[ OK ] Started Getty on tty4. [ OK ] Started Getty on tty3. [ OK ] Started Getty on tty2. [ OK ] Started Getty on tty1. [ OK ] Started Serial Getty on ttyS0. [ OK ] Reached target Login Prompts. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. Starting Load/Save RF Kill Switch Status... [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.250' (ECDSA) to the list of known hosts. 2020/09/10 14:44:02 fuzzer started 2020/09/10 14:44:02 dialing manager at 10.128.0.26:43513 2020/09/10 14:44:02 syscalls: 3334 2020/09/10 14:44:02 code coverage: enabled 2020/09/10 14:44:02 comparison tracing: enabled 2020/09/10 14:44:02 extra coverage: enabled 2020/09/10 14:44:02 setuid sandbox: enabled 2020/09/10 14:44:02 namespace sandbox: enabled 2020/09/10 14:44:02 Android sandbox: /sys/fs/selinux/policy does not exist 2020/09/10 14:44:02 fault injection: enabled 2020/09/10 14:44:02 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2020/09/10 14:44:02 net packet injection: enabled 2020/09/10 14:44:02 net device setup: enabled 2020/09/10 14:44:02 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2020/09/10 14:44:02 devlink PCI setup: PCI device 0000:00:10.0 is not available 2020/09/10 14:44:02 USB emulation: enabled 2020/09/10 14:44:02 hci packet injection: enabled 14:46:14 executing program 0: 14:46:15 executing program 1: 14:46:15 executing program 2: 14:46:15 executing program 3: 14:46:15 executing program 4: 14:46:15 executing program 5: syzkaller login: [ 191.071987][ T6839] IPVS: ftp: loaded support on port[0] = 21 [ 191.191590][ T6841] IPVS: ftp: loaded support on port[0] = 21 [ 191.384054][ T6843] IPVS: ftp: loaded support on port[0] = 21 [ 191.393243][ T6839] chnl_net:caif_netlink_parms(): no params data found [ 191.600452][ T6839] bridge0: port 1(bridge_slave_0) entered blocking state [ 191.629352][ T6839] bridge0: port 1(bridge_slave_0) entered disabled state [ 191.643708][ T6839] device bridge_slave_0 entered promiscuous mode [ 191.689333][ T6845] IPVS: ftp: loaded support on port[0] = 21 [ 191.707791][ T6839] bridge0: port 2(bridge_slave_1) entered blocking state [ 191.714857][ T6839] bridge0: port 2(bridge_slave_1) entered disabled state [ 191.723846][ T6839] device bridge_slave_1 entered promiscuous mode [ 191.750831][ T6839] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 191.769956][ T6839] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 191.798396][ T6841] chnl_net:caif_netlink_parms(): no params data found [ 191.869346][ T6839] team0: Port device team_slave_0 added [ 191.922075][ T6847] IPVS: ftp: loaded support on port[0] = 21 [ 191.989311][ T6839] team0: Port device team_slave_1 added [ 192.021530][ T6849] IPVS: ftp: loaded support on port[0] = 21 [ 192.095850][ T6839] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 192.102821][ T6839] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 192.129900][ T6839] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 192.173556][ T6839] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 192.188780][ T6839] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 192.216081][ T6839] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 192.302519][ T6841] bridge0: port 1(bridge_slave_0) entered blocking state [ 192.312804][ T6841] bridge0: port 1(bridge_slave_0) entered disabled state [ 192.322219][ T6841] device bridge_slave_0 entered promiscuous mode [ 192.330877][ T6843] chnl_net:caif_netlink_parms(): no params data found [ 192.364199][ T6839] device hsr_slave_0 entered promiscuous mode [ 192.371837][ T6839] device hsr_slave_1 entered promiscuous mode [ 192.383227][ T6841] bridge0: port 2(bridge_slave_1) entered blocking state [ 192.391821][ T6841] bridge0: port 2(bridge_slave_1) entered disabled state [ 192.400158][ T6841] device bridge_slave_1 entered promiscuous mode [ 192.423605][ T6841] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 192.463751][ T6841] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 192.671760][ T6841] team0: Port device team_slave_0 added [ 192.708814][ T6841] team0: Port device team_slave_1 added [ 192.731431][ T6845] chnl_net:caif_netlink_parms(): no params data found [ 192.760991][ T6847] chnl_net:caif_netlink_parms(): no params data found [ 192.781639][ T6843] bridge0: port 1(bridge_slave_0) entered blocking state [ 192.788889][ T6843] bridge0: port 1(bridge_slave_0) entered disabled state [ 192.798649][ T6843] device bridge_slave_0 entered promiscuous mode [ 192.837959][ T6841] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 192.845059][ T6841] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 192.873180][ T6841] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 192.889534][ T6841] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 192.896631][ T6841] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 192.923899][ T6841] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 192.940107][ T6843] bridge0: port 2(bridge_slave_1) entered blocking state [ 192.947770][ T6843] bridge0: port 2(bridge_slave_1) entered disabled state [ 192.955379][ T6843] device bridge_slave_1 entered promiscuous mode [ 193.048298][ T6841] device hsr_slave_0 entered promiscuous mode [ 193.057270][ T2464] Bluetooth: hci0: command 0x0409 tx timeout [ 193.057453][ T6841] device hsr_slave_1 entered promiscuous mode [ 193.070413][ T6841] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 193.078911][ T6841] Cannot create hsr debugfs directory [ 193.119979][ T6843] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 193.164038][ T6843] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 193.210712][ T6845] bridge0: port 1(bridge_slave_0) entered blocking state [ 193.219252][ T6845] bridge0: port 1(bridge_slave_0) entered disabled state [ 193.227054][ T2464] Bluetooth: hci1: command 0x0409 tx timeout [ 193.230194][ T6845] device bridge_slave_0 entered promiscuous mode [ 193.244135][ T6843] team0: Port device team_slave_0 added [ 193.286053][ T6849] chnl_net:caif_netlink_parms(): no params data found [ 193.302995][ T6845] bridge0: port 2(bridge_slave_1) entered blocking state [ 193.310834][ T6845] bridge0: port 2(bridge_slave_1) entered disabled state [ 193.321048][ T6845] device bridge_slave_1 entered promiscuous mode [ 193.329447][ T6843] team0: Port device team_slave_1 added [ 193.357405][ T6845] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 193.370955][ T6839] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 193.378223][ T2464] Bluetooth: hci2: command 0x0409 tx timeout [ 193.402298][ T6847] bridge0: port 1(bridge_slave_0) entered blocking state [ 193.414469][ T6847] bridge0: port 1(bridge_slave_0) entered disabled state [ 193.423903][ T6847] device bridge_slave_0 entered promiscuous mode [ 193.435890][ T6847] bridge0: port 2(bridge_slave_1) entered blocking state [ 193.442955][ T6847] bridge0: port 2(bridge_slave_1) entered disabled state [ 193.451466][ T6847] device bridge_slave_1 entered promiscuous mode [ 193.460943][ T6845] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 193.479151][ T6839] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 193.489365][ T6839] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 193.536718][ T6839] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 193.589257][ T6843] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 193.598099][ T6843] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 193.616467][ T2626] Bluetooth: hci3: command 0x0409 tx timeout [ 193.624811][ T6843] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 193.646642][ T6847] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 193.666283][ T6845] team0: Port device team_slave_0 added [ 193.688725][ T6843] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 193.695681][ T6843] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 193.722902][ T6843] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 193.751724][ T6845] team0: Port device team_slave_1 added [ 193.767790][ T6847] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 193.797961][ T6843] device hsr_slave_0 entered promiscuous mode [ 193.804684][ T6843] device hsr_slave_1 entered promiscuous mode [ 193.812966][ T6843] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 193.821104][ T6843] Cannot create hsr debugfs directory [ 193.850819][ T6845] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 193.860327][ T6845] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 193.865924][ T2464] Bluetooth: hci4: command 0x0409 tx timeout [ 193.887077][ T6845] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 193.935829][ T5] Bluetooth: hci5: command 0x0409 tx timeout [ 193.946185][ T6845] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 193.953138][ T6845] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 193.992858][ T6845] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 194.005502][ T6849] bridge0: port 1(bridge_slave_0) entered blocking state [ 194.013493][ T6849] bridge0: port 1(bridge_slave_0) entered disabled state [ 194.021849][ T6849] device bridge_slave_0 entered promiscuous mode [ 194.033057][ T6849] bridge0: port 2(bridge_slave_1) entered blocking state [ 194.041033][ T6849] bridge0: port 2(bridge_slave_1) entered disabled state [ 194.049190][ T6849] device bridge_slave_1 entered promiscuous mode [ 194.059244][ T6847] team0: Port device team_slave_0 added [ 194.105339][ T6847] team0: Port device team_slave_1 added [ 194.148200][ T6845] device hsr_slave_0 entered promiscuous mode [ 194.156153][ T6845] device hsr_slave_1 entered promiscuous mode [ 194.164216][ T6845] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 194.173070][ T6845] Cannot create hsr debugfs directory [ 194.180979][ T6849] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 194.219773][ T6841] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 194.236712][ T6849] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 194.262340][ T6847] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 194.273789][ T6847] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 194.300400][ T6847] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 194.324181][ T6841] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 194.333732][ T6841] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 194.360188][ T6847] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 194.369083][ T6847] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 194.395585][ T6847] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 194.417638][ T6841] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 194.436797][ T6849] team0: Port device team_slave_0 added [ 194.473029][ T6849] team0: Port device team_slave_1 added [ 194.493260][ T6847] device hsr_slave_0 entered promiscuous mode [ 194.501648][ T6847] device hsr_slave_1 entered promiscuous mode [ 194.513482][ T6847] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 194.521248][ T6847] Cannot create hsr debugfs directory [ 194.646780][ T6849] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 194.653743][ T6849] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 194.688977][ T6849] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 194.742168][ T6849] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 194.752194][ T6849] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 194.779349][ T6849] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 194.835374][ T6849] device hsr_slave_0 entered promiscuous mode [ 194.843317][ T6849] device hsr_slave_1 entered promiscuous mode [ 194.853693][ T6849] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 194.862303][ T6849] Cannot create hsr debugfs directory [ 194.958882][ T6843] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 194.997389][ T6843] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 195.019374][ T6845] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 195.049963][ T6843] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 195.065281][ T6843] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 195.078420][ T6839] 8021q: adding VLAN 0 to HW filter on device bond0 [ 195.091266][ T6845] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 195.104412][ T6845] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 195.146290][ T23] Bluetooth: hci0: command 0x041b tx timeout [ 195.161934][ T6845] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 195.193721][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 195.209679][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 195.233607][ T6839] 8021q: adding VLAN 0 to HW filter on device team0 [ 195.274432][ T6847] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 195.300063][ T6841] 8021q: adding VLAN 0 to HW filter on device bond0 [ 195.307981][ T2464] Bluetooth: hci1: command 0x041b tx timeout [ 195.323635][ T6847] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 195.343924][ T2626] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 195.362061][ T2626] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 195.370945][ T2626] bridge0: port 1(bridge_slave_0) entered blocking state [ 195.378167][ T2626] bridge0: port 1(bridge_slave_0) entered forwarding state [ 195.388159][ T2626] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 195.396993][ T2626] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 195.405327][ T2626] bridge0: port 2(bridge_slave_1) entered blocking state [ 195.412421][ T2626] bridge0: port 2(bridge_slave_1) entered forwarding state [ 195.428348][ T2626] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 195.447687][ T6847] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 195.463082][ T23] Bluetooth: hci2: command 0x041b tx timeout [ 195.465662][ T6847] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 195.490310][ T6841] 8021q: adding VLAN 0 to HW filter on device team0 [ 195.512462][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 195.521494][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 195.532776][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 195.540957][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 195.550318][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 195.559178][ T5] bridge0: port 1(bridge_slave_0) entered blocking state [ 195.566508][ T5] bridge0: port 1(bridge_slave_0) entered forwarding state [ 195.576494][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 195.636849][ T2626] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 195.650438][ T2626] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 195.663524][ T2626] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 195.672380][ T2626] bridge0: port 2(bridge_slave_1) entered blocking state [ 195.679518][ T2626] bridge0: port 2(bridge_slave_1) entered forwarding state [ 195.688478][ T2626] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 195.697914][ T2626] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 195.705835][ T2464] Bluetooth: hci3: command 0x041b tx timeout [ 195.738922][ T6849] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 195.757463][ T2626] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 195.765391][ T2626] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 195.774964][ T2626] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 195.810422][ T6849] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 195.829338][ T2464] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 195.839063][ T2464] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 195.850049][ T2464] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 195.859623][ T2464] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 195.869291][ T2464] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 195.878036][ T2464] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 195.887491][ T2464] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 195.896591][ T2464] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 195.904885][ T2464] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 195.913924][ T2464] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 195.922509][ T2464] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 195.933448][ T2464] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 195.957161][ T17] Bluetooth: hci4: command 0x041b tx timeout [ 195.967557][ T6843] 8021q: adding VLAN 0 to HW filter on device bond0 [ 195.981385][ T6849] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 195.990715][ T6849] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 196.005178][ T6841] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 196.016388][ T17] Bluetooth: hci5: command 0x041b tx timeout [ 196.024068][ T6841] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 196.033990][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 196.042295][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 196.051106][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 196.065192][ T6839] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 196.126760][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 196.134503][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 196.153253][ T6843] 8021q: adding VLAN 0 to HW filter on device team0 [ 196.188305][ T2626] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 196.197801][ T2626] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 196.207522][ T2626] bridge0: port 1(bridge_slave_0) entered blocking state [ 196.214557][ T2626] bridge0: port 1(bridge_slave_0) entered forwarding state [ 196.222783][ T2626] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 196.230666][ T2626] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 196.238996][ T2626] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 196.260559][ T6841] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 196.283741][ T2626] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 196.291843][ T2626] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 196.299727][ T2626] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 196.308665][ T2626] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 196.320094][ T2626] bridge0: port 2(bridge_slave_1) entered blocking state [ 196.327218][ T2626] bridge0: port 2(bridge_slave_1) entered forwarding state [ 196.334726][ T2626] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 196.348043][ T6839] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 196.387890][ T6847] 8021q: adding VLAN 0 to HW filter on device bond0 [ 196.400608][ T6845] 8021q: adding VLAN 0 to HW filter on device bond0 [ 196.425092][ T7804] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 196.434352][ T7804] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 196.443775][ T7804] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 196.452081][ T7804] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 196.492428][ T6845] 8021q: adding VLAN 0 to HW filter on device team0 [ 196.515105][ T7804] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 196.524012][ T7804] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 196.533339][ T7804] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 196.542104][ T7804] bridge0: port 1(bridge_slave_0) entered blocking state [ 196.549200][ T7804] bridge0: port 1(bridge_slave_0) entered forwarding state [ 196.557461][ T7804] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 196.566387][ T7804] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 196.577379][ T7804] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 196.585332][ T7804] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 196.602318][ T6847] 8021q: adding VLAN 0 to HW filter on device team0 [ 196.630196][ T2626] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 196.642889][ T2626] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 196.653899][ T2626] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 196.664114][ T2626] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 196.672919][ T2626] bridge0: port 2(bridge_slave_1) entered blocking state [ 196.680021][ T2626] bridge0: port 2(bridge_slave_1) entered forwarding state [ 196.688235][ T2626] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 196.697393][ T2626] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 196.706929][ T2626] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 196.715215][ T2626] bridge0: port 1(bridge_slave_0) entered blocking state [ 196.722323][ T2626] bridge0: port 1(bridge_slave_0) entered forwarding state [ 196.735382][ T2626] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 196.743768][ T2626] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 196.752835][ T2626] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 196.761788][ T2626] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 196.772321][ T2626] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 196.802955][ T6841] device veth0_vlan entered promiscuous mode [ 196.818374][ T6841] device veth1_vlan entered promiscuous mode [ 196.839908][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 196.850780][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 196.861035][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 196.872179][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 196.880800][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 196.889874][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 196.899498][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 196.911007][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 196.919886][ T5] bridge0: port 2(bridge_slave_1) entered blocking state [ 196.928076][ T5] bridge0: port 2(bridge_slave_1) entered forwarding state [ 196.958340][ T6849] 8021q: adding VLAN 0 to HW filter on device bond0 [ 196.970494][ T6843] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 196.984720][ T6843] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 196.996278][ T2626] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 197.004038][ T2626] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 197.017894][ T2626] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 197.033453][ T2626] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 197.043847][ T2626] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 197.064519][ T2626] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 197.081821][ T2626] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 197.092476][ T2626] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 197.109544][ T2626] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 197.118564][ T2626] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 197.160496][ T7804] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 197.169864][ T7804] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 197.178615][ T7804] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 197.188233][ T7804] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 197.205967][ T7804] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 197.213665][ T7804] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 197.222378][ T7804] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 197.226093][ T2464] Bluetooth: hci0: command 0x040f tx timeout [ 197.232046][ T7804] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 197.245105][ T7804] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 197.253810][ T7804] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 197.287940][ T6839] device veth0_vlan entered promiscuous mode [ 197.298830][ T6845] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 197.307898][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 197.321993][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 197.331472][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 197.341227][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 197.350191][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 197.359540][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 197.368889][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 197.381197][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 197.394738][ T6849] 8021q: adding VLAN 0 to HW filter on device team0 [ 197.402472][ T17] Bluetooth: hci1: command 0x040f tx timeout [ 197.409705][ T6847] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 197.443195][ T6847] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 197.456829][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 197.464934][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 197.473984][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 197.483128][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 197.491140][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 197.500329][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 197.508986][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 197.524113][ T6843] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 197.536017][ T17] Bluetooth: hci2: command 0x040f tx timeout [ 197.557508][ T6839] device veth1_vlan entered promiscuous mode [ 197.617583][ T7804] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 197.626249][ T7804] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 197.637186][ T7804] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 197.647243][ T7804] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 197.655581][ T7804] bridge0: port 1(bridge_slave_0) entered blocking state [ 197.662683][ T7804] bridge0: port 1(bridge_slave_0) entered forwarding state [ 197.670811][ T7804] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 197.679638][ T7804] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 197.688271][ T7804] bridge0: port 2(bridge_slave_1) entered blocking state [ 197.695344][ T7804] bridge0: port 2(bridge_slave_1) entered forwarding state [ 197.704009][ T7804] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 197.713208][ T7804] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 197.722101][ T7804] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 197.731074][ T7804] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 197.740591][ T7804] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 197.752210][ T6841] device veth0_macvtap entered promiscuous mode [ 197.775999][ T17] Bluetooth: hci3: command 0x040f tx timeout [ 197.795888][ T2626] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 197.803946][ T2626] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 197.824117][ T2626] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 197.833217][ T2626] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 197.842378][ T2626] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 197.851739][ T2626] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 197.861431][ T2626] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 197.871070][ T2626] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 197.879831][ T2626] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 197.888465][ T2626] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 197.896258][ T2626] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 197.905239][ T2626] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 197.917312][ T6841] device veth1_macvtap entered promiscuous mode [ 197.940706][ T6849] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 197.952812][ T6849] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 197.982368][ T6839] device veth0_macvtap entered promiscuous mode [ 197.993762][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 198.012378][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 198.022239][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 198.031532][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 198.040999][ T17] Bluetooth: hci4: command 0x040f tx timeout [ 198.052577][ T6845] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 198.073939][ T6843] device veth0_vlan entered promiscuous mode [ 198.082035][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 198.091138][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 198.100198][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 198.116129][ T17] Bluetooth: hci5: command 0x040f tx timeout [ 198.126395][ T6841] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 198.144050][ T6841] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 198.163514][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 198.171742][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 198.181062][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 198.190390][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 198.201193][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 198.210898][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 198.221118][ T6839] device veth1_macvtap entered promiscuous mode [ 198.242932][ T6843] device veth1_vlan entered promiscuous mode [ 198.274128][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 198.282304][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 198.292074][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 198.302962][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 198.311925][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 198.319731][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 198.327604][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 198.337335][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 198.348631][ T6841] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 198.359068][ T6841] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 198.368129][ T6841] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 198.377484][ T6841] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 198.396452][ T6849] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 198.470717][ T6839] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 198.483697][ T6839] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 198.501114][ T6839] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 198.520777][ T8135] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 198.532734][ T8135] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 198.541907][ T8135] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 198.550778][ T8135] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 198.559959][ T8135] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 198.569367][ T8135] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 198.578759][ T8135] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 198.592894][ T6845] device veth0_vlan entered promiscuous mode [ 198.603362][ T6847] device veth0_vlan entered promiscuous mode [ 198.622926][ T6839] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 198.635178][ T6839] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 198.647724][ T6839] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 198.656109][ T8135] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 198.663837][ T8135] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 198.679745][ T8135] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 198.691715][ T8135] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 198.701747][ T8135] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 198.712671][ T8135] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 198.723670][ T8135] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 198.734593][ T8135] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 198.764700][ T6847] device veth1_vlan entered promiscuous mode 14:46:23 executing program 1: r0 = syz_io_uring_setup(0x15a3, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) close(0xffffffffffffffff) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180)='/dev/vga_arbiter\x00', 0x101041, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x4}, 0x0) io_uring_enter(r0, 0x450c, 0x0, 0x0, 0x0, 0x0) [ 198.788086][ T6839] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 198.815996][ T6839] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 198.824718][ T6839] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 198.844497][ T6839] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 198.866387][ T6843] device veth0_macvtap entered promiscuous mode [ 198.879255][ T6845] device veth1_vlan entered promiscuous mode [ 198.928966][ T6843] device veth1_macvtap entered promiscuous mode [ 198.954027][ C0] hrtimer: interrupt took 28789 ns [ 198.959415][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 