Warning: Permanently added '10.128.0.171' (ECDSA) to the list of known hosts. 2020/07/18 00:10:30 fuzzer started 2020/07/18 00:10:30 dialing manager at 10.128.0.26:33695 2020/07/18 00:10:30 syscalls: 3087 2020/07/18 00:10:30 code coverage: enabled 2020/07/18 00:10:30 comparison tracing: CONFIG_KCOV_ENABLE_COMPARISONS is not enabled 2020/07/18 00:10:30 extra coverage: enabled 2020/07/18 00:10:30 setuid sandbox: enabled 2020/07/18 00:10:30 namespace sandbox: enabled 2020/07/18 00:10:30 Android sandbox: enabled 2020/07/18 00:10:30 fault injection: enabled 2020/07/18 00:10:30 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2020/07/18 00:10:30 net packet injection: enabled 2020/07/18 00:10:30 net device setup: enabled 2020/07/18 00:10:30 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2020/07/18 00:10:30 devlink PCI setup: PCI device 0000:00:10.0 is not available 2020/07/18 00:10:30 USB emulation: /dev/raw-gadget does not exist 00:12:37 executing program 0: syslog(0x2, &(0x7f0000000100)=""/147, 0x93) syzkaller login: [ 258.351173][ T32] audit: type=1400 audit(1595031157.758:8): avc: denied { execmem } for pid=8455 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 [ 258.684602][ T8456] IPVS: ftp: loaded support on port[0] = 21 [ 258.907472][ T8456] chnl_net:caif_netlink_parms(): no params data found [ 259.157072][ T8456] bridge0: port 1(bridge_slave_0) entered blocking state [ 259.164883][ T8456] bridge0: port 1(bridge_slave_0) entered disabled state [ 259.174276][ T8456] device bridge_slave_0 entered promiscuous mode [ 259.186358][ T8456] bridge0: port 2(bridge_slave_1) entered blocking state [ 259.194506][ T8456] bridge0: port 2(bridge_slave_1) entered disabled state [ 259.203839][ T8456] device bridge_slave_1 entered promiscuous mode [ 259.254904][ T8456] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 259.271207][ T8456] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 259.320449][ T8456] team0: Port device team_slave_0 added [ 259.332169][ T8456] team0: Port device team_slave_1 added [ 259.374902][ T8456] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 259.381970][ T8456] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 259.408747][ T8456] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 259.423796][ T8456] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 259.430853][ T8456] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 259.457074][ T8456] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 259.609573][ T8456] device hsr_slave_0 entered promiscuous mode [ 259.674345][ T8456] device hsr_slave_1 entered promiscuous mode [ 259.995903][ T8456] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 260.051214][ T8456] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 260.210525][ T8456] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 260.380369][ T8456] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 260.695307][ T8456] 8021q: adding VLAN 0 to HW filter on device bond0 [ 260.733925][ T3087] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 260.743113][ T3087] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 260.775324][ T8456] 8021q: adding VLAN 0 to HW filter on device team0 [ 260.799682][ T3087] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 260.809952][ T3087] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 260.820693][ T3087] bridge0: port 1(bridge_slave_0) entered blocking state [ 260.828047][ T3087] bridge0: port 1(bridge_slave_0) entered forwarding state [ 260.867765][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 260.876997][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 260.887375][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 260.896770][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 260.904048][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 260.914532][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 260.970298][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 260.981219][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 260.992965][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 261.003290][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 261.013701][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 261.028438][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 261.038573][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 261.048446][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 261.064087][ T30] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 261.075433][ T30] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 261.092229][ T8456] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 261.148815][ T30] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 261.156594][ T30] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 261.179082][ T8456] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 261.240350][ T30] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 261.250320][ T30] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 261.294230][ T30] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 261.303655][ T30] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 261.325094][ T8456] device veth0_vlan entered promiscuous mode [ 261.340412][ T30] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 261.349677][ T30] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 261.368189][ T8456] device veth1_vlan entered promiscuous mode [ 261.419620][ T30] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 261.429842][ T30] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 261.439253][ T30] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 261.449206][ T30] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 261.467270][ T8456] device veth0_macvtap entered promiscuous mode [ 261.483132][ T8456] device veth1_macvtap entered promiscuous mode [ 261.521535][ T8456] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 261.530725][ T30] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 261.540326][ T30] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 261.549663][ T30] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 261.559562][ T30] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 261.578735][ T8456] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 261.604212][ T30] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 261.614412][ T30] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready 00:12:42 executing program 0: mkdir(&(0x7f0000000240)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000040)='devpts\x00', 0x0, 0x0) umount2(&(0x7f0000000140)='./file0\x00', 0x4) mount(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x940020, 0x0) 00:12:42 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0xd, 0x4, &(0x7f0000346fc8)=@framed={{}, [@alu={0x8000000201a7f19, 0x0, 0x201a7fa6, 0x5, 0x1, 0x64}]}, &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x287b361ae6c523fa, 0x10, &(0x7f0000000000), 0x128}, 0x48) 00:12:42 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0xd, 0x4, &(0x7f0000346fc8)=@framed={{}, [@alu={0x8000000201a7f19, 0x0, 0x201a7fa6, 0x5, 0x1, 0x64}]}, &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x287b361ae6c523fa, 0x10, &(0x7f0000000000), 0x128}, 0x48) 00:12:43 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0xd, 0x4, &(0x7f0000346fc8)=@framed={{}, [@alu={0x8000000201a7f19, 0x0, 0x201a7fa6, 0x5, 0x1, 0x64}]}, &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x287b361ae6c523fa, 0x10, &(0x7f0000000000), 0x128}, 0x48) 00:12:43 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0xd, 0x4, &(0x7f0000346fc8)=@framed={{}, [@alu={0x8000000201a7f19, 0x0, 0x201a7fa6, 0x5, 0x1, 0x64}]}, &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x287b361ae6c523fa, 0x10, &(0x7f0000000000), 0x128}, 0x48) 00:12:43 executing program 0: r0 = gettid() rt_sigqueueinfo(r0, 0x11, &(0x7f0000000080)={0x0, 0x0, 0x3}) 00:12:43 executing program 0: r0 = socket$inet(0x2, 0x1, 0x0) ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(r0, 0x89f0, &(0x7f0000000100)={'ip_vti0\x00', &(0x7f0000000080)={'gretap0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, {{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, 0x0, 0x0, @empty, @multicast1}}}}) 00:12:43 executing program 0: mknod$loop(&(0x7f0000000040)='./file0\x00', 0x6000, 0x1) clone(0x26102900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f0000000000)=@filename='./file0\x00', &(0x7f0000000180)='./file0\x00', &(0x7f0000000100)='squashfs\x00', 0x0, 0x0) write$binfmt_script(0xffffffffffffffff, 0x0, 0xfea7) r0 = creat(&(0x7f0000000080)='./file0\x00', 0x50) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000001240)='TIPCv2\x00') sendmsg$TIPC_NL_PEER_REMOVE(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000840)={&(0x7f0000000000)={0x38, r2, 0xc8ef0a4335e6829f, 0x0, 0x0, {0xf}, [@TIPC_NLA_NET={0x24, 0x7, 0x0, 0x1, [@TIPC_NLA_NET_NODEID={0xc}, @TIPC_NLA_NET_ADDR={0x44}, @TIPC_NLA_NET_NODEID_W1={0xc}]}]}, 0x38}}, 0x0) sendmsg$TIPC_NL_BEARER_DISABLE(r0, &(0x7f0000000200)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x30, r2, 0x800, 0x70bd26, 0x25dfdbfd, {}, [@TIPC_NLA_MON={0x1c, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_REF={0x8, 0x2, 0x3}, @TIPC_NLA_MON_REF={0x8}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x9}]}]}, 0x30}, 0x1, 0x0, 0x0, 0x4800}, 0x800) [ 264.195719][ T2967] blk_update_request: I/O error, dev loop1, sector 0 op 0x0:(READ) flags 0x800 phys_seg 1 prio class 0 [ 264.207477][ T8706] SQUASHFS error: Failed to read block 0x0: -5 [ 264.214150][ T8706] unable to read squashfs_super_block [ 264.226467][ T8707] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.0'. [ 264.240392][ T2967] blk_update_request: I/O error, dev loop1, sector 0 op 0x0:(READ) flags 0x800 phys_seg 1 prio class 0 [ 264.261749][ T8709] SQUASHFS error: Failed to read block 0x0: -5 [ 264.268059][ T8709] unable to read squashfs_super_block [ 264.285102][ T8706] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.0'. 00:12:44 executing program 1: r0 = openat$snapshot(0xffffff9c, &(0x7f0000000000)='/dev/snapshot\x00', 0x0, 0x0) ioctl$SNAPSHOT_SET_SWAP_AREA(r0, 0x400c330d, &(0x7f0000000040)={0x6, 0x5}) r1 = openat$dlm_control(0xffffff9c, &(0x7f0000000080)='/dev/dlm-control\x00', 0x1, 0x0) ioctl$KDFONTOP_COPY(r1, 0x4b72, &(0x7f00000004c0)={0x3, 0x0, 0xb, 0xa, 0x1ba, &(0x7f00000000c0)}) r2 = openat$btrfs_control(0xffffff9c, &(0x7f0000000500)='/dev/btrfs-control\x00', 0x15d040, 0x0) ioctl$EVIOCGABS0(r2, 0x80184540, &(0x7f0000000540)=""/4096) prctl$PR_SET_THP_DISABLE(0x29, 0x0) ioctl$TIOCSERGETLSR(r1, 0x5459, &(0x7f0000001540)) openat$6lowpan_enable(0xffffff9c, &(0x7f0000001580)='/sys/kernel/debug/bluetooth/6lowpan_enable\x00', 0x2, 0x0) setsockopt$inet_sctp_SCTP_AUTH_DEACTIVATE_KEY(r2, 0x84, 0x23, &(0x7f00000015c0)={0x0, 0x8}, 0x8) r3 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_IRQFD(r3, 0x4020ae76, &(0x7f0000001600)={r2, 0x0, 0x2}) getsockopt$inet_sctp6_SCTP_STATUS(0xffffffffffffffff, 0x84, 0xe, &(0x7f0000001640)={0x0, 0x1f, 0x5, 0x8001, 0x5, 0x1ff, 0x7f, 0x2, {0x0, @in={{0x2, 0x4e23, @empty}}, 0xfffffff9, 0x1, 0xffff8001, 0x5}}, &(0x7f0000001700)=0xb0) setsockopt$inet_sctp_SCTP_RECONFIG_SUPPORTED(r2, 0x84, 0x75, &(0x7f0000001740)={r4, 0x6}, 0x8) r5 = dup(r2) ioctl$VIDIOC_G_SELECTION(r5, 0xc040565e, &(0x7f0000001780)={0x6, 0x101, 0x6, {0xfff, 0x5, 0xffff9140, 0x60000}}) ioctl$SIOCX25GCAUSEDIAG(r2, 0x89e6, &(0x7f00000017c0)={0x9, 0x5}) write$RDMA_USER_CM_CMD_RESOLVE_IP(r1, &(0x7f0000001800)={0x3, 0x40, 0xfa00, {{0xa, 0x4e20, 0x5, @rand_addr=' \x01\x00', 0x68}, {0xa, 0x4e23, 0x9, @private1, 0xfffffffc}, 0xffffffffffffffff, 0x1}}, 0x48) r6 = syz_open_dev$vcsu(&(0x7f0000001880)='/dev/vcsu#\x00', 0x3ff, 0xcc41) sendmsg$NFNL_MSG_CTHELPER_NEW(r6, &(0x7f00000019c0)={&(0x7f00000018c0)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000001980)={&(0x7f0000001900)={0x48, 0x0, 0x9, 0x101, 0x0, 0x0, {0xc, 0x0, 0x5}, [@NFCTH_TUPLE={0x1c, 0x2, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x88}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x88}}]}, @NFCTH_NAME={0x9, 0x1, 'syz0\x00'}, @NFCTH_POLICY={0xc, 0x4, 0x0, 0x1, {0x8, 0x1, 0x1, 0x0, 0x3f}}]}, 0x48}, 0x1, 0x0, 0x0, 0x11}, 0x11) [ 265.710038][ T8714] IPVS: ftp: loaded support on port[0] = 21 [ 266.030581][ T8714] chnl_net:caif_netlink_parms(): no params data found [ 266.200131][ T8714] bridge0: port 1(bridge_slave_0) entered blocking state [ 266.208348][ T8714] bridge0: port 1(bridge_slave_0) entered disabled state [ 266.217769][ T8714] device bridge_slave_0 entered promiscuous mode [ 266.234353][ T8714] bridge0: port 2(bridge_slave_1) entered blocking state [ 266.241860][ T8714] bridge0: port 2(bridge_slave_1) entered disabled state [ 266.251380][ T8714] device bridge_slave_1 entered promiscuous mode 00:12:45 executing program 0: mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0) clone(0x2000000002000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000000a000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f00005f7ffb)='nfs4\x00', 0x0, &(0x7f000000a000)) r0 = memfd_create(&(0x7f0000000100)='\'\'\xdf\xdb\xf7,\xbf\x9f6\t\xf6^N\xa7\\7\xb1Qo\xfe=1\xe5Pu\xd5%v\xa7\'\xbb9\"\xf8\xea\xfd\t\xefg\xf7\xde~\x15\xda\xf6Y\xd7\xc5\x86\x0f\x7f\xb7\x1cgL\xb8\xe2\xad\xf9Bt4\xd2;\x1c\xa2\x9d\xc8\xb1\x7fT\xc1\xac\xc0@t\xac\x01m6C\xdc\xea1\x81\x96P\x00', 0x0) write(r0, &(0x7f0000000080)='/', 0x1) r1 = openat$dlm_plock(0xffffff9c, &(0x7f0000000180)='/dev/dlm_plock\x00', 0x100, 0x0) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x11, r0, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) write(r4, &(0x7f0000000180)='>', 0x1) write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(r4, &(0x7f0000000280)={0x10, 0x30, 0xfa00, {&(0x7f0000000200)={0xffffffffffffffff}, 0x2, {0xa, 0x4e20, 0x2, @dev={0xfe, 0x80, [], 0x32}, 0x2}}}, 0x38) write$RDMA_USER_CM_CMD_LEAVE_MCAST(r1, &(0x7f00000002c0)={0x11, 0x10, 0xfa00, {&(0x7f00000001c0), r5}}, 0x18) r6 = fcntl$dupfd(r2, 0x0, r2) open_tree(r6, &(0x7f0000000040)='./file0\x00', 0x9801) setxattr$trusted_overlay_origin(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='trusted.overlay.origin\x00', &(0x7f0000000080)='y\x00', 0x2, 0x0) r7 = socket$nl_generic(0x10, 0x3, 0x10) r8 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180)='nl80211\x00') sendmsg$NL80211_CMD_REQ_SET_REG(r7, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000040)={0x20, r8, 0x1, 0x0, 0x0, {}, [@NL80211_ATTR_USER_REG_HINT_TYPE={0x8, 0x9a, 0x2}, @NL80211_ATTR_SOCKET_OWNER={0x4}]}, 0x20}}, 0x0) sendmsg$NL80211_CMD_JOIN_MESH(r3, &(0x7f0000000480)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000440)={&(0x7f0000000340)={0xf0, r8, 0x200, 0x70bd28, 0x25dfdbff, {}, [@NL80211_ATTR_BSS_BASIC_RATES={0x2b, 0x24, "4e2e9b93fe9aaa455b2dbb4bccdcfc86f263de6f3d427251a21cfdfb124f535bdd99ef14c172a4"}, @NL80211_ATTR_CONTROL_PORT_OVER_NL80211={0x4}, @NL80211_ATTR_TX_RATES={0xac, 0x5a, 0x0, 0x1, [@NL80211_BAND_5GHZ={0xa8, 0x1, [@NL80211_TXRATE_GI={0x5, 0x4, 0x2}, @NL80211_TXRATE_HT={0x43, 0x2, "789bf0ba8125d04257ca0e71234d89210ea2a303cc18dd15dd5672fca149dcf647dd793db26696b6732cc20a9b489c1adc4beaff40e1b9103bc2f287be4aad"}, @NL80211_TXRATE_HT={0x11, 0x2, "c190821e82377c08dd10f484cb"}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x200, 0xd1, 0xe77d, 0xfffa, 0x1, 0x5, 0x800, 0x4]}}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x81, 0x7fff, 0x80, 0x3fc0, 0x2, 0x6f, 0x6, 0x4]}}, @NL80211_TXRATE_LEGACY={0x19, 0x1, "4a8d59d4028ed0f7dab7fb99fd3eb8fe1e035d086d"}]}]}]}, 0xf0}, 0x1, 0x0, 0x0, 0xc0}, 0x0) [ 266.307806][ T8714] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 266.322933][ T8714] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 266.396557][ T8714] team0: Port device team_slave_0 added [ 266.407855][ T8714] team0: Port device team_slave_1 added [ 266.443954][ T8855] NFS4: mount program didn't pass remote address [ 266.474747][ T8714] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 266.481942][ T8714] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 266.508892][ T8714] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 266.614711][ T8714] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 266.622417][ T8714] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 266.648635][ T8714] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 266.848220][ T8714] device hsr_slave_0 entered promiscuous mode [ 267.002187][ T8714] device hsr_slave_1 entered promiscuous mode 00:12:46 executing program 0: r0 = open(&(0x7f00000001c0)='./bus\x00', 0x149043, 0x21b) r1 = open(&(0x7f000000fffa)='./bus\x00', 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40046602, &(0x7f0000000000)) write$UHID_INPUT(r0, &(0x7f0000000980), 0x10a9) r2 = creat(&(0x7f0000000140)='./bus\x00', 0x0) fcntl$setstatus(r2, 0x4, 0x46000) r3 = getpid() r4 = getpid() rt_tgsigqueueinfo(r3, r4, 0x16, &(0x7f0000000000)) lseek(0xffffffffffffffff, 0x4200, 0x77baee5043f67170) r5 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x6, &(0x7f00000004c0)=0x0) socket(0x10, 0x3, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x20}}, 0x0) ioctl$SIOCSIFMTU(0xffffffffffffffff, 0x8922, &(0x7f0000000040)={'bridge0\x00'}) syz_mount_image$bfs(&(0x7f0000000180)='bfs\x00', &(0x7f0000000240)='.\x00', 0x9, 0x2, &(0x7f0000000380)=[{&(0x7f0000000280)="b9761aa3d805fe", 0x7, 0x4}, {&(0x7f00000002c0)="9c55428528ea09bca02a012e52b2347b24baeccfe0f104473dd4c89484619650c82e3fc155e3424461abd552fedb3f7cad80ddf4ff5e14b863f1511b1c8e0704fb5ad1aaae340b51a3c795a8c8fbcb3f713142170b1cbc8007a2f7bacb15da30ee3ba95418d8c4ceaea81b5de73469059b6b991730f038c97dd6bb54f220c9fa5dbc45e26cd4debfe90cf09cd1b67384f9bd7d470b0df540b1c0bc0914124968c0b02141ab8d2dc4a019f9e9035bfcd41715f5bd21a00650108470c5", 0xbc, 0x8}], 0x8010, 0x0) io_submit(r6, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r5, &(0x7f0000000000), 0x10000}]) r7 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r2, r7, 0x0, 0x8400fffffffb) sendfile(r0, r0, &(0x7f0000000100), 0x8080fffffffe) [ 267.151832][ T8714] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 267.159470][ T8714] Cannot create hsr debugfs directory [ 267.261045][ T32] audit: type=1804 audit(1595031166.660:9): pid=8888 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir070710994/syzkaller.fFUD1Q/10/bus" dev="sda1" ino=15734 res=1 [ 267.360947][ T32] audit: type=1804 audit(1595031166.700:10): pid=8877 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir070710994/syzkaller.fFUD1Q/10/bus" dev="sda1" ino=15734 res=1 [ 267.385308][ T32] audit: type=1804 audit(1595031166.720:11): pid=8877 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir070710994/syzkaller.fFUD1Q/10/bus" dev="sda1" ino=15734 res=1 [ 267.550074][ T8877] syz-executor.0 (8877) used greatest stack depth: 4696 bytes left [ 267.558775][ T8915] syz-executor.0 (8915) used greatest stack depth: 4384 bytes left [ 267.565633][ T8714] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 267.582577][ T32] audit: type=1804 audit(1595031166.860:12): pid=8888 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir070710994/syzkaller.fFUD1Q/10/bus" dev="sda1" ino=15734 res=1 [ 267.607384][ T32] audit: type=1804 audit(1595031166.880:13): pid=8910 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir070710994/syzkaller.fFUD1Q/10/bus" dev="sda1" ino=15734 res=1 [ 267.631886][ T32] audit: type=1804 audit(1595031166.890:14): pid=8910 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir070710994/syzkaller.fFUD1Q/10/bus" dev="sda1" ino=15734 res=1 [ 267.656164][ T32] audit: type=1804 audit(1595031166.930:15): pid=8910 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir070710994/syzkaller.fFUD1Q/10/bus" dev="sda1" ino=15734 res=1 [ 267.703654][ T8714] netdevsim netdevsim1 netdevsim1: renamed from eth1 00:12:47 executing program 0: r0 = open(&(0x7f00000001c0)='./bus\x00', 0x149043, 0x21b) r1 = open(&(0x7f000000fffa)='./bus\x00', 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40046602, &(0x7f0000000000)) write$UHID_INPUT(r0, &(0x7f0000000980), 0x10a9) r2 = creat(&(0x7f0000000140)='./bus\x00', 0x0) fcntl$setstatus(r2, 0x4, 0x46000) r3 = getpid() r4 = getpid() rt_tgsigqueueinfo(r3, r4, 0x16, &(0x7f0000000000)) lseek(0xffffffffffffffff, 0x4200, 0x77baee5043f67170) r5 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x6, &(0x7f00000004c0)=0x0) socket(0x10, 0x3, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x20}}, 0x0) ioctl$SIOCSIFMTU(0xffffffffffffffff, 0x8922, &(0x7f0000000040)={'bridge0\x00'}) syz_mount_image$bfs(&(0x7f0000000180)='bfs\x00', &(0x7f0000000240)='.\x00', 0x9, 0x2, &(0x7f0000000380)=[{&(0x7f0000000280)="b9761aa3d805fe", 0x7, 0x4}, {&(0x7f00000002c0)="9c55428528ea09bca02a012e52b2347b24baeccfe0f104473dd4c89484619650c82e3fc155e3424461abd552fedb3f7cad80ddf4ff5e14b863f1511b1c8e0704fb5ad1aaae340b51a3c795a8c8fbcb3f713142170b1cbc8007a2f7bacb15da30ee3ba95418d8c4ceaea81b5de73469059b6b991730f038c97dd6bb54f220c9fa5dbc45e26cd4debfe90cf09cd1b67384f9bd7d470b0df540b1c0bc0914124968c0b02141ab8d2dc4a019f9e9035bfcd41715f5bd21a00650108470c5", 0xbc, 0x8}], 0x8010, 0x0) io_submit(r6, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r5, &(0x7f0000000000), 0x10000}]) r7 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r2, r7, 0x0, 0x8400fffffffb) sendfile(r0, r0, &(0x7f0000000100), 0x8080fffffffe) [ 267.776898][ T8714] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 267.852188][ T8714] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 268.062781][ T32] audit: type=1804 audit(1595031167.470:16): pid=8933 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir070710994/syzkaller.fFUD1Q/11/bus" dev="sda1" ino=15734 res=1 [ 268.164327][ T8714] 8021q: adding VLAN 0 to HW filter on device bond0 [ 268.166632][ T32] audit: type=1804 audit(1595031167.500:17): pid=8933 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir070710994/syzkaller.fFUD1Q/11/bus" dev="sda1" ino=15734 res=1 [ 268.195471][ T32] audit: type=1804 audit(1595031167.530:18): pid=8933 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir070710994/syzkaller.fFUD1Q/11/bus" dev="sda1" ino=15734 res=1 [ 268.227366][ T30] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 268.236720][ T30] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 268.253295][ T8714] 8021q: adding VLAN 0 to HW filter on device team0 [ 268.269477][ T30] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 268.279466][ T30] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 268.288688][ T30] bridge0: port 1(bridge_slave_0) entered blocking state [ 268.296072][ T30] bridge0: port 1(bridge_slave_0) entered forwarding state [ 268.344074][ T30] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 268.353256][ T30] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 268.363351][ T30] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 268.372594][ T30] bridge0: port 2(bridge_slave_1) entered blocking state [ 268.379799][ T30] bridge0: port 2(bridge_slave_1) entered forwarding state [ 268.388936][ T30] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 268.400514][ T30] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 268.411292][ T30] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 268.421520][ T30] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 268.431717][ T30] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready 00:12:47 executing program 0: r0 = open(&(0x7f00000001c0)='./bus\x00', 0x149043, 0x21b) r1 = open(&(0x7f000000fffa)='./bus\x00', 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40046602, &(0x7f0000000000)) write$UHID_INPUT(r0, &(0x7f0000000980), 0x10a9) r2 = creat(&(0x7f0000000140)='./bus\x00', 0x0) fcntl$setstatus(r2, 0x4, 0x46000) r3 = getpid() r4 = getpid() rt_tgsigqueueinfo(r3, r4, 0x16, &(0x7f0000000000)) lseek(0xffffffffffffffff, 0x4200, 0x77baee5043f67170) r5 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x6, &(0x7f00000004c0)=0x0) socket(0x10, 0x3, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x20}}, 0x0) ioctl$SIOCSIFMTU(0xffffffffffffffff, 0x8922, &(0x7f0000000040)={'bridge0\x00'}) syz_mount_image$bfs(&(0x7f0000000180)='bfs\x00', &(0x7f0000000240)='.\x00', 0x9, 0x2, &(0x7f0000000380)=[{&(0x7f0000000280)="b9761aa3d805fe", 0x7, 0x4}, {&(0x7f00000002c0)="9c55428528ea09bca02a012e52b2347b24baeccfe0f104473dd4c89484619650c82e3fc155e3424461abd552fedb3f7cad80ddf4ff5e14b863f1511b1c8e0704fb5ad1aaae340b51a3c795a8c8fbcb3f713142170b1cbc8007a2f7bacb15da30ee3ba95418d8c4ceaea81b5de73469059b6b991730f038c97dd6bb54f220c9fa5dbc45e26cd4debfe90cf09cd1b67384f9bd7d470b0df540b1c0bc0914124968c0b02141ab8d2dc4a019f9e9035bfcd41715f5bd21a00650108470c5", 0xbc, 0x8}], 0x8010, 0x0) io_submit(r6, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r5, &(0x7f0000000000), 0x10000}]) r7 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r2, r7, 0x0, 0x8400fffffffb) sendfile(r0, r0, &(0x7f0000000100), 0x8080fffffffe) [ 268.441939][ T30] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 268.477675][ T8714] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 268.488298][ T8714] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 268.540669][ T8714] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 268.641872][ T30] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 268.652065][ T30] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 268.661523][ T30] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 268.671742][ T30] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 268.681273][ T30] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 268.690776][ T30] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 268.698488][ T30] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 268.706227][ T30] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 268.716087][ T30] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 268.732358][ T3378] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 268.787200][ T3378] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 268.796716][ T3378] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 268.824837][ T8714] device veth0_vlan entered promiscuous mode [ 268.839404][ T3378] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 268.849016][ T3378] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 268.876199][ T8714] device veth1_vlan entered promiscuous mode 00:12:48 executing program 0: r0 = open(&(0x7f00000001c0)='./bus\x00', 0x149043, 0x21b) r1 = open(&(0x7f000000fffa)='./bus\x00', 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40046602, &(0x7f0000000000)) write$UHID_INPUT(r0, &(0x7f0000000980), 0x10a9) r2 = creat(&(0x7f0000000140)='./bus\x00', 0x0) fcntl$setstatus(r2, 0x4, 0x46000) r3 = getpid() r4 = getpid() rt_tgsigqueueinfo(r3, r4, 0x16, &(0x7f0000000000)) lseek(0xffffffffffffffff, 0x4200, 0x77baee5043f67170) r5 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x6, &(0x7f00000004c0)=0x0) socket(0x10, 0x3, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x20}}, 0x0) ioctl$SIOCSIFMTU(0xffffffffffffffff, 0x8922, &(0x7f0000000040)={'bridge0\x00'}) syz_mount_image$bfs(&(0x7f0000000180)='bfs\x00', &(0x7f0000000240)='.\x00', 0x9, 0x2, &(0x7f0000000380)=[{&(0x7f0000000280)="b9761aa3d805fe", 0x7, 0x4}, {&(0x7f00000002c0)="9c55428528ea09bca02a012e52b2347b24baeccfe0f104473dd4c89484619650c82e3fc155e3424461abd552fedb3f7cad80ddf4ff5e14b863f1511b1c8e0704fb5ad1aaae340b51a3c795a8c8fbcb3f713142170b1cbc8007a2f7bacb15da30ee3ba95418d8c4ceaea81b5de73469059b6b991730f038c97dd6bb54f220c9fa5dbc45e26cd4debfe90cf09cd1b67384f9bd7d470b0df540b1c0bc0914124968c0b02141ab8d2dc4a019f9e9035bfcd41715f5bd21a00650108470c5", 0xbc, 0x8}], 0x8010, 0x0) io_submit(r6, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r5, &(0x7f0000000000), 0x10000}]) r7 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r2, r7, 0x0, 0x8400fffffffb) sendfile(r0, r0, &(0x7f0000000100), 0x8080fffffffe) [ 268.988588][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 268.998334][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 269.007709][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 269.017449][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 269.047337][ T8714] device veth0_macvtap entered promiscuous mode [ 269.076284][ T8714] device veth1_macvtap entered promiscuous mode [ 269.164925][ T8714] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 269.175670][ T8714] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 269.189267][ T8714] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 269.199056][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 269.208927][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 269.218406][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 269.228403][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 269.283129][ T8714] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 269.293762][ T8714] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 269.308571][ T8714] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 269.317224][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 269.329690][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready 00:12:48 executing program 0: r0 = open(&(0x7f00000001c0)='./bus\x00', 0x149043, 0x21b) r1 = open(&(0x7f000000fffa)='./bus\x00', 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40046602, &(0x7f0000000000)) write$UHID_INPUT(r0, &(0x7f0000000980), 0x10a9) r2 = creat(&(0x7f0000000140)='./bus\x00', 0x0) fcntl$setstatus(r2, 0x4, 0x46000) r3 = getpid() r4 = getpid() rt_tgsigqueueinfo(r3, r4, 0x16, &(0x7f0000000000)) lseek(0xffffffffffffffff, 0x4200, 0x77baee5043f67170) r5 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x6, &(0x7f00000004c0)=0x0) socket(0x10, 0x3, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x20}}, 0x0) ioctl$SIOCSIFMTU(0xffffffffffffffff, 0x8922, &(0x7f0000000040)={'bridge0\x00'}) syz_mount_image$bfs(&(0x7f0000000180)='bfs\x00', &(0x7f0000000240)='.\x00', 0x9, 0x2, &(0x7f0000000380)=[{&(0x7f0000000280)="b9761aa3d805fe", 0x7, 0x4}, {&(0x7f00000002c0)="9c55428528ea09bca02a012e52b2347b24baeccfe0f104473dd4c89484619650c82e3fc155e3424461abd552fedb3f7cad80ddf4ff5e14b863f1511b1c8e0704fb5ad1aaae340b51a3c795a8c8fbcb3f713142170b1cbc8007a2f7bacb15da30ee3ba95418d8c4ceaea81b5de73469059b6b991730f038c97dd6bb54f220c9fa5dbc45e26cd4debfe90cf09cd1b67384f9bd7d470b0df540b1c0bc0914124968c0b02141ab8d2dc4a019f9e9035bfcd41715f5bd21a00650108470c5", 0xbc, 0x8}], 0x8010, 0x0) io_submit(r6, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r5, &(0x7f0000000000), 0x10000}]) r7 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r2, r7, 0x0, 0x8400fffffffb) 00:12:49 executing program 0: r0 = open(&(0x7f00000001c0)='./bus\x00', 0x149043, 0x21b) r1 = open(&(0x7f000000fffa)='./bus\x00', 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40046602, &(0x7f0000000000)) write$UHID_INPUT(r0, &(0x7f0000000980), 0x10a9) r2 = creat(&(0x7f0000000140)='./bus\x00', 0x0) fcntl$setstatus(r2, 0x4, 0x46000) r3 = getpid() r4 = getpid() rt_tgsigqueueinfo(r3, r4, 0x16, &(0x7f0000000000)) lseek(0xffffffffffffffff, 0x4200, 0x77baee5043f67170) r5 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x6, &(0x7f00000004c0)=0x0) socket(0x10, 0x3, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x20}}, 0x0) ioctl$SIOCSIFMTU(0xffffffffffffffff, 0x8922, &(0x7f0000000040)={'bridge0\x00'}) syz_mount_image$bfs(&(0x7f0000000180)='bfs\x00', &(0x7f0000000240)='.\x00', 0x9, 0x2, &(0x7f0000000380)=[{&(0x7f0000000280)="b9761aa3d805fe", 0x7, 0x4}, {&(0x7f00000002c0)="9c55428528ea09bca02a012e52b2347b24baeccfe0f104473dd4c89484619650c82e3fc155e3424461abd552fedb3f7cad80ddf4ff5e14b863f1511b1c8e0704fb5ad1aaae340b51a3c795a8c8fbcb3f713142170b1cbc8007a2f7bacb15da30ee3ba95418d8c4ceaea81b5de73469059b6b991730f038c97dd6bb54f220c9fa5dbc45e26cd4debfe90cf09cd1b67384f9bd7d470b0df540b1c0bc0914124968c0b02141ab8d2dc4a019f9e9035bfcd41715f5bd21a00650108470c5", 0xbc, 0x8}], 0x8010, 0x0) io_submit(r6, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r5, &(0x7f0000000000), 0x10000}]) sendfile(r2, 0xffffffffffffffff, 0x0, 0x8400fffffffb) 00:12:49 executing program 0: r0 = open(&(0x7f00000001c0)='./bus\x00', 0x149043, 0x21b) r1 = open(&(0x7f000000fffa)='./bus\x00', 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40046602, &(0x7f0000000000)) write$UHID_INPUT(r0, &(0x7f0000000980), 0x10a9) r2 = creat(&(0x7f0000000140)='./bus\x00', 0x0) fcntl$setstatus(r2, 0x4, 0x46000) r3 = getpid() r4 = getpid() rt_tgsigqueueinfo(r3, r4, 0x16, &(0x7f0000000000)) lseek(0xffffffffffffffff, 0x4200, 0x77baee5043f67170) r5 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x6, &(0x7f00000004c0)=0x0) socket(0x10, 0x3, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x20}}, 0x0) ioctl$SIOCSIFMTU(0xffffffffffffffff, 0x8922, &(0x7f0000000040)={'bridge0\x00'}) syz_mount_image$bfs(&(0x7f0000000180)='bfs\x00', &(0x7f0000000240)='.\x00', 0x9, 0x2, &(0x7f0000000380)=[{&(0x7f0000000280)="b9761aa3d805fe", 0x7, 0x4}, {&(0x7f00000002c0)="9c55428528ea09bca02a012e52b2347b24baeccfe0f104473dd4c89484619650c82e3fc155e3424461abd552fedb3f7cad80ddf4ff5e14b863f1511b1c8e0704fb5ad1aaae340b51a3c795a8c8fbcb3f713142170b1cbc8007a2f7bacb15da30ee3ba95418d8c4ceaea81b5de73469059b6b991730f038c97dd6bb54f220c9fa5dbc45e26cd4debfe90cf09cd1b67384f9bd7d470b0df540b1c0bc0914124968c0b02141ab8d2dc4a019f9e9035bfcd41715f5bd21a00650108470c5", 0xbc, 0x8}], 0x8010, 0x0) io_submit(r6, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r5, &(0x7f0000000000), 0x10000}]) sendfile(r2, 0xffffffffffffffff, 0x0, 0x8400fffffffb) 00:12:50 executing program 1: r0 = open(&(0x7f00000001c0)='./bus\x00', 0x149043, 0x21b) r1 = open(&(0x7f000000fffa)='./bus\x00', 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40046602, &(0x7f0000000000)) write$UHID_INPUT(r0, &(0x7f0000000980), 0x10a9) r2 = creat(&(0x7f0000000140)='./bus\x00', 0x0) fcntl$setstatus(r2, 0x4, 0x46000) r3 = getpid() r4 = getpid() rt_tgsigqueueinfo(r3, r4, 0x16, &(0x7f0000000000)) lseek(0xffffffffffffffff, 0x4200, 0x77baee5043f67170) r5 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x6, &(0x7f00000004c0)=0x0) socket(0x10, 0x3, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x20}}, 0x0) ioctl$SIOCSIFMTU(0xffffffffffffffff, 0x8922, &(0x7f0000000040)={'bridge0\x00'}) syz_mount_image$bfs(&(0x7f0000000180)='bfs\x00', &(0x7f0000000240)='.\x00', 0x9, 0x2, &(0x7f0000000380)=[{&(0x7f0000000280)="b9761aa3d805fe", 0x7, 0x4}, {&(0x7f00000002c0)="9c55428528ea09bca02a012e52b2347b24baeccfe0f104473dd4c89484619650c82e3fc155e3424461abd552fedb3f7cad80ddf4ff5e14b863f1511b1c8e0704fb5ad1aaae340b51a3c795a8c8fbcb3f713142170b1cbc8007a2f7bacb15da30ee3ba95418d8c4ceaea81b5de73469059b6b991730f038c97dd6bb54f220c9fa5dbc45e26cd4debfe90cf09cd1b67384f9bd7d470b0df540b1c0bc0914124968c0b02141ab8d2dc4a019f9e9035bfcd41715f5bd21a00650108470c5", 0xbc, 0x8}], 0x8010, 0x0) io_submit(r6, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r5, &(0x7f0000000000), 0x10000}]) r7 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r2, r7, 0x0, 0x8400fffffffb) sendfile(r0, r0, &(0x7f0000000100), 0x8080fffffffe) 00:12:50 executing program 0: r0 = open(&(0x7f00000001c0)='./bus\x00', 0x149043, 0x21b) r1 = open(&(0x7f000000fffa)='./bus\x00', 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40046602, &(0x7f0000000000)) write$UHID_INPUT(r0, &(0x7f0000000980), 0x10a9) r2 = creat(&(0x7f0000000140)='./bus\x00', 0x0) fcntl$setstatus(r2, 0x4, 0x46000) r3 = getpid() r4 = getpid() rt_tgsigqueueinfo(r3, r4, 0x16, &(0x7f0000000000)) lseek(0xffffffffffffffff, 0x4200, 0x77baee5043f67170) r5 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x6, &(0x7f00000004c0)=0x0) socket(0x10, 0x3, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x20}}, 0x0) ioctl$SIOCSIFMTU(0xffffffffffffffff, 0x8922, &(0x7f0000000040)={'bridge0\x00'}) syz_mount_image$bfs(&(0x7f0000000180)='bfs\x00', &(0x7f0000000240)='.\x00', 0x9, 0x2, &(0x7f0000000380)=[{&(0x7f0000000280)="b9761aa3d805fe", 0x7, 0x4}, {&(0x7f00000002c0)="9c55428528ea09bca02a012e52b2347b24baeccfe0f104473dd4c89484619650c82e3fc155e3424461abd552fedb3f7cad80ddf4ff5e14b863f1511b1c8e0704fb5ad1aaae340b51a3c795a8c8fbcb3f713142170b1cbc8007a2f7bacb15da30ee3ba95418d8c4ceaea81b5de73469059b6b991730f038c97dd6bb54f220c9fa5dbc45e26cd4debfe90cf09cd1b67384f9bd7d470b0df540b1c0bc0914124968c0b02141ab8d2dc4a019f9e9035bfcd41715f5bd21a00650108470c5", 0xbc, 0x8}], 0x8010, 0x0) io_submit(r6, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r5, &(0x7f0000000000), 0x10000}]) sendfile(r2, 0xffffffffffffffff, 0x0, 0x8400fffffffb) 00:12:50 executing program 1: r0 = open(&(0x7f00000001c0)='./bus\x00', 0x149043, 0x21b) r1 = open(&(0x7f000000fffa)='./bus\x00', 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40046602, &(0x7f0000000000)) write$UHID_INPUT(r0, &(0x7f0000000980), 0x10a9) r2 = creat(&(0x7f0000000140)='./bus\x00', 0x0) fcntl$setstatus(r2, 0x4, 0x46000) r3 = getpid() r4 = getpid() rt_tgsigqueueinfo(r3, r4, 0x16, &(0x7f0000000000)) lseek(0xffffffffffffffff, 0x4200, 0x77baee5043f67170) r5 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x6, &(0x7f00000004c0)=0x0) socket(0x10, 0x3, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x20}}, 0x0) ioctl$SIOCSIFMTU(0xffffffffffffffff, 0x8922, &(0x7f0000000040)={'bridge0\x00'}) syz_mount_image$bfs(&(0x7f0000000180)='bfs\x00', &(0x7f0000000240)='.\x00', 0x9, 0x2, &(0x7f0000000380)=[{&(0x7f0000000280)="b9761aa3d805fe", 0x7, 0x4}, {&(0x7f00000002c0)="9c55428528ea09bca02a012e52b2347b24baeccfe0f104473dd4c89484619650c82e3fc155e3424461abd552fedb3f7cad80ddf4ff5e14b863f1511b1c8e0704fb5ad1aaae340b51a3c795a8c8fbcb3f713142170b1cbc8007a2f7bacb15da30ee3ba95418d8c4ceaea81b5de73469059b6b991730f038c97dd6bb54f220c9fa5dbc45e26cd4debfe90cf09cd1b67384f9bd7d470b0df540b1c0bc0914124968c0b02141ab8d2dc4a019f9e9035bfcd41715f5bd21a00650108470c5", 0xbc, 0x8}], 0x8010, 0x0) io_submit(r6, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r5, &(0x7f0000000000), 0x10000}]) r7 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r2, r7, 0x0, 0x8400fffffffb) sendfile(r0, r0, &(0x7f0000000100), 0x8080fffffffe) 00:12:50 executing program 0: r0 = open(&(0x7f00000001c0)='./bus\x00', 0x149043, 0x21b) r1 = open(&(0x7f000000fffa)='./bus\x00', 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40046602, &(0x7f0000000000)) write$UHID_INPUT(r0, &(0x7f0000000980), 0x10a9) r2 = creat(&(0x7f0000000140)='./bus\x00', 0x0) fcntl$setstatus(r2, 0x4, 0x46000) r3 = getpid() r4 = getpid() rt_tgsigqueueinfo(r3, r4, 0x16, &(0x7f0000000000)) lseek(0xffffffffffffffff, 0x4200, 0x77baee5043f67170) creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x6, &(0x7f00000004c0)) socket(0x10, 0x3, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x20}}, 0x0) ioctl$SIOCSIFMTU(0xffffffffffffffff, 0x8922, &(0x7f0000000040)={'bridge0\x00'}) syz_mount_image$bfs(&(0x7f0000000180)='bfs\x00', &(0x7f0000000240)='.\x00', 0x9, 0x2, &(0x7f0000000380)=[{&(0x7f0000000280)="b9761aa3d805fe", 0x7, 0x4}, {&(0x7f00000002c0)="9c55428528ea09bca02a012e52b2347b24baeccfe0f104473dd4c89484619650c82e3fc155e3424461abd552fedb3f7cad80ddf4ff5e14b863f1511b1c8e0704fb5ad1aaae340b51a3c795a8c8fbcb3f713142170b1cbc8007a2f7bacb15da30ee3ba95418d8c4ceaea81b5de73469059b6b991730f038c97dd6bb54f220c9fa5dbc45e26cd4debfe90cf09cd1b67384f9bd7d470b0df540b1c0bc0914124968c0b02141ab8d2dc4a019f9e9035bfcd41715f5bd21a00650108470c5", 0xbc, 0x8}], 0x8010, 0x0) r5 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r2, r5, 0x0, 0x8400fffffffb) 00:12:50 executing program 1: r0 = open(&(0x7f00000001c0)='./bus\x00', 0x149043, 0x21b) r1 = open(&(0x7f000000fffa)='./bus\x00', 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40046602, &(0x7f0000000000)) write$UHID_INPUT(r0, &(0x7f0000000980), 0x10a9) r2 = creat(&(0x7f0000000140)='./bus\x00', 0x0) fcntl$setstatus(r2, 0x4, 0x46000) r3 = getpid() r4 = getpid() rt_tgsigqueueinfo(r3, r4, 0x16, &(0x7f0000000000)) lseek(0xffffffffffffffff, 0x4200, 0x77baee5043f67170) r5 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x6, &(0x7f00000004c0)=0x0) socket(0x10, 0x3, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x20}}, 0x0) ioctl$SIOCSIFMTU(0xffffffffffffffff, 0x8922, &(0x7f0000000040)={'bridge0\x00'}) syz_mount_image$bfs(&(0x7f0000000180)='bfs\x00', &(0x7f0000000240)='.\x00', 0x9, 0x2, &(0x7f0000000380)=[{&(0x7f0000000280)="b9761aa3d805fe", 0x7, 0x4}, {&(0x7f00000002c0)="9c55428528ea09bca02a012e52b2347b24baeccfe0f104473dd4c89484619650c82e3fc155e3424461abd552fedb3f7cad80ddf4ff5e14b863f1511b1c8e0704fb5ad1aaae340b51a3c795a8c8fbcb3f713142170b1cbc8007a2f7bacb15da30ee3ba95418d8c4ceaea81b5de73469059b6b991730f038c97dd6bb54f220c9fa5dbc45e26cd4debfe90cf09cd1b67384f9bd7d470b0df540b1c0bc0914124968c0b02141ab8d2dc4a019f9e9035bfcd41715f5bd21a00650108470c5", 0xbc, 0x8}], 0x8010, 0x0) io_submit(r6, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r5, &(0x7f0000000000), 0x10000}]) r7 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r2, r7, 0x0, 0x8400fffffffb) sendfile(r0, r0, &(0x7f0000000100), 0x8080fffffffe) 00:12:51 executing program 1: r0 = open(&(0x7f00000001c0)='./bus\x00', 0x149043, 0x21b) r1 = open(&(0x7f000000fffa)='./bus\x00', 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40046602, &(0x7f0000000000)) write$UHID_INPUT(r0, &(0x7f0000000980), 0x10a9) r2 = creat(&(0x7f0000000140)='./bus\x00', 0x0) fcntl$setstatus(r2, 0x4, 0x46000) r3 = getpid() r4 = getpid() rt_tgsigqueueinfo(r3, r4, 0x16, &(0x7f0000000000)) lseek(0xffffffffffffffff, 0x4200, 0x77baee5043f67170) r5 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x6, &(0x7f00000004c0)=0x0) socket(0x10, 0x3, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x20}}, 0x0) ioctl$SIOCSIFMTU(0xffffffffffffffff, 0x8922, &(0x7f0000000040)={'bridge0\x00'}) syz_mount_image$bfs(&(0x7f0000000180)='bfs\x00', &(0x7f0000000240)='.\x00', 0x9, 0x2, &(0x7f0000000380)=[{&(0x7f0000000280)="b9761aa3d805fe", 0x7, 0x4}, {&(0x7f00000002c0)="9c55428528ea09bca02a012e52b2347b24baeccfe0f104473dd4c89484619650c82e3fc155e3424461abd552fedb3f7cad80ddf4ff5e14b863f1511b1c8e0704fb5ad1aaae340b51a3c795a8c8fbcb3f713142170b1cbc8007a2f7bacb15da30ee3ba95418d8c4ceaea81b5de73469059b6b991730f038c97dd6bb54f220c9fa5dbc45e26cd4debfe90cf09cd1b67384f9bd7d470b0df540b1c0bc0914124968c0b02141ab8d2dc4a019f9e9035bfcd41715f5bd21a00650108470c5", 0xbc, 0x8}], 0x8010, 0x0) io_submit(r6, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r5, &(0x7f0000000000), 0x10000}]) r7 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r2, r7, 0x0, 0x8400fffffffb) 00:12:51 executing program 0: r0 = open(&(0x7f00000001c0)='./bus\x00', 0x149043, 0x21b) r1 = open(&(0x7f000000fffa)='./bus\x00', 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40046602, &(0x7f0000000000)) write$UHID_INPUT(r0, &(0x7f0000000980), 0x10a9) r2 = creat(&(0x7f0000000140)='./bus\x00', 0x0) fcntl$setstatus(r2, 0x4, 0x46000) r3 = getpid() r4 = getpid() rt_tgsigqueueinfo(r3, r4, 0x16, &(0x7f0000000000)) lseek(0xffffffffffffffff, 0x4200, 0x77baee5043f67170) creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x6, &(0x7f00000004c0)) socket(0x10, 0x3, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x20}}, 0x0) ioctl$SIOCSIFMTU(0xffffffffffffffff, 0x8922, &(0x7f0000000040)={'bridge0\x00'}) syz_mount_image$bfs(&(0x7f0000000180)='bfs\x00', &(0x7f0000000240)='.\x00', 0x9, 0x2, &(0x7f0000000380)=[{&(0x7f0000000280)="b9761aa3d805fe", 0x7, 0x4}, {&(0x7f00000002c0)="9c55428528ea09bca02a012e52b2347b24baeccfe0f104473dd4c89484619650c82e3fc155e3424461abd552fedb3f7cad80ddf4ff5e14b863f1511b1c8e0704fb5ad1aaae340b51a3c795a8c8fbcb3f713142170b1cbc8007a2f7bacb15da30ee3ba95418d8c4ceaea81b5de73469059b6b991730f038c97dd6bb54f220c9fa5dbc45e26cd4debfe90cf09cd1b67384f9bd7d470b0df540b1c0bc0914124968c0b02141ab8d2dc4a019f9e9035bfcd41715f5bd21a00650108470c5", 0xbc, 0x8}], 0x8010, 0x0) r5 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r2, r5, 0x0, 0x8400fffffffb) [ 272.282951][ T32] kauditd_printk_skb: 27 callbacks suppressed [ 272.283011][ T32] audit: type=1804 audit(1595031171.691:46): pid=9014 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir070710994/syzkaller.fFUD1Q/19/bus" dev="sda1" ino=15762 res=1 [ 272.313451][ T32] audit: type=1804 audit(1595031171.691:47): pid=9014 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir070710994/syzkaller.fFUD1Q/19/bus" dev="sda1" ino=15762 res=1 [ 272.337716][ T32] audit: type=1804 audit(1595031171.721:48): pid=9013 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir991351075/syzkaller.1TnMoX/4/bus" dev="sda1" ino=15759 res=1 [ 272.361894][ T32] audit: type=1804 audit(1595031171.721:49): pid=9013 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir991351075/syzkaller.1TnMoX/4/bus" dev="sda1" ino=15759 res=1 [ 272.504249][ T32] audit: type=1804 audit(1595031171.821:50): pid=9017 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir070710994/syzkaller.fFUD1Q/19/bus" dev="sda1" ino=15762 res=1 [ 272.529358][ T32] audit: type=1804 audit(1595031171.831:51): pid=9015 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir991351075/syzkaller.1TnMoX/4/bus" dev="sda1" ino=15759 res=1 00:12:52 executing program 1: r0 = open(&(0x7f00000001c0)='./bus\x00', 0x149043, 0x21b) r1 = open(&(0x7f000000fffa)='./bus\x00', 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40046602, &(0x7f0000000000)) write$UHID_INPUT(r0, &(0x7f0000000980), 0x10a9) r2 = creat(&(0x7f0000000140)='./bus\x00', 0x0) fcntl$setstatus(r2, 0x4, 0x46000) r3 = getpid() r4 = getpid() rt_tgsigqueueinfo(r3, r4, 0x16, &(0x7f0000000000)) lseek(0xffffffffffffffff, 0x4200, 0x77baee5043f67170) r5 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x6, &(0x7f00000004c0)=0x0) socket(0x10, 0x3, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x20}}, 0x0) ioctl$SIOCSIFMTU(0xffffffffffffffff, 0x8922, &(0x7f0000000040)={'bridge0\x00'}) syz_mount_image$bfs(&(0x7f0000000180)='bfs\x00', &(0x7f0000000240)='.\x00', 0x9, 0x2, &(0x7f0000000380)=[{&(0x7f0000000280)="b9761aa3d805fe", 0x7, 0x4}, {&(0x7f00000002c0)="9c55428528ea09bca02a012e52b2347b24baeccfe0f104473dd4c89484619650c82e3fc155e3424461abd552fedb3f7cad80ddf4ff5e14b863f1511b1c8e0704fb5ad1aaae340b51a3c795a8c8fbcb3f713142170b1cbc8007a2f7bacb15da30ee3ba95418d8c4ceaea81b5de73469059b6b991730f038c97dd6bb54f220c9fa5dbc45e26cd4debfe90cf09cd1b67384f9bd7d470b0df540b1c0bc0914124968c0b02141ab8d2dc4a019f9e9035bfcd41715f5bd21a00650108470c5", 0xbc, 0x8}], 0x8010, 0x0) io_submit(r6, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r5, &(0x7f0000000000), 0x10000}]) open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) 00:12:52 executing program 0: r0 = open(&(0x7f00000001c0)='./bus\x00', 0x149043, 0x21b) r1 = open(&(0x7f000000fffa)='./bus\x00', 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40046602, &(0x7f0000000000)) write$UHID_INPUT(r0, &(0x7f0000000980), 0x10a9) r2 = creat(&(0x7f0000000140)='./bus\x00', 0x0) fcntl$setstatus(r2, 0x4, 0x46000) r3 = getpid() r4 = getpid() rt_tgsigqueueinfo(r3, r4, 0x16, &(0x7f0000000000)) lseek(0xffffffffffffffff, 0x4200, 0x77baee5043f67170) creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x6, &(0x7f00000004c0)) socket(0x10, 0x3, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x20}}, 0x0) ioctl$SIOCSIFMTU(0xffffffffffffffff, 0x8922, &(0x7f0000000040)={'bridge0\x00'}) syz_mount_image$bfs(&(0x7f0000000180)='bfs\x00', &(0x7f0000000240)='.\x00', 0x9, 0x2, &(0x7f0000000380)=[{&(0x7f0000000280)="b9761aa3d805fe", 0x7, 0x4}, {&(0x7f00000002c0)="9c55428528ea09bca02a012e52b2347b24baeccfe0f104473dd4c89484619650c82e3fc155e3424461abd552fedb3f7cad80ddf4ff5e14b863f1511b1c8e0704fb5ad1aaae340b51a3c795a8c8fbcb3f713142170b1cbc8007a2f7bacb15da30ee3ba95418d8c4ceaea81b5de73469059b6b991730f038c97dd6bb54f220c9fa5dbc45e26cd4debfe90cf09cd1b67384f9bd7d470b0df540b1c0bc0914124968c0b02141ab8d2dc4a019f9e9035bfcd41715f5bd21a00650108470c5", 0xbc, 0x8}], 0x8010, 0x0) r5 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r2, r5, 0x0, 0x8400fffffffb) [ 273.014549][ T32] audit: type=1804 audit(1595031172.421:52): pid=9024 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir991351075/syzkaller.1TnMoX/5/bus" dev="sda1" ino=15758 res=1 [ 273.086515][ T32] audit: type=1804 audit(1595031172.461:53): pid=9024 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir991351075/syzkaller.1TnMoX/5/bus" dev="sda1" ino=15758 res=1 [ 273.110868][ T32] audit: type=1804 audit(1595031172.471:54): pid=9024 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir991351075/syzkaller.1TnMoX/5/bus" dev="sda1" ino=15758 res=1 [ 273.220210][ T32] audit: type=1804 audit(1595031172.581:55): pid=9029 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir070710994/syzkaller.fFUD1Q/20/bus" dev="sda1" ino=15762 res=1 00:12:52 executing program 1: r0 = open(&(0x7f00000001c0)='./bus\x00', 0x149043, 0x21b) r1 = open(&(0x7f000000fffa)='./bus\x00', 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40046602, &(0x7f0000000000)) write$UHID_INPUT(r0, &(0x7f0000000980), 0x10a9) r2 = creat(&(0x7f0000000140)='./bus\x00', 0x0) fcntl$setstatus(r2, 0x4, 0x46000) r3 = getpid() r4 = getpid() rt_tgsigqueueinfo(r3, r4, 0x16, &(0x7f0000000000)) lseek(0xffffffffffffffff, 0x4200, 0x77baee5043f67170) r5 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x6, &(0x7f00000004c0)=0x0) socket(0x10, 0x3, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x20}}, 0x0) ioctl$SIOCSIFMTU(0xffffffffffffffff, 0x8922, &(0x7f0000000040)={'bridge0\x00'}) syz_mount_image$bfs(&(0x7f0000000180)='bfs\x00', &(0x7f0000000240)='.\x00', 0x9, 0x2, &(0x7f0000000380)=[{&(0x7f0000000280)="b9761aa3d805fe", 0x7, 0x4}, {&(0x7f00000002c0)="9c55428528ea09bca02a012e52b2347b24baeccfe0f104473dd4c89484619650c82e3fc155e3424461abd552fedb3f7cad80ddf4ff5e14b863f1511b1c8e0704fb5ad1aaae340b51a3c795a8c8fbcb3f713142170b1cbc8007a2f7bacb15da30ee3ba95418d8c4ceaea81b5de73469059b6b991730f038c97dd6bb54f220c9fa5dbc45e26cd4debfe90cf09cd1b67384f9bd7d470b0df540b1c0bc0914124968c0b02141ab8d2dc4a019f9e9035bfcd41715f5bd21a00650108470c5", 0xbc, 0x8}], 0x8010, 0x0) io_submit(r6, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r5, &(0x7f0000000000), 0x10000}]) 00:12:52 executing program 0: r0 = open(&(0x7f00000001c0)='./bus\x00', 0x149043, 0x21b) r1 = open(&(0x7f000000fffa)='./bus\x00', 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40046602, &(0x7f0000000000)) write$UHID_INPUT(r0, &(0x7f0000000980), 0x10a9) r2 = creat(&(0x7f0000000140)='./bus\x00', 0x0) fcntl$setstatus(r2, 0x4, 0x46000) r3 = getpid() r4 = getpid() rt_tgsigqueueinfo(r3, r4, 0x16, &(0x7f0000000000)) lseek(0xffffffffffffffff, 0x4200, 0x77baee5043f67170) r5 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x6, &(0x7f00000004c0)=0x0) socket(0x10, 0x3, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x20}}, 0x0) ioctl$SIOCSIFMTU(0xffffffffffffffff, 0x8922, &(0x7f0000000040)={'bridge0\x00'}) io_submit(r6, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r5, &(0x7f0000000000), 0x10000}]) r7 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r2, r7, 0x0, 0x8400fffffffb) 00:12:53 executing program 1: r0 = open(&(0x7f00000001c0)='./bus\x00', 0x149043, 0x21b) r1 = open(&(0x7f000000fffa)='./bus\x00', 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40046602, &(0x7f0000000000)) write$UHID_INPUT(r0, &(0x7f0000000980), 0x10a9) r2 = creat(&(0x7f0000000140)='./bus\x00', 0x0) fcntl$setstatus(r2, 0x4, 0x46000) r3 = getpid() r4 = getpid() rt_tgsigqueueinfo(r3, r4, 0x16, &(0x7f0000000000)) lseek(0xffffffffffffffff, 0x4200, 0x77baee5043f67170) creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x6, &(0x7f00000004c0)) socket(0x10, 0x3, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x20}}, 0x0) ioctl$SIOCSIFMTU(0xffffffffffffffff, 0x8922, &(0x7f0000000040)={'bridge0\x00'}) syz_mount_image$bfs(&(0x7f0000000180)='bfs\x00', &(0x7f0000000240)='.\x00', 0x9, 0x2, &(0x7f0000000380)=[{&(0x7f0000000280)="b9761aa3d805fe", 0x7, 0x4}, {&(0x7f00000002c0)="9c55428528ea09bca02a012e52b2347b24baeccfe0f104473dd4c89484619650c82e3fc155e3424461abd552fedb3f7cad80ddf4ff5e14b863f1511b1c8e0704fb5ad1aaae340b51a3c795a8c8fbcb3f713142170b1cbc8007a2f7bacb15da30ee3ba95418d8c4ceaea81b5de73469059b6b991730f038c97dd6bb54f220c9fa5dbc45e26cd4debfe90cf09cd1b67384f9bd7d470b0df540b1c0bc0914124968c0b02141ab8d2dc4a019f9e9035bfcd41715f5bd21a00650108470c5", 0xbc, 0x8}], 0x8010, 0x0) 00:12:53 executing program 0: r0 = open(&(0x7f00000001c0)='./bus\x00', 0x149043, 0x21b) r1 = open(&(0x7f000000fffa)='./bus\x00', 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40046602, &(0x7f0000000000)) write$UHID_INPUT(r0, &(0x7f0000000980), 0x10a9) r2 = creat(&(0x7f0000000140)='./bus\x00', 0x0) fcntl$setstatus(r2, 0x4, 0x46000) r3 = getpid() r4 = getpid() rt_tgsigqueueinfo(r3, r4, 0x16, &(0x7f0000000000)) lseek(0xffffffffffffffff, 0x4200, 0x77baee5043f67170) r5 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x6, &(0x7f00000004c0)=0x0) socket(0x10, 0x3, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x20}}, 0x0) io_submit(r6, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r5, &(0x7f0000000000), 0x10000}]) r7 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r2, r7, 0x0, 0x8400fffffffb) 00:12:53 executing program 1: r0 = open(&(0x7f00000001c0)='./bus\x00', 0x149043, 0x21b) r1 = open(&(0x7f000000fffa)='./bus\x00', 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40046602, &(0x7f0000000000)) write$UHID_INPUT(r0, &(0x7f0000000980), 0x10a9) r2 = creat(&(0x7f0000000140)='./bus\x00', 0x0) fcntl$setstatus(r2, 0x4, 0x46000) r3 = getpid() r4 = getpid() rt_tgsigqueueinfo(r3, r4, 0x16, &(0x7f0000000000)) lseek(0xffffffffffffffff, 0x4200, 0x77baee5043f67170) creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x6, &(0x7f00000004c0)) socket(0x10, 0x3, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x20}}, 0x0) syz_mount_image$bfs(&(0x7f0000000180)='bfs\x00', &(0x7f0000000240)='.\x00', 0x9, 0x2, &(0x7f0000000380)=[{&(0x7f0000000280)="b9761aa3d805fe", 0x7, 0x4}, {&(0x7f00000002c0)="9c55428528ea09bca02a012e52b2347b24baeccfe0f104473dd4c89484619650c82e3fc155e3424461abd552fedb3f7cad80ddf4ff5e14b863f1511b1c8e0704fb5ad1aaae340b51a3c795a8c8fbcb3f713142170b1cbc8007a2f7bacb15da30ee3ba95418d8c4ceaea81b5de73469059b6b991730f038c97dd6bb54f220c9fa5dbc45e26cd4debfe90cf09cd1b67384f9bd7d470b0df540b1c0bc0914124968c0b02141ab8d2dc4a019f9e9035bfcd41715f5bd21a00650108470c5", 0xbc, 0x8}], 0x8010, 0x0) 00:12:53 executing program 0: r0 = open(&(0x7f00000001c0)='./bus\x00', 0x149043, 0x21b) r1 = open(&(0x7f000000fffa)='./bus\x00', 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40046602, &(0x7f0000000000)) write$UHID_INPUT(r0, &(0x7f0000000980), 0x10a9) r2 = creat(&(0x7f0000000140)='./bus\x00', 0x0) fcntl$setstatus(r2, 0x4, 0x46000) r3 = getpid() r4 = getpid() rt_tgsigqueueinfo(r3, r4, 0x16, &(0x7f0000000000)) lseek(0xffffffffffffffff, 0x4200, 0x77baee5043f67170) r5 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x6, &(0x7f00000004c0)=0x0) socket(0x10, 0x3, 0x0) io_submit(r6, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r5, &(0x7f0000000000), 0x10000}]) r7 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r2, r7, 0x0, 0x8400fffffffb) 00:12:54 executing program 1: r0 = open(&(0x7f00000001c0)='./bus\x00', 0x149043, 0x21b) r1 = open(&(0x7f000000fffa)='./bus\x00', 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40046602, &(0x7f0000000000)) write$UHID_INPUT(r0, &(0x7f0000000980), 0x10a9) r2 = creat(&(0x7f0000000140)='./bus\x00', 0x0) fcntl$setstatus(r2, 0x4, 0x46000) r3 = getpid() r4 = getpid() rt_tgsigqueueinfo(r3, r4, 0x16, &(0x7f0000000000)) lseek(0xffffffffffffffff, 0x4200, 0x77baee5043f67170) creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x6, &(0x7f00000004c0)) socket(0x10, 0x3, 0x0) syz_mount_image$bfs(&(0x7f0000000180)='bfs\x00', &(0x7f0000000240)='.\x00', 0x9, 0x2, &(0x7f0000000380)=[{&(0x7f0000000280)="b9761aa3d805fe", 0x7, 0x4}, {&(0x7f00000002c0)="9c55428528ea09bca02a012e52b2347b24baeccfe0f104473dd4c89484619650c82e3fc155e3424461abd552fedb3f7cad80ddf4ff5e14b863f1511b1c8e0704fb5ad1aaae340b51a3c795a8c8fbcb3f713142170b1cbc8007a2f7bacb15da30ee3ba95418d8c4ceaea81b5de73469059b6b991730f038c97dd6bb54f220c9fa5dbc45e26cd4debfe90cf09cd1b67384f9bd7d470b0df540b1c0bc0914124968c0b02141ab8d2dc4a019f9e9035bfcd41715f5bd21a00650108470c5", 0xbc, 0x8}], 0x8010, 0x0) 00:12:54 executing program 0: r0 = open(&(0x7f00000001c0)='./bus\x00', 0x149043, 0x21b) r1 = open(&(0x7f000000fffa)='./bus\x00', 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40046602, &(0x7f0000000000)) write$UHID_INPUT(r0, &(0x7f0000000980), 0x10a9) r2 = creat(&(0x7f0000000140)='./bus\x00', 0x0) fcntl$setstatus(r2, 0x4, 0x46000) r3 = getpid() r4 = getpid() rt_tgsigqueueinfo(r3, r4, 0x16, &(0x7f0000000000)) lseek(0xffffffffffffffff, 0x4200, 0x77baee5043f67170) r5 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x6, &(0x7f00000004c0)=0x0) io_submit(r6, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r5, &(0x7f0000000000), 0x10000}]) r7 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r2, r7, 0x0, 0x8400fffffffb) 00:12:54 executing program 1: r0 = open(&(0x7f00000001c0)='./bus\x00', 0x149043, 0x21b) r1 = open(&(0x7f000000fffa)='./bus\x00', 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40046602, &(0x7f0000000000)) write$UHID_INPUT(r0, &(0x7f0000000980), 0x10a9) r2 = creat(&(0x7f0000000140)='./bus\x00', 0x0) fcntl$setstatus(r2, 0x4, 0x46000) r3 = getpid() r4 = getpid() rt_tgsigqueueinfo(r3, r4, 0x16, &(0x7f0000000000)) lseek(0xffffffffffffffff, 0x4200, 0x77baee5043f67170) creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x6, &(0x7f00000004c0)) syz_mount_image$bfs(&(0x7f0000000180)='bfs\x00', &(0x7f0000000240)='.\x00', 0x9, 0x2, &(0x7f0000000380)=[{&(0x7f0000000280)="b9761aa3d805fe", 0x7, 0x4}, {&(0x7f00000002c0)="9c55428528ea09bca02a012e52b2347b24baeccfe0f104473dd4c89484619650c82e3fc155e3424461abd552fedb3f7cad80ddf4ff5e14b863f1511b1c8e0704fb5ad1aaae340b51a3c795a8c8fbcb3f713142170b1cbc8007a2f7bacb15da30ee3ba95418d8c4ceaea81b5de73469059b6b991730f038c97dd6bb54f220c9fa5dbc45e26cd4debfe90cf09cd1b67384f9bd7d470b0df540b1c0bc0914124968c0b02141ab8d2dc4a019f9e9035bfcd41715f5bd21a00650108470c5", 0xbc, 0x8}], 0x8010, 0x0) 00:12:54 executing program 0: r0 = open(&(0x7f00000001c0)='./bus\x00', 0x149043, 0x21b) r1 = open(&(0x7f000000fffa)='./bus\x00', 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40046602, &(0x7f0000000000)) write$UHID_INPUT(r0, &(0x7f0000000980), 0x10a9) r2 = creat(&(0x7f0000000140)='./bus\x00', 0x0) fcntl$setstatus(r2, 0x4, 0x46000) r3 = getpid() r4 = getpid() rt_tgsigqueueinfo(r3, r4, 0x16, &(0x7f0000000000)) lseek(0xffffffffffffffff, 0x4200, 0x77baee5043f67170) r5 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_submit(0x0, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r5, &(0x7f0000000000), 0x10000}]) r6 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r2, r6, 0x0, 0x8400fffffffb) 00:12:54 executing program 0: r0 = open(&(0x7f00000001c0)='./bus\x00', 0x149043, 0x21b) r1 = open(&(0x7f000000fffa)='./bus\x00', 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40046602, &(0x7f0000000000)) write$UHID_INPUT(r0, &(0x7f0000000980), 0x10a9) r2 = creat(&(0x7f0000000140)='./bus\x00', 0x0) fcntl$setstatus(r2, 0x4, 0x46000) r3 = getpid() r4 = getpid() rt_tgsigqueueinfo(r3, r4, 0x16, &(0x7f0000000000)) lseek(0xffffffffffffffff, 0x4200, 0x77baee5043f67170) r5 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_submit(0x0, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r5, &(0x7f0000000000), 0x10000}]) r6 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r2, r6, 0x0, 0x8400fffffffb) 00:12:55 executing program 1: r0 = open(&(0x7f00000001c0)='./bus\x00', 0x149043, 0x21b) r1 = open(&(0x7f000000fffa)='./bus\x00', 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40046602, &(0x7f0000000000)) write$UHID_INPUT(r0, &(0x7f0000000980), 0x10a9) r2 = creat(&(0x7f0000000140)='./bus\x00', 0x0) fcntl$setstatus(r2, 0x4, 0x46000) r3 = getpid() r4 = getpid() rt_tgsigqueueinfo(r3, r4, 0x16, &(0x7f0000000000)) lseek(0xffffffffffffffff, 0x4200, 0x77baee5043f67170) creat(&(0x7f0000000000)='./bus\x00', 0x0) syz_mount_image$bfs(&(0x7f0000000180)='bfs\x00', &(0x7f0000000240)='.\x00', 0x9, 0x2, &(0x7f0000000380)=[{&(0x7f0000000280)="b9761aa3d805fe", 0x7, 0x4}, {&(0x7f00000002c0)="9c55428528ea09bca02a012e52b2347b24baeccfe0f104473dd4c89484619650c82e3fc155e3424461abd552fedb3f7cad80ddf4ff5e14b863f1511b1c8e0704fb5ad1aaae340b51a3c795a8c8fbcb3f713142170b1cbc8007a2f7bacb15da30ee3ba95418d8c4ceaea81b5de73469059b6b991730f038c97dd6bb54f220c9fa5dbc45e26cd4debfe90cf09cd1b67384f9bd7d470b0df540b1c0bc0914124968c0b02141ab8d2dc4a019f9e9035bfcd41715f5bd21a00650108470c5", 0xbc, 0x8}], 0x8010, 0x0) 00:12:55 executing program 0: r0 = open(&(0x7f00000001c0)='./bus\x00', 0x149043, 0x21b) r1 = open(&(0x7f000000fffa)='./bus\x00', 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40046602, &(0x7f0000000000)) write$UHID_INPUT(r0, &(0x7f0000000980), 0x10a9) r2 = creat(&(0x7f0000000140)='./bus\x00', 0x0) fcntl$setstatus(r2, 0x4, 0x46000) r3 = getpid() r4 = getpid() rt_tgsigqueueinfo(r3, r4, 0x16, &(0x7f0000000000)) lseek(0xffffffffffffffff, 0x4200, 0x77baee5043f67170) r5 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_submit(0x0, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r5, &(0x7f0000000000), 0x10000}]) r6 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r2, r6, 0x0, 0x8400fffffffb) 00:12:55 executing program 1: r0 = open(&(0x7f00000001c0)='./bus\x00', 0x149043, 0x21b) r1 = open(&(0x7f000000fffa)='./bus\x00', 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40046602, &(0x7f0000000000)) write$UHID_INPUT(r0, &(0x7f0000000980), 0x10a9) r2 = creat(&(0x7f0000000140)='./bus\x00', 0x0) fcntl$setstatus(r2, 0x4, 0x46000) r3 = getpid() r4 = getpid() rt_tgsigqueueinfo(r3, r4, 0x16, &(0x7f0000000000)) lseek(0xffffffffffffffff, 0x4200, 0x77baee5043f67170) syz_mount_image$bfs(&(0x7f0000000180)='bfs\x00', &(0x7f0000000240)='.\x00', 0x9, 0x2, &(0x7f0000000380)=[{&(0x7f0000000280)="b9761aa3d805fe", 0x7, 0x4}, {&(0x7f00000002c0)="9c55428528ea09bca02a012e52b2347b24baeccfe0f104473dd4c89484619650c82e3fc155e3424461abd552fedb3f7cad80ddf4ff5e14b863f1511b1c8e0704fb5ad1aaae340b51a3c795a8c8fbcb3f713142170b1cbc8007a2f7bacb15da30ee3ba95418d8c4ceaea81b5de73469059b6b991730f038c97dd6bb54f220c9fa5dbc45e26cd4debfe90cf09cd1b67384f9bd7d470b0df540b1c0bc0914124968c0b02141ab8d2dc4a019f9e9035bfcd41715f5bd21a00650108470c5", 0xbc, 0x8}], 0x8010, 0x0) 00:12:55 executing program 0: r0 = open(&(0x7f00000001c0)='./bus\x00', 0x149043, 0x21b) r1 = open(&(0x7f000000fffa)='./bus\x00', 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40046602, &(0x7f0000000000)) write$UHID_INPUT(r0, &(0x7f0000000980), 0x10a9) r2 = creat(&(0x7f0000000140)='./bus\x00', 0x0) fcntl$setstatus(r2, 0x4, 0x46000) r3 = getpid() r4 = getpid() rt_tgsigqueueinfo(r3, r4, 0x16, &(0x7f0000000000)) lseek(0xffffffffffffffff, 0x4200, 0x77baee5043f67170) io_setup(0x6, &(0x7f00000004c0)=0x0) io_submit(r5, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0xffffffffffffffff, &(0x7f0000000000), 0x10000}]) r6 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r2, r6, 0x0, 0x8400fffffffb) 00:12:55 executing program 1: r0 = open(&(0x7f00000001c0)='./bus\x00', 0x149043, 0x21b) r1 = open(&(0x7f000000fffa)='./bus\x00', 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40046602, &(0x7f0000000000)) write$UHID_INPUT(r0, &(0x7f0000000980), 0x10a9) r2 = creat(&(0x7f0000000140)='./bus\x00', 0x0) fcntl$setstatus(r2, 0x4, 0x46000) r3 = getpid() r4 = getpid() rt_tgsigqueueinfo(r3, r4, 0x16, &(0x7f0000000000)) syz_mount_image$bfs(&(0x7f0000000180)='bfs\x00', &(0x7f0000000240)='.\x00', 0x9, 0x2, &(0x7f0000000380)=[{&(0x7f0000000280)="b9761aa3d805fe", 0x7, 0x4}, {&(0x7f00000002c0)="9c55428528ea09bca02a012e52b2347b24baeccfe0f104473dd4c89484619650c82e3fc155e3424461abd552fedb3f7cad80ddf4ff5e14b863f1511b1c8e0704fb5ad1aaae340b51a3c795a8c8fbcb3f713142170b1cbc8007a2f7bacb15da30ee3ba95418d8c4ceaea81b5de73469059b6b991730f038c97dd6bb54f220c9fa5dbc45e26cd4debfe90cf09cd1b67384f9bd7d470b0df540b1c0bc0914124968c0b02141ab8d2dc4a019f9e9035bfcd41715f5bd21a00650108470c5", 0xbc, 0x8}], 0x8010, 0x0) 00:12:55 executing program 2: ioctl$DRM_IOCTL_GET_CLIENT(0xffffffffffffffff, 0xc0186405, &(0x7f0000000000)={0x0, 0x6e, {0x0}, {}, 0xc7, 0x101}) ptrace$peek(0x6, r0, &(0x7f0000000040)) r1 = openat$bsg(0xffffff9c, &(0x7f0000000080)='/dev/bsg\x00', 0x200, 0x0) r2 = accept4$vsock_stream(0xffffffffffffffff, &(0x7f00000000c0)={0x28, 0x0, 0x0, @host}, 0x10, 0x80800) ioctl$sock_kcm_SIOCKCMUNATTACH(r1, 0x89e1, &(0x7f0000000100)={r2}) pipe2(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) getsockopt$inet_sctp_SCTP_RTOINFO(r3, 0x84, 0x0, &(0x7f0000000180)={0x0, 0x8, 0x800000, 0xfff}, &(0x7f00000001c0)=0x10) r5 = accept4$alg(0xffffffffffffffff, 0x0, 0x0, 0x800) fcntl$setstatus(r5, 0x4, 0x66800) ioctl$sock_inet_SIOCSIFFLAGS(r3, 0x8914, &(0x7f0000000200)={'macvlan1\x00', 0x100}) sendmsg$DEVLINK_CMD_TRAP_GROUP_SET(0xffffffffffffffff, &(0x7f0000000380)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x13000401}, 0xc, &(0x7f0000000340)={&(0x7f0000000280)={0xb4, 0x0, 0x10, 0x70bd2b, 0x25dfdbfb, {}, [{@nsim={{0xe, 0x1, 'netdevsim\x00'}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0xd, 0x87, 'l2_drops\x00'}, {0x5}}, {@pci={{0x8, 0x1, 'pci\x00'}, {0x11, 0x2, '0000:00:10.0\x00'}}, {0xd, 0x87, 'l2_drops\x00'}, {0x5}}, {@pci={{0x8, 0x1, 'pci\x00'}, {0x11, 0x2, '0000:00:10.0\x00'}}, {0xd, 0x87, 'l2_drops\x00'}, {0x5, 0x83, 0x1}}]}, 0xb4}, 0x1, 0x0, 0x0, 0x14}, 0x240440c4) bind$ax25(r4, &(0x7f00000003c0)={{0x3, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, 0x6}, [@bcast, @default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}]}, 0x48) r6 = openat$qat_adf_ctl(0xffffff9c, &(0x7f0000000440)='/dev/qat_adf_ctl\x00', 0x88080, 0x0) inotify_add_watch(r6, &(0x7f0000000480)='./file0\x00', 0x4) ioctl$KVM_GET_VCPU_EVENTS(0xffffffffffffffff, 0x8040ae9f, &(0x7f00000004c0)) r7 = syz_init_net_socket$nl_rdma(0xffffffffffffffff, 0x3, 0x14) ioctl$sock_SIOCGIFVLAN_GET_VLAN_REALDEV_NAME_CMD(r7, 0x8982, &(0x7f0000000500)={0x8, 'team_slave_1\x00', {'veth0\x00'}, 0x9}) membarrier(0x20, 0x0) getresgid(&(0x7f0000000540)=0x0, &(0x7f0000000580), &(0x7f00000005c0)) getgroups(0x4, &(0x7f00000007c0)=[r8, 0xffffffffffffffff, 0x0, 0x0]) 00:12:55 executing program 0: r0 = open(&(0x7f00000001c0)='./bus\x00', 0x149043, 0x21b) r1 = open(&(0x7f000000fffa)='./bus\x00', 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40046602, &(0x7f0000000000)) write$UHID_INPUT(r0, &(0x7f0000000980), 0x10a9) r2 = creat(&(0x7f0000000140)='./bus\x00', 0x0) fcntl$setstatus(r2, 0x4, 0x46000) r3 = getpid() r4 = getpid() rt_tgsigqueueinfo(r3, r4, 0x16, &(0x7f0000000000)) lseek(0xffffffffffffffff, 0x4200, 0x77baee5043f67170) io_setup(0x6, &(0x7f00000004c0)=0x0) io_submit(r5, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0xffffffffffffffff, &(0x7f0000000000), 0x10000}]) r6 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r2, r6, 0x0, 0x8400fffffffb) 00:12:56 executing program 1: r0 = open(&(0x7f00000001c0)='./bus\x00', 0x149043, 0x21b) r1 = open(&(0x7f000000fffa)='./bus\x00', 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40046602, &(0x7f0000000000)) write$UHID_INPUT(r0, &(0x7f0000000980), 0x10a9) r2 = creat(&(0x7f0000000140)='./bus\x00', 0x0) fcntl$setstatus(r2, 0x4, 0x46000) getpid() getpid() syz_mount_image$bfs(&(0x7f0000000180)='bfs\x00', &(0x7f0000000240)='.\x00', 0x9, 0x2, &(0x7f0000000380)=[{&(0x7f0000000280)="b9761aa3d805fe", 0x7, 0x4}, {&(0x7f00000002c0)="9c55428528ea09bca02a012e52b2347b24baeccfe0f104473dd4c89484619650c82e3fc155e3424461abd552fedb3f7cad80ddf4ff5e14b863f1511b1c8e0704fb5ad1aaae340b51a3c795a8c8fbcb3f713142170b1cbc8007a2f7bacb15da30ee3ba95418d8c4ceaea81b5de73469059b6b991730f038c97dd6bb54f220c9fa5dbc45e26cd4debfe90cf09cd1b67384f9bd7d470b0df540b1c0bc0914124968c0b02141ab8d2dc4a019f9e9035bfcd41715f5bd21a00650108470c5", 0xbc, 0x8}], 0x8010, 0x0) 00:12:56 executing program 0: r0 = open(&(0x7f00000001c0)='./bus\x00', 0x149043, 0x21b) r1 = open(&(0x7f000000fffa)='./bus\x00', 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40046602, &(0x7f0000000000)) write$UHID_INPUT(r0, &(0x7f0000000980), 0x10a9) r2 = creat(&(0x7f0000000140)='./bus\x00', 0x0) fcntl$setstatus(r2, 0x4, 0x46000) r3 = getpid() r4 = getpid() rt_tgsigqueueinfo(r3, r4, 0x16, &(0x7f0000000000)) lseek(0xffffffffffffffff, 0x4200, 0x77baee5043f67170) io_setup(0x6, &(0x7f00000004c0)=0x0) io_submit(r5, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0xffffffffffffffff, &(0x7f0000000000), 0x10000}]) r6 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r2, r6, 0x0, 0x8400fffffffb) [ 276.902387][ T9107] IPVS: ftp: loaded support on port[0] = 21 00:12:56 executing program 1: r0 = open(&(0x7f00000001c0)='./bus\x00', 0x149043, 0x21b) r1 = open(&(0x7f000000fffa)='./bus\x00', 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40046602, &(0x7f0000000000)) write$UHID_INPUT(r0, &(0x7f0000000980), 0x10a9) r2 = creat(&(0x7f0000000140)='./bus\x00', 0x0) fcntl$setstatus(r2, 0x4, 0x46000) getpid() syz_mount_image$bfs(&(0x7f0000000180)='bfs\x00', &(0x7f0000000240)='.\x00', 0x9, 0x2, &(0x7f0000000380)=[{&(0x7f0000000280)="b9761aa3d805fe", 0x7, 0x4}, {&(0x7f00000002c0)="9c55428528ea09bca02a012e52b2347b24baeccfe0f104473dd4c89484619650c82e3fc155e3424461abd552fedb3f7cad80ddf4ff5e14b863f1511b1c8e0704fb5ad1aaae340b51a3c795a8c8fbcb3f713142170b1cbc8007a2f7bacb15da30ee3ba95418d8c4ceaea81b5de73469059b6b991730f038c97dd6bb54f220c9fa5dbc45e26cd4debfe90cf09cd1b67384f9bd7d470b0df540b1c0bc0914124968c0b02141ab8d2dc4a019f9e9035bfcd41715f5bd21a00650108470c5", 0xbc, 0x8}], 0x8010, 0x0) [ 277.245911][ T9107] chnl_net:caif_netlink_parms(): no params data found 00:12:56 executing program 0: r0 = open(&(0x7f00000001c0)='./bus\x00', 0x149043, 0x21b) r1 = open(&(0x7f000000fffa)='./bus\x00', 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40046602, &(0x7f0000000000)) write$UHID_INPUT(r0, &(0x7f0000000980), 0x10a9) r2 = creat(&(0x7f0000000140)='./bus\x00', 0x0) fcntl$setstatus(r2, 0x4, 0x46000) r3 = getpid() r4 = getpid() rt_tgsigqueueinfo(r3, r4, 0x16, &(0x7f0000000000)) r5 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x6, &(0x7f00000004c0)=0x0) io_submit(r6, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r5, &(0x7f0000000000), 0x10000}]) r7 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r2, r7, 0x0, 0x8400fffffffb) [ 277.523884][ T32] kauditd_printk_skb: 44 callbacks suppressed [ 277.523943][ T32] audit: type=1804 audit(1595031176.932:100): pid=9231 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir991351075/syzkaller.1TnMoX/15/bus" dev="sda1" ino=15767 res=1 [ 277.580382][ T9107] bridge0: port 1(bridge_slave_0) entered blocking state [ 277.587625][ T9107] bridge0: port 1(bridge_slave_0) entered disabled state [ 277.622006][ T9107] device bridge_slave_0 entered promiscuous mode [ 277.640337][ T9107] bridge0: port 2(bridge_slave_1) entered blocking state [ 277.647639][ T9107] bridge0: port 2(bridge_slave_1) entered disabled state [ 277.657345][ T9107] device bridge_slave_1 entered promiscuous mode [ 277.666015][ T32] audit: type=1804 audit(1595031177.082:101): pid=9242 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir070710994/syzkaller.fFUD1Q/31/bus" dev="sda1" ino=15775 res=1 00:12:57 executing program 1: r0 = open(&(0x7f00000001c0)='./bus\x00', 0x149043, 0x21b) r1 = open(&(0x7f000000fffa)='./bus\x00', 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40046602, &(0x7f0000000000)) write$UHID_INPUT(r0, &(0x7f0000000980), 0x10a9) r2 = creat(&(0x7f0000000140)='./bus\x00', 0x0) fcntl$setstatus(r2, 0x4, 0x46000) syz_mount_image$bfs(&(0x7f0000000180)='bfs\x00', &(0x7f0000000240)='.\x00', 0x9, 0x2, &(0x7f0000000380)=[{&(0x7f0000000280)="b9761aa3d805fe", 0x7, 0x4}, {&(0x7f00000002c0)="9c55428528ea09bca02a012e52b2347b24baeccfe0f104473dd4c89484619650c82e3fc155e3424461abd552fedb3f7cad80ddf4ff5e14b863f1511b1c8e0704fb5ad1aaae340b51a3c795a8c8fbcb3f713142170b1cbc8007a2f7bacb15da30ee3ba95418d8c4ceaea81b5de73469059b6b991730f038c97dd6bb54f220c9fa5dbc45e26cd4debfe90cf09cd1b67384f9bd7d470b0df540b1c0bc0914124968c0b02141ab8d2dc4a019f9e9035bfcd41715f5bd21a00650108470c5", 0xbc, 0x8}], 0x8010, 0x0) [ 277.767436][ T9107] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 277.775987][ T32] audit: type=1804 audit(1595031177.102:102): pid=9242 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir070710994/syzkaller.fFUD1Q/31/bus" dev="sda1" ino=15775 res=1 [ 277.783899][ T9107] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 277.801391][ T32] audit: type=1804 audit(1595031177.112:103): pid=9242 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir070710994/syzkaller.fFUD1Q/31/bus" dev="sda1" ino=15775 res=1 00:12:57 executing program 0: r0 = open(&(0x7f00000001c0)='./bus\x00', 0x149043, 0x21b) r1 = open(&(0x7f000000fffa)='./bus\x00', 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40046602, &(0x7f0000000000)) write$UHID_INPUT(r0, &(0x7f0000000980), 0x10a9) r2 = creat(&(0x7f0000000140)='./bus\x00', 0x0) fcntl$setstatus(r2, 0x4, 0x46000) getpid() getpid() r3 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x6, &(0x7f00000004c0)=0x0) io_submit(r4, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r3, &(0x7f0000000000), 0x10000}]) r5 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r2, r5, 0x0, 0x8400fffffffb) [ 278.025408][ T9107] team0: Port device team_slave_0 added [ 278.061771][ T9107] team0: Port device team_slave_1 added [ 278.169774][ T32] audit: type=1804 audit(1595031177.442:104): pid=9259 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir991351075/syzkaller.1TnMoX/16/bus" dev="sda1" ino=15767 res=1 00:12:57 executing program 1: r0 = open(&(0x7f00000001c0)='./bus\x00', 0x149043, 0x21b) r1 = open(&(0x7f000000fffa)='./bus\x00', 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40046602, &(0x7f0000000000)) write$UHID_INPUT(r0, &(0x7f0000000980), 0x10a9) creat(&(0x7f0000000140)='./bus\x00', 0x0) syz_mount_image$bfs(&(0x7f0000000180)='bfs\x00', &(0x7f0000000240)='.\x00', 0x9, 0x2, &(0x7f0000000380)=[{&(0x7f0000000280)="b9761aa3d805fe", 0x7, 0x4}, {&(0x7f00000002c0)="9c55428528ea09bca02a012e52b2347b24baeccfe0f104473dd4c89484619650c82e3fc155e3424461abd552fedb3f7cad80ddf4ff5e14b863f1511b1c8e0704fb5ad1aaae340b51a3c795a8c8fbcb3f713142170b1cbc8007a2f7bacb15da30ee3ba95418d8c4ceaea81b5de73469059b6b991730f038c97dd6bb54f220c9fa5dbc45e26cd4debfe90cf09cd1b67384f9bd7d470b0df540b1c0bc0914124968c0b02141ab8d2dc4a019f9e9035bfcd41715f5bd21a00650108470c5", 0xbc, 0x8}], 0x8010, 0x0) [ 278.251223][ T9107] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 278.258320][ T9107] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 278.284506][ T9107] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 278.375380][ T9107] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 278.382712][ T9107] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 278.409797][ T9107] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 278.551652][ T32] audit: type=1804 audit(1595031177.952:105): pid=9276 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir070710994/syzkaller.fFUD1Q/32/bus" dev="sda1" ino=15773 res=1 [ 278.576023][ T32] audit: type=1804 audit(1595031177.962:106): pid=9276 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir070710994/syzkaller.fFUD1Q/32/bus" dev="sda1" ino=15773 res=1 [ 278.600300][ T32] audit: type=1804 audit(1595031177.962:107): pid=9276 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir070710994/syzkaller.fFUD1Q/32/bus" dev="sda1" ino=15773 res=1 [ 278.629496][ T32] audit: type=1804 audit(1595031178.002:108): pid=9279 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir991351075/syzkaller.1TnMoX/17/bus" dev="sda1" ino=15775 res=1 00:12:58 executing program 1: r0 = open(&(0x7f00000001c0)='./bus\x00', 0x149043, 0x21b) r1 = open(&(0x7f000000fffa)='./bus\x00', 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40046602, &(0x7f0000000000)) write$UHID_INPUT(r0, &(0x7f0000000980), 0x10a9) syz_mount_image$bfs(&(0x7f0000000180)='bfs\x00', &(0x7f0000000240)='.