Warning: Permanently added '10.128.0.173' (ECDSA) to the list of known hosts.
2020/08/08 22:29:56 fuzzer started
2020/08/08 22:29:56 dialing manager at 10.128.0.105:40005
2020/08/08 22:29:57 syscalls: 3272
2020/08/08 22:29:57 code coverage: enabled
2020/08/08 22:29:57 comparison tracing: enabled
2020/08/08 22:29:57 extra coverage: enabled
2020/08/08 22:29:57 setuid sandbox: enabled
2020/08/08 22:29:57 namespace sandbox: enabled
2020/08/08 22:29:57 Android sandbox: /sys/fs/selinux/policy does not exist
2020/08/08 22:29:57 fault injection: enabled
2020/08/08 22:29:57 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled
2020/08/08 22:29:57 net packet injection: enabled
2020/08/08 22:29:57 net device setup: enabled
2020/08/08 22:29:57 concurrency sanitizer: enabled
2020/08/08 22:29:57 devlink PCI setup: PCI device 0000:00:10.0 is not available
2020/08/08 22:29:57 USB emulation: enabled
2020/08/08 22:29:57 hci packet injection: enabled
2020/08/08 22:30:01 suppressing KCSAN reports in functions: '__ext4_update_other_inode_time' 'page_counter_try_charge' 'ext4_mb_find_by_goal' '__xa_clear_mark' 'snd_rawmidi_poll' 'ext4_free_inodes_count' 'pcpu_alloc' '__find_get_block' 'futex_wait_queue_me' 'do_nanosleep' 'blk_mq_sched_dispatch_requests' '__io_cqring_fill_event' 'yama_task_free' 'blk_mq_dispatch_rq_list' '__add_to_page_cache_locked' 'get_cpu_idle_time_us' 'do_signal_stop' 'ext4_writepages' 'lookup_fast' 'ext4_ext_insert_extent' 'ext4_mark_iloc_dirty' 'shmem_mknod' 'audit_log_start' 'expire_timers' 'do_syslog' 'get_cpu_iowait_time_us' 'wbt_issue' '__blkdev_put' '__mark_inode_dirty' '__delayacct_blkio_end' 'tick_sched_timer' 'dd_has_work' 'ext4_ext_try_to_merge_right' 'do_sys_poll' 'get_signal' 'shmem_getpage_gfp' '__ext4_new_inode' 'generic_write_end' 'alloc_pid' 'do_select' 'page_counter_charge' 'ondemand_readahead' 'blk_mq_do_dispatch_sched' 'kauditd_thread' 'ext4_free_inode' 'tick_nohz_stop_tick' 'snd_rawmidi_transmit' 'xas_find_marked' 'exit_mm' '__mod_timer' 'xas_clear_mark' 'generic_file_buffered_read' 'blk_mq_rq_ctx_init' 'find_get_pages_range_tag' 'n_tty_receive_buf_common' 'shmem_unlink' 
22:31:24 executing program 0:
r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
setsockopt$inet_mreq(r0, 0x0, 0x0, &(0x7f0000000000)={@multicast1, @multicast1}, 0x8)
ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, &(0x7f0000000040)={0x0, <r1=>0x0})
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f00000000c0)={0x0, <r2=>0x0})
r3 = syz_init_net_socket$llc(0x1a, 0x0, 0x0)
kcmp(r1, r2, 0x3, r3, r0)
r4 = syz_io_uring_complete(0x0)
ioctl$VIDIOC_S_STD(r4, 0x40085618, &(0x7f0000000100)=0x4)
getsockopt$inet6_dccp_buf(0xffffffffffffffff, 0x21, 0xc, &(0x7f0000000140)=""/29, &(0x7f0000000180)=0x1d)
socket$inet_icmp(0x2, 0x2, 0x1)
r5 = syz_open_procfs(r2, &(0x7f00000001c0)='limits\x00')
getpeername$netlink(r5, &(0x7f0000000200), &(0x7f0000000240)=0xc)
r6 = openat$mice(0xffffffffffffff9c, &(0x7f0000000280)='/dev/input/mice\x00', 0x105380)
r7 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000300)='mptcp_pm\x00')
ioctl$sock_ipv6_tunnel_SIOCDELPRL(0xffffffffffffffff, 0x89f6, &(0x7f0000000480)={'syztnl2\x00', &(0x7f0000000400)={'syztnl0\x00', <r8=>0x0, 0x2f, 0x8, 0x4, 0x5, 0x1, @dev={0xfe, 0x80, [], 0x35}, @remote, 0x7800, 0x7800, 0x83ca, 0x2}})
sendmsg$MPTCP_PM_CMD_ADD_ADDR(r6, &(0x7f0000000580)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x100080}, 0xc, &(0x7f0000000540)={&(0x7f00000004c0)={0x68, r7, 0x400, 0x70bd2b, 0x25dfdbfe, {}, [@MPTCP_PM_ATTR_ADDR={0x4}, @MPTCP_PM_ATTR_ADDR={0x1c, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_ID={0x5, 0x2, 0x8}, @MPTCP_PM_ADDR_ATTR_ID={0x5, 0x2, 0x2}, @MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0x2}]}, @MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x4}, @MPTCP_PM_ATTR_ADDR={0x28, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_ADDR6={0x14, 0x4, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}, @MPTCP_PM_ADDR_ATTR_IF_IDX={0x8, 0x7, r8}, @MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @broadcast}]}, @MPTCP_PM_ATTR_ADDR={0x4}]}, 0x68}, 0x1, 0x0, 0x0, 0x40000}, 0x40408c0)
ioctl$UI_GET_VERSION(0xffffffffffffffff, 0x8004552d, &(0x7f00000005c0))
socket$nl_sock_diag(0x10, 0x3, 0x4)
r9 = openat$cgroup_int(r6, &(0x7f0000000600)='rdma.max\x00', 0x2, 0x0)
epoll_ctl$EPOLL_CTL_DEL(r6, 0x2, r9)

[  118.776758][ T8721] IPVS: ftp: loaded support on port[0] = 21
[  118.851174][ T8721] chnl_net:caif_netlink_parms(): no params data found
[  118.884917][ T8721] bridge0: port 1(bridge_slave_0) entered blocking state
[  118.892023][ T8721] bridge0: port 1(bridge_slave_0) entered disabled state
22:31:24 executing program 1:
execve(&(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)=[&(0x7f0000000040)='#[\xb6)}+@:(*\xd9\\.,@)\x00', &(0x7f0000000080)='\xb9^\x00'], &(0x7f0000000300)=[&(0x7f0000000100)='!-\'$\x00', &(0x7f0000000140)='\x00', &(0x7f0000000180)='\'+\x00', &(0x7f00000001c0)='@&/\x00', &(0x7f0000000200)='\x00', &(0x7f0000000240)='\x00', &(0x7f0000000280)=']\xe8.\x00', &(0x7f00000002c0)='\x00'])
r0 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000340)='/dev/autofs\x00', 0x40400, 0x0)
getsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(0xffffffffffffffff, 0x84, 0x76, &(0x7f0000000380)={<r1=>0x0, 0x80}, &(0x7f00000003c0)=0x8)
setsockopt$inet_sctp_SCTP_PR_SUPPORTED(r0, 0x84, 0x71, &(0x7f0000000400)={r1, 0xffffff7f}, 0x8)
chdir(&(0x7f0000000440)='./file0\x00')
getsockopt$inet_sctp6_SCTP_AUTO_ASCONF(0xffffffffffffffff, 0x84, 0x1e, &(0x7f0000000480), &(0x7f00000004c0)=0x4)
ioctl$BLKRRPART(r0, 0x125f, 0x0)
write$P9_RREADDIR(0xffffffffffffffff, &(0x7f0000000500)={0xa6, 0x29, 0x2, {0x7, [{{0xe2, 0x2, 0x7}, 0x81, 0x80, 0x7, './file0'}, {{0x0, 0x1, 0x8}, 0x3, 0x80, 0x7, './file0'}, {{0x20, 0x4, 0x8}, 0xa43a, 0x89, 0x7, './file0'}, {{0x20, 0x2, 0x6}, 0x2, 0x7, 0x7, './file0'}, {{0x4, 0x3, 0x1}, 0x401, 0x7, 0x7, './file0'}]}}, 0xa6)
r2 = socket$can_bcm(0x1d, 0x2, 0x2)
r3 = openat$pfkey(0xffffffffffffff9c, &(0x7f00000005c0)='/proc/self/net/pfkey\x00', 0x101000, 0x0)
r4 = accept$phonet_pipe(r3, &(0x7f0000000600), &(0x7f0000000640)=0x10)
r5 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000680)='/dev/qat_adf_ctl\x00', 0x64f000, 0x0)
ioctl$LOOP_GET_STATUS(r5, 0x4c03, &(0x7f00000006c0))
r6 = syz_open_dev$sndctrl(&(0x7f0000000780)='/dev/snd/controlC#\x00', 0x661, 0x12340)
r7 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000007c0)='/dev/vga_arbiter\x00', 0x10181, 0x0)
r8 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$FIDEDUPERANGE(r2, 0xc0189436, &(0x7f0000000800)={0x7fffffff, 0x6, 0x6, 0x0, 0x0, [{{r6}, 0xb5a}, {{r4}, 0x2eb8}, {{r2}, 0xb9}, {{r7}, 0x1800000000000000}, {{r8}, 0x4}, {{r4}, 0x97d0}]})
r9 = accept$alg(0xffffffffffffffff, 0x0, 0x0)
ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f0000000980)={'sit0\x00', &(0x7f0000000900)={'syztnl0\x00', <r10=>0x0, 0x29, 0x5, 0x1, 0x9, 0x4, @local, @initdev={0xfe, 0x88, [], 0x1, 0x0}, 0x40, 0x8000, 0x0, 0x3}})
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r9, 0x8933, &(0x7f00000009c0)={'batadv_slave_0\x00', r10})

[  118.900203][ T8721] device bridge_slave_0 entered promiscuous mode
[  118.907977][ T8721] bridge0: port 2(bridge_slave_1) entered blocking state
[  118.915576][ T8721] bridge0: port 2(bridge_slave_1) entered disabled state
[  118.923692][ T8721] device bridge_slave_1 entered promiscuous mode
[  118.939454][ T8721] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  118.950470][ T8721] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  118.968892][ T8721] team0: Port device team_slave_0 added
[  118.976110][ T8721] team0: Port device team_slave_1 added
[  118.990375][ T8721] batman_adv: batadv0: Adding interface: batadv_slave_0
[  118.997705][ T8721] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  119.024237][ T8721] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  119.036528][ T8721] batman_adv: batadv0: Adding interface: batadv_slave_1
[  119.043533][ T8721] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  119.070066][ T8721] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  119.092167][ T8721] device hsr_slave_0 entered promiscuous mode
[  119.099417][ T8721] device hsr_slave_1 entered promiscuous mode
[  119.117299][ T8879] IPVS: ftp: loaded support on port[0] = 21
[  119.182995][ T8721] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  119.209108][ T8721] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  119.218296][ T8721] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  119.236802][ T8721] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  119.253289][ T8721] bridge0: port 2(bridge_slave_1) entered blocking state
[  119.260460][ T8721] bridge0: port 2(bridge_slave_1) entered forwarding state
[  119.267721][ T8721] bridge0: port 1(bridge_slave_0) entered blocking state
[  119.274772][ T8721] bridge0: port 1(bridge_slave_0) entered forwarding state
22:31:24 executing program 2:
pipe2(&(0x7f0000000000)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x800)
ioctl$CHAR_RAW_PG(r0, 0x1269, &(0x7f0000000080)={0xd76, 0x10000, 0x3f, &(0x7f0000000040)="f4dac15b09f4c40adb77fd31d0e35506ef3ac147de5d1a5563b4d51055e829e72aa4d375903eca6a646177f46d240fa0fdece523c7dfd1c7a81ea92faa73c0"})
getsockopt$inet_sctp6_SCTP_STATUS(0xffffffffffffffff, 0x84, 0xe, &(0x7f00000000c0)={0x0, 0x7, 0x2, 0x6, 0x80, 0xba41, 0xf0c3, 0x3, {<r2=>0x0, @in={{0x2, 0x4e24, @multicast1}}, 0x7ff, 0x9, 0x4, 0xfffffff9, 0x7}}, &(0x7f0000000180)=0xb0)
setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f00000001c0)={r2, 0xfff}, 0x8)
splice(0xffffffffffffffff, &(0x7f0000000200), r0, &(0x7f0000000240)=0x9, 0x80, 0x0)
r3 = creat(&(0x7f0000000280)='./file0\x00', 0xca)
r4 = openat$6lowpan_enable(0xffffffffffffff9c, &(0x7f0000000300)='/sys/kernel/debug/bluetooth/6lowpan_enable\x00', 0x2, 0x0)
splice(r3, &(0x7f00000002c0)=0xfff, r4, &(0x7f0000000340)=0x86, 0x10001, 0xf)
timer_create(0x1, &(0x7f0000000500)={0x0, 0x33, 0x0, @thr={&(0x7f0000000380)="0e99ea80d7e3cdf9c78ae1a7ff234b9f0e5d80c7c0961c0e1364e27e68c9a486327b5e8782dafb8580a18e1553deac46264c3fa5d2440b7ae743b2b4947506661e85118aa124", &(0x7f0000000400)="cb9194770ce6f2e3233d615e57f8a8209c8a1a9e2ac4e3d0f0313449a78d0f4e2fda51a71c3110acec1878dbb5717670d950b3b81cb3a423e5e5d055c6ab5f7f0b67a88dc3b80224f72f90d0d4445968506f4955892a393e1f4a91f18e4a10002f732adf7e38fc34a96fb7431861772e7f958ea8919ad1f53fb21b1ad54e39c37a0be445de2bc7ca61afd095e88181512a569933aa71aacfb10136db8c140ece2c0675e5c4ee034d7b1f3ac3d3a6a4ed666531349fce3bc0340ae408a92bb8713328c742b8faa2084bad95c6de92113fc03d00d732b314f6b4134a5681fec23d84"}}, &(0x7f0000000540)=<r5=>0x0)
timer_getoverrun(r5)
bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000000640)={0xffffffffffffffff, 0x10, &(0x7f0000000600)={&(0x7f0000000580)=""/79, 0x4f, <r6=>0x0}}, 0x10)
bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000680)={0x0, r6}, 0x8)
syz_usb_connect$cdc_ncm(0x5, 0x18c, &(0x7f00000006c0)={{0x12, 0x1, 0x300, 0x2, 0x0, 0x0, 0x40, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x17a, 0x2, 0x1, 0x20, 0x80, 0x9, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x8, 0x24, 0x6, 0x0, 0x1, "ac2b18"}, {0x5, 0x24, 0x0, 0x8}, {0xd, 0x24, 0xf, 0x1, 0x2, 0x8, 0x200, 0x3}, {0x6, 0x24, 0x1a, 0x7f, 0x20}, [@mdlm_detail={0xfb, 0x24, 0x13, 0x9, "6908cec5f275e2fc15d49eb8152f9f20bde1140cbb6b09b51fe9ceed40520340f761eb4d6947ff9470c974f7403eb82b4a37e702cf1c64d543e364bde8a5802e534e0467ab714c9c1fd6b4d8a6dc22112713aad2a6132aec0161c35815fed4866eeb1b6eb2f596312236e81dcbe0241e4f47590f3b79a68c031fa30ae3020ba788b4f82716edfbc0e38adf266d052e90d9be673f00cf5f852c35bbbf36ad81a54245413e9672b4208ec439c15ee3b505163b34893f7b431cff99bf4becfb336734cd5feb035c1545e630fd774abb4fc01c4a71f49d0bbbefba03eaae3ee2cee151f8c314f4bc1142630a3745d3d8edd15f49d74345b897"}, @country_functional={0xc, 0x24, 0x7, 0x2, 0xd36, [0x55, 0x6, 0x7fff]}, @acm={0x4, 0x24, 0x2, 0x2}, @acm={0x4, 0x24, 0x2, 0xc}, @mbim={0xc, 0x24, 0x1b, 0x3, 0xff, 0xf8, 0x8, 0x5309, 0x40}]}, {{0x9, 0x5, 0x81, 0x3, 0x5fe, 0x5, 0x3, 0x7}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x40, 0x8, 0x20, 0x92}}, {{0x9, 0x5, 0x3, 0x2, 0x3ff, 0xff, 0xff, 0x6}}}}}}}]}}, &(0x7f0000000b40)={0xa, &(0x7f0000000880)={0xa, 0x6, 0x310, 0x2, 0x7f, 0x2, 0x8, 0x5}, 0x11b, &(0x7f00000008c0)={0x5, 0xf, 0x11b, 0x6, [@generic={0xd1, 0x10, 0xb, "f418b3a59a5d94a1a3fefe1e9094c6c356dccc8e81594a4926511fb1a3cd4d40303da50c66bef9b3aecc32e257e2b1809f3d491cc21c17e170e4c0e721e204864fe237a51e5509b7f1d599959d67e25f7a6628fed9c8745c62b236ece90dfafcbdddfaec056873143d4766fb8a684afa80e48b1c145f39bfe34920d40cb2e42f30192a548792c32f8821c52b6f3e71c73cb19b6e080980ea070d60884533077db44d0af36d75a3186c65866c51d9393407eb9f0736a0307f42ec7f629450892e6aef58a28985e7a51e06ab8e7f30"}, @wireless={0xb, 0x10, 0x1, 0xc, 0xa, 0xc5, 0x67, 0x1, 0x5}, @wireless={0xb, 0x10, 0x1, 0x8, 0x20, 0x3, 0x3f, 0xfffb, 0xaa}, @ss_container_id={0x14, 0x10, 0x4, 0x8, "4ce75e8d84eeb1e2e852a7fd8f2562ed"}, @ext_cap={0x7, 0x10, 0x2, 0x6, 0x8, 0x7, 0x4}, @ss_container_id={0x14, 0x10, 0x4, 0x0, "df8cbf4be5c97d67d04e89ca05c1ad1d"}]}, 0x1, [{0x102, &(0x7f0000000a00)=@string={0x102, 0x3, "a27e777a4ff18f12b785298b6de6a59ab5627bd9428da7e162dd5ed1c06f69a54f52c46fd37fdb7b30178b8b0dc73b6928da98bb3f2cbe6ff1cd02693d0fd9e8339a1a9a9900ebd5a035df1f175c3e74240627de8e66b632eaf8b66a61994a14b725a722c27324035a19eb87bc6146f0655dcefb7d69c784af6ee0a5f4870d50e8a5580e63912927b003f7350ac1bcbfc72c7d2e6b66705fb3f59207cfe0cff3cf8aee4563df7403e5c823500428d5a38284bc93b50e7a53f6d8cfaa01b4320dcd00159b648970a58d3814eaf7afdbc560ce6414b853cafea822093528e3c80820e40b1225aa148c5e350ae858a89e9394e46386cf44be3d13ed758598250ade"}}]})
r7 = syz_open_dev$mouse(&(0x7f0000000b80)='/dev/input/mouse#\x00', 0x20, 0x0)
ioctl$LOOP_SET_FD(0xffffffffffffffff, 0x4c00, r7)
ioctl$sock_inet_SIOCSIFPFLAGS(r7, 0x8934, &(0x7f0000000bc0)={'veth1_to_hsr\x00', 0x80000001})
sendmsg$IPCTNL_MSG_TIMEOUT_DEFAULT_SET(r1, &(0x7f0000000cc0)={&(0x7f0000000c00)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000c80)={&(0x7f0000000c40)={0x28, 0x3, 0x8, 0x301, 0x0, 0x0, {0xa, 0x0, 0x5}, [@CTA_TIMEOUT_L3PROTO={0x6, 0x2, 0x1, 0x0, 0x88a2}, @CTA_TIMEOUT_NAME={0x9, 0x1, 'syz1\x00'}]}, 0x28}, 0x1, 0x0, 0x0, 0x4000}, 0x8000)
setsockopt$IP_VS_SO_SET_DEL(0xffffffffffffffff, 0x0, 0x484, &(0x7f0000000d00)={0x62, @dev={0xac, 0x14, 0x14, 0x20}, 0x4e24, 0x1, 'nq\x00', 0x14, 0x10000, 0x38}, 0x2c)
ioctl$TIOCGSERIAL(0xffffffffffffffff, 0x541e, &(0x7f0000000d80)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000d40)=""/26})
ioctl$SIOCPNENABLEPIPE(0xffffffffffffffff, 0x89ed, 0x0)

[  119.295743][ T8879] chnl_net:caif_netlink_parms(): no params data found
[  119.379197][ T8721] 8021q: adding VLAN 0 to HW filter on device bond0
[  119.400808][ T8879] bridge0: port 1(bridge_slave_0) entered blocking state
[  119.414064][ T8879] bridge0: port 1(bridge_slave_0) entered disabled state
[  119.423357][ T8879] device bridge_slave_0 entered promiscuous mode
[  119.460635][ T8721] 8021q: adding VLAN 0 to HW filter on device team0
[  119.474348][ T5063] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  119.483170][ T5063] bridge0: port 1(bridge_slave_0) entered disabled state
[  119.491779][ T5063] bridge0: port 2(bridge_slave_1) entered disabled state
[  119.501043][ T5063] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
22:31:25 executing program 3:
r0 = syz_open_dev$mouse(&(0x7f0000000000)='/dev/input/mouse#\x00', 0x1000, 0x400800)
setsockopt$SO_J1939_SEND_PRIO(r0, 0x6b, 0x3, &(0x7f0000000040)=0x5, 0x4)
r1 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vcs\x00', 0x48000, 0x0)
getsockopt$CAN_RAW_FILTER(r1, 0x65, 0x1, &(0x7f00000000c0)=[{}, {}, {}], &(0x7f0000000100)=0x18)
r2 = openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000140)='/dev/dlm-control\x00', 0x200200, 0x0)
ioctl$SIOCX25SFACILITIES(r2, 0x89e3, &(0x7f0000000180)={0x76, 0x0, 0x7, 0x7, 0x1, 0x81})
r3 = openat$pfkey(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/self/net/pfkey\x00', 0xc8040, 0x0)
sendmsg$IPCTNL_MSG_EXP_GET(r3, &(0x7f00000005c0)={&(0x7f0000000200), 0xc, &(0x7f0000000580)={&(0x7f0000000240)={0x308, 0x1, 0x2, 0x5, 0x0, 0x0, {0xc, 0x0, 0x7}, [@CTA_EXPECT_TUPLE={0xa8, 0x2, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x4}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x2f}}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @empty}, {0x14, 0x4, @remote}}}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @private0}, {0x14, 0x4, @private2}}}, @CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @rand_addr=0x3}, {0x8, 0x2, @multicast2}}}, @CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @initdev={0xac, 0x1e, 0x1, 0x0}}, {0x8, 0x2, @multicast1}}}]}, @CTA_EXPECT_HELP_NAME={0x9, 0x6, 'pptp\x00'}, @CTA_EXPECT_TUPLE={0x9c, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @loopback}, {0x8, 0x2, @loopback}}}, @CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @loopback}, {0x8, 0x2, @private=0xa010102}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x1}}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @dev={0xfe, 0x80, [], 0x31}}, {0x14, 0x4, @initdev={0xfe, 0x88, [], 0x1, 0x0}}}}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @private0}, {0x14, 0x4, @private0={0xfc, 0x0, [], 0x1}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x11}}]}, @CTA_EXPECT_NAT={0x9c, 0xa, 0x0, 0x1, [@CTA_EXPECT_NAT_TUPLE={0x3c, 0x2, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x84}}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @mcast1}, {0x14, 0x4, @remote}}}]}, @CTA_EXPECT_NAT_TUPLE={0x3c, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @empty}, {0x14, 0x4, @private1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x11}}]}, @CTA_EXPECT_NAT_DIR={0x8}, @CTA_EXPECT_NAT_TUPLE={0x10, 0x2, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x11}}]}, @CTA_EXPECT_NAT_DIR={0x8}]}, @CTA_EXPECT_ZONE={0x6, 0x7, 0x1, 0x0, 0x2}, @CTA_EXPECT_ZONE={0x6, 0x7, 0x1, 0x0, 0x3}, @CTA_EXPECT_ID={0x8, 0x5, 0x1, 0x0, 0x5}, @CTA_EXPECT_NAT={0xf0, 0xa, 0x0, 0x1, [@CTA_EXPECT_NAT_DIR={0x8, 0x1, 0x1, 0x0, 0x1}, @CTA_EXPECT_NAT_DIR={0x8}, @CTA_EXPECT_NAT_TUPLE={0xb0, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @rand_addr=0x64010102}, {0x8, 0x2, @local}}}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @remote}, {0x14, 0x4, @local}}}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}, {0x14, 0x4, @ipv4={[], [], @remote}}}}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @private2={0xfc, 0x2, [], 0x1}}, {0x14, 0x4, @initdev={0xfe, 0x88, [], 0x1, 0x0}}}}, @CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @rand_addr=0x64010100}, {0x8, 0x2, @private=0xa010100}}}]}, @CTA_EXPECT_NAT_TUPLE={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x88}}, @CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @broadcast}}}]}, @CTA_EXPECT_NAT_DIR={0x8, 0x1, 0x1, 0x0, 0x1}]}]}, 0x308}, 0x1, 0x0, 0x0, 0x4}, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000007c0)={&(0x7f0000000600)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xb7, 0xb7, 0x9, [@ptr={0x4, 0x0, 0x0, 0x2, 0x3}, @ptr={0xc, 0x0, 0x0, 0x2, 0x2}, @datasec={0x7, 0x1, 0x0, 0xf, 0x3, [{0x5, 0x8000, 0x1f}], "33f918"}, @int={0x3, 0x0, 0x0, 0x1, 0x0, 0x37, 0x0, 0x25, 0x2}, @func={0x9, 0x0, 0x0, 0xc, 0x1}, @ptr={0xa, 0x0, 0x0, 0x2, 0x1}, @struct={0x5, 0x1, 0x0, 0x4, 0x0, 0x19db, [{0xf, 0x1, 0x1ff}]}, @enum={0xe, 0x7, 0x0, 0x6, 0x4, [{0x8, 0x8}, {0xc, 0xf6}, {0x9, 0x8}, {0x3, 0x4}, {0x2, 0x9}, {0x4, 0x4cb6}, {0x7, 0x7}]}]}, {0x0, [0x0, 0x61, 0x2e, 0x30, 0x5f, 0x30, 0x61]}}, &(0x7f0000000700)=""/167, 0xd9, 0xa7}, 0x20)
getsockopt$TIPC_SRC_DROPPABLE(0xffffffffffffffff, 0x10f, 0x80, &(0x7f0000000800), &(0x7f0000000840)=0x4)
r4 = openat$userio(0xffffffffffffff9c, &(0x7f0000000880)='/dev/userio\x00', 0x121a40, 0x0)
fcntl$F_GET_FILE_RW_HINT(r4, 0x40d, &(0x7f00000008c0))
syz_init_net_socket$nfc_raw(0x27, 0x3, 0x0)
openat$full(0xffffffffffffff9c, &(0x7f0000000900)='/dev/full\x00', 0x2e4282, 0x0)
ioctl$SECCOMP_IOCTL_NOTIF_SEND(0xffffffffffffffff, 0xc0182101, &(0x7f0000000940)={0x0, 0x80, 0x200})
r5 = syz_open_dev$radio(&(0x7f0000000980)='/dev/radio#\x00', 0x1, 0x2)
ioctl$VIDIOC_G_CTRL(r5, 0xc008561b, &(0x7f00000009c0)={0x1})
r6 = open_tree(0xffffffffffffffff, &(0x7f0000000a00)='./file0\x00', 0x9001)
ioctl$TIOCGPKT(r6, 0x80045438, &(0x7f0000000a40))
sendmsg$NFNL_MSG_COMPAT_GET(0xffffffffffffffff, &(0x7f0000000b80)={&(0x7f0000000ac0)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000b40)={&(0x7f0000000b00)={0x1c, 0x0, 0xb, 0x5, 0x0, 0x0, {0x3, 0x0, 0x2}, [@NFTA_COMPAT_NAME={0x5, 0x1, '\x00'}]}, 0x1c}, 0x1, 0x0, 0x0, 0x40c4}, 0x20040010)