198.971614][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 198.982671][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 199.025156][ T6847] device veth0_macvtap entered promiscuous mode [ 199.059073][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 199.097029][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 199.116827][ T6843] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 199.137290][ T6843] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 199.148876][ T6843] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 199.160289][ T6843] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 199.180656][ T6843] batman_adv: batadv0: Interface activated: batadv_slave_0 14:46:24 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000000)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000280)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc6, 0xc6, 0x6, [@datasec={0x0, 0x4, 0x0, 0xf, 0x1, [{}, {}, {}, {}], "cb"}, @typedef, @enum={0x0, 0x8, 0x0, 0x6, 0x4, [{}, {}, {}, {}, {}, {}, {}, {}]}, @typedef, @datasec={0x0, 0x2, 0x0, 0xf, 0x1, [{}, {}], '6'}]}, {0x0, [0x0, 0x0, 0x0, 0x0]}}, 0x0, 0xe6}, 0x20) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000193c0)=""/102389, 0x18ff5}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x40) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) [ 199.204497][ T6845] device veth0_macvtap entered promiscuous mode [ 199.258468][ T2464] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 199.271724][ T2464] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 199.292299][ T2464] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 199.315061][ T2464] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 199.333911][ T2464] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 199.353144][ T2464] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 199.372073][ T2464] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 199.400194][ T2464] Bluetooth: hci0: command 0x0419 tx timeout 14:46:24 executing program 1: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r0, &(0x7f0000000280)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x3}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x19, &(0x7f0000000100)=0x6, 0x4) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000000)='scalable\x00', 0x9) sendto$inet(r0, &(0x7f00000012c0)="0c268a927f1f6588b967481241ba7860f46ef65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95c25a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0xfe6a, 0x11, 0x0, 0x27) [ 199.415492][ T6843] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 199.437585][ T6843] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 199.456465][ T8171] Bluetooth: hci1: command 0x0419 tx timeout [ 199.478025][ T6843] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 199.501534][ T6843] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 199.529485][ T6843] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 199.546807][ T6847] device veth1_macvtap entered promiscuous mode [ 199.567627][ T6845] device veth1_macvtap entered promiscuous mode [ 199.585204][ T6849] device veth0_vlan entered promiscuous mode [ 199.594079][ T2464] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 199.609496][ T2464] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 199.627717][ T2464] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 199.643425][ T2464] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 199.653688][ T2464] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 199.670281][ T2464] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 199.699107][ T2464] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 199.718853][ T6843] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 199.736117][ T2464] Bluetooth: hci2: command 0x0419 tx timeout [ 199.748896][ T6843] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 199.772091][ T6843] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 199.794872][ T6843] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 199.852183][ T6849] device veth1_vlan entered promiscuous mode [ 199.860277][ T2464] Bluetooth: hci3: command 0x0419 tx timeout [ 199.893156][ T8171] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 199.906818][ T6847] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 199.923934][ T6847] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 199.944589][ T6847] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 199.956023][ T6847] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 199.974399][ T6847] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 199.985884][ T6847] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 200.007854][ T6847] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 200.064998][ T8171] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 200.077745][ T8171] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 200.099726][ T6847] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 200.112072][ T8171] Bluetooth: hci4: command 0x0419 tx timeout [ 200.127565][ T6847] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 200.145002][ T6847] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 200.164541][ T6847] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 200.175317][ T6847] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 200.196281][ T8171] Bluetooth: hci5: command 0x0419 tx timeout [ 200.205049][ T6847] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 200.226701][ T6847] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 200.257657][ T6845] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 200.277049][ T6845] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 200.296582][ T6845] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 14:46:25 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000002000/0x1000)=nil, 0x1000, 0x0, 0x10, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000380)='TIPCv2\x00') sendmsg$TIPC_NL_PUBL_GET(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000500)={0x364, r1, 0xdaa3b002485c5b6d, 0x0, 0x0, {0x8}, [@TIPC_NLA_LINK={0x9c, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}, @TIPC_NLA_LINK_PROP={0x54, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}]}, @TIPC_NLA_NODE={0x10, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_ADDR={0x8}]}, @TIPC_NLA_MEDIA={0xa8, 0x5, 0x0, 0x1, [@TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}, @TIPC_NLA_MEDIA_PROP={0x3c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_MEDIA_PROP={0x24, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_MEDIA_NAME={0x7, 0x1, 'ib\x00'}, @TIPC_NLA_MEDIA_PROP={0x34, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}]}, @TIPC_NLA_BEARER={0xb8, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz2\x00'}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x0, @remote}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @ipv4={[], [], @initdev={0xac, 0x1e, 0x0, 0x0}}}}}}, @TIPC_NLA_BEARER_PROP={0x2c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x0, @dev}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @private1}}}}]}, @TIPC_NLA_NET={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_NET_ADDR={0x8}]}, @TIPC_NLA_PUBL={0x3c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_TYPE={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_UPPER={0x8}, @TIPC_NLA_PUBL_TYPE={0x8}]}, @TIPC_NLA_LINK={0xa8, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x45, 0x1, 'broadcast-link\x00'}, @TIPC_NLA_LINK_NAME={0x13, 0x1, 'broadcast-link\x00'}, @TIPC_NLA_LINK_PROP={0x1c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_PROP={0x34, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x4}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_LINK_PROP={0x1c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz0\x00'}, @TIPC_NLA_LINK_PROP={0x4}]}, @TIPC_NLA_MON={0x54, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_REF, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8}, @TIPC_NLA_MON_REF={0x8}, @TIPC_NLA_MON_REF={0x8}, @TIPC_NLA_MON_REF={0x8}, @TIPC_NLA_MON_REF={0x8}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8}, @TIPC_NLA_MON_REF={0x8}]}]}, 0x364}}, 0x0) [ 200.321231][ T6845] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 200.332183][ T6845] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 200.343967][ T6845] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 200.356093][ T6845] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 200.367258][ T6845] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 200.387483][ T6845] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 200.413730][ T8171] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 200.426912][ T8171] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 200.437269][ T8171] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 200.446570][ T8171] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 200.455473][ T8171] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 200.466797][ T8171] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 200.473456][ T8189] netlink: 88 bytes leftover after parsing attributes in process `syz-executor.1'. [ 200.497503][ T6847] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 200.514422][ T8191] netlink: 88 bytes leftover after parsing attributes in process `syz-executor.1'. [ 200.521841][ T6847] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 14:46:25 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000011000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_CREATE_DEVICE(0xffffffffffffffff, 0xc00caee0, 0x0) r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='clear_refs\x00') r3 = syz_open_procfs(0x0, &(0x7f0000000040)='sessionid\x00') sendfile(r2, r3, 0x0, 0x1) ioctl$KDGKBDIACR(0xffffffffffffffff, 0x4b4a, 0x0) [ 200.540343][ T6847] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 200.551881][ T6847] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 200.566508][ T6845] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 200.579390][ T6845] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 200.589811][ T6845] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 200.607694][ T6845] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 200.623316][ T6845] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 200.633087][ T8194] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 200.633809][ T6845] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 200.659865][ T6845] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 200.670636][ T6845] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 200.686115][ T6845] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 200.739086][ T8171] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 200.756545][ T8171] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 200.771548][ T6849] device veth0_macvtap entered promiscuous mode [ 200.809146][ T6845] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 200.832252][ T6845] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 200.844962][ T6845] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 14:46:25 executing program 1: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x4031, 0xffffffffffffffff, 0x0) mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x8003, &(0x7f0000000000)=0x3, 0x8, 0x0) remap_file_pages(&(0x7f00002ec000/0x200000)=nil, 0x201608, 0x0, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(0xffffffffffffffff, 0x84, 0x6c, 0x0, 0x0) 14:46:25 executing program 2: r0 = fanotify_init(0x0, 0x0) r1 = epoll_create1(0x0) r2 = fcntl$dupfd(r1, 0x2, 0xffffffffffffffff) fanotify_mark(r0, 0x102, 0x38, r2, 0x0) [ 200.873904][ T6845] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 200.938601][ T6849] device veth1_macvtap entered promiscuous mode [ 200.953333][ T2464] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 200.968476][ T2464] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 200.989603][ T8206] mmap: syz-executor.1 (8206) uses deprecated remap_file_pages() syscall. See Documentation/vm/remap_file_pages.rst. 14:46:26 executing program 2: mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) prctl$PR_TASK_PERF_EVENTS_ENABLE(0x20) r0 = socket(0x400000000000010, 0x2, 0x0) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ttyS3\x00', 0x200100, 0x0) ioctl$TCSETAF(0xffffffffffffffff, 0x5408, &(0x7f0000000140)={0x2, 0x5, 0x8, 0x245, 0x5, "134f1200b5276635"}) ioctl$sock_TIOCOUTQ(0xffffffffffffffff, 0x5411, 0x0) write(r0, &(0x7f00000000c0)="24000000200099f0003be90000ed190e020008160000100000ba1080080002007f196be0", 0x24) pivot_root(&(0x7f0000000340)='./file0\x00', &(0x7f0000000040)='./file0\x00') mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x0, 0x10, 0xffffffffffffffff, 0x0) [ 201.069673][ T6849] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 14:46:26 executing program 4: r0 = syz_open_procfs(0x0, &(0x7f0000000140)='uid_map\x00') write$RDMA_USER_CM_CMD_JOIN_MCAST(r0, 0x0, 0x0) [ 201.137023][ T6849] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 201.178295][ T6849] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 201.230479][ T6849] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 201.276899][ T6849] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 201.339083][ T6849] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 201.372972][ T6849] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 201.384750][ T6849] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 201.395315][ T6849] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 201.424254][ T6849] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 201.447790][ T6849] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 201.575766][ T8135] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 201.590279][ T8135] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 201.617211][ T6849] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 201.628923][ T6849] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 201.645258][ T6849] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 201.656887][ T6849] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 201.667542][ T6849] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 201.697178][ T6849] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 201.715627][ T6849] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 201.726705][ T6849] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 201.765655][ T6849] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 201.778059][ T6849] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 201.801158][ T6849] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 201.814042][ T6849] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 201.835221][ T6849] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 201.854680][ T6849] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 201.874239][ T6849] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 201.901044][ T2626] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 201.910275][ T2626] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready 14:46:27 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_CTHELPER_NEW(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000400)={0x14, 0x0, 0x4, 0x101}, 0x14}}, 0x0) 14:46:27 executing program 3: r0 = socket$inet_udp(0x2, 0x2, 0x0) close(r0) clone(0x4000010006dfd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) syz_open_procfs(0x0, &(0x7f0000000000)='loginuid\x00') pipe(&(0x7f0000000100)={0xffffffffffffffff}) vmsplice(r1, &(0x7f0000000040)=[{&(0x7f00000002c0)="1f", 0x1}], 0x1, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) preadv(r0, &(0x7f0000000200)=[{&(0x7f0000000180)=""/13, 0xd}], 0x1, 0x0, 0x0) 14:46:27 executing program 5: r0 = syz_io_uring_setup(0x15a3, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000040)={'syzkaller1\x00', 0x420000015001}) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x4}, 0x0) io_uring_enter(r0, 0x450c, 0x0, 0x0, 0x0, 0x0) 14:46:27 executing program 2: r0 = socket$inet6(0xa, 0x800000000000002, 0x0) r1 = socket$packet(0x11, 0x2, 0x300) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast1, 0x3}, 0x1c) setsockopt$inet6_udp_int(r0, 0x11, 0x67, &(0x7f0000000100)=0x2e4, 0x4) setsockopt$sock_linger(r0, 0x1, 0x3c, &(0x7f0000000180)={0x200000000000001}, 0x8) connect$inet6(r0, &(0x7f0000004540)={0xa, 0x4e20, 0x0, @ipv4={[], [], @multicast2}}, 0x1c) sendmmsg(r0, &(0x7f0000004d80)=[{{0x0, 0x2000000, &(0x7f0000001500)=[{&(0x7f0000000040)="d3622fe131479cee20fb607a9585dc0b411519fd3b65066522d73df58b9257b566c6fc626776defc3a2e249c910ccab00220bc31d41e44f96f67971b8ed8a3dc9eb4123a903d58da02dd1eca653150422bc91e9585fbf8", 0x57}, {&(0x7f00000011c0)="7cc3be44ec866303c11f9ec49c2fe80d4ccef580f3bf717b5e129f1dc7766fdf864b7bc35924f34bb5fd1dd89172a4b0db90eea51bdfec78bb53e8d41773cba7f1305a8a05b7368445a71ef7870273f1544930baf73a8bfa6ece09d54376b821b65fdf1e0704f1f3c5a823fa67f635159af010053f5b909f8e944c43d6fb1c4fca639b470d3e6ad140d0838958ecf0fc98a780205474fdeb93a97d27b4f3314a9585129aaec893d7fe36d87fd746841ac5c60b31e1732a1a3ca0afcc4068cdde63b142700c563c1ab59dc0b7200723bf21c694583ed8fed1b2bc5c204df3812c223ce0de2f40b69e7f4e8ba1c3ebc31de2f4190e3f1ceb", 0xf7}, {&(0x7f00000012c0), 0x80fe}, {&(0x7f0000000280)="0c22fcc306e8a4d628dc3f33cd1758b784d34ef62ecd943b96c5573b05e34886b55503a08eeac42aafc204e9fec654b4b0853f4c32d8d6f8968a96b81710a9ed49ae96ea22eb07accdc99ed31fb48b921b4c9af7278829eb32247169da3593e5e73371e82e3558cd87b9c876b91e091e933496ae3a6b5a00a79f50110980c83af2fd44e0f08908f806be4146080def894a3ac87c3d214e32b0e031c8873b6ed3cdb9c160ee236576cb5a749ee356d4f5df961b35ec3667bcfa641e2c812a5eefbd78546783b6bd280dc4ec1cd015bee7d07f0993d6", 0xd5}, {&(0x7f0000001440)="7b18908bcd34b2f4eef2193c5f89bb79551b5d7000ccc31628374b03e7f0b8bbfe45", 0x22}], 0x5, 0x0, 0x0, 0xffffffe0}}], 0x400000000000132, 0x400000a) 14:46:27 executing program 1: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x4031, 0xffffffffffffffff, 0x0) mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x8003, &(0x7f0000000000)=0x3, 0x8, 0x0) remap_file_pages(&(0x7f00002ec000/0x200000)=nil, 0x201608, 0x0, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(0xffffffffffffffff, 0x84, 0x6c, 0x0, 0x0) 14:46:27 executing program 4: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$KDFONTOP_GET(r0, 0x4b72, 0x0) 14:46:27 executing program 0: openat2(0xffffffffffffffff, 0x0, &(0x7f00000000c0)={0x100041, 0xd66473d573e98a3e}, 0x18) 14:46:27 executing program 0: r0 = socket(0x2b, 0x1, 0x0) getsockopt$EBT_SO_GET_INFO(r0, 0x0, 0x16, 0x0, &(0x7f0000000080)) 14:46:28 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='ramfs\x00', 0x50, 0x0) r0 = creat(&(0x7f00000001c0)='./file0/bus\x00', 0x6857b21ff1155d90) fcntl$lock(r0, 0x7, &(0x7f0000027000)={0x1}) r1 = open(&(0x7f0000021000)='./file0\x00', 0x0, 0x0) fchdir(r1) r2 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r2, &(0x7f0000000100)=ANY=[], 0x1c) lseek(0xffffffffffffffff, 0x1000000000000003, 0x0) sendfile(r2, r2, &(0x7f0000000240), 0x7fff) 14:46:28 executing program 4: sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000004c0)=ANY=[@ANYBLOB="c00000000001190500000300610000000a0000003c0001002c0001001400030016f8bad33edad6b8000000000000000014000400fe8002000000000000000000000000bb0c00020005000100000000003c0002000c00020005000100000000002c00010014000300fe88000000000000000000000000000114000400ff01000000000000000000000000000508000700000000002c000d"], 0xc0}}, 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) sendmsg$NFT_MSG_GETCHAIN(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000200)={0x0}, 0x8}, 0x0) 14:46:28 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0xa, &(0x7f0000000000)=0xbf, 0x4) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) bind$inet6(r0, &(0x7f0000d84000)={0xa, 0x2}, 0x1c) sendto$inet6(r0, &(0x7f00000000c0)="044aac2f202c5feda71e039a57a93088fdcce4afe28aac61837792741a190670ccbe1a2b00aa77a87d56a3f12c7920ad02928a5d1014e5b896f000fcf6521928480be9af82613a5c661f4110adba358afd8b5b4ef1702051e393ede2698112a1f1bdf1d0f568546ed322ab4c53545bd2cd6e48522f0c154cb3c6864dc30ae921db100f1ee97a234503338f8fdf356472da0c7ab62f274f34", 0xfffffffffffffee0, 0x20000004, &(0x7f0000b63fe4)={0xa, 0x2}, 0x1c) recvmmsg(r0, &(0x7f0000000080)=[{{0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000007f40)=""/4096, 0x1000}], 0x1}, 0x2}], 0x45, 0x120, 0x0) [ 203.141871][ T8274] netlink: 40 bytes leftover after parsing attributes in process `syz-executor.4'. [ 203.350206][ T303] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 14:46:28 executing program 1: set_mempolicy(0x3, &(0x7f0000000080)=0xe4e, 0x7) r0 = socket(0x11, 0x2, 0x0) setsockopt(r0, 0x2000000000000107, 0x1, &(0x7f00000000c0)="210000000200060000071a80000001cc", 0x10) setsockopt(r0, 0x2000000000000107, 0x1, &(0x7f0000000000)="010000000200060000cd071a80000001", 0x10) 14:46:28 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x33}}, 0x10) connect$inet(r0, &(0x7f0000000140)={0x2, 0x0, @multicast1}, 0x10) sendmmsg(r0, &(0x7f0000007fc0), 0x4000000000002b8, 0x0) 14:46:28 executing program 4: r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) openat$vim2m(0xffffffffffffff9c, &(0x7f0000000340)='/dev/vim2m\x00', 0x2, 0x0) socket$tipc(0x1e, 0x5, 0x0) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r1, 0x40045431, 0x0) openat$mice(0xffffffffffffff9c, &(0x7f0000000040)='/dev/input/mice\x00', 0x0) socket(0x0, 0x0, 0x0) ioctl$int_in(r0, 0x800000c004500a, &(0x7f0000000300)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41bf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x101}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000080)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x2, 0x0, 0x0, 0x4}, 0x0, &(0x7f0000000000)={0x1ff, 0x0, 0x0, 0x7fffffff, 0x0, 0x7ff, 0x9573}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0) [ 204.119235][ T303] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 204.550017][ T303] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 14:46:29 executing program 5: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000080)={0x0, 0x7}, 0x4) r1 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f0000000080)={0x0, 0x7}, 0x4) r2 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r2, 0x107, 0x12, &(0x7f0000000080)={0x0, 0x7}, 0x4) dup3(r0, r2, 0x0) 14:46:29 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='ramfs\x00', 0x50, 0x0) r0 = creat(&(0x7f00000001c0)='./file0/bus\x00', 0x6857b21ff1155d90) fcntl$lock(r0, 0x7, &(0x7f0000027000)={0x1}) r1 = open(&(0x7f0000021000)='./file0\x00', 0x0, 0x0) fchdir(r1) r2 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r2, &(0x7f0000000100)=ANY=[], 0x1c) lseek(0xffffffffffffffff, 0x1000000000000003, 0x0) sendfile(r2, r2, &(0x7f0000000240), 0x7fff) 14:46:29 executing program 2: openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) unshare(0x400) r0 = socket$inet6_sctp(0xa, 0x1, 0x84) ppoll(&(0x7f0000000040)=[{}, {}, {}, {}, {}, {}, {r0}], 0x6a, 0x0, 0x0, 0x0) 14:46:29 executing program 1: getpid() fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0) r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f0000000280)=0x3, 0xc6) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000003040)='ip6tnl0\x00', 0x10) connect$inet(r0, &(0x7f00000002c0)={0x2, 0x0, @multicast1}, 0x10) sendmmsg(r0, &(0x7f00000038c0), 0x4000000000000a8, 0x0) bind$packet(0xffffffffffffffff, 0x0, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) 14:46:29 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0xa, &(0x7f0000000000)=0xbf, 0x4) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) bind$inet6(r0, &(0x7f0000d84000)={0xa, 0x2}, 0x1c) sendto$inet6(r0, &(0x7f00000000c0)="044aac2f202c5feda71e039a57a93088fdcce4afe28aac61837792741a190670ccbe1a2b00aa77a87d56a3f12c7920ad02928a5d1014e5b896f000fcf6521928480be9af82613a5c661f4110adba358afd8b5b4ef1702051e393ede2698112a1f1bdf1d0f568546ed322ab4c53545bd2cd6e48522f0c154cb3c6864dc30ae921db100f1ee97a234503338f8fdf356472da0c7ab62f274f34", 0xfffffffffffffee0, 0x20000004, &(0x7f0000b63fe4)={0xa, 0x2}, 0x1c) recvmmsg(r0, &(0x7f0000000080)=[{{0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000007f40)=""/4096, 0x1000}], 0x1}, 0x2}], 0x45, 0x120, 0x0) 14:46:29 executing program 4: r0 = open(&(0x7f00000000c0)='./file0\x00', 0x1013c1, 0x0) ioctl$EXT4_IOC_GROUP_EXTEND(r0, 0x40046629, &(0x7f0000000180)) 14:46:29 executing program 4: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000)='/dev/net/tun\x00', 0x88042, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x1}) r1 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_inet_SIOCSIFADDR(r1, 0x8914, &(0x7f0000000040)={'syzkaller1\x00', {0x7, 0x0, @empty}}) write$tun(r0, &(0x7f0000000700)={@val={0x5, 0xf5}, @val={0x0, 0x0, 0x0, 0xfffe}, @eth={@local, @random="86bc8f37b97a", @void, {@mpls_uc={0x8847, {[], @ipv6=@udp={0x0, 0x6, "e0ed32", 0x8, 0x11, 0x0, @empty, @remote, {[], {0x0, 0x0, 0x8}}}}}}}}, 0x4c) 14:46:30 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$SO_COOKIE(r0, 0x1, 0x39, 0x0, &(0x7f0000000040)) 14:46:30 executing program 1: ioperm(0x0, 0x9, 0x80000001) epoll_create(0x0) 14:46:30 executing program 5: socketpair$unix(0x1, 0x80000000001, 0x0, &(0x7f0000000500)={0xffffffffffffffff, 0xffffffffffffffff}) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0xfffffffffffffffb, 0x31, 0xffffffffffffffff, 0x0) write$binfmt_elf64(r0, &(0x7f0000000380)=ANY=[], 0x8724) pipe(0x0) write$binfmt_misc(r0, &(0x7f0000000540)=ANY=[@ANYRES16, @ANYBLOB], 0x7fffffff) recvfrom(r1, &(0x7f0000000040)=""/184, 0xffffffc9, 0x40012500, 0x0, 0xffffffffffffff49) 14:46:30 executing program 1: ioctl$DRM_IOCTL_AGP_FREE(0xffffffffffffffff, 0x40206435, &(0x7f0000000000)={0x1}) r0 = socket$inet6_sctp(0xa, 0x5, 0x84) r1 = socket$inet(0x2, 0x80001, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r1, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000040)=0x8) setsockopt$inet_sctp6_SCTP_AUTH_KEY(r0, 0x84, 0x19, &(0x7f0000000040)={r2}, 0x8) 14:46:30 executing program 0: r0 = getpid() process_vm_readv(r0, &(0x7f0000001380)=[{0x0}, {0x0}, {&(0x7f0000000100)=""/47, 0x2f}], 0x8, &(0x7f0000001480)=[{&(0x7f0000000000)=""/78, 0x7ffff000}], 0x1, 0x0) 14:46:30 executing program 1: sendmsg$IPVS_CMD_GET_INFO(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000), 0xc, 0x0}, 0x0) r0 = socket$inet(0x2, 0x80001, 0x84) r1 = socket$inet(0x2, 0x80001, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r1, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000040)=0x8) getsockopt$inet_sctp_SCTP_DELAYED_SACK(r0, 0x84, 0x82, &(0x7f0000000140)=@assoc_value={r2}, &(0x7f0000000180)=0x8) [ 205.680831][ T303] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 14:46:30 executing program 3: perf_event_open(&(0x7f0000000200)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0xce7c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffbfffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="2e0202003100050fd25a80648c63940d0d24fc6010003240020c2500051a82c137153e670800038014000000d1bd", 0x33fe0}], 0x1}, 0x0) [ 207.026846][ T303] tipc: TX() has been purged, node left! [ 208.870625][ T303] device hsr_slave_0 left promiscuous mode [ 208.877427][ T303] device hsr_slave_1 left promiscuous mode [ 208.883869][ T303] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 208.892704][ T303] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 208.902950][ T303] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 208.910920][ T303] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 208.921734][ T303] device bridge_slave_1 left promiscuous mode [ 208.929006][ T303] bridge0: port 2(bridge_slave_1) entered disabled state [ 208.941891][ T303] device bridge_slave_0 left promiscuous mode [ 208.948914][ T303] bridge0: port 1(bridge_slave_0) entered disabled state [ 208.965600][ T303] device veth1_macvtap left promiscuous mode [ 208.971813][ T303] device veth0_macvtap left promiscuous mode [ 208.979092][ T303] device veth1_vlan left promiscuous mode [ 208.984907][ T303] device veth0_vlan left promiscuous mode [ 211.865409][ T7340] Bluetooth: hci2: command 0x0409 tx timeout [ 213.321001][ T303] team0 (unregistering): Port device team_slave_1 removed [ 213.336706][ T303] team0 (unregistering): Port device team_slave_0 removed [ 213.350506][ T303] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 213.363780][ T303] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 213.432857][ T303] bond0 (unregistering): Released all slaves [ 213.499349][ T8405] IPVS: ftp: loaded support on port[0] = 21 [ 213.664362][ T8405] chnl_net:caif_netlink_parms(): no params data found [ 213.750341][ T8405] bridge0: port 1(bridge_slave_0) entered blocking state [ 213.757573][ T8405] bridge0: port 1(bridge_slave_0) entered disabled state [ 213.765671][ T8405] device bridge_slave_0 entered promiscuous mode [ 213.774727][ T8405] bridge0: port 2(bridge_slave_1) entered blocking state [ 213.782548][ T8405] bridge0: port 2(bridge_slave_1) entered disabled state [ 213.790654][ T8405] device bridge_slave_1 entered promiscuous mode [ 213.823384][ T8405] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 213.839797][ T8405] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 213.873198][ T8405] team0: Port device team_slave_0 added [ 213.884328][ T8405] team0: Port device team_slave_1 added [ 213.909202][ T8405] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 213.916410][ T8405] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 213.942888][ T12] Bluetooth: hci2: command 0x041b tx timeout [ 213.952859][ T8405] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 213.968453][ T8405] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 213.976007][ T8405] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 214.002490][ T8405] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 214.039019][ T8405] device hsr_slave_0 entered promiscuous mode [ 214.046866][ T8405] device hsr_slave_1 entered promiscuous mode [ 214.053563][ T8405] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 214.065080][ T8405] Cannot create hsr debugfs directory [ 214.227365][ T8405] bridge0: port 2(bridge_slave_1) entered blocking state [ 214.234566][ T8405] bridge0: port 2(bridge_slave_1) entered forwarding state [ 214.242390][ T8405] bridge0: port 1(bridge_slave_0) entered blocking state [ 214.249504][ T8405] bridge0: port 1(bridge_slave_0) entered forwarding state [ 214.387290][ T8405] 8021q: adding VLAN 0 to HW filter on device bond0 [ 214.407505][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 214.432967][ T23] bridge0: port 1(bridge_slave_0) entered disabled state [ 214.450906][ T23] bridge0: port 2(bridge_slave_1) entered disabled state [ 214.475517][ T8405] 8021q: adding VLAN 0 to HW filter on device team0 [ 214.492476][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 214.511346][ T23] bridge0: port 1(bridge_slave_0) entered blocking state [ 214.518480][ T23] bridge0: port 1(bridge_slave_0) entered forwarding state [ 214.535741][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 214.544538][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 214.554729][ T23] bridge0: port 2(bridge_slave_1) entered blocking state [ 214.561945][ T23] bridge0: port 2(bridge_slave_1) entered forwarding state [ 214.586214][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 214.594711][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 214.625531][ T8171] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 214.628177][ T8171] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 214.644232][ T8171] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 214.653812][ T8171] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 214.673042][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 214.681934][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 214.691402][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 214.701005][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 214.710728][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 214.723564][ T8405] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 214.752409][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 214.762648][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 214.779726][ T8405] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 