\x00', 0x9, 0x2, &(0x7f0000000380)=[{&(0x7f0000000280)="b9761aa3d805fe", 0x7, 0x4}, {&(0x7f00000002c0)="9c55428528ea09bca02a012e52b2347b24baeccfe0f104473dd4c89484619650c82e3fc155e3424461abd552fedb3f7cad80ddf4ff5e14b863f1511b1c8e0704fb5ad1aaae340b51a3c795a8c8fbcb3f713142170b1cbc8007a2f7bacb15da30ee3ba95418d8c4ceaea81b5de73469059b6b991730f038c97dd6bb54f220c9fa5dbc45e26cd4debfe90cf09cd1b67384f9bd7d470b0df540b1c0bc0914124968c0b02141ab8d2dc4a019f9e9035bfcd41715f5bd21a00650108470c5", 0xbc, 0x8}], 0x8010, 0x0) 00:12:58 executing program 0: r0 = open(&(0x7f00000001c0)='./bus\x00', 0x149043, 0x21b) r1 = open(&(0x7f000000fffa)='./bus\x00', 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40046602, &(0x7f0000000000)) write$UHID_INPUT(r0, &(0x7f0000000980), 0x10a9) r2 = creat(&(0x7f0000000140)='./bus\x00', 0x0) fcntl$setstatus(r2, 0x4, 0x46000) getpid() r3 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x6, &(0x7f00000004c0)=0x0) io_submit(r4, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r3, &(0x7f0000000000), 0x10000}]) r5 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r2, r5, 0x0, 0x8400fffffffb) [ 278.847212][ T9107] device hsr_slave_0 entered promiscuous mode [ 278.886200][ T9107] device hsr_slave_1 entered promiscuous mode [ 278.931534][ T9107] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 278.939274][ T9107] Cannot create hsr debugfs directory [ 279.109136][ T32] audit: type=1804 audit(1595031178.482:109): pid=9303 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir070710994/syzkaller.fFUD1Q/33/bus" dev="sda1" ino=15773 res=1 00:12:58 executing program 0: r0 = open(&(0x7f00000001c0)='./bus\x00', 0x149043, 0x21b) r1 = open(&(0x7f000000fffa)='./bus\x00', 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40046602, &(0x7f0000000000)) write$UHID_INPUT(r0, &(0x7f0000000980), 0x10a9) r2 = creat(&(0x7f0000000140)='./bus\x00', 0x0) fcntl$setstatus(r2, 0x4, 0x46000) r3 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x6, &(0x7f00000004c0)=0x0) io_submit(r4, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r3, &(0x7f0000000000), 0x10000}]) r5 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r2, r5, 0x0, 0x8400fffffffb) [ 279.520700][ T9107] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 279.571534][ T9107] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 279.618136][ T9107] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 279.677739][ T9107] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 280.096805][ T9107] 8021q: adding VLAN 0 to HW filter on device bond0 [ 280.146118][ T3378] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 280.155099][ T3378] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 280.186233][ T9107] 8021q: adding VLAN 0 to HW filter on device team0 [ 280.217469][ T3378] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 280.228504][ T3378] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 280.237916][ T3378] bridge0: port 1(bridge_slave_0) entered blocking state [ 280.245363][ T3378] bridge0: port 1(bridge_slave_0) entered forwarding state [ 280.283456][ T3378] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 280.292682][ T3378] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 280.302737][ T3378] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 280.312470][ T3378] bridge0: port 2(bridge_slave_1) entered blocking state [ 280.319726][ T3378] bridge0: port 2(bridge_slave_1) entered forwarding state [ 280.333915][ T3378] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 280.354416][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 280.393478][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 280.404356][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 280.446673][ T9107] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 280.457683][ T9107] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 280.476112][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 280.486153][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 280.496973][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 280.507466][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 280.517117][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 280.527486][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 280.537099][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 280.552461][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 280.614352][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 280.623020][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 280.663884][ T9107] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 280.719872][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 280.730004][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 280.792836][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 280.802594][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 280.831986][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 280.842825][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 280.874479][ T9107] device veth0_vlan entered promiscuous mode [ 280.909687][ T9107] device veth1_vlan entered promiscuous mode [ 280.976780][ T3378] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 280.986656][ T3378] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 280.996264][ T3378] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 281.007335][ T3378] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 281.024780][ T9107] device veth0_macvtap entered promiscuous mode [ 281.050276][ T9107] device veth1_macvtap entered promiscuous mode [ 281.114460][ T9107] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 281.125183][ T9107] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 281.135261][ T9107] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 281.145914][ T9107] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 281.160030][ T9107] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 281.178856][ T3378] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 281.188332][ T3378] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 281.197584][ T3378] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 281.207522][ T3378] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 281.245939][ T9107] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 281.257237][ T9107] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 281.267368][ T9107] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 281.278011][ T9107] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 281.291722][ T9107] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 281.309354][ T30] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 281.320242][ T30] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready 00:13:01 executing program 1: open(&(0x7f00000001c0)='./bus\x00', 0x149043, 0x21b) r0 = open(&(0x7f000000fffa)='./bus\x00', 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r0, 0x40046602, &(0x7f0000000000)) syz_mount_image$bfs(&(0x7f0000000180)='bfs\x00', &(0x7f0000000240)='.\x00', 0x9, 0x2, &(0x7f0000000380)=[{&(0x7f0000000280)="b9761aa3d805fe", 0x7, 0x4}, {&(0x7f00000002c0)="9c55428528ea09bca02a012e52b2347b24baeccfe0f104473dd4c89484619650c82e3fc155e3424461abd552fedb3f7cad80ddf4ff5e14b863f1511b1c8e0704fb5ad1aaae340b51a3c795a8c8fbcb3f713142170b1cbc8007a2f7bacb15da30ee3ba95418d8c4ceaea81b5de73469059b6b991730f038c97dd6bb54f220c9fa5dbc45e26cd4debfe90cf09cd1b67384f9bd7d470b0df540b1c0bc0914124968c0b02141ab8d2dc4a019f9e9035bfcd41715f5bd21a00650108470c5", 0xbc, 0x8}], 0x8010, 0x0) 00:13:01 executing program 2: ioctl$DRM_IOCTL_GET_CLIENT(0xffffffffffffffff, 0xc0186405, &(0x7f0000000000)={0x0, 0x6e, {0x0}, {}, 0xc7, 0x101}) ptrace$peek(0x6, r0, &(0x7f0000000040)) r1 = openat$bsg(0xffffff9c, &(0x7f0000000080)='/dev/bsg\x00', 0x200, 0x0) r2 = accept4$vsock_stream(0xffffffffffffffff, &(0x7f00000000c0)={0x28, 0x0, 0x0, @host}, 0x10, 0x80800) ioctl$sock_kcm_SIOCKCMUNATTACH(r1, 0x89e1, &(0x7f0000000100)={r2}) pipe2(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) getsockopt$inet_sctp_SCTP_RTOINFO(r3, 0x84, 0x0, &(0x7f0000000180)={0x0, 0x8, 0x800000, 0xfff}, &(0x7f00000001c0)=0x10) r5 = accept4$alg(0xffffffffffffffff, 0x0, 0x0, 0x800) fcntl$setstatus(r5, 0x4, 0x66800) ioctl$sock_inet_SIOCSIFFLAGS(r3, 0x8914, &(0x7f0000000200)={'macvlan1\x00', 0x100}) sendmsg$DEVLINK_CMD_TRAP_GROUP_SET(0xffffffffffffffff, &(0x7f0000000380)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x13000401}, 0xc, &(0x7f0000000340)={&(0x7f0000000280)={0xb4, 0x0, 0x10, 0x70bd2b, 0x25dfdbfb, {}, [{@nsim={{0xe, 0x1, 'netdevsim\x00'}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0xd, 0x87, 'l2_drops\x00'}, {0x5}}, {@pci={{0x8, 0x1, 'pci\x00'}, {0x11, 0x2, '0000:00:10.0\x00'}}, {0xd, 0x87, 'l2_drops\x00'}, {0x5}}, {@pci={{0x8, 0x1, 'pci\x00'}, {0x11, 0x2, '0000:00:10.0\x00'}}, {0xd, 0x87, 'l2_drops\x00'}, {0x5, 0x83, 0x1}}]}, 0xb4}, 0x1, 0x0, 0x0, 0x14}, 0x240440c4) bind$ax25(r4, &(0x7f00000003c0)={{0x3, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, 0x6}, [@bcast, @default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}]}, 0x48) r6 = openat$qat_adf_ctl(0xffffff9c, &(0x7f0000000440)='/dev/qat_adf_ctl\x00', 0x88080, 0x0) inotify_add_watch(r6, &(0x7f0000000480)='./file0\x00', 0x4) ioctl$KVM_GET_VCPU_EVENTS(0xffffffffffffffff, 0x8040ae9f, &(0x7f00000004c0)) r7 = syz_init_net_socket$nl_rdma(0xffffffffffffffff, 0x3, 0x14) ioctl$sock_SIOCGIFVLAN_GET_VLAN_REALDEV_NAME_CMD(r7, 0x8982, &(0x7f0000000500)={0x8, 'team_slave_1\x00', {'veth0\x00'}, 0x9}) membarrier(0x20, 0x0) getresgid(&(0x7f0000000540)=0x0, &(0x7f0000000580), &(0x7f00000005c0)) getgroups(0x4, &(0x7f00000007c0)=[r8, 0xffffffffffffffff, 0x0, 0x0]) 00:13:01 executing program 0: r0 = open(&(0x7f00000001c0)='./bus\x00', 0x149043, 0x21b) r1 = open(&(0x7f000000fffa)='./bus\x00', 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40046602, &(0x7f0000000000)) write$UHID_INPUT(r0, &(0x7f0000000980), 0x10a9) r2 = creat(&(0x7f0000000140)='./bus\x00', 0x0) r3 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x6, &(0x7f00000004c0)=0x0) io_submit(r4, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r3, &(0x7f0000000000), 0x10000}]) r5 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r2, r5, 0x0, 0x8400fffffffb) 00:13:01 executing program 1: open(&(0x7f00000001c0)='./bus\x00', 0x149043, 0x21b) open(&(0x7f000000fffa)='./bus\x00', 0x0, 0x0) syz_mount_image$bfs(&(0x7f0000000180)='bfs\x00', &(0x7f0000000240)='.\x00', 0x9, 0x2, &(0x7f0000000380)=[{&(0x7f0000000280)="b9761aa3d805fe", 0x7, 0x4}, {&(0x7f00000002c0)="9c55428528ea09bca02a012e52b2347b24baeccfe0f104473dd4c89484619650c82e3fc155e3424461abd552fedb3f7cad80ddf4ff5e14b863f1511b1c8e0704fb5ad1aaae340b51a3c795a8c8fbcb3f713142170b1cbc8007a2f7bacb15da30ee3ba95418d8c4ceaea81b5de73469059b6b991730f038c97dd6bb54f220c9fa5dbc45e26cd4debfe90cf09cd1b67384f9bd7d470b0df540b1c0bc0914124968c0b02141ab8d2dc4a019f9e9035bfcd41715f5bd21a00650108470c5", 0xbc, 0x8}], 0x8010, 0x0) 00:13:01 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="0108001e7f", @ANYRES32=0x0, @ANYBLOB="0000000004000000080112000c0001006d6163766c616e00f80002004c0005000a0004002f000000000000000a00ebffd11bf5466bca00000a00040051338782f0c7cc920a000400aaaaaaaaaaaa00f709000400aaaaaaaaaabb20000a000400aaaaaac8aabb00000a000400aaaaaaaaaabb000008000100100000000a000400aaaaaaaaaaaa00000a000423aaaaaaaaaa230000080003000300000009bc030002000000640005000a1904000180c200df0300000a000400ffffffffffff00000a000400aaaaaaaaaa2400010a000400ffffffffffff00000a000400000000006e0000000afd030000000000000000000a0004000180c200000200000a00040010c784011564000008000300000000020a00050004"], 0x134}}, 0x0) 00:13:01 executing program 0: r0 = open(&(0x7f00000001c0)='./bus\x00', 0x149043, 0x21b) r1 = open(&(0x7f000000fffa)='./bus\x00', 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40046602, &(0x7f0000000000)) write$UHID_INPUT(r0, &(0x7f0000000980), 0x10a9) r2 = creat(&(0x7f0000000140)='./bus\x00', 0x0) r3 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x6, &(0x7f00000004c0)=0x0) io_submit(r4, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r3, &(0x7f0000000000), 0x10000}]) r5 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r2, r5, 0x0, 0x8400fffffffb) 00:13:02 executing program 2: ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NL80211_CMD_JOIN_MESH(r1, &(0x7f0000000600)={0x0, 0x0, &(0x7f00000005c0)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="340000001000010400"/20, @ANYRES32=r2, @ANYBLOB="0000000000000000140012000c000100627269646765"], 0x34}}, 0x0) r3 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$sock_inet6_SIOCSIFADDR(r4, 0x8916, &(0x7f0000000140)={@ipv4={[], [], @multicast2}, 0x0, r2}) r5 = getpid() r6 = getpid() rt_tgsigqueueinfo(r5, r6, 0x16, &(0x7f0000000000)) ptrace$getenv(0x4201, r6, 0x0, &(0x7f0000000000)) ioctl$sock_inet6_SIOCSIFADDR(r3, 0x8916, &(0x7f0000000080)={@ipv4={[], [], @private}, 0x0, r2}) r7 = socket$netlink(0x10, 0x3, 0x0) r8 = socket$packet(0x11, 0x3, 0x300) getsockname$packet(r8, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)) sendmsg$nl_route(r7, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newlink={0x20, 0x10, 0x825, 0x0, 0x0, {0xa, 0x0, 0x0, r9, 0x14301}}, 0x20}}, 0x0) [ 282.707130][ T32] kauditd_printk_skb: 8 callbacks suppressed [ 282.707191][ T32] audit: type=1804 audit(1595031182.112:118): pid=9391 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir070710994/syzkaller.fFUD1Q/36/bus" dev="sda1" ino=15800 res=1 00:13:02 executing program 1: open(&(0x7f00000001c0)='./bus\x00', 0x149043, 0x21b) syz_mount_image$bfs(&(0x7f0000000180)='bfs\x00', &(0x7f0000000240)='.\x00', 0x9, 0x2, &(0x7f0000000380)=[{&(0x7f0000000280)="b9761aa3d805fe", 0x7, 0x4}, {&(0x7f00000002c0)="9c55428528ea09bca02a012e52b2347b24baeccfe0f104473dd4c89484619650c82e3fc155e3424461abd552fedb3f7cad80ddf4ff5e14b863f1511b1c8e0704fb5ad1aaae340b51a3c795a8c8fbcb3f713142170b1cbc8007a2f7bacb15da30ee3ba95418d8c4ceaea81b5de73469059b6b991730f038c97dd6bb54f220c9fa5dbc45e26cd4debfe90cf09cd1b67384f9bd7d470b0df540b1c0bc0914124968c0b02141ab8d2dc4a019f9e9035bfcd41715f5bd21a00650108470c5", 0xbc, 0x8}], 0x8010, 0x0) [ 282.738277][ T32] audit: type=1804 audit(1595031182.112:119): pid=9391 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir070710994/syzkaller.fFUD1Q/36/bus" dev="sda1" ino=15800 res=1 [ 282.791039][ T32] audit: type=1804 audit(1595031182.122:120): pid=9391 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir070710994/syzkaller.fFUD1Q/36/bus" dev="sda1" ino=15800 res=1 00:13:02 executing program 0: r0 = open(&(0x7f00000001c0)='./bus\x00', 0x149043, 0x21b) r1 = open(&(0x7f000000fffa)='./bus\x00', 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40046602, &(0x7f0000000000)) write$UHID_INPUT(r0, &(0x7f0000000980), 0x10a9) r2 = creat(&(0x7f0000000140)='./bus\x00', 0x0) r3 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x6, &(0x7f00000004c0)=0x0) io_submit(r4, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r3, &(0x7f0000000000), 0x10000}]) r5 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r2, r5, 0x0, 0x8400fffffffb) [ 282.894858][ T9395] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'. [ 282.922780][ T9395] device sit0 entered promiscuous mode [ 283.023855][ T9395] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'. [ 283.150542][ T32] audit: type=1804 audit(1595031182.562:121): pid=9402 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir070710994/syzkaller.fFUD1Q/37/bus" dev="sda1" ino=15800 res=1 [ 283.176627][ T32] audit: type=1804 audit(1595031182.562:122): pid=9402 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir070710994/syzkaller.fFUD1Q/37/bus" dev="sda1" ino=15800 res=1 00:13:02 executing program 2: openat$dlm_control(0xffffff9c, &(0x7f0000000040)='/dev/dlm-control\x00', 0x100, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000000)={&(0x7f00000000c0)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x28, 0x28, 0x5, [@enum={0x0, 0x0, 0x0, 0x4}, @volatile={0x0, 0x0, 0x0, 0x2}, @var={0x1, 0x0, 0x0, 0xe, 0x2}]}, {0x0, [0x5f, 0x61, 0x5f]}}, &(0x7f0000004600)=""/210, 0x45, 0xd2, 0x8}, 0x20) [ 283.200955][ T32] audit: type=1804 audit(1595031182.562:123): pid=9402 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir070710994/syzkaller.fFUD1Q/37/bus" dev="sda1" ino=15800 res=1 00:13:02 executing program 1: syz_mount_image$bfs(&(0x7f0000000180)='bfs\x00', &(0x7f0000000240)='.\x00', 0x9, 0x2, &(0x7f0000000380)=[{&(0x7f0000000280)="b9761aa3d805fe", 0x7, 0x4}, {&(0x7f00000002c0)="9c55428528ea09bca02a012e52b2347b24baeccfe0f104473dd4c89484619650c82e3fc155e3424461abd552fedb3f7cad80ddf4ff5e14b863f1511b1c8e0704fb5ad1aaae340b51a3c795a8c8fbcb3f713142170b1cbc8007a2f7bacb15da30ee3ba95418d8c4ceaea81b5de73469059b6b991730f038c97dd6bb54f220c9fa5dbc45e26cd4debfe90cf09cd1b67384f9bd7d470b0df540b1c0bc0914124968c0b02141ab8d2dc4a019f9e9035bfcd41715f5bd21a00650108470c5", 0xbc, 0x8}], 0x8010, 0x0) 00:13:02 executing program 2: openat$dlm_control(0xffffff9c, &(0x7f0000000040)='/dev/dlm-control\x00', 0x100, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000000)={&(0x7f00000000c0)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x28, 0x28, 0x5, [@enum={0x0, 0x0, 0x0, 0x4}, @volatile={0x0, 0x0, 0x0, 0x2}, @var={0x1, 0x0, 0x0, 0xe, 0x2}]}, {0x0, [0x5f, 0x61, 0x5f]}}, &(0x7f0000004600)=""/210, 0x45, 0xd2, 0x8}, 0x20) 00:13:02 executing program 0: r0 = open(&(0x7f00000001c0)='./bus\x00', 0x149043, 0x21b) r1 = open(&(0x7f000000fffa)='./bus\x00', 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40046602, &(0x7f0000000000)) write$UHID_INPUT(r0, &(0x7f0000000980), 0x10a9) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x46000) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x6, &(0x7f00000004c0)=0x0) io_submit(r3, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r2, &(0x7f0000000000), 0x10000}]) r4 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(0xffffffffffffffff, r4, 0x0, 0x8400fffffffb) 00:13:02 executing program 2: pipe(&(0x7f0000000080)={0xffffffffffffffff}) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000280)={0x26, 'hash\x00', 0x0, 0x0, 'tgr192-generic\x00'}, 0x58) r2 = accept4(r1, 0x0, 0x0, 0x0) splice(r0, 0x0, r2, 0x0, 0x80000001, 0x0) pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) write(r3, &(0x7f0000000180)='>', 0x1) renameat(r0, &(0x7f0000000000)='./file0\x00', r3, &(0x7f0000000040)='./file0\x00') r4 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000800)=@newlink={0x3c, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @geneve={{0xb, 0x1, 'geneve\x00'}, {0x4}}}, @IFLA_GSO_MAX_SEGS={0x8}]}, 0x3c}}, 0x0) [ 283.620382][ T32] audit: type=1804 audit(1595031183.033:124): pid=9416 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir070710994/syzkaller.fFUD1Q/38/bus" dev="sda1" ino=15793 res=1 [ 283.661840][ T32] audit: type=1804 audit(1595031183.063:125): pid=9416 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir070710994/syzkaller.fFUD1Q/38/bus" dev="sda1" ino=15793 res=1 00:13:03 executing program 1: syz_mount_image$bfs(0x0, &(0x7f0000000240)='.\x00', 0x9, 0x2, &(0x7f0000000380)=[{&(0x7f0000000280)="b9761aa3d805fe", 0x7, 0x4}, {&(0x7f00000002c0)="9c55428528ea09bca02a012e52b2347b24baeccfe0f104473dd4c89484619650c82e3fc155e3424461abd552fedb3f7cad80ddf4ff5e14b863f1511b1c8e0704fb5ad1aaae340b51a3c795a8c8fbcb3f713142170b1cbc8007a2f7bacb15da30ee3ba95418d8c4ceaea81b5de73469059b6b991730f038c97dd6bb54f220c9fa5dbc45e26cd4debfe90cf09cd1b67384f9bd7d470b0df540b1c0bc0914124968c0b02141ab8d2dc4a019f9e9035bfcd41715f5bd21a00650108470c5", 0xbc, 0x8}], 0x8010, 0x0) 00:13:03 executing program 0: r0 = open(&(0x7f00000001c0)='./bus\x00', 0x149043, 0x21b) r1 = open(&(0x7f000000fffa)='./bus\x00', 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40046602, &(0x7f0000000000)) write$UHID_INPUT(r0, &(0x7f0000000980), 0x10a9) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x46000) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x6, &(0x7f00000004c0)=0x0) io_submit(r3, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r2, &(0x7f0000000000), 0x10000}]) r4 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(0xffffffffffffffff, r4, 0x0, 0x8400fffffffb) [ 284.033004][ T32] audit: type=1804 audit(1595031183.443:126): pid=9429 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir070710994/syzkaller.fFUD1Q/39/bus" dev="sda1" ino=15798 res=1 00:13:03 executing program 1: syz_mount_image$bfs(0x0, 0x0, 0x9, 0x2, &(0x7f0000000380)=[{&(0x7f0000000280)="b9761aa3d805fe", 0x7, 0x4}, {&(0x7f00000002c0)="9c55428528ea09bca02a012e52b2347b24baeccfe0f104473dd4c89484619650c82e3fc155e3424461abd552fedb3f7cad80ddf4ff5e14b863f1511b1c8e0704fb5ad1aaae340b51a3c795a8c8fbcb3f713142170b1cbc8007a2f7bacb15da30ee3ba95418d8c4ceaea81b5de73469059b6b991730f038c97dd6bb54f220c9fa5dbc45e26cd4debfe90cf09cd1b67384f9bd7d470b0df540b1c0bc0914124968c0b02141ab8d2dc4a019f9e9035bfcd41715f5bd21a00650108470c5", 0xbc, 0x8}], 0x8010, 0x0) [ 284.169737][ T32] audit: type=1804 audit(1595031183.483:127): pid=9429 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir070710994/syzkaller.fFUD1Q/39/bus" dev="sda1" ino=15798 res=1 00:13:03 executing program 0: r0 = open(&(0x7f00000001c0)='./bus\x00', 0x149043, 0x21b) r1 = open(&(0x7f000000fffa)='./bus\x00', 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40046602, &(0x7f0000000000)) write$UHID_INPUT(r0, &(0x7f0000000980), 0x10a9) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x46000) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x6, &(0x7f00000004c0)=0x0) io_submit(r3, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r2, &(0x7f0000000000), 0x10000}]) r4 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(0xffffffffffffffff, r4, 0x0, 0x8400fffffffb) 00:13:03 executing program 1: syz_mount_image$bfs(0x0, 0x0, 0x9, 0x2, &(0x7f0000000380)=[{&(0x7f0000000280)="b9761aa3d805fe", 0x7, 0x4}, {&(0x7f00000002c0)="9c55428528ea09bca02a012e52b2347b24baeccfe0f104473dd4c89484619650c82e3fc155e3424461abd552fedb3f7cad80ddf4ff5e14b863f1511b1c8e0704fb5ad1aaae340b51a3c795a8c8fbcb3f713142170b1cbc8007a2f7bacb15da30ee3ba95418d8c4ceaea81b5de73469059b6b991730f038c97dd6bb54f220c9fa5dbc45e26cd4debfe90cf09cd1b67384f9bd7d470b0df540b1c0bc0914124968c0b02141ab8d2dc4a019f9e9035bfcd41715f5bd21a00650108470c5", 0xbc, 0x8}], 0x8010, 0x0) 00:13:04 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=ANY=[@ANYBLOB="900000001000432408e623a2fb9143695c115271", @ANYRES32, @ANYBLOB="b5219e774600000008000a00", @ANYRES32=0x6, @ANYBLOB="6800120008000100677265005c00020008000400ac1414bb08000600ac1414aa08000600a9fe15bb08000700ac1414aa080007000000000008000700ac1e010108000a000100080008000300ab"], 0x90}}, 0x0) 00:13:04 executing program 0: open(&(0x7f00000001c0)='./bus\x00', 0x149043, 0x21b) r0 = open(&(0x7f000000fffa)='./bus\x00', 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r0, 0x40046602, &(0x7f0000000000)) r1 = creat(&(0x7f0000000140)='./bus\x00', 0x0) fcntl$setstatus(r1, 0x4, 0x46000) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x6, &(0x7f00000004c0)=0x0) io_submit(r3, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r2, &(0x7f0000000000), 0x10000}]) r4 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r1, r4, 0x0, 0x8400fffffffb) [ 284.826328][ T9449] netlink: 'syz-executor.2': attribute type 10 has an invalid length. [ 284.835263][ T9449] netlink: 'syz-executor.2': attribute type 3 has an invalid length. [ 284.843597][ T9449] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.2'. 00:13:04 executing program 1: syz_mount_image$bfs(0x0, 0x0, 0x9, 0x2, &(0x7f0000000380)=[{&(0x7f0000000280)="b9761aa3d805fe", 0x7, 0x4}, {&(0x7f00000002c0)="9c55428528ea09bca02a012e52b2347b24baeccfe0f104473dd4c89484619650c82e3fc155e3424461abd552fedb3f7cad80ddf4ff5e14b863f1511b1c8e0704fb5ad1aaae340b51a3c795a8c8fbcb3f713142170b1cbc8007a2f7bacb15da30ee3ba95418d8c4ceaea81b5de73469059b6b991730f038c97dd6bb54f220c9fa5dbc45e26cd4debfe90cf09cd1b67384f9bd7d470b0df540b1c0bc0914124968c0b02141ab8d2dc4a019f9e9035bfcd41715f5bd21a00650108470c5", 0xbc, 0x8}], 0x8010, 0x0) 00:13:04 executing program 2: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() socket$netlink(0x10, 0x3, 0xe) ptrace(0x10, r0) tkill(r0, 0x3a) pipe(&(0x7f0000000080)={0xffffffffffffffff}) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f0000000280)={0x26, 'hash\x00', 0x0, 0x0, 'tgr192-generic\x00'}, 0x58) r3 = accept4(r2, 0x0, 0x0, 0x0) splice(r1, 0x0, r3, 0x0, 0x80000001, 0x0) ioctl$VIDIOC_ENUMAUDIO(r1, 0xc0345641, &(0x7f0000000000)={0x0, "bd52afe21c74daaf84704024de73c50499c27f1a63b95c4b7d404ddfb4435b3e", 0x2, 0x1}) wait4(0xffffffffffffffff, 0x0, 0x0, 0x0) 00:13:04 executing program 0: open(&(0x7f00000001c0)='./bus\x00', 0x149043, 0x21b) open(&(0x7f000000fffa)='./bus\x00', 0x0, 0x0) r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) fcntl$setstatus(r0, 0x4, 0x46000) r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x6, &(0x7f00000004c0)=0x0) io_submit(r2, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r1, &(0x7f0000000000), 0x10000}]) r3 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r0, r3, 0x0, 0x8400fffffffb) 00:13:04 executing program 1: syz_mount_image$bfs(0x0, &(0x7f0000000240)='.\x00', 0x0, 0x2, &(0x7f0000000380)=[{&(0x7f0000000280)="b9761aa3d805fe", 0x7, 0x4}, {&(0x7f00000002c0)="9c55428528ea09bca02a012e52b2347b24baeccfe0f104473dd4c89484619650c82e3fc155e3424461abd552fedb3f7cad80ddf4ff5e14b863f1511b1c8e0704fb5ad1aaae340b51a3c795a8c8fbcb3f713142170b1cbc8007a2f7bacb15da30ee3ba95418d8c4ceaea81b5de73469059b6b991730f038c97dd6bb54f220c9fa5dbc45e26cd4debfe90cf09cd1b67384f9bd7d470b0df540b1c0bc0914124968c0b02141ab8d2dc4a019f9e9035bfcd41715f5bd21a00650108470c5", 0xbc, 0x8}], 0x8010, 0x0) 00:13:04 executing program 0: open(&(0x7f00000001c0)='./bus\x00', 0x149043, 0x21b) open(&(0x7f000000fffa)='./bus\x00', 0x0, 0x0) r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) fcntl$setstatus(r0, 0x4, 0x46000) r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x6, &(0x7f00000004c0)=0x0) io_submit(r2, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r1, &(0x7f0000000000), 0x10000}]) r3 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r0, r3, 0x0, 0x8400fffffffb) 00:13:05 executing program 1: syz_mount_image$bfs(0x0, &(0x7f0000000240)='.\x00', 0x0, 0x0, 0x0, 0x8010, 0x0) 00:13:05 executing program 0: open(&(0x7f00000001c0)='./bus\x00', 0x149043, 0x21b) open(&(0x7f000000fffa)='./bus\x00', 0x0, 0x0) r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) fcntl$setstatus(r0, 0x4, 0x46000) r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x6, &(0x7f00000004c0)=0x0) io_submit(r2, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r1, &(0x7f0000000000), 0x10000}]) r3 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r0, r3, 0x0, 0x8400fffffffb) 00:13:05 executing program 1: syz_mount_image$bfs(0x0, &(0x7f0000000240)='.\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 00:13:05 executing program 0: open(&(0x7f00000001c0)='./bus\x00', 0x149043, 0x21b) ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0x40046602, &(0x7f0000000000)) r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) fcntl$setstatus(r0, 0x4, 0x46000) r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x6, &(0x7f00000004c0)=0x0) io_submit(r2, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r1, &(0x7f0000000000), 0x10000}]) r3 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r0, r3, 0x0, 0x8400fffffffb) 00:13:05 executing program 1 (fault-call:0 fault-nth:0): syz_mount_image$bfs(0x0, &(0x7f0000000240)='.\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 00:13:05 executing program 0: open(&(0x7f00000001c0)='./bus\x00', 0x149043, 0x21b) ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0x40046602, &(0x7f0000000000)) r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) fcntl$setstatus(r0, 0x4, 0x46000) r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x6, &(0x7f00000004c0)=0x0) io_submit(r2, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r1, &(0x7f0000000000), 0x10000}]) r3 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r0, r3, 0x0, 0x8400fffffffb) [ 286.435085][ T9495] FAULT_INJECTION: forcing a failure. [ 286.435085][ T9495] name failslab, interval 1, probability 0, space 0, times 1 [ 286.448796][ T9495] CPU: 0 PID: 9495 Comm: syz-executor.1 Not tainted 5.8.0-rc5-syzkaller #0 [ 286.457459][ T9495] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 286.467583][ T9495] Call Trace: [ 286.470970][ T9495] dump_stack+0x1df/0x240 [ 286.475404][ T9495] should_fail+0x8b7/0x9e0 [ 286.479927][ T9495] __should_failslab+0x1f6/0x290 [ 286.484944][ T9495] should_failslab+0x29/0x70 [ 286.489632][ T9495] __kmalloc+0xae/0x460 [ 286.493872][ T9495] ? __se_sys_memfd_create+0x2a1/0xba0 [ 286.499428][ T9495] __se_sys_memfd_create+0x2a1/0xba0 [ 286.504823][ T9495] ? kmsan_set_origin_checked+0x95/0xf0 [ 286.510466][ T9495] ? kmsan_get_metadata+0x11d/0x180 [ 286.515759][ T9495] ? __se_sys_memfd_create+0xba0/0xba0 [ 286.521314][ T9495] __ia32_sys_memfd_create+0x3e/0x60 [ 286.526699][ T9495] __do_fast_syscall_32+0x2aa/0x400 [ 286.532005][ T9495] do_fast_syscall_32+0x6b/0xd0 [ 286.536970][ T9495] do_SYSENTER_32+0x73/0x90 [ 286.541582][ T9495] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 286.548024][ T9495] RIP: 0023:0xf7ff5549 [ 286.552132][ T9495] Code: Bad RIP value. [ 286.556247][ T9495] RSP: 002b:00000000f5deff0c EFLAGS: 00000296 ORIG_RAX: 0000000000000164 [ 286.564742][ T9495] RAX: ffffffffffffffda RBX: 00000000080d7780 RCX: 0000000000000000 [ 286.572800][ T9495] RDX: 000000000804d295 RSI: 0000000000000000 RDI: 0000000000000000 [ 286.580843][ T9495] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 286.588884][ T9495] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 286.596925][ T9495] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 00:13:06 executing program 0: open(&(0x7f00000001c0)='./bus\x00', 0x149043, 0x21b) ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0x40046602, &(0x7f0000000000)) r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) fcntl$setstatus(r0, 0x4, 0x46000) r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x6, &(0x7f00000004c0)=0x0) io_submit(r2, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r1, &(0x7f0000000000), 0x10000}]) r3 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r0, r3, 0x0, 0x8400fffffffb) 00:13:06 executing program 1 (fault-call:0 fault-nth:1): syz_mount_image$bfs(0x0, &(0x7f0000000240)='.\x00', 0x0, 0x0, 0x0, 0x0, 0x0) [ 287.340177][ T9505] FAULT_INJECTION: forcing a failure. [ 287.340177][ T9505] name failslab, interval 1, probability 0, space 0, times 0 [ 287.353191][ T9505] CPU: 0 PID: 9505 Comm: syz-executor.1 Not tainted 5.8.0-rc5-syzkaller #0 [ 287.361835][ T9505] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 287.371954][ T9505] Call Trace: [ 287.375329][ T9505] dump_stack+0x1df/0x240 [ 287.379739][ T9505] should_fail+0x8b7/0x9e0 [ 287.384242][ T9505] __should_failslab+0x1f6/0x290 [ 287.389250][ T9505] should_failslab+0x29/0x70 [ 287.393920][ T9505] kmem_cache_alloc+0xd0/0xd70 [ 287.398783][ T9505] ? stack_trace_save+0x123/0x1a0 [ 287.403887][ T9505] ? shmem_alloc_inode+0x5a/0xe0 [ 287.408909][ T9505] ? kmsan_get_metadata+0x11d/0x180 [ 287.414197][ T9505] ? kmsan_get_metadata+0x11d/0x180 [ 287.419467][ T9505] shmem_alloc_inode+0x5a/0xe0 [ 287.424297][ T9505] ? shmem_match+0x1e0/0x1e0 [ 287.428970][ T9505] new_inode_pseudo+0xb1/0x590 [ 287.433809][ T9505] new_inode+0x5a/0x3d0 [ 287.438040][ T9505] ? expand_files+0x96/0xb80 [ 287.442713][ T9505] ? kmsan_get_metadata+0x11d/0x180 [ 287.447993][ T9505] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 287.453864][ T9505] shmem_get_inode+0x1e1/0xe90 [ 287.458722][ T9505] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 287.464620][ T9505] __shmem_file_setup+0x273/0x5c0 [ 287.469745][ T9505] shmem_file_setup+0xc6/0xe0 [ 287.474501][ T9505] __se_sys_memfd_create+0x657/0xba0 [ 287.479877][ T9505] ? kmsan_get_metadata+0x11d/0x180 [ 287.485156][ T9505] ? __se_sys_memfd_create+0xba0/0xba0 [ 287.490696][ T9505] __ia32_sys_memfd_create+0x3e/0x60 [ 287.496062][ T9505] __do_fast_syscall_32+0x2aa/0x400 [ 287.501360][ T9505] do_fast_syscall_32+0x6b/0xd0 [ 287.506296][ T9505] do_SYSENTER_32+0x73/0x90 [ 287.510880][ T9505] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 287.517257][ T9505] RIP: 0023:0xf7ff5549 [ 287.521355][ T9505] Code: Bad RIP value. [ 287.525460][ T9505] RSP: 002b:00000000f5deff0c EFLAGS: 00000296 ORIG_RAX: 0000000000000164 [ 287.533939][ T9505] RAX: ffffffffffffffda RBX: 00000000080d7780 RCX: 0000000000000000 [ 287.541958][ T9505] RDX: 000000000804d295 RSI: 0000000000000000 RDI: 0000000000000000 [ 287.549981][ T9505] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 287.558011][ T9505] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 287.566031][ T9505] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 00:13:07 executing program 2: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f000000c280)={&(0x7f0000000300)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01010000000000000000020000000900010073797a300000000054000000030a01020000000000000000020000000900010073797a30000000ed28000480080002400000000008000140000000001800030069705f76746930000000000000e1ffff0a00030073797a32da3d9c13625e136f1100010000000000000000000000000a1c01730dad2684cc6e4dea17cec144c58c615d619d4a2a1b2fffa095d6a843a6b4cd72da5ba2282bccbecd6f156afcee0cdd0dcb965d4df8d0d63c92dae164e928a3e0f1dc3f47fa6aca19f764604274fe855459faeb90a71e7a97da36e8f65c7160095500fdcdd4900f9696eaee108a72ceffd22fa885825e128a7fa6c38a6c38254ff75c031fd6f3510dd158a28f6d15156393ba75b76baff2ed1cbcda4ef14e1cf340d853dfce23d6679cde3afd3656e52efa35f3dd32a2eaf2d3154da612e8759b249ddb70935843bf83450b5becda37a69a0f65736f15e33c17bf03c0a2c01f26aa00da777a178cdcbeebbc7d35e980e6671bf6c721bdaad779ebd8b406a73a2eec8990330fd41cabb3ae3b000000000000000000cb088289fa83108fcd937fe24f752c6449e97450ed7babe7334d38e9f360f0b958cf4ab6f8a94e8205f0ffc43aa52c7c58bbe965d9460efd499594af5f9dc061f93adfea53ac73a375430f2cf7cb4d95106adb2017fd8f0a62f147084c7e2cca8ba208250165e9e68ee997f8bacfbe01f505b0010e7f28432b234a66213393f702e78c4c75cdcd141b00"/584], 0x9c}}, 0x0) pipe(&(0x7f0000000080)={0xffffffffffffffff}) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f0000000280)={0x26, 'hash\x00', 0x0, 0x0, 'tgr192-generic\x00'}, 0x58) r3 = accept4(r2, 0x0, 0x0, 0x0) splice(r1, 0x0, r3, 0x0, 0x80000001, 0x0) pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) write(r5, &(0x7f0000000180)='>', 0x1) ioctl$EVIOCGLED(r5, 0x80404519, &(0x7f00000000c0)=""/174) sendmsg$IPSET_CMD_DESTROY(r4, &(0x7f0000000200)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f00000001c0)={&(0x7f0000000040)={0x28, 0x3, 0x6, 0x3, 0x0, 0x0, {0xc, 0x0, 0x1}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x28}, 0x1, 0x0, 0x0, 0x44}, 0x40040) ioctl$LOOP_CTL_GET_FREE(r1, 0x4c82) 00:13:07 executing program 0: r0 = open(&(0x7f000000fffa)='./bus\x00', 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r0, 0x40046602, &(0x7f0000000000)) r1 = creat(&(0x7f0000000140)='./bus\x00', 0x0) fcntl$setstatus(r1, 0x4, 0x46000) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x6, &(0x7f00000004c0)=0x0) io_submit(r3, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r2, &(0x7f0000000000), 0x10000}]) r4 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r1, r4, 0x0, 0x8400fffffffb) 00:13:07 executing program 1 (fault-call:0 fault-nth:2): syz_mount_image$bfs(0x0, &(0x7f0000000240)='.\x00', 0x0, 0x0, 0x0, 0x0, 0x0) [ 288.348603][ T9510] FAULT_INJECTION: forcing a failure. [ 288.348603][ T9510] name failslab, interval 1, probability 0, space 0, times 0 [ 288.361659][ T9510] CPU: 1 PID: 9510 Comm: syz-executor.1 Not tainted 5.8.0-rc5-syzkaller #0 [ 288.370312][ T9510] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 288.380418][ T9510] Call Trace: [ 288.383774][ T9510] dump_stack+0x1df/0x240 [ 288.388160][ T9510] should_fail+0x8b7/0x9e0 [ 288.392636][ T9510] __should_failslab+0x1f6/0x290 [ 288.397617][ T9510] should_failslab+0x29/0x70 [ 288.402253][ T9510] kmem_cache_alloc+0xd0/0xd70 [ 288.407066][ T9510] ? security_inode_alloc+0x98/0x4e0 [ 288.412400][ T9510] ? __should_failslab+0x1f6/0x290 [ 288.417556][ T9510] ? kmsan_get_metadata+0x11d/0x180 [ 288.422838][ T9510] ? kmsan_get_metadata+0x11d/0x180 [ 288.428113][ T9510] security_inode_alloc+0x98/0x4e0 [ 288.433278][ T9510] inode_init_always+0x4dd/0xad0 [ 288.438271][ T9510] new_inode_pseudo+0x1a2/0x590 [ 288.443166][ T9510] new_inode+0x5a/0x3d0 [ 288.447391][ T9510] ? expand_files+0x96/0xb80 [ 288.452028][ T9510] ? kmsan_get_metadata+0x11d/0x180 [ 288.457282][ T9510] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 288.463133][ T9510] shmem_get_inode+0x1e1/0xe90 [ 288.467960][ T9510] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 288.473823][ T9510] __shmem_file_setup+0x273/0x5c0 [ 288.478907][ T9510] shmem_file_setup+0xc6/0xe0 [ 288.483630][ T9510] __se_sys_memfd_create+0x657/0xba0 [ 288.488965][ T9510] ? kmsan_get_metadata+0x11d/0x180 [ 288.494206][ T9510] ? __se_sys_memfd_create+0xba0/0xba0 [ 288.499711][ T9510] __ia32_sys_memfd_create+0x3e/0x60 [ 288.505046][ T9510] __do_fast_syscall_32+0x2aa/0x400 [ 288.510308][ T9510] do_fast_syscall_32+0x6b/0xd0 [ 288.515213][ T9510] do_SYSENTER_32+0x73/0x90 [ 288.519766][ T9510] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 288.526117][ T9510] RIP: 0023:0xf7ff5549 [ 288.530195][ T9510] Code: Bad RIP value. [ 288.534277][ T9510] RSP: 002b:00000000f5deff0c EFLAGS: 00000296 ORIG_RAX: 0000000000000164 [ 288.542730][ T9510] RAX: ffffffffffffffda RBX: 00000000080d7780 RCX: 0000000000000000 [ 288.550727][ T9510] RDX: 000000000804d295 RSI: 0000000000000000 RDI: 0000000000000000 [ 288.558723][ T9510] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 288.566721][ T9510] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 288.574726][ T9510] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 288.603548][ T32] kauditd_printk_skb: 17 callbacks suppressed [ 288.603604][ T32] audit: type=1804 audit(1595031188.013:145): pid=9508 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir070710994/syzkaller.fFUD1Q/48/bus" dev="sda1" ino=15807 res=1 00:13:08 executing program 0: r0 = open(&(0x7f000000fffa)='./bus\x00', 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r0, 0x40046602, &(0x7f0000000000)) r1 = creat(&(0x7f0000000140)='./bus\x00', 0x0) fcntl$setstatus(r1, 0x4, 0x46000) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x6, &(0x7f00000004c0)=0x0) io_submit(r3, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r2, &(0x7f0000000000), 0x10000}]) r4 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r1, r4, 0x0, 0x8400fffffffb) [ 289.050585][ T32] audit: type=1804 audit(1595031188.463:146): pid=9518 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir070710994/syzkaller.fFUD1Q/49/bus" dev="sda1" ino=15807 res=1 [ 289.273992][ T9512] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.2'. 00:13:08 executing program 1: syz_mount_image$bfs(0x0, &(0x7f0000000000)='./file1\x00', 0x0, 0xfffffffffffffd81, 0x0, 0x112821, 0x0) pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000180)='>', 0x1) pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = openat$hwrng(0xffffff9c, &(0x7f0000000200)='/dev/hwrng\x00', 0x240002, 0x0) r4 = socket(0x40000000002, 0x3, 0x2) ioctl$sock_SIOCETHTOOL(r4, 0x8946, &(0x7f0000000080)={'vlan0\x00', &(0x7f0000000000)=@ethtool_sset_info={0x17}}) getsockopt$sock_cred(r4, 0x1, 0x11, &(0x7f0000000240)={0x0}, &(0x7f0000000300)=0xc) write$cgroup_pid(r3, &(0x7f0000000340)=r5, 0x12) write(r2, &(0x7f0000000180)='>', 0x1) pipe(&(0x7f0000000080)={0xffffffffffffffff}) r7 = socket$alg(0x26, 0x5, 0x0) bind$alg(r7, &(0x7f0000000280)={0x26, 'hash\x00', 0x0, 0x0, 'tgr192-generic\x00'}, 0x58) r8 = accept4(r7, 0x0, 0x0, 0x0) splice(r6, 0x0, r8, 0x0, 0x80000001, 0x0) ioctl$BINDER_WRITE_READ(r6, 0xc0306201, &(0x7f00000001c0)={0x8, 0x0, &(0x7f0000000100)=[@acquire={0x40046305, 0x2}], 0x27, 0x0, &(0x7f0000000140)="8f2a3d6756baab4da5bd8cc331cde6d382484cdb35149490f57ba1786233a2219088db6197ce23"}) pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) write(r9, &(0x7f0000000180)='>', 0x1) bpf$BPF_LINK_UPDATE(0x1d, &(0x7f00000000c0)={0xffffffffffffffff, r0, 0x0, r2}, 0x10) ioctl$KVM_ASSIGN_SET_MSIX_ENTRY(r1, 0x4010ae74, &(0x7f0000000040)={0x3, 0x7f79, 0x7}) 00:13:08 executing program 0: r0 = open(&(0x7f000000fffa)='./bus\x00', 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r0, 0x40046602, &(0x7f0000000000)) r1 = creat(&(0x7f0000000140)='./bus\x00', 0x0) fcntl$setstatus(r1, 0x4, 0x46000) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x6, &(0x7f00000004c0)=0x0) io_submit(r3, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r2, &(0x7f0000000000), 0x10000}]) r4 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r1, r4, 0x0, 0x8400fffffffb) [ 289.504370][ T9521] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.2'. 00:13:09 executing program 2: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=ANY=[@ANYBLOB="58000000020601020000000000000000000000690005000400000000000900020073797a3000000000050005000a00000005000100060000000c000780080006400000000014000300686173683a69702c706f72742c697000de4694f69aadc4d8072d590d4591f74b4e02ea36dc9f6200040000000000006cf8ce5ca7bdc556cb56fee7a25d21da8b64b6bd5dacd7c6b40e6164fa6c88bcc8b0d8d750bc9dcd0f2b32cfaa9ada63dfbb765a7673670a2cacebcf98f71b9cca01fb1276f636"], 0x58}}, 0x0) r1 = socket(0x40000000002, 0x3, 0x2) ioctl$sock_SIOCETHTOOL(r1, 0x8946, &(0x7f0000000080)={'vlan0\x00', &(0x7f0000000000)=@ethtool_sset_info={0x17}}) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') sendmsg$TIPC_NL_PEER_REMOVE(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)={0x54, r3, 0x1, 0x0, 0x0, {}, [@TIPC_NLA_NET={0x40}]}, 0x54}}, 0x0) sendmsg$TIPC_NL_LINK_SET(r1, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000100)={&(0x7f0000000040)={0x20, r3, 0x10, 0x70bd29, 0x25dfdbff, {}, [@TIPC_NLA_MON={0xc, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xab6200}]}]}, 0x20}, 0x1, 0x0, 0x0, 0x4000}, 0x44000) [ 289.637586][ T32] audit: type=1804 audit(1595031189.043:147): pid=9529 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir070710994/syzkaller.fFUD1Q/50/bus" dev="sda1" ino=15811 res=1 [ 289.789329][ T9533] netlink: 68 bytes leftover after parsing attributes in process `syz-executor.2'. [ 289.826850][ T9533] netlink: 60 bytes leftover after parsing attributes in process `syz-executor.2'. [ 289.873075][ T9533] netlink: 68 bytes leftover after parsing attributes in process `syz-executor.2'. [ 289.906513][ T9535] netlink: 60 bytes leftover after parsing attributes in process `syz-executor.2'. 00:13:09 executing program 0: open(0x0, 0x149043, 0x21b) r0 = open(&(0x7f000000fffa)='./bus\x00', 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r0, 0x40046602, &(0x7f0000000000)) r1 = creat(&(0x7f0000000140)='./bus\x00', 0x0) fcntl$setstatus(r1, 0x4, 0x46000) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x6, &(0x7f00000004c0)=0x0) io_submit(r3, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r2, &(0x7f0000000000), 0x10000}]) r4 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r1, r4, 0x0, 0x8400fffffffb) 00:13:09 executing program 2: pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) writev(r1, &(0x7f0000000200)=[{&(0x7f00000000c0)="580000001400ad", 0x7}], 0x1) write$binfmt_elf64(r1, &(0x7f0000000380)=ANY=[@ANYBLOB="d03103c66b9fb41c0929b1282aeb8ae9264d1b1d54bccc6f075451b2cd006948e0cd1b3a6825890e"], 0xa) r3 = socket(0x40000000002, 0x3, 0x2) mq_unlink(&(0x7f0000000040)='\xbb%-\x00') ioctl$sock_SIOCETHTOOL(r3, 0x8946, &(0x7f0000000080)={'vlan0\x00', &(0x7f0000000000)=ANY=[@ANYBLOB="09025dff"]}) fcntl$getownex(r1, 0x10, &(0x7f0000000180)={0x0, 0x0}) fcntl$lock(r3, 0x25, &(0x7f00000001c0)={0x2, 0x1, 0x7, 0x28c2, r4}) pipe(&(0x7f0000000080)={0xffffffffffffffff}) r6 = socket$alg(0x26, 0x5, 0x0) bind$alg(r6, &(0x7f0000000280)={0x26, 'hash\x00', 0x0, 0x0, 'tgr192-generic\x00'}, 0x58) r7 = accept4(r6, 0x0, 0x0, 0x0) splice(r5, 0x0, r7, 0x0, 0x80000001, 0x0) statx(r5, &(0x7f0000000080)='./file0\x00', 0x800, 0x4, &(0x7f0000000240)) close(r2) socket$netlink(0x10, 0x3, 0x4) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0xfef0) ioctl$sock_inet_SIOCDARP(r0, 0x8953, &(0x7f0000000100)={{0x2, 0x4e23, @loopback}, {0x306}, 0x8, {0x2, 0x4e22, @remote}, 'batadv0\x00'}) splice(r0, 0x0, r2, 0x0, 0x7ffffffd, 0x0) [ 290.168354][ T32] audit: type=1804 audit(1595031189.583:148): pid=9538 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir070710994/syzkaller.fFUD1Q/51/bus" dev="sda1" ino=15808 res=1 00:13:09 executing program 1: syz_mount_image$bfs(0x0, &(0x7f0000000000)='./file0\x00', 0x3, 0x0, 0x0, 0x2010040, 0x0) 00:13:09 executing program 0: open(0x0, 0x149043, 0x21b) r0 = open(&(0x7f000000fffa)='./bus\x00', 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r0, 0x40046602, &(0x7f0000000000)) r1 = creat(&(0x7f0000000140)='./bus\x00', 0x0) fcntl$setstatus(r1, 0x4, 0x46000) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x6, &(0x7f00000004c0)=0x0) io_submit(r3, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r2, &(0x7f0000000000), 0x10000}]) r4 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r1, r4, 0x0, 0x8400fffffffb) [ 290.553871][ T32] audit: type=1804 audit(1595031189.963:149): pid=9549 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir070710994/syzkaller.fFUD1Q/52/bus" dev="sda1" ino=15812 res=1 00:13:10 executing program 0: open(0x0, 0x149043, 0x21b) r0 = open(&(0x7f000000fffa)='./bus\x00', 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r0, 0x40046602, &(0x7f0000000000)) r1 = creat(&(0x7f0000000140)='./bus\x00', 0x0) fcntl$setstatus(r1, 0x4, 0x46000) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x6, &(0x7f00000004c0)=0x0) io_submit(r3, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r2, &(0x7f0000000000), 0x10000}]) r4 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r1, r4, 0x0, 0x8400fffffffb) 00:13:10 executing program 1: syz_mount_image$bfs(0x0, &(0x7f0000000000)='.\x00', 0x0, 0x0, 0x0, 0x0, 0x0) [ 291.032747][ T32] audit: type=1804 audit(1595031190.443:150): pid=9561 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir070710994/syzkaller.fFUD1Q/53/bus" dev="sda1" ino=15808 res=1 00:13:10 executing program 2: unshare(0x200) r0 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x338, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff7fffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9f, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r1, 0x0) openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x109041, 0x0) pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000180)='>', 0x1) ioctl$KDSETMODE(r2, 0x4b3a, 0x1) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r0, 0x2405, r1) socket$inet_udp(0x2, 0x2, 0x0) r3 = socket(0x40000000002, 0x3, 0x2) ioctl$sock_SIOCETHTOOL(r3, 0x8946, &(0x7f0000000080)={'vlan0\x00', &(0x7f0000000000)=@ethtool_sset_info={0x17}}) connect$can_bcm(r3, &(0x7f00000000c0), 0x10) perf_event_open(&(0x7f0000000240)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8001, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x5, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x70224100, 0x0, 0x0, 0x0, 0x0) 00:13:10 executing program 3: r0 = openat$btrfs_control(0xffffff9c, &(0x7f0000000000)='/dev/btrfs-control\x00', 0x12000, 0x0) sendmsg$RDMA_NLDEV_CMD_NEWLINK(r0, &(0x7f0000000200)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x1040}, 0xc, &(0x7f00000001c0)={&(0x7f0000000080)={0x128, 0x1403, 0x100, 0x70bd28, 0x25dfdbff, "", [{{0x9, 0x2, 'syz2\x00'}, {0x8, 0x41, 'siw\x00'}, {0x14, 0x33, 'veth0_to_hsr\x00'}}, {{0x9, 0x2, 'syz2\x00'}, {0x8, 0x41, 'siw\x00'}, {0x14, 0x33, 'geneve0\x00'}}, {{0x9, 0x2, 'syz1\x00'}, {0x8, 0x41, 'siw\x00'}, {0x14, 0x33, 'macvtap0\x00'}}, {{0x9, 0x2, 'syz0\x00'}, {0x8, 0x41, 'siw\x00'}, {0x14, 0x33, 'ip6gre0\x00'}}, {{0x9, 0x2, 'syz2\x00'}, {0x8, 0x41, 'rxe\x00'}, {0x14, 0x33, 'veth0_vlan\x00'}}, {{0x9, 0x2, 'syz1\x00'}, {0x8, 0x41, 'rxe\x00'}, {0x14, 0x33, 'vxcan1\x00'}}, {{0x9, 0x2, 'syz0\x00'}, {0x8, 0x41, 'rxe\x00'}, {0x14, 0x33, 'erspan0\x00'}}]}, 0x128}, 0x1, 0x0, 0x0, 0x20000000}, 0x4040804) r1 = openat$proc_capi20ncci(0xffffff9c, &(0x7f0000000240)='/proc/capi/capi20ncci\x00', 0x2c4040, 0x0) mq_timedsend(r1, &(0x7f0000000280)="a31a06d83434a0b1c0d2e854956b95d9276c1e1fb4b5344b423671bad0aed25344b2b3373ce69786d13b1a93612dea58bbf8dba18a2bed49e8d65dca6419ff7cc0efa5ffe3a8976959a298ad15b5260f50be61cb2b1896769eac5824850e8dce6fd1d5895e1c9dc17c9551be886141344341af439005c01ec9e8913023a833d64fd8c4f8093e4c111c6e659781b54719e6f10a55dbc093cebb6c61532c13d7793dc61b2315adbbfd4e", 0xa9, 0x8, &(0x7f0000000340)) r2 = openat(0xffffffffffffff9c, &(0x7f0000000380)='./file0\x00', 0x0, 0x865d6d4452a1f345) setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r2, 0x6, 0x14, &(0x7f00000003c0), 0x4) arch_prctl$ARCH_GET_FS(0x1003, &(0x7f0000000400)) r3 = syz_genetlink_get_family_id$devlink(&(0x7f0000000480)='devlink\x00') sendmsg$DEVLINK_CMD_TRAP_GROUP_SET(r2, &(0x7f0000000580)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000540)={&(0x7f00000004c0)={0x4c, r3, 0x800, 0x70bd26, 0x25dfdbfb, {}, [{@nsim={{0xe, 0x1, 'netdevsim\x00'}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0xd, 0x87, 'l2_drops\x00'}, {0x5}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x1}, 0x48811) mq_timedreceive(r0, &(0x7f00000005c0)=""/74, 0x4a, 0xfff, &(0x7f0000000640)={0x77359400}) openat$thread_pidfd(0xffffff9c, &(0x7f0000000680)='/proc/thread-self\x00', 0x80, 0x0) read$dsp(r2, &(0x7f00000006c0)=""/230, 0xe6) r4 = openat$proc_capi20ncci(0xffffff9c, &(0x7f00000007c0)='/proc/capi/capi20ncci\x00', 0x600000, 0x0) write$vhci(r4, &(0x7f0000000800)=@HCI_VENDOR_PKT={0xff, 0x1}, 0x2) getsockopt$inet_sctp6_SCTP_GET_ASSOC_NUMBER(r4, 0x84, 0x1c, &(0x7f0000000840), &(0x7f0000000880)=0x4) r5 = openat$zero(0xffffff9c, &(0x7f00000008c0)='/dev/zero\x00', 0x1, 0x0) ioctl$KVM_CHECK_EXTENSION(r5, 0xae03, 0x6) r6 = openat$full(0xffffff9c, &(0x7f0000000900)='/dev/full\x00', 0x18400, 0x0) r7 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000980)='TIPCv2\x00') sendmsg$TIPC_NL_UDP_GET_REMOTEIP(r6, &(0x7f0000000ac0)={&(0x7f0000000940)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000a80)={&(0x7f00000009c0)={0x9c, r7, 0x4, 0x70bd2d, 0x25dfdbfe, {}, [@TIPC_NLA_LINK={0x88, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x44, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x5}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x4}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0xcab}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x7fffffff}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xfffffffa}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x101}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x333cfe32}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x7ff}]}, @TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0xffffffc0}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x18}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x20000}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1f}]}, @TIPC_NLA_LINK_NAME={0x13, 0x1, 'broadcast-link\x00'}]}]}, 0x9c}, 0x1, 0x0, 0x0, 0x880}, 0x4000000) 00:13:10 executing program 0: open(&(0x7f00000001c0)='./bus\x00', 0x0, 0x21b) r0 = open(&(0x7f000000fffa)='./bus\x00', 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r0, 0x40046602, &(0x7f0000000000)) r1 = creat(&(0x7f0000000140)='./bus\x00', 0x0) fcntl$setstatus(r1, 0x4, 0x46000) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x6, &(0x7f00000004c0)=0x0) io_submit(r3, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r2, &(0x7f0000000000), 0x10000}]) r4 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r1, r4, 0x0, 0x8400fffffffb) [ 291.347390][ T32] audit: type=1400 audit(1595031190.753:151): avc: denied { sys_admin } for pid=9565 comm="syz-executor.2" capability=21 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=cap_userns permissive=1 [ 291.376918][ C1] hrtimer: interrupt took 92187 ns [ 291.395488][ T9566] IPVS: ftp: loaded support on port[0] = 21 [ 291.776802][ T32] audit: type=1804 audit(1595031191.183:152): pid=9585 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir070710994/syzkaller.fFUD1Q/54/bus" dev="sda1" ino=15813 res=1 [ 291.957888][ T32] audit: type=1400 audit(1595031191.243:153): avc: denied { net_raw } for pid=9592 comm="syz-executor.2" capability=13 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=cap_userns permissive=1 00:13:11 executing program 0: open(&(0x7f00000001c0)='./bus\x00', 0x0, 0x21b) r0 = open(&(0x7f000000fffa)='./bus\x00', 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r0, 0x40046602, &(0x7f0000000000)) r1 = creat(&(0x7f0000000140)='./bus\x00', 0x0) fcntl$setstatus(r1, 0x4, 0x46000) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x6, &(0x7f00000004c0)=0x0) io_submit(r3, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r2, &(0x7f0000000000), 0x10000}]) r4 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r1, r4, 0x0, 0x8400fffffffb) 00:13:11 executing program 2: unshare(0x200) r0 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x338, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff7fffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9f, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r1, 0x0) openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x109041, 0x0) pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000180)='>', 0x1) ioctl$KDSETMODE(r2, 0x4b3a, 0x1) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r0, 0x2405, r1) socket$inet_udp(0x2, 0x2, 0x0) r3 = socket(0x40000000002, 0x3, 0x2) ioctl$sock_SIOCETHTOOL(r3, 0x8946, &(0x7f0000000080)={'vlan0\x00', &(0x7f0000000000)=@ethtool_sset_info={0x17}}) connect$can_bcm(r3, &(0x7f00000000c0), 0x10) perf_event_open(&(0x7f0000000240)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8001, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x5, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x70224100, 0x0, 0x0, 0x0, 0x0) [ 292.403088][ T32] audit: type=1804 audit(1595031191.814:154): pid=9597 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir070710994/syzkaller.fFUD1Q/55/bus" dev="sda1" ino=15811 res=1 [ 292.612652][ T9601] IPVS: ftp: loaded support on port[0] = 21 00:13:12 executing program 0: open(&(0x7f00000001c0)='./bus\x00', 0x0, 0x21b) r0 = open(&(0x7f000000fffa)='./bus\x00', 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r0, 0x40046602, &(0x7f0000000000)) r1 = creat(&(0x7f0000000140)='./bus\x00', 0x0) fcntl$setstatus(r1, 0x4, 0x46000) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x6, &(0x7f00000004c0)=0x0) io_submit(r3, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r2, &(0x7f0000000000), 0x10000}]) r4 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r1, r4, 0x0, 0x8400fffffffb) [ 293.032082][ T9602] IPVS: ftp: loaded support on port[0] = 21 00:13:12 executing program 2: unshare(0x200) r0 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x338, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff7fffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9f, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r1, 0x0) openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x109041, 0x0) pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000180)='>', 0x1) ioctl$KDSETMODE(r2, 0x4b3a, 0x1) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r0, 0x2405, r1) socket$inet_udp(0x2, 0x2, 0x0) r3 = socket(0x40000000002, 0x3, 0x2) ioctl$sock_SIOCETHTOOL(r3, 0x8946, &(0x7f0000000080)={'vlan0\x00', &(0x7f0000000000)=@ethtool_sset_info={0x17}}) connect$can_bcm(r3, &(0x7f00000000c0), 0x10) perf_event_open(&(0x7f0000000240)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8001, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x5, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x70224100, 0x0, 0x0, 0x0, 0x0) [ 293.397031][ T9632] IPVS: ftp: loaded support on port[0] = 21 00:13:13 executing program 0: open(&(0x7f00000001c0)='./bus\x00', 0x149043, 0x0) r0 = open(&(0x7f000000fffa)='./bus\x00', 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r0, 0x40046602, &(0x7f0000000000)) r1 = creat(&(0x7f0000000140)='./bus\x00', 0x0) fcntl$setstatus(r1, 0x4, 0x46000) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x6, &(0x7f00000004c0)=0x0) io_submit(r3, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r2, &(0x7f0000000000), 0x10000}]) r4 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r1, r4, 0x0, 0x8400fffffffb) [ 293.911943][ T32] kauditd_printk_skb: 1 callbacks suppressed [ 293.911995][ T32] audit: type=1804 audit(1595031193.324:156): pid=9665 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir070710994/syzkaller.fFUD1Q/57/bus" dev="sda1" ino=15812 res=1 [ 293.942686][ T32] audit: type=1804 audit(1595031193.324:157): pid=9665 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir070710994/syzkaller.fFUD1Q/57/bus" dev="sda1" ino=15812 res=1 [ 293.966956][ T32] audit: type=1804 audit(1595031193.334:158): pid=9665 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir070710994/syzkaller.fFUD1Q/57/bus" dev="sda1" ino=15812 res=1 00:13:13 executing program 2: unshare(0x200) r0 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x338, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff7fffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9f, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r1, 0x0) openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x109041, 0x0) pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000180)='>', 0x1) ioctl$KDSETMODE(r2, 0x4b3a, 0x1) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r0, 0x2405, r1) socket$inet_udp(0x2, 0x2, 0x0) r3 = socket(0x40000000002, 0x3, 0x2) ioctl$sock_SIOCETHTOOL(r3, 0x8946, &(0x7f0000000080)={'vlan0\x00', &(0x7f0000000000)=@ethtool_sset_info={0x17}}) connect$can_bcm(r3, &(0x7f00000000c0), 0x10) perf_event_open(&(0x7f0000000240)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8001, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x5, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x70224100, 0x0, 0x0, 0x0, 0x0) 00:13:13 executing program 0: open(&(0x7f00000001c0)='./bus\x00', 0x149043, 0x0) r0 = open(0x0, 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r0, 0x40046602, &(0x7f0000000000)) r1 = creat(&(0x7f0000000140)='./bus\x00', 0x0) fcntl$setstatus(r1, 0x4, 0x46000) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x6, &(0x7f00000004c0)=0x0) io_submit(r3, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r2, &(0x7f0000000000), 0x10000}]) r4 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r1, r4, 0x0, 0x8400fffffffb) [ 294.497081][ T9602] chnl_net:caif_netlink_parms(): no params data found [ 294.570460][ T32] audit: type=1804 audit(1595031193.984:159): pid=9757 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir070710994/syzkaller.fFUD1Q/58/bus" dev="sda1" ino=15815 res=1 [ 294.714138][ T9762] IPVS: ftp: loaded support on port[0] = 21 00:13:14 executing program 0: open(&(0x7f00000001c0)='./bus\x00', 0x149043, 0x0) r0 = open(0x0, 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r0, 0x40046602, &(0x7f0000000000)) r1 = creat(&(0x7f0000000140)='./bus\x00', 0x0) fcntl$setstatus(r1, 0x4, 0x46000) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x6, &(0x7f00000004c0)=0x0) io_submit(r3, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r2, &(0x7f0000000000), 0x10000}]) r4 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r1, r4, 0x0, 0x8400fffffffb) 00:13:14 executing program 1: r0 = openat$nvram(0xffffff9c, &(0x7f0000000000)='/dev/nvram\x00', 0x10080, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) ioctl$sock_inet_SIOCRTMSG(r1, 0x890d, &(0x7f0000000400)={0x0, {0x2, 0x4e21, @multicast1}, {0x2, 0x4e24, @empty}, {0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x1d, 0x0, 0x0, 0x0, 0x5, 0x0, 0x401, 0x3, 0x40}) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) r2 = syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000000200)='NLBL_MGMT\x00') sendmsg$NLBL_MGMT_C_REMOVEDEF(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f00000002c0)={&(0x7f0000001b00)={0x48, r2, 0x300, 0x8, 0x25dfdbfd, {}, [@NLBL_MGMT_A_CLPDOI={0x8}, @NLBL_MGMT_A_IPV6MASK={0x14, 0x6, @initdev={0xfe, 0x88, [], 0x0, 0x0}}, @NLBL_MGMT_A_IPV4ADDR={0x8, 0x7, @multicast2}, @NLBL_MGMT_A_PROTOCOL={0x8, 0x2, 0x7}, @NLBL_MGMT_A_FAMILY={0x6, 0xb, 0x26}]}, 0x48}}, 0x0) sendmsg$NLBL_MGMT_C_VERSION(r1, &(0x7f00000003c0)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000380)={&(0x7f0000000480)={0x70, r2, 0x0, 0x70bd2d, 0x25dfdbfd, {}, [@NLBL_MGMT_A_FAMILY={0x6, 0xb, 0x8}, @NLBL_MGMT_A_PROTOCOL={0x8, 0x2, 0x5}, @NLBL_MGMT_A_IPV6ADDR={0x14, 0x5, @ipv4={[], [], @remote}}, @NLBL_MGMT_A_DOMAIN={0x12, 0x1, 'memory.events\x00'}, @NLBL_MGMT_A_FAMILY={0x6, 0xb, 0xa}, @NLBL_MGMT_A_CV4DOI={0x8, 0x4, 0x2}, @NLBL_MGMT_A_IPV6MASK={0x14, 0x6, @private1}]}, 0x70}, 0x1, 0x0, 0x0, 0x845}, 0x0) sendmsg$NLBL_MGMT_C_PROTOCOLS(r0, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x220800}, 0xc, &(0x7f0000000100)={&(0x7f0000000080)={0x44, r2, 0x400, 0x70bd26, 0x25dfdbff, {}, [@NLBL_MGMT_A_PROTOCOL={0x8, 0x2, 0x5}, @NLBL_MGMT_A_IPV6ADDR={0x14, 0x5, @dev={0xfe, 0x80, [], 0x37}}, @NLBL_MGMT_A_IPV6ADDR={0x14, 0x5, @mcast2}]}, 0x44}, 0x1, 0x0, 0x0, 0x40000}, 0x48051) syz_mount_image$bfs(0x0, &(0x7f0000000240)='.\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 00:13:14 executing program 2: open(&(0x7f00000001c0)='./bus\x00', 0x0, 0x21b) r0 = open(&(0x7f000000fffa)='./bus\x00', 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r0, 0x40046602, &(0x7f0000000000)) r1 = creat(&(0x7f0000000140)='./bus\x00', 0x0) fcntl$setstatus(r1, 0x4, 0x46000) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x6, &(0x7f00000004c0)=0x0) io_submit(r3, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r2, &(0x7f0000000000), 0x10000}]) r4 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r1, r4, 0x0, 0x8400fffffffb) [ 295.255700][ T9806] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=9806 comm=syz-executor.1 [ 295.273089][ T9602] bridge0: port 1(bridge_slave_0) entered blocking state [ 295.281215][ T9602] bridge0: port 1(bridge_slave_0) entered disabled state [ 295.291071][ T9602] device bridge_slave_0 entered promiscuous mode [ 295.473663][ T32] audit: type=1804 audit(1595031194.884:160): pid=9811 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir070710994/syzkaller.fFUD1Q/59/bus" dev="sda1" ino=15817 res=1 [ 295.501866][ T9602] bridge0: port 2(bridge_slave_1) entered blocking state [ 295.509736][ T9602] bridge0: port 2(bridge_slave_1) entered disabled state [ 295.519290][ T9602] device bridge_slave_1 entered promiscuous mode [ 295.637979][ T32] audit: type=1804 audit(1595031195.044:161): pid=9818 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir479684680/syzkaller.ZuIpEt/16/bus" dev="sda1" ino=15819 res=1 [ 295.700801][ T9602] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 295.773225][ T9602] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 295.866325][ T9602] team0: Port device team_slave_0 added [ 295.878227][ T9602] team0: Port device team_slave_1 added [ 295.952586][ T9602] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 295.959792][ T9602] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 295.986022][ T9602] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 296.027454][ T9602] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 296.034529][ T9602] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 296.060774][ T9602] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 296.258316][ T9602] device hsr_slave_0 entered promiscuous mode [ 296.316705][ T9602] device hsr_slave_1 entered promiscuous mode [ 296.350662][ T9602] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 296.358460][ T9602] Cannot create hsr debugfs directory [ 296.698856][ T9602] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 296.774447][ T9602] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 296.825863][ T9602] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 297.010087][ T9602] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 297.316277][ T9602] 8021q: adding VLAN 0 to HW filter on device bond0 [ 297.362935][ T3087] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 297.371964][ T3087] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 297.404157][ T9602] 8021q: adding VLAN 0 to HW filter on device team0 [ 297.443182][ T30] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 297.452506][ T30] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 297.461746][ T30] bridge0: port 1(bridge_slave_0) entered blocking state [ 297.469085][ T30] bridge0: port 1(bridge_slave_0) entered forwarding state [ 297.519072][ T30] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 297.528431][ T30] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 297.538214][ T30] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 297.547552][ T30] bridge0: port 2(bridge_slave_1) entered blocking state [ 297.554684][ T30] bridge0: port 2(bridge_slave_1) entered forwarding state [ 297.563703][ T30] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 297.574665][ T30] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 297.585696][ T30] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 297.596208][ T30] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 297.664106][ T9602] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 297.676624][ T9602] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 297.707332][ T30] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 297.717130][ T30] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 297.726916][ T30] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 297.736193][ T30] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 297.746776][ T30] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 297.757102][ T30] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 297.766793][ T30] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 297.815635][ T9602] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 297.840054][ T30] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 297.848994][ T30] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 297.856839][ T30] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 297.888607][ T30] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 297.898466][ T30] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 297.962536][ T30] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 297.975971][ T30] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 297.990035][ T9602] device veth0_vlan entered promiscuous mode [ 298.009423][ T30] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 298.018743][ T30] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 298.035026][ T9602] device veth1_vlan entered promiscuous mode [ 298.092274][ T30] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 298.101698][ T30] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 298.111124][ T30] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 298.121179][ T30] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 298.141846][ T9602] device veth0_macvtap entered promiscuous mode [ 298.159780][ T9602] device veth1_macvtap entered promiscuous mode [ 298.200839][ T9602] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 298.213981][ T9602] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 298.224053][ T9602] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 298.234628][ T9602] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 298.244596][ T9602] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 298.255142][ T9602] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 298.269209][ T9602] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 298.277846][ T30] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 298.287316][ T30] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 298.296641][ T30] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 298.306690][ T30] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 298.335905][ T9602] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 298.346532][ T9602] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 298.358076][ T9602] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 298.368687][ T9602] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 298.378701][ T9602] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 298.389325][ T9602] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 298.403153][ T9602] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 298.411530][ T30] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 298.421553][ T30] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready 00:13:18 executing program 1: r0 = socket(0x40000000002, 0x3, 0x2) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000080)={'vlan0\x00', &(0x7f0000000100)=ANY=[@ANYBLOB="17400000000000000000000000000000550100008000000000deb33736a97b8fd28d76fd1e85545e6e0403717d9fc4553fee864f6e9a49c7ec76"]}) r1 = socket(0x40000000002, 0x3, 0x2) ioctl$sock_SIOCETHTOOL(r1, 0x8946, &(0x7f0000000080)={'vlan0\x00', &(0x7f0000000000)=@ethtool_sset_info={0x17}}) sendfile(r0, r1, &(0x7f0000000180)=0x59d5427a, 0x8000) setsockopt$inet_int(r1, 0x0, 0xe, &(0x7f0000000140)=0x9, 0x4) sendmsg$RDMA_NLDEV_CMD_STAT_SET(r0, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x38, 0x1410, 0x1, 0x70bd2c, 0x25dfdbfc, "", [@RDMA_NLDEV_ATTR_STAT_AUTO_MODE_MASK={0x8, 0x4c, 0x1}, @RDMA_NLDEV_ATTR_STAT_AUTO_MODE_MASK={0x8, 0x4c, 0x1}, @RDMA_NLDEV_ATTR_PORT_INDEX={0x8, 0x3, 0x2}, @RDMA_NLDEV_ATTR_STAT_RES={0x8}, @RDMA_NLDEV_ATTR_STAT_AUTO_MODE_MASK={0x8}]}, 0x38}, 0x1, 0x0, 0x0, 0x20040000}, 0x0) syz_mount_image$bfs(0x0, &(0x7f0000000240)='.\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 00:13:18 executing program 0: open(&(0x7f00000001c0)='./bus\x00', 0x149043, 0x0) r0 = open(0x0, 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r0, 0x40046602, &(0x7f0000000000)) r1 = creat(&(0x7f0000000140)='./bus\x00', 0x0) fcntl$setstatus(r1, 0x4, 0x46000) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x6, &(0x7f00000004c0)=0x0) io_submit(r3, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r2, &(0x7f0000000000), 0x10000}]) r4 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r1, r4, 0x0, 0x8400fffffffb) 00:13:18 executing program 2: r0 = socket(0x40000000002, 0x3, 0x2) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000080)={'vlan0\x00', &(0x7f0000000000)=@ethtool_sset_info={0x17}}) r1 = socket(0x40000000002, 0x3, 0x2) ioctl$sock_SIOCETHTOOL(r1, 0x8946, &(0x7f0000000080)={'vlan0\x00', &(0x7f0000000000)=@ethtool_sset_info={0x17}}) r2 = openat$uinput(0xffffff9c, &(0x7f0000000040)='/dev/uinput\x00', 0x802, 0x0) open_by_handle_at(r2, &(0x7f00000000c0)=ANY=[@ANYRESOCT], 0x373503) 00:13:18 executing program 3: r0 = syz_open_dev$sndctrl(&(0x7f0000001440)='/dev/snd/controlC#\x00', 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r0, 0x40045532, &(0x7f0000000040)) r1 = openat$audio(0xffffffffffffff9c, &(0x7f0000000100)='/dev/audio\x00', 0xa7805a08cd8c846a, 0x0) r2 = getpid() r3 = getpid() rt_tgsigqueueinfo(r2, r3, 0x16, &(0x7f0000000000)) ptrace(0x10, r2) ptrace$setregs(0xd, r2, 0x0, &(0x7f0000000080)) ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r0, 0xc1105517, &(0x7f0000000280)={{0x0, 0x1, 0x8000, 0x8, 'syz1\x00', 0x9}, 0x6, 0x100, 0x800, r2, 0x3, 0x3ff, 'syz0\x00', &(0x7f0000000080)=['/dev/snd/controlC#\x00', '$#\x00', '\'+\x00'], 0x19, [], [0x800, 0x3, 0x81, 0x4]}) r4 = syz_open_dev$sndpcmp(&(0x7f0000000000)='/dev/snd/pcmC#D#p\x00', 0x0, 0x405) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000240)={0x0, 0x18, 0xfa00, {0x0, 0x0}}, 0x20) ioctl$SNDRV_PCM_IOCTL_SW_PARAMS(r4, 0x4112, 0x0) socket$nl_xfrm(0x10, 0x3, 0x6) [ 299.315883][ T32] audit: type=1804 audit(1595031198.724:162): pid=9927 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir070710994/syzkaller.fFUD1Q/60/bus" dev="sda1" ino=15829 res=1 00:13:19 executing program 1: syz_mount_image$bfs(0x0, &(0x7f0000000240)='.\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r0 = socket(0x40000000002, 0x3, 0x2) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000080)={'vlan0\x00', &(0x7f0000000000)=@ethtool_sset_info={0x17}}) ioctl$F2FS_IOC_MOVE_RANGE(0xffffffffffffffff, 0xc01cf509, &(0x7f0000000040)={r0, 0x3, 0x800, 0x9}) setsockopt$inet_sctp_SCTP_FRAGMENT_INTERLEAVE(r1, 0x84, 0x12, &(0x7f00000000c0)=0x3c, 0x4) r2 = socket(0x28, 0x3, 0x2) ioctl$sock_SIOCETHTOOL(r2, 0x8946, &(0x7f0000000080)={'vlan0\x00', &(0x7f0000000100)=ANY=[@ANYBLOB="170000008d3953a85b63cb000000000000000000"]}) ioctl$sock_FIOGETOWN(r2, 0x8903, &(0x7f0000000000)) 00:13:19 executing program 2: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = getpid() r2 = socket(0xd, 0x80000, 0x0) getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0xee01, 0x0, 0xffffffffffffffff) sendmsg$unix(r0, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000100)=[@cred={{0x18, 0x1, 0x2, {r1, 0x0, r3}}}], 0x18}, 0x0) 00:13:19 executing program 0: open(&(0x7f00000001c0)='./bus\x00', 0x149043, 0x0) open(&(0x7f000000fffa)='./bus\x00', 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0x40046602, &(0x7f0000000000)) r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) fcntl$setstatus(r0, 0x4, 0x46000) r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x6, &(0x7f00000004c0)=0x0) io_submit(r2, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r1, &(0x7f0000000000), 0x10000}]) r3 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r0, r3, 0x0, 0x8400fffffffb) [ 300.022796][ T32] audit: type=1804 audit(1595031199.434:163): pid=9947 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir070710994/syzkaller.fFUD1Q/61/bus" dev="sda1" ino=15833 res=1 [ 300.047121][ T32] audit: type=1804 audit(1595031199.434:164): pid=9947 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir070710994/syzkaller.fFUD1Q/61/bus" dev="sda1" ino=15833 res=1 [ 300.071390][ T32] audit: type=1804 audit(1595031199.434:165): pid=9947 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir070710994/syzkaller.fFUD1Q/61/bus" dev="sda1" ino=15833 res=1 00:13:19 executing program 2: r0 = socket$inet6(0xa, 0x2, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x3, 0x2) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x48, &(0x7f00000001c0)={@ipv4={[0x2, 0x4, 0x0, 0x0, 0x4, 0x0, 0x2], [], @loopback}}, 0x20) r1 = openat$dsp(0xffffff9c, &(0x7f0000000040)='/dev/dsp\x00', 0x240000, 0x0) r2 = openat$zero(0xffffff9c, &(0x7f00000000c0)='/dev/zero\x00', 0x200, 0x0) r3 = getpgid(0xffffffffffffffff) write$P9_RGETLOCK(r2, &(0x7f0000000100)={0x2a, 0x37, 0x1, {0x2, 0x79, 0x3, r3, 0xc, '/dev/radio#\x00'}}, 0x2a) ioctl$SOUND_MIXER_READ_STEREODEVS(r1, 0x80044dfb, &(0x7f0000000080)) 00:13:19 executing program 0: open(&(0x7f00000001c0)='./bus\x00', 0x149043, 0x0) open(&(0x7f000000fffa)='./bus\x00', 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0x40046602, &(0x7f0000000000)) r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) fcntl$setstatus(r0, 0x4, 0x46000) r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x6, &(0x7f00000004c0)=0x0) io_submit(r2, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r1, &(0x7f0000000000), 0x10000}]) r3 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r0, r3, 0x0, 0x8400fffffffb) 00:13:19 executing program 1: syz_mount_image$bfs(0x0, &(0x7f0000000240)='.