[  119.511829][ T8879] bridge0: port 2(bridge_slave_1) entered blocking state
[  119.519799][ T8879] bridge0: port 2(bridge_slave_1) entered disabled state
[  119.527908][ T8879] device bridge_slave_1 entered promiscuous mode
[  119.540347][ T9061] IPVS: ftp: loaded support on port[0] = 21
[  119.552637][ T5063] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  119.565594][ T5063] bridge0: port 1(bridge_slave_0) entered blocking state
[  119.572669][ T5063] bridge0: port 1(bridge_slave_0) entered forwarding state
[  119.598858][ T5063] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  119.613232][ T5063] bridge0: port 2(bridge_slave_1) entered blocking state
[  119.620510][ T5063] bridge0: port 2(bridge_slave_1) entered forwarding state
[  119.664114][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  119.673004][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  119.704152][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  119.716019][ T8879] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  119.731088][ T8721] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  119.743144][ T8721] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  119.763168][ T9026] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  119.773016][ T9026] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  119.783511][ T8879] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  119.808164][ T5063] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
22:31:25 executing program 4:
r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/vmallocinfo\x00', 0x0, 0x0)
ioctl$SIOCRSACCEPT(r0, 0x89e3)
r1 = syz_open_dev$vcsa(&(0x7f0000000040)='/dev/vcsa#\x00', 0xfffffffffffff800, 0x101000)
ioctl$UI_SET_ABSBIT(r1, 0x40045567, 0x6)
setsockopt$inet_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f0000000080)={@in6={{0xa, 0x4e21, 0xb92, @private0={0xfc, 0x0, [], 0x1}, 0x8}}, 0x0, 0x0, 0x46, 0x0, "353225e01d187bb667d971bb2612dcdfb5e67868cd249cffbc0a5a93442b595deef35bb515d1b382f55bd7784c430b9eae1d147a129d22a40223e87f1ca0087df502a586957a6eff70c2d3dcbdfb94b6"}, 0xd8)
r2 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
write$binfmt_elf64(r2, &(0x7f0000000180)={{0x7f, 0x45, 0x4c, 0x46, 0x24, 0x81, 0x5, 0x1, 0x6, 0x3, 0x3e, 0x0, 0x2e7, 0x40, 0x1f0, 0x9, 0x1ff, 0x38, 0x2, 0x9, 0x9, 0xfffa}, [{0x1, 0x9, 0x1, 0x101, 0x47f, 0x80, 0x3, 0x6}, {0x7, 0x2, 0x0, 0x3, 0x7f9b, 0x60, 0x1, 0x800}], "7e311f6e1698b3f4c3eb2676e8cabba0468b22cbb572c15cd4b40c3e63fad95dfe8b82d2fb6f4d2a165d30ff24951f34dac6fe6d127cb589884879228b3c01c951945750b2f253f209327a3f9c60fee803ab7a23a91504ad5e863bdd895f2e5597f4ace5", [[], []]}, 0x314)
timer_getoverrun(0x0)
getpeername$inet6(0xffffffffffffffff, &(0x7f00000004c0)={0xa, 0x0, 0x0, @private2}, &(0x7f0000000500)=0x1c)
sendmsg$SOCK_DESTROY(r1, &(0x7f0000000700)={&(0x7f0000000540)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f00000006c0)={&(0x7f0000000580)={0x124, 0x15, 0x300, 0x70bd2d, 0x25dfdbfd, {0x1e, 0x5}, [@INET_DIAG_REQ_BYTECODE={0x23, 0x1, "ad0c8a4bc1d4593bbe2f9a7276dd458c016bb9c76ad237d46f3e6fa7e0bab3"}, @INET_DIAG_REQ_BYTECODE={0x16, 0x1, "3191f0d2ae81bd99dfae4d369ce5ce8d64b7"}, @INET_DIAG_REQ_BYTECODE={0x39, 0x1, "d55dde820360a587416bcce7a1814f996ac2397959c3cbf19f9673edd8f651d8f13dbb8a90c5a0edbb3081986371cba98657ed7f15"}, @INET_DIAG_REQ_BYTECODE={0x95, 0x1, "e63b21ee40d7bcfe5e4119bfffd2add3bca49334ca6176f54fa0cb5b438ebf31f093a983ed0f9cec6439d73e1256e0a45fbb0498f8b1140d63ee9d6cf6eae0af71c1401c007f61e2fc1ad12bc03b65f1c401c7fb7a33f469f0ca66bd1989a9ff59670d1c54607d6ce644eac918fde0c8f86797dcc86aebb92ce603e004bee3e67bd4eb94074950a516e5a2f2902971c506"}]}, 0x124}, 0x1, 0x0, 0x0, 0xc0000}, 0x8840)
r3 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000740)='/dev/vga_arbiter\x00', 0xc800, 0x0)
mq_getsetattr(r3, &(0x7f0000000780)={0x6, 0x7, 0xe57, 0x100000001}, &(0x7f00000007c0))
r4 = fcntl$dupfd(r2, 0x0, 0xffffffffffffffff)
setsockopt$bt_hci_HCI_TIME_STAMP(r4, 0x0, 0x3, &(0x7f0000000800)=0x7f, 0x4)
r5 = openat$ocfs2_control(0xffffffffffffff9c, &(0x7f0000000840)='/dev/ocfs2_control\x00', 0x0, 0x0)
getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, &(0x7f0000000900)={{{@in=@loopback, @in6=@private2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r6=>0x0}}, {{@in6=@initdev}, 0x0, @in6=@loopback}}, &(0x7f0000000a00)=0xe8)
r7 = getegid()
getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, &(0x7f0000000a40)={{{@in6=@private2, @in=@multicast1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r8=>0x0}}, {{@in6=@remote}, 0x0, @in=@initdev}}, &(0x7f0000000b40)=0xe8)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000b80)={0x0, 0x0, <r9=>0x0}, &(0x7f0000000bc0)=0xc)
write$FUSE_DIRENTPLUS(r5, &(0x7f0000000f00)={0x498, 0x0, 0x8, [{{0x6, 0x1, 0x8, 0x2, 0x0, 0x800, {0x2, 0x0, 0xc0, 0x0, 0x4, 0x7, 0x3ff, 0x9, 0x825, 0x0, 0x7fffffff, r6, 0xee00, 0x2, 0x9}}, {0x5, 0x700, 0x3, 0x400, ':/@'}}, {{0x0, 0x0, 0x20, 0x6, 0x81, 0x10000, {0x6, 0x100000001, 0x3, 0x29fc, 0xd32c, 0x5, 0x8, 0x9, 0x3, 0x23a, 0x5, 0xee00, r7, 0x8, 0x7ff}}, {0x4, 0x9, 0x2, 0x401, '.\''}}, {{0x1, 0x3, 0xfff, 0x8, 0x0, 0x1, {0x3, 0x6, 0x4, 0x38, 0x1000, 0x39f, 0x2, 0x8000, 0x2, 0x1f, 0x20, r8, r9, 0x1, 0x1000}}, {0x4, 0xa9, 0x5, 0x3, '!!\x1d,:'}}, {{0x5, 0x2, 0x2, 0x6, 0x1, 0x4, {0x4, 0x3, 0x400, 0x3ff, 0x9, 0xff, 0x46f, 0xc8, 0x800, 0x8, 0x9, 0x0, 0x0, 0x1, 0x100}}, {0x4, 0xffffffffffff57c7, 0x5, 0x8001, '.I^)/'}}, {{0x3, 0x3, 0x8, 0x3, 0x15, 0x8, {0x6, 0x4, 0x3, 0x9, 0x3, 0x3, 0xffff, 0x2, 0x7fff, 0x3ff, 0xffffffff, 0x0, 0x0, 0x5, 0x2}}, {0x6, 0x276, 0x11, 0x80, '/dev/vga_arbiter\x00'}}, {{0x3, 0x0, 0x1, 0x7, 0x7, 0x0, {0x4, 0x4, 0x1, 0x29, 0x8, 0x100000001, 0x10000, 0x1ff, 0x1, 0x101, 0x5, 0x0, 0x0, 0x1f, 0x6}}, {0x1, 0xffff, 0x12, 0xa6e5, '/proc/vmallocinfo\x00'}}, {{0x1, 0x3, 0x12000000000000, 0x401, 0x7d8a, 0x68ba, {0x1, 0x8, 0x20, 0x7, 0x7fff, 0x3, 0x4, 0x3ff, 0xfffffffb, 0x8, 0x101, 0x0, 0x0, 0xf430, 0x7ff}}, {0x5, 0x81, 0xb, 0x7, '/dev/vcsa#\x00'}}]}, 0x498)

[  119.820472][ T9082] IPVS: ftp: loaded support on port[0] = 21
[  119.836411][ T9026] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  119.845841][ T9026] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  119.878707][ T8879] team0: Port device team_slave_0 added
[  119.887913][ T8879] team0: Port device team_slave_1 added
[  119.913347][ T8721] 8021q: adding VLAN 0 to HW filter on device batadv0
[  119.941122][ T8879] batman_adv: batadv0: Adding interface: batadv_slave_0
[  119.964255][ T8879] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  120.002975][ T8879] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  120.019058][ T8879] batman_adv: batadv0: Adding interface: batadv_slave_1
[  120.027056][ T8879] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  120.053027][ T8879] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  120.074117][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  120.082712][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  120.096157][ T9061] chnl_net:caif_netlink_parms(): no params data found
22:31:25 executing program 5:
r0 = semget$private(0x0, 0x2, 0x600)
semctl$IPC_RMID(r0, 0x0, 0x0)
r1 = socket$inet_icmp(0x2, 0x2, 0x1)
clock_gettime(0x0, &(0x7f0000003ac0)={<r2=>0x0, <r3=>0x0})
recvmmsg(r1, &(0x7f0000003900)=[{{&(0x7f0000000000)=@rc={0x1f, @fixed}, 0x80, &(0x7f0000000300)=[{&(0x7f0000000080)=""/106, 0x6a}, {&(0x7f0000000100)=""/8, 0x8}, {&(0x7f0000000140)=""/216, 0xd8}, {&(0x7f0000000240)=""/24, 0x18}, {&(0x7f0000000280)=""/78, 0x4e}], 0x5, &(0x7f0000000380)=""/113, 0x71}, 0xffffff00}, {{&(0x7f0000000400)=@pppol2tpin6={0x18, 0x1, {0x0, <r4=>0xffffffffffffffff}}, 0x80, &(0x7f0000000500)=[{&(0x7f0000000480)=""/81, 0x51}], 0x1}, 0x1}, {{&(0x7f0000000540)=@pppol2tp={0x18, 0x1, {0x0, <r5=>0xffffffffffffffff, {0x2, 0x0, @multicast2}}}, 0x80, &(0x7f0000000a40)=[{&(0x7f00000005c0)=""/128, 0x80}, {&(0x7f0000000640)=""/13, 0xd}, {&(0x7f0000000680)=""/2, 0x2}, {&(0x7f00000006c0)=""/11, 0xb}, {&(0x7f0000000700)=""/64, 0x40}, {&(0x7f0000000740)=""/144, 0x90}, {&(0x7f0000000800)=""/76, 0x4c}, {&(0x7f0000000880)=""/165, 0xa5}, {&(0x7f0000000940)=""/239, 0xef}], 0x9, &(0x7f0000000b00)=""/23, 0x17}, 0x7}, {{&(0x7f0000000b40)=@pppoe={0x18, 0x0, {0x0, @link_local}}, 0x80, &(0x7f0000000ec0)=[{&(0x7f0000000bc0)=""/201, 0xc9}, {&(0x7f0000000cc0)=""/217, 0xd9}, {&(0x7f0000000dc0)=""/226, 0xe2}], 0x3}, 0x1}, {{&(0x7f0000000f00)=@phonet, 0x80, &(0x7f0000001f80)=[{&(0x7f0000000f80)=""/4096, 0x1000}], 0x1}, 0x4a7}, {{&(0x7f0000001fc0)=@can, 0x80, &(0x7f0000003380)=[{&(0x7f0000002040)=""/113, 0x71}, {&(0x7f00000020c0)=""/201, 0xc9}, {&(0x7f00000021c0)=""/4096, 0x1000}, {&(0x7f00000031c0)=""/158, 0x9e}, {&(0x7f0000003280)=""/87, 0x57}, {&(0x7f0000003300)=""/109, 0x6d}], 0x6, &(0x7f0000003400)=""/217, 0xd9}, 0x6099}, {{0x0, 0x0, &(0x7f0000003780)=[{&(0x7f0000003500)=""/37, 0x25}, {&(0x7f0000003540)=""/2, 0x2}, {&(0x7f0000003580)=""/141, 0x8d}, {&(0x7f0000003640)=""/56, 0x38}, {&(0x7f0000003680)=""/183, 0xb7}, {&(0x7f0000003740)=""/45, 0x2d}], 0x6, &(0x7f0000003800)=""/202, 0xca}, 0x339}], 0x7, 0x40002000, &(0x7f0000003b00)={r2, r3+10000000})
lstat(&(0x7f0000003c00)='./file0\x00', &(0x7f0000003c40)={0x0, 0x0, 0x0, 0x0, 0x0, <r6=>0x0})
getsockopt$inet_IP_IPSEC_POLICY(r4, 0x0, 0x10, &(0x7f0000003cc0)={{{@in=@private, @in6=@private0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r7=>0x0}}, {{@in=@remote}, 0x0, @in6}}, &(0x7f0000003dc0)=0xe8)
mount$9p_xen(&(0x7f0000003b40)='syz\x00', &(0x7f0000003b80)='./file0\x00', &(0x7f0000003bc0)='9p\x00', 0x800000, &(0x7f0000003e00)={'trans=xen,', {[{@cache_none='cache=none'}, {@access_user='access=user'}, {@uname={'uname'}}, {@privport='privport'}, {@access_any='access=any'}, {@fscache='fscache'}, {@debug={'debug', 0x3d, 0x260000000000000}}, {@dfltgid={'dfltgid', 0x3d, r6}}, {@noextend='noextend'}, {@access_uid={'access', 0x3d, r7}}], [{@euid_lt={'euid<', 0xee00}}, {@rootcontext={'rootcontext', 0x3d, 'staff_u'}}, {@obj_role={'obj_role', 0x3d, '].(\')'}}, {@fscontext={'fscontext', 0x3d, 'unconfined_u'}}]}})
semtimedop(r0, &(0x7f0000003f00)=[{0x2, 0x9, 0x1800}, {0x1, 0x101}, {0x0, 0x6, 0x1000}, {0x0, 0x1, 0x800}, {0x1, 0x7ff, 0x2000}], 0x5, &(0x7f0000003f40))
prctl$PR_SET_FPEMU(0xa, 0x2)
r8 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000003f80)='/proc/capi/capi20ncci\x00', 0x140, 0x0)
setsockopt$RXRPC_UPGRADEABLE_SERVICE(r8, 0x110, 0x5, &(0x7f0000003fc0)=[0x1, 0x4], 0x2)
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000004000)='/sys/kernel/debug/binder/state\x00', 0x0, 0x0)
setsockopt$packet_int(0xffffffffffffffff, 0x107, 0x12, &(0x7f0000004040)=0x7f, 0x4)
setsockopt$inet_sctp_SCTP_I_WANT_MAPPED_V4_ADDR(r5, 0x84, 0xc, &(0x7f0000004080)=0x7f, 0x4)
lchown(&(0x7f00000040c0)='./file0\x00', 0xffffffffffffffff, r6)
ioctl$PPPIOCDISCONN(r8, 0x7439)
ioctl$FIBMAP(0xffffffffffffffff, 0x1, &(0x7f0000004100)=0x1fb4f07a)
r9 = shmget(0x1, 0x2000, 0x1, &(0x7f0000ffb000/0x2000)=nil)
shmctl$SHM_STAT(r9, 0xd, &(0x7f0000004140)=""/86)

[  120.113187][ T9197] IPVS: ftp: loaded support on port[0] = 21
[  120.133105][ T8879] device hsr_slave_0 entered promiscuous mode
[  120.142466][ T8879] device hsr_slave_1 entered promiscuous mode
[  120.149444][ T8879] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  120.157990][ T8879] Cannot create hsr debugfs directory
[  120.168274][ T9026] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  120.176542][ T9026] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  120.209248][ T8721] device veth0_vlan entered promiscuous mode
[  120.230886][ T9026] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  120.239323][ T9026] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  120.262411][ T9082] chnl_net:caif_netlink_parms(): no params data found
[  120.298544][ T9061] bridge0: port 1(bridge_slave_0) entered blocking state
[  120.306042][ T9061] bridge0: port 1(bridge_slave_0) entered disabled state
[  120.313499][ T9061] device bridge_slave_0 entered promiscuous mode
[  120.321361][ T9061] bridge0: port 2(bridge_slave_1) entered blocking state
[  120.328525][ T9061] bridge0: port 2(bridge_slave_1) entered disabled state
[  120.335964][ T9061] device bridge_slave_1 entered promiscuous mode
[  120.351401][ T8721] device veth1_vlan entered promiscuous mode
[  120.381821][ T9061] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  120.382851][ T9292] IPVS: ftp: loaded support on port[0] = 21
[  120.425239][ T9061] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  120.438236][ T8879] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  120.468443][ T9197] chnl_net:caif_netlink_parms(): no params data found
[  120.485469][ T8879] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  120.499619][ T8879] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  120.512694][ T9061] team0: Port device team_slave_0 added
[  120.522593][ T9061] team0: Port device team_slave_1 added
[  120.537111][ T8721] device veth0_macvtap entered promiscuous mode
[  120.543936][ T5063] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[  120.551815][ T5063] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[  120.562953][ T5063] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  120.571749][ T5063] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  120.581653][ T5063] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  120.590039][ T8879] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  120.617957][ T9082] bridge0: port 1(bridge_slave_0) entered blocking state
[  120.625380][ T9082] bridge0: port 1(bridge_slave_0) entered disabled state
[  120.633140][ T9082] device bridge_slave_0 entered promiscuous mode
[  120.641833][ T8721] device veth1_macvtap entered promiscuous mode
[  120.649346][ T9082] bridge0: port 2(bridge_slave_1) entered blocking state
[  120.658148][ T9082] bridge0: port 2(bridge_slave_1) entered disabled state
[  120.666529][ T9082] device bridge_slave_1 entered promiscuous mode
[  120.681596][ T9061] batman_adv: batadv0: Adding interface: batadv_slave_0
[  120.693960][ T9061] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  120.721503][ T9061] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  120.733903][ T9061] batman_adv: batadv0: Adding interface: batadv_slave_1
[  120.740972][ T9061] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  120.767203][ T9061] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  120.790839][ T9292] chnl_net:caif_netlink_parms(): no params data found
[  120.814485][ T9061] device hsr_slave_0 entered promiscuous mode
[  120.820891][ T9061] device hsr_slave_1 entered promiscuous mode
[  120.829081][ T9061] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  120.836986][ T9061] Cannot create hsr debugfs directory
[  120.852001][ T9082] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  120.875514][ T9026] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  120.899702][ T8721] batman_adv: batadv0: Interface activated: batadv_slave_0
[  120.911503][ T9082] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  120.929572][ T9026] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  120.941075][ T9026] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  120.951051][ T9197] bridge0: port 1(bridge_slave_0) entered blocking state
[  120.959568][ T9197] bridge0: port 1(bridge_slave_0) entered disabled state
[  120.967307][ T9197] device bridge_slave_0 entered promiscuous mode
[  120.978760][ T9197] bridge0: port 2(bridge_slave_1) entered blocking state
[  120.986138][ T9197] bridge0: port 2(bridge_slave_1) entered disabled state
[  120.993737][ T9197] device bridge_slave_1 entered promiscuous mode
[  121.008351][ T8721] batman_adv: batadv0: Interface activated: batadv_slave_1
[  121.023660][ T8721] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  121.032931][ T8721] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  121.042584][ T8721] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  121.051533][ T8721] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  121.066686][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  121.075176][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  121.104517][ T9082] team0: Port device team_slave_0 added
[  121.115047][ T9292] bridge0: port 1(bridge_slave_0) entered blocking state
[  121.122278][ T9292] bridge0: port 1(bridge_slave_0) entered disabled state
[  121.130908][ T9292] device bridge_slave_0 entered promiscuous mode
[  121.138871][ T9197] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  121.150184][ T9197] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  121.160014][ T9061] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  121.168815][ T9061] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  121.177414][ T9061] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  121.187078][ T9082] team0: Port device team_slave_1 added
[  121.192718][ T9061] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  121.204367][ T9292] bridge0: port 2(bridge_slave_1) entered blocking state
[  121.211409][ T9292] bridge0: port 2(bridge_slave_1) entered disabled state
[  121.220371][ T9292] device bridge_slave_1 entered promiscuous mode
[  121.262782][ T9197] team0: Port device team_slave_0 added
[  121.271258][ T9292] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  121.281401][ T9082] batman_adv: batadv0: Adding interface: batadv_slave_0
[  121.288716][ T9082] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  121.316467][ T9082] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  121.329045][ T9082] batman_adv: batadv0: Adding interface: batadv_slave_1
[  121.336296][ T9082] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  121.362566][ T9082] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  121.376078][ T9197] team0: Port device team_slave_1 added
[  121.382871][ T8879] 8021q: adding VLAN 0 to HW filter on device bond0
[  121.390943][ T9292] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  121.415345][ T9292] team0: Port device team_slave_0 added
[  121.422043][ T9292] team0: Port device team_slave_1 added
[  121.442961][ T9197] batman_adv: batadv0: Adding interface: batadv_slave_0
[  121.451671][ T9197] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  121.479517][ T9197] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  121.491665][ T9197] batman_adv: batadv0: Adding interface: batadv_slave_1
[  121.498896][ T9197] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  121.525348][ T9197] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  121.546737][ T9082] device hsr_slave_0 entered promiscuous mode
[  121.553673][ T9082] device hsr_slave_1 entered promiscuous mode
[  121.560841][ T9082] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  121.568945][ T9082] Cannot create hsr debugfs directory
[  121.591959][ T9197] device hsr_slave_0 entered promiscuous mode
[  121.599514][ T9197] device hsr_slave_1 entered promiscuous mode
[  121.606389][ T9197] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  121.614416][ T9197] Cannot create hsr debugfs directory
[  121.620394][ T9292] batman_adv: batadv0: Adding interface: batadv_slave_0
[  121.627658][ T9292] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  121.655775][ T9292] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  121.672212][ T8879] 8021q: adding VLAN 0 to HW filter on device team0
[  121.694991][ T9292] batman_adv: batadv0: Adding interface: batadv_slave_1
[  121.702168][ T9292] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  121.729812][ T9292] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  121.745279][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  121.752854][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  121.760762][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  121.769511][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  121.779107][   T17] bridge0: port 1(bridge_slave_0) entered blocking state
[  121.786171][   T17] bridge0: port 1(bridge_slave_0) entered forwarding state
[  121.810394][ T9061] 8021q: adding VLAN 0 to HW filter on device bond0
[  121.820055][ T9026] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  121.828918][ T9026] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  121.838002][ T9026] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  121.846627][ T9026] bridge0: port 2(bridge_slave_1) entered blocking state
[  121.853887][ T9026] bridge0: port 2(bridge_slave_1) entered forwarding state
[  121.861912][ T9026] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  121.870674][ T9026] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  121.892294][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  121.901413][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  121.911741][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  121.945477][ T9292] device hsr_slave_0 entered promiscuous mode
[  121.952626][ T9292] device hsr_slave_1 entered promiscuous mode
[  121.959346][ T9292] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  121.967286][ T9292] Cannot create hsr debugfs directory
[  121.972784][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  121.982916][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  121.996363][ T9061] 8021q: adding VLAN 0 to HW filter on device team0
[  122.005428][ T9082] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  122.016097][ T9082] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  122.035892][ T5088] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  122.045536][ T5088] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  122.053907][ T5088] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  122.061616][ T5088] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  122.069352][ T5088] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  122.079676][ T5088] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  122.091581][ T8879] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  122.099578][ T9082] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  122.111276][ T9082] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  122.147207][ T5088] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  122.156156][ T5088] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  122.165489][ T5088] bridge0: port 1(bridge_slave_0) entered blocking state
[  122.172731][ T5088] bridge0: port 1(bridge_slave_0) entered forwarding state
[  122.180631][ T5088] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  122.189508][ T5088] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  122.197928][ T5088] bridge0: port 2(bridge_slave_1) entered blocking state
[  122.205065][ T5088] bridge0: port 2(bridge_slave_1) entered forwarding state
[  122.213270][ T5088] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  122.223211][ T5088] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  122.234109][ T9197] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  122.248415][ T9197] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  122.259307][ T9292] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  122.284547][ T9197] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  122.294109][ T9292] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  122.305905][ T9292] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  122.321272][ T9026] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  122.350145][ T9026] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  122.371440][ T9026] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  122.391769][ T9026] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
22:31:28 executing program 0:
r0 = syz_open_procfs(0x0, &(0x7f0000000000)='smaps\x00')
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$TCSETS(r1, 0x40045431, &(0x7f00003b9fdc))
r2 = syz_open_pts(r1, 0x2)
sendfile(r2, r0, 0x0, 0x6f0a77bd)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/locks\x00', 0x0, 0x0)

[  122.401099][ T9026] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  122.412166][ T9026] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  122.421150][ T9026] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  122.453388][ T9026] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  122.475882][ T9197] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  122.494004][ T9292] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  122.509829][ T8879] 8021q: adding VLAN 0 to HW filter on device batadv0
[  122.528190][ T9061] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  122.539838][ T9061] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  122.556593][ T5088] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  122.570576][ T5088] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  122.578287][ T5088] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  122.586642][ T5088] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  122.607622][ T5088] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  122.616404][ T5088] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  122.634272][ T9026] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  122.641633][ T9026] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  122.661583][ T8879] device veth0_vlan entered promiscuous mode
[  122.672439][ T9061] 8021q: adding VLAN 0 to HW filter on device batadv0
[  122.681952][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  122.690746][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  122.699923][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  122.708544][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  122.732565][ T8879] device veth1_vlan entered promiscuous mode
[  122.767532][ T9082] 8021q: adding VLAN 0 to HW filter on device bond0
[  122.780096][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[  122.790101][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[  122.798472][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  122.808759][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  122.838961][ T5088] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  122.848980][ T5088] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  122.857912][ T5088] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  122.866315][ T5088] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  122.874686][ T5088] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  122.882184][ T5088] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  122.891688][ T9061] device veth0_vlan entered promiscuous mode
[  122.906307][ T8879] device veth0_macvtap entered promiscuous mode
[  122.916269][ T9197] 8021q: adding VLAN 0 to HW filter on device bond0
[  122.925558][ T9292] 8021q: adding VLAN 0 to HW filter on device bond0
[  122.934187][ T5088] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  122.941887][ T5088] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  122.951465][ T5088] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  122.960331][ T8879] device veth1_macvtap entered promiscuous mode
[  122.971292][ T9082] 8021q: adding VLAN 0 to HW filter on device team0
[  122.980322][ T9061] device veth1_vlan entered promiscuous mode
[  122.997431][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  123.006559][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  123.014956][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  123.022797][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  123.033952][ T9292] 8021q: adding VLAN 0 to HW filter on device team0
[  123.055766][ T8879] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0
[  123.066295][ T8879] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  123.077780][ T8879] batman_adv: batadv0: Interface activated: batadv_slave_0
[  123.087839][ T9197] 8021q: adding VLAN 0 to HW filter on device team0
[  123.102821][ T5088] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  123.112015][ T5088] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  123.120517][ T5088] bridge0: port 1(bridge_slave_0) entered blocking state
[  123.127560][ T5088] bridge0: port 1(bridge_slave_0) entered forwarding state
[  123.136075][ T5088] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  123.145389][ T5088] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  123.155047][ T5088] bridge0: port 1(bridge_slave_0) entered blocking state
[  123.162083][ T5088] bridge0: port 1(bridge_slave_0) entered forwarding state
[  123.170245][ T5088] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  123.179082][ T5088] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  123.187744][ T5088] bridge0: port 2(bridge_slave_1) entered blocking state
[  123.194885][ T5088] bridge0: port 2(bridge_slave_1) entered forwarding state
[  123.207861][ T5088] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  123.216918][ T5088] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  123.225687][ T5088] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  123.234202][ T5088] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  123.242762][ T5088] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  123.251516][ T5088] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  123.260127][ T5088] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  123.268629][ T5088] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  123.276864][ T5088] bridge0: port 1(bridge_slave_0) entered blocking state
[  123.287033][ T5088] bridge0: port 1(bridge_slave_0) entered forwarding state
[  123.294990][ T5088] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
22:31:28 executing program 0:
r0 = creat(&(0x7f0000000280)='./bus\x00', 0x0)
fallocate(r0, 0x0, 0x0, 0x4)
open(&(0x7f0000000140)='./bus\x00', 0x4240, 0x0)

[  123.303509][ T5088] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  123.311798][ T5088] bridge0: port 2(bridge_slave_1) entered blocking state
[  123.318856][ T5088] bridge0: port 2(bridge_slave_1) entered forwarding state
[  123.328704][ T8879] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1
[  123.346895][ T8879] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  123.360469][ T8879] batman_adv: batadv0: Interface activated: batadv_slave_1
[  123.379119][ T8879] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  123.388067][ T8879] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  123.398028][   T27] audit: type=1804 audit(1596925889.014:2): pid=9998 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir561009247/syzkaller.lBtMZt/2/bus" dev="sda1" ino=15739 res=1 errno=0
[  123.403813][ T8879] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  123.430558][   T27] audit: type=1800 audit(1596925889.014:3): pid=9998 uid=0 auid=0 ses=4 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.0" name="bus" dev="sda1" ino=15739 res=0 errno=0
[  123.436682][ T8879] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
22:31:29 executing program 0:
r0 = syz_open_procfs(0x0, &(0x7f0000000040))
getdents64(r0, &(0x7f0000000df0)=""/519, 0x207)

[  123.466301][   T27] audit: type=1804 audit(1596925889.044:4): pid=10001 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir561009247/syzkaller.lBtMZt/2/bus" dev="sda1" ino=15739 res=1 errno=0
[  123.487082][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  123.499097][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
22:31:29 executing program 0:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000480)=ANY=[], 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, r0, 0x0)
fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff)

[  123.506803][   T27] audit: type=1800 audit(1596925889.044:5): pid=10001 uid=0 auid=0 ses=4 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.0" name="bus" dev="sda1" ino=15739 res=0 errno=0
[  123.524144][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  123.536196][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  123.555742][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  123.570655][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  123.596219][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
22:31:29 executing program 0:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x6, 0x0, 0x400000000, 0x0, 0x2}, 0x0)
ioctl$FIDEDUPERANGE(0xffffffffffffffff, 0xc0189436, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r1, &(0x7f0000002380)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0)
pipe(&(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
write(r3, &(0x7f0000000340), 0x41395527)
vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
perf_event_open(&(0x7f000001d000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0xffff}, 0x0, 0x3, 0xffffffffffffffff, 0x0)
ioctl$FS_IOC_RESVSP(0xffffffffffffffff, 0x40305828, 0x0)
sendmsg$IPCTNL_MSG_CT_GET_STATS_CPU(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={0x0}}, 0x4048081)
sched_setattr(0x0, &(0x7f00000002c0)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r4 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_int(r4, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d)
bind$inet(r4, &(0x7f0000000280)={0x2, 0x4e23, @local}, 0x10)
setsockopt$SO_ATTACH_FILTER(r4, 0x1, 0x1a, &(0x7f0000000380)={0x1, &(0x7f0000000400)=[{0x6, 0x0, 0x0, 0xe8}]}, 0x10)
sendto$inet(r4, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
setsockopt$sock_int(r4, 0x1, 0x8, &(0x7f0000000600)=0xda6, 0x4)
writev(r4, &(0x7f0000000780)=[{&(0x7f0000000100)="dff548771d77ce8786aca76dda6fb054ab8ea73799d7293eda90ba41a2db81fab55b5415692300a8e64bca2f60e1717f85f06a6bbca90f392b04f34940db7ffccc33ed6ea82296de9683c9e360cd1c477304bd8f9bd74d44a4c7d1c7e625a86cd54b72c5745f475a772b84977a6b05381dbe6259bc510f0f70c3e9946a78c7b5a19e97447799d930f9623b", 0x8b}, {&(0x7f00000001c0)="96431fb1cb119741590ad657dc5e5ce3e5fe9f1f639e6a18bc7b6c1d0b424eb306f34cf2429c62c0fdefbae36740a7169721af852826d7f14b6cae8af86507ff78a1dda991aea5952f43e7e0146a3c035f0113d617240e8940c60cdf3400193bbe3a0c0b1eae5799db27b4ee9c13475210defa4dac9d784e0c89135b82b321f8e43d7a5db9ab1bfd319f472a94", 0x8d}, {&(0x7f0000001b80)="f15c93cb35c215fe339d1e9060c5b23e77cb58a87329a00288504db389cc6e395885fa906ac30eeae99fa388c31b5717e641e1586a90961b5f99b26c939d944f6cb1cf6817b7e51402a8459f9db642e97d3c05db56250a665d3ff188eb47e5b036d508aa5a5796fb8806b6a41487e0bfc3df087c18269bd7d2f477104c5d5db497ceaf3e1b11a5d63a2b7035dc69fa701f3b46fe701880800a7d38dccd4b3e8014aa15c96968359533ce2c5ffdd5f0d3297018bd7c025150940cdead92eb1e6bc6ba45eecf067b32425b6000b2f376ef9172426ae7fa97e5a84ef4dc540bbf5dd458ffcb75724135bd32fa04db6d6a75aedda7ab6e8501fc94e209dc3b2525ae24c954255d3247ca9c1b9525ce68179a52a87333aa2b0a8c1baa6ba6160c6d2018e67bac5402d0d89c5f798b8d1a87b0dc3306f546c61724530d9f4b6f0ee68677c7b261de5afa02d708a8ec979791de8f4831cc354ba453bc253e2435207f25494a594d4e5be39902358d362cb318ad965b7e7480a5ca5b6fe74e101c400c77392ee4419ad788f494230487811046f21f0f9665dfbaa9e94ed305a02e3fa47039e67dde19f89c8f1741aad752cdfe458ddf54e8fc10ff79b5", 0x1b9}], 0x3)
sendto$inet(r4, &(0x7f00000012c0)="0c268a927f1f6588b967481241ba78600453f65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95425a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0xfe6a, 0x11, 0x0, 0xfffffef1)