214.910739][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 214.920607][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 214.948636][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 214.958081][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 214.974043][ T8405] device veth0_vlan entered promiscuous mode [ 214.996935][ T8171] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 215.004875][ T8171] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 215.034021][ T8405] device veth1_vlan entered promiscuous mode [ 215.081835][ T8171] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 215.091199][ T8171] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 215.101738][ T8171] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 215.111084][ T8171] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 215.124241][ T8405] device veth0_macvtap entered promiscuous mode [ 215.148792][ T8405] device veth1_macvtap entered promiscuous mode [ 215.192539][ T8405] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 215.212025][ T8405] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 215.223999][ T8405] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 215.243119][ T8405] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 215.253297][ T8405] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 215.268555][ T8405] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 215.278575][ T8405] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 215.289120][ T8405] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 215.299079][ T8405] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 215.309691][ T8405] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 215.320835][ T8405] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 215.330164][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 215.339642][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 215.347914][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 215.356740][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 215.368353][ T8405] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 215.380159][ T8405] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 215.391305][ T8405] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 215.402131][ T8405] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 215.412292][ T8405] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 215.423163][ T8405] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 215.433301][ T8405] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 215.444051][ T8405] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 215.454166][ T8405] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 215.474178][ T8405] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 215.485649][ T8405] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 215.498117][ T8171] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 215.507474][ T8171] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready 14:46:40 executing program 2: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$UHID_INPUT(r1, &(0x7f0000000980), 0x10a9) r2 = creat(&(0x7f0000000140)='./bus\x00', 0x0) lseek(r2, 0x4200, 0x0) r3 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x1ff, &(0x7f00000004c0)=0x0) open(0x0, 0x0, 0x0) ioctl$FS_IOC_RESVSP(0xffffffffffffffff, 0x40305828, &(0x7f0000000000)) io_submit(r4, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r3, &(0x7f0000000000), 0x10000}]) r5 = open(&(0x7f0000000200)='./bus\x00', 0x8c080, 0x1ce) sendfile(r2, r5, 0x0, 0x8400fffffffb) sendfile(r1, r1, &(0x7f0000000100), 0x8080ffffff80) 14:46:40 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @random}, &(0x7f0000000140)=0x14) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000500)=@newlink={0xec, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, r3}, [@IFLA_AF_SPEC={0xcc, 0x1a, 0x0, 0x1, [@AF_INET6={0x18, 0x2, 0x0, 0x1, [@IFLA_INET6_TOKEN={0x14, 0x7, @local}]}, @AF_INET={0x30, 0x2, 0x0, 0x1, {0x2c, 0x1, 0x0, 0x1, [{0x6a0}, {0x8}, {0x4}, {0x8}, {0x8}]}}, @AF_INET={0x18, 0x2, 0x0, 0x1, {0x14, 0x1, 0x0, 0x1, [{0x8, 0xd}, {0x8, 0xd}]}}, @AF_INET6={0x18, 0xa, 0x0, 0x1, [@IFLA_INET6_TOKEN={0x14, 0x7, @mcast2}, @IFLA_INET6_TOKEN={0x0, 0x7, @mcast2}, @IFLA_INET6_TOKEN={0x0, 0x7, @dev}]}, @AF_INET={0x28, 0x2, 0x0, 0x1, {0x24, 0x1, 0x0, 0x1, [{0x8}, {0x8}, {0x8}, {0x8}]}}, @AF_MPLS={0x4}, @AF_INET6={0x0, 0xa, 0x0, 0x1, [@IFLA_INET6_TOKEN={0x0, 0x7, @rand_addr=' \x01\x00'}, @IFLA_INET6_ADDR_GEN_MODE, @IFLA_INET6_ADDR_GEN_MODE, @IFLA_INET6_TOKEN={0x0, 0x7, @dev}, @IFLA_INET6_TOKEN={0x0, 0x7, @mcast2}, @IFLA_INET6_TOKEN={0x0, 0x7, @rand_addr=' \x01\x00'}, @IFLA_INET6_TOKEN={0x0, 0x7, @private1}, @IFLA_INET6_ADDR_GEN_MODE, @IFLA_INET6_ADDR_GEN_MODE]}, @AF_MPLS={0x4}]}]}, 0xec}}, 0x0) 14:46:40 executing program 0: r0 = getpid() process_vm_readv(r0, &(0x7f0000001380)=[{0x0}, {0x0}, {&(0x7f0000000100)=""/47, 0x2f}], 0x8, &(0x7f0000001480)=[{&(0x7f0000000000)=""/78, 0x7ffff000}], 0x1, 0x0) 14:46:40 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet(0x2, 0x4000000805, 0x0) r1 = socket$inet_sctp(0x2, 0x5, 0x84) r2 = dup3(r0, r1, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r1, 0x84, 0x64, &(0x7f0000d6cff0)=[@in={0x2, 0x4e20, @loopback}], 0x10) sendto$inet(r2, &(0x7f0000fa3fff)='\t', 0x1, 0x0, &(0x7f00006f7000)={0x2, 0x0, @local}, 0x10) sendto$inet(r1, &(0x7f00003cef9f)='7', 0xfffa, 0x0, &(0x7f0000618000)={0x2, 0x4e20, @loopback}, 0x10) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r1, 0x84, 0x1d, &(0x7f0000000000)=ANY=[@ANYBLOB="f12cc673", @ANYRES32=0x0, @ANYRES32=0x0], &(0x7f0000a8a000)=0xc) getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r2, 0x84, 0x7a, &(0x7f000059aff8)={r3}, &(0x7f000034f000)=0x2059b005) 14:46:40 executing program 5: socketpair(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x7, &(0x7f0000000100)=[{}, {}, {}, {}, {}, {}, {}]}) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x8946, &(0x7f00000025c0)='lo\x00\x96o\xd6Q\xb1Y\xa9\xc8J,`\xd2\x98\x00\x00\x00 ') 14:46:40 executing program 4: r0 = msgget$private(0x0, 0x0) msgsnd(r0, &(0x7f0000001640)=ANY=[@ANYRESOCT], 0x1, 0x0) msgget$private(0x0, 0x0) msgsnd(r0, &(0x7f00000002c0)=ANY=[@ANYBLOB="01"], 0x6f, 0x0) msgctl$IPC_RMID(r0, 0x0) 14:46:40 executing program 5: set_mempolicy(0x2, &(0x7f00000000c0)=0x2, 0x8) r0 = epoll_create1(0x0) pipe(&(0x7f00000006c0)={0xffffffffffffffff, 0xffffffffffffffff}) epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r1, &(0x7f0000000180)) 14:46:40 executing program 0: mkdir(&(0x7f00000001c0)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f0000000000)='cgroup.procs\x00', 0x2, 0x0) writev(r1, &(0x7f0000000440)=[{&(0x7f0000000180)='0', 0x1}], 0x1) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x7f, 0x89}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0) r2 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080)='/dev/fuse\x00', 0x42, 0x0) mount$fuse(0x0, &(0x7f00000042c0)='./file0\x00', &(0x7f0000002100)='fuse\x00', 0x0, &(0x7f0000002140)={{'fd', 0x3d, r2}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {'user_id'}, 0x2c, {'group_id'}}) openat(0xffffffffffffff9c, &(0x7f00000020c0)='./file0/file0\x00', 0x0, 0x0) 14:46:40 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000140)='ethtool\x00') perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$ETHTOOL_MSG_FEATURES_GET(r0, &(0x7f0000000900)={0x0, 0x0, &(0x7f00000008c0)={&(0x7f0000000800)={0x18, r1, 0x17775fa4b38beb79, 0x0, 0x0, {0x2}, [@HEADER={0x4}]}, 0x18}}, 0x0) 14:46:40 executing program 4: r0 = fsopen(&(0x7f0000000100)='configfs\x00', 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f0000000000)='mqueue\x00', &(0x7f0000000140)='mqueue\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f0000000240)='ppp1[\x00', &(0x7f00000004c0)='\x15\xcc\x10\xddu\xfe\x7f\xcb\f\xc6\xc1^N\xec\x95\xa5\x9a~\x8f\xba[\xaeC(\xbf\xf31\xee\x00\xfc\xd4\xc2\x7f\xb9\x8f\x94k\x85n\x9f\x1e\xf7\xee\xb7\x00\x8bg$?OM+\x9d\x1f\x05\xf4\x8d%\xf6\xb5l\x8f\xaf<\xef\"V\x9f\xde\xf5\xa6\xe8\xa0\x99R}\xa9\x83\xd9\xe2\xfa}\xaf\xf3\xc0\xd0\x81to\xe9k4U1\xea\xa3\xa2F\x01\xf2$\xd8\xea\xe0 I\xa8\xd4\nYp\x9c-P\x90\xea?o\xc4\x17]cW\xd5\xa9Y\x8d\xffp\x9a\n;\xb8\xf1)e\x7f\xc8G\x8dv\xfb\xe3\x03\x10WV\xfa\xed\xb7\xee\x1eW\xc7\xbc\xe3S\x97\x00'/171, 0x0) fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f0000000300)='.vboxnet0^keyring,%\x00', &(0x7f0000000480)='selinuxwlan0eth1+md5sum\x00', 0x0) dup3(r1, r0, 0x0) [ 215.879410][ T28] audit: type=1804 audit(1599749200.882:2): pid=8636 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir234092815/syzkaller.6R0vNs/1/bus" dev="sda1" ino=15809 res=1 errno=0 14:46:41 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet(0x2, 0x4000000805, 0x0) r1 = socket$inet_sctp(0x2, 0x5, 0x84) r2 = dup3(r0, r1, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r1, 0x84, 0x64, &(0x7f0000d6cff0)=[@in={0x2, 0x4e20, @loopback}], 0x10) sendto$inet(r2, &(0x7f0000fa3fff)='\t', 0x1, 0x0, &(0x7f00006f7000)={0x2, 0x0, @local}, 0x10) sendto$inet(r1, &(0x7f00003cef9f)='7', 0xfffa, 0x0, &(0x7f0000618000)={0x2, 0x4e20, @loopback}, 0x10) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r1, 0x84, 0x1d, &(0x7f0000000000)=ANY=[@ANYBLOB="f12cc673", @ANYRES32=0x0, @ANYRES32=0x0], &(0x7f0000a8a000)=0xc) getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r2, 0x84, 0x7a, &(0x7f000059aff8)={r3}, &(0x7f000034f000)=0x2059b005) [ 216.015392][ T2626] Bluetooth: hci2: command 0x040f tx timeout 14:46:41 executing program 5: creat(&(0x7f00000001c0)='./file0\x00', 0x32) fanotify_init(0x0, 0x0) openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040)='/dev/rfkill\x00', 0x0, 0x0) r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) unshare(0x8000400) mq_open(&(0x7f0000000000)='-$\x00', 0x6e93ebbbcc0884ee, 0x0, 0x0) ioctl$int_in(r0, 0x800000c004500a, &(0x7f0000000300)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000240)={0x0, 0x0}) mq_getsetattr(0xffffffffffffffff, 0x0, 0x0) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r1+30000000}, 0x0) [ 216.591995][ T28] audit: type=1804 audit(1599749201.592:3): pid=8664 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir234092815/syzkaller.6R0vNs/1/bus" dev="sda1" ino=15809 res=1 errno=0 14:46:41 executing program 4: r0 = openat$audio(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/audio\x00', 0x1, 0x0) ioctl$SNDCTL_DSP_GETIPTR(r0, 0x800c5011, &(0x7f0000000140)) 14:46:41 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@newlink={0x40, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @veth={{0x9, 0x1, 'veth\x00'}, {0x4, 0x2, 0x0, 0x1, @void}}}, @IFLA_ADDRESS={0xa, 0x1, @multicast}]}, 0x40}}, 0x0) 14:46:41 executing program 3: r0 = socket$inet6(0xa, 0x2, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000000)={&(0x7f0000004540)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x2, [@struct={0x0, 0x2, 0x0, 0x4, 0x0, 0x0, [{}]}]}}, &(0x7f0000004600)=""/200, 0x32, 0xc8, 0x8}, 0x20) 14:46:41 executing program 2: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$UHID_INPUT(r1, &(0x7f0000000980), 0x10a9) r2 = creat(&(0x7f0000000140)='./bus\x00', 0x0) lseek(r2, 0x4200, 0x0) r3 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x1ff, &(0x7f00000004c0)=0x0) open(0x0, 0x0, 0x0) ioctl$FS_IOC_RESVSP(0xffffffffffffffff, 0x40305828, &(0x7f0000000000)) io_submit(r4, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r3, &(0x7f0000000000), 0x10000}]) r5 = open(&(0x7f0000000200)='./bus\x00', 0x8c080, 0x1ce) sendfile(r2, r5, 0x0, 0x8400fffffffb) sendfile(r1, r1, &(0x7f0000000100), 0x8080ffffff80) [ 216.780166][ T8672] BPF:[1] STRUCT (anon) 14:46:41 executing program 1: r0 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/autofs\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0x541b, 0x0) [ 216.800541][ T8672] BPF: [ 216.803156][ T8675] BPF:[1] STRUCT (anon) [ 216.816890][ T8672] BPF:meta_left:12 meta_needed:24 14:46:41 executing program 4: r0 = socket(0x2, 0x6, 0x0) ioctl$sock_qrtr_TIOCINQ(r0, 0x541b, &(0x7f0000000080)) 14:46:41 executing program 5: creat(&(0x7f00000001c0)='./file0\x00', 0x32) fanotify_init(0x0, 0x0) openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040)='/dev/rfkill\x00', 0x0, 0x0) r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) unshare(0x8000400) mq_open(&(0x7f0000000000)='-$\x00', 0x6e93ebbbcc0884ee, 0x0, 0x0) ioctl$int_in(r0, 0x800000c004500a, &(0x7f0000000300)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000240)={0x0, 0x0}) mq_getsetattr(0xffffffffffffffff, 0x0, 0x0) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r1+30000000}, 0x0) [ 216.846421][ T8672] BPF: [ 216.846421][ T8672] [ 216.855623][ T8675] BPF: [ 216.877417][ T8675] BPF:meta_left:12 meta_needed:24 14:46:41 executing program 0: mkdir(&(0x7f00000001c0)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f0000000000)='cgroup.procs\x00', 0x2, 0x0) writev(r1, &(0x7f0000000440)=[{&(0x7f0000000180)='0', 0x1}], 0x1) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x7f, 0x89}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0) r2 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080)='/dev/fuse\x00', 0x42, 0x0) mount$fuse(0x0, &(0x7f00000042c0)='./file0\x00', &(0x7f0000002100)='fuse\x00', 0x0, &(0x7f0000002140)={{'fd', 0x3d, r2}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {'user_id'}, 0x2c, {'group_id'}}) openat(0xffffffffffffff9c, &(0x7f00000020c0)='./file0/file0\x00', 0x0, 0x0) [ 216.914886][ T8675] BPF: [ 216.914886][ T8675] 14:46:41 executing program 3: r0 = openat$mice(0xffffffffffffff9c, &(0x7f0000000000)='/dev/input/mice\x00', 0x204800) bpf$BPF_GET_MAP_INFO(0x16, &(0x7f0000000740)={r0, 0x0, 0x0}, 0x10) [ 216.941879][ T28] audit: type=1804 audit(1599749201.942:4): pid=8679 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir234092815/syzkaller.6R0vNs/2/bus" dev="sda1" ino=15806 res=1 errno=0 14:46:42 executing program 1: r0 = socket$inet6(0xa, 0x6, 0x0) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20}, 0x1c) listen(r0, 0x5) r1 = socket$inet_dccp(0x2, 0x6, 0x0) connect$inet(r1, &(0x7f0000e5c000)={0x2, 0x4e20, @loopback=0x7f000002}, 0x10) getsockopt$inet_int(r1, 0x10d, 0xd7, &(0x7f0000000140), &(0x7f00000000c0)=0x4) 14:46:42 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty20(0xc, 0x4, 0x0) ioctl$VT_GETSTATE(r0, 0x5603, &(0x7f0000000140)) 14:46:42 executing program 3: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(0xffffffffffffffff, 0x84, 0x64, 0x0, 0x0) r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f00000000c0)={0x800005, 0x7, 0x0, 0xffffffffffffffff}) r2 = dup(r1) mmap(&(0x7f0000ffb000/0x1000)=nil, 0x400000, 0x0, 0x11, r2, 0x0) 14:46:42 executing program 5: creat(&(0x7f00000001c0)='./file0\x00', 0x32) fanotify_init(0x0, 0x0) openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040)='/dev/rfkill\x00', 0x0, 0x0) r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) unshare(0x8000400) mq_open(&(0x7f0000000000)='-$\x00', 0x6e93ebbbcc0884ee, 0x0, 0x0) ioctl$int_in(r0, 0x800000c004500a, &(0x7f0000000300)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000240)={0x0, 0x0}) mq_getsetattr(0xffffffffffffffff, 0x0, 0x0) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r1+30000000}, 0x0) 14:46:42 executing program 1: clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) setsockopt$IPT_SO_SET_REPLACE(r0, 0x4000000000000, 0x40, &(0x7f0000000540)=@raw={'raw\x00', 0x4001, 0x3, 0x4d8, 0x0, 0x0, 0x148, 0x360, 0x148, 0x440, 0x240, 0x240, 0x440, 0x240, 0x3, 0x0, {[{{@ip={@local, @empty, 0x0, 0x0, 'ip6gretap0\x00', 'team_slave_0\x00'}, 0x0, 0x2f8, 0x360, 0x0, {}, [@common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'lo\x00', {0x35, 0x2, 0x0, 0xf203, 0x0, 0x40000ec, 0x7}}}, @common=@unspec=@bpf1={{0x230, 'bpf\x00', 0x0}, @bytecode={0x2, 0x0, 0x0, [{0x0, 0x0, 0x0, 0x35}]}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, '\x00', 'syz0\x00'}}}, {{@uncond, 0x0, 0xc0, 0xe0, 0x0, {}, [@inet=@rpfilter={{0x28, 'rpfilter\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @unspec=@TRACE={0x20, 'TRACE\x00'}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x538) 14:46:42 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty20(0xc, 0x4, 0x0) ioctl$VT_GETSTATE(r0, 0x5603, &(0x7f0000000140)) [ 217.550460][ T8712] xt_bpf: check failed: parse error [ 217.616523][ T8714] xt_bpf: check failed: parse error 14:46:42 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0}, &(0x7f0000000280)=0x5) setuid(r1) r2 = socket$netlink(0x10, 0x3, 0x8000000004) writev(r2, &(0x7f0000000000)=[{&(0x7f0000000040)="580000001400add427323b470c45b4560206faffffff81004e22000d7f000001925aa80020007b00090080000efffeffe809000000ff0000f03ac7100003ffffffffffffffffffffffe7ee00000000000000000200000000", 0x58}], 0x1) 14:46:42 executing program 1: clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) setsockopt$IPT_SO_SET_REPLACE(r0, 0x4000000000000, 0x40, &(0x7f0000000540)=@raw={'raw\x00', 0x4001, 0x3, 0x4d8, 0x0, 0x0, 0x148, 0x360, 0x148, 0x440, 0x240, 0x240, 0x440, 0x240, 0x3, 0x0, {[{{@ip={@local, @empty, 0x0, 0x0, 'ip6gretap0\x00', 'team_slave_0\x00'}, 0x0, 0x2f8, 0x360, 0x0, {}, [@common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'lo\x00', {0x35, 0x2, 0x0, 0xf203, 0x0, 0x40000ec, 0x7}}}, @common=@unspec=@bpf1={{0x230, 'bpf\x00', 0x0}, @bytecode={0x2, 0x0, 0x0, [{0x0, 0x0, 0x0, 0x35}]}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, '\x00', 'syz0\x00'}}}, {{@uncond, 0x0, 0xc0, 0xe0, 0x0, {}, [@inet=@rpfilter={{0x28, 'rpfilter\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @unspec=@TRACE={0x20, 'TRACE\x00'}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x538) 14:46:42 executing program 4: perf_event_open(&(0x7f0000000000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_init_net_socket$llc(0x1a, 0x1, 0x0) bind$llc(r0, &(0x7f0000000280)={0x1a, 0x0, 0x7}, 0x10) sendmmsg(r0, &(0x7f00000001c0), 0x4000000000000cd, 0x0) 14:46:42 executing program 3: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000001400)=@ipx, 0x80, 0x0}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/igmp\x00') perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(r0, &(0x7f00000017c0), 0x1a5, 0x0, 0x0) [ 217.878151][ T8721] xt_bpf: check failed: parse error 14:46:42 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000500)=ANY=[@ANYBLOB="480000001000054700"/20, @ANYRES32=r3, @ANYBLOB="0000000000000000280012000900010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000080)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r3, @ANYBLOB="00000000ffffffff00000000090001006866736300fdff00080002"], 0x38}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000300)=@newtfilter={0x50, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {}, {0xfff1}}, [@filter_kind_options=@f_basic={{0xa, 0x1, 'basic\x00'}, {0x20, 0x2, [@TCA_BASIC_EMATCHES={0x1c, 0x2, 0x0, 0x1, [@TCA_EMATCH_TREE_HDR={0x8}, @TCA_EMATCH_TREE_LIST={0x10, 0x2, 0x0, 0x1, [@TCF_EM_META={0xc, 0x0, 0x0, 0x0, {{0x0, 0x5}}}]}]}]}}]}, 0x50}}, 0x0) 14:46:43 executing program 2: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = dup(r0) write$UHID_INPUT(r1, &(0x7f0000001440)={0x8, {"a2e3ad21ed6b52f99cfbf4c087f719b4d04fe7ff7fc6e5539b636e0e8b546a9b3772945b0890e0878fdb1ac6e7049b4cb4956c409a472a5b67f3988f7ef31952a981ffe8d178708c523c921b1b4d090a169b58d336cd3b78130daa61d8e809ea882f5802b77f07227227b7ba67e0e78657a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f309f4cff7738596ecae8707ce065cd5b91cd0ae193973735b36d5b1b63e91c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000000000075271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecd03aded6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1f416e56c71b1931870262f5e801119242ca5b6bfc821e7e7daf2451138e645bb80c617669314e2fbe70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d546a40b9f6ff14ac488ec130fb3850a27afc953854a642c57519544ae15a7e454dea05918b4124351601611c8f11baa500a3621c56cea8d20ff911a0c41db6ebe8cac64f17679141d54b34bbc9963ac4f4bb3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6a62fa678ca14ffd9f9db2a7869d85864056526f889af43a60560a22f1fca567e65d5e880572286522449df466c632b3570243f989cce3803f465e41e610c20d80421d653a5120000008213b704c7fb082ff27590678ef9f190bae979babc7041d860420c5664ba7921b14dc1db8892fd32d0ad7bc946813591ad8deff4b05f60cea0da7710ac0000000000008000bea37ce0d0d4aa202fef5952a5391fd5615d429a04a689b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2f05dd3318271a1f5f8528f227e79c1388dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4fb8a48a76eefc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44060bebc2420aed92fa9b6578b4779415d97b9a6d6d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2aed9e53803ed0ca4ae3a9737d214060005ea6f1783e287b3bee96e3a7288afe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f48fe4eae9ca1207e78283cd0b20ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e67d1d7232f17696294378ce716dacfc5e3e03cf7ab8e3902f1b0ff034ef655b253ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf02b98a269b891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efedfd71af9444e197f47e866101496f42355bc7872c827467cfa5c4e72730d56bd068ed211cf847535edecb7b373f78b095b68441a34cb51682a8ae4d24ad0465f7927f889b813076038e79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdcce04579b5561dc825ab829827945e020c1f67ee615f7084a607a7eceb6243378e0610060f02cca4051c2f001edb3d78fb4b55668dda93aec92a5de203717aa49c2d284acfabe262fccfcbb2b75a2183c4e15a7b6eb65ca8104e1b4da1fbb77ab2fc043aead87c32ab875ee7c2e7b7019c902cd3b43eaeb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e94265c803b35ee5f83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad948741b2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a483bf2aa74fc3357de50e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c1023bf70cc77737c3b42aae501b20f7694a00f16e2d0174035a2c22656dc29880acebdbe8ddbd75c2f998d8ac2dfad2ba3a504767b6b45a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73c497579773767075428067e7f16f4dde374f8211fef42cb468e623daf60b3569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40426db6fe29068c0ca3d3414442e863a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf46366e7205dd8d6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae44369ddb4581c55925d0f6f1ba471eba281f259152f85a654fb39ddff3b484439ff158e7c5419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a39973132f02768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaee5ee6cf1d0ab378dd4dd891e937c2ea5410e05130935e00785ec27e923911fab964c271556527697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9ddbfb96d6861aca47da73d6f3144345f48843dd014e5c5ad8fe995754bd9cf32fce1e7027132f2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6d594f88a4facfd4c735a20307c737afae5336651b1b9bd522d60399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a3766d5439020484f4113c4c859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee29165895ac4b008e595f437491d87abed02cefcd9db53d94d02dae17b118e5d6787463181f4b87c10772d2b13f7809959bc048850613d17ca51055f2f416a44fe180d2d50c312cca7cb14a2bdc331f57a9817139a206fc76d57227ffff2de20a4b8e3737fbb42913777c06376f799eba367e21f94ca598705f5dcb767d6f84fad6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b3110b932a4d02da711b757fe43c06d21e35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7f96093530e76692839d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc238a081ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7348663a52190202c7af288a4510de03dab19d26285eda89156d50dd385a60333ba5bbf5d77cd7007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00398e8bd1f4908b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cb0b3e35cb80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c60edddab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf652f406c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6528341b648cdd56fed7cdcbb1575912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae033a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a3cd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08758897fb411a94b3c2fc5d5f0db42c0456ec014508e5247d33ae6c962d35603ff8454c16f8342856935125102bb784ed714887071f3d998efdd9923c954ab6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee658e4cb5e930ed624806c43a006dc9336d07c2b8081c128ad2706f48261f7897084c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da3932ba5c04c24a560ad80a3ce654578376e599aff3565b1d531f30912b99e6619ebe93cc0b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c971d90195c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e6491953264d2700c838fa2c7b34252600c9654e502dcea39cb6bc3eb69992e234b4ca7db2f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe36d7d3e5db21b094b8b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1162dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1dfb1c68cc164b0a0780d971a96ea2c4d4ca0398c2235980a9307b3d5bd3b010a3ad0a5dbed2881a9700af561ac8c7e36bb2fc4c40e9cf96f06817fb903729a7db6ff957697c9ede7885d94ff1aa70826ad01a9b03c37b0969be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c148cd2f9c55f4901203a9a8a2c3e90f3943dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d0fc5a752f9000", 0x1000}}, 0x1006) 14:46:43 executing program 4: set_mempolicy(0x40000000004003, &(0x7f00000000c0)=0x8, 0xc2) openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/timer\x00', 0x0) [ 218.057161][ T8735] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.0'. [ 218.095531][ T2626] Bluetooth: hci2: command 0x0419 tx timeout 14:46:43 executing program 3: r0 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r0, 0x84, 0x6e, &(0x7f0000961fe4)=[@in={0x2, 0x0, @dev}], 0x10) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r0, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [0x0]}, &(0x7f000095dffc)=0x8) r2 = socket(0xa, 0x1, 0x0) close(r2) getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r0, 0x84, 0x66, &(0x7f0000000040)={r1}, &(0x7f0000000140)=0x8) sendmmsg$inet_sctp(r2, &(0x7f0000000bc0)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000080)=[@sndinfo={0x20, 0x84, 0x2, {0x0, 0x200}}], 0x20}], 0x1, 0x0) setsockopt$inet_sctp_SCTP_AUTH_DEACTIVATE_KEY(r2, 0x84, 0x23, &(0x7f00000001c0), 0x8) 14:46:43 executing program 0: open(&(0x7f0000000140)='./bus\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000700)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) write$P9_RLCREATE(0xffffffffffffffff, 0x0, 0x0) r0 = creat(&(0x7f0000000040)='./bus\x00', 0x0) fallocate(r0, 0x10, 0x0, 0x8020001) fdatasync(0xffffffffffffffff) creat(&(0x7f0000000040)='./bus\x00', 0x0) [ 218.419679][ T28] audit: type=1804 audit(1599749203.422:5): pid=8746 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir844479570/syzkaller.BBXZ1Y/11/bus" dev="sda1" ino=15817 res=1 errno=0 [ 218.425962][ T28] audit: type=1804 audit(1599749203.432:6): pid=8748 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir844479570/syzkaller.BBXZ1Y/11/bus" dev="sda1" ino=15817 res=1 errno=0 14:46:43 executing program 5: creat(&(0x7f00000001c0)='./file0\x00', 0x32) fanotify_init(0x0, 0x0) openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040)='/dev/rfkill\x00', 0x0, 0x0) r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) unshare(0x8000400) mq_open(&(0x7f0000000000)='-$\x00', 0x6e93ebbbcc0884ee, 0x0, 0x0) ioctl$int_in(r0, 0x800000c004500a, &(0x7f0000000300)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000240)={0x0, 0x0}) mq_getsetattr(0xffffffffffffffff, 0x0, 0x0) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r1+30000000}, 0x0) 14:46:43 executing program 4: r0 = bpf$MAP_CREATE(0x0, &(0x7f00000002c0)={0xb, 0x5, 0x209e20, 0x2, 0x1}, 0x40) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000000)) bpf$MAP_LOOKUP_ELEM(0x2, &(0x7f0000000040)={r0, &(0x7f0000000000), &(0x7f0000000440)=""/130}, 0x20) bpf$MAP_LOOKUP_ELEM(0x4, &(0x7f0000000200)={r0, &(0x7f00000000c0), &(0x7f0000000340)=""/203}, 0x20) 14:46:43 executing program 1: clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) setsockopt$IPT_SO_SET_REPLACE(r0, 0x4000000000000, 0x40, &(0x7f0000000540)=@raw={'raw\x00', 0x4001, 0x3, 0x4d8, 0x0, 0x0, 0x148, 0x360, 0x148, 0x440, 0x240, 0x240, 0x440, 0x240, 0x3, 0x0, {[{{@ip={@local, @empty, 0x0, 0x0, 'ip6gretap0\x00', 'team_slave_0\x00'}, 0x0, 0x2f8, 0x360, 0x0, {}, [@common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'lo\x00', {0x35, 0x2, 0x0, 0xf203, 0x0, 0x40000ec, 0x7}}}, @common=@unspec=@bpf1={{0x230, 'bpf\x00', 0x0}, @bytecode={0x2, 0x0, 0x0, [{0x0, 0x0, 0x0, 0x35}]}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, '\x00', 'syz0\x00'}}}, {{@uncond, 0x0, 0xc0, 0xe0, 0x0, {}, [@inet=@rpfilter={{0x28, 'rpfilter\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @unspec=@TRACE={0x20, 'TRACE\x00'}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x538) 14:46:43 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_RENAME(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)={0x28, 0x5, 0x6, 0x101, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}]}, 0x28}}, 0x0) [ 218.739083][ T8755] xt_bpf: check failed: parse error 14:46:43 executing program 0: clone3(&(0x7f0000000200)={0x40941100, &(0x7f0000000000), 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f00000001c0)=[0x0], 0x1}, 0x58) shmat(0x0, &(0x7f0000002000/0x1000)=nil, 0xd000) 14:46:43 executing program 4: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000580)={0x26, 'hash\x00', 0x0, 0x0, 'xcbc(anubis)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000200)="cb56b61a88aa6860dccc46f3b1f84265", 0x10) r1 = accept4(r0, 0x0, 0x0, 0x0) sendmmsg$sock(r1, &(0x7f0000000f80)=[{{0x0, 0xffffff8d, &(0x7f0000000300)=[{&(0x7f0000000140)='U', 0x20000141}], 0x1, 0x0, 0x0, 0x1a0}}], 0x4, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000040)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x11, r2, 0x0) [ 218.834789][ T8764] IPVS: ftp: loaded support on port[0] = 21 [ 218.979097][ T303] tipc: TX() has been purged, node left! [ 218.988504][ T8764] IPVS: ftp: loaded support on port[0] = 21 14:46:44 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f00000002c0)='/dev/sg#\x00', 0x0, 0x0) close(r0) 14:46:44 executing program 1: clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) setsockopt$IPT_SO_SET_REPLACE(r0, 0x4000000000000, 0x40, &(0x7f0000000540)=@raw={'raw\x00', 0x4001, 0x3, 0x4d8, 0x0, 0x0, 0x148, 0x360, 0x148, 0x440, 0x240, 0x240, 0x440, 0x240, 0x3, 0x0, {[{{@ip={@local, @empty, 0x0, 0x0, 'ip6gretap0\x00', 'team_slave_0\x00'}, 0x0, 0x2f8, 0x360, 0x0, {}, [@common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'lo\x00', {0x35, 0x2, 0x0, 0xf203, 0x0, 0x40000ec, 0x7}}}, @common=@unspec=@bpf1={{0x230, 'bpf\x00', 0x0}, @bytecode={0x2, 0x0, 0x0, [{0x0, 0x0, 0x0, 0x35}]}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, '\x00', 'syz0\x00'}}}, {{@uncond, 0x0, 0xc0, 0xe0, 0x0, {}, [@inet=@rpfilter={{0x28, 'rpfilter\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @unspec=@TRACE={0x20, 'TRACE\x00'}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x538) [ 219.341833][ T8820] xt_bpf: check failed: parse error 14:46:44 executing program 2: r0 = socket(0x15, 0x5, 0x0) getsockopt(r0, 0x200000000114, 0x2711, 0x0, &(0x7f0000000080)) 14:46:44 executing program 4: r0 = socket$unix(0x1, 0x5, 0x0) bind$unix(r0, &(0x7f0000000300)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) clone(0x40000000007fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = socket$alg(0x26, 0x5, 0x0) mount$9p_fd(0x0, &(0x7f0000000100)='\xe9\x1fq\x89Y\x1e\x923aK\x00', &(0x7f0000000000)='9p\x00', 0x0, &(0x7f0000000040)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) 14:46:44 executing program 3: r0 = openat$ptmx(0xffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x280040, 0x0) fdatasync(r0) 14:46:44 executing program 1: clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) dup(r1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x4000000000000, 0x40, &(0x7f0000000540)=@raw={'raw\x00', 0x4001, 0x3, 0x4d8, 0x0, 0x0, 0x148, 0x360, 0x148, 0x440, 0x240, 0x240, 0x440, 0x240, 0x3, 0x0, {[{{@ip={@local, @empty, 0x0, 0x0, 'ip6gretap0\x00', 'team_slave_0\x00'}, 0x0, 0x2f8, 0x360, 0x0, {}, [@common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'lo\x00', {0x35, 0x2, 0x0, 0xf203, 0x0, 0x40000ec, 0x7}}}, @common=@unspec=@bpf1={{0x230, 'bpf\x00', 0x0}, @bytecode={0x2, 0x0, 0x0, [{0x0, 0x0, 0x0, 0x35}]}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, '\x00', 'syz0\x00'}}}, {{@uncond, 0x0, 0xc0, 