500000000010000fffffeff0900000000080000070000000800000009000000ff7f00000900000004000000040000000000000006000000050000000100000009000000080000007e0700000300000000800000bf16000002000000d9c3ffffee0000000100000000000000001000006305000000000000000000007f00000010080000000000000100008002000000080000000101000003000000ffffff7ffffffffff7ffffff0600000003000000a6060000ff0300000700000001800000090000000200000000000000040000000080ffff00020000070000000500000001000100000000800000af06060000002b0a000005000000010000000500000009000000040000000500000002000000ffffff7ff30000000800000002000000ffff0000ff070000810000004000000075fc000009000000fbffffff0500000000000000810000000100000080000000d05e0000020000001f00000000000000ff010000451e00002d00000000000000ff0000001000030008001000ff070000010000001800010039031c020101000001000000000000060500000010000200e002807104000000ff03000018000100080d1e02800000000700000024709a02ff7f0000100005001f02df00e5b9fb0007000000100003001f000300070000000101000018fd010005010400090000000400000001040000000000000152d50f6365daeb9c99d09b44785c38ea0d1bcf51e44751de5a729eb37c5c10ce8b3da395baebea9fcdcba6a096515f9de8bb86fa5639e5abc7e282c2d89d6f019fe17ba6806fce8d21e78e20320e2bda8991ecfd0f06dbabd031b574b18d39c91514e2a8e10c11c133f37f713cc7ba213f0b431efd846bf8c97994e0809e66d6856cd0ffa6b821fae98fcc8c0f5f829312d5f6053f844fac4070e23dbc54361d6e1c3fca4dff868987651fe102a3079500129cf4f33b5f993e235d198f7a08967342bbd69384f9a0de7dac23efc25f4276516e09ab16ec84f1f2"], 0x8d0}}, 0x0) 08:15:31 executing program 2: mkdir(&(0x7f0000000000)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$swradio(&(0x7f00000000c0)='/dev/swradio#\x00', 0xffffffffffffffff, 0x2) ioctl$VIDIOC_QUERY_EXT_CTRL(r0, 0xc0e85667, &(0x7f0000001280)={0x40000000, 0x0, "ad1eb7de70173150fc67eec52ec2c5d34a3dd6bb47b5d4620e9a247ae445c54d"}) socket$kcm(0x29, 0x0, 0x0) syz_open_dev$admmidi(&(0x7f0000000600)='/dev/admmidi#\x00', 0x8000, 0x8000) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000440)=ANY=[]}}, 0x0) setsockopt$packet_add_memb(0xffffffffffffffff, 0x107, 0x1, &(0x7f0000000640)={0x0, 0x1, 0x6, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xe}}, 0x10) setxattr$security_capability(&(0x7f0000000040)='./file0\x00', &(0x7f0000000300)='security.capability\x00', 0x0, 0x0, 0x0) pivot_root(&(0x7f0000000140)='./file0\x00', 0x0) rename(0x0, &(0x7f0000000340)='./bus\x00') syz_mount_image$msdos(0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) setuid(0x0) 08:15:31 executing program 1: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x552, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78) setsockopt$inet_mreqsrc(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000100)='./file0\x00', 0x40c2, 0x40) r2 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) write(r1, &(0x7f0000000600)="34fd98aa1d0e7adec937a5f331a75f487934f50242a0751944936972896c29a5068c8ecba1aa0a4e2a631b5180e1fbde79f4502dc4c4a1fba9dcd9ed83e639aefa1b87631c33d1a82cb0c0035676ddfeb0fe7984d7519b0f839d497fc9d64ef14d1de22220ff2623df4950134b9fb734a52adad95f131cce3672a9d7d7b400d2c62810b5f20351639330948107bf8d4534a03ac389455c54d8eb4d609b3e858b7213b38eb01f0eeaba3739ae927916e28da6a79a3fd5e32d30ab30bf959d4596e5ffbff6789a650b9e7d248d1ba849012336a4f3ef8fab07a8f5b81bb0bc45b2174538315ca12b7c723b2157562564a8a1f19d28179f8c565448e0e921b8c3e6fc4adaafa8b929ad077f633325b6a6f71a586cabc4883e03e19315f946b277858593a7367e232202fe9ad656c6768a1517da7f0498b48cb078e929fb11db0cc551f754bffc4859dd89a396915cc809b07d448573098409ea21371056f67ef4114ec10547f498d24513fe594308bf022868ad21e85bba811942fdc45161a1a8a7fe00d5c6b05ed7954f631bbd12a5c9a5cfa5965e0595de608b04ebe02b3fcbf3b9f57807a1a7ad8528992e2ec65949da2f4a0478dfd3ae52639c15d8aeaa351da6d393b58c772168fae604d097fef4d6b9360eb169a0b0ee70cdc22435a003e68698f61b3b63b1f51011bc8f4ef944c1de821785f670124a1c6ed18335d63412", 0x200) sendfile(r1, r2, 0x0, 0x7fffffa7) r3 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000180)='IPVS\x00') sendmsg$IPVS_CMD_ZERO(r0, &(0x7f0000000240)={&(0x7f0000000000), 0xc, &(0x7f00000001c0)={&(0x7f0000000300)={0xe8, r3, 0x200, 0x70bd29, 0x25dfdbfb, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x8}, @IPVS_CMD_ATTR_DEST={0x3c, 0x2, [@IPVS_DEST_ATTR_FWD_METHOD={0x8, 0x3, 0x1}, @IPVS_DEST_ATTR_FWD_METHOD={0x8, 0x3, 0x2}, @IPVS_DEST_ATTR_L_THRESH={0x8, 0x6, 0xfffffc00}, @IPVS_DEST_ATTR_WEIGHT={0x8, 0x4, 0x37a5}, @IPVS_DEST_ATTR_ACTIVE_CONNS={0x8, 0x7, 0x10000000}, @IPVS_DEST_ATTR_PERSIST_CONNS={0x8, 0x9, 0x7}, @IPVS_DEST_ATTR_U_THRESH={0x8, 0x5, 0x51}]}, @IPVS_CMD_ATTR_DEST={0xc, 0x2, [@IPVS_DEST_ATTR_ADDR_FAMILY={0x8, 0xb, 0xa}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8}, @IPVS_CMD_ATTR_DEST={0xc, 0x2, [@IPVS_DEST_ATTR_TUN_PORT={0x8, 0xe, 0x4e23}]}, @IPVS_CMD_ATTR_DAEMON={0x44, 0x3, [@IPVS_DAEMON_ATTR_SYNC_ID={0x8, 0x3, 0x3}, @IPVS_DAEMON_ATTR_MCAST_GROUP6={0x14, 0x6, @mcast1}, @IPVS_DAEMON_ATTR_STATE={0x8, 0x1, 0x3}, @IPVS_DAEMON_ATTR_MCAST_GROUP6={0x14, 0x6, @dev={0xfe, 0x80, [], 0x18}}, @IPVS_DAEMON_ATTR_STATE={0x8, 0x1, 0x7}]}, @IPVS_CMD_ATTR_SERVICE={0x1c, 0x1, [@IPVS_SVC_ATTR_FWMARK={0x8}, @IPVS_SVC_ATTR_PROTOCOL={0x8}, @IPVS_SVC_ATTR_PORT={0x8, 0x4, 0x4e24}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0xd8}]}, 0xe8}, 0x1, 0x0, 0x0, 0x10}, 0x34fd7d7ac96604a9) r4 = open(&(0x7f0000000040)='./file0\x00', 0x141042, 0x0) sendfile(r4, r1, 0x0, 0xffffffff) 08:15:31 executing program 5: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000000)="6653070000053c07bc3376003639405cb4aed1e68f7d368b3fb62f00000000", 0x1f}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0xc, 0x0) [ 1315.416638][ T27] audit: type=1800 audit(1577520931.151:852): pid=21091 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="file0" dev="loop1" ino=590 res=0 [ 1315.509901][ T27] audit: type=1804 audit(1577520931.191:853): pid=21091 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir643497950/syzkaller.E8iwYA/264/file0/file0" dev="loop1" ino=590 res=1 [ 1315.535643][ T27] audit: type=1804 audit(1577520931.241:854): pid=21106 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir643497950/syzkaller.E8iwYA/264/file0/file0" dev="loop1" ino=590 res=1 [ 1315.570031][T21091] FAT-fs (loop1): error, fat_get_cluster: invalid cluster chain (i_pos 17) 08:15:31 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000004000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) r3 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000100)='/proc/capi/capi20ncci\x00', 0x1, 0x0) ioctl$RTC_PLL_GET(r3, 0x80207011, &(0x7f0000000140)) ioctl$KVM_GET_XCRS(0xffffffffffffffff, 0x8188aea6, &(0x7f0000000000)=ANY=[@ANYBLOB="010002d59400000500ade76e876e03c8cc0000"]) r4 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/pfkey\x00', 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x552, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, r4}, 0x78) r5 = openat(r4, &(0x7f0000000040)='./file0\x00', 0x44700, 0x339a75096a20f3db) ioctl$NBD_SET_SIZE(r5, 0xab02, 0x8) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 1315.605575][T21091] FAT-fs (loop1): Filesystem has been set read-only [ 1315.612723][T21091] FAT-fs (loop1): error, fat_get_cluster: invalid cluster chain (i_pos 17) 08:15:31 executing program 2: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000000580)={0x2, 0x4e20, @dev}, 0x10) connect$inet(r0, &(0x7f0000ccb000)={0x2, 0x4e20}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x1, 0x3, &(0x7f0000000100)=ANY=[@ANYBLOB="180000000300000000000000000000009500020000000000"], &(0x7f00002bf000)='syzkaller\x00', 0x1, 0xb7, &(0x7f0000000440)=""/183}, 0x48) r1 = socket$kcm(0x29, 0x1000000000002, 0x0) write$binfmt_aout(r0, &(0x7f0000000040)=ANY=[@ANYRES64], 0x8) socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCADDRT(r2, 0x890b, &(0x7f0000000180)={0x0, @generic={0x5, "2fbe0673c9e2061316a397cee4e6"}, @generic={0x8, "481a31a18e5e8549c5c4a80e6be6"}, @tipc=@id={0x1e, 0x3, 0x1, {0x4e20}}, 0x2, 0x0, 0x0, 0x0, 0x1, &(0x7f0000000140)='gretap0\x00', 0x0, 0x1, 0x80}) ioctl$sock_kcm_SIOCKCMATTACH(0xffffffffffffffff, 0x89e0, &(0x7f0000000080)={r0}) r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) dup2(r3, r1) 08:15:31 executing program 1: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r1 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_S_EXT_CTRLS(r1, 0xc0205648, &(0x7f0000000080)={0x0, 0x7}) ioctl$VIDIOC_S_EXT_CTRLS(r1, 0xc0205648, &(0x7f0000000180)={0x1f40fffe, 0x4, 0x61e, r0, 0x0, &(0x7f0000000000)={0x1aa199f, 0x8, [], @ptr=0x6}}) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, r2, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78) setsockopt$inet_mreqsrc(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) fchdir(r0) r3 = open(&(0x7f0000000100)='./file0\x00', 0x40c2, 0x40) r4 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) r5 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/pfkey\x00', 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x552, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, r5}, 0x78) ioctl$ASHMEM_GET_SIZE(r5, 0x7704, 0x0) write(r3, &(0x7f0000000600)="34fd98aa1d0e7adec937a5f331a75f487934f50242a0751944936972896c29a5068c8ecba1aa0a4e2a631b5180e1fbde79f4502dc4c4a1fba9dcd9ed83e639aefa1b87631c33d1a82cb0c0035676ddfeb0fe7984d7519b0f839d497fc9d64ef14d1de22220ff2623df4950134b9fb734a52adad95f131cce3672a9d7d7b400d2c62810b5f20351639330948107bf8d4534a03ac389455c54d8eb4d609b3e858b7213b38eb01f0eeaba3739ae927916e28da6a79a3fd5e32d30ab30bf959d4596e5ffbff6789a650b9e7d248d1ba849012336a4f3ef8fab07a8f5b81bb0bc45b2174538315ca12b7c723b2157562564a8a1f19d28179f8c565448e0e921b8c3e6fc4adaafa8b929ad077f633325b6a6f71a586cabc4883e03e19315f946b277858593a7367e232202fe9ad656c6768a1517da7f0498b48cb078e929fb11db0cc551f754bffc4859dd89a396915cc809b07d448573098409ea21371056f67ef4114ec10547f498d24513fe594308bf022868ad21e85bba811942fdc45161a1a8a7fe00d5c6b05ed7954f631bbd12a5c9a5cfa5965e0595de608b04ebe02b3fcbf3b9f57807a1a7ad8528992e2ec65949da2f4a0478dfd3ae52639c15d8aeaa351da6d393b58c772168fae604d097fef4d6b9360eb169a0b0ee70cdc22435a003e68698f61b3b63b1f51011bc8f4ef944c1de821785f670124a1c6ed18335d63412", 0x200) sendfile(r3, r4, 0x0, 0x7fffffa7) r6 = open(&(0x7f0000000040)='./file0\x00', 0x141042, 0x0) sendfile(r6, r3, 0x0, 0xffffffff) 08:15:31 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x196, 0x0, 0x0, 0x0) ioctl$VIDIOC_SUBDEV_G_DV_TIMINGS(r0, 0xc0845658, &(0x7f00000000c0)={0x0, @bt={0x1, 0x84, 0x0, 0x1, 0x6, 0x8, 0x9, 0xffff, 0x0, 0xfa41, 0x7, 0x7, 0xffffffb8, 0x1ff, 0xb, 0x1, {0xfffffc00, 0x5}, 0x1, 0x1}}) write$FUSE_INIT(0xffffffffffffffff, &(0x7f0000000040)={0x50, 0xfffffffffffffffe, 0x5, {0x7, 0x1f, 0x7, 0x200a131, 0x1ff, 0x2, 0xcef8, 0x8}}, 0x50) r3 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/pfkey\x00', 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x552, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, r3}, 0x78) sendmsg$nfc_llcp(r3, &(0x7f0000001980)={&(0x7f00000001c0)={0x27, 0x1, 0x1, 0x4, 0x81, 0x1, "b528f4986a007773b52bade09c63c498e034385ccd6dd396d9bd1048e92b307c24d2e0b81b068bdd549d96e52849d06ae1227023df4946d3c7d880cb3fa13b", 0x3a}, 0x60, &(0x7f0000001780)=[{&(0x7f0000000240)="518fb1ec86f6afdad4ceb5d21fa8a482f56fc7aba29cd761b9d302b1319c036007c4fcbdd0fb7de85059e7d9f9e8dfd382c091b35d30ab33e3a2dc747270d7435b52d3020333403ea07e4c710f7708559520ddfa9fb84a607721a00722338b450dd22c377bf3eefe9d318842539abdd4211ab4ece3f7fdd824af2efa56c5006254a595cc35e5bdc16a92231aca537a67de5b64c26cd9e72702", 0x99}, {&(0x7f0000000300)="3d99a0b4af24a8587eb89b80cf1d6de00fbfbd805c3064bfd3048b4949baf1811b8ad7c358148c6dc774c001", 0x2c}, {&(0x7f0000000340)="b01ab7c29c244a7280b58e62feaebc177aab1b2f4c9636a2056d891ca3d3e5c383a9969369907358668843d8ac2c2b81cd017b33fb1006e4f3d277e9996dec8de5a5461a20f29490c60ceca0441f423bfdac99541dab592c6886a127f27aeac9d682342ce1807f547a279b562a3f247e5d192150b05f493d", 0x78}, {&(0x7f0000000440)="53cd02613fd554cab5c1ed6c7b53450d6edf4e792dbbaf3cb1cb00215dc9188affbd1e4f7827258533794c5634cc5850a64c2896d304460fcb63bdd26794c2ca7b7a2c48a4c9410fcc0a16205fad6ce31d1bf1a091b51f35eba336c79ad1cddb9fb1bab0b18a8d0f286c90fadf1c7f98367dcaa88917c3fd5b9915f0427a35a0fdc8ab4f9d366d4bcee2bc0d247d52b0ba5c0944ea59998bb7cb333546257dcbbe4574c4584be7996d410ea9783a0523f1cb12012e473a51b847f1e4cb3524297c87dcc43a6cc8ac681b124f03e81187a0dd31d7ed04585b71c8008ef7545fed20", 0xe1}, {&(0x7f0000000540)="af0e948656646595845ce4ab7408aa95f155b4d6d2c2c7a8c824e508bec64d1f6ec530e0f9d07c9fea792d9a0f22ef77eb4916f56407509f590149f4e742ad034c4c6354bfa63ac8cd0065efebb8912000aac428e63b3e491404c8d639f6a50f6fcded25e24e234f86c5c56dfd5f1d08bc17391952275dea2362e1ad22be993d11a12c278b80c413c23a89173b17d35ab7d4be1955363fbd315a0f6e96d3af52ebddb180d17cb4c9dd257232792178d949f4fc6dad238751da59620f7224ef2c5eb5ad13f2952698f7b3ff65f2c10333f095e5874d1c65b601f7f2a1a4c0e87fe13d07f7d1147756a39f3ab0", 0xec}, {&(0x7f0000000640)="ce4555f79f6fc12f9fbccb5dd189114da98708bc1bf79512720fade2c2ebcf95b8675a2ac3d3ed9b089bf2e5004e47ee6e199aeb474062351f0f5068bdb4eaf1cfed6f4064dc09d76093bcf016337d0f7c5c908f3116569be16666eee9380685e801f8e5b8716a00673154a18de165a25bf783def00a66ba92c43ca01e00791b246d88ee3dd54297619e8da7183affc05cde11e2eeda4094d83d686f4f8c7037c7f9c1deddf38ca221dcdac488d559664c82dc5af292a28d738a8aabb5bbbe6a825731ec7de38f4f1c5e9fefedada56a1ca28b03c877c443e6ff463d802a63c581e17eea99b7295dc169c58e9f17ac71b5bd7da50ef4de1645d3808f291f6f687297a53a6291e605bad0d94037781d15df05b3a1c5812bce541c0e7b172e92563803219374e62bca59988d78a0075f93ed034ef39705e1961442a116d6cc60491cb553eba38f31460155347ae44591ae2b3bb51ba97fef58db49a44491f46555fd81b4ec00f917e59335c5530fc3d9f334f7967f3b1cd70085c315ff15968cfa94b0ac5ab0b3d10f83b7a9445ee54d9989e99e69e70e52e182dacb28b73b2a76aba5f50746f52bdfedda865c5792397484135c169d842e546f2242caaf40677a67f64604412dd1eba2775260e5ac60ced94f4556cecb07dfd5e1230ced4ccaae2734dba456f0d5af6649e0f35f3fc4a0d7220ea676197b3d20fbf2ddcab6ea0728897c96fa44339b48a0e2ef26fdcec1544f48260cdf46b0e2df420bb959f1f75fd401204ee8097ca8ad7f1eee3c1ebfb4edb13586090cc3c20c98f26b610b938483e9d641b46b98970c3542bb97b4e02b59bd4bbdb70787eaa090e4edaa8660f48132548b6aaf8f15a6a676cea2420edc053dcfe3960c8af54018883edf58915a8f215a5229b8df9c77a9164e5d84fa132e9bf49a13e9f11ed41f67f948d61c86f9290245f1e6b3743fcbe25c344aa6d33c35261d9d910c4653c970955e1721757cf8148708849585c3c3d0ac14e3c272ebd5370ea7e864b0de1870605fc8843c623e832c1063687d63893c47ec0c268d3816ca7f9684aeeccfb9307fcf778b999900ec9902bc9d1afbc07bb2241d368904e46e299cd1a725d24c98aae5675019853bc60a9c2e620f81cf2fb85fc40d9aead8ca98132cef7befea004951019fa033d84aecb067cd2c889b370a18d3c0510228f7ca1fcbb06b189b5e612a002677d09420dda4bdc158c4e0c85d0bc06665a722f7d6b63803ab2422bda461f87a12fe99b1b60e61652282b9b88f9e724695a983b95f34bfcd223d8e80e2afa7a0b0671a3f83cc5aeb47524e04ac8af702573c15d282354ac1fc19835cd6c189472887283520348324420ca7d8336f524c180cfc34315f0809589bc3d966380f77721e4686ebe0b76b1b59227655aef9516edacc25917ff2e543488b40777163b8cc823f5dc0aa767288722c10c2b843fb9ff6af9d70c7572cbf5cc56fbc199f852dd009259cfb88741e773332450ab341a05edc0991117b0444338ebd7c830eeb42768f2eba6ec292395ce24a3f0ef1d9c2afd94e6468ed87c91f6565eef41ffb4acd98223bfeba14514e07c25b30ec5475c0f7a1ff23559fa19ad09a214e021f3b67c871dfdf33e1b12b4310fac320ad67c3331fbbc3d12472bb74241a9b31f6c97e7fc46dcbcc56d957804917978fd2fa6db2d7f78a54458bd7373caf33eaec848991a03d32c45f67a28f51ff19d0664c66570bcc2dbe78655a94e6b78c00acdb3a664f5dea3fa48102b21137eb3322a60e12e099d4d1d5403bc01bbf2ccb804a97dd1116783267240f2be774c11836f401a95dfa51b7bcc652e3c26fdadab978970b37a5f45cdcf0832d71849fdc1170020717cd845f385236e794910d8ff0a3dee1081af47af867cd6fd5aa89aa9b2458400ec43f1caf62f28c6219b69a8b72c29b725020050782899a18890b2ba9ff2e3cc2bf0da5e0e69de7b1a7c28005dab186013e2e86642071ca88f9e55c9c0a133161850bcfafd09c2b8c61fb63c1e13f0d20d02390feac0df27f3ded5b82f8f1764ae4397c376f74b5e17318be07a38f8d8f7cb44bac096c9f94476f995094a781685776367083896034b2f893e264e6180e1a2d92e1fa1e1324842ad296555ef3c5831cb761e10f8295c0de8be389c04d96adf3bf18288f3f6ca6b62f22bc5f6a604761392e80a86c02a8fe0941be1c37c9917d76f9c86d2a1731c126f3c574cb3d96aefeb578b35d93aa93174f30b788f2f784ef7a9274ad3d428b5ffdca6f0473880cdabe41f30de7470d41761d64b501b93ab2a4228e034f1b5db1398221600b3aa74dc56448f95632289158790953d8bd4881c4571ad02cbc5b032164b6ba1813ba33ca98af2e470c07d19e139942eccf489e090bb3e66a9b53d42570ba8d7188bdab591d1172e1745de9a5509113b1499f4dcd8576361112606c34c79b308cb3d153ec47d907c1e24a8fd5b75c1860488b57e79bc7995af8d3a6faa69805d3d1ec51059c6f432ebfb6219b14d52360914f7390b861599a2c50b186503c97452001384bf060cbef9f91a2b3ac4e00a7920bc0a1d010fa6c1b786556a7162803f650f5db535c53e2a3316e012d2bc32927d5537fb82ac5957fddb6bd5d439721c7c95a30b553906c690d0ba995a8811becba73fecd6dda82a960443578c6c2b05371f778f705507229f6172ad18d58050097843d4991ba7df60e3a025b8120205c1d81d3fb3fae613a4c4ba70046bfd50c8eb39b970885d8d0b6a3f6f653a8062bebf700fb9816002135df46e70c2dde928ec52ee3b82afced9f06e9d48c54d3bfef7f346b6d27ded4936546e54e9c6fbb3936745d116201a63fe799e8e8bd9e6c173a2884c653fb565b948739b4b8d6f761ebfe128fee801c1a391a8c8a1f089a0d87e2056e43cdb2ea575515ddcc14f96bad41b890f4125e39e1365a2db6571dc87b442b3045ad65ae5bc93cbf2443318931f0fa6780d80d75c7c35f20f14746df36358e3abf86740ac0407dabd9441587e283bff5c037239930c8090008c87c25e8f4a63a708281b2a10352af90542dc96abfe6221c81344fe9dc9e9dcbefb4fe4dfcf1a62564110d5d6ab9e37318a54c971348a87cf0ed9949161705ba47e1e64cf58ea5efcce5112cc05bac556241dd90198ffee7325dd36f616847176786df532976dc0e5c257ef87ff22764121c41b3d74e3b9ae439d8b4cafda066b029ef03ce238b586e0978ddfa332ad58de60a2146dc6a31ef4e2a800542c7264193a2bb090f857062de05c08aaca03c69a7e7da0d593c7f552d1e1e1ef0466a7fe54d58f41bbf51d75cee0e9993738efee275b0160bc58b3d800ba901624293f52f838fce5f3d95408f2e11dc9983818296b970ef97e8d4ecd62591117c15f0f9464ed3d2e38ae460c9c54cdd1609a89bd43dc7b904a0a68cfbe60948197bb387a423a5be1c3a04c0b3a251170862c6f2c4077d0527b63ca441c7cabbad51053be1ff7c4d67d915e6fef843dfbe9920a60155e51a626928982d2a47a5861d5ca8d33856871ee070102875fd41eec04d18fe0a1d9dbb3059056a5f8053011348c12f9d15af17fc9dd430857fb511bc75733edc8a9bd6a8642824ac6ed44edb310078dd0b1cdef36a53252d7168116fa5b8cf59d19ec139825d02e4ee94160074fc58271b467a801a53e89365036d8db626b91cc2b6067dc0f8164387f7825111fa161c9e34dd5fc0e1981593e3b51a188a571a81a15d4ebeb15ac9499d67b88b1b901d9c755edab586d72d7ba7ef4929ea65f48f8c63d79d4399aafca70acc60c6634f81f2ea494e0b3b56b045083ebee511d6139f269c1312357b66b037faa90cd2fb3c0c3fe73db0af0207476786961ac3c4823b432711387f2ec04ce0c7629dccea498c54d3ebaa4bce2d9955177189723df83da93b62a55f11529cdeb9b001164b070e43e0946b12c8c93937742bed0dc7b15e5893ed8a6e7a9b97bacc04575a8ad21941c6754a3a516cca80a33d72de09f69b1ac525c826958fdaaf29d62b982382477bd096a7dbfb64e1bc7b12903e0cff6a811464542b9d5d62a4d33ddf15bdebe5425febc970f33eba2257def80537637a9f0f4f0f0c191ad5aadb5bac2d13239127cdb19cb71b53f53ea32233026b2bf5b1de30e2a5f54c6bed5ac90f37bde8ab4cb4aff931a844901b99ca433b14668db77587ce17e45712879b34ed68a0a473dcbbdca3414657ff34b97d3fc642ebd3f414d413d64013845d5880dc68969766c62887dafecc0bd655886236da94a44e2dfa5fe79054174714089e15ad18fc1478aefb1547b0285afea5ac740894512fc58084d632dc84778a3cb00dec8a1518386d7aec82b1595a31da7305ac3fa435826a5fa37481f6f3e7dd4c10ab3591157c8bd54d3d24d67e9bfd41d536b5c03d78d5d501065c4e65f4043c412d53bb16661fe995d9ab526f1f19477bbca059c18ea6881076dfc88c96535857d51153416d0962743d7e812c4450942b05feb2e5cba92bb381a6b06af6b2a07a5a1eb1a576cc3119750bf9baf8a480822bf974ef280cadc53db9a0c6e12d94e160da4843ed77561fe4aac70d2da0268b08ea4202c19b6d376c8ae4bfb8bfd40d5d63b849aea99bab4151e702ce8642e5d0f822fa3e636b2185fa7416a3b64ec6865c868e987b059a3d409a2085d3eeafecc0b722b18bc03191ad616055a7b17f7045a19117023033d83924ebfe205773d16fc6584049a6fa1a43fd392193783ff0f6ccf8086e14aa71a21b4c0a5867bf4ea3723a50de30355f8fc0b4384bff58213ec3041e0d40e7c9d09586da1ff14a09deb114aa54a9570f74430d3b2370a1068fb99a8804f0c262e2aa4930d4c63661ccad6e0692d28909cc5830551b7c2c4e88462db5615106aee5876ce60942de865a8833b9db205db7d36e9d8d3683964016dfb64f14d61eb97c74c21dc0259a18c355e7533c876238fe8072e8894c549f2c7b69cf72372453c0802263daf2d77888586a27df8c41a08ebdd55c979679a3b9a36eaeed5d9dcac98b90b06ef98adaece93d041f491c7f955322bcb9c1564f913394de8e2e0178e9ad961ad2e778c15b1895a5eb150674ecbe81437ffdbf0a68d68c80c724a4c7261953c283ca52d39444f9f36855a5ff89e93054a96e14d74bb8eae94cf478e687eabf59e5c007ed726d8884a2e372c44d4820c28a2cded41ef7ea8225402c0868ce74e8ae291de1abc43b05e7a7644459d691267ce4716bf2e129f9dce010aedf4af32e97f1b2e10ec6be038b625762fd4b7b71234b70314270ef52a270f9090a428db7d5b2403699d86e5cd7244cfd82080b157518faab6c04c2f1b6b0c4e0ba2bc5c27cb4525351124613fb26b8ca032b76d503544df62a2ece3659f8014c9a48b679dd1ac27318a9cc7b5cb39b576a906cbd444f59652330d7b55a3f2ec746a280c2e345c9409293f52f4bc69b8c5da86555eee045db79a4c63f419657585cee8c088564cdb82d6214f0ece9a99f3b3dbd09114a50ae5a23dd74f80293e699a96e0342585bd48f6e6976aa7e852648e840660b64304d8e03848ab4d6bcace939464119fefe4e9a773733281f5b6f06a2f00860ee1914ada3cca91a92190760a5e0ea8d3c3315de2d32072a113fa06e94833e2df012f0a512e4cb43722c28f883259b636d544fe3561b44fcfa7f6e4d177db02776b8cfef3460724c9a862fa8cb38dfdbac79c758da0a55c43fba9139eb81e03ea902da997fc8a86401d49e517011", 0x1000}, {&(0x7f0000001640)="dba77e5ee8a957b7b0d5bb37d6ecfd735ad852cef8e0527a6d17cb2cae2de2de681cba0b83133cbd782c47b88b090f37e4f6bcfb6367676f195c0c800b4048c659ce34e3cba5cb8336e615324b239fff08875c9c11024d89b4732acbed2b029b253d989827fcbe15822839bb6528c499a8ec08244cf7a5acf66ed3de02124e84268b6523a96fa0bb4aa86a6a7cc53ed908662527f7ff58cce682895a6573d2b2c2ae58a69635ffbf91a3f090f98a59a2137fcec9177ffba2f8c78a2eed68ff35dd845e2e9786afb5377a701945b0c841427247ced840842803e83dc1ff2bda4558", 0xe1}, {&(0x7f00000003c0)="39481ab1dedf0539f1b5c44d186ca881d4e636d4ee9adc2c1919d1f18b11a05882530bbc64d2e9cde134", 0x2a}, {&(0x7f0000001740)="1e186eb08b1a50c0ba1748eeab9e3ea9f3b1c0", 0x13}], 0x9, &(0x7f0000001840)={0x110, 0x8a, 0x4f4, "3ac4019e32580c7b08be618b3509030f5e8e203a1d8783550e9595bc83fc021a259ecdcfd12ecbac283e6172203028186db5e9e01e049789327b5c00486e6f4d823becdcc8cbba7e486d8eda3a80fd5497be413854163934f1f3935f9f302b63ea05f814a696f673022a0c9236c83917e4e9026b22bf466376be23611cd2351a8f3792a62b4c5f943ce2b477a3ed373fc1fd81c940afcb94f9cc2f826b88e2b84c5c6b6220b3b75a5fafc690dde97e01015fe0970a8a2dca5f1af359050760d453da34b83f84e6247ff1f763f799db89fef875745d2e5f6b4609e4e130248523c5c637e45d550f6845a21ed8f77433b2ac8599bf0ed295f91622570e98"}, 0x110, 0x10}, 0x0) ioctl$KVM_GET_XCRS(0xffffffffffffffff, 0x8188aea6, &(0x7f0000000000)=ANY=[@ANYBLOB="010002d59400000500ade76e876e03c8cc0000"]) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 1316.011265][ T27] audit: type=1800 audit(1577520931.741:855): pid=21130 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="file0" dev="loop1" ino=591 res=0 [ 1316.047877][ T27] audit: type=1804 audit(1577520931.781:856): pid=21130 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir643497950/syzkaller.E8iwYA/265/file0/file0" dev="loop1" ino=591 res=1 08:15:31 executing program 3: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x552, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78) setsockopt$inet_mreqsrc(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000100)='./file0\x00', 0x40c2, 0x40) r2 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) write(r1, &(0x7f0000000600)="34fd98aa1d0e7adec937a5f331a75f487934f50242a0751944936972896c29a5068c8ecba1aa0a4e2a631b5180e1fbde79f4502dc4c4a1fba9dcd9ed83e639aefa1b87631c33d1a82cb0c0035676ddfeb0fe7984d7519b0f839d497fc9d64ef14d1de22220ff2623df4950134b9fb734a52adad95f131cce3672a9d7d7b400d2c62810b5f20351639330948107bf8d4534a03ac389455c54d8eb4d609b3e858b7213b38eb01f0eeaba3739ae927916e28da6a79a3fd5e32d30ab30bf959d4596e5ffbff6789a650b9e7d248d1ba849012336a4f3ef8fab07a8f5b81bb0bc45b2174538315ca12b7c723b2157562564a8a1f19d28179f8c565448e0e921b8c3e6fc4adaafa8b929ad077f633325b6a6f71a586cabc4883e03e19315f946b277858593a7367e232202fe9ad656c6768a1517da7f0498b48cb078e929fb11db0cc551f754bffc4859dd89a396915cc809b07d448573098409ea21371056f67ef4114ec10547f498d24513fe594308bf022868ad21e85bba811942fdc45161a1a8a7fe00d5c6b05ed7954f631bbd12a5c9a5cfa5965e0595de608b04ebe02b3fcbf3b9f57807a1a7ad8528992e2ec65949da2f4a0478dfd3ae52639c15d8aeaa351da6d393b58c772168fae604d097fef4d6b9360eb169a0b0ee70cdc22435a003e68698f61b3b63b1f51011bc8f4ef944c1de821785f670124a1c6ed18335d63412", 0x200) sendfile(r1, r2, 0x0, 0x7fffffa7) r3 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000180)='IPVS\x00') sendmsg$IPVS_CMD_ZERO(r0, &(0x7f0000000240)={&(0x7f0000000000), 0xc, &(0x7f00000001c0)={&(0x7f0000000300)={0xe8, r3, 0x200, 0x70bd29, 0x25dfdbfb, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x8}, @IPVS_CMD_ATTR_DEST={0x3c, 0x2, [@IPVS_DEST_ATTR_FWD_METHOD={0x8, 0x3, 0x1}, @IPVS_DEST_ATTR_FWD_METHOD={0x8, 0x3, 0x2}, @IPVS_DEST_ATTR_L_THRESH={0x8, 0x6, 0xfffffc00}, @IPVS_DEST_ATTR_WEIGHT={0x8, 0x4, 0x37a5}, @IPVS_DEST_ATTR_ACTIVE_CONNS={0x8, 0x7, 0x10000000}, @IPVS_DEST_ATTR_PERSIST_CONNS={0x8, 0x9, 0x7}, @IPVS_DEST_ATTR_U_THRESH={0x8, 0x5, 0x51}]}, @IPVS_CMD_ATTR_DEST={0xc, 0x2, [@IPVS_DEST_ATTR_ADDR_FAMILY={0x8, 0xb, 0xa}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8}, @IPVS_CMD_ATTR_DEST={0xc, 0x2, [@IPVS_DEST_ATTR_TUN_PORT={0x8, 0xe, 0x4e23}]}, @IPVS_CMD_ATTR_DAEMON={0x44, 0x3, [@IPVS_DAEMON_ATTR_SYNC_ID={0x8, 0x3, 0x3}, @IPVS_DAEMON_ATTR_MCAST_GROUP6={0x14, 0x6, @mcast1}, @IPVS_DAEMON_ATTR_STATE={0x8, 0x1, 0x3}, @IPVS_DAEMON_ATTR_MCAST_GROUP6={0x14, 0x6, @dev={0xfe, 0x80, [], 0x18}}, @IPVS_DAEMON_ATTR_STATE={0x8, 0x1, 0x7}]}, @IPVS_CMD_ATTR_SERVICE={0x1c, 0x1, [@IPVS_SVC_ATTR_FWMARK={0x8}, @IPVS_SVC_ATTR_PROTOCOL={0x8}, @IPVS_SVC_ATTR_PORT={0x8, 0x4, 0x4e24}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0xd8}]}, 0xe8}, 0x1, 0x0, 0x0, 0x10}, 0x34fd7d7ac96604a9) r4 = open(&(0x7f0000000040)='./file0\x00', 0x141042, 0x0) sendfile(r4, r1, 0x0, 0xffffffff) [ 1316.138717][ T27] audit: type=1804 audit(1577520931.871:857): pid=21139 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir643497950/syzkaller.E8iwYA/265/file0/file0" dev="loop1" ino=591 res=1 08:15:32 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r3 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/pfkey\x00', 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0xffffffffffffffc3, 0x10, 0x0, 0x0, 0x0, r3}, 0x78) ioctl$VT_SETMODE(r3, 0x5602, &(0x7f0000000040)={0x8, 0xd3, 0x2, 0xf001, 0x6}) ioctl$VT_RESIZEX(r3, 0x560a, &(0x7f0000000100)={0x9, 0x2, 0x8, 0x9, 0x7, 0x9}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0xfffffffffffffd75, 0x0, 0x0, 0x0) ioctl$KVM_GET_XCRS(0xffffffffffffffff, 0x8188aea6, &(0x7f0000000000)=ANY=[@ANYBLOB="010002d59400000500ade76e876e03c8cc0000"]) ioctl$KVM_RUN(r2, 0xae80, 0x0) r4 = openat$null(0xffffffffffffff9c, &(0x7f0000000140)='/dev/null\x00', 0xa84000, 0x0) ioctl$TUNSETCARRIER(r4, 0x400454e2, &(0x7f00000001c0)=0x1) ioctl$VIDIOC_RESERVED(r3, 0x5601, 0x0) [ 1316.315495][ T27] audit: type=1800 audit(1577520932.041:858): pid=21146 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.3" name="file0" dev="sda1" ino=16683 res=0 [ 1316.427690][ T27] audit: type=1804 audit(1577520932.111:859): pid=21146 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir040667840/syzkaller.2WQcgv/167/file0/file0" dev="sda1" ino=16683 res=1 [ 1316.478123][ T27] audit: type=1804 audit(1577520932.211:860): pid=21146 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.3" name="/root/syzkaller-testdir040667840/syzkaller.2WQcgv/167/file0/file0" dev="sda1" ino=16683 res=1 [ 1316.759861][ T27] audit: type=1804 audit(1577520932.491:861): pid=21139 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir643497950/syzkaller.E8iwYA/265/file0/file0" dev="loop1" ino=591 res=1 08:15:38 executing program 0: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(r0, 0x40086602, 0x400007) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) bpf$MAP_CREATE(0x0, 0x0, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0x32600) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r1, &(0x7f0000000000)=ANY=[@ANYBLOB], 0xda00) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000080)='cpu.stat\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x7fff}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffc}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) write$cgroup_int(r2, &(0x7f0000000200), 0x43400) ioctl$PERF_EVENT_IOC_MODIFY_ATTRIBUTES(r1, 0x4008240b, &(0x7f0000000280)={0x0, 0x70, 0xff, 0x1, 0x0, 0x3, 0x0, 0x100000000, 0xc17d06253f1d94fb, 0x2, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x8000, 0x4, @perf_config_ext={0x4, 0x1f}, 0x800, 0x8239, 0x7fff, 0x1, 0x1000, 0x9, 0x7}) 08:15:38 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x196, 0x0, 0x0, 0x0) r3 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/pfkey\x00', 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x552, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, r3}, 