[  123.615858][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  123.634231][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  123.642890][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  123.655924][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  123.667803][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  123.677111][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  123.686179][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  123.695239][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  123.705004][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  123.713260][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  123.722206][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  123.730713][    T5] bridge0: port 2(bridge_slave_1) entered blocking state
[  123.737744][    T5] bridge0: port 2(bridge_slave_1) entered forwarding state
[  123.746069][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  123.754639][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  123.763072][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  123.771739][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  123.787754][ T9061] device veth0_macvtap entered promiscuous mode
[  123.799645][ T5088] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  123.827623][ T5088] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  123.836207][ T5088] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  123.844947][ T5088] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  123.853366][ T5088] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  123.861941][ T5088] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  123.870249][ T5088] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  123.879803][ T5088] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  123.890244][ T9082] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  123.901983][ T5088] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  123.910438][ T5088] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  123.919041][ T5088] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  123.956130][ T5088] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  123.964389][ T5088] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  123.979192][ T9061] device veth1_macvtap entered promiscuous mode
[  123.996710][ T9292] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  124.016589][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  124.031896][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  124.040471][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  124.057928][ T9082] 8021q: adding VLAN 0 to HW filter on device batadv0
[  124.068703][   T51] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  124.077874][   T51] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  124.086566][   T51] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  124.094393][   T51] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  124.111142][ T9061] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0
[  124.121666][ T9061] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  124.131957][ T9061] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0
[  124.144643][ T9061] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  124.155850][ T9061] batman_adv: batadv0: Interface activated: batadv_slave_0
[  124.163802][ T9197] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  124.183678][ T9996] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  124.192383][ T9996] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  124.201142][ T9996] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  124.209921][ T9996] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  124.220736][ T9061] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1
[  124.231532][ T9061] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  124.242728][ T9061] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1
[  124.253317][ T9061] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  124.264511][ T9061] batman_adv: batadv0: Interface activated: batadv_slave_1
[  124.277994][ T9026] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  124.286627][ T9026] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  124.307280][ T9292] 8021q: adding VLAN 0 to HW filter on device batadv0
[  124.315962][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  124.323511][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  124.331354][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  124.340626][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  124.350219][ T9061] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  124.360130][ T9061] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  124.369121][ T9061] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  124.378322][   T51] Bluetooth: hci0: command 0x0409 tx timeout
[  124.385155][ T9061] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  124.398077][ T9026] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  124.406031][ T9026] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  124.421379][ T9082] device veth0_vlan entered promiscuous mode
[  124.445665][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  124.453179][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  124.466769][ T9197] 8021q: adding VLAN 0 to HW filter on device batadv0
[  124.477404][ T9082] device veth1_vlan entered promiscuous mode
[  124.506463][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
22:31:30 executing program 0:
r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000000300)='/dev/ion\x00', 0x0, 0x0)
ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f00000001c0)={0x208927, 0x2f, 0x0, <r1=>0xffffffffffffff9c})
r2 = dup(r1)
mmap(&(0x7f000019e000/0x1000)=nil, 0x1000, 0x0, 0x30051, r2, 0x0)

[  124.521406][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[  124.530243][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  124.544427][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  124.563706][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  124.567833][T10025] x86/PAT: syz-executor.0:10025 map pfn RAM range req write-combining for [mem 0x9e400000-0x9e400fff], got write-back
[  124.572099][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
22:31:30 executing program 0:
clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r0, 0x4000000000000, 0x40, &(0x7f0000000400)=@raw={'raw\x00', 0x2, 0x3, 0x2d8, 0x190, 0x190, 0x95ffffff, 0x77, 0x93ffffff, 0x240, 0x240, 0x240, 0x240, 0x240, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x130, 0x190, 0x0, {}, [@common=@unspec=@string={{0xc0, 'string\x00'}, {0x0, 0x0, 'bm\x00', "bdc74c01369df17d17ac76fa5f9b3bfa0c34430d864040bc25b2b73a59aa6ecab6b1d2cc05e3182f64694d7d05fb8b8c8f56627a54f905d564eeeb8334f650ca0f3c44f7fda4d20a55050342ea85ecc8838e7088de33582f36a0a375bb7008adc297a5ece1bb2df53d17bef26bb6f800", 0x7f}}]}, @common=@SET={0x60, 'SET\x00'}}, {{@ip={@initdev={0xac, 0x1e, 0x0, 0x0}, @multicast2, 0x0, 0x0, 'veth0_to_batadv\x00', 'ip6gretap0\x00'}, 0x0, 0x70, 0xb0}, @common=@unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz1\x00'}}}], {{[], 0x0, 0x70, 0x98}, {0x28, '\x00', 0x4}}}}, 0x338)
getsockopt$sock_buf(r0, 0x1, 0x0, &(0x7f0000000000)=""/46, 0x0)

[  124.613506][ T9292] device veth0_vlan entered promiscuous mode
[  124.636900][ T9082] device veth0_macvtap entered promiscuous mode
[  124.645080][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  124.653698][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  124.657573][T10032] Cannot find add_set index 0 as target
[  124.662271][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  124.676696][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  124.684622][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  124.697617][ T9292] device veth1_vlan entered promiscuous mode
[  124.715784][ T9082] device veth1_macvtap entered promiscuous mode
[  124.725243][ T9026] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  124.733068][ T9026] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[  124.742310][ T9026] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  124.751085][ T9026] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  124.774653][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[  124.782541][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  124.791415][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  124.800240][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  124.808021][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  124.818558][ T9197] device veth0_vlan entered promiscuous mode
[  124.831048][ T9082] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0
[  124.843133][ T9082] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  124.853663][ T9082] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0
[  124.864966][ T9082] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  124.875214][ T9082] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0
[  124.885910][ T9082] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  124.896605][ T9082] batman_adv: batadv0: Interface activated: batadv_slave_0
[  124.906667][ T9197] device veth1_vlan entered promiscuous mode
[  124.913320][ T9996] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[  124.921641][ T9996] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  124.930491][ T9996] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  124.943694][ T9026] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  124.952212][ T9026] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  124.962792][ T9082] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1
[  124.974387][ T9082] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  124.984810][ T9082] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1
[  124.995776][ T9082] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  125.005928][ T9082] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1
[  125.017084][ T9082] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  125.027817][ T9082] batman_adv: batadv0: Interface activated: batadv_slave_1
[  125.036356][ T9292] device veth0_macvtap entered promiscuous mode
[  125.044867][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[  125.052949][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  125.062005][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  125.070838][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  125.082700][ T9082] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  125.091639][ T9082] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  125.101041][ T9082] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  125.110090][ T9082] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  125.127218][ T9292] device veth1_macvtap entered promiscuous mode
[  125.147064][ T9996] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  125.155885][ T9996] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  125.167696][ T9197] device veth0_macvtap entered promiscuous mode
[  125.180451][ T9197] device veth1_macvtap entered promiscuous mode
[  125.197269][ T9292] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0
[  125.207959][ T9292] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  125.218814][ T9292] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0
[  125.229813][ T9292] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  125.240206][ T9292] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0
[  125.251222][ T9292] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  125.267924][ T9292] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0
[  125.278867][ T9292] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  125.290868][ T9292] batman_adv: batadv0: Interface activated: batadv_slave_0
[  125.315979][ T9197] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0
[  125.332072][ T9197] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  125.342587][ T9197] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0
[  125.353999][ T9197] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  125.364755][ T9197] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0
[  125.387814][ T9197] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  125.397687][ T9197] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0
[  125.408706][ T9197] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  125.419177][ T9197] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0
[  125.430314][ T9197] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  125.441595][ T9197] batman_adv: batadv0: Interface activated: batadv_slave_0
[  125.453026][ T5088] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  125.461234][ T5088] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  125.469541][ T5088] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  125.478304][ T5088] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  125.487079][ T5088] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  125.503360][ T5088] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  125.521933][ T9292] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1
[  125.536400][ T9292] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  125.549144][ T9292] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1
[  125.560184][ T9292] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  125.593322][ T9292] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1
[  125.608554][ T9292] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  125.623393][ T9292] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1
22:31:31 executing program 1:
r0 = socket$inet6(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000640)={0xa, 0x0, 0x0, @ipv4={[], [], @dev}}, 0x1c)
sendmmsg(r0, &(0x7f0000004d80)=[{{&(0x7f0000000100)=@un=@file={0x0, './bus\x00'}, 0x80, 0x0}}, {{&(0x7f0000000240)=@ethernet={0x0, @multicast}, 0x80, 0x0, 0x0, &(0x7f0000001680)=[{0x10, 0x1}], 0x10}}], 0x2, 0x0)

[  125.635153][ T9292] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  125.646249][ T9292] batman_adv: batadv0: Interface activated: batadv_slave_1
[  125.666300][ T9197] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1
[  125.676866][ T9197] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  125.688259][ T9197] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1
[  125.700954][ T9197] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  125.710909][ T9197] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1
[  125.725751][ T9197] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  125.739248][ T9197] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1
[  125.750078][ T9197] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  125.761193][ T9197] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1
[  125.772270][ T9197] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  125.783339][ T9197] batman_adv: batadv0: Interface activated: batadv_slave_1
[  125.791090][ T5088] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  125.801425][ T5088] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  125.810539][ T5088] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  125.819892][ T5088] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  125.831660][ T9292] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  125.843664][   T51] usb 3-1: new high-speed USB device number 2 using dummy_hcd
[  125.843856][ T9292] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  125.860086][ T9292] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  125.868994][ T9292] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  125.886559][ T9197] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  125.896200][ T9197] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  125.904921][ T9197] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  125.913755][ T9197] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  126.283727][   T51] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1534, setting to 1024
[  126.295411][   T51] usb 3-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 64
[  126.306124][   T51] usb 3-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 1023
[  126.353656][   T51] usb 3-1: language id specifier not provided by device, defaulting to English
[  126.457375][T10070] Bluetooth: hci0: command 0x041b tx timeout
[  126.483564][   T51] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  126.492839][   T51] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  126.492850][   T51] usb 3-1: Product: syz
[  126.492909][   T51] usb 3-1: Manufacturer: syz
[  126.543568][   T51] usb 3-1: SerialNumber: syz
[  126.565069][T10056] raw-gadget gadget: fail, usb_ep_enable returned -22
[  126.863612][   T51] cdc_ncm 3-1:1.0: bind() failure
[  126.872259][   T51] cdc_ncm 3-1:1.1: bind() failure
[  126.891013][   T51] usb 3-1: USB disconnect, device number 2
[  127.333668][   T51] Bluetooth: hci1: command 0x0409 tx timeout
[  127.563509][ T9062] usb 3-1: new high-speed USB device number 3 using dummy_hcd
[  127.574367][   T51] Bluetooth: hci2: command 0x0409 tx timeout
[  128.063737][ T9062] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1534, setting to 1024
[  128.074968][ T9062] usb 3-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 64
[  128.085331][ T9062] usb 3-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 1023
[  128.143905][ T9062] usb 3-1: language id specifier not provided by device, defaulting to English
[  128.294105][ T9062] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  128.303149][ T9062] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  128.311730][ T9062] usb 3-1: Product: syz
[  128.316209][ T9062] usb 3-1: Manufacturer: syz
[  128.320786][ T9062] usb 3-1: SerialNumber: syz
[  128.355532][T10129] raw-gadget gadget: fail, usb_ep_enable returned -22
22:31:34 executing program 1:
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = dup(r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
r2 = socket$inet(0x2, 0x4000000000000001, 0x0)
bind$inet(r2, &(0x7f0000000440)={0x2, 0x4e23, @broadcast}, 0x10)
sendto$inet(r2, 0x0, 0x0, 0x200007fd, &(0x7f0000000040)={0x2, 0x4e23, @local}, 0x10)
sendmsg$DEVLINK_CMD_SB_POOL_SET(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000001a00)=ANY=[], 0x90}}, 0x41)
recvmmsg(r2, &(0x7f00000061c0)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, &(0x7f0000000380)=[{&(0x7f00000002c0)=""/130, 0x82}], 0x1}}], 0x2, 0x0, 0x0)

22:31:34 executing program 0:
clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r0, 0x4000000000000, 0x40, &(0x7f0000000400)=@raw={'raw\x00', 0x2, 0x3, 0x2d8, 0x190, 0x190, 0x95ffffff, 0x77, 0x93ffffff, 0x240, 0x240, 0x240, 0x240, 0x240, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x130, 0x190, 0x0, {}, [@common=@unspec=@string={{0xc0, 'string\x00'}, {0x0, 0x0, 'bm\x00', "bdc74c01369df17d17ac76fa5f9b3bfa0c34430d864040bc25b2b73a59aa6ecab6b1d2cc05e3182f64694d7d05fb8b8c8f56627a54f905d564eeeb8334f650ca0f3c44f7fda4d20a55050342ea85ecc8838e7088de33582f36a0a375bb7008adc297a5ece1bb2df53d17bef26bb6f800", 0x7f}}]}, @common=@SET={0x60, 'SET\x00'}}, {{@ip={@initdev={0xac, 0x1e, 0x0, 0x0}, @multicast2, 0x0, 0x0, 'veth0_to_batadv\x00', 'ip6gretap0\x00'}, 0x0, 0x70, 0xb0}, @common=@unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz1\x00'}}}], {{[], 0x0, 0x70, 0x98}, {0x28, '\x00', 0x4}}}}, 0x338)
getsockopt$sock_buf(r0, 0x1, 0x0, &(0x7f0000000000)=""/46, 0x0)

22:31:34 executing program 3:
syz_open_procfs(0x0, &(0x7f0000000000)='uid_map\x00')
r0 = syz_open_procfs(0x0, &(0x7f0000000080)='fd\x00')
fchdir(r0)
r1 = memfd_create(&(0x7f0000000780)='\x00', 0x0)
write(r1, &(0x7f00000000c0)="6963e64243ea486da3a74e3deec6fc5bb9650b5de56946c568f95d22467190ba406d59a5958d6f156c9c8a2ac4677b00000000000000000000200000f8bf54da33", 0x41)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1, 0x11, r1, 0x0)
r2 = socket$inet6_udp(0xa, 0x2, 0x0)
r3 = dup(r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
r4 = inotify_init1(0x0)
inotify_add_watch(r4, &(0x7f0000000040)='./control\x00', 0xa4000960)
open(&(0x7f0000000040)='.\x00', 0x300, 0x0)

22:31:34 executing program 4:
clone(0x11a20100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x2, 0x16, &(0x7f0000001200)=ANY=[@ANYBLOB="61128c000000000061138c0000000000bf2000000000000015000000080000002d0301000000000095000000000000006916000000000000bf67000000000000350600000fff07006706000002000000070300000ee60060bf050000000000004f650000000000002507f9ff01000000070700004c0000001f75000000000000bf54000000000000070400000400f9ffad4301000000000095000000000000000500000000000000950000000000000032ed3c5be9525db67754bb12feffffff8ecf264e0f8492b80482f48821a0d2d17f2f1754558f2278af6d71d79a5eddf1d4601d295c45a6a0b9bdb7dd399703d6c4f6f3ffff369289aa6812b8e007e733a9a459788b9c37931bdba010fb94fe9de56c9d8a814261bdb94a05000000c6c60bf70d742a81762bab8395fa64810b5b40d893ea8fe0185473d51b546cad3f1d5af65727546e7c955cfa1f6ab689fde4de4e63ede20271a51445dc8da39e5b0ab70100010000000000d04acd6002d4519af619e3cca4d69e0dee5eb106774a8f3e6916df85aaf34c4756ad3a6d75ec88158f0200000000c8fb735fd552bdbcfdcc39598068551a7c291c3770e335c206004aeb0743eb2dc819b6cf5c8ac86d8a297dff0445a13d0045fb3cda32a673a6bb55d8e75f21dce431e56723888fb126a163f16fb2ad9bc1172ba7cbebe174e144587c39a018f9bbec63222d20ce2ac16f64ea7b0ef3b3a6aa57f1ad2e99e0e67a993716dbf580469f0f53acbb40b401c3738270b31dd362ed834f2af97787f696649a462e7ee4bcf8b07a10d6735154beb4000000000000000000000000000000bc00f674629709e7e78f4ddc211bc3ebf0bd9d42ca019dd5d022cf74686e9fbe2562671cd47840a7afaab43176e65ec1118d46d1e827f3472f4445d253887a5ad103649afa17690884f9d2001e038451bb96589a7eab04871bc47207cd313f00000000000000407d000000000000000000000000005f37d83f84e98a523d80bd0d0d703f37ca363f601ae899a53f6715a0a61434b0c94cce699452050000000000000026a0f6a5480a55c22fe394ac000000000000000000000000000000437d57defb79ea6a58bc3eeed729a2f95e1d6a1fc357b27990f51d33cd1bdf3dbcdf1c2cbb82ce8605abd094d3c495483186eef5cb247aa410dd86f07ea7ba5cded1f8fc47de13d2ba17b1e608cc3067aa5e2460900d472c275cc1dcd46a6321be36dd5342da5989dcc8c1e9ed32eb08bfbd9f7a4a1c63020a8d6d9662b3bc89140a6a36413f13d9536247ba66eb701a30744debfe69126c3f54250d7b3639e13f8df6ff262b2ce045b032abe1e891c50201e114e8c2ac0c274597e183953d823bc92acff3fbeb58c4ea7a9eb3c19ed601fe598919857bbdf0ce8de1a9cd06453ff86bb9b298445f4eceef71596f4dd81ecf5b581dfd9f95e7330bd6a4aedf"], &(0x7f0000000100)='GPL\x00'}, 0x48)
ppoll(0x0, 0x0, 0x0, 0x0, 0x0)

22:31:34 executing program 2:
syz_mount_image$msdos(&(0x7f0000000040)='msdos\x00', &(0x7f00000003c0)='./file1\x00', 0xffffffff, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0400050900000000666174000404090a0200027400f801", 0x17}], 0x0, &(0x7f00000004c0)=ANY=[])
chdir(&(0x7f0000000000)='./file1\x00')
r0 = creat(&(0x7f0000000040)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
r2 = creat(&(0x7f0000000040)='./bus\x00', 0x0)
ftruncate(r2, 0x800)
ioctl$BLKGETSIZE(0xffffffffffffffff, 0x1260, 0x0)
lseek(r2, 0x1, 0x0)
r3 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x50)
sendfile(r2, r3, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0xffff000b)

22:31:34 executing program 5:
socket$nl_netfilter(0x10, 0x3, 0xc)
mlockall(0x1)
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
fcntl$setstatus(r0, 0x4, 0xca200)
mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil)
open(0x0, 0x1031fe, 0x0)
socket(0x1000000010, 0x80002, 0x0)
syz_genetlink_get_family_id$nl80211(0x0)
setsockopt$netlink_NETLINK_TX_RING(0xffffffffffffffff, 0x10e, 0xc, &(0x7f0000000080)={0x7ff}, 0x10)
open(&(0x7f0000002000)='./bus\x00', 0x143042, 0x0)

[  128.533724][ T9996] Bluetooth: hci3: command 0x0409 tx timeout
[  128.546463][ T5063] Bluetooth: hci0: command 0x040f tx timeout
22:31:34 executing program 0:

[  128.598035][T10143] Cannot find add_set index 0 as target
[  128.615642][ T9062] cdc_ncm 3-1:1.0: bind() failure
[  128.628557][ T9062] cdc_ncm 3-1:1.1: bind() failure
22:31:34 executing program 1:

22:31:34 executing program 3:
syz_open_procfs(0x0, &(0x7f0000000000)='uid_map\x00')
r0 = syz_open_procfs(0x0, &(0x7f0000000080)='fd\x00')
fchdir(r0)
r1 = memfd_create(&(0x7f0000000780)='\x00', 0x0)
write(r1, &(0x7f00000000c0)="6963e64243ea486da3a74e3deec6fc5bb9650b5de56946c568f95d22467190ba406d59a5958d6f156c9c8a2ac4677b00000000000000000000200000f8bf54da33", 0x41)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1, 0x11, r1, 0x0)
r2 = socket$inet6_udp(0xa, 0x2, 0x0)
r3 = dup(r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
r4 = inotify_init1(0x0)
inotify_add_watch(r4, &(0x7f0000000040)='./control\x00', 0xa4000960)
open(&(0x7f0000000040)='.\x00', 0x300, 0x0)

[  128.654617][   T27] audit: type=1804 audit(1596925894.274:6): pid=10152 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir713504557/syzkaller.Jh2fjf/1/file1/bus" dev="loop2" ino=3 res=1 errno=0
22:31:34 executing program 0:
mmap(&(0x7f000071c000/0x400000)=nil, 0x400000, 0x3, 0x5012, 0xffffffffffffffff, 0x0)
mprotect(&(0x7f00008cc000/0x4000)=nil, 0x4000, 0x0)
open(&(0x7f00009b7000)='./bus\x00', 0x0, 0x0)
madvise(&(0x7f0000ac2000/0x4000)=nil, 0x4000, 0x0)
mmap(&(0x7f0000847000/0x600000)=nil, 0x600000, 0x0, 0x1010, 0xffffffffffffffff, 0x0)

22:31:34 executing program 1:
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0xe8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0xe0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x82020, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x210}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x1)
close(r0)

[  128.728098][ T9062] usb 3-1: USB disconnect, device number 3
22:31:34 executing program 3:
syz_open_procfs(0x0, &(0x7f0000000000)='uid_map\x00')
r0 = syz_open_procfs(0x0, &(0x7f0000000080)='fd\x00')
fchdir(r0)
r1 = memfd_create(&(0x7f0000000780)='\x00', 0x0)
write(r1, &(0x7f00000000c0)="6963e64243ea486da3a74e3deec6fc5bb9650b5de56946c568f95d22467190ba406d59a5958d6f156c9c8a2ac4677b00000000000000000000200000f8bf54da33", 0x41)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1, 0x11, r1, 0x0)
r2 = socket$inet6_udp(0xa, 0x2, 0x0)
r3 = dup(r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
r4 = inotify_init1(0x0)
inotify_add_watch(r4, &(0x7f0000000040)='./control\x00', 0xa4000960)
open(&(0x7f0000000040)='.\x00', 0x300, 0x0)

22:31:34 executing program 3:
syz_open_procfs(0x0, &(0x7f0000000000)='uid_map\x00')
r0 = syz_open_procfs(0x0, &(0x7f0000000080)='fd\x00')
fchdir(r0)
r1 = memfd_create(&(0x7f0000000780)='\x00', 0x0)
write(r1, &(0x7f00000000c0)="6963e64243ea486da3a74e3deec6fc5bb9650b5de56946c568f95d22467190ba406d59a5958d6f156c9c8a2ac4677b00000000000000000000200000f8bf54da33", 0x41)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1, 0x11, r1, 0x0)
r2 = socket$inet6_udp(0xa, 0x2, 0x0)
r3 = dup(r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
r4 = inotify_init1(0x0)
inotify_add_watch(r4, &(0x7f0000000040)='./control\x00', 0xa4000960)
open(&(0x7f0000000040)='.\x00', 0x300, 0x0)

22:31:34 executing program 0:
perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xf8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_SET_BPF(0xffffffffffffffff, 0x40042408, 0xffffffffffffffff)
r0 = socket$kcm(0x11, 0x200000000000002, 0x300)
recvmsg$kcm(r0, &(0x7f0000001cc0)={&(0x7f0000004e00)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x80, 0x0}, 0x0)

[  128.860690][   T27] audit: type=1804 audit(1596925894.334:7): pid=10158 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir713504557/syzkaller.Jh2fjf/1/file1/bus" dev="loop2" ino=3 res=1 errno=0
[  128.891610][T10173] Scheduler tracepoints stat_sleep, stat_iowait, stat_blocked and stat_runtime require the kernel parameter schedstats=enable or kernel.sched_schedstats=1
22:31:34 executing program 1:
r0 = socket$kcm(0x11, 0x200000000000002, 0x300)
r1 = socket$kcm(0x2, 0x3, 0x2)
sendmsg$inet(r1, &(0x7f000000c280)={&(0x7f0000000000)={0x2, 0x0, @multicast1}, 0x10, 0x0, 0x0, &(0x7f0000000140)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @dev={0xac, 0x14, 0x14, 0x2a}, @remote}}}], 0x20}, 0x0)
recvmsg(r0, &(0x7f0000007500)={&(0x7f0000006f80)=@ll={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @local}, 0x80, 0x0, 0x0, 0xffffffffffffffff}, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x6, 0x3, &(0x7f00000004c0)=ANY=[@ANYBLOB="180000004000040000000000000000009500000000000000d387777ab82499fd7a38de0cd87509fd1d80585afff33091b533c720577af017450b2a776733ceb617f121d79e3628e72be0d39e77dcb168873294214f541bb89938c19978ea22254c58d75439a1edfee2adfeafe92d14ffab3ddc1dc21efe6f7c3913f273d7b48d10b9904fda943414bf2f1c68c4878937c8f83a5203d5b63a2689d486e66c4a5e059db4238ee52d47e704465a6a9726ba058bd85acc9322902ce974e50faf989fd44b66da1b795d04df0d9bfd563c608880516f25136a81d6b48d5f205d0d44bfabd7ba7db2c3e80f0dbf59164e8806259d3b7633f704b15c3dc9259fa3aa3106e4821a62a5c3560f74eeb638904c8af7cd704f4afa93fc61d6ba0e2148b09a28cd376bc43a1445c635c73a6bd9cda98b27f9981f6af47d74e057515bef88b90f987de14f2a9e1b07dd8b865715f25a4f95cc0024e18e96570000f7dab1a31b2f0fb51e0d9348aa80e2e60cd60800000088b06a13d14f14e829e4330e4475096c886864c5bf8be6441e7e24a4162d88a668b65bc80a10d3357cd22db832a98c116b0000d92a6dabe73e52fd78db32e4f531abb858e1a4ee680c94407e1ee01d68139635ab636723848d90a40d2a2298b5cb3cbe8366b09957fc5ee5472fb7671f1b99a7b0508949eaf27f98356e321bb3ef7bfd1c957c1fe85603ff909878b9db38af432516700efc72e2847e1e86967d2a12a357a69a6cd73b73cfff08965818b338e5f5d20031bad9c612f6ea2861dd34e5be9aa536bd5b16857f8a07c834e3bcd414872719ba6e7c6936dd077c98e273537b833df0f0d1f75fb153292c2c8d93d7bede97270f771917308d5cedb342b0ebac9c727e52d462ddea9e404f273b7f4f38cc671f30d17ed7058cca7ca3460a1b5877fe36b2a65627c10daa87ee6a9caa32aef136326076e22f7661c916d0215a6c6b6b140ed86a97ab7721f1eb00000000000000000ef52bdeb49a189c429363effa95251bb75537b668f2a0a3b4e213425caaa03eb17c943a912122013f16ca05cc2a99f91c85c5694396d1b4a3c028336abf6dfb3fc9dbd0ef24b01da4e278114cb81a928731930bad795c1b39e0ab09c047bc9ce9f0fe32da1c456846421be00818ef"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], r2, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000200)={r3, 0x0, 0x0}, 0x10)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)

22:31:34 executing program 4:

[  129.029408][   T27] audit: type=1804 audit(1596925894.334:8): pid=10152 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir713504557/syzkaller.Jh2fjf/1/file1/bus" dev="loop2" ino=3 res=1 errno=0
[  129.063351][    C0] hrtimer: interrupt took 22916 ns
[  129.095542][ T9996] Bluetooth: hci4: command 0x0409 tx timeout
[  129.103471][ T9062] Bluetooth: hci5: command 0x0409 tx timeout
22:31:35 executing program 2:
syz_mount_image$msdos(&(0x7f0000000040)='msdos\x00', &(0x7f00000003c0)='./file1\x00', 0xffffffff, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0400050900000000666174000404090a0200027400f801", 0x17}], 0x0, &(0x7f00000004c0)=ANY=[])
chdir(&(0x7f0000000000)='./file1\x00')
r0 = creat(&(0x7f0000000040)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
r2 = creat(&(0x7f0000000040)='./bus\x00', 0x0)
ftruncate(r2, 0x800)
ioctl$BLKGETSIZE(0xffffffffffffffff, 0x1260, 0x0)
lseek(r2, 0x1, 0x0)
r3 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x50)
sendfile(r2, r3, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0xffff000b)

[  129.413381][ T9062] Bluetooth: hci1: command 0x041b tx timeout
[  129.419453][   T27] audit: type=1804 audit(1596925895.024:9): pid=10168 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir713504557/syzkaller.Jh2fjf/1/file1/bus" dev="loop2" ino=3 res=1 errno=0
[  129.502275][   T27] audit: type=1804 audit(1596925895.064:10): pid=10168 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir713504557/syzkaller.Jh2fjf/1/file1/bus" dev="loop2" ino=3 res=1 errno=0
[  129.540100][   T27] audit: type=1804 audit(1596925895.064:11): pid=10158 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir713504557/syzkaller.Jh2fjf/1/file1/bus" dev="loop2" ino=3 res=1 errno=0
[  129.593535][   T27] audit: type=1804 audit(1596925895.064:12): pid=10158 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir713504557/syzkaller.Jh2fjf/1/file1/bus" dev="loop2" ino=3 res=1 errno=0
[  129.653559][ T9996] Bluetooth: hci2: command 0x041b tx timeout
[  129.703367][   T27] audit: type=1804 audit(1596925895.264:13): pid=10198 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir713504557/syzkaller.Jh2fjf/2/file1/bus" dev="loop2" ino=4 res=1 errno=0
[  129.793211][   T27] audit: type=1804 audit(1596925895.264:14): pid=10198 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir713504557/syzkaller.Jh2fjf/2/file1/bus" dev="loop2" ino=4 res=1 errno=0
[  129.924171][   T27] audit: type=1804 audit(1596925895.264:15): pid=10198 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir713504557/syzkaller.Jh2fjf/2/file1/bus" dev="loop2" ino=4 res=1 errno=0
22:31:35 executing program 5:
socket$nl_netfilter(0x10, 0x3, 0xc)
mlockall(0x1)
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
fcntl$setstatus(r0, 0x4, 0xca200)
mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil)
open(0x0, 0x1031fe, 0x0)
socket(0x1000000010, 0x80002, 0x0)
syz_genetlink_get_family_id$nl80211(0x0)
setsockopt$netlink_NETLINK_TX_RING(0xffffffffffffffff, 0x10e, 0xc, &(0x7f0000000080)={0x7ff}, 0x10)
open(&(0x7f0000002000)='./bus\x00', 0x143042, 0x0)

22:31:35 executing program 3:
syz_open_procfs(0x0, &(0x7f0000000000)='uid_map\x00')
r0 = syz_open_procfs(0x0, &(0x7f0000000080)='fd\x00')
fchdir(r0)
r1 = memfd_create(&(0x7f0000000780)='\x00', 0x0)
write(r1, &(0x7f00000000c0)="6963e64243ea486da3a74e3deec6fc5bb9650b5de56946c568f95d22467190ba406d59a5958d6f156c9c8a2ac4677b00000000000000000000200000f8bf54da33", 0x41)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1, 0x11, r1, 0x0)
r2 = socket$inet6_udp(0xa, 0x2, 0x0)
r3 = dup(r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
inotify_init1(0x0)
open(&(0x7f0000000040)='.\x00', 0x300, 0x0)

22:31:35 executing program 4:

22:31:35 executing program 1:

22:31:35 executing program 0:
perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xf8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_SET_BPF(0xffffffffffffffff, 0x40042408, 0xffffffffffffffff)
r0 = socket$kcm(0x11, 0x200000000000002, 0x300)
recvmsg$kcm(r0, &(0x7f0000001cc0)={&(0x7f0000004e00)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x80, 0x0}, 0x0)

22:31:35 executing program 1:
syz_mount_image$msdos(&(0x7f0000000040)='msdos\x00', &(0x7f00000003c0)='./file1\x00', 0xffffffff, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0400050900000000666174000404090a0200027400f801", 0x17}], 0x0, &(0x7f00000004c0)=ANY=[])
chdir(&(0x7f0000000000)='./file1\x00')
r0 = creat(&(0x7f0000000040)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
r2 = creat(&(0x7f0000000040)='./bus\x00', 0x0)
ftruncate(r2, 0x800)
ioctl$BLKGETSIZE(0xffffffffffffffff, 0x1260, 0x0)
lseek(r2, 0x1, 0x0)
r3 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x50)
sendfile(r2, r3, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0xffff000b)

22:31:35 executing program 4:
syz_mount_image$msdos(&(0x7f0000000040)='msdos\x00', &(0x7f00000003c0)='./file1\x00', 0xffffffff, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0400050900000000666174000404090a0200027400f801", 0x17}], 0x0, &(0x7f00000004c0)=ANY=[])
chdir(&(0x7f0000000000)='./file1\x00')
r0 = creat(&(0x7f0000000040)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
r2 = creat(&(0x7f0000000040)='./bus\x00', 0x0)
ftruncate(r2, 0x800)
ioctl$BLKGETSIZE(0xffffffffffffffff, 0x1260, 0x0)
lseek(r2, 0x1, 0x0)
r3 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x50)
sendfile(r2, r3, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0xffff000b)