\x00', 0x0, 0x0, 0x0, 0xad2b75a670a62048, 0x0) 00:13:20 executing program 3: r0 = openat2$dir(0xffffff9c, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)={0x30001, 0x10, 0x19}, 0x18) openat2(r0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080)={0x24040, 0x0, 0x6}, 0x18) symlink(&(0x7f0000000100)='./file0\x00', &(0x7f0000000140)='./file0\x00') [ 300.654627][ T32] audit: type=1804 audit(1595031200.064:166): pid=9962 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir070710994/syzkaller.fFUD1Q/62/bus" dev="sda1" ino=15832 res=1 [ 300.678973][ T32] audit: type=1804 audit(1595031200.064:167): pid=9962 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir070710994/syzkaller.fFUD1Q/62/bus" dev="sda1" ino=15832 res=1 [ 300.703950][ T32] audit: type=1804 audit(1595031200.094:168): pid=9962 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir070710994/syzkaller.fFUD1Q/62/bus" dev="sda1" ino=15832 res=1 00:13:20 executing program 2: pipe2$9p(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) write$P9_RVERSION(r1, &(0x7f0000000480)=ANY=[@ANYBLOB="1500000065ffff018000003b"], 0x15) r2 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$sock_int(r2, 0x1, 0x6, &(0x7f0000000140)=0x30, 0x4) r3 = openat$cachefiles(0xffffff9c, &(0x7f0000000100)='/dev/cachefiles\x00', 0x12000, 0x0) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) getsockopt$sock_cred(r4, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0x6) setresuid(0x0, r5, 0x0) mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000000c0)='9p\x00', 0x14d020, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@afid={'afid', 0x3d, 0x6d00000}}, {@cache_none='cache=none'}], [{@uid_eq={'uid', 0x3d, r5}}]}}) bind$inet(r2, &(0x7f00000001c0)={0x2, 0x0, @remote}, 0x10) r6 = socket(0x40000000002, 0x3, 0x2) ioctl$sock_SIOCETHTOOL(r6, 0x8946, &(0x7f0000000080)={'vlan0\x00', &(0x7f0000000000)=@ethtool_sset_info={0x17}}) poll(&(0x7f0000000180)=[{0xffffffffffffffff, 0x422}, {r1, 0x12}, {r6, 0x1400}], 0x3, 0x6) connect$inet(r2, &(0x7f0000000500)={0x2, 0x0, @broadcast}, 0x10) mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000240)='9p\x00', 0x0, &(0x7f0000000340)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2, @ANYBLOB="8000"]) 00:13:20 executing program 0: open(&(0x7f00000001c0)='./bus\x00', 0x149043, 0x0) open(&(0x7f000000fffa)='./bus\x00', 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0x40046602, &(0x7f0000000000)) r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) fcntl$setstatus(r0, 0x4, 0x46000) r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x6, &(0x7f00000004c0)=0x0) io_submit(r2, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r1, &(0x7f0000000000), 0x10000}]) r3 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r0, r3, 0x0, 0x8400fffffffb) 00:13:20 executing program 1: syz_mount_image$bfs(0x0, &(0x7f0000000240)='.\x00', 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, &(0x7f0000000000)=ANY=[@ANYBLOB="0400000000000000ffffffff0200000000000000000000000000000004000000000000000000000000000000000000000000000000000000880b0000010000000000000000000000fffffffffbffffff000000000000000000000000000000000000000000000000080000000b00000000000000000000002000000020000000000000000000000000000000000000000000000001000000030000000000000000000000070000000700"/200]) [ 301.168953][ T32] audit: type=1804 audit(1595031200.584:169): pid=9977 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir070710994/syzkaller.fFUD1Q/63/bus" dev="sda1" ino=15844 res=1 00:13:20 executing program 2: r0 = epoll_create1(0x0) syz_open_dev$midi(&(0x7f0000000000)='/dev/midi#\x00', 0x1, 0x220000) fcntl$lock(r0, 0x7, &(0x7f0000000080)={0x1}) r1 = epoll_create1(0x0) fcntl$lock(r1, 0x7, &(0x7f0000000040)={0x0, 0x0, 0x1, 0x3}) r2 = epoll_create1(0x0) fcntl$lock(r2, 0x7, &(0x7f0000000080)) [ 301.284515][ T32] audit: type=1804 audit(1595031200.644:170): pid=9977 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir070710994/syzkaller.fFUD1Q/63/bus" dev="sda1" ino=15844 res=1 [ 301.308936][ T32] audit: type=1804 audit(1595031200.674:171): pid=9977 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir070710994/syzkaller.fFUD1Q/63/bus" dev="sda1" ino=15844 res=1 00:13:20 executing program 3: syz_mount_image$btrfs(&(0x7f0000000040)='btrfs\x00', &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000380)={[{@subvolid={'subvolid'}}]}) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000200)=0x0) timer_settime(r0, 0x0, &(0x7f0000000180)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) timer_gettime(r0, &(0x7f0000000000)) 00:13:20 executing program 0: open(&(0x7f00000001c0)='./bus\x00', 0x149043, 0x0) r0 = open(&(0x7f000000fffa)='./bus\x00', 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r0, 0x40046602, 0x0) r1 = creat(&(0x7f0000000140)='./bus\x00', 0x0) fcntl$setstatus(r1, 0x4, 0x46000) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x6, &(0x7f00000004c0)=0x0) io_submit(r3, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r2, &(0x7f0000000000), 0x10000}]) r4 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r1, r4, 0x0, 0x8400fffffffb) 00:13:21 executing program 2: mkdir(&(0x7f00000009c0)='./file1\x00', 0x0) pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) write(r0, &(0x7f0000000180)='>', 0x1) ioctl$BLKSECDISCARD(r0, 0x127d, &(0x7f0000000000)=0xfe) setxattr$system_posix_acl(&(0x7f0000000580)='./file1\x00', &(0x7f00000005c0)='system.posix_acl_default\x00', &(0x7f0000000c40), 0x24, 0x0) llistxattr(&(0x7f0000000040)='./file1\x00', 0x0, 0x12) 00:13:21 executing program 1: syz_mount_image$bfs(0x0, &(0x7f00000000c0)='.\x00', 0x10001, 0xffffffffffffff4f, 0x0, 0x2188000, 0x0) umount2(&(0x7f0000000000)='./file0\x00', 0x2) r0 = socket(0x40000000002, 0x3, 0x2) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000080)={'vlan0\x00', &(0x7f0000000000)=@ethtool_sset_info={0x17}}) ioctl$sock_TIOCINQ(r0, 0x541b, &(0x7f0000000040)) 00:13:21 executing program 2: pipe(&(0x7f0000000100)={0xffffffffffffffff}) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x1, 0x803, 0x0) read$char_usb(r0, &(0x7f0000000180)=""/202, 0xca) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x7) sendmsg$nl_route(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)=@newlink={0x120, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0xf0, 0x12, 0x0, 0x1, @vlan={{0x9, 0x1, 'vlan\x00'}, {0xe0, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_EGRESS_QOS={0xa, 0x3, 0x0, 0x1, [@IFLA_VLAN_QOS_MAPPING={0xc, 0x1, {0x200, 0x3}}, @IFLA_VLAN_QOS_MAPPING={0xc, 0x1, {0xcf, 0x5}}, @IFLA_VLAN_QOS_MAPPING={0xc, 0x1, {0x0, 0x4}}, @IFLA_VLAN_QOS_MAPPING={0xc, 0x1, {0x100, 0x3}}, @IFLA_VLAN_QOS_MAPPING={0xc, 0x1, {0xffffc482, 0x56}}, @IFLA_VLAN_QOS_MAPPING={0xc, 0x1, {0xfffffffc, 0x5}}, @IFLA_VLAN_QOS_MAPPING={0xc, 0x1, {0x2, 0x9}}, @IFLA_VLAN_QOS_MAPPING={0xc, 0x1, {0x20, 0x3}}, @IFLA_VLAN_QOS_MAPPING={0xc, 0x1, {0x0, 0x5}}]}, @IFLA_VLAN_EGRESS_QOS={0x64, 0x3, 0x0, 0x1, [@IFLA_VLAN_QOS_MAPPING={0xc, 0x1, {0x3ac0, 0x5ab}}, @IFLA_VLAN_QOS_MAPPING={0xc, 0x1, {0x40, 0x5}}, @IFLA_VLAN_QOS_MAPPING={0xc, 0x1, {0x6, 0x80000000}}, @IFLA_VLAN_QOS_MAPPING={0xc, 0x1, {0x800, 0x80000000}}, @IFLA_VLAN_QOS_MAPPING={0xc, 0x1, {0xfff, 0x3}}, @IFLA_VLAN_QOS_MAPPING={0xc, 0x1, {0x3, 0x401}}, @IFLA_VLAN_QOS_MAPPING={0xc, 0x1, {0xffffffff, 0x1}}, @IFLA_VLAN_QOS_MAPPING={0xc, 0x1, {0x8, 0x7ff}}]}]}}}, @IFLA_LINK={0x8, 0x5, r3}, @IFLA_MASTER={0x8, 0xa, r3}]}, 0x120}}, 0x0) 00:13:21 executing program 0: open(&(0x7f00000001c0)='./bus\x00', 0x149043, 0x0) r0 = open(&(0x7f000000fffa)='./bus\x00', 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r0, 0x40046602, 0x0) r1 = creat(&(0x7f0000000140)='./bus\x00', 0x0) fcntl$setstatus(r1, 0x4, 0x46000) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x6, &(0x7f00000004c0)=0x0) io_submit(r3, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r2, &(0x7f0000000000), 0x10000}]) r4 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r1, r4, 0x0, 0x8400fffffffb) 00:13:21 executing program 1: syz_mount_image$bfs(0x0, &(0x7f0000000240)='.\x00', 0x6, 0x0, 0x0, 0x201000, 0x0) get_mempolicy(&(0x7f0000000000), &(0x7f0000000040), 0x4, &(0x7f0000ffd000/0x3000)=nil, 0x6) [ 302.200316][T10009] netlink: 200 bytes leftover after parsing attributes in process `syz-executor.2'. [ 302.210120][T10009] netlink: 6 bytes leftover after parsing attributes in process `syz-executor.2'. 00:13:21 executing program 0: open(&(0x7f00000001c0)='./bus\x00', 0x149043, 0x0) r0 = open(&(0x7f000000fffa)='./bus\x00', 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r0, 0x40046602, 0x0) r1 = creat(&(0x7f0000000140)='./bus\x00', 0x0) fcntl$setstatus(r1, 0x4, 0x46000) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x6, &(0x7f00000004c0)=0x0) io_submit(r3, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r2, &(0x7f0000000000), 0x10000}]) r4 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r1, r4, 0x0, 0x8400fffffffb) 00:13:22 executing program 1: syz_mount_image$bfs(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 00:13:22 executing program 0: open(&(0x7f00000001c0)='./bus\x00', 0x149043, 0x0) r0 = open(&(0x7f000000fffa)='./bus\x00', 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r0, 0x40046602, &(0x7f0000000000)) r1 = creat(0x0, 0x0) fcntl$setstatus(r1, 0x4, 0x46000) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x6, &(0x7f00000004c0)=0x0) io_submit(r3, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r2, &(0x7f0000000000), 0x10000}]) r4 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r1, r4, 0x0, 0x8400fffffffb) 00:13:22 executing program 2: pipe(&(0x7f0000000100)={0xffffffffffffffff}) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x1, 0x803, 0x0) read$char_usb(r0, &(0x7f0000000180)=""/202, 0xca) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x7) sendmsg$nl_route(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)=@newlink={0x120, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0xf0, 0x12, 0x0, 0x1, @vlan={{0x9, 0x1, 'vlan\x00'}, {0xe0, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_EGRESS_QOS={0xa, 0x3, 0x0, 0x1, [@IFLA_VLAN_QOS_MAPPING={0xc, 0x1, {0x200, 0x3}}, @IFLA_VLAN_QOS_MAPPING={0xc, 0x1, {0xcf, 0x5}}, @IFLA_VLAN_QOS_MAPPING={0xc, 0x1, {0x0, 0x4}}, @IFLA_VLAN_QOS_MAPPING={0xc, 0x1, {0x100, 0x3}}, @IFLA_VLAN_QOS_MAPPING={0xc, 0x1, {0xffffc482, 0x56}}, @IFLA_VLAN_QOS_MAPPING={0xc, 0x1, {0xfffffffc, 0x5}}, @IFLA_VLAN_QOS_MAPPING={0xc, 0x1, {0x2, 0x9}}, @IFLA_VLAN_QOS_MAPPING={0xc, 0x1, {0x20, 0x3}}, @IFLA_VLAN_QOS_MAPPING={0xc, 0x1, {0x0, 0x5}}]}, @IFLA_VLAN_EGRESS_QOS={0x64, 0x3, 0x0, 0x1, [@IFLA_VLAN_QOS_MAPPING={0xc, 0x1, {0x3ac0, 0x5ab}}, @IFLA_VLAN_QOS_MAPPING={0xc, 0x1, {0x40, 0x5}}, @IFLA_VLAN_QOS_MAPPING={0xc, 0x1, {0x6, 0x80000000}}, @IFLA_VLAN_QOS_MAPPING={0xc, 0x1, {0x800, 0x80000000}}, @IFLA_VLAN_QOS_MAPPING={0xc, 0x1, {0xfff, 0x3}}, @IFLA_VLAN_QOS_MAPPING={0xc, 0x1, {0x3, 0x401}}, @IFLA_VLAN_QOS_MAPPING={0xc, 0x1, {0xffffffff, 0x1}}, @IFLA_VLAN_QOS_MAPPING={0xc, 0x1, {0x8, 0x7ff}}]}]}}}, @IFLA_LINK={0x8, 0x5, r3}, @IFLA_MASTER={0x8, 0xa, r3}]}, 0x120}}, 0x0) 00:13:22 executing program 0: open(&(0x7f00000001c0)='./bus\x00', 0x149043, 0x0) r0 = open(&(0x7f000000fffa)='./bus\x00', 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r0, 0x40046602, &(0x7f0000000000)) r1 = creat(0x0, 0x0) fcntl$setstatus(r1, 0x4, 0x46000) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x6, &(0x7f00000004c0)=0x0) io_submit(r3, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r2, &(0x7f0000000000), 0x10000}]) r4 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r1, r4, 0x0, 0x8400fffffffb) [ 303.377848][T10037] netlink: 200 bytes leftover after parsing attributes in process `syz-executor.2'. [ 303.387823][T10037] netlink: 6 bytes leftover after parsing attributes in process `syz-executor.2'. 00:13:23 executing program 3: r0 = socket(0x40000000002, 0x3, 0x2) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000080)={'vlan0\x00', &(0x7f0000000000)=@ethtool_sset_info={0x17}}) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r1, 0x84, 0x6e, &(0x7f0000000080)=[@in={0x2, 0x0, @dev}], 0x10) r2 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r2, 0x84, 0x6e, &(0x7f0000000180)=[@in6={0xa, 0x0, 0x0, @dev, 0xc}], 0x1c) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r2, 0x84, 0x1d, &(0x7f0000000040)={0x1, [0x0]}, &(0x7f000095dffc)=0x8) setsockopt$inet_sctp6_SCTP_RTOINFO(r1, 0x84, 0x0, &(0x7f0000000040)={r3, 0x1}, 0x10) getsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r0, 0x84, 0x72, &(0x7f00000000c0)={r3, 0x0, 0x30}, &(0x7f0000000100)=0xc) r4 = openat$vcsu(0xffffff9c, &(0x7f00000001c0)='/dev/vcsu\x00', 0x20000, 0x0) read$midi(r4, &(0x7f0000000200)=""/165, 0xa5) r5 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="60000000300001000000004c000100480001000c000100736b6265646974e138000280180002000000000000000000000000000000000000000000040006000c00090060000000000000000c0008000000000000000000"], 0x60}}, 0x0) pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) write(r6, &(0x7f0000000180)='>', 0x1) ioctl$VIDIOC_DBG_G_REGISTER(r6, 0xc0385650, &(0x7f0000000140)={{0x2, @addr=0x1ff}, 0x8, 0x80, 0x4}) 00:13:23 executing program 1: r0 = socket(0x40000000002, 0x3, 0x2) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000080)={'vlan0\x00', &(0x7f0000000000)=@ethtool_sset_info={0x17}}) getsockopt$inet_mreq(r0, 0x0, 0x23, &(0x7f0000000000)={@loopback, @local}, &(0x7f0000000040)=0x8) r1 = socket(0x40000000002, 0x3, 0x2) ioctl$sock_SIOCETHTOOL(r1, 0x8946, &(0x7f0000000080)={'vlan0\x00', &(0x7f0000000000)=@ethtool_sset_info={0x17}}) getsockname$l2tp6(r1, &(0x7f00000000c0)={0xa, 0x0, 0x0, @ipv4}, &(0x7f0000000100)=0x20) syz_mount_image$bfs(0x0, &(0x7f0000000240)='.\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 00:13:23 executing program 0: open(&(0x7f00000001c0)='./bus\x00', 0x149043, 0x0) r0 = open(&(0x7f000000fffa)='./bus\x00', 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r0, 0x40046602, &(0x7f0000000000)) r1 = creat(0x0, 0x0) fcntl$setstatus(r1, 0x4, 0x46000) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x6, &(0x7f00000004c0)=0x0) io_submit(r3, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r2, &(0x7f0000000000), 0x10000}]) r4 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r1, r4, 0x0, 0x8400fffffffb) 00:13:23 executing program 2: pipe(&(0x7f0000000100)={0xffffffffffffffff}) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x1, 0x803, 0x0) read$char_usb(r0, &(0x7f0000000180)=""/202, 0xca) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x7) sendmsg$nl_route(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)=@newlink={0x120, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0xf0, 0x12, 0x0, 0x1, @vlan={{0x9, 0x1, 'vlan\x00'}, {0xe0, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_EGRESS_QOS={0xa, 0x3, 0x0, 0x1, [@IFLA_VLAN_QOS_MAPPING={0xc, 0x1, {0x200, 0x3}}, @IFLA_VLAN_QOS_MAPPING={0xc, 0x1, {0xcf, 0x5}}, @IFLA_VLAN_QOS_MAPPING={0xc, 0x1, {0x0, 0x4}}, @IFLA_VLAN_QOS_MAPPING={0xc, 0x1, {0x100, 0x3}}, @IFLA_VLAN_QOS_MAPPING={0xc, 0x1, {0xffffc482, 0x56}}, @IFLA_VLAN_QOS_MAPPING={0xc, 0x1, {0xfffffffc, 0x5}}, @IFLA_VLAN_QOS_MAPPING={0xc, 0x1, {0x2, 0x9}}, @IFLA_VLAN_QOS_MAPPING={0xc, 0x1, {0x20, 0x3}}, @IFLA_VLAN_QOS_MAPPING={0xc, 0x1, {0x0, 0x5}}]}, @IFLA_VLAN_EGRESS_QOS={0x64, 0x3, 0x0, 0x1, [@IFLA_VLAN_QOS_MAPPING={0xc, 0x1, {0x3ac0, 0x5ab}}, @IFLA_VLAN_QOS_MAPPING={0xc, 0x1, {0x40, 0x5}}, @IFLA_VLAN_QOS_MAPPING={0xc, 0x1, {0x6, 0x80000000}}, @IFLA_VLAN_QOS_MAPPING={0xc, 0x1, {0x800, 0x80000000}}, @IFLA_VLAN_QOS_MAPPING={0xc, 0x1, {0xfff, 0x3}}, @IFLA_VLAN_QOS_MAPPING={0xc, 0x1, {0x3, 0x401}}, @IFLA_VLAN_QOS_MAPPING={0xc, 0x1, {0xffffffff, 0x1}}, @IFLA_VLAN_QOS_MAPPING={0xc, 0x1, {0x8, 0x7ff}}]}]}}}, @IFLA_LINK={0x8, 0x5, r3}, @IFLA_MASTER={0x8, 0xa, r3}]}, 0x120}}, 0x0) [ 304.716574][T10060] netlink: 200 bytes leftover after parsing attributes in process `syz-executor.2'. [ 304.726690][T10060] netlink: 6 bytes leftover after parsing attributes in process `syz-executor.2'. [ 304.749602][ T32] kauditd_printk_skb: 13 callbacks suppressed [ 304.749661][ T32] audit: type=1804 audit(1595031204.165:185): pid=10057 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir070710994/syzkaller.fFUD1Q/69/bus" dev="sda1" ino=15859 res=1 00:13:24 executing program 1: syz_mount_image$bfs(0x0, &(0x7f0000000040)='./file0/file0\x00', 0x0, 0x0, 0x0, 0x5a081, 0x0) pipe(&(0x7f0000000080)={0xffffffffffffffff}) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000280)={0x26, 'hash\x00', 0x0, 0x0, 'tgr192-generic\x00'}, 0x58) r2 = accept4(r1, 0x0, 0x0, 0x0) splice(r0, 0x0, r2, 0x0, 0x80000001, 0x0) pipe(&(0x7f0000000080)={0xffffffffffffffff}) r4 = socket$alg(0x26, 0x5, 0x0) bind$alg(r4, &(0x7f0000000280)={0x26, 'hash\x00', 0x0, 0x0, 'tgr192-generic\x00'}, 0x58) r5 = accept4(r4, 0x0, 0x0, 0x0) splice(r3, 0x0, r5, 0x0, 0x80000001, 0x0) pipe(&(0x7f0000000080)={0xffffffffffffffff}) r7 = socket$alg(0x26, 0x5, 0x0) bind$alg(r7, &(0x7f0000000280)={0x26, 'hash\x00', 0x0, 0x0, 'tgr192-generic\x00'}, 0x58) r8 = accept4(r7, 0x0, 0x0, 0x0) splice(r6, 0x0, r8, 0x0, 0x80000001, 0x0) pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) write(r9, &(0x7f0000000180)='>', 0x1) renameat(r3, &(0x7f0000000100)='./file0/file0/file0\x00', r9, &(0x7f00000000c0)='./file0/file0/file0\x00') [ 304.882276][ T32] audit: type=1804 audit(1595031204.205:186): pid=10057 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir070710994/syzkaller.fFUD1Q/69/bus" dev="sda1" ino=15859 res=1 00:13:24 executing program 0: open(&(0x7f00000001c0)='./bus\x00', 0x149043, 0x0) r0 = open(&(0x7f000000fffa)='./bus\x00', 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r0, 0x40046602, &(0x7f0000000000)) r1 = creat(&(0x7f0000000140)='./bus\x00', 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x46000) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x6, &(0x7f00000004c0)=0x0) io_submit(r3, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r2, &(0x7f0000000000), 0x10000}]) r4 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r1, r4, 0x0, 0x8400fffffffb) [ 305.063227][T10068] netlink: 76 bytes leftover after parsing attributes in process `syz-executor.3'. [ 305.290644][ T32] audit: type=1804 audit(1595031204.705:187): pid=10075 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir070710994/syzkaller.fFUD1Q/70/bus" dev="sda1" ino=15862 res=1 [ 305.315152][ T32] audit: type=1804 audit(1595031204.705:188): pid=10075 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir070710994/syzkaller.fFUD1Q/70/bus" dev="sda1" ino=15862 res=1 [ 305.339895][ T32] audit: type=1804 audit(1595031204.705:189): pid=10075 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir070710994/syzkaller.fFUD1Q/70/bus" dev="sda1" ino=15862 res=1 00:13:24 executing program 0: open(&(0x7f00000001c0)='./bus\x00', 0x149043, 0x0) r0 = open(&(0x7f000000fffa)='./bus\x00', 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r0, 0x40046602, &(0x7f0000000000)) r1 = creat(&(0x7f0000000140)='./bus\x00', 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x46000) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x6, &(0x7f00000004c0)=0x0) io_submit(r3, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r2, &(0x7f0000000000), 0x10000}]) r4 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r1, r4, 0x0, 0x8400fffffffb) 00:13:25 executing program 2: r0 = creat(&(0x7f0000000100)='./file0\x00', 0x20005d) write$binfmt_elf64(r0, &(0x7f0000000000)=ANY=[@ANYBLOB="7f454c31000000000000000002003e00456d7a8a0000000000000000400000000000006bc20000000100000000000000000038000200000000"], 0x78) uselib(&(0x7f0000000180)='./file0\x00') [ 305.717671][T10086] netlink: 76 bytes leftover after parsing attributes in process `syz-executor.3'. [ 305.748088][ T32] audit: type=1804 audit(1595031205.165:190): pid=10085 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir070710994/syzkaller.fFUD1Q/71/bus" dev="sda1" ino=15863 res=1 [ 305.775968][T10067] syz-executor.3 (10067) used greatest stack depth: 4248 bytes left [ 305.926976][ T32] audit: type=1804 audit(1595031205.195:191): pid=10085 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir070710994/syzkaller.fFUD1Q/71/bus" dev="sda1" ino=15863 res=1 [ 305.951524][ T32] audit: type=1804 audit(1595031205.195:192): pid=10085 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir070710994/syzkaller.fFUD1Q/71/bus" dev="sda1" ino=15863 res=1 00:13:25 executing program 3: r0 = socket(0x40000000002, 0x3, 0x2) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000080)={'vlan0\x00', &(0x7f0000000000)=@ethtool_sset_info={0x17}}) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r1, 0x84, 0x6e, &(0x7f0000000080)=[@in={0x2, 0x0, @dev}], 0x10) r2 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r2, 0x84, 0x6e, &(0x7f0000000180)=[@in6={0xa, 0x0, 0x0, @dev, 0xc}], 0x1c) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r2, 0x84, 0x1d, &(0x7f0000000040)={0x1, [0x0]}, &(0x7f000095dffc)=0x8) setsockopt$inet_sctp6_SCTP_RTOINFO(r1, 0x84, 0x0, &(0x7f0000000040)={r3, 0x1}, 0x10) getsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r0, 0x84, 0x72, &(0x7f00000000c0)={r3, 0x0, 0x30}, &(0x7f0000000100)=0xc) r4 = openat$vcsu(0xffffff9c, &(0x7f00000001c0)='/dev/vcsu\x00', 0x20000, 0x0) read$midi(r4, &(0x7f0000000200)=""/165, 0xa5) r5 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="60000000300001000000004c000100480001000c000100736b6265646974e138000280180002000000000000000000000000000000000000000000040006000c00090060000000000000000c0008000000000000000000"], 0x60}}, 0x0) pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) write(r6, &(0x7f0000000180)='>', 0x1) ioctl$VIDIOC_DBG_G_REGISTER(r6, 0xc0385650, &(0x7f0000000140)={{0x2, @addr=0x1ff}, 0x8, 0x80, 0x4}) [ 305.977036][ T32] audit: type=1804 audit(1595031205.295:193): pid=10089 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir479684680/syzkaller.ZuIpEt/26/file0" dev="sda1" ino=15867 res=1 [ 306.002117][ T32] audit: type=1804 audit(1595031205.315:194): pid=10090 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir479684680/syzkaller.ZuIpEt/26/file0" dev="sda1" ino=15867 res=1 00:13:25 executing program 0: open(&(0x7f00000001c0)='./bus\x00', 0x149043, 0x0) r0 = open(&(0x7f000000fffa)='./bus\x00', 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r0, 0x40046602, &(0x7f0000000000)) r1 = creat(&(0x7f0000000140)='./bus\x00', 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x46000) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x6, &(0x7f00000004c0)=0x0) io_submit(r3, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r2, &(0x7f0000000000), 0x10000}]) r4 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r1, r4, 0x0, 0x8400fffffffb) 00:13:25 executing program 2: r0 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_inet_SIOCSIFADDR(r0, 0x8916, &(0x7f0000000280)={'bond_slave_0\x00', {0x2, 0x0, @broadcast}}) ioctl$sock_inet_SIOCSIFADDR(r0, 0x8916, &(0x7f0000000000)={'bond_slave_0\x00', {0x2, 0x0, @loopback}}) creat(&(0x7f0000000040)='./file0\x00', 0x80) 00:13:25 executing program 1: syz_mount_image$bfs(0x0, &(0x7f0000000000)='.\x00', 0xfbfffffe, 0x0, 0x0, 0x0, 0x0) r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='smaps\x00') setsockopt$inet_sctp_SCTP_RECVNXTINFO(r0, 0x84, 0x21, &(0x7f0000000080)=0x9, 0x4) 00:13:26 executing program 1: syz_mount_image$bfs(0x0, &(0x7f0000000240)='.\x00', 0x0, 0x0, 0x0, 0x0, 0x0) getsockopt$inet_sctp_SCTP_CONTEXT(0xffffffffffffffff, 0x84, 0x11, &(0x7f0000000000)={0x0, 0x3ff}, &(0x7f0000000040)=0x8) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, &(0x7f0000000100)={r0, 0x58, &(0x7f0000000080)=[@in6={0xa, 0x4e24, 0xfffffff9, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0xffff8000}, @in6={0xa, 0x4e21, 0x81, @loopback, 0x7fffffff}, @in={0x2, 0x4e20, @multicast1}, @in={0x2, 0x4e24, @loopback}]}, &(0x7f0000000140)=0xc) r1 = socket(0x40000000002, 0x3, 0x2) ioctl$sock_SIOCETHTOOL(r1, 0x8946, &(0x7f0000000080)={'vlan0\x00', &(0x7f0000000000)=@ethtool_sset_info={0x17}}) getsockopt$inet_sctp6_SCTP_NODELAY(r1, 0x84, 0x3, &(0x7f0000000180), &(0x7f00000001c0)=0x4) [ 307.225267][T10110] netlink: 76 bytes leftover after parsing attributes in process `syz-executor.3'. 00:13:26 executing program 0: open(&(0x7f00000001c0)='./bus\x00', 0x149043, 0x0) r0 = open(&(0x7f000000fffa)='./bus\x00', 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r0, 0x40046602, &(0x7f0000000000)) r1 = creat(&(0x7f0000000140)='./bus\x00', 0x0) fcntl$setstatus(r1, 0x4, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x6, &(0x7f00000004c0)=0x0) io_submit(r3, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r2, &(0x7f0000000000), 0x10000}]) r4 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r1, r4, 0x0, 0x8400fffffffb) 00:13:26 executing program 4: r0 = pidfd_getfd(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PPPIOCSFLAGS(r0, 0x40047459, &(0x7f0000000000)=0x1457010) r1 = socket$xdp(0x2c, 0x3, 0x0) recvmsg(r1, &(0x7f00000005c0)={&(0x7f0000000040)=@pptp={0x18, 0x2, {0x0, @remote}}, 0x80, &(0x7f0000000500)=[{&(0x7f00000000c0)=""/186, 0xba}, {&(0x7f0000000180)=""/238, 0xee}, {&(0x7f0000000280)=""/158, 0x9e}, {&(0x7f0000000340)=""/232, 0xe8}, {&(0x7f0000000440)=""/124, 0x7c}, {&(0x7f00000004c0)=""/20, 0x14}], 0x6, &(0x7f0000000540)=""/102, 0x66}, 0x20) syz_mount_image$hfsplus(&(0x7f0000000600)='hfsplus\x00', &(0x7f0000000640)='./file0\x00', 0x7f00000, 0x0, 0xffffffffffffffff, 0x880, &(0x7f0000000680)={[{@barrier='barrier'}]}) fallocate(r0, 0x1, 0x8, 0x10001) ioctl$F2FS_IOC_MOVE_RANGE(0xffffffffffffffff, 0xc01cf509, &(0x7f00000006c0)={0xffffffffffffffff, 0x9000000, 0x3ff, 0xffffffff}) write$FUSE_BMAP(r2, &(0x7f0000000700)={0x18, 0x0, 0x3, {0x8}}, 0x18) r3 = openat$null(0xffffff9c, &(0x7f0000000740)='/dev/null\x00', 0x127100, 0x0) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f00000007c0)='nl80211\x00') sendmsg$NL80211_CMD_GET_INTERFACE(r3, &(0x7f0000000880)={&(0x7f0000000780)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000840)={&(0x7f0000000800)={0x34, r4, 0x0, 0x70bd29, 0x25dfdbfe, {}, [@NL80211_ATTR_WDEV={0xc, 0x99, {0x2}}, @NL80211_ATTR_WIPHY={0x8, 0x1, 0xffffffffffffffff}, @NL80211_ATTR_WDEV={0xc, 0x99, {0x7fffffff, 0x1}}]}, 0x34}}, 0x24000001) r5 = inotify_init() signalfd(r5, &(0x7f00000008c0)={[0x80000000, 0x400]}, 0x8) r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000940)='nl80211\x00') sendmsg$NL80211_CMD_NEW_STATION(r3, &(0x7f0000000a00)={&(0x7f0000000900)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, r6, 0x10, 0x70bd25, 0x25dfdbfc, {}, [@NL80211_ATTR_WDEV={0xc, 0x99, {0x9, 0x3}}]}, 0x20}, 0x1, 0x0, 0x0, 0x8000}, 0x4c000) r7 = openat$qat_adf_ctl(0xffffff9c, &(0x7f0000000a40)='/dev/qat_adf_ctl\x00', 0x400080, 0x0) ioctl$SNAPSHOT_AVAIL_SWAP_SIZE(r7, 0x80083313, &(0x7f0000000a80)) getsockopt$IPT_SO_GET_ENTRIES(r2, 0x0, 0x41, &(0x7f0000000ac0)={'filter\x00', 0x42, "23f0c1c272e3b533ec23f8c98cdb9abf0d184b0d65a439088a6575dde566c7fa554d046671beb2f47d92e39555bac747b0c8becce7d2bec367afd4ae5ec30502c82a"}, &(0x7f0000000b40)=0x66) r8 = open(&(0x7f0000000b80)='./file0\x00', 0x54f31fc9a12c69b0, 0x1) sendmsg$GTP_CMD_GETPDP(r8, &(0x7f0000000c80)={&(0x7f0000000bc0)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000c40)={&(0x7f0000000c00)={0x1c, 0x0, 0x10, 0x70bd29, 0x25dfdbff, {}, [@GTPA_FLOW={0x6}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4040855}, 0x24000811) 00:13:27 executing program 3: r0 = socket(0x40000000002, 0x3, 0x2) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000080)={'vlan0\x00', &(0x7f0000000000)=@ethtool_sset_info={0x17}}) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r1, 0x84, 0x6e, &(0x7f0000000080)=[@in={0x2, 0x0, @dev}], 0x10) r2 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r2, 0x84, 0x6e, &(0x7f0000000180)=[@in6={0xa, 0x0, 0x0, @dev, 0xc}], 0x1c) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r2, 0x84, 0x1d, &(0x7f0000000040)={0x1, [0x0]}, &(0x7f000095dffc)=0x8) setsockopt$inet_sctp6_SCTP_RTOINFO(r1, 0x84, 0x0, &(0x7f0000000040)={r3, 0x1}, 0x10) getsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r0, 0x84, 0x72, &(0x7f00000000c0)={r3, 0x0, 0x30}, &(0x7f0000000100)=0xc) r4 = openat$vcsu(0xffffff9c, &(0x7f00000001c0)='/dev/vcsu\x00', 0x20000, 0x0) read$midi(r4, &(0x7f0000000200)=""/165, 0xa5) r5 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="60000000300001000000004c000100480001000c000100736b6265646974e138000280180002000000000000000000000000000000000000000000040006000c00090060000000000000000c0008000000000000000000"], 0x60}}, 0x0) pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) write(r6, &(0x7f0000000180)='>', 0x1) ioctl$VIDIOC_DBG_G_REGISTER(r6, 0xc0385650, &(0x7f0000000140)={{0x2, @addr=0x1ff}, 0x8, 0x80, 0x4}) 00:13:27 executing program 0: open(&(0x7f00000001c0)='./bus\x00', 0x149043, 0x0) r0 = open(&(0x7f000000fffa)='./bus\x00', 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r0, 0x40046602, &(0x7f0000000000)) r1 = creat(&(0x7f0000000140)='./bus\x00', 0x0) fcntl$setstatus(r1, 0x4, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x6, &(0x7f00000004c0)=0x0) io_submit(r3, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r2, &(0x7f0000000000), 0x10000}]) r4 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r1, r4, 0x0, 0x8400fffffffb) 00:13:27 executing program 2: pipe(&(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) write$FUSE_NOTIFY_POLL(r1, &(0x7f0000000000)={0x18}, 0x11) write$P9_RRENAME(r1, &(0x7f00000002c0)={0x7, 0x15, 0x1}, 0x7) pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000180)='>', 0x1) ioctl$VIDIOC_QUERYBUF(r2, 0xc04c5609, &(0x7f00000001c0)={0xae60, 0x7, 0x4, 0x2000, 0x4bfb, {0x77359400}, {0x1, 0x8, 0x3, 0x80, 0x7, 0xae, "9aa4aff1"}, 0x8, 0x4, @offset=0x5}) r3 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000340)='/dev/cuse\x00', 0x2, 0x0) vmsplice(r1, &(0x7f0000000040)=[{&(0x7f0000000400)="f6", 0x1}], 0x1, 0x0) r4 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x0, 0x0) ioctl$KVM_INTERRUPT(0xffffffffffffffff, 0x4004ae86, &(0x7f00000000c0)=0x3ff) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x300000d, 0x13, r4, 0x0) write$FUSE_NOTIFY_DELETE(r1, &(0x7f0000000380)=ANY=[], 0x6) pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) write(r5, &(0x7f0000000180)='>', 0x1) ioctl$VIDIOC_DQBUF(r1, 0xc04c5611, &(0x7f0000000240)={0x1ff, 0x8, 0x4, 0x70000, 0x7fffffff, {0x0, 0xea60}, {0x2, 0x8, 0x5, 0x0, 0x8, 0x1, "8876f6d7"}, 0x2, 0x2, @fd=r5, 0x3ff}) splice(r6, 0x0, r3, 0x0, 0x10001b, 0x19) bpf$OBJ_PIN_MAP(0x6, &(0x7f0000000140)={&(0x7f0000000100)='./file0\x00', r0}, 0x10) [ 308.350674][T10132] netlink: 76 bytes leftover after parsing attributes in process `syz-executor.3'. [ 308.393649][T10131] IPVS: ftp: loaded support on port[0] = 21 00:13:27 executing program 1: pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f0000000280)={0x26, 'hash\x00', 0x0, 0x0, 'tgr192-generic\x00'}, 0x58) r3 = accept4(r2, 0x0, 0x0, 0x0) r4 = socket(0x40000000002, 0x3, 0x2) r5 = socket$alg(0x26, 0x5, 0x0) bind$alg(r5, &(0x7f0000000280)={0x26, 'hash\x00', 0x0, 0x0, 'tgr192-generic\x00'}, 0x58) r6 = accept4(r5, 0x0, 0x0, 0x0) splice(0xffffffffffffffff, 0x0, r6, 0x0, 0x80000001, 0x0) write$FUSE_NOTIFY_INVAL_INODE(0xffffffffffffffff, &(0x7f0000000200)={0x28, 0x2, 0x0, {0x3, 0x1, 0xfffffffffffffc01}}, 0x28) ioctl$sock_SIOCETHTOOL(r4, 0x8946, &(0x7f0000000080)={'geneve0\x00', &(0x7f0000000140)=@ethtool_rxfh={0x46, 0x1, 0xbc, 0xfff, 0x81, "abdb9c", 0x8000, [0xfff, 0x0, 0xa9, 0xfffffffc, 0x7, 0xffff, 0x8000, 0x6, 0x8]}}) getsockopt$IP_SET_OP_GET_FNAME(r4, 0x1, 0x53, &(0x7f0000000000)={0x8, 0x7, 0x0, 'syz2\x00'}, &(0x7f0000000040)=0x2c) splice(r0, 0x0, r3, 0x0, 0x80000001, 0x0) syz_mount_image$bfs(0x0, &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$SNDRV_PCM_IOCTL_DELAY(r1, 0x80044121, &(0x7f0000000100)) r7 = socket(0x40000000002, 0x3, 0x2) ioctl$sock_SIOCETHTOOL(r7, 0x8946, &(0x7f0000000080)={'vlan0\x00', &(0x7f0000000000)=@ethtool_sset_info={0x17}}) ioctl$sock_SIOCETHTOOL(r7, 0x8946, &(0x7f00000001c0)={'ip6tnl0\x00', &(0x7f0000000180)=@ethtool_stats={0x1d, 0x1, [0x5]}}) getpid() 00:13:28 executing program 0: open(&(0x7f00000001c0)='./bus\x00', 0x149043, 0x0) r0 = open(&(0x7f000000fffa)='./bus\x00', 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r0, 0x40046602, &(0x7f0000000000)) r1 = creat(&(0x7f0000000140)='./bus\x00', 0x0) fcntl$setstatus(r1, 0x4, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x6, &(0x7f00000004c0)=0x0) io_submit(r3, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r2, &(0x7f0000000000), 0x10000}]) r4 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r1, r4, 0x0, 0x8400fffffffb) [ 308.899201][T10131] chnl_net:caif_netlink_parms(): no params data found 00:13:28 executing program 2: r0 = socket$inet(0x2, 0x3, 0x3) setsockopt$inet_opts(r0, 0x0, 0x4, &(0x7f00006cdffb)="8907040000", 0x5) sendmmsg(r0, &(0x7f00000019c0)=[{{&(0x7f00000000c0)=@in={0x2, 0x0, @multicast1}, 0x80, 0x0}}, {{&(0x7f0000000000)=@l2tp6={0x2, 0x0, 0x0, @loopback}, 0x80, 0x0}}], 0x2, 0x0) 00:13:28 executing program 3: r0 = socket(0x40000000002, 0x3, 0x2) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000080)={'vlan0\x00', &(0x7f0000000000)=@ethtool_sset_info={0x17}}) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r1, 0x84, 0x6e, &(0x7f0000000080)=[@in={0x2, 0x0, @dev}], 0x10) r2 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r2, 0x84, 0x6e, &(0x7f0000000180)=[@in6={0xa, 0x0, 0x0, @dev, 0xc}], 0x1c) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r2, 0x84, 0x1d, &(0x7f0000000040)={0x1, [0x0]}, &(0x7f000095dffc)=0x8) setsockopt$inet_sctp6_SCTP_RTOINFO(r1, 0x84, 0x0, &(0x7f0000000040)={r3, 0x1}, 0x10) getsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r0, 0x84, 0x72, &(0x7f00000000c0)={r3, 0x0, 0x30}, &(0x7f0000000100)=0xc) r4 = openat$vcsu(0xffffff9c, &(0x7f00000001c0)='/dev/vcsu\x00', 0x20000, 0x0) read$midi(r4, &(0x7f0000000200)=""/165, 0xa5) r5 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="60000000300001000000004c000100480001000c000100736b6265646974e138000280180002000000000000000000000000000000000000000000040006000c00090060000000000000000c0008000000000000000000"], 0x60}}, 0x0) pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) write(r6, &(0x7f0000000180)='>', 0x1) ioctl$VIDIOC_DBG_G_REGISTER(r6, 0xc0385650, &(0x7f0000000140)={{0x2, @addr=0x1ff}, 0x8, 0x80, 0x4}) [ 309.219479][T10131] bridge0: port 1(bridge_slave_0) entered blocking state [ 309.226847][T10131] bridge0: port 1(bridge_slave_0) entered disabled state [ 309.236625][T10131] device bridge_slave_0 entered promiscuous mode 00:13:28 executing program 0: open(&(0x7f00000001c0)='./bus\x00', 0x149043, 0x0) r0 = open(&(0x7f000000fffa)='./bus\x00', 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r0, 0x40046602, &(0x7f0000000000)) r1 = creat(&(0x7f0000000140)='./bus\x00', 0x0) fcntl$setstatus(r1, 0x4, 0x46000) r2 = creat(0x0, 0x0) io_setup(0x6, &(0x7f00000004c0)=0x0) io_submit(r3, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r2, &(0x7f0000000000), 0x10000}]) r4 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r1, r4, 0x0, 0x8400fffffffb) [ 309.317569][T10131] bridge0: port 2(bridge_slave_1) entered blocking state [ 309.324932][T10131] bridge0: port 2(bridge_slave_1) entered disabled state [ 309.334579][T10131] device bridge_slave_1 entered promiscuous mode 00:13:28 executing program 2: r0 = socket(0x40000000002, 0x3, 0x2) r1 = socket(0x40000000002, 0x3, 0x2) ioctl$sock_SIOCETHTOOL(r1, 0x8946, &(0x7f0000000080)={'vlan0\x00', &(0x7f0000000000)=@ethtool_sset_info={0x17}}) accept4(r1, &(0x7f0000000280)=@nfc, &(0x7f0000000040)=0x80, 0x800) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000080)={'vlan0\x00', &(0x7f0000000000)=@ethtool_sset_info={0x17}}) bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x10, 0x4, &(0x7f0000000340)=ANY=[@ANYBLOB="a05329e7105de2d45f20486010483b66145b029229f9640f854f1dd2f8612d3cab77411792de989bfb8c4c18c409cb8ccb6a73f4f20115099178222181f2f951db9157931643daec86f67317e6ff43c7a3266deb65160d6449e7694c09b025c3680d857e96a4476c8a78090f41ab9e6341ae286a8127c71bc83dbbc50c8948af4f948295161ab7db25565da1b27cdd92606a3edc476b222d2613623bed6ec4a74b97af124de9b28c9a80bf996f326e6d27b908df66a24ad12a482d6e540a41414e4a302e46875cbbda7fb6"], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x2e], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x74) chmod(&(0x7f00000000c0)='./file0\x00', 0x10) [ 309.520466][T10131] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 309.583483][T10131] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 309.697400][T10287] netlink: 76 bytes leftover after parsing attributes in process `syz-executor.3'. 00:13:29 executing program 1: pipe(&(0x7f0000000080)={0xffffffffffffffff}) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000280)={0x26, 'hash\x00', 0x0, 0x0, 'tgr192-generic\x00'}, 0x58) r2 = accept4(r1, 0x0, 0x0, 0x0) splice(r0, 0x0, r2, 0x0, 0x80000001, 0x0) ioctl$TIOCGLCKTRMIOS(r0, 0x5456, &(0x7f0000000000)={0x7, 0xc2a, 0x7fff, 0x200, 0x19, "cfeceb8a844a74fb571b24ab07a06487a819c5"}) syz_mount_image$bfs(0x0, &(0x7f0000000240)='.\x00', 0x4, 0x0, 0x0, 0x800000, 0x0) 00:13:29 executing program 0: open(&(0x7f00000001c0)='./bus\x00', 0x149043, 0x0) r0 = open(&(0x7f000000fffa)='./bus\x00', 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r0, 0x40046602, &(0x7f0000000000)) r1 = creat(&(0x7f0000000140)='./bus\x00', 0x0) fcntl$setstatus(r1, 0x4, 0x46000) r2 = creat(0x0, 0x0) io_setup(0x6, &(0x7f00000004c0)=0x0) io_submit(r3, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r2, &(0x7f0000000000), 0x10000}]) r4 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r1, r4, 0x0, 0x8400fffffffb) [ 309.913034][T10131] team0: Port device team_slave_0 added [ 309.966345][T10131] team0: Port device team_slave_1 added [ 310.094331][T10131] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 310.101617][T10131] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 310.128700][T10131] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 310.169354][ T32] kauditd_printk_skb: 14 callbacks suppressed [ 310.169414][ T32] audit: type=1804 audit(1595031209.585:209): pid=10314 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir070710994/syzkaller.fFUD1Q/77/bus" dev="sda1" ino=15887 res=1 [ 310.202119][ T32] audit: type=1804 audit(1595031209.595:210): pid=10311 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir070710994/syzkaller.fFUD1Q/77/bus" dev="sda1" ino=15887 res=1 [ 310.291181][T10131] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 310.298424][T10131] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 310.324887][T10131] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 310.597841][T10131] device hsr_slave_0 entered promiscuous mode [ 310.646747][T10131] device hsr_slave_1 entered promiscuous mode [ 310.697344][T10131] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 310.704970][T10131] Cannot create hsr debugfs directory [ 311.268765][T10131] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 311.325266][T10131] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 311.387815][T10131] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 311.439571][T10131] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 311.761906][T10131] 8021q: adding VLAN 0 to HW filter on device bond0 [ 311.797597][ T30] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 311.807190][ T30] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 311.824820][T10131] 8021q: adding VLAN 0 to HW filter on device team0 [ 311.853285][ T30] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 311.863550][ T30] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 311.872906][ T30] bridge0: port 1(bridge_slave_0) entered blocking state [ 311.880176][ T30] bridge0: port 1(bridge_slave_0) entered forwarding state [ 311.896062][ T30] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 311.918859][ T8643] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 311.928878][ T8643] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 311.938296][ T8643] bridge0: port 2(bridge_slave_1) entered blocking state [ 311.945607][ T8643] bridge0: port 2(bridge_slave_1) entered forwarding state [ 312.022800][ T8643] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 312.033734][ T8643] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 312.044670][ T8643] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 312.055669][ T8643] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 312.066103][ T8643] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 312.077268][ T8643] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 312.087650][ T8643] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 312.097358][ T8643] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 312.106988][ T8643] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 312.116598][ T8643] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 312.136292][T10131] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 312.145586][ T3087] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 312.219806][ T30] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 312.227850][ T30] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 312.266366][T10131] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 312.437183][ T3087] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 312.447384][ T3087] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 312.512549][ T3087] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 312.522585][ T3087] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 312.540624][ T3087] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 312.550123][ T3087] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 312.590633][T10131] device veth0_vlan entered promiscuous mode [ 312.626988][T10131] device veth1_vlan entered promiscuous mode [ 312.684259][ T30] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 312.694733][ T30] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 312.704271][ T30] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 312.714206][ T30] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 312.743263][T10131] device veth0_macvtap entered promiscuous mode [ 312.790525][T10131] device veth1_macvtap entered promiscuous mode [ 312.837607][T10131] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 312.848900][T10131] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 312.858967][T10131] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 312.869520][T10131] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 312.879505][T10131] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 312.890043][T10131] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 312.900022][T10131] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 312.910587][T10131] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 312.924616][T10131] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 312.935810][ T3378] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 312.945159][ T3378] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 312.954610][ T3378] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 312.965539][ T3378] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 312.982159][T10131] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 312.992838][T10131] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 313.002944][T10131] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 313.014025][T10131] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 313.024039][T10131] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 313.034625][T10131] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 313.045262][T10131] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 313.055843][T10131] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 313.069616][T10131] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 313.086434][ T3378] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 313.096509][ T3378] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 313.663623][T10403] hfsplus: unable to find HFS+ superblock [ 313.747990][T10408] hfsplus: unable to find HFS+ superblock 00:13:33 executing program 4: mknod$loop(&(0x7f00000000c0)='./file0\x00', 0x400002200006007, 0x0) r0 = creat(&(0x7f0000000000)='./file0\x00', 0x0) creat(&(0x7f0000000080)='./file0/file0\x00', 0x150) write$P9_RATTACH(r0, 0x0, 0x0) pipe(&(0x7f0000000080)={0xffffffffffffffff}) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f0000000280)={0x26, 'hash\x00', 0x0, 0x0, 'tgr192-generic\x00'}, 0x58) r3 = accept4(r2, 0x0, 0x0, 0x0) splice(r1, 0x0, r3, 0x0, 0x80000001, 0x0) pipe(&(0x7f0000000080)={0xffffffffffffffff}) r5 = socket$alg(0x26, 0x5, 0x0) bind$alg(r5, &(0x7f0000000280)={0x26, 'hash\x00', 0x0, 0x0, 'tgr192-generic\x00'}, 0x58) r6 = accept4(r5, 0x0, 0x0, 0x0) splice(r4, 0x0, r6, 0x0, 0x80000001, 0x0) bpf$BPF_GET_BTF_INFO(0xf, &(0x7f00000001c0)={r4, 0x10, &(0x7f0000000040)={&(0x7f0000000100)=""/153, 0x99, 0xffffffffffffffff}}, 0x10) bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000200)={0x3, r7}, 0x8) 00:13:33 executing program 2: r0 = openat$dlm_control(0xffffff9c, &(0x7f0000000080)='/dev/dlm-control\x00', 0x20080, 0x0) r1 = socket$inet6(0x10, 0x3, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$batadv(&(0x7f0000000180)='batadv\x00') ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r1, 0x8933, &(0x7f00000001c0)={'batadv0\x00', 0x0}) sendmsg$BATADV_CMD_SET_HARDIF(r2, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000000)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="050200000000000000000500000008000300", @ANYRES32=r4, @ANYBLOB="00060000", @ANYRES32=0x0, @ANYBLOB], 0x24}}, 0x0) sendmsg$BATADV_CMD_GET_MESH(r0, &(0x7f0000000340)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={&(0x7f0000000280)={0x64, r3, 0x0, 0x70bd26, 0x25dfdbfc, {}, [@BATADV_ATTR_AP_ISOLATION_ENABLED={0x5}, @BATADV_ATTR_ISOLATION_MASK={0x8, 0x2c, 0xed}, @BATADV_ATTR_NETWORK_CODING_ENABLED={0x5, 0x38, 0x1}, @BATADV_ATTR_HOP_PENALTY={0x5, 0x35, 0x9}, @BATADV_ATTR_HOP_PENALTY={0x5, 0x35, 0x6}, @BATADV_ATTR_ORIG_INTERVAL={0x8, 0x39, 0x75da}, @BATADV_ATTR_GW_MODE={0x5}, @BATADV_ATTR_TPMETER_TEST_TIME={0x8, 0xb, 0x7}, @BATADV_ATTR_TPMETER_TEST_TIME={0x8, 0xb, 0x1}, @BATADV_ATTR_GW_SEL_CLASS={0x8, 0x34, 0x7}]}, 0x64}, 0x1, 0x0, 0x0, 0x1}, 0x48cd1) syz_emit_ethernet(0x5e, &(0x7f0000000100)={@broadcast=[0xff, 0xff, 0xff, 0x0], @local, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "a4f008", 0x28, 0x3a, 0xff, @empty={[0x3, 0x3c]}, @mcast2, {[], @ndisc_redir={0x89, 0x0, 0x0, [], @ipv4={[], [], @initdev={0xac, 0x1e, 0x0, 0x0}}, @rand_addr=' \x01\x00'}}}}}}, 0x0) r5 = syz_open_dev$mouse(&(0x7f0000000000)='/dev/input/mouse#\x00', 0x9, 0x20000) ioctl$VIDIOC_G_FBUF(r5, 0x802c560a, &(0x7f0000000040)={0x28, 0x5, &(0x7f0000000180)="3d5541f800072fd765488c4f5d750c2a573d94886f38fb451a7615f3a82f4bc7eeec49aa76a67dca3f3bac369d4989d5f376df33eada28fed6fd967b213db186e9df5dc2c5487c42776b01c1461b620be35be5020783434b5822d12487932cc07e8bd48144251d1c89804c2ad3f8fe9791a23d6d46e664b63d7220b4b3f0780aa31f014d9b1bf75f6f8b3f04fc882b518e47362c6f2ddeef23bba40c6f09d406af757ee22859365a6935c5d762b1f47a4760563cbfc196470c574d19a0f5af74c3098e6c27297c4b302554149d6f663a7616bd9ed6e7cdef785b73a15de7fe4b9f81fed803bbbc6dc8f408", {0x4, 0x6, 0x38415262, 0x9, 0x40, 0x1, 0x7, 0x8}}) 00:13:33 executing program 3: r0 = socket(0x40000000002, 0x3, 0x2) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000080)={'vlan0\x00', &(0x7f0000000000)=@ethtool_sset_info={0x17}}) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r1, 0x84, 0x6e, &(0x7f0000000080)=[@in={0x2, 0x0, @dev}], 0x10) r2 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r2, 0x84, 0x6e, &(0x7f0000000180)=[@in6={0xa, 0x0, 0x0, @dev, 0xc}], 0x1c) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r2, 0x84, 0x1d, &(0x7f0000000040)={0x1, [0x0]}, &(0x7f000095dffc)=0x8) setsockopt$inet_sctp6_SCTP_RTOINFO(r1, 0x84, 0x0, &(0x7f0000000040)={r3, 0x1}, 0x10) getsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r0, 0x84, 0x72, &(0x7f00000000c0)={r3, 0x0, 0x30}, &(0x7f0000000100)=0xc) r4 = openat$vcsu(0xffffff9c, &(0x7f00000001c0)='/dev/vcsu\x00', 0x20000, 0x0) read$midi(r4, &(0x7f0000000200)=""/165, 0xa5) r5 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="60000000300001000000004c000100480001000c000100736b6265646974e138000280180002000000000000000000000000000000000000000000040006000c00090060000000000000000c0008000000000000000000"], 0x60}}, 0x0) pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) write(r6, &(0x7f0000000180)='>', 0x1) 00:13:33 executing program 0: open(&(0x7f00000001c0)='./bus\x00', 0x149043, 0x0) r0 = open(&(0x7f000000fffa)='./bus\x00', 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r0, 0x40046602, &(0x7f0000000000)) r1 = creat(&(0x7f0000000140)='./bus\x00', 0x0) fcntl$setstatus(r1, 0x4, 0x46000) r2 = creat(0x0, 0x0) io_setup(0x6, &(0x7f00000004c0)=0x0) io_submit(r3, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r2, &(0x7f0000000000), 0x10000}]) r4 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r1, r4, 0x0, 0x8400fffffffb) 00:13:33 executing program 1: syz_mount_image$bfs(0x0, &(0x7f0000000240)='.\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r0 = openat$binder_debug(0xffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/binder/state\x00', 0x0, 0x0) ioctl$sock_ipv6_tunnel_SIOCADDPRL(0xffffffffffffffff, 0x89f5, &(0x7f00000001c0)={'ip6tnl0\x00', &(0x7f0000000140)={'ip6_vti0\x00', 0x0, 0x29, 0x4, 0xfb, 0x5f4b, 0x11, @loopback, @loopback, 0x10, 0x7800, 0x5b6a, 0xa23a}}) sendmsg$TCPDIAG_GETSOCK(r0, &(0x7f0000000340)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000200)={&(0x7f0000000280)={0xb8, 0x12, 0x400, 0x70bd2c, 0x25dfdbfd, {0xf, 0x80, 0x14, 0x5, {0x4e24, 0x4e23, [0x40, 0xffffff81, 0x8, 0x2], [0x7592354b, 0x3, 0x8, 0x49], r1, [0x0, 0xff]}, 0x7, 0x6}, [@INET_DIAG_REQ_BYTECODE={0x6b, 0x1, "a6134ddb528c2745876d811fad5e6396195fc9064ed33a0b4c843d4c257b505c0a83b3aae5ba1ec15671a89d528e4faaf93a315e0e1940f3477ef12ef08367333ad31b4c33d602069cb60488ccb3b754c578941f23f191c98f6ea4f5f1295cb5646822b07a726c"}]}, 0xb8}, 0x1, 0x0, 0x0, 0x800}, 0x4000041) [ 314.030886][T10419] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.2'. [ 314.112375][T10419] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.2'. [ 314.161781][ T32] audit: type=1804 audit(1595031213.575:211): pid=10425 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir070710994/syzkaller.fFUD1Q/78/bus" dev="sda1" ino=15911 res=1 [ 314.223440][T10428] netlink: 76 bytes leftover after parsing attributes in process `syz-executor.3'. 00:13:33 executing program 1: syz_mount_image$bfs(0x0, &(0x7f0000000240)='.\x00', 0x0, 0x0, 0x0, 0x1a2440, 0x0) r0 = socket(0x40000000002, 0x3, 0x2) r1 = socket(0x40000000002, 0x3, 0x2) ioctl$sock_SIOCETHTOOL(r1, 0x8946, &(0x7f0000000080)={'vlan0\x00', &(0x7f0000000000)=@ethtool_sset_info={0x17}}) r2 = socket(0x40000000002, 0x3, 0x2) ioctl$sock_SIOCETHTOOL(r2, 0x8946, &(0x7f0000000080)={'vlan0\x00', &(0x7f0000000000)=@ethtool_sset_info={0x17}}) r3 = dup2(r1, r2) ioctl$SNDRV_PCM_IOCTL_DROP(r3, 0x4143, 0x0) r4 = socket(0x40000000002, 0x3, 0x2) ioctl$sock_SIOCETHTOOL(r4, 0x8946, &(0x7f0000000080)={'vlan0\x00', &(0x7f0000000000)=@ethtool_sset_info={0x17}}) ioctl$sock_inet_tcp_SIOCOUTQ(r4, 0x5411, &(0x7f0000000140)) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000080)={'vlan0\x00', &(0x7f0000000000)=@ethtool_sset_info={0x17}}) r5 = socket(0x40000000002, 0x3, 0x2) ioctl$sock_SIOCETHTOOL(r5, 0x8946, &(0x7f0000000080)={'vlan0\x00', &(0x7f0000000000)=@ethtool_sset_info={0x17, 0x10000000}}) getsockopt$inet6_mreq(r5, 0x29, 0x14, &(0x7f0000000000)={@mcast1, 0x0}, &(0x7f0000000040)=0x14) bind(r0, &(0x7f0000000080)=@can={0x1d, r6}, 0x80) r7 = openat$6lowpan_enable(0xffffff9c, &(0x7f0000000100)='/sys/kernel/debug/bluetooth/6lowpan_enable\x00', 0x2, 0x0) r8 = socket(0x40000000002, 0x3, 0x2) ioctl$sock_SIOCETHTOOL(r8, 0x8946, &(0x7f0000000080)={'vlan0\x00', &(0x7f0000000000)=@ethtool_sset_info={0x17}}) dup2(r7, r8) 00:13:33 executing program 0: open(&(0x7f00000001c0)='./bus\x00', 0x149043, 0x0) r0 = open(&(0x7f000000fffa)='./bus\x00', 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r0, 0x40046602, &(0x7f0000000000)) r1 = creat(&(0x7f0000000140)='./bus\x00', 0x0) fcntl$setstatus(r1, 0x4, 0x46000) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x0, &(0x7f00000004c0)=0x0) io_submit(r3, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r2, &(0x7f0000000000), 0x10000}]) r4 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r1, r4, 0x0, 0x8400fffffffb) 00:13:33 executing program 2: r0 = msgget$private(0x0, 0x0) msgsnd(r0, &(0x7f0000000140)=ANY=[@ANYBLOB="cc"], 0x1, 0x0) statx(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x1000, 0x8, &(0x7f0000000300)) r1 = syz_open_dev$usbmon(0x0, 0x1, 0x48000) recvfrom$inet(r1, 0x0, 0x202, 0x0, 0x0, 0x10000007c) shmget(0xffffffffffffffff, 0x1000, 0xa08, &(0x7f0000ffe000/0x1000)=nil) stat(&(0x7f0000000380)='./file0/file0\x00', &(0x7f00000004c0)) fstat(r1, &(0x7f0000001b80)) getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f00000008c0)={{{@in6=@remote, @in=@remote}}, {{@in6=@dev}, 0x0, @in6=@mcast2}}, &(0x7f0000000300)=0xe8) r2 = socket$nl_generic(0x10, 0x3, 0x10) set_mempolicy(0x4003, &(0x7f00003ccff8)=0x7fc, 0x7742) sendmsg$nl_generic(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000200)={0x1c, 0x23, 0x829, 0x0, 0x0, {0x2804, 0xe00000000000000}, [@typed={0x8, 0x11, 0x0, 0x0, @u32}]}, 0x1c}, 0x1, 0x60}, 0x0) ioctl$MON_IOCX_GET(r1, 0x400c9206, &(0x7f0000000040)={&(0x7f0000000000), &(0x7f0000000240)=""/108, 0x6c}) [ 314.867590][ T32] audit: type=1804 audit(1595031214.285:212): pid=10468 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir070710994/syzkaller.fFUD1Q/79/bus" dev="sda1" ino=15922 res=1 00:13:34 executing program 2: r0 = msgget$private(0x0, 0x0) msgsnd(r0, &(0x7f0000000140)=ANY=[@ANYBLOB="cc"], 0x1, 0x0) statx(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x1000, 0x8, &(0x7f0000000300)) r1 = syz_open_dev$usbmon(0x0, 0x1, 0x48000) recvfrom$inet(r1, 0x0, 0x202, 0x0, 0x0, 0x10000007c) shmget(0xffffffffffffffff, 0x1000, 0xa08, &(0x7f0000ffe000/0x1000)=nil) stat(&(0x7f0000000380)='./file0/file0\x00', &(0x7f00000004c0)) fstat(r1, &(0x7f0000001b80)) getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f00000008c0)={{{@in6=@remote, @in=@remote}}, {{@in6=@dev}, 0x0, @in6=@mcast2}}, &(0x7f0000000300)=0xe8) r2 = socket$nl_generic(0x10, 0x3, 0x10) set_mempolicy(0x4003, &(0x7f00003ccff8)=0x7fc, 0x7742) sendmsg$nl_generic(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000200)={0x1c, 0x23, 0x829, 0x0, 0x0, {0x2804, 0xe00000000000000}, [@typed={0x8, 0x11, 0x0, 0x0, @u32}]}, 0x1c}, 0x1, 0x60}, 0x0) ioctl$MON_IOCX_GET(r1, 0x400c9206, &(0x7f0000000040)={&(0x7f0000000000), &(0x7f0000000240)=""/108, 0x6c}) [ 314.896851][ T32] audit: type=1804 audit(1595031214.285:213): pid=10468 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir070710994/syzkaller.fFUD1Q/79/bus" dev="sda1" ino=15922 res=1 [ 314.921412][ T32] audit: type=1804 audit(1595031214.285:214): pid=10468 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir070710994/syzkaller.fFUD1Q/79/bus" dev="sda1" ino=15922 res=1 00:13:34 executing program 3: r0 = socket(0x40000000002, 0x3, 0x2) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000080)={'vlan0\x00', &(0x7f0000000000)=@ethtool_sset_info={0x17}}) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r1, 0x84, 0x6e, &(0x7f0000000080)=[@in={0x2, 0x0, @dev}], 0x10) r2 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r2, 0x84, 0x6e, &(0x7f0000000180)=[@in6={0xa, 0x0, 0x0, @dev, 0xc}], 0x1c) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r2, 0x84, 0x1d, &(0x7f0000000040)={0x1, [0x0]}, &(0x7f000095dffc)=0x8) setsockopt$inet_sctp6_SCTP_RTOINFO(r1, 0x84, 0x0, &(0x7f0000000040)={r3, 0x1}, 0x10) getsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r0, 0x84, 0x72, &(0x7f00000000c0)={r3, 0x0, 0x30}, &(0x7f0000000100)=0xc) r4 = openat$vcsu(0xffffff9c, &(0x7f00000001c0)='/dev/vcsu\x00', 0x20000, 0x0) read$midi(r4, &(0x7f0000000200)=""/165, 0xa5) r5 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="60000000300001000000004c000100480001000c000100736b6265646974e138000280180002000000000000000000000000000000000000000000040006000c00090060000000000000000c0008000000000000000000"], 0x60}}, 0x0) pipe(&(0x7f0000000080)) 00:13:34 executing program 0: open(&(0x7f00000001c0)='./bus\x00', 0x149043, 0x0) r0 = open(&(0x7f000000fffa)='./bus\x00', 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r0, 0x40046602, &(0x7f0000000000)) r1 = creat(&(0x7f0000000140)='./bus\x00', 0x0) fcntl$setstatus(r1, 0x4, 0x46000) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x0, &(0x7f00000004c0)=0x0) io_submit(r3, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r2, &(0x7f0000000000), 0x10000}]) r4 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r1, r4, 0x0, 0x8400fffffffb) 00:13:34 executing program 1: syz_mount_image$bfs(0x0, &(0x7f0000000240)='.\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0, 0x0}, &(0x7f0000cab000)=0xc) setgid(r1) stat(&(0x7f0000000140)='./file0\x00', &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_mount_image$hfs(&(0x7f0000000000)='hfs\x00', &(0x7f0000000040)='./file0\x00', 0x1ff, 0x1, &(0x7f0000000100)=[{&(0x7f0000000080)="55dfe280f3681efc34cb841c6a5d5fc68bc81ab1959fe992bff92d46bff24b6819340fea18a67f93bce54cc877c5efd42e8d6b2466f1f0df7b89f5dc3bcece9e60bd9c99f59da973d18f899b7976be720ab3f12e9e7d", 0x56, 0x1}], 0x8, &(0x7f0000000280)={[{@session={'session', 0x3d, 0x10001}}, {@session={'session', 0x3d, 0x5}}, {@file_umask={'file_umask', 0x3d, 0x7}}, {@gid={'gid', 0x3d, r1}}, {@gid={'gid', 0x3d, r2}}], [{@hash='hash'}, {@hash='hash'}, {@rootcontext={'rootcontext', 0x3d, 'user_u'}}, {@dont_measure='dont_measure'}, {@fsuuid={'fsuuid', 0x3d, {[0x37, 0x35, 0x62, 0x64, 0x34, 0x64, 0x39, 0x34], 0x2d, [0x50, 0x57, 0x66, 0x32], 0x2d, [0x61, 0x66, 0x63, 0x62], 0x2d, [0x55, 0x38, 0x63, 0x64], 0x2d, [0x34, 0x38, 0x32, 0x36, 0x37, 0x38, 0x32, 0x34]}}}, {@smackfsdef={'smackfsdef', 0x3d, ')&@'}}]}) 00:13:34 executing program 4: r0 = open(&(0x7f0000000200)='./bus\x00', 0x141042, 0x0) ftruncate(r0, 0x88001) r1 = socket(0x11, 0x3, 0x0) setsockopt$packet_buf(r1, 0x107, 0xf, &(0x7f0000000000)="1f06bfb8", 0x4) r2 = socket$nl_route(0x10, 0x3, 0x0) socket(0x1, 0x0, 0x0) sendmsg$nl_route(r2, 0x0, 0x800) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f00000003c0)={'veth0_to_hsr\x00', 0x0}) socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x1, 0x803, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$ETHTOOL_MSG_LINKINFO_GET(r1, &(0x7f0000000580)={&(0x7f0000000100), 0xc, &(0x7f0000000540)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c010000", @ANYRES16=0x0, @ANYBLOB="040027bd7000fedbdf25020000002c000180140002006e723000000000000000000000000000140002006d61637365633000000000000001000018000180140002", @ANYRES32=0x0, @ANYBLOB="80000180080003000100000008000100", @ANYRES32=0x0, @ANYBLOB="14000200626f6e643000000000000000000000000800", @ANYRES32=r3, @ANYBLOB="140002006d6163766c616e3100000000000000001400020073797a6b616c6c65723100000000000014000200687372300000000000000000000000001400020073797a5f74756e000000000000000000300001800800030000000000080003000300000014000200636169663000", @ANYRES32=r5, @ANYBLOB="39d6e569d32e87757098cf4422cd32330a3007d32a1fd26abfa4daa250101e51d0af19ffb49b195486d467974741db5467dc6d4eb79792839eab05d19514cc683c2df9248d6989c76df20168"], 0x13c}, 0x1, 0x0, 0x0, 0x4}, 0x4) bind(r1, &(0x7f0000000180)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000003000000013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6001c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) r6 = socket(0x40000000002, 0x3, 0x2) ioctl$sock_SIOCETHTOOL(r6, 0x8946, &(0x7f0000000080)={'vlan0\x00', &(0x7f0000000000)=ANY=[@ANYBLOB="170000000000ffff0000000000000000"]}) getsockopt$inet_sctp6_SCTP_MAXSEG(r0, 0x84, 0xd, &(0x7f0000000040)=@assoc_id=0x0, &(0x7f00000000c0)=0x4) getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(r6, 0x84, 0x6c, &(0x7f0000000140)={r7, 0xc, "cfc7369a2d782a1f88139155"}, &(0x7f0000000300)=0x14) perf_event_open(&(0x7f0000000240)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r8 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r1, r8, 0x0, 0x4e68d5f8) [ 315.482304][ T32] audit: type=1804 audit(1595031214.815:215): pid=10476 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir070710994/syzkaller.fFUD1Q/80/bus" dev="sda1" ino=15912 res=1 [ 315.506938][ T32] audit: type=1804 audit(1595031214.815:216): pid=10476 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir070710994/syzkaller.fFUD1Q/80/bus" dev="sda1" ino=15912 res=1 [ 315.531696][ T32] audit: type=1804 audit(1595031214.825:217): pid=10476 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir070710994/syzkaller.fFUD1Q/80/bus" dev="sda1" ino=15912 res=1 00:13:35 executing program 0: open(&(0x7f00000001c0)='./bus\x00', 0x149043, 0x0) r0 = open(&(0x7f000000fffa)='./bus\x00', 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r0, 0x40046602, &(0x7f0000000000)) r1 = creat(&(0x7f0000000140)='./bus\x00', 0x0) fcntl$setstatus(r1, 0x4, 0x46000) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x0, &(0x7f00000004c0)=0x0) io_submit(r3, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r2, &(0x7f0000000000), 0x10000}]) r4 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r1, r4, 0x0, 0x8400fffffffb) [ 315.711241][T10491] netlink: 76 bytes leftover after parsing attributes in process `syz-executor.3'. [ 315.945521][ T32] audit: type=1804 audit(1595031215.105:218): pid=10494 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir178064171/syzkaller.gYlFiT/2/bus" dev="sda1" ino=15925 res=1 00:13:35 executing program 2: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000380)='cpuset.memory_pressure\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x10012, r0, 0x0) ftruncate(r0, 0x4) ioctl$KVM_DIRTY_TLB(r0, 0x400caeaa, &(0x7f0000000000)={0x0, 0x80000000}) capset(&(0x7f0000000ffc), 0x0) 00:13:35 executing program 1: syz_mount_image$bfs(0x0, &(0x7f0000000240)='.\x00', 0x0, 0x0, 0x0, 0x0, 0x0) lsetxattr$trusted_overlay_upper(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='trusted.overlay.upper\x00', &(0x7f0000000080)={0x0, 0xfb, 0x15, 0x3, 0xff, "dfeb0a33ad435481d56d41a11b89a37d"}, 0x15, 0x1) [ 316.168921][ T32] audit: type=1804 audit(1595031215.475:219): pid=10500 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir178064171/syzkaller.gYlFiT/2/bus" dev="sda1" ino=15925 res=1 [ 316.194237][ T32] audit: type=1800 audit(1595031215.575:220): pid=10494 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed comm="syz-executor.4" name="bus" dev="sda1" ino=15925 res=0 [ 316.214030][ T32] audit: type=1800 audit(1595031215.575:221): pid=10500 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed comm="syz-executor.4" name="bus" dev="sda1" ino=15925 res=0 00:13:35 executing program 4: r0 = open(&(0x7f0000000200)='./bus\x00', 0x141042, 0x0) ftruncate(r0, 0x88001) r1 = socket(0x11, 0x3, 0x0) setsockopt$packet_buf(r1, 0x107, 0xf, &(0x7f0000000000)="1f06bfb8", 0x4) r2 = socket$nl_route(0x10, 0x3, 0x0) socket(0x1, 0x0, 0x0) sendmsg$nl_route(r2, 0x0, 0x800) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f00000003c0)={'veth0_to_hsr\x00', 0x0}) socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x1, 0x803, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$ETHTOOL_MSG_LINKINFO_GET(r1, &(0x7f0000000580)={&(0x7f0000000100), 0xc, &(0x7f0000000540)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c010000", @ANYRES16=0x0, @ANYBLOB="040027bd7000fedbdf25020000002c000180140002006e723000000000000000000000000000140002006d61637365633000000000000001000018000180140002", @ANYRES32=0x0, @ANYBLOB="80000180080003000100000008000100", @ANYRES32=0x0, @ANYBLOB="14000200626f6e643000000000000000000000000800", @ANYRES32=r3, @ANYBLOB="140002006d6163766c616e3100000000000000001400020073797a6b616c6c65723100000000000014000200687372300000000000000000000000001400020073797a5f74756e000000000000000000300001800800030000000000080003000300000014000200636169663000", @ANYRES32=r5, @ANYBLOB="39d6e569d32e87757098cf4422cd32330a3007d32a1fd26abfa4daa250101e51d0af19ffb49b195486d467974741db5467dc6d4eb79792839eab05d19514cc683c2df9248d6989c76df20168"], 0x13c}, 0x1, 0x0, 0x0, 0x4}, 0x4) bind(r1, &(0x7f0000000180)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000003000000013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6001c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) r6 = socket(0x40000000002, 0x3, 0x2) ioctl$sock_SIOCETHTOOL(r6, 0x8946, &(0x7f0000000080)={'vlan0\x00', &(0x7f0000000000)=ANY=[@ANYBLOB="170000000000ffff0000000000000000"]}) getsockopt$inet_sctp6_SCTP_MAXSEG(r0, 0x84, 0xd, &(0x7f0000000040)=@assoc_id=0x0, &(0x7f00000000c0)=0x4) getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(r6, 0x84, 0x6c, &(0x7f0000000140)={r7, 0xc, "cfc7369a2d782a1f88139155"}, &(0x7f0000000300)=0x14) perf_event_open(&(0x7f0000000240)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r8 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r1, r8, 0x0, 0x4e68d5f8) [ 316.403898][ T32] audit: type=1804 audit(1595031215.675:222): pid=10505 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir070710994/syzkaller.fFUD1Q/81/bus" dev="sda1" ino=15907 res=1 [ 316.428363][ T32] audit: type=1804 audit(1595031215.685:223): pid=10503 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir070710994/syzkaller.fFUD1Q/81/bus" dev="sda1" ino=15907 res=1 00:13:35 executing program 0: open(&(0x7f00000001c0)='./bus\x00', 0x149043, 0x0) r0 = open(&(0x7f000000fffa)='./bus\x00', 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r0, 0x40046602, &(0x7f0000000000)) r1 = creat(&(0x7f0000000140)='./bus\x00', 0x0) fcntl$setstatus(r1, 0x4, 0x46000) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x6, 0x0) io_submit(0x0, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r2, &(0x7f0000000000), 0x10000}]) r3 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r1, r3, 0x0, 0x8400fffffffb) 00:13:35 executing program 2: r0 = semget$private(0x0, 0x4000000009, 0x0) syz_open_dev$radio(&(0x7f0000000140)='/dev/radio#\x00', 0x0, 0x2) semctl$IPC_STAT(r0, 0x0, 0x2, &(0x7f0000000040)=""/201) semctl$IPC_STAT(r0, 0x0, 0x2, &(0x7f0000000400)=""/238) semctl$IPC_INFO(r0, 0x2, 0x3, &(0x7f0000000000)=""/44) r1 = socket$rxrpc(0x21, 0x2, 0xa) bind$rxrpc(r1, &(0x7f00000000c0)=@in4={0x21, 0x0, 0xa, 0x10, {0x2, 0xfffe, @rand_addr=0x64010102}}, 0x24) [ 316.453125][ T32] audit: type=1804 audit(1595031215.685:224): pid=10503 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir070710994/syzkaller.fFUD1Q/81/bus" dev="sda1" ino=15907 res=1 00:13:35 executing program 3: r0 = socket(0x40000000002, 0x3, 0x2) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000080)={'vlan0\x00', &(0x7f0000000000)=@ethtool_sset_info={0x17}}) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r1, 0x84, 0x6e, &(0x7f0000000080)=[@in={0x2, 0x0, @dev}], 0x10) r2 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r2, 0x84, 0x6e, &(0x7f0000000180)=[@in6={0xa, 0x0, 0x0, @dev, 0xc}], 0x1c) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r2, 0x84, 0x1d, &(0x7f0000000040)={0x1, [0x0]}, &(0x7f000095dffc)=0x8) setsockopt$inet_sctp6_SCTP_RTOINFO(r1, 0x84, 0x0, &(0x7f0000000040)={r3, 0x1}, 0x10) getsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r0, 0x84, 0x72, &(0x7f00000000c0)={r3, 0x0, 0x30}, &(0x7f0000000100)=0xc) r4 = openat$vcsu(0xffffff9c, &(0x7f00000001c0)='/dev/vcsu\x00', 0x20000, 0x0) read$midi(r4, &(0x7f0000000200)=""/165, 0xa5) r5 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="60000000300001000000004c000100480001000c000100736b6265646974e138000280180002000000000000000000000000000000000000000000040006000c00090060000000000000000c0008000000000000000000"], 0x60}}, 0x0) 00:13:36 executing program 1: syz_mount_image$bfs(0x0, &(0x7f0000000240)='.\x00', 0x0, 0x0, 0x0, 0x0, 0x0) openat$cgroup_root(0xffffff9c, &(0x7f0000000000)='./cgroup/syz0\x00', 0x200002, 0x0) pipe(&(0x7f0000000080)={0xffffffffffffffff}) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000280)={0x26, 'hash\x00', 0x0, 0x0, 'tgr192-generic\x00'}, 0x58) r2 = accept4(r1, 0x0, 0x0, 0x0) splice(r0, 0x0, r2, 0x0, 0x80000001, 0x0) ioctl$VHOST_VSOCK_SET_GUEST_CID(r0, 0x4008af60, &(0x7f0000000040)={@hyper}) ioctl$VIDIOC_SUBDEV_ENUM_MBUS_CODE(r0, 0xc0305602, &(0x7f00000000c0)={0x0, 0x6, 0x1036, 0x1}) 00:13:36 executing program 2: r0 = syz_open_dev$vcsn(&(0x7f0000000000)='/dev/vcs#\x00', 0x0, 0x0) ioctl$FS_IOC_ENABLE_VERITY(r0, 0x40806685, &(0x7f0000000300)={0x1, 0x2, 0x1000, 0x9d, &(0x7f0000000200)="612b5a0de4b2d90762088caa50b562094c447da7b56a23a194cf9e60c5d7e2bc3dbbda5d9bd70c5f5ff367facacb747198d33ea89a33732d2f29a4c2c3f788ee2784cfb7b847d0252aa5fa536744697ec5607d06c1a54a599f15355380ea84ee811ee04a6da91b59fea639ba9597e52b1509783bef52d7bdbb091cc13f5078c18005720fd2a23f9835b5d61d45e20f522cad9b194eedcfba2caa7d546a", 0x1d, 0x0, &(0x7f0000000040)="bf0b80248795e0dc8b0a7d759e1f9db00bd7932b335c678dcce71feb8b"}) socket$nl_route(0x10, 0x3, 0x0) sendmsg$NL80211_CMD_STOP_AP(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000800)={0x720, 0x0, 0x0, 0x0, 0x0, {}, [@NL80211_ATTR_IE_PROBE_RESP={0x6cd, 0x7f, "a7f4920904e4673e303388064a4a122a585a6730da092ae3d81b5a19035d753f6fb8216108a771103f539149e4a755f24da42679af05244cd5c6f337b62eb02f579dcec876561264eb09e9c13289245270eb9e834bb95c51677be9b1eb24b4158c7c85be6ee4d2dc610384e829df78b7302e1584b843cb957e10175946feac181384b1969fad18aaae119cfb6f74cabf13f42caee1bf5ba63864c4005178bb652027398cde85c26ebbd972b847cdb901b384b6deba84a20f18116fc3376e3020c67f439a4adfdd2b8ec1eaeb91a415349b254b8bdc3fab8fdc24cb7d90888c87b9ea2e70fce91d5e0dfb383f5557a9d4f886bc107cdf5a4a540f5033d476c1709ec6c6a6f34839752471ea54953c1eedac0ab77236bbb69764759ffe9270c0d603a36393bf589554fccc3efb4b60c9fe628671aba9c7adcfefccebf7aa1b23cbc37136ca1026f00b1a0dc88f3c874c0cdfda219abb2bf966a40924659f5592614e42e573b109e9edaab4c49ebc0545824a468a44e196adc112746de1b2b1d418f70832e965ff0763cbc45aa993f112091266feb3d73ba958bb92b7dad63c4fa9acc45c0b2002a4d04c6464438b9abd6422b6f891fa8c60bf9608936c5a443f04d7150a206dea7c0ef05e1b355facf918da1920e42263eda59c134df9974293c55f1956ec84671952ad5e0fd126f284a0409466e829e057e9fecefefbeeca1508d979932dd5cf1ef3231c30f533e1f910d82d02024b7b92108839f1fc60743796cb83e9660f11b745b6d4a670a7747c7fee10f0247da373dfd710473bbddf5ebc0717befa99561b1b2b856cde491ef8de077f3e7b84b7bcdbfd1b41039f96aef40172e4267f2369299a2c106eafb17feabbb573bf7cdcecc10805cec7fb3145b53a6ca892eb53a7ed14a4be518907a421bc1d82e2ee8a4bdc29befb11d843206aa7e12f740aea9f9561a553e964fa8ec0944a48a7c57c530c4b351650683fb049e1a8756775cd69c2c21af1bc4cd2fc7032ec9ac363387ffb1f07b761330bc50d9c8bb0c0923a0e9cb7380fbc6e6101a7ba8bc737abe00e51b7715e614ae257a4c87920456dec4e12c3708646c8a7cbc88d8f574db177df360492e068646302bf8f1cc74ce129a721d2722483a075a9d3bb160ec5a6baa19469815136f934fc356a1c80ec0e9b0280db10509d9266b45642c3273bdaf3a1702b7cb841540b8e96a5ce2632c4bd2ce04de770d640bd845bfeb9e41ae135bbce9e392aa2df7088838d1f4832181231e88e47011928c530a73bac18525a982397baff9b686dacd36893f3e89308de9566e9f24e379824500044c87bea9f0450449e860af23ff65bdd0379bdfab0ae69fec00fd4d256aec1fa906bec57fd228e7c3630fca36e20ebf37864d6ffc26b9b4bbf7ab14b524615d8739a3f88fb3b92c92e6e13e5f9bd0bad6c1697e73950b05ab51cb5eafc07477a5bc10a1bd1ceace51b56dde18b08aba2dd97b0c4382e86cf941fc73f155e7cddd9b001eab0cfce43351f6bbcc5343a08ec1102932dbf0d4ef2795378287dd53dcad005aacd6585004ed90c3e67a76e8dd0d6f0fd0bf8e7c48d5c72eb234e1b67c4a7d172ae56ceb41a3fe3d04b78534fdee81ff32c997b71a345aad2175bf076937d44c6d68bf108f9d682bef9878137bffaa6b1a975b44e1c27dde586658bdae8d16f6d4ac4ba92812bf5eece4618527229eefa0d092dea71aef5baa4bee0179276393ad69d7072038ed7d0049b63fc6739fed8aaa510a320f48185ab1242a811fb46c5890e47c50abb8b898e73b0bcb9a20f49729bd0f46f825877e0887e9ff8b4be5c648d5cfc90cb6c1e29ac502922d0287fe83b906fff0c1329b48878dd8f775a13fdb82aa5d64c81fa4bda6c196989709324be6b857b44dcd91ec7dbf494b448ae743b10c4c051da9e5a80229db7eb1672971c784870d520d5e5326ffc1d2723a275ea2eeb566dc5d64f260dab838cf4b29b5578a0273ec28445f44b0f66edadc6adce2ee4f3f57ca40614915a93146a5261d80bcc1949731524addec4fae73580a54ae6dfcbd46932f015fc30a90e03332a77a5087af10236ac52a1170b5644d030c8d8cc249c50d42b2c426e36daa9514c0885feb904a8009534439fa87f8b5871cd3ccaa2bc5def327e7ad59bfa8f4fa41f7431b759f323aedf73f585348daf4dc3df6e7a7974976d3c658118b5af6e0bcd8c1d0b649ec2cceba7e0940f2726a276b7c79ffcb0814a9f7cf14265761d7e9903ea1f8897d34160b3dfb3a8126bcfb7889af48e2ad6962975470a2b9c82fe2595c6e0763bd7a5a1fa7d5ec206e8404301939e4eb7acdd90d54d93cdec5cd0fbb9c30b1eacda35cb04e75b8476a5826a98adc092fb87b87ffd38206981da85ba1d215d476da421db515c2b98bf37b8e7d85aa62587dbbc933bae9aeae440788c0e733c"}, @NL80211_ATTR_WIPHY={0x8}, @NL80211_ATTR_MAC_ADDRS={0x34, 0xa6, 0x0, 0x1, [{0xa, 0x0, @local}, {0xa, 0x0, @remote}, {0xa, 0x0, @dev}, {0xa, 0x0, @broadcast}]}]}, 0x720}}, 0x0) r1 = socket(0x1, 0x803, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) r3 = socket(0x40000000002, 0x3, 0x2) ioctl$sock_SIOCETHTOOL(r3, 0x8946, &(0x7f0000000080)={'vlan0\x00', &(0x7f0000000000)=@ethtool_sset_info={0x17}}) sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newlink={0x5c, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x34, 0x12, 0x0, 0x1, @ip6gre={{0xb, 0x1, 'ip6gre\x00'}, {0x24, 0x2, 0x0, 0x1, [@IFLA_GRE_FWMARK={0x8, 0x14, 0x40}, @IFLA_GRE_FLOWINFO={0x8, 0xc, 0x1000}, @IFLA_GRE_LINK={0x8, 0x1, r2}, @IFLA_GRE_ENCAP_SPORT={0x6, 0x10, 0x4e24}]}}}, @IFLA_MASTER={0x8, 0x3, r2}]}, 0x5c}}, 0x0) 00:13:36 executing program 0: open(&(0x7f00000001c0)='./bus\x00', 0x149043, 0x0) r0 = open(&(0x7f000000fffa)='./bus\x00', 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r0, 0x40046602, &(0x7f0000000000)) r1 = creat(&(0x7f0000000140)='./bus\x00', 0x0) fcntl$setstatus(r1, 0x4, 0x46000) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x6, 0x0) io_submit(0x0, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r2, &(0x7f0000000000), 0x10000}]) r3 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r1, r3, 0x0, 0x8400fffffffb) [ 317.150492][T10530] netlink: 76 bytes leftover after parsing attributes in process `syz-executor.3'. 00:13:36 executing program 4: r0 = open(&(0x7f0000000200)='./bus\x00', 0x141042, 0x0) ftruncate(r0, 0x88001) r1 = socket(0x11, 0x3, 0x0) setsockopt$packet_buf(r1, 0x107, 0xf, &(0x7f0000000000)="1f06bfb8", 0x4) r2 = socket$nl_route(0x10, 0x3, 0x0) socket(0x1, 0x0, 0x0) sendmsg$nl_route(r2, 0x0, 0x800) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f00000003c0)={'veth0_to_hsr\x00', 0x0}) socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x1, 0x803, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$ETHTOOL_MSG_LINKINFO_GET(r1, &(0x7f0000000580)={&(0x7f0000000100), 0xc, &(0x7f0000000540)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c010000", @ANYRES16=0x0, @ANYBLOB="040027bd7000fedbdf25020000002c000180140002006e723000000000000000000000000000140002006d61637365633000000000000001000018000180140002", @ANYRES32=0x0, @ANYBLOB="80000180080003000100000008000100", @ANYRES32=0x0, @ANYBLOB="14000200626f6e643000000000000000000000000800", @ANYRES32=r3, @ANYBLOB="140002006d6163766c616e3100000000000000001400020073797a6b616c6c65723100000000000014000200687372300000000000000000000000001400020073797a5f74756e000000000000000000300001800800030000000000080003000300000014000200636169663000", @ANYRES32=r5, @ANYBLOB="39d6e569d32e87757098cf4422cd32330a3007d32a1fd26abfa4daa250101e51d0af19ffb49b195486d467974741db5467dc6d4eb79792839eab05d19514cc683c2df9248d6989c76df20168"], 0x13c}, 0x1, 0x0, 0x0, 0x4}, 0x4) bind(r1, &(0x7f0000000180)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000003000000013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6001c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) r6 = socket(0x40000000002, 0x3, 0x2) ioctl$sock_SIOCETHTOOL(r6, 0x8946, &(0x7f0000000080)={'vlan0\x00', &(0x7f0000000000)=ANY=[@ANYBLOB="170000000000ffff0000000000000000"]}) getsockopt$inet_sctp6_SCTP_MAXSEG(r0, 0x84, 0xd, &(0x7f0000000040)=@assoc_id=0x0, &(0x7f00000000c0)=0x4) getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(r6, 0x84, 0x6c, &(0x7f0000000140)={r7, 0xc, "cfc7369a2d782a1f88139155"}, &(0x7f0000000300)=0x14) perf_event_open(&(0x7f0000000240)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r8 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r1, r8, 0x0, 0x4e68d5f8) 00:13:36 executing program 2: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) openat$ttyprintk(0xffffff9c, &(0x7f0000000000)='/dev/ttyprintk\x00', 0x40, 0x0) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)={0x94, 0x2, 0x6, 0x105, 0x2, 0x3000000, {0x7, 0x2}, [@IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xc}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_DATA={0x34, 0x7, 0x0, 0x1, [@IPSET_ATTR_TIMEOUT={0x8}, @IPSET_ATTR_MAXELEM={0x8}, @IPSET_ATTR_PORT_TO={0x6, 0x5, 0x1, 0x0, 0x4e23}, @IPSET_ATTR_PROBES={0x5, 0x15, 0x4}, @IPSET_ATTR_HASHSIZE={0x8, 0x12, 0x1, 0x0, 0x40a3}, @IPSET_ATTR_CIDR={0x5, 0x3, 0x40}]}, @IPSET_ATTR_DATA={0x28, 0x7, 0x0, 0x1, [@IPSET_ATTR_MARKMASK={0x8, 0xb, 0x1, 0x0, 0x6}, @IPSET_ATTR_IP_TO={0xc, 0x2, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @multicast1}}, @IPSET_ATTR_NETMASK={0x5, 0x14, 0x3}, @IPSET_ATTR_MARK={0x8, 0xa, 0x1, 0x0, 0x3}]}]}, 0x94}}, 0x4048090) 00:13:37 executing program 0: open(&(0x7f00000001c0)='./bus\x00', 0x149043, 0x0) r0 = open(&(0x7f000000fffa)='./bus\x00', 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r0, 0x40046602, &(0x7f0000000000)) r1 = creat(&(0x7f0000000140)='./bus\x00', 0x0) fcntl$setstatus(r1, 0x4, 0x46000) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x6, 0x0) io_submit(0x0, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r2, &(0x7f0000000000), 0x10000}]) r3 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r1, r3, 0x0, 0x8400fffffffb) 00:13:37 executing program 3: r0 = socket(0x40000000002, 0x3, 0x2) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000080)={'vlan0\x00', &(0x7f0000000000)=@ethtool_sset_info={0x17}}) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r1, 0x84, 0x6e, &(0x7f0000000080)=[@in={0x2, 0x0, @dev}], 0x10) r2 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r2, 0x84, 0x6e, &(0x7f0000000180)=[@in6={0xa, 0x0, 0x0, @dev, 0xc}], 0x1c) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r2, 0x84, 0x1d, &(0x7f0000000040)={0x1, [0x0]}, &(0x7f000095dffc)=0x8) setsockopt$inet_sctp6_SCTP_RTOINFO(r1, 0x84, 0x0, &(0x7f0000000040)={r3, 0x1}, 0x10) getsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r0, 0x84, 0x72, &(0x7f00000000c0)={r3, 0x0, 0x30}, &(0x7f0000000100)=0xc) r4 = openat$vcsu(0xffffff9c, &(0x7f00000001c0)='/dev/vcsu\x00', 0x20000, 0x0) read$midi(r4, &(0x7f0000000200)=""/165, 0xa5) socket$netlink(0x10, 0x3, 0x0) 00:13:37 executing program 2: r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0) open(&(0x7f0000000000)='./bus\x00', 0x20600, 0x0) write$FUSE_NOTIFY_INVAL_ENTRY(r0, &(0x7f0000000100)=ANY=[@ANYBLOB="2100000000f015aefa1d4c0300000000000000000000000000000000000000000000c582ead0a700ddebf00e382796c3"], 0x21) ftruncate(r0, 0x2081fc) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x40400) write$FUSE_WRITE(0xffffffffffffffff, &(0x7f0000000080)={0x18}, 0x18) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x1c90c2, 0x34) ftruncate(r1, 0x2007fff) r2 = open(&(0x7f000000fffa)='./bus\x00', 0x0, 0x0) syz_open_dev$tty20(0xc, 0x4, 0x1) r3 = openat$binder_debug(0xffffff9c, &(0x7f0000000040)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0) connect$rxrpc(r3, &(0x7f0000000140)=@in4={0x21, 0x1, 0x2, 0x10, {0x2, 0x4e21, @multicast1}}, 0x24) write$P9_RWALK(0xffffffffffffffff, &(0x7f00000000c0)=ANY=[], 0x9) r4 = socket$inet_icmp_raw(0x2, 0x3, 0x1) dup2(r4, r2) pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) write(r5, &(0x7f0000000180)='>', 0x1) r6 = openat$autofs(0xffffff9c, &(0x7f0000000180)='/dev/autofs\x00', 0x1000, 0x0) bpf$BPF_LINK_CREATE(0x1c, &(0x7f00000001c0)={r5, r6, 0x1e}, 0x10) 00:13:37 executing program 0: open(&(0x7f00000001c0)='./bus\x00', 0x149043, 0x0) r0 = open(&(0x7f000000fffa)='./bus\x00', 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r0, 0x40046602, &(0x7f0000000000)) r1 = creat(&(0x7f0000000140)='./bus\x00', 0x0) fcntl$setstatus(r1, 0x4, 0x46000) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x6, &(0x7f00000004c0)) io_submit(0x0, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r2, &(0x7f0000000000), 0x10000}]) r3 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r1, r3, 0x0, 0x8400fffffffb) 00:13:37 executing program 1: syz_mount_image$bfs(0x0, &(0x7f0000000240)='.