0xe0, 0x0, {}, [@inet=@rpfilter={{0x28, 'rpfilter\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @unspec=@TRACE={0x20, 'TRACE\x00'}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x538) 14:46:44 executing program 5: creat(&(0x7f00000001c0)='./file0\x00', 0x32) fanotify_init(0x0, 0x0) openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040)='/dev/rfkill\x00', 0x0, 0x0) r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) unshare(0x8000400) mq_open(&(0x7f0000000000)='-$\x00', 0x6e93ebbbcc0884ee, 0x0, 0x0) ioctl$int_in(r0, 0x800000c004500a, &(0x7f0000000300)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000240)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r1+30000000}, 0x0) 14:46:44 executing program 4: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) mount$bpf(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000019c0)='bpf\x00', 0x0, 0x0) mkdir(&(0x7f00000001c0)='./file0/file0\x00', 0x0) mount$bpf(0x0, &(0x7f00000002c0)='./file0\x00', 0x0, 0x100000, 0x0) mount$bpf(0x20000000, &(0x7f00000000c0)='./file0/file0\x00', 0x0, 0x2001040, 0x0) mount$bpf(0x20000000, &(0x7f0000000100)='./file0/file0/file0\x00', 0x0, 0xc50c4, 0x0) mount$bpf(0x20000000, &(0x7f0000000380)='./file0/file0/file0\x00', 0x0, 0x802000, 0x0) 14:46:44 executing program 3: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNISCRNMAP(r0, 0x4b6a, &(0x7f0000000080)) [ 219.685089][ T8847] xt_bpf: check failed: parse error 14:46:44 executing program 2: r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0) bind$bt_l2cap(r0, &(0x7f0000000000)={0x1f, 0xdb, @fixed}, 0xe) 14:46:47 executing program 0: set_mempolicy(0x2, &(0x7f0000000080)=0xfffffffffffffffe, 0x9) r0 = syz_open_dev$usbfs(&(0x7f0000000040)='/dev/bus/usb/00#/00#\x00', 0x4000000000000073, 0x68001) ioctl$USBDEVFS_CONTROL(r0, 0xc0105500, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0}) 14:46:47 executing program 4: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000080)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_hmac_sha512\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, 0x0, 0x0) 14:46:47 executing program 3: r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000340)='/dev/snd/seq\x00', 0x0) r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000340)='/dev/snd/seq\x00', 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r1, 0xc08c5332, &(0x7f0000000500)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_STATUS(r0, 0xc05c5340, &(0x7f0000000040)) 14:46:47 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_LAPIC(r2, 0x4040aea0, &(0x7f00000001c0)={"4fe85d80019d1e2c52cb4400b8f25ce19ec8dd293196ddebbdeaf9ccb2e956bdbf2ec7acda13515eba461bdd20992129dd42b0dea17b77d18408b953d47bb646049e77eba37407973a1c8cdf79060ffc30e5602b5014d4fb4b6c103a479e732388e4be4ed6f139bc873c46a1973893d87048dd4fc4b47677fcbda9460361f115f7fd09a9acf04c3841e34a32bbb44ae5842caa264fcbc05c263ccf806a205d437ac0aa8718bf9ccbf40108e270e77b8fb13b0ba0d5039acaf45fa85d558d2e20327114c69939e3eef12925f4d77a70d976c9fffb251755c4486289c0b14e8d703f11d162f5c591f1f1b652f8f064264a4cfd598b1a42ac51730d752d41705ee2a83d32d9c56cd400e36027e8bc5e86ee594f1a072535a6b0d044f12ddff85cf31fceb6405b2f6ff7c9e62706a50f129cb7003827216246695194dd634b8edaf60bc133ee7dea158f387259370c13610349d9107686c2f0fc8d09ea262114af446d5c89cc18dbca34f441f4d95202cd5ab1ec24579e94a620787f2162443529c97789f9d72a48fdfbc248bf0f255291c5ba2848f430b700e2d92463a96ec99b0fad18579cad08fa40f977810eeb030679e973e856b9b7266d88c7b47aeb949f82d7b23a9957d60222b637fd0e3a6c5f5349d12c520524f80fade6a9e6feeb1e0bd3887d29c7e34f6d37d5febe299275ae1d879a87c24d7a2f9e1fd50cff80e4a102e14b0090f46ff74e6acc4f046e3e8332717d6649844dbd1a689762708e2cb03121828923f93e7f6574838d456336067c35efb47062cb38c63794e62db8f66a4d413700cc16cbcd6740f7d2673e2bd19e1c9c9e1b3fcf02215790e9c7e429b1eba6591113a5ee43c7d10aa3187ef64e0c4b85ba62f6c6871eee0ea6c2a8bf8d897998ff6aeff36166945c41fc655e060b28679a53a21a82047b9c948bdb9896633113ec69384e3aff6503dcaf7dc5cbf40d44a7b1820345ad09b2c9ac5f268f5ea8c2be47f374aeaacf694cb27f6c10cbb502ff4ecd4effdf607e01702c815750537bd942515d3af2f719659b48d0a3377daeccf5874076a9075569df87d6f06fc80eb3465f196e31a60245f47a0f95dc0e8221032bbf6356f6c721dc338e71f4463717a02c733ee7405c6fdce167a279311ca7a079be87e2ef3535dbd2d375184e98e47a0254bcee182f854a53024268a6cc524378683fdadd6d3942c621d30ed1f5610bf040b363483f4d484ed2830005ad7f47b956bf87b9fee99b7572151cc28be0ead2ee906e46f5b4b5d545778dc2a1b962b15844f643f7a8cfd75b69c83e16e485693252f45db2a8a8eddee17073a799ae5a34db44ea8c25f15fc133277eda5c827bb6f787a1e305cb7abad87b83ff6053ee13ec2dcb32ae81dc49e499c48c2d484bc810489f6fa35301f13b7f9948ab914234365f56a1872e36577d"}) 14:46:47 executing program 1: clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) dup(r1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x4000000000000, 0x40, &(0x7f0000000540)=@raw={'raw\x00', 0x4001, 0x3, 0x4d8, 0x0, 0x0, 0x148, 0x360, 0x148, 0x440, 0x240, 0x240, 0x440, 0x240, 0x3, 0x0, {[{{@ip={@local, @empty, 0x0, 0x0, 'ip6gretap0\x00', 'team_slave_0\x00'}, 0x0, 0x2f8, 0x360, 0x0, {}, [@common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'lo\x00', {0x35, 0x2, 0x0, 0xf203, 0x0, 0x40000ec, 0x7}}}, @common=@unspec=@bpf1={{0x230, 'bpf\x00', 0x0}, @bytecode={0x2, 0x0, 0x0, [{0x0, 0x0, 0x0, 0x35}]}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, '\x00', 'syz0\x00'}}}, {{@uncond, 0x0, 0xc0, 0xe0, 0x0, {}, [@inet=@rpfilter={{0x28, 'rpfilter\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @unspec=@TRACE={0x20, 'TRACE\x00'}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x538) 14:46:47 executing program 5: creat(&(0x7f00000001c0)='./file0\x00', 0x32) fanotify_init(0x0, 0x0) openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040)='/dev/rfkill\x00', 0x0, 0x0) r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) unshare(0x8000400) mq_open(&(0x7f0000000000)='-$\x00', 0x6e93ebbbcc0884ee, 0x0, 0x0) ioctl$int_in(r0, 0x800000c004500a, &(0x7f0000000300)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000240)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r1+30000000}, 0x0) [ 222.565897][ T8874] xt_bpf: check failed: parse error 14:46:47 executing program 0: syz_mount_image$msdos(&(0x7f0000000040)='msdos\x00', &(0x7f00000003c0)='./file1\x00', 0x79d5, 0x1, &(0x7f0000000300)=[{&(0x7f0000000140)="040005090000000066617400040409000200027400f801", 0x17}], 0x0, &(0x7f0000000080)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') r0 = creat(&(0x7f0000000680)='./bus\x00', 0x0) ftruncate(r0, 0x800) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = fcntl$dupfd(r1, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) lseek(r0, 0x0, 0x2) r4 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0) r5 = open(&(0x7f0000000400)='./bus\x00', 0x14183e, 0x0) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x7ffffe, 0x11, r5, 0x0) write$P9_RLERROR(r5, &(0x7f0000000080)={0x9}, 0x9) sendfile(r0, r4, 0x0, 0x8400f7fffff8) 14:46:47 executing program 3: keyctl$update(0x2, 0x0, &(0x7f0000000240), 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) io_setup(0x2003, 0x0) openat$audio1(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/audio1\x00', 0x0, 0x0) io_submit(0x0, 0x0, 0x0) writev(0xffffffffffffffff, &(0x7f0000000040), 0x0) openat$pfkey(0xffffffffffffff9c, &(0x7f0000000300)='/proc/self/net/pfkey\x00', 0x0, 0x0) ioctl$TUNDETACHFILTER(0xffffffffffffffff, 0x401054d6, 0x0) setsockopt$IP_VS_SO_SET_STOPDAEMON(0xffffffffffffffff, 0x0, 0x48c, 0x0, 0x0) syz_open_procfs(0x0, 0x0) r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/snapshot\x00', 0x0, 0x0) connect$inet6(0xffffffffffffffff, 0x0, 0x0) sched_setscheduler(0x0, 0x0, &(0x7f0000000000)) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='cpuacct.usage_sys\x00', 0x275a, 0x0) ioctl$EXT4_IOC_ALLOC_DA_BLKS(0xffffffffffffffff, 0x660c) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, 0x0) close(r0) 14:46:47 executing program 2: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r3, 0xee00) r4 = socket$nl_route(0x10, 0x3, 0x0) splice(r0, 0x0, r4, 0x0, 0x7fffffff, 0x0) socket(0x0, 0x0, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)=@newlink={0x20, 0x10, 0x401}, 0x20}}, 0x0) r5 = socket$inet6(0xa, 0x2, 0x0) r6 = dup(r5) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200) write$binfmt_elf64(r1, &(0x7f0000000000)=ANY=[], 0xfffffd88) 14:46:47 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_CTHELPER_NEW(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000100)={0x24, 0x0, 0x9, 0x301, 0x0, 0x0, {}, [@NFCTH_NAME={0x9, 0x1, 'syz1\x00'}, @NFCTH_TUPLE={0x4}]}, 0x24}}, 0x0) [ 222.892929][ T28] audit: type=1804 audit(1599749207.893:7): pid=8894 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir844479570/syzkaller.BBXZ1Y/15/file1/bus" dev="loop0" ino=3 res=1 errno=0 [ 222.920350][ T8894] attempt to access beyond end of device [ 222.947230][ T28] audit: type=1804 audit(1599749207.893:8): pid=8894 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir844479570/syzkaller.BBXZ1Y/15/file1/bus" dev="loop0" ino=3 res=1 errno=0 [ 222.964943][ T8894] loop0: rw=2049, want=64, limit=60 14:46:48 executing program 4: mmap(&(0x7f0000abb000/0x2000)=nil, 0x2000, 0x0, 0x102000200032, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x8000000803, 0x0) setsockopt$sock_timeval(r0, 0x1, 0x2f, &(0x7f0000abaff9)={0x0, 0x2710}, 0x10) [ 223.039069][ T8894] Buffer I/O error on dev loop0, logical block 31, lost async page write 14:46:48 executing program 1: clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) dup(r1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x4000000000000, 0x40, &(0x7f0000000540)=@raw={'raw\x00', 0x4001, 0x3, 0x4d8, 0x0, 0x0, 0x148, 0x360, 0x148, 0x440, 0x240, 0x240, 0x440, 0x240, 0x3, 0x0, {[{{@ip={@local, @empty, 0x0, 0x0, 'ip6gretap0\x00', 'team_slave_0\x00'}, 0x0, 0x2f8, 0x360, 0x0, {}, [@common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'lo\x00', {0x35, 0x2, 0x0, 0xf203, 0x0, 0x40000ec, 0x7}}}, @common=@unspec=@bpf1={{0x230, 'bpf\x00', 0x0}, @bytecode={0x2, 0x0, 0x0, [{0x0, 0x0, 0x0, 0x35}]}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, '\x00', 'syz0\x00'}}}, {{@uncond, 0x0, 0xc0, 0xe0, 0x0, {}, [@inet=@rpfilter={{0x28, 'rpfilter\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @unspec=@TRACE={0x20, 'TRACE\x00'}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x538) 14:46:48 executing program 3: keyctl$update(0x2, 0x0, &(0x7f0000000240), 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) io_setup(0x2003, 0x0) openat$audio1(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/audio1\x00', 0x0, 0x0) io_submit(0x0, 0x0, 0x0) writev(0xffffffffffffffff, &(0x7f0000000040), 0x0) openat$pfkey(0xffffffffffffff9c, &(0x7f0000000300)='/proc/self/net/pfkey\x00', 0x0, 0x0) ioctl$TUNDETACHFILTER(0xffffffffffffffff, 0x401054d6, 0x0) setsockopt$IP_VS_SO_SET_STOPDAEMON(0xffffffffffffffff, 0x0, 0x48c, 0x0, 0x0) syz_open_procfs(0x0, 0x0) r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/snapshot\x00', 0x0, 0x0) connect$inet6(0xffffffffffffffff, 0x0, 0x0) sched_setscheduler(0x0, 0x0, &(0x7f0000000000)) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='cpuacct.usage_sys\x00', 0x275a, 0x0) ioctl$EXT4_IOC_ALLOC_DA_BLKS(0xffffffffffffffff, 0x660c) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, 0x0) close(r0) [ 223.076423][ T28] audit: type=1804 audit(1599749207.893:9): pid=8894 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir844479570/syzkaller.BBXZ1Y/15/file1/bus" dev="loop0" ino=3 res=1 errno=0 [ 223.109972][ T8894] attempt to access beyond end of device [ 223.132826][ T8894] loop0: rw=2049, want=66, limit=60 [ 223.148729][ T8894] Buffer I/O error on dev loop0, logical block 32, lost async page write [ 223.192836][ T8894] attempt to access beyond end of device [ 223.209758][ T8894] loop0: rw=2049, want=64, limit=60 14:46:48 executing program 4: mmap(&(0x7f0000abb000/0x2000)=nil, 0x2000, 0x0, 0x102000200032, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x8000000803, 0x0) setsockopt$sock_timeval(r0, 0x1, 0x2f, &(0x7f0000abaff9)={0x0, 0x2710}, 0x10) [ 223.234261][ T8916] xt_bpf: check failed: parse error [ 223.239567][ T8894] Buffer I/O error on dev loop0, logical block 31, lost async page write [ 223.282556][ T8894] attempt to access beyond end of device [ 223.323689][ T8894] loop0: rw=2049, want=66, limit=60 [ 223.363046][ T8894] Buffer I/O error on dev loop0, logical block 32, lost async page write 14:46:48 executing program 4: mmap(&(0x7f0000abb000/0x2000)=nil, 0x2000, 0x0, 0x102000200032, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x8000000803, 0x0) setsockopt$sock_timeval(r0, 0x1, 0x2f, &(0x7f0000abaff9)={0x0, 0x2710}, 0x10) 14:46:48 executing program 0: syz_mount_image$msdos(&(0x7f0000000040)='msdos\x00', &(0x7f00000003c0)='./file1\x00', 0x79d5, 0x1, &(0x7f0000000300)=[{&(0x7f0000000140)="040005090000000066617400040409000200027400f801", 0x17}], 0x0, &(0x7f0000000080)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') r0 = creat(&(0x7f0000000680)='./bus\x00', 0x0) ftruncate(r0, 0x800) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = fcntl$dupfd(r1, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) lseek(r0, 0x0, 0x2) r4 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0) r5 = open(&(0x7f0000000400)='./bus\x00', 0x14183e, 0x0) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x7ffffe, 0x11, r5, 0x0) write$P9_RLERROR(r5, &(0x7f0000000080)={0x9}, 0x9) sendfile(r0, r4, 0x0, 0x8400f7fffff8) 14:46:48 executing program 3: set_mempolicy(0x1, &(0x7f0000000000)=0x2, 0x68d) r0 = fanotify_init(0x0, 0x0) r1 = open(&(0x7f0000000040)='.\x00', 0x0, 0x0) fanotify_mark(r0, 0x9, 0x48000020, r1, 0x0) open(&(0x7f0000000040)='.\x00', 0x0, 0x0) 14:46:48 executing program 5: creat(&(0x7f00000001c0)='./file0\x00', 0x32) fanotify_init(0x0, 0x0) openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040)='/dev/rfkill\x00', 0x0, 0x0) r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) unshare(0x8000400) mq_open(&(0x7f0000000000)='-$\x00', 0x6e93ebbbcc0884ee, 0x0, 0x0) ioctl$int_in(r0, 0x800000c004500a, &(0x7f0000000300)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000240)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r1+30000000}, 0x0) 14:46:48 executing program 4: mmap(&(0x7f0000abb000/0x2000)=nil, 0x2000, 0x0, 0x102000200032, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x8000000803, 0x0) setsockopt$sock_timeval(r0, 0x1, 0x2f, &(0x7f0000abaff9)={0x0, 0x2710}, 0x10) [ 223.660720][ T28] audit: type=1804 audit(1599749208.663:10): pid=8927 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir844479570/syzkaller.BBXZ1Y/16/file1/bus" dev="loop0" ino=4 res=1 errno=0 [ 223.665743][ T8927] attempt to access beyond end of device [ 223.698737][ T8927] loop0: rw=2049, want=64, limit=60 14:46:48 executing program 1: clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) socket$inet_icmp_raw(0x2, 0x3, 0x1) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) setsockopt$IPT_SO_SET_REPLACE(r0, 0x4000000000000, 0x40, &(0x7f0000000540)=@raw={'raw\x00', 0x4001, 0x3, 0x4d8, 0x0, 0x0, 0x148, 0x360, 0x148, 0x440, 0x240, 0x240, 0x440, 0x240, 0x3, 0x0, {[{{@ip={@local, @empty, 0x0, 0x0, 'ip6gretap0\x00', 'team_slave_0\x00'}, 0x0, 0x2f8, 0x360, 0x0, {}, [@common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'lo\x00', {0x35, 0x2, 0x0, 0xf203, 0x0, 0x40000ec, 0x7}}}, @common=@unspec=@bpf1={{0x230, 'bpf\x00', 0x0}, @bytecode={0x2, 0x0, 0x0, [{0x0, 0x0, 0x0, 0x35}]}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, '\x00', 'syz0\x00'}}}, {{@uncond, 0x0, 0xc0, 0xe0, 0x0, {}, [@inet=@rpfilter={{0x28, 'rpfilter\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @unspec=@TRACE={0x20, 'TRACE\x00'}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x538) [ 223.705983][ T8927] Buffer I/O error on dev loop0, logical block 31, lost async page write [ 223.721262][ T8927] attempt to access beyond end of device [ 223.738913][ T8927] loop0: rw=2049, want=66, limit=60 14:46:48 executing program 2: sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000e68000)={0x2, 0x0, @loopback}, 0x10) move_pages(0x0, 0x2, &(0x7f0000000040)=[&(0x7f0000ffb000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil], &(0x7f0000000180)=[0x1, 0xffffffe1], 0x0, 0x0) 14:46:48 executing program 3: set_mempolicy(0x3, &(0x7f0000000040)=0x35e, 0xb) r0 = syz_open_dev$dri(&(0x7f0000000080)='/dev/dri/card#\x00', 0x0, 0x0) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r0, 0xc02064b2, &(0x7f0000000100)={0x2, 0xb48, 0x7}) r1 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r2 = openat$ion(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r2, 0xc0184900, &(0x7f0000000040)={0x5, 0x1b, 0x0, 0xffffffffffffffff}) r4 = dup(r3) ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f0000000080)={0x0, 0x0, r4}) ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r0, 0xc00c642d, &(0x7f00000000c0)={r5}) [ 223.762686][ T8927] Buffer I/O error on dev loop0, logical block 32, lost async page write [ 223.763771][ T8941] xt_bpf: check failed: parse error [ 223.792027][ T28] audit: type=1804 audit(1599749208.663:11): pid=8927 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir844479570/syzkaller.BBXZ1Y/16/file1/bus" dev="loop0" ino=4 res=1 errno=0 14:46:48 executing program 4: mmap(&(0x7f0000abb000/0x2000)=nil, 0x2000, 0x0, 0x102000200032, 0xffffffffffffffff, 0x0) setsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x2f, &(0x7f0000abaff9)={0x0, 0x2710}, 0x10) [ 223.902339][ T28] audit: type=1804 audit(1599749208.663:12): pid=8927 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir844479570/syzkaller.BBXZ1Y/16/file1/bus" dev="loop0" ino=4 res=1 errno=0 14:46:48 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=@newtaction={0x6c, 0x30, 0x1, 0x0, 0x0, {}, [{0x58, 0x1, [@m_mpls={0x54, 0x1, 0x0, 0x0, {{0x9, 0x1, 'mpls\x00'}, {0x3, 0x2, 0x0, 0x1, [@TCA_MPLS_TC={0x5}, @TCA_MPLS_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x6c}}, 0x0) 14:46:49 executing program 0: syz_mount_image$msdos(&(0x7f0000000040)='msdos\x00', &(0x7f00000003c0)='./file1\x00', 0x79d5, 0x1, &(0x7f0000000300)=[{&(0x7f0000000140)="040005090000000066617400040409000200027400f801", 0x17}], 0x0, &(0x7f0000000080)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') r0 = creat(&(0x7f0000000680)='./bus\x00', 0x0) ftruncate(r0, 0x800) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = fcntl$dupfd(r1, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) lseek(r0, 0x0, 0x2) r4 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0) r5 = open(&(0x7f0000000400)='./bus\x00', 0x14183e, 0x0) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x7ffffe, 0x11, r5, 0x0) write$P9_RLERROR(r5, &(0x7f0000000080)={0x9}, 0x9) sendfile(r0, r4, 0x0, 0x8400f7fffff8) 14:46:49 executing program 4: mmap(&(0x7f0000abb000/0x2000)=nil, 0x2000, 0x0, 0x102000200032, 0xffffffffffffffff, 0x0) setsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x2f, &(0x7f0000abaff9)={0x0, 0x2710}, 0x10) [ 223.996920][ T303] attempt to access beyond end of device [ 224.003961][ T303] loop0: rw=1, want=68, limit=60 [ 224.026606][ T303] Buffer I/O error on dev loop0, logical block 33, lost async page write 14:46:49 executing program 2: r0 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r0, 0x84, 0x6e, &(0x7f00000000c0)=[@in={0x2, 0x0, @dev}], 0x10) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r0, 0x84, 0x1d, &(0x7f000095dff8)=ANY=[@ANYBLOB="c49c4432", @ANYRES32=0x0], &(0x7f000095dffc)=0x8) r2 = socket(0xa, 0x1, 0x0) close(r2) getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r0, 0x84, 0x66, &(0x7f0000000040)={r1}, &(0x7f0000000140)=0x8) sendmmsg$inet_sctp(r2, &(0x7f0000000bc0)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="300000000000000084000000010000000000000004"], 0x30}], 0x1, 0x0) getsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(r2, 0x84, 0x70, &(0x7f0000000080), &(0x7f0000000100)=0xc) [ 224.048861][ T303] attempt to access beyond end of device [ 224.068958][ T303] loop0: rw=1, want=70, limit=60 [ 224.078343][ T8952] netlink: 68 bytes leftover after parsing attributes in process `syz-executor.3'. [ 224.095382][ T303] Buffer I/O error on dev loop0, logical block 34, lost async page write 14:46:49 executing program 1: clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) socket$inet_icmp_raw(0x2, 0x3, 0x1) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) setsockopt$IPT_SO_SET_REPLACE(r0, 0x4000000000000, 0x40, &(0x7f0000000540)=@raw={'raw\x00', 0x4001, 0x3, 0x4d8, 0x0, 0x0, 0x148, 0x360, 0x148, 0x440, 0x240, 0x240, 0x440, 0x240, 0x3, 0x0, {[{{@ip={@local, @empty, 0x0, 0x0, 'ip6gretap0\x00', 'team_slave_0\x00'}, 0x0, 0x2f8, 0x360, 0x0, {}, [@common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'lo\x00', {0x35, 0x2, 0x0, 0xf203, 0x0, 0x40000ec, 0x7}}}, @common=@unspec=@bpf1={{0x230, 'bpf\x00', 0x0}, @bytecode={0x2, 0x0, 0x0, [{0x0, 0x0, 0x0, 0x35}]}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, '\x00', 'syz0\x00'}}}, {{@uncond, 0x0, 0xc0, 0xe0, 0x0, {}, [@inet=@rpfilter={{0x28, 'rpfilter\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @unspec=@TRACE={0x20, 'TRACE\x00'}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x538) 14:46:49 executing program 4: mmap(&(0x7f0000abb000/0x2000)=nil, 0x2000, 0x0, 0x102000200032, 0xffffffffffffffff, 0x0) setsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x2f, &(0x7f0000abaff9)={0x0, 0x2710}, 0x10) [ 224.130621][ T303] attempt to access beyond end of device [ 224.158205][ T303] loop0: rw=1, want=230, limit=60 [ 224.251773][ T8962] xt_bpf: check failed: parse error [ 224.316751][ T28] audit: type=1804 audit(1599749209.323:13): pid=8966 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir844479570/syzkaller.BBXZ1Y/17/file1/bus" dev="loop0" ino=5 res=1 errno=0 [ 224.347069][ T8966] attempt to access beyond end of device [ 224.352732][ T8966] loop0: rw=2049, want=64, limit=60 [ 224.360724][ T8966] Buffer I/O error on dev loop0, logical block 31, lost async page write [ 224.371719][ T8966] attempt to access beyond end of device [ 224.379294][ T28] audit: type=1804 audit(1599749209.343:14): pid=8966 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir844479570/syzkaller.BBXZ1Y/17/file1/bus" dev="loop0" ino=5 res=1 errno=0 [ 224.408194][ T8966] loop0: rw=2049, want=66, limit=60 [ 224.431913][ T8966] Buffer I/O error on dev loop0, logical block 32, lost async page write [ 224.474197][ T28] audit: type=1804 audit(1599749209.353:15): pid=8966 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir844479570/syzkaller.BBXZ1Y/17/file1/bus" dev="loop0" ino=5 res=1 errno=0 [ 224.510551][ T7] attempt to access beyond end of device [ 224.516687][ T7] loop0: rw=1, want=68, limit=60 14:46:49 executing program 5: creat(&(0x7f00000001c0)='./file0\x00', 0x32) fanotify_init(0x0, 0x0) openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040)='/dev/rfkill\x00', 0x0, 0x0) r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) unshare(0x8000400) mq_open(&(0x7f0000000000)='-$\x00', 0x6e93ebbbcc0884ee, 0x0, 0x0) ioctl$int_in(r0, 0x800000c004500a, &(0x7f0000000300)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mq_getsetattr(0xffffffffffffffff, 0x0, 0x0) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200), 0x0) 14:46:49 executing program 3: syz_mount_image$msdos(&(0x7f0000000040)='msdos\x00', &(0x7f00000003c0)='./file1\x00', 0xffffffff, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0400050900000000666174000404090a0200027400f801", 0x17}], 0x0, &(0x7f00000004c0)=ANY=[]) r0 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0}, &(0x7f0000000280)=0x5) setuid(r1) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000140)={0x0, 0x0}, &(0x7f0000000180)=0xc) chown(&(0x7f0000000100)='./file1\x00', r2, 0x0) 14:46:49 executing program 4: r0 = socket(0x10, 0x8000000803, 0x0) setsockopt$sock_timeval(r0, 0x1, 0x2f, &(0x7f0000abaff9)={0x0, 0x2710}, 0x10) 14:46:49 executing program 1: clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) socket$inet_icmp_raw(0x2, 0x3, 0x1) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) setsockopt$IPT_SO_SET_REPLACE(r0, 0x4000000000000, 0x40, &(0x7f0000000540)=@raw={'raw\x00', 0x4001, 0x3, 0x4d8, 0x0, 0x0, 0x148, 0x360, 0x148, 0x440, 0x240, 0x240, 0x440, 0x240, 0x3, 0x0, {[{{@ip={@local, @empty, 0x0, 0x0, 'ip6gretap0\x00', 'team_slave_0\x00'}, 0x0, 0x2f8, 0x360, 0x0, {}, [@common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'lo\x00', {0x35, 0x2, 0x0, 0xf203, 0x0, 0x40000ec, 0x7}}}, @common=@unspec=@bpf1={{0x230, 'bpf\x00', 0x0}, @bytecode={0x2, 0x0, 0x0, [{0x0, 0x0, 0x0, 0x35}]}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, '\x00', 'syz0\x00'}}}, {{@uncond, 0x0, 0xc0, 0xe0, 0x0, {}, [@inet=@rpfilter={{0x28, 'rpfilter\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @unspec=@TRACE={0x20, 'TRACE\x00'}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x538) 14:46:49 executing program 0: syz_mount_image$msdos(&(0x7f0000000040)='msdos\x00', &(0x7f00000003c0)='./file1\x00', 0x79d5, 0x1, &(0x7f0000000300)=[{&(0x7f0000000140)="040005090000000066617400040409000200027400f801", 0x17}], 0x0, &(0x7f0000000080)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') r0 = creat(&(0x7f0000000680)='./bus\x00', 0x0) ftruncate(r0, 0x800) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = fcntl$dupfd(r1, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) lseek(r0, 0x0, 0x2) r4 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0) r5 = open(&(0x7f0000000400)='./bus\x00', 0x14183e, 0x0) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x7ffffe, 0x11, r5, 0x0) write$P9_RLERROR(r5, &(0x7f0000000080)={0x9}, 0x9) sendfile(r0, r4, 0x0, 0x8400f7fffff8) [ 224.534293][ T7] attempt to access beyond end of device [ 224.542325][ T7] loop0: rw=1, want=70, limit=60 [ 224.567028][ T7] attempt to access beyond end of device [ 224.575836][ T7] loop0: rw=1, want=230, limit=60 [ 224.605165][ T8976] xt_bpf: check failed: parse error 14:46:49 executing program 1: clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) setsockopt$IPT_SO_SET_REPLACE(r0, 0x4000000000000, 0x40, &(0x7f0000000540)=@raw={'raw\x00', 0x4001, 0x3, 0x4d8, 0x0, 0x0, 0x148, 0x360, 0x148, 0x440, 0x240, 0x240, 0x440, 0x240, 0x3, 0x0, {[{{@ip={@local, @empty, 0x0, 0x0, 'ip6gretap0\x00', 'team_slave_0\x00'}, 0x0, 0x2f8, 0x360, 0x0, {}, [@common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'lo\x00', {0x35, 0x2, 0x0, 0xf203, 0x0, 0x40000ec, 0x7}}}, @common=@unspec=@bpf1={{0x230, 'bpf\x00', 0x0}, @bytecode={0x2, 0x0, 0x0, [{0x0, 0x0, 0x0, 0x35}]}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, '\x00', 'syz0\x00'}}}, {{@uncond, 0x0, 0xc0, 0xe0, 0x0, {}, [@inet=@rpfilter={{0x28, 'rpfilter\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @unspec=@TRACE={0x20, 'TRACE\x00'}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x538) 14:46:49 executing program 4: r0 = socket(0x10, 0x8000000803, 0x0) setsockopt$sock_timeval(r0, 0x1, 0x2f, &(0x7f0000abaff9)={0x0, 0x2710}, 0x10) [ 224.825165][ T28] audit: type=1804 audit(1599749209.833:16): pid=8984 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir844479570/syzkaller.BBXZ1Y/18/file1/bus" dev="loop0" ino=6 res=1 errno=0 [ 224.856927][ T8984] attempt to access beyond end of device 14:46:49 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @ext={0x134, &(0x7f00000001c0)="c4c691019919da078a0098d1e0a593b040f762910000000000000022addee07bee0e6333b5cacd893169b618322ff6602022511253508b5a4496728c2a46e1bc340e29b9ab9b7136283e350808ffdb2dc4a7410b23e405cc30094b1adacdcfac32957dc8bb44e203c4b1bc83b6e68fcb229b4b0764a6cf395689c0666688ff99f911f4ca43266fe5a2fad72b0cd3e8bd3e1a0cad036b7f1f9cd1c094f7e71b63bfb2362e10597be447b5540635ab1f99223112d37d4b50559d17d07d3a4d2a7697adbe3ec13d09639eff36911d7060956992cf42b82ca60996d0394d2a4ffe8646a93ccb72170b1df0e7aa6c62d4e8caa6c8db8e3dcacda60301c4b254fab0be4d83a0269eea22ea8f1f086ad4b837e2768c1f61b15527fbe76584c42a851c866f89cf1e2f74da032788ea5fc41ddd1e5d3ccc3d"}}], 0x1c) wait4(0x0, 0x0, 0x80000000, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)}, {&(0x7f0000000000)="0832f497d38350418e4bb321019511dc5df26e9a0b7ecb6974f527cc14538d1efb1ffe03284f6d33265be9c604b293f20e96beeb2aa4c457ac37a3a3f1ce8682500fcecd80", 0x45}], 0x2, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x17) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) r1 = gettid() tkill(r1, 0x40) [ 224.883851][ T8984] loop0: rw=2049, want=64, limit=60 [ 224.900959][ T8990] xt_bpf: check failed: parse error [ 224.923250][ T8984] attempt to access beyond end of device [ 224.967624][ T8984] loop0: rw=2049, want=66, limit=60 14:46:50 executing program 5: creat(&(0x7f00000001c0)='./file0\x00', 0x32) fanotify_init(0x0, 0x0) openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040)='/dev/rfkill\x00', 0x0, 0x0) r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) unshare(0x8000400) mq_open(&(0x7f0000000000)='-$\x00', 0x6e93ebbbcc0884ee, 0x0, 0x0) ioctl$int_in(r0, 0x800000c004500a, &(0x7f0000000300)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mq_getsetattr(0xffffffffffffffff, 0x0, 0x0) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200), 0x0) 14:46:50 executing program 2: ioperm(0x0, 0xc6, 0xa371) rt_sigtimedwait(&(0x7f0000001980), 0x0, &(0x7f0000001a40)={0x0, 0x989680}, 0x8) 14:46:50 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @ext={0x134, &(0x7f00000001c0)="c4c691019919da078a0098d1e0a593b040f762910000000000000022addee07bee0e6333b5cacd893169b618322ff6602022511253508b5a4496728c2a46e1bc340e29b9ab9b7136283e350808ffdb2dc4a7410b23e405cc30094b1adacdcfac32957dc8bb44e203c4b1bc83b6e68fcb229b4b0764a6cf395689c0666688ff99f911f4ca43266fe5a2fad72b0cd3e8bd3e1a0cad036b7f1f9cd1c094f7e71b63bfb2362e10597be447b5540635ab1f99223112d37d4b50559d17d07d3a4d2a7697adbe3ec13d09639eff36911d7060956992cf42b82ca60996d0394d2a4ffe8646a93ccb72170b1df0e7aa6c62d4e8caa6c8db8e3dcacda60301c4b254fab0be4d83a0269eea22ea8f1f086ad4b837e2768c1f61b15527fbe76584c42a851c866f89cf1e2f74da032788ea5fc41ddd1e5d3ccc3d"}}], 0x1c) wait4(0x0, 0x0, 0x80000000, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)}, {&(0x7f0000000000)="0832f497d38350418e4bb321019511dc5df26e9a0b7ecb6974f527cc14538d1efb1ffe03284f6d33265be9c604b293f20e96beeb2aa4c457ac37a3a3f1ce8682500fcecd80", 0x45}], 0x2, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x17) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) r1 = gettid() tkill(r1, 0x40) 14:46:50 executing program 4: r0 = socket(0x10, 0x8000000803, 0x0) setsockopt$sock_timeval(r0, 0x1, 0x2f, &(0x7f0000abaff9)={0x0, 0x2710}, 0x10) 14:46:50 executing program 0: syz_mount_image$msdos(&(0x7f0000000040)='msdos\x00', &(0x7f00000003c0)='./file1\x00', 0x79d5, 0x1, &(0x7f0000000300)=[{&(0x7f0000000140)="040005090000000066617400040409000200027400f801", 0x17}], 0x0, &(0x7f0000000080)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') r0 = creat(&(0x7f0000000680)='./bus\x00', 0x0) ftruncate(r0, 0x800) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = fcntl$dupfd(r1, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) lseek(r0, 0x0, 0x2) r4 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0) r5 = open(&(0x7f0000000400)='./bus\x00', 0x14183e, 0x0) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x7ffffe, 0x11, r5, 0x0) sendfile(r0, r4, 0x0, 0x8400f7fffff8) [ 225.117465][ T303] attempt to access beyond end of device [ 225.123141][ T303] loop0: rw=1, want=68, limit=60 14:46:50 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @ext={0x134, &(0x7f00000001c0)="c4c691019919da078a0098d1e0a593b040f762910000000000000022addee07bee0e6333b5cacd893169b618322ff6602022511253508b5a4496728c2a46e1bc340e29b9ab9b7136283e350808ffdb2dc4a7410b23e405cc30094b1adacdcfac32957dc8bb44e203c4b1bc83b6e68fcb229b4b0764a6cf395689c0666688ff99f911f4ca43266fe5a2fad72b0cd3e8bd3e1a0cad036b7f1f9cd1c094f7e71b63bfb2362e10597be447b5540635ab1f99223112d37d4b50559d17d07d3a4d2a7697adbe3ec13d09639eff36911d7060956992cf42b82ca60996d0394d2a4ffe8646a93ccb72170b1df0e7aa6c62d4e8caa6c8db8e3dcacda60301c4b254fab0be4d83a0269eea22ea8f1f086ad4b837e2768c1f61b15527fbe76584c42a851c866f89cf1e2f74da032788ea5fc41ddd1e5d3ccc3d"}}], 0x1c) wait4(0x0, 0x0, 0x80000000, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)}, {&(0x7f0000000000)="0832f497d38350418e4bb321019511dc5df26e9a0b7ecb6974f527cc14538d1efb1ffe03284f6d33265be9c604b293f20e96beeb2aa4c457ac37a3a3f1ce8682500fcecd80", 