0x78) ioctl$KVM_GET_XCRS(r3, 0x8188aea6, &(0x7f0000000000)=ANY=[@ANYBLOB="010002d59400000500ade76e876e03c8cc0000"]) ioctl$KVM_RUN(r2, 0xae80, 0x0) 08:15:38 executing program 2: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x552, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78) setsockopt$inet_mreqsrc(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000100)='./file0\x00', 0x40c2, 0x40) r2 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) write(r1, &(0x7f0000000600)="34fd98aa1d0e7adec937a5f331a75f487934f50242a0751944936972896c29a5068c8ecba1aa0a4e2a631b5180e1fbde79f4502dc4c4a1fba9dcd9ed83e639aefa1b87631c33d1a82cb0c0035676ddfeb0fe7984d7519b0f839d497fc9d64ef14d1de22220ff2623df4950134b9fb734a52adad95f131cce3672a9d7d7b400d2c62810b5f20351639330948107bf8d4534a03ac389455c54d8eb4d609b3e858b7213b38eb01f0eeaba3739ae927916e28da6a79a3fd5e32d30ab30bf959d4596e5ffbff6789a650b9e7d248d1ba849012336a4f3ef8fab07a8f5b81bb0bc45b2174538315ca12b7c723b2157562564a8a1f19d28179f8c565448e0e921b8c3e6fc4adaafa8b929ad077f633325b6a6f71a586cabc4883e03e19315f946b277858593a7367e232202fe9ad656c6768a1517da7f0498b48cb078e929fb11db0cc551f754bffc4859dd89a396915cc809b07d448573098409ea21371056f67ef4114ec10547f498d24513fe594308bf022868ad21e85bba811942fdc45161a1a8a7fe00d5c6b05ed7954f631bbd12a5c9a5cfa5965e0595de608b04ebe02b3fcbf3b9f57807a1a7ad8528992e2ec65949da2f4a0478dfd3ae52639c15d8aeaa351da6d393b58c772168fae604d097fef4d6b9360eb169a0b0ee70cdc22435a003e68698f61b3b63b1f51011bc8f4ef944c1de821785f670124a1c6ed18335d63412", 0x200) sendfile(r1, r2, 0x0, 0x7fffffa7) r3 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000180)='IPVS\x00') sendmsg$IPVS_CMD_ZERO(r0, &(0x7f0000000240)={&(0x7f0000000000), 0xc, &(0x7f00000001c0)={&(0x7f0000000300)={0xe8, r3, 0x200, 0x70bd29, 0x25dfdbfb, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x8}, @IPVS_CMD_ATTR_DEST={0x3c, 0x2, [@IPVS_DEST_ATTR_FWD_METHOD={0x8, 0x3, 0x1}, @IPVS_DEST_ATTR_FWD_METHOD={0x8, 0x3, 0x2}, @IPVS_DEST_ATTR_L_THRESH={0x8, 0x6, 0xfffffc00}, @IPVS_DEST_ATTR_WEIGHT={0x8, 0x4, 0x37a5}, @IPVS_DEST_ATTR_ACTIVE_CONNS={0x8, 0x7, 0x10000000}, @IPVS_DEST_ATTR_PERSIST_CONNS={0x8, 0x9, 0x7}, @IPVS_DEST_ATTR_U_THRESH={0x8, 0x5, 0x51}]}, @IPVS_CMD_ATTR_DEST={0xc, 0x2, [@IPVS_DEST_ATTR_ADDR_FAMILY={0x8, 0xb, 0xa}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8}, @IPVS_CMD_ATTR_DEST={0xc, 0x2, [@IPVS_DEST_ATTR_TUN_PORT={0x8, 0xe, 0x4e23}]}, @IPVS_CMD_ATTR_DAEMON={0x44, 0x3, [@IPVS_DAEMON_ATTR_SYNC_ID={0x8, 0x3, 0x3}, @IPVS_DAEMON_ATTR_MCAST_GROUP6={0x14, 0x6, @mcast1}, @IPVS_DAEMON_ATTR_STATE={0x8, 0x1, 0x3}, @IPVS_DAEMON_ATTR_MCAST_GROUP6={0x14, 0x6, @dev={0xfe, 0x80, [], 0x18}}, @IPVS_DAEMON_ATTR_STATE={0x8, 0x1, 0x7}]}, @IPVS_CMD_ATTR_SERVICE={0x1c, 0x1, [@IPVS_SVC_ATTR_FWMARK={0x8}, @IPVS_SVC_ATTR_PROTOCOL={0x8}, @IPVS_SVC_ATTR_PORT={0x8, 0x4, 0x4e24}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0xd8}]}, 0xe8}, 0x1, 0x0, 0x0, 0x10}, 0x34fd7d7ac96604a9) r4 = open(&(0x7f0000000040)='./file0\x00', 0x141042, 0x0) sendfile(r4, r1, 0x0, 0xffffffff) 08:15:38 executing program 1: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000200)='./file0\x00', 0xa0100, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x552, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78) mount$bpf(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000180)='bpf\x00', 0x40, &(0x7f0000000300)={[{@mode={'mode', 0x3d, 0x6}}, {@mode={'mode', 0x3d, 0x8}}, {@mode={'mode'}}, {@mode={'mode', 0x3d, 0x5a2}}, {@mode={'mode', 0x3d, 0xfffffffffffff0b3}}, {@mode={'mode', 0x3d, 0x69}}], [{@seclabel='seclabel'}]}) setsockopt$inet_mreqsrc(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) r1 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/dlm_plock\x00', 0x44d76661a729da99, 0x0) ioctl$SOUND_MIXER_READ_CAPS(r1, 0x80044dfc, &(0x7f0000000240)) sync() fchdir(r0) r2 = open(&(0x7f0000000100)='./file0\x00', 0x40c2, 0x40) r3 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) write(r2, &(0x7f0000000600)="34fd98aa1d0e7adec937a5f331a75f487934f50242a0751944936972896c29a5068c8ecba1aa0a4e2a631b5180e1fbde79f4502dc4c4a1fba9dcd9ed83e639aefa1b87631c33d1a82cb0c0035676ddfeb0fe7984d7519b0f839d497fc9d64ef14d1de22220ff2623df4950134b9fb734a52adad95f131cce3672a9d7d7b400d2c62810b5f20351639330948107bf8d4534a03ac389455c54d8eb4d609b3e858b7213b38eb01f0eeaba3739ae927916e28da6a79a3fd5e32d30ab30bf959d4596e5ffbff6789a650b9e7d248d1ba849012336a4f3ef8fab07a8f5b81bb0bc45b2174538315ca12b7c723b2157562564a8a1f19d28179f8c565448e0e921b8c3e6fc4adaafa8b929ad077f633325b6a6f71a586cabc4883e03e19315f946b277858593a7367e232202fe9ad656c6768a1517da7f0498b48cb078e929fb11db0cc551f754bffc4859dd89a396915cc809b07d448573098409ea21371056f67ef4114ec10547f498d24513fe594308bf022868ad21e85bba811942fdc45161a1a8a7fe00d5c6b05ed7954f631bbd12a5c9a5cfa5965e0595de608b04ebe02b3fcbf3b9f57807a1a7ad8528992e2ec65949da2f4a0478dfd3ae52639c15d8aeaa351da6d393b58c772168fae604d097fef4d6b9360eb169a0b0ee70cdc22435a003e68698f61b3b63b1f51011bc8f4ef944c1de821785f670124a1c6ed18335d63412", 0x200) sendfile(r2, r3, 0x0, 0x7fffffa7) r4 = open(&(0x7f0000000040)='./file0\x00', 0x141042, 0x0) sendfile(r4, r2, 0x0, 0xffffffff) 08:15:38 executing program 3: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x552, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78) setsockopt$inet_mreqsrc(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000100)='./file0\x00', 0x40c2, 0x40) r2 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) write(r1, &(0x7f0000000600)="34fd98aa1d0e7adec937a5f331a75f487934f50242a0751944936972896c29a5068c8ecba1aa0a4e2a631b5180e1fbde79f4502dc4c4a1fba9dcd9ed83e639aefa1b87631c33d1a82cb0c0035676ddfeb0fe7984d7519b0f839d497fc9d64ef14d1de22220ff2623df4950134b9fb734a52adad95f131cce3672a9d7d7b400d2c62810b5f20351639330948107bf8d4534a03ac389455c54d8eb4d609b3e858b7213b38eb01f0eeaba3739ae927916e28da6a79a3fd5e32d30ab30bf959d4596e5ffbff6789a650b9e7d248d1ba849012336a4f3ef8fab07a8f5b81bb0bc45b2174538315ca12b7c723b2157562564a8a1f19d28179f8c565448e0e921b8c3e6fc4adaafa8b929ad077f633325b6a6f71a586cabc4883e03e19315f946b277858593a7367e232202fe9ad656c6768a1517da7f0498b48cb078e929fb11db0cc551f754bffc4859dd89a396915cc809b07d448573098409ea21371056f67ef4114ec10547f498d24513fe594308bf022868ad21e85bba811942fdc45161a1a8a7fe00d5c6b05ed7954f631bbd12a5c9a5cfa5965e0595de608b04ebe02b3fcbf3b9f57807a1a7ad8528992e2ec65949da2f4a0478dfd3ae52639c15d8aeaa351da6d393b58c772168fae604d097fef4d6b9360eb169a0b0ee70cdc22435a003e68698f61b3b63b1f51011bc8f4ef944c1de821785f670124a1c6ed18335d63412", 0x200) sendfile(r1, r2, 0x0, 0x7fffffa7) r3 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000180)='IPVS\x00') sendmsg$IPVS_CMD_ZERO(r0, &(0x7f0000000240)={&(0x7f0000000000), 0xc, &(0x7f00000001c0)={&(0x7f0000000300)={0xe8, r3, 0x200, 0x70bd29, 0x25dfdbfb, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x8}, @IPVS_CMD_ATTR_DEST={0x3c, 0x2, [@IPVS_DEST_ATTR_FWD_METHOD={0x8, 0x3, 0x1}, @IPVS_DEST_ATTR_FWD_METHOD={0x8, 0x3, 0x2}, @IPVS_DEST_ATTR_L_THRESH={0x8, 0x6, 0xfffffc00}, @IPVS_DEST_ATTR_WEIGHT={0x8, 0x4, 0x37a5}, @IPVS_DEST_ATTR_ACTIVE_CONNS={0x8, 0x7, 0x10000000}, @IPVS_DEST_ATTR_PERSIST_CONNS={0x8, 0x9, 0x7}, @IPVS_DEST_ATTR_U_THRESH={0x8, 0x5, 0x51}]}, @IPVS_CMD_ATTR_DEST={0xc, 0x2, [@IPVS_DEST_ATTR_ADDR_FAMILY={0x8, 0xb, 0xa}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8}, @IPVS_CMD_ATTR_DEST={0xc, 0x2, [@IPVS_DEST_ATTR_TUN_PORT={0x8, 0xe, 0x4e23}]}, @IPVS_CMD_ATTR_DAEMON={0x44, 0x3, [@IPVS_DAEMON_ATTR_SYNC_ID={0x8, 0x3, 0x3}, @IPVS_DAEMON_ATTR_MCAST_GROUP6={0x14, 0x6, @mcast1}, @IPVS_DAEMON_ATTR_STATE={0x8, 0x1, 0x3}, @IPVS_DAEMON_ATTR_MCAST_GROUP6={0x14, 0x6, @dev={0xfe, 0x80, [], 0x18}}, @IPVS_DAEMON_ATTR_STATE={0x8, 0x1, 0x7}]}, @IPVS_CMD_ATTR_SERVICE={0x1c, 0x1, [@IPVS_SVC_ATTR_FWMARK={0x8}, @IPVS_SVC_ATTR_PROTOCOL={0x8}, @IPVS_SVC_ATTR_PORT={0x8, 0x4, 0x4e24}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0xd8}]}, 0xe8}, 0x1, 0x0, 0x0, 0x10}, 0x34fd7d7ac96604a9) r4 = open(&(0x7f0000000040)='./file0\x00', 0x141042, 0x0) sendfile(r4, r1, 0x0, 0xffffffff) 08:15:38 executing program 5: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000000)="6653070000053c07bc3376003639405cb4aed1e68f7d368b3fb62f00000000", 0x1f}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0xd, 0x0) [ 1322.524036][ T27] kauditd_printk_skb: 2 callbacks suppressed [ 1322.524054][ T27] audit: type=1800 audit(1577520938.261:864): pid=21164 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.2" name="file0" dev="sda1" ino=16693 res=0 08:15:38 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) write$smack_current(0xffffffffffffffff, &(0x7f0000000000), 0x1) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000009000/0x18000)=nil, 0x0, 0xa55, 0x9, 0x0, 0x0) ioctl$KVM_GET_XCRS(0xffffffffffffffff, 0x8188aea6, &(0x7f0000000000)=ANY=[]) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 1322.628403][ T27] audit: type=1804 audit(1577520938.361:865): pid=21164 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir048680357/syzkaller.hecpVM/327/file0" dev="sda1" ino=16693 res=1 [ 1322.682749][T21168] bpf: Bad value for 'mode' [ 1322.746957][ T27] audit: type=1804 audit(1577520938.481:866): pid=21191 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir048680357/syzkaller.hecpVM/327/file0" dev="sda1" ino=16693 res=1 08:15:38 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x196, 0x0, 0x0, 0x0) ioctl$KVM_GET_XCRS(0xffffffffffffffff, 0x8188aea6, &(0x7f0000000000)=ANY=[@ANYBLOB="010002d59400000500ade76e876e03c8cc0000"]) r3 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/pfkey\x00', 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x552, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, r3}, 0x78) r4 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/pfkey\x00', 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x552, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, r4}, 0x78) setsockopt$inet_sctp6_SCTP_RECVNXTINFO(r4, 0x84, 0x21, &(0x7f0000000100)=0x5, 0x4) r5 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/pfkey\x00', 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x552, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, r5}, 0x78) getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r5, 0x84, 0x7b, &(0x7f0000000040)={0x0, 0x7}, &(0x7f0000000080)=0x8) setsockopt$inet_sctp_SCTP_MAXSEG(r3, 0x84, 0xd, &(0x7f00000000c0)=@assoc_id=r6, 0x4) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 1322.819207][ T27] audit: type=1800 audit(1577520938.511:867): pid=21172 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.3" name="file0" dev="loop3" ino=592 res=0 [ 1322.844636][ T27] audit: type=1800 audit(1577520938.531:868): pid=21186 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="file0" dev="sda1" ino=16520 res=0 [ 1322.952641][ T27] audit: type=1804 audit(1577520938.531:869): pid=21186 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir643497950/syzkaller.E8iwYA/266/file0/file0" dev="sda1" ino=16520 res=1 08:15:38 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x196, 0x0, 0x0, 0x0) ioctl$KVM_GET_XCRS(0xffffffffffffffff, 0x8188aea6, &(0x7f0000000000)=ANY=[@ANYBLOB="010002d59400000500ade76e876e03c8cc0000"]) r3 = syz_open_dev$vcsn(&(0x7f0000000300)='/dev/vcs#\x00', 0x9, 0x1c100) setsockopt$RDS_GET_MR(r3, 0x114, 0x2, &(0x7f0000000480)={{&(0x7f0000000340)=""/154, 0x9a}, &(0x7f0000000440), 0x1}, 0x20) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 1323.085195][T21172] FAT-fs (loop3): error, fat_get_cluster: invalid cluster chain (i_pos 17) [ 1323.102354][T21172] FAT-fs (loop3): Filesystem has been set read-only [ 1323.110079][T21172] FAT-fs (loop3): error, fat_get_cluster: invalid cluster chain (i_pos 17) [ 1323.131053][ T27] audit: type=1804 audit(1577520938.611:870): pid=21172 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir040667840/syzkaller.2WQcgv/168/file0/file0" dev="loop3" ino=592 res=1 08:15:38 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x196, 0x0, 0x0, 0x0) r3 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/pfkey\x00', 0x0, 0x0) r4 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/pfkey\x00', 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x552, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, r4}, 0x78) r5 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_S_EXT_CTRLS(r5, 0xc0205648, &(0x7f0000000080)={0x0, 0x7}) ioctl$VIDIOC_PREPARE_BUF(r5, 0xc058565d, &(0x7f0000000100)={0x4, 0xa, 0x4, 0x2000, 0x4, {0x77359400}, {0x4, 0xc, 0x7f, 0x6, 0x6, 0x3f, "d7e308dd"}, 0x1, 0x4, @offset, 0x3f, 0x0, 0xffffffffffffffff}) setsockopt$inet6_group_source_req(r6, 0x29, 0x2c, &(0x7f00000001c0)={0x6, {{0xa, 0x4e22, 0x5, @dev={0xfe, 0x80, [], 0x1e}, 0x80}}, {{0xa, 0x4e22, 0x7fffffff, @empty, 0x4025}}}, 0x108) r7 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/pfkey\x00', 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x552, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, r7}, 0x78) ioctl$KVM_GET_NR_MMU_PAGES(r7, 0xae45, 0x4) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x9, r4, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, r3}, 0xfffffffffffffe82) ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_GET_XCRS(0xffffffffffffffff, 0x8188aea6, &(0x7f0000000000)=ANY=[@ANYBLOB="010002d59400000500ade76e876e03c8cc0000"]) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 1323.212113][ T27] audit: type=1804 audit(1577520938.621:871): pid=21168 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir643497950/syzkaller.E8iwYA/266/file0/file0" dev="sda1" ino=16520 res=1 08:15:39 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000000)={0x26, 'aead\x00', 0x0, 0x0, 'gcm_base(ctr(aes-aesni),ghash-generic)\x00'}, 0x58) pipe(&(0x7f0000000080)={0xffffffffffffffff}) ioctl$VIDIOC_G_STD(r1, 0x80085617, &(0x7f00000000c0)) r2 = accept4(r0, 0x0, 0x0, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000200)="ad56b6cc0400aeb995298992ea5400c2", 0x10) recvmmsg(r2, &(0x7f0000002440)=[{{0x0, 0x0, 0x0}}], 0x4d7, 0x0, 0x0) [ 1323.327525][ T27] audit: type=1804 audit(1577520938.691:872): pid=21201 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.3" name="/root/syzkaller-testdir040667840/syzkaller.2WQcgv/168/file0/file0" dev="loop3" ino=592 res=1 [ 1323.379621][T21218] bpf: Bad value for 'mode' 08:15:39 executing program 2: socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000300)=@can_newroute={0x2c, 0x18, 0x801, 0x0, 0x0, {}, [@CGW_MOD_SET={0x18, 0x4, {{{}, 0x0, 0x0, 0x0, 0x0, "2c707bf7f550f4a2"}, 0x2}}]}, 0x2c}}, 0x0) r2 = openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x0, 0x0) ioctl$UFFDIO_COPY(r2, 0xc028aa03, &(0x7f0000000040)={&(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, 0x4000}) r3 = socket(0x10, 0x80002, 0x0) sendmmsg$alg(r3, &(0x7f0000000180), 0x27a4eaa51029717, 0x0) [ 1323.432276][ T27] audit: type=1804 audit(1577520939.151:873): pid=21168 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir643497950/syzkaller.E8iwYA/266/file0/file0" dev="sda1" ino=16520 res=1 08:15:47 executing program 0: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(r0, 0x40086602, 0x400007) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) bpf$MAP_CREATE(0x0, 0x0, 0x0) write$cgroup_subtree(r1, 0x0, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r1, &(0x7f0000000000)=ANY=[@ANYBLOB], 0xda00) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000080)='cpu.stat\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x7fff}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffc}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) write$cgroup_int(r2, &(0x7f0000000200), 0x43400) ioctl$PERF_EVENT_IOC_MODIFY_ATTRIBUTES(r1, 0x4008240b, &(0x7f0000000280)={0x0, 0x70, 0xff, 0x1, 0x0, 0x3, 0x0, 0x100000000, 0xc17d06253f1d94fb, 0x2, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x8000, 0x4, @perf_config_ext={0x4, 0x1f}, 0x800, 0x8239, 0x7fff, 0x1, 0x1000, 0x9, 0x7}) 08:15:47 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$VIDIOC_TRY_EXT_CTRLS(0xffffffffffffffff, 0xc0205649, &(0x7f00000000c0)={0x980000, 0x7105, 0x8000, 0xffffffffffffffff, 0x0, &(0x7f0000000080)={0x98091d, 0x3, [], @p_u8=&(0x7f0000000040)=0x9}}) ioctl$ASHMEM_SET_PROT_MASK(r2, 0x40087705, &(0x7f0000000100)={0x4, 0x40}) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, 0x0, 0x196, 0x0, 0x0, 0x0) ioctl$KVM_GET_XCRS(0xffffffffffffffff, 0x8188aea6, &(0x7f0000000000)=ANY=[@ANYBLOB="010002d59400000500ade76e876e03c8cc0000"]) ioctl$KVM_RUN(r3, 0xae80, 0x0) 08:15:47 executing program 1: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x552, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78) setsockopt$inet_mreqsrc(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000100)='./file0\x00', 0x40c2, 0x40) r2 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) write(r1, &(0x7f0000000600)="34fd98aa1d0e7adec937a5f331a75f487934f50242a0751944936972896c29a5068c8ecba1aa0a4e2a631b5180e1fbde79f4502dc4c4a1fba9dcd9ed83e639aefa1b87631c33d1a82cb0c0035676ddfeb0fe7984d7519b0f839d497fc9d64ef14d1de22220ff2623df4950134b9fb734a52adad95f131cce3672a9d7d7b400d2c62810b5f20351639330948107bf8d4534a03ac389455c54d8eb4d609b3e858b7213b38eb01f0eeaba3739ae927916e28da6a79a3fd5e32d30ab30bf959d4596e5ffbff6789a650b9e7d248d1ba849012336a4f3ef8fab07a8f5b81bb0bc45b2174538315ca12b7c723b2157562564a8a1f19d28179f8c565448e0e921b8c3e6fc4adaafa8b929ad077f633325b6a6f71a586cabc4883e03e19315f946b277858593a7367e232202fe9ad656c6768a1517da7f0498b48cb078e929fb11db0cc551f754bffc4859dd89a396915cc809b07d448573098409ea21371056f67ef4114ec10547f498d24513fe594308bf022868ad21e85bba811942fdc45161a1a8a7fe00d5c6b05ed7954f631bbd12a5c9a5cfa5965e0595de608b04ebe02b3fcbf3b9f57807a1a7ad8528992e2ec65949da2f4a0478dfd3ae52639c15d8aeaa351da6d393b58c772168fae604d097fef4d6b9360eb169a0b0ee70cdc22435a003e68698f61b3b63b1f51011bc8f4ef944c1de821785f670124a1c6ed18335d63412", 0x200) sendfile(r1, r2, 0x0, 0x7fffffa7) r3 = open(&(0x7f0000000040)='./file0\x00', 0x141042, 0x0) r4 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/pfkey\x00', 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x552, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, r4}, 0x78) accept(r4, &(0x7f0000000180)=@x25, &(0x7f0000000000)=0x80) sendfile(r3, r1, 0x0, 0xffffffff) 08:15:47 executing program 2: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000200)='./file0\x00', 0xa0100, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x552, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78) mount$bpf(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000180)='bpf\x00', 0x40, &(0x7f0000000300)={[{@mode={'mode', 0x3d, 0x6}}, {@mode={'mode', 0x3d, 0x8}}, {@mode={'mode'}}, {@mode={'mode', 0x3d, 0x5a2}}, {@mode={'mode', 0x3d, 0xfffffffffffff0b3}}, {@mode={'mode', 0x3d, 0x69}}], [{@seclabel='seclabel'}]}) setsockopt$inet_mreqsrc(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) r1 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/dlm_plock\x00', 0x44d76661a729da99, 0x0) ioctl$SOUND_MIXER_READ_CAPS(r1, 0x80044dfc, &(0x7f0000000240)) sync() fchdir(r0) r2 = open(&(0x7f0000000100)='./file0\x00', 0x40c2, 0x40) r3 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) write(r2, &(0x7f0000000600)="34fd98aa1d0e7adec937a5f331a75f487934f50242a0751944936972896c29a5068c8ecba1aa0a4e2a631b5180e1fbde79f4502dc4c4a1fba9dcd9ed83e639aefa1b87631c33d1a82cb0c0035676ddfeb0fe7984d7519b0f839d497fc9d64ef14d1de22220ff2623df4950134b9fb734a52adad95f131cce3672a9d7d7b400d2c62810b5f20351639330948107bf8d4534a03ac389455c54d8eb4d609b3e858b7213b38eb01f0eeaba3739ae927916e28da6a79a3fd5e32d30ab30bf959d4596e5ffbff6789a650b9e7d248d1ba849012336a4f3ef8fab07a8f5b81bb0bc45b2174538315ca12b7c723b2157562564a8a1f19d28179f8c565448e0e921b8c3e6fc4adaafa8b929ad077f633325b6a6f71a586cabc4883e03e19315f946b277858593a7367e232202fe9ad656c6768a1517da7f0498b48cb078e929fb11db0cc551f754bffc4859dd89a396915cc809b07d448573098409ea21371056f67ef4114ec10547f498d24513fe594308bf022868ad21e85bba811942fdc45161a1a8a7fe00d5c6b05ed7954f631bbd12a5c9a5cfa5965e0595de608b04ebe02b3fcbf3b9f57807a1a7ad8528992e2ec65949da2f4a0478dfd3ae52639c15d8aeaa351da6d393b58c772168fae604d097fef4d6b9360eb169a0b0ee70cdc22435a003e68698f61b3b63b1f51011bc8f4ef944c1de821785f670124a1c6ed18335d63412", 0x200) sendfile(r2, r3, 0x0, 0x7fffffa7) r4 = open(&(0x7f0000000040)='./file0\x00', 0x141042, 0x0) sendfile(r4, r2, 0x0, 0xffffffff) 08:15:47 executing program 3: r0 = socket$inet6(0xa, 0x6, 0x0) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20}, 0x1c) r1 = socket$inet_dccp(0x2, 0x6, 0x0) ioctl$sock_bt_hidp_HIDPGETCONNINFO(r1, 0x800448d3, &(0x7f00000000c0)={{0x6, 0x7, 0x9, 0x49, 0x0, 0xf9}, 0x7, 0x0, 0x81, 0xcea, 0x9, "f7a96dea8c8191b94d301da9837ea5f134836b637764ef1bbd621f06b209d8c6de2881dfc46d87bab3b038ade1f348809e3c6e34d4e80ba8f799bf96145212ed998d68b9f6245219cdd0d97242319d00891b7a1e58d8d80fd0218aa0a4d0bfc93ef5923068b98616bebfd047a5c2250609281a514a7c75cd58f9c480f506e6c9"}) listen(r0, 0x5) setsockopt(r1, 0x10d, 0x800000000a, &(0x7f00001c9fff)="03", 0x3bc) connect$inet(r1, &(0x7f0000000080)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x20}}, 0x10) sendmsg(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000040)="a8491b9c3c4a45f049", 0x9}], 0x1}, 0x0) 08:15:47 executing program 5: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000000)="6653070000053c07bc3376003639405cb4aed1e68f7d368b3fb62f00000000", 0x1f}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0xe, 0x0) [ 1331.903672][ T27] kauditd_printk_skb: 1 callbacks suppressed [ 1331.903693][ T27] audit: type=1800 audit(1577520947.641:875): pid=21251 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="file0" dev="loop1" ino=593 res=0 08:15:47 executing program 3: r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vcs\x00', 0xaea6a62923e7ea2, 0x0) r1 = syz_open_dev$ptys(0xc, 0x3, 0x0) ioctl$VIDIOC_G_EXT_CTRLS(0xffffffffffffffff, 0xc0205647, &(0x7f0000000080)={0xa30000, 0x2, 0x4, 0xffffffffffffffff, 0x0, &(0x7f0000000040)={0x99096f, 0x7, [], @ptr=0x9}}) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) r4 = dup(0xffffffffffffffff) clock_gettime(0x0, &(0x7f0000000100)={0x0, 0x0}) ppoll(&(0x7f00000000c0)=[{r0, 0x80}, {r1, 0x200}, {r2, 0x400}, {r3, 0x822}, {0xffffffffffffffff, 0x2000}, {r4, 0x400}], 0x6, &(0x7f0000000140)={r5, r6+30000000}, &(0x7f0000000180)={0xcfe000}, 0x8) ioctl$KDFONTOP_SET(r0, 0x4b72, &(0x7f00000005c0)={0x0, 0x1, 0x2, 0x16, 0x102, &(0x7f00000001c0)="e0fc60314e7b8d4517a661a78be28c157ebaf8fa96a8162c2a572cad5d267437b35dbdcf9f04c21496d681cd22d677c5c26821f718e55548e3d65386b861abe166beafbc92cb2c83a1517e0ba5e82c6195e421fb5164cb7eb51d49f09f9f1231e517c141c5ebbb8691bd23b62449a7127aa0deb17922c2df7ff964a999c4bcbaf0c61d05a90237d5ffce06b6b1e22f35ebaa3080b243c6d714c09035974e1409799bb65302af838d751e85f2de7cb9d3555526b0d58164b3512d7d1976b95325cded43aac6a9cd485c1902f04b3d2df303f918a0d80cef54f05bed5afa2dd2c447717a6d702348fa4475df93a1d895eb5183b79bbe62dec5d721c862b201f41063d1622f495166a9a826856f534a94fae83bc5cc9967928d97cf1a51a024ad730afc0bb2b80ba0c09915e3ad3f1674a4555de13c749139457ffa4de6bd3d93dae4c81b2ad0dfc47dc9c29ac10d72155c1a139fa204136968f2d62666174ee0c5212cf8730e3ffe58e66f136e43b86de30a5759f3dec674d601b016fb8f341ac99d1a44af714360b772b0621d30af837c8b386ce02ab00c5ff05118832b7f3b28fa6ca036667cc5a7e3712005a434e0991a95282dd065ad17ba934303d287bd277bb5de994e0b1b97e70be1a21a01b444913dd03649a67a6fd3113959550641cad7c2f4204b28aa5d49aebb2f3d7cb6663265859180f3bf3d26372724b2a5f6809ca8292953e745ee851774de63504ead10575fb9c1590e3ba3979b5b86860776bb7d9cbe4c58b8d0e0c81591aa3bb57ad52d09345e974b9a1b1de16f4c178d281e6bf346ed15b88ca3cf5bc1e7bea6f0554f3467429c21205fb62aaa6f48c8f5587a45ed1e9159810e537db148a3645f7f19268f1b256b28b0131c7194b7f02040c726f9f7a1da0bad827d38d107f9dc31bf125d95c78c438dc6361a7edc91e93a3af4feac5734aeb16e5dbe6b57e1d10d1b67f19b31fa7ac42c62bfa5b666c5b0dcd6ee188ceb3fd5dd4a674d7a9937c75a6657bb10ea9a904cb57a66d7bca50aaf427a39807c7a3ed9c8ea3c843c2d740742a66412ffbe1ed9e4527d52863001e8b988410481355cac2a06a06c794cd5c358ffaab79a971b0330eb97b7761b9a540226638ea16b54a587e698b37a0a70d41e75cb3cada92ccd2210bf7d00fdeb4f9a7a57a6918f0ffbb18247e103deacd506b1a8ccda8fae6c320dc2dbcf0ac2b77f7db8a845ca47e4257ef50343b1301d46df55b11ff15129a51dd6f5166e5b8accdf9abbe5053e93c05b87095c467d22039a8a30e65905fb693b7665e2dea54de9e23c594556062887448d9338acfdd9ddf91215bf2684d7d4740d4b1c02fd058f7631998ae0ead89aa5781299701d09cfb5b58d62edefebd8da9b674337510c09d89b1bc85d4af269e52aea5447dd778f6d2a45e06ccb575cf46a78ad36"}) openat$urandom(0xffffffffffffff9c, &(0x7f0000000600)='/dev/urandom\x00', 0xc0004, 0x0) r7 = openat$vcsu(0xffffffffffffff9c, &(0x7f0000000640)='/dev/vcsu\x00', 0x10200, 0x0) ioctl$BLKALIGNOFF(r7, 0x127a, &(0x7f0000000680)) sendmsg$DEVLINK_CMD_PORT_SET(r2, &(0x7f0000000780)={&(0x7f00000006c0)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000740)={&(0x7f0000000700)={0x40, 0x0, 0x9182e7ed55abeaff, 0x70bd2b, 0x25dfdbfd, {}, [{{@pci={{0x8, 0x1, 'pci\x00'}, {0x14, 0x2, '0000:00:10.0\x00'}}, {0x8, 0x3, 0x3}}, {0x8, 0x4, 0x3}}]}, 0x40}, 0x1, 0x0, 0x0, 0x81}, 0x40880) recvmmsg(0xffffffffffffffff, &(0x7f00000043c0)=[{{0x0, 0x0, &(0x7f0000000c00)=[{&(0x7f00000007c0)=""/147, 0x93}, {&(0x7f0000000880)=""/129, 0x81}, {&(0x7f0000000940)=""/102, 0x66}, {&(0x7f00000009c0)=""/89, 0x59}, {&(0x7f0000000a40)=""/236, 0xec}, {&(0x7f0000000b40)=""/191, 0xbf}], 0x6, &(0x7f0000000c80)=""/86, 0x56}, 0x3f}, {{&(0x7f0000000d00)=@nl=@unspec, 0x80, &(0x7f0000000e00)=[{&(0x7f0000000d80)=""/67, 0x43}], 0x1}, 0x5}, {{&(0x7f0000000e40)=@xdp, 0x80, &(0x7f0000001300)=[{&(0x7f0000000ec0)=""/180, 0xb4}, {&(0x7f0000000f80)=""/94, 0x5e}, {&(0x7f0000001000)=""/12, 0xc}, {&(0x7f0000001040)=""/246, 0xf6}, {&(0x7f0000001140)=""/136, 0x88}, {&(0x7f0000001200)}, {&(0x7f0000001240)=""/138, 0x8a}], 0x7, &(0x7f0000001380)=""/121, 0x79}}, {{&(0x7f0000001400)=@pppol2tpv3={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @local}}}, 0x80, &(0x7f0000001640)=[{&(0x7f0000001480)=""/156, 0x9c}, {&(0x7f0000001540)=""/244, 0xf4}], 0x2, &(0x7f0000001680)=""/93, 0x5d}, 0x800}, {{&(0x7f0000001700)=@can, 0x80, &(0x7f0000002b80)=[{&(0x7f0000001780)=""/36, 0x24}, {&(0x7f00000017c0)=""/149, 0x95}, {&(0x7f0000001880)=""/4096, 0x1000}, {&(0x7f0000002880)=""/159, 0x9f}, {&(0x7f0000002940)=""/95, 0x5f}, {&(0x7f00000029c0)=""/129, 0x81}, {&(0x7f0000002a80)=""/193, 0xc1}], 0x7, &(0x7f0000002c00)=""/130, 0x82}, 0x8}, {{0x0, 0x0, &(0x7f0000002fc0)=[{&(0x7f0000002cc0)=""/22, 0x16}, {&(0x7f0000002d00)=""/75, 0x4b}, {&(0x7f0000002d80)=""/82, 0x52}, {&(0x7f0000002e00)=""/217, 0xd9}, {&(0x7f0000002f00)=""/164, 0xa4}], 0x5, &(0x7f0000003040)=""/254, 0xfe}, 0x4}, {{&(0x7f0000003140)=@nl=@proc, 0x80, &(0x7f0000004300)=[{&(0x7f00000031c0)=""/241, 0xf1}, {&(0x7f00000032c0)=""/4096, 0x1000}, {&(0x7f00000042c0)=""/39, 0x27}], 0x3, &(0x7f0000004340)=""/104, 0x68}, 0x2}], 0x7, 0x102, 0x0) ioctl$SIOCX25SCAUSEDIAG(r8, 0x89ec, &(0x7f0000004580)={0xff, 0x3f}) r9 = accept4(0xffffffffffffffff, 0x0, &(0x7f00000045c0), 0xc0c00) getsockopt$inet_sctp6_SCTP_GET_ASSOC_NUMBER(r9, 0x84, 0x1c, &(0x7f0000004600), &(0x7f0000004640)=0x4) ioctl$TCGETX(0xffffffffffffffff, 0x5432, &(0x7f0000004680)) r10 = syz_open_dev$vcsu(&(0x7f00000046c0)='/dev/vcsu#\x00', 0xfffffffffffffff7, 0x10100) setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r10, 0x6, 0x14, &(0x7f0000004700), 0x4) fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000004740)={0x0, 0x0}) sched_setparam(r11, &(0x7f0000004780)=0x8000) socket$inet6_sctp(0xa, 0x5, 0x84) syz_open_dev$media(&(0x7f00000047c0)='/dev/media#\x00', 0x6, 0x155fbeefa313511e) r12 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000004800)='/dev/ubi_ctrl\x00', 0x80, 0x0) recvmmsg(r12, &(0x7f0000005a40)=[{{&(0x7f0000004840)=@pppoe={0x18, 0x0, {0x0, @dev}}, 0x80, &(0x7f00000059c0)=[{&(0x7f00000048c0)=""/4096, 0x1000}, {&(0x7f00000058c0)=""/224, 0xe0}], 0x2, &(0x7f0000005a00)=""/3, 0x3}, 0x6}], 0x1, 0x20, &(0x7f0000005a80)={0x0, 0x989680}) socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000005ac0)={0xffffffffffffffff}) getsockopt$SO_BINDTODEVICE(r13, 0x1, 0x19, &(0x7f0000005b00), 0x10) r14 = syz_open_dev$vcsn(&(0x7f0000005b40)='/dev/vcs#\x00', 0xffffffffffffffff, 0x240101) ioctl$KDGKBDIACR(r14, 0x4b4a, &(0x7f0000005b80)=""/104) move_pages(0x0, 0x4, &(0x7f0000005c00)=[&(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ff1000/0xe000)=nil, &(0x7f0000ff3000/0x2000)=nil], &(0x7f0000005c40)=[0x0, 0x3f, 0x2, 0x41, 0x4, 0x9, 0x8], &(0x7f0000005c80)=[0x0], 0x4) [ 1332.039295][ T27] audit: type=1800 audit(1577520947.651:876): pid=21255 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.2" name="file0" dev="sda1" ino=16515 res=0 08:15:47 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x196, 