\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r0 = openat$pfkey(0xffffff9c, &(0x7f0000000000)='/proc/self/net/pfkey\x00', 0x408000, 0x0) sendmsg$IPCTNL_MSG_CT_GET_STATS(r0, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x14, 0x5, 0x1, 0x101, 0x0, 0x0, {0x3, 0x0, 0xa}, ["", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x4000881}, 0x8000) 00:13:37 executing program 4: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000000c0)=@ipv4_newroute={0x24, 0x18, 0x35f32a6dfa748ddd, 0x0, 0x0, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, [@RTA_PRIORITY={0x8, 0x6, 0xfffff66d}]}, 0x24}}, 0x0) r1 = socket(0x40000000002, 0x3, 0x2) ioctl$sock_SIOCETHTOOL(r1, 0x8946, &(0x7f0000000080)={'vlan0\x00', &(0x7f0000000000)=@ethtool_sset_info={0x17}}) socket$nl_rdma(0x10, 0x3, 0x14) r2 = openat$vcsu(0xffffff9c, &(0x7f0000000040)='/dev/vcsu\x00', 0x100, 0x0) ioctl$KVM_GET_MSR_INDEX_LIST(r2, 0xc004ae02, &(0x7f0000000100)={0x7, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}) ioctl$HCIINQUIRY(r1, 0x800448f0, &(0x7f0000000240)={0x244, 0x0, '\x00', 0x3, 0x3}) r3 = socket(0x40000000002, 0x3, 0x2) ioctl$sock_SIOCETHTOOL(r3, 0x8946, &(0x7f0000000080)={'vlan0\x00', &(0x7f0000000000)=@ethtool_sset_info={0x17}}) getsockopt$IP_VS_SO_GET_TIMEOUT(r3, 0x0, 0x486, &(0x7f0000000140), &(0x7f0000000180)=0xc) ioctl$sock_SIOCGIFVLAN_SET_VLAN_NAME_TYPE_CMD(r0, 0x8982, &(0x7f0000000200)={0x6, 'tunl0\x00', {}, 0x7}) openat$ppp(0xffffff9c, &(0x7f00000001c0)='/dev/ppp\x00', 0x8f9e85ca92e7e1d0, 0x0) 00:13:38 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x2}, 0x1c) listen(r0, 0x400008b9) r1 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x13, &(0x7f00000001c0)=0x3e, 0x4) connect$inet(r1, &(0x7f0000000040)={0x2, 0x2, @local}, 0x10) r2 = socket$netlink(0x10, 0x3, 0x8000000004) r3 = socket(0x40000000002, 0x3, 0x2) ioctl$sock_SIOCETHTOOL(r3, 0x8946, &(0x7f0000000080)={'vlan0\x00', &(0x7f0000000000)=@ethtool_sset_info={0x17}}) getsockopt$IP_VS_SO_GET_DAEMON(r3, 0x0, 0x487, &(0x7f0000000140), &(0x7f0000000180)=0x30) writev(r2, &(0x7f0000000100)=[{&(0x7f0000000080)="580000001400192340834b80040d8c560a067f0200ff000000000300000058000b4824ca945f64009400ff0325010ebc000000000000008000f0fffeffe809005300fff5dd00000010000100030c100000985e0000000000", 0x58}], 0x1) 00:13:38 executing program 4: r0 = socket(0x40000000002, 0x3, 0x2) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000080)={'vlan0\x00', &(0x7f0000000000)=@ethtool_sset_info={0x17}}) sendmsg$DEVLINK_CMD_SB_TC_POOL_BIND_SET(r0, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000100)={&(0x7f0000000180)=ANY=[@ANYBLOB="ac000000ed936619cd3e529848e20f00c14502d22b202b37a5d0df5442211da6e1bb5fd71c4a3f1c0eff5a4fed", @ANYRES16=0x0, @ANYBLOB="020029bd7000fbdbdf2518000000080001007063690011000200303030303a30303a31302e3000000000080003000300000008000b000600000006001600036800000500120000000000060011000000000008000b0002000000080001007063690011000200303030303a30303a31302e3000000000080003000200000008000b004968000006001600010400000500120000000000060011000180000008000b0007000000"], 0xac}, 0x1, 0x0, 0x0, 0x4000094}, 0x8040) r1 = syz_open_dev$vcsn(&(0x7f0000006f00)='/dev/vcs#\x00', 0x20, 0x101001) getsockopt$X25_QBITINCL(r1, 0x106, 0x1, &(0x7f0000006f40), &(0x7f0000006f80)=0x4) syz_read_part_table(0x2, 0x1, &(0x7f0000000740)=[{&(0x7f0000000d80)="923ee4e82912281d36b92cb03755086615d4be213d870d2ec7cae0906d60d2f43c27f006b6e9be59aa2c1b8d85cf82f34164431984811ce280ff5fc105b219b0112325566a1a9f273c9b5adb7aea4a7162e92d7fb061e5b4c3286d2db358d734970a9dac8bcc42ba3f365b1d3c9fa059dfa1230f210322252860a711d67ce6eae6c4c3eb9772765a450473c8dc5ab4a66a3f8ea73bbc7b77c7194d573866c32720ba9de3793c86b1f6d43d88ce3fbbb0fe546ea7cd3625a96329a5ef1cc8a8bb4d48bdab399490b3383731328d2e4b53453fc7fa95dd89ed4bd3492c4cb5aa4af933c631caed155c64b0164a78ba1968a0c719c4583db8ffb03ecad94b266bd8f9f7ef561aec2b382064a8f1f29449d42785af7c35ac15646cbe04278215bb22b3292185bd178af9978d3226439051827fafda244eff8fb730a7c8ce6c221d156aa17a04c043fb48b3d3adb10b2cf70db9ae31abe4431a1aabaafb57b829eaf94ac5fdfbed2f169b5b3791235c3739e09bb0b527134e292aa431be2a901b6eb93510e62162fba58338a82ab9a6cac712e9684ce6694788de18e66f1055ce14c26d23f31cc87f7b91343b8b8d548429a9ccc0ac2968626fd80153c5675b7e64672ed1e0e608094f9f7a10bebb78fae9116657d5620b4d7d80adede0d7855f5d1cc6bd5e5bb3510c565e0725f5a9c0cad31dab8692c45ef801181cc4e05a", 0x1fd, 0x3}]) pipe(&(0x7f0000000080)={0xffffffffffffffff}) r3 = socket$alg(0x26, 0x5, 0x0) bind$alg(r3, &(0x7f0000000280)={0x26, 'hash\x00', 0x0, 0x0, 'tgr192-generic\x00'}, 0x58) r4 = accept4(r3, 0x0, 0x0, 0x0) splice(r2, 0x0, r4, 0x0, 0x80000001, 0x0) ioctl$EVIOCSKEYCODE(r2, 0x40084504, &(0x7f0000000040)=[0xc, 0x10000]) 00:13:38 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00003b9fdc)) r1 = syz_open_pts(r0, 0x0) pipe(&(0x7f0000000080)={0xffffffffffffffff}) r3 = socket$alg(0x26, 0x5, 0x0) bind$alg(r3, &(0x7f0000000280)={0x26, 'hash\x00', 0x0, 0x0, 'tgr192-generic\x00'}, 0x58) r4 = accept4(r3, 0x0, 0x0, 0x0) splice(r2, 0x0, r4, 0x0, 0x80000001, 0x0) ioctl$KDGKBTYPE(r2, 0x4b33, &(0x7f00000004c0)) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000180)=0x3) ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000080)={0xfff, 0x0, 0x0, 0x0, 0x0, "b2e70000000000000000001000"}) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000080)={'vlan0\x00', &(0x7f0000000500)=ANY=[@ANYBLOB="1703000000000000000002000085ffe50000"]}) ioctl$KDDELIO(0xffffffffffffffff, 0x4b35, 0x7f) r5 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040)='devlink\x00') sendmsg$DEVLINK_CMD_SB_OCC_SNAPSHOT(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000140)={&(0x7f0000000080)={0x84, r5, 0x2, 0x70bd2a, 0x25dfdbfd, {}, [{@pci={{0x8, 0x1, 'pci\x00'}, {0x11, 0x2, '0000:00:10.0\x00'}}, {0x8, 0xb, 0x7}}, {@pci={{0x8, 0x1, 'pci\x00'}, {0x11, 0x2, '0000:00:10.0\x00'}}, {0x8}}, {@nsim={{0xe, 0x1, 'netdevsim\x00'}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0xb, 0x9}}]}, 0x84}}, 0x52) syz_mount_image$bfs(0x0, &(0x7f0000000240)='.\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r6 = openat$binder_debug(0xffffff9c, &(0x7f00000001c0)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0) ioctl$SG_IO(r6, 0x2285, &(0x7f0000000480)={0x53, 0xfffffffffffffffc, 0xe7, 0x8, @scatter={0x1, 0x0, &(0x7f0000000200)=[{&(0x7f0000000280)=""/97, 0x61}]}, &(0x7f0000000300)="d6379a3280fded754318a3332412a34405b441fbb8d088e7002bc446b16170589ec765a3a66902a671614369239cd0566d2f56ef0200c4320178cacaf771205ff4bb2775195cf0161221bea5cff2d29564ed50cc35324dad765ac5a4805170f80581ed974a62153bb287bf53e371d263d62a3095d529985b8f2ed6c4006e87a41e7c4fe1ddd99ba29d1249a0ee247cc8eea3d9a0f8e102c1e131270d763edc11492ec8fcd7408a61003d3aa0b3f530cb4ac81545c430c93d2980de52883670610bb4cd084295674d405e41f3c8ccd35cf4d51c2ed26d2b3b2af997ad9adf8f38df1eb0ca98f0fc", &(0x7f0000000400)=""/1, 0x6, 0x10000, 0x0, &(0x7f0000000440)}) 00:13:38 executing program 0: open(&(0x7f00000001c0)='./bus\x00', 0x149043, 0x0) r0 = open(&(0x7f000000fffa)='./bus\x00', 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r0, 0x40046602, &(0x7f0000000000)) r1 = creat(&(0x7f0000000140)='./bus\x00', 0x0) fcntl$setstatus(r1, 0x4, 0x46000) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x6, &(0x7f00000004c0)) io_submit(0x0, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r2, &(0x7f0000000000), 0x10000}]) r3 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r1, r3, 0x0, 0x8400fffffffb) [ 319.087020][T10583] Dev loop4: unable to read RDB block 1 [ 319.092850][T10583] loop4: unable to read partition table [ 319.098922][T10583] loop4: partition table beyond EOD, truncated [ 319.105373][T10583] loop_reread_partitions: partition scan of loop4 () failed (rc=-5) 00:13:38 executing program 3: r0 = socket(0x40000000002, 0x3, 0x2) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000080)={'vlan0\x00', &(0x7f0000000000)=@ethtool_sset_info={0x17}}) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r1, 0x84, 0x6e, &(0x7f0000000080)=[@in={0x2, 0x0, @dev}], 0x10) r2 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r2, 0x84, 0x6e, &(0x7f0000000180)=[@in6={0xa, 0x0, 0x0, @dev, 0xc}], 0x1c) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r2, 0x84, 0x1d, &(0x7f0000000040)={0x1, [0x0]}, &(0x7f000095dffc)=0x8) setsockopt$inet_sctp6_SCTP_RTOINFO(r1, 0x84, 0x0, &(0x7f0000000040)={r3, 0x1}, 0x10) getsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r0, 0x84, 0x72, &(0x7f00000000c0)={r3, 0x0, 0x30}, &(0x7f0000000100)=0xc) r4 = openat$vcsu(0xffffff9c, &(0x7f00000001c0)='/dev/vcsu\x00', 0x20000, 0x0) read$midi(r4, &(0x7f0000000200)=""/165, 0xa5) 00:13:39 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)=@newlink={0x34, 0x12, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @bond={{0x9, 0x1, 'bond\x00'}, {0x4}}}]}, 0x34}}, 0x0) r1 = socket(0x40000000002, 0x3, 0x2) ioctl$sock_SIOCETHTOOL(r1, 0x8946, &(0x7f0000000080)={'vlan0\x00', &(0x7f0000000000)=@ethtool_sset_info={0x17}}) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000280)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000003c0)=ANY=[@ANYBLOB="640000001000050700"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000440012800b00015ba3b4e93e00697036746e6c000034000232e14efb95575542808488db229b0649cc5c0201c4d9861cfa65a1256b7bd31c0910d13bae081458b92f4f2d98a849f3439667bc00172d5d7ebbd833267c98e61256cf72566297ba900090d293617f2bc8f1c822d448eccedb7603a17f7249b682362d9bd9272883", @ANYRES32=r4, @ANYBLOB="14000300fc00000000000000000000000000000014000200fe8000000000000000000000000000bb"], 0x64}}, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'vxcan1\x00', r4}) 00:13:39 executing program 0: open(&(0x7f00000001c0)='./bus\x00', 0x149043, 0x0) r0 = open(&(0x7f000000fffa)='./bus\x00', 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r0, 0x40046602, &(0x7f0000000000)) r1 = creat(&(0x7f0000000140)='./bus\x00', 0x0) fcntl$setstatus(r1, 0x4, 0x46000) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x6, &(0x7f00000004c0)) io_submit(0x0, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r2, &(0x7f0000000000), 0x10000}]) r3 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r1, r3, 0x0, 0x8400fffffffb) [ 319.885038][T10604] netlink: 52 bytes leftover after parsing attributes in process `syz-executor.2'. [ 319.949975][T10606] netlink: 52 bytes leftover after parsing attributes in process `syz-executor.2'. 00:13:39 executing program 2: syz_emit_ethernet(0x7e, &(0x7f0000000340)=ANY=[@ANYBLOB="aaaaaaaaaaaabbbbbbbbbbbb86dd6000000000482b00fe880000000000000000000000000001fe800000000000f440000000000000aa0002020e00000000fea8000000000000000000000000000104009078000000006000e32000000000ff010000000000000000000000000001fc000000000000000000000000000000cabd4535f155b06705cf7f68f88f945bfec9eb0f69f23b4b79a564fd7efde51b9029bc71f039aa8fb2c8ae8a0872e9af3e9c336ab4e5dca219810a25cefa4eb8a6ecc0dd812331d695073cd8fba86b659e6fd3fd2729dcc960ecdd16b114484da108dfe6e0b64b01a325c8f29c278268373e5360c484cd8efa3ba6bf8a35ca3b236523200ec51dbf5adacaacc5818061d374645ba85b308ebac2e452625e5d66c686750aeed6864a9b979e7cadf9569cdf2a22414cc3db188c8115c73d53c000112a280724523201974322fcb2fea9e18c90b5a9b3d63d623fa94c1aa07c5031"], 0x0) r0 = socket(0x40000000002, 0x3, 0x2) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000080)={'vlan0\x00', &(0x7f0000000040)=@ethtool_sset_info={0x17, 0x0, 0x0, [0x400, 0x3f, 0x7fff, 0x9]}}) setsockopt$XDP_UMEM_COMPLETION_RING(r0, 0x11b, 0x6, &(0x7f0000000000)=0x80, 0x4) prctl$PR_GET_TID_ADDRESS(0x28, &(0x7f00000000c0)) 00:13:39 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0xa, 0x3, &(0x7f0000000100)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x1c, 0x24}}, &(0x7f0000000140)='GPL\x00', 0x1, 0x99, &(0x7f0000000180)=""/153, 0x40f00, 0x0, [], 0x0, 0xa68e727ca311abe8, 0xffffffffffffffff, 0x8, &(0x7f0000000040), 0x8, 0x10, &(0x7f0000000000)={0x0, 0x0, 0x0, 0xfffffffd}, 0x10}, 0x74) r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000280)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000002c0)=@newlink={0x64, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x44, 0x12, 0x0, 0x1, @ipip6={{0xb, 0x1, 'ip6tnl\x00'}, {0x34, 0x2, 0x0, 0x1, [@IFLA_IPTUN_LINK={0x8, 0x1, r2}, @IFLA_IPTUN_REMOTE={0x14, 0x3, @private0}, @IFLA_IPTUN_LOCAL={0x14, 0x2, @remote}]}}}]}, 0x64}}, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r4, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000280)=0x14) sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000002c0)=@newlink={0x64, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x44, 0x12, 0x0, 0x1, @ipip6={{0xb, 0x1, 'ip6tnl\x00'}, {0x34, 0x2, 0x0, 0x1, [@IFLA_IPTUN_LINK={0x8, 0x1, r5}, @IFLA_IPTUN_REMOTE={0x14, 0x3, @private0}, @IFLA_IPTUN_LOCAL={0x14, 0x2, @remote}]}}}]}, 0x64}}, 0x0) r6 = socket$netlink(0x10, 0x3, 0x0) r7 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r7, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r7, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000280)=0x14) sendmsg$nl_route(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000002c0)=@newlink={0x64, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x44, 0x12, 0x0, 0x1, @ipip6={{0xb, 0x1, 'ip6tnl\x00'}, {0x34, 0x2, 0x0, 0x1, [@IFLA_IPTUN_LINK={0x8, 0x1, r8}, @IFLA_IPTUN_REMOTE={0x14, 0x3, @private0}, @IFLA_IPTUN_LOCAL={0x14, 0x2, @remote}]}}}]}, 0x64}}, 0x0) r9 = socket(0x40000000002, 0x3, 0x2) ioctl$sock_SIOCETHTOOL(r9, 0x8946, &(0x7f0000000080)={'vlan0\x00', &(0x7f0000000000)=@ethtool_sset_info={0x17}}) ioctl$sock_ipv6_tunnel_SIOCCHG6RD(r9, 0x89fb, &(0x7f0000000300)={'ip6gre0\x00', &(0x7f0000000280)={'syztnl2\x00', 0x0, 0x2f, 0x2, 0x4, 0x5, 0x1, @remote, @private1, 0x80, 0x7, 0x39, 0xab04}}) sendmsg$TEAM_CMD_OPTIONS_GET(0xffffffffffffffff, &(0x7f00000004c0)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000480)={&(0x7f0000000340)={0x120, 0x0, 0x2, 0x70bd29, 0x25dfdbfb, {}, [{{0x8, 0x1, r2}, {0x3c, 0x2, 0x0, 0x1, [{0x38, 0x1, @notify_peers_interval={{0x24, 0x1, 'notify_peers_interval\x00'}, {0x5}, {0x8, 0x4, 0x484b}}}]}}, {{0x8, 0x1, r5}, {0xc0, 0x2, 0x0, 0x1, [{0x3c, 0x1, @lb_tx_method={{0x24, 0x1, 'lb_tx_method\x00'}, {0x5}, {0x9, 0x4, 'hash\x00'}}}, {0x40, 0x1, @lb_port_stats={{{0x24, 0x1, 'lb_port_stats\x00'}, {0x5}, {0x8, 0x4, 0x8}}, {0x8, 0x6, r8}}}, {0x40, 0x1, @queue_id={{{0x24, 0x1, 'queue_id\x00'}, {0x5}, {0x8, 0x4, 0x3}}, {0x8, 0x6, r10}}}]}}]}, 0x120}, 0x1, 0x0, 0x0, 0x800a4}, 0x0) 00:13:39 executing program 0: open(&(0x7f00000001c0)='./bus\x00', 0x149043, 0x0) r0 = open(&(0x7f000000fffa)='./bus\x00', 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r0, 0x40046602, &(0x7f0000000000)) r1 = creat(&(0x7f0000000140)='./bus\x00', 0x0) fcntl$setstatus(r1, 0x4, 0x46000) creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x6, &(0x7f00000004c0)=0x0) io_submit(r2, 0x0, 0x0) r3 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r1, r3, 0x0, 0x8400fffffffb) 00:13:39 executing program 1: syz_mount_image$bfs(0x0, &(0x7f0000000000)='.\x00', 0x0, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000080)={0xffffffffffffffff}) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000280)={0x26, 'hash\x00', 0x0, 0x0, 'tgr192-generic\x00'}, 0x58) pipe2(&(0x7f00000000c0)={0xffffffffffffffff}, 0x80000) ioctl$KVM_GET_PIT(r2, 0xc048ae65, &(0x7f0000000100)) r3 = accept4(r1, 0x0, 0x0, 0x0) splice(r0, 0x0, r3, 0x0, 0x80000001, 0x0) ioctl$PPPIOCSMRRU(r0, 0x4004743b, &(0x7f0000000040)=0x500e6c33) 00:13:39 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000300)={'vlan0\x00', 0x0}) r4 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) r5 = socket(0x40000000002, 0x3, 0x2) ioctl$sock_SIOCETHTOOL(r5, 0x8946, &(0x7f0000000080)={'vlan0\x00', &(0x7f0000000000)=@ethtool_sset_info={0x17}}) setsockopt$TIPC_GROUP_LEAVE(r5, 0x10f, 0x88) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) r7 = socket(0x40000000002, 0x3, 0x2) ioctl$sock_SIOCETHTOOL(r7, 0x8946, &(0x7f0000000080)={'vlan0\x00', &(0x7f0000000000)=@ethtool_sset_info={0x17}}) sendmsg$key(r7, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000280)={0x2, 0x9, 0x3, 0x2, 0x9, 0x0, 0x70bd27, 0x25dfdbfb, [@sadb_x_nat_t_port={0x1, 0x15, 0x4e23}, @sadb_ident={0x2, 0xa, 0x1, 0x0, 0x5}, @sadb_x_sec_ctx={0x4, 0x18, 0x9e, 0x5, 0x13, "3db62f915064e27bee22c2d5c3e19c41bd022c"}]}, 0x48}}, 0x0) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c00000010000104fe104b67ec0001000000009f", @ANYRES32=r6, @ANYBLOB="00000000000000001c0012000b00010062726964676500000c0002000500070001"], 0x3c}}, 0x0) sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000004c0)=ANY=[@ANYBLOB="280000001000010400"/20, @ANYRES32=r3, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\b\x00\n\x00', @ANYRES32=r6], 0x28}}, 0x0) sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0xd001, &(0x7f0000000000)={&(0x7f00000003c0)=@newlink={0x40, 0x10, 0xffffff0f, 0x0, 0x3f00, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @hsr={{0x8, 0x1, 'hsr\x00'}, {0x14, 0x2, 0x0, 0x1, [@IFLA_HSR_SLAVE1={0x8, 0x1, r6}, @IFLA_HSR_SLAVE2={0x8, 0x2, r3}]}}}]}, 0x40}}, 0x0) 00:13:40 executing program 3: r0 = socket(0x40000000002, 0x3, 0x2) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000080)={'vlan0\x00', &(0x7f0000000000)=@ethtool_sset_info={0x17}}) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r1, 0x84, 0x6e, &(0x7f0000000080)=[@in={0x2, 0x0, @dev}], 0x10) r2 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r2, 0x84, 0x6e, &(0x7f0000000180)=[@in6={0xa, 0x0, 0x0, @dev, 0xc}], 0x1c) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r2, 0x84, 0x1d, &(0x7f0000000040)={0x1, [0x0]}, &(0x7f000095dffc)=0x8) setsockopt$inet_sctp6_SCTP_RTOINFO(r1, 0x84, 0x0, &(0x7f0000000040)={r3, 0x1}, 0x10) getsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r0, 0x84, 0x72, &(0x7f00000000c0)={r3, 0x0, 0x30}, &(0x7f0000000100)=0xc) read$midi(0xffffffffffffffff, &(0x7f0000000200)=""/165, 0xa5) 00:13:40 executing program 4: r0 = socket(0x40000000002, 0x3, 0x2) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000080)={'vlan0\x00', &(0x7f0000000000)=@ethtool_sset_info={0x17}}) sendmsg$IPSET_CMD_GET_BYNAME(r0, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x1c, 0xe, 0x6, 0x3, 0x0, 0x0, {0x1, 0x0, 0x6}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}, 0x1, 0x0, 0x0, 0x280cc884}, 0x4000000) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000180)='>', 0x1) ioctl$SNDCTL_DSP_GETTRIGGER(r2, 0x80045010, &(0x7f0000000200)) sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000100)=ANY=[@ANYBLOB="8c00000000010904000000000000000000000000240001801400018008008100ffffffff08000200ac1414000c00028005000100000000003c0002802c00018014000300fc02000000000000000000000000000014000400ff0100000000000000000000000000010c000280050001000000000008000740000000001000188005000100482e323435000000c53b500b4020352f4c9f8451d742aa74090d93e735f1d216954e45a6a45041b1a2d240ab7e2ea58a3bb1d35db392c79a13a11971d577cf2a7118dd1ce12000ccc01c62631e9381d8dd55555deb6e7bac76202943ebc1b9bd9191ea442d0fc66495afd135e55bdbb516aa3c6a"], 0x8c}}, 0x0) [ 320.657121][ T32] kauditd_printk_skb: 24 callbacks suppressed [ 320.657180][ T32] audit: type=1804 audit(1595031220.075:249): pid=10628 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir070710994/syzkaller.fFUD1Q/88/bus" dev="sda1" ino=15952 res=1 [ 320.735128][ T32] audit: type=1804 audit(1595031220.115:250): pid=10628 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir070710994/syzkaller.fFUD1Q/88/bus" dev="sda1" ino=15952 res=1 [ 320.759605][ T32] audit: type=1804 audit(1595031220.115:251): pid=10628 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir070710994/syzkaller.fFUD1Q/88/bus" dev="sda1" ino=15952 res=1 [ 320.831125][T10632] bridge1: port 1(vlan0) entered blocking state [ 320.837854][T10632] bridge1: port 1(vlan0) entered disabled state [ 320.924318][T10634] device bridge1 entered promiscuous mode [ 320.930301][T10634] device vlan0 entered promiscuous mode 00:13:40 executing program 0: open(&(0x7f00000001c0)='./bus\x00', 0x149043, 0x0) r0 = open(&(0x7f000000fffa)='./bus\x00', 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r0, 0x40046602, &(0x7f0000000000)) r1 = creat(&(0x7f0000000140)='./bus\x00', 0x0) fcntl$setstatus(r1, 0x4, 0x46000) creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x6, &(0x7f00000004c0)=0x0) io_submit(r2, 0x0, 0x0) r3 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r1, r3, 0x0, 0x8400fffffffb) [ 321.026008][T10646] netlink: 'syz-executor.4': attribute type 1 has an invalid length. [ 321.047242][T10634] device bridge1 left promiscuous mode [ 321.052960][T10634] device vlan0 left promiscuous mode 00:13:40 executing program 4: mount$overlay(0x400000, 0x0, &(0x7f0000000400)='overlay\x00', 0x0, 0x0) chdir(&(0x7f0000000140)='./bus\x00') r0 = add_key$user(&(0x7f0000000180)='user\x00', &(0x7f0000000000)={'syz'}, &(0x7f0000000240)='X', 0x1, 0xfffffffffffffffe) r1 = socket(0x40000000002, 0x3, 0x2) ioctl$sock_SIOCETHTOOL(r1, 0x8946, &(0x7f0000000080)={'vlan0\x00', &(0x7f0000000000)=@ethtool_sset_info={0x17}}) getsockopt$inet_sctp6_SCTP_INITMSG(r1, 0x84, 0x2, &(0x7f0000000040), &(0x7f0000000080)=0x8) r2 = add_key$keyring(&(0x7f00000002c0)='keyring\x00', &(0x7f00000001c0)={'syz', 0x3}, 0x0, 0x0, 0xffffffffffffffff) add_key$user(&(0x7f0000000000)='user\x00', &(0x7f0000000040)={'syz', 0x3}, &(0x7f0000000080)='|', 0x1, r2) r3 = add_key$keyring(&(0x7f0000000100)='keyring\x00', &(0x7f0000000200)={'syz', 0x1}, 0x0, 0x0, r2) r4 = add_key$user(&(0x7f00000000c0)='user\x00', &(0x7f00000005c0)={'syz', 0x3}, &(0x7f00000002c0)="149089e3211cdbed46905ed4a178a76c6ed969134a6d89a329cff219f5b215a00a3c19ebe5104c08000000000000004a3014144663b467d93bf9e144a2882f5724d4f0941133073be5001b42", 0x4c, r3) keyctl$dh_compute(0x17, &(0x7f0000000140)={r0, r4, r4}, 0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000280)={'xcbc(anubis-generic)\x00'}}) 00:13:40 executing program 2: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_GET_BYNAME(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000100)=ANY=[@ANYBLOB="1c0000000e06010300000000000000790300"/28], 0x1c}}, 0x0) [ 321.432071][ T32] audit: type=1804 audit(1595031220.846:252): pid=10656 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir070710994/syzkaller.fFUD1Q/89/bus" dev="sda1" ino=15952 res=1 [ 321.487251][ T32] audit: type=1804 audit(1595031220.876:253): pid=10655 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir070710994/syzkaller.fFUD1Q/89/bus" dev="sda1" ino=15952 res=1 [ 321.512390][ T32] audit: type=1804 audit(1595031220.876:254): pid=10655 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir070710994/syzkaller.fFUD1Q/89/bus" dev="sda1" ino=15952 res=1 00:13:41 executing program 0: open(&(0x7f00000001c0)='./bus\x00', 0x149043, 0x0) r0 = open(&(0x7f000000fffa)='./bus\x00', 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r0, 0x40046602, &(0x7f0000000000)) r1 = creat(&(0x7f0000000140)='./bus\x00', 0x0) fcntl$setstatus(r1, 0x4, 0x46000) creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x6, &(0x7f00000004c0)=0x0) io_submit(r2, 0x0, 0x0) r3 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r1, r3, 0x0, 0x8400fffffffb) 00:13:41 executing program 3: r0 = socket(0x40000000002, 0x3, 0x2) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000080)={'vlan0\x00', &(0x7f0000000000)=@ethtool_sset_info={0x17}}) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r1, 0x84, 0x6e, &(0x7f0000000080)=[@in={0x2, 0x0, @dev}], 0x10) r2 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r2, 0x84, 0x6e, &(0x7f0000000180)=[@in6={0xa, 0x0, 0x0, @dev, 0xc}], 0x1c) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r2, 0x84, 0x1d, &(0x7f0000000040)={0x1, [0x0]}, &(0x7f000095dffc)=0x8) setsockopt$inet_sctp6_SCTP_RTOINFO(r1, 0x84, 0x0, &(0x7f0000000040)={r3, 0x1}, 0x10) getsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r0, 0x84, 0x72, &(0x7f00000000c0)={r3, 0x0, 0x30}, &(0x7f0000000100)=0xc) read$midi(0xffffffffffffffff, &(0x7f0000000200)=""/165, 0xa5) [ 321.758244][T10662] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.2'. 00:13:41 executing program 1: syz_mount_image$bfs(0x0, &(0x7f0000000240)='.\x00', 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$VIDIOC_DBG_G_REGISTER(0xffffffffffffffff, 0xc0385650, &(0x7f0000000000)={{0x1, @addr=0x5}, 0x8, 0x2, 0x86}) pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) accept4$unix(r0, &(0x7f0000000100)=@abs, &(0x7f00000001c0)=0x6e, 0x80800) write(r1, &(0x7f0000000180)='>', 0x1) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_INFO(r1, 0xc08c5334, &(0x7f0000000280)={0x9000, 0x0, 0x1, 'queue0\x00', 0x69}) [ 321.907749][ T32] audit: type=1804 audit(1595031221.326:255): pid=10665 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir070710994/syzkaller.fFUD1Q/90/bus" dev="sda1" ino=15934 res=1 [ 321.932158][ T32] audit: type=1804 audit(1595031221.326:256): pid=10665 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir070710994/syzkaller.fFUD1Q/90/bus" dev="sda1" ino=15934 res=1 00:13:41 executing program 2: r0 = syz_open_procfs(0x0, &(0x7f0000000200)='net/ip_tables_matches\x00') r1 = syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x81, 0x107a00) ioctl$VIDIOC_DQBUF(r1, 0xc04c5611, &(0x7f0000000080)={0x7, 0x6, 0x4, 0x100000, 0x7, {0x77359400}, {0x4, 0x1, 0xff, 0x5, 0x3, 0x2, "c2ca1f5a"}, 0x3, 0x6, @offset, 0x8, 0x0, r0}) r2 = socket(0x40000000002, 0x3, 0x2) ioctl$sock_SIOCETHTOOL(r2, 0x8946, &(0x7f0000000080)={'vlan0\x00', &(0x7f0000000000)=@ethtool_sset_info={0x17}}) r3 = socket$netlink(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r4, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000280)=0x14) sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000002c0)=@newlink={0x64, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x44, 0x12, 0x0, 0x1, @ipip6={{0xb, 0x1, 'ip6tnl\x00'}, {0x34, 0x2, 0x0, 0x1, [@IFLA_IPTUN_LINK={0x8, 0x1, r5}, @IFLA_IPTUN_REMOTE={0x14, 0x3, @private0}, @IFLA_IPTUN_LOCAL={0x14, 0x2, @remote}]}}}]}, 0x64}}, 0x0) ioctl$sock_ipv6_tunnel_SIOCCHG6RD(r2, 0x89fb, &(0x7f00000002c0)={'ip6_vti0\x00', &(0x7f0000000240)={'syztnl1\x00', r5, 0x0, 0x1, 0x80, 0x0, 0x10, @initdev={0xfe, 0x88, [], 0x0, 0x0}, @loopback, 0x1, 0x7, 0x1ff, 0x1}}) sendmsg$nl_route(r0, &(0x7f0000000480)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000440)={&(0x7f0000000300)=@bridge_dellink={0x124, 0x11, 0x100, 0x70bd29, 0x25dfdbfc, {0x7, 0x0, 0x0, r6, 0x100, 0x10402}, [@IFLA_VF_PORTS={0x104, 0x18, 0x0, 0x1, [{0x44, 0x1, 0x0, 0x1, [@IFLA_PORT_PROFILE={0x10, 0x2, '/dev/video#\x00'}, @IFLA_PORT_HOST_UUID={0x14, 0x5, "d59f2837b17399574159bda855d2c339"}, @IFLA_PORT_VF={0x8, 0x1, 0xfffffffc}, @IFLA_PORT_HOST_UUID={0x14, 0x5, "1b8ca0852f3f57d29c0cae9741caff84"}]}, {0x80, 0x1, 0x0, 0x1, [@IFLA_PORT_HOST_UUID={0x14, 0x5, "32701d2f7ab97918839c4d0d70809c97"}, @IFLA_PORT_REQUEST={0x5, 0x6, 0x5}, @IFLA_PORT_INSTANCE_UUID={0x14, 0x4, "7ab13faf704b8297ec719a9c7b931ed8"}, @IFLA_PORT_HOST_UUID={0x14, 0x5, "abef6e91b37a22046eea756b366aecca"}, @IFLA_PORT_VF={0x8, 0x1, 0x7}, @IFLA_PORT_PROFILE={0x5, 0x2, '\x00'}, @IFLA_PORT_HOST_UUID={0x14, 0x5, "579d8e53123645c93b49508f5ef8cae1"}, @IFLA_PORT_HOST_UUID={0x14, 0x5, "335608a90e319521bb15215e5fe43b88"}]}, {0x3c, 0x1, 0x0, 0x1, [@IFLA_PORT_VF={0x8, 0x1, 0x7f}, @IFLA_PORT_REQUEST={0x5, 0x6, 0x80}, @IFLA_PORT_PROFILE={0x10, 0x2, '/dev/video#\x00'}, @IFLA_PORT_PROFILE={0x8, 0x2, '}\xec.\x00'}, @IFLA_PORT_REQUEST={0x5, 0x6, 0x7}, @IFLA_PORT_REQUEST={0x5, 0x6, 0x1}]}]}]}, 0x124}, 0x1, 0x0, 0x0, 0x4008000}, 0x20000000) preadv(r0, &(0x7f0000001640)=[{&(0x7f0000000100)=""/135, 0x87}], 0x1, 0x0) r7 = timerfd_create(0x0, 0x0) sendfile(r7, r0, &(0x7f0000000040)=0x5, 0x100000) [ 321.956666][ T32] audit: type=1804 audit(1595031221.326:257): pid=10665 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir070710994/syzkaller.fFUD1Q/90/bus" dev="sda1" ino=15934 res=1 00:13:41 executing program 0: open(&(0x7f00000001c0)='./bus\x00', 0x149043, 0x0) r0 = open(&(0x7f000000fffa)='./bus\x00', 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r0, 0x40046602, &(0x7f0000000000)) r1 = creat(&(0x7f0000000140)='./bus\x00', 0x0) fcntl$setstatus(r1, 0x4, 0x46000) creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x6, &(0x7f00000004c0)=0x0) io_submit(r2, 0x0, &(0x7f0000000540)) r3 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r1, r3, 0x0, 0x8400fffffffb) 00:13:41 executing program 2: r0 = syz_open_procfs(0x0, &(0x7f0000000200)='net/ip_tables_matches\x00') r1 = syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x81, 0x107a00) ioctl$VIDIOC_DQBUF(r1, 0xc04c5611, &(0x7f0000000080)={0x7, 0x6, 0x4, 0x100000, 0x7, {0x77359400}, {0x4, 0x1, 0xff, 0x5, 0x3, 0x2, "c2ca1f5a"}, 0x3, 0x6, @offset, 0x8, 0x0, r0}) r2 = socket(0x40000000002, 0x3, 0x2) ioctl$sock_SIOCETHTOOL(r2, 0x8946, &(0x7f0000000080)={'vlan0\x00', &(0x7f0000000000)=@ethtool_sset_info={0x17}}) r3 = socket$netlink(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r4, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000280)=0x14) sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000002c0)=@newlink={0x64, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x44, 0x12, 0x0, 0x1, @ipip6={{0xb, 0x1, 'ip6tnl\x00'}, {0x34, 0x2, 0x0, 0x1, [@IFLA_IPTUN_LINK={0x8, 0x1, r5}, @IFLA_IPTUN_REMOTE={0x14, 0x3, @private0}, @IFLA_IPTUN_LOCAL={0x14, 0x2, @remote}]}}}]}, 0x64}}, 0x0) ioctl$sock_ipv6_tunnel_SIOCCHG6RD(r2, 0x89fb, &(0x7f00000002c0)={'ip6_vti0\x00', &(0x7f0000000240)={'syztnl1\x00', r5, 0x0, 0x1, 0x80, 0x0, 0x10, @initdev={0xfe, 0x88, [], 0x0, 0x0}, @loopback, 0x1, 0x7, 0x1ff, 0x1}}) sendmsg$nl_route(r0, &(0x7f0000000480)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000440)={&(0x7f0000000300)=@bridge_dellink={0x124, 0x11, 0x100, 0x70bd29, 0x25dfdbfc, {0x7, 0x0, 0x0, r6, 0x100, 0x10402}, [@IFLA_VF_PORTS={0x104, 0x18, 0x0, 0x1, [{0x44, 0x1, 0x0, 0x1, [@IFLA_PORT_PROFILE={0x10, 0x2, '/dev/video#\x00'}, @IFLA_PORT_HOST_UUID={0x14, 0x5, "d59f2837b17399574159bda855d2c339"}, @IFLA_PORT_VF={0x8, 0x1, 0xfffffffc}, @IFLA_PORT_HOST_UUID={0x14, 0x5, "1b8ca0852f3f57d29c0cae9741caff84"}]}, {0x80, 0x1, 0x0, 0x1, [@IFLA_PORT_HOST_UUID={0x14, 0x5, "32701d2f7ab97918839c4d0d70809c97"}, @IFLA_PORT_REQUEST={0x5, 0x6, 0x5}, @IFLA_PORT_INSTANCE_UUID={0x14, 0x4, "7ab13faf704b8297ec719a9c7b931ed8"}, @IFLA_PORT_HOST_UUID={0x14, 0x5, "abef6e91b37a22046eea756b366aecca"}, @IFLA_PORT_VF={0x8, 0x1, 0x7}, @IFLA_PORT_PROFILE={0x5, 0x2, '\x00'}, @IFLA_PORT_HOST_UUID={0x14, 0x5, "579d8e53123645c93b49508f5ef8cae1"}, @IFLA_PORT_HOST_UUID={0x14, 0x5, "335608a90e319521bb15215e5fe43b88"}]}, {0x3c, 0x1, 0x0, 0x1, [@IFLA_PORT_VF={0x8, 0x1, 0x7f}, @IFLA_PORT_REQUEST={0x5, 0x6, 0x80}, @IFLA_PORT_PROFILE={0x10, 0x2, '/dev/video#\x00'}, @IFLA_PORT_PROFILE={0x8, 0x2, '}\xec.\x00'}, @IFLA_PORT_REQUEST={0x5, 0x6, 0x7}, @IFLA_PORT_REQUEST={0x5, 0x6, 0x1}]}]}]}, 0x124}, 0x1, 0x0, 0x0, 0x4008000}, 0x20000000) preadv(r0, &(0x7f0000001640)=[{&(0x7f0000000100)=""/135, 0x87}], 0x1, 0x0) r7 = timerfd_create(0x0, 0x0) sendfile(r7, r0, &(0x7f0000000040)=0x5, 0x100000) 00:13:41 executing program 4: pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_misc(r1, &(0x7f00000000c0)=ANY=[], 0xfffffc4e) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = socket$inet_udp(0x2, 0x2, 0x0) close(r4) open(&(0x7f0000000080)='./file0\x00', 0x14b042, 0x0) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x0, 0x0) pselect6(0x40, &(0x7f0000000300), 0x0, &(0x7f0000000140)={0x1ff}, 0x0, 0x0) splice(r2, 0x0, r4, 0x0, 0x1, 0x0) splice(r0, 0x0, r3, 0x0, 0x8, 0x0) [ 322.436605][ T32] audit: type=1804 audit(1595031221.856:258): pid=10687 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir070710994/syzkaller.fFUD1Q/91/bus" dev="sda1" ino=15954 res=1 00:13:42 executing program 1: pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) write(r0, &(0x7f0000000180)='>', 0x1) ioctl$VHOST_SET_VRING_BUSYLOOP_TIMEOUT(r0, 0x4008af23, &(0x7f0000000040)={0x3, 0xf9}) write$FUSE_GETXATTR(r0, &(0x7f0000000000)={0x18, 0x0, 0x7, {0x9}}, 0x18) pipe(&(0x7f0000000080)={0xffffffffffffffff}) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f0000000280)={0x26, 'hash\x00', 0x0, 0x0, 'tgr192-generic\x00'}, 0x58) r3 = accept4(r2, 0x0, 0x0, 0x0) splice(r1, 0x0, r3, 0x0, 0x80000001, 0x0) ioctl$PPPIOCSACTIVE(r1, 0x40087446, &(0x7f0000000100)={0x3, &(0x7f00000000c0)=[{0x4, 0x8, 0x4c, 0x80}, {0x40, 0x6, 0x81, 0x6ea}, {0x1, 0x20, 0x0, 0xfffffffe}]}) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) syz_mount_image$bfs(0x0, &(0x7f0000000240)='.\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 00:13:42 executing program 0: open(&(0x7f00000001c0)='./bus\x00', 0x149043, 0x0) r0 = open(&(0x7f000000fffa)='./bus\x00', 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r0, 0x40046602, &(0x7f0000000000)) r1 = creat(&(0x7f0000000140)='./bus\x00', 0x0) fcntl$setstatus(r1, 0x4, 0x46000) creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x6, &(0x7f00000004c0)=0x0) io_submit(r2, 0x0, &(0x7f0000000540)) r3 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r1, r3, 0x0, 0x8400fffffffb) 00:13:42 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$BATADV_CMD_GET_MESH(r1, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000240)=@newlink={0x38, 0x10, 0x439, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x40483, 0x48004}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @sit={{0x8, 0x1, 'sit\x00'}, {0xc, 0x2, 0x0, 0x1, [@IFLA_IPTUN_LINK={0x8, 0x1, r2}]}}}]}, 0x38}, 0x1, 0x0, 0x0, 0x4000080}, 0x0) 00:13:42 executing program 3: r0 = socket(0x40000000002, 0x3, 0x2) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000080)={'vlan0\x00', &(0x7f0000000000)=@ethtool_sset_info={0x17}}) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r1, 0x84, 0x6e, &(0x7f0000000080)=[@in={0x2, 0x0, @dev}], 0x10) r2 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r2, 0x84, 0x6e, &(0x7f0000000180)=[@in6={0xa, 0x0, 0x0, @dev, 0xc}], 0x1c) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r2, 0x84, 0x1d, &(0x7f0000000040)={0x1, [0x0]}, &(0x7f000095dffc)=0x8) setsockopt$inet_sctp6_SCTP_RTOINFO(r1, 0x84, 0x0, &(0x7f0000000040)={r3, 0x1}, 0x10) getsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r0, 0x84, 0x72, &(0x7f00000000c0)={r3, 0x0, 0x30}, &(0x7f0000000100)=0xc) read$midi(0xffffffffffffffff, &(0x7f0000000200)=""/165, 0xa5) 00:13:42 executing program 0: open(&(0x7f00000001c0)='./bus\x00', 0x149043, 0x0) r0 = open(&(0x7f000000fffa)='./bus\x00', 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r0, 0x40046602, &(0x7f0000000000)) r1 = creat(&(0x7f0000000140)='./bus\x00', 0x0) fcntl$setstatus(r1, 0x4, 0x46000) creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x6, &(0x7f00000004c0)=0x0) io_submit(r2, 0x0, &(0x7f0000000540)) r3 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r1, r3, 0x0, 0x8400fffffffb) 00:13:42 executing program 2: r0 = openat$zero(0xffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x80080, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r2, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000280)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000002c0)=ANY=[@ANYBLOB="640000009bd210008538a3c8e8c6050700000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000440012800b000100697036746e6c00003400028008000100", @ANYRES32=r3, @ANYBLOB="14000300fc00000000000000000000000000000014000200fe8000000000000000000000000000bb"], 0x64}}, 0x0) bind$can_raw(r0, &(0x7f0000000040)={0x1d, r3}, 0x10) r4 = syz_init_net_socket$llc(0x1a, 0x1, 0x0) bind$llc(r4, &(0x7f0000000280)={0x1a, 0x0, 0x0, 0x3}, 0x10) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) sendmmsg(r4, &(0x7f00000001c0), 0x400000000000150, 0x0) [ 323.507317][T10722] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=53915 sclass=netlink_route_socket pid=10722 comm=syz-executor.2 00:13:43 executing program 0: open(&(0x7f00000001c0)='./bus\x00', 0x149043, 0x0) r0 = open(&(0x7f000000fffa)='./bus\x00', 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r0, 0x40046602, &(0x7f0000000000)) r1 = creat(&(0x7f0000000140)='./bus\x00', 0x0) fcntl$setstatus(r1, 0x4, 0x46000) creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x6, &(0x7f00000004c0)=0x0) io_submit(r2, 0x1, &(0x7f0000000540)=[0x0]) r3 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r1, r3, 0x0, 0x8400fffffffb) 00:13:43 executing program 2: pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = socket(0x40000000002, 0x3, 0x2) ioctl$sock_SIOCETHTOOL(r1, 0x8946, &(0x7f0000000080)={'vlan0\x00', &(0x7f0000000000)=@ethtool_sset_info={0x17}}) write(r1, &(0x7f0000000180)='^', 0x1) write$P9_RXATTRCREATE(r0, &(0x7f0000000080)={0x7, 0x21, 0x1}, 0x7) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @bridge={{0xb, 0x1, 'bridge\x00'}, {0xc, 0x2, 0x0, 0x1, [@IFLA_BR_MCAST_SNOOPING={0x5, 0x17, 0x1}]}}}]}, 0x3c}}, 0x0) 00:13:43 executing program 1: r0 = socket(0x40000000002, 0x3, 0x2) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000080)={'vlan0\x00', &(0x7f0000000000)=@ethtool_sset_info={0x17}}) setsockopt$inet_buf(r0, 0x0, 0x2e, &(0x7f0000000280)="3b4203310e5baff840108a776eb659e216ebe673b22475ac223005d52c0f9b47f70361bb2f8323e56ac7446dc4a813723231b53ca15c13d8df25d6709054773cb5a77bbf65a2181c3da7e519f355e0bdbff5a353c4e6016033bbd0199fafe5ec5ee6472c9e8bd3fb0b445233a861b2ade7aa568b4a394660f4c1d688b9e52cdf57fc52c4db2c35af0925f3f66e33278e899e28d7466599bb08e5ca43fe79c6ea64d97e1ad0e9c121964e78cac5147dde19468c7fa2017233d86aeaf60c793018885f5d8e0bba46e893f8c975ea6d4a9505b5fcff18bb0ecbf52294925c6eed3f4662677412581302cb0734722e4041392fed196bfa514c7b159a1e", 0xfb) keyctl$unlink(0x9, 0x0, 0xfffffffffffffffa) pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000180)='>', 0x1) ioctl$SNDCTL_DSP_GETTRIGGER(r1, 0x80045010, &(0x7f0000000000)) syz_mount_image$bfs(0x0, &(0x7f0000000240)='.\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 00:13:43 executing program 3: r0 = socket(0x40000000002, 0x3, 0x2) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000080)={'vlan0\x00', &(0x7f0000000000)=@ethtool_sset_info={0x17}}) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r1, 0x84, 0x6e, &(0x7f0000000080)=[@in={0x2, 0x0, @dev}], 0x10) r2 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r2, 0x84, 0x6e, &(0x7f0000000180)=[@in6={0xa, 0x0, 0x0, @dev, 0xc}], 0x1c) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r2, 0x84, 0x1d, &(0x7f0000000040)={0x1, [0x0]}, &(0x7f000095dffc)=0x8) setsockopt$inet_sctp6_SCTP_RTOINFO(r1, 0x84, 0x0, &(0x7f0000000040)={r3, 0x1}, 0x10) r4 = openat$vcsu(0xffffff9c, &(0x7f00000001c0)='/dev/vcsu\x00', 0x20000, 0x0) read$midi(r4, &(0x7f0000000200)=""/165, 0xa5) 00:13:43 executing program 4: r0 = socket$nl_route(0x10, 0x3, 0x0) socket(0x11, 0x80a, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r2, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000280)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000002c0)=@newlink={0x64, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x44, 0x12, 0x0, 0x1, @ipip6={{0xb, 0x1, 'ip6tnl\x00'}, {0x34, 0x2, 0x0, 0x1, [@IFLA_IPTUN_LINK={0x8, 0x1, r3}, @IFLA_IPTUN_REMOTE={0x14, 0x3, @private0}, @IFLA_IPTUN_LOCAL={0x14, 0x2, @remote}]}}}]}, 0x64}}, 0x0) r4 = socket$netlink(0x10, 0x3, 0x0) r5 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r5, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000280)=0x14) sendmsg$nl_route(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000002c0)=@newlink={0x64, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x44, 0x12, 0x0, 0x1, @ipip6={{0xb, 0x1, 'ip6tnl\x00'}, {0x34, 0x2, 0x0, 0x1, [@IFLA_IPTUN_LINK={0x8, 0x1, r6}, @IFLA_IPTUN_REMOTE={0x14, 0x3, @private0}, @IFLA_IPTUN_LOCAL={0x14, 0x2, @remote}]}}}]}, 0x64}}, 0x0) r7 = socket(0x40000000002, 0x3, 0x2) ioctl$sock_SIOCETHTOOL(r7, 0x8946, &(0x7f0000000080)={'vlan0\x00', &(0x7f0000000000)=@ethtool_sset_info={0x17}}) ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000100)={'erspan0\x00', &(0x7f00000000c0)={'erspan0\x00', 0x0, 0x10, 0x8, 0x8, 0x2, {{0x7, 0x4, 0x0, 0x0, 0x1c, 0x67, 0x0, 0x0, 0x4, 0x0, @rand_addr=0x64010101, @multicast1, {[@cipso={0x86, 0x6, 0x1}, @noop]}}}}}) ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000300)={'veth0_macvtap\x00', r8}) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0, 0x0}, &(0x7f0000cab000)=0xc) setgid(r10) sendmsg$netlink(0xffffffffffffffff, &(0x7f00000019c0)={&(0x7f0000000200)=@proc={0x10, 0x0, 0x25dfdbfb, 0x10}, 0xc, &(0x7f0000000380)=[{&(0x7f0000000240)={0x3c, 0x41, 0x2, 0x70bd29, 0x25dfdbfe, "", [@generic="1f97f7d8ca4741d058d4ba765c0d1199b2fe14a9905c9a69148e2bd054ea0ff8580f803ec80a3ae48d176b"]}, 0x3c}, {&(0x7f0000000340)={0x18, 0x2a, 0x1, 0x70bd2d, 0x25dfdbfd, "", [@typed={0x8, 0x12, 0x0, 0x0, @u32=0x8}]}, 0x18}, {&(0x7f0000000700)={0x1104, 0x1c, 0x300, 0x70bd2d, 0x25dfdbfb, "", [@generic="22440c7adea5fac347cdfde34b04fab69bc2abc97f279c9557c08d1e828b61e15ccd9609a01657d54c755554cf211ffe4a93365e28cafe4b42de4b11130e597ec7c32cd0b10f44fad6e436ef469c1b1f8c1fb34487c8ee7cbc8c781970a578b22ea59832ec347a983bb7abb8a67ff8d60472458cdb1766d3bf524d686c4da41bafec7deff15e46b98cbfab971c27081938c60e68062a012112f1944e99b3597c79c6bf2298ee99a80ef739a9c1475977c65bdf043e0fc372271b8a45a55ee8c9735b067c1d2d0e49eb9b", @generic="e7bef24a944d80e4173f26af44cf35a6b980c834f0b8b3ccd12b34a2598f45d31fa56fd1073925f3aa0b8833fd931f5a74ba0bd231e42bda67a7063982523e08e8dbff2f2d5337f5dd5310c4ac903303c90baabba2a46a71d167e8172835b7724c43296c9a09d20c779b913be0e65c43f1f1d57b5bb14f25fa761a5340903c5625d451b6b4ed7452a9bf5979f1617f283371c76defea589bae1a8331b7176dd5a59cb93284ec9c98253a7aa96dd570c453d34ff76aa27fbdd648679873749fb9096f3ddb73c7017007bfe1a9a339ad1cf50c2f66d99567d20562625f9b826898946984af2a2ea2c719c98bbce4b8e00118bb943455c3723df3c7f2091b2da6eae499e4ae370c26db89d1c37ba7e03a57244b0714ef3978a07b0e17f0f785a08e7b74f72542025166cae5d4c5fff3f85a614b75c4bc16327e022b4a513e3778ac72df83f7fc0feea87233ec15b0ba402feec2615e9b8e8312122097618607898ebc24a661a66e0cde7a9ae878328354522c7148edd87092ca837f8bdc13de75f323661c1804846d1485651a873331caaa66eff695c22ecc194d6d062676d4ac8323ea0c8a19b8698038437143bfd59af83787f986c98d8db3effb86effec1a492e4511de32ec9cb4abb218b46e38587ad1388370008437811b50296c5e092804a3815984e1a1d1d2fc1821fefd8b5f30e1146972a485d1bd642b20443689c5e60faeec00779e19f89a4c6864557849af48f0049d02c26fd8422425e82273efd615f3d83ce235740a3a19d200885451e53e7f7edbee4649a3fff73f3ccffa8b43fb3d812d1a4c0544141755266db84ddd6943b53defd782c1bb7bc1e87c12dc128ede10df5ab1c729a5139d0dc31bcae420f8559961a593add0aaf3d4207775674f79b434f27fe643dd60cb3896f3339e9ad2f394efd2f5ed5bb8b9e9dda713ab385661f23e8fa23a96d5e31b3b7aad7768fcea6ae2f832a3ae7215b9a797747e63b60f3938f9b99054e813667d65a059683b9cd79947deec6c0d575ccd620dcad81643febee7c9622d00e7b87275fbbb4bbff82873872b9cc4a45b4d607458b98aaca791b16e5f54010bc5b7218d960b23349e52baaf99e75d20b5efab9f63ea464ccdbbc972d97044403eb01bcd45bf36d8ea45d638a29450504fdbc8beeddb3bc6ca718ec862cb3088b2fd784e0aacdfa480c679416fe4809347f6e93826ec17079ea8aeb2454b6ed7a37c568fb84e574f5f5fd2e23bceea9682ac761d14b29b606aa9b996bc005c2df753c35ffd1b8bf6c60ff66597c6768205df2c1e8dfabc93127355debd8d008a8a04e571aa02975e6c4bbb26b0c36c905bfb8ba4039939b352f4c1d3b62a4d5cf998e1ecec97358844ecc0422661d85da5d4a454b4d29fda0d1d1fd0291732bda5da8fea1ca439d78f90219ba96e48fd735f25cd3e3df9fc88a9b40a1f2f110bc8873aca13dc31fa35042a9a498e53b97ac5934bd6b4403502c13f475445a975d52428041a4512c9bcde400103f4d06dac9cc943d1e930805dcbe7a81baebc824f3d5727efdeefa5497ef75085c6e650dce9874e340a4bbbb508649339fa20e8f79d6f32e76fdc1b94a16b1e8a876f84cfd5f04655ce322f7c418546ec75e8cc971b00c80253221a4c48fff34abc078b6ab74e5ea3e8590d13d04c0bb9bbeddbb8739769ebe74e71c0f25ae8a07908d262f627c18438e0a83dc6fd824065d709ae1f07569834819f5cc49a657186c541212a0057542c00f9bd475ca695f3c2a3864cd7d7f35fb5836eecf015bd74dffca77371a385450a9bc9be1fc3d630342c18aed9c334a72ad4576b91f6adcd9126b5602eaf38879231237e0de43a9e76672fe83b33953eefdd0cac191e23b042f0d2a29625dee25b56c86bc6197320f5c8262f02b4ff1da938b8d1531344d04307cfbfb1bfe16a7b97370aed46b496d2bc180e771d49573eea1e6fa80e8a971ae6d8a33cc31d2dac99d76e24448eded79e44eb9335f59c971c75528a27eb4cc628a86fc9eea33e29fc8bcb1162ce7b44ba88e30548fb739cd9d39d21abe03a4f25c291bbbe4602fedd1a7fa490240f50ac4eb985d00fdb784ff810b939413afc69a6142c2c0923a4fc49165b5665ddb4bc94f47a0d62d012d709b3acf47d0c75d872b26b65c2bff2c806c4bbad92cdff5a018cf52ba61ca366e784d4d08742d080179452ed6c7e5a7dc9193f5810fb1a9acf975d0b467e0fe71de3c0245612ec2c4bc44ce0162518ecfa1c7c3235667df8db528ca2da08b9eae6ea076f77bc1e69274bec40f2f90a21d27ceb624265dc0b9f0a79c58c1354b0ab619526d518504d81ab4a4dc1999c41bb5da70c44241cf00af0b747082ff75978277f28396f4c742b0e2f652f261cf4e86d0a95c697cf15660f87b9bd82d3636b832b9739a4dc21a400213943373f41e248205b96012346c331d4931e122e837e758e3f17838410723f0febae420af4817d57a5af3a079374a6dc2e7f3b4de135391996126d591f63d3532df5cbed36a745bf66b05ae82e4c0a1c474d1131c3ca51ad5c269b905250295e795496c4d13dd50725366e4c7e9f2efafb11fe0db742638eb0ded64c4bc4dffea1275777cd2e7a9a661828b6726923ac404fdbb887d9ea2239a71563157c5cf611f7d4a48398f6adddafbbd83717f11f20e81dcd618d7463993fe39c917bbdb9b25d2e44883ea955cfc54b8f7025bceeef8cb16698edc46bdacc9724ef92a12686296376bfc53e30e2593f2762a32dc32e82c85ec5c63b704f6619af9ec527bf7914392a1a6e48c9e03e0c60f4201b2d7a9082214db18a46baf2b0e7fbf9f004e1b0cabbf5f192ba0d1dff21d8fc1574f578456e70470ba542f27562a0034e958f6c9927c9bc569bd8116727e202691c4ea182a5b0d3c8e1afa0ff70aacff7b8625a4bfe4c336ee1d16b8747ef1be6096e54dcd6bce1f71e586032c7f292cb4af41ec6ea56cd9dc9e48e9392d1404edd61814a2e7180db7f07629df12924c4896ef04293bf4c8597c507a67f64a26178ac3e9b4b8c187dd73520804bffdb7ade7b9f429b968acccc74944a8e5c38c8c8f0305d15627c0eddabd2a167cb4472ad0504a5ae60b569f6a1413a8ff0322f53f08ee35e6da9ccadb8ae77985ebe9f7eb6179cea3132b1adc2a542153e994eed4b8c78f9c58bf37faef88e49f29f7a68ef042cd3dcab58869adf0fa0f2fca1471d11b824242d60caf37c5a634cd71b8a941b853a46dd41917beab18ac8bf9af85302400c934cd7edd58cfd88cbf223a26f85d0d48809042487b0c44633dc949ad67478df6cc1b1ae0954ff97ba2e1bc1a7a05fc1583a499ccd8267d64c997ef9ca2f6cb81f8fd733ec51e7b2f6a4936cc32d6e80d5c730422f524acc4d33411bd68022065e00f9e1ce609808df8df0eadd42f37c79611fa31d936d0eeb1ec665f079acf9ddfa098dab5ad096433c2779f047b82a33dd0664f5c48923d0eee0b2fcd0cd2d785ae7a3adb6a4500c4d38414bc53376e76447aa4d7486aeb04fddb056d3d4fe77a5964adda631d390ec42f14a79d101387ed1c334ea780e7faf8e59f5907ac5c19117335321f3ef43a4232760708867e9626e53142293cd167aaa4a0d6c7a5b00825d8107858a405fe06f041c9c3c5a6aec16b82bd1ede1b8e71f9e42e1a72e96024fbf1738a8c03033d1865ba1307ec10f8bcebbf886c883dfa30149ed1ed00863df9c8f32e517d99b3efe6663572664662baf554379c9b56fc0d20e55c32f54aea8efe32ed2f58c44fba376127e7e49ccf2cb5d45a88714b5875f4faa19b06e608f7803406b5f91a669ba84b753f3b77bc3ee0c3eeda1d68209990b4a7629ab1f4c1dd783c5b248a5785fa33f747c69fdf2acab443608f26dc5e47fd710bf8f653b8ccaddb0767a2b2e595f996f6b7944721adf28249e0c59a53321978f338d374c8da5e6523342e24c836eab3edb8b2b97b8748db1f42172f813b653cef611b60016f18bcaf28ba5e95051aa56ab8db2201036499ab8e99eddba809585f1d66e6bb5b0aa2bd081235ffe927fb573c9fe98ea8e26e99bbcd17aee9803c5549c31da7f3b066bc39faf5a472cdf2755ad49f55b7740cdbdc764938200a66fea734c53f12c42cc35bbd9023067df3a4b2868c32090a76516d220dfd227eef1eb400b6afc204cdd62a530872f0f9f6b71eab80d4cfa7b26b7f900a033e9e16f73838ebfa04fe3e1e45669fedcb669cb4bf0eb517b60224002f599c14edfd545d28d63efb11d335d0586f358a32773538a20af08491037dc9b9530812ec2fc934d6572c21d75afbe77ca33d3a58ae9b1c31083ac42422f0a3322339549642bc8a73662cf457f18ddbe4169b433e8e9cab65a59505d9b882a7b325966403436a8ce51240d0db6781d3ba52c90182461a6ce70b82190a028b8ab800f7d459f0d358714d121ec0c82163d4fdff8eb6f207baeb6fa84fea1ded3724e49f967a3972a37e80adb0cd101911dae3668b02e3d00dad69a048fd31a34851cdb7745120f0dc05d7817ea693977954ab3a72b73586db2facbca26e4a70561324841c11c1e7f73d5ca448c7fef82f05337ff06974107d3e9af3e04e3b9bd9744174bfd3289892fea99cb349a3327dc57f13d37615e539f9f702f3cf6b5ba61cb1e52984d3123b1faa0171b998b976e420efb15e616e04ac93960ce4c63419509d3ccdeeff1136cd26c9173c617e152d8aa834888d8a832a5291f6a99a521d02c174e341af9a95a2b85e62b2b4bfea4a660a2b5d9a3a21202c34edc25eb0629955a6fc1bfa3952405bd35c787026c0b8ddc92ebe0dde8c0a2bc99a679ce7637a037f3af3f3e168d54c711867a6cc15f2827aa5b01fa42b7fa081b11467bca7abc8be0f945a43ed749325fb539fefab5a87cda19c4d782c7bef652a60152d53476b5a24f3f38bd09e4c54b053d506aa5109c8f7ea033741ccddb15cbcd3dad5a54e6c9ffad073b8b104da06a57bfff79705647a3dc6cd4b188bdca5bebff49f9fd37c355265339939b0a7c4f79d4286fa2424d5237b8b30e69f7ed1186b043907ee232d4f7558a73d988d9b0b23e47a7fef8b07348bb4d044833d801a6162ae6ec99f9632ddebb259694da2cade6aab8c384ba65a76e83c9f923df065307e793d5379f65a27cf11794d4d0b48be462d05d68fffaab7176a5a7a20f77f691359e3f2315f707b9851f23720208cf578cc7a1647bec9909f470e6b514ad0ea4e803a89e67de81aac893ebf715d19963a76f974c94155afc62af9f7ad2ffede29a7ab525b26926fa5ea7a8d0e26f28278015046fa1116faad773f479c3ece400d2b8ef09f42315ca7b5c27a8d7e6cd5e5b4b90cd96e83cade2021524cd73748c351c44f7ab69b2da3d2229a0983395539494ada46336bd9416345f653150e68f455aa7e4135970a72c88c8ae846d0119a096c86de8da160f297413079dcd6a7fd58bcf4ae5e30cd1db279e03686244cde272d829d16ab1716e5aa5b5d1d0e2685875c7161cf7a6cb207e6a003f6881ea762992d04d758c92b7ba4105932d27dd796ca41a47dfebbede59124925c59fe7e40e38b27baedfafec3a3832ec9bbde137a8deef9886d632541ff6ccd03ff90d599e744b44417233ccdb572ac33bccaf9d3cba070e53c8f010686cc54259f249ee28575801a3371fcb016432875c2dae6f304d081ee04f76283c3b15f03e59b55ffad08965062d5872656432ba2e5287d907c781b6ec9c6b852b4464d9f7726f31ed891f01604135a1e", @typed={0x8, 0x7f, 0x0, 0x0, @uid}, @typed={0x8, 0x85, 0x0, 0x0, @pid}, @nested={0x18, 0x4a, 0x0, 0x1, [@typed={0x14, 0x52, 0x0, 0x0, @ipv6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}]}]}, 0x1104}], 0x3, &(0x7f0000001880)=[@rights={{0x2c, 0x1, 0x1, [0xffffffffffffffff, r0, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, r2]}}, @cred={{0x18}}, @rights={{0xc}}, @rights={{0x14, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x24, 0x1, 0x1, [0xffffffffffffffff, r4, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x18}}, @rights={{0x1c, 0x1, 0x1, [r4, 0xffffffffffffffff, 0xffffffffffffffff, r1]}}, @rights={{0x14, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x34, 0x1, 0x1, [r1, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, r2, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x18, 0x1, 0x2, {0x0, 0x0, r10}}}], 0x11c, 0x4000000}, 0x40004040) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f0000000080)=@newlink={0x3c, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, r9}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @bond={{0x9, 0x1, 'bond\x00'}, {0xc, 0x2, 0x0, 0x1, [@IFLA_BOND_ARP_INTERVAL={0x8, 0x18}]}}}]}, 0x3c}}, 0x0) 00:13:43 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0x6) setresuid(0x0, r2, 0x0) r3 = socket(0x1a, 0x800, 0x5) getsockopt$sock_cred(r3, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0, 0x0}, &(0x7f0000cab000)=0xc) setgid(r4) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$VIDIOC_STREAMON(0xffffffffffffffff, 0x40045612, &(0x7f00000000c0)=0x2) getsockopt$sock_cred(r5, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0x6) setresuid(0x0, r6, 0x0) syz_mount_image$tmpfs(&(0x7f0000000040)='tmpfs\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x2a00080, &(0x7f0000000100)=ANY=[@ANYBLOB='dont_measure,euid>', @ANYRESDEC=r6, @ANYBLOB=',uid<', @ANYRES16, @ANYBLOB="2b222abf0a276031935ff69c92c42c00", @ANYRES32, @ANYRES32=r1]) pipe(&(0x7f0000000080)={0xffffffffffffffff}) r8 = socket$alg(0x26, 0x5, 0x0) bind$alg(r8, &(0x7f0000000280)={0x26, 'hash\x00', 0x0, 0x0, 'tgr192-generic\x00'}, 0x58) r9 = accept4(r8, 0x0, 0x0, 0x0) splice(r7, 0x0, r9, 0x0, 0x80000001, 0x0) ioctl$SG_GET_KEEP_ORPHAN(r7, 0x2288, &(0x7f0000000000)) pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) write(r10, &(0x7f0000000180)='>', 0x1) ioctl$SG_GET_TIMEOUT(r10, 0x2202, 0x0) 00:13:43 executing program 0: open(&(0x7f00000001c0)='./bus\x00', 0x149043, 0x0) r0 = open(&(0x7f000000fffa)='./bus\x00', 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r0, 0x40046602, &(0x7f0000000000)) r1 = creat(&(0x7f0000000140)='./bus\x00', 0x0) fcntl$setstatus(r1, 0x4, 0x46000) creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x6, &(0x7f00000004c0)=0x0) io_submit(r2, 0x1, &(0x7f0000000540)=[0x0]) r3 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r1, r3, 0x0, 0x8400fffffffb) [ 324.437737][T10750] netlink: 'syz-executor.4': attribute type 24 has an invalid length. 00:13:44 executing program 1: syz_mount_image$bfs(0x0, &(0x7f0000000240)='.\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r0 = socket(0x40000000002, 0x3, 0x2) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000080)={'vlan0\x00', &(0x7f0000000000)=@ethtool_sset_info={0x17}}) r1 = socket(0x40000000002, 0x3, 0x2) ioctl$sock_SIOCETHTOOL(r1, 0x8946, &(0x7f0000000080)={'vlan0\x00', &(0x7f0000000000)=@ethtool_sset_info={0x17}}) sendmsg$RDMA_NLDEV_CMD_RES_CQ_GET(r1, &(0x7f0000000180)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000000140)={&(0x7f00000000c0)={0x58, 0x140c, 0x400, 0x70bd25, 0x25dfdbff, "", [@RDMA_NLDEV_ATTR_RES_CQN={0x8, 0x3d, 0x4}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x2}, @RDMA_NLDEV_ATTR_RES_CQN={0x8, 0x3d, 0x1}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8}, @RDMA_NLDEV_ATTR_PORT_INDEX={0x8, 0x3, 0x4}, @RDMA_NLDEV_ATTR_RES_CQN={0x8, 0x3d, 0x4}, @RDMA_NLDEV_ATTR_PORT_INDEX={0x8, 0x3, 0x2}, @RDMA_NLDEV_ATTR_RES_CQN={0x8, 0x3d, 0x7c6f}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x2}]}, 0x58}, 0x1, 0x0, 0x0, 0x20000084}, 0x20004004) connect$netlink(r0, &(0x7f0000000000)=@proc={0x10, 0x0, 0x25dfdbfd, 0x8}, 0xc) 00:13:44 executing program 0: open(&(0x7f00000001c0)='./bus\x00', 0x149043, 0x0) r0 = open(&(0x7f000000fffa)='./bus\x00', 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r0, 0x40046602, &(0x7f0000000000)) r1 = creat(&(0x7f0000000140)='./bus\x00', 0x0) fcntl$setstatus(r1, 0x4, 0x46000) creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x6, &(0x7f00000004c0)=0x0) io_submit(r2, 0x1, &(0x7f0000000540)=[0x0]) r3 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r1, r3, 0x0, 0x8400fffffffb) 00:13:44 executing program 4: mknod$loop(&(0x7f0000000040)='./file0\x00', 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) pipe(&(0x7f0000000300)={0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r0}}) write(r1, &(0x7f0000000340), 0x41395527) [ 325.241152][T10755] tmpfs: Unknown parameter 'dont_measure' 00:13:44 executing program 3: r0 = socket(0x40000000002, 0x3, 0x2) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000080)={'vlan0\x00', &(0x7f0000000000)=@ethtool_sset_info={0x17}}) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r1, 0x84, 0x6e, &(0x7f0000000080)=[@in={0x2, 0x0, @dev}], 0x10) r2 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r2, 0x84, 0x6e, &(0x7f0000000180)=[@in6={0xa, 0x0, 0x0, @dev, 0xc}], 0x1c) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r2, 0x84, 0x1d, &(0x7f0000000040)={0x1, [0x0]}, &(0x7f000095dffc)=0x8) r3 = openat$vcsu(0xffffff9c, &(0x7f00000001c0)='/dev/vcsu\x00', 0x20000, 0x0) read$midi(r3, &(0x7f0000000200)=""/165, 0xa5) 00:13:44 executing program 1: r0 = socket(0x40000000002, 0x3, 0x2) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000080)={'vlan0\x00', &(0x7f0000000000)=@ethtool_sset_info={0x17}}) syz_mount_image$bfs(0x0, &(0x7f0000000240)='.\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r1 = openat$audio1(0xffffff9c, &(0x7f0000000040)='/dev/audio1\x00', 0x301882, 0x0) ioctl$SOUND_PCM_READ_CHANNELS(r1, 0x80045006, &(0x7f00000000c0)) 00:13:45 executing program 0: open(&(0x7f00000001c0)='./bus\x00', 0x149043, 0x0) r0 = open(&(0x7f000000fffa)='./bus\x00', 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r0, 0x40046602, &(0x7f0000000000)) r1 = creat(&(0x7f0000000140)='./bus\x00', 0x0) fcntl$setstatus(r1, 0x4, 0x46000) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x6, &(0x7f00000004c0)=0x0) io_submit(r3, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, r2, &(0x7f0000000000), 0x10000}]) r4 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r1, r4, 0x0, 0x8400fffffffb) 00:13:45 executing program 2: r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttyS3\x00', 0x0, 0x0) ioctl$TCSETSW(r0, 0x5403, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x0, 0x0, "28f500000000295f1e17f16657b500"}) ioctl$TCSETSW2(r0, 0x402c542c, &(0x7f0000000080)={0x0, 0x0, 0xf25, 0x0, 0x0, "a5bcfa2b179a5eacbf6efbac3691d172a1d126"}) r1 = socket(0x40000000002, 0x3, 0x2) ioctl$sock_SIOCETHTOOL(r1, 0x8946, &(0x7f0000000080)={'vlan0\x00', &(0x7f0000000000)=@ethtool_sset_info={0x17}}) getsockopt$inet6_IPV6_IPSEC_POLICY(r1, 0x29, 0x22, &(0x7f00000000c0)={{{@in=@initdev, @in6=@private2}}, {{@in6=@ipv4={[], [], @remote}}, 0x0, @in6=@empty}}, &(0x7f0000000040)=0xe4) 00:13:45 executing program 1: syz_mount_image$bfs(0x0, &(0x7f0000000240)='.\x00', 0x0, 0x0, 0x0, 0x0, 0x0) pipe2(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}, 0x4800) ioctl$SOUND_MIXER_READ_RECSRC(r0, 0x80044dff, &(0x7f0000000040)) [ 326.067012][ T32] kauditd_printk_skb: 17 callbacks suppressed [ 326.067071][ T32] audit: type=1804 audit(1595031225.486:276): pid=10793 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir070710994/syzkaller.fFUD1Q/97/bus" dev="sda1" ino=15975 res=1 00:13:45 executing program 4: r0 = getpid() r1 = getpid() rt_tgsigqueueinfo(r0, r1, 0x16, &(0x7f0000000000)) ptrace(0x10, r0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) r2 = getpid() r3 = getpid() rt_tgsigqueueinfo(r2, r3, 0x16, &(0x7f0000000000)) ptrace(0x10, r2) ptrace$setregs(0xd, r2, 0x0, &(0x7f0000000080)) r4 = syz_open_procfs(r2, &(0x7f0000000000)='attr/fscreate\x00') r5 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='uid_map\x00') sendfile(r5, r4, 0x0, 0x9) 00:13:45 executing program 2: r0 = socket(0x10, 0x8000000000000003, 0x0) pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000180)='>', 0x1) ioctl$SNDRV_CTL_IOCTL_RAWMIDI_INFO(r1, 0xc10c5541, &(0x7f0000000000)={0x1e, 0x4}) sendmmsg(r0, &(0x7f0000000000), 0x40000000000024a, 0x0) [ 326.260588][ T32] audit: type=1804 audit(1595031225.516:277): pid=10793 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir070710994/syzkaller.fFUD1Q/97/bus" dev="sda1" ino=15975 res=1 [ 326.285344][ T32] audit: type=1804 audit(1595031225.516:278): pid=10793 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir070710994/syzkaller.fFUD1Q/97/bus" dev="sda1" ino=15975 res=1 00:13:45 executing program 0: open(&(0x7f00000001c0)='./bus\x00', 0x149043, 0x0) r0 = open(&(0x7f000000fffa)='./bus\x00', 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r0, 0x40046602, &(0x7f0000000000)) r1 = creat(&(0x7f0000000140)='./bus\x00', 0x0) fcntl$setstatus(r1, 0x4, 0x46000) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x6, &(0x7f00000004c0)=0x0) io_submit(r3, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, r2, &(0x7f0000000000), 0x10000}]) r4 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r1, r4, 0x0, 0x8400fffffffb) 00:13:46 executing program 3: r0 = socket(0x40000000002, 0x3, 0x2) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000080)={'vlan0\x00', &(0x7f0000000000)=@ethtool_sset_info={0x17}}) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r1, 0x84, 0x6e, &(0x7f0000000080)=[@in={0x2, 0x0, @dev}], 0x10) r2 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r2, 0x84, 0x6e, &(0x7f0000000180)=[@in6={0xa, 0x0, 0x0, @dev, 0xc}], 0x1c) r3 = openat$vcsu(0xffffff9c, &(0x7f00000001c0)='/dev/vcsu\x00', 0x20000, 0x0) read$midi(r3, &(0x7f0000000200)=""/165, 0xa5) 00:13:46 executing program 1: pipe(&(0x7f0000000080)={0xffffffffffffffff}) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000280)={0x26, 'hash\x00', 0x0, 0x0, 'tgr192-generic\x00'}, 0x58) socket$netlink(0x10, 0x3, 0x0) r2 = accept4(r1, 0x0, 0x0, 0x0) splice(r0, 0x0, r2, 0x0, 0x80000001, 0x0) ioctl$RTC_VL_READ(r0, 0x80047013, &(0x7f0000000000)) syz_open_dev$video4linux(&(0x7f00000000c0)='/dev/v4l-subdev#\x00', 0x6, 0x200) pipe(&(0x7f0000000080)={0xffffffffffffffff}) r4 = socket$alg(0x26, 0x5, 0x0) bind$alg(r4, &(0x7f0000000280)={0x26, 'hash\x00', 0x0, 0x0, 'tgr192-generic\x00'}, 0x58) r5 = accept4(r4, 0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000001640)={0x94, 0x0, &(0x7f0000000580)=[@decrefs={0x40046307, 0x3}, @free_buffer, @enter_looper, @increfs={0x40046304, 0x1}, @clear_death={0x400c630f, 0x3}, @decrefs={0x40046307, 0x3}, @increfs, @transaction_sg={0x40486311, {0x3, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000200)={@flat=@binder={0x73622a85, 0x1000, 0x2}, @fd={0x66642a85, 0x0, r0}, @fd}, &(0x7f0000000540)={0x0, 0x18, 0x30}}}, @enter_looper, @exit_looper], 0x1000, 0x0, &(0x7f0000000640)="a22189caefb1777c64afff6e65bab96acb18c8647d8bbb64acc1b8b08257fe4e499d21916d97c7ff97eb1b532c6c4eb253ec9f6786cab0385759c677c75511a2258c99ae3639c10a6b589c7b02b5b045a69b9b28f3a26c2b93e3fadd2a6daad15b02b2ea3bff2833e940098235b655a20dc234943cc58e4062c1ebd74c0af53503ad927c0e9e1d1d35e1d7d59fe3189cc07814531a3e03bf0c3cf7caacc0518aa205b5df8a2c2ecfae4601e477d1e4b80fed1355ec280cf3d1b1556883dfd62467481c39b98a3db563a0946212986ded7e8e22669764d34381421271bc66b723c6d2becfd9b74cca8b7d6e58059a9e41819e556cf01858ef9c826f6f590dae41764a8c4132cee754a20666b64a8dc072335626afeedcd1adf7bd7db83ff24d1338aaf65d2fcc19f29ea980d44b714dcf6c373cf13f8a24eca330da0d48c29fbd4bb1a6c92d34dca565eb407e8548fc600d2cbb30343f712b89e8b44920c2c20ce9f884cb6fdd8a575eec9a81f85100347ca665a89c32dea01a8628c137d4b81063d24a1b8e964b95f6d16f4e41d971ad9dba5a38dcab676d0bf98b185e4531d67541f2b105ffd3ac28b148c4f0a837149173b19a474d580bfceffffd5848889ff193b75a0ef5b79e4a0a1eaf6ecb50b997ef1c39c89ae182efa7903f87638ec8338c23c3322324397e5a44686faf72ea5ce32cd83833fc987eabef1f00792401ff4b5df7766549de17cfc36f3057f82e6f8de1ad49d60e9acbe010b4c0f641a56e53945239f333d4397781413bb6e1c8dfe350c113554d1b48a1887f7d217f0268d45549d9db9c30ea8b7b92ecc97882553d43dd7a541ddd91c51f0aaba1519e8296f6aae2abbcd5db88571904d92d8e25b25d01562b423719169d1dd9f69f49d29e37d23f6432768b35d9542d86860bfd023ad0e63ecfa3efbd4837a4537c963a376890719eb5d2c6a7748dce0f8bd872106ae553722a668f238e73329b7a9216435dec997080414b057135b4adea96612527f4209c36195f35e26ab9630053662a6b2ad8e5b71763c67d2f22a0004e4147df3e0236e330757524f128c03a14ef12c2b7056703aadf7f8f66f1e53234ef12a1491f82591b8f6c37474e077c5f768bc79b38868c713a6043224c2de4bf3491ba2cb60d37b5164ce93da8f2daa89a9db22979601fd898b7fa8e1a1b6200a0be41456231cb39b25afad59f9a0beecce27e76ab61a9c0e3f87b69986b1485f4a846e586b359b3935940960c51ed66391b0f8cce6f1de0e099ebe88e26c50c810e90775d6451d6a766422116cc44d2bca3cb6705c3e4348e2f3ccd7fa0b389c2f5679cd0e2ca3eba7bf09450911b74d0f7dbd9c3dec988522aa486c433d0f6387cecfa1f77109ac773c6a9096cbe4d68ac41b68a6b322cebcf8423442b119d0ec06248d64053c210efdfdc755477758f34f8e53dd5e20be2be3a15995fd5cb88a1ac0a045d72ff9adf7ce7af798423c7a66daf3ed720a425ae1ca5129fc0134e92c58f3519097b18cba0ca86daf6174b5754ec4fdb46b5105bb459ed1add368bc776eb5d75f99d8487d6fb073f1c624cfeb5b7abac0fe20876c92b2c98c87a7bae90c74cb9fb75a0f3ac3b60d91182d889fa80d8ba87932b149a7b4ded19cd498adc23e11b8a66826919680a0e282ee0d7586952f9953b6122f82feb8e4f9a0f008145bb23a075f9ae39e76fd13e3520b99f49488cb8a5c71295f46e7d1f40262df932040515e39fef477e7d647ca2956f4e2c5e51ed9cd0a1c8f42f9077bc50a27d27f55a0f21ea34062876c0c24bd57751d4e68c121a6a847cadeb012de986f9194c57683b722e70316cb113f1ec0fe58d457a859ebe050b1430959a0fe649ef9a8d4c74f080d90819d60913f3263eb9bd9e75ec306d4296fbc36b8729385e2b965722320bbc2a344cdc1a272fcd484d7e7b536020d91c13eec7e03a730c74ee47d53904c79f4f3fbe1832a9f73e054349c84ed82b36d5e316f8694499461393b5b18d0f709edf1552436e2796b46afbb4558300f3231d7cf733846c0ec9ec211cba9b1e3248965bf898c9f67d1c7c8d762ca765e3836e7417d153835633de679e26fda1404cff07a9a1465be3595c35bac7a222e5f67c8ad7d6a54370feb125e7ac90b027950213c3dfc17463345f1c0a82ebd98e9e50260186c82a4a84413d1421b7b1cbcd955b18cd3e0776fee161d3dd2a21f08d9cd3f7f69f810a2a68fcdfacbd8b1f6632cbb51e9d53e878928aa525f97fa1dc4f5d2c5d011bb101e7a00294dec8af405c21727018e3fcb96c5710d32c053eed7b644ae63ceff2b76ef45883d8c560bab899fb9d41655e3ab2e29e86ac5aa8ed4d6ce5d1b7f2bd46d1cbd27fe15854440275ae9dd3605be59d687f058cd3c580fa936e3f5d4b5d217be1e711cb7d9e77aaf477ff72a1cf5bc7a1d9c866aa003abe5f8624309170f8cb0c55c3e6a3da84771ab078ab65062fbcd9e776e085346b609983f68f5f282de338599be22d89675f96f3e1e4ce7151d50a8f39a526eb88b7fb42ae6e100e7235e062c6a68b4f884c8a0e715707606b3de0865cad705692df2a50864b5e489c2cda94d8e24004907de452755a1c249f9ab7283efeaa27f008fac0e5ae1410381b10b29a7f09a18c105686a21ec36786783875e820f0e219c5d9ce5e7245cd82b386a3683b67776d5eadd1fbfa2edb029dfc39d208778465c6cdca9138514ba7294c6febfb9dda82f56642eee4aa19fb008f69486b11c596dafd381a24fd98ba1134bfa2389890efb5467088668d19a66ffa5c3a72eb56bb8b98bc5739e5ad43490f7713cc2e4a507a7d78b8ce27d0763c14d4a39b12daaf678e131abc45ab19c2728a758650241481b2ddf11d25139328988edc9cd650a6e457c9774ef3985e73f2c42a58d86e81e4af930ba4eb2c8a00ac0d0a2b890fbdfd645c61f5ae3a3fd3dc0684feeebc569988cb96e22fb7a4d2e6a136fbc836801b54bbf7b8cb1ad5c58163b9ee26402a03cbda815911496f5426929d730da7f2b212dc4ecd6948a8c38c5a2c99ecbe7875dda60c65e843aee48663ce892cf5144156a3717c045843fe7da9f65d28ddb6307beb67e420cade32cf71696a9d792ae021c4430995ac009c022348111a5222b74d6e51fe21b605112107eba776860c54ff2dac775945889bc77e34ffd2a60e548636fdbc97205f26e795236d751b97bc5f4e2fab8b6ea2410e93b5fbef56dc25162ce77a172b4982427717494cd11ea7eff23a3d7b478f7510aa59593a4efa9a5b563c181d4e5f004cba2bd559122de16bd4c39c15e4f797566ff4ad050e87d7addc07c7fbddf718bb53e709335a1cef1c7e5bf60b5c9bdd2b828363843096170e369fc5291cf0df54bb08dfdaaef725457a489167847e50b7ec3929c396f37cc18334552ed486884ae9089cf07e9da2c564f16bad856f88785f460e8dbd72f993ccfe8da0a4f3fb27bba7a18418e6b1f061997cf458e5eee569f1720c29898066c4e307711b243911eb4439f33417fb86abe096cba4698bb48a43531ee4e5b925fb27da535ce384d49a87ab84376cdb1f176f4f083f4aac95d290c048f810feff4d32dac4866e32ab57ffc7c18631d95e3050e413d13c7d41e4afb0d93b8665177859c85622b68ad14a1c44b0f5d99356b39022c561986f775f87591fa98caa5923a3eb6d8b200c6bfa0a0787b57516eac8994d72159f69a330da382d47dbcfcc0e9c80099f85346b081e59b42a14ede08684925e878fe3a47e13e04e5c93a7b8501f33bef2852a5ec118c339809358d82279e2906ea7628fcee7f6584718266e5b4721235257562aaf5a0e450ed8c7b48b84c9a87669745ee1aacde1af1cb18c72baaac664ad0b8182ddff19fedc9b5db5924c5019dfb1943e8531f76ca9f5a29310c8da7a88f0ef8313704833253c5c97782c33975b602ecbf7af893b68e8c687fc8f19e671191dff3d2d3a72d831c34257c786c5237156f3681a1ae33e7e47af2e729b18e35e852d8c2636e5908692c4f0b30edfbd7d08064aeeeabe4a60ca546f2842248780049accfc75b766ecf889cf2e5a0fcc2fa021f5fa5d64db8c42d243b078bc97e2e1bb7926094cefcbc2074b17c7991495dec56259a8aec56f431d9ea2e1bd87dc9dd0546cf37b3efe7c7ced3418b689db99536f1dd1c1584135e0ea75c0878663b576d81b50753635a4c951537dbe2f83d8ad12de3edb25e7fd5351aee69855be3067c1847cd9d4612cd403222f44b565f8bbaca0950d7b9d1f920bc020d6a2299b9cda76b0950e6e5a94febe4d4a03014f3591a02dbb2cb9085b2418d02692821cd66d7cc870ed59496004f1e8fed556820f714957c4f33ff5a64ac8e3abfe345d9a2c5c4e32dec4292746fa1604a497e8c980ab0a1c9fb682ba9e440ff16392178fb2ce26579a6a7839a377678cd01d53955b15f585b665392a6493b5c8427886a0e9b7818e3d39bd93b65682b439d9c7906b536290b106431bd0a2397e23e5dffa0a124f81421c22d43f63047a2cff3b252a7316802597221f685ac038c3f5d6a45af7d347d74209ce2d5c8a5ff02a938faf05622c45034440495bf202f29b8bf707c70953c8066d82e6af36757cfa3d43470fe110818db14b08c214b56f1326107ee521296653c098749b2ec83931f8839233bdc8bb7ccaa1b52110a5a02db0aa43d6ae0682e0448d24cc8f3a9bf164c7a34f2be42279cb040bca56950a57d9600e8b48335f51f587f29ae1c25c9272e2cc24c8f82780573af020749ef5931afb39c8de3058fb4dfae6d2db6a52925d0f3f3c0a8e4061f175c8bc5ed9a5ee1d90c29687ceb779a891f2ea58d83a986beeba039abf0c85e9eb05516f6612bf0653b7a239f21743cb34cedf81f6fc2bec29e9f4d19ae20c7192fc82888bfa319908219f2a7c6c1d21f14dc26a8d686316cb9fb85baed319154d7fa5182242d1e50db6b95151f7070b8f5811f50798d160ee50af75cec20c230b25c86dbe5119ca91b03b8a1f0efd0a9e8020789e900967952e4fa6796a9b34aa0d3522b52cefa8d09ee3a9f4fe60451cf532e0402978dbc38882b2d3ed8034953b0a65e5f8cb58254c202900454e4dcf263a0f0bfb02128601a399c3d07fe30048137183ebf82f4d587cb9d667821555f93e6b77a045c9ac9b66840ae961577113b7f86eed6f68cb8c07acf7e78ac2f566b0bb343028fd8eda195a7b0dad20f359d595570d9732974b0935798336ad2fe61b5613fefa8886ffc1bed8a999fe6a78ddd0e58914bb9ef80f4c6b045a46140a640f59a94dc6f51d1725e0e2a6478584038bac05ee04ff83204699e890accba3025a52fc09625160184903583b23dc32929019ec77cb6a00a031b8ebe5e0636f29429abd8d3ef404c7bcafb7301c72f940593c9366aec18c01977ebc74696107989513dfbf7f57d5000feef842a18f78e735d3dbb56fe38a91d57ad95b031a457180e2df350ea0342d30aa8ef79a56913aef7e1f2112906c22cdff169017589b77dcaab5e37bc181164474533224ca770ae30ba550ef0c834a6d06eb2dee7b3ea2f1935f51360c1bb8ecce70b38fcdbfbd46c68b0a890c1a224db9cc0234128d3b97f2e98079febc13015dfada719d505aba4ba719f6c14fdef117d4f693e43c54482377e723fada029e8dcdf6cf0fd1693db448c6de898ba5e5dc5a8a373970dddcc54470ddbe031de0531ed27cb11d12686d11025c19f4990a6147236ff1bbb4898c44d9a1b45fd13a13c55c78dde5f8b53dcb"}) splice(r3, 0x0, r5, 0x0, 0x80000001, 0x0) ioctl$VIDIOC_G_PARM(r3, 0xc0cc5615, &(0x7f0000000300)={0xa, @output={0x1000, 0x1, {0x5, 0x43}, 0x80000000, 0xffff}}) r6 = socket(0x40000000002, 0x3, 0x2) ioctl$sock_SIOCETHTOOL(r6, 0x8946, &(0x7f0000000080)={'vlan0\x00', &(0x7f0000000400)=ANY=[@ANYBLOB="17000000000b000005000000000000004d46a649bf6301c4e6b9873cab2f2a81c30ece92ddea883a59c9f0cd00000000000000008e3350741d9fd934f4d99d3030adf5ad2502a85392c8c79f5a42900a07af8dee2f52d49ff461a0759df2462bffd9d5511e6a661bd697447928a18a674f7c25c1c787a2989430bca311276b3b7e28e674989700de76c89b4f012f19a1c6bb94809c7e5707557dd5154a1f156f06186c170d4d812cae6a0497f26d02024111f33bad15c24c11c8dd47421897b065b7932bfdac9e6a25fa57a106fd4105b64f05aa506cd97b826beadbc0941eeff22a687bb824bc2315f021dc3b7e5d266d8e7331f2231b2f3c3b5c8afb9891a503868612d9bf859abaa9290c1df71f8e585e1f89c4"]}) setsockopt$inet6_MRT6_DEL_MFC(r6, 0x29, 0xcd, &(0x7f0000000180)={{0xa, 0x4e21, 0x7ff, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0x1}, {0xa, 0x4e24, 0x426, @private2={0xfc, 0x2, [], 0x1}, 0x7}, 0x4, [0x7fffffff, 0x7f3, 0x5, 0x2e5, 0x8, 0x3, 0x2, 0x4]}, 0x5c) syz_mount_image$bfs(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_DISABLE_FRAGMENTS(r2, 0x84, 0x8, &(0x7f0000000100), &(0x7f0000000140)=0x4) 00:13:46 executing program 2: r0 = memfd_create(&(0x7f0000000200)='/dev/\"\x00\x00\x00\x00\x00\x00\x00\xe8\x00\xeb\xf5z\x98\x00\xc8\x8d\x93\a\x8a\x8bYd>\x7f\xbek\x7fN\x1e\xdf\xf89_\xad\x8fv\x80\xab!S\xe8\xe1\x05.!N<\x8e\xe2sNL\\\xc0\xe7ZX\x8d\xddx\xc6\xb6P\x1d\xfd\x90\xd1l@.{\x1cB\xd5Feb\xd5\xb7V\x8dX\x10_p)\xba|7\xa4\xbb\xfb\xd62(\x92\\\xc3j\x870\xe5\x8c.\x955,`=\xdca\xda\x96)\xb8\x9f\x15\xb7\xfa\x0f\xfeA\x02Y%j\x04n\xe3\xa0\x03\xde\xd5\xfb\xb8\xdc\x18`\xd1S\x81\x88\xf9J~\x9d!\xbcw\xf6\xfb\xe3\xd1T\xd8\x9ft\x00\xd2\xaf\x00[\xbe\x89\n\x14\xa3\x83\x13i\xed\xe2\x92\xa8\x10\x80O\xaaw\xf7[\x7fY\xd4\xde\xd6\xea\x16#\xe4\x9e\x86j\x9c\xa3N\xde\xa3\x15DwY\x8e\xbf\x12\xdc\x19$5zf\x98V\x1aj\xd3\xc42\x06\xab\x98\xe3\x97FF\x1f\xce\xfe\xec\xb2-\xfe\xbd\xc6\xbb\xc6\x85\xd1\x84\x0eD\x7f\x12\xf7\x19\xd0N\xd1\xc4:\xb5\xae\x93\x8f\x8c\xe7H\x8d\xb2\x9c\xd1\x1f\xc6\xce\xb7\xb5(\x8dC$~\t0l\x91p\xba\xe8[\xb7U\a!\x11\x14M\x1f\xe0?X\v\x94\xd8\xfa\xcc\xfe\xe8\xbe\xe4\xc6\xc5(=\xafVD6BR\xfd\x97P\xd7nD\xcf\xba\xc4\x91t\x80\x83\x95\'\xd9\x01\x80\xcd\xb7w\xc1\x17m3\xa7\xeah\xd1\x91\xac\x0e\xfc\xd7{Sw\xac-\x81\xa5\x1e\\\x10\xe2\xde\xb9\xe9j9\xf9\xc6*-/\xa0\x8b\xb8T\x16\xccR\x96i\x05}=2.\xae\xb0\xec\xb3\xc2\xacu\x96/\xe8\xc8\x0eP#\x86\xf3nh\xe7\x9b\xeeI\x06\x9a\x81\xb0\xfam\xbd\xb0u', 0x0) ftruncate(r0, 0x1000000) r1 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r1, &(0x7f0000000000)={0x2, 0x0, @local}, 0x10) setsockopt$sock_int(r1, 0x1, 0x6, &(0x7f0000000080)=0x2e, 0x14c) pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000180)='>', 0x1) ioctl$UI_SET_LEDBIT(r2, 0x40045569, 0x3) connect$inet(r1, &(0x7f0000000040)={0x2, 0x0, @broadcast}, 0x10) r3 = openat$pfkey(0xffffff9c, &(0x7f0000000100)='/proc/self/net/pfkey\x00', 0xa000, 0x0) sendmsg$NFT_MSG_GETOBJ(r3, &(0x7f0000000400)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f00000003c0)={&(0x7f0000000180)={0x58, 0x13, 0xa, 0x5, 0x0, 0x0, {0xa, 0x0, 0x5}, [@NFTA_OBJ_NAME={0x9, 0x2, 'syz2\x00'}, @NFTA_OBJ_NAME={0x9, 0x2, 'syz0\x00'}, @NFTA_OBJ_HANDLE={0xc, 0x6, 0x1, 0x0, 0x1}, @NFTA_OBJ_TYPE={0x8, 0x3, 0x1, 0x0, 0x1}, @NFTA_OBJ_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_OBJ_TABLE={0x9, 0x1, 'syz0\x00'}]}, 0x58}, 0x1, 0x0, 0x0, 0x800}, 0x20044895) pipe(&(0x7f0000000080)={0xffffffffffffffff}) r5 = socket$alg(0x26, 0x5, 0x0) bind$alg(r5, &(0x7f0000000280)={0x26, 'hash\x00', 0x0, 0x0, 'tgr192-generic\x00'}, 0x58) r6 = accept4(r5, 0x0, 0x0, 0x0) splice(r4, 0x0, r6, 0x0, 0x80000001, 0x0) r7 = openat$cgroup_ro(r4, &(0x7f0000000440)='freezer.state\x00', 0x0, 0x0) ioctl$sock_SIOCSIFBR(r7, 0x8941, &(0x7f00000004c0)=@get={0x1, &(0x7f0000000480)=""/50, 0x3}) setsockopt$inet_int(r1, 0x0, 0xb, &(0x7f00000000c0)=0x2, 0x4) sendfile(r1, r0, 0x0, 0xeefffdeb) [ 326.966073][ T32] audit: type=1804 audit(1595031226.386:279): pid=10810 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir070710994/syzkaller.fFUD1Q/98/bus" dev="sda1" ino=15936 res=1 00:13:46 executing program 4: unshare(0x6c060000) socket$nl_route(0x10, 0x3, 0x0) pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket(0x40000000002, 0x3, 0x2) ioctl$sock_SIOCETHTOOL(r2, 0x8946, &(0x7f0000000080)={'vlan0\x00', &(0x7f0000000000)=@ethtool_sset_info={0x17}}) r3 = syz_genetlink_get_family_id$ethtool(&(0x7f00000002c0)='ethtool\x00') ioctl$VIDIOC_S_FBUF(r1, 0x402c560b, &(0x7f0000000480)={0x28, 0x27, &(0x7f0000000440)="e1f30af5396ea3b572e4b1a7c0cb7c9996d447156200700d8cf2d667494e7573c14bb442bb6c7e", {0x3, 0xfffffbff, 0x384c4150, 0xe, 0x3f, 0x80000000, 0x3, 0x7f}}) sendmsg$ETHTOOL_MSG_CHANNELS_SET(r2, &(0x7f0000000380)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000340)={&(0x7f0000000500)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="00032b001b00000000000000000008000900680000000800080004000000080009000200000082e7575f6039cde14c0cf25c84d28bd37b82d16ebea8e04459ef19f98f4eb1d8ca56769bdb2199a5f47a7cafe6a4c624af6af8c2761ad32b1ae1b61008556bfd27753c386fd66fdf7bd64eb7dffd0b63021306e915c47c2688bd70d0d893994f611a32561756fa9e2bd375503b75506b05777001dc1771137751ecd917013b1f70fad39a9630893298f489156a79c4d51b239341f2977665cbe378a3ba2084d702c36b2ea3fd0c03de44792310d1742f0b55b58746757fa6df5c4f5cffb5e83bf96e78824baff5cd24790c661fd221695db709094e0ef7"], 0x34}, 0x1, 0x0, 0x0, 0x80c0}, 0x880) r4 = socket(0x40000000002, 0x3, 0x2) ioctl$sock_SIOCETHTOOL(r4, 0x8946, &(0x7f0000000080)={'vlan0\x00', &(0x7f0000000000)=@ethtool_sset_info={0x17}}) r5 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r5, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0, 0x0}, &(0x7f0000cab000)=0xc) setgid(r6) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x86008, &(0x7f00000001c0)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r4}, 0x2c, {[{@dfltgid={'dfltgid', 0x3d, r6}}, {@afid={'afid', 0x3d, 0x9}}, {@cache_fscache='cache=fscache'}, {@afid={'afid', 0x3d, 0x7}}, {@aname={'aname', 0x3d, '#,\\*)@\\&'}}, {@access_client='access=client'}, {@cachetag={'cachetag', 0x3d, '/!