22:31:35 executing program 3:
syz_open_procfs(0x0, &(0x7f0000000000)='uid_map\x00')
r0 = syz_open_procfs(0x0, &(0x7f0000000080)='fd\x00')
fchdir(r0)
r1 = memfd_create(&(0x7f0000000780)='\x00', 0x0)
write(r1, &(0x7f00000000c0)="6963e64243ea486da3a74e3deec6fc5bb9650b5de56946c568f95d22467190ba406d59a5958d6f156c9c8a2ac4677b00000000000000000000200000f8bf54da33", 0x41)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1, 0x11, r1, 0x0)
r2 = socket$inet6_udp(0xa, 0x2, 0x0)
r3 = dup(r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
inotify_init1(0x0)
open(&(0x7f0000000040)='.\x00', 0x300, 0x0)

22:31:36 executing program 0:
syz_mount_image$msdos(&(0x7f0000000040)='msdos\x00', &(0x7f00000003c0)='./file1\x00', 0xffffffff, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0400050900000000666174000404090a0200027400f801", 0x17}], 0x0, &(0x7f00000004c0)=ANY=[])
chdir(&(0x7f0000000000)='./file1\x00')
r0 = creat(&(0x7f0000000040)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
r2 = creat(&(0x7f0000000040)='./bus\x00', 0x0)
ftruncate(r2, 0x800)
ioctl$BLKGETSIZE(0xffffffffffffffff, 0x1260, 0x0)
lseek(r2, 0x1, 0x0)
r3 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x50)
sendfile(r2, r3, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0xffff000b)

22:31:36 executing program 3:
syz_open_procfs(0x0, &(0x7f0000000000)='uid_map\x00')
r0 = syz_open_procfs(0x0, &(0x7f0000000080)='fd\x00')
fchdir(r0)
r1 = memfd_create(&(0x7f0000000780)='\x00', 0x0)
write(r1, &(0x7f00000000c0)="6963e64243ea486da3a74e3deec6fc5bb9650b5de56946c568f95d22467190ba406d59a5958d6f156c9c8a2ac4677b00000000000000000000200000f8bf54da33", 0x41)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1, 0x11, r1, 0x0)
r2 = socket$inet6_udp(0xa, 0x2, 0x0)
r3 = dup(r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
inotify_init1(0x0)
open(&(0x7f0000000040)='.\x00', 0x300, 0x0)

[  130.623476][   T51] Bluetooth: hci3: command 0x041b tx timeout
[  130.633005][   T51] Bluetooth: hci0: command 0x0419 tx timeout
22:31:36 executing program 2:
syz_mount_image$msdos(&(0x7f0000000040)='msdos\x00', &(0x7f00000003c0)='./file1\x00', 0xffffffff, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0400050900000000666174000404090a0200027400f801", 0x17}], 0x0, &(0x7f00000004c0)=ANY=[])
chdir(&(0x7f0000000000)='./file1\x00')
r0 = creat(&(0x7f0000000040)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
r2 = creat(&(0x7f0000000040)='./bus\x00', 0x0)
ftruncate(r2, 0x800)
ioctl$BLKGETSIZE(0xffffffffffffffff, 0x1260, 0x0)
lseek(r2, 0x1, 0x0)
r3 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x50)
sendfile(r2, r3, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0xffff000b)

22:31:36 executing program 3:
syz_open_procfs(0x0, &(0x7f0000000000)='uid_map\x00')
r0 = syz_open_procfs(0x0, &(0x7f0000000080)='fd\x00')
fchdir(r0)
r1 = memfd_create(&(0x7f0000000780)='\x00', 0x0)
write(r1, &(0x7f00000000c0)="6963e64243ea486da3a74e3deec6fc5bb9650b5de56946c568f95d22467190ba406d59a5958d6f156c9c8a2ac4677b00000000000000000000200000f8bf54da33", 0x41)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1, 0x11, r1, 0x0)
r2 = socket$inet6_udp(0xa, 0x2, 0x0)
r3 = dup(r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
inotify_add_watch(0xffffffffffffffff, &(0x7f0000000040)='./control\x00', 0xa4000960)
open(&(0x7f0000000040)='.\x00', 0x300, 0x0)

22:31:36 executing program 5:

22:31:36 executing program 3:
syz_open_procfs(0x0, &(0x7f0000000000)='uid_map\x00')
r0 = syz_open_procfs(0x0, &(0x7f0000000080)='fd\x00')
fchdir(r0)
r1 = memfd_create(&(0x7f0000000780)='\x00', 0x0)
write(r1, &(0x7f00000000c0)="6963e64243ea486da3a74e3deec6fc5bb9650b5de56946c568f95d22467190ba406d59a5958d6f156c9c8a2ac4677b00000000000000000000200000f8bf54da33", 0x41)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1, 0x11, r1, 0x0)
r2 = socket$inet6_udp(0xa, 0x2, 0x0)
r3 = dup(r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
inotify_add_watch(0xffffffffffffffff, &(0x7f0000000040)='./control\x00', 0xa4000960)
open(&(0x7f0000000040)='.\x00', 0x300, 0x0)

22:31:36 executing program 5:

[  131.185478][   T51] Bluetooth: hci5: command 0x041b tx timeout
[  131.191624][   T51] Bluetooth: hci4: command 0x041b tx timeout
22:31:36 executing program 5:

22:31:37 executing program 3:
syz_open_procfs(0x0, &(0x7f0000000000)='uid_map\x00')
r0 = syz_open_procfs(0x0, &(0x7f0000000080)='fd\x00')
fchdir(r0)
r1 = memfd_create(&(0x7f0000000780)='\x00', 0x0)
write(r1, &(0x7f00000000c0)="6963e64243ea486da3a74e3deec6fc5bb9650b5de56946c568f95d22467190ba406d59a5958d6f156c9c8a2ac4677b00000000000000000000200000f8bf54da33", 0x41)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1, 0x11, r1, 0x0)
r2 = socket$inet6_udp(0xa, 0x2, 0x0)
r3 = dup(r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
inotify_add_watch(0xffffffffffffffff, &(0x7f0000000040)='./control\x00', 0xa4000960)
open(&(0x7f0000000040)='.\x00', 0x300, 0x0)

[  131.494648][ T5063] Bluetooth: hci1: command 0x040f tx timeout
22:31:37 executing program 1:

22:31:37 executing program 5:

22:31:37 executing program 4:

22:31:37 executing program 0:

22:31:37 executing program 3:
syz_open_procfs(0x0, &(0x7f0000000000)='uid_map\x00')
r0 = syz_open_procfs(0x0, &(0x7f0000000080)='fd\x00')
fchdir(r0)
r1 = memfd_create(&(0x7f0000000780)='\x00', 0x0)
write(r1, &(0x7f00000000c0)="6963e64243ea486da3a74e3deec6fc5bb9650b5de56946c568f95d22467190ba406d59a5958d6f156c9c8a2ac4677b00000000000000000000200000f8bf54da33", 0x41)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1, 0x11, r1, 0x0)
r2 = socket$inet6_udp(0xa, 0x2, 0x0)
dup(r2)
r3 = inotify_init1(0x0)
inotify_add_watch(r3, &(0x7f0000000040)='./control\x00', 0xa4000960)
open(&(0x7f0000000040)='.\x00', 0x300, 0x0)

[  131.743300][ T5063] Bluetooth: hci2: command 0x040f tx timeout
22:31:37 executing program 2:
syz_mount_image$msdos(&(0x7f0000000040)='msdos\x00', &(0x7f00000003c0)='./file1\x00', 0xffffffff, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0400050900000000666174000404090a0200027400f801", 0x17}], 0x0, &(0x7f00000004c0)=ANY=[])
chdir(&(0x7f0000000000)='./file1\x00')
r0 = creat(&(0x7f0000000040)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
r2 = creat(&(0x7f0000000040)='./bus\x00', 0x0)
ftruncate(r2, 0x800)
ioctl$BLKGETSIZE(0xffffffffffffffff, 0x1260, 0x0)
lseek(r2, 0x1, 0x0)
r3 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x50)
sendfile(r2, r3, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0xffff000b)

22:31:37 executing program 5:

22:31:37 executing program 0:

22:31:37 executing program 3:
syz_open_procfs(0x0, &(0x7f0000000000)='uid_map\x00')
r0 = syz_open_procfs(0x0, &(0x7f0000000080)='fd\x00')
fchdir(r0)
r1 = memfd_create(&(0x7f0000000780)='\x00', 0x0)
write(r1, &(0x7f00000000c0)="6963e64243ea486da3a74e3deec6fc5bb9650b5de56946c568f95d22467190ba406d59a5958d6f156c9c8a2ac4677b00000000000000000000200000f8bf54da33", 0x41)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1, 0x11, r1, 0x0)
r2 = socket$inet6_udp(0xa, 0x2, 0x0)
dup(r2)
r3 = inotify_init1(0x0)
inotify_add_watch(r3, &(0x7f0000000040)='./control\x00', 0xa4000960)
open(&(0x7f0000000040)='.\x00', 0x300, 0x0)

22:31:37 executing program 1:

22:31:37 executing program 4:

22:31:37 executing program 5:

22:31:37 executing program 4:

22:31:37 executing program 1:

22:31:37 executing program 0:

22:31:37 executing program 5:

22:31:37 executing program 3:
syz_open_procfs(0x0, &(0x7f0000000000)='uid_map\x00')
r0 = syz_open_procfs(0x0, &(0x7f0000000080)='fd\x00')
fchdir(r0)
r1 = memfd_create(&(0x7f0000000780)='\x00', 0x0)
write(r1, &(0x7f00000000c0)="6963e64243ea486da3a74e3deec6fc5bb9650b5de56946c568f95d22467190ba406d59a5958d6f156c9c8a2ac4677b00000000000000000000200000f8bf54da33", 0x41)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1, 0x11, r1, 0x0)
r2 = socket$inet6_udp(0xa, 0x2, 0x0)
dup(r2)
r3 = inotify_init1(0x0)
inotify_add_watch(r3, &(0x7f0000000040)='./control\x00', 0xa4000960)
open(&(0x7f0000000040)='.\x00', 0x300, 0x0)

[  132.693240][   T51] Bluetooth: hci3: command 0x040f tx timeout
22:31:38 executing program 2:
syz_mount_image$msdos(&(0x7f0000000040)='msdos\x00', &(0x7f00000003c0)='./file1\x00', 0xffffffff, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0400050900000000666174000404090a0200027400f801", 0x17}], 0x0, &(0x7f00000004c0)=ANY=[])
chdir(&(0x7f0000000000)='./file1\x00')
r0 = creat(&(0x7f0000000040)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
r2 = creat(&(0x7f0000000040)='./bus\x00', 0x0)
ftruncate(r2, 0x800)
ioctl$BLKGETSIZE(0xffffffffffffffff, 0x1260, 0x0)
lseek(r2, 0x1, 0x0)
r3 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x50)
sendfile(r2, r3, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0xffff000b)

22:31:38 executing program 4:

22:31:38 executing program 1:

22:31:38 executing program 5:

22:31:38 executing program 3:
syz_open_procfs(0x0, &(0x7f0000000000)='uid_map\x00')
r0 = syz_open_procfs(0x0, &(0x7f0000000080)='fd\x00')
fchdir(r0)
r1 = memfd_create(&(0x7f0000000780)='\x00', 0x0)
write(r1, &(0x7f00000000c0)="6963e64243ea486da3a74e3deec6fc5bb9650b5de56946c568f95d22467190ba406d59a5958d6f156c9c8a2ac4677b00000000000000000000200000f8bf54da33", 0x41)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1, 0x11, r1, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200)
r2 = inotify_init1(0x0)
inotify_add_watch(r2, &(0x7f0000000040)='./control\x00', 0xa4000960)
open(&(0x7f0000000040)='.\x00', 0x300, 0x0)

22:31:38 executing program 0:

22:31:38 executing program 5:

22:31:38 executing program 0:

22:31:38 executing program 4:

22:31:38 executing program 1:

22:31:38 executing program 3:
syz_open_procfs(0x0, &(0x7f0000000000)='uid_map\x00')
r0 = syz_open_procfs(0x0, &(0x7f0000000080)='fd\x00')
fchdir(r0)
r1 = memfd_create(&(0x7f0000000780)='\x00', 0x0)
write(r1, &(0x7f00000000c0)="6963e64243ea486da3a74e3deec6fc5bb9650b5de56946c568f95d22467190ba406d59a5958d6f156c9c8a2ac4677b00000000000000000000200000f8bf54da33", 0x41)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1, 0x11, r1, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200)
r2 = inotify_init1(0x0)
inotify_add_watch(r2, &(0x7f0000000040)='./control\x00', 0xa4000960)
open(&(0x7f0000000040)='.\x00', 0x300, 0x0)

22:31:38 executing program 4:

[  133.253795][ T5063] Bluetooth: hci5: command 0x040f tx timeout
[  133.343197][ T5063] Bluetooth: hci4: command 0x040f tx timeout
[  133.573147][   T51] Bluetooth: hci1: command 0x0419 tx timeout
22:31:39 executing program 2:
syz_mount_image$msdos(&(0x7f0000000040)='msdos\x00', &(0x7f00000003c0)='./file1\x00', 0xffffffff, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0400050900000000666174000404090a0200027400f801", 0x17}], 0x0, &(0x7f00000004c0)=ANY=[])
chdir(&(0x7f0000000000)='./file1\x00')
r0 = creat(&(0x7f0000000040)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
r2 = creat(&(0x7f0000000040)='./bus\x00', 0x0)
ftruncate(r2, 0x800)
ioctl$BLKGETSIZE(0xffffffffffffffff, 0x1260, 0x0)
lseek(r2, 0x1, 0x0)
r3 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x50)
sendfile(r2, r3, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0xffff000b)

22:31:39 executing program 0:

22:31:39 executing program 1:

22:31:39 executing program 5:
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f00000000c0)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x20, 0x172f, 0x502, 0x40, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x1, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x1}}}}]}}]}}, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, &(0x7f0000000140)={0x2c, &(0x7f0000000000)={0x0, 0x0, 0x54, {0x54, 0x0, "02efbe0f000005000000b74b7eafcbb3fef73abd5a3bbe172a1886149031adba67406045fc2a4ad305000000663e9ac3d427f34c20f6b60aaf9acb9eaa88105d3abb6c9d3342be7919dd0d1fe216956835b5"}}, 0x0, 0x0, 0x0, 0x0}, 0x0)

22:31:39 executing program 3:
syz_open_procfs(0x0, &(0x7f0000000000)='uid_map\x00')
r0 = syz_open_procfs(0x0, &(0x7f0000000080)='fd\x00')
fchdir(r0)
r1 = memfd_create(&(0x7f0000000780)='\x00', 0x0)
write(r1, &(0x7f00000000c0)="6963e64243ea486da3a74e3deec6fc5bb9650b5de56946c568f95d22467190ba406d59a5958d6f156c9c8a2ac4677b00000000000000000000200000f8bf54da33", 0x41)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1, 0x11, r1, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200)
r2 = inotify_init1(0x0)
inotify_add_watch(r2, &(0x7f0000000040)='./control\x00', 0xa4000960)
open(&(0x7f0000000040)='.\x00', 0x300, 0x0)

22:31:39 executing program 4:

[  133.814931][   T51] Bluetooth: hci2: command 0x0419 tx timeout
22:31:39 executing program 1:

22:31:39 executing program 1:

22:31:39 executing program 4:

22:31:39 executing program 0:

22:31:39 executing program 1:
perf_event_open(&(0x7f0000000240)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffefffffffffff, 0xffffffffffffffff, 0x0)
ftruncate(0xffffffffffffffff, 0x0)
dup(0xffffffffffffffff)
socket$nl_netfilter(0x10, 0x3, 0xc)
r0 = syz_open_dev$loop(&(0x7f00000004c0)='/dev/loop#\x00', 0x0, 0x105082)
r1 = memfd_create(&(0x7f0000000080)='\xfaIhFlK\x99F\x17\x16\xa5>\xd3\xc0\x93\xb5.\xda\x06_bT\x1cB\xdb\xf8y1\xe7,\x03\x98h\x86(\xa0m\x87+x\x14i\x88\xcd\x89\x81\xfb\x86', 0x0)
pwritev(r1, &(0x7f0000f50f90)=[{&(0x7f0000000000)='\x00', 0x1}], 0x1, 0x4081003, 0x0)
ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1)
fallocate(r0, 0x11, 0x0, 0x100007e00)

22:31:39 executing program 3:
syz_open_procfs(0x0, &(0x7f0000000000)='uid_map\x00')
r0 = syz_open_procfs(0x0, &(0x7f0000000080)='fd\x00')
fchdir(r0)
r1 = memfd_create(&(0x7f0000000780)='\x00', 0x0)
write(r1, &(0x7f00000000c0)="6963e64243ea486da3a74e3deec6fc5bb9650b5de56946c568f95d22467190ba406d59a5958d6f156c9c8a2ac4677b00000000000000000000200000f8bf54da33", 0x41)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1, 0x11, r1, 0x0)
r2 = dup(0xffffffffffffffff)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
r3 = inotify_init1(0x0)
inotify_add_watch(r3, &(0x7f0000000040)='./control\x00', 0xa4000960)
open(&(0x7f0000000040)='.\x00', 0x300, 0x0)

[  134.026658][   T27] kauditd_printk_skb: 18 callbacks suppressed
[  134.026670][   T27] audit: type=1804 audit(1596925899.644:34): pid=10345 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir713504557/syzkaller.Jh2fjf/6/file1/bus" dev="loop2" ino=10 res=1 errno=0
[  134.071465][   T27] audit: type=1804 audit(1596925899.644:35): pid=10345 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir713504557/syzkaller.Jh2fjf/6/file1/bus" dev="loop2" ino=10 res=1 errno=0
[  134.173298][ T5063] usb 6-1: new high-speed USB device number 2 using dummy_hcd
[  134.196436][   T27] audit: type=1804 audit(1596925899.644:36): pid=10345 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir713504557/syzkaller.Jh2fjf/6/file1/bus" dev="loop2" ino=10 res=1 errno=0
[  134.443361][ T5063] usb 6-1: Using ep0 maxpacket: 32
[  134.584958][ T5063] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  134.624851][ T5063] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  134.645091][ T5063] usb 6-1: New USB device found, idVendor=172f, idProduct=0502, bcdDevice= 0.40
[  134.657171][ T5063] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  134.667305][ T5063] usb 6-1: config 0 descriptor??
22:31:40 executing program 2:
syz_mount_image$msdos(&(0x7f0000000040)='msdos\x00', &(0x7f00000003c0)='./file1\x00', 0xffffffff, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0400050900000000666174000404090a0200027400f801", 0x17}], 0x0, &(0x7f00000004c0)=ANY=[])
chdir(&(0x7f0000000000)='./file1\x00')
r0 = creat(&(0x7f0000000040)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
r2 = creat(&(0x7f0000000040)='./bus\x00', 0x0)
ftruncate(r2, 0x800)
ioctl$BLKGETSIZE(0xffffffffffffffff, 0x1260, 0x0)
lseek(r2, 0x1, 0x0)
r3 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x50)
sendfile(r2, r3, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0xffff000b)

22:31:40 executing program 4:
perf_event_open(&(0x7f00000001c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_init_net_socket$llc(0x1a, 0x801, 0x0)
socket$l2tp6(0xa, 0x2, 0x73)
connect$llc(r0, &(0x7f0000000380), 0x10)

22:31:40 executing program 0:
openat$audio1(0xffffffffffffff9c, &(0x7f0000000000)='/dev/audio1\x00', 0x0, 0x0)
syz_mount_image$msdos(&(0x7f0000000040)='msdos\x00', &(0x7f00000003c0)='./file1\x00', 0xffffffff, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0400050900000000666174000404090a0200027400f801", 0x17}], 0x0, &(0x7f00000004c0)=ANY=[])
chdir(&(0x7f0000000000)='./file1\x00')
r0 = open(&(0x7f00000000c0)='./file0\x00', 0x40c2, 0x0)
perf_event_open(&(0x7f0000000700)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000200), 0x8}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0)
write(r0, &(0x7f0000001400)="bb8f9f640903127a53527c6fbfe65d43b0e0586f2d40c7e7df58cac83420e83662d6e39bb6d5430622431454eedeeaee423d8f210bc3525fa7927c18d5fbc91ab13c2041136047d8da9375934d00f325499bfe7712208d387d41c31821c2a22d1325b556528e9b790b74053d1ed631c6ec8126d37c87216173138c00cef396868029af5b76bebac5e38b74d8bbc6ae66b6e202b6d505710377710ea7d43edf00e1a4c1c670bb4c263ce777da81abdd5ba5a5c82f67232f9b4d6f21b2e6afa8b38e4642b0daa2acbc0478d89b88e8b2094d4248855e5e81992e60be3afff0f3c3799350615489a901a659abdeca0c615a622ebf64175f990320e0356d4a11ed62eff72b709c23dd65942e8b534d7d775d370c1e435654a2634e6ee3649c4c3bcbe39e866f1eb9972af1a9cef42e701798a53dc92a242aadbac343e1765cf8ea5665e22deda69777e52b1e9e5d3edc022256939e1eee013448294911139d5b9c6241049fecdf9b31f4cdf6cff65d71b5071ef70e1798347c8846aa5b905e83050e3e606986ed3f603d18c5cdeb11cda1ce3abddea9376231af130e19fc7601ec1ab8cb5a7de9e2174547f18225b09a54fc8720dbb91eb69c1be88e601c3c9df4f2758f39a5151951b9c6dbb419ffd783a34c9fad10f201b8724d31865e2fc1fcf48db2be713053b43a0e3943c1e2b08e8a26e946c439d891db2a80b5ffa054bc8d", 0x200)
sendfile(r0, r1, 0x0, 0x11f08)
pipe(&(0x7f0000000000)={<r2=>0xffffffffffffffff})
r3 = socket$inet_udp(0x2, 0x2, 0x0)
close(r3)
splice(r2, 0x0, 0xffffffffffffffff, 0x0, 0x4ffe0, 0x0)

[  134.783250][   T51] Bluetooth: hci3: command 0x0419 tx timeout
[  134.938058][   T27] audit: type=1800 audit(1596925900.554:37): pid=10373 uid=0 auid=0 ses=4 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.0" name="file0" dev="loop0" ino=11 res=0 errno=0
[  135.013511][   T27] audit: type=1804 audit(1596925900.574:38): pid=10373 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir561009247/syzkaller.lBtMZt/21/file1/file0" dev="loop0" ino=11 res=1 errno=0
[  135.134598][ T5063] waltop 0003:172F:0502.0001: hidraw0: USB HID v0.00 Device [HID 172f:0502] on usb-dummy_hcd.5-1/input0
[  135.156947][   T27] audit: type=1804 audit(1596925900.594:39): pid=10378 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir713504557/syzkaller.Jh2fjf/7/file1/bus" dev="loop2" ino=12 res=1 errno=0
[  135.212051][   T27] audit: type=1804 audit(1596925900.594:40): pid=10378 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir713504557/syzkaller.Jh2fjf/7/file1/bus" dev="loop2" ino=12 res=1 errno=0
[  135.237186][   T27] audit: type=1804 audit(1596925900.594:41): pid=10378 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir713504557/syzkaller.Jh2fjf/7/file1/bus" dev="loop2" ino=12 res=1 errno=0
[  135.333098][ T5063] Bluetooth: hci5: command 0x0419 tx timeout
[  135.335885][ T5088] usb 6-1: USB disconnect, device number 2
[  135.423125][ T5063] Bluetooth: hci4: command 0x0419 tx timeout
[  136.103191][ T5088] usb 6-1: new high-speed USB device number 3 using dummy_hcd
[  136.343035][ T5088] usb 6-1: Using ep0 maxpacket: 32
[  136.463099][ T5088] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  136.475406][ T5088] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  136.485993][ T5088] usb 6-1: New USB device found, idVendor=172f, idProduct=0502, bcdDevice= 0.40
[  136.495784][ T5088] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  136.506161][ T5088] usb 6-1: config 0 descriptor??
22:31:42 executing program 5:
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f00000000c0)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x20, 0x172f, 0x502, 0x40, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x1, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x1}}}}]}}]}}, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, &(0x7f0000000140)={0x2c, &(0x7f0000000000)={0x0, 0x0, 0x54, {0x54, 0x0, "02efbe0f000005000000b74b7eafcbb3fef73abd5a3bbe172a1886149031adba67406045fc2a4ad305000000663e9ac3d427f34c20f6b60aaf9acb9eaa88105d3abb6c9d3342be7919dd0d1fe216956835b5"}}, 0x0, 0x0, 0x0, 0x0}, 0x0)

22:31:42 executing program 4:
r0 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$P9_RLCREATE(r1, &(0x7f0000000040)={0x18}, 0x18)
lseek(r1, 0x0, 0x3)

22:31:42 executing program 3:
syz_open_procfs(0x0, &(0x7f0000000000)='uid_map\x00')
r0 = syz_open_procfs(0x0, &(0x7f0000000080)='fd\x00')
fchdir(r0)
r1 = memfd_create(&(0x7f0000000780)='\x00', 0x0)
write(r1, &(0x7f00000000c0)="6963e64243ea486da3a74e3deec6fc5bb9650b5de56946c568f95d22467190ba406d59a5958d6f156c9c8a2ac4677b00000000000000000000200000f8bf54da33", 0x41)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1, 0x11, r1, 0x0)
r2 = dup(0xffffffffffffffff)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
r3 = inotify_init1(0x0)
inotify_add_watch(r3, &(0x7f0000000040)='./control\x00', 0xa4000960)
open(&(0x7f0000000040)='.\x00', 0x300, 0x0)

22:31:42 executing program 1:
perf_event_open(&(0x7f0000000240)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffefffffffffff, 0xffffffffffffffff, 0x0)
ftruncate(0xffffffffffffffff, 0x0)
dup(0xffffffffffffffff)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r0, 0x0, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = syz_open_dev$loop(&(0x7f00000004c0)='/dev/loop#\x00', 0x0, 0x105082)
pwritev(0xffffffffffffffff, &(0x7f0000f50f90)=[{&(0x7f0000000000)='\x00', 0x1}], 0x1, 0x4081003, 0x0)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
dup(0xffffffffffffffff)
fallocate(r1, 0x11, 0x0, 0x100007e00)

22:31:42 executing program 0:
openat$audio1(0xffffffffffffff9c, &(0x7f0000000000)='/dev/audio1\x00', 0x0, 0x0)
syz_mount_image$msdos(&(0x7f0000000040)='msdos\x00', &(0x7f00000003c0)='./file1\x00', 0xffffffff, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0400050900000000666174000404090a0200027400f801", 0x17}], 0x0, &(0x7f00000004c0)=ANY=[])
chdir(&(0x7f0000000000)='./file1\x00')
r0 = open(&(0x7f00000000c0)='./file0\x00', 0x40c2, 0x0)
perf_event_open(&(0x7f0000000700)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000200), 0x8}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0)
write(r0, &(0x7f0000001400)="bb8f9f640903127a53527c6fbfe65d43b0e0586f2d40c7e7df58cac83420e83662d6e39bb6d5430622431454eedeeaee423d8f210bc3525fa7927c18d5fbc91ab13c2041136047d8da9375934d00f325499bfe7712208d387d41c31821c2a22d1325b556528e9b790b74053d1ed631c6ec8126d37c87216173138c00cef396868029af5b76bebac5e38b74d8bbc6ae66b6e202b6d505710377710ea7d43edf00e1a4c1c670bb4c263ce777da81abdd5ba5a5c82f67232f9b4d6f21b2e6afa8b38e4642b0daa2acbc0478d89b88e8b2094d4248855e5e81992e60be3afff0f3c3799350615489a901a659abdeca0c615a622ebf64175f990320e0356d4a11ed62eff72b709c23dd65942e8b534d7d775d370c1e435654a2634e6ee3649c4c3bcbe39e866f1eb9972af1a9cef42e701798a53dc92a242aadbac343e1765cf8ea5665e22deda69777e52b1e9e5d3edc022256939e1eee013448294911139d5b9c6241049fecdf9b31f4cdf6cff65d71b5071ef70e1798347c8846aa5b905e83050e3e606986ed3f603d18c5cdeb11cda1ce3abddea9376231af130e19fc7601ec1ab8cb5a7de9e2174547f18225b09a54fc8720dbb91eb69c1be88e601c3c9df4f2758f39a5151951b9c6dbb419ffd783a34c9fad10f201b8724d31865e2fc1fcf48db2be713053b43a0e3943c1e2b08e8a26e946c439d891db2a80b5ffa054bc8d", 0x200)
sendfile(r0, r1, 0x0, 0x11f08)
pipe(&(0x7f0000000000)={<r2=>0xffffffffffffffff})
r3 = socket$inet_udp(0x2, 0x2, 0x0)
close(r3)
splice(r2, 0x0, 0xffffffffffffffff, 0x0, 0x4ffe0, 0x0)

22:31:42 executing program 2:
syz_mount_image$msdos(&(0x7f0000000040)='msdos\x00', &(0x7f00000003c0)='./file1\x00', 0xffffffff, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0400050900000000666174000404090a0200027400f801", 0x17}], 0x0, &(0x7f00000004c0)=ANY=[])
chdir(&(0x7f0000000000)='./file1\x00')
r0 = creat(&(0x7f0000000040)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
r2 = creat(&(0x7f0000000040)='./bus\x00', 0x0)
ftruncate(r2, 0x800)
ioctl$BLKGETSIZE(0xffffffffffffffff, 0x1260, 0x0)
lseek(r2, 0x1, 0x0)
open(&(0x7f0000000000)='./bus\x00', 0x0, 0x50)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0xffff000b)

[  136.805796][ T5088] waltop 0003:172F:0502.0002: hidraw0: USB HID v0.00 Device [HID 172f:0502] on usb-dummy_hcd.5-1/input0
[  136.845529][ T5088] usb 6-1: USB disconnect, device number 3
22:31:42 executing program 4:
sendmmsg$inet6(0xffffffffffffffff, &(0x7f00000027c0)=[{{&(0x7f00000001c0)={0xa, 0x0, 0x0, @empty}, 0x1c, 0x0}}], 0x1, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000003c0)='oom_score\x00')
preadv(r0, &(0x7f00000017c0), 0x3da, 0x0, 0x0)

22:31:42 executing program 3:
syz_open_procfs(0x0, &(0x7f0000000000)='uid_map\x00')
r0 = syz_open_procfs(0x0, &(0x7f0000000080)='fd\x00')
fchdir(r0)
r1 = memfd_create(&(0x7f0000000780)='\x00', 0x0)
write(r1, &(0x7f00000000c0)="6963e64243ea486da3a74e3deec6fc5bb9650b5de56946c568f95d22467190ba406d59a5958d6f156c9c8a2ac4677b00000000000000000000200000f8bf54da33", 0x41)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1, 0x11, r1, 0x0)
r2 = dup(0xffffffffffffffff)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
r3 = inotify_init1(0x0)
inotify_add_watch(r3, &(0x7f0000000040)='./control\x00', 0xa4000960)
open(&(0x7f0000000040)='.\x00', 0x300, 0x0)

[  136.932063][   T27] audit: type=1800 audit(1596925902.544:42): pid=10437 uid=0 auid=0 ses=4 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.0" name="file0" dev="loop0" ino=13 res=0 errno=0
22:31:42 executing program 1:
perf_event_open(&(0x7f0000000240)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffefffffffffff, 0xffffffffffffffff, 0x0)
ftruncate(0xffffffffffffffff, 0x0)
dup(0xffffffffffffffff)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r0, 0x0, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = syz_open_dev$loop(&(0x7f00000004c0)='/dev/loop#\x00', 0x0, 0x105082)
pwritev(0xffffffffffffffff, &(0x7f0000f50f90)=[{&(0x7f0000000000)='\x00', 0x1}], 0x1, 0x4081003, 0x0)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
dup(0xffffffffffffffff)
fallocate(r1, 0x11, 0x0, 0x100007e00)