0x0, 0x0, 0x0) r3 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/pfkey\x00', 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x552, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, r3}, 0x78) sendto$llc(r3, &(0x7f0000000100)="6564388041915b17445aa2062ed8f9df5381b29fc3c23e799b56d45e69ab7bce23d2dd24df7a2560ddd24f26d7d0a3454671c27bce2ae280e55afdbc8ecd430c9a1d643f35be2fbee52e8148972546fff14920", 0x53, 0x80, &(0x7f00000001c0)={0x1a, 0x5, 0xe, 0x40, 0x1, 0x6, @dev={[], 0x12}}, 0x10) r4 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/pfkey\x00', 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x552, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, r4}, 0x78) ioctl$SNDRV_TIMER_IOCTL_GPARAMS(r4, 0x40485404, &(0x7f0000000000)={{0x3, 0x1, 0x4, 0x2, 0x200}, 0x7, 0x2}) ioctl$KVM_GET_XCRS(0xffffffffffffffff, 0x8188aea6, &(0x7f0000000440)=ANY=[@ANYBLOB="c8cc00004eb1d4aae03158202ac52ceaf049b330a1f230de120ca62573238925d0d149d52f42bc5d5a17f0eab5b60be2bf5c9bfa89135d41aa879a78ffffec8afca86187de4725737ef58b8d52acd9b101b8c5d5c011ec4716e09ae2e08621b90472adb29d9896dd8525037114c71d012c4a2244a4851bb57e193ee496825b41b509f0baead26ceea8f47b17ba76707bc941e65d6d82062a2d8b4e779eb2cfc72a291ea93f8b77fb5a4d6c86e5c00eb58d9aab6e1227ab881a0460e61951010f2313d13eca3490f40b159cf424a19573cad5cbb5b330777657ded87af31950f6ef6f73b05e9850389c53357aa05977e832e6480a028bce19d2c9238cd863c0ff0d30cf354974f9f54bb22eeef7a9bbadd3b32418037a3633553064d84f572a6611efb8e0699f3fd4442bfcdc28e20e1616be71fca7a4fbb921b56a4c6e2606774fc3a32dfd55e6f9aac9b1aae5576b84662b6d1bdb1a141026792fe45ea7e15058f39b5ef04993d4989f54b2b0515707c364ccd52204074f9abea71274024eb3dd5f0885b3747fceafe48de5049dca5a15d6db4482608e3e5e66287e95b864a5ac1eccf56e2b6fa4606ba82d64533954"]) ioctl$KVM_RUN(r2, 0xae80, 0x0) 08:15:48 executing program 3: preadv(0xffffffffffffffff, 0x0, 0x0, 0x0) r0 = socket(0x840000000002, 0x3, 0xff) write$binfmt_elf64(r0, &(0x7f0000000500)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{0x0, 0x0, 0x23}], "", [[], [], [], [], [], [], [], []]}, 0x878) r1 = socket(0x840000000002, 0x3, 0xff) setsockopt$SO_TIMESTAMPING(r1, 0x1, 0x25, 0x0, 0x0) write$binfmt_elf64(r1, &(0x7f0000000480)=ANY=[@ANYBLOB="7f454c460000000000000000000000bfb936275fffd79e000040007c0d2cdf7afdb1cf6ef8000000000000000000000000000000000000000038000000000000000000000000000000effff0000000000000000000000000000000000300"/123], 0x78) getsockopt$inet_sctp6_SCTP_PEER_AUTH_CHUNKS(r1, 0x84, 0x1a, &(0x7f0000000200)=ANY=[@ANYRES32=0x0, @ANYBLOB="9300000048d023ecf5bca701d20a8f86c850713cae1181edf3394538af64b955e913b67729291e43c09e316eb97176cf8b15c7745c5af13ea75f8fe0303f9c43067242a2db208e8dccc6a2548f525de9dae984cb7e7a34fef2145f1ea2fa8ef8965a7cf501c9d2a69a11a4e30db16618431f1be35ff69201e1a4c376dbb79feb9eb2762ea02d2edeac3512260cbe6a29a604920b44f91d"], &(0x7f00000002c0)=0x9b) getsockopt$inet_sctp_SCTP_ENABLE_STREAM_RESET(r0, 0x84, 0x76, &(0x7f0000000300)={r2, 0x1}, &(0x7f0000000340)=0x8) openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000180)='/proc/capi/capi20ncci\x00', 0x1, 0x0) r3 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x1, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fcntl$setstatus(r3, 0x4, 0x42000) r4 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000380)='/dev/cachefiles\x00', 0x268cc0, 0x0) setsockopt$inet6_tcp_TLS_TX(r4, 0x6, 0x1, &(0x7f00000003c0)=@gcm_256={{0x7}, "e1a6555de5740775", "cd17bb3624520076c8b655aa7ea09212bb5211c82a4a0a880218d319586c6a4e", "9c26edd8", "0f9165c4fbcfa252"}, 0x38) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={&(0x7f00000001c0)}, 0x0, 0x0, 0xfffffffe}, 0x0, 0xffffffffffffffff, r3, 0x0) r5 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=ANY=[@ANYBLOB="300000001000010300"/20, @ANYRES32=0x0, @ANYBLOB="000000000000800000"], 0x30}}, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r7 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/pfkey\x00', 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x552, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, r7}, 0x78) ioctl$VT_RESIZE(r7, 0x5609, &(0x7f00000000c0)={0x0, 0x2, 0x3}) dup(r6) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) r8 = socket$unix(0x1, 0x5, 0x0) fchmod(r8, 0x1) ioctl$PERF_EVENT_IOC_PERIOD(0xffffffffffffffff, 0x40082404, &(0x7f0000000400)=0x40) pivot_root(&(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='./file0\x00') syz_open_dev$vcsn(&(0x7f0000000440)='/dev/vcs#\x00', 0x5, 0x2000) r9 = syz_open_dev$sndpcmc(0x0, 0xffff, 0x40802) read$alg(r9, &(0x7f0000003580)=""/102, 0x66) socket(0x10, 0x0, 0x8) [ 1332.238823][ T27] audit: type=1804 audit(1577520947.671:877): pid=21260 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir643497950/syzkaller.E8iwYA/267/file0/file0" dev="loop1" ino=593 res=1 [ 1332.380590][T21281] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.3'. [ 1332.391477][ T27] audit: type=1804 audit(1577520947.691:878): pid=21255 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir048680357/syzkaller.hecpVM/329/file0" dev="sda1" ino=16515 res=1 [ 1332.526328][ T27] audit: type=1804 audit(1577520947.731:879): pid=21260 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir643497950/syzkaller.E8iwYA/267/file0/file0" dev="loop1" ino=593 res=1 08:15:48 executing program 3: r0 = syz_init_net_socket$ax25(0x3, 0x2, 0x0) r1 = dup(0xffffffffffffffff) ioctl$KDSETKEYCODE(r1, 0x4b4d, &(0x7f0000000000)={0x9, 0x5}) setsockopt$ax25_int(r0, 0x101, 0x1, &(0x7f0000000200), 0x4) [ 1332.571517][T21281] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.3'. [ 1332.627851][ T27] audit: type=1804 audit(1577520947.821:880): pid=21265 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir048680357/syzkaller.hecpVM/329/file0" dev="sda1" ino=16515 res=1 [ 1332.765896][ T27] audit: type=1804 audit(1577520948.411:881): pid=21260 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir643497950/syzkaller.E8iwYA/267/file0/file0" dev="loop1" ino=593 res=1 08:15:48 executing program 1: syz_mount_image$vfat(&(0x7f0000000180)='vfat\x00', &(0x7f0000000000)='./file0/file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x3}], 0x0, 0x0) r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x552, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78) setsockopt$inet_mreqsrc(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000100)='./file0\x00', 0x40c2, 0x40) open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) write(r1, &(0x7f0000000240)="34fd98aa1d0e7adec937a5f331b25c87b7637923dda0751944936972896c29a5068c8ecba1aa0a4e2a631b5180e1fbde79f4502dc4c4a1fba9dcd9ed83e639aefa1b87631c33d1a82cb0c0035676ddfeb0fe7984d7519b0f839d497fc9d64ef14d1de22220ff2623df4950134b9fb734a52adad95f131cce3672a9d7d7b400d2c62810b5f20351639330948107bf8d4534a03ac389455c54d8eb4d609b3e858b7213b38eb01f0eeaba3739ae927916e28da6a79a3fd5e32d30ab30bf959d4596e5ffbff6789a650b9e7d248d1ba849012336a4f3ef8fab07a8f5b81bb0bc45b2174538315ca12b7c723b2157562564a8a1f19d28179f8c565448e0e921b8c3e6fc4adaafa8b929ad077f633325b6a6f71a586cabc4883e03e19315f946b277858593a7367e232202fe9ad656c6768a1517da7f0498b48cb078e929fb11db0cc551f754bffc4859dd89a396915cc809b07d448573098409ea21371056f67ef4114ec10547f498d24513fe594308bf022868ad21e85bba811942fdc45161a1a8a7fe00d5c6b05ed7954f631bbd12a5c9a5cfa5965e0595de608b04ebe02b3fcbf3b9f57807a1a7ad8528992e2ec65949da2f4a0478dfd3ae52639c15d8aeaa351da6d393b58c772168fae604d097fef4d6b90700b169a0b0ee70cdc22435a003e68698f61b3b63b1f51011bc8f4ef944c1de821785f670124a1c6ed18335d6341285a5e52fac4902d4496e6ab39253dedd67646cbecd607790d4f0f63d5b82d3f8d08b05fca0a1f3", 0x227) r2 = openat$vimc2(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/video2\x00', 0x2, 0x0) r3 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_S_EXT_CTRLS(r3, 0xc0205648, &(0x7f0000000080)={0x0, 0x7}) sendfile(r2, r3, 0x0, 0x7fffffa7) r4 = open(&(0x7f0000000040)='./file0\x00', 0x141042, 0x0) sendfile(r4, r1, 0x0, 0xffffffff) 08:15:48 executing program 3: r0 = open(&(0x7f0000000180)='./bus\x00', 0x141042, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) setns(0xffffffffffffffff, 0x6041c46a34379e84) socket$bt_bnep(0x1f, 0x3, 0x4) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x40) prctl$PR_SET_CHILD_SUBREAPER(0x24, 0x1) ioctl$RTC_VL_CLR(0xffffffffffffffff, 0x7014) write$FUSE_POLL(r0, &(0x7f0000000080)={0x13, 0xfffffffffffffff5, 0x6, {0x1}}, 0x18) setsockopt$inet6_udp_int(r2, 0x11, 0x67, &(0x7f0000000000)=0x6, 0x4) [ 1332.841772][ T27] audit: type=1804 audit(1577520948.411:882): pid=21285 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir643497950/syzkaller.E8iwYA/267/file0/file0" dev="loop1" ino=593 res=1 [ 1333.080979][ T27] audit: type=1800 audit(1577520948.811:883): pid=21296 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="file0" dev="sda1" ino=16613 res=0 [ 1333.176953][ T27] audit: type=1804 audit(1577520948.861:884): pid=21296 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir643497950/syzkaller.E8iwYA/268/file0" dev="sda1" ino=16613 res=1 08:15:56 executing program 0: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(r0, 0x40086602, 0x400007) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) bpf$MAP_CREATE(0x0, 0x0, 0x0) write$cgroup_subtree(r1, 0x0, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r1, &(0x7f0000000000)=ANY=[@ANYBLOB], 0xda00) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000080)='cpu.stat\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x7fff}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffc}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) write$cgroup_int(r2, &(0x7f0000000200), 0x43400) ioctl$PERF_EVENT_IOC_MODIFY_ATTRIBUTES(r1, 0x4008240b, &(0x7f0000000280)={0x0, 0x70, 0xff, 0x1, 0x0, 0x3, 0x0, 0x100000000, 0xc17d06253f1d94fb, 0x2, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x8000, 0x4, @perf_config_ext={0x4, 0x1f}, 0x800, 0x8239, 0x7fff, 0x1, 0x1000, 0x9, 0x7}) 08:15:56 executing program 2: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000200)='./file0\x00', 0xa0100, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x552, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78) mount$bpf(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000180)='bpf\x00', 0x40, &(0x7f0000000300)={[{@mode={'mode', 0x3d, 0x6}}, {@mode={'mode', 0x3d, 0x8}}, {@mode={'mode'}}, {@mode={'mode', 0x3d, 0x5a2}}, {@mode={'mode', 0x3d, 0xfffffffffffff0b3}}, {@mode={'mode', 0x3d, 0x69}}], [{@seclabel='seclabel'}]}) setsockopt$inet_mreqsrc(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) r1 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/dlm_plock\x00', 0x44d76661a729da99, 0x0) ioctl$SOUND_MIXER_READ_CAPS(r1, 0x80044dfc, &(0x7f0000000240)) sync() fchdir(r0) r2 = open(&(0x7f0000000100)='./file0\x00', 0x40c2, 0x40) r3 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) write(r2, &(0x7f0000000600)="34fd98aa1d0e7adec937a5f331a75f487934f50242a0751944936972896c29a5068c8ecba1aa0a4e2a631b5180e1fbde79f4502dc4c4a1fba9dcd9ed83e639aefa1b87631c33d1a82cb0c0035676ddfeb0fe7984d7519b0f839d497fc9d64ef14d1de22220ff2623df4950134b9fb734a52adad95f131cce3672a9d7d7b400d2c62810b5f20351639330948107bf8d4534a03ac389455c54d8eb4d609b3e858b7213b38eb01f0eeaba3739ae927916e28da6a79a3fd5e32d30ab30bf959d4596e5ffbff6789a650b9e7d248d1ba849012336a4f3ef8fab07a8f5b81bb0bc45b2174538315ca12b7c723b2157562564a8a1f19d28179f8c565448e0e921b8c3e6fc4adaafa8b929ad077f633325b6a6f71a586cabc4883e03e19315f946b277858593a7367e232202fe9ad656c6768a1517da7f0498b48cb078e929fb11db0cc551f754bffc4859dd89a396915cc809b07d448573098409ea21371056f67ef4114ec10547f498d24513fe594308bf022868ad21e85bba811942fdc45161a1a8a7fe00d5c6b05ed7954f631bbd12a5c9a5cfa5965e0595de608b04ebe02b3fcbf3b9f57807a1a7ad8528992e2ec65949da2f4a0478dfd3ae52639c15d8aeaa351da6d393b58c772168fae604d097fef4d6b9360eb169a0b0ee70cdc22435a003e68698f61b3b63b1f51011bc8f4ef944c1de821785f670124a1c6ed18335d63412", 0x200) sendfile(r2, r3, 0x0, 0x7fffffa7) r4 = open(&(0x7f0000000040)='./file0\x00', 0x141042, 0x0) sendfile(r4, r2, 0x0, 0xffffffff) 08:15:56 executing program 3: creat(&(0x7f0000000280)='./file0\x00', 0x0) r0 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/pfkey\x00', 0x0, 0x0) r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/pfkey\x00', 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x552, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, r1}, 0x78) recvmmsg(r1, &(0x7f0000008d40)=[{{0x0, 0x0, &(0x7f0000000800)=[{&(0x7f0000000580)=""/18, 0x12}, {&(0x7f00000005c0)=""/129, 0x81}, {&(0x7f0000000680)=""/153, 0x99}, {&(0x7f0000000740)=""/164, 0xa4}], 0x4, &(0x7f0000000840)=""/99, 0x63}, 0x7}, {{&(0x7f00000008c0)=@vsock={0x28, 0x0, 0x0, @hyper}, 0x80, &(0x7f0000000dc0)=[{&(0x7f0000000940)=""/156, 0x9c}, {&(0x7f0000000a00)=""/250, 0xfa}, {&(0x7f0000000b00)=""/205, 0xcd}, {&(0x7f0000000c00)=""/132, 0x84}, {&(0x7f0000000cc0)=""/224, 0xe0}], 0x5, &(0x7f0000000e40)=""/111, 0x6f}, 0x8}, {{&(0x7f0000000ec0)=@pppol2tpv3={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @multicast1}}}, 0x80, &(0x7f0000001280)=[{&(0x7f0000000f40)=""/221, 0xdd}, {&(0x7f0000001040)=""/34, 0x22}, {&(0x7f0000001080)=""/96, 0x60}, {&(0x7f0000001100)=""/110, 0x6e}, {&(0x7f0000001180)=""/91, 0x5b}, {&(0x7f0000001200)=""/29, 0x1d}, {&(0x7f0000001240)=""/33, 0x21}], 0x7}, 0xd784}, {{0x0, 0x0, &(0x7f0000001540)=[{&(0x7f0000001300)}, {&(0x7f0000001340)=""/8, 0x8}, {&(0x7f0000001380)=""/219, 0xdb}, {&(0x7f0000001480)=""/174, 0xae}], 0x4, &(0x7f0000001580)=""/229, 0xe5}, 0x6178}, {{0x0, 0x0, &(0x7f0000002b00)=[{&(0x7f0000001680)=""/4, 0x4}, {&(0x7f00000016c0)=""/79, 0x4f}, {&(0x7f0000001740)=""/83, 0x53}, {&(0x7f00000017c0)=""/26, 0x1a}, {&(0x7f0000001800)=""/235, 0xeb}, {&(0x7f0000001900)=""/170, 0xaa}, {&(0x7f00000019c0)=""/4096, 0x1000}, {&(0x7f00000029c0)=""/171, 0xab}, {&(0x7f0000002a80)=""/37, 0x25}, {&(0x7f0000002ac0)=""/56, 0x38}], 0xa, &(0x7f0000002bc0)=""/4096, 0x1000}, 0x8000}, {{&(0x7f0000003bc0)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, 0x80, &(0x7f0000004e40)=[{&(0x7f0000003c40)=""/183, 0xb7}, {&(0x7f0000003d00)=""/4096, 0x1000}, {&(0x7f0000004d00)=""/208, 0xd0}, {&(0x7f0000004e00)=""/52, 0x34}], 0x4, &(0x7f0000004e80)=""/7, 0x7}, 0xb2b}, {{0x0, 0x0, &(0x7f0000006100)=[{&(0x7f0000004ec0)=""/244, 0xf4}, {&(0x7f0000004fc0)=""/4096, 0x1000}, {&(0x7f0000005fc0)=""/8, 0x8}, {&(0x7f0000006000)=""/202, 0xca}], 0x4, &(0x7f0000006140)=""/4096, 0x1000}, 0x62}, {{&(0x7f0000007140)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @local}}}, 0x80, &(0x7f0000007300)=[{&(0x7f00000071c0)=""/25, 0x19}, {&(0x7f0000007200)=""/146, 0x92}, {&(0x7f00000072c0)=""/45, 0x2d}], 0x3, &(0x7f0000007340)=""/104, 0x68}, 0x52}, {{&(0x7f00000073c0)=@nl, 0x80, &(0x7f00000088c0)=[{&(0x7f0000007440)=""/146, 0x92}, {&(0x7f0000007500)=""/122, 0x7a}, {&(0x7f0000007580)=""/4096, 0x1000}, {&(0x7f0000008580)=""/64, 0x40}, {&(0x7f00000085c0)=""/156, 0x9c}, {&(0x7f0000008680)=""/113, 0x71}, {&(0x7f0000008700)=""/11, 0xb}, {&(0x7f0000008740)=""/80, 0x50}, {&(0x7f00000087c0)=""/162, 0xa2}, {&(0x7f0000008880)=""/35, 0x23}], 0xa, &(0x7f0000008980)=""/110, 0x6e}, 0x7}, {{&(0x7f0000008a00)=@can, 0x80, &(0x7f0000008c80)=[{&(0x7f0000008a80)=""/73, 0x49}, {&(0x7f0000008b00)=""/195, 0xc3}, {&(0x7f0000008c00)=""/109, 0x6d}], 0x3, &(0x7f0000008cc0)=""/79, 0x4f}, 0xd99f}], 0xa, 0x60, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x552, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, r0}, 0x78) ioctl$TUNSETNOCSUM(r0, 0x400454c8, 0x1) mount(&(0x7f0000000100)=ANY=[@ANYBLOB="0000000000000000128f27d8b5e0ae5796ca69c5021d2697a00f539d50117818557d5b7d3e5641a50a1070e929746dae419c8a2f6aca1eb59330b767e66b1a12277707df93008a11b28404995d1ffd7f68e34556750ec159a685804720"], &(0x7f0000000000)='./file0\x00', 0x0, 0x1001004, 0x0) syz_mount_image$ext4(0x0, &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x2210020, &(0x7f00000002c0)={[{@nombcache='nombcache'}]}) execve(&(0x7f0000000040)='./file0\x00', &(0x7f0000000440)=[&(0x7f0000000080)='nombcache', &(0x7f0000000180)='\'\x00', &(0x7f00000001c0)='nombcache', &(0x7f0000000200)='nodevem0vmnet0\x00', &(0x7f0000000240)='\x00', &(0x7f0000000300)='cpusetwlan0security\x00', &(0x7f0000000340)='md5sum/vmnet1\x06(vmnet0trusted{\x00', &(0x7f0000000380)='\'\x00', &(0x7f00000003c0)='nombcache', &(0x7f0000000400)='-user\x00'], &(0x7f0000000540)=[&(0x7f00000004c0)='eth0)bdevmime_typenodev\x00', &(0x7f0000000500)=',keyring,wlan0\x00']) 08:15:56 executing program 1: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x552, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78) setsockopt$inet_mreqsrc(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000100)='./file0\x00', 0x40c2, 0x40) r2 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) write(r1, &(0x7f0000000600)="34fd98aa1d0e7adec937a5f331a75f487934f50242a0751944936972896c29a5068c8ecba1aa0a4e2a631b5180e1fbde79f4502dc4c4a1fba9dcd9ed83e639aefa1b87631c33d1a82cb0c0035676ddfeb0fe7984d7519b0f839d497fc9d64ef14d1de22220ff2623df4950134b9fb734a52adad95f131cce3672a9d7d7b400d2c62810b5f20351639330948107bf8d4534a03ac389455c54d8eb4d609b3e858b7213b38eb01f0eeaba3739ae927916e28da6a79a3fd5e32d30ab30bf959d4596e5ffbff6789a650b9e7d248d1ba849012336a4f3ef8fab07a8f5b81bb0bc45b2174538315ca12b7c723b2157562564a8a1f19d28179f8c565448e0e921b8c3e6fc4adaafa8b929ad077f633325b6a6f71a586cabc4883e03e19315f946b277858593a7367e232202fe9ad656c6768a1517da7f0498b48cb078e929fb11db0cc551f754bffc4859dd89a396915cc809b07d448573098409ea21371056f67ef4114ec10547f498d24513fe594308bf022868ad21e85bba811942fdc45161a1a8a7fe00d5c6b05ed7954f631bbd12a5c9a5cfa5965e0595de608b04ebe02b3fcbf3b9f57807a1a7ad8528992e2ec65949da2f4a0478dfd3ae52639c15d8aeaa351da6d393b58c772168fae604d097fef4d6b9360eb169a0b0ee70cdc22435a003e68698f61b3b63b1f51011bc8f4ef944c1de821785f670124a1c6ed18335d63412", 0x200) r3 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/pfkey\x00', 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x552, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, r3}, 0x78) ioctl$SIOCAX25GETINFO(r3, 0x89ed, &(0x7f0000000180)) sendfile(r1, r2, 0x0, 0x7fffffa7) r4 = open(&(0x7f0000000040)='./file0\x00', 0x141042, 0x0) r5 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_S_EXT_CTRLS(r5, 0xc0205648, &(0x7f0000000080)={0x0, 0x7}) pwritev(r5, &(0x7f0000000280)=[{&(0x7f0000000240)="b18657f66b13ee99954fbc9fd1142b75", 0x10}, {&(0x7f0000000300)="74f9c8afcbb46b2e4995c9a61bba58683d6d1206178b54a8e2c616ea7c0b312f1265df5f232c6c16dff1d2a5fe1fcfb7b6f4e8c10e0d23633c07ef53d6e5397ce3f25218f5d582003257bf58cd08a106e7087e10fc3c36d55ce37396ccb40c361c0889ff91a07d9f2e13f17e5fedeb2302b35bf9af9dd6c76be052945d6f07539f489a854f4d2e7e459071452c17b6f219d2a9d9d487de7a8dae47f44e22d69a38cd4a73311f8997d54bbb5fb5ecc9616489e96b33c7bc8789915903a12abd2acef481c0", 0xc4}, {&(0x7f0000000400)="5ccfd4b630d1c03d7b62785d739807bddf051d5a9a9e9e2f00e988987cfc270e0998c4f2893ea148999d6511a363cdb768ba57c33aa7fe84ba2f009aeb501104d954b9a10fb0f872dad33a282b7bbe", 0x4f}, {&(0x7f0000000480)="638bb3062fe94578328ecd785bb095b76ea9272be281372313a3123294542a69d9c7f07def08d5bdc1000cb21d0e9b97e30f2d97ee10f6adfdc08edcf720f9419681d667660f271d55cd45805a77a5f56f28f1a4eda76763c0ef14953b9a97afcd65c91544fc1910", 0x68}], 0x4, 0x1000) sendfile(r4, r1, 0x0, 0xffffffff) 08:15:56 executing program 5: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000000)="6653070000053c07bc3376003639405cb4aed1e68f7d368b3fb62f00000000", 0x1f}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0xf, 0x0) 08:15:56 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x196, 0x0, 0x0, 0x0) ioctl$KVM_GET_XCRS(0xffffffffffffffff, 0x8188aea6, &(0x7f0000000000)=ANY=[@ANYBLOB="010002d59400000500ade76e876e03c8cc0000"]) ioctl$KVM_RUN(r2, 0xae80, 0x0) r3 = creat(&(0x7f0000000240)='./file0/file0\x00', 0x0) io_setup(0x8, &(0x7f00000004c0)=0x0) io_submit(r4, 0xc2, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r3, &(0x7f0000000000), 0x10000, 0xc0000}]) r5 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_S_EXT_CTRLS(r5, 0xc0205648, &(0x7f0000000080)={0x0, 0x7, 0x0, 0xffffffffffffffff}) r7 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/pfkey\x00', 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x552, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, r7}, 0x78) r8 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/pfkey\x00', 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x552, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, r8}, 0x78) ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r8, 0xc00c642e, &(0x7f0000000300)={0x0, 0x40000}) getsockopt$inet_sctp6_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f00000027c0)={0x0, 0x1f, 0x2eb, 0x1}, &(0x7f0000002800)=0x10) sendmsg$inet_sctp(r8, &(0x7f00000028c0)={&(0x7f0000000380)=@in={0x2, 0x4e22, @loopback}, 0x10, &(0x7f0000002740)=[{&(0x7f00000003c0)="537b3dd16c6e12739144cc36171daee6486c9bde1a0b55cf06211757210d5ee47a867c2584f3cfb7d979e4ed74", 0x2d}, {&(0x7f0000002440)="25e49eec2c7c3ed9a61c6f4a71c7dc65898113092d278a347159f5ba44bb18230b8e46ebc2b2d787f8847ce94abcfbc45bd270d255e31b1e71725f4f0f6a7a2c8867df40e8f7bb38c122708a451137b665693f4ad99c40b8c4e113c5ab204e86e2f5cf6b5f632ad4cb723fd810bffe78ce5d4bbd5711cf6e908f9f0f48bd39027f37d73522cb4171e5b1cb10dd7028d5ba029e8daf6a48fcd5245e63365e6d61745e6db8a35c78017d5be1d074e80ce35c0edd11abb3b8627ee9412db5d58427ad1cf2f4725a24", 0xc7}, {&(0x7f0000002540)="1b94dfc126434ee5e60519dfcde353379ad9afe5c25a575d4206dedf1fa75fd8c6d5d04bf738810920ebffe74ae9b4f10fd3df59bdfec87c28a71433042a3b940b56bdd1e64cc3a8747b9bc6fd8893e4578f021814496011bad3398ae2f3d44a11f90a471bc255a46013834c86221432eff75e691f9c5095c15669a48966fafc7b606ee9400f05a4dde84fdf88853f14b9a6a1a60338c0b8b9662a10", 0x9c}, {&(0x7f0000002600)="8d2c3d1a18d62018ebd60f784d9cc91114e50e8576a78291937e3e28f6eaf033c7d9cd76dedbd6b9a43cfaeb21cd696085208223d7af1642a9f607f5490f83b3b580bdce4ecbca2f4f79120d2f002b8b73f9db4edbcade7697d15461f51e500d171f2071b9cb3727c0f2c8ea27cb405e64a045a70ac39967927d29548b193e473807b4324e5cbf8fce2def76021308711300b90b21ff68", 0x97}, {&(0x7f00000026c0)="f21333612764ad4cd912a57de752677ca318c59a762ca5c87df4c88506330ff59d7216a2ba2e6645c7a01a4568c59de227414bfd7438a0812916b92e632ef1837b1ed81b8c432c891005bd4e9923cdbb464a385b63e0dfeaef4b52b0", 0x5c}], 0x5, &(0x7f0000002840)=[@sndinfo={0x20, 0x84, 0x2, {0x2c1c, 0xf, 0xb06, 0x80, r10}}, @dstaddrv6={0x20, 0x84, 0x8, @ipv4={[], [], @rand_addr=0x7}}, @dstaddrv4={0x18, 0x84, 0x7, @multicast2}], 0x58, 0x40}, 0x4004) ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r7, 0xc00c642e, &(0x7f0000000340)={r9, 0x80000, r6}) r11 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/pfkey\x00', 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x552, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, r11}, 0x78) r12 = bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000200), 0xc) r13 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_S_EXT_CTRLS(r13, 0xc0205648, &(0x7f0000000080)={0x0, 0x7}) epoll_create(0x81) r14 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/pfkey\x00', 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x552, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, r14}, 0x78) io_submit(r4, 0x4, &(0x7f00000002c0)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x6, r5, &(0x7f0000000040)="a06c25cd02120c7832018928e6eab1728e4a3290064c5ad8681a3b7aceb08a002e1bac2d2ae5941b493bae5cf03e48f78148c5a4973d7c6ee5853978590723472a59b88b215a139e048bfe5a4424628ce4c32de1f9cddf084b46df479e", 0x5d, 0x6, 0x0, 0x0, r0}, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x2, 0x9, r2, &(0x7f0000000100)="4ca43fe73c8b0b293abae8e03b42518965d5f5a14b67bdc7cb69c730bcafc3d088496df4b2ea121a332acfbee56e8e639266efdac84586f8c92f6ab1895d50c7f61596f347be897b6723bd6ab46ba252", 0x50, 0x3ff, 0x0, 0x0, r11}, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x8, 0x7bf5, r12, &(0x7f0000000440)="a59cb9503ab688f5e9c3d1d788b30d78dbd166fb4f0de04a2db7e6a1102e1460eb3fe9070a426844e589199463c293ec37a488a7714ffdc12e61ba9ed440b5b3348bf58e1e98c884200e37ccfa0f61edbf207875da1b0160bf5ff3bb84c7a884fbbb7bf32717bc7c39988a40fba9eb12a0274d832131577036bbf7cd3a80ccfa1409fc89268043804a51ffdca0a752ff745f191e132e16861e355559a59c2411f9d7ce1dfe64823af82894e8cda9e807a085994bd3cd7c9a0f48f9275b88e83f8fb7e61b4a1e5c98c52931cb2ae17efc9496f5500ce68f499be0e46281a6b65bce8ebcf58d1ec07e608891b551b6abd3632db091933dbb251ba0945a5758ba85ef2afd5087ca40c3538cd3f26a3728e0e7a8bc15aef289fbc0ef320cff351cf33d3b988cabfee10a91d559eb63685316b5817c986e941223a01cfe8ec3e106e34534db08677f86903babf34698439d2853aa5619ade84a24184e2d8df26c87851444c33501e92fb0cd2b1f9fe68a4b30557e5d8e4ba3e72f392298d4a4182d883eb387a235b76509a182e159618877539128457efc9f5aaf9e9d035314124e776bb0717a34a1f1e4e7f0cde54bb8efb89390bf8bd46be0591ea196f051fa98c513ef88b20541d8c1e14711e2d769324963ea336bf8298f3741bd7fd16f399235ed02c6c78425b9a0d19495065328654b6d12e7c2a5129f06f63ff091e82814484a028e153d4e7c0fb3af32a0aaff3dc5db8bd9abc1c1c37828af0f3e38e3ffdd40318f47dbb1bb50b17e686aa045291fb0fb344b687ebf3420ec0cf7533e9422f2333d266a70cf3ec23803741b344c3afe8c8d75fa80b9363e8f948d0d443642c50cfa91cf35dd33e7ea26b640ffe463577b401243e1335c67b4cc2fcdfbeb376f3e8668d1b3e7cdb953b7fb973704642dc65bf9f13278936b5b20b69a173babdf86b76317c5247abdd56afe6376ff0d98e3264b963501b043dbab52acf33dea730e83e6a390e719f1a8e1929a3c0d39ec6072a9e45cb20f7dd9144c62a364465360735aec3ba9d989409a1f79c13807940720d9f69babd7d527ee3aa278395e233c2fe527284d972e8b28be3bd02fb5cde44d61e3bae98b57add78e29933fcc7cc1a723c91d5a88a1597a3a20b6e0937336829b2e6afa563095e1ea1057a0f7ae6cf0c26a29fd20bcb2a25eaeff12f74fa2c5d1632696eadf56935bcdd6ba3c64fbdc14403b440dc21181ffc535241deb8122a98358319e221af725ec5cf2219fef07ec1125ebc531c09f30982111a0b8ecd6f4fce3d688e9b8e17bdc9d1b499909cec27977c3b33f5ea1b8f9373f8e5536a0644c61e93dc9eb625c6aeafb14515b192735c5e5cfdb637a92ddf7239269d19dcf898ac0213b8a7d85aac7c54bed7403a7614a6553915e3276d4daf7f66e98de70fa46eb47778d93af31c739a4b80682547ae77f93c8a30c39f39231cdeee2c8035107816b38c47c79b8d49543a4559652a3bc7ccad3698faef75bdda3b7b02c9f4c58559b45212be973b3ebce963afe06c0e80bccebc69c351275a20e0a952f96d40a2ff360ad448a86c3485cf9deb80320e0364a9a11f63d5a0a9c95c83da69ed603b36cbcd250b9e3c413644f7ac9fd5a3fa9e21c8a84986b157ca31cd43b706ad15a0cb23eb8f36f2c4303d4f6124165cb2299c1ec2cfdaf29d719d6267fc84333ad0143d4ecaffd2f79049b50c770992a94d128efa2a25b4e4e528f926e5d0869214c84a893488dc82e93d1ef396e8271577a74f28514bdae2cf212486df4dad9ddd1afb115cd8d1086d67d25fcf5351ec1a91ce18bf62531d4d188de5218897c98c36e73f6b92d317da4db72c86b94382072141a5716b6c60d82a316ff7baf55ccf9a4e7b5f2515ca231032a0a18dbf532dfdce040a4abacba80d5b613f4a16cc0e0f4d9013fad4cd4c54a397b57be21a15d7f896b7f5bb578164047409cbe096c8ef7719f20d19ad719576f606fbb318b55c6370c7070c358869bd215f7685495da78fe7595ef0b0d2a100d96a69968f216be559c67f3812493a69ac77668fbb601ef5448f9d46a663c14b33bbf0488407013c5d3b1e5214d6585bef94bc9cbc8b7eb20158eff4e70ee42977e8082f42e530d24d82b699e69e780a7e4365259f94132556d62b2d9f8c5fce00be66c9d8d1d2f516a0e04cc9edb0c1d8a48561f5c8a947e3df5e12045262ca20587de6f4c7326e806d3b051c4e676794152f6545a5cfc92a001de7b12fbf7a7be60c515a95d58d75d8acd485310c9e29b045fc63ca96c708f726ce4517286570b8edc21ff88840012f4d1de1ac3a8133dcc5e3f8dda22fb022453f1f91c6cd79ae4583ad43ff78720977baf3d8ec9830facc811cdd176f2217f245c91eec199d9d6e0732180a01533880b911918c040a46bb0c85b53c302df232a3bde1e715f9de7579e455013e692a30470ff2e79ba5111c2b7f5fd42637fb675f8859ddf4ebc538a72ade54270b880a47bf18dc27d07e951dc00e091c6174858aca23edd92e9490174f2bb2e5e531d8b8af2cfec7ba94f191a9fd0f11b00673e7ed13a2bd48e2373ebf0857a362199443073d5b89a000ef0ffbcd01cb930939cdfe495d6b0e7c4c34ecece4f82a65db00b6e2443649c983aa3e6580f6da4ea9a531fd036c6d7d023216f598bf766b4a341b5da51d870950a74e46efc7aba40264f83f535717fd2057fb2a2f47912b8eb61749c336b524a3924337826ad7a72f41de041b9d49ceaa2fbf1a9b2b697cc2bdedd66a5d48e7b43a0541559a154e1d5df5764513c97638d5126dadc2f823bd9a2511e65b2fb5bf1c32c3dc2b306633ddb89569eda2a0d424e0cbb344ed3ef79ce7f206ff54624a81f4c26e3b705a78bb1a6029a5924a05144f3bf352d2d0bc97d4049d9a5095145b776e20f76582787f1c60782273aadd75a8ab296c4cde5888ce356f8251f57ef3ba2dca58fc520e7b41eb56c371b83031f52c9f4f5e59a3206c6653dbae63a1ebd8f0024bde45936a8d16a054f4b0835c8c015a97a7ca9b7392f2cedc10f2ef080ab04d7c8ed48d5e967e27c56604e0457e80a57024e6a91ea35f96f76c3752660dcaf34947bf034fd5d6b44f1cc185fe2828c4f843747bb472eaa2354d9fcb1dea45d19412903b17c5163beb1626b9c4329d8166c9626c0efa3ff788f09f6a31b2c48d6de53d62cd2bfbef600965396c50324c5e34b82127b6a53daad87f31f0f2083ae55cef84c0abd40ba48cb2697caa0ec3b163f1039a5c966423fc5d469ad97b7c215505747a89bb1a8768d61ef8b0889c9a11a5d98872040c2d338fc64cc57cd15157a43dd0e29c3a5b478a9c99c20e44c5d0f699bd941e13374206c6004ffe48f0c3d3e47d545a4f72604e7af1179be5f78da70e32977bde5ae9f6523d499b131a9e1ba2788735a007be5821ae105263bf962317849bf207d7c65504ec02704c48895ea4a767f0ba9563b87c4f52e2b32dbf22bfba221a1d0e08a06bb453b91f9f46fd29ada176570fb25fc1d2037305580f6cd446656a23c2e466ddf80b12552d0acbc7543e5d870f7610f7555bd20c2e8973e38a06ff329494acf78ca3d29d13f553fa0f3bd2427779729ee10b9d23a4522f9d62971631448c40fc7ecdff98e90f815f0900a1ba2daa252268f8873e645502af999c70164a3d27e241cc8cb3dcf05573921debe1aece07b4b71888b1be904f4115c2f99b8ebd921c916c3049c51059b1a41dcdc3a581572b053c33512bc1707bb871e1e490177499f25f38835b89f6262aa31fae5205c76bfad872f76fe8e6a470bdf6c801fd3d4bebdbdabb500194ae696ff2c589800686fa08a1bfaaa22c8f111dbbcc69090594554f552e9173429d4cd0d27f01be9c0ce7c5be40b769d260bca0605267f2a157dc9240ff942c8cbb6ac49d3f99c7c4ac4c88b0827a03b3ea6ab3d544f346d886f5105f1b53ed9cc3c950bb3e5f561a9b2fa568dae09871087cf9de17900744808936dd3146348d376288d301477b36052f0c4f66624b6b804939082abacd0456d52d85e523a1b7dfcb957bd01faf6694327408dae885218d3a375b96ba1e0ff8b6bf536e1e9e151ffcf9ceae2841271eb6903ff1bdc623e40e4a81e1b002c7e1f480b864b62135eaf5738c695d76267d4a8afbc2a4f1538ea82eaf3cd1e1dc143167b9c44f1416c7970ce8421f8c99d71dfa10908c469b424287833a07905606c6f85192837e8699d37b5d3e3ca773f6abe1254cac38718534c8af2d58f800c95682e8d8eed31c4af7f2406810b0245f682ef60085b74411576cdc6505eedca0bebcd5090bd8b85b426b7e7aa8abc327d9d7d38cda76ad56e5e36db936ffc1defed8c50821ddb22ea9f340ddd9efd92693fc3c2530a308d3acdcaca5e5ae493e0031516c613e02cfce96b017a0dbb459b2b739b47ea79531d6bac80064cca6f33815111cd03c8f30b90c89c3103cbce0f443e2f7c04e3b87b7132b132a693d95dcb63919013f152ce4a004bf8be52520ea7bbf2cb9b8c0df876589d69675587849d74ec8c30a74e5ac84105e0ae996832cca2968649e553c8a90a8670fb1a93b334e33d5b0d5f84f60004b28bb6ebb5b430a597d63f3ea4f0bb55ffd55b1417655e47470c6a26e9c384477012310640ba1c97a48c1d5878cf8eeca42655dfc002b42da56021a55bd814a2255f50c75d6b9507c7fab3857d978fe37d783be3018672f0664f02d03fa27b8527f77c2fcb994bd297c61f44e6ecf0a55b8d08b47a5b8e4fbc051cd6e73983a1c467dba5a95c6c0c3db7025187d73a3dbb36e7952a97a11d28da20b6b5e9291e917668f67c69890f001a54134fc2a871419da54cd3617d175292c5d85ae008a14728e606e5c921c1cab646cbf5e55fcdabf7c803c0a5e6050e2ce61889c64f345a9760d099afc42b2275df487af2cf81ada7c0ae25d427038480679ae5226593ec0a826c05fdb734fe1abd4ba0699e1e20b2b7340afebfb6f0faea9eeefb2981ead637c3e9c0141a729722a3106cad78148e30f24a5735b8db96cd89d1e99e130d9deff2509fa4be3669c9d6c9835047439e64b033cdf0af2fffe31c22b44c62c648f07b4ec099c7bb2ad61b238c2d6e5ab77889c433c7d86085f7e4f46611f727678f4dabfd4bee5717795deb5d064af12254a5b0952abc9dfb438805ad8f22e845f21912c815d9eacf44f525131f04b2007385e66af5da911ef676feeff7b64fe09a37b612243f6b5cc3521228abd3ffa10d7ae7e8df3888dd9673c8de516047b9b30e9eec18824df8a53a36f473d03ba761cf041a00d5f8263dd2540bba6bb2b1728fbd6a12567f89641f15565516c6939d5ccad06049c4120b101aeb69e917df050a42b1b9b1818c87f8966454c6ea522cbf47863401a7a23e70fdd9adb358c328982517f9cb3e247b20527bf3248409b783a68583e11944c94ecdca8803d2f9891a64637287866f3d870dde094c37225c07e0ac08e1d42550c0dea8d39d818cbeb843e0cb6b647ddd6fb48352b51d7c46504f602bf04e79bdd536ff002ba942e9b211469cf1b65080c01f95900d9a2329f4a085b97b29eda08498a19846fc2f303f1e313c8da0b162dd62ef945343579415934562e1458833aa8c96c96f3adb47b6d654f51cf08a2f1e4b021c0c972f4edda64009405c6dae5b235f120446a39dde388d2a00f04d3a8c95fc7dfb0958fe45f03a8265e94461be001ef79c3fac9a8225ec922bff0bde00f57ab815e1e0e2c6af29b7c7de68a510bee699af5d", 