\''}}], [{@subj_user={'subj_user', 0x3d, '+Z'}}, {@dont_hash='dont_hash'}]}}) write(r1, &(0x7f0000000180)='>', 0x1) r7 = add_key$keyring(&(0x7f00000002c0)='keyring\x00', &(0x7f00000001c0)={'syz', 0x3}, 0x0, 0x0, 0xffffffffffffffff) r8 = add_key$user(&(0x7f0000000000)='user\x00', &(0x7f0000000040)={'syz', 0x3}, &(0x7f0000000080)='|', 0x1, r7) keyctl$read(0x6, r8, &(0x7f0000002980)=""/4084, 0xff4) keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, r8, &(0x7f00000004c0)='user\x00', &(0x7f0000000400)=@secondary='builtin_and_secondary_trusted\x00') ioctl$EVIOCGBITSW(r1, 0x80404525, &(0x7f0000000000)=""/73) [ 327.165790][ T32] audit: type=1804 audit(1595031226.406:280): pid=10809 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir070710994/syzkaller.fFUD1Q/98/bus" dev="sda1" ino=15936 res=1 [ 327.190400][ T32] audit: type=1804 audit(1595031226.416:281): pid=10809 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir070710994/syzkaller.fFUD1Q/98/bus" dev="sda1" ino=15936 res=1 00:13:46 executing program 0: open(&(0x7f00000001c0)='./bus\x00', 0x149043, 0x0) r0 = open(&(0x7f000000fffa)='./bus\x00', 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r0, 0x40046602, &(0x7f0000000000)) r1 = creat(&(0x7f0000000140)='./bus\x00', 0x0) fcntl$setstatus(r1, 0x4, 0x46000) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x6, &(0x7f00000004c0)=0x0) io_submit(r3, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, r2, &(0x7f0000000000), 0x10000}]) r4 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r1, r4, 0x0, 0x8400fffffffb) [ 327.394651][T10822] IPVS: ftp: loaded support on port[0] = 21 [ 327.788105][ T32] audit: type=1804 audit(1595031227.206:282): pid=10849 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir070710994/syzkaller.fFUD1Q/99/bus" dev="sda1" ino=15987 res=1 [ 327.932788][ T32] audit: type=1804 audit(1595031227.246:283): pid=10849 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir070710994/syzkaller.fFUD1Q/99/bus" dev="sda1" ino=15987 res=1 [ 327.957273][ T32] audit: type=1804 audit(1595031227.256:284): pid=10849 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir070710994/syzkaller.fFUD1Q/99/bus" dev="sda1" ino=15987 res=1 00:13:47 executing program 4: r0 = socket(0x40000000002, 0x3, 0x2) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000080)={'vlan0\x00', &(0x7f0000000000)=@ethtool_sset_info={0x17}}) recvmmsg(r0, &(0x7f0000004cc0)=[{{&(0x7f0000000000)=@nfc, 0x80, &(0x7f0000000200)=[{&(0x7f0000000080)=""/28, 0x1c}, {&(0x7f00000000c0)=""/164, 0xa4}, {&(0x7f0000000180)=""/119, 0x77}], 0x3, &(0x7f0000000240)=""/252, 0xfc}, 0xee5}, {{&(0x7f0000000340)=@rc={0x1f, @none}, 0x80, &(0x7f0000000580)=[{&(0x7f00000003c0)=""/39, 0x27}, {&(0x7f00000004c0)=""/188, 0xbc}, {&(0x7f0000000680)=""/224, 0xe0}, {&(0x7f0000000400)=""/68, 0x44}, {&(0x7f0000000780)=""/4096, 0x1000}], 0x5}}, {{0x0, 0x0, &(0x7f0000002940)=[{&(0x7f0000001780)=""/160, 0xa0}, {&(0x7f0000001840)=""/221, 0xdd}, {&(0x7f00000005c0)=""/84, 0x54}, {&(0x7f0000001940)=""/4096, 0x1000}], 0x4, &(0x7f0000002980)=""/16, 0x10}, 0x200}, {{&(0x7f00000029c0)=@x25={0x9, @remote}, 0x80, &(0x7f0000002f40)=[{&(0x7f0000002a40)=""/230, 0xe6}, {&(0x7f0000002b40)=""/102, 0x66}, {&(0x7f0000002bc0)=""/254, 0xfe}, {&(0x7f0000002cc0)=""/17, 0x11}, {&(0x7f0000002d00)=""/158, 0x9e}, {&(0x7f0000002dc0)=""/80, 0x50}, {&(0x7f0000002e40)=""/204, 0xcc}], 0x7}, 0xff}, {{&(0x7f0000002f80)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @mcast1}}}, 0x80, &(0x7f0000004080)=[{&(0x7f0000003000)=""/4096, 0x1000}, {&(0x7f0000004000)=""/96, 0x60}], 0x2}, 0x8}, {{&(0x7f00000040c0)=@rc={0x1f, @fixed}, 0x80, &(0x7f0000004540)=[{&(0x7f0000004140)=""/144, 0x90}, {&(0x7f0000004200)=""/38, 0x26}, {&(0x7f0000004240)=""/107, 0x6b}, {&(0x7f00000042c0)=""/160, 0xa0}, {&(0x7f0000004380)=""/73, 0x49}, {&(0x7f0000004400)=""/97, 0x61}, {&(0x7f0000004480)=""/171, 0xab}], 0x7, &(0x7f0000004580)=""/14, 0xe}, 0xcf}, {{0x0, 0x0, &(0x7f0000004b80)=[{&(0x7f00000045c0)=""/157, 0x9d}, {&(0x7f0000004680)=""/47, 0x2f}, {&(0x7f00000046c0)=""/84, 0x54}, {&(0x7f0000004740)=""/1, 0x1}, {&(0x7f0000004780)=""/158, 0x9e}, {&(0x7f0000004840)=""/133, 0x85}, {&(0x7f0000004900)=""/209, 0xd1}, {&(0x7f0000004a00)=""/124, 0x7c}, {&(0x7f0000004a80)=""/198, 0xc6}], 0x9, &(0x7f0000004c00)=""/162, 0xa2}, 0x1}], 0x7, 0x40010041, &(0x7f0000004dc0)={0x77359400}) sendto(r1, &(0x7f0000004e00)="5a5e107848f046f7c8f652089ecc248d9330e45515f02910739f8cd3b3a8ee638259d56c2d79852db58baa0ea53fb8403a3e9f9800ea575fe71ef79bd4ae65df7c1d9778d8390c24e5fc5647576a4d12d78e310ebec6e1802beac25488511fb40373cd6aaede0ae66c73af4982de062d72107b75e25bac9001743f69bb9ce43fe78dba0011ce1cf70d3cf88a30b0238f59e619596ed7e410ec367d6719ef7171941c1fd84b482fe6607d52a205bea8ea0d6bbf8e9cc5fccddc12015e4517c687f11da43303b5", 0xc6, 0x20040040, &(0x7f0000004f00)=@nfc_llcp={0x27, 0x1, 0x0, 0x5, 0xff, 0x7f, "824973d9c7218a1e3d9781e5fd6f2b015af6e947d01d35a667b1b4069163df2d2e65dc65d077b0b6558bbe35713dbd4c6a0c6092864f9fdbb41802e57cf8cc", 0x21}, 0x80) syz_read_part_table(0x0, 0x1, &(0x7f0000000640)=[{&(0x7f0000000480)="3d94433fa7c56f6bea29e264b77989ddf0c4d94c284b93ddf7d66248bc36b06935e5ed0bd250cb1426313e15f395a71e1e2bb374bfda29cffc52e2", 0x3b, 0x19b}]) 00:13:47 executing program 0: open(&(0x7f00000001c0)='./bus\x00', 0x149043, 0x0) r0 = open(&(0x7f000000fffa)='./bus\x00', 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r0, 0x40046602, &(0x7f0000000000)) r1 = creat(&(0x7f0000000140)='./bus\x00', 0x0) fcntl$setstatus(r1, 0x4, 0x46000) creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x6, &(0x7f00000004c0)=0x0) io_submit(r2, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0xffffffffffffffff, &(0x7f0000000000), 0x10000}]) r3 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r1, r3, 0x0, 0x8400fffffffb) 00:13:47 executing program 3: r0 = socket(0x40000000002, 0x3, 0x2) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000080)={'vlan0\x00', &(0x7f0000000000)=@ethtool_sset_info={0x17}}) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r1, 0x84, 0x6e, &(0x7f0000000080)=[@in={0x2, 0x0, @dev}], 0x10) socket$inet6_sctp(0xa, 0x10000000005, 0x84) r2 = openat$vcsu(0xffffff9c, &(0x7f00000001c0)='/dev/vcsu\x00', 0x20000, 0x0) read$midi(r2, &(0x7f0000000200)=""/165, 0xa5) 00:13:47 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x1d7) pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) write(r5, &(0x7f0000000180)='>', 0x1) ioctl$KDSETKEYCODE(r5, 0x4b4d, &(0x7f0000000140)={0x7fffffff, 0xbd}) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)=ANY=[@ANYBLOB="48000000100005060700"/20, @ANYRES32=r4, @ANYBLOB="0000000000000000280012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000000c0)=ANY=[@ANYBLOB="200000001400010400d5000000e2fe5a23000000", @ANYRES32=r4, @ANYBLOB="080002"], 0x20}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000840)=@newlink={0x20, 0x11, 0xa2b, 0x0, 0x0, {0x0, 0x0, 0x0, r4}}, 0x20}}, 0x0) 00:13:47 executing program 1: r0 = syz_open_dev$mouse(&(0x7f0000000000)='/dev/input/mouse#\x00', 0xcef, 0x2000) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) r3 = socket(0x40000000002, 0x3, 0x2) ioctl$sock_SIOCETHTOOL(r3, 0x8946, &(0x7f0000000080)={'vlan0\x00', &(0x7f0000000000)=@ethtool_sset_info={0x17}}) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180)='nl80211\x00') sendmsg$NL80211_CMD_REQ_SET_REG(r4, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000040)={0x20, r5, 0x1, 0x0, 0x0, {}, [@NL80211_ATTR_USER_REG_HINT_TYPE={0x8, 0x9a, 0x2}, @NL80211_ATTR_SOCKET_OWNER={0x4}]}, 0x20}}, 0x0) sendmsg$NL80211_CMD_DEL_STATION(r3, &(0x7f0000000200)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x448000}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x1c, r5, 0x10, 0x70bd2c, 0x25dfdbfd, {}, [@NL80211_ATTR_STA_CAPABILITY={0x6, 0xab, 0x1}]}, 0x1c}, 0x1, 0x0, 0x0, 0x1}, 0x4000) getsockname$packet(r2, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000280)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000002c0)=ANY=[@ANYBLOB="640000001000050700"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000440012800b000100697036746e6c00003400028008000100", @ANYRES32=r6, @ANYBLOB="14000300fc000000000000000000000014000200fe8000000000000000000000000000bb"], 0x64}}, 0x0) ioctl$sock_inet6_SIOCDIFADDR(r0, 0x8936, &(0x7f0000000040)={@private2, 0x29, r6}) [ 328.244717][ T830] tipc: TX() has been purged, node left! [ 328.411448][T10859] Dev loop4: unable to read RDB block 1 [ 328.417604][T10859] loop4: AHDI p1 p2 [ 328.421559][T10859] loop4: partition table partially beyond EOD, truncated [ 328.429374][T10859] loop4: p1 start 505293747 is beyond EOD, truncated [ 328.478815][ T32] audit: type=1804 audit(1595031227.896:285): pid=10867 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir070710994/syzkaller.fFUD1Q/100/bus" dev="sda1" ino=15970 res=1 [ 328.523916][T10865] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.2'. [ 328.570094][T10870] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.1'. [ 328.629324][T10878] netlink: 'syz-executor.2': attribute type 2 has an invalid length. 00:13:48 executing program 4: r0 = socket(0x40000000002, 0x3, 0x2) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000080)={'vlan0\x00', &(0x7f0000000000)=@ethtool_sset_info={0x17}}) recvmmsg(r0, &(0x7f0000004cc0)=[{{&(0x7f0000000000)=@nfc, 0x80, &(0x7f0000000200)=[{&(0x7f0000000080)=""/28, 0x1c}, {&(0x7f00000000c0)=""/164, 0xa4}, {&(0x7f0000000180)=""/119, 0x77}], 0x3, &(0x7f0000000240)=""/252, 0xfc}, 0xee5}, {{&(0x7f0000000340)=@rc={0x1f, @none}, 0x80, &(0x7f0000000580)=[{&(0x7f00000003c0)=""/39, 0x27}, {&(0x7f00000004c0)=""/188, 0xbc}, {&(0x7f0000000680)=""/224, 0xe0}, {&(0x7f0000000400)=""/68, 0x44}, {&(0x7f0000000780)=""/4096, 0x1000}], 0x5}}, {{0x0, 0x0, &(0x7f0000002940)=[{&(0x7f0000001780)=""/160, 0xa0}, {&(0x7f0000001840)=""/221, 0xdd}, {&(0x7f00000005c0)=""/84, 0x54}, {&(0x7f0000001940)=""/4096, 0x1000}], 0x4, &(0x7f0000002980)=""/16, 0x10}, 0x200}, {{&(0x7f00000029c0)=@x25={0x9, @remote}, 0x80, &(0x7f0000002f40)=[{&(0x7f0000002a40)=""/230, 0xe6}, {&(0x7f0000002b40)=""/102, 0x66}, {&(0x7f0000002bc0)=""/254, 0xfe}, {&(0x7f0000002cc0)=""/17, 0x11}, {&(0x7f0000002d00)=""/158, 0x9e}, {&(0x7f0000002dc0)=""/80, 0x50}, {&(0x7f0000002e40)=""/204, 0xcc}], 0x7}, 0xff}, {{&(0x7f0000002f80)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @mcast1}}}, 0x80, &(0x7f0000004080)=[{&(0x7f0000003000)=""/4096, 0x1000}, {&(0x7f0000004000)=""/96, 0x60}], 0x2}, 0x8}, {{&(0x7f00000040c0)=@rc={0x1f, @fixed}, 0x80, &(0x7f0000004540)=[{&(0x7f0000004140)=""/144, 0x90}, {&(0x7f0000004200)=""/38, 0x26}, {&(0x7f0000004240)=""/107, 0x6b}, {&(0x7f00000042c0)=""/160, 0xa0}, {&(0x7f0000004380)=""/73, 0x49}, {&(0x7f0000004400)=""/97, 0x61}, {&(0x7f0000004480)=""/171, 0xab}], 0x7, &(0x7f0000004580)=""/14, 0xe}, 0xcf}, {{0x0, 0x0, &(0x7f0000004b80)=[{&(0x7f00000045c0)=""/157, 0x9d}, {&(0x7f0000004680)=""/47, 0x2f}, {&(0x7f00000046c0)=""/84, 0x54}, {&(0x7f0000004740)=""/1, 0x1}, {&(0x7f0000004780)=""/158, 0x9e}, {&(0x7f0000004840)=""/133, 0x85}, {&(0x7f0000004900)=""/209, 0xd1}, {&(0x7f0000004a00)=""/124, 0x7c}, {&(0x7f0000004a80)=""/198, 0xc6}], 0x9, &(0x7f0000004c00)=""/162, 0xa2}, 0x1}], 0x7, 0x40010041, &(0x7f0000004dc0)={0x77359400}) sendto(r1, &(0x7f0000004e00)="5a5e107848f046f7c8f652089ecc248d9330e45515f02910739f8cd3b3a8ee638259d56c2d79852db58baa0ea53fb8403a3e9f9800ea575fe71ef79bd4ae65df7c1d9778d8390c24e5fc5647576a4d12d78e310ebec6e1802beac25488511fb40373cd6aaede0ae66c73af4982de062d72107b75e25bac9001743f69bb9ce43fe78dba0011ce1cf70d3cf88a30b0238f59e619596ed7e410ec367d6719ef7171941c1fd84b482fe6607d52a205bea8ea0d6bbf8e9cc5fccddc12015e4517c687f11da43303b5", 0xc6, 0x20040040, &(0x7f0000004f00)=@nfc_llcp={0x27, 0x1, 0x0, 0x5, 0xff, 0x7f, "824973d9c7218a1e3d9781e5fd6f2b015af6e947d01d35a667b1b4069163df2d2e65dc65d077b0b6558bbe35713dbd4c6a0c6092864f9fdbb41802e57cf8cc", 0x21}, 0x80) syz_read_part_table(0x0, 0x1, &(0x7f0000000640)=[{&(0x7f0000000480)="3d94433fa7c56f6bea29e264b77989ddf0c4d94c284b93ddf7d66248bc36b06935e5ed0bd250cb1426313e15f395a71e1e2bb374bfda29cffc52e2", 0x3b, 0x19b}]) 00:13:48 executing program 0: open(&(0x7f00000001c0)='./bus\x00', 0x149043, 0x0) r0 = open(&(0x7f000000fffa)='./bus\x00', 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r0, 0x40046602, &(0x7f0000000000)) r1 = creat(&(0x7f0000000140)='./bus\x00', 0x0) fcntl$setstatus(r1, 0x4, 0x46000) creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x6, &(0x7f00000004c0)=0x0) io_submit(r2, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0xffffffffffffffff, &(0x7f0000000000), 0x10000}]) r3 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r1, r3, 0x0, 0x8400fffffffb) [ 328.841100][T10878] netlink: 'syz-executor.2': attribute type 2 has an invalid length. [ 328.850704][T10865] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.2'. 00:13:48 executing program 1: syz_mount_image$bfs(0x0, &(0x7f0000000240)='.\x00', 0x0, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f0000000280)={0x26, 'hash\x00', 0x0, 0x0, 'tgr192-generic\x00'}, 0x58) r3 = accept4(r2, 0x0, 0x0, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') sendmsg$TIPC_NL_PEER_REMOVE(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000300)=ANY=[@ANYBLOB='T\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="01000000000000000000140000004000078071b8fa371a7decc82656355c6ecb4c1a2c5889ca1b0400000000000000100be96c9ef2c4a193696a7a69153a12d87d4bf45b66fd376a262b41a3bbc031a01693b1b763f1d4b4284d97"], 0x54}}, 0x0) sendmsg$TIPC_NL_LINK_SET(r1, &(0x7f00000001c0)={&(0x7f0000000040), 0xc, &(0x7f0000000180)={&(0x7f00000000c0)={0xbc, r5, 0x8, 0x70bd2d, 0x25dfdbfd, {}, [@TIPC_NLA_SOCK={0xa8, 0x2, 0x0, 0x1, [@TIPC_NLA_SOCK_CON={0x2c, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_NODE={0x8, 0x2, 0x8001}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x3}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x2}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0xffff}, @TIPC_NLA_CON_FLAG={0x8}]}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0x7}, @TIPC_NLA_SOCK_CON={0x14, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_FLAG={0x8, 0x1, 0x1f}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x7}]}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_CON={0x1c, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_FLAG={0x8, 0x1, 0x8}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x7fff}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x3ff}]}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x4}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x803}, @TIPC_NLA_SOCK_CON={0x24, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_NODE={0x8, 0x2, 0x1}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x83c7}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x2}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x1cde1243}]}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}]}]}, 0xbc}, 0x1, 0x0, 0x0, 0x800}, 0x80) splice(r0, 0x0, r3, 0x0, 0x80000001, 0x0) mknodat(r0, &(0x7f0000000000)='./file0\x00', 0x444, 0xfffffffc) r6 = pkey_alloc(0x0, 0x1) pkey_free(r6) 00:13:48 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x1d7) pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) write(r5, &(0x7f0000000180)='>', 0x1) ioctl$KDSETKEYCODE(r5, 0x4b4d, &(0x7f0000000140)={0x7fffffff, 0xbd}) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)=ANY=[@ANYBLOB="48000000100005060700"/20, @ANYRES32=r4, @ANYBLOB="0000000000000000280012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000000c0)=ANY=[@ANYBLOB="200000001400010400d5000000e2fe5a23000000", @ANYRES32=r4, @ANYBLOB="080002"], 0x20}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000840)=@newlink={0x20, 0x11, 0xa2b, 0x0, 0x0, {0x0, 0x0, 0x0, r4}}, 0x20}}, 0x0) [ 329.220816][T10899] netlink: 60 bytes leftover after parsing attributes in process `syz-executor.1'. [ 329.296527][T10900] Dev loop4: unable to read RDB block 1 [ 329.302414][T10900] loop4: AHDI p1 p2 [ 329.306545][T10900] loop4: partition table partially beyond EOD, truncated [ 329.314092][T10900] loop4: p1 start 505293747 is beyond EOD, truncated [ 329.460713][T10907] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.2'. 00:13:48 executing program 3: r0 = socket(0x40000000002, 0x3, 0x2) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000080)={'vlan0\x00', &(0x7f0000000000)=@ethtool_sset_info={0x17}}) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r1, 0x84, 0x6e, &(0x7f0000000080)=[@in={0x2, 0x0, @dev}], 0x10) r2 = openat$vcsu(0xffffff9c, &(0x7f00000001c0)='/dev/vcsu\x00', 0x20000, 0x0) read$midi(r2, &(0x7f0000000200)=""/165, 0xa5) [ 329.549297][T10912] netlink: 'syz-executor.2': attribute type 2 has an invalid length. 00:13:49 executing program 0: open(&(0x7f00000001c0)='./bus\x00', 0x149043, 0x0) r0 = open(&(0x7f000000fffa)='./bus\x00', 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r0, 0x40046602, &(0x7f0000000000)) r1 = creat(&(0x7f0000000140)='./bus\x00', 0x0) fcntl$setstatus(r1, 0x4, 0x46000) creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x6, &(0x7f00000004c0)=0x0) io_submit(r2, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0xffffffffffffffff, &(0x7f0000000000), 0x10000}]) r3 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r1, r3, 0x0, 0x8400fffffffb) 00:13:49 executing program 4: pipe(&(0x7f0000000080)={0xffffffffffffffff}) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000280)={0x26, 'hash\x00', 0x0, 0x0, 'tgr192-generic\x00'}, 0x58) r2 = accept4(r1, 0x0, 0x0, 0x0) splice(r0, 0x0, r2, 0x0, 0x80000001, 0x0) pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$KVM_CHECK_EXTENSION_VM(r0, 0xae03, 0x45) write(r3, &(0x7f0000000180)='>', 0x1) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r0, 0x2405, r3) syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f0000000040)="020181ffffff0a100007000000000000000082000800000000000000024000ffffd036000000e100000088a0007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}]) 00:13:49 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x1d7) pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) write(r5, &(0x7f0000000180)='>', 0x1) ioctl$KDSETKEYCODE(r5, 0x4b4d, &(0x7f0000000140)={0x7fffffff, 0xbd}) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)=ANY=[@ANYBLOB="48000000100005060700"/20, @ANYRES32=r4, @ANYBLOB="0000000000000000280012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000000c0)=ANY=[@ANYBLOB="200000001400010400d5000000e2fe5a23000000", @ANYRES32=r4, @ANYBLOB="080002"], 0x20}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000840)=@newlink={0x20, 0x11, 0xa2b, 0x0, 0x0, {0x0, 0x0, 0x0, r4}}, 0x20}}, 0x0) 00:13:49 executing program 0: open(&(0x7f00000001c0)='./bus\x00', 0x149043, 0x0) r0 = open(&(0x7f000000fffa)='./bus\x00', 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r0, 0x40046602, &(0x7f0000000000)) r1 = creat(&(0x7f0000000140)='./bus\x00', 0x0) fcntl$setstatus(r1, 0x4, 0x46000) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x6, &(0x7f00000004c0)=0x0) io_submit(r3, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r2, 0x0}]) r4 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r1, r4, 0x0, 0x8400fffffffb) [ 330.146230][T10931] loop4: p2 p3 p4 [ 330.150182][T10931] loop4: partition table partially beyond EOD, truncated [ 330.158017][T10931] loop4: p2 size 1073872896 extends beyond EOD, truncated 00:13:49 executing program 5: ioctl$VIDIOC_S_EXT_CTRLS(0xffffffffffffffff, 0xc0185648, &(0x7f0000000080)={0x9b0000, 0x7fffffff, 0xfffffffd, 0xffffffffffffffff, 0x0, &(0x7f0000000040)={0x9a090b, 0x4, [], @p_u8=&(0x7f0000000000)=0x4}}) r1 = getuid() ioctl$SIOCAX25GETUID(r0, 0x89e0, &(0x7f00000000c0)={0x3, @default, r1}) getsockopt$inet_sctp_SCTP_MAXSEG(r0, 0x84, 0xd, &(0x7f0000000100)=@assoc_id=0x0, &(0x7f0000000140)=0x4) getsockopt$inet_sctp6_SCTP_PEER_AUTH_CHUNKS(r0, 0x84, 0x1a, &(0x7f0000000180)={r2, 0x1, "d2"}, &(0x7f00000001c0)=0x9) r3 = openat(0xffffffffffffffff, &(0x7f0000000200)='./file0\x00', 0x32201, 0x8) ioctl$SNAPSHOT_POWER_OFF(r3, 0x3310) ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(0xffffffffffffffff, 0xc00c642e, &(0x7f0000000240)={0x0, 0x0, 0xffffffffffffffff}) fremovexattr(r4, &(0x7f0000000280)=@random={'btrfs.', '*\x00'}) r5 = socket$inet6_icmp(0xa, 0x2, 0x3a) ioctl$FS_IOC_ENABLE_VERITY(r5, 0x40806685, &(0x7f0000000480)={0x1, 0x2, 0x1000, 0xdf, &(0x7f00000002c0)="59f641d09a07d37bcf4b4812e6354a51cdee357d9ceb94cc1d87b19334ad5fa41e7313a3f325c8757e61f21ee8d70acd6bb98b820a8c295eb2e2e143701ac99f560bbfb67abf76ac704eb2ed6f1c743792576c109f7059f853bb1a999a83ee6bf2024f55899535ac15c51d7d3aafc3f59f19a0220acc29cb0ed7e2df8993a5f3f1f320108344330a6fe81a31ef2384cf54f690c7482a5ead5725e36cdff6da90105a3159de0939e5954b841c3f36166bfaa4f34c3679aa949efea8001a5123bcde3de4f7306835cc7b3e2dd8fe19edd713f5049a5bbd3c624c2f4ede92ca95", 0xb5, 0x0, &(0x7f00000003c0)="d09ff093589262db92b84fde8e930476546c2b1e3ea8e9d5524d0719c7f248d908a9d88cc7ce9f1a1bc5fb241343c6d7bcfb3a421cd99b785490edeee69597dcd3cd9e89fb949710cbd3302b7d26ef6b8163b214af454d953628579c6569171f01bebb3e18984f101e6e52b3d4bab0063351d0746e7f2710a91a926d66506bbed2f613bb47056ec59836de91889d6b119d5f055ca9c9bdbc83249a8847f70d38d7c83f15a6954eff6a93816a2d9ae9baa48df4f47c"}) ioctl$SIOCRSACCEPT(r3, 0x89e3) r6 = openat$hwrng(0xffffff9c, &(0x7f0000000500)='/dev/hwrng\x00', 0x212000, 0x0) r7 = getpid() r8 = getegid() setsockopt$sock_cred(r6, 0x1, 0x11, &(0x7f0000000540)={r7, r1, r8}, 0xc) ioctl$VIDIOC_SUBSCRIBE_EVENT(r6, 0x4020565a, &(0x7f0000000580)={0x1, 0x6, 0x2}) r9 = openat$btrfs_control(0xffffff9c, &(0x7f00000005c0)='/dev/btrfs-control\x00', 0x141a02, 0x0) write(r9, &(0x7f0000000600)="bbfa0a5b4fafaba9cf946a521f31cd3188a0ca25ab7ec17207d778b344", 0x1d) ioctl$KVM_ASSIGN_SET_INTX_MASK(r9, 0x4040aea4, &(0x7f0000000640)={0x5, 0x4, 0x80, 0x6, 0x70}) [ 330.301271][T10935] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.2'. [ 330.322096][T10931] loop4: p3 start 225 is beyond EOD, truncated [ 330.328733][T10931] loop4: p4 size 3657465856 extends beyond EOD, truncated 00:13:49 executing program 1: syz_mount_image$bfs(0x0, &(0x7f0000000240)='.\x00', 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000080)={'vlan0\x00', &(0x7f0000000000)=@ethtool_sset_info={0x17}}) bpf$OBJ_GET_PROG(0x7, &(0x7f0000000100)={&(0x7f00000000c0)='./file0\x00', 0x0, 0x10}, 0x10) fsetxattr$security_evm(0xffffffffffffffff, &(0x7f0000000000)='security.evm\x00', &(0x7f0000000040)=@md5={0x1, "b098a6fd1e172d665afe6fbf83d320dd"}, 0x11, 0x1) pipe(&(0x7f0000000080)={0xffffffffffffffff}) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000280)={0x26, 'hash\x00', 0x0, 0x0, 'tgr192-generic\x00'}, 0x58) r2 = accept4(r1, 0x0, 0x0, 0x0) splice(r0, 0x0, r2, 0x0, 0x80000001, 0x0) r3 = openat$qat_adf_ctl(0xffffff9c, &(0x7f0000000180)='/dev/qat_adf_ctl\x00', 0x88000, 0x0) ioctl$sock_inet6_tcp_SIOCOUTQ(r3, 0x5411, &(0x7f00000001c0)) write$6lowpan_control(r0, &(0x7f0000000140)='connect aa:aa:aa:aa:aa:10 1', 0x1b) [ 330.398569][T10944] netlink: 'syz-executor.2': attribute type 2 has an invalid length. 00:13:50 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x1d7) pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) write(r5, &(0x7f0000000180)='>', 0x1) ioctl$KDSETKEYCODE(r5, 0x4b4d, &(0x7f0000000140)={0x7fffffff, 0xbd}) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)=ANY=[@ANYBLOB="48000000100005060700"/20, @ANYRES32=r4, @ANYBLOB="0000000000000000280012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000000c0)=ANY=[@ANYBLOB="200000001400010400d5000000e2fe5a23000000", @ANYRES32=r4, @ANYBLOB="080002"], 0x20}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000840)=@newlink={0x20, 0x11, 0xa2b, 0x0, 0x0, {0x0, 0x0, 0x0, r4}}, 0x20}}, 0x0) 00:13:50 executing program 0: open(&(0x7f00000001c0)='./bus\x00', 0x149043, 0x0) r0 = open(&(0x7f000000fffa)='./bus\x00', 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r0, 0x40046602, &(0x7f0000000000)) r1 = creat(&(0x7f0000000140)='./bus\x00', 0x0) fcntl$setstatus(r1, 0x4, 0x46000) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x6, &(0x7f00000004c0)=0x0) io_submit(r3, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r2, 0x0}]) r4 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r1, r4, 0x0, 0x8400fffffffb) 00:13:50 executing program 3: r0 = socket(0x40000000002, 0x3, 0x2) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000080)={'vlan0\x00', &(0x7f0000000000)=@ethtool_sset_info={0x17}}) socket$inet6_sctp(0xa, 0x5, 0x84) r1 = openat$vcsu(0xffffff9c, &(0x7f00000001c0)='/dev/vcsu\x00', 0x20000, 0x0) read$midi(r1, &(0x7f0000000200)=""/165, 0xa5) [ 330.901131][T10961] QAT: Invalid ioctl 00:13:50 executing program 4: r0 = eventfd2(0x0, 0x0) poll(&(0x7f0000000000)=[{r0}], 0x1, 0x3089e82a) write$eventfd(r0, &(0x7f0000001040), 0x8) [ 331.087154][T10966] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.2'. [ 331.148914][T10971] netlink: 'syz-executor.2': attribute type 2 has an invalid length. [ 331.345878][ T32] kauditd_printk_skb: 11 callbacks suppressed [ 331.345941][ T32] audit: type=1804 audit(1595031230.766:297): pid=10979 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir070710994/syzkaller.fFUD1Q/104/bus" dev="sda1" ino=15978 res=1 00:13:50 executing program 3: r0 = socket(0x40000000002, 0x3, 0x2) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000080)={'vlan0\x00', &(0x7f0000000000)=@ethtool_sset_info={0x17}}) r1 = openat$vcsu(0xffffff9c, &(0x7f00000001c0)='/dev/vcsu\x00', 0x20000, 0x0) read$midi(r1, &(0x7f0000000200)=""/165, 0xa5) 00:13:50 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x1d7) pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) write(r4, &(0x7f0000000180)='>', 0x1) ioctl$KDSETKEYCODE(r4, 0x4b4d, &(0x7f0000000140)={0x7fffffff, 0xbd}) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)=ANY=[@ANYBLOB="48000000100005060700"/20, @ANYRES32=r3, @ANYBLOB="0000000000000000280012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000840)=@newlink={0x20, 0x11, 0xa2b, 0x0, 0x0, {0x0, 0x0, 0x0, r3}}, 0x20}}, 0x0) [ 331.453123][ T32] audit: type=1804 audit(1595031230.796:298): pid=10979 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir070710994/syzkaller.fFUD1Q/104/bus" dev="sda1" ino=15978 res=1 [ 331.478020][ T32] audit: type=1804 audit(1595031230.806:299): pid=10979 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir070710994/syzkaller.fFUD1Q/104/bus" dev="sda1" ino=15978 res=1 00:13:51 executing program 0: open(&(0x7f00000001c0)='./bus\x00', 0x149043, 0x0) r0 = open(&(0x7f000000fffa)='./bus\x00', 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r0, 0x40046602, &(0x7f0000000000)) r1 = creat(&(0x7f0000000140)='./bus\x00', 0x0) fcntl$setstatus(r1, 0x4, 0x46000) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x6, &(0x7f00000004c0)=0x0) io_submit(r3, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r2, 0x0}]) r4 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r1, r4, 0x0, 0x8400fffffffb) [ 331.735870][T10963] QAT: Invalid ioctl [ 331.899767][T10991] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.2'. 00:13:51 executing program 3: socket(0x40000000002, 0x3, 0x2) r0 = openat$vcsu(0xffffff9c, &(0x7f00000001c0)='/dev/vcsu\x00', 0x20000, 0x0) read$midi(r0, &(0x7f0000000200)=""/165, 0xa5) 00:13:51 executing program 1: pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) getsockname$packet(r0, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000280)=0x14) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000002c0)=@newlink={0x64, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x44, 0x12, 0x0, 0x1, @ipip6={{0xb, 0x1, 'ip6tnl\x00'}, {0x34, 0x2, 0x0, 0x1, [@IFLA_IPTUN_LINK={0x8, 0x1, r2}, @IFLA_IPTUN_REMOTE={0x14, 0x3, @private0}, @IFLA_IPTUN_LOCAL={0x14, 0x2, @remote}]}}}]}, 0x64}}, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r4, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000280)=0x14) sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000002c0)=@newlink={0x64, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x44, 0x12, 0x0, 0x1, @ipip6={{0xb, 0x1, 'ip6tnl\x00'}, {0x34, 0x2, 0x0, 0x1, [@IFLA_IPTUN_LINK={0x8, 0x1, r5}, @IFLA_IPTUN_REMOTE={0x14, 0x3, @private0}, @IFLA_IPTUN_LOCAL={0x14, 0x2, @remote}]}}}]}, 0x64}}, 0x0) r6 = socket$netlink(0x10, 0x3, 0x0) r7 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r7, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(0xffffffffffffffff, &(0x7f0000000380)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000002c0)=@newlink={0x64, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x44, 0x12, 0x0, 0x1, @ipip6={{0xb, 0x1, 'ip6tnl\x00'}, {0x34, 0x2, 0x0, 0x1, [@IFLA_IPTUN_LINK={0x8, 0x1, r8}, @IFLA_IPTUN_REMOTE={0x14, 0x3, @private0}, @IFLA_IPTUN_LOCAL={0x14, 0x2, @remote}]}}}]}, 0x64}}, 0x0) sendmsg$ETHTOOL_MSG_LINKMODES_GET(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="0037061e9e1dba5f3317ef3073fd5a904a71374508c4008ec35d60814b6d2bf2e5ff5616e4d5d500fd0b90fd145974c0607ff8236027eb78c90efc960cea2376666b2048fa1a7ac4e641b5751140550cfdd126", @ANYRES16=0x0, @ANYBLOB="000328bd7000ffdbdf25040000006400018008000300020000000800030002000000080003000300000008000100", @ANYRES32=0x0, @ANYBLOB="1400020069703665727370616e3000000000000014000200766c616e3100000000000000000000000800030002000000080003000300000008000100", @ANYRES32=r2, @ANYBLOB="50000180140002007465616d5f736c6176655f3100000000140002006772653000000000000000000000000008000100", @ANYRES32=r5, @ANYBLOB="140002006970365f76746930000000000000000008000100", @ANYRES32=r8, @ANYBLOB], 0xc8}, 0x1, 0x0, 0x0, 0x40000}, 0x44) write(r1, &(0x7f0000000180)='>', 0x1) r9 = socket(0x40000000002, 0x3, 0x2) ioctl$sock_SIOCETHTOOL(r9, 0x8946, &(0x7f0000000080)={'vlan0\x00', &(0x7f0000000000)=ANY=[@ANYBLOB="170000000000000000001b0000000000"]}) getsockopt$inet_pktinfo(r9, 0x0, 0x8, &(0x7f0000000040)={0x0, @loopback, @local}, &(0x7f00000000c0)=0xc) ioctl$vim2m_VIDIOC_STREAMOFF(r1, 0x40045612, &(0x7f0000000000)=0x2) syz_mount_image$bfs(0x0, &(0x7f0000000240)='.\x00', 0x0, 0x0, 0x0, 0x0, 0x0) [ 332.136483][ T32] audit: type=1804 audit(1595031231.556:300): pid=11005 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir070710994/syzkaller.fFUD1Q/105/bus" dev="sda1" ino=15992 res=1 [ 332.217120][ T32] audit: type=1804 audit(1595031231.586:301): pid=11002 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir070710994/syzkaller.fFUD1Q/105/bus" dev="sda1" ino=15992 res=1 [ 332.241846][ T32] audit: type=1804 audit(1595031231.606:302): pid=11002 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir070710994/syzkaller.fFUD1Q/105/bus" dev="sda1" ino=15992 res=1 00:13:51 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x1d7) pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) write(r4, &(0x7f0000000180)='>', 0x1) ioctl$KDSETKEYCODE(r4, 0x4b4d, &(0x7f0000000140)={0x7fffffff, 0xbd}) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)=ANY=[@ANYBLOB="48000000100005060700"/20, @ANYRES32=r3, @ANYBLOB="0000000000000000280012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000840)=@newlink={0x20, 0x11, 0xa2b, 0x0, 0x0, {0x0, 0x0, 0x0, r3}}, 0x20}}, 0x0) [ 332.257371][T11004] IPVS: ftp: loaded support on port[0] = 21 [ 332.614002][T11041] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.2'. [ 332.957541][T11004] chnl_net:caif_netlink_parms(): no params data found [ 333.148448][T11004] bridge0: port 1(bridge_slave_0) entered blocking state [ 333.156333][T11004] bridge0: port 1(bridge_slave_0) entered disabled state [ 333.166047][T11004] device bridge_slave_0 entered promiscuous mode [ 333.183306][T11004] bridge0: port 2(bridge_slave_1) entered blocking state [ 333.191645][T11004] bridge0: port 2(bridge_slave_1) entered disabled state [ 333.206595][T11004] device bridge_slave_1 entered promiscuous mode [ 333.270524][T11004] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 333.351020][T11004] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 333.433982][T11004] team0: Port device team_slave_0 added [ 333.463417][T11004] team0: Port device team_slave_1 added [ 333.546571][T11004] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 333.553650][T11004] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 333.581186][T11004] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 333.619693][T11004] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 333.628707][T11004] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 333.655707][T11004] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 333.897365][T11004] device hsr_slave_0 entered promiscuous mode [ 333.955666][T11004] device hsr_slave_1 entered promiscuous mode [ 333.985479][T11004] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 333.993176][T11004] Cannot create hsr debugfs directory [ 334.383984][T11004] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 334.426651][T11004] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 334.472458][T11004] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 334.535421][T11004] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 335.007032][T11004] 8021q: adding VLAN 0 to HW filter on device bond0 [ 335.054683][ T3378] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 335.063630][ T3378] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 335.085297][T11004] 8021q: adding VLAN 0 to HW filter on device team0 [ 335.123055][ T3378] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 335.133388][ T3378] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 335.142751][ T3378] bridge0: port 1(bridge_slave_0) entered blocking state [ 335.150025][ T3378] bridge0: port 1(bridge_slave_0) entered forwarding state [ 335.230968][ T3378] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 335.241572][ T3378] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 335.251470][ T3378] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 335.260732][ T3378] bridge0: port 2(bridge_slave_1) entered blocking state [ 335.268154][ T3378] bridge0: port 2(bridge_slave_1) entered forwarding state [ 335.277406][ T3378] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 335.288368][ T3378] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 335.299310][ T3378] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 335.309740][ T3378] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 335.320078][ T3378] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 335.330519][ T3378] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 335.340782][ T3378] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 335.350459][ T3378] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 335.359998][ T3378] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 335.369636][ T3378] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 335.386441][T11004] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 335.396096][ T30] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 335.484423][ T30] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 335.492253][ T30] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 335.527934][T11004] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 335.735339][ T30] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 335.745516][ T30] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 335.831569][ T8643] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 335.841533][ T8643] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 335.874021][T11004] device veth0_vlan entered promiscuous mode [ 335.898816][ T8643] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 335.907513][ T8643] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 335.925896][T11004] device veth1_vlan entered promiscuous mode [ 336.001161][ T30] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 336.010917][ T30] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 336.020357][ T30] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 336.030179][ T30] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 336.055565][T11004] device veth0_macvtap entered promiscuous mode [ 336.076825][T11004] device veth1_macvtap entered promiscuous mode [ 336.124133][T11004] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 336.136546][T11004] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 336.146602][T11004] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 336.157121][T11004] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 336.167172][T11004] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 336.177710][T11004] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 336.187711][T11004] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 336.198261][T11004] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 336.208238][T11004] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 336.218837][T11004] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 336.232891][T11004] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 336.245129][ T30] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 336.254645][ T30] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 336.263921][ T30] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 336.274507][ T30] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 336.308724][T11004] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 336.320075][T11004] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 336.330114][T11004] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 336.340834][T11004] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 336.350801][T11004] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 336.361386][T11004] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 336.371373][T11004] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 336.381925][T11004] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 336.391960][T11004] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 336.402598][T11004] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 336.416702][T11004] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 336.425790][ T30] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 336.435821][ T30] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready 00:13:56 executing program 5: r0 = epoll_create1(0x0) poll(&(0x7f0000000040)=[{r0, 0x8241}], 0x1, 0xfffb) r1 = socket$inet_udp(0x2, 0x2, 0x0) epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r1, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_MOD(r0, 0x3, r1, &(0x7f0000000180)={0x80000005}) 00:13:56 executing program 4: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000300)={'bridge_slave_0\x00', 0x0}) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0, 0x3d2}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000002c0)=ANY=[@ANYBLOB="3400000010000104000002000000000000000000", @ANYRES32=r4, @ANYBLOB="0000000000000000140012000c000100627269646765"], 0x34}}, 0x0) r5 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f00000000c0)=@newlink={0x28, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, r1}, [@IFLA_MASTER={0x8, 0xa, r4}]}, 0x28}}, 0x0) r6 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000340)={'bridge_slave_0\x00', 0x0}) r8 = socket(0x10, 0x80002, 0x0) sendmsg$nl_route(r8, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000380)=@bridge_setlink={0x28, 0x13, 0xa29, 0x0, 0x0, {0x7, 0x0, 0x0, r7}, [@IFLA_AF_SPEC={0x8, 0xc, 0x0, 0x0, [@AF_BRIDGE={0x4}]}]}, 0x28}}, 0x0) r9 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r9, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f00000000c0)=@newlink={0x20, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, r4, 0x8009}}, 0x20}}, 0x0) 00:13:56 executing program 0: open(&(0x7f00000001c0)='./bus\x00', 0x149043, 0x0) r0 = open(&(0x7f000000fffa)='./bus\x00', 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r0, 0x40046602, &(0x7f0000000000)) r1 = creat(&(0x7f0000000140)='./bus\x00', 0x0) fcntl$setstatus(r1, 0x4, 0x46000) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x6, &(0x7f00000004c0)=0x0) io_submit(r3, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r2, &(0x7f0000000000), 0x10000}]) r4 = open(0x0, 0x0, 0x0) sendfile(r1, r4, 0x0, 0x8400fffffffb) 00:13:56 executing program 3: r0 = openat$vcsu(0xffffff9c, &(0x7f00000001c0)='/dev/vcsu\x00', 0x20000, 0x0) read$midi(r0, &(0x7f0000000200)=""/165, 0xa5) 00:13:56 executing program 1: syz_mount_image$bfs(0x0, &(0x7f00000001c0)='./file0\x00', 0x7308, 0x0, 0x0, 0x2000400, 0x0) lsetxattr(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000100)=@random={'system.', '(##/:\x00'}, &(0x7f0000000140)='hash\x00', 0x5, 0x0) pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) write(r0, &(0x7f0000000180)='>', 0x1) pipe(&(0x7f0000000080)={0xffffffffffffffff}) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f0000000280)={0x26, 'hash\x00', 0x0, 0x0, 'tgr192-generic\x00'}, 0x58) r3 = accept4(r2, 0x0, 0x0, 0x0) splice(r1, 0x0, r3, 0x0, 0x80000001, 0x0) ioctl$KVM_IOEVENTFD(r0, 0x4040ae79, &(0x7f0000000040)={0x4000, &(0x7f0000000000), 0x0, r1, 0x1}) 00:13:56 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x1d7) pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) write(r4, &(0x7f0000000180)='>', 0x1) ioctl$KDSETKEYCODE(r4, 0x4b4d, &(0x7f0000000140)={0x7fffffff, 0xbd}) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)=ANY=[@ANYBLOB="48000000100005060700"/20, @ANYRES32=r3, @ANYBLOB="0000000000000000280012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000840)=@newlink={0x20, 0x11, 0xa2b, 0x0, 0x0, {0x0, 0x0, 0x0, r3}}, 0x20}}, 0x0) [ 337.190232][T11268] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'. [ 337.261439][T11275] device bridge_slave_0 left promiscuous mode [ 337.268496][T11275] bridge0: port 1(bridge_slave_0) entered disabled state [ 337.327505][ T32] audit: type=1804 audit(1595031236.746:303): pid=11277 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir070710994/syzkaller.fFUD1Q/106/bus" dev="sda1" ino=16019 res=1 [ 337.388843][T11272] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.2'. 00:13:56 executing program 3: r0 = openat$vcsu(0xffffff9c, 0x0, 0x20000, 0x0) read$midi(r0, &(0x7f0000000200)=""/165, 0xa5) [ 337.492246][ T32] audit: type=1804 audit(1595031236.766:304): pid=11277 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir070710994/syzkaller.fFUD1Q/106/bus" dev="sda1" ino=16019 res=1 00:13:57 executing program 0: open(&(0x7f00000001c0)='./bus\x00', 0x149043, 0x0) r0 = open(&(0x7f000000fffa)='./bus\x00', 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r0, 0x40046602, &(0x7f0000000000)) r1 = creat(&(0x7f0000000140)='./bus\x00', 0x0) fcntl$setstatus(r1, 0x4, 0x46000) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x6, &(0x7f00000004c0)=0x0) io_submit(r3, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r2, &(0x7f0000000000), 0x10000}]) r4 = open(0x0, 0x0, 0x0) sendfile(r1, r4, 0x0, 0x8400fffffffb) [ 337.652399][T11275] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'. [ 337.787987][ T3087] ip6_tunnel: ip6tnl4 xmit: Local address not yet configured! [ 337.796289][ T3087] ip6_tunnel: ip6tnl4 xmit: Local address not yet configured! [ 337.814509][ C0] ip6_tunnel: ip6tnl4 xmit: Local address not yet configured! 00:13:57 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x1d7) pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) write(r4, &(0x7f0000000180)='>', 0x1) ioctl$KDSETKEYCODE(r4, 0x4b4d, &(0x7f0000000140)={0x7fffffff, 0xbd}) sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000000c0)=ANY=[@ANYBLOB="200000001400010400d5000000e2fe5a23000000", @ANYRES32=r3, @ANYBLOB="080002"], 0x20}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000840)=@newlink={0x20, 0x11, 0xa2b, 0x0, 0x0, {0x0, 0x0, 0x0, r3}}, 0x20}}, 0x0) [ 337.916260][ T32] audit: type=1804 audit(1595031237.336:305): pid=11299 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir070710994/syzkaller.fFUD1Q/107/bus" dev="sda1" ino=16025 res=1 [ 337.940780][ T32] audit: type=1804 audit(1595031237.336:306): pid=11299 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir070710994/syzkaller.fFUD1Q/107/bus" dev="sda1" ino=16025 res=1 [ 337.966305][ C0] ip6_tunnel: ip6tnl4 xmit: Local address not yet configured! 00:13:57 executing program 4: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000300)={'bridge_slave_0\x00', 0x0}) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0, 0x3d2}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000002c0)=ANY=[@ANYBLOB="3400000010000104000002000000000000000000", @ANYRES32=r4, @ANYBLOB="0000000000000000140012000c000100627269646765"], 0x34}}, 0x0) r5 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f00000000c0)=@newlink={0x28, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, r1}, [@IFLA_MASTER={0x8, 0xa, r4}]}, 0x28}}, 0x0) r6 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000340)={'bridge_slave_0\x00', 0x0}) r8 = socket(0x10, 0x80002, 0x0) sendmsg$nl_route(r8, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000380)=@bridge_setlink={0x28, 0x13, 0xa29, 0x0, 0x0, {0x7, 0x0, 0x0, r7}, [@IFLA_AF_SPEC={0x8, 0xc, 0x0, 0x0, [@AF_BRIDGE={0x4}]}]}, 0x28}}, 0x0) r9 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r9, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f00000000c0)=@newlink={0x20, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, r4, 0x8009}}, 0x20}}, 0x0) 00:13:57 executing program 3: r0 = openat$vcsu(0xffffff9c, 0x0, 0x20000, 0x0) read$midi(r0, &(0x7f0000000200)=""/165, 0xa5) [ 338.064607][ C0] ip6_tunnel: ip6tnl4 xmit: Local address not yet configured! 00:13:57 executing program 0: open(&(0x7f00000001c0)='./bus\x00', 0x149043, 0x0) r0 = open(&(0x7f000000fffa)='./bus\x00', 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r0, 0x40046602, &(0x7f0000000000)) r1 = creat(&(0x7f0000000140)='./bus\x00', 0x0) fcntl$setstatus(r1, 0x4, 0x46000) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x6, &(0x7f00000004c0)=0x0) io_submit(r3, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r2, &(0x7f0000000000), 0x10000}]) r4 = open(0x0, 0x0, 0x0) sendfile(r1, r4, 0x0, 0x8400fffffffb) [ 338.192512][T11306] netlink: 'syz-executor.2': attribute type 2 has an invalid length. 00:13:57 executing program 5: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000300)={'bridge_slave_0\x00', 0x0}) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0, 0x3d2}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000002c0)=ANY=[@ANYBLOB="3400000010000104000002000000000000000000", @ANYRES32=r4, @ANYBLOB="0000000000000000140012000c000100627269646765"], 0x34}}, 0x0) r5 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f00000000c0)=@newlink={0x28, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, r1}, [@IFLA_MASTER={0x8, 0xa, r4}]}, 0x28}}, 0x0) r6 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000340)={'bridge_slave_0\x00', 0x0}) r8 = socket(0x10, 0x80002, 0x0) sendmsg$nl_route(r8, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000380)=@bridge_setlink={0x28, 0x13, 0xa29, 0x0, 0x0, {0x7, 0x0, 0x0, r7}, [@IFLA_AF_SPEC={0x8, 0xc, 0x0, 0x0, [@AF_BRIDGE={0x4}]}]}, 0x28}}, 0x0) r9 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r9, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f00000000c0)=@newlink={0x20, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, r4, 0x8009}}, 0x20}}, 0x0) 00:13:57 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x1d7) pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) write(r4, &(0x7f0000000180)='>', 0x1) ioctl$KDSETKEYCODE(r4, 0x4b4d, &(0x7f0000000140)={0x7fffffff, 0xbd}) sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000000c0)=ANY=[@ANYBLOB="200000001400010400d5000000e2fe5a23000000", @ANYRES32=r3, @ANYBLOB="080002"], 0x20}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000840)=@newlink={0x20, 0x11, 0xa2b, 0x0, 0x0, {0x0, 0x0, 0x0, r3}}, 0x20}}, 0x0) 00:13:57 executing program 1: r0 = gettid() waitid(0x2, r0, 0x0, 0x4, &(0x7f0000000000)) syz_mount_image$bfs(0x0, &(0x7f0000000240)='.\x00', 0x0, 0x0, 0x0, 0x400, 0x0) [ 338.479777][T11310] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'. 00:13:58 executing program 3: r0 = openat$vcsu(0xffffff9c, 0x0, 0x20000, 0x0) read$midi(r0, &(0x7f0000000200)=""/165, 0xa5) [ 338.539657][T11317] bridge1: port 1(bridge_slave_0) entered blocking state [ 338.547615][T11317] bridge1: port 1(bridge_slave_0) entered disabled state [ 338.557277][T11317] device bridge_slave_0 entered promiscuous mode [ 338.590414][T11319] netlink: 'syz-executor.2': attribute type 2 has an invalid length. [ 338.603348][T11310] bridge1: port 1(bridge_slave_0) entered blocking state [ 338.610697][T11310] bridge1: port 1(bridge_slave_0) entered forwarding state [ 338.675546][T11322] bridge1: port 1(bridge_slave_0) entered blocking state [ 338.682923][T11322] bridge1: port 1(bridge_slave_0) entered forwarding state [ 338.715484][ T32] audit: type=1804 audit(1595031238.136:307): pid=11323 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir070710994/syzkaller.fFUD1Q/108/bus" dev="sda1" ino=16005 res=1 00:13:58 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x1d7) pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) write(r4, &(0x7f0000000180)='>', 0x1) ioctl$KDSETKEYCODE(r4, 0x4b4d, &(0x7f0000000140)={0x7fffffff, 0xbd}) sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000000c0)=ANY=[@ANYBLOB="200000001400010400d5000000e2fe5a23000000", @ANYRES32=r3, @ANYBLOB="080002"], 0x20}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000840)=@newlink={0x20, 0x11, 0xa2b, 0x0, 0x0, {0x0, 0x0, 0x0, r3}}, 0x20}}, 0x0) [ 338.880931][ T32] audit: type=1804 audit(1595031238.156:308): pid=11320 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir070710994/syzkaller.fFUD1Q/108/bus" dev="sda1" ino=16005 res=1 00:13:58 executing program 0: open(&(0x7f00000001c0)='./bus\x00', 0x149043, 0x0) r0 = open(&(0x7f000000fffa)='./bus\x00', 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r0, 0x40046602, &(0x7f0000000000)) r1 = creat(&(0x7f0000000140)='./bus\x00', 0x0) fcntl$setstatus(r1, 0x4, 0x46000) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x6, &(0x7f00000004c0)=0x0) io_submit(r3, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r2, &(0x7f0000000000), 0x10000}]) r4 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(0xffffffffffffffff, r4, 0x0, 0x8400fffffffb) 00:13:58 executing program 3: r0 = openat$vcsu(0xffffff9c, &(0x7f00000001c0)='/dev/vcsu\x00', 0x0, 0x0) read$midi(r0, &(0x7f0000000200)=""/165, 0xa5) 00:13:58 executing program 4: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000300)={'bridge_slave_0\x00', 0x0}) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0, 0x3d2}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000002c0)=ANY=[@ANYBLOB="3400000010000104000002000000000000000000", @ANYRES32=r4, @ANYBLOB="0000000000000000140012000c000100627269646765"], 0x34}}, 0x0) r5 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f00000000c0)=@newlink={0x28, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, r1}, [@IFLA_MASTER={0x8, 0xa, r4}]}, 0x28}}, 0x0) r6 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000340)={'bridge_slave_0\x00', 0x0}) r8 = socket(0x10, 0x80002, 0x0) sendmsg$nl_route(r8, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000380)=@bridge_setlink={0x28, 0x13, 0xa29, 0x0, 0x0, {0x7, 0x0, 0x0, r7}, [@IFLA_AF_SPEC={0x8, 0xc, 0x0, 0x0, [@AF_BRIDGE={0x4}]}]}, 0x28}}, 0x0) r9 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r9, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f00000000c0)=@newlink={0x20, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, r4, 0x8009}}, 0x20}}, 0x0) 00:13:58 executing program 1: syz_mount_image$bfs(0x0, &(0x7f0000000240)='.\x00', 0x0, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000080)={0xffffffffffffffff}) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000280)={0x26, 'hash\x00', 0x0, 0x0, 'tgr192-generic\x00'}, 0x58) r2 = accept4(r1, 0x0, 0x0, 0x0) splice(r0, 0x0, r2, 0x0, 0x80000001, 0x0) openat$cgroup(r0, &(0x7f0000000000)='syz1\x00', 0x200002, 0x0) [ 339.245364][T11332] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.5'. [ 339.279665][T11334] netlink: 'syz-executor.2': attribute type 2 has an invalid length. [ 339.304496][T11336] device bridge_slave_0 left promiscuous mode [ 339.311452][T11336] bridge0: port 1(bridge_slave_0) entered disabled state [ 339.415811][ T32] audit: type=1804 audit(1595031238.836:309): pid=11338 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir070710994/syzkaller.fFUD1Q/109/bus" dev="sda1" ino=16015 res=1 [ 339.441351][ T32] audit: type=1804 audit(1595031238.836:310): pid=11338 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir070710994/syzkaller.fFUD1Q/109/bus" dev="sda1" ino=16015 res=1 [ 339.465841][ T32] audit: type=1804 audit(1595031238.836:311): pid=11338 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir070710994/syzkaller.fFUD1Q/109/bus" dev="sda1" ino=16015 res=1 00:13:59 executing program 3: r0 = openat$vcsu(0xffffff9c, &(0x7f00000001c0)='/dev/vcsu\x00', 0x0, 0x0) read$midi(r0, &(0x7f0000000200)=""/165, 0xa5) 00:13:59 executing program 0: open(&(0x7f00000001c0)='./bus\x00', 0x149043, 0x0) r0 = open(&(0x7f000000fffa)='./bus\x00', 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r0, 0x40046602, &(0x7f0000000000)) r1 = creat(&(0x7f0000000140)='./bus\x00', 0x0) fcntl$setstatus(r1, 0x4, 0x46000) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x6, &(0x7f00000004c0)=0x0) io_submit(r3, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r2, &(0x7f0000000000), 0x10000}]) r4 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(0xffffffffffffffff, r4, 0x0, 0x8400fffffffb) [ 339.736666][T11344] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'. [ 339.756134][T11348] device bridge_slave_0 left promiscuous mode [ 339.762950][T11348] bridge1: port 1(bridge_slave_0) entered disabled state [ 339.876724][T11348] bridge2: port 1(bridge_slave_0) entered blocking state [ 339.883983][T11348] bridge2: port 1(bridge_slave_0) entered disabled state [ 339.894277][T11348] device bridge_slave_0 entered promiscuous mode [ 339.910515][T11354] bridge2: port 1(bridge_slave_0) entered blocking state [ 339.917926][T11354] bridge2: port 1(bridge_slave_0) entered forwarding state [ 339.928107][T11350] bridge2: port 1(bridge_slave_0) entered blocking state [ 339.936031][T11350] bridge2: port 1(bridge_slave_0) entered forwarding state 00:13:59 executing program 5: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000300)={'bridge_slave_0\x00', 0x0}) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0, 0x3d2}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000002c0)=ANY=[@ANYBLOB="3400000010000104000002000000000000000000", @ANYRES32=r4, @ANYBLOB="0000000000000000140012000c000100627269646765"], 0x34}}, 0x0) r5 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f00000000c0)=@newlink={0x28, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, r1}, [@IFLA_MASTER={0x8, 0xa, r4}]}, 0x28}}, 0x0) r6 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000340)={'bridge_slave_0\x00', 0x0}) r8 = socket(0x10, 0x80002, 0x0) sendmsg$nl_route(r8, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000380)=@bridge_setlink={0x28, 0x13, 0xa29, 0x0, 0x0, {0x7, 0x0, 0x0, r7}, [@IFLA_AF_SPEC={0x8, 0xc, 0x0, 0x0, [@AF_BRIDGE={0x4}]}]}, 0x28}}, 0x0) r9 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r9, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f00000000c0)=@newlink={0x20, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, r4, 0x8009}}, 0x20}}, 0x0) 00:13:59 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x1d7) pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) write(r5, &(0x7f0000000180)='>', 0x1) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)=ANY=[@ANYBLOB="48000000100005060700"/20, @ANYRES32=r4, @ANYBLOB="0000000000000000280012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000000c0)=ANY=[@ANYBLOB="200000001400010400d5000000e2fe5a23000000", @ANYRES32=r4, @ANYBLOB="080002"], 0x20}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000840)=@newlink={0x20, 0x11, 0xa2b, 0x0, 0x0, {0x0, 0x0, 0x0, r4}}, 0x20}}, 0x0) 00:13:59 executing program 3: openat$vcsu(0xffffff9c, &(0x7f00000001c0)='/dev/vcsu\x00', 0x0, 0x0) read$midi(0xffffffffffffffff, &(0x7f0000000200)=""/165, 0xa5) [ 340.217770][ T32] audit: type=1804 audit(1595031239.636:312): pid=11362 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir070710994/syzkaller.fFUD1Q/110/bus" dev="sda1" ino=16006 res=1 00:13:59 executing program 4: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000300)={'bridge_slave_0\x00', 0x0}) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0, 0x3d2}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000002c0)=ANY=[@ANYBLOB="3400000010000104000002000000000000000000", @ANYRES32=r4, @ANYBLOB="0000000000000000140012000c000100627269646765"], 0x34}}, 0x0) r5 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f00000000c0)=@newlink={0x28, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, r1}, [@IFLA_MASTER={0x8, 0xa, r4}]}, 0x28}}, 0x0) r6 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000340)={'bridge_slave_0\x00', 0x0}) r8 = socket(0x10, 0x80002, 0x0) sendmsg$nl_route(r8, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000380)=@bridge_setlink={0x28, 0x13, 0xa29, 0x0, 0x0, {0x7, 0x0, 0x0, r7}, [@IFLA_AF_SPEC={0x8, 0xc, 0x0, 0x0, [@AF_BRIDGE={0x4}]}]}, 0x28}}, 0x0) r9 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r9, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f00000000c0)=@newlink={0x20, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, r4, 0x8009}}, 0x20}}, 0x0) [ 340.288960][T11361] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.2'. [ 340.358260][T11366] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.5'. [ 340.370554][T11361] netlink: 'syz-executor.2': attribute type 2 has an invalid length. 00:14:00 executing program 5: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000300)={'bridge_slave_0\x00', 0x0}) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0, 0x3d2}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000002c0)=ANY=[@ANYBLOB="3400000010000104000002000000000000000000", @ANYRES32=r4, @ANYBLOB="0000000000000000140012000c000100627269646765"], 0x34}}, 0x0) r5 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f00000000c0)=@newlink={0x28, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, r1}, [@IFLA_MASTER={0x8, 0xa, r4}]}, 0x28}}, 0x0) r6 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000340)={'bridge_slave_0\x00', 0x0}) r8 = socket(0x10, 0x80002, 0x0) sendmsg$nl_route(r8, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000380)=@bridge_setlink={0x28, 0x13, 0xa29, 0x0, 0x0, {0x7, 0x0, 0x0, r7}, [@IFLA_AF_SPEC={0x8, 0xc, 0x0, 0x0, [@AF_BRIDGE={0x4}]}]}, 0x28}}, 0x0) r9 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r9, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f00000000c0)=@newlink={0x20, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, r4, 0x8009}}, 0x20}}, 0x0) 00:14:00 executing program 3: openat$vcsu(0xffffff9c, &(0x7f00000001c0)='/dev/vcsu\x00', 0x0, 0x0) read$midi(0xffffffffffffffff, &(0x7f0000000200)=""/165, 0xa5) [ 340.622088][T11382] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'. 00:14:00 executing program 0: open(&(0x7f00000001c0)='./bus\x00', 0x149043, 0x0) r0 = open(&(0x7f000000fffa)='./bus\x00', 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r0, 0x40046602, &(0x7f0000000000)) r1 = creat(&(0x7f0000000140)='./bus\x00', 0x0) fcntl$setstatus(r1, 0x4, 0x46000) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x6, &(0x7f00000004c0)=0x0) io_submit(r3, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r2, &(0x7f0000000000), 0x10000}]) r4 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(0xffffffffffffffff, r4, 0x0, 0x8400fffffffb) [ 340.668320][T11382] device bridge_slave_0 left promiscuous mode [ 340.675338][T11382] bridge2: port 1(bridge_slave_0) entered disabled state 00:14:00 executing program 1: r0 = socket(0x40000000002, 0x3, 0x2) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000080)={'vlan0\x00', &(0x7f0000000000)=@ethtool_sset_info={0x17}}) fcntl$setpipe(r0, 0x407, 0x8) syz_mount_image$bfs(0x0, &(0x7f0000000240)='.\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 00:14:00 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x1d7) pipe(&(0x7f0000000080)) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)=ANY=[@ANYBLOB="48000000100005060700"/20, @ANYRES32=r4, @ANYBLOB="0000000000000000280012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000000c0)=ANY=[@ANYBLOB="200000001400010400d5000000e2fe5a23000000", @ANYRES32=r4, @ANYBLOB="080002"], 0x20}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000840)=@newlink={0x20, 0x11, 0xa2b, 0x0, 0x0, {0x0, 0x0, 0x0, r4}}, 0x20}}, 0x0) [ 340.720004][T11382] bridge3: port 1(bridge_slave_0) entered blocking state [ 340.727373][T11382] bridge3: port 1(bridge_slave_0) entered disabled state [ 340.737196][T11382] device bridge_slave_0 entered promiscuous mode [ 340.781656][T11385] bridge3: port 1(bridge_slave_0) entered blocking state [ 340.789011][T11385] bridge3: port 1(bridge_slave_0) entered forwarding state [ 341.025773][T11401] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.2'. 00:14:00 executing program 4: r0 = syz_init_net_socket$x25(0x9, 0x5, 0x0) ioctl$SIOCX25SFACILITIES(r0, 0x89e3, &(0x7f0000000000)={0x57, 0x0, 0x8, 0xb, 0x7fff}) [ 341.108750][T11397] bond0: (slave bridge_slave_0): slave is up - this may be due to an out of date ifenslave 00:14:00 executing program 3: openat$vcsu(0xffffff9c, &(0x7f00000001c0)='/dev/vcsu\x00', 0x0, 0x0) read$midi(0xffffffffffffffff, &(0x7f0000000200)=""/165, 0xa5) 00:14:00 executing program 0: open(&(0x7f00000001c0)='./bus\x00', 0x149043, 0x0) r0 = open(&(0x7f000000fffa)='./bus\x00', 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r0, 0x40046602, &(0x7f0000000000)) r1 = creat(&(0x7f0000000140)='./bus\x00', 0x0) fcntl$setstatus(r1, 0x4, 0x46000) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x6, &(0x7f00000004c0)=0x0) io_submit(r3, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r2, &(0x7f0000000000), 0x10000}]) open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r1, 0xffffffffffffffff, 0x0, 0x8400fffffffb) 00:14:00 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x1d7) pipe(&(0x7f0000000080)) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)=ANY=[@ANYBLOB="48000000100005060700"/20, @ANYRES32=r4, @ANYBLOB="0000000000000000280012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000000c0)=ANY=[@ANYBLOB="200000001400010400d5000000e2fe5a23000000", @ANYRES32=r4, @ANYBLOB="080002"], 0x20}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000840)=@newlink={0x20, 0x11, 0xa2b, 0x0, 0x0, {0x0, 0x0, 0x0, r4}}, 0x20}}, 0x0) 00:14:01 executing program 5: r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000900)='/dev/ppp\x00', 0x0, 0x0) ioctl$EVIOCGPROP(r0, 0xc004743e, &(0x7f0000000240)=""/254) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/ppp\x00', 0x0, 0x0) ioctl$EVIOCGPROP(r1, 0x4004743d, &(0x7f0000001080)=""/244) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) dup(r2) socket$inet6_udp(0xa, 0x2, 0x0) pselect6(0x40, &(0x7f0000000040), 0x0, &(0x7f0000000000)={0x1b3}, &(0x7f0000000200)={0x0, 0x1c9c380}, 0x0) [ 341.644559][ C0] ip6_tunnel: ip6tnl4 xmit: Local address not yet configured! 00:14:01 executing program 4: connect$bt_l2cap(0xffffffffffffffff, &(0x7f00000000c0), 0xe) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0xfea7) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x10012, r0, 0x0) r1 = socket$inet_dccp(0x2, 0x6, 0x0) getsockopt$inet_int(r1, 0x10d, 0xb8, 0x0, &(0x7f0000000080)) 00:14:01 executing program 3: r0 = openat$vcsu(0xffffff9c, &(0x7f00000001c0)='/dev/vcsu\x00', 0x0, 0x0) read$midi(r0, 0x0, 0x0) [ 341.911499][T11435] netlink: 'syz-executor.2': attribute type 2 has an invalid length. 00:14:01 executing program 0: open(&(0x7f00000001c0)='./bus\x00', 0x149043, 0x0) r0 = open(&(0x7f000000fffa)='./bus\x00', 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r0, 0x40046602, &(0x7f0000000000)) r1 = creat(&(0x7f0000000140)='./bus\x00', 0x0) fcntl$setstatus(r1, 0x4, 0x46000) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x6, &(0x7f00000004c0)=0x0) io_submit(r3, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r2, &(0x7f0000000000), 0x10000}]) open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r1, 0xffffffffffffffff, 0x0, 0x8400fffffffb) 00:14:01 executing program 3: r0 = openat$vcsu(0xffffff9c, &(0x7f00000001c0)='/dev/vcsu\x00', 0x0, 0x0) read$midi(r0, 0x0, 0x0) 00:14:01 executing program 4: connect$bt_l2cap(0xffffffffffffffff, &(0x7f00000000c0), 0xe) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0xfea7) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x10012, r0, 0x0) r1 = socket$inet_dccp(0x2, 0x6, 0x0) getsockopt$inet_int(r1, 0x10d, 0xb8, 0x0, &(0x7f0000000080)) 00:14:01 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x1d7) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)=ANY=[@ANYBLOB="48000000100005060700"/20, @ANYRES32=r4, @ANYBLOB="0000000000000000280012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000000c0)=ANY=[@ANYBLOB="200000001400010400d5000000e2fe5a23000000", @ANYRES32=r4, @ANYBLOB="080002"], 0x20}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000840)=@newlink={0x20, 0x11, 0xa2b, 0x0, 0x0, {0x0, 0x0, 0x0, r4}}, 0x20}}, 0x0) 00:14:01 executing program 5: getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0) openat$bsg(0xffffff9c, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xb7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)=ANY=[@ANYBLOB="18000000230047faffffff000000000004000002040010"], 0x18}}, 0x0) close(r0) [ 342.359488][ T32] kauditd_printk_skb: 9 callbacks suppressed [ 342.359546][ T32] audit: type=1804 audit(1595031241.776:322): pid=11453 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir070710994/syzkaller.fFUD1Q/113/bus" dev="sda1" ino=16038 res=1 [ 342.482847][ T32] audit: type=1804 audit(1595031241.806:323): pid=11452 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir070710994/syzkaller.fFUD1Q/113/bus" dev="sda1" ino=16038 res=1 [ 342.507825][ T32] audit: type=1804 audit(1595031241.816:324): pid=11452 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir070710994/syzkaller.fFUD1Q/113/bus" dev="sda1" ino=16038 res=1 00:14:02 executing program 0: open(&(0x7f00000001c0)='./bus\x00', 0x149043, 0x0) r0 = open(&(0x7f000000fffa)='./bus\x00', 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r0, 0x40046602, &(0x7f0000000000)) r1 = creat(&(0x7f0000000140)='./bus\x00', 0x0) fcntl$setstatus(r1, 0x4, 0x46000) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x6, &(0x7f00000004c0)=0x0) io_submit(r3, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r2, &(0x7f0000000000), 0x10000}]) open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r1, 0xffffffffffffffff, 0x0, 0x8400fffffffb) [ 342.630024][T11459] __nla_validate_parse: 2 callbacks suppressed [ 342.630055][T11459] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.2'. 00:14:02 executing program 3: r0 = openat$vcsu(0xffffff9c, &(0x7f00000001c0)='/dev/vcsu\x00', 0x0, 0x0) read$midi(r0, 0x0, 0x0) [ 342.722186][T11467] netlink: 'syz-executor.2': attribute type 2 has an invalid length. 00:14:02 executing program 4: connect$bt_l2cap(0xffffffffffffffff, &(0x7f00000000c0), 0xe) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0xfea7) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x10012, r0, 0x0) r1 = socket$inet_dccp(0x2, 0x6, 0x0) getsockopt$inet_int(r1, 0x10d, 0xb8, 0x0, &(0x7f0000000080)) [ 343.195340][ T32] audit: type=1804 audit(1595031242.616:325): pid=11500 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir070710994/syzkaller.fFUD1Q/114/bus" dev="sda1" ino=16036 res=1 [ 343.220099][ T32] audit: type=1804 audit(1595031242.616:326): pid=11496 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir070710994/syzkaller.fFUD1Q/114/bus" dev="sda1" ino=16036 res=1 00:14:02 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)=ANY=[@ANYBLOB="48000000100005060700"/20, @ANYRES32, @ANYBLOB="0000000000000000280012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000000c0)=ANY=[@ANYBLOB="200000001400010400d5000000e2fe5a23000000", @ANYRES32, @ANYBLOB="080002"], 0x20}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000840)=@newlink={0x20, 0x11, 0xa2b}, 0x20}}, 0x0) [ 343.245167][ T32] audit: type=1804 audit(1595031242.616:327): pid=11496 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir070710994/syzkaller.fFUD1Q/114/bus" dev="sda1" ino=16036 res=1 00:14:02 executing program 3: socketpair(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) pipe(&(0x7f0000000200)) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000000)) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x8946, &(0x7f00000025c0)='lo\x00\x96o\xd6Q\xb1Y\xa9\xc8J,`\xd2\x98\x00\x00\x00 ') 00:14:02 executing program 0: open(&(0x7f00000001c0)='./bus\x00', 0x149043, 0x0) r0 = open(&(0x7f000000fffa)='./bus\x00', 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r0, 0x40046602, &(0x7f0000000000)) r1 = creat(&(0x7f0000000140)='./bus\x00', 0x0) fcntl$setstatus(r1, 0x4, 0x46000) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x6, &(0x7f00000004c0)=0x0) io_submit(r3, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r2, &(0x7f0000000000), 0x10000}]) r4 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r1, r4, 0x0, 0x0) [ 343.580849][T11517] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.2'. 00:14:03 executing program 4: connect$bt_l2cap(0xffffffffffffffff, &(0x7f00000000c0), 0xe) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0xfea7) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x10012, r0, 0x0) r1 = socket$inet_dccp(0x2, 0x6, 0x0) getsockopt$inet_int(r1, 0x10d, 0xb8, 0x0, &(0x7f0000000080)) [ 343.631438][T11526] netlink: 'syz-executor.2': attribute type 2 has an invalid length. 00:14:03 executing program 5: getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0) openat$bsg(0xffffff9c, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xb7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)=ANY=[@ANYBLOB="18000000230047faffffff000000000004000002040010"], 0x18}}, 0x0) close(r0) 00:14:03 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="0000000000000000280012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000540)=ANY=[@ANYBLOB="20000000140001040000000000000000021f0000", @ANYRES32=r4, @ANYBLOB="08000200a0"], 0x20}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)=@newlink={0x20, 0x10, 0x411, 0x0, 0x0, {0x0, 0x0, 0x0, r4, 0x6861}}, 0x20}}, 0x0) 00:14:03 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)=ANY=[@ANYBLOB="48000000100005060700"/20, @ANYRES32, @ANYBLOB="0000000000000000280012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000000c0)=ANY=[@ANYBLOB="200000001400010400d5000000e2fe5a23000000", @ANYRES32, @ANYBLOB="080002"], 0x20}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000840)=@newlink={0x20, 0x11, 0xa2b}, 0x20}}, 0x0) [ 343.910811][ T32] audit: type=1804 audit(1595031243.326:328): pid=11532 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir070710994/syzkaller.fFUD1Q/115/bus" dev="sda1" ino=16039 res=1 [ 343.935274][ T32] audit: type=1804 audit(1595031243.326:329): pid=11529 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir070710994/syzkaller.fFUD1Q/115/bus" dev="sda1" ino=16039 res=1 [ 343.959721][ T32] audit: type=1804 audit(1595031243.326:330): pid=11529 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir070710994/syzkaller.fFUD1Q/115/bus" dev="sda1" ino=16039 res=1 [ 344.218038][T11539] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.3'. [ 344.271780][T11548] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.2'. 00:14:03 executing program 0: open(&(0x7f00000001c0)='./bus\x00', 0x149043, 0x0) r0 = open(&(0x7f000000fffa)='./bus\x00', 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r0, 0x40046602, &(0x7f0000000000)) r1 = creat(&(0x7f0000000140)='./bus\x00', 0x0) fcntl$setstatus(r1, 0x4, 0x46000) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x6, &(0x7f00000004c0)=0x0) io_submit(r3, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r2, &(0x7f0000000000), 0x10000}]) r4 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r1, r4, 0x0, 0x0) 00:14:03 executing program 4: r0 = syz_open_dev$ndb(&(0x7f0000000080)='/dev/nbd#\x00', 0x0, 0x0) r1 = socket(0x2, 0x1, 0x0) ioctl$NBD_SET_SOCK(r0, 0xab00, r1) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040)='nl80211\x00') sendmsg$NL80211_CMD_SET_BEACON(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000004c0)={0x14, r2, 0x1}, 0x14}}, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) r5 = socket$nl_route(0x10, 0x3, 0x0) r6 = socket$netlink(0x10, 0x3, 0x0) r7 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r7, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="4800000010000507000000000000c40000000000", @ANYRES32=r8, @ANYBLOB="0000000000000000280012000900010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r5, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r8, @ANYBLOB="00000000ffffffff00000000090001006866736300000000080002"], 0x38}}, 0x0) sendmsg$nl_route_sched(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x64, 0x28, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r8, {0xa}}, [@filter_kind_options=@f_cgroup={{0xb, 0x1, 'cgroup\x00'}, {0x34, 0x2, [@TCA_CGROUP_ACT={0x1c, 0x1, [@m_gact={0x18, 0x0, 0x0, 0x0, {{0x9, 0x1, 'gact\x00'}, {0x4}, {0x4}}}]}, @TCA_CGROUP_EMATCHES={0x14, 0x3, 0x0, 0x1, [@TCA_EMATCH_TREE_LIST={0x10, 0x2, 0x0, 0x1, [@TCF_EM_CONTAINER={0xc}]}]}]}}]}, 0x64}}, 0x0) sendmsg$nl_route_sched(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r8}}, 0x24}}, 0x0) sendmsg$NL80211_CMD_TRIGGER_SCAN(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000040)={&(0x7f00000000c0)={0x8c, r2, 0x200, 0x70bd25, 0x25dfdbfd, {}, [@NL80211_ATTR_SCHED_SCAN_MATCH={0x48, 0x84, 0x0, 0x1, [@NL80211_SCHED_SCAN_MATCH_PER_BAND_RSSI={0x44, 0x6, 0x0, 0x1, [@NL80211_BAND_6GHZ={0x8, 0x3, 0x3b2}, @NL80211_BAND_5GHZ={0x8, 0x1, 0x10000}, @NL80211_BAND_2GHZ={0x8, 0x0, 0xffff}, @NL80211_BAND_5GHZ={0x8, 0x1, 0x7fffffff}, @NL80211_BAND_5GHZ={0x8, 0x1, 0x10000}, @NL80211_BAND_5GHZ={0x8, 0x1, 0xff}, @NL80211_BAND_2GHZ={0x8, 0x0, 0x35fb}, @NL80211_BAND_6GHZ={0x8, 0x3, 0x9}]}]}, @NL80211_ATTR_TX_NO_CCK_RATE={0x4}, @NL80211_ATTR_IFINDEX={0x8, 0x3, r8}, @NL80211_ATTR_SCAN_FREQUENCIES={0x1c, 0x2c, 0x0, 0x1, [{0x8, 0x0, 0xfffffffb}, {0x8, 0x0, 0x40}, {0x8, 0x0, 0xf82c}]}, @NL80211_ATTR_SCHED_SCAN_RELATIVE_RSSI={0x5}]}, 0x8c}, 0x1, 0x0, 0x0, 0x4000}, 0x4048000) ioctl$NBD_DO_IT(r0, 0xab03) ioctl$NBD_SET_SIZE_BLOCKS(r0, 0xab07, 0x437) [ 344.421873][T11557] netlink: 'syz-executor.2': attribute type 2 has an invalid length. [ 344.443349][T11566] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.3'. [ 344.635006][T11574] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.4'. 