0x45}], 0x2, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x17) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) r1 = gettid() tkill(r1, 0x40) [ 225.160988][ T303] attempt to access beyond end of device [ 225.187528][ T303] loop0: rw=1, want=70, limit=60 14:46:50 executing program 4: mmap(&(0x7f0000abb000/0x2000)=nil, 0x2000, 0x0, 0x10, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x8000000803, 0x0) setsockopt$sock_timeval(r0, 0x1, 0x2f, &(0x7f0000abaff9)={0x0, 0x2710}, 0x10) [ 225.211003][ T303] attempt to access beyond end of device [ 225.240566][ T303] loop0: rw=1, want=230, limit=60 14:46:50 executing program 2: r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000040)="2e00000010008108040f80ecdb4cb92e0a480e0a10000000e8bd6efb250009000e000100400000ff050005001201", 0x2e}], 0x1}, 0x0) r1 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000180)="2e00000010008108040f80ecdb4cb92e0a480e0a10000000e3bd6efb250009000e00030040fe00ff050005001201", 0x2e}], 0x1, 0x0, 0x0, 0xf000}, 0x0) 14:46:50 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @ext={0x134, &(0x7f00000001c0)="c4c691019919da078a0098d1e0a593b040f762910000000000000022addee07bee0e6333b5cacd893169b618322ff6602022511253508b5a4496728c2a46e1bc340e29b9ab9b7136283e350808ffdb2dc4a7410b23e405cc30094b1adacdcfac32957dc8bb44e203c4b1bc83b6e68fcb229b4b0764a6cf395689c0666688ff99f911f4ca43266fe5a2fad72b0cd3e8bd3e1a0cad036b7f1f9cd1c094f7e71b63bfb2362e10597be447b5540635ab1f99223112d37d4b50559d17d07d3a4d2a7697adbe3ec13d09639eff36911d7060956992cf42b82ca60996d0394d2a4ffe8646a93ccb72170b1df0e7aa6c62d4e8caa6c8db8e3dcacda60301c4b254fab0be4d83a0269eea22ea8f1f086ad4b837e2768c1f61b15527fbe76584c42a851c866f89cf1e2f74da032788ea5fc41ddd1e5d3ccc3d"}}], 0x1c) wait4(0x0, 0x0, 0x80000000, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)}, {&(0x7f0000000000)="0832f497d38350418e4bb321019511dc5df26e9a0b7ecb6974f527cc14538d1efb1ffe03284f6d33265be9c604b293f20e96beeb2aa4c457ac37a3a3f1ce8682500fcecd80", 0x45}], 0x2, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x17) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) r1 = gettid() tkill(r1, 0x40) 14:46:50 executing program 1: clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) setsockopt$IPT_SO_SET_REPLACE(r0, 0x4000000000000, 0x40, &(0x7f0000000540)=@raw={'raw\x00', 0x4001, 0x3, 0x4d8, 0x0, 0x0, 0x148, 0x360, 0x148, 0x440, 0x240, 0x240, 0x440, 0x240, 0x3, 0x0, {[{{@ip={@local, @empty, 0x0, 0x0, 'ip6gretap0\x00', 'team_slave_0\x00'}, 0x0, 0x2f8, 0x360, 0x0, {}, [@common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'lo\x00', {0x35, 0x2, 0x0, 0xf203, 0x0, 0x40000ec, 0x7}}}, @common=@unspec=@bpf1={{0x230, 'bpf\x00', 0x0}, @bytecode={0x2, 0x0, 0x0, [{0x0, 0x0, 0x0, 0x35}]}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, '\x00', 'syz0\x00'}}}, {{@uncond, 0x0, 0xc0, 0xe0, 0x0, {}, [@inet=@rpfilter={{0x28, 'rpfilter\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @unspec=@TRACE={0x20, 'TRACE\x00'}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x538) 14:46:50 executing program 4: mmap(&(0x7f0000abb000/0x2000)=nil, 0x2000, 0x0, 0x10, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x8000000803, 0x0) setsockopt$sock_timeval(r0, 0x1, 0x2f, &(0x7f0000abaff9)={0x0, 0x2710}, 0x10) 14:46:50 executing program 3: socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f00000002c0)='./file0\x00', 0x0, 0x218c32, 0x0) pivot_root(0x0, &(0x7f0000000080)='./file0\x00') writev(0xffffffffffffffff, 0x0, 0x0) add_key$keyring(&(0x7f00000004c0)='keyring\x00', 0x0, 0x0, 0x0, 0xfffffffffffffffe) [ 225.762017][ T9033] xt_bpf: check failed: parse error 14:46:50 executing program 5: creat(&(0x7f00000001c0)='./file0\x00', 0x32) fanotify_init(0x0, 0x0) openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040)='/dev/rfkill\x00', 0x0, 0x0) r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) unshare(0x8000400) mq_open(&(0x7f0000000000)='-$\x00', 0x6e93ebbbcc0884ee, 0x0, 0x0) ioctl$int_in(r0, 0x800000c004500a, &(0x7f0000000300)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mq_getsetattr(0xffffffffffffffff, 0x0, 0x0) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200), 0x0) 14:46:50 executing program 4: mmap(&(0x7f0000abb000/0x2000)=nil, 0x2000, 0x0, 0x10, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x8000000803, 0x0) setsockopt$sock_timeval(r0, 0x1, 0x2f, &(0x7f0000abaff9)={0x0, 0x2710}, 0x10) 14:46:51 executing program 4: mmap(&(0x7f0000abb000/0x2000)=nil, 0x2000, 0x0, 0x102000200032, 0xffffffffffffffff, 0x0) r0 = socket(0x0, 0x8000000803, 0x0) setsockopt$sock_timeval(r0, 0x1, 0x2f, &(0x7f0000abaff9)={0x0, 0x2710}, 0x10) [ 226.187779][ T9024] @þ: renamed from team0 [ 226.225770][ T9024] 8021q: adding VLAN 0 to HW filter on device @þ 14:46:51 executing program 0: syz_mount_image$msdos(&(0x7f0000000040)='msdos\x00', &(0x7f00000003c0)='./file1\x00', 0x79d5, 0x1, &(0x7f0000000300)=[{&(0x7f0000000140)="040005090000000066617400040409000200027400f801", 0x17}], 0x0, &(0x7f0000000080)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') r0 = creat(&(0x7f0000000680)='./bus\x00', 0x0) ftruncate(r0, 0x800) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = fcntl$dupfd(r1, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) lseek(r0, 0x0, 0x2) r4 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0) r5 = open(&(0x7f0000000400)='./bus\x00', 0x14183e, 0x0) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x7ffffe, 0x11, r5, 0x0) sendfile(r0, r4, 0x0, 0x8400f7fffff8) 14:46:51 executing program 1: clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) setsockopt$IPT_SO_SET_REPLACE(r0, 0x4000000000000, 0x40, &(0x7f0000000540)=@raw={'raw\x00', 0x4001, 0x3, 0x4d8, 0x0, 0x0, 0x148, 0x360, 0x148, 0x440, 0x240, 0x240, 0x440, 0x240, 0x3, 0x0, {[{{@ip={@local, @empty, 0x0, 0x0, 'ip6gretap0\x00', 'team_slave_0\x00'}, 0x0, 0x2f8, 0x360, 0x0, {}, [@common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'lo\x00', {0x35, 0x2, 0x0, 0xf203, 0x0, 0x40000ec, 0x7}}}, @common=@unspec=@bpf1={{0x230, 'bpf\x00', 0x0}, @bytecode={0x2, 0x0, 0x0, [{0x0, 0x0, 0x0, 0x35}]}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, '\x00', 'syz0\x00'}}}, {{@uncond, 0x0, 0xc0, 0xe0, 0x0, {}, [@inet=@rpfilter={{0x28, 'rpfilter\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @unspec=@TRACE={0x20, 'TRACE\x00'}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x538) 14:46:51 executing program 4: mmap(&(0x7f0000abb000/0x2000)=nil, 0x2000, 0x0, 0x102000200032, 0xffffffffffffffff, 0x0) r0 = socket(0x0, 0x8000000803, 0x0) setsockopt$sock_timeval(r0, 0x1, 0x2f, &(0x7f0000abaff9)={0x0, 0x2710}, 0x10) [ 226.667129][ T9054] xt_bpf: check failed: parse error 14:46:51 executing program 5: creat(&(0x7f00000001c0)='./file0\x00', 0x32) fanotify_init(0x0, 0x0) openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040)='/dev/rfkill\x00', 0x0, 0x0) r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) unshare(0x8000400) mq_open(&(0x7f0000000000)='-$\x00', 0x6e93ebbbcc0884ee, 0x0, 0x0) ioctl$int_in(r0, 0x800000c004500a, &(0x7f0000000300)) clock_gettime(0x0, &(0x7f0000000240)={0x0, 0x0}) mq_getsetattr(0xffffffffffffffff, 0x0, 0x0) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r1+30000000}, 0x0) [ 227.069087][ T9036] EXT4-fs (sda1): re-mounted. Opts: (null) [ 227.080499][ T9040] EXT4-fs (sda1): re-mounted. Opts: (null) [ 227.123887][ T7] attempt to access beyond end of device [ 227.129660][ T7] loop0: rw=1, want=230, limit=60 14:46:52 executing program 2: pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1) r2 = socket$inet_udplite(0x2, 0x2, 0x88) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) close(r1) r4 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r4, 0x10e, 0xc, &(0x7f0000000040)={0xf3a}, 0x10) sendmsg$NLBL_CIPSOV4_C_ADD(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={0x0}}, 0x0) write(0xffffffffffffffff, &(0x7f0000000180)="1c0000004a005f0214f9f424000904000a", 0xfffffffffffffc70) splice(r0, 0x0, r1, 0x0, 0xfffd, 0x0) 14:46:52 executing program 4: mmap(&(0x7f0000abb000/0x2000)=nil, 0x2000, 0x0, 0x102000200032, 0xffffffffffffffff, 0x0) r0 = socket(0x0, 0x8000000803, 0x0) setsockopt$sock_timeval(r0, 0x1, 0x2f, &(0x7f0000abaff9)={0x0, 0x2710}, 0x10) 14:46:52 executing program 5: creat(&(0x7f00000001c0)='./file0\x00', 0x32) fanotify_init(0x0, 0x0) openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040)='/dev/rfkill\x00', 0x0, 0x0) r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) unshare(0x8000400) mq_open(&(0x7f0000000000)='-$\x00', 0x6e93ebbbcc0884ee, 0x0, 0x0) ioctl$int_in(r0, 0x800000c004500a, &(0x7f0000000300)) clock_gettime(0x0, &(0x7f0000000240)={0x0, 0x0}) mq_getsetattr(0xffffffffffffffff, 0x0, 0x0) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r1+30000000}, 0x0) 14:46:52 executing program 1: clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x4000000000000, 0x40, &(0x7f0000000540)=@raw={'raw\x00', 0x4001, 0x3, 0x4d8, 0x0, 0x0, 0x148, 0x360, 0x148, 0x440, 0x240, 0x240, 0x440, 0x240, 0x3, 0x0, {[{{@ip={@local, @empty, 0x0, 0x0, 'ip6gretap0\x00', 'team_slave_0\x00'}, 0x0, 0x2f8, 0x360, 0x0, {}, [@common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'lo\x00', {0x35, 0x2, 0x0, 0xf203, 0x0, 0x40000ec, 0x7}}}, @common=@unspec=@bpf1={{0x230, 'bpf\x00', 0x0}, @bytecode={0x2, 0x0, 0x0, [{0x0, 0x0, 0x0, 0x35}]}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, '\x00', 'syz0\x00'}}}, {{@uncond, 0x0, 0xc0, 0xe0, 0x0, {}, [@inet=@rpfilter={{0x28, 'rpfilter\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @unspec=@TRACE={0x20, 'TRACE\x00'}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x538) 14:46:52 executing program 3: socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f00000002c0)='./file0\x00', 0x0, 0x218c32, 0x0) pivot_root(0x0, &(0x7f0000000080)='./file0\x00') writev(0xffffffffffffffff, 0x0, 0x0) add_key$keyring(&(0x7f00000004c0)='keyring\x00', 0x0, 0x0, 0x0, 0xfffffffffffffffe) 14:46:52 executing program 0: syz_mount_image$msdos(&(0x7f0000000040)='msdos\x00', &(0x7f00000003c0)='./file1\x00', 0x79d5, 0x1, &(0x7f0000000300)=[{&(0x7f0000000140)="040005090000000066617400040409000200027400f801", 0x17}], 0x0, &(0x7f0000000080)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') r0 = creat(&(0x7f0000000680)='./bus\x00', 0x0) ftruncate(r0, 0x800) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = fcntl$dupfd(r1, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) lseek(r0, 0x0, 0x2) r4 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0) r5 = open(&(0x7f0000000400)='./bus\x00', 0x14183e, 0x0) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x7ffffe, 0x11, r5, 0x0) sendfile(r0, r4, 0x0, 0x8400f7fffff8) 14:46:52 executing program 1: clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x4000000000000, 0x40, &(0x7f0000000540)=@raw={'raw\x00', 0x4001, 0x3, 0x4d8, 0x0, 0x0, 0x148, 0x360, 0x148, 0x440, 0x240, 0x240, 0x440, 0x240, 0x3, 0x0, {[{{@ip={@local, @empty, 0x0, 0x0, 'ip6gretap0\x00', 'team_slave_0\x00'}, 0x0, 0x2f8, 0x360, 0x0, {}, [@common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'lo\x00', {0x35, 0x2, 0x0, 0xf203, 0x0, 0x40000ec, 0x7}}}, @common=@unspec=@bpf1={{0x230, 'bpf\x00', 0x0}, @bytecode={0x2, 0x0, 0x0, [{0x0, 0x0, 0x0, 0x35}]}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, '\x00', 'syz0\x00'}}}, {{@uncond, 0x0, 0xc0, 0xe0, 0x0, {}, [@inet=@rpfilter={{0x28, 'rpfilter\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @unspec=@TRACE={0x20, 'TRACE\x00'}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x538) [ 227.470409][ T21] attempt to access beyond end of device [ 227.484710][ T21] loop0: rw=1, want=230, limit=60 14:46:52 executing program 4: mmap(&(0x7f0000abb000/0x2000)=nil, 0x2000, 0x0, 0x102000200032, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x0, 0x0) setsockopt$sock_timeval(r0, 0x1, 0x2f, &(0x7f0000abaff9)={0x0, 0x2710}, 0x10) 14:46:52 executing program 1: clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x4000000000000, 0x40, &(0x7f0000000540)=@raw={'raw\x00', 0x4001, 0x3, 0x4d8, 0x0, 0x0, 0x148, 0x360, 0x148, 0x440, 0x240, 0x240, 0x440, 0x240, 0x3, 0x0, {[{{@ip={@local, @empty, 0x0, 0x0, 'ip6gretap0\x00', 'team_slave_0\x00'}, 0x0, 0x2f8, 0x360, 0x0, {}, [@common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'lo\x00', {0x35, 0x2, 0x0, 0xf203, 0x0, 0x40000ec, 0x7}}}, @common=@unspec=@bpf1={{0x230, 'bpf\x00', 0x0}, @bytecode={0x2, 0x0, 0x0, [{0x0, 0x0, 0x0, 0x35}]}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, '\x00', 'syz0\x00'}}}, {{@uncond, 0x0, 0xc0, 0xe0, 0x0, {}, [@inet=@rpfilter={{0x28, 'rpfilter\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @unspec=@TRACE={0x20, 'TRACE\x00'}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x538) 14:46:52 executing program 5: creat(&(0x7f00000001c0)='./file0\x00', 0x32) fanotify_init(0x0, 0x0) openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040)='/dev/rfkill\x00', 0x0, 0x0) r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) unshare(0x8000400) mq_open(&(0x7f0000000000)='-$\x00', 0x6e93ebbbcc0884ee, 0x0, 0x0) ioctl$int_in(r0, 0x800000c004500a, &(0x7f0000000300)) clock_gettime(0x0, &(0x7f0000000240)={0x0, 0x0}) mq_getsetattr(0xffffffffffffffff, 0x0, 0x0) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r1+30000000}, 0x0) [ 227.593124][ T9081] EXT4-fs (sda1): re-mounted. Opts: (null) 14:46:52 executing program 3: r0 = getpid() prctl$PR_SET_PTRACER(0x59616d61, r0) clone(0x2000000002000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() r2 = socket$inet6(0xa, 0x2, 0x0) r3 = dup(r2) setsockopt$IPT_SO_SET_REPLACE(r3, 0x4000000000000, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0xc01, 0x3, 0x208, 0x0, 0x5002004a, 0x0, 0x0, 0x0, 0x170, 0x3c8, 0x3c8, 0x170, 0x3c8, 0x3, 0x0, {[{{@uncond, 0x0, 0x70, 0x90}, @unspec=@NOTRACK={0x20, 'NOTRACK\x00'}}, {{@ip={@empty, @private, 0x0, 0x0, 'ip6gretap0\x00', 'veth1_macvtap\x00'}, 0x0, 0x98, 0xe0, 0x0, {}, [@inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @unspec=@CT0={0x48, 'CT\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 'snmp_trap\x00'}}}], {{[], 0x0, 0x70, 0x98}, {0x28, '\x00', 0x4}}}}, 0x268) ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x12) wait4(0x0, 0x0, 0x0, 0x0) 14:46:52 executing program 2: pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1) r2 = socket$inet_udplite(0x2, 0x2, 0x88) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) close(r1) r4 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r4, 0x10e, 0xc, &(0x7f0000000040)={0xf3a}, 0x10) sendmsg$NLBL_CIPSOV4_C_ADD(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={0x0}}, 0x0) write(0xffffffffffffffff, &(0x7f0000000180)="1c0000004a005f0214f9f424000904000a", 0xfffffffffffffc70) splice(r0, 0x0, r1, 0x0, 0xfffd, 0x0) 14:46:52 executing program 4: mmap(&(0x7f0000abb000/0x2000)=nil, 0x2000, 0x0, 0x102000200032, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x0, 0x0) setsockopt$sock_timeval(r0, 0x1, 0x2f, &(0x7f0000abaff9)={0x0, 0x2710}, 0x10) 14:46:52 executing program 1: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) setsockopt$IPT_SO_SET_REPLACE(r0, 0x4000000000000, 0x40, &(0x7f0000000540)=@raw={'raw\x00', 0x4001, 0x3, 0x4d8, 0x0, 0x0, 0x148, 0x360, 0x148, 0x440, 0x240, 0x240, 0x440, 0x240, 0x3, 0x0, {[{{@ip={@local, @empty, 0x0, 0x0, 'ip6gretap0\x00', 'team_slave_0\x00'}, 0x0, 0x2f8, 0x360, 0x0, {}, [@common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'lo\x00', {0x35, 0x2, 0x0, 0xf203, 0x0, 0x40000ec, 0x7}}}, @common=@unspec=@bpf1={{0x230, 'bpf\x00', 0x0}, @bytecode={0x2, 0x0, 0x0, [{0x0, 0x0, 0x0, 0x35}]}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, '\x00', 'syz0\x00'}}}, {{@uncond, 0x0, 0xc0, 0xe0, 0x0, {}, [@inet=@rpfilter={{0x28, 'rpfilter\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @unspec=@TRACE={0x20, 'TRACE\x00'}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x538) 14:46:52 executing program 5: creat(&(0x7f00000001c0)='./file0\x00', 0x32) fanotify_init(0x0, 0x0) openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040)='/dev/rfkill\x00', 0x0, 0x0) openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) unshare(0x8000400) mq_open(&(0x7f0000000000)='-$\x00', 0x6e93ebbbcc0884ee, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000240)={0x0, 0x0}) mq_getsetattr(0xffffffffffffffff, 0x0, 0x0) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r0+30000000}, 0x0) 14:46:52 executing program 0: syz_mount_image$msdos(&(0x7f0000000040)='msdos\x00', &(0x7f00000003c0)='./file1\x00', 0x79d5, 0x1, &(0x7f0000000300)=[{&(0x7f0000000140)="040005090000000066617400040409000200027400f801", 0x17}], 0x0, &(0x7f0000000080)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') r0 = creat(&(0x7f0000000680)='./bus\x00', 0x0) ftruncate(r0, 0x800) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = fcntl$dupfd(r1, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) lseek(r0, 0x0, 0x2) r4 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0) r5 = open(&(0x7f0000000400)='./bus\x00', 0x14183e, 0x0) write$P9_RLERROR(r5, &(0x7f0000000080)={0x9}, 0x9) sendfile(r0, r4, 0x0, 0x8400f7fffff8) 14:46:52 executing program 4: mmap(&(0x7f0000abb000/0x2000)=nil, 0x2000, 0x0, 0x102000200032, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x0, 0x0) setsockopt$sock_timeval(r0, 0x1, 0x2f, &(0x7f0000abaff9)={0x0, 0x2710}, 0x10) [ 227.932881][ T9108] xt_bpf: check failed: parse error [ 227.936883][ T9109] xt_CT: netfilter: NOTRACK target is deprecated, use CT instead or upgrade iptables [ 227.963300][ T21] attempt to access beyond end of device [ 227.969050][ T21] loop0: rw=1, want=230, limit=60 14:46:53 executing program 2: pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1) r2 = socket$inet_udplite(0x2, 0x2, 0x88) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) close(r1) r4 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r4, 0x10e, 0xc, &(0x7f0000000040)={0xf3a}, 0x10) sendmsg$NLBL_CIPSOV4_C_ADD(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={0x0}}, 0x0) write(0xffffffffffffffff, &(0x7f0000000180)="1c0000004a005f0214f9f424000904000a", 0xfffffffffffffc70) splice(r0, 0x0, r1, 0x0, 0xfffd, 0x0) 14:46:53 executing program 3: unshare(0x20600) r0 = bpf$MAP_CREATE(0x100000000000000, &(0x7f00000000c0)={0xf, 0x4, 0x8, 0x4, 0x0, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x2000000]}, 0x40) bpf$BPF_PROG_DETACH(0x4, &(0x7f0000000080)={@map=r0, 0xffffffffffffffff, 0x4}, 0x10) [ 228.016921][ T9109] xt_CT: You must specify a L4 protocol and not use inversions on it 14:46:53 executing program 4: mmap(&(0x7f0000abb000/0x2000)=nil, 0x2000, 0x0, 0x102000200032, 0xffffffffffffffff, 0x0) socket(0x10, 0x8000000803, 0x0) setsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x2f, &(0x7f0000abaff9)={0x0, 0x2710}, 0x10) 14:46:53 executing program 3: ioperm(0x0, 0xff, 0x80000001) bpf$MAP_CREATE(0x13, &(0x7f0000000500)={0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x40) 14:46:53 executing program 1: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) setsockopt$IPT_SO_SET_REPLACE(r0, 0x4000000000000, 0x40, &(0x7f0000000540)=@raw={'raw\x00', 0x4001, 0x3, 0x4d8, 0x0, 0x0, 0x148, 0x360, 0x148, 0x440, 0x240, 0x240, 0x440, 0x240, 0x3, 0x0, {[{{@ip={@local, @empty, 0x0, 0x0, 'ip6gretap0\x00', 'team_slave_0\x00'}, 0x0, 0x2f8, 0x360, 0x0, {}, [@common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'lo\x00', {0x35, 0x2, 0x0, 0xf203, 0x0, 0x40000ec, 0x7}}}, @common=@unspec=@bpf1={{0x230, 'bpf\x00', 0x0}, @bytecode={0x2, 0x0, 0x0, [{0x0, 0x0, 0x0, 0x35}]}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, '\x00', 'syz0\x00'}}}, {{@uncond, 0x0, 0xc0, 0xe0, 0x0, {}, [@inet=@rpfilter={{0x28, 'rpfilter\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @unspec=@TRACE={0x20, 'TRACE\x00'}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x538) [ 228.255059][ T28] kauditd_printk_skb: 11 callbacks suppressed [ 228.255073][ T28] audit: type=1804 audit(1599749213.264:28): pid=9125 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir844479570/syzkaller.BBXZ1Y/22/file1/bus" dev="loop0" ino=10 res=1 errno=0 14:46:53 executing program 2: pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1) r2 = socket$inet_udplite(0x2, 0x2, 0x88) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) close(r1) r4 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r4, 0x10e, 0xc, &(0x7f0000000040)={0xf3a}, 0x10) sendmsg$NLBL_CIPSOV4_C_ADD(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={0x0}}, 0x0) write(0xffffffffffffffff, &(0x7f0000000180)="1c0000004a005f0214f9f424000904000a", 0xfffffffffffffc70) splice(r0, 0x0, r1, 0x0, 0xfffd, 0x0) [ 228.303974][ T9125] attempt to access beyond end of device [ 228.323013][ T9125] loop0: rw=2049, want=66, limit=60 14:46:53 executing program 4: mmap(&(0x7f0000abb000/0x2000)=nil, 0x2000, 0x0, 0x102000200032, 0xffffffffffffffff, 0x0) socket(0x10, 0x8000000803, 0x0) setsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x2f, &(0x7f0000abaff9)={0x0, 0x2710}, 0x10) 14:46:53 executing program 5: creat(&(0x7f00000001c0)='./file0\x00', 0x32) fanotify_init(0x0, 0x0) openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040)='/dev/rfkill\x00', 0x0, 0x0) openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) unshare(0x8000400) mq_open(&(0x7f0000000000)='-$\x00', 0x6e93ebbbcc0884ee, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000240)={0x0, 0x0}) mq_getsetattr(0xffffffffffffffff, 0x0, 0x0) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r0+30000000}, 0x0) 14:46:53 executing program 3: set_mempolicy(0x1, &(0x7f00000000c0)=0x7ffe, 0xe1) r0 = socket(0x1, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setuid(r1) mount$9p_rdma(0x0, 0x0, 0x0, 0x1000c2, 0x0) 14:46:53 executing program 0: syz_mount_image$msdos(&(0x7f0000000040)='msdos\x00', &(0x7f00000003c0)='./file1\x00', 0x79d5, 0x1, &(0x7f0000000300)=[{&(0x7f0000000140)="040005090000000066617400040409000200027400f801", 0x17}], 0x0, &(0x7f0000000080)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') r0 = creat(&(0x7f0000000680)='./bus\x00', 0x0) ftruncate(r0, 0x800) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = fcntl$dupfd(r1, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) lseek(r0, 0x0, 0x2) r4 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0) r5 = open(&(0x7f0000000400)='./bus\x00', 0x14183e, 0x0) write$P9_RLERROR(r5, &(0x7f0000000080)={0x9}, 0x9) sendfile(r0, r4, 0x0, 0x8400f7fffff8) [ 228.466629][ T28] audit: type=1804 audit(1599749213.304:29): pid=9127 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir844479570/syzkaller.BBXZ1Y/22/file1/bus" dev="loop0" ino=10 res=1 errno=0 [ 228.479956][ T9134] xt_bpf: check failed: parse error [ 228.495859][ T21] attempt to access beyond end of device [ 228.501797][ T21] loop0: rw=1, want=68, limit=60 [ 228.526248][ T21] buffer_io_error: 6 callbacks suppressed [ 228.526259][ T21] Buffer I/O error on dev loop0, logical block 33, lost async page write 14:46:53 executing program 2: pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1) r2 = socket$inet_udplite(0x2, 0x2, 0x88) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) close(r1) r4 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r4, 0x10e, 0xc, &(0x7f0000000040)={0xf3a}, 0x10) sendmsg$NLBL_CIPSOV4_C_ADD(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={0x0}}, 0x0) splice(r0, 0x0, r1, 0x0, 0xfffd, 0x0) 14:46:53 executing program 3: perf_event_open(&(0x7f00000002c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f00000000c0)=0x100000001, 0x4) setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000040)=0x80000000001, 0x4) connect$inet6(r0, &(0x7f0000000180)={0xa, 0x0, 0x0, @loopback}, 0x1c) sendto$inet6(r0, &(0x7f00000005c0), 0xfffffffffffffee0, 0x0, 0x0, 0xb6) recvmmsg(r0, &(0x7f0000000080), 0x21e, 0x40010002, 0x0) 14:46:53 executing program 4: mmap(&(0x7f0000abb000/0x2000)=nil, 0x2000, 0x0, 0x102000200032, 0xffffffffffffffff, 0x0) socket(0x10, 0x8000000803, 0x0) setsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x2f, &(0x7f0000abaff9)={0x0, 0x2710}, 0x10) [ 228.594720][ T21] attempt to access beyond end of device [ 228.632115][ T21] loop0: rw=1, want=70, limit=60 [ 228.683179][ T21] Buffer I/O error on dev loop0, logical block 34, lost async page write [ 228.691878][ T21] attempt to access beyond end of device [ 228.740772][ T21] loop0: rw=1, want=230, limit=60 14:46:53 executing program 4: mmap(&(0x7f0000abb000/0x2000)=nil, 0x2000, 0x0, 0x102000200032, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x8000000803, 0x0) setsockopt$sock_timeval(r0, 0x1, 0x0, &(0x7f0000abaff9)={0x0, 0x2710}, 0x10) 14:46:53 executing program 2: pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1) r2 = socket$inet_udplite(0x2, 0x2, 0x88) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) close(r1) r4 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r4, 0x10e, 0xc, &(0x7f0000000040)={0xf3a}, 0x10) sendmsg$NLBL_CIPSOV4_C_ADD(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={0x0}}, 0x0) splice(r0, 0x0, r1, 0x0, 0xfffd, 0x0) 14:46:54 executing program 1: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) setsockopt$IPT_SO_SET_REPLACE(r0, 0x4000000000000, 0x40, &(0x7f0000000540)=@raw={'raw\x00', 0x4001, 0x3, 0x4d8, 0x0, 0x0, 0x148, 0x360, 0x148, 0x440, 0x240, 0x240, 0x440, 0x240, 0x3, 0x0, {[{{@ip={@local, @empty, 0x0, 0x0, 'ip6gretap0\x00', 'team_slave_0\x00'}, 0x0, 0x2f8, 0x360, 0x0, {}, [@common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'lo\x00', {0x35, 0x2, 0x0, 0xf203, 0x0, 0x40000ec, 0x7}}}, @common=@unspec=@bpf1={{0x230, 'bpf\x00', 0x0}, @bytecode={0x2, 0x0, 0x0, [{0x0, 0x0, 0x0, 0x35}]}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, '\x00', 'syz0\x00'}}}, {{@uncond, 0x0, 0xc0, 0xe0, 0x0, {}, [@inet=@rpfilter={{0x28, 'rpfilter\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @unspec=@TRACE={0x20, 'TRACE\x00'}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x538) 14:46:54 executing program 0: syz_mount_image$msdos(&(0x7f0000000040)='msdos\x00', &(0x7f00000003c0)='./file1\x00', 0x79d5, 0x1, &(0x7f0000000300)=[{&(0x7f0000000140)="040005090000000066617400040409000200027400f801", 0x17}], 0x0, &(0x7f0000000080)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') r0 = creat(&(0x7f0000000680)='./bus\x00', 0x0) ftruncate(r0, 0x800) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = fcntl$dupfd(r1, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) lseek(r0, 0x0, 0x2) r4 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0) r5 = open(&(0x7f0000000400)='./bus\x00', 0x14183e, 0x0) write$P9_RLERROR(r5, &(0x7f0000000080)={0x9}, 0x9) sendfile(r0, r4, 0x0, 0x8400f7fffff8) [ 228.957871][ T28] audit: type=1804 audit(1599749213.964:30): pid=9158 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir844479570/syzkaller.BBXZ1Y/23/file1/bus" dev="loop0" ino=11 res=1 errno=0 [ 228.961682][ T9158] attempt to access beyond end of device [ 228.989637][ T9158] loop0: rw=2049, want=66, limit=60 14:46:54 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xe, 0x4, &(0x7f0000000040)=@framed={{0xffffffb4, 0x5, 0x0, 0x0, 0x0, 0x71, 0x10, 0x4f}, [@ldst={0x5}]}, &(0x7f0000003ff6)='GPL\x00', 0x5, 0xfd90, &(0x7f000000cf3d)=""/190, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0xfffffffffffffd06, 0x10, &(0x7f0000000000), 0x1dd}, 0x48) 14:46:54 executing program 2: pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1) r2 = socket$inet_udplite(0x2, 0x2, 0x88) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) close(r1) r4 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r4, 0x10e, 0xc, &(0x7f0000000040)={0xf3a}, 0x10) sendmsg$NLBL_CIPSOV4_C_ADD(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={0x0}}, 0x0) splice(r0, 0x0, r1, 0x0, 0xfffd, 0x0) [ 229.031676][ T21] attempt to access beyond end of device [ 229.037035][ T28] audit: type=1804 audit(1599749213.964:31): pid=9158 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir844479570/syzkaller.BBXZ1Y/23/file1/bus" dev="loop0" ino=11 res=1 errno=0 [ 229.046222][ T21] loop0: rw=1, want=68, limit=60 [ 229.112160][ T9162] xt_bpf: check failed: parse error [ 229.159398][ T21] Buffer I/O error on dev loop0, logical block 33, lost async page write [ 229.196319][ T21] attempt to access beyond end of device [ 229.216398][ T21] loop0: rw=1, want=70, limit=60 [ 229.239601][ T21] Buffer I/O error on dev loop0, logical block 34, lost async page write [ 229.268609][ T21] attempt to access beyond end of device [ 229.287426][ T21] loop0: rw=1, want=230, limit=60 14:46:54 executing program 5: creat(&(0x7f00000001c0)='./file0\x00', 0x32) fanotify_init(0x0, 0x0) openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040)='/dev/rfkill\x00', 0x0, 0x0) openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) unshare(0x8000400) mq_open(&(0x7f0000000000)='-$\x00', 0x6e93ebbbcc0884ee, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000240)={0x0, 0x0}) mq_getsetattr(0xffffffffffffffff, 0x0, 0x0) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r0+30000000}, 0x0) 14:46:54 executing program 4: mmap(&(0x7f0000abb000/0x2000)=nil, 0x2000, 0x0, 0x102000200032, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x8000000803, 0x0) setsockopt$sock_timeval(r0, 0x1, 0x0, &(0x7f0000abaff9)={0x0, 0x2710}, 0x10) 14:46:54 executing program 2: pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1) r2 = socket$inet_udplite(0x2, 0x2, 0x88) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) close(r1) r4 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r4, 0x10e, 0xc, &(0x7f0000000040)={0xf3a}, 0x10) write(0xffffffffffffffff, &(0x7f0000000180)="1c0000004a005f0214f9f424000904000a", 0xfffffffffffffc70) splice(r0, 0x0, r1, 0x0, 0xfffd, 0x0) 14:46:54 executing program 3: r0 = openat$nullb(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/nullb0\x00', 0x0, 0x0) ioctl$BLKROSET(r0, 0x401870cb, 0x0) 14:46:54 executing program 1: clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) setsockopt$IPT_SO_SET_REPLACE(r0, 0x4000000000000, 0x40, &(0x7f0000000540)=@raw={'raw\x00', 0x4001, 0x3, 0x4d8, 0x0, 0x0, 0x148, 0x360, 0x148, 0x440, 0x240, 0x240, 0x440, 0x240, 0x3, 0x0, {[{{@ip={@local, @empty, 0x0, 0x0, 'ip6gretap0\x00', 'team_slave_0\x00'}, 0x0, 0x2f8, 0x360, 0x0, {}, [@common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'lo\x00', {0x35, 0x2, 0x0, 0xf203, 0x0, 0x40000ec, 0x7}}}, @common=@unspec=@bpf1={{0x230, 'bpf\x00', 0x0}, @bytecode={0x2, 0x0, 0x0, [{0x0, 0x0, 0x0, 0x35}]}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, '\x00', 'syz0\x00'}}}, {{@uncond, 0x0, 0xc0, 0xe0, 0x0, {}, [@inet=@rpfilter={{0x28, 'rpfilter\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @unspec=@TRACE={0x20, 'TRACE\x00'}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x538) 14:46:54 executing program 4: mmap(&(0x7f0000abb000/0x2000)=nil, 0x2000, 0x0, 0x102000200032, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x8000000803, 0x0) setsockopt$sock_timeval(r0, 0x1, 0x0, &(0x7f0000abaff9)={0x0, 0x2710}, 0x10) [ 229.447344][ T9173] xt_bpf: check failed: parse error 14:46:54 executing program 2: pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1) r2 = socket$inet_udplite(0x2, 0x2, 0x88) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) close(r1) r4 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r4, 0x10e, 0xc, &(0x7f0000000040)={0xf3a}, 0x10) write(0xffffffffffffffff, &(0x7f0000000180)="1c0000004a005f0214f9f424000904000a", 0xfffffffffffffc70) splice(r0, 0x0, r1, 0x0, 0xfffd, 0x0) 14:46:54 executing program 3: clone(0x20002044dfc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = syz_io_uring_setup(0x87, &(0x7f0000000200), &(0x7f0000ee7000/0x2000)=nil, &(0x7f00006d4000/0x4000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_setup(0x45d8, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000040)) r4 = socket$nl_route(0x10, 0x3, 0x0) r5 = socket(0x200000000000011, 0x3, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd=r4, 0x0, {}, 0x0, 0x0, 0x0, {0x0, 0x0, r5}}, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) io_uring_enter(r0, 0x450c, 0x0, 0x0, 0x0, 0x0) [ 229.555838][ T28] audit: type=1804 audit(1599749214.564:32): pid=9180 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir844479570/syzkaller.BBXZ1Y/24/file1/bus" dev="loop0" ino=12 