0x1000, 0x2, 0x0, 0x2}, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x7, 0x8, r13, &(0x7f0000001440)="197b7f38586ad1b339b22f90d1765b58f82eef8922ca4219ed9b3e9ab9ea4d890c892dabe6c9bfe9bf4228132b5af73ab7a5840d4fbce85bc5b21b0c113798c83d6fd074253be42de4d847f5defca3834faf6dc74ae8a9bc1ec0446d275fa7e6e1af40a190a6c2b82c6e3e1faf4986a80c74b330ec8eb9c4efb306a502041b155c163db5cb6f27726b0aeba1e15e7d356ea3e67a9f79e32f4f47c67f3f74551c5352d75bb3aaabe57d38f6afee05e8d6f30e48150b66b1c5326d9ffeb15f6642408fa74ff8f1d594bf490009097ebf4244c4dc738eec0b3e115aa85d86ba8d57f5796bd40345387c39b3e26ffc3c554a5e1b5f5ccd33b55bb5cc5a20019c13bfe8372ce58188d548eed3481e89247ecad7884d40b045240a72a4c9dfcdf507f88658402a6a18a5e887bf06b12b653641e0fb86fc98ff8085bd7f2ef61faa2400ea2561b92a47de4d72e6ee3c19768c40dbe98f96b5802739374f5c418cf99a07486d7115489364238df10f7960c6abf87670e1f8889551e559dcec912cf9023acba7ac3bf1438fc0a6cac2b75226f67c5656e6b08a252b98659fc1b62de8d6ed0954034cfb5b7dddfe1e1acb6e02d11524900176b7e20955d80d55f540a67fa0528c49fe62f05119d992635ff37f78c5eda40ca94682160c6721e64feb86b6ac22e05d59613b66b51978c6980a5157f3292da49a241165f9aa9e510fa5898e5a01912d443239abd9a73da9f2d757095ac435905ad28faa7811aeadb81224dfe921abdc7e8d70cd16f8ce67dc373a016caec198d353a5ab8d87ad51fdeaa593a4d68104d954a9d05378fddc9b175f308f0b4652b7419f4095bfa9251793e1e1a6bb5a21e801873460ec66e02db7e852923537f793df8aac51bfcc8cc963ae4fb781a41bc8c2477f102882f017ec2334b9df4fb5fbf7d99e5473c1d6d4eeeaef33ec27ca0cec6e530f71ac95a0b2d16c269c761b4d34a5179b9d428b422b16e8b2c46432921d7a9a36c4172c043ec64e8b1505bc358c1cb541cce03866640e94d4db2b59d7196df5811753c3c7ad69bb244f095afcd3446ab5fce0f8050d5f6eab4501895744d0f6e232a14d40148d6082694aa639abe3fedd46473c5b523e9a4aea6c84894ba72369c212b8b636d26723adfe1f6a6b99aede70a02cee97c491f6e61a969b198b22e541691d4e3a3ff0f2c036ded10c0905851fd21ede372b1f19c6382cd44016e82f6907c8af3b12abb82e099bd12d2591a704b646ad23bfe0d9eb766161ac85733411c67eb72f9aef2fb307a1b3c742cd3c8f57780fc110241fdf4008df42d626113b62fef04a7b2acb1d7cbd808d13a88a5ecdee21994cd8b4940d8c63e198c9a58dadbbeb08d60f5f22a55dba286e60f412b0a859fd40011a32c141ad781cdc5b0b8f978b8c5a8beb2ac2dce3fd44065a21d809f1af8456c57953555657502269d317ab6708de74933b477841394d26cff087968de7932eb20eb248082afcfdd870a9a72fdaca0488eef615ca0b62b38b8ba861a43ced7f8a030a5780a6d24ec75737393640eeb8bb248ab4bbac7f85cd839379c2d7c89af283ee7b100bb7e3adc2c9c5f6364186e34e5792fe63ea8ffade16c0dbd41afbcd640b872942fb3b8a756c927de7242b8f9a834ab4075713fae163c4685dc23ec6b1b7e0f55d9795463a6cf28f6ff29f306531f74a7f836ce5bb617991d12b21e6263e64be08c17495f13efba609ecdf0eeb8ca06bee8eea887119771e9a578e90033d6e1f02a77e887603c7947d32fae06ae8bc39861770501de26386757c8e7812f5cfc85250547707b678bcc21caaf23b95a18afb6febc0ab5f59d67ef19039f76ed995bcd384eae61d8bd454361f43b8cbe7d524df3ec9b8a8100c3e6f9fdfb347cd2f3801e4cbde4e6f0f0df812cf935e062bc511874ba8503d4696ae99fdbcaee1f98ba262b76fd1d48d4f384b033c292726f409942af5fe241734d08c7050d3e0dda58754510c96cdf7ad3b3ea8cb8475f3c2f0daac2ba25a2a42791b11a9311f643f2a3c5463feb1fea84db4fefc8f89edff631cb518584a2aba8e0b66689205386068b3d5ed8310b4a47de44fefc21092e49969794b38ec1e65eac5cb854cee4df161c2fc4ef0d0a6b889874298a4f13562d0e40de0ef1289a5a251d92173c7ff10ad29abb21bd2ad01a047abf4d0765cdbfbdbb345f5d812099bd03effc8f98223c515796e674b62ad8d50b2de552801031cc8969a8f77891556505205fa7860f2013b49594f339c66c95ac9a28f2bcb733e5b05a3e83f1f9363be8b22e9b55e7be87a5b6353b845240b41d54535f01a47b172533e055fbb217eeb5ab585315123f1e104d49d2efee238587a66659eec3f5913e0f96d3b0ae42cc541b323041cc511b832e464d99a19fa35409b5eeccce3c5f7c0e8dcc089c7424037ec77a094a4e310df7edd4f806c40725abdfa906922ef6291ecad5ee4ce9f4a495a77eb528e2024dfe5deb5d343907a604fd001f5a4045ca45f13582e69f74f39f979994fcdf8161f79d27e817b45d2b70a19bd47837c92e40c2bada4d922866de9598f7e1e5090cdf2409ce2fee9aabccba034e7100d4d8792e586e5ba3c1e53f04d752ba982a53f996224f5bb0f36bb3ac134ff786251582cbcd5a918f5416dbf71587e1cc7b663bc1ca4023b3e55fa20c374b1ce67a825babc2a3637b54439431ecaaceecb9b5870cadab4f241c2a4259d5b553061ba9aade4a96c6e81180cc13495d7ed2424f22f697d4803f6fb59a0b94eca2d4d5d608221aa6f49b3f8f1ef7d57776e467c6692bc6a10c112457c60149d949e390d06dea2f58351f8b1c22e9dd836f177406e28baa40c200c4816cdd06bae4368cd4f813f09f84d5fa223916f344120e159bfa31111007c1df64bc9836699b2eaad2f78c4fd391087ab3b490f511daf365280671de05221be72762ffaec731887c9dc05de5f01cdc3b43009b9ed2548d3099c77638c3f6e417eb6f7e283d7fb8d8f852eacebca970de8582e02c144ada10e0474fe6ad64960a0363e35ce3479f87afc59942ead9e0c7d55c219459776e3e0168d051fd7c48768238f6c20cec8b76136e8e854f00a4293c79e9efd4d576cab13e9e1801036c94bbb9cedff08164929c8da6f8810acc1821e435618cab2a7a8c0b43a67cf7a8b883d27df979e29e199bb6cf2788c8fac6cfb019265c185803ee1a30ca1d7bcaa721728cc8a188f04583adc64c48939e64efb39d2ed31c0fc9ab1b35ada22f382a03e827d3b180617a2419c639ad943bc55e3c269180a7cc3c92b0cc745697a83e26836d978740d12c83e2dc602aef16c08cded1b4d7a943c66aebbbbb2a392472304010aae9229a47769afd091f536be7b782f913250d011ad0958ad2e670f6ac4f372eb4944c040861b2f22a343f9d0cd8a8fcdb4ec8409c56d3cf5772d9749c848f5f60156a5c46a72fb13ead914e2db58700497c9506ef6fb980ddd10ff41fecd88d29e76b0a8c4d7d0bf8a990577360a2df46b1cd0ccace6e57f72c44f02bba3e1b707e6315bcd637dde719e84bec4cc5cf18b8669c53a0a8547a66acd515092985ce89623401aebc54c780f58d5b6344bbda3773cb4f687a359acc87f343fefb5889d1a7e1d5d1dd35dca23d5eb748fbbd9f5aa5e827e35fe07745ceb8838b6f760feb64489caa7ce024b97612b4510060f106aec4d81f0f9d2d222bb3a82d69d59ca91e2618be8eec4b4ff02346bb573354bce7483641a7ac1d10d132d0944fc962be43a7d4125ce55e73eefbba60d03c309f97a12c0ed381074c4026b46fd847b41cc744de6cb4b9cf644f14b7ad201e31b4a2aaf60e2d68852591b9399d33bf3dc9357e0f424a884d7741de8992ccf4a174b18beac39d63a96d4f9a5ad7540fb28e4144bc8057a142d11d0cc577dbd274e7dc911715a689cb63626ece253387cbf543dcbfb22f2d937b1ad6019ef3096aa3f02ce5404cc465caed8a49052224bc6b9c1667dd0f72b6a598902538345cd534fc227de11583b2d44ae5e299b6e52771f8bf73deb277693040958833a485d228437826b6db46fda0841d4436edd91279f6e44885e54bd5b0c080a36bca88b8a8a8d7d133f43c8e6a781a372ed32ae4e51e617c5017e149a14c96910ccae14a1a7a804a94dec14be61c2d124dce77c38160c4351edb43abf66300a383419d2f6d508dbfca187fd3f888b14507bdcb07545efa21810b2677d8917960cc9646d44aca504ea4cd1d6ece7dfe1dc0c18198ed78b9ed9dc5b797e8fa4c72f3d42f4e7adeedab805fbf241c45a99144d73be7ef44134846d6e5376cb1801455258d04510c233c79430cfe937f3ab2ea2c2ce0c5ae7c7a625c357df62260faebd478d6797866d4c624f69f0ba5b44a5353a4db384ab908a5bf0cadab103732a858dfad9e1e4c502c332cee1615659ea1c9730f445c4516d30ba2d7f32ddf8098e2c8008645465cc2bb80185db4148faeb4545a509a7eb9be79d0decbc92f6322dc72858acd3654cc309f370869d021f082daccbe53172ac775037ab208d08e22bebf7e624648d334ac0875c7aa0b3e0d68de363d93794c3ea663bfc42bdf7cac3b1277eeac954bd93d1847590b620db085f90527f2ae629b8a1b815dba385efdfcf221309ea4b8c12edcf3e81fbebc5b4b984c05cfad4a603a1f136320fd56b15308f08a8a4a2165af5c0ac915eb2d4804634649df0b6586f190744071f8dd8fdecd919251894007c605a2bd907d484efb970727be34f73c7767c7ac086b2c2635c89ca7c961cebf3f8a700009de5c763024d4e16ace0e8f49c697f8fc26f491ab2416ff71319553a7616dc58d76e4a2bd9f33ac9cbd136c357235a0fde94cb3fb89895683185fcf322ca529b1abb91a1803e47e3a41150733a9cf77ade203c68664f3002679ce060e72a3fecf4d076bfbc13975568eceb88081c936585d6708961186df1564ad307b34de37ee52fe4fc72ff7965018e553ba86c983ff9c7ed891c0037fb83d43416cc601ad8adc762d75b07381f4c3b39404cac366e8c331fde86af5ac937f7762d01e17ac247605047c5a6d5f84abdb3c9c2724ac3276b7b39ee8ae109a1da02294605ef24e9fb99f1177ab0a4c3f2715cf5dfe9cfa03611c7e4a11d60569b546eb9b841d55a9aff3521da7e0cb11b8959476e721901e2381f33485d114a747518c486a0723af0110be9bf9b57bfb93f199256790268852c92b9418ac1371834862c47ddb65383c9068c6c1d40f8bce1edbdfc7b550e44411e9b5a202ca9a7d483411cfe4dd3c93dd3985b94f553d5cd9a8d675d1de4fe5fa340c478ecba3417a48a8ef7d4ad7fc2b5cf072115dcf1327114a0097574185dab24cbac4dcb4d515e2f19f2354119d01a35e7e5696e2f4c844e7880a8e090f24ecf412c9cad7f85f9c8a926d6226c0aadc2e988915efbe1dc69fd2337b91123016f44909e4c0750854e380300e40273dac941090cf0cb93a4e25ce192a9d9db68132a839bf050045e2c3360e5ba66eacb4ba5fd1735fc9ff660f0ea50aac5b02fc52a8322afc8767f1af300d1cbd5637e5497e54ec7a2e38e20098ec0ff13eefee502e4b4ecc0369f73bd2f80d7ed75e5022bbd6d10abdfab03a708636815e6268f57e9b35de3afda95bdfc193bd6a8436cea70cd0c919b71ecc1abc0bd1de4ef140853a80fa91043b169c0348b2f2939967b8e43bef0f86fc7e59dd56879bf7a4d656f539bd9e5543b663b233106b9deea6caf515e1cc18cfb2693d1567e8137", 0x1000, 0x80000000, 0x0, 0x1, r14}]) [ 1341.180845][ T27] kauditd_printk_skb: 2 callbacks suppressed [ 1341.180864][ T27] audit: type=1800 audit(1577520956.901:887): pid=21325 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="file0" dev="loop1" ino=594 res=0 [ 1341.267000][ T27] audit: type=1804 audit(1577520956.961:888): pid=21336 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir643497950/syzkaller.E8iwYA/269/file0/file0" dev="loop1" ino=594 res=1 [ 1341.300505][ T27] audit: type=1800 audit(1577520956.981:889): pid=21323 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.2" name="file0" dev="sda1" ino=16516 res=0 08:15:57 executing program 3: mkdir(&(0x7f0000000080)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000300)='./file0\x00', &(0x7f0000000200)='configfs\x00', 0x0, 0x0) mount$overlay(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f00000000c0)='overlay\x00', 0x0, &(0x7f0000000240)=ANY=[@ANYBLOB='lowerdir=.:file0']) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000340)={&(0x7f00000002c0)='./file0\x00'}, 0x10) [ 1341.444138][ T27] audit: type=1804 audit(1577520957.001:890): pid=21323 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir048680357/syzkaller.hecpVM/330/file0" dev="sda1" ino=16516 res=1 08:15:57 executing program 3: r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000440)=[{&(0x7f0000000200)="d800000018008100e00f80ecdb4cb904021d65ef0b007c06e87c55a1bc000700b8000699030007000500154002008178a800160007000100e5581100000400000000006f94007134cf6efb8000a007a290457f0189b316277ce06bbace8017cbec4c2ee5a7cef4090000001fb791643a5ee48100000000000000d9d322fe04000000730d16a4683e4f6d0200003f5aeb4edbb57a5025ccca9e00360db798262f3d08fad95667e04adcdf634c1f215ce3bb53b409d5e1ca4e81ed0b7fece0b42a9ecbee5de6ccd40dd6e4edef3d93452a92307f27260e9703", 0xd8}], 0x1}, 0x0) 08:15:57 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x196, 0x0, 0x0, 0x0) r3 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_S_EXT_CTRLS(r3, 0xc0205648, &(0x7f0000000080)={0x0, 0x7}) r4 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dlm_plock\x00', 0x208000, 0x0) r5 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_S_EXT_CTRLS(r5, 0xc0205648, &(0x7f0000000080)={0x0, 0x7}) r6 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_S_EXT_CTRLS(r6, 0xc0205648, &(0x7f0000000080)={0x0, 0x7}) r7 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_S_EXT_CTRLS(r7, 0xc0205648, &(0x7f0000000080)={0x0, 0x7}) r8 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_S_EXT_CTRLS(r8, 0xc0205648, &(0x7f0000000080)={0x0, 0x7}) r9 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_S_EXT_CTRLS(r9, 0xc0205648, &(0x7f0000000080)={0x0, 0x7}) r10 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_S_EXT_CTRLS(r10, 0xc0205648, &(0x7f0000000080)={0x0, 0x7}) r11 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_S_EXT_CTRLS(r11, 0xc0205648, &(0x7f0000000080)={0x0, 0x7}) r12 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_S_EXT_CTRLS(r12, 0xc0205648, &(0x7f0000000080)={0x0, 0x7}) ioctl$KVM_GET_XCRS(r4, 0x8188aea6, &(0x7f00000001c0)=ANY=[@ANYRES32=r7, @ANYRESOCT, @ANYRES64, @ANYRESHEX, @ANYRESDEC=0x0, @ANYPTR64=&(0x7f0000000540)=ANY=[@ANYRESHEX, @ANYRESDEC=r8, @ANYRES64, @ANYPTR64=&(0x7f00000003c0)=ANY=[@ANYRES32=r9], @ANYRES16=r12, @ANYRESOCT, @ANYRESOCT=r11], @ANYBLOB="94494c8ae383b6fd7c1ea04f1be1a6558bda9c3a9824fe66e8d56dbbad05bb193f4235ec21954b3a52cf22e57f136517e87ad9af729b97b9511f21c198974fbe4785f0e30d0f61261263f6d56113035cb662d1dbe0bc5b34b6c883ebdbe27dc45b85e1f4624f62f16e4488e6f6e712580993e02edaaf7bea2c9275e02e64cc2a551ff83e41349bb0b198fc736e22", @ANYPTR64, @ANYRES16, @ANYRES64=0x0]) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 1341.609121][ T27] audit: type=1804 audit(1577520957.031:891): pid=21336 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir643497950/syzkaller.E8iwYA/269/file0/file0" dev="loop1" ino=594 res=1 [ 1341.659416][T21352] netlink: 'syz-executor.3': attribute type 7 has an invalid length. 08:15:57 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$SEG6(&(0x7f0000001480)='SEG6\x00') sendmsg$SEG6_CMD_SET_TUNSRC(r0, &(0x7f0000001580)={0x0, 0x0, &(0x7f0000001540)={&(0x7f0000000080)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="25010000000000000000030000001416ea6af0fc1ee9fa0000000000ff1873f25b9ac8e09cf5166cf58d03e73e615e5e5c255a2919efb9c10746913f8265c53385978722bc72d71a1a81ab7b71a2fb82d44841b0e502f3d59d1381a9558908949bb2ef3b7d7220af2c5128e9ce9a6806f16258aff88ca7f2ee813b7fa617381533a97e99e8cf327b61951620a74c1122519e6da0188844aa0fcb5abab1cca87c4f3d0a5b1a42f8b20aa760465baf333ac6aad1081025f3c4a4870a9317b56a851e80c7129321c0b1c7ddc273109feace156d31d6ad65c82dbf9a5ac6acd10d541c297240da43bfcff7ddc230cfa6882807e2e094690a58d22f27639600"/265], 0x28}}, 0x0) [ 1341.770090][ T27] audit: type=1804 audit(1577520957.081:892): pid=21334 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir048680357/syzkaller.hecpVM/330/file0" dev="sda1" ino=16516 res=1 [ 1341.812109][T21357] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.3'. [ 1341.869332][T21360] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.3'. [ 1341.967731][ T27] audit: type=1804 audit(1577520957.701:893): pid=21336 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir643497950/syzkaller.E8iwYA/269/file0/file0" dev="loop1" ino=594 res=1 08:15:57 executing program 3: r0 = socket$inet6(0xa, 0x80003, 0x6b) ioctl(r0, 0x1000008912, &(0x7f0000000080)="0805b5055e0bcfe8474071") r1 = socket$can_raw(0x1d, 0x3, 0x1) getsockopt$CAN_RAW_RECV_OWN_MSGS(r1, 0x65, 0x5, &(0x7f0000000100), &(0x7f0000000240)=0x4) [ 1342.054748][ T27] audit: type=1804 audit(1577520957.731:894): pid=21341 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir643497950/syzkaller.E8iwYA/269/file0/file0" dev="loop1" ino=594 res=1 08:15:57 executing program 2: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000200)='./file0\x00', 0xa0100, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x552, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78) mount$bpf(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000180)='bpf\x00', 0x40, &(0x7f0000000300)={[{@mode={'mode', 0x3d, 0x6}}, {@mode={'mode', 0x3d, 0x8}}, {@mode={'mode'}}, {@mode={'mode', 0x3d, 0x5a2}}, {@mode={'mode', 0x3d, 0xfffffffffffff0b3}}, {@mode={'mode', 0x3d, 0x69}}], [{@seclabel='seclabel'}]}) setsockopt$inet_mreqsrc(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) r1 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/dlm_plock\x00', 0x44d76661a729da99, 0x0) ioctl$SOUND_MIXER_READ_CAPS(r1, 0x80044dfc, &(0x7f0000000240)) sync() fchdir(r0) r2 = open(&(0x7f0000000100)='./file0\x00', 0x40c2, 0x40) r3 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) write(r2, &(0x7f0000000600)="34fd98aa1d0e7adec937a5f331a75f487934f50242a0751944936972896c29a5068c8ecba1aa0a4e2a631b5180e1fbde79f4502dc4c4a1fba9dcd9ed83e639aefa1b87631c33d1a82cb0c0035676ddfeb0fe7984d7519b0f839d497fc9d64ef14d1de22220ff2623df4950134b9fb734a52adad95f131cce3672a9d7d7b400d2c62810b5f20351639330948107bf8d4534a03ac389455c54d8eb4d609b3e858b7213b38eb01f0eeaba3739ae927916e28da6a79a3fd5e32d30ab30bf959d4596e5ffbff6789a650b9e7d248d1ba849012336a4f3ef8fab07a8f5b81bb0bc45b2174538315ca12b7c723b2157562564a8a1f19d28179f8c565448e0e921b8c3e6fc4adaafa8b929ad077f633325b6a6f71a586cabc4883e03e19315f946b277858593a7367e232202fe9ad656c6768a1517da7f0498b48cb078e929fb11db0cc551f754bffc4859dd89a396915cc809b07d448573098409ea21371056f67ef4114ec10547f498d24513fe594308bf022868ad21e85bba811942fdc45161a1a8a7fe00d5c6b05ed7954f631bbd12a5c9a5cfa5965e0595de608b04ebe02b3fcbf3b9f57807a1a7ad8528992e2ec65949da2f4a0478dfd3ae52639c15d8aeaa351da6d393b58c772168fae604d097fef4d6b9360eb169a0b0ee70cdc22435a003e68698f61b3b63b1f51011bc8f4ef944c1de821785f670124a1c6ed18335d63412", 0x200) sendfile(r2, r3, 0x0, 0x7fffffa7) r4 = open(&(0x7f0000000040)='./file0\x00', 0x141042, 0x0) sendfile(r4, r2, 0x0, 0xffffffff) [ 1342.126231][ T27] audit: type=1804 audit(1577520957.731:895): pid=21341 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir643497950/syzkaller.E8iwYA/269/file0/file0" dev="loop1" ino=594 res=1 [ 1342.257371][ T27] audit: type=1800 audit(1577520957.991:896): pid=21372 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.2" name="file0" dev="sda1" ino=16520 res=0 08:16:05 executing program 0: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(r0, 0x40086602, 0x400007) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) bpf$MAP_CREATE(0x0, 0x0, 0x0) write$cgroup_subtree(r1, 0x0, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r1, &(0x7f0000000000)=ANY=[@ANYBLOB], 0xda00) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000080)='cpu.stat\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x7fff}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffc}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) write$cgroup_int(r2, &(0x7f0000000200), 0x43400) ioctl$PERF_EVENT_IOC_MODIFY_ATTRIBUTES(r1, 0x4008240b, &(0x7f0000000280)={0x0, 0x70, 0xff, 0x1, 0x0, 0x3, 0x0, 0x100000000, 0xc17d06253f1d94fb, 0x2, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x8000, 0x4, @perf_config_ext={0x4, 0x1f}, 0x800, 0x8239, 0x7fff, 0x1, 0x1000, 0x9, 0x7}) 08:16:05 executing program 3: r0 = openat$udambuf(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/udmabuf\x00', 0x2) ioctl$UDMABUF_CREATE_LIST(r0, 0x40087543, &(0x7f0000000300)={0x0, 0x1, [{}]}) 08:16:05 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x196, 0x0, 0x0, 0x0) r3 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/pfkey\x00', 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x552, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, r3}, 0x78) ioctl$SCSI_IOCTL_SEND_COMMAND(r3, 0x1, &(0x7f00000001c0)=ANY=[@ANYBLOB="1900000003000000ffffffff7571b92761701bb0af8675c7ce0000000000000000000000006b27ca6a0bb5be570b33cf0d0b7e80c5d727e272f81b6322c105e6b81364c67ab70e2f90f946b522f622a100000000ff5b05089ed30d"]) r4 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/pfkey\x00', 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x552, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, r4}, 0x78) getsockopt$SO_J1939_ERRQUEUE(r4, 0x6b, 0x4, &(0x7f0000000040), &(0x7f0000000080)=0x4) ioctl$KVM_GET_XCRS(0xffffffffffffffff, 0x8188aea6, &(0x7f0000000000)=ANY=[@ANYBLOB="010002d59400000500ade76e876e03c8cc0000"]) ioctl$KVM_RUN(r2, 0xae80, 0x0) 08:16:05 executing program 1: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x552, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78) setsockopt$inet_mreqsrc(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000100)='./file0\x00', 0x40c2, 0x40) r2 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) write(r1, &(0x7f0000000600)="34fd98aa1d0e7adec937a5f331a75f487934f50242a0751944936972896c29a5068c8ecba1aa0a4e2a631b5180e1fbde79f4502dc4c4a1fba9dcd9ed83e639aefa1b87631c33d1a82cb0c0035676ddfeb0fe7984d7519b0f839d497fc9d64ef14d1de22220ff2623df4950134b9fb734a52adad95f131cce3672a9d7d7b400d2c62810b5f20351639330948107bf8d4534a03ac389455c54d8eb4d609b3e858b7213b38eb01f0eeaba3739ae927916e28da6a79a3fd5e32d30ab30bf959d4596e5ffbff6789a650b9e7d248d1ba849012336a4f3ef8fab07a8f5b81bb0bc45b2174538315ca12b7c723b2157562564a8a1f19d28179f8c565448e0e921b8c3e6fc4adaafa8b929ad077f633325b6a6f71a586cabc4883e03e19315f946b277858593a7367e232202fe9ad656c6768a1517da7f0498b48cb078e929fb11db0cc551f754bffc4859dd89a396915cc809b07d448573098409ea21371056f67ef4114ec10547f498d24513fe594308bf022868ad21e85bba811942fdc45161a1a8a7fe00d5c6b05ed7954f631bbd12a5c9a5cfa5965e0595de608b04ebe02b3fcbf3b9f57807a1a7ad8528992e2ec65949da2f4a0478dfd3ae52639c15d8aeaa351da6d393b58c772168fae604d097fef4d6b9360eb169a0b0ee70cdc22435a003e68698f61b3b63b1f51011bc8f4ef944c1de821785f670124a1c6ed18335d63412", 0x200) sendfile(r1, r2, 0x0, 0x7fffffa7) r3 = syz_open_dev$audion(&(0x7f0000000000)='/dev/audio#\x00', 0x10000, 0x20080) r4 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/pfkey\x00', 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x552, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, r4}, 0x78) getsockopt$IP_VS_SO_GET_INFO(r4, 0x0, 0x481, &(0x7f00000001c0), &(0x7f0000000240)=0xc) setsockopt$RDS_FREE_MR(r3, 0x114, 0x3, &(0x7f0000000180)={{0x0, 0x8}, 0x8}, 0x10) r5 = open(&(0x7f0000000040)='./file0\x00', 0x20a02, 0x0) r6 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/pfkey\x00', 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x552, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, r6}, 0x78) ioctl$KVM_SET_MSRS(r6, 0x4008ae89, &(0x7f0000000280)={0x1, 0x0, [{0xaeb, 0x0, 0xd97c}]}) sendfile(r5, r1, 0x0, 0xffffffff) 08:16:05 executing program 2: connect$pppoe(0xffffffffffffffff, 0x0, 0x0) r0 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r0, &(0x7f0000000140)={0x18, 0x0, {0x5, @local, 'bridge0\x00'}}, 0x1e) ioctl$PPPOEIOCSFWD(r0, 0x4008b100, &(0x7f00000001c0)={0x18, 0x0, {0x0, @link_local, 'veth0\x00'}}) 08:16:05 executing program 5: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000000)="6653070000053c07bc3376003639405cb4aed1e68f7d368b3fb62f00000000", 0x1f}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x7e, 0x0) 08:16:05 executing program 2: r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000000)='/dev/cuse\x00', 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) read$FUSE(0xffffffffffffffff, &(0x7f0000000240), 0x2305e2b7) write$FUSE_NOTIFY_INVAL_ENTRY(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="21000000030000000000000000000000000000000000000000400000008f140000"], 0x21) 08:16:05 executing program 2: r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000000)='/dev/cuse\x00', 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) read$FUSE(0xffffffffffffffff, &(0x7f0000000240), 0x2305e2b7) write$FUSE_NOTIFY_INVAL_ENTRY(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="21000000030000000000000000000000000000000000000000400000008f140000"], 0x21) 08:16:05 executing program 3: [ 1349.611279][ T27] kauditd_printk_skb: 2 callbacks suppressed [ 1349.611300][ T27] audit: type=1800 audit(1577520965.341:899): pid=21393 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="file0" dev="loop1" ino=595 res=0 08:16:05 executing program 2: [ 1349.765539][ T27] audit: type=1804 audit(1577520965.391:900): pid=21393 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir643497950/syzkaller.E8iwYA/270/file0/file0" dev="loop1" ino=595 res=1 08:16:05 executing program 4: openat$nullb(0xffffffffffffff9c, &(0x7f0000000040)='/dev/nullb0\x00', 0x0, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x196, 0x0, 0x0, 0x0) ioctl$KVM_GET_XCRS(0xffffffffffffffff, 0x8188aea6, &(0x7f0000000000)=ANY=[@ANYBLOB="010002d59400000500ade76e876e03c8cc0000"]) ioctl$KVM_SET_NR_MMU_PAGES(0xffffffffffffffff, 0xae44, 0x20) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 1349.851732][ T27] audit: type=1804 audit(1577520965.461:901): pid=21409 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir643497950/syzkaller.E8iwYA/270/file0/file0" dev="loop1" ino=595 res=1 08:16:05 executing program 2: [ 1349.920923][ T27] audit: type=1804 audit(1577520965.541:902): pid=21409 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir643497950/syzkaller.E8iwYA/270/file0/file0" dev="loop1" ino=595 res=1 08:16:14 executing program 0: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(r0, 0x40086602, 0x400007) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) bpf$MAP_CREATE(0x0, 0x0, 0x0) write$cgroup_subtree(r1, &(0x7f0000000000)=ANY=[], 0x32600) r2 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x7a05, 0x1700) write$cgroup_subtree(r1, &(0x7f0000000000)=ANY=[@ANYBLOB], 0xda00) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000080)='cpu.stat\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x7fff}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffc}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) write$cgroup_int(r2, &(0x7f0000000200), 0x43400) ioctl$PERF_EVENT_IOC_MODIFY_ATTRIBUTES(r1, 0x4008240b, &(0x7f0000000280)={0x0, 0x70, 0xff, 0x1, 0x0, 0x3, 0x0, 0x100000000, 0xc17d06253f1d94fb, 0x2, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x8000, 0x4, @perf_config_ext={0x4, 0x1f}, 0x800, 0x8239, 0x7fff, 0x1, 0x1000, 0x9, 0x7}) 08:16:14 executing program 3: 08:16:14 executing program 1: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0xfe68}], 0x0, 0x0) r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x552, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78) write$binfmt_script(0xffffffffffffffff, &(0x7f0000000000)={'#! ', './file0', [{0x20, 'vfat\x00'}, {0x20, 'vfat\x00'}], 0xa, "5becec8f5fec4f19920b5f2e0633fbf4d964d1dcb006cb34cebab0"}, 0x32) setsockopt$inet_mreqsrc(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000100)='./file0\x00', 0x40c2, 0x40) r2 