00:14:04 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)=ANY=[@ANYBLOB="48000000100005060700"/20, @ANYRES32, @ANYBLOB="0000000000000000280012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000000c0)=ANY=[@ANYBLOB="200000001400010400d5000000e2fe5a23000000", @ANYRES32, @ANYBLOB="080002"], 0x20}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000840)=@newlink={0x20, 0x11, 0xa2b}, 0x20}}, 0x0) [ 344.675470][ T32] audit: type=1804 audit(1595031244.086:331): pid=11579 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir070710994/syzkaller.fFUD1Q/116/bus" dev="sda1" ino=16057 res=1 00:14:04 executing program 5: getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0) openat$bsg(0xffffff9c, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xb7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)=ANY=[@ANYBLOB="18000000230047faffffff000000000004000002040010"], 0x18}}, 0x0) close(r0) 00:14:04 executing program 3: mkdir(&(0x7f00000002c0)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000240)='./file0\x00', &(0x7f0000000300)='ramfs\x00', 0x0, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='.', 0x0, 0x0, 0x0) mount(&(0x7f0000000000), &(0x7f00000000c0)='.', 0x0, 0x23080, 0x0) mount(&(0x7f0000000080), &(0x7f0000187ff8)='.', 0x0, 0x5010, 0x0) mount(&(0x7f0000000080), &(0x7f0000000140)='.', 0x0, 0x5110, 0x0) [ 344.732343][T11580] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.4'. [ 344.833656][T11581] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'. [ 344.852975][ T2192] block nbd4: Receive control failed (result -107) 00:14:04 executing program 0: open(&(0x7f00000001c0)='./bus\x00', 0x149043, 0x0) r0 = open(&(0x7f000000fffa)='./bus\x00', 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r0, 0x40046602, &(0x7f0000000000)) r1 = creat(&(0x7f0000000140)='./bus\x00', 0x0) fcntl$setstatus(r1, 0x4, 0x46000) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x6, &(0x7f00000004c0)=0x0) io_submit(r3, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r2, &(0x7f0000000000), 0x10000}]) r4 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r1, r4, 0x0, 0x0) [ 344.958919][T11591] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.2'. [ 345.116495][T11594] netlink: 'syz-executor.2': attribute type 2 has an invalid length. [ 345.118156][T11572] block nbd4: shutting down sockets [ 345.363499][T11572] block nbd4: shutting down sockets 00:14:04 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x1d7) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)=ANY=[@ANYBLOB="48000000100005060700"/20, @ANYRES32=r4, @ANYBLOB="0000000000000000280012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000000c0)=ANY=[@ANYBLOB="200000001400010400d5000000e2fe5a23000000", @ANYRES32=r4, @ANYBLOB="080002"], 0x20}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000840)=@newlink={0x20, 0x11, 0xa2b, 0x0, 0x0, {0x0, 0x0, 0x0, r4}}, 0x20}}, 0x0) 00:14:05 executing program 0: r0 = socket(0x10, 0x803, 0x0) sendto(r0, &(0x7f0000cfefee)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000005cc0)=[{{0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000002c0)=""/140, 0x8c}, {&(0x7f0000000bc0)=""/15, 0xf}], 0x2}}], 0x1, 0x0, 0x0) recvmsg$can_bcm(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f00000006c0)=@pptp={0x18, 0x2, {0x0, @loopback}}, 0x80, &(0x7f0000000480)=[{&(0x7f0000000c00)=""/130, 0x82}, {&(0x7f0000000100)=""/57, 0x39}, {&(0x7f0000000e00)=""/215, 0xd7}, {&(0x7f00000001c0)=""/61, 0x3d}], 0x4}, 0x0) recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0x374, &(0x7f0000000380)=[{&(0x7f0000000040)=""/95, 0x14b}, {&(0x7f0000000140)=""/85, 0x20a}, {&(0x7f0000000fc0)=""/4096, 0xf2}, {&(0x7f0000000400)=""/106, 0x2ce}, {&(0x7f0000000740)=""/73, 0x3dd}, {&(0x7f0000000200)=""/77, 0x4d}, {&(0x7f00000007c0)=""/154, 0x40d}, {&(0x7f0000000000)=""/22, 0xa}], 0x81, &(0x7f0000000600)=""/191, 0x41}}], 0x4000000000003b4, 0x0, &(0x7f0000003700)={0x77359400}) [ 345.725337][T11574] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.4'. [ 345.979929][T11640] netlink: 'syz-executor.2': attribute type 2 has an invalid length. 00:14:05 executing program 4: r0 = syz_open_dev$ndb(&(0x7f0000000080)='/dev/nbd#\x00', 0x0, 0x0) r1 = socket(0x2, 0x1, 0x0) ioctl$NBD_SET_SOCK(r0, 0xab00, r1) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040)='nl80211\x00') sendmsg$NL80211_CMD_SET_BEACON(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000004c0)={0x14, r2, 0x1}, 0x14}}, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) r5 = socket$nl_route(0x10, 0x3, 0x0) r6 = socket$netlink(0x10, 0x3, 0x0) r7 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r7, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="4800000010000507000000000000c40000000000", @ANYRES32=r8, @ANYBLOB="0000000000000000280012000900010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r5, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r8, @ANYBLOB="00000000ffffffff00000000090001006866736300000000080002"], 0x38}}, 0x0) sendmsg$nl_route_sched(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x64, 0x28, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r8, {0xa}}, [@filter_kind_options=@f_cgroup={{0xb, 0x1, 'cgroup\x00'}, {0x34, 0x2, [@TCA_CGROUP_ACT={0x1c, 0x1, [@m_gact={0x18, 0x0, 0x0, 0x0, {{0x9, 0x1, 'gact\x00'}, {0x4}, {0x4}}}]}, @TCA_CGROUP_EMATCHES={0x14, 0x3, 0x0, 0x1, [@TCA_EMATCH_TREE_LIST={0x10, 0x2, 0x0, 0x1, [@TCF_EM_CONTAINER={0xc}]}]}]}}]}, 0x64}}, 0x0) sendmsg$nl_route_sched(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r8}}, 0x24}}, 0x0) sendmsg$NL80211_CMD_TRIGGER_SCAN(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000040)={&(0x7f00000000c0)={0x8c, r2, 0x200, 0x70bd25, 0x25dfdbfd, {}, [@NL80211_ATTR_SCHED_SCAN_MATCH={0x48, 0x84, 0x0, 0x1, [@NL80211_SCHED_SCAN_MATCH_PER_BAND_RSSI={0x44, 0x6, 0x0, 0x1, [@NL80211_BAND_6GHZ={0x8, 0x3, 0x3b2}, @NL80211_BAND_5GHZ={0x8, 0x1, 0x10000}, @NL80211_BAND_2GHZ={0x8, 0x0, 0xffff}, @NL80211_BAND_5GHZ={0x8, 0x1, 0x7fffffff}, @NL80211_BAND_5GHZ={0x8, 0x1, 0x10000}, @NL80211_BAND_5GHZ={0x8, 0x1, 0xff}, @NL80211_BAND_2GHZ={0x8, 0x0, 0x35fb}, @NL80211_BAND_6GHZ={0x8, 0x3, 0x9}]}]}, @NL80211_ATTR_TX_NO_CCK_RATE={0x4}, @NL80211_ATTR_IFINDEX={0x8, 0x3, r8}, @NL80211_ATTR_SCAN_FREQUENCIES={0x1c, 0x2c, 0x0, 0x1, [{0x8, 0x0, 0xfffffffb}, {0x8, 0x0, 0x40}, {0x8, 0x0, 0xf82c}]}, @NL80211_ATTR_SCHED_SCAN_RELATIVE_RSSI={0x5}]}, 0x8c}, 0x1, 0x0, 0x0, 0x4000}, 0x4048000) ioctl$NBD_DO_IT(r0, 0xab03) ioctl$NBD_SET_SIZE_BLOCKS(r0, 0xab07, 0x437) 00:14:05 executing program 5: getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0) openat$bsg(0xffffff9c, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xb7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)=ANY=[@ANYBLOB="18000000230047faffffff000000000004000002040010"], 0x18}}, 0x0) close(r0) 00:14:05 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x1d7) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)=ANY=[@ANYBLOB="48000000100005060700"/20, @ANYRES32=r4, @ANYBLOB="0000000000000000280012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000000c0)=ANY=[@ANYBLOB="200000001400010400d5000000e2fe5a23000000", @ANYRES32=r4, @ANYBLOB="080002"], 0x20}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000840)=@newlink={0x20, 0x11, 0xa2b, 0x0, 0x0, {0x0, 0x0, 0x0, r4}}, 0x20}}, 0x0) 00:14:05 executing program 0: socket$inet_icmp_raw(0x2, 0x3, 0x1) socket(0x1, 0x1, 0x0) openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) r0 = socket$inet6(0xa, 0x6, 0x0) listen(r0, 0x0) socket$inet6(0xa, 0x6, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200), 0x0) 00:14:05 executing program 3: mkdir(&(0x7f00000002c0)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000240)='./file0\x00', &(0x7f0000000300)='ramfs\x00', 0x0, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='.', 0x0, 0x0, 0x0) mount(&(0x7f0000000000), &(0x7f00000000c0)='.', 0x0, 0x23080, 0x0) mount(&(0x7f0000000080), &(0x7f0000187ff8)='.', 0x0, 0x5010, 0x0) mount(&(0x7f0000000080), &(0x7f0000000140)='.', 0x0, 0x5110, 0x0) [ 346.674799][T11584] block nbd4: Receive control failed (result -107) [ 346.827453][T11677] netlink: 'syz-executor.2': attribute type 2 has an invalid length. [ 346.869941][T11645] block nbd4: shutting down sockets 00:14:06 executing program 0: r0 = socket$kcm(0x10, 0x2, 0x10) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f00000001c0)='IPVS\x00') sendmsg$IPVS_CMD_NEW_DAEMON(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000080)={0x44, r1, 0x1, 0x0, 0x0, {}, [@IPVS_CMD_ATTR_DAEMON={0x30, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_STATE={0x8, 0x1, 0x2}, @IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'vcan0\x00'}, @IPVS_DAEMON_ATTR_SYNC_ID={0x8}, @IPVS_DAEMON_ATTR_SYNC_MAXLEN={0x6, 0x4, 0x6}]}]}, 0x44}}, 0x0) 00:14:06 executing program 4: r0 = syz_open_dev$ndb(&(0x7f0000000080)='/dev/nbd#\x00', 0x0, 0x0) r1 = socket(0x2, 0x1, 0x0) ioctl$NBD_SET_SOCK(r0, 0xab00, r1) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040)='nl80211\x00') sendmsg$NL80211_CMD_SET_BEACON(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000004c0)={0x14, r2, 0x1}, 0x14}}, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) r5 = socket$nl_route(0x10, 0x3, 0x0) r6 = socket$netlink(0x10, 0x3, 0x0) r7 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r7, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="4800000010000507000000000000c40000000000", @ANYRES32=r8, @ANYBLOB="0000000000000000280012000900010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r5, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r8, @ANYBLOB="00000000ffffffff00000000090001006866736300000000080002"], 0x38}}, 0x0) sendmsg$nl_route_sched(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x64, 0x28, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r8, {0xa}}, [@filter_kind_options=@f_cgroup={{0xb, 0x1, 'cgroup\x00'}, {0x34, 0x2, [@TCA_CGROUP_ACT={0x1c, 0x1, [@m_gact={0x18, 0x0, 0x0, 0x0, {{0x9, 0x1, 'gact\x00'}, {0x4}, {0x4}}}]}, @TCA_CGROUP_EMATCHES={0x14, 0x3, 0x0, 0x1, [@TCA_EMATCH_TREE_LIST={0x10, 0x2, 0x0, 0x1, [@TCF_EM_CONTAINER={0xc}]}]}]}}]}, 0x64}}, 0x0) sendmsg$nl_route_sched(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r8}}, 0x24}}, 0x0) sendmsg$NL80211_CMD_TRIGGER_SCAN(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000040)={&(0x7f00000000c0)={0x8c, r2, 0x200, 0x70bd25, 0x25dfdbfd, {}, [@NL80211_ATTR_SCHED_SCAN_MATCH={0x48, 0x84, 0x0, 0x1, [@NL80211_SCHED_SCAN_MATCH_PER_BAND_RSSI={0x44, 0x6, 0x0, 0x1, [@NL80211_BAND_6GHZ={0x8, 0x3, 0x3b2}, @NL80211_BAND_5GHZ={0x8, 0x1, 0x10000}, @NL80211_BAND_2GHZ={0x8, 0x0, 0xffff}, @NL80211_BAND_5GHZ={0x8, 0x1, 0x7fffffff}, @NL80211_BAND_5GHZ={0x8, 0x1, 0x10000}, @NL80211_BAND_5GHZ={0x8, 0x1, 0xff}, @NL80211_BAND_2GHZ={0x8, 0x0, 0x35fb}, @NL80211_BAND_6GHZ={0x8, 0x3, 0x9}]}]}, @NL80211_ATTR_TX_NO_CCK_RATE={0x4}, @NL80211_ATTR_IFINDEX={0x8, 0x3, r8}, @NL80211_ATTR_SCAN_FREQUENCIES={0x1c, 0x2c, 0x0, 0x1, [{0x8, 0x0, 0xfffffffb}, {0x8, 0x0, 0x40}, {0x8, 0x0, 0xf82c}]}, @NL80211_ATTR_SCHED_SCAN_RELATIVE_RSSI={0x5}]}, 0x8c}, 0x1, 0x0, 0x0, 0x4000}, 0x4048000) ioctl$NBD_DO_IT(r0, 0xab03) ioctl$NBD_SET_SIZE_BLOCKS(r0, 0xab07, 0x437) 00:14:06 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x1d7) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)=ANY=[@ANYBLOB="48000000100005060700"/20, @ANYRES32=r4, @ANYBLOB="0000000000000000280012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000000c0)=ANY=[@ANYBLOB="200000001400010400d5000000e2fe5a23000000", @ANYRES32=r4, @ANYBLOB="080002"], 0x20}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000840)=@newlink={0x20, 0x11, 0xa2b, 0x0, 0x0, {0x0, 0x0, 0x0, r4}}, 0x20}}, 0x0) [ 347.339947][T11697] IPVS: sync thread started: state = BACKUP, mcast_ifn = vcan0, syncid = 0, id = 0 00:14:06 executing program 5: perf_event_open(&(0x7f0000000180)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={0x0, 0x8}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 00:14:07 executing program 0: r0 = socket$unix(0x1, 0x5, 0x0) r1 = fcntl$dupfd(r0, 0x3, 0xffffffffffffffff) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) splice(r2, 0x0, r1, 0x0, 0x80000007fffffff, 0x0) write$binfmt_elf64(r3, &(0x7f0000000000)=ANY=[], 0xfffffd88) [ 347.620547][T11706] netlink: 'syz-executor.2': attribute type 2 has an invalid length. [ 347.671485][T11713] __nla_validate_parse: 8 callbacks suppressed [ 347.671516][T11713] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.4'. 00:14:07 executing program 3: mkdir(&(0x7f00000002c0)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000240)='./file0\x00', &(0x7f0000000300)='ramfs\x00', 0x0, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='.', 0x0, 0x0, 0x0) mount(&(0x7f0000000000), &(0x7f00000000c0)='.', 0x0, 0x23080, 0x0) mount(&(0x7f0000000080), &(0x7f0000187ff8)='.', 0x0, 0x5010, 0x0) mount(&(0x7f0000000080), &(0x7f0000000140)='.', 0x0, 0x5110, 0x0) [ 347.791518][T11584] block nbd4: Receive control failed (result -107) [ 347.823291][T11715] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'. 00:14:07 executing program 5: clone(0x3000000a0160101, 0x0, 0x0, 0x0, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0}, &(0x7f0000000280)=0x5) preadv(0xffffffffffffffff, 0x0, 0x0, 0x0) setresuid(0x0, r1, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x8, 0xe, &(0x7f0000000680)=ANY=[@ANYBLOB="b702000000400400bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000000000812d6405000000000025040000010000001704000009000a40b7040000000100006a0a00fe00000000850000001a000000b7000000000000009500000000000000a93e90832ff9d40a409f01f6147c8f6fd267bf410e76c540106f89ec68823ce3c4bcc4ce81e97719ea969f2a019a6137ad1efc966f1cfdc4ea29f673efc20c07ec082bc6de68ab0a5ebf4ee60253516cc871311ab25868e1d9a014263697ca83c57fc2ead0d85a2bcc922a3aa71489fa000000004bcff56cf5a84cefb43ea72351190a711fd2b83a3596d80729476ab7140606791e81960ea313ea74c2cde2dedd424a4596f98e3e70a6f1d8abce75f01dbb60bdf7316a4fed35f16ae8b3aa4c6dd4880c76e5837f39a161b050abc5a34588ea19114caebb79951084e7113c77ae25a0121de52e5e8cceddf2cb4b9895a592558509d6bc95bfb57834fdb2b8c0738fda3ea38c09e75b1f39ae8af2c746fbb43e3530767d8ee296487c0e650ead90030000008fee2e02ece680c0d3d19b2b62fc202240219f497e89548a2977f86137ecb5753dfc87f148ed2392ef113cbe241a98b4e8f3bf878f1dc0e115ddfe318f54369bc8dfd3a4ea21259ed518ae80606ef83d69b9d0d972b2211d05b2e31d61bf49ca69bdb022a6cff57d5f16769d1605e8045c6880b425f8575f863a7e1b7174281ab87fba93555853df9dbd3da536d88168217230eabfaf7ff9b0146acffea06f3b0ba7b7357ba84c953523e92ee8cc4d8be0050000002c305d59cb68bff089979504c71418bd62ec60cfae7d75ce2adc8d4b2eabae5937b47e07da3f62be170ac03ca60b10c8123a7ae91659fc79fc36c84dd1b2b8972c5c2544e3b50acd3b00000000000d62fae930c2308e2401bb761565ac4eda4ca118ebbe000000000000000000000000000000a52d598dbcfeb90dd310175435c843624027f7d55431a5756e4be9698bcd550c272c391cf24ea56d016e1f21b5999e1448f8784db63fd4f36ec14cc67fcdd41c8ba146dc7d3fb07df9687b95efcd74ad8d0b15234dab4da83fa33391a2925b49f6040087cfaa9f83a6cdb0e031d9eb6cbff6eba616992f3ba6c277e7820a84365d650b9f057394a543c3210df7268ec32ac38db9d3062571ec8eb3290bb4a823674e89cf1716d4bc9fac0c47d854632a1d943a9dc58e6f4d0b687a055983a46fdd52f3c87506ae419c604f62b56ad1420eca5484ee0092563332124c612f"], &(0x7f0000000100)='GPL\x00'}, 0x48) pipe(&(0x7f0000000140)={0xffffffffffffffff}) vmsplice(r2, &(0x7f0000000040)=[{&(0x7f0000000640)="8a", 0x1}], 0x1, 0x0) 00:14:07 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x1d7) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)=ANY=[@ANYBLOB="48000000100005060700"/20, @ANYRES32=r3, @ANYBLOB="0000000000000000280012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000000c0)=ANY=[@ANYBLOB="200000001400010400d5000000e2fe5a23000000", @ANYRES32=r3, @ANYBLOB="080002"], 0x20}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000840)=@newlink={0x20, 0x11, 0xa2b, 0x0, 0x0, {0x0, 0x0, 0x0, r3}}, 0x20}}, 0x0) [ 348.082006][T11698] block nbd4: shutting down sockets 00:14:07 executing program 4: r0 = syz_open_dev$ndb(&(0x7f0000000080)='/dev/nbd#\x00', 0x0, 0x0) r1 = socket(0x2, 0x1, 0x0) ioctl$NBD_SET_SOCK(r0, 0xab00, r1) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040)='nl80211\x00') sendmsg$NL80211_CMD_SET_BEACON(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000004c0)={0x14, r2, 0x1}, 0x14}}, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) r5 = socket$nl_route(0x10, 0x3, 0x0) r6 = socket$netlink(0x10, 0x3, 0x0) r7 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r7, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="4800000010000507000000000000c40000000000", @ANYRES32=r8, @ANYBLOB="0000000000000000280012000900010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r5, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r8, @ANYBLOB="00000000ffffffff00000000090001006866736300000000080002"], 0x38}}, 0x0) sendmsg$nl_route_sched(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x64, 0x28, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r8, {0xa}}, [@filter_kind_options=@f_cgroup={{0xb, 0x1, 'cgroup\x00'}, {0x34, 0x2, [@TCA_CGROUP_ACT={0x1c, 0x1, [@m_gact={0x18, 0x0, 0x0, 0x0, {{0x9, 0x1, 'gact\x00'}, {0x4}, {0x4}}}]}, @TCA_CGROUP_EMATCHES={0x14, 0x3, 0x0, 0x1, [@TCA_EMATCH_TREE_LIST={0x10, 0x2, 0x0, 0x1, [@TCF_EM_CONTAINER={0xc}]}]}]}}]}, 0x64}}, 0x0) sendmsg$nl_route_sched(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r8}}, 0x24}}, 0x0) sendmsg$NL80211_CMD_TRIGGER_SCAN(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000040)={&(0x7f00000000c0)={0x8c, r2, 0x200, 0x70bd25, 0x25dfdbfd, {}, [@NL80211_ATTR_SCHED_SCAN_MATCH={0x48, 0x84, 0x0, 0x1, [@NL80211_SCHED_SCAN_MATCH_PER_BAND_RSSI={0x44, 0x6, 0x0, 0x1, [@NL80211_BAND_6GHZ={0x8, 0x3, 0x3b2}, @NL80211_BAND_5GHZ={0x8, 0x1, 0x10000}, @NL80211_BAND_2GHZ={0x8, 0x0, 0xffff}, @NL80211_BAND_5GHZ={0x8, 0x1, 0x7fffffff}, @NL80211_BAND_5GHZ={0x8, 0x1, 0x10000}, @NL80211_BAND_5GHZ={0x8, 0x1, 0xff}, @NL80211_BAND_2GHZ={0x8, 0x0, 0x35fb}, @NL80211_BAND_6GHZ={0x8, 0x3, 0x9}]}]}, @NL80211_ATTR_TX_NO_CCK_RATE={0x4}, @NL80211_ATTR_IFINDEX={0x8, 0x3, r8}, @NL80211_ATTR_SCAN_FREQUENCIES={0x1c, 0x2c, 0x0, 0x1, [{0x8, 0x0, 0xfffffffb}, {0x8, 0x0, 0x40}, {0x8, 0x0, 0xf82c}]}, @NL80211_ATTR_SCHED_SCAN_RELATIVE_RSSI={0x5}]}, 0x8c}, 0x1, 0x0, 0x0, 0x4000}, 0x4048000) ioctl$NBD_DO_IT(r0, 0xab03) ioctl$NBD_SET_SIZE_BLOCKS(r0, 0xab07, 0x437) [ 348.441598][T11734] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.2'. [ 348.649921][T11738] netlink: 'syz-executor.2': attribute type 2 has an invalid length. [ 348.679673][T11743] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.4'. 00:14:08 executing program 3: mkdir(&(0x7f00000002c0)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000240)='./file0\x00', &(0x7f0000000300)='ramfs\x00', 0x0, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='.', 0x0, 0x0, 0x0) mount(&(0x7f0000000000), &(0x7f00000000c0)='.', 0x0, 0x23080, 0x0) mount(&(0x7f0000000080), &(0x7f0000187ff8)='.', 0x0, 0x5010, 0x0) mount(&(0x7f0000000080), &(0x7f0000000140)='.', 0x0, 0x5110, 0x0) [ 348.748229][T11748] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.4'. [ 348.824562][T11749] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'. 00:14:08 executing program 0: r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x200000e, 0x13, r0, 0x0) ioctl$BLKPBSZGET(r0, 0x127b, &(0x7f0000000080)) [ 348.870562][T11584] block nbd4: Receive control failed (result -107) 00:14:08 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x1d7) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)=ANY=[@ANYBLOB="48000000100005060700"/20, @ANYRES32=r3, @ANYBLOB="0000000000000000280012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000000c0)=ANY=[@ANYBLOB="200000001400010400d5000000e2fe5a23000000", @ANYRES32=r3, @ANYBLOB="080002"], 0x20}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000840)=@newlink={0x20, 0x11, 0xa2b, 0x0, 0x0, {0x0, 0x0, 0x0, r3}}, 0x20}}, 0x0) [ 349.143333][T11739] block nbd4: shutting down sockets 00:14:08 executing program 5: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_MSG_GETFLOWTABLE(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000180)={0x20, 0x17, 0xa, 0x801, 0x0, 0x0, {}, [@NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz1\x00'}]}, 0x20}}, 0x0) [ 349.294447][T11767] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.2'. 00:14:08 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0, "8000"}) r1 = syz_open_pts(r0, 0x0) ioctl$TCSETSF(r1, 0x540d, 0x0) 00:14:08 executing program 0: r0 = socket(0x11, 0x800000003, 0x0) r1 = socket(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000600)={'team0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000800)=@newqdisc={0x88, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_mqprio={{0xb, 0x1, 'mqprio\x00'}, {0x58, 0x2, {{0x1, [0x0, 0x0, 0x0, 0x0, 0x3]}}}}]}, 0x88}}, 0x0) [ 349.484464][ C0] ip6_tunnel: ip6tnl4 xmit: Local address not yet configured! [ 349.560771][T11770] netlink: 'syz-executor.2': attribute type 2 has an invalid length. 00:14:09 executing program 1: pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = syz_open_dev$audion(&(0x7f0000000040)='/dev/audio#\x00', 0x1, 0x402) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER(r1, 0x84, 0x7b, &(0x7f00000000c0)={0x0, 0x5}, 0x8) write(r0, &(0x7f0000000180)="ce", 0x1) ioctl$PPPIOCATTACH(r0, 0x4004743d, &(0x7f0000000000)=0x2) syz_mount_image$bfs(0x0, &(0x7f0000000240)='.\x00', 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(0xffffffffffffffff, 0xc00c642e, &(0x7f00000003c0)={0x0, 0x0, 0xffffffffffffffff}) pwrite64(r2, &(0x7f0000000400), 0x0, 0x6e19) socket$nl_audit(0x10, 0x3, 0x9) 00:14:09 executing program 5: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)={0x1c, 0x36, 0x119, 0x0, 0x0, {0x3}, [@typed={0x4}, @nested={0x4, 0x1}]}, 0x1c}}, 0x0) 00:14:09 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x1d7) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)=ANY=[@ANYBLOB="48000000100005060700"/20, @ANYRES32=r3, @ANYBLOB="0000000000000000280012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000000c0)=ANY=[@ANYBLOB="200000001400010400d5000000e2fe5a23000000", @ANYRES32=r3, @ANYBLOB="080002"], 0x20}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000840)=@newlink={0x20, 0x11, 0xa2b, 0x0, 0x0, {0x0, 0x0, 0x0, r3}}, 0x20}}, 0x0) 00:14:09 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0, "8000"}) r1 = syz_open_pts(r0, 0x0) ioctl$TCSETSF(r1, 0x540d, 0x0) 00:14:09 executing program 3: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000200)={0x26, 'hash\x00', 0x0, 0x0, 'md5\x00'}, 0x58) r1 = accept4(r0, 0x0, 0x0, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000300)='net/if_inet6\x00') sendfile(r1, r2, 0x0, 0x76) 00:14:09 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000b7a000)={0x8, 0x4, &(0x7f0000000240)=@framed={{}, [@alu={0x8000000201a7fe3, 0x0, 0x7, 0x61, 0x0, 0x43}]}, &(0x7f0000000000)='GPL\x00', 0x5, 0x3e2, &(0x7f00001a7f05)=""/251}, 0x34) [ 350.084211][T11789] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.2'. [ 350.168171][T11793] netlink: 'syz-executor.2': attribute type 2 has an invalid length. 00:14:09 executing program 5: setrlimit(0x7, &(0x7f0000000000)) mq_open(&(0x7f0000000040)='vboxnet1\x00', 0x0, 0x0, 0x0) 00:14:09 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x1d7) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)=ANY=[@ANYBLOB="48000000100005060700"/20, @ANYRES32=r3, @ANYBLOB="0000000000000000280012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000000c0)=ANY=[@ANYBLOB="200000001400010400d5000000e2fe5a23000000", @ANYRES32=r3, @ANYBLOB="080002"], 0x20}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000840)=@newlink={0x20, 0x11, 0xa2b, 0x0, 0x0, {0x0, 0x0, 0x0, r3}}, 0x20}}, 0x0) 00:14:09 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0, "8000"}) r1 = syz_open_pts(r0, 0x0) ioctl$TCSETSF(r1, 0x540d, 0x0) 00:14:09 executing program 3: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000200)={0x26, 'hash\x00', 0x0, 0x0, 'md5\x00'}, 0x58) r1 = accept4(r0, 0x0, 0x0, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000300)='net/if_inet6\x00') sendfile(r1, r2, 0x0, 0x76) 00:14:10 executing program 0: syz_emit_ethernet(0x42, &(0x7f0000000000)={@broadcast, @remote, @void, {@ipv4={0x800, @icmp={{0x6, 0x4, 0x0, 0x0, 0x34, 0x0, 0x0, 0x0, 0x1, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @rand_addr=0x64010102, {[@noop, @lsrr={0x83, 0x3}]}}, @time_exceeded={0x5, 0x0, 0x0, 0x3, 0x0, 0x0, {0x5, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @dev}}}}}}, 0x0) [ 350.640119][T11811] netlink: 'syz-executor.2': attribute type 2 has an invalid length. 00:14:10 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x1d7) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)=ANY=[@ANYBLOB="48000000100005060700"/20, @ANYRES32=r3, @ANYBLOB="0000000000000000280012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000000c0)=ANY=[@ANYBLOB="200000001400010400d5000000e2fe5a23000000", @ANYRES32=r3, @ANYBLOB="080002"], 0x20}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000840)=@newlink={0x20, 0x11, 0xa2b, 0x0, 0x0, {0x0, 0x0, 0x0, r3}}, 0x20}}, 0x0) 00:14:10 executing program 1: syz_mount_image$bfs(0x0, &(0x7f0000000240)='.\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) syz_mount_image$iso9660(&(0x7f0000000140)='iso9660\x00', &(0x7f0000000180)='./file0\x00', 0x6a, 0x8, &(0x7f0000001880)=[{&(0x7f0000000380)="2ea7cba355502c2d0b8d4a34b1bd3218d597a7bfae83bb83f5c0a03a2722dc66175c24f977febba11f23d31814944570b2facc115d90f82873719834e2e14a364485cf2eede3140b7297db9ff4c644c7a8ab934c33cbbe36d7a0f49121c67deb9f5a3a0b0b7ef0bacc68fc8c3b27ddd431c5f8ec34f95ba17492c654dd1196c7ff7f22dae6414c73b719f974aca2c2c02ddcaefe7ad67710067da6f1fbb4d28c078062c465d95a130bcb83886f3e7d", 0xaf, 0x1000}, {&(0x7f0000000440)="86451af564cf15ebc91174c40023696b62dac09f7fb3ad4529daa1aba1b0f0e62e8a6b3a7fa8261a52c6f2ef591c649c95e588145ec4cb55263f27c936407e3aa7f60a418e2e4c8033b0d7efe04d612fe94e0fd57af8632499ebd22976a0e8150eb5ce6f9d5ef4d40117e253039cf455a25bce566bd0186985fadd9cb2f676452b101115bfbb5ec1362138457cad74a4eb3a7cffe252468a12eee9c442c3410edd45fd4e1b67ecb270c8bf9900d1ebbf71303edbebca69775ebc12fce84881e72e3ce7f6c771922cb5dac5ba142a9e3301cadbda", 0xd4, 0x932}, {&(0x7f0000000540)="88416a0df251deb0ddaae1300af4755fad10856ef21495e15c59d10f5a056333c4edf3cfd052810c7c990bb52c5c4d67d5ed102408b4b1801ba6d880c0575eeb473b649926b6cac12e4c73cc099cbecf7931d84505e7d06b4cb875481512b6cf0b8c7497f0ed06893b7a0a139c17956855965a85f34db8978f399972b8905b9243e50fbca0465452eb063b80d67e7b9bc3b172b89ea575e73481bc6b3eb71530e43aaa23151eb1ec5dbd32e34da3bab321ef08d5b1cda01252476523745bf36b72eb8bd03e916ac5017531dd913e156f", 0xd0, 0x5}, {&(0x7f0000000200)="4d7fc14a18886e1cbb55e0", 0xb, 0x4}, {&(0x7f0000000640)="80d383b68afba3e9a00a0255fc8b0de1452781ec234b0c5312a499ffbebbe0bb443b05d206ff17dcfad946ade61822778555757d3dbf339685b1790014da13cdfbb40b1a658354ee9156ef5b0c7a5fe0ae5f03a16156a8094a7fd778e6c647481a25fb5ba698aa5ffe555d0ed3588d825b2922ca837335df80af7f36009ca2f75338d80d7bec11e21757f81f602c848a03570de75f60d83ddbdc757a581dcd83594b0e36b9b3c5fda5c0d05b1ffa029714e0dc2c772f6c82f23cdef21d4d9b028647ae5b97d479cd791f323873e37d4184fc5aac83e338eec8e5131740fbed9285f83c1254a9559b5c399ba5b989cdea9a60030608defe84fe026a98170d002280d92c6b8b0b1111f73c4f68d6361531b67ab11f698071e915b11c1714b7eacf18675fc669d0bfb03f4c2099e110026bcd3325ca15c94026ba3fd795c84d04d5e84e150e7d0fabf307b6ef54ebde438a2bb8c70802ad043b1dcd3de5237d0d8c958924beb58cf5db0a145bb10f6bc6fd7ebd3e165f7721ecca0b47afec833637648c331640e3214664eea293cce2f8fcc96392dd70aeb1fed5e6284ba16ca91d95b8836a35c636c54dffe52a2cd938735bda0b6595a4fa01613fe78726e0284f0be0e979ea47a89d5a3841c6c2899a5477cf5dc01166e005411010203efc1ef74c98997141ec38cf494ed860cfd78a262cf8b0cc6ee6ed3bab19dae1fa0b74d3261b368282a4a2b0f7b7a1100dff4181deec17e480bbf04bbb1b516d19c393d36499c855d91ca161f1ea62e9b8270931343bdbbbbad543ab3c0f8bb103a711779caac563e084ba8dc2e2b985a015cdc61f01d6832a38648c7419215551b30fc45eaf6e5103a697a5461f223a71315f52b31775480ac1df0780a413196df0260b398390441677541bc610b82dc70ffbbc8dd90971d67479a6f7deefb66edfaff3b1d57ef860c49d4254c44234c5014d577c9959e5c1ddd080452478cbf0732153995635b2fe4003f856bf4ebae0b36284782dab6ded1f26284cda6e42626581ee8c4fdcd8ad2349f75c3930704dc387214e5a7ff8d21a2914acbec9307e9c5ae3723a2f698033e493fb7b75f9dbfda389b40348adb1ee2695ecd6a9be5ea902c7c88d47afb9fa88696aee53c551970517cfbe454c38120b6a460402a2e5a5b98f29704d2f640f719fe5d7b5443bd192acd7a0b1ce42de09b9902d7bd192a1384e9f4c6d618e3b4a5cc8c381f88b67e5c53f0fced7d17590ac57633637f25b0077ba12ddde18c9711e54a13df529705bf33f5e4ea50e569d0e5b9da5807bcbe5e40aa3e886808168805ce732db94b269dbac78de81a56400ba0f92aa66b1d28de2e0a1580e71b6b9da95a0d68837b7719f10d76d952a1f2dce049d6e3a3e16ebc710ab44eb510e668b17ef6d3b245a624a511e2d4d875e211edd8484d2ddf6e01ddad2c4b4bf09df771391e8f509b710b6be7da0c40e7b3546d3e3029bda044caf699e7d32f45a8c80cd2e9c6c48f8fd7a96264e581699ffca7a7b0f92c26f8e52af6930873871e254b81f65d17a70cce688da3dbb16524b1cb9bfb9af50b0a4b8c80e223372e48e0170313e88d1d422163ab730ee1d7e8606771a319bbc1e3a495f0864a8f473d68297b94dee5efb8d34b295cd98b45b74ad2edf53419d3be8f89d04c22e2ac8e460f114234696489204e5e12612bfe50ddc9a7e3c848fa476c78a1ac9e1273d0a47d931cc1b97102540f956e962d051be3a7fa9b944785dc3ab23a11c830c7e3af4dfbccb354a39d279a01a1c1a60cab55e6907a5db1ad44e131fcf168d1224a076e220b94ad32a4e5cb733b785928f8a259b8c5dd9692b0aa90cf3309e0512748b05219de24f3d89c4dc140c6a521b83d95a3c71fed2c9e689ca73fefb7b5f905c04abeb5c554991ddac2f6103a162858e128250e46ed5543e20b744bdeffae546972eb895acf43959bc10bbd422987a7bd719f09c32d39beba48166e9e8a6e8f1f4cbdf8232c1360a08a5549dbaffdd1d87995c3294178bb7a5ffc532a825fb5985e3248e122fe8bf994fd3040d3381748d6ce6b6e8ce9631515343b54e0941d69f1b77c8ec746ab6d659f29b57b8e961aa1069be779788df52d735012c416f12dbbd9ee3b4d450020971462adaa98d9592843d46012f1ddd1c88a09d9cc84b12459ce2398d83affa8cfd50bcf213dfaf098c866a1c610d2ffe0f42293b4c6a20c572149491daca1b8179885bbd32e07829745bdbf83b049a7021005d79b8a69bc8c8779659341338a8f7c186599d7d6ee0887ec95335676baf70e4210d81da991ffb775a9b7e8b12bcc17b52382441b82a9aca939af9a3a2f73943b02eaf1947aa738638942f4d3212f2da7c83e771636c045da1f2c113e673392c8c0f9c53963cec6ad6a260fe1391e2bbdc84f341b5193f92743eb7e8b0cdbc8345e99b34f1a6ccf5b78b0be5d0e981416134d50fb9f1d0b733e626bdc9be3b01e60e2e3a801bf7ffc7ba04cc3a752070e95da1ef9ef22efe3c1f9ccdee07cc9f71f3be097faab5cbd38e933303be439b5f82a9a5e590822071de044a3a1556df78fafc5ab9e1d6a81e7b42a10785e772127afa86e9c97fb68cf25485edbc9dfd94daf826bf35f4a9a515cbb4a4b48d3b61282f1610a26da3916aa7483307bf84d3abf914608e99d252f3a1921e9f67f676b097a776257dd5e085a5289706ed5f8165adb046d9c77c19d024be80b704a495ccb28874841b7158027bb917a610ed55db1343750f5860b2eb839ebf15d53cceef952a66188cd1d9acf69f1fcbd69fabd76a3ad9e3d2d43f697710a4c18990a5dd64170b0b9668288a26f789524f6b29071dc70484d053eaf51d31c56e12d9bce5ec4bc11a772993df46bb713a3b52180e59fb758117bd106b075c663ddad1aca4743397ec916cb3a125c5845602f8ea68c4804401084a0ce548bb219307f13730e35e04c94a951fb50321f4debbe99e54ea0d61a768626a6142578f5e03c8d73e678eb844723aabd433a8d12d542bd82973415cac84a731151aa2d431587c76e78aa91ded1504efb300d0902de19032c21bb76ce8391266bb4fc0a9118e481db34525d9ba35a37555d4be2ea1b8611d4d734d513cfbb1cb8d16b3620e679746f3598224fe8d21b4e752ef4e30faf64950c92e4a6190e66c5737085be04728d8d018226473ae656f380c1a08de043abf54f7abc17f91cffd58d859097b2ccbef1179813408e17245ab0803a5fe9b9fe858398388ae854eccf4dd5a4d54f617d70b500e14b4148cfcc854b82a23c01fba48d966d964e248f7bf86f5ae0697632dc0777d7115b83b3133a311795d94ee00666a6479fbc8125023823e97154fa4473f44880090a5a481072f315e5cfe74bc9648e6396e1045c93f08366714c9b4ad81ce59d2dfcdf685365f54b72a11d1767341438bf39533803155075678a0f40b2c490580eb9ec604bb413d7d470e232216da055acd64dbb841097973bcdd19894d6483efbee08d1b72d549bb22923b424007ba10bed1df14557a708eb52770a7e1f73f53c836716c1280cf0e4840c88e85805ffc2bf0c83593f68cd20c82990771dd6b2fddf0ead17911efff196882a70255ee908c69945ec94ac8197a3b698e7d839f9b157f5efac294fc2523f4a1ef414529f2e68953f574d8f979b4b366fd1f60e57170cc0ad31eb60f48fe72c16b4b877b024269a3304f6569808c3650d3edb22c7ef1255cf196dff478d26767b3a03bb90a174db6108963956f382dab1930c9dfd3cadac4e7ee048d8d690db41c7102135ada29dadccdf181e7bf1c49025ad1450cd689b4e9845349e611623e48f63aaaace94e09284712d09b8010e66289a4924acd080fb0ebe9dba7c8e7b543fd8ec030746612a23515aa7b149e0922ccea25a726c3c09315260b9e70465933c39964278ddb9d2cbbd32ae19d915d7bd4ab591932cf661d0a52252e8a6ea0e77abe2ea82b8ebc77e72d74fd67b1af75018579ec1eae1d7cb0b899f9137185ba58abce002cfcecb632cbf0dc6c4ccc710764a99ca04bf88c028ee1d77dee73bbf5ca2164033fca62ab77bf8b74ca61d2e4ccbb84e3b5ae4f39530a681b2b1ea90d703ada033ff151cef12d486eea3e7303af4f6e1ea3497e64418db83058e8f4f297a343b513d2836de4b39424cc3b7494ef742913165b0e7fdf6bde7cad1caf6dbe4b41d5e8d9d86bc2eb5e35b6a97e8c7e3a3a528dd0115779702c9af5cc7caa70de015b13d24eb92250ef717c9537125761a0fd6aeb48018accd48de5157d631075193c5943f2e81c7d843e6452867cc81a50c653e0586df85172f0c1b37455d906267e0e88a72783c5e10ca3f8ed4cfeaeec89b8aa2e4c31e89690a2f3f07dbb9538bdfec373f621474e20841866b197ff97379d68ff3601da391d34da52f16760d58c68818b828e60ee5a17f6e59861fafe55ed1043749b77d9f3f6716428d25d48ed77137799026d85a485ba9c2dac0c5059623ab4e5cb16513c0fd97fb92ca236f77299bd575eba426c96560754d7081310bfe7f0397d2cb106e63786fb0ff1b692b647ab73e95ff714cd810961993d3c6731d96fb75f3abdc69d6a4ab945895188089d5974ede8a95a450efd458a44a8dc1ffac15346afbafd2599073a25b13bcad747b93983718cf1d6e76f4fa91d4ba2f142c74631028fe67dac48c02775039ed07b286a3e94d282d6233d18e824d42f8dbe7491022b8ec9c2e6f67c0d2e22539b5ae043f7acfd359ac5c0daa363bcfb7e91d89901bfb8957ab8db0016bf8c72d4c924d261e277ca7bb0affe4a8093a5f3868bdda7bdea5dfafe70a4c609258d1164f770e899de8aa36c73e9a2bf7cf60bf3c33032fc80f629401248fbad384c46186c7fd5a7839e0981e1e462c94281effe9b4c39363830e0514bd1763b0b52da219368f808a17b68b91c52b794d56c400580fe7e517b2333768e799c73417c5882a861e5a7a9a705106efa09b4a7f5d287029a02a6180142390194e9cef9bcaea268a606dad48638992df6ae4fc55225e5c798a561ee390d86542e9aebf3337bc9ae8a3190384590fb39c7fa62c7906fe1d3a1da6b2fc74f52cdaef7e97fe701dc7796e1f29c0a5ef9f94dddad2b8c3ee35c6a10cb3ae34a1729d050bca0153f717af51686fe1de70034a41a6686e0522c371d23d3d2397def06880471ffa12d9aad0fa389ca8e55e84b6f52b392dd383fb129597e2a807d93e92f7fda7d7aba7eeae478811c050f90f2aa4792e5d5b5454f6d5a0ec5b8795b7248443856ab037b802aac27904f27c5eaaccc7590f9631e962edfd1fc97edcce1efafff814d7fb89f836b03f501decfa43b86eccda3b60d68737736e4b98185c99b9c3fab1a8f8fdf61554412af58498ed99dfcdeb8a39fdce5d3b8e1babebe953de865e17c99d058b0f89c75bbbb17e7ee6bd752240deb810dc4ef57d5b0dbb57f504ceacf2ec856c08a84c574d64d9858f2a0c59ee1c32fbe469cefc2a365331eff197703d4f81ddfdc9dbc10cab967d2ee9b5e915807b7acf7a66c7bc92fc15b191d05565c7b9775b2f656a95cbb08eeadd8a18c60a22bb03b31528c754c64589d74062e381883a8d556b4c4463d6d8d923bd6fb0c9218eca4311797bdeb90086ad405b99fd918b050d2d84069285abdc9d8dd49328e5928e897848b4e9869b0b6f202a15e5b8e7ec7bd5c9f0361b683ae2cf58c4143e9d27fecfa1f41f1179fe8be3813bc238d3d1bfbd4ed3a63692c64dfc19b182adc18978d75", 0x1000, 0xc3}, {&(0x7f0000001640)="da3707d5ee74334a74db104cd1bed122811acfd70174c0a8324a918361ad54aba7b54c66b56e975ce61ed5be33f842bd5731635966a38607aed8e28126eb5c7441496936991a22275cd05ce26ec46b9de89b91c240cad7ca961fe802bee1cfda5b0691e93c30ebfc7703f7bbbee0ae74382f1c71e0e1bda6fb2a69ffd82cc0a369d8380da2d83cb0866e994105c9014512948294741039fedc6f0ebd493251156d87882f72a24efe98f290aa6ef0b458e6d6f73c83230b562f", 0xb9, 0x24}, {&(0x7f0000001700)="9efdb1b225da749907bb6449d03ae10f84e8fdf13ed933ed90355e2ba7b00b2b2762539cf109af339b5f32cd93ee590b91e74ce0b44d48adabae65bb8bc4179954884028dc9db9eb51e779a5a2b3d77065e7a7ea0b211756cac04b520b50db219d3adaf7759e78d685176f2e500ab91028c49d992718e1b0b971fede12d14c3692b89d7953de513cb17f7e05a400131e2e3cef7ad5e1e6f10e44474f40046d414b895fb68592e27e0e53d91106dcc5dd1456d894069cd72c824708a8b0dc3c8eefa7f5a55594f394825c9f9ecba16699967fa9929ae016ba8d985b7cccd53d", 0xdf, 0x3f}, {&(0x7f0000001800)="42fc59a8c4a91c243380d5df1e182e594da9c8734710d37d4ba932d9cc6811375e5d38d055daad0f90d92e043e9b26d8f1a4306a77085365b85a3eb1b68417a07a2271", 0x43, 0xf5}], 0x28, &(0x7f0000001900)={[{@nojoliet='nojoliet'}, {@check_relaxed='check=relaxed'}], [{@mask={'mask', 0x3d, '^MAY_EXEC'}}]}) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f00000001c0)='IPVS\x00') sendmsg$IPVS_CMD_NEW_DAEMON(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000300)={0x44, r1, 0x1, 0x0, 0x0, {}, [@IPVS_CMD_ATTR_DAEMON={0x30, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_STATE={0x8}, @IPVS_DAEMON_ATTR_SYNC_ID={0x8}, @IPVS_DAEMON_ATTR_MCAST_TTL={0x5, 0x8, 0x20}, @IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'veth1_to_hsr\x00'}]}]}, 0x44}}, 0x0) sendmsg$IPVS_CMD_GET_DAEMON(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f00000000c0)={&(0x7f0000000040)={0x60, r1, 0x400, 0x70bd2a, 0x25dfdbff, {}, [@IPVS_CMD_ATTR_DAEMON={0x4c, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_SYNC_ID={0x8}, @IPVS_DAEMON_ATTR_SYNC_MAXLEN={0x6, 0x4, 0x5}, @IPVS_DAEMON_ATTR_MCAST_GROUP={0x8, 0x5, @loopback}, @IPVS_DAEMON_ATTR_STATE={0x8, 0x1, 0x1}, @IPVS_DAEMON_ATTR_MCAST_GROUP={0x8, 0x5, @loopback}, @IPVS_DAEMON_ATTR_MCAST_GROUP={0x8, 0x5, @loopback}, @IPVS_DAEMON_ATTR_SYNC_MAXLEN={0x6, 0x4, 0xfff}, @IPVS_DAEMON_ATTR_MCAST_GROUP={0x8, 0x5, @multicast1}, @IPVS_DAEMON_ATTR_MCAST_GROUP={0x8, 0x5, @dev={0xac, 0x14, 0x14, 0x2d}}]}]}, 0x60}}, 0x24000090) 00:14:10 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_CPUID(r2, 0x4008ae8a, &(0x7f0000000380)=ANY=[@ANYBLOB="03000000000020c3067d3100020000090400000000000000f6ffffff0000000001000000000000fffffffffffffff3100000f2ffff0700000a00000072"]) 00:14:10 executing program 3: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000200)={0x26, 'hash\x00', 0x0, 0x0, 'md5\x00'}, 0x58) r1 = accept4(r0, 0x0, 0x0, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000300)='net/if_inet6\x00') sendfile(r1, r2, 0x0, 0x76) [ 351.027146][T11823] netlink: 'syz-executor.2': attribute type 2 has an invalid length. 00:14:10 executing program 0: r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000140)='/dev/rtc0\x00', 0x0, 0x0) r1 = socket$vsock_stream(0x28, 0x1, 0x0) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r2, 0x0) ioctl$RTC_IRQP_SET(r0, 0x4008700c, 0x17a0) 00:14:10 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0, "8000"}) r1 = syz_open_pts(r0, 0x0) ioctl$TCSETSF(r1, 0x540d, 0x0) [ 351.251186][T11832] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. 00:14:10 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x1d7) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)=ANY=[@ANYBLOB="48000000100005060700"/20, @ANYRES32=r3, @ANYBLOB="0000000000000000280012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000000c0)=ANY=[@ANYBLOB="200000001400010400d5000000e2fe5a23000000", @ANYRES32=r3, @ANYBLOB="080002"], 0x20}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000840)=@newlink={0x20, 0x11, 0xa2b, 0x0, 0x0, {0x0, 0x0, 0x0, r3}}, 0x20}}, 0x0) 00:14:10 executing program 1: openat$6lowpan_enable(0xffffff9c, &(0x7f0000000000)='/sys/kernel/debug/bluetooth/6lowpan_enable\x00', 0x2, 0x0) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000080)={'vlan0\x00', &(0x7f0000000000)=@ethtool_sset_info={0x17}}) sendmsg$RDMA_NLDEV_CMD_NEWLINK(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000140)={&(0x7f0000000080)={0xb0, 0x1403, 0x224, 0x70bd2b, 0x25dfdbfd, "", [{{0x9, 0x2, 'syz2\x00'}, {0x8, 0x41, 'siw\x00'}, {0x14, 0x33, 'team0\x00'}}, {{0x9, 0x2, 'syz0\x00'}, {0x8, 0x41, 'siw\x00'}, {0x14, 0x33, 'veth0_to_team\x00'}}, {{0x9, 0x2, 'syz0\x00'}, {0x8, 0x41, 'rxe\x00'}, {0x14, 0x33, 'netdevsim0\x00'}}, {{0x9, 0x2, 'syz0\x00'}, {0x8, 0x41, 'rxe\x00'}, {0x14, 0x33, 'rose0\x00'}}]}, 0xb0}, 0x1, 0x0, 0x0, 0x714dc059fcb683b5}, 0xc011) syz_mount_image$bfs(0x0, &(0x7f0000000240)='.\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 00:14:10 executing program 3: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000200)={0x26, 'hash\x00', 0x0, 0x0, 'md5\x00'}, 0x58) r1 = accept4(r0, 0x0, 0x0, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000300)='net/if_inet6\x00') sendfile(r1, r2, 0x0, 0x76) 00:14:11 executing program 4: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$nl_route(0x10, 0x3, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x3}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) splice(r0, 0x0, r2, 0x0, 0x1420000a77, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)=ANY=[@ANYBLOB="4800000010001fff000005fbffffff0000000000", @ANYRES32, @ANYBLOB="0000004001000000280012800a00010076786c616e00000018000280140001"], 0x3}}, 0x0) write$binfmt_elf64(r1, &(0x7f0000000000)=ANY=[], 0xfffffd88) 00:14:11 executing program 0: setsockopt$inet6_group_source_req(0xffffffffffffffff, 0x29, 0x0, &(0x7f0000000000)={0x1, {{0xa, 0x0, 0x0, @mcast2}}, {{0xa, 0x0, 0x0, @ipv4}}}, 0x108) r0 = socket$inet6_sctp(0xa, 0x5, 0x84) r1 = socket$inet(0x2, 0x80001, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r1, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000040)=0x8) setsockopt$inet_sctp6_SCTP_AUTH_ACTIVE_KEY(r0, 0x84, 0x23, &(0x7f0000000000)={r2}, 0x8) 00:14:11 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e22}, 0x1c) listen(r0, 0x0) syz_emit_ethernet(0x92, &(0x7f0000000180)={@local, @link_local, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "3bbbf3", 0x5c, 0x6, 0x0, @remote, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x17, 0xc2, 0x0, 0x0, 0x0, {[@sack={0x4, 0x6, [0x0]}, @exp_smc={0xfe, 0x6}, @timestamp={0x8, 0xa}, @mptcp=@mp_fclose={0x1e, 0xc}, @md5sig={0x13, 0x12, "f5e5b555bd9092fc56ce4d8155bf0046"}, @sack={0x5, 0x12, [0x0, 0x0, 0x0, 0x0]}]}}}}}}}}, 0x0) [ 351.693698][T11849] netlink: 'syz-executor.2': attribute type 2 has an invalid length. 00:14:11 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x1d7) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)=ANY=[@ANYBLOB="48000000100005060700"/20, @ANYRES32=r3, @ANYBLOB="0000000000000000280012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000000c0)=ANY=[@ANYBLOB="200000001400010400d5000000e2fe5a23000000", @ANYRES32=r3, @ANYBLOB="080002"], 0x20}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000840)=@newlink={0x20, 0x11, 0xa2b, 0x0, 0x0, {0x0, 0x0, 0x0, r3}}, 0x20}}, 0x0) 00:14:11 executing program 1: r0 = socket(0x40000000002, 0x3, 0x2) r1 = socket(0x40000000002, 0x3, 0x2) ioctl$sock_SIOCETHTOOL(r1, 0x8946, &(0x7f0000000080)={'vlan0\x00', &(0x7f0000000000)=@ethtool_sset_info={0x17}}) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000080)={'vlan0\x00', &(0x7f00000000c0)=ANY=[@ANYRES32=r1]}) setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0x7, &(0x7f0000000040)={0x2, 0xfff, 0x5, 0x8001}, 0x10) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$FIONCLEX(r2, 0x5450) setsockopt$IP6T_SO_SET_REPLACE(r2, 0x29, 0x40, &(0x7f0000000780)=@raw={'raw\x00', 0x3c1, 0x3, 0x309, 0x0, 0x17c, 0x17c, 0x17c, 0x5, 0x260, 0x260, 0x260, 0x260, 0x260, 0x3, 0x0, {[{{@ipv6={@remote, @loopback={0x0, 0xed00}, [], [], 'ipvlan1\x00', 'rose0\x00'}, 0x0, 0x114, 0x17c, 0x52020000, {}, [@common=@unspec=@connbytes={{0x38, 'connbytes\x00'}}, @common=@unspec=@statistic={{0x38, 'statistic\x00'}}]}, @unspec=@CT1={0x68, 'CT\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 'netbios-ns\x00', 'syz1\x00'}}}, {{@uncond, 0x0, 0xa4, 0xe4}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[], 0x0, 0xa4, 0xc8}, {0x24}}}}, 0x384) syz_mount_image$bfs(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x60, 0x0, 0x0, 0x0) 00:14:11 executing program 0: ioprio_set$pid(0x1, 0xffffffffffffffff, 0x0) [ 351.946816][T11862] TCP: request_sock_TCPv6: Possible SYN flooding on port 20002. Sending cookies. Check SNMP counters. [ 351.983342][T11861] netlink: 'syz-executor.4': attribute type 1 has an invalid length. 00:14:11 executing program 3: syz_mount_image$iso9660(&(0x7f0000000080)='iso9660\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000100)={[{@norock='norock'}, {@sbsector={'sbsector'}}]}) [ 352.131675][T11870] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.2'. 00:14:11 executing program 5: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) write$binfmt_elf64(r0, &(0x7f0000000040)={{0x1b, 0x5b, 0x7, 0x7, 0x31, 0x0, 0x31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x106d, 0x40}}, 0x40) 00:14:11 executing program 0: r0 = getpid() sched_setaffinity(r0, 0x8, &(0x7f0000000000)=0xe55) r1 = creat(&(0x7f0000000240)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f0000000080)='threaded\x00', 0xfffffe58) socketpair$unix(0x1, 0x400000000000002, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$sock_int(r2, 0x1, 0x7, &(0x7f0000000080), 0x4) sendmmsg$unix(r2, &(0x7f00000bd000), 0x80, 0x0) connect$unix(r2, &(0x7f00002ffff6)=@file={0x0, './file0\x00'}, 0xa) 00:14:11 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x1d7) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)=ANY=[@ANYBLOB="48000000100005060700"/20, @ANYRES32=r3, @ANYBLOB="0000000000000000280012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000000c0)=ANY=[@ANYBLOB="200000001400010400d5000000e2fe5a23000000", @ANYRES32=r3, @ANYBLOB="080002"], 0x20}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000840)=@newlink={0x20, 0x11, 0xa2b, 0x0, 0x0, {0x0, 0x0, 0x0, r3}}, 0x20}}, 0x0) 00:14:12 executing program 1: syz_mount_image$bfs(0x0, &(0x7f0000000240)='.\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r0 = socket(0x40000000002, 0x3, 0x2) r1 = socket(0x40000000002, 0x3, 0x2) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000140)={0x8, &(0x7f0000000040)=[{0x0, 0x5, 0xa9, 0x401}, {0x20, 0x59, 0x6, 0x80000001}, {0x8, 0x64, 0x3, 0xfffffff9}, {0x3, 0x3e, 0x80, 0x4}, {0x7, 0x6, 0x0, 0x7}, {0xe5, 0x1, 0xff, 0x23}, {0x1, 0x1, 0x7, 0xfff}, {0xfff, 0x6, 0x5, 0x3}]}) ioctl$sock_SIOCETHTOOL(r1, 0x8946, &(0x7f0000000080)={'vlan0\x00', &(0x7f0000000280)=ANY=[@ANYBLOB="17000000000000000000000000000000afafb1cc770dc875b0468ebac0c49e77ff85f2dcf00391eba253acaa05ef5661145e89228288b234187c89cf252598f19d2721dcc59dc75780c34a330806f2a16cb1a555dd05746d9c847b31add80005f33ed04a35e31f5a893cdfca7b393085f13c789eadf04c939f6a502a54fb2e5cd0fda05d7b00a29cd519036d5c62fabecb749a2ca0852b7c1c4f9ff3fc44269d3173a25081da7ad939bf8e53fba236756c83ec472fbfa17e65de20f4e6f27fc59849b02404ecb1a9390fcfe82063e855aeb2b02628f5a87ac736a83960c4f336c7992f0f5fb7f8995f05da89feedfc71a42d3a5549f85abccfd376353727e6054a3e8e61a24f8c06f5f78641ae7530cf2edf1d0fcecd4f8f42f0217f82fde16f3e197f8378a1b8ddbbd22b6ca5cbde0160019a828167938142c595ba12d49f41436e2409818abc19d19e4a2b9d202ce6117a851c36db2a021eaa69af9c46aef3e44bc281c6b965e606d242d1d8e0ba2b"]}) r2 = socket(0x40000000002, 0x3, 0x2) ioctl$sock_SIOCETHTOOL(r2, 0x8946, &(0x7f0000000080)={'vlan0\x00', &(0x7f0000000000)=ANY=[@ANYBLOB="010000000000000000000000002c0000"]}) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000080)={'vlan0\x00', &(0x7f00000000c0)=ANY=[@ANYBLOB="059a0408000002000000", @ANYBLOB="cb95e64c7e57ea93c8050245ea5a803cd72a8bc671cad442f03cbd27fce97b785dcbb9dcb361a99ad542bb1682b5fdc450a074de757bafb4d4b3800fdbea840bc126e1e6c21d8ffc8b7c6a2a6568a1de876f9238c46a879c6564456b07327a56050b04f7c5aba59f4c", @ANYRES16=r1, @ANYRES16=r2]}) fcntl$F_GET_FILE_RW_HINT(r0, 0x40d, &(0x7f0000000000)) [ 352.630132][T11887] ISOFS: Unable to identify CD-ROM format. 00:14:12 executing program 4: pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1) r2 = socket$packet(0x11, 0x3, 0x300) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0x5, &(0x7f0000000bc0)=ANY=[@ANYBLOB="bf16000000000000b7070000ff030000487000000000000050000000000000009500000000000000e83d24a3aa019c13bd23212fb56fa54f0b71d0e6adfefc41d86b60717142fa9ea4318123741c0a0f168c1886bfa2a3ad358061011fbc5b873beffe5398bd2ec800974a0000503ceb9fc474c2a10000800077beee1cebf45fab73962fa8f6296b32a8343881dcc7b1b85f3c3daccd3641110bec4e90a61965c39e4b3449abe802f5ab1c89cf6c662ed4048d3b3e22278d00031e5388ee5c9a7ddd58211d0400001fcadf95e5a4725837074e468ee23fd2f73902ebcfcf49822775985bf31b715f58cd9732543852451840fa868cb211624f40401691721715f46e0080000000000002a663739a190a4e825c908c08bc85c857ec5a57cb706eef32a3ed12d63c9c4c508530e173650a8a8f2a9c81bc9ee437bccbe158024d8d4939e6fd9adc43f0f4b049218db92bf466e934330ed79bc9f626d68b0000600057d14854eef851bc8c62c90a29192730f5927fd0df6b94ea0b852d495085ff4eabaac9606f0497958c2c357a7124a69f6770ea6702bc53896a15fad5e55c64efd217450a975221b20d78e445e3da74a3c1c0f2d1818b696492287860d914283f8d687b0bdb46261277671bba2c550bfef679bddf38ab35eaaf0268c4efa45b56a188a9195044a222ec06bb49784d5605139ca29108d87c4832e4295bf8889e5db2a70f6a83d4b3cdc13e46d276856de6d895704ba344ae12bd121ffc4f5d2ae03f0227dcc4f38699d3db16f69ed45e918b07ce58bf176e253364fed16b128584f897400d4f5503a6e9ea4a480e3221f3c247ee8c55e487eaa25a7689689c9c305da4b0181f0f653fec399fcc0cc800e82bde039cc29c19b538c76e65642875bddbef61e5985751d9ebd37d2f32375357b5d2b4dc2412941260c4bf23baa6a7119038380f7029a292f1ad05000000e4e801a819aef69d081e2cacaa8ad1b4ca6df5dc37962ebc5337379e00645b6d2bec249c0612510000000000a7060d8d9b9ad109b62d1dab0eec6beabc76d765b9ca87474e9a13366010cd9558b30399772ddfe89be4338e70d0ecfed537780a31fcaf4acaf9bd3711a4359d68ec71b0693ede07e6d18e797697901fbae4a9d9966b68eadae75ef1cc92290bcc7b8c34b8931b0818a57e5136fb8c73283b17d8fd55c2b8d31cdc82429a021d377e477ea807cc00919ee8bfbd94d434f67609cfde887fb5bb072572b421d6b1fdae83e5e250190628d02d01f978323fe36685e652ceb218a9cc9e125a4880faccaf5ac2345f20b1ee403885796e91d0bc75c7e95d23904dc446e0201aafea0d3f4cc0cf285ccd000000000100005aee418db0a9fe6fe78479d043cca3f99b031a999a4686905441c1fa62ed20328a10690432f59a4d3e05bd00997ea2b6f5213cb883d05b620f31869f6cce80f1ae445a9ed7e3c5f3aa61bfd240cb9726bc512ba0eb1f68579c76144feb0100809f12bcf79c4d57f66703c2aee08e520623e1b7555dc7481128ed0bab22dcb6e5a6ac5e4010c631eaf2510fa455aabfdc80c771755c60b4ca232bc85c6c38b30899a688d96a6c6dc0dd4309a230b22bc6e248bf47b6e1c5077c9ba463329323b53910e7358b4d0c6882c590cf25e4d044a6afb10a070f285e3c94ed405aa8dc41718dd36eedddd309d4c7b2c1bd4e98dcf4bf474868538aad9a23f8d4f10fa97ef23f37915a707e325c10a9f22e37c4213d0ca2910726de8e62d2e3ae7f64e40c7af3dc00a3b70cf607869c5a11a03bce8aa43fa010348bc249420ba5e344fcdcb302548e577135f69cf5fd535800284d32ffff000088ccd685f07309101a3196b705479897f4c9d97c4c7b77db7b1596b4305d5e954a34385418e66528bc94b70300000066dab8c4e63debff054621a0ac7dc55a14cb7616ca23f04493d3cd1c79282c3aa8f6e4a1c27315256131aaab707451c14747dfa3bb5f8725a98f6d3c797573f18810bf378e38107ece5cc1cf3b98975e9254248af60de2f04e2429d9b6eba525fd1b1b665f77710fa49426eb32e775acd535fc78697ac980573c12112317ad2a029c75b86aa972ef35e9916f0000000000002c8ee5ec55cc858e0d3687eb6acd59ccc4974d7e53d0a1f4ea4477022c9f376b3191efeb46be3c174fb2b4cbc9c03fba9923923715540556450f12d1645177ce3eca0d65d17dc8af92cfabc5745148eff51a224faf9d42eee3538453499e829bda469048c70e5968375feb39e6918e591a38d228304c79ad9c376bdaf0650e212eb4185cbbb6c0dc0e699afc7cd2519cd9b192228ff8817d68f97b18402d271036067c141b911c4e0207e2c9d33ac203f440e1a065a2d227c6ec860d6bc85fb3a48348c1fe7144ec680c0dac7b5906a6197c8173080c9ab3ecb72820f0ee36d744b20fae962c4a42e4a43ee3f325f93edb3a204b9c9dc8953375782fd560039eaf61c6878714fa6a6a5b4190e37c83076f248d91f166676b54781c6855c5e067ab2c2c73123356fff80883a95a25c738f4e7cbb075e10f5c3639610605657738182fec7ac0b3790638508c002bd5c4013531fed4eda48c84d95ae938cae2a60b1c0000000000000090773efdadf1e7b3f0bd5406a42e28b783cc8ec7ea7991da27147ba8d27a4f79df6fc75f09cc70f82b364a1fcac8cb108b4f5811b8d55549a8b885175d87373d9372d5e70d434567937dbd6ad5b5afee75a3624a5c8d42b605e7f699cf0c16914df6663f690bc8291ee0877e84f0836c7e029a739d131517ab551482639e0b6d9fcc5602a481d08c736c5ed7caddfd8d0b00ff891f6473ee1cfca4c3808cd2501ab10ed8c60e2ead1000af323ba1df4493677e3d0a71c7d7425d3aac2c12bdbd2ef7851bd3f0416f9edb192cf4c6eed5c4059d5ba4cce7c1adebeb81284ba18da2fa8d2fe91e0ed7a7"], &(0x7f0000000140)='GPL\x00'}, 0x48) setsockopt$sock_attach_bpf(r2, 0x1, 0x32, &(0x7f0000000000)=r3, 0x4) close(r1) r4 = socket$inet6(0xa, 0x3, 0x8) connect$inet6(r4, &(0x7f0000000040)={0xa, 0x0, 0x0, @dev, 0x6}, 0x1c) splice(r0, 0x0, r1, 0x0, 0x7fffffff, 0x0) [ 352.856740][T11887] ISOFS: Unable to identify CD-ROM format. [ 352.922076][T11899] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.2'. 00:14:12 executing program 3: r0 = syz_open_procfs(0x0, &(0x7f0000000080)='net/snmp\x00') mmap$IORING_OFF_CQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x0, 0x11, r0, 0x8000000) 00:14:12 executing program 5: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x420000015001}) r1 = socket(0x1, 0x3, 0x0) ioctl$sock_SIOCSIFVLAN_ADD_VLAN_CMD(r1, 0x8983, &(0x7f0000000100)={0x0, 'syzkaller1\x00'}) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$sock_SIOCSIFVLAN_ADD_VLAN_CMD(r2, 0x8983, &(0x7f0000000080)={0x0, 'syzkaller1\x00', {0x804}}) close(r0) 00:14:12 executing program 1: syz_mount_image$bfs(0x0, &(0x7f0000000240)='.\x00', 0x8, 0x0, 0x0, 0x0, 0x0) clock_settime(0x2, &(0x7f0000000000)={0x0, 0x3938700}) pipe(&(0x7f0000000080)={0xffffffffffffffff}) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000280)={0x26, 'hash\x00', 0x0, 0x0, 'tgr192-generic\x00'}, 0x58) r2 = accept4(r1, 0x0, 0x0, 0x0) splice(r0, 0x0, r2, 0x0, 0x80000001, 0x0) ioctl$KVM_GET_REGS(r0, 0x8090ae81, &(0x7f00000000c0)) pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) write(r3, &(0x7f0000000180)='>', 0x1) ioctl$TUNSETOFFLOAD(r3, 0x400454d0, 0xc) 00:14:12 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x1d7) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)=ANY=[@ANYBLOB="48000000100005060700"/20, @ANYRES32=r3, @ANYBLOB="0000000000000000280012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000000c0)=ANY=[@ANYBLOB="200000001400010400d5000000e2fe5a23000000", @ANYRES32=r3, @ANYBLOB="080002"], 0x20}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000840)=@newlink={0x20, 0x11, 0xa2b, 0x0, 0x0, {0x0, 0x0, 0x0, r3}}, 0x20}}, 0x0) [ 353.699401][T11915] syz-executor.4 (11915) used greatest stack depth: 3896 bytes left 00:14:13 executing program 0: pipe(&(0x7f0000000100)) r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x1, 0x803, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x7) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newlink={0xa0, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x7a}, [@IFLA_LINKINFO={0x78, 0x12, 0x0, 0x1, @vlan={{0x9, 0x1, 'vlan\x00'}, {0x68, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_EGRESS_QOS={0x40, 0x3, 0x0, 0x1, [@IFLA_VLAN_QOS_MAPPING={0xc}, @IFLA_VLAN_QOS_MAPPING={0xc, 0x1, {0x0, 0x4}}, @IFLA_VLAN_QOS_MAPPING={0xc}, @IFLA_VLAN_QOS_MAPPING={0xc}, @IFLA_VLAN_QOS_MAPPING={0xc, 0x1, {0x0, 0x5}}]}, @IFLA_VLAN_INGRESS_QOS={0x1c, 0x4, 0x0, 0x1, [@IFLA_VLAN_QOS_MAPPING={0xc, 0x1, {0x8001}}, @IFLA_VLAN_QOS_MAPPING={0xc, 0x1, {0x0, 0x9}}]}]}}}, @IFLA_LINK={0x8, 0x5, r2}]}, 0xa0}}, 0x0) 00:14:13 executing program 3: r0 = syz_open_procfs(0x0, &(0x7f0000000080)='net/snmp\x00') mmap$IORING_OFF_CQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x0, 0x11, r0, 0x8000000) [ 353.958809][T11945] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.2'. 00:14:13 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_CPUID(r2, 0x4008ae8a, &(0x7f0000000080)={0x1, 0x0, [{}]}) 00:14:13 executing program 5: unshare(0x2040400) clone(0x20108100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = bpf$BPF_BTF_LOAD(0x12, &(0x7f00000003c0)={&(0x7f0000000200)=ANY=[@ANYBLOB="9feb010018000000000000000c0000000c000000020000000000000000000004"], 0x0, 0x26}, 0x20) bpf$MAP_CREATE(0x0, &(0x7f0000000180)={0x2, 0x4, 0x2, 0x12, 0x0, 0x1, 0x0, [], 0x0, r0, 0x0, 0x1}, 0x40) 00:14:13 executing program 3: r0 = syz_open_procfs(0x0, &(0x7f0000000080)='net/snmp\x00') mmap$IORING_OFF_CQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x0, 0x11, r0, 0x8000000) 00:14:13 executing program 0: socket(0x10, 0x2, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) write$FUSE_CREATE_OPEN(0xffffffffffffffff, &(0x7f0000000400)={0xa0, 0x0, 0x0, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee01}}}}, 0xa0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000180)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f322e0f0178000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d683ed", 0xfffffffffffffef4}], 0x1, 0x0, 0x0, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x7, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_SET_CPUID2(r2, 0x4008ae90, &(0x7f00000003c0)=ANY=[@ANYBLOB='\"']) pipe(&(0x7f0000000000)) ioctl$KVM_RUN(r2, 0xae80, 0x0) 00:14:13 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x1d7) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)=ANY=[@ANYBLOB="48000000100005060700"/20, @ANYRES32=r3, @ANYBLOB="0000000000000000280012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000000c0)=ANY=[@ANYBLOB="200000001400010400d5000000e2fe5a23000000", @ANYRES32=r3, @ANYBLOB="080002"], 0x20}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000840)=@newlink={0x20, 0x11, 0xa2b, 0x0, 0x0, {0x0, 0x0, 0x0, r3}}, 0x20}}, 0x0) 00:14:13 executing program 5: unshare(0x2040400) clone(0x20108100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = bpf$BPF_BTF_LOAD(0x12, &(0x7f00000003c0)={&(0x7f0000000200)=ANY=[@ANYBLOB="9feb010018000000000000000c0000000c000000020000000000000000000004"], 0x0, 0x26}, 0x20) bpf$MAP_CREATE(0x0, &(0x7f0000000180)={0x2, 0x4, 0x2, 0x12, 0x0, 0x1, 0x0, [], 0x0, r0, 0x0, 0x1}, 0x40) [ 354.506325][T11979] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.2'. [ 354.569445][T11992] netlink: 'syz-executor.2': attribute type 2 has an invalid length. 00:14:14 executing program 3: r0 = syz_open_procfs(0x0, &(0x7f0000000080)='net/snmp\x00') mmap$IORING_OFF_CQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x0, 0x11, r0, 0x8000000) 00:14:14 executing program 4: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=@gettaction={0x34, 0x32, 0x309, 0x0, 0x0, {}, [@action_gd=@TCA_ACT_TAB={0x14, 0x1, [{0x10, 0x1, 0x0, 0x0, @TCA_ACT_KIND={0xb, 0x1, 'police\x00'}}]}, @action_dump_flags=@TCA_ROOT_FLAGS={0xc}]}, 0x34}}, 0x0) 00:14:14 executing program 1: r0 = syz_open_procfs(0x0, &(0x7f0000000000)='mountstats\x00') ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000ffb000/0x4000)=nil, 0x4000}}) syz_mount_image$bfs(0x0, &(0x7f0000000240)='.\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 00:14:14 executing program 5: unshare(0x2040400) clone(0x20108100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = bpf$BPF_BTF_LOAD(0x12, &(0x7f00000003c0)={&(0x7f0000000200)=ANY=[@ANYBLOB="9feb010018000000000000000c0000000c000000020000000000000000000004"], 0x0, 0x26}, 0x20) bpf$MAP_CREATE(0x0, &(0x7f0000000180)={0x2, 0x4, 0x2, 0x12, 0x0, 0x1, 0x0, [], 0x0, r0, 0x0, 0x1}, 0x40) 00:14:14 executing program 3: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_LIST(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000040)={0x1c, 0x7, 0x6, 0x401, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}]}, 0x1c}}, 0x0) 00:14:14 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x1d7) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)=ANY=[@ANYBLOB="48000000100005060700"/20, @ANYRES32=r3, @ANYBLOB="0000000000000000280012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000000c0)=ANY=[@ANYBLOB="200000001400010400d5000000e2fe5a23000000", @ANYRES32=r3, @ANYBLOB="080002"], 0x20}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000840)=@newlink={0x20, 0x11, 0xa2b, 0x0, 0x0, {0x0, 0x0, 0x0, r3}}, 0x20}}, 0x0) 00:14:14 executing program 3: r0 = socket$can_bcm(0x1d, 0x2, 0x2) r1 = socket$can_bcm(0x1d, 0x2, 0x2) ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f0000000100)={'vcan0\x00', 0x0}) connect$can_bcm(r1, &(0x7f0000001ff0)={0x1d, r2}, 0x10) sendmsg$can_raw(r1, &(0x7f0000001fc8)={0x0, 0x0, &(0x7f0000000ff0)={&(0x7f000000a000)=@canfd={{0x1}, 0x0, 0x0, 0x0, 0x0, "0327e1b22b5fcef7739c699f5ff986ca08990039576a7d5cb2bdac3fa80acf584ecb5fee496e6866856b76b5ee00000000000000004e2f9663a918fa1efd9b0b"}, 0xfe68}}, 0x0) r3 = dup3(r1, r0, 0x0) sendmsg$can_raw(r3, &(0x7f0000001fc8)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f000000a000)=@canfd={{0x1}, 0x1e, 0x0, 0x0, 0x0, "0327e1b22b5fcef7739c699f5ff986ca08990039576a7d5cb2bdac3fa80acf584ecb5fee496e6866856b76b5ee00000000000000004e2f9663a918fa1efd9b0b"}, 0x2000a048}}, 0x0) 00:14:14 executing program 5: unshare(0x2040400) clone(0x20108100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = bpf$BPF_BTF_LOAD(0x12, &(0x7f00000003c0)={&(0x7f0000000200)=ANY=[@ANYBLOB="9feb010018000000000000000c0000000c000000020000000000000000000004"], 0x0, 0x26}, 0x20) bpf$MAP_CREATE(0x0, &(0x7f0000000180)={0x2, 0x4, 0x2, 0x12, 0x0, 0x1, 0x0, [], 0x0, r0, 0x0, 0x1}, 0x40) 00:14:14 executing program 4: r0 = socket(0x1e, 0x4, 0x0) r1 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r1, 0x10f, 0x87, &(0x7f0000000440)=@req={0x3fc}, 0x10) setsockopt$packet_tx_ring(r0, 0x10f, 0x87, &(0x7f0000000440)=@req={0x3fc, 0x0, 0x2}, 0x10) sendto(r1, 0x0, 0x0, 0x0, 0x0, 0x0) dup3(r1, r0, 0x0) 00:14:14 executing program 0: r0 = inotify_init1(0x0) r1 = inotify_init1(0x0) fcntl$setown(r1, 0x8, 0xffffffffffffffff) dup2(r0, r1) [ 355.339383][T12018] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.2'. [ 355.401848][T12024] netlink: 'syz-executor.2': attribute type 2 has an invalid length. 00:14:14 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040)='nl80211\x00') sendmsg$NL80211_CMD_SET_BEACON(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000012c0)={0xf7c, r1, 0x90fc047e054328f9, 0x0, 0x0, {}, [@NL80211_ATTR_FTM_RESPONDER={0xf68, 0x117, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_ENABLED={0x5}]}]}, 0xfaa}}, 0x0) 00:14:14 executing program 4: r0 = socket(0x1e, 0x4, 0x0) r1 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r1, 0x10f, 0x87, &(0x7f0000000440)=@req={0x3fc}, 0x10) setsockopt$packet_tx_ring(r0, 0x10f, 0x87, &(0x7f0000000440)=@req={0x3fc, 0x0, 0x2}, 0x10) sendto(r1, 0x0, 0x0, 0x0, 0x0, 0x0) dup3(r1, r0, 0x0) 00:14:15 executing program 1: r0 = socket(0x40000000002, 0x3, 0x2) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000080)={'vlan0\x00', &(0x7f0000000000)=@ethtool_sset_info={0x17}}) sendmsg$AUDIT_LIST_RULES(r0, &(0x7f00000000c0)={&(0x7f0000000000), 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x10, 0x3f5, 0x100, 0x70bd2b, 0x25dfdbfc, "", ["", ""]}, 0x10}, 0x1, 0x0, 0x0, 0x40}, 0x20000000) 00:14:15 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x1d7) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)=ANY=[@ANYBLOB="48000000100005060700"/20, @ANYRES32=r3, @ANYBLOB="0000000000000000280012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000000c0)=ANY=[@ANYBLOB="200000001400010400d5000000e2fe5a23000000", @ANYRES32=r3, @ANYBLOB="080002"], 0x20}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000840)=@newlink={0x20, 0x11, 0xa2b, 0x0, 0x0, {0x0, 0x0, 0x0, r3}}, 0x20}}, 0x0) 00:14:15 executing program 3: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000001600)='./file0\x00', &(0x7f0000000200)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000140)='./file0\x00', 0x0, 0x0) open_by_handle_at(r0, &(0x7f0000000280)={0x8}, 0x0) 00:14:15 executing program 5: bpf$MAP_CREATE(0x0, &(0x7f0000000040)={0xa, 0x0, 0x0, 0x0, 0x49}, 0x40) [ 356.001435][T12055] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.2'. [ 356.054201][T12061] netlink: 'syz-executor.2': attribute type 2 has an invalid length. 00:14:15 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000300)={0x5c, 0x2, 0x6, 0x5, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_DATA={0x14, 0x7, 0x0, 0x1, [@IPSET_ATTR_CADT_FLAGS={0x8}, @IPSET_ATTR_TIMEOUT={0x8}]}, @IPSET_ATTR_TYPENAME={0x10, 0x3, 'hash:ip,mac\x00'}]}, 0x5c}}, 0x0) 00:14:15 executing program 4: r0 = socket(0x1e, 0x4, 0x0) r1 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r1, 0x10f, 0x87, &(0x7f0000000440)=@req={0x3fc}, 0x10) setsockopt$packet_tx_ring(r0, 0x10f, 0x87, &(0x7f0000000440)=@req={0x3fc, 0x0, 0x2}, 0x10) sendto(r1, 0x0, 0x0, 0x0, 0x0, 0x0) dup3(r1, r0, 0x0) 00:14:15 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x0, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x1d7) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)=ANY=[@ANYBLOB="48000000100005060700"/20, @ANYRES32=r4, @ANYBLOB="0000000000000000280012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000000c0)=ANY=[@ANYBLOB="200000001400010400d5000000e2fe5a23000000", @ANYRES32=r4, @ANYBLOB="080002"], 0x20}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000840)=@newlink={0x20, 0x11, 0xa2b, 0x0, 0x0, {0x0, 0x0, 0x0, r4}}, 0x20}}, 0x0) 00:14:15 executing program 3: r0 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/sys/net/ipv4/vs/conn_reuse_mode\x00', 0x2, 0x0) r1 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) sendfile(r1, r0, 0x0, 0x1000007ffff004) 00:14:15 executing program 1: r0 = msgget$private(0x0, 0x15) msgsnd(r0, &(0x7f00000002c0)=ANY=[@ANYBLOB='\f'], 0x1, 0x0) msgctl$IPC_INFO(r0, 0x3, &(0x7f0000000000)=""/176) 00:14:15 executing program 5: sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="600000003000ef037670000600000000000000004c000100480001000b000100736b626d6f640000340002"], 0x60}}, 0x0) pipe(&(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) socket$netlink(0x10, 0x3, 0x0) write$binfmt_misc(r1, &(0x7f0000000000)=ANY=[], 0xfffffecc) splice(r0, 0x0, r2, 0x0, 0x4ffe0, 0x0) 00:14:15 executing program 0: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000000)={&(0x7f0000000180)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x2, [@enum, @volatile={0x0, 0x0, 0x0, 0xf}]}}, &(0x7f0000000040)=""/219, 0x32, 0xdb, 0x8}, 0x20) 00:14:15 executing program 4: r0 = socket(0x1e, 0x4, 0x0) r1 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r1, 0x10f, 0x87, &(0x7f0000000440)=@req={0x3fc}, 0x10) setsockopt$packet_tx_ring(r0, 0x10f, 0x87, &(0x7f0000000440)=@req={0x3fc, 0x0, 0x2}, 0x10) sendto(r1, 0x0, 0x0, 0x0, 0x0, 0x0) dup3(r1, r0, 0x0) [ 356.642376][T12079] ucma_write: process 164 (syz-executor.3) changed security contexts after opening file descriptor, this is not allowed. [ 356.733345][T12081] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.2'. 00:14:16 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="0000000000000000280012000900010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r4, @ANYBLOB="00000000ffffffff00000000090001006866736300000000080002"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000002c0)=ANY=[@ANYBLOB='$\x00\x00\x00d\x00\'\r\x00\x00\x00\x00\x00\x00\x00\x00\x00\b\x00\x00', @ANYRES32=r4], 0x24}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000001240)=@newtfilter={0x24, 0x2e, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4}}, 0x24}}, 0x0) [ 356.799235][T12089] BPF:[2] DATASEC (anon) [ 356.803725][T12089] BPF:size=0 vlen=0 [ 356.807994][T12089] BPF: [ 356.810795][T12089] BPF:vlen == 0 [ 356.815095][T12089] BPF: [ 356.815095][T12089] 00:14:16 executing program 1: syz_mount_image$bfs(0x0, &(0x7f0000000240)='.\x00', 0x0, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000080)={0xffffffffffffffff}) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000280)={0x26, 'hash\x00', 0x0, 0x0, 'tgr192-generic\x00'}, 0x58) r2 = accept4(r1, 0x0, 0x0, 0x0) splice(r0, 0x0, r2, 0x0, 0x80000001, 0x0) r3 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r3, 0x84, 0x6e, &(0x7f0000000080)=[@in={0x2, 0x0, @dev}], 0x10) r4 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r4, 0x84, 0x6e, &(0x7f0000000180)=[@in6={0xa, 0x0, 0x0, @dev, 0xc}], 0x1c) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r4, 0x84, 0x1d, &(0x7f0000000040)={0x1, [0x0]}, &(0x7f000095dffc)=0x8) setsockopt$inet_sctp6_SCTP_RTOINFO(r3, 0x84, 0x0, &(0x7f0000000040)={r5, 0x1}, 0x10) prctl$PR_SET_FP_MODE(0x2d, 0x2) setsockopt$inet_sctp_SCTP_ENABLE_STREAM_RESET(r0, 0x84, 0x76, &(0x7f0000000040)={r5, 0xffff}, 0x8) ioctl$TUNSETVNETHDRSZ(r0, 0x400454d8, &(0x7f0000000000)=0x2) [ 356.851770][T12090] BPF:[2] DATASEC (anon) [ 356.856594][T12090] BPF:size=0 vlen=0 [ 356.861492][T12090] BPF: [ 356.865561][T12090] BPF:vlen == 0 [ 356.869066][T12090] BPF: [ 356.869066][T12090] 00:14:16 executing program 0: r0 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_inet6_SIOCADDRT(r0, 0x890b, &(0x7f00000002c0)={@mcast1, @ipv4={[0x0, 0x0, 0x8], [], @multicast2}, @loopback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20c200a2}) [ 356.944670][T12077] netlink: 'syz-executor.2': attribute type 2 has an invalid length. [ 356.955706][T12094] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.5'. [ 356.965296][T12094] netlink: 48 bytes leftover after parsing attributes in process `syz-executor.5'. [ 357.012466][T12100] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.3'. [ 357.102289][T12105] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.3'. 00:14:16 executing program 4: r0 = socket$inet(0x2, 0x5, 0x0) setsockopt$inet_mreqsrc(r0, 0x0, 0x40, 0x0, 0x0) 00:14:16 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x0, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x1d7) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)=ANY=[@ANYBLOB="48000000100005060700"/20, @ANYRES32=r4, @ANYBLOB="0000000000000000280012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000000c0)=ANY=[@ANYBLOB="200000001400010400d5000000e2fe5a23000000", @ANYRES32=r4, @ANYBLOB="080002"], 0x20}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000840)=@newlink={0x20, 0x11, 0xa2b, 0x0, 0x0, {0x0, 0x0, 0x0, r4}}, 0x20}}, 0x0) 00:14:16 executing program 5: perf_event_open(&(0x7f0000000100)={0x2000000005, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, @perf_bp={&(0x7f0000000000), 0x1}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ppp\x00', 0x0, 0x0) r1 = dup2(r0, r0) ioctl$EVIOCGPROP(r1, 0xc004743e, &(0x7f0000000000)=""/232) 00:14:16 executing program 3: bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000000)={&(0x7f0000000200)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x1c, 0x1c, 0x5, [@enum={0x0, 0x2, 0x0, 0x6, 0x4, [{0x3}, {0x3}]}]}, {0x0, [0x0, 0x0, 0x61]}}, &(0x7f0000000040)=""/219, 0x39, 0xdb, 0x1}, 0x20) 00:14:17 executing program 4: r0 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r0, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [0x0]}, &(0x7f000095dffc)=0x8) setsockopt$inet_sctp_SCTP_AUTH_DEACTIVATE_KEY(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000040)={r1}, 0x8) setsockopt$inet_sctp_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, &(0x7f0000000080)=@assoc_value={r1, 0xffff}, 0x8) getsockopt$inet_sctp6_SCTP_PR_SUPPORTED(0xffffffffffffffff, 0x84, 0x71, &(0x7f0000000100)={r1, 0x3}, &(0x7f0000000140)=0x8) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, &(0x7f0000000480)=@assoc_value={r2, 0x8}, &(0x7f00000004c0)=0x8) r3 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000080)=ANY=[@ANYBLOB="9feb010018000000000000001c0000001c00000003000000010000000000000e0200000000000000000000000000000504000000002e00"], &(0x7f0000000280)=""/237, 0x37, 0x222, 0x1}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x18, 0x4, &(0x7f0000000000)=@framed={{0x18, 0x2}, [@call]}, &(0x7f00000000c0)='GPL\x00', 0x4, 0x1000, &(0x7f000062b000)=""/4096, 0x0, 0x0, [], 0x0, 0x0, r3, 0x8, 0x0, 0x0, 0x10, 0x0, 0xfffffffffffffec8}, 0x70) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xffffffff800) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000040), 0x100000001) pipe(&(0x7f0000008f40)={0xffffffffffffffff}) sendmsg$IPVS_CMD_ZERO(r4, &(0x7f00000091c0)={&(0x7f0000008f80)={0x10, 0x0, 0x0, 0x800100}, 0xc, 0x0}, 0x4) socket$netlink(0x10, 0x3, 0x0) r5 = socket$netlink(0x10, 0x3, 0x0) r6 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r6, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x10) ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(r6, 0x8983, &(0x7f0000000740)={0x7, 'bridge_slave_1\x00', {0x4}, 0x7fff}) getsockname$packet(r6, &(0x7f0000000280)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000540)=@newlink={0x50, 0x10, 0x705, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x63565, 0x5}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @macvlan={{0xc, 0x1, 'macvlan\x00'}, {0xc, 0x2, 0x0, 0x1, [@IFLA_MACVLAN_MODE={0x8, 0x1, 0x8}]}}}, @IFLA_ADDRESS={0xa, 0x5, @empty=[0x4]}, @IFLA_MASTER={0x8, 0xa, r7}]}, 0x50}}, 0x0) [ 357.673093][T12124] netlink: 'syz-executor.2': attribute type 2 has an invalid length. 00:14:17 executing program 0: r0 = socket(0x10, 0x80002, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000000)={'batadv0\x00', 0x0}) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000080)=@newlink={0x58, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9, 0x1, 'vlan\x00'}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0x1f, 0x13}}]}}}, @IFLA_LINK={0x8, 0x5, r1}, @IFLA_MTU={0x8, 0x4, 0xa0be}]}, 0x58}}, 0x0) 00:14:17 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x0, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x1d7) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)=ANY=[@ANYBLOB="48000000100005060700"/20, @ANYRES32=r4, @ANYBLOB="0000000000000000280012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000000c0)=ANY=[@ANYBLOB="200000001400010400d5000000e2fe5a23000000", @ANYRES32=r4, @ANYBLOB="080002"], 0x20}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000840)=@newlink={0x20, 0x11, 0xa2b, 0x0, 0x0, {0x0, 0x0, 0x0, r4}}, 0x20}}, 0x0) 00:14:17 executing program 3: sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)={0x20, 0x2, 0x6, 0x0, 0x0, 0x0, {}, [@IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_CIDR={0x5}]}]}, 0x20}}, 0x0) sendmsg$NFT_MSG_GETRULE(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=ANY=[@ANYBLOB="20000000070a0d00b977000000000000000000002c000e"], 0x1}}, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=ANY=[@ANYBLOB="050000001e00ab7bf2ff14000010291101"], 0x1}}, 0x0) r0 = socket$inet6(0x10, 0x3, 0x10) sendto$inet6(r0, &(0x7f0000000000)='E', 0x10a73, 0x800, 0x0, 0x4b6ae4f95a5de35b) [ 358.054450][T12139] netlink: 'syz-executor.4': attribute type 5 has an invalid length. [ 358.071366][T12139] device gretap0 entered promiscuous mode 00:14:17 executing program 5: pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) r3 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080)='/dev/snd/seq\x00', 0x2) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r3, 0xc08c5332, &(0x7f0000000100)={0x0, 0x0, 0x0, 'queue1\x00'}) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000001c0)=ANY=[@ANYBLOB="1c0000001800000100000000000000000a57ecabaf64c3c0f2"], 0x1c}}, 0x0) write$binfmt_misc(r1, &(0x7f00000000c0)=ANY=[], 0xfef0) splice(r0, 0x0, r2, 0x0, 0x80000001, 0x0) [ 358.140747][T12139] device gretap0 left promiscuous mode 00:14:17 executing program 0: r0 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) ioctl$DRM_IOCTL_GET_CAP(r0, 0xc010640c, &(0x7f0000000200)={0x6}) 00:14:17 executing program 0: r0 = syz_open_dev$sndpcmc(&(0x7f0000000000)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) ioctl$SNDRV_PCM_IOCTL_HW_REFINE_OLD(r0, 0x40044160, 0x0) 00:14:17 executing program 1: syz_mount_image$bfs(0x0, &(0x7f0000000240)='.