[  137.010965][   T27] audit: type=1804 audit(1596925902.574:43): pid=10437 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir561009247/syzkaller.lBtMZt/22/file1/file0" dev="loop0" ino=13 res=1 errno=0
22:31:42 executing program 3:
syz_open_procfs(0x0, &(0x7f0000000000)='uid_map\x00')
r0 = syz_open_procfs(0x0, &(0x7f0000000080)='fd\x00')
fchdir(r0)
r1 = memfd_create(&(0x7f0000000780)='\x00', 0x0)
write(r1, &(0x7f00000000c0)="6963e64243ea486da3a74e3deec6fc5bb9650b5de56946c568f95d22467190ba406d59a5958d6f156c9c8a2ac4677b00000000000000000000200000f8bf54da33", 0x41)
r2 = socket$inet6_udp(0xa, 0x2, 0x0)
r3 = dup(r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
r4 = inotify_init1(0x0)
inotify_add_watch(r4, &(0x7f0000000040)='./control\x00', 0xa4000960)
open(&(0x7f0000000040)='.\x00', 0x300, 0x0)

22:31:42 executing program 4:
socket$inet_udp(0x2, 0x2, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41bc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xfffffff7ffffffff, 0xffffffffffffffff, 0x0)
connect$inet(0xffffffffffffffff, 0x0, 0x0)
r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x0)
ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, &(0x7f00000000c0)=0x10d060000)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x0, 0x11, r0, 0x0)

22:31:42 executing program 1:
pipe(&(0x7f0000000040)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(0xffffffffffffffff, 0x84, 0x70, &(0x7f0000000300)={0x0, @in6={{0xa, 0x0, 0x0, @private1}}}, &(0x7f0000000180)=0x100)
r2 = socket$inet_udp(0x2, 0x2, 0x0)
close(r2)
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x88002, 0x0)
ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000100)={'syzkaller1\x00', 0xa732})
r4 = socket$netlink(0x10, 0x3, 0x0)
ioctl$sock_inet_SIOCSIFADDR(r4, 0x8914, &(0x7f0000000000)={'syzkaller1\x00', {0x7, 0x0, @multicast2}})
write$tun(0xffffffffffffffff, &(0x7f0000000140)={@val, @void, @eth={@broadcast, @local, @void, {@ipv6={0x86dd, @generic={0x0, 0x6, "163dac", 0x0, 0x0, 0x0, @local, @mcast2}}}}}, 0x3a)
write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x1000000c8)
sendmsg$tipc(0xffffffffffffffff, 0x0, 0x0)
splice(r0, 0x0, r2, 0x0, 0x18100, 0x0)

[  137.354624][ T5088] usb 6-1: new high-speed USB device number 4 using dummy_hcd
[  137.592993][ T5088] usb 6-1: Using ep0 maxpacket: 32
[  137.713483][ T5088] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  137.735253][ T5088] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  137.757237][ T5088] usb 6-1: New USB device found, idVendor=172f, idProduct=0502, bcdDevice= 0.40
[  137.767620][ T5088] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  137.793849][ T5088] usb 6-1: config 0 descriptor??
[  138.274437][ T5088] waltop 0003:172F:0502.0003: hidraw0: USB HID v0.00 Device [HID 172f:0502] on usb-dummy_hcd.5-1/input0
[  138.480065][ T5088] usb 6-1: USB disconnect, device number 4
22:31:44 executing program 5:
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f00000000c0)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x20, 0x172f, 0x502, 0x40, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x1, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x1}}}}]}}]}}, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, &(0x7f0000000140)={0x2c, &(0x7f0000000000)={0x0, 0x0, 0x54, {0x54, 0x0, "02efbe0f000005000000b74b7eafcbb3fef73abd5a3bbe172a1886149031adba67406045fc2a4ad305000000663e9ac3d427f34c20f6b60aaf9acb9eaa88105d3abb6c9d3342be7919dd0d1fe216956835b5"}}, 0x0, 0x0, 0x0, 0x0}, 0x0)

22:31:44 executing program 3:
syz_open_procfs(0x0, &(0x7f0000000000)='uid_map\x00')
r0 = syz_open_procfs(0x0, &(0x7f0000000080)='fd\x00')
fchdir(r0)
r1 = memfd_create(&(0x7f0000000780)='\x00', 0x0)
write(r1, &(0x7f00000000c0)="6963e64243ea486da3a74e3deec6fc5bb9650b5de56946c568f95d22467190ba406d59a5958d6f156c9c8a2ac4677b00000000000000000000200000f8bf54da33", 0x41)
r2 = socket$inet6_udp(0xa, 0x2, 0x0)
r3 = dup(r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
r4 = inotify_init1(0x0)
inotify_add_watch(r4, &(0x7f0000000040)='./control\x00', 0xa4000960)
open(&(0x7f0000000040)='.\x00', 0x300, 0x0)

22:31:44 executing program 4:
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0xc, 0x4, &(0x7f0000000200)=@framed={{0x18, 0x2, 0x0, 0x0, 0x2}, [@call={0x85, 0x0, 0x0, 0x1e}]}, &(0x7f00000000c0)='GPL\x00', 0x4, 0x1000, &(0x7f000062b000)=""/4096, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70)
socket$xdp(0x2c, 0x3, 0x0)
syz_genetlink_get_family_id$ethtool(&(0x7f0000000140)='ethtool\x00')
setsockopt$XDP_UMEM_REG(0xffffffffffffffff, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000080)=""/5, 0x0, 0x1000, 0x6}, 0x20)
socket$inet6(0xa, 0x5, 0xbf)
setsockopt$inet6_IPV6_RTHDRDSTOPTS(0xffffffffffffffff, 0x29, 0x37, 0x0, 0x58)
socket$inet6_icmp(0xa, 0x2, 0x3a)
setsockopt$XDP_UMEM_REG(0xffffffffffffffff, 0x11b, 0x4, 0x0, 0x0)
socket$inet_udplite(0x2, 0x2, 0x88)
connect$nfc_raw(0xffffffffffffffff, 0x0, 0x0)
r0 = socket$inet6(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e20, 0x0, @loopback}, 0x1c)
mmap(&(0x7f00009ff000/0x600000)=nil, 0x600000, 0x0, 0x12, r0, 0x0)
sendto$inet6(r0, 0x0, 0x0, 0xfffffeffffff7ffe, &(0x7f000006ffe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c)
syz_genetlink_get_family_id$nl80211(0x0)
sendmsg$NL80211_CMD_DEL_STATION(r0, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000240)=ANY=[], 0x14}}, 0x0)
getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x23, &(0x7f00000000c0)={&(0x7f0000ffb000/0x4000)=nil, 0x4000}, &(0x7f0000000340)=0x3d)

22:31:44 executing program 0:
r0 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000140)='l2tp\x00')
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$L2TP_CMD_TUNNEL_CREATE(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000002c0)={0x3c, r0, 0x917, 0x0, 0x0, {}, [@L2TP_ATTR_PROTO_VERSION={0x5}, @L2TP_ATTR_CONN_ID={0x8}, @L2TP_ATTR_PEER_CONN_ID={0x8}, @L2TP_ATTR_ENCAP_TYPE={0x6, 0x2, 0x1}, @L2TP_ATTR_FD={0x8, 0x17, @l2tp}]}, 0x3c}}, 0x0)

22:31:44 executing program 2:
syz_mount_image$msdos(&(0x7f0000000040)='msdos\x00', &(0x7f00000003c0)='./file1\x00', 0xffffffff, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0400050900000000666174000404090a0200027400f801", 0x17}], 0x0, &(0x7f00000004c0)=ANY=[])
chdir(&(0x7f0000000000)='./file1\x00')
r0 = creat(&(0x7f0000000040)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
r2 = creat(&(0x7f0000000040)='./bus\x00', 0x0)
ftruncate(r2, 0x800)
ioctl$BLKGETSIZE(0xffffffffffffffff, 0x1260, 0x0)
lseek(r2, 0x1, 0x0)
open(&(0x7f0000000000)='./bus\x00', 0x0, 0x50)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0xffff000b)

22:31:44 executing program 1:
pipe(&(0x7f0000000040)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(0xffffffffffffffff, 0x84, 0x70, &(0x7f0000000300)={0x0, @in6={{0xa, 0x0, 0x0, @private1}}}, &(0x7f0000000180)=0x100)
r2 = socket$inet_udp(0x2, 0x2, 0x0)
close(r2)
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x88002, 0x0)
ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000100)={'syzkaller1\x00', 0xa732})
r4 = socket$netlink(0x10, 0x3, 0x0)
ioctl$sock_inet_SIOCSIFADDR(r4, 0x8914, &(0x7f0000000000)={'syzkaller1\x00', {0x7, 0x0, @multicast2}})
write$tun(0xffffffffffffffff, &(0x7f0000000140)={@val, @void, @eth={@broadcast, @local, @void, {@ipv6={0x86dd, @generic={0x0, 0x6, "163dac", 0x0, 0x0, 0x0, @local, @mcast2}}}}}, 0x3a)
write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x1000000c8)
sendmsg$tipc(0xffffffffffffffff, 0x0, 0x0)
splice(r0, 0x0, r2, 0x0, 0x18100, 0x0)

22:31:44 executing program 0:
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0)
bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000040)={0x9}, 0x8)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0xfea7)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x10012, r0, 0x0)
r1 = socket$inet_dccp(0x2, 0x6, 0x0)
getsockopt$inet_int(r1, 0x10d, 0x1, 0x0, &(0x7f0000000000))

22:31:44 executing program 3:
syz_open_procfs(0x0, &(0x7f0000000000)='uid_map\x00')
r0 = syz_open_procfs(0x0, &(0x7f0000000080)='fd\x00')
fchdir(r0)
r1 = memfd_create(&(0x7f0000000780)='\x00', 0x0)
write(r1, &(0x7f00000000c0)="6963e64243ea486da3a74e3deec6fc5bb9650b5de56946c568f95d22467190ba406d59a5958d6f156c9c8a2ac4677b00000000000000000000200000f8bf54da33", 0x41)
r2 = socket$inet6_udp(0xa, 0x2, 0x0)
r3 = dup(r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
r4 = inotify_init1(0x0)
inotify_add_watch(r4, &(0x7f0000000040)='./control\x00', 0xa4000960)
open(&(0x7f0000000040)='.\x00', 0x300, 0x0)

[  139.084257][   T27] kauditd_printk_skb: 3 callbacks suppressed
[  139.084268][   T27] audit: type=1804 audit(1596925904.704:47): pid=10513 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir713504557/syzkaller.Jh2fjf/9/file1/bus" dev="loop2" ino=15 res=1 errno=0
22:31:44 executing program 3:
syz_open_procfs(0x0, &(0x7f0000000000)='uid_map\x00')
r0 = syz_open_procfs(0x0, &(0x7f0000000080)='fd\x00')
fchdir(r0)
r1 = memfd_create(&(0x7f0000000780)='\x00', 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1, 0x11, r1, 0x0)
r2 = socket$inet6_udp(0xa, 0x2, 0x0)
r3 = dup(r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
r4 = inotify_init1(0x0)
inotify_add_watch(r4, &(0x7f0000000040)='./control\x00', 0xa4000960)
open(&(0x7f0000000040)='.\x00', 0x300, 0x0)

[  139.118466][T10514] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based  firewall rule not found. Use the iptables CT target to attach helpers instead.
22:31:44 executing program 3:
syz_open_procfs(0x0, &(0x7f0000000000)='uid_map\x00')
r0 = syz_open_procfs(0x0, &(0x7f0000000080)='fd\x00')
fchdir(r0)
r1 = memfd_create(&(0x7f0000000780)='\x00', 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1, 0x11, r1, 0x0)
r2 = socket$inet6_udp(0xa, 0x2, 0x0)
r3 = dup(r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
r4 = inotify_init1(0x0)
inotify_add_watch(r4, &(0x7f0000000040)='./control\x00', 0xa4000960)
open(&(0x7f0000000040)='.\x00', 0x300, 0x0)

22:31:44 executing program 3:
syz_open_procfs(0x0, &(0x7f0000000000)='uid_map\x00')
r0 = syz_open_procfs(0x0, &(0x7f0000000080)='fd\x00')
fchdir(r0)
r1 = memfd_create(&(0x7f0000000780)='\x00', 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1, 0x11, r1, 0x0)
r2 = socket$inet6_udp(0xa, 0x2, 0x0)
r3 = dup(r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
r4 = inotify_init1(0x0)
inotify_add_watch(r4, &(0x7f0000000040)='./control\x00', 0xa4000960)
open(&(0x7f0000000040)='.\x00', 0x300, 0x0)

22:31:44 executing program 4:
socket$kcm(0x2, 0xa, 0x2)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
connect$can_bcm(r0, &(0x7f0000000080), 0x10)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0)
getpeername$l2tp(r0, 0x0, 0x0)
write$cgroup_int(r0, &(0x7f0000000200), 0xf000)
sendfile(r0, r1, 0x0, 0xf03b0000)
getsockopt$sock_timeval(r0, 0x1, 0x14, &(0x7f0000000000), &(0x7f0000000040)=0x10)
r2 = socket$kcm(0x2, 0x3, 0x2)
ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000700)={'macsec0\x00', @broadcast})

[  139.216285][T10528] do_dccp_getsockopt: sockopt(PACKET_SIZE) is deprecated: fix your app
[  139.242731][   T27] audit: type=1804 audit(1596925904.754:48): pid=10522 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir713504557/syzkaller.Jh2fjf/9/file1/bus" dev="loop2" ino=15 res=1 errno=0
[  139.302873][ T5088] usb 6-1: new high-speed USB device number 5 using dummy_hcd
[  139.345736][T10541] syz-executor.4 uses obsolete (PF_INET,SOCK_PACKET)
[  139.389612][T10541] device macsec0 entered promiscuous mode
[  139.396812][   T27] audit: type=1804 audit(1596925904.754:49): pid=10513 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir713504557/syzkaller.Jh2fjf/9/file1/bus" dev="loop2" ino=15 res=1 errno=0
[  139.573319][ T5088] usb 6-1: Using ep0 maxpacket: 32
[  139.724727][ T5088] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  139.736403][ T5088] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  139.747849][ T5088] usb 6-1: New USB device found, idVendor=172f, idProduct=0502, bcdDevice= 0.40
[  139.757527][ T5088] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  139.769097][ T5088] usb 6-1: config 0 descriptor??
[  140.255123][ T5088] waltop 0003:172F:0502.0004: hidraw0: USB HID v0.00 Device [HID 172f:0502] on usb-dummy_hcd.5-1/input0
[  140.458909][   T51] usb 6-1: USB disconnect, device number 5
22:31:46 executing program 5:
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f00000000c0)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x20, 0x172f, 0x502, 0x40, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x1, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x1}}}}]}}]}}, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, &(0x7f0000000140)={0x2c, &(0x7f0000000000)={0x0, 0x0, 0x54, {0x54, 0x0, "02efbe0f000005000000b74b7eafcbb3fef73abd5a3bbe172a1886149031adba67406045fc2a4ad305000000663e9ac3d427f34c20f6b60aaf9acb9eaa88105d3abb6c9d3342be7919dd0d1fe216956835b5"}}, 0x0, 0x0, 0x0, 0x0}, 0x0)

22:31:46 executing program 0:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x8e}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/adsp1\x00', 0x0, 0x0)
ioctl$SNDCTL_DSP_SETFRAGMENT(r0, 0xc004500a, &(0x7f0000000100)=0x80000)
readv(r0, &(0x7f0000000040)=[{&(0x7f00000012c0)=""/4096, 0x1000}], 0x1)

22:31:46 executing program 3:
syz_open_procfs(0x0, &(0x7f0000000000)='uid_map\x00')
r0 = syz_open_procfs(0x0, &(0x7f0000000080)='fd\x00')
fchdir(r0)
write(0xffffffffffffffff, &(0x7f00000000c0)="6963e64243ea486da3a74e3deec6fc5bb9650b5de56946c568f95d22467190ba406d59a5958d6f156c9c8a2ac4677b00000000000000000000200000f8bf54da33", 0x41)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1, 0x11, 0xffffffffffffffff, 0x0)
r1 = socket$inet6_udp(0xa, 0x2, 0x0)
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
r3 = inotify_init1(0x0)
inotify_add_watch(r3, &(0x7f0000000040)='./control\x00', 0xa4000960)
open(&(0x7f0000000040)='.\x00', 0x300, 0x0)

22:31:46 executing program 4:
r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/adsp1\x00', 0x0, 0x0)
ioctl$SNDCTL_DSP_SETFRAGMENT(r0, 0xc004500a, &(0x7f0000000100)=0x80000)
readv(r0, &(0x7f0000000040)=[{&(0x7f00000012c0)=""/4096, 0x1000}], 0x1)
sendmsg$TIPC_CMD_GET_MEDIA_NAMES(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0)
ioctl$SNDCTL_DSP_SETFRAGMENT(r0, 0xc004500a, &(0x7f0000000000))

22:31:46 executing program 2:
syz_mount_image$msdos(&(0x7f0000000040)='msdos\x00', &(0x7f00000003c0)='./file1\x00', 0xffffffff, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0400050900000000666174000404090a0200027400f801", 0x17}], 0x0, &(0x7f00000004c0)=ANY=[])
chdir(&(0x7f0000000000)='./file1\x00')
r0 = creat(&(0x7f0000000040)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
r2 = creat(&(0x7f0000000040)='./bus\x00', 0x0)
ftruncate(r2, 0x800)
ioctl$BLKGETSIZE(0xffffffffffffffff, 0x1260, 0x0)
lseek(r2, 0x1, 0x0)
open(&(0x7f0000000000)='./bus\x00', 0x0, 0x50)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0xffff000b)

22:31:46 executing program 1:
pipe(&(0x7f0000000040)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(0xffffffffffffffff, 0x84, 0x70, &(0x7f0000000300)={0x0, @in6={{0xa, 0x0, 0x0, @private1}}}, &(0x7f0000000180)=0x100)
r2 = socket$inet_udp(0x2, 0x2, 0x0)
close(r2)
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x88002, 0x0)
ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000100)={'syzkaller1\x00', 0xa732})
r4 = socket$netlink(0x10, 0x3, 0x0)
ioctl$sock_inet_SIOCSIFADDR(r4, 0x8914, &(0x7f0000000000)={'syzkaller1\x00', {0x7, 0x0, @multicast2}})
write$tun(0xffffffffffffffff, &(0x7f0000000140)={@val, @void, @eth={@broadcast, @local, @void, {@ipv6={0x86dd, @generic={0x0, 0x6, "163dac", 0x0, 0x0, 0x0, @local, @mcast2}}}}}, 0x3a)
write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x1000000c8)
sendmsg$tipc(0xffffffffffffffff, 0x0, 0x0)
splice(r0, 0x0, r2, 0x0, 0x18100, 0x0)

22:31:46 executing program 3:
syz_open_procfs(0x0, &(0x7f0000000000)='uid_map\x00')
r0 = syz_open_procfs(0x0, &(0x7f0000000080)='fd\x00')
fchdir(r0)
write(0xffffffffffffffff, &(0x7f00000000c0)="6963e64243ea486da3a74e3deec6fc5bb9650b5de56946c568f95d22467190ba406d59a5958d6f156c9c8a2ac4677b00000000000000000000200000f8bf54da33", 0x41)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1, 0x11, 0xffffffffffffffff, 0x0)
r1 = socket$inet6_udp(0xa, 0x2, 0x0)
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
r3 = inotify_init1(0x0)
inotify_add_watch(r3, &(0x7f0000000040)='./control\x00', 0xa4000960)
open(&(0x7f0000000040)='.\x00', 0x300, 0x0)

22:31:46 executing program 3:
syz_open_procfs(0x0, &(0x7f0000000000)='uid_map\x00')
r0 = syz_open_procfs(0x0, &(0x7f0000000080)='fd\x00')
fchdir(r0)
write(0xffffffffffffffff, &(0x7f00000000c0)="6963e64243ea486da3a74e3deec6fc5bb9650b5de56946c568f95d22467190ba406d59a5958d6f156c9c8a2ac4677b00000000000000000000200000f8bf54da33", 0x41)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1, 0x11, 0xffffffffffffffff, 0x0)
r1 = socket$inet6_udp(0xa, 0x2, 0x0)
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
r3 = inotify_init1(0x0)
inotify_add_watch(r3, &(0x7f0000000040)='./control\x00', 0xa4000960)
open(&(0x7f0000000040)='.\x00', 0x300, 0x0)

[  141.055284][   T27] audit: type=1804 audit(1596925906.675:50): pid=10588 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir713504557/syzkaller.Jh2fjf/10/file1/bus" dev="loop2" ino=16 res=1 errno=0
22:31:46 executing program 3:
syz_open_procfs(0x0, &(0x7f0000000000)='uid_map\x00')
syz_open_procfs(0x0, &(0x7f0000000080)='fd\x00')
r0 = memfd_create(&(0x7f0000000780)='\x00', 0x0)
write(r0, &(0x7f00000000c0)="6963e64243ea486da3a74e3deec6fc5bb9650b5de56946c568f95d22467190ba406d59a5958d6f156c9c8a2ac4677b00000000000000000000200000f8bf54da33", 0x41)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1, 0x11, r0, 0x0)
r1 = socket$inet6_udp(0xa, 0x2, 0x0)
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
r3 = inotify_init1(0x0)
inotify_add_watch(r3, &(0x7f0000000040)='./control\x00', 0xa4000960)
open(&(0x7f0000000040)='.\x00', 0x300, 0x0)

[  141.115184][   T27] audit: type=1804 audit(1596925906.695:51): pid=10588 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir713504557/syzkaller.Jh2fjf/10/file1/bus" dev="loop2" ino=16 res=1 errno=0
22:31:46 executing program 3:
syz_open_procfs(0x0, &(0x7f0000000000)='uid_map\x00')
syz_open_procfs(0x0, &(0x7f0000000080)='fd\x00')
r0 = memfd_create(&(0x7f0000000780)='\x00', 0x0)
write(r0, &(0x7f00000000c0)="6963e64243ea486da3a74e3deec6fc5bb9650b5de56946c568f95d22467190ba406d59a5958d6f156c9c8a2ac4677b00000000000000000000200000f8bf54da33", 0x41)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1, 0x11, r0, 0x0)
r1 = socket$inet6_udp(0xa, 0x2, 0x0)
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
r3 = inotify_init1(0x0)
inotify_add_watch(r3, &(0x7f0000000040)='./control\x00', 0xa4000960)
open(&(0x7f0000000040)='.\x00', 0x300, 0x0)

22:31:46 executing program 3:
syz_open_procfs(0x0, &(0x7f0000000000)='uid_map\x00')
syz_open_procfs(0x0, &(0x7f0000000080)='fd\x00')
r0 = memfd_create(&(0x7f0000000780)='\x00', 0x0)
write(r0, &(0x7f00000000c0)="6963e64243ea486da3a74e3deec6fc5bb9650b5de56946c568f95d22467190ba406d59a5958d6f156c9c8a2ac4677b00000000000000000000200000f8bf54da33", 0x41)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1, 0x11, r0, 0x0)
r1 = socket$inet6_udp(0xa, 0x2, 0x0)
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
r3 = inotify_init1(0x0)
inotify_add_watch(r3, &(0x7f0000000040)='./control\x00', 0xa4000960)
open(&(0x7f0000000040)='.\x00', 0x300, 0x0)

[  141.154188][   T27] audit: type=1804 audit(1596925906.705:52): pid=10588 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir713504557/syzkaller.Jh2fjf/10/file1/bus" dev="loop2" ino=16 res=1 errno=0
22:31:46 executing program 3:
syz_open_procfs(0x0, &(0x7f0000000000)='uid_map\x00')
fchdir(0xffffffffffffffff)
r0 = memfd_create(&(0x7f0000000780)='\x00', 0x0)
write(r0, &(0x7f00000000c0)="6963e64243ea486da3a74e3deec6fc5bb9650b5de56946c568f95d22467190ba406d59a5958d6f156c9c8a2ac4677b00000000000000000000200000f8bf54da33", 0x41)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1, 0x11, r0, 0x0)
r1 = socket$inet6_udp(0xa, 0x2, 0x0)
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
r3 = inotify_init1(0x0)
inotify_add_watch(r3, &(0x7f0000000040)='./control\x00', 0xa4000960)
open(&(0x7f0000000040)='.\x00', 0x300, 0x0)

[  141.366326][   T51] usb 6-1: new high-speed USB device number 6 using dummy_hcd
[  141.652966][   T51] usb 6-1: Using ep0 maxpacket: 32
[  141.783043][   T51] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  141.802772][   T51] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  141.812556][   T51] usb 6-1: New USB device found, idVendor=172f, idProduct=0502, bcdDevice= 0.40
[  141.849814][   T51] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  141.861032][   T51] usb 6-1: config 0 descriptor??
[  142.364603][   T51] waltop 0003:172F:0502.0005: hidraw0: USB HID v0.00 Device [HID 172f:0502] on usb-dummy_hcd.5-1/input0
[  142.570039][ T5088] usb 6-1: USB disconnect, device number 6
22:31:48 executing program 0:
r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/adsp1\x00', 0x0, 0x0)
ioctl$SNDCTL_DSP_SETFRAGMENT(r0, 0xc004500a, &(0x7f0000000100))
readv(r0, &(0x7f0000000040)=[{&(0x7f00000012c0)=""/4096, 0x1000}], 0x1)
ioctl$SNDCTL_DSP_SETFRAGMENT(r0, 0xc0045006, &(0x7f0000000000))

22:31:48 executing program 3:
syz_open_procfs(0x0, &(0x7f0000000000)='uid_map\x00')
fchdir(0xffffffffffffffff)
r0 = memfd_create(&(0x7f0000000780)='\x00', 0x0)
write(r0, &(0x7f00000000c0)="6963e64243ea486da3a74e3deec6fc5bb9650b5de56946c568f95d22467190ba406d59a5958d6f156c9c8a2ac4677b00000000000000000000200000f8bf54da33", 0x41)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1, 0x11, r0, 0x0)
r1 = socket$inet6_udp(0xa, 0x2, 0x0)
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
r3 = inotify_init1(0x0)
inotify_add_watch(r3, &(0x7f0000000040)='./control\x00', 0xa4000960)
open(&(0x7f0000000040)='.\x00', 0x300, 0x0)

22:31:48 executing program 5:
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f00000000c0)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x20, 0x172f, 0x502, 0x40, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x1, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x1}}}}]}}]}}, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)

22:31:48 executing program 4:
r0 = socket(0x10, 0x2, 0x0)
write(r0, &(0x7f0000000280)="1c0000001a009b8a140000003b9b301f00"/28, 0x32)
perf_event_open(&(0x7f00000003c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41bd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
recvmmsg(r0, &(0x7f0000002ec0), 0x400000000000ec0, 0xa, &(0x7f00000001c0)={0x77359400})

22:31:48 executing program 2:
syz_mount_image$msdos(&(0x7f0000000040)='msdos\x00', &(0x7f00000003c0)='./file1\x00', 0xffffffff, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0400050900000000666174000404090a0200027400f801", 0x17}], 0x0, &(0x7f00000004c0)=ANY=[])
chdir(&(0x7f0000000000)='./file1\x00')
r0 = creat(&(0x7f0000000040)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
r2 = creat(&(0x7f0000000040)='./bus\x00', 0x0)
ftruncate(r2, 0x800)
ioctl$BLKGETSIZE(0xffffffffffffffff, 0x1260, 0x0)
lseek(r2, 0x1, 0x0)
sendfile(r2, 0xffffffffffffffff, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0xffff000b)

22:31:48 executing program 1:
pipe(&(0x7f0000000040)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(0xffffffffffffffff, 0x84, 0x70, &(0x7f0000000300)={0x0, @in6={{0xa, 0x0, 0x0, @private1}}}, &(0x7f0000000180)=0x100)
r2 = socket$inet_udp(0x2, 0x2, 0x0)
close(r2)
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x88002, 0x0)
ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000100)={'syzkaller1\x00', 0xa732})
r4 = socket$netlink(0x10, 0x3, 0x0)
ioctl$sock_inet_SIOCSIFADDR(r4, 0x8914, &(0x7f0000000000)={'syzkaller1\x00', {0x7, 0x0, @multicast2}})
write$tun(0xffffffffffffffff, &(0x7f0000000140)={@val, @void, @eth={@broadcast, @local, @void, {@ipv6={0x86dd, @generic={0x0, 0x6, "163dac", 0x0, 0x0, 0x0, @local, @mcast2}}}}}, 0x3a)
write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x1000000c8)
sendmsg$tipc(0xffffffffffffffff, 0x0, 0x0)
splice(r0, 0x0, r2, 0x0, 0x18100, 0x0)

22:31:48 executing program 3:
syz_open_procfs(0x0, &(0x7f0000000000)='uid_map\x00')
fchdir(0xffffffffffffffff)
r0 = memfd_create(&(0x7f0000000780)='\x00', 0x0)
write(r0, &(0x7f00000000c0)="6963e64243ea486da3a74e3deec6fc5bb9650b5de56946c568f95d22467190ba406d59a5958d6f156c9c8a2ac4677b00000000000000000000200000f8bf54da33", 0x41)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1, 0x11, r0, 0x0)
r1 = socket$inet6_udp(0xa, 0x2, 0x0)
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
r3 = inotify_init1(0x0)
inotify_add_watch(r3, &(0x7f0000000040)='./control\x00', 0xa4000960)
open(&(0x7f0000000040)='.\x00', 0x300, 0x0)

[  143.146271][   T27] audit: type=1804 audit(1596925908.765:53): pid=10659 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir713504557/syzkaller.Jh2fjf/11/file1/bus" dev="loop2" ino=17 res=1 errno=0
22:31:48 executing program 3:
r0 = syz_open_procfs(0x0, &(0x7f0000000080)='fd\x00')
fchdir(r0)
r1 = memfd_create(&(0x7f0000000780)='\x00', 0x0)
write(r1, &(0x7f00000000c0)="6963e64243ea486da3a74e3deec6fc5bb9650b5de56946c568f95d22467190ba406d59a5958d6f156c9c8a2ac4677b00000000000000000000200000f8bf54da33", 0x41)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1, 0x11, r1, 0x0)
r2 = socket$inet6_udp(0xa, 0x2, 0x0)
r3 = dup(r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
r4 = inotify_init1(0x0)
inotify_add_watch(r4, &(0x7f0000000040)='./control\x00', 0xa4000960)
open(&(0x7f0000000040)='.\x00', 0x300, 0x0)

22:31:48 executing program 4:
r0 = socket(0x10, 0x2, 0x0)
write(r0, &(0x7f0000000280)="1c0000001a009b8a140000003b9b301f00"/28, 0x32)
perf_event_open(&(0x7f00000003c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41bd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
recvmmsg(r0, &(0x7f0000002ec0), 0x400000000000ec0, 0xa, &(0x7f00000001c0)={0x77359400})

22:31:48 executing program 3:
r0 = syz_open_procfs(0x0, &(0x7f0000000080)='fd\x00')
fchdir(r0)
r1 = memfd_create(&(0x7f0000000780)='\x00', 0x0)
write(r1, &(0x7f00000000c0)="6963e64243ea486da3a74e3deec6fc5bb9650b5de56946c568f95d22467190ba406d59a5958d6f156c9c8a2ac4677b00000000000000000000200000f8bf54da33", 0x41)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1, 0x11, r1, 0x0)
r2 = socket$inet6_udp(0xa, 0x2, 0x0)
r3 = dup(r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
r4 = inotify_init1(0x0)
inotify_add_watch(r4, &(0x7f0000000040)='./control\x00', 0xa4000960)
open(&(0x7f0000000040)='.\x00', 0x300, 0x0)