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) write(r1, &(0x7f0000000600)="34fd98aa1d0e7adec937a5f331a75f487934f50242a0751944936972896c29a5068c8ecba1aa0a4e2a631b5180e1fbde79f4502dc4c4a1fba9dcd9ed83e639aefa1b87631c33d1a82cb0c0035676ddfeb0fe7984d7519b0f839d497fc9d64ef14d1de22220ff2623df4950134b9fb734a52adad95f131cce3672a9d7d7b400d2c62810b5f20351639330948107bf8d4534a03ac389455c54d8eb4d609b3e858b7213b38eb01f0eeaba3739ae927916e28da6a79a3fd5e32d30ab30bf959d4596e5ffbff6789a650b9e7d248d1ba849012336a4f3ef8fab07a8f5b81bb0bc45b2174538315ca12b7c723b2157562564a8a1f19d28179f8c565448e0e921b8c3e6fc4adaafa8b929ad077f633325b6a6f71a586cabc4883e03e19315f946b277858593a7367e232202fe9ad656c6768a1517da7f0498b48cb078e929fb11db0cc551f754bffc4859dd89a396915cc809b07d448573098409ea21371056f67ef4114ec10547f498d24513fe594308bf022868ad21e85bba811942fdc45161a1a8a7fe00d5c6b05ed7954f631bbd12a5c9a5cfa5965e0595de608b04ebe02b3fcbf3b9f57807a1a7ad8528992e2ec65949da2f4a0478dfd3ae52639c15d8aeaa351da6d393b58c772168fae604d097fef4d6b9360eb169a0b0ee70cdc22435a003e68698f61b3b63b1f51011bc8f4ef944c1de821785f670124a1c6ed18335d63412", 0x200) sendfile(r1, r2, 0x0, 0x7fffffa7) r3 = open(&(0x7f0000000040)='./file0\x00', 0x141042, 0x0) ioctl$KVM_GET_TSC_KHZ(r3, 0xaea3) sendfile(r3, r1, 0x0, 0xffffffff) 08:16:14 executing program 2: 08:16:14 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) openat$zero(0xffffffffffffff9c, &(0x7f0000000040)='/dev/zero\x00', 0x400000, 0x0) r3 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/pfkey\x00', 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x552, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, r3}, 0x78) syz_kvm_setup_cpu$x86(r3, r2, &(0x7f000000c000/0x18000)=nil, 0x0, 0x100000241, 0x40, 0x0, 0xffffffffffffff3a) ioctl$KVM_GET_XCRS(0xffffffffffffffff, 0x8188aea6, &(0x7f0000000000)=ANY=[@ANYBLOB="010002d59400000500ade76e876e03c8cc0000"]) ioctl$KVM_RUN(r2, 0xae80, 0x0) 08:16:14 executing program 5: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000000)="6653070000053c07bc3376003639405cb4aed1e68f7d368b3fb62f00000000", 0x1f}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x300, 0x0) 08:16:14 executing program 3: 08:16:14 executing program 2: mkdir(&(0x7f0000000080)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000300)='./file0\x00', &(0x7f0000000200)='configfs\x00', 0x0, 0x0) utimes(&(0x7f0000000000)='./file0\x00', 0x0) [ 1358.821179][ T27] audit: type=1800 audit(1577520974.551:903): pid=21445 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="file0" dev="loop1" ino=596 res=0 [ 1358.856287][ T27] audit: type=1804 audit(1577520974.581:904): pid=21451 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir643497950/syzkaller.E8iwYA/271/file0/file0" dev="loop1" ino=596 res=1 [ 1358.915308][T21445] FAT-fs (loop1): error, fat_get_cluster: invalid cluster chain (i_pos 17) [ 1358.929883][T21445] FAT-fs (loop1): Filesystem has been set read-only [ 1358.973777][ T27] audit: type=1804 audit(1577520974.641:905): pid=21451 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir643497950/syzkaller.E8iwYA/271/file0/file0" dev="loop1" ino=596 res=1 [ 1359.003420][T21445] FAT-fs (loop1): error, fat_free: invalid cluster chain (i_pos 17) 08:16:14 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x196, 0x0, 0x0, 0x0) ioctl$KVM_GET_XCRS(0xffffffffffffffff, 0x8188aea6, &(0x7f0000000000)=ANY=[@ANYBLOB="010002d59400000500ade76e876e03c8cc0000"]) r3 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/pfkey\x00', 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x552, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, r3}, 0x78) setsockopt$IPT_SO_SET_REPLACE(r3, 0x0, 0x40, &(0x7f0000000440)=@mangle={'mangle\x00', 0x1f, 0x6, 0x630, 0x358, 0x358, 0x98, 0x98, 0x98, 0x598, 0x598, 0x598, 0x598, 0x598, 0x6, &(0x7f0000000040), {[{{@ip={@remote, @empty, 0xffffff00, 0xffffff00, 'syzkaller1\x00', 'nr0\x00', {0xff}, {}, 0x89, 0x3, 0x20}, 0x0, 0x70, 0x98}, @inet=@TOS={0x28, 'TOS\x00', 0x0, {0x9, 0x2}}}, {{@ip={@rand_addr=0x1000, @dev={0xac, 0x14, 0x14, 0x21}, 0xffffff00, 0xffffffff, 'nlmon0\x00', 'bond0\x00', {}, {0x1fe}, 0x0, 0x1, 0x8}, 0x0, 0x70, 0xb0}, @common=@unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "ed2a55a07ca3e307a7912effa4a3a0835d855cdb9446583c021f22584338"}}, {{@uncond, 0x0, 0x1e8, 0x210, 0x0, {}, [@common=@ttl={{0x28, 'ttl\x00'}, {0x4621f1236e80e90f, 0xa9}}, @common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'bond_slave_0\x00', {0x240f386b, 0x7ff, 0x10, 0x8001, 0x9, 0x6, 0x5c6, 0x78, 0x20}}}]}, @unspec=@CHECKSUM={0x28, 'CHECKSUM\x00'}}, {{@ip={@remote, @rand_addr=0x80, 0xffffff00, 0xffffff00, 'gre0\x00', 'bridge_slave_1\x00', {}, {0xff}, 0x1, 0x4, 0x48}, 0x0, 0xc8, 0x128, 0x0, {}, [@common=@addrtype={{0x30, 'addrtype\x00'}, {0x14, 0x8}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}, {0x1}}]}, @common=@SET={0x60, 'SET\x00', 0x0, {{0xff, [0xe2, 0x1ffc0000, 0x5, 0xffffffff, 0xa8d, 0x400], 0x80, 0x9}, {0x7, [0x18000000, 0x1, 0x2437e412, 0x1f, 0x3ff, 0x8001], 0x2, 0x1}}}}, {{@ip={@rand_addr=0x6, @empty, 0xffffffff, 0xffffffff, 'ip6_vti0\x00', 'bcsh0\x00', {0x101}, {0xff}, 0x3d80542136e2338e, 0x3, 0xb0}, 0x0, 0xe8, 0x118, 0x0, {}, [@common=@osf={{0x50, 'osf\x00'}, {'syz1\x00', 0x80, 0x2, 0x2, 0x1}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}, {0x2}}]}, @TPROXY={0x30, 'TPROXY\x00', 0x0, {0x8, 0x7, @multicast2, 0x4e24}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x690) ioctl$KVM_RUN(r2, 0xae80, 0x0) 08:16:14 executing program 3: perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) symlink(0x0, 0x0) openat$nvram(0xffffffffffffff9c, &(0x7f00000007c0)='/dev/nvram\x00', 0x181200, 0x0) setsockopt$inet_sctp_SCTP_PARTIAL_DELIVERY_POINT(0xffffffffffffffff, 0x84, 0x13, &(0x7f0000000800), 0x4) accept(0xffffffffffffffff, 0x0, &(0x7f0000000000)) 08:16:14 executing program 2: r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) setsockopt$bt_BT_POWER(r0, 0x112, 0x9, &(0x7f00000001c0), 0x1) 08:16:14 executing program 1: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000000180)="eb3c906d6b08002e666174000204010002000270fff860d0ac463f45d06d02e5b4a1a9ccaa6edb358103f889b73bc0668e1a1968d4f891c5e57d576ff5230342dc2f04003994dfb052534d7d4cd5158bf181a5db73f22e62a0d77a1799cefff28f68e464", 0x64}], 0x0, 0x0) open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x552, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78) setsockopt$inet_mreqsrc(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x40c2, 0x40) r1 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) write(r0, &(0x7f0000000600)="34fd98aa1d0e7adec937a5f331a75f487934f50242a0751944936972896c29a5068c8ecba1aa0a4e2a631b5180e1fbde79f4502dc4c4a1fba9dcd9ed83e639aefa1b87631c33d1a82cb0c0035676ddfeb0fe7984d7519b0f839d497fc9d64ef14d1de22220ff2623df4950134b9fb734a52adad95f131cce3672a9d7d7b400d2c62810b5f20351639330948107bf8d4534a03ac389455c54d8eb4d609b3e858b7213b38eb01f0eeaba3739ae927916e28da6a79a3fd5e32d30ab30bf959d4596e5ffbff6789a650b9e7d248d1ba849012336a4f3ef8fab07a8f5b81bb0bc45b2174538315ca12b7c723b2157562564a8a1f19d28179f8c565448e0e921b8c3e6fc4adaafa8b929ad077f633325b6a6f71a586cabc4883e03e19315f946b277858593a7367e232202fe9ad656c6768a1517da7f0498b48cb078e929fb11db0cc551f754bffc4859dd89a396915cc809b07d448573098409ea21371056f67ef4114ec10547f498d24513fe594308bf022868ad21e85bba811942fdc45161a1a8a7fe00d5c6b05ed7954f631bbd12a5c9a5cfa5965e0595de608b04ebe02b3fcbf3b9f57807a1a7ad8528992e2ec65949da2f4a0478dfd3ae52639c15d8aeaa351da6d393b58c772168fae604d097fef4d6b9360eb169a0b0ee70cdc22435a003e68698f61b3b63b1f51011bc8f4ef944c1de821785f670124a1c6ed18335d63412", 0x200) sendfile(r0, r1, 0x0, 0x7fffffa7) r2 = open(&(0x7f0000000040)='./file0\x00', 0x141042, 0x0) sendfile(r2, r0, 0x0, 0xffffffff) [ 1359.376677][T21480] FAT-fs (loop1): count of clusters too big (13656062) [ 1359.405459][T21480] FAT-fs (loop1): Can't find a valid FAT filesystem 08:16:21 executing program 0: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(r0, 0x40086602, 0x400007) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) bpf$MAP_CREATE(0x0, 0x0, 0x0) write$cgroup_subtree(r1, &(0x7f0000000000)=ANY=[], 0x32600) r2 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x7a05, 0x1700) write$cgroup_subtree(r1, &(0x7f0000000000)=ANY=[@ANYBLOB], 0xda00) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000080)='cpu.stat\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x7fff}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffc}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) write$cgroup_int(r2, &(0x7f0000000200), 0x43400) ioctl$PERF_EVENT_IOC_MODIFY_ATTRIBUTES(r1, 0x4008240b, &(0x7f0000000280)={0x0, 0x70, 0xff, 0x1, 0x0, 0x3, 0x0, 0x100000000, 0xc17d06253f1d94fb, 0x2, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x8000, 0x4, @perf_config_ext={0x4, 0x1f}, 0x800, 0x8239, 0x7fff, 0x1, 0x1000, 0x9, 0x7}) 08:16:21 executing program 3: mkdir(&(0x7f0000002000)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0) mount(0x0, &(0x7f0000000480)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0, 0x0, 0x0) symlink(&(0x7f0000000140)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38//../file0\x00', &(0x7f00000002c0)='./file0\x00') perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe(0x0) creat(&(0x7f0000000780)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38//../file0\x00', 0x0) unlink(&(0x7f0000000040)='./file0\x00') 08:16:21 executing program 2: socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) move_mount(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x4) 08:16:21 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r1 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000240)='/dev/qat_adf_ctl\x00', 0x2, 0x0) ioctl$sock_inet_tcp_SIOCOUTQ(r1, 0x5411, &(0x7f0000000280)) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, 0x0, 0x196, 0x0, 0x0, 0x0) ioctl$KVM_GET_XCRS(0xffffffffffffffff, 0x8188aea6, &(0x7f0000000000)=ANY=[@ANYBLOB="010002d59400000500ade76e876e03c8cc0000"]) ioctl$KVM_RUN(r3, 0xae80, 0x0) 08:16:21 executing program 1: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000003c0)={0xffffffffffffffff, 0xc0, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)=0xfffffffffffffffa, 0x0, 0x0, 0x0, &(0x7f0000000180)={0x0, 0x2}, 0x0, 0x0, &(0x7f00000001c0)={0x5, 0x0, 0x1, 0x8000}, &(0x7f0000000240)=0xffffffffffff0000, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000280)=0x7}}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffce, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x10022, r1}, 0x78) setsockopt$inet_mreqsrc(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) fchdir(r0) r2 = open(&(0x7f0000000100)='./file0\x00', 0x40c2, 0x40) r3 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) write(r2, &(0x7f0000000600)="34fd98aa1d0e7adec937a5f331a75f487934f50242a0751944936972896c29a5068c8ecba1aa0a4e2a631b5180e1fbde79f4502dc4c4a1fba9dcd9ed83e639aefa1b87631c33d1a82cb0c0035676ddfeb0fe7984d7519b0f839d497fc9d64ef14d1de22220ff2623df4950134b9fb734a52adad95f131cce3672a9d7d7b400d2c62810b5f20351639330948107bf8d4534a03ac389455c54d8eb4d609b3e858b7213b38eb01f0eeaba3739ae927916e28da6a79a3fd5e32d30ab30bf959d4596e5ffbff6789a650b9e7d248d1ba849012336a4f3ef8fab07a8f5b81bb0bc45b2174538315ca12b7c723b2157562564a8a1f19d28179f8c565448e0e921b8c3e6fc4adaafa8b929ad077f633325b6a6f71a586cabc4883e03e19315f946b277858593a7367e232202fe9ad656c6768a1517da7f0498b48cb078e929fb11db0cc551f754bffc4859dd89a396915cc809b07d448573098409ea21371056f67ef4114ec10547f498d24513fe594308bf022868ad21e85bba811942fdc45161a1a8a7fe00d5c6b05ed7954f631bbd12a5c9a5cfa5965e0595de608b04ebe02b3fcbf3b9f57807a1a7ad8528992e2ec65949da2f4a0478dfd3ae52639c15d8aeaa351da6d393b58c772168fae604d097fef4d6b9360eb169a0b0ee70cdc22435a003e68698f61b3b63b1f51011bc8f4ef944c1de821785f670124a1c6ed18335d63412", 0x200) sendfile(r2, r3, 0x0, 0x7fffffa7) r4 = open(&(0x7f0000000040)='./file0\x00', 0x141042, 0x0) sendfile(r4, r2, 0x0, 0xffffffff) 08:16:21 executing program 5: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000000)="6653070000053c07bc3376003639405cb4aed1e68f7d368b3fb62f00000000", 0x1f}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0xb00, 0x0) [ 1365.993887][T21498] QAT: Invalid ioctl [ 1366.043637][ T27] audit: type=1800 audit(1577520981.781:906): pid=21500 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="file0" dev="loop1" ino=597 res=0 08:16:21 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x904ca32735c1addb, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x196, 0x0, 0x0, 0x0) ioctl$KVM_GET_XCRS(0xffffffffffffffff, 0x8188aea6, &(0x7f0000000000)=ANY=[@ANYBLOB="010002d59400000500ade76e876e03c8cc0000"]) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 1366.176290][ T27] audit: type=1804 audit(1577520981.781:907): pid=21500 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir643497950/syzkaller.E8iwYA/273/file0/file0" dev="loop1" ino=597 res=1 08:16:22 executing program 2: clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$KVM_SET_TSS_ADDR(0xffffffffffffffff, 0xae47, 0xd000) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup3(r1, r0, 0x0) r3 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/pfkey\x00', 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x552, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, r3}, 0x78) ioctl$VT_RESIZEX(r3, 0x560a, &(0x7f0000000000)={0x101, 0x9, 0x7d6, 0x6, 0x1, 0x6}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) wait4(0x0, 0x0, 0x40000000, &(0x7f0000000240)) r4 = gettid() tkill(r4, 0x3c) 08:16:22 executing program 3: mkdir(&(0x7f0000002000)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0) mount(0x0, &(0x7f0000000480)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0, 0x0, 0x0) symlink(&(0x7f0000000140)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38//../file0\x00', &(0x7f00000002c0)='./file0\x00') perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe(0x0) creat(&(0x7f0000000780)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38//../file0\x00', 0x0) unlink(&(0x7f0000000040)='./file0\x00') [ 1366.210760][ T27] audit: type=1804 audit(1577520981.851:908): pid=21515 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir643497950/syzkaller.E8iwYA/273/file0/file0" dev="loop1" ino=597 res=1 08:16:22 executing program 2: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x8}, 0x8008, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x10, 0xffffffffffffffff, 0x0) syz_genetlink_get_family_id$SEG6(0x0) setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0) accept4$alg(0xffffffffffffffff, 0x0, 0x0, 0x0) getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, 0x0, 0x0) ioctl$TUNSETIFINDEX(0xffffffffffffffff, 0x400454da, &(0x7f0000000180)) r0 = creat(&(0x7f0000000000)='./file0\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x2000002) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x110001) ioctl$EXT4_IOC_MOVE_EXT(0xffffffffffffffff, 0xc028660f, &(0x7f0000000040)={0x0, r0, 0x0, 0x8}) r1 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000280)='\n\xc2\x03?\x9b\xe3\xf9:\x00', 0x1, 0x0) sendmsg$nl_route(r1, 0x0, 0x4000000) socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0) ioctl$FS_IOC_SETFSLABEL(0xffffffffffffffff, 0x41009432, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0) r2 = openat$null(0xffffffffffffff9c, 0x0, 0x0, 0x0) r3 = syz_open_dev$vcsa(0x0, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_RTOINFO(r2, 0x84, 0x0, &(0x7f0000000140)={0x0, 0x0, 0x1, 0x29350bd9}, &(0x7f00000002c0)=0x10) r4 = openat$cgroup_ro(r3, &(0x7f0000000080)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00', 0x275a, 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x2000002) eventfd(0x5) ioctl$EXT4_IOC_MOVE_EXT(r4, 0xc028660f, &(0x7f0000000040)={0x0, 0xffffffffffffffff, 0x0, 0x8, 0x20}) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00', 0x275a, 0x0) r6 = creat(&(0x7f0000000000)='./file0\x00', 0x0) fallocate(r6, 0x0, 0x0, 0x2000002) fallocate(r5, 0x0, 0x0, 0x110001) ioctl$EXT4_IOC_MOVE_EXT(r5, 0xc028660f, &(0x7f0000000040)={0x0, r6, 0x0, 0x8, 0x20}) creat(&(0x7f0000000000)='./file0\x00', 0x0) 08:16:22 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) r3 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/pfkey\x00', 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x552, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, r3}, 0x78) read$rfkill(r3, &(0x7f0000000140), 0x8) ioctl$VIDIOC_S_EXT_CTRLS(r2, 0xc0205648, &(0x7f0000000080)={0x0, 0x7, 0x0, 0xffffffffffffffff}) ioctl$FS_IOC_GETFSLABEL(r2, 0x81009431, &(0x7f0000000040)) r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r4, r5, &(0x7f0000000000/0x18000)=nil, 0x0, 0x32273183, 0x4, 0x0, 0xffffffffffffffab) ioctl$KVM_GET_XCRS(0xffffffffffffffff, 0x8188aea6, &(0x7f0000000000)=ANY=[@ANYBLOB="010002d59400000500ade76e876e03c8cc0000"]) ioctl$KVM_RUN(r5, 0xae80, 0x0) 08:16:22 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/pfkey\x00', 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x552, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, r2}, 0x78) accept$ax25(r2, &(0x7f0000000240)={{}, [@default, @null, @netrom, @rose, @rose]}, &(0x7f00000002c0)=0x48) r3 = socket$packet(0x11, 0x3, 0x300) getsockopt$packet_int(r3, 0x107, 0x12, &(0x7f0000000040), &(0x7f00000000c0)=0x2) getpeername(r3, &(0x7f0000000080)=@pppol2tpin6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @mcast2}}}, &(0x7f0000000100)=0x80) ioctl$sock_x25_SIOCADDRT(r4, 0x890b, &(0x7f0000000140)={@remote={[], 0x1}, 0xd, 'vcan0\x00'}) r5 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_inet_SIOCSIFFLAGS(r5, 0x8914, &(0x7f0000000000)={'hsr0\x00\x00\x02\x00'}) [ 1366.792021][ T27] audit: type=1804 audit(1577520982.521:909): pid=21515 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir643497950/syzkaller.E8iwYA/273/file0/file0" dev="loop1" ino=597 res=1 [ 1366.873102][ T27] audit: type=1804 audit(1577520982.561:910): pid=21515 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir643497950/syzkaller.E8iwYA/273/file0/file0" dev="loop1" ino=597 res=1 [ 1366.910189][ T27] audit: type=1804 audit(1577520982.571:911): pid=21555 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir643497950/syzkaller.E8iwYA/273/file0/file0" dev="loop1" ino=597 res=1 08:16:30 executing program 0: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(r0, 0x40086602, 0x400007) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) bpf$MAP_CREATE(0x0, 0x0, 0x0) write$cgroup_subtree(r1, &(0x7f0000000000)=ANY=[], 0x32600) r2 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x7a05, 0x1700) write$cgroup_subtree(r1, &(0x7f0000000000)=ANY=[@ANYBLOB], 0xda00) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000080)='cpu.stat\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x7fff}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffc}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) write$cgroup_int(r2, &(0x7f0000000200), 0x43400) ioctl$PERF_EVENT_IOC_MODIFY_ATTRIBUTES(r1, 0x4008240b, &(0x7f0000000280)={0x0, 0x70, 0xff, 0x1, 0x0, 0x3, 0x0, 0x100000000, 0xc17d06253f1d94fb, 0x2, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x8000, 0x4, @perf_config_ext={0x4, 0x1f}, 0x800, 0x8239, 0x7fff, 0x1, 0x1000, 0x9, 0x7}) 08:16:30 executing program 3: socket$inet6_tcp(0xa, 0x1, 0x0) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0x3) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000100)={&(0x7f00001bf000/0x2000)=nil, &(0x7f00001c0000/0x1000)=nil, &(0x7f0000bde000/0x4000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000bdd000/0x2000)=nil, &(0x7f0000bde000/0xf000)=nil, &(0x7f0000bea000/0x2000)=nil, &(0x7f0000bdf000/0x1000)=nil, &(0x7f0000be1000/0x4000)=nil, &(0x7f0000be5000/0x4000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f00000014c0)="26d019d111df2339ea5f27cacb69bbc221005bd2da3566c5283091d46a1d00808d29a80eeae0145c747d02f527b7b35be185a9d0cf44763a595eb3260a9d8a2843ec1c0033bde938a48a95e5e71ec31c46cff48f087da1afc10c3089563517645675441ec4dc47c2310bbb923d270a2463726d3c4eefdfcd464c97cb62ecd85fcce06d8edc9a16c4d38c9028c74fdfdb2bd7db3793f80b11a4a37f6d2b987c0bb7887e75dbc3f674f43c0df12dc096f14e154b75c5f3aa1ab3aa1aa690c433ff3528c238d45b9ee2302f7aa92c821b076bb7d6907e2545cdd14de09d50e4b926b0856181ae819a14a323e7e35438e980c2af1ae9f51527c72250e64e315faa445090dacaa2de4aac8565834faf727b14e8da5e2c91e388b188ee64e9811ce9e20345a4cc8a65525a0d3201326f9ecb22729582bd1bc82c83fe448bba3c39ac7a48d1cb07d958d44162d6b26eb273a8c92ea1b8b939e5364ec0d3bdaf130ab148e174abc1627123eb07c96cbdf8eda7ba59f5994fb0d6e1c25481fc52297d47d2c1d135de39bbfb19979634cf6dd74afb216ce9db2916e50f35e1262bcefce6289e879ac8140158d6f2f318a83123ae0da5b3882192adbcd7fb5205e1309fdf8658066dcbf119c308e563bf22748d89645a3e33dc25519638e7b571eb0ba3d4863497cf5ca8827f623884dd66d360977bd8da19a0f01f956392d9e098a8c3d3d80f0ddb76f25c53f461f0be0210d099ab9835b9da021ef2ce490d703b7ea4cdbea33ddfb4fdadcac152c0c2409866f1f60cd64e8c5eb977482090272034db4a1837b34693bd6d9bb5d8f900594aaf5f51ebc2c92eb6d9545a1a4d28ff45dd23ce9a4772ca985c1f21ade79d8919cecdd2483c4785f6c9364b1c989ed7daf86e34e402048330c43256405676240adcd928576aa10522b0f555784bbd3f6df7ff8de73e6d1d98124e899acac70e4a92182df89317a246b6b019e3227d6fdd48870583e9d14cfeda6feee3b6e442093bc343f9c543bcbbd0e609547c2e210e4cec5544c7cd10763c166ac577dd393aea7fff5e10ce6255b4942306b8f208fe506c4f04564ff564e6938a9f9fca0d583eb421ee5b82a16a9c76069e7c974fc743d0cfd45b6e8d36a10123fec4b79cbe99ac397579ce5ed9427b9c0f335d1224528da17b6d57fc0ef8ce1b6b08747b581d5b0dc7519c3ba8e435be05be4831b8f4f4afe2c58d6b0c0186d9bf9e9dd771c0f20ca9f87304ad210ea70f11d11fa502b0d117ed09d2eb4923437e1eca0e76a51be0c966bf1f4c5d48309bcb11b25eb65621fa22727b5df7f1582b2ab970b215c12d2fa0f7a702cf600f5c587ada19fbdaf9a2a354791369a1b7e34fe0755c8503e1fa1c398222df9cc470df090dc0510d85142ea37d77b6ea7ea0894c9bf859470ec12ea2f6265c4c4b4beba3ac3620131e87f8d9e364ad8b86161f60232bad5d11028c78e2a221bd8edca581fbac37c50c285c2673ba2da45c6a5d9e0bdd50a82a0d083794dfccd9e8d870afc2409220e1d045d677e158a5b420ec993173bccd657b950e471ca35b61f44ca01c3e2bf66a1aa2c78f97fbd897aec4c0580252a08ce59ba08f8affd0d0e730d91b7c3f7f954a89ac71b278e26167d1526a8596f9bda7667a678c639144d4a53effe9c1be539410f97c8de71220299b255b62bd0841e4c3512854b2510ca6542afe4ed6e35b75a26a900322f00ef7f9e193a9e6ce2336e9294b4249b5bd4f8127ba6ecbb9e7e3ffa06a475435dc1ae60413e9997964efb633c62d6d0b62c95ec8b993f8e72f4d2e4b3b0875e5e61612faed3f4e4e0bb19f9b209914c66ea9938e3e6bb3b2e1fbd4d876bd1210a045c0e78b37707abed26b18e244a036f9d9987fad58caa5ecf1db19aed0f6369e60b5aae9adc0927ef19ea82b2b757bac6c12f49881df0bd1bccb8a732db02dfb01bf59f95bf24de4c59c43312b0e0277134614879cd22175e85329d6308b22ce949ecc97b52878f50f19e786b42d14f194c5e477bd1338752bfe63885f5a7ffd4c4821961d44ce85a4304ba160c2a618de71ccdd50566dea07712f5e2ada8b11aa432b9bbf40e38d54e8a618b112c9001fc81986955ab8e51040bb1594668d34db1a8f9d608aac834ea31eecc78f85d0a82b9962ca40bb7487623191bd1fc6378d83ce7bcf542616d044d54e0b6984423f90ed13e91948f0af0618ae8a3acbaabd8909ebc46f94acfd3456fa565ad680804ecea8dc44f58fed76e98f982e1fd683253378079fd9671a94d13f0a1d42828a0361e00ac1de1a76cb820cd9b6fc91cbcd352045def10d5e34ae2c94eb3f0aa082bb063120ff7541ec10fd5fd06a6cd4b252f1d844fd2f7d1fe708a30a73fa3f44610d2ad509493ae590c9de59e134dd2ef657338a78b30a3946802bbbbb734aed6560c214afe8286cbfe39d395a55dc9fcacf2ff0e25386a800b95dfaaa7241835fa7db3ed62d16015a5990947431d272329f1c8f175f4c8aa7477826aa61da1a1a785e1edd4094481facd4d9afae6ccd87fc20d3819f37d98b86430f2b6c8bb7811d52b3b09cb93bd5d970fb777b3c202397f9b73d7fdad8525bf83ff81b2be44377b67e5777ab9e9f9d4f8c37f0678562b84256a9e546213c16fca490e8344bdfc771eecf269665d0dab5f004589484f1a12f58cc90b911eb1b20a024a5255a0ca1d3f7c0ece136ab6b3ea48b84cb870ef276acdfd1e159cf549e95ca43055460aabc7d30ef0a96ceb8ffd9a9d3b0e92d0ecdbd54fbe7e311bc3f5a064e47d2c777373e5c347f94ac743059b6bc33a4e7c05310f975856c9eebf1a0b06e9bf12766a25165cba7af7e31447fc83f110d1b14d05334e646fd870e86a58609f6b6e9efb25504425eb01307a2f724f7a9fbb138bd2da48170dfea806f7af18e2038abd7528ebd89106737b561cf20d5b0b753415d35400484605486ec39fc974455a7b9f1b19d4ebf95eee7c18674d436bb82a4016201a51aca8a662dd45ddf1c01e72df8fdca314777b2fa36c2dc1e6c03c7ae1b9805a06a6cb4db433a3243e98297daba77497b97d2c07555ec4ae22e2e46d01068a4be21383102c515250cd39930eb376b3bcc48cae96783bd6c4d6938cd674a95e54b83dbd6d9d6415c33d712ca38cfabd7cac769f0ea723bebd21b7df30c56284cba692dc1415f6f63563feeaa18e152863a62966afdbc5b0d8521ede3ffaa9f80e3eb8eb8213cb87a0883721b46eada9c6eccd7c6666868da6437ec0e1c7a2a080e7ca5303ec35d6b6ee40f5b734c6d15ccee30c288b9c9cfce2dea08dbc835e24331112094af0c426159105f2e8034635605dfb9e41b606ace0977f4c4480911e9d966dd660d6ce74eee5034e1c3dea395ee3a765f3fdd83c9aca3fd08007a9c020ad2fef509612f67d5ee201961cc34bedb404624d7bbb56f640d199191f8f72354e92db9b54e0776c772a5fd4e68e0505cc0d6818efc068c9136517242e05082ed84e1e50c14a6a19948003e561abb7bb154b68bcada99f0b8c8b3f9919c3b91dcb285118a97e0112d281ec70416152ef1159900e6ebf42ede4de021c5c024689431ea0893879f12d981989f7ddb8f8a7ab947b7fbe58c2af2b181e8033ed58452dd9306c06eb62136ff64455bd75f88a229196198791a9f12cbd0af8445e29b398c1cb42969376bbf5450aa2c2e0089f2b0436414784b536f75242f82b41aa9538ded408aa1696184f367a6194d4c709aec6e805e326391499f88f10e67601375d8bbe5d9316ba302577b4f97be03ad6941875fc42a36e01e282f7e4ea1d0b81f2fc7325dd352fac40bc60a432f47b6b942d0ef3f29223d314917a760500dfb1ae6260455ecdb228d7963496f0c1298fa9f7f17a8e83212a461f61bd65bba26e8652ffac5fd1e827250a36e71da18d3639d28dbfdd57a0f3f73f82f2fa8d4366623175f150bf7c8c80e39178c018c6c337d996dc6ffd5084ba7e9e2346226126651931df85719633dbcea5194db099dee42c80641ac40d29e2a0bba6ea792c8b6636b78d0fcd0598dbde4b1010a804531a38ad80f36ee5859a254fb4aac12eb18aad17f1d8f80cec58abc0e091e23e6811af355a96405a14d930fe2d1225bc815ca2b31decaa148a0a513d45f24344e44386074afa900998e0a334385790235be8ad6366b078b90f07d56b0b2b1f7d697d814e293c8a15c71b9d00f145419201d96a9de5b2778108e652bda8603e6fb35914566e1d8b588c68a8164c30c0f1c6af8958879d8500700c57a58e70a1a95662e8906b57b6c828f8ce1356669fd6cbc9057de29054b4182e57046970ff931f73da4a65b1b9788fe19807bf8dd837af11462a6826da16e504be53ffcefded8661cdc5df89148d12bf0b67bedd06ce5507353539e22bd6efabdf110d183d583dd50635164c52aaea76edea972267214761cac1d5faf49c8daf141d1d6d9368ca55f62cd65a9ba72804673bf4cdfa375c41520b3c35f863ca0b2d86ab930abfef22e2bc4abf869b3137054971a42bf6ddb60ec89dee614bfeedfb45f728602f4e602efebafb75afa0615add964cd5b4b6385199e84fd29254fd95fe95c60c5b30d8c170810beb8c1b016573941e6175bd4f0771f984d7cb8e041da1922c7b9795ef2585ab2afb86f303044c9f9b8c339c42d61e7d90876308e56972564ad1fb6ae8d8096084b427c8b998cd197a50a14171e41f992373e25026263f0880a757d1a702c0b8fb47f46cf4767bc9bb615c63d9616a25a1614bb21cf5e285505a3cf83784e51281831fce1f3ec20b8a6ba3ca6f5af795c5b8df3bde0866baaff93a591108a721d34b7956fc4d47633fcec9cdd387d5a247e0cf72f6a98079b557c92b88c1b625f04322466ac6c47124cf861625da7fcc07b52f771f82256a19a87f1106538fcc0cd3f6d6242dafe0b84711a9fb8810c7a2f862085c223b7f888b3dd6657dac203899f77b85fbb300cb829da7d38bdf5d2b1065967c3ebb65d76355b94346526c898e70bc21385609224fd78033529c3613e40a9ed87e0f67bf18e5b12d910f4b07a65e7e95e66ab7a7dce3c4d576bdbbe805cd1e2b77313d47da140a55d8522d248c005af84c627fc9727e075b0f9a5e3dfbb800c4a9f4fc6b54c7cf5c79ccc1ec698a4470304c59153715f60da577856735ab4e25239842fb2d7b2794b9b0b95f4e48b0d3e5b7f492d7984baf4b60cdfbea307e15504d06512d552b9ba9675ec6d5038e7e5e585d7073bcc060cdfba841d722de257bc3ecae7d0d6b1c6af0bc1eb2afa654fa2947d13aefe0ebc8398ab0a961a5ea413b1d74211167a0185e6b534a20667f88270969bfe77f2870a9e2289c6402a91ca7561b7b71b09a9fc69ee3c651acabc5a06f81de311bb80be430ddd58d5ea7672f8e69519e47af220d87bbc3946be9b6045c3d73cf2e02b7894f2daa0b5c14948c30b3f30dbc8645f7c9a76420ce739f0b5faecd975301d7c1d6f4f00a0478a9de9efb61085d3ce0aac559c4fecb1501399088aef11aa56ae76d594f726fbde286872b00a20ece07160c399f0e64d6f23d12a3ac6efd0ba442d43d419e6ed702ee489bfab94f4e6ff45c05f05734f49119f877bd912e9d05df08c00287207450e3b8b7ad7bf45555d08d3b5195420cf7875e4852377cb61400b674edee7daecbb4d9310b9400e992fa0cd629f05de331a47aec3dfef4ff85caa64c22cd171ffff1dc6132eb6040de96aa354ae2cec96d9dcc159181979b1a6bde54033d613ec13fca0800ff4", 0x1000, r0}, 0x68) sendmsg$TIPC_NL_LINK_GET(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)={0x14, 0x0, 0x115}, 0x14}}, 0x0) sendmsg$TIPC_NL_SOCK_GET(0xffffffffffffffff, 0x0, 0x14) r1 = syz_open_dev$admmidi(&(0x7f0000000000)='/dev/admmidi#\x00', 0x101, 0xc00c00) r2 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') sendmsg$TIPC_NL_MEDIA_GET(r1, &(0x7f00000001c0)={&(0x7f0000000040), 0xc, &(0x7f0000000180)={&(0x7f00000003c0)={0x8c, r2, 0x0, 0x70bd2a, 0x25dfdbfc, {}, [@TIPC_NLA_MEDIA={0x50, 0x5, [@TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}, @TIPC_NLA_MEDIA_PROP={0x44, 0x2, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x80}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x7}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x80000000}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x12}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xb}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x5}]}]}, @TIPC_NLA_NET={0x28, 0x7, [@TIPC_NLA_NET_ADDR={0x8}, @TIPC_NLA_NET_ID={0x8, 0x1, 