\x00', 0x0, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) write(r0, &(0x7f0000000180)='>', 0x1) pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000180)='>', 0x1) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x0, 0x110, r1, 0x0) ioctl$EVIOCSMASK(r0, 0x40104593, &(0x7f0000000000)={0x0, 0x1000, &(0x7f0000000280)="1cbabe17fac0862b22ffe91af6b2cd6588c091abaddc1925df983147c572edd8c1fcc8f64df3bf063ba3e3ca0f1821e0dde4fe6e0b0842c1c9117b7e7cd609a31ce3df1dac6130bf2d8c829d2ce3f261d99fa6ffb41dfed5e82c6e5e4e19ffb919ddd2357903d6330bac327dba44af327b66593a75d56858faa86924c9ae8da1625e3c6746e267af2792c862a843a99b49278b47d35ab2bd0142bf8d3ee6258a36c243fbbbbcb8fc0ed9d3375e6f55caabe3f961e88936d0710d125279a8618f699bbd8ae712aec0869997610e2caf61a93193c256cc27e1008100d373172d0f9426cff00b7e3ffab66e793637cd4a43969fca9f807fe8dec55cb8c975954a7deec914301fbd97cd641e4aeccdac0ab85899c5ad851286cbfb420e40312b2a21af8b70527e0124a7c5ceb412a6863bf416d649f59ba3706e9650c933cfae4b665fab327add6354f5c38a36408dbf57eeecad53af9d61f9acce6ba850cc10e759df60dde0cf3bb051633d1ab8cc6f4480f131e26ab109aedb2c58cb2e7d28a5bf44e76d040b303f759afa434e204748a81e2c30bd53bfccbb1ecdf7237d1b6be46a7d95ab80fad69dcf0ffa2da36092fa9e6fce08f1863c3aaa47222ff5248633d5b24ee3168e21d5a44e6645470b836970614ab8003190d09193ebccecf4a4505c869a623a4fc24bd7dfd2b5cb094b07e76a2daa331e4691943fdf08a50e4c2eab33e59fccd0a243f7c5736f8925654095c5c81e3c11946f6458155bca3d99174fba5d4cf6c3b85b3bbc45b5f32a5794d56394c574f544abf6233329f32a7f3f47a84d15e0fb07cbaf9cca503d2d4aa731c1b35fe393c27353972bea25b2c873a8abc54d6f248d1bacb8869f039a766f1a710b8bbde86190ea9585df2bb948067dba28305d7010ea7f1022da479f0883a34256780d4df109861678bf242aeb648bfd49dc1f837ff947a06b23076f7c4584107d4ac97fcfbfc93e6e4947a219abd870a5480bc8b948e7ddc4dd74a556029a2fecc4b97ee71b7e0d7330f3d5ace5c8acc8909b67e0b86359f69410958fee77e8ce6dbcec0cc48e976d119cf09481ca2a66e967ec1b556b67763d78fbd8f711a595ce2802a113500a18ed18ebb5cfdb524fb030ebd21a08fbba23877a9e4248e37cb3191da5b8dc3b90b8cc2039ecbba4549f44b3f0fa1a70596bf63e6d16df1248cd94c8dacd27676640e687ab387046f1d31d7a6026919e83f8962f6b200c6d584a5ff6f0885ebbf9b7cb2ebb26fb8ac38a8ce190265f9fa72c6667ad5edcc6afc3d4cedfa73b4843f1899306672fd6bc34dc6243b594bd57067f7b18d712deace73e182f4e64f0f13834eec95ba661f14d8579d032fce4f73bb98c230bdcbada5751baa3e6a0b20c41051a649aea0733f8f4f8f48216c25b94773b7dcb12f86a1b506722fe865a7c73b07c7af96b0d934e67938adcd489c510712eeb32f19932576fa326c69c8e966c61ff2eaeaa6088ab5c49d84561b74f60f89b552530260b50e1c1bc63aef4c8a6182ccafac8e245b602dc697d97aff15bc218282057e84f88be8a45843af978ff79436c194ac4b1149e360cd1929bd7f0654cc840fd39642ee5b1eac57fa6fa4e362f46bbdb69ba4f0e17512b45a370ece122c290898f503780d18d874992c89b56e5a7f5072adc90bfdc998f430699801fd33a3729e235a0c79ed6974cbfa77db947efc183d82c1c0ccb34dc06ea90f5d2aa5ee3ccb1edae36e60abbc782c423f40192a0c504eb38c862a423f6c38d54e10d9e08dd40804145e6027b998f8280be62a009c85cd58a9fcf606a9ff17e83e22cc2fe0ae9575ccd3752541a43d20cb38adac3a397e13e2028eb0ea3616b0a11b801c8dd9624422944655752d4e74235a5811dd1f8b7a7b8c17a1fbca489d93ca81a42e2975002a30fa0f71405c08d4c569af34bbdd1b774d9e0b1ebb137f0fa523a7ebfdf92da173f4a5cdcaa89f0db1a1ba4934de9951ab7ccf2c03aca82c9d4728f9e571dd36cb4d02e67d55b3d0d1a0f7d35de2f94eb70cca8f7a3febed9c3fc86074ff8705999a9c1f7a9467f08cb0bab7d1ab5531a28c56735d0b83dac2468fc2edc238c12fc549297ffa25b238dd0596e903c7a90c60d695a6fae2a8aa15f6e6775c8bf06a709df6b39b516e7e775cdde9a755da4899b9638f09501fcd73ab3e8744313a2cf1dc55b9029b272ac886860fb36ddd69e6a4f38127e8c98d696b67e7def32f8c30e8cc0b0a370257553ebd0118e193a1ec67c19ae685e7eb37093163c14070edbbf007a39183956b6a1864f76e5b7952deb7480d91531bc37888c8c7e15415a9b9f7c3f821d98ef2901e5de478bef24ef84ab132b0a828c30404bca9f9dca57d61a7ae789e1e3ae94cf3b72e40e20afd63168dd58311d55363b66658566ed1f31f406a26fa3770246dd464bb96496a7656b3b5cce9aacccd00c09e5e2499a0504ed450e2f1eee6df3df4366e92b31a36327993508eb847ee51e5ae9bec8bc4b1e4d56fc230b0410319766994305889ca0364ce505bad5e9221f9eaf143a3dfc7a20e855df6e4e48ec99bd8b149150dfd6ab23b0eb85fc5dd18f551a4daa6cc3e05a32d2fc35728d2b765bbb6ab6b7949de6054f4d04847ec37d302c5052d4ff3c995f0b9b2e27c11fbc39f0ebc6b3d66f465ff2f8bdfb6618b5ac70a7d3b3efe88106b853e6c9bc96fb2b246dbc356946a943ddab8d2f51f1f1de7b038ab5348946d780fa6e40270d4e12448146558cd1f5d71f70631d8bc9d6b2d2c2e7b22f50cd466d9de57e74f0298624373cdac7ffe3e0b8d9609dca3dc49c25de937bd6f1c248e6e6be75c7e774a056ce776352d1f7ae7fd9b2e8c2df837e9b83bc98e674928e6e9146f99f8d6353381852b32c18c644fafae2e4c80cb89eb691b45f2145612df62c85c2a0f5ce9db965675465c2e255b80d1d1b73b1e8c79aafa0a34c336943235246a9892d2afee556c83a33d14ab5a18026c014ed9addd0842abd5f9d7d523e0464ec6bf4905ccaa2aef75d9bd3d150a19c2bfffbd2a5ae34ff6982f335a1f01cab2fa7ee8115a7a684a9525938b91836e07f9f524d79a913a0b5f978d269f3811cb2a5a4ddc1f00a1cc4d3fa056085e959ecf498a1644e588955314cd2701037a9b9d42d502628b77a7ddf1bc54e2083cfa2b5fc7cb50539789675667b2262d67250c6cb22a3e4b1ceb76b5a9dd573f1684ba607323e3ff499ce3a6d4cde3861bc607c921af663aaa46c6e17dc6fe7a0af9b2fdaf4c9d99f0672e5211f68b49d72e42aa55203571b285bc48d81befc90d85192acfeb37f03006d595307f185d7fb8a0e52f44eb1c5e0440774cc9e4b0fd6c58ea88714bcae131458812846d8ac8537f1ab543321d60cc65d96ea6358f8d94e0e8b92407004dfaa717d8428b1beefe51798b95eb93f84de402d17e58c7618080037449b635112488aac8b0ab64da96eaa16ad09e460cb3453e07d21b7f8059b7523d5091243df1b016c5a11fbb4111a0cb1d29150150b5fc577abc468cd330fd289d9c0cefc6b696661227da2064c8b38b128a022c16fe2dd1eaa59cef005c341b8aa9ea66e660240b2311ed0e1319058f41a76c0864a26a030446c4f9b7e472a5344ecb84a5cd4bd3c5e4a0dcd1e238b586118001579cd71c802d742143b3d21ef4278e2eb97fe4d87d567a4bb06a038064d5582f766523e510187ca37c0be6a92d190d26d5dc7b89a033b2f91087552f1fcc02d0f62402c1ec62240ba914e43aa4a0bc5d5352e0bbfc4e08fddba7a43dc284ca5d859446c53d33c36ced96296ff60530d59e3d012a9713a37d31fa2352b352af22c8c4619d4622d8bdc0dbe5b44f47e8d0e1d2bd2d033bc261be4718f067f9facc03a3db7d43eabb298df1116de5680c5507e8e53fa189be114fddafe539f816652a6bec29e1a3ab48286ecdd852bd2b4c277695baf889ddbeba2aa681e7a9aa9c23339fc4612b70829ce2528fa5968cf49db7b7272a055a4f85552747b7a6da433c73bef828b7ecddd6fd420080d665279acef34edeb65adb465020843922629b0a20359eb5d49580c06aca86b458c4a1cc6a0bf8b3039e887983d508488343a76daccdf950aeadcdf2d375046bad55f338147614b877ac0b39ebbf496ada226ed30fabc8d7ec171682e4d274290a74fa545b398744459143159e8b58b4e1219ee9eeb45de48bc490e99ad4abd3ff2d80540e4c7411b3ad91014ff6ab07815549ad47bc1bd338bb5006af3fc2246efa48b6aabbb3bfdef6aa27df7aad03d0fbf492fbebc6adfa511f91cfe1242ef03d3799a306b4ea9d0885df031028b8f0f337ff7ca49d9d14096e08618cd3d288cdd88de34a657570e6b1a44dad6fb8ca97ddba9a1f21e370823d70827dc4e3b4869109c2d9c11002d841a68a78549a82f28c15c890ede47ba55b278a6bab3e1389490b2e3b58b092d2b8a9d5fa0c2e20613944266d004f77fd567cfc3909570417e964a97083ddf17b7fa02b990b15fbbead901f3106322c98ffcf0bfab360e908ebeec7e8192f4227c770867547498139eb6f8840599fb0f91d4f0c37b861b217f76b55685481a784e5284eb9f477e6c013a456c038d635bf46a5f57a9b5bc3dea8ac8e03b869ec268707badd0246eebc7fed0d7fe8e7833be440514f60b244a69a31a41682da51779309c522a476ce12f5fbfb305cd7b34ad961b4c75f60a1c1d50aaca9a7d95f75b7a52161f4cddd44d18c59509e4030aa64b2b5ab92d7b51f9fc69fc9b0bba181d21b2067b7bcfa29a0fce5fccb74cb4b00b06462db11b5cf29f2ab838977c22a5f85de0c5344e8afbc7caaf29c8421257fab0c659f92ab150ef10b5d9705a9b772ab9443e0b03157446d23a1a93bbacf426cf22c19d17b13597c935e0fbc9d07df4fef9033d5c384030c14569dedb4d2f8323b1d29a01e22f6556b70f35d3e4962911414803bb56985a4394eb8f32f6577b8ad4325a1cdda08382a7b88b08240f922653ee5757e22b1b84846db9470f2b97bda2f060ccbe910db2684b43e78c65182dbaa0451d3d39078e5f20b0eaef2512dee7106a3945e66f4487f420075445c29686fdee0c5eb6f1cc6c87ce084bf8c66e4f38653c8260b7c380d107d46dac2342d62bf63c3b9b28bb26677ab0cb123a20c4486a7ea21c354039ad7588d412a13c09d2bcc04edcea6a749109d712032c102b1eeec12c13d9fc700781d6ae2c9cd587c1e5a3a88df99003d410797d72805295927a546c2511746f4c1ac140c75dce556c6acd40729120d81327b61e82f69bb8ace476f1c8f21376d0730c07d8cce3c473b5a0147672cb27bc06b5a84b66eda2d6b9453aece3f24bd2cba6e9f059351a86921607b7a176920bdb549720ff52d289fde7e6a11899061762dcc48734ff121688736b748991b7024753786155dca841bc669db4ee5e13a83a283841a9fe7e2e8ed73a7f2cdb4814587cfbbfa41a3f3bb92bf6e87fd207f2269171bb73733e73a7510480308fc20f493a93b1b13839e14f41a6deb66a23530c912afcae8c4a0bb54cad02dce8460628aa366a2eedb200dcd9dd9f87b405f22701338d55422f78fbc30e44d96f06550a8c7cfa58f78eb43c379ca5f6f62b0e8e29979f2586cd11621def7cf371402698ce714ccda4fc0687c7bfdf9d49596f8f4a5b16e0d661edfa6f71b993a23d3e1386640188933dbd9e66f1038727a49816a22cd205aa2caed9ceb980bf1e0cdf8e789b10c07cf7b79e434b9e81d6568ed4abd28c1ef8550fe63528"}) [ 358.685770][T12146] __nla_validate_parse: 1 callbacks suppressed [ 358.685802][T12146] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.2'. [ 358.800504][T12152] netlink: 'syz-executor.2': attribute type 2 has an invalid length. [ 358.812424][T12174] netlink: 'syz-executor.4': attribute type 5 has an invalid length. [ 358.830263][T12174] device gretap0 entered promiscuous mode 00:14:18 executing program 5: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000001c0)={0x34, 0x23, 0x829, 0x0, 0x0, {0x2804, 0xe00000000000000}, [@nested={0x8, 0x17, 0x0, 0x1, [@generic="7e8d9da5"]}, @nested={0x18, 0x16, 0x0, 0x1, [@typed={0x14, 0x0, 0x0, 0x0, @ipv6=@private2}]}]}, 0x34}, 0x1, 0x60}, 0x0) 00:14:18 executing program 0: r0 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e22, @empty}, 0x10) setsockopt$inet_udp_encap(r0, 0x11, 0x64, &(0x7f00000000c0)=0x2, 0x4) syz_emit_ethernet(0x3e, &(0x7f0000000100)={@link_local, @remote, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x30, 0x0, 0x0, 0x0, 0x11, 0x0, @private, @broadcast=0xe0000001}, {0x0, 0x4e22, 0x1c, 0x0, @gue={{0x1, 0x0, 0x0, 0x0, 0x0, @void}, "42070cfec60cbf1eb97995ab7139d426"}}}}}}, 0x0) [ 358.933586][T12174] device gretap0 left promiscuous mode [ 359.056779][T12190] netlink: 'syz-executor.5': attribute type 22 has an invalid length. 00:14:18 executing program 1: syz_mount_image$bfs(0x0, &(0x7f0000000000)='./file0\x00', 0x3, 0x0, 0x0, 0x80, 0x0) r0 = socket(0x40000000002, 0x3, 0x2) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000080)={'vlan0\x00', &(0x7f0000000000)=ANY=[@ANYBLOB='8\x00\x00\x00\x00\x00\x00\x00']}) getsockopt$inet6_mtu(r0, 0x29, 0x17, &(0x7f0000000040), &(0x7f0000000080)=0x4) 00:14:18 executing program 5: timer_create(0x0, &(0x7f00000000c0)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000080)) timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000200)=0x0) r1 = socket(0x15, 0x5, 0x0) recvfrom$packet(r1, 0x0, 0x0, 0x0, 0x0, 0x0) timer_settime(r0, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) r2 = socket(0x10, 0x3, 0x0) write(r2, &(0x7f0000000000)="fc0000001a000700ab092500090007000aab0700a90100001d60369321000100c2800000000000000000000000037515fa2c1ec28656aaa79bb94b44fe000000bc00020005000000140000270400117c22ebc20521400000d7d5bbc91a3e3280772c05defd5a32e280fc83ab82f605f70c9ddef2fe082038f4f8b29d3ef3d92c83170e5bba4a46d284a710af333ae4f5566f91cf190201ded815b2ccd243f295ed94e0ad91bd0734babc7c3f2eeb57d43dd16b17e583df150c3b880f411f46a6b567b4d5715587e658a1ad0a4f01731d05b0350b0041f0d48a99c03f080548deac270e33429fd2000175e63fb8d38a8700"/252, 0xfc) dup3(r2, r1, 0x0) 00:14:18 executing program 4: r0 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r0, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [0x0]}, &(0x7f000095dffc)=0x8) setsockopt$inet_sctp_SCTP_AUTH_DEACTIVATE_KEY(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000040)={r1}, 0x8) setsockopt$inet_sctp_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, &(0x7f0000000080)=@assoc_value={r1, 0xffff}, 0x8) getsockopt$inet_sctp6_SCTP_PR_SUPPORTED(0xffffffffffffffff, 0x84, 0x71, &(0x7f0000000100)={r1, 0x3}, &(0x7f0000000140)=0x8) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, &(0x7f0000000480)=@assoc_value={r2, 0x8}, &(0x7f00000004c0)=0x8) r3 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000080)=ANY=[@ANYBLOB="9feb010018000000000000001c0000001c00000003000000010000000000000e0200000000000000000000000000000504000000002e00"], &(0x7f0000000280)=""/237, 0x37, 0x222, 0x1}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x18, 0x4, &(0x7f0000000000)=@framed={{0x18, 0x2}, [@call]}, &(0x7f00000000c0)='GPL\x00', 0x4, 0x1000, &(0x7f000062b000)=""/4096, 0x0, 0x0, [], 0x0, 0x0, r3, 0x8, 0x0, 0x0, 0x10, 0x0, 0xfffffffffffffec8}, 0x70) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xffffffff800) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000040), 0x100000001) pipe(&(0x7f0000008f40)={0xffffffffffffffff}) sendmsg$IPVS_CMD_ZERO(r4, &(0x7f00000091c0)={&(0x7f0000008f80)={0x10, 0x0, 0x0, 0x800100}, 0xc, 0x0}, 0x4) socket$netlink(0x10, 0x3, 0x0) r5 = socket$netlink(0x10, 0x3, 0x0) r6 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r6, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x10) ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(r6, 0x8983, &(0x7f0000000740)={0x7, 'bridge_slave_1\x00', {0x4}, 0x7fff}) getsockname$packet(r6, &(0x7f0000000280)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000540)=@newlink={0x50, 0x10, 0x705, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x63565, 0x5}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @macvlan={{0xc, 0x1, 'macvlan\x00'}, {0xc, 0x2, 0x0, 0x1, [@IFLA_MACVLAN_MODE={0x8, 0x1, 0x8}]}}}, @IFLA_ADDRESS={0xa, 0x5, @empty=[0x4]}, @IFLA_MASTER={0x8, 0xa, r7}]}, 0x50}}, 0x0) 00:14:18 executing program 0: r0 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e22, @empty}, 0x10) setsockopt$inet_udp_encap(r0, 0x11, 0x64, &(0x7f00000000c0)=0x2, 0x4) syz_emit_ethernet(0x3e, &(0x7f0000000100)={@link_local, @remote, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x30, 0x0, 0x0, 0x0, 0x11, 0x0, @private, @broadcast=0xe0000001}, {0x0, 0x4e22, 0x1c, 0x0, @gue={{0x1, 0x0, 0x0, 0x0, 0x0, @void}, "42070cfec60cbf1eb97995ab7139d426"}}}}}}, 0x0) 00:14:18 executing program 3: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) splice(r0, 0x0, r3, 0x0, 0x8ec3, 0x0) pipe(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) splice(r2, 0x0, r4, 0x0, 0x1000000000007, 0x0) close(r3) write$binfmt_elf64(r1, 0x0, 0x0) 00:14:18 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x0, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x1d7) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)=ANY=[@ANYBLOB="48000000100005060700"/20, @ANYRES32=r4, @ANYBLOB="0000000000000000280012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000000c0)=ANY=[@ANYBLOB="200000001400010400d5000000e2fe5a23000000", @ANYRES32=r4, @ANYBLOB="080002"], 0x20}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000840)=@newlink={0x20, 0x11, 0xa2b, 0x0, 0x0, {0x0, 0x0, 0x0, r4}}, 0x20}}, 0x0) 00:14:19 executing program 0: r0 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e22, @empty}, 0x10) setsockopt$inet_udp_encap(r0, 0x11, 0x64, &(0x7f00000000c0)=0x2, 0x4) syz_emit_ethernet(0x3e, &(0x7f0000000100)={@link_local, @remote, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x30, 0x0, 0x0, 0x0, 0x11, 0x0, @private, @broadcast=0xe0000001}, {0x0, 0x4e22, 0x1c, 0x0, @gue={{0x1, 0x0, 0x0, 0x0, 0x0, @void}, "42070cfec60cbf1eb97995ab7139d426"}}}}}}, 0x0) 00:14:19 executing program 1: syz_mount_image$bfs(0x0, &(0x7f0000000240)='.\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r0 = socket(0x8, 0x3, 0x81) r1 = socket(0x40000000002, 0x3, 0x2) ioctl$sock_SIOCETHTOOL(r1, 0x8946, &(0x7f0000000080)={'vlan0\x00', &(0x7f0000000000)=@ethtool_sset_info={0x17}}) r2 = socket(0x40000000002, 0x3, 0x2) ioctl$sock_SIOCETHTOOL(r2, 0x8946, &(0x7f0000000080)={'vlan0\x00', &(0x7f0000000000)=@ethtool_sset_info={0x17}}) fcntl$getown(r0, 0x9) prctl$PR_GET_UNALIGN(0x5, &(0x7f0000000000)) [ 359.888372][T12213] netlink: 'syz-executor.4': attribute type 5 has an invalid length. [ 359.906017][T12213] device gretap0 entered promiscuous mode 00:14:19 executing program 3: r0 = msgget$private(0x0, 0x0) msgsnd(r0, &(0x7f0000000140)=ANY=[@ANYBLOB="01"], 0x8, 0x0) msgsnd(r0, &(0x7f0000000000)={0x3}, 0x8, 0x0) msgrcv(r0, &(0x7f00000014c0)={0x0, ""/133}, 0x8d, 0x2, 0x0) msgsnd(r0, &(0x7f0000000440)={0x2}, 0x8, 0x0) [ 359.942777][T12213] device gretap0 left promiscuous mode 00:14:19 executing program 0: r0 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e22, @empty}, 0x10) setsockopt$inet_udp_encap(r0, 0x11, 0x64, &(0x7f00000000c0)=0x2, 0x4) syz_emit_ethernet(0x3e, &(0x7f0000000100)={@link_local, @remote, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x30, 0x0, 0x0, 0x0, 0x11, 0x0, @private, @broadcast=0xe0000001}, {0x0, 0x4e22, 0x1c, 0x0, @gue={{0x1, 0x0, 0x0, 0x0, 0x0, @void}, "42070cfec60cbf1eb97995ab7139d426"}}}}}}, 0x0) 00:14:19 executing program 5: unshare(0x2a000400) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) r2 = mq_open(&(0x7f000084dff0)='!sel\x00nuxselinux\x00', 0x6e93ebbbcc0884f2, 0x0, 0x0) sendfile(r1, r2, 0x0, 0x7) 00:14:19 executing program 3: r0 = msgget$private(0x0, 0x0) msgsnd(r0, &(0x7f0000000140)=ANY=[@ANYBLOB="01"], 0x8, 0x0) msgsnd(r0, &(0x7f0000000000)={0x3}, 0x8, 0x0) msgrcv(r0, &(0x7f00000014c0)={0x0, ""/133}, 0x8d, 0x2, 0x0) msgsnd(r0, &(0x7f0000000440)={0x2}, 0x8, 0x0) 00:14:19 executing program 0: syz_emit_ethernet(0x46, &(0x7f00000000c0)={@broadcast, @random="e0d35b1004bb", @void, {@ipv4={0x800, @icmp={{0x7, 0x4, 0x0, 0x0, 0x38, 0x0, 0x0, 0x0, 0x1, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local, {[@noop, @timestamp_addr={0x7, 0x4, 0x4, 0x3}]}}, @time_exceeded={0x3, 0x0, 0x0, 0x3, 0x0, 0x0, {0x5, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @loopback, @loopback=0x7f000002}}}}}}, 0x0) [ 360.560479][T12215] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.2'. [ 360.695999][T12221] netlink: 'syz-executor.2': attribute type 2 has an invalid length. 00:14:20 executing program 5: unshare(0x2a000400) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) r2 = mq_open(&(0x7f000084dff0)='!sel\x00nuxselinux\x00', 0x6e93ebbbcc0884f2, 0x0, 0x0) sendfile(r1, r2, 0x0, 0x7) 00:14:20 executing program 4: r0 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r0, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [0x0]}, &(0x7f000095dffc)=0x8) setsockopt$inet_sctp_SCTP_AUTH_DEACTIVATE_KEY(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000040)={r1}, 0x8) setsockopt$inet_sctp_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, &(0x7f0000000080)=@assoc_value={r1, 0xffff}, 0x8) getsockopt$inet_sctp6_SCTP_PR_SUPPORTED(0xffffffffffffffff, 0x84, 0x71, &(0x7f0000000100)={r1, 0x3}, &(0x7f0000000140)=0x8) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, &(0x7f0000000480)=@assoc_value={r2, 0x8}, &(0x7f00000004c0)=0x8) r3 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000080)=ANY=[@ANYBLOB="9feb010018000000000000001c0000001c00000003000000010000000000000e0200000000000000000000000000000504000000002e00"], &(0x7f0000000280)=""/237, 0x37, 0x222, 0x1}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x18, 0x4, &(0x7f0000000000)=@framed={{0x18, 0x2}, [@call]}, &(0x7f00000000c0)='GPL\x00', 0x4, 0x1000, &(0x7f000062b000)=""/4096, 0x0, 0x0, [], 0x0, 0x0, r3, 0x8, 0x0, 0x0, 0x10, 0x0, 0xfffffffffffffec8}, 0x70) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xffffffff800) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000040), 0x100000001) pipe(&(0x7f0000008f40)={0xffffffffffffffff}) sendmsg$IPVS_CMD_ZERO(r4, &(0x7f00000091c0)={&(0x7f0000008f80)={0x10, 0x0, 0x0, 0x800100}, 0xc, 0x0}, 0x4) socket$netlink(0x10, 0x3, 0x0) r5 = socket$netlink(0x10, 0x3, 0x0) r6 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r6, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x10) ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(r6, 0x8983, &(0x7f0000000740)={0x7, 'bridge_slave_1\x00', {0x4}, 0x7fff}) getsockname$packet(r6, &(0x7f0000000280)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000540)=@newlink={0x50, 0x10, 0x705, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x63565, 0x5}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @macvlan={{0xc, 0x1, 'macvlan\x00'}, {0xc, 0x2, 0x0, 0x1, [@IFLA_MACVLAN_MODE={0x8, 0x1, 0x8}]}}}, @IFLA_ADDRESS={0xa, 0x5, @empty=[0x4]}, @IFLA_MASTER={0x8, 0xa, r7}]}, 0x50}}, 0x0) 00:14:20 executing program 5: unshare(0x2a000400) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) r2 = mq_open(&(0x7f000084dff0)='!sel\x00nuxselinux\x00', 0x6e93ebbbcc0884f2, 0x0, 0x0) sendfile(r1, r2, 0x0, 0x7) 00:14:20 executing program 0: r0 = socket(0x10, 0x3, 0x0) write(r0, &(0x7f0000000080)="9e00000052001f0014f9f407112c04091c0007ed8a000100070000000900000000000000", 0x9e) 00:14:20 executing program 1: setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(0xffffffffffffffff, 0x6, 0x14, &(0x7f0000000000), 0x4) syz_mount_image$bfs(0x0, &(0x7f0000000240)='.\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 00:14:20 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x0, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x1d7) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)=ANY=[@ANYBLOB="48000000100005060700"/20, @ANYRES32=r4, @ANYBLOB="0000000000000000280012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000000c0)=ANY=[@ANYBLOB="200000001400010400d5000000e2fe5a23000000", @ANYRES32=r4, @ANYBLOB="080002"], 0x20}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000840)=@newlink={0x20, 0x11, 0xa2b, 0x0, 0x0, {0x0, 0x0, 0x0, r4}}, 0x20}}, 0x0) 00:14:20 executing program 3: r0 = msgget$private(0x0, 0x0) msgsnd(r0, &(0x7f0000000140)=ANY=[@ANYBLOB="01"], 0x8, 0x0) msgsnd(r0, &(0x7f0000000000)={0x3}, 0x8, 0x0) msgrcv(r0, &(0x7f00000014c0)={0x0, ""/133}, 0x8d, 0x2, 0x0) msgsnd(r0, &(0x7f0000000440)={0x2}, 0x8, 0x0) 00:14:20 executing program 5: unshare(0x2a000400) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) r2 = mq_open(&(0x7f000084dff0)='!sel\x00nuxselinux\x00', 0x6e93ebbbcc0884f2, 0x0, 0x0) sendfile(r1, r2, 0x0, 0x7) [ 361.416692][T12270] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.2'. 00:14:20 executing program 0: io_setup(0x3, &(0x7f0000000100)=0x0) r1 = socket(0x10, 0x80002, 0x0) io_submit(r0, 0x1, &(0x7f0000000400)=[&(0x7f0000000040)={0x0, 0x0, 0x0, 0x5, 0x0, r1, 0x0}]) ppoll(&(0x7f0000000240)=[{r1}], 0x1, 0x0, 0x0, 0x0) sendmsg$NFQNL_MSG_VERDICT_BATCH(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x14, 0x3, 0x3, 0x401}, 0x14}}, 0x0) 00:14:21 executing program 1: syz_mount_image$bfs(0x0, &(0x7f0000000000)='./file0\x00', 0xf2, 0x0, 0x0, 0x0, 0x0) r0 = socket(0x40000000002, 0x3, 0x2) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000080)={'vlan0\x00', &(0x7f0000000000)=@ethtool_sset_info={0x17}}) r1 = socket(0x40000000002, 0x3, 0x2) ioctl$sock_SIOCETHTOOL(r1, 0x8946, &(0x7f0000000080)={'vlan0\x00', &(0x7f0000000000)=@ethtool_sset_info={0x17}}) setsockopt$RDS_CONG_MONITOR(r1, 0x114, 0x6, &(0x7f0000000180)=0x1, 0x4) r2 = syz_genetlink_get_family_id$batadv(&(0x7f0000000080)='batadv\x00') sendmsg$BATADV_CMD_SET_MESH(r0, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x34, r2, 0x1, 0x70bd2c, 0x25dfdbff, {}, [@BATADV_ATTR_NETWORK_CODING_ENABLED={0x5}, @BATADV_ATTR_ORIG_INTERVAL={0x8, 0x39, 0x101}, @BATADV_ATTR_VLANID={0x6, 0x28, 0x4}, @BATADV_ATTR_GW_MODE={0x5}]}, 0x34}, 0x1, 0x0, 0x0, 0x4080}, 0x4040000) pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) write(r3, &(0x7f0000000180)='>', 0x1) pipe(&(0x7f0000000080)={0xffffffffffffffff}) r5 = socket$alg(0x26, 0x5, 0x0) bind$alg(r5, &(0x7f0000000280)={0x26, 'hash\x00', 0x0, 0x0, 'tgr192-generic\x00'}, 0x58) r6 = accept4(r5, 0x0, 0x0, 0x0) splice(r4, 0x0, r6, 0x0, 0x80000001, 0x0) ioctl$KVM_HYPERV_EVENTFD(r3, 0x4018aebd, &(0x7f00000001c0)={0x2, r4}) [ 361.591035][T12272] netlink: 'syz-executor.2': attribute type 2 has an invalid length. [ 361.599756][T12277] netlink: 'syz-executor.4': attribute type 5 has an invalid length. [ 361.616530][T12277] device gretap0 entered promiscuous mode 00:14:21 executing program 3: r0 = msgget$private(0x0, 0x0) msgsnd(r0, &(0x7f0000000140)=ANY=[@ANYBLOB="01"], 0x8, 0x0) msgsnd(r0, &(0x7f0000000000)={0x3}, 0x8, 0x0) msgrcv(r0, &(0x7f00000014c0)={0x0, ""/133}, 0x8d, 0x2, 0x0) msgsnd(r0, &(0x7f0000000440)={0x2}, 0x8, 0x0) [ 361.730074][T12277] device gretap0 left promiscuous mode 00:14:21 executing program 5: r0 = socket(0x10, 0x80002, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000002980)={0x0, 0x0, &(0x7f0000002940)={&(0x7f0000000040)=@newtaction={0x78, 0x30, 0x53b, 0x0, 0x0, {}, [{0x64, 0x1, [@m_sample={0x60, 0x1, 0x0, 0x0, {{0xb, 0x1, 'sample\x00'}, {0x34, 0x2, 0x0, 0x1, [@TCA_SAMPLE_PSAMPLE_GROUP={0x8}, @TCA_SAMPLE_RATE={0x8, 0x3, 0x4}, @TCA_SAMPLE_PARMS={0x18}, @TCA_SAMPLE_TRUNC_SIZE={0x8}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x78}}, 0x0) [ 362.016546][T12292] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=771 sclass=netlink_route_socket pid=12292 comm=syz-executor.0 00:14:21 executing program 3: r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0) open(&(0x7f0000000000)='./bus\x00', 0x20600, 0x0) write$FUSE_NOTIFY_INVAL_ENTRY(r0, &(0x7f0000000040)={0x21}, 0x21) ftruncate(r0, 0x2081fc) r1 = open(&(0x7f000000fffa)='./bus\x00', 0x141042, 0x0) fcntl$setstatus(r1, 0x4, 0x40400) write$FUSE_WRITE(r1, &(0x7f0000000080)={0x18}, 0x18) r2 = open(&(0x7f00000000c0)='./bus\x00', 0x141042, 0x0) ftruncate(r2, 0x2007fff) r3 = open(&(0x7f000000fffa)='./bus\x00', 0x0, 0x0) write$P9_RWALK(r1, &(0x7f00000000c0)=ANY=[], 0x9) r4 = socket$inet_icmp_raw(0x2, 0x3, 0x1) dup2(r4, r3) [ 362.533909][ T32] kauditd_printk_skb: 5 callbacks suppressed [ 362.533963][ T32] audit: type=1804 audit(1595031261.946:337): pid=12305 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir877491921/syzkaller.UMuCen/63/bus" dev="sda1" ino=16163 res=1 [ 362.665354][ T32] audit: type=1804 audit(1595031261.986:338): pid=12305 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=ToMToU comm="syz-executor.3" name="/root/syzkaller-testdir877491921/syzkaller.UMuCen/63/bus" dev="sda1" ino=16163 res=1 [ 362.689970][ T32] audit: type=1804 audit(1595031262.006:339): pid=12305 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=ToMToU comm="syz-executor.3" name="/root/syzkaller-testdir877491921/syzkaller.UMuCen/63/bus" dev="sda1" ino=16163 res=1 [ 362.714828][ T32] audit: type=1804 audit(1595031262.006:340): pid=12305 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir877491921/syzkaller.UMuCen/63/bus" dev="sda1" ino=16163 res=1 [ 362.739677][ T32] audit: type=1804 audit(1595031262.036:341): pid=12305 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir877491921/syzkaller.UMuCen/63/bus" dev="sda1" ino=16163 res=1 00:14:22 executing program 4: r0 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r0, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [0x0]}, &(0x7f000095dffc)=0x8) setsockopt$inet_sctp_SCTP_AUTH_DEACTIVATE_KEY(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000040)={r1}, 0x8) setsockopt$inet_sctp_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, &(0x7f0000000080)=@assoc_value={r1, 0xffff}, 0x8) getsockopt$inet_sctp6_SCTP_PR_SUPPORTED(0xffffffffffffffff, 0x84, 0x71, &(0x7f0000000100)={r1, 0x3}, &(0x7f0000000140)=0x8) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, &(0x7f0000000480)=@assoc_value={r2, 0x8}, &(0x7f00000004c0)=0x8) r3 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000080)=ANY=[@ANYBLOB="9feb010018000000000000001c0000001c00000003000000010000000000000e0200000000000000000000000000000504000000002e00"], &(0x7f0000000280)=""/237, 0x37, 0x222, 0x1}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x18, 0x4, &(0x7f0000000000)=@framed={{0x18, 0x2}, [@call]}, &(0x7f00000000c0)='GPL\x00', 0x4, 0x1000, &(0x7f000062b000)=""/4096, 0x0, 0x0, [], 0x0, 0x0, r3, 0x8, 0x0, 0x0, 0x10, 0x0, 0xfffffffffffffec8}, 0x70) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xffffffff800) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000040), 0x100000001) pipe(&(0x7f0000008f40)={0xffffffffffffffff}) sendmsg$IPVS_CMD_ZERO(r4, &(0x7f00000091c0)={&(0x7f0000008f80)={0x10, 0x0, 0x0, 0x800100}, 0xc, 0x0}, 0x4) socket$netlink(0x10, 0x3, 0x0) r5 = socket$netlink(0x10, 0x3, 0x0) r6 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r6, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x10) ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(r6, 0x8983, &(0x7f0000000740)={0x7, 'bridge_slave_1\x00', {0x4}, 0x7fff}) getsockname$packet(r6, &(0x7f0000000280)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000540)=@newlink={0x50, 0x10, 0x705, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x63565, 0x5}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @macvlan={{0xc, 0x1, 'macvlan\x00'}, {0xc, 0x2, 0x0, 0x1, [@IFLA_MACVLAN_MODE={0x8, 0x1, 0x8}]}}}, @IFLA_ADDRESS={0xa, 0x5, @empty=[0x4]}, @IFLA_MASTER={0x8, 0xa, r7}]}, 0x50}}, 0x0) 00:14:22 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x0, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x1d7) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)=ANY=[@ANYBLOB="48000000100005060700"/20, @ANYRES32=r4, @ANYBLOB="0000000000000000280012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000000c0)=ANY=[@ANYBLOB="200000001400010400d5000000e2fe5a23000000", @ANYRES32=r4, @ANYBLOB="080002"], 0x20}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000840)=@newlink={0x20, 0x11, 0xa2b, 0x0, 0x0, {0x0, 0x0, 0x0, r4}}, 0x20}}, 0x0) 00:14:22 executing program 5: r0 = socket(0x10, 0x80002, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000002980)={0x0, 0x0, &(0x7f0000002940)={&(0x7f0000000040)=@newtaction={0x78, 0x30, 0x53b, 0x0, 0x0, {}, [{0x64, 0x1, [@m_sample={0x60, 0x1, 0x0, 0x0, {{0xb, 0x1, 'sample\x00'}, {0x34, 0x2, 0x0, 0x1, [@TCA_SAMPLE_PSAMPLE_GROUP={0x8}, @TCA_SAMPLE_RATE={0x8, 0x3, 0x4}, @TCA_SAMPLE_PARMS={0x18}, @TCA_SAMPLE_TRUNC_SIZE={0x8}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x78}}, 0x0) [ 362.764452][ T32] audit: type=1804 audit(1595031262.046:342): pid=12306 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=ToMToU comm="syz-executor.3" name="/root/syzkaller-testdir877491921/syzkaller.UMuCen/63/bus" dev="sda1" ino=16163 res=1 [ 362.788762][ T32] audit: type=1804 audit(1595031262.066:343): pid=12305 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=ToMToU comm="syz-executor.3" name="/root/syzkaller-testdir877491921/syzkaller.UMuCen/63/bus" dev="sda1" ino=16163 res=1 [ 362.813123][ T32] audit: type=1804 audit(1595031262.076:344): pid=12305 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir877491921/syzkaller.UMuCen/63/bus" dev="sda1" ino=16163 res=1 00:14:22 executing program 3: r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vhost-vsock\x00', 0x2, 0x0) ioctl$VHOST_SET_FEATURES(r0, 0x4008af00, &(0x7f0000000040)) [ 362.854810][T12308] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=771 sclass=netlink_route_socket pid=12308 comm=syz-executor.0 00:14:22 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) mount$fuseblk(&(0x7f0000000080)='/dev/loop0\x00', 0x0, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000011000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f00000000c0)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3266ba400066ed0f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4e}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f00000001c0)={[{0x0, 0x0, 0xfc}]}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000240)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 00:14:22 executing program 1: syz_mount_image$bfs(0x0, &(0x7f0000000240)='.\x00', 0x0, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = socket(0x40000000002, 0x3, 0x2) ioctl$sock_SIOCETHTOOL(r1, 0x8946, &(0x7f0000000080)={'vlan0\x00', &(0x7f0000000000)=@ethtool_sset_info={0x17}}) r2 = socket(0x40000000002, 0x3, 0x2) ioctl$sock_SIOCETHTOOL(r2, 0x8946, &(0x7f0000000080)={'vlan0\x00', &(0x7f0000000000)=@ethtool_sset_info={0x17}}) getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(r2, 0x84, 0x6c, &(0x7f0000000100)={0x0, 0x50, "c09dff1c28c5cf713ecedc7f7d51a7cf74ebe454287caefde4213616d26cf74b5981e138096901821e7b636c251b046ec89eac7fcfa7d7ebf69e241672e5983a500ab1c494ebdc5243137398a65fc065"}, &(0x7f00000001c0)=0x58) r4 = socket(0x40000000002, 0x3, 0x2) ioctl$sock_SIOCETHTOOL(r4, 0x8946, &(0x7f0000000080)={'vlan0\x00', &(0x7f0000000000)=@ethtool_sset_info={0x17}}) getsockopt$inet_sctp6_SCTP_PARTIAL_DELIVERY_POINT(r4, 0x84, 0x13, &(0x7f0000000200)={r3, 0x76}, &(0x7f0000000340)=0x8) setsockopt$inet_sctp6_SCTP_SET_PEER_PRIMARY_ADDR(r1, 0x84, 0x5, &(0x7f0000000280)={r5, @in={{0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, 0x84) write(r0, &(0x7f0000000180)='>', 0x1) ioctl$DRM_IOCTL_ADD_CTX(r0, 0xc0086420, &(0x7f0000000000)) r6 = socket(0x40000000002, 0x3, 0x2) ioctl$sock_SIOCETHTOOL(r6, 0x8946, &(0x7f0000000080)={'vlan0\x00', &(0x7f0000000000)=@ethtool_sset_info={0x17}}) fsetxattr$trusted_overlay_nlink(r6, &(0x7f0000000040)='trusted.overlay.nlink\x00', &(0x7f00000000c0)={'L-', 0x81}, 0x16, 0x0) [ 363.091228][T12312] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.2'. [ 363.181646][T12321] netlink: 'syz-executor.2': attribute type 2 has an invalid length. [ 363.312386][T12319] netlink: 'syz-executor.4': attribute type 5 has an invalid length. [ 363.329626][T12319] device gretap0 entered promiscuous mode 00:14:22 executing program 5: r0 = socket(0x10, 0x80002, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000002980)={0x0, 0x0, &(0x7f0000002940)={&(0x7f0000000040)=@newtaction={0x78, 0x30, 0x53b, 0x0, 0x0, {}, [{0x64, 0x1, [@m_sample={0x60, 0x1, 0x0, 0x0, {{0xb, 0x1, 'sample\x00'}, {0x34, 0x2, 0x0, 0x1, [@TCA_SAMPLE_PSAMPLE_GROUP={0x8}, @TCA_SAMPLE_RATE={0x8, 0x3, 0x4}, @TCA_SAMPLE_PARMS={0x18}, @TCA_SAMPLE_TRUNC_SIZE={0x8}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x78}}, 0x0) 00:14:22 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x1d7) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)=ANY=[@ANYBLOB="48000000100005060700"/20, @ANYRES32=r4, @ANYBLOB="0000000000000000280012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000000c0)=ANY=[@ANYBLOB="200000001400010400d5000000e2fe5a23000000", @ANYRES32=r4, @ANYBLOB="080002"], 0x20}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000840)=@newlink={0x20, 0x11, 0xa2b, 0x0, 0x0, {0x0, 0x0, 0x0, r4}}, 0x20}}, 0x0) [ 363.477379][T12319] device gretap0 left promiscuous mode 00:14:23 executing program 3: r0 = memfd_create(&(0x7f0000000100)='#\'%nodev\x00', 0x0) write(r0, &(0x7f0000002000)='/', 0x1) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x4, 0x11, r0, 0x0) ppoll(0x0, 0x0, &(0x7f0000000140)={0x77359400}, 0x0, 0x0) futex(&(0x7f0000000000), 0x3, 0x0, 0x0, &(0x7f0000000080), 0x0) 00:14:23 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) mount$fuseblk(&(0x7f0000000080)='/dev/loop0\x00', 0x0, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000011000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f00000000c0)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3266ba400066ed0f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4e}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f00000001c0)={[{0x0, 0x0, 0xfc}]}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000240)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 364.007845][T12345] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.2'. [ 364.044309][T12347] netlink: 'syz-executor.2': attribute type 2 has an invalid length. 00:14:23 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) mount$fuseblk(&(0x7f0000000080)='/dev/loop0\x00', 0x0, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000011000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f00000000c0)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3266ba400066ed0f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4e}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f00000001c0)={[{0x0, 0x0, 0xfc}]}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000240)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 00:14:23 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) mount$fuseblk(&(0x7f0000000080)='/dev/loop0\x00', 0x0, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000011000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f00000000c0)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3266ba400066ed0f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4e}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f00000001c0)={[{0x0, 0x0, 0xfc}]}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000240)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 00:14:23 executing program 1: syz_mount_image$bfs(0x0, &(0x7f0000000240)='.\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r0 = socket(0x40000000002, 0x3, 0x2) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000080)={'vlan0\x00', &(0x7f0000000000)=@ethtool_sset_info={0x17}}) sendmsg$AUDIT_SET_FEATURE(r0, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x20, 0x3fa, 0x300, 0x70bd26, 0x25dfdbff, {0x1, 0x1, 0x1, 0x1}, ["", "", "", "", ""]}, 0x20}, 0x1, 0x0, 0x0, 0x20000000}, 0x801) r1 = openat$dlm_control(0xffffff9c, &(0x7f00000001c0)='/dev/dlm-control\x00', 0x4800, 0x0) r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000280)='TIPCv2\x00') sendmsg$TIPC_NL_KEY_FLUSH(r1, &(0x7f0000000380)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000340)={&(0x7f00000002c0)={0x58, r2, 0x200, 0x70bd28, 0x25dfdbfd, {}, [@TIPC_NLA_MON={0xc, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_REF={0x8, 0x2, 0x2}]}, @TIPC_NLA_NET={0x38, 0x7, 0x0, 0x1, [@TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x4d8}, @TIPC_NLA_NET_ID={0x8, 0x1, 0x7}, @TIPC_NLA_NET_NODEID={0xc, 0x3, 0x2}, @TIPC_NLA_NET_NODEID={0xc, 0x3, 0x1f}, @TIPC_NLA_NET_ADDR={0x8, 0x2, 0x6}]}]}, 0x58}, 0x1, 0x0, 0x0, 0x20000010}, 0x8004) 00:14:23 executing program 5: r0 = socket(0x10, 0x80002, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000002980)={0x0, 0x0, &(0x7f0000002940)={&(0x7f0000000040)=@newtaction={0x78, 0x30, 0x53b, 0x0, 0x0, {}, [{0x64, 0x1, [@m_sample={0x60, 0x1, 0x0, 0x0, {{0xb, 0x1, 'sample\x00'}, {0x34, 0x2, 0x0, 0x1, [@TCA_SAMPLE_PSAMPLE_GROUP={0x8}, @TCA_SAMPLE_RATE={0x8, 0x3, 0x4}, @TCA_SAMPLE_PARMS={0x18}, @TCA_SAMPLE_TRUNC_SIZE={0x8}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x78}}, 0x0) 00:14:23 executing program 4: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000001000)={0x26, 'hash\x00', 0x0, 0x0, 'michael_mic\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, 0x0, 0x0) 00:14:23 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x1d7) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)=ANY=[@ANYBLOB="48000000100005060700"/20, @ANYRES32=r4, @ANYBLOB="0000000000000000280012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000000c0)=ANY=[@ANYBLOB="200000001400010400d5000000e2fe5a23000000", @ANYRES32=r4, @ANYBLOB="080002"], 0x20}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000840)=@newlink={0x20, 0x11, 0xa2b, 0x0, 0x0, {0x0, 0x0, 0x0, r4}}, 0x20}}, 0x0) [ 364.665740][T12391] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.2'. 00:14:24 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) mount$fuseblk(&(0x7f0000000080)='/dev/loop0\x00', 0x0, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000011000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f00000000c0)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3266ba400066ed0f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4e}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f00000001c0)={[{0x0, 0x0, 0xfc}]}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000240)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 364.834265][T12401] netlink: 'syz-executor.2': attribute type 2 has an invalid length. 00:14:24 executing program 4: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r0, 0x0) ftruncate(r0, 0x40) rt_sigaction(0x3f, &(0x7f0000000280)={0x0, 0x0, 0x0}, 0x0, 0x8, &(0x7f00000002c0)) 00:14:24 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) mount$fuseblk(&(0x7f0000000080)='/dev/loop0\x00', 0x0, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000011000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f00000000c0)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3266ba400066ed0f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4e}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f00000001c0)={[{0x0, 0x0, 0xfc}]}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000240)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 00:14:24 executing program 5: setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, &(0x7f00000006c0)=@raw={'raw\x00', 0x3c1, 0x3, 0x29c, 0x0, 0x150, 0x150, 0x10c, 0x0, 0x1d4, 0x238, 0x238, 0x1d4, 0x238, 0x3, 0x0, {[{{@ipv6={@remote, @mcast1, [], [], 'veth1_to_hsr\x00', 'veth0_to_hsr\x00'}, 0x0, 0xa4, 0x10c, 0x0, {0x1202}}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, 'syz1\x00', 'syz0\x00'}}}, {{@uncond, 0x0, 0xa4, 0xc8}, @common=@unspec=@STANDARD={0x24}}], {{[], 0x0, 0xa4, 0xc8}, {0x24}}}}, 0x2f8) r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f00000019c0)='/dev/sequencer\x00', 0x1, 0x0) write$sndseq(r0, &(0x7f0000000040)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @quote}], 0xff33) 00:14:24 executing program 1: pipe(&(0x7f0000000080)={0xffffffffffffffff}) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000280)={0x26, 'hash\x00', 0x0, 0x0, 'tgr192-generic\x00'}, 0x58) r2 = accept4(r1, 0x0, 0x0, 0x0) splice(r0, 0x0, r2, 0x0, 0x80000001, 0x0) ioctl$CAPI_GET_ERRCODE(r0, 0x80024321, &(0x7f00000000c0)) syz_mount_image$bfs(0x0, &(0x7f0000000240)='.\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r3 = openat$sequencer(0xffffff9c, &(0x7f0000000000)='/dev/sequencer\x00', 0x80001, 0x0) r4 = openat2(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080)={0x82000, 0x14d, 0x15}, 0x18) r5 = socket(0x40000000002, 0x3, 0x2) ioctl$sock_SIOCETHTOOL(r5, 0x8946, &(0x7f0000000080)={'vlan0\x00', &(0x7f0000000000)=@ethtool_sset_info={0x17}}) ioctl$F2FS_IOC_MOVE_RANGE(r5, 0xc01cf509, &(0x7f0000000100)={r4, 0x3f, 0x92a}) write$P9_RREADDIR(r6, &(0x7f0000000140)={0xc5, 0x29, 0x1, {0x7, [{{0x1, 0x4, 0x4}, 0xf8, 0x29, 0x7, './file0'}, {{0x10, 0x3, 0x3}, 0x80, 0xda, 0x7, './file0'}, {{0x8, 0x3, 0x6}, 0x9, 0xc9, 0x7, './file0'}, {{0x1, 0x4, 0x3}, 0x7f, 0x9, 0x7, './file0'}, {{0x2, 0x2, 0x6}, 0x0, 0x9, 0x7, './file0'}, {{0x1, 0x1, 0x2}, 0x5, 0x20, 0x7, './file0'}]}}, 0xc5) ioctl$LOOP_CHANGE_FD(r3, 0x4c06, r4) 00:14:24 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x1d7) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)=ANY=[@ANYBLOB="48000000100005060700"/20, @ANYRES32=r4, @ANYBLOB="0000000000000000280012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000000c0)=ANY=[@ANYBLOB="200000001400010400d5000000e2fe5a23000000", @ANYRES32=r4, @ANYBLOB="080002"], 0x20}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000840)=@newlink={0x20, 0x11, 0xa2b, 0x0, 0x0, {0x0, 0x0, 0x0, r4}}, 0x20}}, 0x0) 00:14:24 executing program 0: openat$sequencer2(0xffffffffffffff9c, &(0x7f0000fc9000)='/dev/sequencer2\x00', 0x0, 0x0) r0 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000fc9000)='/dev/sequencer2\x00', 0x0, 0x0) ioctl$KDGKBLED(r0, 0xc08c5102, &(0x7f0000000080)) 00:14:24 executing program 4: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000440)={0x2, 0x4e23, @multicast2}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000400)=[{0x6, 0x0, 0x0, 0xe8}]}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000000)='scalable\x00', 0x9) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) sendmmsg(r0, &(0x7f0000000080)=[{{0x0, 0x0, &(0x7f0000001ac0)=[{&(0x7f0000000300)="f685a288c84ec47e44864a1ae8659eb07e2f", 0x12}, {&(0x7f0000001500)="cfd063443cdc8585517304d96a713e7fb6273277543dd8cc3f1f2506e70e28180a2d2cf93495d7ef3a25d4b8a05b98a627ae8e98ed6f0fa2c78dd9ce1b9ef81f7c9274c78b728e5032c69cf8ebe9d42dd43d2f19d09e91a71f81c3b192d96cc627241b95ec8fbb6c71f603e0d07fcb5a6e07585208dd2ac721d2fdab2c29411f66ec7cca1e1760a2d6ca8af4ec79cae5c78430ea32a266856c8260e4de581475abdd2153aa8fea34789320ee2514903088dfd546a136d4", 0xb7}], 0x2}}], 0x1, 0x0) sendto$inet(r0, &(0x7f00000012c0)='\f', 0x1, 0x11, 0x0, 0x0) [ 365.484413][ C0] ip6_tunnel: ip6tnl4 xmit: Local address not yet configured! 00:14:25 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) mount$fuseblk(&(0x7f0000000080)='/dev/loop0\x00', 0x0, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000011000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f00000000c0)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3266ba400066ed0f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4e}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f00000001c0)={[{0x0, 0x0, 0xfc}]}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000240)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 365.574785][T12432] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.2'. [ 365.628772][T12432] netlink: 'syz-executor.2': attribute type 2 has an invalid length. 00:14:25 executing program 5: r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000100)="d800000018008105e00f80ecdb4cb904021d65ef0b007c05e8fe55a10a0004000200142603000e120800050000000001a8000900a4000a00e558f030035c3b61c1d67f6f94007134cf6efb8000a007a290457f0189b316277ce06bbace8017cbec4c2ee5a7cef4090000001fb791643a5ee4ce1b14d6d930dfe1d9d322fe7c9f8775730d16a4683e4f6d0200003f5aeb4edbb57a5025ccca9e00360db798262f3d40fad95667e04adcdf634c1f215ce3bb9ad809d5e1cace81ed0b7fece0b42a9ecbee5de6ccd40dd6e4edef3d93452a92954b43370e9703", 0xd8}], 0x1}, 0x0) 00:14:25 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, 0x0, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x1d7) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)=ANY=[@ANYBLOB="48000000100005060700"/20, @ANYRES32=r4, @ANYBLOB="0000000000000000280012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000000c0)=ANY=[@ANYBLOB="200000001400010400d5000000e2fe5a23000000", @ANYRES32=r4, @ANYBLOB="080002"], 0x20}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000840)=@newlink={0x20, 0x11, 0xa2b, 0x0, 0x0, {0x0, 0x0, 0x0, r4}}, 0x20}}, 0x0) 00:14:25 executing program 0: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000180)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_nopr_sha1\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, 0x0, 0x0) r1 = accept4$alg(r0, 0x0, 0x0, 0x0) io_setup(0xfff, &(0x7f0000000380)=0x0) io_submit(r2, 0x27f, &(0x7f0000001440)=[&(0x7f0000000200)={0x1000000, 0x0, 0x700000000000000, 0x0, 0x0, r1, &(0x7f0000000340), 0xfdef}]) [ 366.067617][T12456] netlink: 'syz-executor.5': attribute type 4 has an invalid length. [ 366.198854][T12460] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.2'. [ 366.256227][T12466] netlink: 'syz-executor.2': attribute type 2 has an invalid length. 00:14:25 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="4800000010000507000000000000c40000000000", @ANYRES32=r5, @ANYBLOB="0000000000000000280012000900010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r5, @ANYBLOB="00000000ffffffff00000000090001006866736300000000080002"], 0x38}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x50, 0x28, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {0x4}}, [@filter_kind_options=@f_cgroup={{0xb, 0x1, 'cgroup\x00'}, {0x20, 0x2, [@TCA_CGROUP_ACT={0x1c, 0x1, [@m_pedit={0x18, 0x0, 0x0, 0x0, {{0xa, 0x1, 'pedit\x00'}, {0x4}, {0x4}}}]}]}}]}, 0x50}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000ac0)=@newtfilter={0x5c, 0x28, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {0x4}}, [@filter_kind_options=@f_cgroup={{0xb, 0x1, 'cgroup\x00'}, {0x2c, 0x2, [@TCA_CGROUP_EMATCHES={0x14, 0x3, 0x0, 0x1, [@TCA_EMATCH_TREE_HDR={0x8}, @TCA_EMATCH_TREE_HDR={0x8}]}, @TCA_CGROUP_POLICE={0x14, 0x2, [@TCA_POLICE_AVRATE={0x8}, @TCA_POLICE_AVRATE={0x8}]}]}}]}, 0x5c}}, 0x0) 00:14:25 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000500)={&(0x7f00000015c0)=@newlink={0x3c, 0x10, 0x439, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @macsec={{0xb, 0x1, 'macsec\x00'}, {0xc, 0x2, 0x0, 0x1, [@IFLA_MACSEC_ICV_LEN={0x5, 0x3, 0x6}]}}}]}, 0x3c}}, 0x0) 00:14:26 executing program 1: syz_mount_image$bfs(0x0, &(0x7f0000000240)='.\x00', 0x0, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) write(r0, &(0x7f00000000c0)="0a3a688a954d6a3eb7faeb522a4346e7b44b16d6b962a3168a09402eaf85f93d2a31c58c530f48e7f9f653d50120a5f023ad37487f2f2d9c4700000000000e009430ed1880348c2a7c476d362284b338a86b2f085f050f436c15d9000000", 0x5e) ioctl$PPPIOCGNPMODE(r0, 0xc008744c, &(0x7f0000000000)={0xc025, 0x4}) 00:14:26 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, 0x0, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x1d7) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)=ANY=[@ANYBLOB="48000000100005060700"/20, @ANYRES32=r4, @ANYBLOB="0000000000000000280012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000000c0)=ANY=[@ANYBLOB="200000001400010400d5000000e2fe5a23000000", @ANYRES32=r4, @ANYBLOB="080002"], 0x20}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000840)=@newlink={0x20, 0x11, 0xa2b, 0x0, 0x0, {0x0, 0x0, 0x0, r4}}, 0x20}}, 0x0) 00:14:26 executing program 0: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000180)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_nopr_sha1\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, 0x0, 0x0) r1 = accept4$alg(r0, 0x0, 0x0, 0x0) io_setup(0xfff, &(0x7f0000000380)=0x0) io_submit(r2, 0x27f, &(0x7f0000001440)=[&(0x7f0000000200)={0x1000000, 0x0, 0x700000000000000, 0x0, 0x0, r1, &(0x7f0000000340), 0xfdef}]) 00:14:26 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f00000002c0)=@raw={'raw\x00', 0x9, 0x3, 0x288, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f0, 0x178, 0x178, 0x1f0, 0x178, 0x3, 0x0, {[{{@ip={@loopback, @remote, 0x0, 0x0, 'veth1_vlan\x00', 'syzkaller0\x00'}, 0x0, 0xc8, 0x110, 0x0, {}, [@common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}}]}, @unspec=@CT0={0x48, 'CT\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 'snmp\x00'}}}, {{@uncond, 0x0, 0x70, 0xe0}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, "a8314ef7f73eb660aaf2d0366fceb98ed14eaa3aec7f5d7585e5e089571e42293f85f53596f10e80ed5d0ea2f3210a2118b194f7e161a199fb4a363d9d3d811f"}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x2e8) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000240)={0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$sock_inet_udp_SIOCINQ(r2, 0x541b, &(0x7f00000000c0)) modify_ldt$read(0x0, &(0x7f0000000000)=""/175, 0xaf) r3 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = socket$inet_udplite(0x2, 0x2, 0x88) r5 = dup(r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) r6 = socket$inet6(0xa, 0x3, 0x6) r7 = syz_open_procfs(0x0, &(0x7f00000004c0)='net/ip6_flowlabel\x00') sendfile(r6, r7, &(0x7f0000000240)=0x202, 0x4000000000e0) r8 = syz_genetlink_get_family_id$batadv(&(0x7f0000000240)='batadv\x00') sendmsg$BATADV_CMD_SET_MESH(r7, &(0x7f00000001c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000380)={&(0x7f0000000100)={0x4c, r8, 0xe01, 0x70b52b, 0x25dfdbfd, {}, [@BATADV_ATTR_TPMETER_TEST_TIME={0x8, 0xb, 0x81}, @BATADV_ATTR_ORIG_INTERVAL={0x8, 0x39, 0xffff}, @BATADV_ATTR_GW_SEL_CLASS={0x8, 0x34, 0xfffff7fc}, @BATADV_ATTR_DISTRIBUTED_ARP_TABLE_ENABLED={0x5, 0x2f, 0x1}, @BATADV_ATTR_ELP_INTERVAL={0x8, 0x3a, 0x4}, @BATADV_ATTR_ISOLATION_MARK={0x8, 0x2b, 0x3}, @BATADV_ATTR_GW_BANDWIDTH_DOWN={0x8, 0x31, 0x100}]}, 0x4c}, 0x1, 0x0, 0x0, 0x20000010}, 0x4000) [ 367.217004][T12482] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.3'. [ 367.451943][T12496] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.2'. [ 367.485752][T12483] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.3'. 00:14:27 executing program 5: r0 = syz_open_dev$evdev(&(0x7f0000000080)='/dev/input/event#\x00', 0x0, 0x0) ioctl$EVIOCGRAB(r0, 0x40044590, 0x0) 00:14:27 executing program 1: syz_mount_image$bfs(0x0, &(0x7f0000000240)='.\x00', 0x0, 0x0, 0x0, 0x0, 0x0) utimes(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)={{0x77359400}, {0x77359400}}) 00:14:27 executing program 3: syz_read_part_table(0x0, 0x1, &(0x7f0000001280)=[{&(0x7f0000000200)="f4076a0c9c4ffd544952f811250b15a097ef61718e8631c95344ac261875a703f3bd3e13ca7986b6cdf2528e4ad292e758f06bdeb7531e10f72d6b80157e8c39e281b323141f2bdb099335fc24836fdfcd81e94609d44c2922c83d8cdc60a0f810d1fa25ccd5692de77a5c6c911de86313003fd1d372656f5fc6f1b88d9c6272bf7ce761ab9ca28923a8b3be10cf9a73777584b98db38d21350511933b0ce58f2f1af96fce8809fed81064dd657e7332e7a39b26386547a4025a4c57ac9d103f0740d4607adf5c093289c3cf1b3f2753c3fec91dfb06d9605dd57cb314ab5111a8c8a001f04c6313c5e97731ff668c30b5dc386a00f031de4ccbcbe9ec1698fbc5733ecd801d449160725fc7e789471002147fdae918c083c33410bdd3dec4bcfd0d03a93d0893a0c7a7eafb8490a913dc078814a60d214304065f87b88a1fdbb85d5d98ec77fef824bba7734066513cce70602930bcf536167ba0ad080f9e815b6c073c0566aba5d7eb8c4a992ecb845f22832f5918437541c535a964c2dfe4d24fcbb86f2914c1034d5a886c96bc98837ca4ae1c4b67ba1e03958ec3053f0d7d948be9965d453d9f378177f69351bf2fbf14d735bc265a39b7ec91379979329d8b679366aa217f15c991e6179f057a8f7fd271270569fd895b03f8476e8ca99989ffde80bb03b301eaf0a2eb39b879c0a8ea8a508858014e873cf09c3d", 0x1fe, 0x2}]) 00:14:27 executing program 4: r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000440)='/dev/ttyS3\x00', 0x0, 0x0) ioctl$TCSETSF(r0, 0x5453, 0x0) 00:14:27 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, 0x0, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x1d7) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)=ANY=[@ANYBLOB="48000000100005060700"/20, @ANYRES32=r4, @ANYBLOB="0000000000000000280012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000000c0)=ANY=[@ANYBLOB="200000001400010400d5000000e2fe5a23000000", @ANYRES32=r4, @ANYBLOB="080002"], 0x20}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000840)=@newlink={0x20, 0x11, 0xa2b, 0x0, 0x0, {0x0, 0x0, 0x0, r4}}, 0x20}}, 0x0) [ 368.058894][T12535] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.2'. [ 368.138472][T12542] netlink: 'syz-executor.2': attribute type 2 has an invalid length. [ 368.166414][T12534] Dev loop3: unable to read RDB block 1 [ 368.172336][T12534] loop3: unable to read partition table [ 368.178522][T12534] loop3: partition table beyond EOD, truncated [ 368.184907][T12534] loop_reread_partitions: partition scan of loop3 () failed (rc=-5) 00:14:27 executing program 1: r0 = socket(0x40000000002, 0x3, 0x2) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000080)={'vlan0\x00', &(0x7f0000000000)=@ethtool_sset_info={0x17}}) r1 = socket$kcm(0x10, 0x2, 0x10) r2 = syz_genetlink_get_family_id$ipvs(&(0x7f00000001c0)='IPVS\x00') sendmsg$IPVS_CMD_NEW_DAEMON(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000300)={0x44, r2, 0x1, 0x0, 0x0, {}, [@IPVS_CMD_ATTR_DAEMON={0x30, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_STATE={0x8}, @IPVS_DAEMON_ATTR_SYNC_ID={0x8}, @IPVS_DAEMON_ATTR_MCAST_TTL={0x5, 0x8, 0x20}, @IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'veth1_to_hsr\x00'}]}]}, 0x44}}, 0x0) sendmsg$IPVS_CMD_SET_CONFIG(r0, &(0x7f00000001c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000180)={&(0x7f0000000100)={0x44, r2, 0x400, 0x70bd2a, 0x25dfdbfb, {}, [@IPVS_CMD_ATTR_DAEMON={0x30, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'veth0_vlan\x00'}, @IPVS_DAEMON_ATTR_MCAST_PORT={0x6, 0x7, 0x4e23}, @IPVS_DAEMON_ATTR_MCAST_PORT={0x6, 0x7, 0x4e24}, @IPVS_DAEMON_ATTR_MCAST_PORT={0x6, 0x7, 0x4e23}]}]}, 0x44}, 0x1, 0x0, 0x0, 0x4000040}, 0x8800) syz_mount_image$bfs(0x0, &(0x7f0000000240)='.\x00', 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000080)={'tunl0\x00', &(0x7f0000000000)=@ethtool_coalesce={0xf, 0x0, 0x7a39, 0x4, 0x1, 0x1, 0xffff, 0x7, 0x80000000, 0xffffffff, 0xfffffffc, 0x1f, 0x0, 0x1, 0xfff, 0x8, 0x71, 0x40, 0x10000, 0xffff, 0x8, 0x6, 0xbdd}}) 00:14:27 executing program 5: r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='net/ip6_tables_targets\x00') readv(r0, &(0x7f0000002340)=[{&(0x7f0000000400)=""/4096, 0x1000}], 0x100000000000028d) pread64(r0, 0x0, 0x0, 0x0) readv(r0, &(0x7f0000000240)=[{&(0x7f0000000080)=""/138, 0x8a}], 0x1) 00:14:27 executing program 0: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000180)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_nopr_sha1\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, 0x0, 0x0) r1 = accept4$alg(r0, 0x0, 0x0, 0x0) io_setup(0xfff, &(0x7f0000000380)=0x0) io_submit(r2, 0x27f, &(0x7f0000001440)=[&(0x7f0000000200)={0x1000000, 0x0, 0x700000000000000, 0x0, 0x0, r1, &(0x7f0000000340), 0xfdef}]) 00:14:27 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, 0x0}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x1d7) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)=ANY=[@ANYBLOB="48000000100005060700"/20, @ANYRES32=r4, @ANYBLOB="0000000000000000280012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000000c0)=ANY=[@ANYBLOB="200000001400010400d5000000e2fe5a23000000", @ANYRES32=r4, @ANYBLOB="080002"], 0x20}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000840)=@newlink={0x20, 0x11, 0xa2b, 0x0, 0x0, {0x0, 0x0, 0x0, r4}}, 0x20}}, 0x0) [ 368.416756][T12534] Dev loop3: unable to read RDB block 1 [ 368.422613][T12534] loop3: unable to read partition table [ 368.428895][T12534] loop3: partition table beyond EOD, truncated [ 368.435239][T12534] loop_reread_partitions: partition scan of loop3 () failed (rc=-5) 00:14:27 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x2, 0x8, &(0x7f0000000980)=ANY=[@ANYBLOB="720af8ff02000021bfa100000000000007010000f8ffffffb702000002000000bd120000000000008500000010000000b70000000000000095000000000000003faf4f2aa3d9b18ed8a25312a2e2c49e80a32e8cf1cc1a100a9af698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b072e906f2d08002d75593a286cecc93e6427c95aa0b784625704f07a72c29184813a5fd42e4749d76056fe5c34664c0af9360a1f7a5e6b607130c89f18c0c1089d8b8588d72ec28b48b45ef4adf634be763289d01aa27ae8b09e20e79ab20b0b8ed8fb7a68af2ad0000000000000006f803c6468972089b302d7bf6023cdcedb5e0125ebbcebdde510cb2364141215106bf04f658333719acd97cfa107d40224edc5465a932b77e74e80220d42bc6099ad230a198802a778be00000000006ef6c1ff7224ac913f33f5fdc63a949e8b7955394ffa82b8e942c89112f40cfd7c3a1d17b23649c7d6ebe3566719237c8d0e60b0eea24492a660583eecdbf5bcd3de091a9c8452a823ebaf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c9b081d6a08000000ea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d60532af9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62c6faec2fed44da4928b3014bf9b14334e16cb9a6298060d6b2ba11de6c5d50b83bae616b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0eb97fca585ec6bf58351d564beb61e8caab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a6eea31ae4e0f7505ebf6c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c0200000000000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed85b980680b6c4a000000002b435ac15fc0288d9b2a169cdcacc413b48dafb7a2c8cb482bac0ac502d9ba96ffffff7f00000000df73be83bb7d5ad897ef3b7cda42013d53046da21b40216e14ba2d6af8656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff729433282830689da6b53b2633398631c7771429d12000000000000000000000000e09fec2271fe01589646efd1cf870cd7bb2366fde4a59429738fcc917a57f94f6c453cea793cc5ee0c2a5ff870ce5dfd3467decb05cfd9fcb32c8ed1dbd9d10a64c108285e71b5565b1768ee581eee52bf1dc7ffc1969c41595229df17bcad70fb4021428ce970275d5bc8955778567bc79e13b78249788f11f761038b75d4fe32b561d46ea3abe0fa4d30dc94ef241875f3b4b6ab7929a57affe7d7fa29822aea68a660e717a04becff0f719197724f4fce1093b62d7e8c7123d8ecbbc55bf404e4e1f74b7eed82571be50c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2acd1fe582786105c7df8be5877050c91301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598522d3e959efc71f665c4d75cf2458e3542c9062ece84c99a061887a20e39b41c8c12ee86c50804042b3eac1f879b136345cf67ca3fb5aac518a75f9e7d7101d5e186c489b3a067a07e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af403269b4a39ce40293947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457acecc34f24c9ae153e5c708ce65cd6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd452277c3887d6116c6cc9d8046c216c1f895778cb26e22a2a998de44aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63c96ec8485b3b8a8c9aa3d14f93100c2e0893862eef552fcde2981f48c482bde6e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba4958ea8e4aa37094191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250df98674152f94e32409e2a3bce109b649f280a220d9533e30a3952703f652c0785bdc9e282208ff2394a2950dee6cca6617e4653d7cde52301409112130393926aeb0dc5c35076e49921af5c5d47020205cd06f9f13ad250d7fa051fdf0c3ab10afbdea1643e560ee1235478ff95eb953a900000000000000000000000000000085531952e9ed2604d5d6773bd04e22feb22be3c0f5133a31539302e0f2db7d9c1c818f9f779ac49cee004e97052de03330e2215930e40ad7601b2acef7f4c1775d0ecb89ecc2e5d9a190e81dc6870205311ba6b1797ff0e31ba7c2c38764b50e707e6a6bd82662069cd3916d241e01fb1870883ea4087b75dcf96cea285f3f83ec28dd85a41ecfef959a9fca45b5dabb7b6327268f379780df433e53137b3e0626627022e31bdc19b7dc46f8030ea878a9c75ceafdf0931ff52af2e06692174666db7c7a890e0dc8aa6a0720997f7e2f4faa034edab42c3746902c261f4c569e8aab7dea078740c835f08be3e495ce3ac1d8dffecf499f77b063ab1c8e98c2fea8727db6ce77abd6f4f0bf8d3aac4f97eb6aa28672b873086da9abb4d8571675ba1aa5688195314a27d3896f2e07532a79b51f34e0499cfa80a39bffb16d4b78"], &(0x7f0000000100)='GPL\x00'}, 0x48) 00:14:28 executing program 3: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000003e00)={0x0, 0x0, &(0x7f0000003dc0)={&(0x7f0000000200)={{0x14, 0x10, 0x1, 0xb4}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x140b, 0x0, 0x0, {}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_DELTABLE={0x14, 0x2, 0xa, 0x801}, @NFT_MSG_DELTABLE={0x14, 0x2, 0xa, 0x5}], {0x14}}, 0x70}}, 0x0) [ 368.820600][T12561] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.2'. [ 368.871897][T12563] netlink: 'syz-executor.2': attribute type 2 has an invalid length. 00:14:28 executing program 4: r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'ip6gretap0\x00', 0x0}) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=@newlink={0x60, 0x10, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r1}, [@IFLA_LINKINFO={0x40, 0x12, 0x0, 0x1, @ip6gretap={{0xe, 0x1, 'ip6gretap\x00'}, {0x2c, 0x2, 0x0, 0x1, [@IFLA_GRE_LOCAL={0x14, 0x6, @private2}, @IFLA_GRE_REMOTE={0x14, 0x7, @ipv4={[], [], @dev}}]}}}]}, 0x60}}, 0x0) 00:14:28 executing program 5: r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='net/ip6_tables_targets\x00') readv(r0, &(0x7f0000002340)=[{&(0x7f0000000400)=""/4096, 0x1000}], 0x100000000000028d) pread64(r0, 0x0, 0x0, 0x0) readv(r0, &(0x7f0000000240)=[{&(0x7f0000000080)=""/138, 0x8a}], 0x1) 00:14:28 executing program 1: r0 = socket(0x40000000002, 0x3, 0x2) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000080)={'vlan0\x00', &(0x7f00000001c0)=@ethtool_per_queue_op={0x4b, 0xe, [0x2, 0x10001, 0x3, 0x401, 0x8, 0x101, 0xff, 0x4, 0x0, 0x1f, 0x3, 0x8, 0x0, 0xffffffff, 0x3, 0xcd, 0x80000000, 0x47, 0x8, 0x3, 0x1, 0x3, 0x10006, 0x8, 0x7, 0x200, 0x1a, 0x2, 0x0, 0xfffff801, 0x10000, 0x8a6e, 0x81, 0xffffffff, 0xffffffff, 0x6, 0x1, 0x100, 0x5f, 0xffffffff, 0x3, 0x4, 0xfffffc00, 0x0, 0x7fffffff, 0x0, 0x7, 0x1, 0x101, 0x200, 0x4, 0x401, 0x4, 0xfffffffe, 0x800, 0x248, 0x1, 0x8001, 0xff, 0x80000001, 0x1000, 0x3f, 0x6, 0x2, 0x1000, 0x103, 0x10000, 0x1, 0x3, 0x8a, 0x9, 0x100, 0x1, 0x0, 0x6, 0x6, 0x2, 0x1, 0xfffffffb, 0x9, 0x4, 0xffff, 0x2f34, 0x9b, 0x0, 0xa2, 0x3ff, 0x1, 0xffff, 0x7, 0x0, 0x3, 0x8, 0x1f000000, 0x4, 0x101, 0x9, 0x7, 0x0, 0x580f, 0x0, 0x2, 0x5fa4c723, 0x400, 0x5, 0x4, 0x5c, 0x80, 0x7, 0x800, 0xd4, 0x9, 0x5, 0x3f, 0x6, 0x8001, 0x1f, 0xf8c, 0x6, 0x52e0000, 0x4, 0x5, 0x6, 0x3, 0x0, 0x1, 0x5, 0x4], "fb21c1d7c17cd078b3c079dff4ddc9fded4271812312c197e02b90347a77156db0425953aa5a86bd71537d1be828b24bc334311a63421ded0b9843757b97f52027ba"}}) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180)='nl80211\x00') sendmsg$NL80211_CMD_REQ_SET_REG(r1, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000040)={0x20, r2, 0x1, 0x0, 0x0, {}, [@NL80211_ATTR_USER_REG_HINT_TYPE={0x8, 0x9a, 0x2}, @NL80211_ATTR_SOCKET_OWNER={0x4}]}, 0x20}}, 0x0) sendmsg$NL80211_CMD_SET_MPATH(r0, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x2c, r2, 0x200, 0x70bd26, 0x25dfdbff, {}, [@NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @dev={[], 0x29}}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @local}]}, 0x2c}, 0x1, 0x0, 0x0, 0x8800}, 0x40811) syz_mount_image$bfs(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 00:14:28 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, 0x0}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x1d7) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)=ANY=[@ANYBLOB="48000000100005060700"/20, @ANYRES32=r4, @ANYBLOB="0000000000000000280012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000000c0)=ANY=[@ANYBLOB="200000001400010400d5000000e2fe5a23000000", @ANYRES32=r4, @ANYBLOB="080002"], 0x20}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000840)=@newlink={0x20, 0x11, 0xa2b, 0x0, 0x0, {0x0, 0x0, 0x0, r4}}, 0x20}}, 0x0) 00:14:28 executing program 0: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000180)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_nopr_sha1\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, 0x0, 0x0) r1 = accept4$alg(r0, 0x0, 0x0, 0x0) io_setup(0xfff, &(0x7f0000000380)=0x0) io_submit(r2, 0x27f, &(0x7f0000001440)=[&(0x7f0000000200)={0x1000000, 0x0, 0x700000000000000, 0x0, 0x0, r1, &(0x7f0000000340), 0xfdef}]) 00:14:28 executing program 5: r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='net/ip6_tables_targets\x00') readv(r0, &(0x7f0000002340)=[{&(0x7f0000000400)=""/4096, 0x1000}], 0x100000000000028d) pread64(r0, 0x0, 0x0, 0x0) readv(r0, &(0x7f0000000240)=[{&(0x7f0000000080)=""/138, 0x8a}], 0x1) [ 369.468376][T12584] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.2'. 00:14:28 executing program 3: r0 = socket$unix(0x1, 0x1, 0x0) bind$unix(r0, &(0x7f0000003000)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) clone(0x40000000007fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount$9p_unix(&(0x7f0000000040)='\xe9\x1fq\x89Y\x1e\x923aK/file0\x00', &(0x7f0000000000)='\xe9\x1fq\x89Y\x1e\x923aK\x00', &(0x7f00000000c0)='9p\x00', 0x0, &(0x7f0000000140)={'trans=unix,'}) [ 369.543116][T12591] netlink: 'syz-executor.2': attribute type 2 has an invalid length. 00:14:29 executing program 1: syz_mount_image$bfs(0x0, &(0x7f0000000240)='.\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r0 = socket(0x40000000002, 0x3, 0x2) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000080)={'vlan0\x00', &(0x7f0000000000)=@ethtool_sset_info={0x17}}) r1 = socket$inet6(0x10, 0x3, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$batadv(&(0x7f0000000180)='batadv\x00') ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r1, 0x8933, &(0x7f00000001c0)={'batadv0\x00', 0x0}) sendmsg$BATADV_CMD_SET_HARDIF(r2, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000000)={0x24, r3, 0x205, 0x0, 0x0, {0x5}, [@BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r4}, @BATADV_ATTR_HARD_IFINDEX={0x8}]}, 0x24}}, 0x0) r5 = socket(0x40000000002, 0x3, 0x2) ioctl$sock_SIOCETHTOOL(r5, 0x8946, &(0x7f0000000080)={'vlan0\x00', &(0x7f0000000000)=@ethtool_sset_info={0x17}}) pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) write(r6, &(0x7f0000000180)='>', 0x1) ioctl$KVM_GET_CLOCK(r6, 0x8030ae7c, &(0x7f0000000200)) getsockopt$inet_mreqn(r5, 0x0, 0x20, &(0x7f0000000040)={@loopback, @dev, 0x0}, &(0x7f0000000080)=0xc) sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x2c, r3, 0x8, 0x70bf28, 0x25dfdbfb, {}, [@BATADV_ATTR_HARD_IFINDEX={0x6, 0x6, r7}, @BATADV_ATTR_MULTICAST_FORCEFLOOD_ENABLED={0x5}, @BATADV_ATTR_NETWORK_CODING_ENABLED={0x5, 0x38, 0x1}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4008010}, 0x11) r8 = socket$alg(0x26, 0x5, 0x0) bind$alg(r8, &(0x7f0000000280)={0x26, 'hash\x00', 0x0, 0x0, 'tgr192-generic\x00'}, 0x58) r9 = accept4(r8, 0x0, 0x0, 0x0) splice(0xffffffffffffffff, 0x0, r9, 0x0, 0x80000001, 0x0) ioctl$SOUND_MIXER_WRITE_RECSRC(0xffffffffffffffff, 0xc0044dff, &(0x7f0000000280)=0x5) [ 369.702732][T12598] 9pnet: p9_fd_create_unix (12598): problem connecting socket: éq‰Y’3aK/file0: -20 00:14:29 executing program 5: r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='net/ip6_tables_targets\x00') readv(r0, &(0x7f0000002340)=[{&(0x7f0000000400)=""/4096, 0x1000}], 0x100000000000028d) pread64(r0, 0x0, 0x0, 0x0) readv(r0, &(0x7f0000000240)=[{&(0x7f0000000080)=""/138, 0x8a}], 0x1) 00:14:29 executing program 4: perf_event_open(&(0x7f0000000080)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x8}, 0x14002}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, 0x0, 0x0) syz_genetlink_get_family_id$team(&(0x7f0000000000)='team\x00') r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r0, 0xc028660f, &(0x7f00000005c0)) r1 = openat$cgroup_ro(r0, 0x0, 0x0, 0x0) ioctl$KVM_GET_SUPPORTED_CPUID(r1, 0xc008ae05, &(0x7f00000004c0)=""/4096) ioperm(0x80000001, 0x80000001, 0x200000000000) socket(0x1, 0x803, 0x0) getsockname$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000480)=0x14) bpf$MAP_UPDATE_ELEM(0x2, 0x0, 0x0) sendmsg$TIPC_CMD_DISABLE_BEARER(0xffffffffffffffff, 0x0, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000040)='net/nf_conntrack\x00') lseek(r2, 0x1000, 0x0) 00:14:29 executing program 3: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) shutdown(r0, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x1c, &(0x7f0000000380)=[@in6={0xa, 0x0, 0x0, @local, 0x5}]}, &(0x7f0000000180)=0xc) r1 = socket$inet(0x2, 0x80001, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r1, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000040)=0x8) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f00000000c0)={r2, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x0, 0x2, 0x326}, 0x9c) 00:14:29 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, 0x0}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x1d7) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)=ANY=[@ANYBLOB="48000000100005060700"/20, @ANYRES32=r4, @ANYBLOB="0000000000000000280012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000000c0)=ANY=[@ANYBLOB="200000001400010400d5000000e2fe5a23000000", @ANYRES32=r4, @ANYBLOB="080002"], 0x20}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000840)=@newlink={0x20, 0x11, 0xa2b, 0x0, 0x0, {0x0, 0x0, 0x0, r4}}, 0x20}}, 0x0) [ 370.362806][T12613] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.2'. 00:14:29 executing program 0: pipe(&(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = epoll_create(0x40006) poll(&(0x7f00000003c0)=[{r1}], 0x1, 0xff) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000040)={0x10000005}) 00:14:29 executing program 5: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0xffffffffffffffff, 0x0, r0, 0x0) [ 370.683082][T12616] syz-executor.3 (12616) used greatest stack depth: 3672 bytes left 00:14:30 executing program 5: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0xffffffffffffffff, 0x0, r0, 0x0) 00:14:30 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000002c0)={0x14, 0x21, 0x829, 0x0, 0x0, {0x7, 0xe00000000000000}}, 0x14}, 0x1, 0x60}, 0x0) 00:14:30 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x1d7) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)=ANY=[@ANYBLOB="48000000100005060700"/20, @ANYRES32=r4, @ANYBLOB="0000000000000000280012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000000c0)=ANY=[@ANYBLOB="200000001400010400d5000000e2fe5a23000000", @ANYRES32=r4, @ANYBLOB="080002"], 0x20}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000840)=@newlink={0x20, 0x11, 0xa2b, 0x0, 0x0, {0x0, 0x0, 0x0, r4}}, 0x20}}, 0x0) 00:14:30 executing program 1: r0 = socket(0x40000000002, 0x3, 0x2) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000080)={'vlan0\x00', &(0x7f0000000000)=@ethtool_sset_info={0x17}}) getsockopt$IP6T_SO_GET_REVISION_MATCH(r0, 0x29, 0x44, &(0x7f0000000140)={'IDLETIMER\x00'}, &(0x7f0000000180)=0x1e) r1 = socket(0x40000000002, 0x3, 0x2) ioctl$sock_SIOCETHTOOL(r1, 0x8946, &(0x7f0000000080)={'vlan0\x00', &(0x7f0000000000)=@ethtool_sset_info={0x17}}) pwritev(r1, &(0x7f0000000100)=[{&(0x7f0000000280)="44f0e734fa3e0186bc8576da8c82e26656b370e13f8e4e4662816f3252ff27cd451f895acd84757981dc5e8ffc89fcaacf25d65564627e18f43475c23fad09b6d60cdf9d9ef975119e450017b02fa7575aae790ded5a775b7b83bcc505363c5a9d13cc1a07e07426351fe411e7a2eb98e2835a2390749a490b6533f1191c1a2b0eda13dce865eab060b2e166ea66c9751e9d86cdf9f873599af1cb104bbd55456f755b066d5c5076308759996a0c42f9c8ff1840e1cfde2cefe6406207f9447533815a820ce439b9ee99dcea5c750a330458e57ff4ab5b2123586f2dfd3ca84f15f411eacdcaaba6947d917fbb3bfde9e4f61649bee6bd480c33ac51e9a3b1e43976432c8dff844169071ea0b179563a452d850e0622e260307e397fb44c000738bebbae822553e19bdd18962475dc115dda6b35d0f99e78d6794fe93ab9e5c0f61ef6e863ff750195051ce3463ca24984cb428fa0e1eb907057570de131b57ff6aa5c38af08be2e82f70eaefc5128f6b89e128387da4a1bc06807321331dc351771a309ff727d648debe4c50aa2de6896fe9384a8e1e459494be421b9fdf75b729d8ec193d777c4e23d09fed78bc2e37edfd31c075722ede9565f82ddfbc2f0102ba22607ae403ffda5998190f5006528253826dae487316aa4893fd7c1437f271a9aa6798ccbaf93c781fe380621690ff2718459f65b13a4be57222eb120182131e59cd90cf9c76af48ecb1d9db1e91dfff4cce83fa9512122ff1ebcee4442acb5cf61b56f2d28c9cd23383ade76d9101ffbf468376964ec445bcc567564b2d7bab95af2f84a08efec378413a070e25143b47a4502cef10ce4cf386b610ce73a6b003ccea167a815e631e48fc4970c32668c9bc6fd4e20b0f12a61ae231f6e1542f8e007fc54cbf71ef704bc0fdbab5aeec7086c7e8b719903ad24721358b575759c317e1ef3829f4963945160555109ecab7c1b0b33f3479e020f3413e55ff74afadbfc7b7d580dcd674624c994a5736b4f339ba1f74ba53096b29eaa210f403c01208cc495e8e44c0a73a5a037621dade7939eede666a15fd7ccbc8d4b90de6bf8dfe1aa6d8c9bfd57c12e71abe8173a71c66cb739e8adab5795c56212e56a778200b022f897ebfe0d5c94c722499b9235c40d1091508038fb2074e22e8bcd2109c8be13ddfde27ec41607545e48a9ed037741b040573b9b3e2127c484a9589470417ac94438f82a8480b2c19c5214bf7a065fb00298274e66e63090cbd0cbee150ec119dfe9fdc8874fd68a357c488177c9d9a6752a45470832bda2d0d1ca51d62a07e17f2076b5e7f460155ddc81b7053c1369ae63daf65745c607e04bfc66245a84d939b5eb564dfe615d099efe09ce81b647973ec015007a7700feab1616744ea61806853789f5a0557d13b70ed4c0aa01701ede33c96ec4719cfba900ac6f7a6a16b1c8a3ab5daf587e70ca70b2870036039856e2fa7f35bcf161bc14ba607975acf6368d472de88bc6c83a0aa39e5ce53754633b743de41dd84649633538ae50d8c0251702363327964b3d7e3fa663be1a2782bc39a0f2c8286c7f7a8e89dd843a77ab4cc9675bbed8aea1a94d605881231a655af849416ef7034908e3202f768cd8cb654a87a0c4a669dbefc6e27e462a7ecc2e5895dec43b3d0c3701db6ac124ae64167dcb1cd22d8421157fcc1c2dd6d38c0546ee52556dfc974881f3d3dd7b12c3490bdbe7095e1313b28802eb58d2fae9a616b7fb2281cb1fe0f7ead67e0a138f5db719bc8a53ac589ade1ee1cc318a9f89e4ad68b4ad32882daa063ec8f4f3bd27965ec025c6ed0596ab288a859d09f967a5bb92c23dde67146a8d837cb45ba5244941a4ff5196d42763eefc1b6df89b6724facb92acd509760cc32a217a1f38b045e8e385543a63f74ac8d79c363f6185efcff3c073272aa8761e870d2ca6c27f14fbcf64741084baec55f594bd222556a45f2dbdd1bd18192b4e107a7abb06646754dd0891409fdb3da82d3f08dc5903606bfc82f23237fdf98ea1912328614af26f9d332384e6fa3b791c1a017be900559ef2e056d7ddb585c146e5710ecbb789c6a114f1c01056c2875384e0133912b0f10c77d42ede01c896c30437bcf7b22e658e8657fe14a058c0c47cf33558d665ead75e5a2576aa710826c24c51015570d80d7d118ab34033e719a87758cdb47edb24c70512ea6cbb06ac64bf52f44fb4a41cf0ccdbdd71e3ec44cb13f31cbb24c4b9a4fdfdadeb9cb1941521f32f245dc54f49a664e3dd37b7c59b3f5853021f09597f81fe3a0f66c433ed4dffe20de29e2771303d97dd3077558ba58289bcff4ab7c0c530243e1a65caa28bf4b06c838ceaf3860bc8bbb8873347ceddf67ba24c72b54fdba3d413ecf906ff2df35b3a939292ce30b076a35c4dbcb9a6e59aebe537c59fa3fe758418fe5692adc8b368b05dcb8ff8802a15dd426900d769c400cb3598173ac8f477f1fddf5cab79839a50b6b2e1b01da4e446dcee8303eb50470d29c9c46435167cc282e82b584cd5a282bc05e37b3bf5768d35fd95d8564744c32d7a7aa9d3343306c594ba3ba2d88f66e482db18c5726ea65f7f5ea8f90b07b0c69ebbebbcd45bb96a4edea250d3d5e04f0d5056978b097d7ec6a0c17c14d2c57afd7b2e928ee3767fb98ffc80ea60df2f206d8795e638f14ad0f7476688c8756164509752026bb4f309e74ba7d3fea34909569958882d1680389b265bd5674f1f97c88f82d47fe3a9ae67078e3c6385d2c7efb3d2ed9dea88304661b3e32a2d5305baf8d827942a6a79627c25fa95ba49acd6245deacb7aadbc79b7046c12956e2e89a712ab792558bc25063bd119ddd4c6d8b715059ca53106bbb6afd9ef96d3a8e519ad163386d80017e44edebfe4404d4daa5f718f98dd84641559a174946213dcc031c0b6bc73a70c618fe00ee5d71f3a8aff95bc878aa5a8f44d52ca9bdeb9b1ba1a8d0931ab963b555b287095371e9cd08c14951f365e843679b6bdac3fa932c70008933040cb18a117edecdf438c882f6ec575fd1ef6125cb0ffc685a7343257f350ede4550a23ec971a2de4652d402e0835efaf7f07fd0306cb97b74847060384f53ac12ca22bcb4bb89ab698c5fcac6cba8b447ee807bb0aad46bd0454c52ac338b2d0d8d62f296e9581519f844251d5089feab610fceb3925444d7a0fddfb627850961c38b02a2487f8fd89f53a5163ca33ac6d279a1b82dd1d8b9324a17c8b29f195ab3034af11e96d8129a1d8968f5073804291a6fc7f39c4f7aae0f04c20e38a8eef6f312cc8c252d160f20c5deb469ef926737e76268fac437def5a037f7686ba66e7512178e8a3804ebf69ce5fffd3e6202e9a27a6a2359a5ffb82d2e608d7180761b7d00c1b387ab223256dbd7796c92ed6a36fe95cb01a5abd355b63a2cc3a91d932b4353f65ab08834df7ca61f74c63b4b21df79ecbf3822119fc0363ee5afe5daa4dd7dcace6c4999d9d8e8e72b887cc64a8df1e7e15b314f48e3a50300bfe0ee587a56a8d75dd72db5a11fb29fda1cf1e95b1360ae3b6f01c945440bc92f49d5ca3be37c88e56d1a93583908fd1ceb85f0cff8bd717955184bd26e3addd5bd42f2858e562f05283d7736928147ac5f192e7923c17c186e39ab1be247bddfaa50dccf715f30ea380044d37eb5d374a69273598db58c1ffe9991e09646bf6b54b7aba473f6d810a56a670081b1bb7c0219d00fb677e762933d817e59385abe73713e905658776e7aca6e14376a1b49c6c76107180b09b8e8ee3562e743309703a383350f741883a954734f01f2956df3acd7f0700db4364b93d6785d393a2e39f090e45673402111ff1a510988225b8829323039488ec90f7619ea622bfb3839f6e7c96ccfdc1a13c436354af4d4e02106a95876bf035aa10caceabfedf7f07c4bcb5b0df1b6f10f71e24ca43ef3b99f1a0626f56ee11d55cd52d2abd51bb74fa84abc59a4270dc91fdf077b1272cc5629039d69ea3674418ad9bac1cf9ed51f51b007c148eb646c9356fb95d0f31eef79146f13b626e1d807b67c587817a6ffb934cbd91d9e1b6393afde83d11d91d5067fc9765ca00a5abd23299fab1c7e8f4d1afea69e8a81701ca68675814c83c8d349222c95d3156d7f9c6c5ce049024ce983fd3c451108d9aeccf9ccc6d5a7cefb05ec2fc3bbf779498c6ab77d9903e305b4567aa802903ce889d6758b9b4d17dc7b0b07b0193fe94f1d7aee7b18a867052a03f3c0f3b0fb6651e163ceced89270f57d847e6587fd697a60620e9df2834c5a0d5ec16f8b8f7089430a24a4333bae1b3547cd29e9029f32188b99dee98433e783f1b3db2aa73fa64bc9d76d987d8a363c944aff684d1203841a7bd263aaaea35a4641381d91f73be96d6199abc6f8bcd3787f744a7625d89b076ef03ce4a9a507dbac9b940c6b6fef754585032cf0892d895a86e333af661e0951a6dae4c78bfe2fa551d837c1f3c5aae7477b97adb63eb012a6e8bb1b2888de2360e6d4a5a2ba716d700b15b2530b222054ff94c03311a2b8551fa27b8f53408c223a6f7a9f89d307d45151d05a0e2c72f9ab1db3157ace620a95ddce56d30ec04a0ece467cc1537f1e940a476354d4f9c4df6fd81c420f0d79dc9f30c93934a455d28c25a5f4f19cf20edc70b88c63076c919f5b4cca0b0307bb1f65f8d67c4452de33dc8271b897ee4be82cf04ba0bde56702c67420cc707ceaa0b12a0867c51fa79f555392fc7055032c73474e78ef6bf37a54071a19499bd91a3ee1ebd7655215f78243bac53f7083cc58627cda0b289f46fad0aa66ccb9f1615f4e1bb4910cd4ab77acd2c1a058500312b6e1208c2dfd03e864f5d866199353118cc58549bc56cd47b587879b87037c1216ce59c132505fe904c670a85f5812dc2ebb7349c754a8d98c1c2f30c3b8b3425a13245e2e0730df4415d683123f0e84f9e9b948f188e828b1bc0958e38ab27444cc644b4402e20778996726948c1396b3b0352e0c11b8f3c548972006537b6c2a95f01a4c24cd9201d5b8ad946b5868eb700a0c0b5fa753b1c7621da33493a93c6e6207816abaaed79a21d1d7d78af597dec6b9665c6c3cca77e1c0217840f2a28dd736ada21884d2d80161f8526ca6e3a94d16e1ef4fc45155eb88c51b599371ec107b989db402c79b77ef288322fe60fe06a8e4acd32e8ec25e41f76121079b17f322297a6ed1a4311db11895620696c15d02ffc8aba742ab371073bb9a9f0aea272ee5835f7a1b3df70be5fd3954ad2e2d59fe26fa04e0e0731c4c5bb382bba401084cf44521f71566b623f76829606374cb2902decccd63bb285b4a01024aa4d100b499369e6761dea031aea5eb0d22ffd53228b894c1fa06e731ba3e7691e5e09a1da0d1fc0577f0ec4fb8cf0abf6b222244ab9f6d1be4dd9d0ef64ba26707f2f3a72912ccce80297ca370f2fa8c4b2eac164fb127603b193065d21efe5a7cc89b88c624787ed9756bacc0a90a2be7222d0929d7be79c4750370d4c3252356a0b9a8814a8c9e5c68e333e4714279fe206359dc6a36847023662b00a0134a01abfc1fe773575f4b42db2c98224b1ff2dd02c9c8dfb274a0a172c43518b9550fb0c9066a1ca2c15be4d2f98dfa8c7ad24f8934dd159334e06d778fa2459bd1873945f94521daaf57ad3d0dadaaf19e70351ddcf86bf204c8c5cf06270a1f0a80ef92b82ceb33c2a5c9c4cbbe6b8dc7dfee8d6781d0ec15fefd55b3bdb0cca956f432258201cd5b42a2563f54866d32152", 0x1000}, {&(0x7f0000000000)="67a6e0834b8b4a4f30b191dd3c94039858ad372f267efcc1d7b359c2050e48c8f41c478c7d91d0765f547c6f09672bef85729c0d751adcc7978d2ae9f9ad4ad41c9f9c106098bbf183cd3a02bf16e51d6cbd9943272096ec93dae952d52ac195fd50c44007a0c27d78dbda0ec05b1ce047b31d0a641fb3db60647f210cb02488c244dcf411b74437d8ad4d8e7397ab4d25da28a8612a9c530ebfc52a21692a8463e6e08bcd4a9ee43217c689b5de816e8efdd3ebccf95fab2a0b699e8302df2cc73a09d0d99a49e3eb5361981926e884bda10332279de54783d90d05793ef5b63d43ddf09b64d80664d7667f", 0xec}], 0x2, 0xb24) syz_mount_image$bfs(0x0, &(0x7f0000000240)='.