[  143.253677][   T27] audit: type=1804 audit(1596925908.805:54): pid=10659 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir713504557/syzkaller.Jh2fjf/11/file1/bus" dev="loop2" ino=17 res=1 errno=0
22:31:49 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000032000/0x18000)=nil, &(0x7f0000000280)=[@text32={0x20, &(0x7f0000000140)="b9800000c00f3235010000000f309a090000006500660f3882af724d00002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0x51}], 0x1, 0x0, 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41bf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x4, 0x0, 0x40000007, 0x0, 0x0, 0x0, 0x4cb]})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
add_key(&(0x7f0000000100)='cifs.spnego\x00', 0x0, 0x0, 0x0, 0xffffffffffffffff)
syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='ns\x00')
ioctl$KVM_S390_VCPU_FAULT(0xffffffffffffffff, 0x4004ae52, &(0x7f00000000c0)=0x8)
perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000, 0x2, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa, @perf_config_ext, 0x41800, 0x0, 0x0, 0x0, 0x0, 0x10}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

22:31:49 executing program 3:
r0 = syz_open_procfs(0x0, &(0x7f0000000080)='fd\x00')
fchdir(r0)
r1 = memfd_create(&(0x7f0000000780)='\x00', 0x0)
write(r1, &(0x7f00000000c0)="6963e64243ea486da3a74e3deec6fc5bb9650b5de56946c568f95d22467190ba406d59a5958d6f156c9c8a2ac4677b00000000000000000000200000f8bf54da33", 0x41)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1, 0x11, r1, 0x0)
r2 = socket$inet6_udp(0xa, 0x2, 0x0)
r3 = dup(r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
r4 = inotify_init1(0x0)
inotify_add_watch(r4, &(0x7f0000000040)='./control\x00', 0xa4000960)
open(&(0x7f0000000040)='.\x00', 0x300, 0x0)

[  143.423417][   T51] usb 6-1: new high-speed USB device number 7 using dummy_hcd
[  143.456555][T10682] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details.
[  143.672892][   T51] usb 6-1: Using ep0 maxpacket: 32
[  143.792911][   T51] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  143.804151][   T51] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  143.816111][   T51] usb 6-1: New USB device found, idVendor=172f, idProduct=0502, bcdDevice= 0.40
[  143.828626][   T51] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  143.838378][   T51] usb 6-1: config 0 descriptor??
22:31:49 executing program 0:
r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/adsp1\x00', 0x0, 0x0)
readv(r0, &(0x7f0000000040)=[{&(0x7f00000012c0)=""/4096, 0x1000}], 0x1)
ioctl$SNDCTL_DSP_GETISPACE(r0, 0x8010500d, &(0x7f0000000000))

22:31:49 executing program 3:
syz_open_procfs(0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f0000000080)='fd\x00')
fchdir(r0)
r1 = memfd_create(&(0x7f0000000780)='\x00', 0x0)
write(r1, &(0x7f00000000c0)="6963e64243ea486da3a74e3deec6fc5bb9650b5de56946c568f95d22467190ba406d59a5958d6f156c9c8a2ac4677b00000000000000000000200000f8bf54da33", 0x41)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1, 0x11, r1, 0x0)
r2 = socket$inet6_udp(0xa, 0x2, 0x0)
r3 = dup(r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
r4 = inotify_init1(0x0)
inotify_add_watch(r4, &(0x7f0000000040)='./control\x00', 0xa4000960)
open(&(0x7f0000000040)='.\x00', 0x300, 0x0)

[  144.382716][   T51] usbhid 6-1:0.0: can't add hid device: -71
[  144.389146][   T51] usbhid: probe of 6-1:0.0 failed with error -71
[  144.401821][   T51] usb 6-1: USB disconnect, device number 7
22:31:50 executing program 5:
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f00000000c0)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x20, 0x172f, 0x502, 0x40, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x1, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x1}}}}]}}]}}, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)

22:31:50 executing program 4:
r0 = syz_open_dev$dri(&(0x7f0000000100)='/dev/dri/card#\x00', 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_CREATEPROPBLOB(r0, 0xc01064bd, &(0x7f0000000240)={&(0x7f0000000140)="7f", 0x1, <r1=>0x2})
ioctl$DRM_IOCTL_MODE_DESTROYPROPBLOB(r0, 0xc00464be, &(0x7f00000000c0)={r1})

22:31:50 executing program 2:
syz_mount_image$msdos(&(0x7f0000000040)='msdos\x00', &(0x7f00000003c0)='./file1\x00', 0xffffffff, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0400050900000000666174000404090a0200027400f801", 0x17}], 0x0, &(0x7f00000004c0)=ANY=[])
chdir(&(0x7f0000000000)='./file1\x00')
r0 = creat(&(0x7f0000000040)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
r2 = creat(&(0x7f0000000040)='./bus\x00', 0x0)
ftruncate(r2, 0x800)
ioctl$BLKGETSIZE(0xffffffffffffffff, 0x1260, 0x0)
lseek(r2, 0x1, 0x0)
sendfile(r2, 0xffffffffffffffff, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0xffff000b)

22:31:50 executing program 3:
syz_open_procfs(0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f0000000080)='fd\x00')
fchdir(r0)
r1 = memfd_create(&(0x7f0000000780)='\x00', 0x0)
write(r1, &(0x7f00000000c0)="6963e64243ea486da3a74e3deec6fc5bb9650b5de56946c568f95d22467190ba406d59a5958d6f156c9c8a2ac4677b00000000000000000000200000f8bf54da33", 0x41)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1, 0x11, r1, 0x0)
r2 = socket$inet6_udp(0xa, 0x2, 0x0)
r3 = dup(r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
r4 = inotify_init1(0x0)
inotify_add_watch(r4, &(0x7f0000000040)='./control\x00', 0xa4000960)
open(&(0x7f0000000040)='.\x00', 0x300, 0x0)

22:31:50 executing program 1:
pipe(&(0x7f0000000040)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(0xffffffffffffffff, 0x84, 0x70, &(0x7f0000000300)={0x0, @in6={{0xa, 0x0, 0x0, @private1}}}, &(0x7f0000000180)=0x100)
r2 = socket$inet_udp(0x2, 0x2, 0x0)
close(r2)
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x88002, 0x0)
ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000100)={'syzkaller1\x00', 0xa732})
r4 = socket$netlink(0x10, 0x3, 0x0)
ioctl$sock_inet_SIOCSIFADDR(r4, 0x8914, &(0x7f0000000000)={'syzkaller1\x00', {0x7, 0x0, @multicast2}})
write$tun(0xffffffffffffffff, &(0x7f0000000140)={@val, @void, @eth={@broadcast, @local, @void, {@ipv6={0x86dd, @generic={0x0, 0x6, "163dac", 0x0, 0x0, 0x0, @local, @mcast2}}}}}, 0x3a)
write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x1000000c8)
splice(r0, 0x0, r2, 0x0, 0x18100, 0x0)

22:31:50 executing program 0:
r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/adsp1\x00', 0x0, 0x0)
readv(r0, &(0x7f0000000040)=[{&(0x7f00000012c0)=""/4096, 0x1000}], 0x1)
ioctl$SNDCTL_DSP_GETISPACE(r0, 0x8010500d, &(0x7f0000000000))

22:31:50 executing program 3:
syz_open_procfs(0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f0000000080)='fd\x00')
fchdir(r0)
r1 = memfd_create(&(0x7f0000000780)='\x00', 0x0)
write(r1, &(0x7f00000000c0)="6963e64243ea486da3a74e3deec6fc5bb9650b5de56946c568f95d22467190ba406d59a5958d6f156c9c8a2ac4677b00000000000000000000200000f8bf54da33", 0x41)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1, 0x11, r1, 0x0)
r2 = socket$inet6_udp(0xa, 0x2, 0x0)
r3 = dup(r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
r4 = inotify_init1(0x0)
inotify_add_watch(r4, &(0x7f0000000040)='./control\x00', 0xa4000960)
open(&(0x7f0000000040)='.\x00', 0x300, 0x0)

[  144.890707][   T27] audit: type=1804 audit(1596925910.505:55): pid=10742 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir713504557/syzkaller.Jh2fjf/12/file1/bus" dev="loop2" ino=18 res=1 errno=0
22:31:50 executing program 4:
perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800, 0x0, @perf_config_ext={0x7, 0x8e}, 0x8}, 0x0, 0xfff7feffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/adsp1\x00', 0x0, 0x0)
ioctl$SNDCTL_DSP_SETFRAGMENT(r0, 0xc004500a, &(0x7f0000000100)=0x80000)
readv(r0, &(0x7f0000000040)=[{&(0x7f00000012c0)=""/4096, 0x1000}], 0x1)

22:31:50 executing program 3:
syz_open_procfs(0x0, &(0x7f0000000000)='uid_map\x00')
r0 = syz_open_procfs(0x0, 0x0)
fchdir(r0)
r1 = memfd_create(&(0x7f0000000780)='\x00', 0x0)
write(r1, &(0x7f00000000c0)="6963e64243ea486da3a74e3deec6fc5bb9650b5de56946c568f95d22467190ba406d59a5958d6f156c9c8a2ac4677b00000000000000000000200000f8bf54da33", 0x41)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1, 0x11, r1, 0x0)
r2 = socket$inet6_udp(0xa, 0x2, 0x0)
r3 = dup(r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
r4 = inotify_init1(0x0)
inotify_add_watch(r4, &(0x7f0000000040)='./control\x00', 0xa4000960)
open(&(0x7f0000000040)='.\x00', 0x300, 0x0)

[  144.982670][   T27] audit: type=1804 audit(1596925910.535:56): pid=10742 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir713504557/syzkaller.Jh2fjf/12/file1/bus" dev="loop2" ino=18 res=1 errno=0
22:31:50 executing program 3:
syz_open_procfs(0x0, &(0x7f0000000000)='uid_map\x00')
r0 = syz_open_procfs(0x0, 0x0)
fchdir(r0)
r1 = memfd_create(&(0x7f0000000780)='\x00', 0x0)
write(r1, &(0x7f00000000c0)="6963e64243ea486da3a74e3deec6fc5bb9650b5de56946c568f95d22467190ba406d59a5958d6f156c9c8a2ac4677b00000000000000000000200000f8bf54da33", 0x41)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1, 0x11, r1, 0x0)
r2 = socket$inet6_udp(0xa, 0x2, 0x0)
r3 = dup(r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
r4 = inotify_init1(0x0)
inotify_add_watch(r4, &(0x7f0000000040)='./control\x00', 0xa4000960)
open(&(0x7f0000000040)='.\x00', 0x300, 0x0)

22:31:50 executing program 3:
syz_open_procfs(0x0, &(0x7f0000000000)='uid_map\x00')
r0 = syz_open_procfs(0x0, 0x0)
fchdir(r0)
r1 = memfd_create(&(0x7f0000000780)='\x00', 0x0)
write(r1, &(0x7f00000000c0)="6963e64243ea486da3a74e3deec6fc5bb9650b5de56946c568f95d22467190ba406d59a5958d6f156c9c8a2ac4677b00000000000000000000200000f8bf54da33", 0x41)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1, 0x11, r1, 0x0)
r2 = socket$inet6_udp(0xa, 0x2, 0x0)
r3 = dup(r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
r4 = inotify_init1(0x0)
inotify_add_watch(r4, &(0x7f0000000040)='./control\x00', 0xa4000960)
open(&(0x7f0000000040)='.\x00', 0x300, 0x0)

22:31:50 executing program 3:
syz_open_procfs(0x0, &(0x7f0000000000)='uid_map\x00')
syz_open_procfs(0x0, &(0x7f0000000080)='fd\x00')
fchdir(0xffffffffffffffff)
r0 = memfd_create(&(0x7f0000000780)='\x00', 0x0)
write(r0, &(0x7f00000000c0)="6963e64243ea486da3a74e3deec6fc5bb9650b5de56946c568f95d22467190ba406d59a5958d6f156c9c8a2ac4677b00000000000000000000200000f8bf54da33", 0x41)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1, 0x11, r0, 0x0)
r1 = socket$inet6_udp(0xa, 0x2, 0x0)
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
r3 = inotify_init1(0x0)
inotify_add_watch(r3, &(0x7f0000000040)='./control\x00', 0xa4000960)
open(&(0x7f0000000040)='.\x00', 0x300, 0x0)

[  145.122928][ T5088] usb 6-1: new high-speed USB device number 8 using dummy_hcd
[  145.392734][ T5088] usb 6-1: Using ep0 maxpacket: 32
[  145.533091][ T5088] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  145.544343][ T5088] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  145.554701][ T5088] usb 6-1: New USB device found, idVendor=172f, idProduct=0502, bcdDevice= 0.40
[  145.572322][ T5088] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  145.581844][ T5088] usb 6-1: config 0 descriptor??
[  146.142686][ T5088] usbhid 6-1:0.0: can't add hid device: -71
[  146.148630][ T5088] usbhid: probe of 6-1:0.0 failed with error -71
[  146.159219][ T5088] usb 6-1: USB disconnect, device number 8
22:31:52 executing program 0:
socket$netlink(0x10, 0x3, 0x0)
perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket(0x10, 0x80002, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000000)={'batadv0\x00'})
r1 = socket$nl_route(0x10, 0x3, 0x0)
getsockname$packet(0xffffffffffffffff, &(0x7f00000003c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000000)=0x14)
sendmsg$IPVS_CMD_ZERO(0xffffffffffffffff, &(0x7f0000000380)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000340)={0x0, 0x68}}, 0x4004001)
sendmsg$IPVS_CMD_GET_DEST(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4004041}, 0x0)
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000100))
getsockname$packet(0xffffffffffffffff, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)=@newlink={0x4c, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @ipvlan={{0xb, 0x1, 'ipvlan\x00'}, {0xc, 0x2, 0x0, 0x1, [@IFLA_IPVLAN_MODE={0x6, 0x1, 0x2}]}}}, @IFLA_LINK={0x8}, @IFLA_MASTER={0x8}]}, 0x4c}}, 0x0)

22:31:52 executing program 3:
syz_open_procfs(0x0, &(0x7f0000000000)='uid_map\x00')
syz_open_procfs(0x0, &(0x7f0000000080)='fd\x00')
fchdir(0xffffffffffffffff)
r0 = memfd_create(&(0x7f0000000780)='\x00', 0x0)
write(r0, &(0x7f00000000c0)="6963e64243ea486da3a74e3deec6fc5bb9650b5de56946c568f95d22467190ba406d59a5958d6f156c9c8a2ac4677b00000000000000000000200000f8bf54da33", 0x41)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1, 0x11, r0, 0x0)
r1 = socket$inet6_udp(0xa, 0x2, 0x0)
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
r3 = inotify_init1(0x0)
inotify_add_watch(r3, &(0x7f0000000040)='./control\x00', 0xa4000960)
open(&(0x7f0000000040)='.\x00', 0x300, 0x0)

22:31:52 executing program 4:
perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800, 0x0, @perf_config_ext={0x7, 0x8e}, 0x8}, 0x0, 0xfff7feffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/adsp1\x00', 0x0, 0x0)
ioctl$SNDCTL_DSP_SETFRAGMENT(r0, 0xc004500a, &(0x7f0000000100)=0x80000)
readv(r0, &(0x7f0000000040)=[{&(0x7f00000012c0)=""/4096, 0x1000}], 0x1)

22:31:52 executing program 5:
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f00000000c0)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x20, 0x172f, 0x502, 0x40, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x1, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x1}}}}]}}]}}, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)

22:31:52 executing program 2:
syz_mount_image$msdos(&(0x7f0000000040)='msdos\x00', &(0x7f00000003c0)='./file1\x00', 0xffffffff, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0400050900000000666174000404090a0200027400f801", 0x17}], 0x0, &(0x7f00000004c0)=ANY=[])
chdir(&(0x7f0000000000)='./file1\x00')
r0 = creat(&(0x7f0000000040)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
r2 = creat(&(0x7f0000000040)='./bus\x00', 0x0)
ftruncate(r2, 0x800)
ioctl$BLKGETSIZE(0xffffffffffffffff, 0x1260, 0x0)
lseek(r2, 0x1, 0x0)
sendfile(r2, 0xffffffffffffffff, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0xffff000b)

22:31:52 executing program 1:
pipe(&(0x7f0000000040)={<r0=>0xffffffffffffffff})
getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(0xffffffffffffffff, 0x84, 0x70, &(0x7f0000000300)={0x0, @in6={{0xa, 0x0, 0x0, @private1}}}, &(0x7f0000000180)=0x100)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
close(r1)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x88002, 0x0)
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000100)={'syzkaller1\x00', 0xa732})
r3 = socket$netlink(0x10, 0x3, 0x0)
ioctl$sock_inet_SIOCSIFADDR(r3, 0x8914, &(0x7f0000000000)={'syzkaller1\x00', {0x7, 0x0, @multicast2}})
write$tun(0xffffffffffffffff, &(0x7f0000000140)={@val, @void, @eth={@broadcast, @local, @void, {@ipv6={0x86dd, @generic={0x0, 0x6, "163dac", 0x0, 0x0, 0x0, @local, @mcast2}}}}}, 0x3a)
splice(r0, 0x0, r1, 0x0, 0x18100, 0x0)

[  146.628378][   T27] audit: type=1804 audit(1596925912.245:57): pid=10801 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir713504557/syzkaller.Jh2fjf/13/file1/bus" dev="loop2" ino=19 res=1 errno=0
[  146.653302][   T27] audit: type=1804 audit(1596925912.255:58): pid=10801 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir713504557/syzkaller.Jh2fjf/13/file1/bus" dev="loop2" ino=19 res=1 errno=0
22:31:52 executing program 0:
socket(0x0, 0x0, 0x2)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41bc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040)='nl80211\x00')
sendmsg$NL80211_CMD_GET_STATION(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000340)={0x14, r1, 0xf2b, 0x0, 0x0, {0x67}}, 0x14}}, 0x0)
splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x1ffeb, 0x0)

22:31:52 executing program 3:
syz_open_procfs(0x0, &(0x7f0000000000)='uid_map\x00')
syz_open_procfs(0x0, &(0x7f0000000080)='fd\x00')
fchdir(0xffffffffffffffff)
r0 = memfd_create(&(0x7f0000000780)='\x00', 0x0)
write(r0, &(0x7f00000000c0)="6963e64243ea486da3a74e3deec6fc5bb9650b5de56946c568f95d22467190ba406d59a5958d6f156c9c8a2ac4677b00000000000000000000200000f8bf54da33", 0x41)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1, 0x11, r0, 0x0)
r1 = socket$inet6_udp(0xa, 0x2, 0x0)
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
r3 = inotify_init1(0x0)
inotify_add_watch(r3, &(0x7f0000000040)='./control\x00', 0xa4000960)
open(&(0x7f0000000040)='.\x00', 0x300, 0x0)

22:31:52 executing program 3:
syz_open_procfs(0x0, &(0x7f0000000000)='uid_map\x00')
r0 = syz_open_procfs(0x0, &(0x7f0000000080)='fd\x00')
fchdir(r0)
r1 = memfd_create(0x0, 0x0)
write(r1, &(0x7f00000000c0)="6963e64243ea486da3a74e3deec6fc5bb9650b5de56946c568f95d22467190ba406d59a5958d6f156c9c8a2ac4677b00000000000000000000200000f8bf54da33", 0x41)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1, 0x11, r1, 0x0)
r2 = socket$inet6_udp(0xa, 0x2, 0x0)
r3 = dup(r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
r4 = inotify_init1(0x0)
inotify_add_watch(r4, &(0x7f0000000040)='./control\x00', 0xa4000960)
open(&(0x7f0000000040)='.\x00', 0x300, 0x0)

22:31:52 executing program 0:
r0 = socket(0x10, 0x2, 0x0)
write(r0, &(0x7f0000000280)="1c0000001a009b8a140000003b9b301f00"/28, 0x32)
perf_event_open(&(0x7f00000003c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41bd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
recvmmsg(r0, &(0x7f0000002ec0), 0x40000000000003c, 0xa, &(0x7f00000001c0)={0x77359400})

22:31:52 executing program 3:
syz_open_procfs(0x0, &(0x7f0000000000)='uid_map\x00')
r0 = syz_open_procfs(0x0, &(0x7f0000000080)='fd\x00')
fchdir(r0)
r1 = memfd_create(0x0, 0x0)
write(r1, &(0x7f00000000c0)="6963e64243ea486da3a74e3deec6fc5bb9650b5de56946c568f95d22467190ba406d59a5958d6f156c9c8a2ac4677b00000000000000000000200000f8bf54da33", 0x41)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1, 0x11, r1, 0x0)
r2 = socket$inet6_udp(0xa, 0x2, 0x0)
r3 = dup(r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
r4 = inotify_init1(0x0)
inotify_add_watch(r4, &(0x7f0000000040)='./control\x00', 0xa4000960)
open(&(0x7f0000000040)='.\x00', 0x300, 0x0)

22:31:52 executing program 3:
syz_open_procfs(0x0, &(0x7f0000000000)='uid_map\x00')
r0 = syz_open_procfs(0x0, &(0x7f0000000080)='fd\x00')
fchdir(r0)
r1 = memfd_create(0x0, 0x0)
write(r1, &(0x7f00000000c0)="6963e64243ea486da3a74e3deec6fc5bb9650b5de56946c568f95d22467190ba406d59a5958d6f156c9c8a2ac4677b00000000000000000000200000f8bf54da33", 0x41)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1, 0x11, r1, 0x0)
r2 = socket$inet6_udp(0xa, 0x2, 0x0)
r3 = dup(r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
r4 = inotify_init1(0x0)
inotify_add_watch(r4, &(0x7f0000000040)='./control\x00', 0xa4000960)
open(&(0x7f0000000040)='.\x00', 0x300, 0x0)

[  146.902594][   T51] usb 6-1: new high-speed USB device number 9 using dummy_hcd
22:31:52 executing program 3:
syz_open_procfs(0x0, &(0x7f0000000000)='uid_map\x00')
r0 = syz_open_procfs(0x0, &(0x7f0000000080)='fd\x00')
fchdir(r0)
r1 = memfd_create(&(0x7f0000000780)='\x00', 0x0)
write(0xffffffffffffffff, &(0x7f00000000c0)="6963e64243ea486da3a74e3deec6fc5bb9650b5de56946c568f95d22467190ba406d59a5958d6f156c9c8a2ac4677b00000000000000000000200000f8bf54da33", 0x41)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1, 0x11, r1, 0x0)
r2 = socket$inet6_udp(0xa, 0x2, 0x0)
r3 = dup(r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
r4 = inotify_init1(0x0)
inotify_add_watch(r4, &(0x7f0000000040)='./control\x00', 0xa4000960)
open(&(0x7f0000000040)='.\x00', 0x300, 0x0)

22:31:52 executing program 0:
r0 = socket(0x10, 0x2, 0x0)
write(r0, &(0x7f0000000280)="1c0000001a009b8a140000003b9b301f00"/28, 0x32)
perf_event_open(&(0x7f00000003c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41bd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
recvmmsg(r0, &(0x7f0000002ec0), 0x40000000000003c, 0xa, &(0x7f00000001c0)={0x77359400})

22:31:52 executing program 4:
perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800, 0x0, @perf_config_ext={0x7, 0x8e}, 0x8}, 0x0, 0xfff7feffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/adsp1\x00', 0x0, 0x0)
ioctl$SNDCTL_DSP_SETFRAGMENT(r0, 0xc004500a, &(0x7f0000000100)=0x80000)
readv(r0, &(0x7f0000000040)=[{&(0x7f00000012c0)=""/4096, 0x1000}], 0x1)

[  147.152762][   T51] usb 6-1: Using ep0 maxpacket: 32
[  147.272703][   T51] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  147.284034][   T51] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  147.295001][   T51] usb 6-1: New USB device found, idVendor=172f, idProduct=0502, bcdDevice= 0.40
[  147.311701][   T51] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  147.323844][   T51] usb 6-1: config 0 descriptor??
[  147.862573][   T51] usbhid 6-1:0.0: can't add hid device: -71
[  147.868600][   T51] usbhid: probe of 6-1:0.0 failed with error -71
[  147.876724][   T51] usb 6-1: USB disconnect, device number 9
22:31:53 executing program 5:
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f00000000c0)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x20, 0x172f, 0x502, 0x40, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x1, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x1}}}}]}}]}}, 0x0)
syz_usb_control_io(r0, &(0x7f0000000140)={0x2c, &(0x7f0000000000)={0x0, 0x0, 0x54, {0x54, 0x0, "02efbe0f000005000000b74b7eafcbb3fef73abd5a3bbe172a1886149031adba67406045fc2a4ad305000000663e9ac3d427f34c20f6b60aaf9acb9eaa88105d3abb6c9d3342be7919dd0d1fe216956835b5"}}, 0x0, 0x0, 0x0, 0x0}, 0x0)

22:31:53 executing program 3:
syz_open_procfs(0x0, &(0x7f0000000000)='uid_map\x00')
r0 = syz_open_procfs(0x0, &(0x7f0000000080)='fd\x00')
fchdir(r0)
r1 = memfd_create(&(0x7f0000000780)='\x00', 0x0)
write(0xffffffffffffffff, &(0x7f00000000c0)="6963e64243ea486da3a74e3deec6fc5bb9650b5de56946c568f95d22467190ba406d59a5958d6f156c9c8a2ac4677b00000000000000000000200000f8bf54da33", 0x41)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1, 0x11, r1, 0x0)
r2 = socket$inet6_udp(0xa, 0x2, 0x0)
r3 = dup(r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
r4 = inotify_init1(0x0)
inotify_add_watch(r4, &(0x7f0000000040)='./control\x00', 0xa4000960)
open(&(0x7f0000000040)='.\x00', 0x300, 0x0)

22:31:53 executing program 0:
perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = socket(0x10, 0x80002, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000000)={'batadv0\x00', <r1=>0x0})
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)=@newlink={0x3c, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x38483}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @ipvlan={{0xb, 0x1, 'ipvlan\x00'}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r1}]}, 0x3c}}, 0x0)

22:31:53 executing program 2:
syz_mount_image$msdos(&(0x7f0000000040)='msdos\x00', &(0x7f00000003c0)='./file1\x00', 0xffffffff, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0400050900000000666174000404090a0200027400f801", 0x17}], 0x0, &(0x7f00000004c0)=ANY=[])
chdir(&(0x7f0000000000)='./file1\x00')
r0 = creat(&(0x7f0000000040)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
r2 = creat(&(0x7f0000000040)='./bus\x00', 0x0)
ftruncate(r2, 0x800)
ioctl$BLKGETSIZE(0xffffffffffffffff, 0x1260, 0x0)
r3 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x50)
sendfile(r2, r3, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0xffff000b)

22:31:53 executing program 1:
pipe(&(0x7f0000000040)={<r0=>0xffffffffffffffff})
getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(0xffffffffffffffff, 0x84, 0x70, &(0x7f0000000300)={0x0, @in6={{0xa, 0x0, 0x0, @private1}}}, &(0x7f0000000180)=0x100)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
close(r1)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x88002, 0x0)
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000100)={'syzkaller1\x00', 0xa732})
r3 = socket$netlink(0x10, 0x3, 0x0)
ioctl$sock_inet_SIOCSIFADDR(r3, 0x8914, &(0x7f0000000000)={'syzkaller1\x00', {0x7, 0x0, @multicast2}})
write$tun(0xffffffffffffffff, &(0x7f0000000140)={@val, @void, @eth={@broadcast, @local, @void, {@ipv6={0x86dd, @generic={0x0, 0x6, "163dac", 0x0, 0x0, 0x0, @local, @mcast2}}}}}, 0x3a)
splice(r0, 0x0, r1, 0x0, 0x18100, 0x0)

22:31:53 executing program 4:
perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800, 0x0, @perf_config_ext={0x7, 0x8e}, 0x8}, 0x0, 0xfff7feffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/adsp1\x00', 0x0, 0x0)
ioctl$SNDCTL_DSP_SETFRAGMENT(r0, 0xc004500a, &(0x7f0000000100)=0x80000)
readv(r0, &(0x7f0000000040)=[{&(0x7f00000012c0)=""/4096, 0x1000}], 0x1)

[  148.361728][T10876] 8021q: adding VLAN 0 to HW filter on device ipvlan2
[  148.368418][   T27] audit: type=1804 audit(1596925913.975:59): pid=10874 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir713504557/syzkaller.Jh2fjf/14/file1/bus" dev="loop2" ino=20 res=1 errno=0
22:31:54 executing program 3:
syz_open_procfs(0x0, &(0x7f0000000000)='uid_map\x00')
r0 = syz_open_procfs(0x0, &(0x7f0000000080)='fd\x00')
fchdir(r0)
r1 = memfd_create(&(0x7f0000000780)='\x00', 0x0)
write(0xffffffffffffffff, &(0x7f00000000c0)="6963e64243ea486da3a74e3deec6fc5bb9650b5de56946c568f95d22467190ba406d59a5958d6f156c9c8a2ac4677b00000000000000000000200000f8bf54da33", 0x41)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1, 0x11, r1, 0x0)
r2 = socket$inet6_udp(0xa, 0x2, 0x0)
r3 = dup(r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
r4 = inotify_init1(0x0)
inotify_add_watch(r4, &(0x7f0000000040)='./control\x00', 0xa4000960)
open(&(0x7f0000000040)='.\x00', 0x300, 0x0)

22:31:54 executing program 0:
r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/adsp1\x00', 0x0, 0x0)
ioctl$SNDCTL_DSP_SETFRAGMENT(r0, 0xc004500a, &(0x7f0000000100))
readv(r0, &(0x7f0000000040)=[{&(0x7f00000012c0)=""/4096, 0x1000}], 0x1)
ioctl$SNDCTL_DSP_SETFRAGMENT(r0, 0xc004500a, &(0x7f0000000000))

[  148.392862][   T27] audit: type=1804 audit(1596925914.005:60): pid=10874 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir713504557/syzkaller.Jh2fjf/14/file1/bus" dev="loop2" ino=20 res=1 errno=0
[  148.399255][T10883] 8021q: adding VLAN 0 to HW filter on device ipvlan3
[  148.416529][   T27] audit: type=1804 audit(1596925914.005:61): pid=10874 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir713504557/syzkaller.Jh2fjf/14/file1/bus" dev="loop2" ino=20 res=1 errno=0
22:31:54 executing program 3:
syz_open_procfs(0x0, &(0x7f0000000000)='uid_map\x00')
r0 = syz_open_procfs(0x0, &(0x7f0000000080)='fd\x00')
fchdir(r0)
r1 = memfd_create(&(0x7f0000000780)='\x00', 0x0)
write(r1, 0x0, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1, 0x11, r1, 0x0)
r2 = socket$inet6_udp(0xa, 0x2, 0x0)
r3 = dup(r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
r4 = inotify_init1(0x0)
inotify_add_watch(r4, &(0x7f0000000040)='./control\x00', 0xa4000960)
open(&(0x7f0000000040)='.\x00', 0x300, 0x0)

22:31:54 executing program 3:
syz_open_procfs(0x0, &(0x7f0000000000)='uid_map\x00')
r0 = syz_open_procfs(0x0, &(0x7f0000000080)='fd\x00')
fchdir(r0)
r1 = memfd_create(&(0x7f0000000780)='\x00', 0x0)
write(r1, 0x0, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1, 0x11, r1, 0x0)
r2 = socket$inet6_udp(0xa, 0x2, 0x0)
r3 = dup(r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
r4 = inotify_init1(0x0)
inotify_add_watch(r4, &(0x7f0000000040)='./control\x00', 0xa4000960)
open(&(0x7f0000000040)='.\x00', 0x300, 0x0)