0x2}, @TIPC_NLA_NET_ID={0x8, 0x1, 0x9}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x3}]}]}, 0x8c}, 0x1, 0x0, 0x0, 0x45040}, 0x0) r3 = dup3(0xffffffffffffff9c, 0xffffffffffffff9c, 0x0) r4 = syz_open_dev$radio(&(0x7f00000002c0)='/dev/radio#\x00', 0x0, 0x2) read$FUSE(r4, &(0x7f00000004c0), 0x1000) mmap(&(0x7f00001bf000/0x1000)=nil, 0x1000, 0x8, 0x6011, r3, 0x0) accept$packet(0xffffffffffffffff, &(0x7f0000000340)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000380)=0x14) socket$inet_udplite(0x2, 0x2, 0x88) r5 = socket$kcm(0x2b, 0x8000000000001, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) setuid(0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r3, 0x29, 0x23, 0x0, 0x0) 08:16:30 executing program 1: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xffffffff00000000, 0x0, &(0x7f0000000140), 0x8000, 0x0) r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x552, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78) setsockopt$inet_mreqsrc(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) fchdir(r0) seccomp$SECCOMP_GET_ACTION_AVAIL(0x2, 0x0, &(0x7f0000000140)=0x5) r1 = open(&(0x7f0000000100)='./file0\x00', 0x40c2, 0x40) r2 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) write(r1, &(0x7f0000000600)="34fd98aa1d0e7adec937a5f331a75f487934f50242a0751944936972896c29a5068c8ecba1aa0a4e2a631b5180e1fbde79f4502dc4c4a1fba9dcd9ed83e639aefa1b87631c33d1a82cb0c0035676ddfeb0fe7984d7519b0f839d497fc9d64ef14d1de22220ff2623df4950134b9fb734a52adad95f131cce3672a9d7d7b400d2c62810b5f20351639330948107bf8d4534a03ac389455c54d8eb4d609b3e858b7213b38eb01f0eeaba3739ae927916e28da6a79a3fd5e32d30ab30bf959d4596e5ffbff6789a650b9e7d248d1ba849012336a4f3ef8fab07a8f5b81bb0bc45b2174538315ca12b7c723b2157562564a8a1f19d28179f8c565448e0e921b8c3e6fc4adaafa8b929ad077f633325b6a6f71a586cabc4883e03e19315f946b277858593a7367e232202fe9ad656c6768a1517da7f0498b48cb078e929fb11db0cc551f754bffc4859dd89a396915cc809b07d448573098409ea21371056f67ef4114ec10547f498d24513fe594308bf022868ad21e85bba811942fdc45161a1a8a7fe00d5c6b05ed7954f631bbd12a5c9a5cfa5965e0595de608b04ebe02b3fcbf3b9f57807a1a7ad8528992e2ec65949da2f4a0478dfd3ae52639c15d8aeaa351da6d393b58c772168fae604d097fef4d6b9360eb169a0b0ee70cdc22435a003e68698f61b3b63b1f51011bc8f4ef944c1de821785f670124a1c6ed18335d63412", 0x200) sendfile(r1, r2, 0x0, 0x7fffffa7) r3 = open(&(0x7f0000000040)='./file0\x00', 0x141042, 0x0) sendfile(r3, r1, 0x0, 0xffffffff) 08:16:30 executing program 2: syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) syz_open_procfs(0x0, 0x0) fchdir(r0) r1 = open(&(0x7f00000009c0)='./bus\x00', 0x141042, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x800002, 0x11, r1, 0x0) r3 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/pfkey\x00', 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x552, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, r3}, 0x78) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_INFO(r3, 0xc08c5334, &(0x7f0000000300)={0x2, 0x3, 0x1, 'queue1\x00', 0x50000000}) r4 = creat(&(0x7f00000002c0)='./bus\x00', 0x0) fcntl$setstatus(r4, 0x4, 0x6100) ftruncate(r4, 0x8200) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x510, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) write$cgroup_type(r4, &(0x7f0000000200)='threaded\b', 0x175d900f) 08:16:30 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x196, 0x0, 0x0, 0x0) r3 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/pfkey\x00', 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x552, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, r3}, 0x78) ioctl$SOUND_PCM_READ_CHANNELS(r3, 0x80045006, &(0x7f0000000040)) r4 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_S_EXT_CTRLS(r4, 0xc0205648, &(0x7f0000000080)={0x0, 0x7, 0x0, 0xffffffffffffffff}) r6 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_S_EXT_CTRLS(r6, 0xc0205648, &(0x7f0000000080)={0x0, 0x7}) r7 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_S_EXT_CTRLS(r7, 0xc0205648, &(0x7f0000000080)={0x0, 0x7}) r8 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_S_EXT_CTRLS(r8, 0xc0205648, &(0x7f0000000080)={0x0, 0x7}) r9 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_S_EXT_CTRLS(r9, 0xc0205648, &(0x7f0000000080)={0x0, 0x7}) r10 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_S_EXT_CTRLS(r10, 0xc0205648, &(0x7f0000000080)={0x0, 0x7}) ioctl$KVM_GET_XCRS(0xffffffffffffffff, 0x8188aea6, &(0x7f0000000300)=ANY=[@ANYRESOCT=r4, @ANYPTR64=&(0x7f0000000540)=ANY=[@ANYBLOB="9781ae5537081d67c01332a7de36077f305a5b2c5e9783afff0b08b767eea11bda56f1ec070c55ba11918e9013d033b92db21e94a4dcff3960cee0405d6163c092a2185d8a7807aacffe6327474d365f1798713bf81ead5e6a04c617928bffd7d66fe6f5cabb8969923e64ab0c71d901968f53ed0067a5ab2b529227bf7dbfe044a7daeb7290f6476d1be22f6847", @ANYPTR=&(0x7f0000000100)=ANY=[@ANYRES16=r6, @ANYRESDEC=0x0, @ANYRES64=r7, @ANYRES16=r1, @ANYRESOCT], @ANYRES16=r8, @ANYRESDEC=r9, @ANYBLOB="5336d197d1edddd587090077d90183b3e0dc7e79f08673bd6648d09e60ffc7868bb01d1f8ce8fd950c4aebdadd9eae4136cff675632151a011d85867e0f2c8eecaa617c103a1b816ef5213a5b8449e122c67c1f1e90ca66f3e5866d8813b52d1af36b9834149497c0270f05c65112cf72f397a4af5259cfba65a6768ea4f618a7559a01427bd2cd0fb80d160e352694255932f8e77b9020716e4", @ANYPTR64=&(0x7f0000000140)=ANY=[@ANYPTR, @ANYRES16, @ANYRESDEC=r10, @ANYRESOCT], @ANYRESDEC], @ANYPTR64=&(0x7f0000000240)=ANY=[@ANYBLOB="3461e499613a2d48e9170c71d6e02a75ba06945cc76443714b1abf8631cb5aca159a903bbb7dff75dc5f1b7b3e7af2d963d7e031e90c9ee90589"], @ANYPTR64=&(0x7f0000000280)=ANY=[@ANYRES64=r5, @ANYRES32=0x0], @ANYPTR=&(0x7f00000002c0)=ANY=[@ANYRESHEX, @ANYRES32=r8]]) ioctl$KVM_RUN(r2, 0xae80, 0x0) 08:16:30 executing program 5: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000000)="6653070000053c07bc3376003639405cb4aed1e68f7d368b3fb62f00000000", 0x1f}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0xc00, 0x0) [ 1374.448276][ T27] audit: type=1800 audit(1577520990.181:912): pid=21569 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="file0" dev="sda1" ino=16852 res=0 08:16:30 executing program 3: socket$inet6_tcp(0xa, 0x1, 0x0) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0x3) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000100)={&(0x7f00001bf000/0x2000)=nil, &(0x7f00001c0000/0x1000)=nil, &(0x7f0000bde000/0x4000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000bdd000/0x2000)=nil, &(0x7f0000bde000/0xf000)=nil, &(0x7f0000bea000/0x2000)=nil, &(0x7f0000bdf000/0x1000)=nil, &(0x7f0000be1000/0x4000)=nil, &(0x7f0000be5000/0x4000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f00000014c0)="26d019d111df2339ea5f27cacb69bbc221005bd2da3566c5283091d46a1d00808d29a80eeae0145c747d02f527b7b35be185a9d0cf44763a595eb3260a9d8a2843ec1c0033bde938a48a95e5e71ec31c46cff48f087da1afc10c3089563517645675441ec4dc47c2310bbb923d270a2463726d3c4eefdfcd464c97cb62ecd85fcce06d8edc9a16c4d38c9028c74fdfdb2bd7db3793f80b11a4a37f6d2b987c0bb7887e75dbc3f674f43c0df12dc096f14e154b75c5f3aa1ab3aa1aa690c433ff3528c238d45b9ee2302f7aa92c821b076bb7d6907e2545cdd14de09d50e4b926b0856181ae819a14a323e7e35438e980c2af1ae9f51527c72250e64e315faa445090dacaa2de4aac8565834faf727b14e8da5e2c91e388b188ee64e9811ce9e20345a4cc8a65525a0d3201326f9ecb22729582bd1bc82c83fe448bba3c39ac7a48d1cb07d958d44162d6b26eb273a8c92ea1b8b939e5364ec0d3bdaf130ab148e174abc1627123eb07c96cbdf8eda7ba59f5994fb0d6e1c25481fc52297d47d2c1d135de39bbfb19979634cf6dd74afb216ce9db2916e50f35e1262bcefce6289e879ac8140158d6f2f318a83123ae0da5b3882192adbcd7fb5205e1309fdf8658066dcbf119c308e563bf22748d89645a3e33dc25519638e7b571eb0ba3d4863497cf5ca8827f623884dd66d360977bd8da19a0f01f956392d9e098a8c3d3d80f0ddb76f25c53f461f0be0210d099ab9835b9da021ef2ce490d703b7ea4cdbea33ddfb4fdadcac152c0c2409866f1f60cd64e8c5eb977482090272034db4a1837b34693bd6d9bb5d8f900594aaf5f51ebc2c92eb6d9545a1a4d28ff45dd23ce9a4772ca985c1f21ade79d8919cecdd2483c4785f6c9364b1c989ed7daf86e34e402048330c43256405676240adcd928576aa10522b0f555784bbd3f6df7ff8de73e6d1d98124e899acac70e4a92182df89317a246b6b019e3227d6fdd48870583e9d14cfeda6feee3b6e442093bc343f9c543bcbbd0e609547c2e210e4cec5544c7cd10763c166ac577dd393aea7fff5e10ce6255b4942306b8f208fe506c4f04564ff564e6938a9f9fca0d583eb421ee5b82a16a9c76069e7c974fc743d0cfd45b6e8d36a10123fec4b79cbe99ac397579ce5ed9427b9c0f335d1224528da17b6d57fc0ef8ce1b6b08747b581d5b0dc7519c3ba8e435be05be4831b8f4f4afe2c58d6b0c0186d9bf9e9dd771c0f20ca9f87304ad210ea70f11d11fa502b0d117ed09d2eb4923437e1eca0e76a51be0c966bf1f4c5d48309bcb11b25eb65621fa22727b5df7f1582b2ab970b215c12d2fa0f7a702cf600f5c587ada19fbdaf9a2a354791369a1b7e34fe0755c8503e1fa1c398222df9cc470df090dc0510d85142ea37d77b6ea7ea0894c9bf859470ec12ea2f6265c4c4b4beba3ac3620131e87f8d9e364ad8b86161f60232bad5d11028c78e2a221bd8edca581fbac37c50c285c2673ba2da45c6a5d9e0bdd50a82a0d083794dfccd9e8d870afc2409220e1d045d677e158a5b420ec993173bccd657b950e471ca35b61f44ca01c3e2bf66a1aa2c78f97fbd897aec4c0580252a08ce59ba08f8affd0d0e730d91b7c3f7f954a89ac71b278e26167d1526a8596f9bda7667a678c639144d4a53effe9c1be539410f97c8de71220299b255b62bd0841e4c3512854b2510ca6542afe4ed6e35b75a26a900322f00ef7f9e193a9e6ce2336e9294b4249b5bd4f8127ba6ecbb9e7e3ffa06a475435dc1ae60413e9997964efb633c62d6d0b62c95ec8b993f8e72f4d2e4b3b0875e5e61612faed3f4e4e0bb19f9b209914c66ea9938e3e6bb3b2e1fbd4d876bd1210a045c0e78b37707abed26b18e244a036f9d9987fad58caa5ecf1db19aed0f6369e60b5aae9adc0927ef19ea82b2b757bac6c12f49881df0bd1bccb8a732db02dfb01bf59f95bf24de4c59c43312b0e0277134614879cd22175e85329d6308b22ce949ecc97b52878f50f19e786b42d14f194c5e477bd1338752bfe63885f5a7ffd4c4821961d44ce85a4304ba160c2a618de71ccdd50566dea07712f5e2ada8b11aa432b9bbf40e38d54e8a618b112c9001fc81986955ab8e51040bb1594668d34db1a8f9d608aac834ea31eecc78f85d0a82b9962ca40bb7487623191bd1fc6378d83ce7bcf542616d044d54e0b6984423f90ed13e91948f0af0618ae8a3acbaabd8909ebc46f94acfd3456fa565ad680804ecea8dc44f58fed76e98f982e1fd683253378079fd9671a94d13f0a1d42828a0361e00ac1de1a76cb820cd9b6fc91cbcd352045def10d5e34ae2c94eb3f0aa082bb063120ff7541ec10fd5fd06a6cd4b252f1d844fd2f7d1fe708a30a73fa3f44610d2ad509493ae590c9de59e134dd2ef657338a78b30a3946802bbbbb734aed6560c214afe8286cbfe39d395a55dc9fcacf2ff0e25386a800b95dfaaa7241835fa7db3ed62d16015a5990947431d272329f1c8f175f4c8aa7477826aa61da1a1a785e1edd4094481facd4d9afae6ccd87fc20d3819f37d98b86430f2b6c8bb7811d52b3b09cb93bd5d970fb777b3c202397f9b73d7fdad8525bf83ff81b2be44377b67e5777ab9e9f9d4f8c37f0678562b84256a9e546213c16fca490e8344bdfc771eecf269665d0dab5f004589484f1a12f58cc90b911eb1b20a024a5255a0ca1d3f7c0ece136ab6b3ea48b84cb870ef276acdfd1e159cf549e95ca43055460aabc7d30ef0a96ceb8ffd9a9d3b0e92d0ecdbd54fbe7e311bc3f5a064e47d2c777373e5c347f94ac743059b6bc33a4e7c05310f975856c9eebf1a0b06e9bf12766a25165cba7af7e31447fc83f110d1b14d05334e646fd870e86a58609f6b6e9efb25504425eb01307a2f724f7a9fbb138bd2da48170dfea806f7af18e2038abd7528ebd89106737b561cf20d5b0b753415d35400484605486ec39fc974455a7b9f1b19d4ebf95eee7c18674d436bb82a4016201a51aca8a662dd45ddf1c01e72df8fdca314777b2fa36c2dc1e6c03c7ae1b9805a06a6cb4db433a3243e98297daba77497b97d2c07555ec4ae22e2e46d01068a4be21383102c515250cd39930eb376b3bcc48cae96783bd6c4d6938cd674a95e54b83dbd6d9d6415c33d712ca38cfabd7cac769f0ea723bebd21b7df30c56284cba692dc1415f6f63563feeaa18e152863a62966afdbc5b0d8521ede3ffaa9f80e3eb8eb8213cb87a0883721b46eada9c6eccd7c6666868da6437ec0e1c7a2a080e7ca5303ec35d6b6ee40f5b734c6d15ccee30c288b9c9cfce2dea08dbc835e24331112094af0c426159105f2e8034635605dfb9e41b606ace0977f4c4480911e9d966dd660d6ce74eee5034e1c3dea395ee3a765f3fdd83c9aca3fd08007a9c020ad2fef509612f67d5ee201961cc34bedb404624d7bbb56f640d199191f8f72354e92db9b54e0776c772a5fd4e68e0505cc0d6818efc068c9136517242e05082ed84e1e50c14a6a19948003e561abb7bb154b68bcada99f0b8c8b3f9919c3b91dcb285118a97e0112d281ec70416152ef1159900e6ebf42ede4de021c5c024689431ea0893879f12d981989f7ddb8f8a7ab947b7fbe58c2af2b181e8033ed58452dd9306c06eb62136ff64455bd75f88a229196198791a9f12cbd0af8445e29b398c1cb42969376bbf5450aa2c2e0089f2b0436414784b536f75242f82b41aa9538ded408aa1696184f367a6194d4c709aec6e805e326391499f88f10e67601375d8bbe5d9316ba302577b4f97be03ad6941875fc42a36e01e282f7e4ea1d0b81f2fc7325dd352fac40bc60a432f47b6b942d0ef3f29223d314917a760500dfb1ae6260455ecdb228d7963496f0c1298fa9f7f17a8e83212a461f61bd65bba26e8652ffac5fd1e827250a36e71da18d3639d28dbfdd57a0f3f73f82f2fa8d4366623175f150bf7c8c80e39178c018c6c337d996dc6ffd5084ba7e9e2346226126651931df85719633dbcea5194db099dee42c80641ac40d29e2a0bba6ea792c8b6636b78d0fcd0598dbde4b1010a804531a38ad80f36ee5859a254fb4aac12eb18aad17f1d8f80cec58abc0e091e23e6811af355a96405a14d930fe2d1225bc815ca2b31decaa148a0a513d45f24344e44386074afa900998e0a334385790235be8ad6366b078b90f07d56b0b2b1f7d697d814e293c8a15c71b9d00f145419201d96a9de5b2778108e652bda8603e6fb35914566e1d8b588c68a8164c30c0f1c6af8958879d8500700c57a58e70a1a95662e8906b57b6c828f8ce1356669fd6cbc9057de29054b4182e57046970ff931f73da4a65b1b9788fe19807bf8dd837af11462a6826da16e504be53ffcefded8661cdc5df89148d12bf0b67bedd06ce5507353539e22bd6efabdf110d183d583dd50635164c52aaea76edea972267214761cac1d5faf49c8daf141d1d6d9368ca55f62cd65a9ba72804673bf4cdfa375c41520b3c35f863ca0b2d86ab930abfef22e2bc4abf869b3137054971a42bf6ddb60ec89dee614bfeedfb45f728602f4e602efebafb75afa0615add964cd5b4b6385199e84fd29254fd95fe95c60c5b30d8c170810beb8c1b016573941e6175bd4f0771f984d7cb8e041da1922c7b9795ef2585ab2afb86f303044c9f9b8c339c42d61e7d90876308e56972564ad1fb6ae8d8096084b427c8b998cd197a50a14171e41f992373e25026263f0880a757d1a702c0b8fb47f46cf4767bc9bb615c63d9616a25a1614bb21cf5e285505a3cf83784e51281831fce1f3ec20b8a6ba3ca6f5af795c5b8df3bde0866baaff93a591108a721d34b7956fc4d47633fcec9cdd387d5a247e0cf72f6a98079b557c92b88c1b625f04322466ac6c47124cf861625da7fcc07b52f771f82256a19a87f1106538fcc0cd3f6d6242dafe0b84711a9fb8810c7a2f862085c223b7f888b3dd6657dac203899f77b85fbb300cb829da7d38bdf5d2b1065967c3ebb65d76355b94346526c898e70bc21385609224fd78033529c3613e40a9ed87e0f67bf18e5b12d910f4b07a65e7e95e66ab7a7dce3c4d576bdbbe805cd1e2b77313d47da140a55d8522d248c005af84c627fc9727e075b0f9a5e3dfbb800c4a9f4fc6b54c7cf5c79ccc1ec698a4470304c59153715f60da577856735ab4e25239842fb2d7b2794b9b0b95f4e48b0d3e5b7f492d7984baf4b60cdfbea307e15504d06512d552b9ba9675ec6d5038e7e5e585d7073bcc060cdfba841d722de257bc3ecae7d0d6b1c6af0bc1eb2afa654fa2947d13aefe0ebc8398ab0a961a5ea413b1d74211167a0185e6b534a20667f88270969bfe77f2870a9e2289c6402a91ca7561b7b71b09a9fc69ee3c651acabc5a06f81de311bb80be430ddd58d5ea7672f8e69519e47af220d87bbc3946be9b6045c3d73cf2e02b7894f2daa0b5c14948c30b3f30dbc8645f7c9a76420ce739f0b5faecd975301d7c1d6f4f00a0478a9de9efb61085d3ce0aac559c4fecb1501399088aef11aa56ae76d594f726fbde286872b00a20ece07160c399f0e64d6f23d12a3ac6efd0ba442d43d419e6ed702ee489bfab94f4e6ff45c05f05734f49119f877bd912e9d05df08c00287207450e3b8b7ad7bf45555d08d3b5195420cf7875e4852377cb61400b674edee7daecbb4d9310b9400e992fa0cd629f05de331a47aec3dfef4ff85caa64c22cd171ffff1dc6132eb6040de96aa354ae2cec96d9dcc159181979b1a6bde54033d613ec13fca0800ff4", 0x1000, r0}, 0x68) sendmsg$TIPC_NL_LINK_GET(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)={0x14, 0x0, 0x115}, 0x14}}, 0x0) sendmsg$TIPC_NL_SOCK_GET(0xffffffffffffffff, 0x0, 0x14) r1 = syz_open_dev$admmidi(&(0x7f0000000000)='/dev/admmidi#\x00', 0x101, 0xc00c00) r2 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') sendmsg$TIPC_NL_MEDIA_GET(r1, &(0x7f00000001c0)={&(0x7f0000000040), 0xc, &(0x7f0000000180)={&(0x7f00000003c0)={0x8c, r2, 0x0, 0x70bd2a, 0x25dfdbfc, {}, [@TIPC_NLA_MEDIA={0x50, 0x5, [@TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}, @TIPC_NLA_MEDIA_PROP={0x44, 0x2, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x80}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x7}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x80000000}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x12}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xb}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x5}]}]}, @TIPC_NLA_NET={0x28, 0x7, [@TIPC_NLA_NET_ADDR={0x8}, @TIPC_NLA_NET_ID={0x8, 0x1, 0x2}, @TIPC_NLA_NET_ID={0x8, 0x1, 0x9}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x3}]}]}, 0x8c}, 0x1, 0x0, 0x0, 0x45040}, 0x0) r3 = dup3(0xffffffffffffff9c, 0xffffffffffffff9c, 0x0) r4 = syz_open_dev$radio(&(0x7f00000002c0)='/dev/radio#\x00', 0x0, 0x2) read$FUSE(r4, &(0x7f00000004c0), 0x1000) mmap(&(0x7f00001bf000/0x1000)=nil, 0x1000, 0x8, 0x6011, r3, 0x0) accept$packet(0xffffffffffffffff, &(0x7f0000000340)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000380)=0x14) socket$inet_udplite(0x2, 0x2, 0x88) r5 = socket$kcm(0x2b, 0x8000000000001, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) setuid(0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r3, 0x29, 0x23, 0x0, 0x0) [ 1374.512931][ T27] audit: type=1804 audit(1577520990.211:913): pid=21569 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir643497950/syzkaller.E8iwYA/274/file0/file0" dev="sda1" ino=16852 res=1 [ 1374.615934][ T27] audit: type=1804 audit(1577520990.281:914): pid=21588 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir643497950/syzkaller.E8iwYA/274/file0/file0" dev="sda1" ino=16852 res=1 08:16:30 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f000000d000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_GET_XCRS(0xffffffffffffffff, 0x8188aea6, &(0x7f0000000000)=ANY=[@ANYBLOB="010002d59400000500ade76e876e03c8cc0000"]) ioctl$KVM_RUN(r2, 0xae80, 0x0) 08:16:30 executing program 3: socket$inet6_tcp(0xa, 0x1, 0x0) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0x3) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000100)={&(0x7f00001bf000/0x2000)=nil, &(0x7f00001c0000/0x1000)=nil, &(0x7f0000bde000/0x4000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000bdd000/0x2000)=nil, &(0x7f0000bde000/0xf000)=nil, &(0x7f0000bea000/0x2000)=nil, &(0x7f0000bdf000/0x1000)=nil, &(0x7f0000be1000/0x4000)=nil, &(0x7f0000be5000/0x4000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f00000014c0)="26d019d111df2339ea5f27cacb69bbc221005bd2da3566c5283091d46a1d00808d29a80eeae0145c747d02f527b7b35be185a9d0cf44763a595eb3260a9d8a2843ec1c0033bde938a48a95e5e71ec31c46cff48f087da1afc10c3089563517645675441ec4dc47c2310bbb923d270a2463726d3c4eefdfcd464c97cb62ecd85fcce06d8edc9a16c4d38c9028c74fdfdb2bd7db3793f80b11a4a37f6d2b987c0bb7887e75dbc3f674f43c0df12dc096f14e154b75c5f3aa1ab3aa1aa690c433ff3528c238d45b9ee2302f7aa92c821b076bb7d6907e2545cdd14de09d50e4b926b0856181ae819a14a323e7e35438e980c2af1ae9f51527c72250e64e315faa445090dacaa2de4aac8565834faf727b14e8da5e2c91e388b188ee64e9811ce9e20345a4cc8a65525a0d3201326f9ecb22729582bd1bc82c83fe448bba3c39ac7a48d1cb07d958d44162d6b26eb273a8c92ea1b8b939e5364ec0d3bdaf130ab148e174abc1627123eb07c96cbdf8eda7ba59f5994fb0d6e1c25481fc52297d47d2c1d135de39bbfb19979634cf6dd74afb216ce9db2916e50f35e1262bcefce6289e879ac8140158d6f2f318a83123ae0da5b3882192adbcd7fb5205e1309fdf8658066dcbf119c308e563bf22748d89645a3e33dc25519638e7b571eb0ba3d4863497cf5ca8827f623884dd66d360977bd8da19a0f01f956392d9e098a8c3d3d80f0ddb76f25c53f461f0be0210d099ab9835b9da021ef2ce490d703b7ea4cdbea33ddfb4fdadcac152c0c2409866f1f60cd64e8c5eb977482090272034db4a1837b34693bd6d9bb5d8f900594aaf5f51ebc2c92eb6d9545a1a4d28ff45dd23ce9a4772ca985c1f21ade79d8919cecdd2483c4785f6c9364b1c989ed7daf86e34e402048330c43256405676240adcd928576aa10522b0f555784bbd3f6df7ff8de73e6d1d98124e899acac70e4a92182df89317a246b6b019e3227d6fdd48870583e9d14cfeda6feee3b6e442093bc343f9c543bcbbd0e609547c2e210e4cec5544c7cd10763c166ac577dd393aea7fff5e10ce6255b4942306b8f208fe506c4f04564ff564e6938a9f9fca0d583eb421ee5b82a16a9c76069e7c974fc743d0cfd45b6e8d36a10123fec4b79cbe99ac397579ce5ed9427b9c0f335d1224528da17b6d57fc0ef8ce1b6b08747b581d5b0dc7519c3ba8e435be05be4831b8f4f4afe2c58d6b0c0186d9bf9e9dd771c0f20ca9f87304ad210ea70f11d11fa502b0d117ed09d2eb4923437e1eca0e76a51be0c966bf1f4c5d48309bcb11b25eb65621fa22727b5df7f1582b2ab970b215c12d2fa0f7a702cf600f5c587ada19fbdaf9a2a354791369a1b7e34fe0755c8503e1fa1c398222df9cc470df090dc0510d85142ea37d77b6ea7ea0894c9bf859470ec12ea2f6265c4c4b4beba3ac3620131e87f8d9e364ad8b86161f60232bad5d11028c78e2a221bd8edca581fbac37c50c285c2673ba2da45c6a5d9e0bdd50a82a0d083794dfccd9e8d870afc2409220e1d045d677e158a5b420ec993173bccd657b950e471ca35b61f44ca01c3e2bf66a1aa2c78f97fbd897aec4c0580252a08ce59ba08f8affd0d0e730d91b7c3f7f954a89ac71b278e26167d1526a8596f9bda7667a678c639144d4a53effe9c1be539410f97c8de71220299b255b62bd0841e4c3512854b2510ca6542afe4ed6e35b75a26a900322f00ef7f9e193a9e6ce2336e9294b4249b5bd4f8127ba6ecbb9e7e3ffa06a475435dc1ae60413e9997964efb633c62d6d0b62c95ec8b993f8e72f4d2e4b3b0875e5e61612faed3f4e4e0bb19f9b209914c66ea9938e3e6bb3b2e1fbd4d876bd1210a045c0e78b37707abed26b18e244a036f9d9987fad58caa5ecf1db19aed0f6369e60b5aae9adc0927ef19ea82b2b757bac6c12f49881df0bd1bccb8a732db02dfb01bf59f95bf24de4c59c43312b0e0277134614879cd22175e85329d6308b22ce949ecc97b52878f50f19e786b42d14f194c5e477bd1338752bfe63885f5a7ffd4c4821961d44ce85a4304ba160c2a618de71ccdd50566dea07712f5e2ada8b11aa432b9bbf40e38d54e8a618b112c9001fc81986955ab8e51040bb1594668d34db1a8f9d608aac834ea31eecc78f85d0a82b9962ca40bb7487623191bd1fc6378d83ce7bcf542616d044d54e0b6984423f90ed13e91948f0af0618ae8a3acbaabd8909ebc46f94acfd3456fa565ad680804ecea8dc44f58fed76e98f982e1fd683253378079fd9671a94d13f0a1d42828a0361e00ac1de1a76cb820cd9b6fc91cbcd352045def10d5e34ae2c94eb3f0aa082bb063120ff7541ec10fd5fd06a6cd4b252f1d844fd2f7d1fe708a30a73fa3f44610d2ad509493ae590c9de59e134dd2ef657338a78b30a3946802bbbbb734aed6560c214afe8286cbfe39d395a55dc9fcacf2ff0e25386a800b95dfaaa7241835fa7db3ed62d16015a5990947431d272329f1c8f175f4c8aa7477826aa61da1a1a785e1edd4094481facd4d9afae6ccd87fc20d3819f37d98b86430f2b6c8bb7811d52b3b09cb93bd5d970fb777b3c202397f9b73d7fdad8525bf83ff81b2be44377b67e5777ab9e9f9d4f8c37f0678562b84256a9e546213c16fca490e8344bdfc771eecf269665d0dab5f004589484f1a12f58cc90b911eb1b20a024a5255a0ca1d3f7c0ece136ab6b3ea48b84cb870ef276acdfd1e159cf549e95ca43055460aabc7d30ef0a96ceb8ffd9a9d3b0e92d0ecdbd54fbe7e311bc3f5a064e47d2c777373e5c347f94ac743059b6bc33a4e7c05310f975856c9eebf1a0b06e9bf12766a25165cba7af7e31447fc83f110d1b14d05334e646fd870e86a58609f6b6e9efb25504425eb01307a2f724f7a9fbb138bd2da48170dfea806f7af18e2038abd7528ebd89106737b561cf20d5b0b753415d35400484605486ec39fc974455a7b9f1b19d4ebf95eee7c18674d436bb82a4016201a51aca8a662dd45ddf1c01e72df8fdca314777b2fa36c2dc1e6c03c7ae1b9805a06a6cb4db433a3243e98297daba77497b97d2c07555ec4ae22e2e46d01068a4be21383102c515250cd39930eb376b3bcc48cae96783bd6c4d6938cd674a95e54b83dbd6d9d6415c33d712ca38cfabd7cac769f0ea723bebd21b7df30c56284cba692dc1415f6f63563feeaa18e152863a62966afdbc5b0d8521ede3ffaa9f80e3eb8eb8213cb87a0883721b46eada9c6eccd7c6666868da6437ec0e1c7a2a080e7ca5303ec35d6b6ee40f5b734c6d15ccee30c288b9c9cfce2dea08dbc835e24331112094af0c426159105f2e8034635605dfb9e41b606ace0977f4c4480911e9d966dd660d6ce74eee5034e1c3dea395ee3a765f3fdd83c9aca3fd08007a9c020ad2fef509612f67d5ee201961cc34bedb404624d7bbb56f640d199191f8f72354e92db9b54e0776c772a5fd4e68e0505cc0d6818efc068c9136517242e05082ed84e1e50c14a6a19948003e561abb7bb154b68bcada99f0b8c8b3f9919c3b91dcb285118a97e0112d281ec70416152ef1159900e6ebf42ede4de021c5c024689431ea0893879f12d981989f7ddb8f8a7ab947b7fbe58c2af2b181e8033ed58452dd9306c06eb62136ff64455bd75f88a229196198791a9f12cbd0af8445e29b398c1cb42969376bbf5450aa2c2e0089f2b0436414784b536f75242f82b41aa9538ded408aa1696184f367a6194d4c709aec6e805e326391499f88f10e67601375d8bbe5d9316ba302577b4f97be03ad6941875fc42a36e01e282f7e4ea1d0b81f2fc7325dd352fac40bc60a432f47b6b942d0ef3f29223d314917a760500dfb1ae6260455ecdb228d7963496f0c1298fa9f7f17a8e83212a461f61bd65bba26e8652ffac5fd1e827250a36e71da18d3639d28dbfdd57a0f3f73f82f2fa8d4366623175f150bf7c8c80e39178c018c6c337d996dc6ffd5084ba7e9e2346226126651931df85719633dbcea5194db099dee42c80641ac40d29e2a0bba6ea792c8b6636b78d0fcd0598dbde4b1010a804531a38ad80f36ee5859a254fb4aac12eb18aad17f1d8f80cec58abc0e091e23e6811af355a96405a14d930fe2d1225bc815ca2b31decaa148a0a513d45f24344e44386074afa900998e0a334385790235be8ad6366b078b90f07d56b0b2b1f7d697d814e293c8a15c71b9d00f145419201d96a9de5b2778108e652bda8603e6fb35914566e1d8b588c68a8164c30c0f1c6af8958879d8500700c57a58e70a1a95662e8906b57b6c828f8ce1356669fd6cbc9057de29054b4182e57046970ff931f73da4a65b1b9788fe19807bf8dd837af11462a6826da16e504be53ffcefded8661cdc5df89148d12bf0b67bedd06ce5507353539e22bd6efabdf110d183d583dd50635164c52aaea76edea972267214761cac1d5faf49c8daf141d1d6d9368ca55f62cd65a9ba72804673bf4cdfa375c41520b3c35f863ca0b2d86ab930abfef22e2bc4abf869b3137054971a42bf6ddb60ec89dee614bfeedfb45f728602f4e602efebafb75afa0615add964cd5b4b6385199e84fd29254fd95fe95c60c5b30d8c170810beb8c1b016573941e6175bd4f0771f984d7cb8e041da1922c7b9795ef2585ab2afb86f303044c9f9b8c339c42d61e7d90876308e56972564ad1fb6ae8d8096084b427c8b998cd197a50a14171e41f992373e25026263f0880a757d1a702c0b8fb47f46cf4767bc9bb615c63d9616a25a1614bb21cf5e285505a3cf83784e51281831fce1f3ec20b8a6ba3ca6f5af795c5b8df3bde0866baaff93a591108a721d34b7956fc4d47633fcec9cdd387d5a247e0cf72f6a98079b557c92b88c1b625f04322466ac6c47124cf861625da7fcc07b52f771f82256a19a87f1106538fcc0cd3f6d6242dafe0b84711a9fb8810c7a2f862085c223b7f888b3dd6657dac203899f77b85fbb300cb829da7d38bdf5d2b1065967c3ebb65d76355b94346526c898e70bc21385609224fd78033529c3613e40a9ed87e0f67bf18e5b12d910f4b07a65e7e95e66ab7a7dce3c4d576bdbbe805cd1e2b77313d47da140a55d8522d248c005af84c627fc9727e075b0f9a5e3dfbb800c4a9f4fc6b54c7cf5c79ccc1ec698a4470304c59153715f60da577856735ab4e25239842fb2d7b2794b9b0b95f4e48b0d3e5b7f492d7984baf4b60cdfbea307e15504d06512d552b9ba9675ec6d5038e7e5e585d7073bcc060cdfba841d722de257bc3ecae7d0d6b1c6af0bc1eb2afa654fa2947d13aefe0ebc8398ab0a961a5ea413b1d74211167a0185e6b534a20667f88270969bfe77f2870a9e2289c6402a91ca7561b7b71b09a9fc69ee3c651acabc5a06f81de311bb80be430ddd58d5ea7672f8e69519e47af220d87bbc3946be9b6045c3d73cf2e02b7894f2daa0b5c14948c30b3f30dbc8645f7c9a76420ce739f0b5faecd975301d7c1d6f4f00a0478a9de9efb61085d3ce0aac559c4fecb1501399088aef11aa56ae76d594f726fbde286872b00a20ece07160c399f0e64d6f23d12a3ac6efd0ba442d43d419e6ed702ee489bfab94f4e6ff45c05f05734f49119f877bd912e9d05df08c00287207450e3b8b7ad7bf45555d08d3b5195420cf7875e4852377cb61400b674edee7daecbb4d9310b9400e992fa0cd629f05de331a47aec3dfef4ff85caa64c22cd171ffff1dc6132eb6040de96aa354ae2cec96d9dcc159181979b1a6bde54033d613ec13fca0800ff4", 0x1000, r0}, 0x68) sendmsg$TIPC_NL_LINK_GET(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)={0x14, 0x0, 0x115}, 0x14}}, 0x0) sendmsg$TIPC_NL_SOCK_GET(0xffffffffffffffff, 0x0, 0x14) r1 = syz_open_dev$admmidi(&(0x7f0000000000)='/dev/admmidi#\x00', 0x101, 0xc00c00) r2 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') sendmsg$TIPC_NL_MEDIA_GET(r1, &(0x7f00000001c0)={&(0x7f0000000040), 0xc, &(0x7f0000000180)={&(0x7f00000003c0)={0x8c, r2, 0x0, 0x70bd2a, 0x25dfdbfc, {}, [@TIPC_NLA_MEDIA={0x50, 0x5, [@TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}, @TIPC_NLA_MEDIA_PROP={0x44, 0x2, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x80}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x7}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x80000000}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x12}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xb}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x5}]}]}, @TIPC_NLA_NET={0x28, 0x7, [@TIPC_NLA_NET_ADDR={0x8}, @TIPC_NLA_NET_ID={0x8, 0x1, 0x2}, @TIPC_NLA_NET_ID={0x8, 0x1, 0x9}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x3}]}]}, 0x8c}, 0x1, 0x0, 0x0, 0x45040}, 0x0) r3 = dup3(0xffffffffffffff9c, 0xffffffffffffff9c, 0x0) r4 = syz_open_dev$radio(&(0x7f00000002c0)='/dev/radio#\x00', 0x0, 0x2) read$FUSE(r4, &(0x7f00000004c0), 0x1000) mmap(&(0x7f00001bf000/0x1000)=nil, 0x1000, 0x8, 0x6011, r3, 0x0) accept$packet(0xffffffffffffffff, &(0x7f0000000340)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000380)=0x14) socket$inet_udplite(0x2, 0x2, 0x88) r5 = socket$kcm(0x2b, 0x8000000000001, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) setuid(0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r3, 0x29, 0x23, 0x0, 0x0) 08:16:30 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000012000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x2, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffef) openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000000)='/dev/qat_adf_ctl\x00', 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) sendto$inet(0xffffffffffffffff, &(0x7f0000000000)="e9", 0x1, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 08:16:30 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x196, 0x0, 0x0, 0x0) ioctl$KVM_GET_XCRS(0xffffffffffffffff, 0x8188aea6, &(0x7f0000000000)=ANY=[@ANYBLOB="010002d59400006b9c48246e876e03c8cc0000"]) ioctl$KVM_RUN(r2, 0xae80, 0x0) 08:16:30 executing program 3: r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) mount(&(0x7f0000000000)=@filename='./file0\x00', &(0x7f0000000340)='./file0\x00', 0x0, 0x41000, 0x0) write$cgroup_type(r0, &(0x7f00000009c0)='threaded\x00', 0xd4b9c12) r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/pfkey\x00', 