\x00', 0x807, 0x0, 0x0, 0x2, 0x0) 00:14:30 executing program 5: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0xffffffffffffffff, 0x0, r0, 0x0) 00:14:30 executing program 0: pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000140)=ANY=[@ANYBLOB="3c0000000706ed640000e2a6ed9f00bdda4da2260c00010006"], 0x1}}, 0x0) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) splice(r0, 0x0, r2, 0x0, 0xc7fde, 0x0) [ 371.340004][T12642] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.2'. 00:14:30 executing program 3: r0 = openat$capi20(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/capi20\x00', 0x0, 0x0) ioctl$CAPI_REGISTER(r0, 0x400c4301, &(0x7f0000000000)={0x0, 0x0, 0x10079c4}) r1 = openat$capi20(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/capi20\x00', 0x0, 0x0) ioctl$CAPI_REGISTER(r1, 0x400c4301, &(0x7f0000000000)={0x0, 0x0, 0x10079c4}) [ 371.541231][T12647] netlink: 'syz-executor.2': attribute type 2 has an invalid length. 00:14:31 executing program 1: syz_mount_image$bfs(0x0, &(0x7f0000000040)='./file0\x00', 0x6, 0xffffffffffffffc2, 0x0, 0xaa0430, 0x0) r0 = socket(0x40000000002, 0x3, 0x2) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000080)={'vlan0\x00', &(0x7f0000000000)=@ethtool_sset_info={0x17}}) r1 = openat$fuse(0xffffff9c, &(0x7f0000000080)='/dev/fuse\x00', 0x2, 0x0) sendfile64(r0, r1, &(0x7f00000000c0)=0x1000, 0x1ff) openat$6lowpan_control(0xffffff9c, &(0x7f0000000000)='/sys/kernel/debug/bluetooth/6lowpan_control\x00', 0x2, 0x0) 00:14:31 executing program 4: perf_event_open(&(0x7f0000000080)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x8}, 0x14002}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, 0x0, 0x0) syz_genetlink_get_family_id$team(&(0x7f0000000000)='team\x00') r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r0, 0xc028660f, &(0x7f00000005c0)) r1 = openat$cgroup_ro(r0, 0x0, 0x0, 0x0) ioctl$KVM_GET_SUPPORTED_CPUID(r1, 0xc008ae05, &(0x7f00000004c0)=""/4096) ioperm(0x80000001, 0x80000001, 0x200000000000) socket(0x1, 0x803, 0x0) getsockname$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000480)=0x14) bpf$MAP_UPDATE_ELEM(0x2, 0x0, 0x0) sendmsg$TIPC_CMD_DISABLE_BEARER(0xffffffffffffffff, 0x0, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000040)='net/nf_conntrack\x00') lseek(r2, 0x1000, 0x0) 00:14:31 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x1d7) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)=ANY=[@ANYBLOB="48000000100005060700"/20, @ANYRES32=r4, @ANYBLOB="0000000000000000280012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000000c0)=ANY=[@ANYBLOB="200000001400010400d5000000e2fe5a23000000", @ANYRES32=r4, @ANYBLOB="080002"], 0x20}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000840)=@newlink={0x20, 0x11, 0xa2b, 0x0, 0x0, {0x0, 0x0, 0x0, r4}}, 0x20}}, 0x0) [ 371.830339][T12665] netlink: 'syz-executor.0': attribute type 1 has an invalid length. [ 371.839231][T12665] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.0'. [ 371.848764][T12665] netlink: 'syz-executor.0': attribute type 1 has an invalid length. 00:14:31 executing program 5: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0xffffffffffffffff, 0x0, r0, 0x0) [ 372.100850][T12674] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.2'. 00:14:31 executing program 3: perf_event_open(&(0x7f0000000080)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x8}, 0x14002}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, 0x0, 0x0) syz_genetlink_get_family_id$team(&(0x7f0000000000)='team\x00') r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r0, 0xc028660f, &(0x7f00000005c0)) r1 = openat$cgroup_ro(r0, 0x0, 0x0, 0x0) ioctl$KVM_GET_SUPPORTED_CPUID(r1, 0xc008ae05, &(0x7f00000004c0)=""/4096) ioperm(0x80000001, 0x80000001, 0x200000000000) socket(0x1, 0x803, 0x0) getsockname$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000480)=0x14) bpf$MAP_UPDATE_ELEM(0x2, 0x0, 0x0) sendmsg$TIPC_CMD_DISABLE_BEARER(0xffffffffffffffff, 0x0, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000040)='net/nf_conntrack\x00') lseek(r2, 0x1000, 0x0) 00:14:31 executing program 1: r0 = socket(0x40000000002, 0x3, 0x2) r1 = socket(0x40000000002, 0x3, 0x2) ioctl$sock_SIOCETHTOOL(r1, 0x8946, &(0x7f0000000080)={'vlan0\x00', &(0x7f0000000000)=@ethtool_sset_info={0x17}}) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000040)='ip6gretap0\x00', 0x10) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000080)={'vlan0\x00', &(0x7f0000000000)=@ethtool_sset_info={0x17}}) r2 = dup(r1) r3 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r3, 0x84, 0x6e, &(0x7f0000000080)=[@in={0x2, 0x0, @dev}], 0x10) r4 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r4, 0x84, 0x6e, &(0x7f0000000180)=[@in6={0xa, 0x0, 0x0, @dev, 0xc}], 0x1c) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r4, 0x84, 0x1d, &(0x7f0000000040)={0x1, [0x0]}, &(0x7f000095dffc)=0x8) setsockopt$inet_sctp6_SCTP_RTOINFO(r3, 0x84, 0x0, &(0x7f0000000040)={r5, 0x1}, 0x10) getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r2, 0x84, 0x22, &(0x7f00000004c0)={0x9, 0x4, 0x0, 0x400, r5}, &(0x7f0000000500)=0x10) r6 = socket(0x40000000002, 0x3, 0x2) ioctl$sock_SIOCETHTOOL(r6, 0x8946, &(0x7f0000000080)={'vlan0\x00', &(0x7f0000000000)=@ethtool_sset_info={0x17}}) ioctl$sock_inet_SIOCGIFPFLAGS(r6, 0x8935, &(0x7f0000000480)={'virt_wifi0\x00', 0x2}) sendmsg$IPCTNL_MSG_TIMEOUT_NEW(r0, &(0x7f00000001c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000180)={&(0x7f0000000100)=ANY=[@ANYBLOB="8000000000080101000000000011000005000009440004800800024000000009080007400000000008000840fffffff708000440ffffffff08000540000004630800094000000009080004400000000708000240000000040500030001904d000900010073797a310000000009000100024088a80000"], 0x80}, 0x1, 0x0, 0x0, 0x494}, 0x48000) syz_mount_image$ntfs(&(0x7f0000000200)='ntfs\x00', &(0x7f0000000240)='./file0\x00', 0x8, 0x1, &(0x7f0000000380)=[{&(0x7f0000000280)="8ff0876859d819ac4e18d327b6a5584f2b4ad202bdda52c69b270804e259e648104c36f1080ab97efb153a05a687a2c5266d6c47beeeadfe5bf29d654de74f95da7cfc4297260c649f63d66f3177015fa8a580491048313d0189ba74bfd63f73d5fdb1ee27561bab840f42307f415061060d6b7c56f4d4836316fffe1a26b6577dfdebb06ed920f5f9d8aa57e0ac6ec744b96779000f0be4eb2f0523e71488388b3cca2d154c873fadd9b5788a32338d340b4b821d1f05e8cadc3c8d30ea7a6a1ba798192fd81c90ebe84c1e915f79e3b326b31809b078c6c170cf2efe590206ae608f5b0c2c54cabde51a7296", 0xed, 0x89}], 0x2000, &(0x7f00000003c0)={[{@fmask={'fmask', 0x3d, 0x20}}, {@case_sensitive_yes='case_sensitive=yes'}, {@case_sensitive_yes='case_sensitive=yes'}, {@umask={'umask', 0x3d, 0x3}}], [{@fscontext={'fscontext', 0x3d, 'sysadm_u'}}, {@appraise='appraise'}, {@obj_user={'obj_user', 0x3d, 'syz1\x00'}}, {@hash='hash'}]}) fcntl$setsig(r0, 0xa, 0x3c) syz_mount_image$bfs(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 00:14:31 executing program 5: r0 = socket(0x10, 0x80002, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000002980)={0x0, 0x0, &(0x7f0000002940)={&(0x7f0000000000)=@newtaction={0x874, 0x30, 0x53b, 0x0, 0x0, {}, [{0x860, 0x1, [@m_police={0x85c, 0x1, 0x0, 0x0, {{0xb, 0x1, 'police\x00'}, {0x848, 0x2, 0x0, 0x1, [[@TCA_POLICE_PEAKRATE={0x404, 0x3, [0x6]}, @TCA_POLICE_TBF={0x3c, 0x1, {0x0, 0x0, 0x0, 0x0, 0x0, {0x40, 0x0, 0x0, 0x0, 0x0, 0x1f}, {0xe9, 0x0, 0x0, 0x0, 0x0, 0x4}}}, @TCA_POLICE_RATE={0x404}]]}, {0x4}}}]}]}, 0x874}}, 0x0) [ 372.428946][T12679] netlink: 'syz-executor.2': attribute type 2 has an invalid length. 00:14:31 executing program 3: perf_event_open(&(0x7f0000000080)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x8}, 0x14002}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, 0x0, 0x0) syz_genetlink_get_family_id$team(&(0x7f0000000000)='team\x00') r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r0, 0xc028660f, &(0x7f00000005c0)) r1 = openat$cgroup_ro(r0, 0x0, 0x0, 0x0) ioctl$KVM_GET_SUPPORTED_CPUID(r1, 0xc008ae05, &(0x7f00000004c0)=""/4096) ioperm(0x80000001, 0x80000001, 0x200000000000) socket(0x1, 0x803, 0x0) getsockname$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000480)=0x14) bpf$MAP_UPDATE_ELEM(0x2, 0x0, 0x0) sendmsg$TIPC_CMD_DISABLE_BEARER(0xffffffffffffffff, 0x0, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000040)='net/nf_conntrack\x00') lseek(r2, 0x1000, 0x0) 00:14:32 executing program 4: perf_event_open(&(0x7f0000000080)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x8}, 0x14002}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, 0x0, 0x0) syz_genetlink_get_family_id$team(&(0x7f0000000000)='team\x00') r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r0, 0xc028660f, &(0x7f00000005c0)) r1 = openat$cgroup_ro(r0, 0x0, 0x0, 0x0) ioctl$KVM_GET_SUPPORTED_CPUID(r1, 0xc008ae05, &(0x7f00000004c0)=""/4096) ioperm(0x80000001, 0x80000001, 0x200000000000) socket(0x1, 0x803, 0x0) getsockname$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000480)=0x14) bpf$MAP_UPDATE_ELEM(0x2, 0x0, 0x0) sendmsg$TIPC_CMD_DISABLE_BEARER(0xffffffffffffffff, 0x0, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000040)='net/nf_conntrack\x00') lseek(r2, 0x1000, 0x0) 00:14:32 executing program 0: syz_mount_image$msdos(&(0x7f0000000040)='msdos\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000980)={[{@fat=@uid={'uid'}}]}) 00:14:32 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x1d7) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)=ANY=[@ANYBLOB="48000000100005060700"/20, @ANYRES32=r4, @ANYBLOB="0000000000000000280012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000000c0)=ANY=[@ANYBLOB="200000001400010400d5000000e2fe5a23000000", @ANYRES32=r4, @ANYBLOB="080002"], 0x20}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000840)=@newlink={0x20, 0x11, 0xa2b, 0x0, 0x0, {0x0, 0x0, 0x0, r4}}, 0x20}}, 0x0) 00:14:32 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0x7, 0x0, 0x0) [ 372.905950][T12704] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.2'. 00:14:32 executing program 4: perf_event_open(&(0x7f0000000080)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x8}, 0x14002}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, 0x0, 0x0) syz_genetlink_get_family_id$team(&(0x7f0000000000)='team\x00') r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r0, 0xc028660f, &(0x7f00000005c0)) r1 = openat$cgroup_ro(r0, 0x0, 0x0, 0x0) ioctl$KVM_GET_SUPPORTED_CPUID(r1, 0xc008ae05, &(0x7f00000004c0)=""/4096) ioperm(0x80000001, 0x80000001, 0x200000000000) socket(0x1, 0x803, 0x0) getsockname$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000480)=0x14) bpf$MAP_UPDATE_ELEM(0x2, 0x0, 0x0) sendmsg$TIPC_CMD_DISABLE_BEARER(0xffffffffffffffff, 0x0, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000040)='net/nf_conntrack\x00') lseek(r2, 0x1000, 0x0) [ 373.189311][T12717] FAT-fs (loop0): bogus number of reserved sectors [ 373.199341][T12717] FAT-fs (loop0): Can't find a valid FAT filesystem 00:14:32 executing program 5: r0 = socket$inet6(0xa, 0x400000000001, 0x0) close(r0) r1 = socket$inet6_sctp(0xa, 0x801, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r1, 0x84, 0x64, &(0x7f0000cf6fe4)=[@in6={0xa, 0x4e23, 0x0, @loopback}], 0x1c) setsockopt$inet_sctp6_SCTP_DELAYED_SACK(r0, 0x84, 0x10, &(0x7f0000000ac0)=@sack_info={0x0, 0x0, 0x32}, 0xc) connect$inet6(r1, &(0x7f0000000080)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) r2 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r1, 0x84, 0x72, &(0x7f0000000100)={0x0, 0x0, 0x20}, 0xc) ftruncate(r2, 0x200004) sendfile(r0, r2, 0x0, 0x80001d00c0d0) 00:14:32 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, 0x0, &(0x7f0000000200)) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)=ANY=[@ANYBLOB="48000000100005060700"/20, @ANYRES32, @ANYBLOB="0000000000000000280012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000000c0)=ANY=[@ANYBLOB="200000001400010400d5000000e2fe5a23000000", @ANYRES32, @ANYBLOB="080002"], 0x20}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000840)=@newlink={0x20, 0x11, 0xa2b}, 0x20}}, 0x0) [ 373.438558][T12717] FAT-fs (loop0): bogus number of reserved sectors [ 373.445781][T12717] FAT-fs (loop0): Can't find a valid FAT filesystem 00:14:33 executing program 3: perf_event_open(&(0x7f0000000080)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x8}, 0x14002}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, 0x0, 0x0) syz_genetlink_get_family_id$team(&(0x7f0000000000)='team\x00') r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r0, 0xc028660f, &(0x7f00000005c0)) r1 = openat$cgroup_ro(r0, 0x0, 0x0, 0x0) ioctl$KVM_GET_SUPPORTED_CPUID(r1, 0xc008ae05, &(0x7f00000004c0)=""/4096) ioperm(0x80000001, 0x80000001, 0x200000000000) socket(0x1, 0x803, 0x0) getsockname$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000480)=0x14) bpf$MAP_UPDATE_ELEM(0x2, 0x0, 0x0) sendmsg$TIPC_CMD_DISABLE_BEARER(0xffffffffffffffff, 0x0, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000040)='net/nf_conntrack\x00') lseek(r2, 0x1000, 0x0) 00:14:33 executing program 0: syz_mount_image$msdos(&(0x7f0000000040)='msdos\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000980)={[{@fat=@uid={'uid'}}]}) [ 373.763965][ T32] audit: type=1800 audit(1595031273.176:345): pid=12729 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed comm="syz-executor.5" name="bus" dev="sda1" ino=16213 res=0 00:14:33 executing program 4: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) shutdown(r1, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x10, &(0x7f0000000500)=[@in={0x2, 0x0, @rand_addr=0x1}]}, &(0x7f0000000180)=0xc) r2 = socket$inet(0x2, 0x80001, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r2, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000040)=0x8) setsockopt$inet_sctp6_SCTP_DELAYED_SACK(r0, 0x84, 0x10, &(0x7f0000000340)=@assoc_value={r3}, 0x8) 00:14:33 executing program 1: syz_mount_image$bfs(0x0, &(0x7f0000000240)='.\x00', 0x0, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000080)={0xffffffffffffffff}) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000280)={0x26, 'hash\x00', 0x0, 0x0, 'tgr192-generic\x00'}, 0x58) setsockopt$pppl2tp_PPPOL2TP_SO_LNSMODE(r0, 0x111, 0x4, 0x1, 0x4) r2 = accept4(r1, 0x0, 0x0, 0x0) splice(r0, 0x0, r2, 0x0, 0x80000001, 0x0) utimensat(r0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040)={{0x0, 0x2710}, {0x77359400}}, 0x100) get_robust_list(0x0, &(0x7f0000000200)=&(0x7f00000001c0)={&(0x7f0000000100)={&(0x7f00000000c0)}, 0x0, &(0x7f0000000180)={&(0x7f0000000140)}}, &(0x7f0000000300)=0xc) [ 374.024757][T12738] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.2'. 00:14:33 executing program 5: r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0) connect(r0, &(0x7f0000000100)=@vsock={0x28, 0x0, 0x0, @my=0x0}, 0x80) [ 374.181222][T12743] netlink: 'syz-executor.2': attribute type 2 has an invalid length. [ 374.215595][T12750] FAT-fs (loop0): bogus number of reserved sectors [ 374.222335][T12750] FAT-fs (loop0): Can't find a valid FAT filesystem [ 374.421363][T12762] sctp: [Deprecated]: syz-executor.4 (pid 12762) Use of struct sctp_assoc_value in delayed_ack socket option. [ 374.421363][T12762] Use struct sctp_sack_info instead [ 374.513051][T12760] sctp: [Deprecated]: syz-executor.4 (pid 12760) Use of struct sctp_assoc_value in delayed_ack socket option. [ 374.513051][T12760] Use struct sctp_sack_info instead 00:14:34 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, 0x0, &(0x7f0000000200)) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)=ANY=[@ANYBLOB="48000000100005060700"/20, @ANYRES32, @ANYBLOB="0000000000000000280012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000000c0)=ANY=[@ANYBLOB="200000001400010400d5000000e2fe5a23000000", @ANYRES32, @ANYBLOB="080002"], 0x20}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000840)=@newlink={0x20, 0x11, 0xa2b}, 0x20}}, 0x0) 00:14:34 executing program 5: bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x19, 0x4, &(0x7f0000000140)=ANY=[@ANYBLOB="1800000000000000000000000000000061112000000000009500000000000000f99ca3a7f49e54cc44bc958d61763f00a57df35f3161c97af107333124d5d2ca1d56483fee2610b97f7bfc5bbeb1b700002005c1255c41740c"], &(0x7f00000000c0)='GPL\x00', 0x4, 0x1000, &(0x7f0000000200)=""/4096, 0x0, 0x0, [], 0x0, 0x15, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) 00:14:34 executing program 0: syz_mount_image$msdos(&(0x7f0000000040)='msdos\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000980)={[{@fat=@uid={'uid'}}]}) 00:14:34 executing program 4: socket$inet6(0xa, 0x200000000003, 0x87) syz_emit_ethernet(0x5e, &(0x7f00000003c0)={@local, @local, @void, {@ipv6={0x86dd, @udp={0x0, 0x6, '\x00', 0x8, 0x2b, 0x0, @local, @local, {[@hopopts={0x87}, @srh={0x0, 0x2, 0x4, 0x1, 0x0, 0x0, 0x0, [@loopback]}], {0x0, 0x0, 0x8}}}}}}, 0x0) [ 375.004304][T12769] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.2'. 00:14:34 executing program 3: setsockopt$inet_sctp_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, &(0x7f0000000040)=@assoc_value={0x0, 0xfffffffd}, 0x8) r0 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000002000/0x4000)=nil, 0x4000, 0x2, 0x2812, r0, 0x0) r1 = open(&(0x7f0000000240)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000005000/0x1000)=nil, 0x1000, 0x0, 0x2812, r1, 0x0) write$FUSE_DIRENTPLUS(r1, &(0x7f0000000040)=ANY=[], 0xfd30) perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 375.188401][T12775] netlink: 'syz-executor.2': attribute type 2 has an invalid length. [ 375.239847][T12778] FAT-fs (loop0): bogus number of reserved sectors [ 375.249276][T12778] FAT-fs (loop0): Can't find a valid FAT filesystem 00:14:34 executing program 4: socket$inet6(0xa, 0x200000000003, 0x87) syz_emit_ethernet(0x5e, &(0x7f00000003c0)={@local, @local, @void, {@ipv6={0x86dd, @udp={0x0, 0x6, '\x00', 0x8, 0x2b, 0x0, @local, @local, {[@hopopts={0x87}, @srh={0x0, 0x2, 0x4, 0x1, 0x0, 0x0, 0x0, [@loopback]}], {0x0, 0x0, 0x8}}}}}}, 0x0) 00:14:34 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, 0x0, &(0x7f0000000200)) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)=ANY=[@ANYBLOB="48000000100005060700"/20, @ANYRES32, @ANYBLOB="0000000000000000280012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000000c0)=ANY=[@ANYBLOB="200000001400010400d5000000e2fe5a23000000", @ANYRES32, @ANYBLOB="080002"], 0x20}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000840)=@newlink={0x20, 0x11, 0xa2b}, 0x20}}, 0x0) 00:14:34 executing program 1: syz_mount_image$bfs(0x0, &(0x7f0000000240)='.\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0x6) setresuid(0x0, r1, 0x0) r2 = socket(0x40000000002, 0x3, 0x2) ioctl$sock_SIOCETHTOOL(r2, 0x8946, &(0x7f0000000080)={'vlan0\x00', &(0x7f0000000000)=@ethtool_sset_info={0x17}}) r3 = socket(0x40000000002, 0x3, 0x2) ioctl$sock_SIOCETHTOOL(r3, 0x8946, &(0x7f0000000080)={'vlan0\x00', &(0x7f0000000000)=@ethtool_sset_info={0x17}}) sendmsg$RDMA_NLDEV_CMD_STAT_SET(r3, &(0x7f0000000180)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x30, 0x1410, 0x200, 0x70bd28, 0x25dfdbfc, "", [@RDMA_NLDEV_ATTR_STAT_MODE={0x8, 0x4a, 0x1}, @RDMA_NLDEV_ATTR_RES_LQPN={0x8, 0x15, 0x4}, @RDMA_NLDEV_ATTR_RES_LQPN={0x8, 0x15, 0x4}, @RDMA_NLDEV_ATTR_RES_LQPN={0x8}]}, 0x30}, 0x1, 0x0, 0x0, 0x4}, 0x40041) getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000000040)={0x0, 0x0, 0x0}, &(0x7f0000000080)=0xc) chown(&(0x7f0000000000)='./file0\x00', r1, r4) 00:14:35 executing program 0: syz_mount_image$msdos(&(0x7f0000000040)='msdos\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000980)={[{@fat=@uid={'uid'}}]}) [ 375.579828][T12785] ref_ctr going negative. vaddr: 0x20002004, curr val: -3, delta: 1 [ 375.589082][T12785] ref_ctr increment failed for inode: 0x3e21 offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x00000000c6d0a73a [ 375.671387][T12791] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.2'. 00:14:35 executing program 5: bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x19, 0x4, &(0x7f0000000140)=ANY=[@ANYBLOB="1800000000000000000000000000000061112000000000009500000000000000f99ca3a7f49e54cc44bc958d61763f00a57df35f3161c97af107333124d5d2ca1d56483fee2610b97f7bfc5bbeb1b700002005c1255c41740c"], &(0x7f00000000c0)='GPL\x00', 0x4, 0x1000, &(0x7f0000000200)=""/4096, 0x0, 0x0, [], 0x0, 0x15, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) 00:14:35 executing program 4: socket$inet6(0xa, 0x200000000003, 0x87) syz_emit_ethernet(0x5e, &(0x7f00000003c0)={@local, @local, @void, {@ipv6={0x86dd, @udp={0x0, 0x6, '\x00', 0x8, 0x2b, 0x0, @local, @local, {[@hopopts={0x87}, @srh={0x0, 0x2, 0x4, 0x1, 0x0, 0x0, 0x0, [@loopback]}], {0x0, 0x0, 0x8}}}}}}, 0x0) [ 375.812903][T12796] netlink: 'syz-executor.2': attribute type 2 has an invalid length. 00:14:35 executing program 5: bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x19, 0x4, &(0x7f0000000140)=ANY=[@ANYBLOB="1800000000000000000000000000000061112000000000009500000000000000f99ca3a7f49e54cc44bc958d61763f00a57df35f3161c97af107333124d5d2ca1d56483fee2610b97f7bfc5bbeb1b700002005c1255c41740c"], &(0x7f00000000c0)='GPL\x00', 0x4, 0x1000, &(0x7f0000000200)=""/4096, 0x0, 0x0, [], 0x0, 0x15, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) [ 376.042892][T12806] FAT-fs (loop0): bogus number of reserved sectors [ 376.049649][T12806] FAT-fs (loop0): Can't find a valid FAT filesystem 00:14:35 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000000300)=@newlink={0x48, 0x10, 0xc3b, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @erspan={{0xb, 0x1, 'erspan\x00'}, {0x18, 0x2, 0x0, 0x1, [@IFLA_GRE_ENCAP_SPORT={0x6}, @IFLA_GRE_COLLECT_METADATA={0x4}, @IFLA_GRE_ENCAP_FLAGS={0x6}]}}}]}, 0x48}}, 0x0) 00:14:35 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, 0x0) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)=ANY=[@ANYBLOB="48000000100005060700"/20, @ANYRES32=r4, @ANYBLOB="0000000000000000280012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000000c0)=ANY=[@ANYBLOB="200000001400010400d5000000e2fe5a23000000", @ANYRES32=r4, @ANYBLOB="080002"], 0x20}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000840)=@newlink={0x20, 0x11, 0xa2b, 0x0, 0x0, {0x0, 0x0, 0x0, r4}}, 0x20}}, 0x0) 00:14:35 executing program 1: syz_mount_image$bfs(0x0, &(0x7f0000000240)='.\x00', 0x0, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000080)={0xffffffffffffffff}) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000280)={0x26, 'hash\x00', 0x0, 0x0, 'tgr192-generic\x00'}, 0x58) r2 = accept4(r1, 0x0, 0x0, 0x0) splice(r0, 0x0, r2, 0x0, 0x80000001, 0x0) ioctl$DRM_IOCTL_AUTH_MAGIC(r0, 0x40046411, &(0x7f0000000000)=0xce) [ 376.510216][T12821] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.2'. 00:14:36 executing program 4: socket$inet6(0xa, 0x200000000003, 0x87) syz_emit_ethernet(0x5e, &(0x7f00000003c0)={@local, @local, @void, {@ipv6={0x86dd, @udp={0x0, 0x6, '\x00', 0x8, 0x2b, 0x0, @local, @local, {[@hopopts={0x87}, @srh={0x0, 0x2, 0x4, 0x1, 0x0, 0x0, 0x0, [@loopback]}], {0x0, 0x0, 0x8}}}}}}, 0x0) [ 376.691418][T12825] netlink: 'syz-executor.2': attribute type 2 has an invalid length. 00:14:36 executing program 3: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000004c0)={0x58, 0x2, 0x6, 0x201, 0x0, 0x0, {}, [@IPSET_ATTR_TYPENAME={0xe, 0x3, 'bitmap:ip\x00'}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_DATA={0x10, 0x7, 0x0, 0x1, [@IPSET_ATTR_IP={0x6, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @multicast2}}]}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}]}, 0x58}}, 0x0) 00:14:36 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, 0x0) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)=ANY=[@ANYBLOB="48000000100005060700"/20, @ANYRES32=r4, @ANYBLOB="0000000000000000280012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000000c0)=ANY=[@ANYBLOB="200000001400010400d5000000e2fe5a23000000", @ANYRES32=r4, @ANYBLOB="080002"], 0x20}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000840)=@newlink={0x20, 0x11, 0xa2b, 0x0, 0x0, {0x0, 0x0, 0x0, r4}}, 0x20}}, 0x0) 00:14:36 executing program 5: bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x19, 0x4, &(0x7f0000000140)=ANY=[@ANYBLOB="1800000000000000000000000000000061112000000000009500000000000000f99ca3a7f49e54cc44bc958d61763f00a57df35f3161c97af107333124d5d2ca1d56483fee2610b97f7bfc5bbeb1b700002005c1255c41740c"], &(0x7f00000000c0)='GPL\x00', 0x4, 0x1000, &(0x7f0000000200)=""/4096, 0x0, 0x0, [], 0x0, 0x15, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) 00:14:36 executing program 0: r0 = socket$inet6(0xa, 0x2, 0x0) sendto$inet6(r0, 0x0, 0x0, 0x9f89cea564241d3e, &(0x7f0000000080)={0xa, 0x4e1e, 0x0, @mcast2}, 0x1c) 00:14:36 executing program 0: r0 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv4/vs/sync_threshold\x00', 0x2, 0x0) r1 = memfd_create(&(0x7f0000000780)='\x00', 0x0) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x11, r1, 0x0) write$RDMA_USER_CM_CMD_SET_OPTION(r0, &(0x7f0000000100)={0xe, 0x18, 0xfa00, @id_afonly={0x0}}, 0x20) [ 377.153273][T12841] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.2'. 00:14:36 executing program 4: r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)={0x2, 0xa, 0x0, 0xf, 0x2}, 0x10}}, 0x0) [ 377.262160][T12845] netlink: 'syz-executor.2': attribute type 2 has an invalid length. 00:14:36 executing program 3: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000004c0)={0x58, 0x2, 0x6, 0x201, 0x0, 0x0, {}, [@IPSET_ATTR_TYPENAME={0xe, 0x3, 'bitmap:ip\x00'}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_DATA={0x10, 0x7, 0x0, 0x1, [@IPSET_ATTR_IP={0x6, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @multicast2}}]}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}]}, 0x58}}, 0x0) 00:14:36 executing program 5: r0 = socket$inet(0x2, 0x4000000805, 0x0) getsockopt$IPT_SO_GET_REVISION_TARGET(r0, 0x0, 0x43, 0x0, &(0x7f00000012c0)=0x1e) 00:14:36 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, 0x0) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)=ANY=[@ANYBLOB="48000000100005060700"/20, @ANYRES32=r4, @ANYBLOB="0000000000000000280012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000000c0)=ANY=[@ANYBLOB="200000001400010400d5000000e2fe5a23000000", @ANYRES32=r4, @ANYBLOB="080002"], 0x20}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000840)=@newlink={0x20, 0x11, 0xa2b, 0x0, 0x0, {0x0, 0x0, 0x0, r4}}, 0x20}}, 0x0) 00:14:37 executing program 0: pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0x5, 0x1ff, 0x4, 0x9}, 0x40) r2 = dup2(r1, r0) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240), &(0x7f00000020c0), 0x5, r2}, 0x38) 00:14:37 executing program 1: syz_mount_image$bfs(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x140400, 0x0) [ 377.779264][T12863] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.2'. 00:14:37 executing program 3: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000004c0)={0x58, 0x2, 0x6, 0x201, 0x0, 0x0, {}, [@IPSET_ATTR_TYPENAME={0xe, 0x3, 'bitmap:ip\x00'}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_DATA={0x10, 0x7, 0x0, 0x1, [@IPSET_ATTR_IP={0x6, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @multicast2}}]}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}]}, 0x58}}, 0x0) 00:14:37 executing program 4: r0 = socket$inet6(0xa, 0x3, 0x84) connect$inet6(r0, &(0x7f0000000080)={0xa, 0x0, 0x0, @local, 0x9}, 0x1c) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0xc100) write$binfmt_aout(r0, &(0x7f00000001c0)={{0x0, 0x0, 0x0, 0x0, 0x0, 0x20405}}, 0x20) [ 377.940793][T12866] netlink: 'syz-executor.2': attribute type 2 has an invalid length. 00:14:37 executing program 5: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_MCAST_JOIN_GROUP(0xffffffffffffffff, 0x0, 0x2a, &(0x7f0000008000), 0x84) getsockopt$inet_buf(r0, 0x0, 0x30, &(0x7f0000008000)=""/144, &(0x7f0000004000)=0x90) 00:14:37 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x1d7) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)=ANY=[@ANYBLOB="48000000100005060700"/20, @ANYRES32=r3, @ANYBLOB="0000000000000000280012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000000c0)=ANY=[@ANYBLOB="200000001400010400d5000000e2fe5a23000000", @ANYRES32=r3, @ANYBLOB="080002"], 0x20}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000840)=@newlink={0x20, 0x11, 0xa2b, 0x0, 0x0, {0x0, 0x0, 0x0, r3}}, 0x20}}, 0x0) 00:14:37 executing program 3: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000004c0)={0x58, 0x2, 0x6, 0x201, 0x0, 0x0, {}, [@IPSET_ATTR_TYPENAME={0xe, 0x3, 'bitmap:ip\x00'}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_DATA={0x10, 0x7, 0x0, 0x1, [@IPSET_ATTR_IP={0x6, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @multicast2}}]}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}]}, 0x58}}, 0x0) 00:14:37 executing program 0: r0 = memfd_create(&(0x7f0000000240)='t\bnu\x8c\xc4', 0x0) lseek(r0, 0x0, 0x27e6a16682eb5113) [ 378.385218][T12888] netlink: 'syz-executor.2': attribute type 2 has an invalid length. 00:14:38 executing program 4: r0 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f0000000040)={0x802}, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)={0x14, 0x42, 0x301, 0x0, 0x0, {0x2}}, 0x14}}, 0x0) 00:14:38 executing program 1: r0 = socket(0x40000000002, 0x3, 0x2) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000080)={'vlan0\x00', &(0x7f0000000000)=@ethtool_sset_info={0x17}}) connect$phonet_pipe(r0, &(0x7f0000000000)={0x23, 0x1f, 0x6, 0x4}, 0x10) syz_mount_image$bfs(0x0, &(0x7f0000000240)='.\x00', 0x0, 0x0, 0x0, 0x1090, 0x0) 00:14:38 executing program 5: r0 = socket(0x11, 0x800000003, 0x0) bind(r0, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) getsockname$packet(r0, &(0x7f00000003c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000100)=0x14) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000001c0)=@newqdisc={0x6c, 0x24, 0x51d, 0x0, 0x0, {0x0, 0x0, 0x0, r1, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_pfifo_head_drop={{0x14, 0x1, 'pfifo_head_drop\x00'}, {0x8}}, @TCA_STAB={0x24, 0x8, 0x0, 0x1, [{{0x1c}, {0x4}}]}, @TCA_RATE={0x6, 0x5, {0x12}}]}, 0x6c}}, 0x0) 00:14:38 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x1d7) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)=ANY=[@ANYBLOB="48000000100005060700"/20, @ANYRES32=r3, @ANYBLOB="0000000000000000280012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000000c0)=ANY=[@ANYBLOB="200000001400010400d5000000e2fe5a23000000", @ANYRES32=r3, @ANYBLOB="080002"], 0x20}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000840)=@newlink={0x20, 0x11, 0xa2b, 0x0, 0x0, {0x0, 0x0, 0x0, r3}}, 0x20}}, 0x0) 00:14:38 executing program 3: r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) getsockopt$bt_BT_FLUSHABLE(r0, 0x112, 0x8, &(0x7f0000000080), &(0x7f0000000180)=0x4) 00:14:38 executing program 0: r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3) getsockopt$IP_VS_SO_GET_VERSION(r0, 0x0, 0x480, 0x0, 0x0) 00:14:38 executing program 4: r0 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r0, &(0x7f0000f67fe4)={0xa, 0x4e20, 0x0, @empty}, 0x1c) syz_emit_ethernet(0x437, &(0x7f0000001d80)=ANY=[@ANYBLOB="aaaaaaaaaaaafffffffffff786dd60c22df7040111a36e6d44000000f8ff0000000000000000fe8000000000000000000000000000aa00004e20"], 0x0) [ 379.141203][T12910] netlink: 'syz-executor.2': attribute type 2 has an invalid length. [ 379.228820][T12914] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. 00:14:38 executing program 1: r0 = socket(0x40000000002, 0x3, 0x2) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000080)={'vlan0\x00', &(0x7f0000000000)=@ethtool_sset_info={0x17}}) getsockopt$inet_udp_int(r0, 0x11, 0x67, &(0x7f0000000000), &(0x7f0000000040)=0x4) syz_mount_image$bfs(0x0, &(0x7f0000000240)='.\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 00:14:38 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x1d7) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)=ANY=[@ANYBLOB="48000000100005060700"/20, @ANYRES32=r3, @ANYBLOB="0000000000000000280012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000000c0)=ANY=[@ANYBLOB="200000001400010400d5000000e2fe5a23000000", @ANYRES32=r3, @ANYBLOB="080002"], 0x20}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000840)=@newlink={0x20, 0x11, 0xa2b, 0x0, 0x0, {0x0, 0x0, 0x0, r3}}, 0x20}}, 0x0) 00:14:38 executing program 3: r0 = socket$inet(0x2, 0x2, 0x0) setsockopt$inet_buf(r0, 0x0, 0x5, 0x0, 0x0) 00:14:38 executing program 5: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)=ANY=[@ANYBLOB="140000001000000000000000000000000000000a20000000000a01000000000087a3db98000000000900010073797a300000000084000000080a8381933a000000000000000000000900010073797a30000000000c00024000000000000000032e000240fffffff9b35374968febcdd516bcffeff402139d81b5"], 0xcc}}, 0x0) 00:14:39 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @macsec={{0xb, 0x1, 'macsec\x00'}, {0xc, 0x2, 0x0, 0x1, [@IFLA_MACSEC_ICV_LEN={0x5, 0x3, 0x10}]}}}]}, 0x3c}}, 0x0) 00:14:39 executing program 4: r0 = syz_open_dev$amidi(&(0x7f0000000080)='/dev/amidi#\x00', 0x2, 0x0) ioctl$SNDRV_RAWMIDI_IOCTL_DRAIN(r0, 0x40045731, &(0x7f00000000c0)) [ 379.736738][T12923] netlink: 40 bytes leftover after parsing attributes in process `syz-executor.5'. [ 379.763263][T12921] netlink: 'syz-executor.2': attribute type 2 has an invalid length. 00:14:39 executing program 5: r0 = socket(0x2, 0x5, 0x0) getsockopt$IPT_SO_GET_REVISION_MATCH(r0, 0x0, 0x42, &(0x7f0000000040)={'icmp6\x00'}, &(0x7f00000000c0)=0x1e) 00:14:39 executing program 3: kexec_load(0x0, 0x0, 0x0, 0x3e0000) 00:14:39 executing program 1: syz_mount_image$bfs(0x0, &(0x7f0000000240)='.\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r0 = openat$ipvs(0xffffff9c, &(0x7f00000014c0)='/proc/sys/net/ipv4/vs/sync_version\x00', 0x2, 0x0) recvfrom$ax25(r0, &(0x7f0000001500)=""/139, 0x8b, 0x20, &(0x7f00000015c0)={{0x3, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, 0x8}, [@bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @null, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @default]}, 0x48) 00:14:39 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x1d7) sendmsg$nl_route(r2, 0x0, 0x0) sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000000c0)=ANY=[@ANYBLOB="200000001400010400d5000000e2fe5a23000000", @ANYRES32=r4, @ANYBLOB="080002"], 0x20}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000840)=@newlink={0x20, 0x11, 0xa2b, 0x0, 0x0, {0x0, 0x0, 0x0, r4}}, 0x20}}, 0x0) 00:14:39 executing program 0: mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) r1 = dup(r0) setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f0000000080), 0x4) 00:14:39 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_MSRS(r2, 0xc008ae88, &(0x7f0000000200)={0x3, 0x0, [{0xc0010058}]}) 00:14:39 executing program 5: unshare(0x24020400) r0 = creat(&(0x7f0000000200)='./bus\x00', 0x0) lseek(r0, 0x0, 0x4) 00:14:39 executing program 3: perf_event_open(&(0x7f00000005c0)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0x1, 0x2, 0x400, 0x8}, 0x40) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000140), &(0x7f00000000c0), 0x1081, r0}, 0x38) bpf$BPF_MAP_LOOKUP_AND_DELETE_BATCH(0x1b, &(0x7f00000025c0)={0x0, 0x0, &(0x7f00000005c0), 0x0, 0x3, r0}, 0x38) [ 380.340539][T12942] netlink: 'syz-executor.2': attribute type 2 has an invalid length. 00:14:39 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x1d7) sendmsg$nl_route(r2, 0x0, 0x0) sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000000c0)=ANY=[@ANYBLOB="200000001400010400d5000000e2fe5a23000000", @ANYRES32=r4, @ANYBLOB="080002"], 0x20}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000840)=@newlink={0x20, 0x11, 0xa2b, 0x0, 0x0, {0x0, 0x0, 0x0, r4}}, 0x20}}, 0x0) 00:14:40 executing program 0: r0 = io_uring_setup(0x196, &(0x7f0000000040)) io_uring_register$IORING_REGISTER_FILES_UPDATE(r0, 0x6, 0x0, 0x0) 00:14:40 executing program 1: syz_mount_image$bfs(0x0, &(0x7f0000000240)='.\x00', 0x0, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) openat$null(0xffffff9c, &(0x7f00000000c0)='/dev/null\x00', 0x10000, 0x0) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f0000000280)={0x26, 'hash\x00', 0x0, 0x0, 'tgr192-generic\x00'}, 0x58) r3 = accept4(r1, 0x0, 0x0, 0x0) splice(r0, 0x0, r3, 0x0, 0x80000001, 0x4) ioctl$USBDEVFS_IOCTL(r0, 0xc00c5512, &(0x7f0000000080)=@usbdevfs_driver={0x81, 0x1, &(0x7f0000000000)="4d074fcf9ed4ba2e92b32a98059efd6f82fe861c0abe930fe197295405eb90dbf37eb0a6a350265463ec50b1b42baacdaba2258d97a9459d138a92bdfabf75bc63a376af77735bf937d3cfc284b17de43f6b251bb53c7e1655e88d5fcea6769cff0aa313eb51a37ceda5c82355e797850639b0d2fc378a9f75e9f71b50363d"}) 00:14:40 executing program 3: perf_event_open(&(0x7f00000005c0)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0x1, 0x2, 0x400, 0x8}, 0x40) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000140), &(0x7f00000000c0), 0x1081, r0}, 0x38) bpf$BPF_MAP_LOOKUP_AND_DELETE_BATCH(0x1b, &(0x7f00000025c0)={0x0, 0x0, &(0x7f00000005c0), 0x0, 0x3, r0}, 0x38) 00:14:40 executing program 4: perf_event_open(&(0x7f00000005c0)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0x1, 0x2, 0x400, 0x8}, 0x40) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000140), &(0x7f00000000c0), 0x1081, r0}, 0x38) bpf$BPF_MAP_LOOKUP_AND_DELETE_BATCH(0x1b, &(0x7f00000025c0)={0x0, 0x0, &(0x7f00000005c0), 0x0, 0x3, r0}, 0x38) [ 380.879643][T12961] netlink: 'syz-executor.2': attribute type 2 has an invalid length. 00:14:40 executing program 5: open(&(0x7f00000005c0)='./file0\x00', 0x200c2, 0x0) pipe2$9p(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080)='9p\x00', 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1, @ANYBLOB=',dfltgid=', @ANYRESHEX]) 00:14:40 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x1d7) sendmsg$nl_route(r2, 0x0, 0x0) sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000000c0)=ANY=[@ANYBLOB="200000001400010400d5000000e2fe5a23000000", @ANYRES32=r4, @ANYBLOB="080002"], 0x20}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000840)=@newlink={0x20, 0x11, 0xa2b, 0x0, 0x0, {0x0, 0x0, 0x0, r4}}, 0x20}}, 0x0) 00:14:40 executing program 0: r0 = socket$kcm(0x10, 0x100000000002, 0x4) sendmsg$kcm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000100)="39000000140081ae00002c000500018701546fabcae5e5741af20f367c355fee27a04f7e0592616688e285af715895c0c5", 0x31}, {&(0x7f0000000000)="2d25b78c3aa1d31d", 0x8}], 0x2, 0x0, 0x0, 0xc00e}, 0x0) recvmsg(r0, &(0x7f0000000b80)={&(0x7f0000000400)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @multicast1}}}, 0x80, 0x0}, 0x0) ioctl$sock_kcm_SIOCKCMATTACH(r1, 0x40186366, 0x0) [ 381.283476][T12984] netlink: 'syz-executor.2': attribute type 2 has an invalid length. 00:14:40 executing program 3: perf_event_open(&(0x7f00000005c0)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0x1, 0x2, 0x400, 0x8}, 0x40) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000140), &(0x7f00000000c0), 0x1081, r0}, 0x38) bpf$BPF_MAP_LOOKUP_AND_DELETE_BATCH(0x1b, &(0x7f00000025c0)={0x0, 0x0, &(0x7f00000005c0), 0x0, 0x3, r0}, 0x38) 00:14:41 executing program 4: perf_event_open(&(0x7f00000005c0)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0x1, 0x2, 0x400, 0x8}, 0x40) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000140), &(0x7f00000000c0), 0x1081, r0}, 0x38) bpf$BPF_MAP_LOOKUP_AND_DELETE_BATCH(0x1b, &(0x7f00000025c0)={0x0, 0x0, &(0x7f00000005c0), 0x0, 0x3, r0}, 0x38) 00:14:41 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000140)={0xffffffffffffffff}) dup(r2) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000140)={0xffffffffffffffff}) socket$inet6_dccp(0xa, 0x6, 0x0) dup(r3) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000002c000/0x18000)=nil, &(0x7f0000000180)=[@text32={0x20, &(0x7f00000000c0)="0f322e0f0178000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d683ed", 0x3f}], 0x1, 0x0, 0x0, 0x1a) socket$inet(0x2, 0x3, 0x2) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x401, 0xc62]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x7, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x40a}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$tipc(0x1e, 0x0, 0x0, &(0x7f0000000080)) pipe(&(0x7f0000000000)) ioctl$KVM_RUN(r4, 0xae80, 0x0) 00:14:41 executing program 1: syz_mount_image$bfs(0x0, &(0x7f0000000240)='.\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r0 = socket(0xf, 0x2, 0x2) r1 = socket(0x40000000002, 0x3, 0x2) ioctl$sock_SIOCETHTOOL(r1, 0x8946, &(0x7f0000000080)={'vlan0\x00', &(0x7f0000000000)=@ethtool_sset_info={0x17}}) ioctl$sock_SIOCETHTOOL(r1, 0x8946, &(0x7f0000000180)={'veth0_vlan\x00', &(0x7f0000000100)=@ethtool_gfeatures={0x3a, 0x6, [{}, {}, {}, {}, {}, {}]}}) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000080)={'vlan0\x00', &(0x7f0000000000)=@ethtool_sset_info={0x17}}) bind(r0, &(0x7f0000000000)=@vsock={0x28, 0x0, 0xffffffff, @local}, 0x80) r2 = socket(0x40000000002, 0x3, 0x2) ioctl$sock_SIOCETHTOOL(r2, 0x8946, &(0x7f0000000080)={'vlan0\x00', &(0x7f0000000000)=@ethtool_sset_info={0x17}}) setsockopt$inet_udp_int(r2, 0x11, 0x1, &(0x7f00000000c0)=0x8000, 0x4) 00:14:41 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x1d7) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x0) sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000000c0)=ANY=[@ANYBLOB="200000001400010400d5000000e2fe5a23000000", @ANYRES32=r4, @ANYBLOB="080002"], 0x20}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000840)=@newlink={0x20, 0x11, 0xa2b, 0x0, 0x0, {0x0, 0x0, 0x0, r4}}, 0x20}}, 0x0) 00:14:41 executing program 3: perf_event_open(&(0x7f00000005c0)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0x1, 0x2, 0x400, 0x8}, 0x40) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000140), &(0x7f00000000c0), 0x1081, r0}, 0x38) bpf$BPF_MAP_LOOKUP_AND_DELETE_BATCH(0x1b, &(0x7f00000025c0)={0x0, 0x0, &(0x7f00000005c0), 0x0, 0x3, r0}, 0x38) 00:14:41 executing program 0: r0 = syz_init_net_socket$rose(0xb, 0x5, 0x0) sendto$rose(r0, 0x0, 0x0, 0x8814, 0x0, 0x0) [ 381.912632][T13004] netlink: 'syz-executor.2': attribute type 2 has an invalid length. 00:14:41 executing program 0: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x41, &(0x7f0000000000)=0x4389, 0x4) bind$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10) setsockopt$sock_int(r0, 0x1, 0x29, &(0x7f0000000080)=0x1, 0x4) connect$inet(r0, &(0x7f0000000480)={0x2, 0x0, @multicast1}, 0x10) sendmmsg(r0, &(0x7f0000007fc0), 0x800001d, 0x0) recvmmsg(r0, &(0x7f0000000040), 0x291962b, 0x45833af92e4b39ff, 0x0) 00:14:41 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x1d7) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x0) sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000000c0)=ANY=[@ANYBLOB="200000001400010400d5000000e2fe5a23000000", @ANYRES32=r4, @ANYBLOB="080002"], 0x20}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000840)=@newlink={0x20, 0x11, 0xa2b, 0x0, 0x0, {0x0, 0x0, 0x0, r4}}, 0x20}}, 0x0) 00:14:41 executing program 1: syz_mount_image$bfs(0x0, &(0x7f0000000240)='.\x00', 0x0, 0x0, 0x0, 0x0, 0x0) openat$binder_debug(0xffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0) 00:14:41 executing program 4: perf_event_open(&(0x7f00000005c0)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0x1, 0x2, 0x400, 0x8}, 0x40) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000140), &(0x7f00000000c0), 0x1081, r0}, 0x38) bpf$BPF_MAP_LOOKUP_AND_DELETE_BATCH(0x1b, &(0x7f00000025c0)={0x0, 0x0, &(0x7f00000005c0), 0x0, 0x3, r0}, 0x38) [ 382.426361][T13026] netlink: 'syz-executor.2': attribute type 2 has an invalid length. 00:14:41 executing program 3: r0 = socket$inet6(0xa, 0x3, 0x2) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2, 0x2}, 0x1c) connect$inet6(r0, &(0x7f0000000340)={0xa, 0x0, 0x0, @ipv4={[], [], @empty}}, 0x1c) 00:14:42 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000140)={0xffffffffffffffff}) dup(r2) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000140)={0xffffffffffffffff}) socket$inet6_dccp(0xa, 0x6, 0x0) dup(r3) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000002c000/0x18000)=nil, &(0x7f0000000180)=[@text32={0x20, &(0x7f00000000c0)="0f322e0f0178000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d683ed", 0x3f}], 0x1, 0x0, 0x0, 0x1a) socket$inet(0x2, 0x3, 0x2) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x401, 0xc62]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x7, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x40a}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$tipc(0x1e, 0x0, 0x0, &(0x7f0000000080)) pipe(&(0x7f0000000000)) ioctl$KVM_RUN(r4, 0xae80, 0x0) 00:14:42 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x1d7) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x0) sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000000c0)=ANY=[@ANYBLOB="200000001400010400d5000000e2fe5a23000000", @ANYRES32=r4, @ANYBLOB="080002"], 0x20}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000840)=@newlink={0x20, 0x11, 0xa2b, 0x0, 0x0, {0x0, 0x0, 0x0, r4}}, 0x20}}, 0x0) 00:14:42 executing program 0: r0 = memfd_create(&(0x7f0000000340)='\vbm1\xc1\xf8\xa6\x8dN\xc0\xa3\\\xe2\xcb\xa2\xba\xe5\xf4\x97\xac#*\xff\xc4\xf3yz\x02\x00kM\xb2\xd4k\xa2\xcc\x19\x1b\x12\b%\x92ACa\xeb\xf3\xe6L\\\xbcZ\x8b?\xd9\xc3\xf5\xbd\xb7B~D)\xfb\xa5x\x119Q\xbc1\xeak\x1aj`\xb5\x8e\xd1H\'\x11\xf2P\x01h\xb8\f\xb6\xd6\x96\x9d1\xedo\xe1\x8b\xcc\xf5\xba\xa4a#efb\x8f\xd2\x9a\xbf|\x15\xd7\x16S&\x18\x89;\xf8\\\x80\xec\xaa\xdb\\\xaa\\Y7S\xb9\xb3\x17T\xfb\x92\xbac\xe6\x95|\xbfB\xf0\x8b', 0x0) write$FUSE_NOTIFY_STORE(r0, &(0x7f0000000040)=ANY=[], 0x72) mmap(&(0x7f0000000000/0x7000)=nil, 0x7000, 0x80000000004, 0x11, r0, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) getsockopt$inet6_opts(r1, 0x29, 0x10, 0x0, &(0x7f0000000040)) [ 382.837250][T13046] netlink: 'syz-executor.2': attribute type 2 has an invalid length. 00:14:42 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x1d7) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={0x0, 0x48}}, 0x0) sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000000c0)=ANY=[@ANYBLOB="200000001400010400d5000000e2fe5a23000000", @ANYRES32=r4, @ANYBLOB="080002"], 0x20}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000840)=@newlink={0x20, 0x11, 0xa2b, 0x0, 0x0, {0x0, 0x0, 0x0, r4}}, 0x20}}, 0x0) 00:14:42 executing program 1: syz_mount_image$bfs(0x0, &(0x7f0000000240)='.\x00', 0x0, 0x0, 0x0, 0x0, 0x0) readlink(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)=""/124, 0x7c) r0 = socket(0x40000000002, 0x3, 0x2) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000080)={'vlan0\x00', &(0x7f0000000000)=@ethtool_sset_info={0x17}}) sendmsg$AUDIT_LIST_RULES(r0, &(0x7f0000000280)={&(0x7f0000000180), 0xc, &(0x7f0000000200)={&(0x7f00000001c0)={0x10, 0x3f5, 0x200, 0x70bd28, 0x25dfdbfe, "", [""]}, 0x10}, 0x1, 0x0, 0x0, 0x40000000}, 0x240088c0) lsetxattr$trusted_overlay_redirect(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000100)='trusted.overlay.redirect\x00', &(0x7f0000000140)='\x00', 0x1, 0x1) 00:14:42 executing program 3: mkdir(&(0x7f0000000000)='./file0\x00', 0x0) chmod(&(0x7f0000000180)='./file0\x00', 0x23f) symlink(&(0x7f0000000100)='./file0/file1/file0\x00', &(0x7f0000000200)='./file0/file0\x00') setuid(0xee01) rename(&(0x7f0000000040)='./file0/file0\x00', &(0x7f00000001c0)='./file0/file1\x00') 00:14:42 executing program 4: r0 = socket$nl_route(0x10, 0x3, 0x0) write(r0, &(0x7f00000003c0)="fc0000001900071f8a092504090007000a0880ffff1a01000000e293040001c0eea00000000000002ee103d78c7e37f992b3c5600002ffff0000001e070056aaa79bb9000300f92fbe780196370d1151ffd633d450000000e5d18064b1ed548d050000006c57c6a55e000001590907a2a3fe2e1eb8001b93fedccccf96c86b85d5a0e69bd7d5bbc91a8077b6a7fa9a11225170cbde547381b12c05defd5a32e280fc89796be63344d083ab820f06f70cce190a60aa47e9888b7a0acbc151de3997f3916fc99718db1c5bba4a463a1e00d4efb723546f91cfded8155517f56fee8db20734babc7c737d67e53275533417e583df0200000000000000b0", 0xfc) [ 383.234564][T13054] netlink: 'syz-executor.2': attribute type 2 has an invalid length. 00:14:42 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000140)={0xffffffffffffffff}) dup(r2) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000140)={0xffffffffffffffff}) socket$inet6_dccp(0xa, 0x6, 0x0) dup(r3) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000002c000/0x18000)=nil, &(0x7f0000000180)=[@text32={0x20, &(0x7f00000000c0)="0f322e0f0178000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d683ed", 0x3f}], 0x1, 0x0, 0x0, 0x1a) socket$inet(0x2, 0x3, 0x2) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x401, 0xc62]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x7, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x40a}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$tipc(0x1e, 0x0, 0x0, &(0x7f0000000080)) pipe(&(0x7f0000000000)) ioctl$KVM_RUN(r4, 0xae80, 0x0) 00:14:43 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x1d7) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={0x0, 0x48}}, 0x0) sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000000c0)=ANY=[@ANYBLOB="200000001400010400d5000000e2fe5a23000000", @ANYRES32=r4, @ANYBLOB="080002"], 0x20}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000840)=@newlink={0x20, 0x11, 0xa2b, 0x0, 0x0, {0x0, 0x0, 0x0, r4}}, 0x20}}, 0x0) 00:14:43 executing program 0: r0 = memfd_create(&(0x7f0000000340)='\vbm1\xc1\xf8\xa6\x8dN\xc0\xa3\\\xe2\xcb\xa2\xba\xe5\xf4\x97\xac#*\xff\xc4\xf3yz\x02\x00kM\xb2\xd4k\xa2\xcc\x19\x1b\x12\b%\x92ACa\xeb\xf3\xe6L\\\xbcZ\x8b?\xd9\xc3\xf5\xbd\xb7B~D)\xfb\xa5x\x119Q\xbc1\xeak\x1aj`\xb5\x8e\xd1H\'\x11\xf2P\x01h\xb8\f\xb6\xd6\x96\x9d1\xedo\xe1\x8b\xcc\xf5\xba\xa4a#efb\x8f\xd2\x9a\xbf|\x15\xd7\x16S&\x18\x89;\xf8\\\x80\xec\xaa\xdb\\\xaa\\Y7S\xb9\xb3\x17T\xfb\x92\xbac\xe6\x95|\xbfB\xf0\x8b', 0x0) write$FUSE_NOTIFY_STORE(r0, &(0x7f0000000040)=ANY=[], 0x72) mmap(&(0x7f0000000000/0x7000)=nil, 0x7000, 0x80000000004, 0x11, r0, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) getsockopt$inet6_opts(r1, 0x29, 0x10, 0x0, &(0x7f0000000040)) [ 383.623561][T13070] netlink: 220 bytes leftover after parsing attributes in process `syz-executor.4'. 00:14:43 executing program 1: syz_mount_image$bfs(0x0, &(0x7f0000000240)='.\x00', 0x7, 0x0, 0x0, 0x0, 0x0) r0 = openat$autofs(0xffffff9c, &(0x7f0000001680)='/dev/autofs\x00', 0x101041, 0x0) inotify_init1(0x800) recvfrom$ax25(r0, &(0x7f0000000000)=""/43, 0x2b, 0x140, &(0x7f0000000040)={{0x3, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}}, [@rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @default, @default, @default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @null]}, 0x48) sendmsg$kcm(r0, &(0x7f0000001b00)={0x0, 0x0, &(0x7f0000001ac0)=[{&(0x7f00000016c0)="0d37c6ab05037d85c5d34435de65613aa1f6853748a75914720030226a414587c0448126f6f55efaa4e4772998d707b69d0eb8e47919b5daec4b1ef2ae293370ddd32ef6fc5c8af704ee8aa0998178d8f1e15ce92975db28615646e480d541d9a109b54253372e542d32", 0x6a}, {&(0x7f0000001740)="638dd749cb844f487d8670dde8cb815380dc06d1727b4879e7f2bb1a1d080c42ff3265db9e5e7eb266a2ccefdd5c715b544a8c35b8697e6df2addc4ec899ae3aac315f93dbb924a62228484a59541fbb1f632829f58178e35cda890875f7a38582a93c0b3ca2ece6a7f9b03b613cce29e2420e0be1ade2", 0x77}, {&(0x7f00000017c0)="28fac0fc0b4162c50b5c090bebb3cc7ac1a6939adab951fded13300fdf4e736614f73aa6b4e2ab912825748eb60862e3aca1f5081d0edd6116c150da55deb2ba1d963a60badaec97f52a6f5e0fe7d9b5c941e1d1d6cbb1958bc0d2af2835d81083d1cfdd14d5e09aae2e3c318fc1dd241306ce4520f9382a92503128857ced9cc9752d92647e44a34c305c784b9fdf562609cfcc49912d0f836f8d2b8d62b6b8c31137900c493e26798d427917b19ee4198ab6270d1d8772233568f6ef1f6974cc88f06baeaec406d7a004a24eeb0e679010a422dfac0346a64d1edc32d2e47145b9bfb6dc639c13f3d54a6846fe9ce0298fcb63", 0xf4}, {&(0x7f00000018c0)="3866a2e2421249eb5a7b84597f4cb190edd2e5c84f98e8b8e4bd7dbc4064f51de9ff66de9f90c1f5cf38c9c797ac4c4c0c42c354c64cab1274cad729f165c392c2fffdadd26fc46d5ef80a787cae8b7c185f7e49fef50f060450958ee4dab20620b649ee0b200ee9d3ee1ac6767650fec1e9324c78f94f078f359c46edbde2a14ba7e6f5e736933e63eae74a0323865b73cb89d669702dd5020fc9a54ffca6c4cc6390b1826e41fedafa0b81f8642199e3ad912771a5a71890a40e30293f357cae04", 0xc2}, {&(0x7f00000019c0)="76733b96e8081456c08f965f630491521f64fb91d623cfd5ec83ef9da8e05646f5851a6295c2238c9a4339da8f71d16d24b058554e2d84410a", 0x39}, {&(0x7f0000001a00)}, {&(0x7f0000001a40)}, {&(0x7f0000001a80)="f158fb4798d8a66f1a2813050061f578ecb74a58e0cbdaa14a4fcc8f9fc023e296953286166a7a11267c7dda1f", 0x2d}], 0x8}, 0x20008878) 00:14:43 executing program 3: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x88882, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000100)={'syzkaller1\x00', 0xa732}) r3 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_inet_SIOCSIFADDR(r3, 0x8914, &(0x7f0000000000)={'syzkaller1\x00', {0x7, 0x0, @multicast2}}) write$tun(r1, &(0x7f0000000140)={@val, @void, @eth={@broadcast, @local, @void, {@ipv6={0x86dd, @generic={0x0, 0x6, "163dac", 0x8, 0x2c, 0x0, @local, @mcast2, {[@routing={0x0, 0x0, 0x0, 0xfd}]}}}}}}, 0x42) splice(r0, 0x0, r2, 0x0, 0x18100, 0x0) 00:14:43 executing program 4: r0 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fcntl$setstatus(r0, 0x4, 0x6000) io_setup(0x202, &(0x7f00000004c0)=0x0) r2 = creat(&(0x7f0000000080)='./bus\x00', 0x0) lseek(r2, 0x1534, 0x0) write$binfmt_aout(r2, &(0x7f0000000240)=ANY=[], 0x1) r3 = open(&(0x7f0000000400)='./bus\x00', 0x14103e, 0x0) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x7ffffe, 0x11, r3, 0x0) io_submit(r1, 0x2, &(0x7f0000000e00)=[&(0x7f00000002c0)={0xa, 0x0, 0x0, 0x1, 0x0, r0, &(0x7f0000000340)="e9", 0x1}, &(0x7f00000005c0)={0x0, 0x0, 0x2, 0x3, 0x0, r2, 0x0}]) [ 383.922267][T13081] netlink: 'syz-executor.2': attribute type 2 has an invalid length. 00:14:43 executing program 0: r0 = memfd_create(&(0x7f0000000340)='\vbm1\xc1\xf8\xa6\x8dN\xc0\xa3\\\xe2\xcb\xa2\xba\xe5\xf4\x97\xac#*\xff\xc4\xf3yz\x02\x00kM\xb2\xd4k\xa2\xcc\x19\x1b\x12\b%\x92ACa\xeb\xf3\xe6L\\\xbcZ\x8b?\xd9\xc3\xf5\xbd\xb7B~D)\xfb\xa5x\x119Q\xbc1\xeak\x1aj`\xb5\x8e\xd1H\'\x11\xf2P\x01h\xb8\f\xb6\xd6\x96\x9d1\xedo\xe1\x8b\xcc\xf5\xba\xa4a#efb\x8f\xd2\x9a\xbf|\x15\xd7\x16S&\x18\x89;\xf8\\\x80\xec\xaa\xdb\\\xaa\\Y7S\xb9\xb3\x17T\xfb\x92\xbac\xe6\x95|\xbfB\xf0\x8b', 0x0) write$FUSE_NOTIFY_STORE(r0, &(0x7f0000000040)=ANY=[], 0x72) mmap(&(0x7f0000000000/0x7000)=nil, 0x7000, 0x80000000004, 0x11, r0, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) getsockopt$inet6_opts(r1, 0x29, 0x10, 0x0, &(0x7f0000000040)) 00:14:43 executing program 1: pipe(&(0x7f0000000080)={0xffffffffffffffff}) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000280)={0x26, 'hash\x00', 0x0, 0x0, 'tgr192-generic\x00'}, 0x58) r2 = accept4(r1, 0x0, 0x0, 0x0) splice(r0, 0x0, r2, 0x0, 0x80000001, 0x0) ioctl$UFFDIO_UNREGISTER(r0, 0x8010aa01, &(0x7f0000000000)={&(0x7f0000ffb000/0x2000)=nil, 0x2000}) syz_mount_image$bfs(0x0, &(0x7f0000000240)='.\x00', 0x0, 0x0, 0x0, 0x0, 0x0) lsetxattr$security_selinux(&(0x7f0000000040)='./file0\x00', &(0x7f00000000c0)='security.selinux\x00', &(0x7f0000000100)='system_u:object_r:gpg_exec_t:s0\x00', 0x20, 0x2) 00:14:43 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x1d7) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={0x0, 0x48}}, 0x0) sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000000c0)=ANY=[@ANYBLOB="200000001400010400d5000000e2fe5a23000000", @ANYRES32=r4, @ANYBLOB="080002"], 0x20}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000840)=@newlink={0x20, 0x11, 0xa2b, 0x0, 0x0, {0x0, 0x0, 0x0, r4}}, 0x20}}, 0x0) 00:14:43 executing program 4: r0 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fcntl$setstatus(r0, 0x4, 0x6000) io_setup(0x202, &(0x7f00000004c0)=0x0) r2 = creat(&(0x7f0000000080)='./bus\x00', 0x0) lseek(r2, 0x1534, 0x0) write$binfmt_aout(r2, &(0x7f0000000240)=ANY=[], 0x1) r3 = open(&(0x7f0000000400)='./bus\x00', 0x14103e, 0x0) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x7ffffe, 0x11, r3, 0x0) io_submit(r1, 0x2, &(0x7f0000000e00)=[&(0x7f00000002c0)={0xa, 0x0, 0x0, 0x1, 0x0, r0, &(0x7f0000000340)="e9", 0x1}, &(0x7f00000005c0)={0x0, 0x0, 0x2, 0x3, 0x0, r2, 0x0}]) 00:14:44 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000140)={0xffffffffffffffff}) dup(r2) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000140)={0xffffffffffffffff}) socket$inet6_dccp(0xa, 0x6, 0x0) dup(r3) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000002c000/0x18000)=nil, &(0x7f0000000180)=[@text32={0x20, &(0x7f00000000c0)="0f322e0f0178000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d683ed", 0x3f}], 0x1, 0x0, 0x0, 0x1a) socket$inet(0x2, 0x3, 0x2) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x401, 0xc62]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x7, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x40a}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$tipc(0x1e, 0x0, 0x0, &(0x7f0000000080)) pipe(&(0x7f0000000000)) ioctl$KVM_RUN(r4, 0xae80, 0x0) [ 384.589624][T13099] netlink: 'syz-executor.2': attribute type 2 has an invalid length. 00:14:44 executing program 0: r0 = memfd_create(&(0x7f0000000340)='\vbm1\xc1\xf8\xa6\x8dN\xc0\xa3\\\xe2\xcb\xa2\xba\xe5\xf4\x97\xac#*\xff\xc4\xf3yz\x02\x00kM\xb2\xd4k\xa2\xcc\x19\x1b\x12\b%\x92ACa\xeb\xf3\xe6L\\\xbcZ\x8b?\xd9\xc3\xf5\xbd\xb7B~D)\xfb\xa5x\x119Q\xbc1\xeak\x1aj`\xb5\x8e\xd1H\'\x11\xf2P\x01h\xb8\f\xb6\xd6\x96\x9d1\xedo\xe1\x8b\xcc\xf5\xba\xa4a#efb\x8f\xd2\x9a\xbf|\x15\xd7\x16S&\x18\x89;\xf8\\\x80\xec\xaa\xdb\\\xaa\\Y7S\xb9\xb3\x17T\xfb\x92\xbac\xe6\x95|\xbfB\xf0\x8b', 0x0) write$FUSE_NOTIFY_STORE(r0, &(0x7f0000000040)=ANY=[], 0x72) mmap(&(0x7f0000000000/0x7000)=nil, 0x7000, 0x80000000004, 0x11, r0, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) getsockopt$inet6_opts(r1, 0x29, 0x10, 0x0, &(0x7f0000000040)) 00:14:44 executing program 4: r0 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fcntl$setstatus(r0, 0x4, 0x6000) io_setup(0x202, &(0x7f00000004c0)=0x0) r2 = creat(&(0x7f0000000080)='./bus\x00', 0x0) lseek(r2, 0x1534, 0x0) write$binfmt_aout(r2, &(0x7f0000000240)=ANY=[], 0x1) r3 = open(&(0x7f0000000400)='./bus\x00', 0x14103e, 0x0) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x7ffffe, 0x11, r3, 0x0) io_submit(r1, 0x2, &(0x7f0000000e00)=[&(0x7f00000002c0)={0xa, 0x0, 0x0, 0x1, 0x0, r0, &(0x7f0000000340)="e9", 0x1}, &(0x7f00000005c0)={0x0, 0x0, 0x2, 0x3, 0x0, r2, 0x0}]) 00:14:44 executing program 0: r0 = socket$inet6(0xa, 0x400000000001, 0x0) close(r0) fallocate(r0, 0x0, 0x0, 0x0) 00:14:44 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x10012, r0, 0x0) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet6_MCAST_JOIN_GROUP(r1, 0x29, 0x2a, &(0x7f00000000c0)={0x0, {{0xa, 0x0, 0x0, @private1}}}, 0x84) 00:14:44 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x1d7) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)=ANY=[@ANYBLOB="48000000100005060700"/20, @ANYRES32=r4], 0x48}}, 0x0) sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000000c0)=ANY=[@ANYBLOB="200000001400010400d5000000e2fe5a23000000", @ANYRES32=r4, @ANYBLOB="080002"], 0x20}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000840)=@newlink={0x20, 0x11, 0xa2b, 0x0, 0x0, {0x0, 0x0, 0x0, r4}}, 0x20}}, 0x0) 00:14:44 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000003c0)=ANY=[@ANYBLOB="4800000010000507000000001000000000000040", @ANYRES32=r4, @ANYBLOB="0000000000000000280012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="740000002400070500"/20, @ANYRES32=r4, @ANYBLOB="00000000ffffffff0000000008000100716671"], 0x74}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000500)=@newtfilter={0x48, 0x28, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {0x4}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x18, 0x2, [@TCA_RSVP_DST={0x14, 0x2, @initdev={0xfe, 0x88, [], 0x0, 0x0}}]}}]}, 0x48}}, 0x0) r5 = socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0xb) sendmsg$nl_route_sched(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000140)=@newtfilter={0x3c, 0x28, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r6, {0x4}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x4}}, @TCA_RATE={0x6, 0x5, {0xfd}}]}, 0x3c}}, 0x0) 00:14:45 executing program 0: pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_DEL(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=ANY=[@ANYBLOB="40000000080601010000feffffffffffffff00000500010006"], 0x1}}, 0x0) write$binfmt_misc(r1, &(0x7f0000000000)=ANY=[], 0xfffffecc) splice(r0, 0x0, r2, 0x0, 0x4ffe0, 0x0) [ 385.759245][T13136] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.3'. [ 385.793673][T13136] netlink: 72 bytes leftover after parsing attributes in process `syz-executor.3'. 00:14:45 executing program 1: r0 = socket(0x40000000002, 0x3, 0x2) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000080)={'vlan0\x00', &(0x7f0000000000)=@ethtool_sset_info={0x17}}) fsetxattr$trusted_overlay_nlink(r0, &(0x7f00000000c0)='trusted.overlay.nlink\x00', &(0x7f0000000040)={'L+', 0x7}, 0x16, 0x1) 00:14:45 executing program 4: r0 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fcntl$setstatus(r0, 0x4, 0x6000) io_setup(0x202, &(0x7f00000004c0)=0x0) r2 = creat(&(0x7f0000000080)='./bus\x00', 0x0) lseek(r2, 0x1534, 0x0) write$binfmt_aout(r2, &(0x7f0000000240)=ANY=[], 0x1) r3 = open(&(0x7f0000000400)='./bus\x00', 0x14103e, 0x0) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x7ffffe, 0x11, r3, 0x0) io_submit(r1, 0x2, &(0x7f0000000e00)=[&(0x7f00000002c0)={0xa, 0x0, 0x0, 0x1, 0x0, r0, &(0x7f0000000340)="e9", 0x1}, &(0x7f00000005c0)={0x0, 0x0, 0x2, 0x3, 0x0, r2, 0x0}]) [ 385.809613][T13136] netlink: 'syz-executor.3': attribute type 2 has an invalid length. [ 385.833148][T13137] netlink: 40 bytes leftover after parsing attributes in process `syz-executor.2'. [ 385.859192][T13143] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.3'. [ 385.878025][T13137] netlink: 'syz-executor.2': attribute type 2 has an invalid length. 00:14:45 executing program 5: r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040)='/dev/nullb0\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x0, 0x13, r0, 0x0) msync(&(0x7f0000774000/0x12000)=nil, 0x12000, 0x4) [ 385.906039][T13136] netlink: 72 bytes leftover after parsing attributes in process `syz-executor.3'. [ 385.921865][T13147] netlink: 36 bytes leftover after parsing attributes in process `syz-executor.0'. [ 385.931703][T13147] netlink: 36 bytes leftover after parsing attributes in process `syz-executor.0'. 00:14:45 executing program 3: r0 = socket(0x2, 0x80805, 0x0) sendmmsg$inet_sctp(0xffffffffffffffff, &(0x7f0000000700)=[{&(0x7f0000000000)=@in={0x2, 0x0, @dev}, 0x10, 0x0}], 0x1, 0x0) r1 = socket$inet(0x2, 0x80001, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r1, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000040)=0x8) setsockopt$inet_sctp_SCTP_CONTEXT(r0, 0x84, 0x76, &(0x7f0000000140)={r2}, 0x8) 00:14:45 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x1d7) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)=ANY=[@ANYBLOB="48000000100005060700"/20, @ANYRES32=r4], 0x48}}, 0x0) sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000000c0)=ANY=[@ANYBLOB="200000001400010400d5000000e2fe5a23000000", @ANYRES32=r4, @ANYBLOB="080002"], 0x20}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000840)=@newlink={0x20, 0x11, 0xa2b, 0x0, 0x0, {0x0, 0x0, 0x0, r4}}, 0x20}}, 0x0) 00:14:45 executing program 5: clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r0, 0x4000000000000, 0x40, &(0x7f0000000680)=@raw={'raw\x00', 0x8, 0x3, 0x1244, 0x1100, 0x10e8, 0x10e8, 0x0, 0x0, 0x11b0, 0x11a0, 0x11a0, 0x11b0, 0x11a0, 0x3, 0x0, {[{{@uncond, 0x0, 0x10a0, 0x1100, 0x0, {}, [@common=@unspec=@cgroup1={{0x1030, 'cgroup\x00'}, {0x2, 0x0, 0x0, 0x0, './cgroup.net/syz0\x00'}}]}, @common=@SET={0x60, 'SET\x00'}}, {{@ip={@remote, @empty, 0x0, 0x0, 'wg1\x00', 'bridge_slave_0\x00'}, 0x0, 0x70, 0xb0}, @common=@inet=@LOG={0x40, 'LOG\x00', 0x0, {0x0, 0x0, "e74d580115a041da80c982dd08a07e1508cb647b2710ace427433e2984e6"}}}], {{[], 0x0, 0x70, 0x94}, {0x24}}}}, 0x12a0) dup(0xffffffffffffffff) ioctl$SNDCTL_DSP_GETFMTS(0xffffffffffffffff, 0x8004500b, 0x0) bpf$OBJ_GET_PROG(0x7, 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_PCM_NEXT_DEVICE(0xffffffffffffffff, 0x80045530, &(0x7f00000000c0)=""/53) [ 386.368401][T13162] netlink: 40 bytes leftover after parsing attributes in process `syz-executor.2'. 00:14:45 executing program 1: syz_mount_image$bfs(0x0, &(0x7f0000000240)='.\x00', 0x0, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000080)={0xffffffffffffffff}) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000280)={0x26, 'hash\x00', 0x0, 0x0, 'tgr192-generic\x00'}, 0x58) r2 = accept4(r1, 0x0, 0x0, 0x0) splice(r0, 0x0, r2, 0x0, 0x80000001, 0x0) pipe(&(0x7f0000000080)={0xffffffffffffffff}) r4 = socket$alg(0x26, 0x5, 0x0) bind$alg(r4, &(0x7f0000000280)={0x26, 'hash\x00', 0x0, 0x0, 'tgr192-generic\x00'}, 0x58) r5 = accept4(r4, 0x0, 0x0, 0x0) splice(r3, 0x0, r5, 0x0, 0x80000001, 0x0) ioctl$KVM_ASSIGN_SET_INTX_MASK(r3, 0x4040aea4, &(0x7f0000000000)={0x7, 0x9da, 0xfffffffe, 0x4, 0xb14}) [ 386.436684][T13164] netlink: 'syz-executor.2': attribute type 2 has an invalid length. 00:14:45 executing program 3: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000800)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x0, 0xc8, 0x0, 0x0, 0x5803, 0x2a8, 0x2e8, 0x2e8, 0x2a8, 0x2e8, 0x3, 0x0, {[{{@ipv6={@remote={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x74]}, @rand_addr=' \x01\x00', [], [], 'bridge0\x00', 'geneve1\x00'}, 0x0, 0x190, 0x1b8, 0x0, {0x0, 0x2000000000000}, [@common=@unspec=@string={{0xc0, 'string\x00'}, {0x0, 0x0, 'kmp\x00', "cfcaf80c672f61cd17ae5119b5135c2aee68d23a465cd431e1ecef50c3234e082555f67222476147864fa03182f5cf11d8c348cbd06dc8de1dcbde7d4e252c3394fed47bf78c70f607b0178fa5ea335019ac07a602061c96baebc989f1f34a214e67262c1fe4b124e0f7323a587d2a1fcfe36bbf12eca0a7b66c60c527bac2b5"}}, @common=@inet=@socket1={{0x28, 'socket\x00'}}]}, @common=@unspec=@NFQUEUE0={0x28, 'NFQUEUE\x00'}}, {{@ipv6={@ipv4={[0x0, 0x0, 0x0, 0x8], [], @remote}, @ipv4={[], [], @empty}, [], [], 'veth0_to_team\x00', 'netdevsim0\x00'}, 0x0, 0xa8, 0xf0}, @common=@unspec=@IDLETIMER={0x48, 'IDLETIMER\x00', 0x0, {0x0, 'syz1\x00'}}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0xe8) 00:14:46 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x1d7) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)=ANY=[@ANYBLOB="48000000100005060700"/20, @ANYRES32=r4], 0x48}}, 0x0) sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000000c0)=ANY=[@ANYBLOB="200000001400010400d5000000e2fe5a23000000", @ANYRES32=r4, @ANYBLOB="080002"], 0x20}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000840)=@newlink={0x20, 0x11, 0xa2b, 0x0, 0x0, {0x0, 0x0, 0x0, r4}}, 0x20}}, 0x0) 00:14:46 executing program 4: r0 = socket$inet6(0xa, 0x3, 0x6) connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @ipv4={[], [], @remote}}, 0x1c) pipe(&(0x7f0000000000)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = socket$inet6_udp(0xa, 0x2, 0x0) pipe(&(0x7f0000000040)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup(r2) getpeername$packet(r3, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000040)=0xa) ioctl$sock_inet6_SIOCADDRT(r1, 0x890b, &(0x7f0000000240)={@empty, @ipv4={[0x0, 0x0, 0x8], [], @multicast1}, @initdev={0xfe, 0x88, [0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x7], 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x24c20082}) sendmmsg(r0, &(0x7f00000092c0), 0x3fffffffffffe9f, 0x0) [ 386.678248][T13166] xt_cgroup: invalid path, errno=-2 00:14:46 executing program 5: timer_create(0x0, 0x0, &(0x7f0000000200)) timer_delete(0x0) 00:14:46 executing program 0: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000001c0)={0x1, &(0x7f0000000200)=[{0x16}]}) [ 386.957204][T13180] netlink: 40 bytes leftover after parsing attributes in process `syz-executor.2'. [ 387.013673][T13186] netlink: 'syz-executor.2': attribute type 2 has an invalid length. 00:14:46 executing program 3: rt_tgsigqueueinfo(0x0, 0x0, 0x0, 0x0) r0 = socket(0x22, 0x2, 0x4) getsockopt$bt_hci(r0, 0x0, 0x0, 0x0, &(0x7f0000000080)) 00:14:46 executing program 4: r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x0, 0x0) read$rfkill(r0, 0x0, 0x0) 00:14:46 executing program 5: r0 = syz_open_dev$video4linux(&(0x7f0000000080)='/dev/v4l-subdev#\x00', 0x0, 0x0) ioctl$VIDIOC_S_AUDIO(r0, 0x80085617, 0x0) 00:14:46 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x1d7) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)=ANY=[@ANYBLOB="48000000100005060700"/20, @ANYRES32=r4, @ANYBLOB], 0x48}}, 0x0) sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000000c0)=ANY=[@ANYBLOB="200000001400010400d5000000e2fe5a23000000", @ANYRES32=r4, @ANYBLOB="080002"], 0x20}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000840)=@newlink={0x20, 0x11, 0xa2b, 0x0, 0x0, {0x0, 0x0, 0x0, r4}}, 0x20}}, 0x0) 00:14:46 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)={{0x14}, [@NFT_MSG_DELSET={0x38, 0xb, 0xa, 0x401, 0x0, 0x0, {}, [@NFTA_SET_DATA_LEN={0x8}, @NFTA_SET_NAME={0xfffffffffffffe84, 0x2, 'syz0\x00'}, @NFTA_SET_OBJ_TYPE={0x90879920d63aea6e}, @NFTA_SET_POLICY={0x8}]}], {0x14}}, 0x60}}, 0x0) [ 387.535331][T13197] netlink: 'syz-executor.2': attribute type 2 has an invalid length. 00:14:47 executing program 5: r0 = syz_open_dev$video4linux(&(0x7f0000000080)='/dev/v4l-subdev#\x00', 0x0, 0x0) ioctl$VIDIOC_S_AUDIO(r0, 0x80085617, 0x0) [ 387.823460][T13188] ===================================================== [ 387.830452][T13188] BUG: KMSAN: uninit-value in __seccomp_filter+0x10bc/0x2720 [ 387.837817][T13188] CPU: 1 PID: 13188 Comm: syz-executor.0 Not tainted 5.8.0-rc5-syzkaller #0 [ 387.846470][T13188] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 387.856511][T13188] Call Trace: [ 387.859798][T13188] dump_stack+0x1df/0x240 [ 387.864124][T13188] kmsan_report+0xf7/0x1e0 [ 387.868533][T13188] __msan_warning+0x58/0xa0 [ 387.873027][T13188] __seccomp_filter+0x10bc/0x2720 [ 387.878167][T13188] ? kmsan_get_metadata+0x4f/0x180 [ 387.883277][T13188] ? kmsan_get_metadata+0x11d/0x180 [ 387.888472][T13188] ? kmsan_get_metadata+0x4f/0x180 [ 387.893753][T13188] ? kmsan_get_metadata+0x4f/0x180 [ 387.898861][T13188] __secure_computing+0x1fa/0x380 [ 387.903881][T13188] syscall_trace_enter+0x63b/0xe10 [ 387.909000][T13188] __do_fast_syscall_32+0x209/0x400 [ 387.914192][T13188] do_fast_syscall_32+0x6b/0xd0 [ 387.919031][T13188] do_SYSENTER_32+0x73/0x90 [ 387.923522][T13188] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 387.929838][T13188] RIP: 0023:0xf7f39549 [ 387.933886][T13188] Code: Bad RIP value. [ 387.937942][T13188] RSP: 002b:00000000f5d340c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000109 [ 387.946345][T13188] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00000000f5d340f4 [ 387.954304][T13188] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 387.962269][T13188] RBP: 000000000000000e R08: 0000000000000000 R09: 0000000000000000 [ 387.970230][T13188] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 387.978191][T13188] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 387.986158][T13188] [ 387.988474][T13188] Uninit was stored to memory at: [ 387.993538][T13188] kmsan_internal_chain_origin+0xad/0x130 [ 387.999246][T13188] __msan_chain_origin+0x50/0x90 [ 388.004175][T13188] ___bpf_prog_run+0x6c64/0x97a0 [ 388.009099][T13188] __bpf_prog_run32+0x101/0x170 [ 388.013952][T13188] __seccomp_filter+0x59e/0x2720 [ 388.018883][T13188] __secure_computing+0x1fa/0x380 [ 388.023897][T13188] syscall_trace_enter+0x63b/0xe10 [ 388.029001][T13188] __do_fast_syscall_32+0x209/0x400 [ 388.034188][T13188] do_fast_syscall_32+0x6b/0xd0 [ 388.039028][T13188] do_SYSENTER_32+0x73/0x90 [ 388.043521][T13188] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 388.049861][T13188] [ 388.052179][T13188] Local variable ----regs@__bpf_prog_run32 created at: [ 388.059039][T13188] __bpf_prog_run32+0x87/0x170 [ 388.063792][T13188] __bpf_prog_run32+0x87/0x170 [ 388.068541][T13188] ===================================================== [ 388.075464][T13188] Disabling lock debugging due to kernel taint [ 388.081686][T13188] Kernel panic - not syncing: panic_on_warn set ... [ 388.088266][T13188] CPU: 1 PID: 13188 Comm: syz-executor.0 Tainted: G B 5.8.0-rc5-syzkaller #0 [ 388.098308][T13188] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 388.108351][T13188] Call Trace: [ 388.111637][T13188] dump_stack+0x1df/0x240 [ 388.115963][T13188] panic+0x3d5/0xc3e [ 388.119867][T13188] kmsan_report+0x1df/0x1e0 [ 388.124361][T13188] __msan_warning+0x58/0xa0 [ 388.128861][T13188] __seccomp_filter+0x10bc/0x2720 [ 388.133890][T13188] ? kmsan_get_metadata+0x4f/0x180 [ 388.138999][T13188] ? kmsan_get_metadata+0x11d/0x180 [ 388.144190][T13188] ? kmsan_get_metadata+0x4f/0x180 [ 388.149293][T13188] ? kmsan_get_metadata+0x4f/0x180 [ 388.154400][T13188] __secure_computing+0x1fa/0x380 [ 388.159421][T13188] syscall_trace_enter+0x63b/0xe10 [ 388.164536][T13188] __do_fast_syscall_32+0x209/0x400 [ 388.169731][T13188] do_fast_syscall_32+0x6b/0xd0 [ 388.174579][T13188] do_SYSENTER_32+0x73/0x90 [ 388.179072][T13188] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 388.185385][T13188] RIP: 0023:0xf7f39549 [ 388.189442][T13188] Code: Bad RIP value. [ 388.193502][T13188] RSP: 002b:00000000f5d340c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000109 [ 388.201918][T13188] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00000000f5d340f4 [ 388.209883][T13188] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 388.217843][T13188] RBP: 000000000000000e R08: 0000000000000000 R09: 0000000000000000 [ 388.225805][T13188] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 388.233763][T13188] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 388.243104][T13188] Kernel Offset: 0x20e00000 from 0xffffffff81000000 (relocation range: 0xffffffff80000000-0xffffffffbfffffff) [ 388.254853][T13188] Rebooting in 86400 seconds..