[  148.634129][    T5] usb 6-1: new high-speed USB device number 10 using dummy_hcd
22:31:54 executing program 3:
syz_open_procfs(0x0, &(0x7f0000000000)='uid_map\x00')
r0 = syz_open_procfs(0x0, &(0x7f0000000080)='fd\x00')
fchdir(r0)
r1 = memfd_create(&(0x7f0000000780)='\x00', 0x0)
write(r1, 0x0, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1, 0x11, r1, 0x0)
r2 = socket$inet6_udp(0xa, 0x2, 0x0)
r3 = dup(r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
r4 = inotify_init1(0x0)
inotify_add_watch(r4, &(0x7f0000000040)='./control\x00', 0xa4000960)
open(&(0x7f0000000040)='.\x00', 0x300, 0x0)

22:31:54 executing program 3:
syz_open_procfs(0x0, &(0x7f0000000000)='uid_map\x00')
r0 = syz_open_procfs(0x0, &(0x7f0000000080)='fd\x00')
fchdir(r0)
r1 = memfd_create(&(0x7f0000000780)='\x00', 0x0)
write(r1, &(0x7f00000000c0), 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1, 0x11, r1, 0x0)
r2 = socket$inet6_udp(0xa, 0x2, 0x0)
r3 = dup(r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
r4 = inotify_init1(0x0)
inotify_add_watch(r4, &(0x7f0000000040)='./control\x00', 0xa4000960)
open(&(0x7f0000000040)='.\x00', 0x300, 0x0)

[  148.892486][    T5] usb 6-1: Using ep0 maxpacket: 32
[  149.054245][    T5] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  149.065600][    T5] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  149.077178][    T5] usb 6-1: New USB device found, idVendor=172f, idProduct=0502, bcdDevice= 0.40
[  149.086350][    T5] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  149.095394][    T5] usb 6-1: config 0 descriptor??
[  149.632474][    T5] usbhid 6-1:0.0: can't add hid device: -71
[  149.638520][    T5] usbhid: probe of 6-1:0.0 failed with error -71
[  149.649077][    T5] usb 6-1: USB disconnect, device number 10
22:31:55 executing program 5:
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f00000000c0)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x20, 0x172f, 0x502, 0x40, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x1, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x1}}}}]}}]}}, 0x0)
syz_usb_control_io(r0, &(0x7f0000000140)={0x2c, &(0x7f0000000000)={0x0, 0x0, 0x54, {0x54, 0x0, "02efbe0f000005000000b74b7eafcbb3fef73abd5a3bbe172a1886149031adba67406045fc2a4ad305000000663e9ac3d427f34c20f6b60aaf9acb9eaa88105d3abb6c9d3342be7919dd0d1fe216956835b5"}}, 0x0, 0x0, 0x0, 0x0}, 0x0)

22:31:55 executing program 3:
syz_open_procfs(0x0, &(0x7f0000000000)='uid_map\x00')
r0 = syz_open_procfs(0x0, &(0x7f0000000080)='fd\x00')
fchdir(r0)
r1 = memfd_create(&(0x7f0000000780)='\x00', 0x0)
write(r1, &(0x7f00000000c0), 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1, 0x11, r1, 0x0)
r2 = socket$inet6_udp(0xa, 0x2, 0x0)
r3 = dup(r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
r4 = inotify_init1(0x0)
inotify_add_watch(r4, &(0x7f0000000040)='./control\x00', 0xa4000960)
open(&(0x7f0000000040)='.\x00', 0x300, 0x0)

22:31:55 executing program 4:
perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800, 0x0, @perf_config_ext={0x7, 0x8e}, 0x8}, 0x0, 0xfff7feffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/adsp1\x00', 0x0, 0x0)
readv(r0, &(0x7f0000000040)=[{&(0x7f00000012c0)=""/4096, 0x1000}], 0x1)

22:31:55 executing program 2:
syz_mount_image$msdos(&(0x7f0000000040)='msdos\x00', &(0x7f00000003c0)='./file1\x00', 0xffffffff, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0400050900000000666174000404090a0200027400f801", 0x17}], 0x0, &(0x7f00000004c0)=ANY=[])
chdir(&(0x7f0000000000)='./file1\x00')
r0 = creat(&(0x7f0000000040)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
r2 = creat(&(0x7f0000000040)='./bus\x00', 0x0)
ftruncate(r2, 0x800)
ioctl$BLKGETSIZE(0xffffffffffffffff, 0x1260, 0x0)
r3 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x50)
sendfile(r2, r3, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0xffff000b)

22:31:55 executing program 1:
pipe(&(0x7f0000000040)={<r0=>0xffffffffffffffff})
getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(0xffffffffffffffff, 0x84, 0x70, &(0x7f0000000300)={0x0, @in6={{0xa, 0x0, 0x0, @private1}}}, &(0x7f0000000180)=0x100)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
close(r1)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x88002, 0x0)
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000100)={'syzkaller1\x00', 0xa732})
r3 = socket$netlink(0x10, 0x3, 0x0)
ioctl$sock_inet_SIOCSIFADDR(r3, 0x8914, &(0x7f0000000000)={'syzkaller1\x00', {0x7, 0x0, @multicast2}})
write$tun(0xffffffffffffffff, &(0x7f0000000140)={@val, @void, @eth={@broadcast, @local, @void, {@ipv6={0x86dd, @generic={0x0, 0x6, "163dac", 0x0, 0x0, 0x0, @local, @mcast2}}}}}, 0x3a)
splice(r0, 0x0, r1, 0x0, 0x18100, 0x0)

22:31:55 executing program 0:
r0 = socket$caif_stream(0x25, 0x1, 0x0)
recvfrom(r0, 0x0, 0x0, 0x2100, 0x0, 0x0)

[  150.088047][   T27] audit: type=1804 audit(1596925915.705:62): pid=10932 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir713504557/syzkaller.Jh2fjf/15/file1/bus" dev="loop2" ino=21 res=1 errno=0
[  150.165488][   T27] audit: type=1804 audit(1596925915.705:63): pid=10932 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir713504557/syzkaller.Jh2fjf/15/file1/bus" dev="loop2" ino=21 res=1 errno=0
[  150.189114][   T27] audit: type=1804 audit(1596925915.705:64): pid=10932 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir713504557/syzkaller.Jh2fjf/15/file1/bus" dev="loop2" ino=21 res=1 errno=0
22:31:55 executing program 0:
pipe(&(0x7f00000004c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0)
r2 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2)
splice(r0, 0x0, r2, 0x0, 0x8, 0x0)

22:31:55 executing program 3:
syz_open_procfs(0x0, &(0x7f0000000000)='uid_map\x00')
r0 = syz_open_procfs(0x0, &(0x7f0000000080)='fd\x00')
fchdir(r0)
r1 = memfd_create(&(0x7f0000000780)='\x00', 0x0)
write(r1, &(0x7f00000000c0), 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1, 0x11, r1, 0x0)
r2 = socket$inet6_udp(0xa, 0x2, 0x0)
r3 = dup(r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
r4 = inotify_init1(0x0)
inotify_add_watch(r4, &(0x7f0000000040)='./control\x00', 0xa4000960)
open(&(0x7f0000000040)='.\x00', 0x300, 0x0)

22:31:56 executing program 3:
syz_open_procfs(0x0, &(0x7f0000000000)='uid_map\x00')
r0 = syz_open_procfs(0x0, &(0x7f0000000080)='fd\x00')
fchdir(r0)
r1 = memfd_create(&(0x7f0000000780)='\x00', 0x0)
write(r1, &(0x7f00000000c0)="6963e64243ea486da3a74e3deec6fc5bb9650b5de56946c568f95d22467190ba40", 0x21)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1, 0x11, r1, 0x0)
r2 = socket$inet6_udp(0xa, 0x2, 0x0)
r3 = dup(r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
r4 = inotify_init1(0x0)
inotify_add_watch(r4, &(0x7f0000000040)='./control\x00', 0xa4000960)
open(&(0x7f0000000040)='.\x00', 0x300, 0x0)

[  150.394945][T10954] sg_write: process 94 (syz-executor.0) called from kernel context, this is not allowed.
22:31:56 executing program 3:
syz_open_procfs(0x0, &(0x7f0000000000)='uid_map\x00')
r0 = syz_open_procfs(0x0, &(0x7f0000000080)='fd\x00')
fchdir(r0)
r1 = memfd_create(&(0x7f0000000780)='\x00', 0x0)
write(r1, &(0x7f00000000c0)="6963e64243ea486da3a74e3deec6fc5bb9650b5de56946c568f95d22467190ba40", 0x21)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1, 0x11, r1, 0x0)
r2 = socket$inet6_udp(0xa, 0x2, 0x0)
r3 = dup(r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
r4 = inotify_init1(0x0)
inotify_add_watch(r4, &(0x7f0000000040)='./control\x00', 0xa4000960)
open(&(0x7f0000000040)='.\x00', 0x300, 0x0)

22:31:56 executing program 3:
syz_open_procfs(0x0, &(0x7f0000000000)='uid_map\x00')
r0 = syz_open_procfs(0x0, &(0x7f0000000080)='fd\x00')
fchdir(r0)
r1 = memfd_create(&(0x7f0000000780)='\x00', 0x0)
write(r1, &(0x7f00000000c0)="6963e64243ea486da3a74e3deec6fc5bb9650b5de56946c568f95d22467190ba40", 0x21)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1, 0x11, r1, 0x0)
r2 = socket$inet6_udp(0xa, 0x2, 0x0)
r3 = dup(r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
r4 = inotify_init1(0x0)
inotify_add_watch(r4, &(0x7f0000000040)='./control\x00', 0xa4000960)
open(&(0x7f0000000040)='.\x00', 0x300, 0x0)

[  150.512458][T10070] usb 6-1: new high-speed USB device number 11 using dummy_hcd
22:31:56 executing program 3:
syz_open_procfs(0x0, &(0x7f0000000000)='uid_map\x00')
r0 = syz_open_procfs(0x0, &(0x7f0000000080)='fd\x00')
fchdir(r0)
r1 = memfd_create(&(0x7f0000000780)='\x00', 0x0)
write(r1, &(0x7f00000000c0)="6963e64243ea486da3a74e3deec6fc5bb9650b5de56946c568f95d22467190ba406d59a5958d6f156c9c8a2ac4677b0000", 0x31)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1, 0x11, r1, 0x0)
r2 = socket$inet6_udp(0xa, 0x2, 0x0)
r3 = dup(r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
r4 = inotify_init1(0x0)
inotify_add_watch(r4, &(0x7f0000000040)='./control\x00', 0xa4000960)
open(&(0x7f0000000040)='.\x00', 0x300, 0x0)

[  150.752445][T10070] usb 6-1: Using ep0 maxpacket: 32
[  150.872492][T10070] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  150.884749][T10070] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  150.894624][T10070] usb 6-1: New USB device found, idVendor=172f, idProduct=0502, bcdDevice= 0.40
[  150.905096][T10070] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  150.916872][T10070] usb 6-1: config 0 descriptor??
[  151.442479][T10070] usbhid 6-1:0.0: can't add hid device: -71
[  151.448941][T10070] usbhid: probe of 6-1:0.0 failed with error -71
[  151.456192][T10070] usb 6-1: USB disconnect, device number 11
22:31:57 executing program 5:
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f00000000c0)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x20, 0x172f, 0x502, 0x40, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x1, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x1}}}}]}}]}}, 0x0)
syz_usb_control_io(r0, &(0x7f0000000140)={0x2c, &(0x7f0000000000)={0x0, 0x0, 0x54, {0x54, 0x0, "02efbe0f000005000000b74b7eafcbb3fef73abd5a3bbe172a1886149031adba67406045fc2a4ad305000000663e9ac3d427f34c20f6b60aaf9acb9eaa88105d3abb6c9d3342be7919dd0d1fe216956835b5"}}, 0x0, 0x0, 0x0, 0x0}, 0x0)

22:31:57 executing program 2:
syz_mount_image$msdos(&(0x7f0000000040)='msdos\x00', &(0x7f00000003c0)='./file1\x00', 0xffffffff, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0400050900000000666174000404090a0200027400f801", 0x17}], 0x0, &(0x7f00000004c0)=ANY=[])
chdir(&(0x7f0000000000)='./file1\x00')
r0 = creat(&(0x7f0000000040)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
r2 = creat(&(0x7f0000000040)='./bus\x00', 0x0)
ftruncate(r2, 0x800)
ioctl$BLKGETSIZE(0xffffffffffffffff, 0x1260, 0x0)
r3 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x50)
sendfile(r2, r3, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0xffff000b)

22:31:57 executing program 3:
syz_open_procfs(0x0, &(0x7f0000000000)='uid_map\x00')
r0 = syz_open_procfs(0x0, &(0x7f0000000080)='fd\x00')
fchdir(r0)
r1 = memfd_create(&(0x7f0000000780)='\x00', 0x0)
write(r1, &(0x7f00000000c0)="6963e64243ea486da3a74e3deec6fc5bb9650b5de56946c568f95d22467190ba406d59a5958d6f156c9c8a2ac4677b0000", 0x31)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1, 0x11, r1, 0x0)
r2 = socket$inet6_udp(0xa, 0x2, 0x0)
r3 = dup(r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
r4 = inotify_init1(0x0)
inotify_add_watch(r4, &(0x7f0000000040)='./control\x00', 0xa4000960)
open(&(0x7f0000000040)='.\x00', 0x300, 0x0)

22:31:57 executing program 4:
perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800, 0x0, @perf_config_ext={0x7, 0x8e}, 0x8}, 0x0, 0xfff7feffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/adsp1\x00', 0x0, 0x0)
readv(r0, &(0x7f0000000040)=[{&(0x7f00000012c0)=""/4096, 0x1000}], 0x1)

22:31:57 executing program 1:
pipe(&(0x7f0000000040)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(0xffffffffffffffff, 0x84, 0x70, &(0x7f0000000300)={0x0, @in6={{0xa, 0x0, 0x0, @private1}}}, &(0x7f0000000180)=0x100)
r2 = socket$inet_udp(0x2, 0x2, 0x0)
close(r2)
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x88002, 0x0)
ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000100)={'syzkaller1\x00', 0xa732})
r4 = socket$netlink(0x10, 0x3, 0x0)
ioctl$sock_inet_SIOCSIFADDR(r4, 0x8914, &(0x7f0000000000)={'syzkaller1\x00', {0x7, 0x0, @multicast2}})
write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x1000000c8)
splice(r0, 0x0, r2, 0x0, 0x18100, 0x0)

22:31:57 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32], 0x48}}, 0x0)
sendmsg$ETHTOOL_MSG_PRIVFLAGS_GET(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000000), 0xc, 0x0}, 0x0)
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000640)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfb]})
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = dup(r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380))
ioctl$KVM_RUN(r2, 0xae80, 0x0)

22:31:57 executing program 3:
syz_open_procfs(0x0, &(0x7f0000000000)='uid_map\x00')
r0 = syz_open_procfs(0x0, &(0x7f0000000080)='fd\x00')
fchdir(r0)
r1 = memfd_create(&(0x7f0000000780)='\x00', 0x0)
write(r1, &(0x7f00000000c0)="6963e64243ea486da3a74e3deec6fc5bb9650b5de56946c568f95d22467190ba406d59a5958d6f156c9c8a2ac4677b0000", 0x31)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1, 0x11, r1, 0x0)
r2 = socket$inet6_udp(0xa, 0x2, 0x0)
r3 = dup(r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
r4 = inotify_init1(0x0)
inotify_add_watch(r4, &(0x7f0000000040)='./control\x00', 0xa4000960)
open(&(0x7f0000000040)='.\x00', 0x300, 0x0)

22:31:57 executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=ANY=[@ANYBLOB="900000001000432408e623a2fb914371e9db5600", @ANYRES32=0x0, @ANYBLOB="b5219e774b00000008000a00", @ANYRES32=0x6, @ANYBLOB="6800120008000100677265005c00020008000400ac"], 0x90}}, 0x0)

[  151.969215][   T27] audit: type=1804 audit(1596925917.585:65): pid=10998 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir713504557/syzkaller.Jh2fjf/16/file1/bus" dev="loop2" ino=22 res=1 errno=0
[  151.994631][   T27] audit: type=1804 audit(1596925917.585:66): pid=10998 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir713504557/syzkaller.Jh2fjf/16/file1/bus" dev="loop2" ino=22 res=1 errno=0
[  152.048573][   T27] audit: type=1804 audit(1596925917.585:67): pid=10998 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir713504557/syzkaller.Jh2fjf/16/file1/bus" dev="loop2" ino=22 res=1 errno=0
[  152.079808][T11021] netlink: 80 bytes leftover after parsing attributes in process `syz-executor.0'.
22:31:57 executing program 3:
syz_open_procfs(0x0, &(0x7f0000000000)='uid_map\x00')
r0 = syz_open_procfs(0x0, &(0x7f0000000080)='fd\x00')
fchdir(r0)
r1 = memfd_create(&(0x7f0000000780)='\x00', 0x0)
write(r1, &(0x7f00000000c0)="6963e64243ea486da3a74e3deec6fc5bb9650b5de56946c568f95d22467190ba406d59a5958d6f156c9c8a2ac4677b00"/57, 0x39)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1, 0x11, r1, 0x0)
r2 = socket$inet6_udp(0xa, 0x2, 0x0)
r3 = dup(r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
r4 = inotify_init1(0x0)
inotify_add_watch(r4, &(0x7f0000000040)='./control\x00', 0xa4000960)
open(&(0x7f0000000040)='.\x00', 0x300, 0x0)

22:31:57 executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=ANY=[@ANYBLOB="900000001000432408e623a2fb914371e9db5600", @ANYRES32=0x0, @ANYBLOB="b5219e774b00000008000a00", @ANYRES32=0x6, @ANYBLOB="6800120008000100677265005c00020008000400ac"], 0x90}}, 0x0)

[  152.232351][    T5] usb 6-1: new high-speed USB device number 12 using dummy_hcd
22:31:58 executing program 3:
syz_open_procfs(0x0, &(0x7f0000000000)='uid_map\x00')
r0 = syz_open_procfs(0x0, &(0x7f0000000080)='fd\x00')
fchdir(r0)
r1 = memfd_create(&(0x7f0000000780)='\x00', 0x0)
write(r1, &(0x7f00000000c0)="6963e64243ea486da3a74e3deec6fc5bb9650b5de56946c568f95d22467190ba406d59a5958d6f156c9c8a2ac4677b00"/57, 0x39)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1, 0x11, r1, 0x0)
r2 = socket$inet6_udp(0xa, 0x2, 0x0)
r3 = dup(r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
r4 = inotify_init1(0x0)
inotify_add_watch(r4, &(0x7f0000000040)='./control\x00', 0xa4000960)
open(&(0x7f0000000040)='.\x00', 0x300, 0x0)

[  152.371906][T11039] netlink: 80 bytes leftover after parsing attributes in process `syz-executor.0'.
22:31:58 executing program 4:
perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800, 0x0, @perf_config_ext={0x7, 0x8e}, 0x8}, 0x0, 0xfff7feffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/adsp1\x00', 0x0, 0x0)
readv(r0, &(0x7f0000000040)=[{&(0x7f00000012c0)=""/4096, 0x1000}], 0x1)

[  152.502362][    T5] usb 6-1: Using ep0 maxpacket: 32
[  152.632568][    T5] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  152.660823][    T5] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  152.690940][    T5] usb 6-1: New USB device found, idVendor=172f, idProduct=0502, bcdDevice= 0.40
[  152.700907][    T5] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  152.710691][    T5] usb 6-1: config 0 descriptor??
[  153.292460][    T5] usbhid 6-1:0.0: can't add hid device: -71
[  153.298483][    T5] usbhid: probe of 6-1:0.0 failed with error -71
[  153.309257][    T5] usb 6-1: USB disconnect, device number 12
22:31:59 executing program 5:
syz_usb_control_io(0xffffffffffffffff, 0x0, 0x0)
syz_usb_control_io(0xffffffffffffffff, &(0x7f0000000140)={0x2c, &(0x7f0000000000)={0x0, 0x0, 0x54, {0x54, 0x0, "02efbe0f000005000000b74b7eafcbb3fef73abd5a3bbe172a1886149031adba67406045fc2a4ad305000000663e9ac3d427f34c20f6b60aaf9acb9eaa88105d3abb6c9d3342be7919dd0d1fe216956835b5"}}, 0x0, 0x0, 0x0, 0x0}, 0x0)

22:31:59 executing program 3:
syz_open_procfs(0x0, &(0x7f0000000000)='uid_map\x00')
r0 = syz_open_procfs(0x0, &(0x7f0000000080)='fd\x00')
fchdir(r0)
r1 = memfd_create(&(0x7f0000000780)='\x00', 0x0)
write(r1, &(0x7f00000000c0)="6963e64243ea486da3a74e3deec6fc5bb9650b5de56946c568f95d22467190ba406d59a5958d6f156c9c8a2ac4677b00"/57, 0x39)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1, 0x11, r1, 0x0)
r2 = socket$inet6_udp(0xa, 0x2, 0x0)
r3 = dup(r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
r4 = inotify_init1(0x0)
inotify_add_watch(r4, &(0x7f0000000040)='./control\x00', 0xa4000960)
open(&(0x7f0000000040)='.\x00', 0x300, 0x0)

22:31:59 executing program 0:
r0 = socket(0x10, 0x80002, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000000)={'batadv0\x00', <r1=>0x0})
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x1d9ef, &(0x7f0000000140)={&(0x7f0000000300)=@newlink={0x3c, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x38483}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @ipvlan={{0xb, 0x1, 'ipvlan\x00'}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r1}]}, 0x3c}}, 0x0)

22:31:59 executing program 2:
syz_mount_image$msdos(&(0x7f0000000040)='msdos\x00', &(0x7f00000003c0)='./file1\x00', 0xffffffff, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0400050900000000666174000404090a0200027400f801", 0x17}], 0x0, &(0x7f00000004c0)=ANY=[])
chdir(&(0x7f0000000000)='./file1\x00')
r0 = creat(&(0x7f0000000040)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
r2 = creat(&(0x7f0000000040)='./bus\x00', 0x0)
ftruncate(r2, 0x800)
lseek(r2, 0x1, 0x0)
r3 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x50)
sendfile(r2, r3, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0xffff000b)

22:31:59 executing program 1:
pipe(&(0x7f0000000040)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(0xffffffffffffffff, 0x84, 0x70, &(0x7f0000000300)={0x0, @in6={{0xa, 0x0, 0x0, @private1}}}, &(0x7f0000000180)=0x100)
r2 = socket$inet_udp(0x2, 0x2, 0x0)
close(r2)
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x88002, 0x0)
ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000100)={'syzkaller1\x00', 0xa732})
r4 = socket$netlink(0x10, 0x3, 0x0)
ioctl$sock_inet_SIOCSIFADDR(r4, 0x8914, &(0x7f0000000000)={'syzkaller1\x00', {0x7, 0x0, @multicast2}})
write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x1000000c8)
splice(r0, 0x0, r2, 0x0, 0x18100, 0x0)

22:31:59 executing program 4:
perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800, 0x0, @perf_config_ext={0x7, 0x8e}, 0x8}, 0x0, 0xfff7feffffffffff, 0xffffffffffffffff, 0x0)
ioctl$SNDCTL_DSP_SETFRAGMENT(0xffffffffffffffff, 0xc004500a, &(0x7f0000000100)=0x80000)
readv(0xffffffffffffffff, &(0x7f0000000040)=[{&(0x7f00000012c0)=""/4096, 0x1000}], 0x1)

22:31:59 executing program 4:
perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800, 0x0, @perf_config_ext={0x7, 0x8e}, 0x8}, 0x0, 0xfff7feffffffffff, 0xffffffffffffffff, 0x0)
ioctl$SNDCTL_DSP_SETFRAGMENT(0xffffffffffffffff, 0xc004500a, &(0x7f0000000100)=0x80000)
readv(0xffffffffffffffff, &(0x7f0000000040)=[{&(0x7f00000012c0)=""/4096, 0x1000}], 0x1)

22:31:59 executing program 3:
syz_open_procfs(0x0, &(0x7f0000000000)='uid_map\x00')
r0 = syz_open_procfs(0x0, &(0x7f0000000080)='fd\x00')
fchdir(r0)
r1 = memfd_create(&(0x7f0000000780)='\x00', 0x0)
write(r1, &(0x7f00000000c0)="6963e64243ea486da3a74e3deec6fc5bb9650b5de56946c568f95d22467190ba406d59a5958d6f156c9c8a2ac4677b00000000000000000000200000f8", 0x3d)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1, 0x11, r1, 0x0)
r2 = socket$inet6_udp(0xa, 0x2, 0x0)
r3 = dup(r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
r4 = inotify_init1(0x0)
inotify_add_watch(r4, &(0x7f0000000040)='./control\x00', 0xa4000960)
open(&(0x7f0000000040)='.\x00', 0x300, 0x0)

22:31:59 executing program 4:
perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800, 0x0, @perf_config_ext={0x7, 0x8e}, 0x8}, 0x0, 0xfff7feffffffffff, 0xffffffffffffffff, 0x0)
ioctl$SNDCTL_DSP_SETFRAGMENT(0xffffffffffffffff, 0xc004500a, &(0x7f0000000100)=0x80000)
readv(0xffffffffffffffff, &(0x7f0000000040)=[{&(0x7f00000012c0)=""/4096, 0x1000}], 0x1)

22:31:59 executing program 4:
r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/adsp1\x00', 0x0, 0x0)
ioctl$SNDCTL_DSP_SETFRAGMENT(r0, 0xc004500a, &(0x7f0000000100)=0x80000)
readv(r0, &(0x7f0000000040)=[{&(0x7f00000012c0)=""/4096, 0x1000}], 0x1)

[  153.771324][   T27] audit: type=1804 audit(1596925919.385:68): pid=11074 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir713504557/syzkaller.Jh2fjf/17/file1/bus" dev="loop2" ino=23 res=1 errno=0
[  153.830343][T11077] 8021q: adding VLAN 0 to HW filter on device ipvlan4
22:31:59 executing program 3:
syz_open_procfs(0x0, &(0x7f0000000000)='uid_map\x00')
r0 = syz_open_procfs(0x0, &(0x7f0000000080)='fd\x00')
fchdir(r0)
r1 = memfd_create(&(0x7f0000000780)='\x00', 0x0)
write(r1, &(0x7f00000000c0)="6963e64243ea486da3a74e3deec6fc5bb9650b5de56946c568f95d22467190ba406d59a5958d6f156c9c8a2ac4677b00000000000000000000200000f8", 0x3d)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1, 0x11, r1, 0x0)
r2 = socket$inet6_udp(0xa, 0x2, 0x0)
r3 = dup(r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
r4 = inotify_init1(0x0)
inotify_add_watch(r4, &(0x7f0000000040)='./control\x00', 0xa4000960)
open(&(0x7f0000000040)='.\x00', 0x300, 0x0)

22:31:59 executing program 0:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41bc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vhost-net\x00', 0x2, 0x0)
ioctl$int_in(r0, 0x40000000af01, 0x0)
r1 = socket$inet_sctp(0x2, 0x5, 0x84)
ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000480)=ANY=[@ANYRES64=r1, @ANYRESOCT, @ANYRES32, @ANYBLOB="5704277de2812a7c41e95cfb4fcc59251ec535591152f4ea4333e6aba4aaa73d0d79851a"])

[  153.896011][   T27] audit: type=1804 audit(1596925919.415:69): pid=11074 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir713504557/syzkaller.Jh2fjf/17/file1/bus" dev="loop2" ino=23 res=1 errno=0
[  154.002876][   T27] audit: type=1804 audit(1596925919.425:70): pid=11074 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir713504557/syzkaller.Jh2fjf/17/file1/bus" dev="loop2" ino=23 res=1 errno=0
22:31:59 executing program 5:
syz_usb_control_io(0xffffffffffffffff, 0x0, 0x0)
syz_usb_control_io(0xffffffffffffffff, &(0x7f0000000140)={0x2c, &(0x7f0000000000)={0x0, 0x0, 0x54, {0x54, 0x0, "02efbe0f000005000000b74b7eafcbb3fef73abd5a3bbe172a1886149031adba67406045fc2a4ad305000000663e9ac3d427f34c20f6b60aaf9acb9eaa88105d3abb6c9d3342be7919dd0d1fe216956835b5"}}, 0x0, 0x0, 0x0, 0x0}, 0x0)

22:31:59 executing program 3:
syz_open_procfs(0x0, &(0x7f0000000000)='uid_map\x00')
r0 = syz_open_procfs(0x0, &(0x7f0000000080)='fd\x00')
fchdir(r0)
r1 = memfd_create(&(0x7f0000000780)='\x00', 0x0)
write(r1, &(0x7f00000000c0)="6963e64243ea486da3a74e3deec6fc5bb9650b5de56946c568f95d22467190ba406d59a5958d6f156c9c8a2ac4677b00000000000000000000200000f8", 0x3d)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1, 0x11, r1, 0x0)
r2 = socket$inet6_udp(0xa, 0x2, 0x0)
r3 = dup(r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
r4 = inotify_init1(0x0)
inotify_add_watch(r4, &(0x7f0000000040)='./control\x00', 0xa4000960)
open(&(0x7f0000000040)='.\x00', 0x300, 0x0)

22:31:59 executing program 0:
r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/adsp1\x00', 0x0, 0x0)
ioctl$SNDCTL_DSP_SETFRAGMENT(r0, 0xc004500a, &(0x7f0000000100))
readv(r0, &(0x7f0000000040)=[{&(0x7f00000012c0)=""/4096, 0x1000}], 0x1)
ioctl$SNDCTL_DSP_SETFRAGMENT(r0, 0x40045010, &(0x7f0000000000))

22:32:00 executing program 2:
syz_mount_image$msdos(&(0x7f0000000040)='msdos\x00', &(0x7f00000003c0)='./file1\x00', 0xffffffff, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0400050900000000666174000404090a0200027400f801", 0x17}], 0x0, &(0x7f00000004c0)=ANY=[])
chdir(&(0x7f0000000000)='./file1\x00')
r0 = creat(&(0x7f0000000040)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
r2 = creat(&(0x7f0000000040)='./bus\x00', 0x0)
lseek(r2, 0x1, 0x0)
r3 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x50)
sendfile(r2, r3, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0xffff000b)

22:32:00 executing program 1:
pipe(&(0x7f0000000040)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(0xffffffffffffffff, 0x84, 0x70, &(0x7f0000000300)={0x0, @in6={{0xa, 0x0, 0x0, @private1}}}, &(0x7f0000000180)=0x100)
r2 = socket$inet_udp(0x2, 0x2, 0x0)
close(r2)
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x88002, 0x0)
ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000100)={'syzkaller1\x00', 0xa732})
r4 = socket$netlink(0x10, 0x3, 0x0)
ioctl$sock_inet_SIOCSIFADDR(r4, 0x8914, &(0x7f0000000000)={'syzkaller1\x00', {0x7, 0x0, @multicast2}})
write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x1000000c8)
splice(r0, 0x0, r2, 0x0, 0x18100, 0x0)

22:32:00 executing program 4:
r0 = openat$adsp1(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$SNDCTL_DSP_SETFRAGMENT(r0, 0xc004500a, &(0x7f0000000100)=0x80000)
readv(r0, &(0x7f0000000040)=[{&(0x7f00000012c0)=""/4096, 0x1000}], 0x1)

22:32:00 executing program 3:
syz_open_procfs(0x0, &(0x7f0000000000)='uid_map\x00')
r0 = syz_open_procfs(0x0, &(0x7f0000000080)='fd\x00')
fchdir(r0)
r1 = memfd_create(&(0x7f0000000780)='\x00', 0x0)
write(r1, &(0x7f00000000c0)="6963e64243ea486da3a74e3deec6fc5bb9650b5de56946c568f95d22467190ba406d59a5958d6f156c9c8a2ac4677b00000000000000000000200000f8bf54", 0x3f)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1, 0x11, r1, 0x0)
r2 = socket$inet6_udp(0xa, 0x2, 0x0)
r3 = dup(r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
r4 = inotify_init1(0x0)
inotify_add_watch(r4, &(0x7f0000000040)='./control\x00', 0xa4000960)
open(&(0x7f0000000040)='.\x00', 0x300, 0x0)