res=1 errno=0 [ 229.593559][ T9180] attempt to access beyond end of device [ 229.629905][ T9180] loop0: rw=2049, want=66, limit=60 14:46:54 executing program 0: syz_mount_image$msdos(&(0x7f0000000040)='msdos\x00', &(0x7f00000003c0)='./file1\x00', 0x79d5, 0x1, &(0x7f0000000300)=[{&(0x7f0000000140)="040005090000000066617400040409000200027400f801", 0x17}], 0x0, &(0x7f0000000080)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') r0 = creat(&(0x7f0000000680)='./bus\x00', 0x0) ftruncate(r0, 0x800) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = fcntl$dupfd(r1, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) lseek(r0, 0x0, 0x2) r4 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x7ffffe, 0x11, 0xffffffffffffffff, 0x0) write$P9_RLERROR(0xffffffffffffffff, &(0x7f0000000080)={0x9}, 0x9) sendfile(r0, r4, 0x0, 0x8400f7fffff8) [ 229.685303][ T28] audit: type=1804 audit(1599749214.604:33): pid=9180 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir844479570/syzkaller.BBXZ1Y/24/file1/bus" dev="loop0" ino=12 res=1 errno=0 14:46:54 executing program 2: pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1) r2 = socket$inet_udplite(0x2, 0x2, 0x88) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) close(r1) r4 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r4, 0x10e, 0xc, &(0x7f0000000040)={0xf3a}, 0x10) write(0xffffffffffffffff, &(0x7f0000000180)="1c0000004a005f0214f9f424000904000a", 0xfffffffffffffc70) splice(r0, 0x0, r1, 0x0, 0xfffd, 0x0) [ 229.728049][ T21] attempt to access beyond end of device [ 229.739939][ T21] loop0: rw=1, want=68, limit=60 14:46:54 executing program 4: mmap(&(0x7f0000abb000/0x2000)=nil, 0x2000, 0x0, 0x102000200032, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x8000000803, 0x0) setsockopt$sock_timeval(r0, 0x1, 0x2f, 0x0, 0x0) 14:46:54 executing program 3: r0 = fanotify_init(0x200, 0x0) pipe2(&(0x7f0000000000)={0xffffffffffffffff}, 0x0) fanotify_mark(r0, 0x165, 0x4000103c, r1, 0x0) [ 229.777540][ T21] Buffer I/O error on dev loop0, logical block 33, lost async page write [ 229.855570][ T21] attempt to access beyond end of device [ 229.889908][ T21] loop0: rw=1, want=70, limit=60 [ 229.913407][ T21] Buffer I/O error on dev loop0, logical block 34, lost async page write [ 229.950607][ T21] attempt to access beyond end of device [ 229.973885][ T21] loop0: rw=1, want=230, limit=60 [ 230.154007][ T28] audit: type=1804 audit(1599749215.164:34): pid=9220 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir844479570/syzkaller.BBXZ1Y/25/file1/bus" dev="loop0" ino=13 res=1 errno=0 [ 230.273373][ T89] attempt to access beyond end of device [ 230.279213][ T89] loop0: rw=1, want=230, limit=60 14:46:55 executing program 4: mmap(&(0x7f0000abb000/0x2000)=nil, 0x2000, 0x0, 0x102000200032, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x8000000803, 0x0) setsockopt$sock_timeval(r0, 0x1, 0x2f, 0x0, 0x0) 14:46:55 executing program 2: pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1) r2 = socket$inet_udplite(0x2, 0x2, 0x88) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) close(r1) socket(0x10, 0x3, 0x0) sendmsg$NLBL_CIPSOV4_C_ADD(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={0x0}}, 0x0) write(0xffffffffffffffff, &(0x7f0000000180)="1c0000004a005f0214f9f424000904000a", 0xfffffffffffffc70) splice(r0, 0x0, r1, 0x0, 0xfffd, 0x0) 14:46:55 executing program 3: r0 = syz_init_net_socket$ax25(0x3, 0x2, 0x0) ioctl$sock_SIOCDELRT(r0, 0x89e7, 0x0) 14:46:55 executing program 1: clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) setsockopt$IPT_SO_SET_REPLACE(r0, 0x4000000000000, 0x40, &(0x7f0000000540)=@raw={'raw\x00', 0x4001, 0x3, 0x4d8, 0x0, 0x0, 0x148, 0x360, 0x148, 0x440, 0x240, 0x240, 0x440, 0x240, 0x3, 0x0, {[{{@ip={@local, @empty, 0x0, 0x0, 'ip6gretap0\x00', 'team_slave_0\x00'}, 0x0, 0x2f8, 0x360, 0x0, {}, [@common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'lo\x00', {0x35, 0x2, 0x0, 0xf203, 0x0, 0x40000ec, 0x7}}}, @common=@unspec=@bpf1={{0x230, 'bpf\x00', 0x0}, @bytecode={0x2, 0x0, 0x0, [{0x0, 0x0, 0x0, 0x35}]}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, '\x00', 'syz0\x00'}}}, {{@uncond, 0x0, 0xc0, 0xe0, 0x0, {}, [@inet=@rpfilter={{0x28, 'rpfilter\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @unspec=@TRACE={0x20, 'TRACE\x00'}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x538) 14:46:55 executing program 5: creat(&(0x7f00000001c0)='./file0\x00', 0x32) fanotify_init(0x0, 0x0) openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040)='/dev/rfkill\x00', 0x0, 0x0) r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) unshare(0x8000400) ioctl$int_in(r0, 0x800000c004500a, &(0x7f0000000300)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000240)={0x0, 0x0}) mq_getsetattr(0xffffffffffffffff, 0x0, 0x0) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r1+30000000}, 0x0) 14:46:55 executing program 0: syz_mount_image$msdos(&(0x7f0000000040)='msdos\x00', &(0x7f00000003c0)='./file1\x00', 0x79d5, 0x1, &(0x7f0000000300)=[{&(0x7f0000000140)="040005090000000066617400040409000200027400f801", 0x17}], 0x0, &(0x7f0000000080)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') r0 = creat(&(0x7f0000000680)='./bus\x00', 0x0) ftruncate(r0, 0x800) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = fcntl$dupfd(r1, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) lseek(r0, 0x0, 0x2) r4 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x7ffffe, 0x11, 0xffffffffffffffff, 0x0) write$P9_RLERROR(0xffffffffffffffff, &(0x7f0000000080)={0x9}, 0x9) sendfile(r0, r4, 0x0, 0x8400f7fffff8) 14:46:55 executing program 4: mmap(&(0x7f0000abb000/0x2000)=nil, 0x2000, 0x0, 0x102000200032, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x8000000803, 0x0) setsockopt$sock_timeval(r0, 0x1, 0x2f, 0x0, 0x0) 14:46:55 executing program 3: perf_event_open(&(0x7f00000002c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000180)='rpc_pipefs\x00', 0x0, 0x0) dup(0xffffffffffffffff) umount2(&(0x7f0000000240)='./file0\x00', 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0) openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x20000, 0x0) setreuid(0x0, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0) dup(0xffffffffffffffff) [ 230.485114][ T9232] xt_bpf: check failed: parse error 14:46:55 executing program 2: pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1) r2 = socket$inet_udplite(0x2, 0x2, 0x88) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) close(r1) socket(0x10, 0x3, 0x0) sendmsg$NLBL_CIPSOV4_C_ADD(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={0x0}}, 0x0) write(0xffffffffffffffff, &(0x7f0000000180)="1c0000004a005f0214f9f424000904000a", 0xfffffffffffffc70) splice(r0, 0x0, r1, 0x0, 0xfffd, 0x0) [ 230.584638][ T28] audit: type=1804 audit(1599749215.594:35): pid=9233 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir844479570/syzkaller.BBXZ1Y/26/file1/bus" dev="loop0" ino=14 res=1 errno=0 14:46:55 executing program 5: creat(&(0x7f00000001c0)='./file0\x00', 0x32) fanotify_init(0x0, 0x0) openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040)='/dev/rfkill\x00', 0x0, 0x0) r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) unshare(0x8000400) ioctl$int_in(r0, 0x800000c004500a, &(0x7f0000000300)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000240)={0x0, 0x0}) mq_getsetattr(0xffffffffffffffff, 0x0, 0x0) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r1+30000000}, 0x0) 14:46:55 executing program 0: syz_mount_image$msdos(&(0x7f0000000040)='msdos\x00', &(0x7f00000003c0)='./file1\x00', 0x79d5, 0x1, &(0x7f0000000300)=[{&(0x7f0000000140)="040005090000000066617400040409000200027400f801", 0x17}], 0x0, &(0x7f0000000080)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') r0 = creat(&(0x7f0000000680)='./bus\x00', 0x0) ftruncate(r0, 0x800) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = fcntl$dupfd(r1, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) lseek(r0, 0x0, 0x2) r4 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x7ffffe, 0x11, 0xffffffffffffffff, 0x0) write$P9_RLERROR(0xffffffffffffffff, &(0x7f0000000080)={0x9}, 0x9) sendfile(r0, r4, 0x0, 0x8400f7fffff8) 14:46:55 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = add_key$keyring(&(0x7f0000000180)='keyring\x00', &(0x7f0000000200)={'syz'}, 0x0, 0x0, 0xffffffffffffffff) r1 = add_key$keyring(&(0x7f0000000340)='keyring\x00', &(0x7f0000000000)={'syz', 0x0}, 0x0, 0x0, r0) r2 = add_key$user(&(0x7f0000000280)='user\x00', &(0x7f00000000c0)={'syz', 0x1}, &(0x7f0000000600)="58461caf5ccb01ed83b836c1a6474914dc34e72206297b6895b66147b3c7218a9169a85ea0bdc9e1587a1a0900000000000042e3308965210007c3cd3923dd4a71c2ff06007b6b4816122d2550829eaa9435c99b2655043a2ce0d23f4d2f6b0bfb1a4e9f435fb3bae96efb74b50ec93c152f5e8e198a29e51ff5ff70e48884ca00", 0x81, r1) r3 = add_key$user(&(0x7f0000000200)='user\x00', &(0x7f0000000080)={'syz', 0x3}, &(0x7f00000005c0)="0658", 0x2, 0xfffffffffffffffd) pread64(0xffffffffffffffff, 0x0, 0x0, 0x0) r4 = add_key$user(&(0x7f00000000c0)='user\x00', &(0x7f0000000040)={'syz', 0x3}, &(0x7f0000000340)="585ccbe4ed83b836c1a6474914dc55e72206297b6895b66147b3c7218a9169a85ea0bdc9e1587a050000000000000042e33089754c8107c3cd3923dd4a71c2ff06007b6b4816122d2550829eaa9435c99926022b8753a188748c569f435fb3bae96efb74b50ec93c152f5e8e198a29e5c0d0c60000ce0637ce003d661ff5ff70e48884ca000018cea71fcfacf40d32e4b58a8d2725561f6110fd7b06f90b5274cc5c1e298a16324fe27da2a9d5ba9ff3c009d308bd73f4772539", 0x2b2, 0xfffffffffffffffe) ioctl$NBD_SET_BLKSIZE(0xffffffffffffffff, 0xab01, 0x2) keyctl$dh_compute(0x17, &(0x7f00000001c0)={r3, r4, r2}, 0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000040)={'crc32c-intel\x00'}}) [ 230.773403][ T303] attempt to access beyond end of device [ 230.781654][ T303] loop0: rw=1, want=230, limit=60 14:46:55 executing program 2: pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1) r2 = socket$inet_udplite(0x2, 0x2, 0x88) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) close(r1) socket(0x10, 0x3, 0x0) sendmsg$NLBL_CIPSOV4_C_ADD(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={0x0}}, 0x0) write(0xffffffffffffffff, &(0x7f0000000180)="1c0000004a005f0214f9f424000904000a", 0xfffffffffffffc70) splice(r0, 0x0, r1, 0x0, 0xfffd, 0x0) 14:46:55 executing program 3: perf_event_open(&(0x7f00000002c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000180)='rpc_pipefs\x00', 0x0, 0x0) dup(0xffffffffffffffff) umount2(&(0x7f0000000240)='./file0\x00', 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0) openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x20000, 0x0) setreuid(0x0, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0) dup(0xffffffffffffffff) [ 231.039540][ T28] audit: type=1804 audit(1599749216.044:36): pid=9252 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir844479570/syzkaller.BBXZ1Y/27/file1/bus" dev="loop0" ino=127 res=1 errno=0 14:46:56 executing program 2: pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1) r2 = socket$inet_udplite(0x2, 0x2, 0x88) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) close(r1) setsockopt$netlink_NETLINK_TX_RING(0xffffffffffffffff, 0x10e, 0xc, &(0x7f0000000040)={0xf3a}, 0x10) sendmsg$NLBL_CIPSOV4_C_ADD(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={0x0}}, 0x0) write(0xffffffffffffffff, &(0x7f0000000180)="1c0000004a005f0214f9f424000904000a", 0xfffffffffffffc70) splice(r0, 0x0, r1, 0x0, 0xfffd, 0x0) 14:46:56 executing program 1: clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) setsockopt$IPT_SO_SET_REPLACE(r0, 0x4000000000000, 0x40, &(0x7f0000000540)=@raw={'raw\x00', 0x4001, 0x3, 0x4d8, 0x0, 0x0, 0x148, 0x360, 0x148, 0x440, 0x240, 0x240, 0x440, 0x240, 0x3, 0x0, {[{{@ip={@local, @empty, 0x0, 0x0, 'ip6gretap0\x00', 'team_slave_0\x00'}, 0x0, 0x2f8, 0x360, 0x0, {}, [@common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'lo\x00', {0x35, 0x2, 0x0, 0xf203, 0x0, 0x40000ec, 0x7}}}, @common=@unspec=@bpf1={{0x230, 'bpf\x00', 0x0}, @bytecode={0x2, 0x0, 0x0, [{0x0, 0x0, 0x0, 0x35}]}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, '\x00', 'syz0\x00'}}}, {{@uncond, 0x0, 0xc0, 0xe0, 0x0, {}, [@inet=@rpfilter={{0x28, 'rpfilter\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @unspec=@TRACE={0x20, 'TRACE\x00'}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x538) 14:46:56 executing program 4: r0 = socket$isdn(0x22, 0x2, 0x21) accept4(r0, 0x0, 0x0, 0x0) 14:46:56 executing program 3: unshare(0x2c020400) r0 = syz_open_dev$evdev(&(0x7f0000000040)='/dev/input/event#\x00', 0x0, 0x0) ioctl$EVIOCGMASK(r0, 0x80104592, &(0x7f0000000080)={0x0, 0x9, &(0x7f0000000540)="85e69a3016c5db4b90"}) 14:46:56 executing program 5: creat(&(0x7f00000001c0)='./file0\x00', 0x32) fanotify_init(0x0, 0x0) openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040)='/dev/rfkill\x00', 0x0, 0x0) r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) unshare(0x8000400) ioctl$int_in(r0, 0x800000c004500a, &(0x7f0000000300)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000240)={0x0, 0x0}) mq_getsetattr(0xffffffffffffffff, 0x0, 0x0) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r1+30000000}, 0x0) 14:46:56 executing program 0: syz_mount_image$msdos(&(0x7f0000000040)='msdos\x00', &(0x7f00000003c0)='./file1\x00', 0x79d5, 0x1, &(0x7f0000000300)=[{&(0x7f0000000140)="040005090000000066617400040409000200027400f801", 0x17}], 0x0, &(0x7f0000000080)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') r0 = creat(&(0x7f0000000680)='./bus\x00', 0x0) ftruncate(r0, 0x800) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = fcntl$dupfd(r1, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) lseek(r0, 0x0, 0x2) r4 = open(&(0x7f0000000400)='./bus\x00', 0x14183e, 0x0) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x7ffffe, 0x11, r4, 0x0) write$P9_RLERROR(r4, &(0x7f0000000080)={0x9}, 0x9) sendfile(r0, 0xffffffffffffffff, 0x0, 0x8400f7fffff8) [ 231.343176][ T303] attempt to access beyond end of device [ 231.348921][ T303] loop0: rw=1, want=230, limit=60 14:46:56 executing program 2: pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1) r2 = socket$inet_udplite(0x2, 0x2, 0x88) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) close(r1) setsockopt$netlink_NETLINK_TX_RING(0xffffffffffffffff, 0x10e, 0xc, &(0x7f0000000040)={0xf3a}, 0x10) sendmsg$NLBL_CIPSOV4_C_ADD(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={0x0}}, 0x0) write(0xffffffffffffffff, &(0x7f0000000180)="1c0000004a005f0214f9f424000904000a", 0xfffffffffffffc70) splice(r0, 0x0, r1, 0x0, 0xfffd, 0x0) [ 231.407300][ T9267] delete_channel: no stack [ 231.414309][ T9267] delete_channel: no stack 14:46:56 executing program 4: r0 = syz_open_dev$sg(&(0x7f0000000100)='/dev/sg#\x00', 0x0, 0x0) io_setup(0x8, &(0x7f0000000600)=0x0) r2 = syz_open_procfs(0x0, &(0x7f00000001c0)='fd/3\x00') io_submit(r1, 0x2, &(0x7f00000000c0)=[&(0x7f0000000040)={0x0, 0x0, 0x0, 0x5, 0x0, r2, 0x0}, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x4, r0, 0x0, 0x0, 0x0, 0x0, 0x2}]) [ 231.525551][ T9274] xt_bpf: check failed: parse error 14:46:56 executing program 3: mkdir(&(0x7f0000000240)='./file1\x00', 0x0) mkdir(&(0x7f00000000c0)='./bus\x00', 0x0) mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mkdir(&(0x7f0000000280)='./bus/file0\x00', 0x0) mount$overlay(0x400002, &(0x7f0000000000)='./bus\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f0000000680)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './bus'}}, {@workdir={'workdir', 0x3d, './file0'}}, {@nfs_export_on='nfs_export=on'}]}) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) fanotify_mark(0xffffffffffffffff, 0x145, 0x40000017, 0xffffffffffffffff, 0x0) chdir(&(0x7f0000000340)='./bus\x00') setxattr$security_capability(&(0x7f0000000080)='./file0\x00', &(0x7f0000000440)='security.capability\x00', 0x0, 0x0, 0x0) 14:46:56 executing program 2: pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1) r2 = socket$inet_udplite(0x2, 0x2, 0x88) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) close(r1) setsockopt$netlink_NETLINK_TX_RING(0xffffffffffffffff, 0x10e, 0xc, &(0x7f0000000040)={0xf3a}, 0x10) sendmsg$NLBL_CIPSOV4_C_ADD(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={0x0}}, 0x0) write(0xffffffffffffffff, &(0x7f0000000180)="1c0000004a005f0214f9f424000904000a", 0xfffffffffffffc70) splice(r0, 0x0, r1, 0x0, 0xfffd, 0x0) 14:46:56 executing program 2: pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1) r2 = socket$inet_udplite(0x2, 0x2, 0x88) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r4, 0x10e, 0xc, &(0x7f0000000040)={0xf3a}, 0x10) sendmsg$NLBL_CIPSOV4_C_ADD(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={0x0}}, 0x0) write(0xffffffffffffffff, &(0x7f0000000180)="1c0000004a005f0214f9f424000904000a", 0xfffffffffffffc70) splice(r0, 0x0, r1, 0x0, 0xfffd, 0x0) 14:46:56 executing program 0: syz_mount_image$msdos(&(0x7f0000000040)='msdos\x00', &(0x7f00000003c0)='./file1\x00', 0x79d5, 0x1, &(0x7f0000000300)=[{&(0x7f0000000140)="040005090000000066617400040409000200027400f801", 0x17}], 0x0, &(0x7f0000000080)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') r0 = creat(&(0x7f0000000680)='./bus\x00', 0x0) ftruncate(r0, 0x800) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = fcntl$dupfd(r1, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) lseek(r0, 0x0, 0x2) r4 = open(&(0x7f0000000400)='./bus\x00', 0x14183e, 0x0) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x7ffffe, 0x11, r4, 0x0) write$P9_RLERROR(r4, &(0x7f0000000080)={0x9}, 0x9) sendfile(r0, 0xffffffffffffffff, 0x0, 0x8400f7fffff8) 14:46:56 executing program 4: r0 = syz_open_procfs(0x0, &(0x7f0000000000)='uid_map\x00') writev(r0, &(0x7f0000000080)=[{&(0x7f0000000440)="cd", 0x1}], 0x1) [ 231.905262][ T9292] overlayfs: filesystem on './file1' not supported as upperdir 14:46:57 executing program 1: clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) setsockopt$IPT_SO_SET_REPLACE(r0, 0x4000000000000, 0x40, &(0x7f0000000540)=@raw={'raw\x00', 0x4001, 0x3, 0x4d8, 0x0, 0x0, 0x148, 0x360, 0x148, 0x440, 0x240, 0x240, 0x440, 0x240, 0x3, 0x0, {[{{@ip={@local, @empty, 0x0, 0x0, 'ip6gretap0\x00', 'team_slave_0\x00'}, 0x0, 0x2f8, 0x360, 0x0, {}, [@common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'lo\x00', {0x35, 0x2, 0x0, 0xf203, 0x0, 0x40000ec, 0x7}}}, @common=@unspec=@bpf1={{0x230, 'bpf\x00', 0x0}, @bytecode={0x2, 0x0, 0x0, [{0x0, 0x0, 0x0, 0x35}]}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, '\x00', 'syz0\x00'}}}, {{@uncond, 0x0, 0xc0, 0xe0, 0x0, {}, [@inet=@rpfilter={{0x28, 'rpfilter\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @unspec=@TRACE={0x20, 'TRACE\x00'}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x538) 14:46:57 executing program 3: socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$fou(&(0x7f0000000080)='fou\x00') sendmsg$FOU_CMD_ADD(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000240)={0x24, r4, 0x209, 0x0, 0x0, {}, [@FOU_ATTR_LOCAL_V4={0x8, 0x6, @loopback}, @FOU_ATTR_IFINDEX={0x8}]}, 0x24}}, 0x0) 14:46:57 executing program 2: pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1) r2 = socket$inet_udplite(0x2, 0x2, 0x88) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r4, 0x10e, 0xc, &(0x7f0000000040)={0xf3a}, 0x10) sendmsg$NLBL_CIPSOV4_C_ADD(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={0x0}}, 0x0) write(0xffffffffffffffff, &(0x7f0000000180)="1c0000004a005f0214f9f424000904000a", 0xfffffffffffffc70) splice(r0, 0x0, r1, 0x0, 0xfffd, 0x0) 14:46:57 executing program 5: creat(&(0x7f00000001c0)='./file0\x00', 0x32) fanotify_init(0x0, 0x0) openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040)='/dev/rfkill\x00', 0x0, 0x0) r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) mq_open(&(0x7f0000000000)='-$\x00', 0x6e93ebbbcc0884ee, 0x0, 0x0) ioctl$int_in(r0, 0x800000c004500a, &(0x7f0000000300)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000240)={0x0, 0x0}) mq_getsetattr(0xffffffffffffffff, 0x0, 0x0) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r1+30000000}, 0x0) 14:46:57 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc(&(0x7f0000000040)='TIPC\x00') sendmsg$TIPC_CMD_ENABLE_BEARER(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000080)={0x34, r1, 0x1, 0x0, 0x0, {{}, {}, {0x18, 0x17, {0x0, 0x0, @l2={'eth', 0x3a, 'ip6gre0\x00'}}}}}, 0x34}}, 0x0) [ 232.124599][ T9297] attempt to access beyond end of device [ 232.130261][ T9297] loop0: rw=2049, want=64, limit=60 [ 232.196147][ T9297] Buffer I/O error on dev loop0, logical block 31, lost async page write [ 232.210107][ T9297] attempt to access beyond end of device [ 232.218654][ T9297] loop0: rw=2049, want=66, limit=60 [ 232.237574][ T9297] Buffer I/O error on dev loop0, logical block 32, lost async page write [ 232.265035][ T9306] xt_bpf: check failed: parse error 14:46:57 executing program 2: pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1) r2 = socket$inet_udplite(0x2, 0x2, 0x88) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r4, 0x10e, 0xc, &(0x7f0000000040)={0xf3a}, 0x10) sendmsg$NLBL_CIPSOV4_C_ADD(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={0x0}}, 0x0) write(0xffffffffffffffff, &(0x7f0000000180)="1c0000004a005f0214f9f424000904000a", 0xfffffffffffffc70) splice(r0, 0x0, r1, 0x0, 0xfffd, 0x0) [ 232.295151][ T9310] tipc: Started in network mode 14:46:57 executing program 0: syz_mount_image$msdos(&(0x7f0000000040)='msdos\x00', &(0x7f00000003c0)='./file1\x00', 0x79d5, 0x1, &(0x7f0000000300)=[{&(0x7f0000000140)="040005090000000066617400040409000200027400f801", 0x17}], 0x0, &(0x7f0000000080)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') r0 = creat(&(0x7f0000000680)='./bus\x00', 0x0) ftruncate(r0, 0x800) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = fcntl$dupfd(r1, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) lseek(r0, 0x0, 0x2) r4 = open(&(0x7f0000000400)='./bus\x00', 0x14183e, 0x0) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x7ffffe, 0x11, r4, 0x0) write$P9_RLERROR(r4, &(0x7f0000000080)={0x9}, 0x9) sendfile(r0, 0xffffffffffffffff, 0x0, 0x8400f7fffff8) [ 232.321056][ T9310] tipc: Own node identity , cluster identity 4711 [ 232.345992][ T9310] tipc: Failed to obtain node identity [ 232.361155][ T9310] tipc: Enabling of bearer rejected, failed to enable media [ 232.427280][ T9317] tipc: Started in network mode [ 232.445113][ T9317] tipc: Own node identity , cluster identity 4711 [ 232.464294][ T9317] tipc: Failed to obtain node identity [ 232.487504][ T9317] tipc: Enabling of bearer rejected, failed to enable media 14:46:57 executing program 4: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="0000000000000000280012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000300)=ANY=[@ANYBLOB="5800000024000705000000000000000000000008", @ANYRES32=r4, @ANYBLOB="00000000ffffffff0000000008000100736662002c00020028000100"], 0x58}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000680)=@newtfilter={0x24, 0x2a, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4}}, 0x24}}, 0x0) 14:46:57 executing program 2: pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1) r2 = socket$inet_udplite(0x2, 0x2, 0x88) dup(r2) close(r1) r3 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r3, 0x10e, 0xc, &(0x7f0000000040)={0xf3a}, 0x10) sendmsg$NLBL_CIPSOV4_C_ADD(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={0x0}}, 0x0) write(0xffffffffffffffff, &(0x7f0000000180)="1c0000004a005f0214f9f424000904000a", 0xfffffffffffffc70) splice(r0, 0x0, r1, 0x0, 0xfffd, 0x0) 14:46:57 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)=@newlink={0x58, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x38, 0x12, 0x0, 0x1, @ipip={{0x9, 0x1, 'ipip\x00'}, {0x28, 0x2, 0x0, 0x1, [@IFLA_IPTUN_ENCAP_SPORT={0x6}, @IFLA_IPTUN_ENCAP_FLAGS={0x6}, @IFLA_IPTUN_PMTUDISC={0x5}, @IFLA_IPTUN_COLLECT_METADATA={0x4}, @IFLA_IPTUN_ENCAP_DPORT={0x6}]}}}]}, 0x58}}, 0x0) 14:46:57 executing program 1: clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) setsockopt$IPT_SO_SET_REPLACE(r0, 0x4000000000000, 0x40, &(0x7f0000000540)=@raw={'raw\x00', 0x4001, 0x3, 0x4d8, 0x0, 0x0, 0x148, 0x360, 0x148, 0x440, 0x240, 0x240, 0x440, 0x240, 0x3, 0x0, {[{{@ip={@local, @empty, 0x0, 0x0, 'ip6gretap0\x00', 'team_slave_0\x00'}, 0x0, 0x2f8, 0x360, 0x0, {}, [@common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'lo\x00', {0x35, 0x2, 0x0, 0xf203, 0x0, 0x40000ec, 0x7}}}, @common=@unspec=@bpf1={{0x230, 'bpf\x00', 0x0}, @bytecode={0x2, 0x0, 0x0, [{0x0, 0x0, 0x0, 0x35}]}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, '\x00', 'syz0\x00'}}}, {{@uncond, 0x0, 0xc0, 0xe0, 0x0, {}, [@inet=@rpfilter={{0x28, 'rpfilter\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @unspec=@TRACE={0x20, 'TRACE\x00'}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x538) [ 232.608141][ T9321] attempt to access beyond end of device 14:46:57 executing program 5: creat(&(0x7f00000001c0)='./file0\x00', 0x32) fanotify_init(0x0, 0x0) openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040)='/dev/rfkill\x00', 0x0, 0x0) r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) mq_open(&(0x7f0000000000)='-$\x00', 0x6e93ebbbcc0884ee, 0x0, 0x0) ioctl$int_in(r0, 0x800000c004500a, &(0x7f0000000300)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000240)={0x0, 0x0}) mq_getsetattr(0xffffffffffffffff, 0x0, 0x0) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r1+30000000}, 0x0) [ 232.653888][ T9321] loop0: rw=2049, want=64, limit=60 [ 232.673190][ T9326] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.4'. [ 232.680567][ T9321] Buffer I/O error on dev loop0, logical block 31, lost async page write [ 232.697864][ T9321] attempt to access beyond end of device [ 232.732008][ T9321] loop0: rw=2049, want=66, limit=60 [ 232.748506][ T9321] Buffer I/O error on dev loop0, logical block 32, lost async page write [ 232.765232][ T9335] xt_bpf: check failed: parse error [ 232.793276][ T9332] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.4'. 14:46:57 executing program 0: syz_mount_image$msdos(&(0x7f0000000040)='msdos\x00', &(0x7f00000003c0)='./file1\x00', 0x79d5, 0x1, &(0x7f0000000300)=[{&(0x7f0000000140)="040005090000000066617400040409000200027400f801", 0x17}], 0x0, &(0x7f0000000080)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') r0 = creat(&(0x7f0000000680)='./bus\x00', 0x0) ftruncate(r0, 0x800) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = fcntl$dupfd(r1, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0) r5 = open(&(0x7f0000000400)='./bus\x00', 0x14183e, 0x0) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x7ffffe, 0x11, r5, 0x0) write$P9_RLERROR(r5, &(0x7f0000000080)={0x9}, 0x9) sendfile(r0, r4, 0x0, 0x8400f7fffff8) 14:46:57 executing program 2: pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1) r2 = socket$inet_udplite(0x2, 0x2, 0x88) dup(r2) close(r1) r3 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r3, 0x10e, 0xc, &(0x7f0000000040)={0xf3a}, 0x10) sendmsg$NLBL_CIPSOV4_C_ADD(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={0x0}}, 0x0) write(0xffffffffffffffff, &(0x7f0000000180)="1c0000004a005f0214f9f424000904000a", 0xfffffffffffffc70) splice(r0, 0x0, r1, 0x0, 0xfffd, 0x0) 14:46:57 executing program 3: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='ramfs\x00', 0x50, 0x0) r0 = creat(&(0x7f00000001c0)='./file0/bus\x00', 0x6857b21ff1155d90) fcntl$lock(r0, 0x7, &(0x7f0000027000)={0x1}) r1 = open(&(0x7f0000021000)='./file0\x00', 0x0, 0x0) fchdir(r1) r2 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r1, 0x8933, 0x0) write$P9_RREADLINK(r2, &(0x7f0000000100)=ANY=[], 0x1c) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/locks\x00', 0x0, 0x0) lseek(r3, 0x1000000000000003, 0x0) sendfile(r2, r2, &(0x7f0000000240), 0x7fff) 14:46:57 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_NESTED_STATE(r2, 0x4080aebf, &(0x7f0000002400)={{0x0, 0x0, 