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x552, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, r1}, 0x78) ioctl$VFIO_IOMMU_UNMAP_DMA(r1, 0x3b72, &(0x7f0000000080)={0x18, 0x0, 0x2, 0x6}) unlink(&(0x7f0000000680)='./file0\x00') open(&(0x7f0000000040)='./file0\x00', 0x7963f2ee1d3fedb3, 0x40) [ 1375.252691][ T27] audit: type=1804 audit(1577520990.991:915): pid=21588 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir643497950/syzkaller.E8iwYA/274/file0/file0" dev="sda1" ino=16852 res=1 [ 1375.305438][ T27] audit: type=1804 audit(1577520991.001:916): pid=21588 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir643497950/syzkaller.E8iwYA/274/file0/file0" dev="sda1" ino=16852 res=1 [ 1375.421132][ T27] audit: type=1804 audit(1577520991.011:917): pid=21623 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir643497950/syzkaller.E8iwYA/274/file0/file0" dev="sda1" ino=16852 res=1 [ 1375.814688][T21633] QAT: Invalid ioctl 08:16:39 executing program 0: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(r0, 0x40086602, 0x400007) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) bpf$MAP_CREATE(0x0, 0x0, 0x0) write$cgroup_subtree(r1, &(0x7f0000000000)=ANY=[], 0x32600) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB], 0xda00) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000080)='cpu.stat\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x7fff}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffc}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) write$cgroup_int(r2, &(0x7f0000000200), 0x43400) ioctl$PERF_EVENT_IOC_MODIFY_ATTRIBUTES(r1, 0x4008240b, &(0x7f0000000280)={0x0, 0x70, 0xff, 0x1, 0x0, 0x3, 0x0, 0x100000000, 0xc17d06253f1d94fb, 0x2, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x8000, 0x4, @perf_config_ext={0x4, 0x1f}, 0x800, 0x8239, 0x7fff, 0x1, 0x1000, 0x9, 0x7}) 08:16:39 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x196, 0x0, 0x0, 0x0) ioctl$KVM_GET_XCRS(0xffffffffffffffff, 0x8188aea6, &(0x7f0000000000)=ANY=[@ANYBLOB="0100ecd49400000500ade76edbf7f633e78b7d"]) ioctl$KVM_RUN(r2, 0xae80, 0x0) r3 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/pfkey\x00', 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x552, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, r3}, 0x78) ioctl$BLKPG(r3, 0x1269, &(0x7f0000000040)={0x7f, 0x101, 0x1000, &(0x7f0000000440)="518e19325ee3e726847903a1590218ba786197371dac9e7102c300d9dd13136ff0e7b7dcadc733fd8401834b02e6b30ff55ec8fd5393954e14901bec782b97ee5b09cf6970f8b5921e54d9dca4c2417479b113ebe1bfe9b89711bb8cf67b318875838ed694bcbab37ec622c7c240034fa4161b90dbf1fd257054e547744494fe91ead8eb3e919c79643e5ed5858534526958dfda3cd77bc90e345523c04396ded8b03bdb70f4359becc0c937ef40bdd14e629ae39e5158fc276a7fc0d27d4f97a85458b5b28c28a20a2b28bccbee6cfa60c927fa0747ced4f4824d2c01150c06deaf4f7a23939772d285f9ee411c27a11f8121988094aaad12d28d39b6e0edbd2c313b3fdc3c91c1b7e7c39ab585e1ae6879b2e857946a9aa40e99a9264ce10f1acbc6433e9f0db1dae335280893320f85159d71e9431cbe3e07b90ea4f131892ed30d373556715e42fc41976f18d4575c14910abfd94a971c79d0cd0b3c421e0b5987845981d15d707e81dbc675e916a12bbad39bb7c20ef8b2594e105aaccbaa599fce5b7906a88949ecac660f94f7ad906024829aeb10bebf512baa76b5f7080bcc540eb8e1ab620c13e281d7c520925b3ccc3b51874ba76a41f80b1f3de2cc6ba5a6c2faf2d6d8de6f70e8bfee0fed579aa87e410a2e820e1e7c6af8aaf3769dae5366058fb991fa0e7bb0598b4f7e37c265c204bea03695f37ece31f17e661153bc9788a9e7df1d09bdccb75227a09cf3c63729d1253a92f7f3cb1c2c0d92bc8088ee79496f1d67addfd7cd849b2ee3cb182b74e80bd5b9b72e89abf498f707379472a52c8f22c77513d4d21f58715eb3370106d2b90d21585a18cef925e57547f0eea700cf10201a2ad024f6bb80a391a531f7f3d42170575feedae5d9fe5908679bceb547107cfe5b34c46aa12a7357f361f0c81b39a53564d7fdfef0017dfad11c382d0a64979bf6edebeb2ea91bf6ae14f77179bd1d980a5db25f3ba42031d089f5050612c93103380f6ee2f8e7fc8097bf20632bbd26e4b47cbe80fac642d83a1aba6f6de0e4a4019f4a134b5577eb2ae2ce9eede61ecfbf463763ffb9133259f79fab6000cde2bf8b0240e000f5f10df084d1515fdddb3b1c4efb7cf952a6525fccdb50624fc3e137168dd6bab687d0bd4d3df16a93aff4e3d4634a7d5deeacc3e6bb91cea8f94bb14c141a199fb7291d523e61b0002cf3c1904b8aac9d907393c78aa1d0bb0de0fa7d619f985d9f845842a4ddaaca4177b233118646e6cf453fa9cdb7569860f220ea6aef9bcbf1abb78df34fc98aa34c664e987537aa8d4ad34e0a177a3da57cab555a049287baaa67cf4a843565a7323009f78830a0502fe555e1f73ef85f7f46c801665ef3cd884b03fdb86b18425ee4da193c98b557fa9e68aaac18698cf349736b105aebc573262a792fbf0c8e1ab696521f18a985a40c8d31aa01c99fa68467c9bf3b864e84e1434715a1f8d801fc6ecfab85a7b7ec00c65db0c1cfc69a292b3c5217a1d0e75d8e4eea6fdfb9bb8c2b8d2a850d1d8d5f76df3800e644087f33539a0de31ff26a631d50844d772a3d2fb2266dd5363fd304315c6b6dcde346e930e87d73d5ba45b8021c99c387290d08101d1f214c18cec7600b8b8aa10ffc4e62f5515f11432e4a7f876f84220be7b9e27126303e96d747b0bbc4dc5e756bbfbff7286eac931d8d5b2c6fd5567475d13bcf4c827561aa36e06a9e5f36cc29eb899a19d6d14822b976524f9de739641fc75b6ec68f9c3d931379b7c74d06c986058d948c1747c3b9a250e27d418af13974e80b2c08fea0308f11cab5f97905e53f6e16c6bd7d15864b4f430b275106bf0be9f00c0f4489e7551046a530e770df66b7a8063e770d63f21ad6a5844258aa250295efdceaa2cdfb2fce13e058059f77e2a17038ff5cfe64c656d0a68a3fe3320dae3f3c169216c31d1d660c032d7d0fb31b5fe326c4a455913a46a9e9324165293a23c535862009656b5ca5be409adecad4a7f109660bb9cb9f3a7f85e35f98e0523f0bd42ae9db4d2f68cfd357fcd3fb10de5a5ce816a960bbf0d02005b7496c95b8e2405ba72f2ce87cb551f1d771d32deb07cea44f138a34e0d6e8003b71cf80e91c10f2f071cceaaf900823ce0e62265f71472931e2dd045a13b35561fb3d3821d6eb96ced01d8d88f9eddf4c3d0770c5d76fceeab4c47772e82982fd6d700e66f6a3d3f67d8947a28a6d1a08266addbd945b4787a0c129880315c28a1cff6cff01dce0b8100b846298cdb6c4bb80ed5b6202151cfcbb3b5c2e97ef58be8f8b2714458d8da8658ff6772af209a36e93fdc41e5ad92b6416f6680971fc29955ad24ce4ed2154176000e1d3156e947ccb0a0b23c3d50b7844251831eacdc564d7f135517f4544bab2e342ffb837faa5c372327637483a609ba6930c030a2240d1471d2d601a7214ce89d4160936a0c6df6a7227f85dc4c8f06fa6c25901f491f47904d595045b9e15d6efd3366230c22f922d4a5b7177e0510dba78c10540359365f6498edaeca6b962d07f73145924abe4b4f379f2fa40f2e4fc6fbe1a1c8a8ae62681a5ae555324ad3e11140c978747dfaf195d4948cc272edbef8de26495306d5ad2ee5b015788768fcc9bc817b08b8447c5958208f388c6ed8a062badc6acf5590233a42ec77035d6347d2fc6d45649a429cbd8dcec70b6487eeafdf3937ba3414e05afea720947ded8e9d7b4d19c984a5948df3c2bbce5433a7d3a71296ca7f5adf0bf04d98c257e1ed161af67d410f09150e30b9b8a586e82e3eb44a8e50089c48cfb6557c7a7a9c18a13bd3ea0b46de2d2b6abad5b777306576f5fdaeaa59ff94802c22f25952ee75d38ccc939e6826ae14fd0fbd9945bd332cf4282023a66583337bfa74921e1127494005113edc1de5f373aa8978a82d537bc80efdc8e25109ba81ee3bda835ee4630ee497591b4cbd1b9398933fa963e4c86dc187163f0a209ce16337cb837febd9c448bf5a1b48303d13805b29c2ae52e97054fd1616fdd93659f967b81b3ccd644331d8b836528ede769a539585e5931ea9fd53b4ded77204862248efb2462861167d0510fff89d6a67113fb0d5ca16205d621d09e742a1158eac08e54b2f9ff38ba5f85cfa90bc9ed7a3f36babc6d768ff03b8ee8557d1ff8499b910283608b8659d8a5aa1ee39db7607c4e2fb11abeb3a91811ec995a0327cd0cad3c4b8874ebec2be5f5c863ce537b07553dc718b4229ca4ba6e3802b0260a82df1c93140a2c7506f434b09ea06e975a4ddd2ee41c97d5d198311a22f8d24b09316ba08c0bd78360594fb61d6d5f700e52636b8ef03bc1e3c37a674acf2c584f6023cecda17c480baa9ead4b1381af68413631f804fed1d7f0ebea425ef077f268821b9df988bbb1348654e9cf8ea6927a78f172e6f3cfbd04b2050bd7423b8d53786a7365c972e7b4eb664ac169158a5369eab144eaa6983dabe2eee5d8fdf98a8ad9f7697ab562a517630aad1a4c73867bdfb925acfe6755dfd2dcaff7b4eb750cef399c3d64478533122055fbe5b951d9806e5e7e1ad47be7f8249388296ac32c089af2728445b15b45e13a3f5289f1f077c8c2e61559d2dba3b923d22d072cd35b9879648970b4abff88e6bbc195da4d9e76ff4ed55b067df83d9906c55e02f69eb8f7dad676860613edd8a47fa781a571f8fc6bb26d05f948fe20308f95a4804bc8c6bc04fbc946e54999a02831e3bcf6009ce4ff4b4511f7e182d228f9892249a58d044fe5c5b2c94a7998980f7ceb58535a7a77983f5996f091ed71633ab06738a2d43d444fb87dd6c510cc6f88e9b7b6f941e1e34aa58d6f19d89d92428a68a84e89759c39f22fe5bf1ddeb095b46f088f6ec987c315f4f76f4db0c8f53a47b6fe59ca8aeaba07bfc4199ded44d36620243c139f9472ab3369b82073b5753c077fc64f6ce47b70ceca049b24771fcd6b9fc99354e32586573a2500e1dea4ea76007d459a287ce66da69d1264c2e840d2286aa018590a281e812f5753975dae2afc58267b05256196f4fa82148eb4115c6ba0f3e76220601614a6b02ce3cc2de6e4e8969863ce5d16529b37e4d36b99ffeb6361be690149956fa422074d76d0002d12eaf47ff6af974f1a2d76d6b706663d63d6e816dfd4c21cc5a2ca7a1d78642bdddbd1e7f677044f02fcc4c7a53f587364b700bfb7034d031d5f2c9256b75833424d8b82f8f1a0f1c840dec973836ca61f61668724348dd537104633b15269904a1ffd0d18fec38516df2b40e6ac2ea9cd16ce3cf0c5de0100a6f066ae47cbe99723c88bfabc6d9c7f4273dd9f2781f1265e8d18c66955a6c8fd25af511736e5552b396b472f33718698875cbe5d1022ffe49a7afb5896655a898771b122dd108cb1254c6c2a7e1a66e9a82c17cb0ca9162da262fd4af41f1e644540964e04ceefe6a443a8019b56672fa11d5b94f0ccf9426973068880e980a363b72e04126475d3166a698a2f513139fc54ecedcf4f026df1717833499d1579306c7470fe4113d95dee29cdac679c6c236fec1574d0de4be0cb30f59734de98a044126e0615785f8146a4009ded2b4f43e88956543d328d939c79da747319c1ca0112191071f6052618516eae266e468d328b04ace307e25f56a30890b1f7791adba81e4e03e7126687bac78aefce6f2eda1e65410dca7b6e6d186ad6453a1184fd4548750b67c2987f47ac2973857993da1f5aa6a5afdcef4e603e9f80224e8dc1a4745c69ec89cf5481ba1daf0248cd5bd7d24719232c4698f79f94363ad99e1e691f4bd3f882121ed3cc15f9ba43dc650e02eecd6243c9cac9003bc156480e4607d1956e11946ae55a732f1efbe4664cf8012c7d058e2d2092880b5fa884d05a0316ea28767e7217d30f28431f2907e47ed1db9e34fb3c7d4f40e15217c850ef9dd2f95d6776aeaf284748326bc26b0cde125a697637c9838f3970410f339cbab88a836627260d894c11298ea09097810778567448df1b06ec148b73c938c0aaaaef308abed9ca56cda75792adbb41c01b0092b2bbe7d21d8a07cba84ffa0284927798845a56fd665eb95c9e8619daf881b2ef956cce49bdb4d5826084cbac442d89eaf1c5ade9074d24c3b6604e8f746dd21e2a7fbbc5c01a60bc1d55f3af7ba3a2bbde3debb74055653c1378aeb73e46ea117132869ad9872973def7e0f32d7d45e843f89baf11fafd71c259dea5cca417f49453ab0e653ef0d98aa78355176fd511b92f2ada994a11a2714851b1e82510c0005619e07061c72e47a8656a9e3382a0ca84d83ee47eea964982b9e6ab848d9ef39fd0eab538a930c8d6cf7a9a10f177d03d8ca1320dbf8ba27a0c8889a788d986d4189885bd95ae3f07d1fd0cf205ba6a4ea5cd45d3997b27e0eca7acbf1ebf0ed59fa4fb4b65dc362a4d00532f21150a123c2e761e27f5f7f792e38bdbe6b4cb12edf37740d22c7660501aec119224e59a93e69b2b62fcf0a711fe3749da6df2d425038d10ddd5bb307a2a3792bbd6053de6428087a54f8a8c84cecde1e4af8659ab58d0ab2baa7624fdabfd87bbf57834ca06e285b19cf8588abb138824ea9720e7ea104f9a7e9411e79f49410081e11e220090205b9fdbd275df2ce9b6ef34e575c3d238df48dd4be76f1a0771e3b9836837b43c77c1e98b84cb78a12150020e4ea208e4baabed9290ffed7d19fbb0870ab6442967c72cac3c1b729b3d6e7c5e6aac33ba191e33264b668ba092b04f04462f6c94e5d9ce690fb57bddcda4ee658a"}) 08:16:39 executing program 1: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x552, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78) ioctl$sock_x25_SIOCDELRT(r0, 0x890c, &(0x7f0000000300)={@null=' \x00', 0xa, 'veth1_to_bond\x00'}) setsockopt$inet_mreqsrc(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000100)='./file0\x00', 0x40c2, 0x40) r2 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) write(r1, &(0x7f0000000600)="34fd98aa1d0e7adec937a5f331a75f487934f50242a0751944936972896c29a5068c8ecba1aa0a4e2a631b5180e1fbde79f4502dc4c4a1fba9dcd9ed83e639aefa1b87631c33d1a82cb0c0035676ddfeb0fe7984d7519b0f839d497fc9d64ef14d1de22220ff2623df4950134b9fb734a52adad95f131cce3672a9d7d7b400d2c62810b5f20351639330948107bf8d4534a03ac389455c54d8eb4d609b3e858b7213b38eb01f0eeaba3739ae927916e28da6a79a3fd5e32d30ab30bf959d4596e5ffbff6789a650b9e7d248d1ba849012336a4f3ef8fab07a8f5b81bb0bc45b2174538315ca12b7c723b2157562564a8a1f19d28179f8c565448e0e921b8c3e6fc4adaafa8b929ad077f633325b6a6f71a586cabc4883e03e19315f946b277858593a7367e232202fe9ad656c6768a1517da7f0498b48cb078e929fb11db0cc551f754bffc4859dd89a396915cc809b07d448573098409ea21371056f67ef4114ec10547f498d24513fe594308bf022868ad21e85bba811942fdc45161a1a8a7fe00d5c6b05ed7954f631bbd12a5c9a5cfa5965e0595de608b04ebe02b3fcbf3b9f57807a1a7ad8528992e2ec65949da2f4a0478dfd3ae52639c15d8aeaa351da6d393b58c772168fae604d097fef4d6b9360eb169a0b0ee70cdc22435a003e68698f61b3b63b1f51011bc8f4ef944c1de821785f670124a1c6ed18335d63412", 0x200) sendfile(r1, r2, 0x0, 0x7fffffa7) r3 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dlm-monitor\x00', 0x100, 0x0) recvfrom$inet(r3, &(0x7f0000000180)=""/49, 0x31, 0x102, &(0x7f00000001c0)={0x2, 0x4e22, @empty}, 0x10) r4 = open(&(0x7f0000000040)='./file0\x00', 0x141042, 0x0) sendfile(r4, r1, 0x0, 0xffffffff) 08:16:39 executing program 2: socketpair$unix(0x1, 0x40000000000001, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = fcntl$dupfd(r0, 0x0, r1) fcntl$notify(0xffffffffffffffff, 0x402, 0x11) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/pfkey\x00', 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x552, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, r3}, 0x78) mmap$snddsp_control(&(0x7f0000ffd000/0x2000)=nil, 0x1000, 0x1000000, 0x30, r3, 0x83000000) r4 = socket$inet_tcp(0x2, 0x1, 0x0) prctl$PR_SET_TIMERSLACK(0x1d, 0xae21) getsockopt$inet_tcp_int(r4, 0x6, 0x2, &(0x7f0000bfcffc), &(0x7f0000000040)=0x334) perf_event_open(&(0x7f0000000100)={0x5, 0x70, 0xb7, 0x0, 0x20, 0x6, 0x0, 0x28, 0x1, 0x8, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x3, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x8, 0x4, @perf_config_ext={0x1, 0x9}, 0x2, 0xe841, 0x3, 0x2, 0x3f, 0xfffffffb, 0x9}, 0x0, 0xffffffffffffffff, r2, 0x1a) r5 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/pfkey\x00', 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x552, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, r5}, 0x78) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r5, 0xc0502100, &(0x7f0000000080)) 08:16:39 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$EVIOCSABS3F(0xffffffffffffffff, 0x401845ff, &(0x7f0000000000)={0x0, 0xfe6b76c, 0x1}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfb]}) ioctl$SNDRV_RAWMIDI_IOCTL_STATUS64(0xffffffffffffffff, 0xc0385720, &(0x7f0000000040)={0x1}) r3 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/pfkey\x00', 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x552, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, r3}, 0x78) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000000)) 08:16:39 executing program 5: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000000)="6653070000053c07bc3376003639405cb4aed1e68f7d368b3fb62f00000000", 0x1f}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0xd00, 0x0) 08:16:39 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x196, 0x0, 0x0, 0x0) ioctl$KVM_GET_XCRS(0xffffffffffffffff, 0x8188aea6, &(0x7f0000000000)=ANY=[@ANYBLOB="010002ea9400000500ade76e876e03c8cc0000"]) r3 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/pfkey\x00', 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x552, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, r3}, 0x78) read$midi(r3, &(0x7f0000000100)=""/63, 0x3f) ioctl$KVM_SET_CLOCK(r1, 0x4030ae7b, &(0x7f00000000c0)={0x80000001, 0x4}) r4 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000040)='/dev/snapshot\x00', 0x4000, 0x0) ioctl$TUNSETQUEUE(r4, 0x400454d9, &(0x7f0000000080)={'vcan0\x00', 0x400}) ioctl$KVM_KVMCLOCK_CTRL(r2, 0xaead) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 1383.719691][ T27] audit: type=1800 audit(1577520999.451:918): pid=21651 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="file0" dev="loop1" ino=598 res=0 08:16:39 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x196, 0x0, 0x0, 0x0) ioctl$KVM_GET_XCRS(0xffffffffffffffff, 0x8188aea6, &(0x7f0000000000)=ANY=[@ANYBLOB="010002d59400000500ade76e876e03c8cc0000"]) openat$dir(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x4000, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) r3 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000080)='/proc/self/net/pfkey\x00', 0x400000, 0x0) ioctl$KVM_S390_VCPU_FAULT(r3, 0x4008ae52, &(0x7f00000000c0)=0x2) [ 1383.886776][ T27] audit: type=1804 audit(1577520999.481:919): pid=21651 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir643497950/syzkaller.E8iwYA/275/file0/file0" dev="loop1" ino=598 res=1 [ 1383.903321][T21651] FAT-fs (loop1): error, fat_get_cluster: invalid cluster chain (i_pos 17) 08:16:39 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(r0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) sendto$inet6(r0, 0x0, 0x0, 0x20000004, &(0x7f0000000280)={0xa, 0x4e22, 0xfffffffc, @rand_addr="de00"}, 0xfffffffffffffcad) write(r1, &(0x7f0000000380), 0xfffffffe) r2 = socket$packet(0x11, 0x2, 0x300) io_setup(0xffffff7f, &(0x7f0000000040)=0x0) io_getevents(r3, 0x4, 0x2, &(0x7f00000000c0)=[{}, {}], &(0x7f0000000140)={0x0, 0x989680}) setsockopt$SO_ATTACH_FILTER(r2, 0x1, 0x1a, &(0x7f0000fbe000)={0x2, &(0x7f0000000080)=[{0x4000000028, 0x0, 0x0, 0x101}, {0x80000006}]}, 0x10) r4 = accept4(r0, 0x0, 0x0, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x4e24, 0x9, @ipv4={[], [], @rand_addr=0x7}, 0x9}, 0x1c) sendto$inet6(r4, &(0x7f00000000c0), 0xfffffdda, 0x1f4, 0x0, 0x0) [ 1383.943105][T21651] FAT-fs (loop1): Filesystem has been set read-only [ 1383.952047][T21651] FAT-fs (loop1): error, fat_get_cluster: invalid cluster chain (i_pos 17) [ 1383.961819][ T27] audit: type=1804 audit(1577520999.531:920): pid=21663 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir643497950/syzkaller.E8iwYA/275/file0/file0" dev="loop1" ino=598 res=1 08:16:39 executing program 3: r0 = socket$inet(0x2, 0x1, 0xa) bind$inet(r0, &(0x7f0000000280)={0x2, 0x4e23, @broadcast}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) sendto$inet(r0, &(0x7f00000012c0)='\f', 0x3a5, 0x11, 0x0, 0x0) ioctl$sock_inet_udp_SIOCINQ(r0, 0x541b, &(0x7f0000000000)) r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/pfkey\x00', 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x552, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, r1}, 0x78) setsockopt$RXRPC_EXCLUSIVE_CONNECTION(r1, 0x110, 0x3) 08:16:39 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x196, 0x0, 0x0, 0x0) socketpair(0x4, 0x5, 0xba, &(0x7f0000000040)={0xffffffffffffffff}) write$binfmt_elf32(r3, &(0x7f0000000080)={{0x7f, 0x45, 0x4c, 0x46, 0xfc, 0x5, 0x4, 0x1, 0xc00000, 0x2, 0x6, 0x9, 0x1d8, 0x38, 0x191, 0x3, 0x7fff, 0x20, 0x2, 0x9ee, 0x2, 0x100}, [{0x5, 0x9, 0xffffffff, 0x6, 0x366, 0x1, 0x0, 0x6}], "09cd2a61c67c0450436c59759a0812aebd78c7e857fc6cde0a79f06a5e7bad966697d1363105ba527c4da5f1b9e282eaa0fd38ace139f328ac4bd1bc35f99390148313d2b06bddc37e565063f93fe96a9c66199bc5845f78c7384e5c6d9ab1d0bad36ef0ec671cb867"}, 0xc1) ioctl$KVM_GET_XCRS(0xffffffffffffffff, 0x8188aea6, &(0x7f0000000000)=ANY=[@ANYBLOB="010002d59400000500ade76e876e03c8cc0000"]) ioctl$KVM_RUN(r2, 0xae80, 0x0) getsockopt$bt_hci(r3, 0x0, 0xd789a9b69281c279, &(0x7f00000001c0)=""/117, &(0x7f0000000240)=0x75) r4 = gettid() ptrace$setopts(0x4206, r4, 0x0, 0x0) tkill(r4, 0x3c) ptrace$cont(0x18, r4, 0x0, 0x0) ptrace$setregs(0xd, r4, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r4, 0x0, 0x0) ptrace$peek(0x1, r4, &(0x7f0000000280)) 08:16:39 executing program 1: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = memfd_create(&(0x7f00000000c0)='}e:P\xe5\xee', 0x0) write$FUSE_NOTIFY_STORE(r0, &(0x7f0000000480)=ANY=[@ANYBLOB="002000003923e6bd1225e474a21833974bd62244194b53f70dc5fbd366000000000082d203b8ccd70a83c69e000025005c6a569619fab8e70fa772fd98a37cc93104000000d65b0100010000000000e37ade166625bab38fb56ea94a5640b4c499d5d499daed493408d7c1f079409d63810d17ab0ed847b3721141546e8f7e20314f854ef06292918de3492146d7"], 0x4) sendfile(r0, r0, &(0x7f0000000000), 0x10002) mmap(&(0x7f0000000000/0x7000)=nil, 0x7000, 0x80000000004, 0x11, r0, 0x0) r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r1, 0x107, 0x5, &(0x7f0000000080)=@req3, 0x1c) r2 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x552, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78) setsockopt$inet_mreqsrc(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) fchdir(r2) r3 = open(&(0x7f0000000100)='./file0\x00', 0x40c2, 0x40) r4 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) write(r3, &(0x7f0000000600)="34fd98aa1d0e7adec937a5f331a75f487934f50242a0751944936972896c29a5068c8ecba1aa0a4e2a631b5180e1fbde79f4502dc4c4a1fba9dcd9ed83e639aefa1b87631c33d1a82cb0c0035676ddfeb0fe7984d7519b0f839d497fc9d64ef14d1de22220ff2623df4950134b9fb734a52adad95f131cce3672a9d7d7b400d2c62810b5f20351639330948107bf8d4534a03ac389455c54d8eb4d609b3e858b7213b38eb01f0eeaba3739ae927916e28da6a79a3fd5e32d30ab30bf959d4596e5ffbff6789a650b9e7d248d1ba849012336a4f3ef8fab07a8f5b81bb0bc45b2174538315ca12b7c723b2157562564a8a1f19d28179f8c565448e0e921b8c3e6fc4adaafa8b929ad077f633325b6a6f71a586cabc4883e03e19315f946b277858593a7367e232202fe9ad656c6768a1517da7f0498b48cb078e929fb11db0cc551f754bffc4859dd89a396915cc809b07d448573098409ea21371056f67ef4114ec10547f498d24513fe594308bf022868ad21e85bba811942fdc45161a1a8a7fe00d5c6b05ed7954f631bbd12a5c9a5cfa5965e0595de608b04ebe02b3fcbf3b9f57807a1a7ad8528992e2ec65949da2f4a0478dfd3ae52639c15d8aeaa351da6d393b58c772168fae604d097fef4d6b9360eb169a0b0ee70cdc22435a003e68698f61b3b63b1f51011bc8f4ef944c1de821785f670124a1c6ed18335d63412", 0x200) sendfile(r3, r4, 0x0, 0x7fffffa7) r5 = open(&(0x7f0000000040)='./file0\x00', 0x141042, 0x0) sendfile(r5, r3, 0x0, 0xffffffff) [ 1384.682291][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1384.689386][ C1] protocol 88fb is buggy, dev hsr_slave_1 08:16:47 executing program 3: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) request_key(&(0x7f0000000000)='user\x00', &(0x7f0000000040)={'sVz'}, &(0x7f0000000a80), 0xfffffffffffffffd) ioctl$FS_IOC_FSGETXATTR(r0, 0x801c581f, &(0x7f0000000080)={0x6, 0x1000, 0x1, 0x7, 0x6}) r1 = socket$inet(0x2, 0x4000000000000001, 0x0) sendto$inet(r1, 0x0, 0x0, 0x0, 0x0, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000004e00)={&(0x7f0000ff9000/0x4000)=nil, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000ff3000/0x4000)=nil, &(0x7f0000ff2000/0x1000)=nil, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000ff7000/0x3000)=nil, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000ff7000/0x4000)=nil, 0x0, 0x0, r2}, 0x68) socket$inet_udplite(0x2, 0x2, 0x88) r3 = syz_open_procfs(0x0, &(0x7f0000000140)='net/ip_tables_matches\x00\x1b\xf3~\xbf`\xbc\x15A\v\xcb3mo\xe8~\xb2\xe8|\xb8\x85Sr\x82\xe1\x17\xc5\xaf\x1d\xc9\x82}\xd8k\xa8\xa8\xfa\x9aV\x9f\x1f\f\xaf\n\x9aN\xf5\x1aw\\&\xeeZ\x8d\xef\x1b#\'t{Y\xc7 \xcb\xa6:t\xe3\xca\xf0\xafeJ\xd7[E/_%\x96\xa9\x1b\xf8\x93\xbe|\xcf\xd6\xe9\xa3VL\xf6d\xae\xc1\xe8f\xd2eb(\x7f\x13\x87\x84L\x82\"\x8e\x12\x98\x9c\xc9\x9d\x17\x120\xe3~r\x8fV/\xc0\xc5\x1dr`\xd1\xefc\xae3') preadv(r3, &(0x7f00000017c0), 0x3a8, 0x0) 08:16:47 executing program 2: bpf$MAP_CREATE(0x0, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffd}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = memfd_create(&(0x7f0000000500)='+\x8b\x8a\xa9\x16\x11O\xdd\xdfk(F\x99\xdf\x92\xd5>oJ\x02u\x9b\x94a\xac', 0x3) write$binfmt_misc(r2, &(0x7f0000000c40)=ANY=[@ANYRES32], 0xff67) sendfile(r1, r2, &(0x7f0000000000), 0xffff) fcntl$addseals(r2, 0x409, 0x8) r3 = socket$packet(0x11, 0x3, 0x300) r4 = dup3(r3, r2, 0x0) dup3(r4, r0, 0x0) r5 = socket$nl_route(0x10, 0x3, 0x0) r6 = socket$netlink(0x10, 0x3, 0x0) r7 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_S_EXT_CTRLS(r7, 0xc0205648, &(0x7f0000000080)={0x0, 0x7}) vmsplice(r7, &(0x7f0000000700)=[{&(0x7f0000000240)="233867215bf242d2a274e6b6a2999f1b09ca5881ebc38c08993860522621599a91a29b81f3525058e4e43d5be400550dc3afa068f5762ef62ee3e702c9da8a38beff9c8516f119bb107cd65363ceb83bcb223eb7e2477b16e6ba61bc5b1cf325187af88933d08fb2734fdaa5af28aacc51a7fcaeb8b3c4600b75f363b5b87945e2ac765055d12414fb0e3f3441abd5ced7ab7e53e817dde962d9f778ec31f40b5427083bf9e033c1e8a2a00b2a2d1c15f877683087bfeef71de9dd29256199ab", 0xc0}, {&(0x7f00000003c0)="8f8247f1cdc8f99aea5bfd9835de0ee97be0af7d76b2ef669c773f4a13d80f652bdb3670ea89c47ef11898e9104f7f2aff75e535ebe1291bca135c6dcadde18e4274c1c812eaf1cfdc4d9e3cc0a12fcc6dd93d2b27036ce549028cf9c369d8d9d2cad6e648c60eb43bd45bfcae922f8b654949a4b2725a7d735b33be9fa1174ff3ffa3a4ebe67fa977a876e9098ab8c2340a52bec898c47997232f4273dc8a5b0afbf2c92dacffe6130348e935df667ca5d6a6a2332a8598e091ae", 0xbb}, {&(0x7f0000000c80)="e347f6782d710bfbf65338e9d127039a118c3cabfee7f6f738a0ee08e2ec676d9273075fb10e93582b1fd7803212c31e0491b0ef978d7fdbf9699e4dc9d73d1758a44155c9a883f112703077510cc6bc4d1a8f7a78ddf88bdfed6d83de388252b5cb2ca80adffb44d00d98674d6427b84cca9359e898761e50552cdd7ac3f72aafcf91adce373845216faddc58fbb0a55d94e5cd92c92a04b50ee91ab8cd960eca6fc95920ebe1abcd5acba085f75fd616591278b8ba49301e2e535376ea058e62c1c6ce17d088652dc881273d25dc5a110e615603a19b627bec716bc0360d41f1da1d274c25603c7f7b1b31c24a4c3d350c47cd87fb63650d520c355ce27ad77be770f727ff861868e07ce0e6bc5733614c3c6da723a0eee2f91c137309e6033696a22dc4baf872cd8b04bcc01eb88aab49564edac7f44db9e77af473582b3e168dc4817e4a01cfb69f19c7f89529e514065cf41a29b4f8e57525e9f096ee72329d70609f8dd807cb132e1959ad102dd109b44486f441d53c48f9c95c58b94fc088c4748daa8019bf5c805afa90bb6e93e057519bc65421224a940e7604185261ed172dbe5f91249fa069e7b2eeaca5f7454f78d7969dd01269d10aeb98d06f3c423449e9a3430dae1047eb3c873984b86136ab0303b1b280f8dcdd940702bee85482231f158b8c32583a10a781d73c0e5fb45b527428cd21c87da72a86b4251608d61db3d0c2711a482668310b75aa62e031b99bd971e096db3cb09f855e6f82544be01192091f985aa193fc7c949fc56ba1f5ec8c52bceb65ae33fe33fa43e5b54549180774f434cdeac2dda83891bbbb646b23b27486679630c85a7c560d2c0a7f8a662625ab4b1e5ff611f331ffff6e486e48958410a7b91c1106c01aa2a1d9686652194c6cf413c92bdc2076bde071775b020c857a835da9493137a81412d53620fa1eb8679153c1e61a3cc0656cf068900ab7eb71110d24481f3440617124ee5a57d3db6dddaad11e6f12501c39d09b1de15fc19462dbedc2ae34b2e9534a0e04e33c49d3222ed535d845ad6052ce2114ec491a419b1c72f3dd3e90a2acd7b8d4463320f527ed69029f895dca7e28808fd7fd00e0a06d9c9d523699d76b28af4989243e9fa9180379d57be0707de4ab4f81adf4850c0ac562c90abe8679e392ee1a4cc9d2370796717d4b702f4f2c82cd447b6d8246410247a55780b3792bb38b6aaacbdc67e3771784b1afb759697826ad061508a56831d200f7f76896a19c0c284008529cab75dc2fbe4bc6ecf727432e476706536e073d84075e8c4ba4f3f6a603db3b199c24a2de5a1dbc1b6fc9514aaf179dddb73db17d09aff303dc51071de3beb68440277df62f62126b2668744f98a817b6d6742d76286211a5fe4428c7627880f0e235e7526aa345c9ab9baaca385d6b1db73c4b39f0970e4d6afbe0747e6eb9e1040324e18ae488e8fc4f8f6be403325ff9f8549b70f99a0db3726a321b0baef0e758d9248bba5139a1d4b34c3ad7bf9785f59780d739c9c40007ca640d3927dd461a6de4a147cce52e3fe5634319ea9ab5afc1f8327086382649369d06ec88cb6ca933521a02e294aae44f64db8a61b8a393179de321310ca4498ab9b726ae6246fb2d4f9497bcd3389689997bfdf4b84ade74102901307b3140404ba33b9cd33e31e4e6bd981a48af1017a91b8a42d249647f1e356849c79af92f78705a63bb3cad4ea5af09ae624c4b9a9da2f4666fa0512d3e11d204ebd48dbb8e9b059c2b7f02504dede542831c5946344ddcfbde992b661ffa7fb51b00cc96c9829fefbfdf9e5787fa5604ffb6fa05975fef7fc6054d235922eb55acd656a7624652e1dc31186767ec8d326aa8d153c9f4af6e8adda9070dd6740e9c48a6b8ef960efaed6cbbcedd2d388c97e615f3147f4fd543503af8ac7443f3a39d028619833941d803b84f4b56fcefafb9b621339de78cf6670afb6aebf26e0b43f36d74a37b3479bb1d69927d549e15b7f3cb37ae3c32b828a9c5370d1b10a06626b1d5624d35fb4fbc5cbf8059515dfefe85bbb92582ddd685d73c66701145fc3a7ac174f8f1254a61e931cdecc1b23fc1a7368d78ffcbec0fae469d17a050fe5874dba5f49011e47d81eb89d7befb1317bb03f5a2580b33bc8758ac7a31e77613004a1089f598023b0ac13cb79a25e4511745e1207da6fc911c6137ed59e051bd18e9561674c0ee834353bc34577c154aa6400a5e08b7515e8f8fc9fd3230afd099b542759f51bfc5fb72b01c3eb938f371f04c012bb22ab7f5bf753c85f692c68971823930d947751b8290fc2beff32d6d6a1db6993bd05853bf44f00aa32123e83d3f4cd7744e402e87253d2b0fe0f640a84c6312ba6f539d40cc47189f1c8258d971d51a79d2958d667eda003fdf4b8af4ef4de8eaab10b48e30079178a7349b8ca841f0ef8609d8f13f4905bc2a4b9f564cd5b095b961fecd52fff865fcc97a5e5c3cdb46c71a5f43dd59ead8e687f2f0d899acdaf0588dabedba53f03c53635f3f9176973d18a244f1c6c3e0f78ebc1bd4525b3ffc825a3f29867e351e14c987a044dcb9544a37cb6ae64fa52ceb5abaddbc8515111bc15526c01f2b09d0d84245a78a88b9a1ac7c750c814f8af605e6913e53397d26e4f6f266373e86cebcf4903bc00a50823fef16793b3bf1985ee961020036276bcf3d6ee6a901469a90b4bcfe93ca5438c03f4c775bb27475ecdcecadd6b51d564e05fc33da73b698e5d6b646507f753d31cb7859dffeb41097d82846196bb3ca4202aa727d9e4165640e2e3126eca2fa5b0b8b1fb74a2ec9683973353758f98274c4e3ad5448b098c043d1804f6cb222f47c21f115b059c700289b8ff403f08d526d5eeefa50fe985d553d0e95fb974c180e043e1752eec10f1c84c16f4c1d145509b5030cbf1b714f3013c678a5a0e6b3272ceb38bef6c64a5700a010c9c90391d4e20a364efea0c600ae6dce699292074a2ce4bc3242c4d3cee49eb2bd4441f959f7a6f3f7628b41156f87d6567588e720ad8c8b1c909d149e140de2bd9c6ce477dd6f5a8cf90982b4ffd5c2eeba6bbf8b71c562bf4cecdb9b12c5b5e429e4c7893d7ea70b830d2b2f518cff967a19c9fe213bed1267278932d8e2f87b366afda607fe4f72c43e821a11592061e0cf4dd2ffd66271ccafd081c4c76df644f6b9a0fb95c3d96d1706a8864ba98699280999010fbd353ff1400ca6e43abec05063c0c339903233b1a072fdb609c6997df3d1475f2dd99c888d4da326f9400c4bdb481696b6bf878a4db75e75b0f556f5069452babf360bbac79b06c45b32079eb30526245135877024a793dbe7d8e428466e2ecde31dd6f1909e995b48bec2203ef40480d4f886a62412605a35efd6e785eb1fba87ea851fa61567cbc7d3d8cfc811a62cc1aa305a24b4e2f1c73608d3384e5d2c15867854c35f7185ead4097bc0e54c91f06b90242f20429d4d6f86d5613d95becd320188f4bd6da5c67cbc5f0fbb65597974e0241c196e99ed49fe765a1320433a410a2228e31c119047ccb00dbbb9a9d7a90c5c638d7f5791c12e053506175748374f5af4f3555c00c6dde72d06cddc8373ce25c7f753f763b0fcf11bdc1aa2384442ca89c9b81721bd91dc809e44c5fd6f3f0097bb7ec9129b3b68576668cde1e588efc3c1ec96cdaa77cab9e941a7036fcecbfe991c56310e54fb1ad4f63bd5aafc8898c03688dfd7653695a55d281ee2b53446cead2f57df0adb2e42331cd2c3ba95c2a8d4cfa653042bf13aee2c79a25cd550badce07168ba8bf7f4fddfeab7707bb12455f2ba903999a71a59947b14273e5472cd3fef7d6711c5edca08c4333063f213bef55a92b0802f58e489b530bd439e634444fb3c04a480bc47f1750a11f5c23027505689b6e2ed37837bd0344a8cd728b9deff4ab28c3b7f801b682496e7f87653353cbaa6f68e7284bf62cb457a8a458054f27bdfa6e64e41bbeeea9b5757a0da4c72991afa9823db6a14fd83c5e49b22d878028cdeaf7f74a636c91e10825b82ecc05792f40852fc2ca74ffc8e984a0c951c66d28164bbf9ffdc42600fd8a47d5614f15eb8bcde0e866d085c9dfa96763f4f79555908dd048a02bb6a4281eaf4a670632be62444d9eadb594d084c201e85c5fc480ac043f4ad62855d2371567e371278066d901d194e157228952245003cca9eb88008d5e83db15106b8ddeecd16fdb19da505ca6e9f004ad95476536ef4e4307a366b4f126c733b4f6458062f0b18d30bccb627e9099ba66436a9a422ee875e5cee314a64990248880eec48ada4b309c5737287107087f848c5073a13a0a5c2900734243052f164543937f7eb46d1afdbef614ba8bb2fcf0eb771c539c795710f740db96716ab1f20aba900acb22045b2999a68284c4f4226829d02b314adee5cc7fb1faa4463f6aaf081eda70d5cf94eff8831977c72ab6728062b9ce00711e37a95d68046cbb0d2e666b3ad98fce056d5f74ca201f942bb02fd00b30742abcc824c8d12bbcf634911c939b7ec2f3dc702f401eaf81d31505bbd8dadaf46677421428659eef811fbc05559cde01430d54e2565fd071f67854d868a1e25f6088dcce839e74062bbe09bfd4b221447e95c6b70597b8c0ecf11a01e34e6a073d25e02c1b307d3c10c21155aff97dc7ec1f803098bdfdfad2986dd80ba889c221a1a8b603c90d5a4b85c3bd8c62f6e335642bf5f19ade682afa7f29d7b3ce683d5535baca93c1dc541c4d0e8981690514b53fdac9134374af6acf7d362dfacfcd3d1ee181a849070e5291ef8f038f0cf54e5eb3a7fde0d10a9703436024299883ba0344ec9ed86670e02bec9e1770e7a210b7c9e704195444e75b681898c259a89bf05546bf3d8cb18523e5d80ec735ed4a0d4d549b9b90accf2e15bd5cfd35302be2bbeed01c73a7e4029003ae4c1a1a51f3100500dc7f654aff657cc981c5a6989de2b29f0ffc28aaa07377b308e8822eeb111c123c29aafc32dbc1bd0e71190f31caf6507dd116cf382f79d6cf9187a3fef20da011c46e9a1435b5b3b627b374100d9f2c89031b4e164cb4ed0854ec0bf2055cedb91207d0dd38e46ba149fae8cad0e72852122d21400f9cc8754b98ea2098295b3d8c329776e750a869defae398448102a3680d3049940810792b6c2464376298b0c88b9aa30590c91ddb25f5b19106bd2d07264e2a72c21491349642a0180f6841d5576c6748403a90d808a9619350587ecb464fa1eb72d3bac6b4c23596e7cb8431af29af04011959a62bb9b9bf3808d1db0b4bc74cf02e32bcda101465d556a7472a1a747559c1bebd3851fb5088197d878c93a16a9046495fdb03e812bcd2bea427e8ca807ea82723954a53b3e237cf326e4c18d6674080024d993e71e9a5d250f62c8b00fa44db3608d9c81757ac8f92e42aaf79c283c4f9251856765d6f9e7f8b70168eee973c78edb8ca75a3d0f3d4c00190a1eb15b02fdfb1afd078afe93f034723335df6dfb26189163bc896974e4e53fd26d0de7045fe7b2430f27efd86007b08453c81d29add14da78006fe2fc4e5f483f6897ac533f51fbb32be5255801a5780236808cce99cbfd7abbd144a5e1a46ae0c9a93fa58d38742aa693dd1e2615cce8197da38803c3b3b74f20d2829431093e0780164ee47a7d61bd28d9dc620e9f376129c6b676dd64f104bdcd18275607028cdab950ddf01bd264916db27ee80bca0362afe1fbdb592ec1ea5f70294bce928f45ee147da297b84f8dd87c0", 