22:32:00 executing program 0:
r0 = socket(0x10, 0x2, 0x0)
setsockopt$netlink_NETLINK_TX_RING(0xffffffffffffffff, 0x10e, 0xc, 0x0, 0x0)
write(r0, &(0x7f0000000280)="1c0000001a009b8a140000003b9b301f00"/28, 0x32)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)
perf_event_open(&(0x7f00000003c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41bd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
recvmmsg(r0, &(0x7f0000002ec0), 0x400000000000ec0, 0xa, &(0x7f00000001c0)={0x77359400})

22:32:00 executing program 3:
syz_open_procfs(0x0, &(0x7f0000000000)='uid_map\x00')
r0 = syz_open_procfs(0x0, &(0x7f0000000080)='fd\x00')
fchdir(r0)
r1 = memfd_create(&(0x7f0000000780)='\x00', 0x0)
write(r1, &(0x7f00000000c0)="6963e64243ea486da3a74e3deec6fc5bb9650b5de56946c568f95d22467190ba406d59a5958d6f156c9c8a2ac4677b00000000000000000000200000f8bf54", 0x3f)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1, 0x11, r1, 0x0)
r2 = socket$inet6_udp(0xa, 0x2, 0x0)
r3 = dup(r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
r4 = inotify_init1(0x0)
inotify_add_watch(r4, &(0x7f0000000040)='./control\x00', 0xa4000960)
open(&(0x7f0000000040)='.\x00', 0x300, 0x0)

22:32:00 executing program 4:
r0 = openat$adsp1(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$SNDCTL_DSP_SETFRAGMENT(r0, 0xc004500a, &(0x7f0000000100)=0x80000)
readv(r0, &(0x7f0000000040)=[{&(0x7f00000012c0)=""/4096, 0x1000}], 0x1)

22:32:00 executing program 3:
syz_open_procfs(0x0, &(0x7f0000000000)='uid_map\x00')
r0 = syz_open_procfs(0x0, &(0x7f0000000080)='fd\x00')
fchdir(r0)
r1 = memfd_create(&(0x7f0000000780)='\x00', 0x0)
write(r1, &(0x7f00000000c0)="6963e64243ea486da3a74e3deec6fc5bb9650b5de56946c568f95d22467190ba406d59a5958d6f156c9c8a2ac4677b00000000000000000000200000f8bf54", 0x3f)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1, 0x11, r1, 0x0)
r2 = socket$inet6_udp(0xa, 0x2, 0x0)
r3 = dup(r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
r4 = inotify_init1(0x0)
inotify_add_watch(r4, &(0x7f0000000040)='./control\x00', 0xa4000960)
open(&(0x7f0000000040)='.\x00', 0x300, 0x0)

[  154.761906][   T27] audit: type=1804 audit(1596925920.375:71): pid=11139 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir713504557/syzkaller.Jh2fjf/18/file1/bus" dev="loop2" ino=24 res=1 errno=0
22:32:00 executing program 3:
syz_open_procfs(0x0, &(0x7f0000000000)='uid_map\x00')
r0 = syz_open_procfs(0x0, &(0x7f0000000080)='fd\x00')
fchdir(r0)
r1 = memfd_create(&(0x7f0000000780)='\x00', 0x0)
write(r1, &(0x7f00000000c0)="6963e64243ea486da3a74e3deec6fc5bb9650b5de56946c568f95d22467190ba406d59a5958d6f156c9c8a2ac4677b00000000000000000000200000f8bf54da", 0x40)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1, 0x11, r1, 0x0)
r2 = socket$inet6_udp(0xa, 0x2, 0x0)
r3 = dup(r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
r4 = inotify_init1(0x0)
inotify_add_watch(r4, &(0x7f0000000040)='./control\x00', 0xa4000960)
open(&(0x7f0000000040)='.\x00', 0x300, 0x0)

22:32:00 executing program 5:
syz_usb_control_io(0xffffffffffffffff, 0x0, 0x0)
syz_usb_control_io(0xffffffffffffffff, &(0x7f0000000140)={0x2c, &(0x7f0000000000)={0x0, 0x0, 0x54, {0x54, 0x0, "02efbe0f000005000000b74b7eafcbb3fef73abd5a3bbe172a1886149031adba67406045fc2a4ad305000000663e9ac3d427f34c20f6b60aaf9acb9eaa88105d3abb6c9d3342be7919dd0d1fe216956835b5"}}, 0x0, 0x0, 0x0, 0x0}, 0x0)

22:32:00 executing program 2:
syz_mount_image$msdos(&(0x7f0000000040)='msdos\x00', &(0x7f00000003c0)='./file1\x00', 0xffffffff, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0400050900000000666174000404090a0200027400f801", 0x17}], 0x0, &(0x7f00000004c0)=ANY=[])
chdir(&(0x7f0000000000)='./file1\x00')
r0 = creat(&(0x7f0000000040)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
r2 = creat(&(0x7f0000000040)='./bus\x00', 0x0)
lseek(r2, 0x1, 0x0)
r3 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x50)
sendfile(r2, r3, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0xffff000b)

22:32:00 executing program 3:
syz_open_procfs(0x0, &(0x7f0000000000)='uid_map\x00')
r0 = syz_open_procfs(0x0, &(0x7f0000000080)='fd\x00')
fchdir(r0)
r1 = memfd_create(&(0x7f0000000780)='\x00', 0x0)
write(r1, &(0x7f00000000c0)="6963e64243ea486da3a74e3deec6fc5bb9650b5de56946c568f95d22467190ba406d59a5958d6f156c9c8a2ac4677b00000000000000000000200000f8bf54da", 0x40)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1, 0x11, r1, 0x0)
r2 = socket$inet6_udp(0xa, 0x2, 0x0)
r3 = dup(r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
r4 = inotify_init1(0x0)
inotify_add_watch(r4, &(0x7f0000000040)='./control\x00', 0xa4000960)
open(&(0x7f0000000040)='.\x00', 0x300, 0x0)

22:32:00 executing program 0:
pipe(&(0x7f0000000100)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = socket$inet_udp(0x2, 0x2, 0x0)
close(r2)
r3 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r4 = getpgid(0x0)
perf_event_open(&(0x7f0000000700)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7cc, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, r4, 0x0, 0xffffffffffffffff, 0x0)
setsockopt$inet_opts(r3, 0x0, 0x4, &(0x7f0000000000)="44100909000000000000000100", 0xd)
write$binfmt_misc(r1, &(0x7f0000000200)=ANY=[], 0x4240a2a0)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
bind$inet(r2, &(0x7f0000000080)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x2d}}, 0x10)
connect$inet(r2, &(0x7f00000000c0)={0x2, 0x0, @multicast1}, 0x10)
splice(r0, 0x0, r2, 0x0, 0x100000, 0x0)

22:32:01 executing program 1:
pipe(&(0x7f0000000040)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(0xffffffffffffffff, 0x84, 0x70, &(0x7f0000000300)={0x0, @in6={{0xa, 0x0, 0x0, @private1}}}, &(0x7f0000000180)=0x100)
r2 = socket$inet_udp(0x2, 0x2, 0x0)
close(r2)
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x88002, 0x0)
ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000100)={'syzkaller1\x00', 0xa732})
socket$netlink(0x10, 0x3, 0x0)
write$tun(0xffffffffffffffff, &(0x7f0000000140)={@val, @void, @eth={@broadcast, @local, @void, {@ipv6={0x86dd, @generic={0x0, 0x6, "163dac", 0x0, 0x0, 0x0, @local, @mcast2}}}}}, 0x3a)
write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x1000000c8)
splice(r0, 0x0, r2, 0x0, 0x18100, 0x0)

22:32:01 executing program 4:
r0 = openat$adsp1(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$SNDCTL_DSP_SETFRAGMENT(r0, 0xc004500a, &(0x7f0000000100)=0x80000)
readv(r0, &(0x7f0000000040)=[{&(0x7f00000012c0)=""/4096, 0x1000}], 0x1)

22:32:01 executing program 2:
syz_mount_image$msdos(&(0x7f0000000040)='msdos\x00', &(0x7f00000003c0)='./file1\x00', 0xffffffff, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0400050900000000666174000404090a0200027400f801", 0x17}], 0x0, &(0x7f00000004c0)=ANY=[])
chdir(&(0x7f0000000000)='./file1\x00')
r0 = creat(&(0x7f0000000040)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
r2 = creat(&(0x7f0000000040)='./bus\x00', 0x0)
lseek(r2, 0x1, 0x0)
r3 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x50)
sendfile(r2, r3, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0xffff000b)

22:32:01 executing program 3:
syz_open_procfs(0x0, &(0x7f0000000000)='uid_map\x00')
r0 = syz_open_procfs(0x0, &(0x7f0000000080)='fd\x00')
fchdir(r0)
r1 = memfd_create(&(0x7f0000000780)='\x00', 0x0)
write(r1, &(0x7f00000000c0)="6963e64243ea486da3a74e3deec6fc5bb9650b5de56946c568f95d22467190ba406d59a5958d6f156c9c8a2ac4677b00000000000000000000200000f8bf54da", 0x40)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1, 0x11, r1, 0x0)
r2 = socket$inet6_udp(0xa, 0x2, 0x0)
r3 = dup(r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
r4 = inotify_init1(0x0)
inotify_add_watch(r4, &(0x7f0000000040)='./control\x00', 0xa4000960)
open(&(0x7f0000000040)='.\x00', 0x300, 0x0)

22:32:01 executing program 5:
r0 = syz_usb_connect$hid(0x0, 0x0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, &(0x7f0000000140)={0x2c, &(0x7f0000000000)={0x0, 0x0, 0x54, {0x54, 0x0, "02efbe0f000005000000b74b7eafcbb3fef73abd5a3bbe172a1886149031adba67406045fc2a4ad305000000663e9ac3d427f34c20f6b60aaf9acb9eaa88105d3abb6c9d3342be7919dd0d1fe216956835b5"}}, 0x0, 0x0, 0x0, 0x0}, 0x0)

22:32:01 executing program 3:
syz_open_procfs(0x0, &(0x7f0000000000)='uid_map\x00')
r0 = syz_open_procfs(0x0, &(0x7f0000000080)='fd\x00')
fchdir(r0)
r1 = memfd_create(&(0x7f0000000780)='\x00', 0x0)
write(r1, &(0x7f00000000c0)="6963e64243ea486da3a74e3deec6fc5bb9650b5de56946c568f95d22467190ba406d59a5958d6f156c9c8a2ac4677b00000000000000000000200000f8bf54da33", 0x41)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x11, r1, 0x0)
r2 = socket$inet6_udp(0xa, 0x2, 0x0)
r3 = dup(r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
r4 = inotify_init1(0x0)
inotify_add_watch(r4, &(0x7f0000000040)='./control\x00', 0xa4000960)
open(&(0x7f0000000040)='.\x00', 0x300, 0x0)

22:32:01 executing program 2:
syz_mount_image$msdos(&(0x7f0000000040)='msdos\x00', &(0x7f00000003c0)='./file1\x00', 0xffffffff, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0400050900000000666174000404090a0200027400f801", 0x17}], 0x0, &(0x7f00000004c0)=ANY=[])
chdir(&(0x7f0000000000)='./file1\x00')
r0 = creat(&(0x7f0000000040)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
ftruncate(0xffffffffffffffff, 0x800)
lseek(0xffffffffffffffff, 0x1, 0x0)
r2 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x50)
sendfile(0xffffffffffffffff, r2, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0xffff000b)

22:32:01 executing program 3:
syz_open_procfs(0x0, &(0x7f0000000000)='uid_map\x00')
r0 = syz_open_procfs(0x0, &(0x7f0000000080)='fd\x00')
fchdir(r0)
r1 = memfd_create(&(0x7f0000000780)='\x00', 0x0)
write(r1, &(0x7f00000000c0)="6963e64243ea486da3a74e3deec6fc5bb9650b5de56946c568f95d22467190ba406d59a5958d6f156c9c8a2ac4677b00000000000000000000200000f8bf54da33", 0x41)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x11, r1, 0x0)
r2 = socket$inet6_udp(0xa, 0x2, 0x0)
r3 = dup(r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
r4 = inotify_init1(0x0)
inotify_add_watch(r4, &(0x7f0000000040)='./control\x00', 0xa4000960)
open(&(0x7f0000000040)='.\x00', 0x300, 0x0)

[  155.677935][   T27] kauditd_printk_skb: 5 callbacks suppressed
[  155.677947][   T27] audit: type=1804 audit(1596925921.295:77): pid=11183 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir713504557/syzkaller.Jh2fjf/20/file1/bus" dev="loop2" ino=26 res=1 errno=0
22:32:01 executing program 4:
r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/adsp1\x00', 0x0, 0x0)
ioctl$SNDCTL_DSP_SETFRAGMENT(0xffffffffffffffff, 0xc004500a, &(0x7f0000000100)=0x80000)
readv(r0, &(0x7f0000000040)=[{&(0x7f00000012c0)=""/4096, 0x1000}], 0x1)

22:32:01 executing program 3:
syz_open_procfs(0x0, &(0x7f0000000000)='uid_map\x00')
r0 = syz_open_procfs(0x0, &(0x7f0000000080)='fd\x00')
fchdir(r0)
r1 = memfd_create(&(0x7f0000000780)='\x00', 0x0)
write(r1, &(0x7f00000000c0)="6963e64243ea486da3a74e3deec6fc5bb9650b5de56946c568f95d22467190ba406d59a5958d6f156c9c8a2ac4677b00000000000000000000200000f8bf54da33", 0x41)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x11, r1, 0x0)
r2 = socket$inet6_udp(0xa, 0x2, 0x0)
r3 = dup(r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
r4 = inotify_init1(0x0)
inotify_add_watch(r4, &(0x7f0000000040)='./control\x00', 0xa4000960)
open(&(0x7f0000000040)='.\x00', 0x300, 0x0)

[  155.744637][   T27] audit: type=1804 audit(1596925921.295:78): pid=11183 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir713504557/syzkaller.Jh2fjf/20/file1/bus" dev="loop2" ino=26 res=1 errno=0
22:32:01 executing program 0:
perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket(0x10, 0x80002, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000000)={'batadv0\x00', <r1=>0x0})
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x1d542, &(0x7f0000000140)={&(0x7f0000000300)=@newlink={0x3c, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x38483}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @ipvlan={{0xb, 0x1, 'ipvlan\x00'}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r1}]}, 0x3c}}, 0x0)

[  155.776231][   T27] audit: type=1804 audit(1596925921.295:79): pid=11183 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir713504557/syzkaller.Jh2fjf/20/file1/bus" dev="loop2" ino=26 res=1 errno=0
22:32:01 executing program 3:
syz_open_procfs(0x0, &(0x7f0000000000)='uid_map\x00')
r0 = syz_open_procfs(0x0, &(0x7f0000000080)='fd\x00')
fchdir(r0)
r1 = memfd_create(&(0x7f0000000780)='\x00', 0x0)
write(r1, &(0x7f00000000c0)="6963e64243ea486da3a74e3deec6fc5bb9650b5de56946c568f95d22467190ba406d59a5958d6f156c9c8a2ac4677b00000000000000000000200000f8bf54da33", 0x41)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1, 0x10, r1, 0x0)
r2 = socket$inet6_udp(0xa, 0x2, 0x0)
r3 = dup(r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
r4 = inotify_init1(0x0)
inotify_add_watch(r4, &(0x7f0000000040)='./control\x00', 0xa4000960)
open(&(0x7f0000000040)='.\x00', 0x300, 0x0)

[  155.874292][   T27] audit: type=1804 audit(1596925921.495:80): pid=11200 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir713504557/syzkaller.Jh2fjf/21/file1/bus" dev="loop2" ino=27 res=1 errno=0
[  155.891314][T11205] 8021q: adding VLAN 0 to HW filter on device ipvlan5
[  155.955049][T11209] 8021q: adding VLAN 0 to HW filter on device ipvlan6
[  155.974147][   T27] audit: type=1804 audit(1596925921.525:81): pid=11200 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir713504557/syzkaller.Jh2fjf/21/file1/bus" dev="loop2" ino=27 res=1 errno=0
[  155.998920][T11205] syz-executor.0 (11205) used greatest stack depth: 10120 bytes left
22:32:02 executing program 1:
pipe(&(0x7f0000000040)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(0xffffffffffffffff, 0x84, 0x70, &(0x7f0000000300)={0x0, @in6={{0xa, 0x0, 0x0, @private1}}}, &(0x7f0000000180)=0x100)
r2 = socket$inet_udp(0x2, 0x2, 0x0)
close(r2)
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x88002, 0x0)
ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000100)={'syzkaller1\x00', 0xa732})
socket$netlink(0x10, 0x3, 0x0)
write$tun(0xffffffffffffffff, &(0x7f0000000140)={@val, @void, @eth={@broadcast, @local, @void, {@ipv6={0x86dd, @generic={0x0, 0x6, "163dac", 0x0, 0x0, 0x0, @local, @mcast2}}}}}, 0x3a)
write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x1000000c8)
splice(r0, 0x0, r2, 0x0, 0x18100, 0x0)

22:32:02 executing program 3:
syz_open_procfs(0x0, &(0x7f0000000000)='uid_map\x00')
r0 = syz_open_procfs(0x0, &(0x7f0000000080)='fd\x00')
fchdir(r0)
r1 = memfd_create(&(0x7f0000000780)='\x00', 0x0)
write(r1, &(0x7f00000000c0)="6963e64243ea486da3a74e3deec6fc5bb9650b5de56946c568f95d22467190ba406d59a5958d6f156c9c8a2ac4677b00000000000000000000200000f8bf54da33", 0x41)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1, 0x10, r1, 0x0)
r2 = socket$inet6_udp(0xa, 0x2, 0x0)
r3 = dup(r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
r4 = inotify_init1(0x0)
inotify_add_watch(r4, &(0x7f0000000040)='./control\x00', 0xa4000960)
open(&(0x7f0000000040)='.\x00', 0x300, 0x0)

22:32:02 executing program 0:
perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket(0x10, 0x80002, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000000)={'batadv0\x00', <r1=>0x0})
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x1d542, &(0x7f0000000140)={&(0x7f0000000300)=@newlink={0x3c, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x38483}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @ipvlan={{0xb, 0x1, 'ipvlan\x00'}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r1}]}, 0x3c}}, 0x0)

22:32:02 executing program 4:
r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/adsp1\x00', 0x0, 0x0)
ioctl$SNDCTL_DSP_SETFRAGMENT(0xffffffffffffffff, 0xc004500a, &(0x7f0000000100)=0x80000)
readv(r0, &(0x7f0000000040)=[{&(0x7f00000012c0)=""/4096, 0x1000}], 0x1)

22:32:02 executing program 5:
r0 = syz_usb_connect$hid(0x0, 0x0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, &(0x7f0000000140)={0x2c, &(0x7f0000000000)={0x0, 0x0, 0x54, {0x54, 0x0, "02efbe0f000005000000b74b7eafcbb3fef73abd5a3bbe172a1886149031adba67406045fc2a4ad305000000663e9ac3d427f34c20f6b60aaf9acb9eaa88105d3abb6c9d3342be7919dd0d1fe216956835b5"}}, 0x0, 0x0, 0x0, 0x0}, 0x0)

22:32:02 executing program 2:
syz_mount_image$msdos(&(0x7f0000000040)='msdos\x00', &(0x7f00000003c0)='./file1\x00', 0xffffffff, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0400050900000000666174000404090a0200027400f801", 0x17}], 0x0, &(0x7f00000004c0)=ANY=[])
chdir(&(0x7f0000000000)='./file1\x00')
r0 = creat(&(0x7f0000000040)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
ftruncate(0xffffffffffffffff, 0x800)
lseek(0xffffffffffffffff, 0x1, 0x0)
r2 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x50)
sendfile(0xffffffffffffffff, r2, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0xffff000b)

22:32:02 executing program 3:
syz_open_procfs(0x0, &(0x7f0000000000)='uid_map\x00')
r0 = syz_open_procfs(0x0, &(0x7f0000000080)='fd\x00')
fchdir(r0)
r1 = memfd_create(&(0x7f0000000780)='\x00', 0x0)
write(r1, &(0x7f00000000c0)="6963e64243ea486da3a74e3deec6fc5bb9650b5de56946c568f95d22467190ba406d59a5958d6f156c9c8a2ac4677b00000000000000000000200000f8bf54da33", 0x41)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1, 0x10, r1, 0x0)
r2 = socket$inet6_udp(0xa, 0x2, 0x0)
r3 = dup(r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
r4 = inotify_init1(0x0)
inotify_add_watch(r4, &(0x7f0000000040)='./control\x00', 0xa4000960)
open(&(0x7f0000000040)='.\x00', 0x300, 0x0)

22:32:02 executing program 3:
syz_open_procfs(0x0, &(0x7f0000000000)='uid_map\x00')
r0 = syz_open_procfs(0x0, &(0x7f0000000080)='fd\x00')
fchdir(r0)
r1 = memfd_create(&(0x7f0000000780)='\x00', 0x0)
write(r1, &(0x7f00000000c0)="6963e64243ea486da3a74e3deec6fc5bb9650b5de56946c568f95d22467190ba406d59a5958d6f156c9c8a2ac4677b00000000000000000000200000f8bf54da33", 0x41)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1, 0x11, 0xffffffffffffffff, 0x0)
r2 = socket$inet6_udp(0xa, 0x2, 0x0)
r3 = dup(r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
r4 = inotify_init1(0x0)
inotify_add_watch(r4, &(0x7f0000000040)='./control\x00', 0xa4000960)
open(&(0x7f0000000040)='.\x00', 0x300, 0x0)

[  156.577349][T11228] 8021q: adding VLAN 0 to HW filter on device ipvlan7
22:32:02 executing program 0:
perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket(0x10, 0x80002, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000000)={'batadv0\x00', <r1=>0x0})
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x1d542, &(0x7f0000000140)={&(0x7f0000000300)=@newlink={0x3c, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x38483}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @ipvlan={{0xb, 0x1, 'ipvlan\x00'}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r1}]}, 0x3c}}, 0x0)

[  156.635315][T11228] syz-executor.0 (11228) used greatest stack depth: 9296 bytes left
22:32:02 executing program 3:
syz_open_procfs(0x0, &(0x7f0000000000)='uid_map\x00')
r0 = syz_open_procfs(0x0, &(0x7f0000000080)='fd\x00')
fchdir(r0)
r1 = memfd_create(&(0x7f0000000780)='\x00', 0x0)
write(r1, &(0x7f00000000c0)="6963e64243ea486da3a74e3deec6fc5bb9650b5de56946c568f95d22467190ba406d59a5958d6f156c9c8a2ac4677b00000000000000000000200000f8bf54da33", 0x41)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1, 0x11, 0xffffffffffffffff, 0x0)
r2 = socket$inet6_udp(0xa, 0x2, 0x0)
r3 = dup(r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
r4 = inotify_init1(0x0)
inotify_add_watch(r4, &(0x7f0000000040)='./control\x00', 0xa4000960)
open(&(0x7f0000000040)='.\x00', 0x300, 0x0)

[  156.676432][   T27] audit: type=1804 audit(1596925922.295:82): pid=11244 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir713504557/syzkaller.Jh2fjf/22/file1/bus" dev="loop2" ino=28 res=1 errno=0
[  156.704238][   T27] audit: type=1804 audit(1596925922.295:83): pid=11244 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir713504557/syzkaller.Jh2fjf/22/file1/bus" dev="loop2" ino=28 res=1 errno=0
22:32:02 executing program 0:
perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket(0x10, 0x80002, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000000)={'batadv0\x00', <r1=>0x0})
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x1d542, &(0x7f0000000140)={&(0x7f0000000300)=@newlink={0x3c, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x38483}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @ipvlan={{0xb, 0x1, 'ipvlan\x00'}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r1}]}, 0x3c}}, 0x0)

22:32:02 executing program 3:
syz_open_procfs(0x0, &(0x7f0000000000)='uid_map\x00')
r0 = syz_open_procfs(0x0, &(0x7f0000000080)='fd\x00')
fchdir(r0)
r1 = memfd_create(&(0x7f0000000780)='\x00', 0x0)
write(r1, &(0x7f00000000c0)="6963e64243ea486da3a74e3deec6fc5bb9650b5de56946c568f95d22467190ba406d59a5958d6f156c9c8a2ac4677b00000000000000000000200000f8bf54da33", 0x41)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1, 0x11, 0xffffffffffffffff, 0x0)
r2 = socket$inet6_udp(0xa, 0x2, 0x0)
r3 = dup(r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
r4 = inotify_init1(0x0)
inotify_add_watch(r4, &(0x7f0000000040)='./control\x00', 0xa4000960)
open(&(0x7f0000000040)='.\x00', 0x300, 0x0)

[  156.773864][T11252] 8021q: adding VLAN 0 to HW filter on device ipvlan8
[  156.938479][T11260] 8021q: adding VLAN 0 to HW filter on device ipvlan9
[  157.270537][    C0] ==================================================================
[  157.278655][    C0] BUG: KCSAN: data-race in dec_zone_page_state / release_pages
[  157.286182][    C0] 
[  157.288505][    C0] write to 0xffffea000463d100 of 8 bytes by task 11244 on cpu 1:
[  157.296480][    C0]  release_pages+0x3b3/0x8c0
[  157.301065][    C0]  __pagevec_release+0x96/0xc0
[  157.306001][    C0]  invalidate_mapping_pages+0x696/0x6f0
[  157.311626][    C0]  __generic_file_write_iter+0x2e1/0x330
[  157.317260][    C0]  generic_file_write_iter+0x2f3/0x3e0
[  157.322888][    C0]  do_iter_readv_writev+0x32e/0x3d0
[  157.328076][    C0]  do_iter_write+0x112/0x4b0
[  157.332749][    C0]  vfs_iter_write+0x4c/0x70
[  157.337247][    C0]  iter_file_splice_write+0x41a/0x770
[  157.342618][    C0]  direct_splice_actor+0x95/0x160
[  157.347729][    C0]  splice_direct_to_actor+0x365/0x660
[  157.353103][    C0]  do_splice_direct+0xf2/0x170
[  157.357859][    C0]  do_sendfile+0x56a/0xba0
[  157.362280][    C0]  __x64_sys_sendfile64+0xf2/0x130
[  157.367380][    C0]  do_syscall_64+0x39/0x80
[  157.371767][    C0]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  157.377777][    C0] 
[  157.380092][    C0] read to 0xffffea000463d100 of 8 bytes by interrupt on cpu 0:
[  157.387624][    C0]  dec_zone_page_state+0x13/0xd0
[  157.392560][    C0]  test_clear_page_writeback+0x3fb/0x480
[  157.398170][    C0]  end_page_writeback+0xa7/0x110
[  157.403206][    C0]  page_endio+0x1aa/0x1e0
[  157.407519][    C0]  mpage_end_io+0x186/0x1d0
[  157.411997][    C0]  bio_endio+0x28a/0x370
[  157.416211][    C0]  blk_update_request+0x535/0xbd0
[  157.421204][    C0]  blk_mq_end_request+0x22/0x50
[  157.426026][    C0]  lo_complete_rq+0xca/0x180
[  157.430585][    C0]  blk_done_softirq+0x1a5/0x200
[  157.435708][    C0]  __do_softirq+0x198/0x360
[  157.440350][    C0]  run_ksoftirqd+0x2f/0x60
[  157.444838][    C0]  smpboot_thread_fn+0x347/0x530
[  157.449956][    C0]  kthread+0x20d/0x230
[  157.454111][    C0]  ret_from_fork+0x1f/0x30
[  157.458512][    C0] 
[  157.460995][    C0] Reported by Kernel Concurrency Sanitizer on:
[  157.467440][    C0] CPU: 0 PID: 9 Comm: ksoftirqd/0 Not tainted 5.8.0-syzkaller #0
[  157.476060][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  157.486274][    C0] ==================================================================
[  157.494561][    C0] Kernel panic - not syncing: panic_on_warn set ...
[  157.501219][    C0] CPU: 0 PID: 9 Comm: ksoftirqd/0 Not tainted 5.8.0-syzkaller #0
[  157.508906][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  157.518952][    C0] Call Trace:
[  157.522223][    C0]  dump_stack+0x10f/0x19d
[  157.526529][    C0]  panic+0x207/0x64a
[  157.530578][    C0]  ? vprintk_emit+0x44a/0x4f0
[  157.535255][    C0]  kcsan_report+0x684/0x690
[  157.539864][    C0]  ? kcsan_setup_watchpoint+0x41e/0x4a0
[  157.545393][    C0]  ? dec_zone_page_state+0x13/0xd0
[  157.550583][    C0]  ? test_clear_page_writeback+0x3fb/0x480
[  157.556371][    C0]  ? end_page_writeback+0xa7/0x110
[  157.561468][    C0]  ? page_endio+0x1aa/0x1e0
[  157.565964][    C0]  ? mpage_end_io+0x186/0x1d0
[  157.570800][    C0]  ? bio_endio+0x28a/0x370
[  157.575189][    C0]  ? blk_update_request+0x535/0xbd0
[  157.580374][    C0]  ? blk_mq_end_request+0x22/0x50
[  157.585384][    C0]  ? lo_complete_rq+0xca/0x180
[  157.590166][    C0]  ? blk_done_softirq+0x1a5/0x200
[  157.595162][    C0]  ? __do_softirq+0x198/0x360
[  157.599811][    C0]  ? run_ksoftirqd+0x2f/0x60
[  157.604373][    C0]  ? smpboot_thread_fn+0x347/0x530
[  157.609580][    C0]  ? kthread+0x20d/0x230
[  157.613802][    C0]  ? ret_from_fork+0x1f/0x30
[  157.618372][    C0]  ? cpu_cfs_stat_show+0x20/0xe0
[  157.623290][    C0]  ? __this_cpu_preempt_check+0x18/0x20
[  157.628810][    C0]  ? __this_cpu_preempt_check+0x18/0x20
[  157.634417][    C0]  kcsan_setup_watchpoint+0x41e/0x4a0
[  157.639764][    C0]  ? __this_cpu_preempt_check+0x18/0x20
[  157.645309][    C0]  dec_zone_page_state+0x13/0xd0
[  157.650221][    C0]  test_clear_page_writeback+0x3fb/0x480
[  157.655857][    C0]  end_page_writeback+0xa7/0x110
[  157.660784][    C0]  page_endio+0x1aa/0x1e0
[  157.665090][    C0]  mpage_end_io+0x186/0x1d0
[  157.669582][    C0]  ? mpage_writepage+0xf0/0xf0
[  157.674595][    C0]  bio_endio+0x28a/0x370
[  157.678825][    C0]  blk_update_request+0x535/0xbd0
[  157.683827][    C0]  blk_mq_end_request+0x22/0x50
[  157.688668][    C0]  lo_complete_rq+0xca/0x180
[  157.693333][    C0]  blk_done_softirq+0x1a5/0x200
[  157.698172][    C0]  __do_softirq+0x198/0x360
[  157.702652][    C0]  ? ksoftirqd_should_run+0x20/0x20
[  157.707869][    C0]  run_ksoftirqd+0x2f/0x60
[  157.712275][    C0]  smpboot_thread_fn+0x347/0x530
[  157.717211][    C0]  ? cpu_report_death+0x80/0x80
[  157.722048][    C0]  kthread+0x20d/0x230
[  157.726116][    C0]  ? cpu_report_death+0x80/0x80
[  157.731108][    C0]  ? kthread_blkcg+0x80/0x80
[  157.735699][    C0]  ret_from_fork+0x1f/0x30
[  157.741965][    C0] Kernel Offset: disabled
[  157.746291][    C0] Rebooting in 86400 seconds..