0x76}, "be77f645fa0faab4173328e03e0e9f020bbc798c84be65bf762199e269b6d15af3d542e5a531a895866fbf13910d95e922d6aa84d68924efe5e444b34d9df08a868ae23c677546798d6ec2c17d6e3f87f0d757c2078c9325c641fea9938ba4f20ebb2577f51ba467d973398c7fa94be4e2abd427b7ad4385c63e630090759c2a6c768a973d0b1e7244e494d5925d9d9f40afd544b84d1fdb8de7af279d8700739c11327a76f8bc32743c959d8858b276c211222f40206257be84ddd07b20d8b1de9b5390ba5eaa289c0bfdf6b5636b7acfac5159e2e7759338e06ae00e4b7cf162e45442e3c8395858847e3e28da4ed237027cd849991ab91e6e5dc61b9936de574c3b26a2b0e303386c02ed1bb6a5acaf8a9271e196bc59fb3d7d6a88383d53302680fd8ebd0e75fa67333a6fb9da0333d6f87b3f628136a4b9ec1c2f4cf3d5ec900ec17d48e3f741860d963ec6e629243d06b547374ec3f5a0a8e71cdd67e8f591d68711ba4df1f2fc62d9f54c6f7b8844c8ce569fb7f983a631250e77374780413ab37235afdefb70572e79f35d36406aded61bcf76711aacf325b2ac1f78b4ede1239e36d5d644c7a81cdf6b95a1e3aa6c2f70d889654572d1f88f05e5b2c5f5c37d6570102c2525a9b3fa28a88c83ded573a896239900bd365dc0323d4921c3c96a3dae810479a1ac83b64f0f9b2008eb51832bce90105dab379b3d99f6761d4cf438d92356c563c982938fe83026258aad0a7d9f5eacfa359c68ec271d3ecf9a57d3eec56cb0bcf1bb0adc6c297d6e5b101640d3c5b50bcb54faebed4f850e737b5a2837054bccbecfd1c28e70a967a350d21867ea95b2cdfe55fd3edc6e1f4db06a5e6b77a333af48e92899e074794f3b4687dce6d45cb33433e922b1602e767164dc0e760d14b4c70f304de2cb56ca5ea35719f492480e48b9007e4073a8e02450a93d3932971b32aca283773bbb7974486478d380d8524c0eee27ba19d9c51196494bc3f2c41c1ddc72b0b9d97ca307022baf742cb69b45de669e3224c1eaf4e6ec7bb76f921ad3fd01e1138eda10e945ca95302c1729adf6526041169700a783f767632e99b55eac5e4ebc25b63e11649a31e1dba33445a36b40c7cc7ab6450cb4853c69a9f1eb00d466f6c98f297d3e4882fd4d1a9dff0786cece0dd1b03fd84f982b493349f32e49be255102e7bd1475e25574a992da6907a0e6bce48d4601b51ca05798a0e8b5faa9ed6700902e4626b866b4219e3880277bca07f577def954fdd64e089622ed0eec558759a9b6d3e512b330fa30e31403053a73da1747a7874f5b7a9fde4c0f9f29a27e795e275c9f6c33d9db7f370f148a790811428b2f96566bd0e2b148997e69b0ffe1a81cb04d43ce6a24ea2a9414b930fa1330153cb20aaae484e515393b9ddf9d029806c35d5e956462b7cc7f1c7995006ffeae1f1ba1daf8d43309198bf444ec82c670800d5dacd600924564931014b1e834a38274c6560784572e6d4bf8c4a5a1ee5edb2f4ea5fa9f07b11d3d1d88b993fa662bc04dfb9ffa9e534f1622efd7f823346aa7e0a988f56be531c73f34439df61f9737cca8b93d2c25695138c70c469298c3a114c89a8c3409d4dc18e7bd0158631d0b936823a6dda814ed50f83862058d1ecc19b2e1195c910edb5e7164fbd403de0beb5d7feec901a5a373afa1162be95f0e71e50d479e33494d7c98c1cb2ac886c81610678923685fa9f5fff2584c89130b7d2ac78317e531bb2fcade76520cf8bec450e31eebfa5ae2f78587c572d36d56a69cf3f2cc9e15b77c11877d27e8af0196902d7f94646f0294b4507ae4461397ef21b24a2142f740460e1eb1935cbaccd14f71f21d6fb7144de99154f037cf31e9f30da3c935950c7d1c859096d44b57e7bd37147304b2fe51ab63ca7c4031c1f07913c8a894a6b0573886d7a0a62cd20a0f433e541a43808465eb82af5bb9c819a74bed83cf91aa180442c28b9f4d69dd7e728c7734dd3bd3e277e67e96ab9f09e083c0a6e42fe2bc5dcae9a2deddb7f763e62b0d8adacc00af734bb9e978c160600611c83309468a2f942f5d2c9f7cafc97dae2f542ef33be39952fa70ee3e2ecb3105c1a490db73fcf46a3645de10e1cb335ea604f41d10b723872c26f20a71f44b1301fffd601c6a609e0d195bbcb1203cd23fdb3e3f59fa8ae5a484881c34706bacb6a479fa7c9cc6920613dd6903bf046493bac060f046efc6ce43aafe9a3b735c1cb283714548fdc16a2ce9d9dccd77f3b8037132ec1b1f1d965932a9ec4b20efe1f2212c94511b61799b5bd29be84e47d1c1209af544bb4c4820b4897fe00fd583b8ae5394354d1f2532d0801f202ba31bf01a896ebea5302167cf9b0ed71e793d9572fac48d75724caa57f99ba9db2113f5fa52d19356ed1d0c85bd60805952113e521a01444d6a6a502144691a9d32363284410e967626c720cdb3444a56b1b7043047dbf8e5f1b5177c82a651710eaed591e1d4ac5ffaf85411f7c3c3e58fefb5e0528f74b3f78a0b31de68f1e31415a7a37010be818b886c28cca1bf68db068929bad71bc6b4ae2a4c9f2c9bf98f15164e6ef96ef4121c191e5a94ca431b49c475f02acebc42d2c6026e4f7d595e5677947bf6cc0d6f95d7838f76cfc04492cebaed4374984706465ac83a1acbb55450f5b5e1e4cc00a88c334af44d337089c80167a813f54fa903ec85d8f1d22c443bcdfb3d268a3e57f563b9732cc3f5d8b1fd98a6f44e3b056cbeb65946ec917ef093c3a62757f2b27e6b4873ae7183b5b9a6528a576af69449df90cda4bfad6c54bed67fecc6fdc624183aecb5072002c8dc9d45505901c61489ab31b7d6cde6943f042953df648861b68663291117f3deb74d3f9e9501d9d50b095baaeef21aca82e00203c06ce103cc923e6f02ab481eed2da0a4eedeb827e9d7961f6d972f347c649e706dc0259d697a6a5ea1ba33a6f2c16beed92b58fa290026c728e91f3de285a74e56e968c5d174639a915b5e53d7b1e5566b1a89f09434afb2a2ff1fd00d13e7ce5a3dcb8e628f39a6c6825acd4b7152a777d21485f6360af8b1c62a4a29f2ad98d9c393530187c14b4defdfc8ac12433be7f56a40ce4087eb1f7cf949e4e9b3c612e4953716ab027a36ce839f1d2815c289d08e0e500630c2f54344d6549b9645a4b31648d25f71dc7a43651aa8530ccd0cec2f96a4385b1858230a1c514b5beb817a98824f301462598f03919ec52c0fdf5a522f3e4b250ded3089e0958bb20e5f936c8ab4fc00316ce483254f6e2abc024835acdba239decc60fcc316cbb5fe85db2e22ecd1259c607b575d836222d7a21f0fccdc6d4f90c487c66dcbe9d17f6af2edc30b57189f009072fa5b46e1f49aa33a6546aea60202c4e77066e2f487b2bd36f3178ea888488ae52fad830868172d8f2b3335db98a83c45e047ba93eb32e08a014d13fb8b9f3b54c16adaac8a95c250051baaa3667343a3df51ab7dccedcf4410482fb24ab337285d4c0d182bf00050c5cd2f8a1f7954fe0ce1c2325dc159445464327f0c463dfdae8c944db603ceab504409be7e3316e679960b63e1935018641f0d30d40fb4f83faa2786e7284b0adf6fe0ae04f61c362be89177aa7a27cd00a1c101deb33fbae04b8b20fceeef601049626954f0436470eb4d344fd53c34eab4fca401bb6aa64c1d1891ca88300ce5f8b9b7badb64a5aa3ce8ea848e288239def4602e4812c66503ccc2a68b734d97b2fe71e321e09275bbc727e4c02ce1a967f2f7c5f02f658c5e449a1c718a535561afbddd05ad28559c6ea8a5d19298eeccee69818b69a833b972128e153306522a3733396e25e3a2175443715b0926ea967609f73e2529fa4b6c346e32543431d11f57f557c71ff6b789d9a78e8039f78c5089586aeba7a584b3d6b753f8633d062b5cca3639eb95885027a1b78a90f79d33e8872b455a21618b76a4afd3d704849b067ab8f968bf528fbdbdfdd34e84163d644e211e32f9b5b91f86fb815890f6e405d7324fd6ff84fea268cf4d613d8b8cc784fd434f317dd77ccaf40d974c43d70ec15306c691ce9782267b20b35c150c1c104adff5437068f7c9dee058c08403024e5ed1f35bf1b6db213af8fd0293b230ddc7a405e1e3e584292cf6d9bd4ca1d0c325ecf37c57134320f79fac3f26874b1d595d0aacb7bf454bc4e15f755c1c7e2d0951d7731d8bf27c8002f611a942d633c9e0203ee9f848de15966e6c993d790bbc26958fdc3ff4e62b971697855ad0980d3cf6cd79c0f2f0d41eab6d2c67e83295afcbee60179e0997ddf9b15002b7fc058afa567034dabc640790aba2419a5ccbce25abccde586373f4e31f3436e5bab2e156b4cd6abaadbd4e991cb4a15cdea2202b13bce716e1df40d6bcc275f14c152ffe6294d2b5a5377a9da546490a0ff9ec3f27a0a6070f1b0d72b75a74ac1e764c4670b9547faa728500233dc410132d800bddd4e81272f1ace1fa8186e1b68e19b23ee611b2c9119b094764fd0720212c14f12f1835596660e08dbaf1a28c2ecb391094e8decb500484a4f9de412781fe084695a243d474471a3d6abd4ac640cfb7da40e0327defce9aa8101a25f7145b55db0510dd090af63fd65f9003693b21b2f3d4775c65707fed78474238d6453592933b2265c3836d0c775b95e9739b3de3856072a5b43c9e3024e8843b2522e92d12aab4a636c68af12722ab38d881f4c97118014db986f3ec966783b93d81d1d70e3ea611482df745256c3ef9c6c949c6afc6929f69d9427ddde81f3f278500c586b3bb736c2fc7713ad92ed13640f4051e72b38568e3f211f75261ee6517de0b980076127d7dc00a1660a11232325f7ac097f46e0ef4493cd7de875d14056419373d887a821672d894d32c810464705e92c9abe32967fead2464c8b2f693f45d07a8160f59ec046019b016ee8b07764278af8c6b22b4cc079f406c0ba898332aa8911b026c75edd02d5a40f8ed9c1a3d39c1893a0affe4b38c77305429562e9d0907179753051cbf13ff936091334fe24a53816d2aa5e2e26993dac3f2c573b0001152ee26b633afd966bfb704054227160bf292bbcc35f78a649bb7f4fe1783a6b10de778519c8a71f1381cc67a779e51ce3097e666d964728d55708e76953826c7659c3647d3f3cedf9f1b45b27f5735bb8d78d874bf73147b738b9c0566a0d2fdcb17f85dc712462e381ba1466d92d903ba24d0cc17ddbeb7bd80b5525d7236a8add54d4eca06fe4cd0d3724403c7ad09f22eb2fcb4181eddde271be821579b7382bbfe36dab5079811e62842da65165c27c181dfed279d5ec12a1c0c13541760c2fe5cce95c6892622229ac24a7211ba43e513077f34342b61611a1ab10b6c51f6e3a06be0716d7d1abc82f5903e32f1e6e3e85789c1b8f140bbe1903b9677ec9655e171bf1f4d27dda003c27d4ef0e043d0def451dbc0f48cb6cb605b1e2d27e9fc9db10c0b571b6805f316b00b581d0d7358f83e14d1b4290e61fc0d0bd97334f31a547350c00877c90bcb591b98986c19d9d477f7dc521ac43d2edf9201ea61c43e6365e795bfb44b0d90ced7b9d34a849dec495d79cae7769c721d7cd17f1503df3d113c49fcb18449ff180d39c94717ae8fcba7ee1d8cf75873098a7a697d5f5d7a6eeef14daf146710ee40c94ff8ea9ff048d108688776fd074e72658d6ea43f42ea03883f70f45c7b86d3eb0bced0f3a60b6da510833728ffdb82af9a34c5fc86e0130861ac66c68b784300", "204b9e1804d636301150775298e6490040d0ecb72371cfe0ccc258d2b4450458b909ff0100000000000037ed25df0ce2b046ccc47e3501ed7a53e69d95dfb761f3fb81659983876f915b21b4b91270b4607875b751136514bb42b1de575e5ae05e98fd37dde49acb6a8e7f7c592ceb8793d00c84515e9b091fca8056f69ef47c1c91735af04b3077a94a24147489c6bbc3d63a76ba4eb1e6adf014106f4b0117fc6a2b2c84ca9e6c40fade373fd49f657e5e828399868d39d2a9d8cb3f4508e156d31ded826a64d84b19ceb0c13d9566f14866028f00408428bc6b9a27761fb13e70561fa8bb45bf2547baeebd7c99e01c1ebdac09ba75e3f67b2bc6898ca2c8e6c2b09efef1e688c74fe8e214b657d3325725531f9ce71d59532adc69f40e0b821fbd14558133f9fcd9d5ace9150703b5879f74028583dccd4984a9fedf23f1f6b8c501f9a99762079404f109e6d69b025edbf2d3169e44f186eb60e7abf9539cb8013670435420f54b7e485644f5afc2d0581d8404c23bcf2c0bcd6d3a6fbc658721e74546ea52d57f259e841e87f01ace9d7fb10bb4356abffa306d91963914bc144e486f78c048aafe20eae27ff53250de7bed8c4167780c53facfd741b93f53d67a60eba1527701896bcd29a6cc20b9390582421eb0e5dce7a66a94881904dd91c47c59e8b7219adae86ba78b230306829368a56dc908245fc72886c3b18facea659b27466d3c6a85b541f20a012660319f8f4ba0faf0d83d28ac63ae417323a0f75b88235d1a60a29c41f662b34ac40ac19c94f227567860a998f5e4d8f65b930c1a1209ba04cc2406599914e8ed7c98d8095a56fd29920c47c6221bf7e6a076dfc90947af9468d8844731ac3923896f25a8402421e24e1d328e5b9daeb97048b87e3d374874071931ad791c1f03324ba01d463364a5bb1dba7e3b807aec9c333703397a45918c73b443dd46f7b289736662ad833302fa89567e44c3de8e2f87bb5f8758abf6f888ad26bb5ed48a4bd828d8fcf5c01cf7588009c1a6c35e94142950b3bac8fa0af15c2f30504cef3e544b132e4096a836aa49336cbe878d2e33075d0712adc3e75b9f9bc7ec420f123084eb296119171535c4fa49d460d4444eb309f424ec13be89ff6641caa089da262ff89c0d4b1a86fac91361a7a124a0e4b27de253186e10671d2532d600f6b4089dc690f600363092ad93fb62fbab9e1a96caefe31e4c117420fd1df64e4e0cf4967cb026a003be444278553c2e58e19ec5a6db3921fab8fa0748965e523659e54a3e01190492f9b01811d06b13d8c833454ab5a93af8a9ad27a155d682d8c78f074da17d6ccb7ded5b5f3c30e3afb3c0e4aab6ce79e00d42df9a74f486aee74c0bc021c209000000f5e79678c45bac331d6ec24ecb404296dc9e90b2c191fc14c53505e92587f43a5eedc56a6408048d9dbb8bee8840a656952cb361f0d76baa20939e6e8ab917e12b76dd812b95e68c90708d7cd81aa18002eea116f4190e49d1f628a509c8fb65f393ef5bcf7d1b9ea289e0532ee5f46e65709e84aaa7a6334c58eaab5c3cced88fa3e9e365ace119a3c40dfe336abbe6d3a09dfd895cdc3daae26ae9d3f68a3a2184ac5f6972ef034f1f9f0d4100a55b8638db0986f362a23b599903909a5a6193fc2c6e54adc965ff5d48bc1ed1b6ff0ab226b9598f70a13ca0a0b2d2cc05f17449bd4cbd224fa75810955011d5a401348c0b75546c1fd86824ced7b0c79cb4d13a3722aef6f7a0cb49f76a372ff133736f04b67bf6a74d5164a227f4865dfd15181e0a9e5dc53317ffb04a7ab1fba87d3b34bd1cee7c6aef4b3ebef183c9fcd4daf091ef1f5f2709a7eb4a648242c408e7d5b10b766e0f648c2189c4956474892e379a84b1f09f13ba589423e43b4b0dd267b1d0c976fb64903ea2d22e2612d9dbad91536a986f44986d74578f2cf378dc6505cc26261548a080e11d74fed2cdaa90479f0656fd927f89a0624f4ce943981ffbec2ceb27c7fb6e6ee7df7c2d26d7151f1dadb172a0017787c5d32d6408b6662c8f5348f34e63649206142164f7aa076b2c83bfffe44126ee923f0b9bc917e52308373553cf19e6798ac83ace350be47f445ef0d268c2a4fc67998a5907db42decc63fcfc30df0a4543da178e442aec97060edc209e34849f6beea0e366eccc80b87c1c16f89e5608b96c176ccfaf6014a619b83d72c5a89749cf763fd76c6ae82b6a1322674838ab9e5f9a0db7aa8b7d27db308edb664fc0197756f6709df36d9f6ed678944e18455a8d49434f9a6f223cbf52b6a1ba266a55331ffe7e83fb4130c2f5528626c4e451d8bac1da046dd59249fe41b6c8a36e82346918e0177c876f44101ff9f7721d8fbe1eca04e13ba8db3f5bd01c3661df0d6c8a24d45a246e0ac80aed4178901a71a939da4622592b3a8d87b3ae35370530039d7d413455e9d61656b58a1e63aa9bf1a87d8bcc6605c3167836f82ba01f54934e2d31d7463e1848ee8a2cca55a029d5ed37236dda9f278981cdb330eabc6bfc33a7fee5678c38b8e0a9258fa8ce5cb8abc3320d44dd16098df1bbf9d3e3142ec1838ba81785e37dc97fda2797e3cf6b7d6c367737b4df96a242149bbba7af54da91b404fbf01f4ecfb7ebd97c67de2415b3bca3b5f21deae988733dcb547a17aa38c0b98aba60fbb1d57f9e8f005ae6233e5da68da32c7a2778944a2eacba03e3312fe968fa3be0e2ceb4d8526803e7a8f24618b1003860e424da518c9602cb092c9c6b930b72523bbf615ad8330e337e64ff82eb78d9a2384e86afece8aa9d9cb1b7ab27265261a3cf542e1655792ed66b28d27bf4f02d13e93413bfc5fae7dbec15aac85331ae3d4032679988ffd1c1750447f763ebc9ba8f8ba4521b74563af6ee8a996af3707dd03118c3f0d18d612a5105519310f7b8c5eb4b7e3a0d675374da18314d144b5d5d0ba2735dab4efdf68f78285ce4d35032427e23fe7c59c5844879550417dc93d2221fe0ff82c7e21ebba19c01fefc6f6eeb7078e7557f077ca089246e6f3901e127ca4685c191847ae720ce30d41939239b2835d9cfd126faabc88eb80d409d8ec1cdf6070c55109bdbbb668fd56c6ebd3503986cdf5ade19903a85516f0ed87872f397e6244b0f58c70b8dd0cbc408dd7a87c42d672d31fde7fbc31b3acff4be744b933ec0645f76b52481ba6f50a25a98f89d9989e347b682a459eb38004d0de0a7314f8319b1e0ce5152a4928d7f59769347a7f48af595d028b5012cf5b7fc081cbec3c5ad30801947b5d3f87a242b05691ef3f46f0ba35fa6ee28a966ad42e34ef6192cb6e5de41411df4638c825688abc1c8f1fa7b2eced5ae40a5d35d7cfd981f4dd46a91e8f123187d8e99a947020cdc4cfcb66ee004232ed5badfa694fd943ed59f01433989e5663a77fd2bbcdbfaad5ab482150f22ffa6b1ae9e99134b320c04444c3d5d71e37c6d4faf82b1297d75a520e6e6c5a0d7ab86dea5245a97b16a7690f50e9abd452da33c58974cb63e4711fece83cf1251c6eecc7c9a887b0a881f148b6c8fa3749ef09661488909a2f74e41a4968f5f1d1ebd9a511f5732ed60a18032d68dcf34a5914b1c24275e6c3d331a8c454e4c615dc5f6ce4de1b44fc755da73eef517bca08fa464443eabf4046961625ee82c406e08359b49785a1cbe9822cada3375da9adf55bd50e156a314f10107a3fb880a944fa3a0cdb4be2234c19ab26f8075c6389a0a6062e82050b493a30e617f728b8d0ced0b69da60c6fdadd95ee1c0e656b63ecc72a491e07bce4c3df3761e51bb327a86d55a375e4f5859a8b179a47f4b5b8b85fed0db916e31885d0ad185d6c7e79449e282a5d10a7cf86d0305a2673cd9aa834d130fcb1098c0f69771ae23e2b49cdd3d39be17fcc309a282486bf0e0829a0805a036b0b1e357f03a861857312dab3033f00957ff6f03a35240724bc6adf429090f555aca563ffb5e4b67c75486149f2495971bf653617f29e50d59da32288afeabc768787d2e830c70d5f0dbd8db5e9923b8893f32c4cdc0d8130caefade59d7f5e270f8b5487b69815dd8cec6d3dfa3ca308987f2970ab3e8714cdbae27dc22fa434805c9284b904840a92bc76490c15c6a04df137940d48f7ac6285f858611376f447ebaf11ce4014066d57e5fa579b588e0d795fb0322d1b8606faf9507092be3e320184a5324df47792e8b015ee27ace73b0bc05f3eff2c2a9ee45752df32a85b1ad5679aedbe40ac59511938929e210a409e538c139d1fb93891d2b9908f915b9c556788bb8926b6a96923038a119eb68bcb528a42e97f8fbd49e7d5bb3e51987cca590ea8a18e049f64d8c994d63a707c441e63509f909adf5f7c26d36714bd56307513003f8f85f20c8fea4248627d2f19891baef9b134a8ecb6e3da6232c5b818d7469645038312b6b952f782f28ccd199367a51f750927e5f11ef04cb299dc7ba0c24500134d3a9a0a4f62903ae930f5ba49c39855ffc4aba6cc9d400075f094875db9ebcbcbb35309421d08a928b0216dcbbf718761b01b4d41cf55b0b2bf4c89603a61e5ac2f5bf5236d4bee90617e1b2fdc3a4540db2c89561c1cb9b1e28436013546e654e36fa328097ce8a4baf5a2fd78f9bca617bd4de062dbbc38c7356232b385823b6c604a401f43f5864111eff29045c12b6c622182e097caa5a9945133375b46dc0e268e860dd58b62403c41393f02c7f1d23a1d0daad5d2eb7a085387ea6b81ceb6191d5ffa7f58848996caad4796ee8d9e1bad072455a37d8b64888cb4007f344783afca22db07a2ccb8531c6a9ec9bffdf1f949e3fce89f623119595c5b9bfa51893ff36849be61ff02939360a5d5b0e05d22aa3a1f16c27103edeb00c0f763bd4251805ec8d894692cd1636b4b1c96ab613896c17b2fb8a414a91463d54f145e1d49378e726e5921d8cd34aeb176a36701c9b75311806efcf402d4345034d7fd5165857bd2cd07b32a18334a3cf358dadbc8144b806120805a07714d8d0029fe0db7958bbb69b9a216e5945fdf0b892665c0bad2cd822797d5c7223094cd54042c781fba9d7f05a169f390221385d5c055896dc8a620a637a7c73ee77fbf2152fb62af9bcbe01389dd846724fa24ca6088d2bddf9bcae4d9e11f86266e4d87f6b11f3721c30c3f48ddfecb7623802c7e3f595b088473747d25b70bbdf8920924c6bb9e202e6d54e340a469e8ecf66b49dda0036a7d071492742593c2e02bd7bd703774f2ac8c45dbfa1f8ce4c205a05064362bf2819e80bd406367a86ece3f5d54b43029b3f7fcc2378c5e33e8de66fa5f3c4974310c3ac4d2ab1234b1fea14d71512c578dfab154a74dc66c8a5ff983a41e02c57c58cd9c3a77d22f15f8a6abe41de51ce4a92151ee25c6f2c4feb0453b4f86fb4c7e19063b871ff6458b2ad51b992df6b16de3a5a2f5935c85d5a8709d82943c645f6199e76b38d718b86945638d92daa15aeb9beaa53028a425c6ee90dbd58b57f4a748ec0037fca725812aaac8e201d5121c06c9d3bfcbe799b9fa28440fceec78a5d39a112626bd0f9e530cb5573083e6b3b0ce5ef60e85ea643331d45663f309d75d36c88ed56abbac74672daa72c2f180ab5d117d2ab17db9e36a807bcaa62a07aa5486d39d63f64d23f03e58f6fa346b39005cde05121ecc2146ae982d02532a2deb90d8b9cfd32ff03a5294933292fb3d58760bc81a72df0e602b9b4b7e407bc542924e9763fe0d4bd5346ccb9e10b1ea7dade31d4bbc900"}) 14:46:57 executing program 5: creat(&(0x7f00000001c0)='./file0\x00', 0x32) fanotify_init(0x0, 0x0) openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040)='/dev/rfkill\x00', 0x0, 0x0) r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) mq_open(&(0x7f0000000000)='-$\x00', 0x6e93ebbbcc0884ee, 0x0, 0x0) ioctl$int_in(r0, 0x800000c004500a, &(0x7f0000000300)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000240)={0x0, 0x0}) mq_getsetattr(0xffffffffffffffff, 0x0, 0x0) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r1+30000000}, 0x0) 14:46:58 executing program 1: clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) setsockopt$IPT_SO_SET_REPLACE(r0, 0x4000000000000, 0x40, &(0x7f0000000540)=@raw={'raw\x00', 0x4001, 0x3, 0x4d8, 0x0, 0x0, 0x148, 0x360, 0x148, 0x440, 0x240, 0x240, 0x440, 0x240, 0x3, 0x0, {[{{@ip={@local, @empty, 0x0, 0x0, 'ip6gretap0\x00', 'team_slave_0\x00'}, 0x0, 0x2f8, 0x360, 0x0, {}, [@common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'lo\x00', {0x35, 0x2, 0x0, 0xf203, 0x0, 0x40000ec, 0x7}}}, @common=@unspec=@bpf1={{0x230, 'bpf\x00', 0x0}, @bytecode={0x2, 0x0, 0x0, [{0x0, 0x0, 0x0, 0x35}]}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, '\x00', 'syz0\x00'}}}, {{@uncond, 0x0, 0xc0, 0xe0, 0x0, {}, [@inet=@rpfilter={{0x28, 'rpfilter\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @unspec=@TRACE={0x20, 'TRACE\x00'}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x538) [ 233.063105][ T28] audit: type=1804 audit(1599749218.075:37): pid=9350 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir844479570/syzkaller.BBXZ1Y/31/file1/bus" dev="loop0" ino=143 res=1 errno=0 14:46:58 executing program 4: ioperm(0x0, 0x2, 0x4) perf_event_open(&(0x7f00000000c0)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffff8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) 14:46:58 executing program 5: creat(&(0x7f00000001c0)='./file0\x00', 0x32) fanotify_init(0x0, 0x0) openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040)='/dev/rfkill\x00', 0x0, 0x0) unshare(0x8000400) mq_open(&(0x7f0000000000)='-$\x00', 0x6e93ebbbcc0884ee, 0x0, 0x0) ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000240)={0x0, 0x0}) mq_getsetattr(0xffffffffffffffff, 0x0, 0x0) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r0+30000000}, 0x0) [ 233.126125][ T9350] attempt to access beyond end of device 14:46:58 executing program 2: pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1) r2 = socket$inet_udplite(0x2, 0x2, 0x88) dup(r2) close(r1) r3 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r3, 0x10e, 0xc, &(0x7f0000000040)={0xf3a}, 0x10) sendmsg$NLBL_CIPSOV4_C_ADD(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={0x0}}, 0x0) write(0xffffffffffffffff, &(0x7f0000000180)="1c0000004a005f0214f9f424000904000a", 0xfffffffffffffc70) splice(r0, 0x0, r1, 0x0, 0xfffd, 0x0) [ 233.207170][ T9350] loop0: rw=2049, want=64, limit=60 [ 233.254489][ T9350] attempt to access beyond end of device [ 233.288982][ T9350] loop0: rw=2049, want=66, limit=60 14:46:58 executing program 4: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000340)=@ipv4_newrule={0x2c, 0x20, 0x1, 0x0, 0x0, {}, [@FRA_GENERIC_POLICY=@FRA_SPORT_RANGE={0x8, 0x17, {0x4e20, 0x4e21}}, @FRA_FLOW={0x8, 0xb, 0x80000000}]}, 0x2c}}, 0x0) [ 233.303643][ T9369] xt_bpf: check failed: parse error 14:46:58 executing program 0: syz_mount_image$msdos(&(0x7f0000000040)='msdos\x00', &(0x7f00000003c0)='./file1\x00', 0x79d5, 0x1, &(0x7f0000000300)=[{&(0x7f0000000140)="040005090000000066617400040409000200027400f801", 0x17}], 0x0, &(0x7f0000000080)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') r0 = creat(&(0x7f0000000680)='./bus\x00', 0x0) ftruncate(r0, 0x800) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = fcntl$dupfd(r1, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0) r5 = open(&(0x7f0000000400)='./bus\x00', 0x14183e, 0x0) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x7ffffe, 0x11, r5, 0x0) write$P9_RLERROR(r5, &(0x7f0000000080)={0x9}, 0x9) sendfile(r0, r4, 0x0, 0x8400f7fffff8) [ 233.383551][ T303] attempt to access beyond end of device [ 233.389439][ T303] loop0: rw=1, want=66, limit=60 14:46:58 executing program 2: pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1) socket$inet_udplite(0x2, 0x2, 0x88) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) close(r1) r2 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r2, 0x10e, 0xc, &(0x7f0000000040)={0xf3a}, 0x10) sendmsg$NLBL_CIPSOV4_C_ADD(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={0x0}}, 0x0) write(0xffffffffffffffff, &(0x7f0000000180)="1c0000004a005f0214f9f424000904000a", 0xfffffffffffffc70) splice(r0, 0x0, r1, 0x0, 0xfffd, 0x0) 14:46:58 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xbb6d, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f0000000040)=0x76, 0x4) bind$inet(r0, &(0x7f0000000280)={0x2, 0x4e23, @multicast2}, 0x10) ioctl$BTRFS_IOC_SCRUB(0xffffffffffffffff, 0xc400941b, 0x0) setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, 0x0, 0x0) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000540)='nv\x00', 0x3) sendto$inet(r0, &(0x7f00000012c0)="0c268a347f1f6588b967480541ba7860ac5cf65ac618ded8974895abeaf4b4836af922b3f1e0b02bd67aa03059bbecc7a95425a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0xfe6a, 0x20c49a, 0x0, 0x27) 14:46:58 executing program 4: r0 = socket$nl_audit(0x10, 0x3, 0x9) r1 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0}, &(0x7f0000000280)=0x5) setuid(r2) sendmsg$AUDIT_USER_AVC(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)={0x10}, 0x10}}, 0x0) [ 233.666601][ T28] kauditd_printk_skb: 2 callbacks suppressed [ 233.666613][ T28] audit: type=1804 audit(1599749218.675:40): pid=9379 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir844479570/syzkaller.BBXZ1Y/32/file1/bus" dev="loop0" ino=144 res=1 errno=0 [ 233.680460][ T9379] attempt to access beyond end of device 14:46:58 executing program 5: creat(&(0x7f00000001c0)='./file0\x00', 0x32) fanotify_init(0x0, 0x0) openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040)='/dev/rfkill\x00', 0x0, 0x0) unshare(0x8000400) mq_open(&(0x7f0000000000)='-$\x00', 0x6e93ebbbcc0884ee, 0x0, 0x0) ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000240)={0x0, 0x0}) mq_getsetattr(0xffffffffffffffff, 0x0, 0x0) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r0+30000000}, 0x0) 14:46:58 executing program 2: pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1) socket$inet_udplite(0x2, 0x2, 0x88) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) close(r1) r2 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r2, 0x10e, 0xc, &(0x7f0000000040)={0xf3a}, 0x10) sendmsg$NLBL_CIPSOV4_C_ADD(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={0x0}}, 0x0) write(0xffffffffffffffff, &(0x7f0000000180)="1c0000004a005f0214f9f424000904000a", 0xfffffffffffffc70) splice(r0, 0x0, r1, 0x0, 0xfffd, 0x0) 14:46:58 executing program 1: clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) setsockopt$IPT_SO_SET_REPLACE(r0, 0x4000000000000, 0x40, &(0x7f0000000540)=@raw={'raw\x00', 0x4001, 0x3, 0x4d8, 0x0, 0x0, 0x148, 0x360, 0x148, 0x440, 0x240, 0x240, 0x440, 0x240, 0x3, 0x0, {[{{@ip={@local, @empty, 0x0, 0x0, 'ip6gretap0\x00', 'team_slave_0\x00'}, 0x0, 0x2f8, 0x360, 0x0, {}, [@common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'lo\x00', {0x35, 0x2, 0x0, 0xf203, 0x0, 0x40000ec, 0x7}}}, @common=@unspec=@bpf1={{0x230, 'bpf\x00', 0x0}, @bytecode={0x2, 0x0, 0x0, [{0x0, 0x0, 0x0, 0x35}]}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, '\x00', 'syz0\x00'}}}, {{@uncond, 0x0, 0xc0, 0xe0, 0x0, {}, [@inet=@rpfilter={{0x28, 'rpfilter\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @unspec=@TRACE={0x20, 'TRACE\x00'}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x538) 14:46:58 executing program 4: r0 = socket$nl_audit(0x10, 0x3, 0x9) r1 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0}, &(0x7f0000000280)=0x5) setuid(r2) sendmsg$AUDIT_USER_AVC(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)={0x10}, 0x10}}, 0x0) [ 233.853907][ T9379] loop0: rw=2049, want=64, limit=60 [ 233.854328][ T28] audit: type=1804 audit(1599749218.685:41): pid=9379 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir844479570/syzkaller.BBXZ1Y/32/file1/bus" dev="loop0" ino=144 res=1 errno=0 [ 233.865851][ T9379] buffer_io_error: 2 callbacks suppressed [ 233.865861][ T9379] Buffer I/O error on dev loop0, logical block 31, lost async page write 14:46:58 executing program 3: r0 = gettid() socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) readv(r1, &(0x7f0000001400)=[{&(0x7f00000010c0)=""/229, 0xe5}], 0x1) ppoll(&(0x7f0000001080)=[{r2}], 0x1, 0x0, 0x0, 0x0) ioctl$int_in(r1, 0x5452, &(0x7f0000000140)=0x6) fcntl$setsig(r1, 0xa, 0x12) dup2(r1, r2) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000040)={'\x00', 0x10005812}) io_setup(0x20000000002, &(0x7f0000000440)=0x0) io_submit(r5, 0x2, &(0x7f0000000240)=[&(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, r4, &(0x7f00000000c0)='^', 0x1}, 0x0]) dup3(r3, r4, 0x0) fcntl$setown(r1, 0x8, r0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) r8 = fcntl$dupfd(r7, 0x0, r6) ioctl$PERF_EVENT_IOC_ENABLE(r8, 0x8912, 0x400200) tkill(r0, 0x15) [ 233.986145][ T28] audit: type=1804 audit(1599749218.685:42): pid=9379 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir844479570/syzkaller.BBXZ1Y/32/file1/bus" dev="loop0" ino=144 res=1 errno=0 [ 234.023935][ T9379] attempt to access beyond end of device [ 234.029602][ T9379] loop0: rw=2049, want=66, limit=60 14:46:59 executing program 4: r0 = socket$nl_audit(0x10, 0x3, 0x9) r1 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0}, &(0x7f0000000280)=0x5) setuid(r2) sendmsg$AUDIT_USER_AVC(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)={0x10}, 0x10}}, 0x0) 14:46:59 executing program 2: pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1) socket$inet_udplite(0x2, 0x2, 0x88) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) close(r1) r2 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r2, 0x10e, 0xc, &(0x7f0000000040)={0xf3a}, 0x10) sendmsg$NLBL_CIPSOV4_C_ADD(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={0x0}}, 0x0) write(0xffffffffffffffff, &(0x7f0000000180)="1c0000004a005f0214f9f424000904000a", 0xfffffffffffffc70) splice(r0, 0x0, r1, 0x0, 0xfffd, 0x0) [ 234.068255][ T9401] xt_bpf: check failed: parse error [ 234.081805][ T9379] Buffer I/O error on dev loop0, logical block 32, lost async page write 14:46:59 executing program 0: syz_mount_image$msdos(&(0x7f0000000040)='msdos\x00', &(0x7f00000003c0)='./file1\x00', 0x79d5, 0x1, &(0x7f0000000300)=[{&(0x7f0000000140)="040005090000000066617400040409000200027400f801", 0x17}], 0x0, &(0x7f0000000080)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') r0 = creat(&(0x7f0000000680)='./bus\x00', 0x0) ftruncate(r0, 0x800) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = fcntl$dupfd(r1, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0) r5 = open(&(0x7f0000000400)='./bus\x00', 0x14183e, 0x0) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x7ffffe, 0x11, r5, 0x0) write$P9_RLERROR(r5, &(0x7f0000000080)={0x9}, 0x9) sendfile(r0, r4, 0x0, 0x8400f7fffff8) [ 234.201853][ T21] attempt to access beyond end of device [ 234.208098][ T21] loop0: rw=1, want=66, limit=60 14:46:59 executing program 5: creat(&(0x7f00000001c0)='./file0\x00', 0x32) fanotify_init(0x0, 0x0) openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040)='/dev/rfkill\x00', 0x0, 0x0) unshare(0x8000400) mq_open(&(0x7f0000000000)='-$\x00', 0x6e93ebbbcc0884ee, 0x0, 0x0) ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000240)={0x0, 0x0}) mq_getsetattr(0xffffffffffffffff, 0x0, 0x0) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r0+30000000}, 0x0) 14:46:59 executing program 4: r0 = socket$nl_audit(0x10, 0x3, 0x9) r1 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0}, &(0x7f0000000280)=0x5) setuid(r2) sendmsg$AUDIT_USER_AVC(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)={0x10}, 0x10}}, 0x0) 14:46:59 executing program 1: clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) setsockopt$IPT_SO_SET_REPLACE(r0, 0x4000000000000, 0x40, &(0x7f0000000540)=@raw={'raw\x00', 0x4001, 0x3, 0x4d8, 0x0, 0x0, 0x148, 0x360, 0x148, 0x440, 0x240, 0x240, 0x440, 0x240, 0x3, 0x0, {[{{@ip={@local, @empty, 0x0, 0x0, 'ip6gretap0\x00', 'team_slave_0\x00'}, 0x0, 0x2f8, 0x360, 0x0, {}, [@common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'lo\x00', {0x35, 0x2, 0x0, 0xf203, 0x0, 0x40000ec, 0x7}}}, @common=@unspec=@bpf1={{0x230, 'bpf\x00', 0x0}, @bytecode={0x2, 0x0, 0x0, [{0x0, 0x0, 0x0, 0x35}]}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, '\x00', 'syz0\x00'}}}, {{@uncond, 0x0, 0xc0, 0xe0, 0x0, {}, [@inet=@rpfilter={{0x28, 'rpfilter\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @unspec=@TRACE={0x20, 'TRACE\x00'}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x538) 14:46:59 executing program 2: pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1) r2 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) close(r1) r3 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r3, 0x10e, 0xc, &(0x7f0000000040)={0xf3a}, 0x10) sendmsg$NLBL_CIPSOV4_C_ADD(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={0x0}}, 0x0) write(0xffffffffffffffff, &(0x7f0000000180)="1c0000004a005f0214f9f424000904000a", 0xfffffffffffffc70) splice(r0, 0x0, r1, 0x0, 0xfffd, 0x0) 14:46:59 executing program 3: pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write$eventfd(r0, &(0x7f0000000240), 0xffffff14) fcntl$setpipe(r0, 0x407, 0x4000009) [ 234.449051][ T28] audit: type=1804 audit(1599749219.455:43): pid=9426 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir844479570/syzkaller.BBXZ1Y/33/file1/bus" dev="loop0" ino=145 res=1 errno=0 [ 234.462790][ T9426] attempt to access beyond end of device [ 234.487046][ T9426] loop0: rw=2049, want=64, limit=60 14:46:59 executing program 0: syz_mount_image$msdos(&(0x7f0000000040)='msdos\x00', &(0x7f00000003c0)='./file1\x00', 0x79d5, 0x1, &(0x7f0000000300)=[{&(0x7f0000000140)="040005090000000066617400040409000200027400f801", 0x17}], 0x0, &(0x7f0000000080)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') r0 = creat(&(0x7f0000000680)='./bus\x00', 0x0) ftruncate(r0, 0x800) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$dupfd(r1, 0x0, r2) lseek(r0, 0x0, 0x2) r3 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0) r4 = open(&(0x7f0000000400)='./bus\x00', 0x14183e, 0x0) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x7ffffe, 0x11, r4, 0x0) write$P9_RLERROR(r4, &(0x7f0000000080)={0x9}, 0x9) sendfile(r0, r3, 0x0, 0x8400f7fffff8) [ 234.496029][ T9426] Buffer I/O error on dev loop0, logical block 31, lost async page write [ 234.505052][ T9426] attempt to access beyond end of device [ 234.510728][ T9426] loop0: rw=2049, want=66, limit=60 [ 234.517159][ T9426] Buffer I/O error on dev loop0, logical block 32, lost async page write 14:46:59 executing program 4: r0 = socket$nl_audit(0x10, 0x3, 0x9) r1 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000240), &(0x7f0000000280)=0x5) sendmsg$AUDIT_USER_AVC(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)={0x10}, 0x10}}, 0x0) 14:46:59 executing program 5: creat(&(0x7f00000001c0)='./file0\x00', 0x32) fanotify_init(0x0, 0x0) r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) unshare(0x8000400) mq_open(&(0x7f0000000000)='-$\x00', 0x6e93ebbbcc0884ee, 0x0, 0x0) ioctl$int_in(r0, 0x800000c004500a, &(0x7f0000000300)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000240)={0x0, 0x0}) mq_getsetattr(0xffffffffffffffff, 0x0, 0x0) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r1+30000000}, 0x0) [ 234.571236][ T9437] xt_bpf: check failed: parse error [ 234.576910][ T303] attempt to access beyond end of device [ 234.582993][ T303] loop0: rw=1, want=66, limit=60 [ 234.590143][ T28] audit: type=1804 audit(1599749219.455:44): pid=9426 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir844479570/syzkaller.BBXZ1Y/33/file1/bus" dev="loop0" ino=145 res=1 errno=0 14:46:59 executing program 2: pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1) r2 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) close(r1) r3 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r3, 0x10e, 0xc, &(0x7f0000000040)={0xf3a}, 0x10) sendmsg$NLBL_CIPSOV4_C_ADD(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={0x0}}, 0x0) write(0xffffffffffffffff, &(0x7f0000000180)="1c0000004a005f0214f9f424000904000a", 0xfffffffffffffc70) splice(r0, 0x0, r1, 0x0, 0xfffd, 0x0) [ 234.748919][ T28] audit: type=1804 audit(1599749219.455:45): pid=9426 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir844479570/syzkaller.BBXZ1Y/33/file1/bus" dev="loop0" ino=145 res=1 errno=0 14:46:59 executing program 4: r0 = socket$nl_audit(0x10, 0x3, 0x9) r1 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000240), &(0x7f0000000280)=0x5) sendmsg$AUDIT_USER_AVC(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)={0x10}, 0x10}}, 0x0) [ 234.884961][ T28] audit: type=1804 audit(1599749219.895:46): pid=9451 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir844479570/syzkaller.BBXZ1Y/34/file1/bus" dev="loop0" ino=146 res=1 errno=0 [ 234.904545][ T9451] attempt to access beyond end of device 14:46:59 executing program 2: pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1) r2 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) close(r1) r3 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r3, 0x10e, 0xc, &(0x7f0000000040)={0xf3a}, 0x10) sendmsg$NLBL_CIPSOV4_C_ADD(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={0x0}}, 0x0) write(0xffffffffffffffff, &(0x7f0000000180)="1c0000004a005f0214f9f424000904000a", 0xfffffffffffffc70) splice(r0, 0x0, r1, 0x0, 0xfffd, 0x0) [ 234.918265][ T28] audit: type=1804 audit(1599749219.895:47): pid=9451 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir844479570/syzkaller.BBXZ1Y/34/file1/bus" dev="loop0" ino=146 res=1 errno=0 [ 234.951544][ T28] audit: type=1804 audit(1599749219.905:48): pid=9451 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir844479570/syzkaller.BBXZ1Y/34/file1/bus" dev="loop0" ino=146 res=1 errno=0 14:47:00 executing program 1: clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) setsockopt$IPT_SO_SET_REPLACE(r0, 0x4000000000000, 0x40, &(0x7f0000000540)=@raw={'raw\x00', 0x4001, 0x3, 0x4d8, 0x0, 0x0, 0x148, 0x360, 0x148, 0x440, 0x240, 0x240, 0x440, 0x240, 0x3, 0x0, {[{{@ip={@local, @empty, 0x0, 0x0, 'ip6gretap0\x00', 'team_slave_0\x00'}, 0x0, 0x2f8, 0x360, 0x0, {}, [@common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'lo\x00', {0x35, 0x2, 0x0, 0xf203, 0x0, 0x40000ec, 0x7}}}, @common=@unspec=@bpf1={{0x230, 'bpf\x00', 0x0}, @bytecode={0x2, 0x0, 0x0, [{0x0, 0x0, 0x0, 0x35}]}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, '\x00', 'syz0\x00'}}}, {{@uncond, 0x0, 0xc0, 0xe0, 0x0, {}, [@inet=@rpfilter={{0x28, 'rpfilter\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @unspec=@TRACE={0x20, 'TRACE\x00'}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x538) [ 234.989339][ T9451] loop0: rw=2049, want=64, limit=60 [ 235.001014][ T9451] Buffer I/O error on dev loop0, logical block 31, lost async page write [ 235.019181][ T9451] attempt to access beyond end of device [ 235.030867][ T9451] loop0: rw=2049, want=66, limit=60 14:47:00 executing program 4: r0 = socket$nl_audit(0x10, 0x3, 0x9) r1 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000240), &(0x7f0000000280)=0x5) sendmsg$AUDIT_USER_AVC(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)={0x10}, 0x10}}, 0x0) [ 235.040933][ T9451] Buffer I/O error on dev loop0, logical block 32, lost async page write 14:47:00 executing program 0: syz_mount_image$msdos(&(0x7f0000000040)='msdos\x00', &(0x7f00000003c0)='./file1\x00', 0x79d5, 0x1, &(0x7f0000000300)=[{&(0x7f0000000140)="040005090000000066617400040409000200027400f801", 0x17}], 0x0, &(0x7f0000000080)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') r0 = creat(&(0x7f0000000680)='./bus\x00', 0x0) ftruncate(r0, 0x800) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$dupfd(r1, 0x0, r2) lseek(r0, 0x0, 0x2) r3 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0) r4 = open(&(0x7f0000000400)='./bus\x00', 0x14183e, 0x0) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x7ffffe, 0x11, r4, 0x0) write$P9_RLERROR(r4, &(0x7f0000000080)={0x9}, 0x9) sendfile(r0, r3, 0x0, 