0x1000}, {&(0x7f00000000c0)="6335475b02e30451d41f6198a44f8bc9ebf366ee5880be9cd28342bf", 0x1c}, {&(0x7f0000001c80)="01c3354596b81c2fb19155d6bb71a2be38e31f78fbe97c8d9d697effaaed102dd626ef996d93f118c9620e681000e4b669d0a2d886766607b23dbda6af5e86289a2da96f633ba0e88b35d7b8218c426b7cd2234e6be96cf2a3755b971fadd2b883cab19e1a74c0a22e2eb8df7527941a504dabbdc25b8ca5426c5e95d773d589bcb9923883a89257cf53d4a0bda4e7fa9d4f882a91fbc680b165ffff96e1d4746a9f7256b4c34961b742eda20002a9c81515bf26e5d0926f56469568324748e9e573d1da2b1fa3f836c2ad35cb40210d38e9dce2954b4216230fa461c0e99c84fdfbbd8ec09de3751cfb11158d3c7d8e961f466115fc032a62a73f93d43a4b97e16606df39737735c61e6a5bba8989f4e20628cb4347f79d5a7ebc3f183afd4ac6226692b1508eb8cbc1e571268eae9d944a2eefbd4626d83664c0337772c895c60e1d55391313e87d2d06b7d4f1097ec5c36af902b4c1084d622ebeb0d88daa5a6546eadc4775144ce08599e41fc6dcd63526b49c168ebdaab82d4bd0a99ac75030baa7e3daedef62ccd5d37abdb3a7f6caa197976b5ad567f643ac01c5556b4d666cb1d762486d00b8642fc47bd6576bf31a388aa9e30594769442221a5929ec7d1d8c10828f691a145adfc64c8ef7f68007cc33ffa7e6a3a0007e182c9df08ecfc41462d2877e8b161dcd8a03fa306576fc217c0744b990ee89afdbae257004a8bbb2c983d3533bad8311154a9bbcbfae119cec1974355b0f344583a8094594183026ea00fd8a8a7824b342adf6e772ba8047da8b79093cc39e6d314054ca00ca928af1a14b78ad56c558d8c6fe9180b9740cadb9d1b0bb006fc606b22a0a42fb0901b11ee47299a338ea2f5297c58e7add42d459d4137dcae02f86f44d9d03c5ce93488d2e581fb8203d4cb45f0498f209401e4ae19f2d2072853201e54dd5a03904d33853e60b3eae64384331d13e71b4d89a4454ebe35c5083dc96335a221c9234ac4a4c11334c55096ab734a977983adfe79c27d1d579aa32539cd54bb089b88a75c55676397841bd23ff263a3f17fa550f295338e38a15b3ae5e7764cfd8ccb0e5c668fcfb7e9189b184773a85c4cfa1825bf22a9ad016b5585e33803091893dbb9012abf70845ff86a5b5422f70fbc6722d17209a2edae49ddf31f4e2304841e5bd0196054ed92ba9aeceeae9462ca887f5ccae1fece99a92245ddff78798ad8024ef98ce255c294f8fa60d116ac64c48a9bc3ef156e351242d9c5de8f40d8f926311a0d4633c07bd3492e2e832b58cda6e6565bce0ec97af14492512b547425331335fcd33d746773b7fab1140993cb89540a1483afd5f3cc6ed8b36855c911f1059a1cc69f534a3a3720a8f48d12e4a3a07f6ca609826b3057f84da31401eb9d48b8a9eab4c25ef0644cc15512150f6d09bbd6d7c244283786b74a0abc8d1b8589753f048bad92f85b6e258e910565ac8ccfd7290c0b4a30bae64b8a251df2311c50d3ef4afdc02e7552a01385dbc3c6376b54cf7875d2c23954412f4855e98f9aba237b7fc65e8970f976adf52c548297692858ffeb4dace1fd393a5f9f52b5a49075ca2fdffe42ee01d8e092385c6f5594aa7036bdfd259d53b254191b14c453346b7150a25fe1b140f17693ce71b0c6c4e6472d06e4712ff93ac7abca62d26e713bb8238c45eaea6cadf86c2f5fb25e2ee5f3cfadef9a146c1a61a414b5b9c08da4481252db1d38b7b0614c730eaf423d66bac987b29f04176d05ddc19bb799326afea9de4db120a1777e3715e699b74b8aa10307e26d5531a6c4f55f48949b6a7fc1ce15d85b449aae5558463160c447baf40cb966f62dfd8ffea1ebca0a6daff49c89a2b6bd8b525fcf382387b4be39b86e9270379d83205b3bac3d28293dab02d8db5aa5c535ed45b0c499588eb328f2d4c6baac45ffcde6f3790378bb12672101718af395109a49862467b511e84e3d77258565e18ae11af1747df15d8a05153ec02f184889c04ac210803de6366cd7592faa705300ff63f5faa21a41da3729c3d9e791d16fde9dad922449cf9d50600a51ccbe8bc8e9e5178344219ebbdb013bb664a6ea0ae572c6d6689f417dbf93128d24a5a4d30747013a45993fc94f83aa7b456b0bcd329a885e9b68821de4f079b824df925381dcdbf25c5909cfa41ec8257a8baa681655a068b0e8acaeafee1fa7b1d24733f802f42e6a4746fad10e4a5756e3ae26c6e20d01869f7a79da460e1ef4d30ea5d8f573d123b0d06d58146d30e1609bda54857d40ab9a21d51472d52cf3823c7c7ff8024de01ee1f3f23d7e7269a307a4255c87f8dea0058ae9803d1cbbcbbe8b5c147e9416a8c162cc3d7874e5b3db342b0490dd384428c8eec49db492f151accaef8327fa0fd8a069d8471f7e23f14c77ad69225f34b1baf28019af278483ce9908ed3ce4e9ee50031a9fea500f9c9da1ca874fdfb37733565b47e9b38a443dbd499bd1eb3ce275d930f3b4dd1656f5d48ddacfbbf66004af96b0a16fb69af4f80a4652c17dd6f359ad14060e1fc9fef18a38fb421ea738b597de66050490068287f9b51e6ab92a42f7f06272df1b0ef4695f672d198984619bd7d209e5f7b593cccfdead4e28ace4c8ffec5ca603b02d472c99c7bd781bf7f92775234ec5dd81297adc9930259c44e640eaf54ec6c72ac540488f40e329aef64a27e96fc0f53423fe63c2e91db57f7619dfc3795700eb2b5c922bcb570b2b3acff8ac83370b9f56a0cdf55181c3cbb79ff85a68274ee28ba42c8088c2f1933eaef1cbb423cf337b166cab1a4718ec0401a4a2cca51e181f2d54e1f6c23c8d8a302540318a8db8933ef5313d4d8c58951b77020c1404888f5a1c1fd1735f5d2250ae3520275669da788cd9fdc0973e7360984331166992959c7a9c811b2753540ee0c499d8a3e4190d8d2ce0ca8249e15e430cef0f8589495e52545fd878bd5575250827a22245f5a395006ce2d9080c171d3d05a32a402c2b5b372f6c1d9d6e8124bbeef9858cf93988e2d18d1c3ab02ea1f0cda6dc2321822bc535ded57a648e02cd3c82ceda1ef3ba9fc64bc437f94d911b878697e7412584f33d62e80b8d950ea2d22f2ff65f0c7052fc38af2f986ba159486d8b911ca75c582736a646a0d4938a86e49736f4d9844b627cb53f01a11894c368491bbb63f51cb09530991910bd705147f12296b343fdb3699e7a05ff15d92b75a5824960774969f62c50f649be6863a8eee40ba7542bf871dd27a431cec2267c9f03c2fcc7b18bb8c3275822982cc70fbf627fd271548ad11e31f33e6ee061378a6e6b68ed30942420dd81db01cd412cccdf152b499f46d5b1a9b11a524b6f1d86a020c55f9b7071926fb8bd76d3d80aab24967eecd91e12b5cab1649f3485edfb0fc5e47ba79a0a32b4092633b690d429542ce690968e5021dd7ac700d1e83b7738297620c4194aad500fcb5787034d2a64a71fc2d32bda57b0fb69e1b4a6924c7722e8c43ddb1830a8570d9ef01f15eea50be9308c8dc38b8c879bd9e2415e0f6c874d58d52e8c2bbb79398a7865c89c6d1a2f36de2a6614b6b2e8e426c752232c7f38df1f44ce84c949feaba90037150c331765d8cb2dc1e3f0eea4268fa29b6a883837eceefa151bd6a60d82e5e5a00a1a3f97e1f8a494c7290cc554c1d517de9fd4b47826c76ea862188ea07aeee01dad50aa1a8e207cc5f8f8dd1de145a55c39314b2b029632d3fa5f4f8262c5875128adaf5d6c17b005d050f0a7ea319d40c1011b6de4357609d99229291d29c2141d43115c722c5424125c2312c6165d72a28f4af07ef71d8742afdf28840a817cdbbe868da6f252a9671d086d3a3d8d46800256f23f4977b6321025d0be3c1f35b0bbdb95caf742f0c6f90e5c96eb49103737ae666b634df01a8a59166510281e5031dd1f10f2b424f90a45120f0dafdd929f2264311261924bb18bc655f7588228ff9bcb57f3ee2d24eb57e4069bc821a38f7f9d0f616472b884693b0b26d980441c739a59a42916bcef4ac0eb3f016b7e0f4c4877394dade7e67d26acc307ae81d3d277e1b541749787f1ba162071398e149a0410aa81731fb75130b6c039b1038d5d339cdfbdd715c911660f01c94a4df05f2b062f3f0828688dc7b799a41d133255a64f0277694838728a5097982d7d0a83a570a2f9d5ff2419744f82f5729dfc1e81d62090ce91a4fb3e460abaa2322b59f70f39521b56ede0d067d55223c57cdb6504e504291ac154abbea94bd52a3c6365affdbb5c16fabf9f30c04f65f6c7de3cc69d30c8b71b6c4151dc48519470f5e669be42c3f05091585f296246ed65625e4e88c36cfc3d663258926e8b6afd2d66d388ac452ab3eb76f9e540d41ae40c0d509afdfc0e9266ba991a8350cd9ce1a226855f92504757a08987ac1b9aa4dd66be8bfff096cc1d4488cfef86e750e32736767e8b734320f1e13b2ca440f3fd6521d28e7251b3dde0e3423ac1e93b6a4c2da1eb847d134c075baf1bd379e5d257dfaaf66804fdcd5f9ccf6833f1d7ba8c7dbdaad981c6d8fd7940b5358e172501d5fd68f2dedc31fac9e4df2ea3d917111809049b2dd1275df3cd5bd34fd188b60ebf4f327c5795db1205162324d0dacfaa7afeddcb43fa61c580bd69283b98d5820421cda83a1d75b58e42f1e531b84d23e41483689643e04be35914001b0eacd8bc67b9d0f8bdcb85ec6ff2593457a197b64f058d220e146e67d81f373682e85e2679734e291082623305780bc95a77609e8b087667b8dbdab128e3829abc0294daaa58aca56956ae39553ebabd191e89201e3bb22292633bd1521876732c3b1b2493a376db27379db96cd023c080fcc6964546f6cafee907bcd27ede6cc5c3e056c8a863c7e437366d1a99e2c63e49811d58de5e82146a12a47dfa17c44fac41bf3242617370ff1dfa7a435a282b35bc576088ba300ce8caf395d2bc011cb3e0d5d01a544f47266fbd17a9d39f0c9ee54dc767aafa1f4d74b61239558a8729c211e447164dce5b095dae3a63abe119788bda10e1c1be5cf8ab00e0edf3c38e6dc4a2a62863c499eaf6858b4f6a121de63ac7cea7c1d925a0e800256f34a95c86abef59c6d1cdcccdaa4d025baaac32e60972807dfdc85142a1a8fc4fd9f61104a1574223d2a90ab81312cd54888125b0e79e9aa93e0db870107042a41d0b57a74c8d1a792854eb05aa6ccd05a3da0fc3c769ce675242212cde8d77b43fcde197b48253e96d8587f39b1d900bc01eec594fe928ffcb787dbed278a53ec03cfcd5710def9a6bc69d3a022b555b0aeb7612b03ab5859275622a4a9ecb37478d4d184ac9c23c9810e03af5b58f1e164d4a55dc6a5d3da046a2d57b90918fa5f6dc39dbb5dc656849bc1cecfa0401100704e76cfb760def3b479bce933c4188bdc706e18eb8ed23bc7841d7c9a4ba0504db97725fd0875fb1c86736d9d56cd81010dd256d34163dacfb2ac70b250649f443d78579aa9dc143934d8b13654de4703e3717d71aca8b637def85938e3df82719f52924cfd867b2e4ee013722e8632569d228a17f93570983a4e002d986fbbea31de6421a3c774cc352ddc9a403989c38263d3aa7e787d4b464225699311eb73e8022cd08bb923950492c7ea03ac7c2a3c7039895ce591226a71411236257deb61ce3bcb0022ccf027e8c1aa1d8873606aab663b180bcca131b871ac28bb84453e35d81c09d2b7128ad1d6493ebd3ea3d912e84de2521d78d0ff0057357bdff77e992ba046e79d26c508ad701d", 0x1000}, {&(0x7f0000000540)="8b419af5ce98ede49320601ed547cce6a1e776a38e8fa1c776be7ba75b5d6b8f5a1678cb41fde8621857ee0ad746967055e949d183e258b11a14cf060af9d63b655cbcc9fe86c1c5cf0fbc577112efdf8ba1128c8dc78e85c28e0668171f18684eea7df5d23ad01adeb739c868cfa710b94a9e749417c7caa7ba505620e3058454f0d4018ec0a440a7d9fe0154eafdb824198cda8a5bfd927560d2e9673273fcbdfe764e0db54ace1735bf9d338bbed839b65ae31d3dc1192372766c5407dbf8602a9fe2", 0xc4}, {&(0x7f0000000300)="7c4acdb492045b28709ce1474cb03d2ede6e1a90edf0249a9dc1865b16b3e12a374c3cabd7053fac0437d8a4784999d9f866f8895443384aac4f8f772546035170c7e8be0220cb3c6df08fecf24ef6ef10883d0c13924e1c9d6b4e849a6c109ea577d2176c89bf3111ed20bc4ca5456716", 0x71}, {&(0x7f0000000480)="060436b45a0e10470f27087e197fe9b510180b6925b135131da7f23b3a81b8428170fcef604ea38da15ec98f13a33f295208686dd2e074e7856bce56568e4b548f96e9d1b4e3101ddfd86ee67a77186da0bbbf2743fdac8b7edea3f9d9195810", 0x60}, {&(0x7f0000000640)="ede129a18b39834093db8bcf99b5c9e9a4124e504a74d589e498ae2ba7ed2366e15cfac3cd54198dd5fb67249f0edb10f10cd6c54b43aad252a7aa2667f5cb8e1eabd46f8cc6c42e887420938323fedc9882a0ed56e6d0d6772fca1327ae84816ae8747061015edbbb436aa70bc07ac124ac7a8a5b784713f378598992db8a942ba71956ca05fe1b9721c8faea35cf16935ad3436b8d6d24232876", 0x9b}], 0x9, 0x0) r8 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r8, &(0x7f00000001c0)={0x0, 0xfffffffe, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r8, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x70d, 0x0, 0x0, {0x0, 0x0, 0x0, r9}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_MODE={0x8, 0x1, 0x5}]}}}]}, 0x3c}}, 0x0) r10 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/pfkey\x00', 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x552, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, r10}, 0x78) ioctl$SNDRV_TIMER_IOCTL_STOP(r10, 0x54a1) sendmsg$nl_route(r5, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=ANY=[@ANYBLOB="201e000010000d06e0ffffff0000000000000000", @ANYRES32=r9, @ANYBLOB="b3a7cac600000000"], 0x20}}, 0x0) 08:16:47 executing program 0: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(r0, 0x40086602, 0x400007) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) bpf$MAP_CREATE(0x0, 0x0, 0x0) write$cgroup_subtree(r1, &(0x7f0000000000)=ANY=[], 0x32600) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB], 0xda00) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000080)='cpu.stat\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x7fff}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffc}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) write$cgroup_int(r2, &(0x7f0000000200), 0x43400) ioctl$PERF_EVENT_IOC_MODIFY_ATTRIBUTES(r1, 0x4008240b, &(0x7f0000000280)={0x0, 0x70, 0xff, 0x1, 0x0, 0x3, 0x0, 0x100000000, 0xc17d06253f1d94fb, 0x2, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x8000, 0x4, @perf_config_ext={0x4, 0x1f}, 0x800, 0x8239, 0x7fff, 0x1, 0x1000, 0x9, 0x7}) 08:16:47 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/\bev/kvm\x00', 0x4801, 0x0) r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/pfkey\x00', 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x552, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, r1}, 0x78) r2 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0}, &(0x7f0000000280)=0x5) setuid(r3) r4 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_S_EXT_CTRLS(r4, 0xc0205648, &(0x7f0000000080)={0x0, 0x7}) sendmsg$nl_netfilter(r1, &(0x7f0000000800)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f00000007c0)={&(0x7f00000008c0)=ANY=[@ANYBLOB="a00500000f02010029bd7000fbdbdf250c0000048c027d0008000b00", @ANYRES32=r3, @ANYBLOB="1400490000000000000000000000ffffac1e0101380032002f6b657972696e67776c616e3123656d317b2d73656c667d70707031275b73656375726974792d6367726f757062646576000000ef4aadaf0fef50135e7affbb4bb9da3e783356a48194a9a478bf665c53ff766ef178713a4a864911792784f5e4c15b30e78179f2c1233d79307083342c4561e59743fb5584971bbc56b7ebac102fb87b02db251f2a6c34132846581d6969844476b60c5a45fe5de99be2191bb7eef0e49ecd5d653c4f1543dc5c8c179b951d4b07f6a23cab0d9735e02efc11139d9cb4d7755df131609d0f601d98fa422663be346520c17650a79e5364938fc885e5c22bcc35b1f4964411b7e9a56762a868574421afdf58c40df65fc4d2d145805ccd82e8d1e3f884f61c7cc3ddaf43e44f47c9cefcb2ca182765a63417e0a1104364422fe967afda60b483c134161a3f225594f2e6af5f12d256cbea7f0301cb7b5036846feb975f0e180cc3cd5d7cb904cce2220c83180742c078ce9e4b572b3e93e06756aa8dfe1d17e0f862d5bbcae38489889a295a84ca3af48c182fff2f61c8928c8def9c86c6be96c626aab3430d116389fa5ac3ab171e76e51f00bcb2fa40bf84204264a5d98c3bcf69a7ef6b492c70084bb5dc990b75f33bd7323915c50024559730f53917a5940f7a3d9ff323fe5308005900", @ANYRES32=r4, @ANYBLOB="c0512cea4f9f6304b46a1d53c347ae58aa588827a4b15565309ae8b1efbb8876f5ca76c9cfb22f90acfc17c9c0aa9c6248abe1e5b78cc0900ed2dc7f833c90684deb6c6dd8febc3deda8833e315db1c9ce568a15f6ccc7fe0372440613cd1f4ac08a42127f6f45df2637d1b3d259d09ab2a007c005c0a7e023c69b3e094739457be009402000000014013900040014001669f8a7a753946bff1ceb41e96aae66bcf66ff969200eb7c9698b459da604a3818e5729731336aee1e7f1f32592b030da145c673de6c504008f0098000d0048df3b05a6440ff131f0259d7b94062b5909452f901aebc6d0c04aae7ab22604f394c4428902140b189a9e1a34e67e7b9f0f59bee3976cada286eff1a75d7b905d2e595b41a2c3e60d5a1d29bb55bd3a71785a2a354c7b55f9a992922e425bc49c2e88a5149338ad210bcaeb3ecd6fbbf650ee6332b4351469a4d1d399ee7c512628dd7a83c88f294b70c1f0a919edd643bad6213800060097d04e0a317c612992bff5e01e206c64f9dca9a20d8b0aa1728e35d41b9ae3eb3731fb02d7ab4856a1a0021c79acbdb1a01fd90000000120007fd35d51450400410072df1867d8a3961a8cf093d185523b7b41766190c49324b5cf7d14e4179c49298807cb25e2e75aa828ba96e3fbe2980adceb582aff0c4f6e3427d4ead502f4b99f59f45017a93e8a09cdbefcee4f8542d7c5d0393b70bd7db5ae42357fd26337d40316215df5e05c8916f45f18f59c63d52fbb99026533bab074d9d66c3740c75d68b92fee010feabb580ffe26b749f7417e884c850f7f555c203203a5a898bcbadcd9c5bf0a016d82a06b0dae9ed344f9915edb7a006eecc0e2ae81df1c1fcc26632c8ce79434dde64169adcd8e6d0cc9767d2b62b81dddaa51a160e8d46b3dd370c9994bcae762e1eea9760216a5ca93162ce3149ce8f19cd8d7f18d0000ccbc80597ef9417f9b29456e9c5a8cba2c3e4ac3e9d42c1b30c7ee2d0b15267d68450e0e6a3c17ff27df18fd00798ccb222faf1fb94ee777946aa30092629e8f7ad6547839b7d6b8fa7ac57bee78848211c8cc0787c68b267bfdf350ad1f299a9e3e03b6ffc72bdfe95c191a30bd738b5fb81705cac02ef53f1e5ed49a1e9be073c660acbea0e1c7c0dccee31b9cc75bb3243979799d7bc111bf4ba3c368414b0b4c9622eb9f4466d4d8c0425c638c3029687f60b5b0b25ee812fe99660ae6fd08e09fb9f8a4bcb3aafa5426dc0a516c477c5dd61f79c37739aade98360c0082000700"/919], 0x5a0}, 0x1, 0x0, 0x0, 0x40}, 0x0) ioctl$HCIINQUIRY(r1, 0x800448f0, &(0x7f00000000c0)={0x2, 0x0, "f23be3", 0x8, 0x3}) r5 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r6 = gettid() ptrace$setopts(0x4206, r6, 0x0, 0x0) tkill(r6, 0x3c) ptrace$cont(0x18, r6, 0x0, 0x0) ptrace$setregs(0xd, r6, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r6, 0x0, 0x0) r7 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/pfkey\x00', 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x552, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, r7}, 0x78) pipe(&(0x7f0000000300)={0xffffffffffffffff}) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000280)={r8, 0xc0, &(0x7f0000000340)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000), 0x0, 0x0, 0x0, &(0x7f0000000140)={0x48, 0x3}, 0x0, 0x0, &(0x7f00000001c0)={0x5, 0xc, 0x4, 0x57}, &(0x7f0000000200)=0xffffffff, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000240)=0x1}}, 0x10) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000400)={r9}, 0xc) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000880)={r6, r7, 0x0, 0x15, &(0x7f0000000840)='/proc/self/net/pfkey\x00', r9}, 0x30) r10 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0x4020ae46, &(0x7f0000000080)={0x10000, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r10, &(0x7f0000000000/0x18000)=nil, 0x0, 0x196, 0x0, 0x0, 0x0) ioctl$KVM_GET_XCRS(0xffffffffffffffff, 0x8188aea6, &(0x7f0000000000)=ANY=[@ANYBLOB="010002d59400000d00ade76e876e03c8cc0800"]) ioctl$KVM_RUN(r10, 0xae80, 0x0) write$tun(r1, &(0x7f0000000100)={@val={0x0, 0x1a}, @void, @eth={@broadcast, @remote, [{[{0x9100, 0x6, 0x1, 0x3}], {0x8100, 0x2, 0x0, 0x3}}], {@ipv4={0x800, {{0x13, 0x4, 0x1, 0x2, 0x73, 0x64, 0xfb, 0xe7, 0xbf9a6aa42cbc9b13, 0x0, @multicast2, @empty, {[@rr={0x7, 0x13, 0xf1, [@rand_addr=0xff, @multicast1, @loopback, @multicast1]}, @ssrr={0x89, 0x1f, 0x6, [@broadcast, @multicast1, @dev={0xac, 0x14, 0x14, 0xf}, @local, @multicast1, @initdev={0xac, 0x1e, 0x1, 0x0}, @broadcast]}, @ra={0x94, 0x6, 0x3}]}}, @tipc=@payload_direct={{{{0x27, 0x0, 0x1, 0x0, 0x0, 0x8, 0x2, 0x2, 0x0, 0x0, 0x3, 0x1, 0x0, 0x3, 0xf6c, 0x6, 0x2, 0xfff, 0x4e20}, 0x1, 0x2}}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}}}}}, 0x8d) 08:16:47 executing program 1: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x552, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78) setsockopt$inet_mreqsrc(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) fchdir(r0) r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/pfkey\x00', 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x552, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, r1}, 0x78) ioctl$SNDRV_PCM_IOCTL_READI_FRAMES(r1, 0x80184151, &(0x7f0000000000)={0x0, &(0x7f0000000300)="f473b66edce23d32c6361aa6eb9a1fb913ba7c1160d409cc2dfba09fe17ba0816c17487c3d2265fe54a8eecf1b40997f33f90e717f999db2572a797950dc43827d1af2af8525ee4c86f00959fd091aa8de84f4349ab680ce385f1bec5cde8774877a559e49dcf0a1638ca72315892b370faa5fe15423aee0fabc36a362526ed24d0aae13e9ced41efe376392eb03b2bd4208513670f45fc98a03620b206ae89229402a4e64cdc3cabae40f6c8ba527f41c", 0xb1}) r2 = open(&(0x7f0000000100)='./file0\x00', 0x40c2, 0x40) sendmmsg(0xffffffffffffffff, &(0x7f000000b9c0)=[{{&(0x7f00000000c0)=@rc={0x1f, {0x0, 0x0, 0x0, 0x0, 0x80}}, 0x80, 0x0}}], 0x1, 0x0) r3 = socket$inet_sctp(0x2, 0x1, 0x84) getsockopt$inet_sctp_SCTP_PR_STREAM_STATUS(r3, 0x84, 0x73, &(0x7f00000000c0)=""/231, &(0x7f0000000000)=0xe7) r4 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) write(r2, &(0x7f0000000600)="34fd98aa1d0e7adec937a5f331a75f487934f50242a0751944936972896c29a5068c8ecba1aa0a4e2a631b5180e1fbde79f4502dc4c4a1fba9dcd9ed83e639aefa1b87631c33d1a82cb0c0035676ddfeb0fe7984d7519b0f839d497fc9d64ef14d1de22220ff2623df4950134b9fb734a52adad95f131cce3672a9d7d7b400d2c62810b5f20351639330948107bf8d4534a03ac389455c54d8eb4d609b3e858b7213b38eb01f0eeaba3739ae927916e28da6a79a3fd5e32d30ab30bf959d4596e5ffbff6789a650b9e7d248d1ba849012336a4f3ef8fab07a8f5b81bb0bc45b2174538315ca12b7c723b2157562564a8a1f19d28179f8c565448e0e921b8c3e6fc4adaafa8b929ad077f633325b6a6f71a586cabc4883e03e19315f946b277858593a7367e232202fe9ad656c6768a1517da7f0498b48cb078e929fb11db0cc551f754bffc4859dd89a396915cc809b07d448573098409ea21371056f67ef4114ec10547f498d24513fe594308bf022868ad21e85bba811942fdc45161a1a8a7fe00d5c6b05ed7954f631bbd12a5c9a5cfa5965e0595de608b04ebe02b3fcbf3b9f57807a1a7ad8528992e2ec65949da2f4a0478dfd3ae52639c15d8aeaa351da6d393b58c772168fae604d097fef4d6b9360eb169a0b0ee70cdc22435a003e68698f61b3b63b1f51011bc8f4ef944c1de821785f670124a1c6ed18335d63412", 0x200) sendfile(r2, r4, 0x0, 0x7fffffa7) r5 = open(&(0x7f0000000040)='./file0\x00', 0x141042, 0x0) sendfile(r5, r2, 0x0, 0xffffffff) 08:16:47 executing program 5: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000000)="6653070000053c07bc3376003639405cb4aed1e68f7d368b3fb62f00000000", 0x1f}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0xe00, 0x0) [ 1392.191333][ T27] audit: type=1800 audit(1577521007.921:921): pid=21726 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="file0" dev="loop1" ino=599 res=0 [ 1392.213647][T21720] netlink: 'syz-executor.2': attribute type 1 has an invalid length. 08:16:48 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r3 = openat$vcsa(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vcsa\x00', 0x404101, 0x0) ioctl$SNDRV_TIMER_IOCTL_INFO(r3, 0x80e85411, &(0x7f0000000080)=""/79) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x196, 0x0, 0x0, 0x0) openat$vsock(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/vsock\x00', 0x2, 0x0) ioctl$KVM_GET_XCRS(0xffffffffffffffff, 0x8188aea6, &(0x7f0000000000)=ANY=[@ANYBLOB="010002d59400000500ade76e876e09c8cc0000"]) getsockopt$SO_J1939_SEND_PRIO(r3, 0x6b, 0x3, &(0x7f0000000100), &(0x7f0000000140)=0x4) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 1392.246900][ T27] audit: type=1804 audit(1577521007.961:922): pid=21726 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir643497950/syzkaller.E8iwYA/277/file0/file0" dev="loop1" ino=599 res=1 [ 1392.314560][T21733] netlink: 'syz-executor.2': attribute type 1 has an invalid length. [ 1392.337410][ T27] audit: type=1804 audit(1577521008.021:923): pid=21735 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir643497950/syzkaller.E8iwYA/277/file0/file0" dev="loop1" ino=599 res=1 [ 1392.385983][ C0] ================================================================== [ 1392.394163][ C0] BUG: KCSAN: data-race in inc_node_page_state / release_pages [ 1392.401705][ C0] [ 1392.404057][ C0] write to 0xffffea00025faa80 of 8 bytes by task 21726 on cpu 1: [ 1392.411782][ C0] release_pages+0x427/0x980 [ 1392.416376][ C0] __pagevec_release+0x53/0x90 [ 1392.421146][ C0] invalidate_mapping_pages+0x741/0x900 [ 1392.426710][ C0] __generic_file_write_iter+0x365/0x380 [ 1392.432363][ C0] generic_file_write_iter+0x28c/0x38c [ 1392.437834][ C0] do_iter_readv_writev+0x487/0x5b0 [ 1392.443043][ C0] do_iter_write+0x13b/0x3c0 [ 1392.447636][ C0] vfs_iter_write+0x5c/0x80 [ 1392.452139][ C0] iter_file_splice_write+0x530/0x840 [ 1392.458112][ C0] direct_splice_actor+0xa0/0xc0 [ 1392.463051][ C0] splice_direct_to_actor+0x22b/0x540 [ 1392.468415][ C0] do_splice_direct+0x161/0x1e0 [ 1392.473258][ C0] do_sendfile+0x384/0x7f0 [ 1392.477666][ C0] __x64_sys_sendfile64+0x12a/0x140 [ 1392.482868][ C0] do_syscall_64+0xcc/0x3a0 [ 1392.487375][ C0] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1392.493249][ C0] [ 1392.495574][ C0] read to 0xffffea00025faa80 of 8 bytes by interrupt on cpu 0: [ 1392.503131][ C0] inc_node_page_state+0x1d/0xc0 [ 1392.508064][ C0] test_clear_page_writeback+0x33f/0x790 [ 1392.513690][ C0] end_page_writeback+0x9e/0x190 [ 1392.518624][ C0] end_buffer_async_write+0x2dc/0x3a0 [ 1392.524624][ C0] end_bio_bh_io_sync+0x87/0xb0 [ 1392.529478][ C0] bio_endio+0x2fa/0x400 [ 1392.533725][ C0] blk_update_request+0x427/0x7b0 [ 1392.538863][ C0] blk_mq_end_request+0x3f/0x2b0 [ 1392.543802][ C0] lo_complete_rq+0x136/0x1a0 [ 1392.548477][ C0] blk_done_softirq+0x1eb/0x250 [ 1392.553332][ C0] __do_softirq+0x115/0x33f [ 1392.557849][ C0] run_ksoftirqd+0x46/0x60 [ 1392.562261][ C0] smpboot_thread_fn+0x37d/0x4a0 [ 1392.567192][ C0] kthread+0x1d4/0x200 [ 1392.571261][ C0] ret_from_fork+0x1f/0x30 [ 1392.575663][ C0] [ 1392.577979][ C0] Reported by Kernel Concurrency Sanitizer on: [ 1392.584152][ C0] CPU: 0 PID: 9 Comm: ksoftirqd/0 Not tainted 5.5.0-rc1-syzkaller #0 [ 1392.592213][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1392.602262][ C0] ================================================================== [ 1392.610309][ C0] Kernel panic - not syncing: panic_on_warn set ... [ 1392.616893][ C0] CPU: 0 PID: 9 Comm: ksoftirqd/0 Not tainted 5.5.0-rc1-syzkaller #0 [ 1392.625041][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1392.635097][ C0] Call Trace: [ 1392.638401][ C0] dump_stack+0x11d/0x181 [ 1392.642729][ C0] panic+0x210/0x640 [ 1392.646634][ C0] ? vprintk_func+0x8d/0x140 [ 1392.651218][ C0] kcsan_report.cold+0xc/0xd [ 1392.656082][ C0] kcsan_setup_watchpoint+0x3fe/0x460 [ 1392.661448][ C0] __tsan_read8+0xc6/0x100 [ 1392.665873][ C0] inc_node_page_state+0x1d/0xc0 [ 1392.670803][ C0] test_clear_page_writeback+0x33f/0x790 [ 1392.676437][ C0] end_page_writeback+0x9e/0x190 [ 1392.681372][ C0] end_buffer_async_write+0x2dc/0x3a0 [ 1392.686739][ C0] ? block_invalidatepage+0x320/0x320 [ 1392.692106][ C0] end_bio_bh_io_sync+0x87/0xb0 [ 1392.696950][ C0] ? invalidate_bh_lrus+0x40/0x40 [ 1392.701969][ C0] bio_endio+0x2fa/0x400 [ 1392.706203][ C0] ? bio_advance+0x1f1/0x270 [ 1392.710786][ C0] blk_update_request+0x427/0x7b0 [ 1392.715809][ C0] ? perf_log_itrace_start+0x270/0x270 [ 1392.721260][ C0] blk_mq_end_request+0x3f/0x2b0 [ 1392.726197][ C0] lo_complete_rq+0x136/0x1a0 [ 1392.730877][ C0] blk_done_softirq+0x1eb/0x250 [ 1392.735721][ C0] __do_softirq+0x115/0x33f [ 1392.740221][ C0] ? takeover_tasklets+0x250/0x250 [ 1392.745329][ C0] run_ksoftirqd+0x46/0x60 [ 1392.749734][ C0] smpboot_thread_fn+0x37d/0x4a0 [ 1392.754664][ C0] kthread+0x1d4/0x200 [ 1392.758728][ C0] ? constant_test_bit.constprop.0+0x30/0x30 [ 1392.764715][ C0] ? kthread_unpark+0xe0/0xe0 [ 1392.769407][ C0] ret_from_fork+0x1f/0x30 [ 1392.775383][ C0] Kernel Offset: disabled [ 1392.779749][ C0] Rebooting in 86400 seconds..