0x8400f7fffff8) [ 235.152129][ T303] attempt to access beyond end of device [ 235.157938][ T303] loop0: rw=1, want=68, limit=60 [ 235.182171][ T303] Buffer I/O error on dev loop0, logical block 33, lost async page write 14:47:00 executing program 2: pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udplite(0x2, 0x2, 0x88) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) close(r1) r4 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r4, 0x10e, 0xc, &(0x7f0000000040)={0xf3a}, 0x10) sendmsg$NLBL_CIPSOV4_C_ADD(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={0x0}}, 0x0) write(0xffffffffffffffff, &(0x7f0000000180)="1c0000004a005f0214f9f424000904000a", 0xfffffffffffffc70) splice(r0, 0x0, r1, 0x0, 0xfffd, 0x0) [ 235.216384][ T9461] xt_bpf: check failed: parse error 14:47:00 executing program 4: r0 = socket$nl_audit(0x10, 0x3, 0x9) socket$inet_udplite(0x2, 0x2, 0x88) setuid(0x0) sendmsg$AUDIT_USER_AVC(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)={0x10}, 0x10}}, 0x0) [ 235.276444][ T303] attempt to access beyond end of device [ 235.328137][ T303] loop0: rw=1, want=70, limit=60 [ 235.367887][ T303] Buffer I/O error on dev loop0, logical block 34, lost async page write [ 235.430597][ T303] attempt to access beyond end of device [ 235.484718][ T303] loop0: rw=1, want=230, limit=60 14:47:00 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) msgctl$MSG_INFO(0x0, 0x4, 0x0) 14:47:00 executing program 4: r0 = socket$nl_audit(0x10, 0x3, 0x9) socket$inet_udplite(0x2, 0x2, 0x88) setuid(0x0) sendmsg$AUDIT_USER_AVC(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)={0x10}, 0x10}}, 0x0) 14:47:00 executing program 2: pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udplite(0x2, 0x2, 0x88) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) close(r1) r4 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r4, 0x10e, 0xc, &(0x7f0000000040)={0xf3a}, 0x10) sendmsg$NLBL_CIPSOV4_C_ADD(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={0x0}}, 0x0) write(0xffffffffffffffff, &(0x7f0000000180)="1c0000004a005f0214f9f424000904000a", 0xfffffffffffffc70) splice(r0, 0x0, r1, 0x0, 0xfffd, 0x0) 14:47:00 executing program 5: creat(&(0x7f00000001c0)='./file0\x00', 0x32) fanotify_init(0x0, 0x0) r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) unshare(0x8000400) mq_open(&(0x7f0000000000)='-$\x00', 0x6e93ebbbcc0884ee, 0x0, 0x0) ioctl$int_in(r0, 0x800000c004500a, &(0x7f0000000300)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000240)={0x0, 0x0}) mq_getsetattr(0xffffffffffffffff, 0x0, 0x0) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r1+30000000}, 0x0) 14:47:00 executing program 1: clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x0) setsockopt$IPT_SO_SET_REPLACE(r0, 0x4000000000000, 0x40, &(0x7f0000000540)=@raw={'raw\x00', 0x4001, 0x3, 0x4d8, 0x0, 0x0, 0x148, 0x360, 0x148, 0x440, 0x240, 0x240, 0x440, 0x240, 0x3, 0x0, {[{{@ip={@local, @empty, 0x0, 0x0, 'ip6gretap0\x00', 'team_slave_0\x00'}, 0x0, 0x2f8, 0x360, 0x0, {}, [@common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'lo\x00', {0x35, 0x2, 0x0, 0xf203, 0x0, 0x40000ec, 0x7}}}, @common=@unspec=@bpf1={{0x230, 'bpf\x00', 0x0}, @bytecode={0x2, 0x0, 0x0, [{0x0, 0x0, 0x0, 0x35}]}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, '\x00', 'syz0\x00'}}}, {{@uncond, 0x0, 0xc0, 0xe0, 0x0, {}, [@inet=@rpfilter={{0x28, 'rpfilter\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @unspec=@TRACE={0x20, 'TRACE\x00'}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x538) 14:47:00 executing program 4: r0 = socket$nl_audit(0x10, 0x3, 0x9) socket$inet_udplite(0x2, 0x2, 0x88) setuid(0x0) sendmsg$AUDIT_USER_AVC(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)={0x10}, 0x10}}, 0x0) 14:47:00 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) clone(0x9a3aa400, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet_sctp(0x2, 0x5, 0x84) getsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000004000)={0x0, 0x10, &(0x7f0000003fc0)=[@in={0x2, 0x0, @dev}]}, &(0x7f0000004040)=0x10) setsockopt$inet_sctp_SCTP_PEER_ADDR_THLDS(0xffffffffffffffff, 0x84, 0x1f, 0x0, 0x0) openat$audio1(0xffffffffffffff9c, &(0x7f0000000100)='/dev/audio1\x00', 0x2400, 0x0) 14:47:00 executing program 2: pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udplite(0x2, 0x2, 0x88) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) close(r1) r4 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r4, 0x10e, 0xc, &(0x7f0000000040)={0xf3a}, 0x10) sendmsg$NLBL_CIPSOV4_C_ADD(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={0x0}}, 0x0) write(0xffffffffffffffff, &(0x7f0000000180)="1c0000004a005f0214f9f424000904000a", 0xfffffffffffffc70) splice(r0, 0x0, r1, 0x0, 0xfffd, 0x0) [ 235.768462][ T28] audit: type=1804 audit(1599749220.775:49): pid=9480 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir844479570/syzkaller.BBXZ1Y/35/file1/bus" dev="loop0" ino=147 res=1 errno=0 [ 235.808850][ T9480] attempt to access beyond end of device [ 235.870457][ T9480] loop0: rw=2049, want=64, limit=60 [ 235.896339][ T9489] xt_bpf: check failed: parse error 14:47:00 executing program 4: r0 = socket$nl_audit(0x10, 0x3, 0x9) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0}, &(0x7f0000000280)=0x5) setuid(r1) sendmsg$AUDIT_USER_AVC(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)={0x10}, 0x10}}, 0x0) [ 235.940429][ T9480] Buffer I/O error on dev loop0, logical block 31, lost async page write [ 236.018424][ T9480] attempt to access beyond end of device [ 236.025345][ T9480] loop0: rw=2049, want=66, limit=60 [ 236.030568][ T9480] Buffer I/O error on dev loop0, logical block 32, lost async page write 14:47:01 executing program 0: syz_mount_image$msdos(&(0x7f0000000040)='msdos\x00', &(0x7f00000003c0)='./file1\x00', 0x79d5, 0x1, &(0x7f0000000300)=[{&(0x7f0000000140)="040005090000000066617400040409000200027400f801", 0x17}], 0x0, &(0x7f0000000080)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') r0 = creat(&(0x7f0000000680)='./bus\x00', 0x0) ftruncate(r0, 0x800) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$dupfd(r1, 0x0, r2) lseek(r0, 0x0, 0x2) r3 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0) r4 = open(&(0x7f0000000400)='./bus\x00', 0x14183e, 0x0) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x7ffffe, 0x11, r4, 0x0) write$P9_RLERROR(r4, &(0x7f0000000080)={0x9}, 0x9) sendfile(r0, r3, 0x0, 0x8400f7fffff8) 14:47:01 executing program 5: creat(&(0x7f00000001c0)='./file0\x00', 0x32) fanotify_init(0x0, 0x0) r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) unshare(0x8000400) mq_open(&(0x7f0000000000)='-$\x00', 0x6e93ebbbcc0884ee, 0x0, 0x0) ioctl$int_in(r0, 0x800000c004500a, &(0x7f0000000300)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000240)={0x0, 0x0}) mq_getsetattr(0xffffffffffffffff, 0x0, 0x0) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r1+30000000}, 0x0) 14:47:01 executing program 2: vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1) r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) close(0xffffffffffffffff) r2 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r2, 0x10e, 0xc, &(0x7f0000000040)={0xf3a}, 0x10) sendmsg$NLBL_CIPSOV4_C_ADD(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={0x0}}, 0x0) write(0xffffffffffffffff, &(0x7f0000000180)="1c0000004a005f0214f9f424000904000a", 0xfffffffffffffc70) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0xfffd, 0x0) 14:47:01 executing program 4: r0 = socket$nl_audit(0x10, 0x3, 0x9) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0}, &(0x7f0000000280)=0x5) setuid(r1) sendmsg$AUDIT_USER_AVC(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)={0x10}, 0x10}}, 0x0) [ 236.168148][ T303] attempt to access beyond end of device [ 236.175375][ T303] loop0: rw=1, want=68, limit=60 [ 236.217247][ T303] attempt to access beyond end of device [ 236.290223][ T303] loop0: rw=1, want=70, limit=60 14:47:01 executing program 4: r0 = socket$nl_audit(0x10, 0x3, 0x9) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0}, &(0x7f0000000280)=0x5) setuid(r1) sendmsg$AUDIT_USER_AVC(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)={0x10}, 0x10}}, 0x0) 14:47:01 executing program 1: clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x0) setsockopt$IPT_SO_SET_REPLACE(r0, 0x4000000000000, 0x40, &(0x7f0000000540)=@raw={'raw\x00', 0x4001, 0x3, 0x4d8, 0x0, 0x0, 0x148, 0x360, 0x148, 0x440, 0x240, 0x240, 0x440, 0x240, 0x3, 0x0, {[{{@ip={@local, @empty, 0x0, 0x0, 'ip6gretap0\x00', 'team_slave_0\x00'}, 0x0, 0x2f8, 0x360, 0x0, {}, [@common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'lo\x00', {0x35, 0x2, 0x0, 0xf203, 0x0, 0x40000ec, 0x7}}}, @common=@unspec=@bpf1={{0x230, 'bpf\x00', 0x0}, @bytecode={0x2, 0x0, 0x0, [{0x0, 0x0, 0x0, 0x35}]}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, '\x00', 'syz0\x00'}}}, {{@uncond, 0x0, 0xc0, 0xe0, 0x0, {}, [@inet=@rpfilter={{0x28, 'rpfilter\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @unspec=@TRACE={0x20, 'TRACE\x00'}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x538) [ 236.345884][ T303] attempt to access beyond end of device 14:47:01 executing program 2: vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1) r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) close(0xffffffffffffffff) r2 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r2, 0x10e, 0xc, &(0x7f0000000040)={0xf3a}, 0x10) sendmsg$NLBL_CIPSOV4_C_ADD(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={0x0}}, 0x0) write(0xffffffffffffffff, &(0x7f0000000180)="1c0000004a005f0214f9f424000904000a", 0xfffffffffffffc70) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0xfffd, 0x0) [ 236.398610][ T303] loop0: rw=1, want=230, limit=60 [ 236.518619][ T9508] xt_bpf: check failed: parse error 14:47:01 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0}, &(0x7f0000000280)=0x5) setuid(r1) sendmsg$AUDIT_USER_AVC(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)={0x10}, 0x10}}, 0x0) 14:47:01 executing program 2: vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1) r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) close(0xffffffffffffffff) r2 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r2, 0x10e, 0xc, &(0x7f0000000040)={0xf3a}, 0x10) sendmsg$NLBL_CIPSOV4_C_ADD(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={0x0}}, 0x0) write(0xffffffffffffffff, &(0x7f0000000180)="1c0000004a005f0214f9f424000904000a", 0xfffffffffffffc70) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0xfffd, 0x0) [ 236.735258][ T9514] attempt to access beyond end of device [ 236.780074][ T9514] loop0: rw=2049, want=64, limit=60 14:47:01 executing program 3: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open$cgroup(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0xb) bpf$ENABLE_STATS(0x20, 0x0, 0x0) dup(0xffffffffffffffff) open(0x0, 0x0, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x8, &(0x7f0000000d00)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f2aa3d9b18ed812a2e2c49e8020a6f4e0e4a9446ca2b5f1cc1a100a9af698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b072e90080008002d75593a286cecc93e64c227ffff000000000000f07a72c2918451ebdcf4cef809606056fe5c34664c0af9360a1f7a5e6b607130c89f18c0c1083a30369d8b8588d72ec29c48b45ef4ad0100be763289d01aa27ae8b09e00e79ab20b0b8ed8fb7a68af2ad0000000000000006f803c6468972089b302d7bf6023cdcedb5e0125ebbcebdde510cb2364149215108333719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad2300000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f40cfd7c3a1d37a6ab87b1586602d985430cea0162ab3fcf4591c926abfb076719237c8d0e60b0eea24492a660580800dbf5bcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd80a504cea9542e62d7f69667e3ddcd567b3aa3926b81e3b59c9b081d6a08000000ea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d60532af9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142ba11de6c5d5ad8bbae616b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0eb97fca585ec6bf58351d564beb61e8caab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a326efa31ae4e0f7505ebf6c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f695c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc22941330000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed85b980680b6c4a000000002b435ac15fc0288d9b2a169cdcacc413b48dafb7a2c8cb482bac0ac502d9ba96ffffff7f00000000df73be83bb7d5ad897ef3b7cda42013d53046da21b40216e14ba2d6af8656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff729433282830689da6b53b2633398631c7771429d120000de3241bf4a00fcffffffffffffffe09fec2271fe01589646efd1cf870cd7bb2366fde4a59429738fcc917a57f94f6c453cea793cc5ee0c2a5ff870ce5dfd3467decb05cfd9fcb32c8ed1dbd9d10a64c108285e71b5565b1768fb40fe418ce970275d5bc8955778567bc79e13b78249788f11f761038b75d4fa32b561d46ea3abe0fa4d30dc94ef241875f3b4b6ab7929a57affe7d7fa29822aea68a660e717a04becff0f719197724f4fce1093b62d7e8c7123d8ecbbc55bf404e4e1f74b7eed82571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d1d4b405c37feaf3dd95f6ef2acd1fe582786105c7df8be5877050c91301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c4d75cf2458e3542c9062ece84c99a061887a20639b41c8c12ee86c50804042b3eac1f879b136345cf67ca3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a454de2f4d92d6bd72ee2c9fdc75aaaf1e76003b4ad05573af403269b4a39ce40293947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457acf37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694da85bff9f5f4df9b3e90e5c708ce65cd6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd452277c3887d6116c6cc9d8046c216c1f895778cb26e22a2a998de44aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e089b862eef552fcde2981f48c482bde6e4a4304e50c349f4f9ecee27de8f2a4ebb04b0c485b72d538ba4958ea8e4aa37094191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250df98674152f94e32409e2a3bce109b6000000000000000000d6d5210d7560eb92d6a97a27602b81f7636df1535bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750898b1bd627e87306703be8672d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e7a45319f18101288a0268893373750d1a8fe64680b0a3fc22dd704e4214de5946912d6c98cd1a9fbe1e7d58c08acaf30235b928a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69993e9960ff5f76015e600263d9756237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854356cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66418d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466ac96e0d4b3bb49faa5449209b085f3c334b47f067bbab40743b2a428f1da1f68df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c3431ee97471c7868c6da7eaa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c000000000000000000000000009bff5348dd9639a9f34b5f92b7646000e3053358f55cb9f97c269eaf7327c32ab116a303ae64c9c714217c"], &(0x7f0000000100)='GPL\x00'}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r0, 0x0, 0xe, 0x0, &(0x7f0000000140)="e3d0e9d6d9d18e5f39868de363d3", 0x0, 0x19d, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40) 14:47:01 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0}, &(0x7f0000000280)=0x5) setuid(r1) sendmsg$AUDIT_USER_AVC(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)={0x10}, 0x10}}, 0x0) [ 236.832030][ T9514] attempt to access beyond end of device [ 236.882268][ T9514] loop0: rw=2049, want=66, limit=60 14:47:01 executing program 2: pipe(0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1) r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) close(0xffffffffffffffff) r2 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r2, 0x10e, 0xc, &(0x7f0000000040)={0xf3a}, 0x10) sendmsg$NLBL_CIPSOV4_C_ADD(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={0x0}}, 0x0) write(0xffffffffffffffff, &(0x7f0000000180)="1c0000004a005f0214f9f424000904000a", 0xfffffffffffffc70) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0xfffd, 0x0) 14:47:02 executing program 0: syz_mount_image$msdos(&(0x7f0000000040)='msdos\x00', &(0x7f00000003c0)='./file1\x00', 0x79d5, 0x1, &(0x7f0000000300)=[{&(0x7f0000000140)="040005090000000066617400040409000200027400f801", 0x17}], 0x0, &(0x7f0000000080)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') r0 = creat(&(0x7f0000000680)='./bus\x00', 0x0) ftruncate(r0, 0x800) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) lseek(r0, 0x0, 0x2) r1 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0) r2 = open(&(0x7f0000000400)='./bus\x00', 0x14183e, 0x0) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x7ffffe, 0x11, r2, 0x0) write$P9_RLERROR(r2, &(0x7f0000000080)={0x9}, 0x9) sendfile(r0, r1, 0x0, 0x8400f7fffff8) [ 237.028114][ T303] attempt to access beyond end of device [ 237.034018][ T303] loop0: rw=1, want=68, limit=60 [ 237.060131][ T303] attempt to access beyond end of device 14:47:02 executing program 5: creat(&(0x7f00000001c0)='./file0\x00', 0x32) openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040)='/dev/rfkill\x00', 0x0, 0x0) r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) unshare(0x8000400) mq_open(&(0x7f0000000000)='-$\x00', 0x6e93ebbbcc0884ee, 0x0, 0x0) ioctl$int_in(r0, 0x800000c004500a, &(0x7f0000000300)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000240)={0x0, 0x0}) mq_getsetattr(0xffffffffffffffff, 0x0, 0x0) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r1+30000000}, 0x0) 14:47:02 executing program 1: clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x0) setsockopt$IPT_SO_SET_REPLACE(r0, 0x4000000000000, 0x40, &(0x7f0000000540)=@raw={'raw\x00', 0x4001, 0x3, 0x4d8, 0x0, 0x0, 0x148, 0x360, 0x148, 0x440, 0x240, 0x240, 0x440, 0x240, 0x3, 0x0, {[{{@ip={@local, @empty, 0x0, 0x0, 'ip6gretap0\x00', 'team_slave_0\x00'}, 0x0, 0x2f8, 0x360, 0x0, {}, [@common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'lo\x00', {0x35, 0x2, 0x0, 0xf203, 0x0, 0x40000ec, 0x7}}}, @common=@unspec=@bpf1={{0x230, 'bpf\x00', 0x0}, @bytecode={0x2, 0x0, 0x0, [{0x0, 0x0, 0x0, 0x35}]}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, '\x00', 'syz0\x00'}}}, {{@uncond, 0x0, 0xc0, 0xe0, 0x0, {}, [@inet=@rpfilter={{0x28, 'rpfilter\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @unspec=@TRACE={0x20, 'TRACE\x00'}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x538) 14:47:02 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0}, &(0x7f0000000280)=0x5) setuid(r1) sendmsg$AUDIT_USER_AVC(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)={0x10}, 0x10}}, 0x0) [ 237.090615][ T303] loop0: rw=1, want=70, limit=60 14:47:02 executing program 2: pipe(0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1) r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) close(0xffffffffffffffff) r2 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r2, 0x10e, 0xc, &(0x7f0000000040)={0xf3a}, 0x10) sendmsg$NLBL_CIPSOV4_C_ADD(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={0x0}}, 0x0) write(0xffffffffffffffff, &(0x7f0000000180)="1c0000004a005f0214f9f424000904000a", 0xfffffffffffffc70) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0xfffd, 0x0) [ 237.126897][ T303] attempt to access beyond end of device 14:47:02 executing program 3: set_mempolicy(0x2, &(0x7f0000000080)=0xe4e, 0x6) fsopen(&(0x7f0000000040)='sockfs\x00', 0x0) [ 237.183926][ T9533] xt_bpf: check failed: parse error [ 237.199022][ T303] loop0: rw=1, want=230, limit=60 14:47:02 executing program 2: pipe(0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1) r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) close(0xffffffffffffffff) r2 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r2, 0x10e, 0xc, &(0x7f0000000040)={0xf3a}, 0x10) sendmsg$NLBL_CIPSOV4_C_ADD(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={0x0}}, 0x0) write(0xffffffffffffffff, &(0x7f0000000180)="1c0000004a005f0214f9f424000904000a", 0xfffffffffffffc70) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0xfffd, 0x0) 14:47:02 executing program 4: r0 = socket$nl_audit(0x10, 0x3, 0x9) socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0}, &(0x7f0000000280)=0x5) setuid(r1) sendmsg$AUDIT_USER_AVC(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)={0x10}, 0x10}}, 0x0) 14:47:02 executing program 3: r0 = socket$inet_sctp(0x2, 0x800000000000001, 0x84) setsockopt$inet_sctp_SCTP_MAX_BURST(r0, 0x84, 0x83, 0x0, 0x0) [ 237.409653][ T9545] attempt to access beyond end of device [ 237.460796][ T9545] loop0: rw=2049, want=64, limit=60 [ 237.500649][ T9545] attempt to access beyond end of device [ 237.575956][ T9545] loop0: rw=2049, want=66, limit=60 14:47:02 executing program 4: r0 = socket$nl_audit(0x10, 0x3, 0x9) socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0}, &(0x7f0000000280)=0x5) setuid(r1) sendmsg$AUDIT_USER_AVC(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)={0x10}, 0x10}}, 0x0) 14:47:02 executing program 3: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) r0 = perf_event_open(&(0x7f0000000bc0)={0x2, 0x70, 0xc3, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x5, 0x3, &(0x7f0000000540)=ANY=[@ANYBLOB="850000006d00000025000000000000009500000000000000afcd0000494d614dcc6fab5335ec470db2c61612ba392176dd2963228e1d69ba7ea94c500dc4ef2fad96ed406f21caf593836d9ea2cfb0e60436e054258c4686b066707de94a4f4d5fc79c987d669f2b1feca0f9d9924be41a9169bdfaf16d1c0b1539510000000000002358de6eee84309e7a23c19a39484809539fca4e0b6ec015a7d55545a34effa077faa55c59e88254f54077f799bf1683537a8ea0244d35b213bda80cc172afd80e361bedd8b8cc57255a5e3d77ac463920e231b7ae0da8616d2b7958f91f5d822175ed60ab386d95af98af1da2b59525f8fe3b28d7e53c78fbfe5ab0255f347160ec8343e1494d3a63e57a15cf10453f6c0ab13b81a484ebad04859d928365a7ea3fab8b4b380a00d72bc0480f949c479757306720399379d9271cf555c14d56b51c2298237bebfc08e0d5976a942b846970cfd98be5111f2cc5e46ac1c60a9b10c074bfbcd4b09012175484135f0e519f0b1c4aaa026d570ecb5e8cddbed65ff76ff61c5552417fd703f7f14d8b78a602ca3cdf6a662d8bc9c89c9120072a5d00dcdd8595356c9b2c92aaf1264d4ef4a410a882834867bcd2b6e559d17879570c8ad943e392957b4f979ea17117a13201bafe4f0f6ea5a6c957ada0c548552b571bed5647223c78a996ec13eaa66580ae7b813071cbb17d9f37282462f03de147c0d497c61433c6d6f325ddccc35601eef97ee611be8c97f4151ffdf6f78205f02f5d07074049cb799c6e924966a7f90bf8fd1e75ee76bd72346cfbb5567e54d3504723177d356c4604b7a492ecec37e83efceefd7ca253cbc8edc8be05cc85451c6a14507434eb54b6f43caea5c4bf690441974b155f5adc6825a3a3d5b754df23175e2ce8b03bf3e3c033e54e4ba982437fafed3d123464541adf60596578f5dca0df5f7ae3609d5563a805fd99248f56bd3104a0ef253e3d4ab8f9be2e0f607502058ee3750f49bbc359c00ec6e47a88cc539da2349c5e8fc7bd97d24223f7c903c69ad922c240221db38060dd279f9d5663a6668c7caeb16d112905b4d757229ef8c34b0cd85bf2e5607f1c6120a5fc37cf30d1725d33179554336bab90b4cb3543fa14a8f32632e28da3a5cbf5517e2d5aa6136910082877bdc13c65107698f65c1fb93d08666c371eab58e7794fa02e76ad10d1844e4a6196d32092a1f9ba06cd8a6df0eeaff5dc67b9ca3fead289eeb68bfc1ac05beb53b23e086ad8fb0a39a9ac16734e68eee5db8b73080e2064009cb59a35f6a3f0070b9aabb22f9b43696e7b8fa2bdf2d818195c8b9cb725ddab36a73176734b791dfea05810b186c733b8fc24c5a8c50f917b7a1c25872882a8c90c82b8b41cef5701ce5e02647137fd2c513f6d8790d32f776816751da4ede71957dff1e93371910e4584d0758302372e9eda3ba6290910389fad9fe18234340b72"], &(0x7f0000000000)='GPL\x00', 0x5, 0x252, &(0x7f000000cf3d)=""/195}, 0x48) ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, r2) write$cgroup_int(r1, &(0x7f0000000200), 0x400c00) 14:47:02 executing program 2: pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1) r2 = socket$inet_udplite(0x2, 0x2, 0x88) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) close(r1) r4 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r4, 0x10e, 0xc, &(0x7f0000000040)={0xf3a}, 0x10) sendmsg$NLBL_CIPSOV4_C_ADD(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={0x0}}, 0x0) write(0xffffffffffffffff, &(0x7f0000000180)="1c0000004a005f0214f9f424000904000a", 0xfffffffffffffc70) splice(r0, 0x0, r1, 0x0, 0xfffd, 0x0) 14:47:02 executing program 0: syz_mount_image$msdos(&(0x7f0000000040)='msdos\x00', &(0x7f00000003c0)='./file1\x00', 0x79d5, 0x1, &(0x7f0000000300)=[{&(0x7f0000000140)="040005090000000066617400040409000200027400f801", 0x17}], 0x0, &(0x7f0000000080)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') r0 = creat(&(0x7f0000000680)='./bus\x00', 0x0) ftruncate(r0, 0x800) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) lseek(r0, 0x0, 0x2) r1 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0) r2 = open(&(0x7f0000000400)='./bus\x00', 0x14183e, 0x0) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x7ffffe, 0x11, r2, 0x0) write$P9_RLERROR(r2, &(0x7f0000000080)={0x9}, 0x9) sendfile(r0, r1, 0x0, 0x8400f7fffff8) 14:47:02 executing program 5: creat(&(0x7f00000001c0)='./file0\x00', 0x32) openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040)='/dev/rfkill\x00', 0x0, 0x0) r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) unshare(0x8000400) mq_open(&(0x7f0000000000)='-$\x00', 0x6e93ebbbcc0884ee, 0x0, 0x0) ioctl$int_in(r0, 0x800000c004500a, &(0x7f0000000300)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000240)={0x0, 0x0}) mq_getsetattr(0xffffffffffffffff, 0x0, 0x0) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r1+30000000}, 0x0) 14:47:02 executing program 1: clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) socket$inet_icmp_raw(0x2, 0x3, 0x1) r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x4000000000000, 0x40, &(0x7f0000000540)=@raw={'raw\x00', 0x4001, 0x3, 0x4d8, 0x0, 0x0, 0x148, 0x360, 0x148, 0x440, 0x240, 0x240, 0x440, 0x240, 0x3, 0x0, {[{{@ip={@local, @empty, 0x0, 0x0, 'ip6gretap0\x00', 'team_slave_0\x00'}, 0x0, 0x2f8, 0x360, 0x0, {}, [@common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'lo\x00', {0x35, 0x2, 0x0, 0xf203, 0x0, 0x40000ec, 0x7}}}, @common=@unspec=@bpf1={{0x230, 'bpf\x00', 0x0}, @bytecode={0x2, 0x0, 0x0, [{0x0, 0x0, 0x0, 0x35}]}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, '\x00', 'syz0\x00'}}}, {{@uncond, 0x0, 0xc0, 0xe0, 0x0, {}, [@inet=@rpfilter={{0x28, 'rpfilter\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @unspec=@TRACE={0x20, 'TRACE\x00'}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x538) [ 237.783909][ T639] attempt to access beyond end of device [ 237.789696][ T639] loop0: rw=1, want=68, limit=60 [ 237.815080][ T639] attempt to access beyond end of device [ 237.825275][ T639] loop0: rw=1, want=70, limit=60 [ 237.832067][ T639] attempt to access beyond end of device [ 237.840592][ T639] loop0: rw=1, want=230, limit=60 14:47:02 executing program 4: r0 = socket$nl_audit(0x10, 0x3, 0x9) socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0}, &(0x7f0000000280)=0x5) setuid(r1) sendmsg$AUDIT_USER_AVC(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)={0x10}, 0x10}}, 0x0) 14:47:02 executing program 3: r0 = getpid() r1 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0}, &(0x7f0000000280)=0x5) setuid(r2) prlimit64(r0, 0x0, 0x0, 0x0) 14:47:03 executing program 1: clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) socket$inet_icmp_raw(0x2, 0x3, 0x1) r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x4000000000000, 0x40, &(0x7f0000000540)=@raw={'raw\x00', 0x4001, 0x3, 0x4d8, 0x0, 0x0, 0x148, 0x360, 0x148, 0x440, 0x240, 0x240, 0x440, 0x240, 0x3, 0x0, {[{{@ip={@local, @empty, 0x0, 0x0, 'ip6gretap0\x00', 'team_slave_0\x00'}, 0x0, 0x2f8, 0x360, 0x0, {}, [@common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'lo\x00', {0x35, 0x2, 0x0, 0xf203, 0x0, 0x40000ec, 0x7}}}, @common=@unspec=@bpf1={{0x230, 'bpf\x00', 0x0}, @bytecode={0x2, 0x0, 0x0, [{0x0, 0x0, 0x0, 0x35}]}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, '\x00', 'syz0\x00'}}}, {{@uncond, 0x0, 0xc0, 0xe0, 0x0, {}, [@inet=@rpfilter={{0x28, 'rpfilter\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @unspec=@TRACE={0x20, 'TRACE\x00'}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x538) 14:47:03 executing program 2: pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1) r2 = socket$inet_udplite(0x2, 0x2, 0x88) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) close(r1) r4 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r4, 0x10e, 0xc, &(0x7f0000000040)={0xf3a}, 0x10) sendmsg$NLBL_CIPSOV4_C_ADD(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={0x0}}, 0x0) write(0xffffffffffffffff, &(0x7f0000000180)="1c0000004a005f0214f9f424000904000a", 0xfffffffffffffc70) splice(r0, 0x0, r1, 0x0, 0xfffd, 0x0) 14:47:03 executing program 1: clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) socket$inet_icmp_raw(0x2, 0x3, 0x1) r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x4000000000000, 0x40, &(0x7f0000000540)=@raw={'raw\x00', 0x4001, 0x3, 0x4d8, 0x0, 0x0, 0x148, 0x360, 0x148, 0x440, 0x240, 0x240, 0x440, 0x240, 0x3, 0x0, {[{{@ip={@local, @empty, 0x0, 0x0, 'ip6gretap0\x00', 'team_slave_0\x00'}, 0x0, 0x2f8, 0x360, 0x0, {}, [@common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'lo\x00', {0x35, 0x2, 0x0, 0xf203, 0x0, 0x40000ec, 0x7}}}, @common=@unspec=@bpf1={{0x230, 'bpf\x00', 0x0}, @bytecode={0x2, 0x0, 0x0, [{0x0, 0x0, 0x0, 0x35}]}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, '\x00', 'syz0\x00'}}}, {{@uncond, 0x0, 0xc0, 0xe0, 0x0, {}, [@inet=@rpfilter={{0x28, 'rpfilter\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @unspec=@TRACE={0x20, 'TRACE\x00'}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x538) 14:47:03 executing program 5: creat(&(0x7f00000001c0)='./file0\x00', 0x32) openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040)='/dev/rfkill\x00', 0x0, 0x0) r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) unshare(0x8000400) mq_open(&(0x7f0000000000)='-$\x00', 0x6e93ebbbcc0884ee, 0x0, 0x0) ioctl$int_in(r0, 0x800000c004500a, &(0x7f0000000300)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000240)={0x0, 0x0}) mq_getsetattr(0xffffffffffffffff, 0x0, 0x0) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r1+30000000}, 0x0) 14:47:03 executing program 4: r0 = socket$nl_audit(0x10, 0x3, 0x9) r1 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r1, 0x1, 0x11, 0x0, &(0x7f0000000280)) setuid(0x0) sendmsg$AUDIT_USER_AVC(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)={0x10}, 0x10}}, 0x0) 14:47:03 executing program 0: syz_mount_image$msdos(&(0x7f0000000040)='msdos\x00', &(0x7f00000003c0)='./file1\x00', 0x79d5, 0x1, &(0x7f0000000300)=[{&(0x7f0000000140)="040005090000000066617400040409000200027400f801", 0x17}], 0x0, &(0x7f0000000080)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') r0 = creat(&(0x7f0000000680)='./bus\x00', 0x0) ftruncate(r0, 0x800) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) lseek(r0, 0x0, 0x2) r1 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0) r2 = open(&(0x7f0000000400)='./bus\x00', 0x14183e, 0x0) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x7ffffe, 0x11, r2, 0x0) write$P9_RLERROR(r2, &(0x7f0000000080)={0x9}, 0x9) sendfile(r0, r1, 0x0, 0x8400f7fffff8) [ 238.148842][ T9570] attempt to access beyond end of device [ 238.166595][ T9570] loop0: rw=2049, want=64, limit=60 [ 238.172472][ T9570] attempt to access beyond end of device [ 238.178129][ T9570] loop0: rw=2049, want=66, limit=60 14:47:03 executing program 2: pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1) r2 = socket$inet_udplite(0x2, 0x2, 0x88) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) close(r1) r4 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r4, 0x10e, 0xc, &(0x7f0000000040)={0xf3a}, 0x10) sendmsg$NLBL_CIPSOV4_C_ADD(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={0x0}}, 0x0) write(0xffffffffffffffff, &(0x7f0000000180)="1c0000004a005f0214f9f424000904000a", 0xfffffffffffffc70) splice(r0, 0x0, r1, 0x0, 0xfffd, 0x0) 14:47:03 executing program 3: unshare(0x4000400) r0 = open(&(0x7f0000000280)='.\x00', 0x0, 0x0) sendmsg$RDMA_NLDEV_CMD_NEWLINK(r0, 0x0, 0x0) [ 238.228848][ T639] attempt to access beyond end of device [ 238.235158][ T639] loop0: rw=1, want=68, limit=60 [ 238.265249][ T639] attempt to access beyond end of device 14:47:03 executing program 4: r0 = socket$nl_audit(0x10, 0x3, 0x9) r1 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r1, 0x1, 0x11, 0x0, &(0x7f0000000280)) setuid(0x0) sendmsg$AUDIT_USER_AVC(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)={0x10}, 0x10}}, 0x0) [ 238.278883][ T639] loop0: rw=1, want=70, limit=60 [ 238.290217][ T639] attempt to access beyond end of device [ 238.297959][ T639] loop0: rw=1, want=230, limit=60 14:47:03 executing program 1: clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) setsockopt$IPT_SO_SET_REPLACE(r0, 0x4000000000000, 0x40, 0x0, 0x0) 14:47:03 executing program 3: perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000d84000)={0xa, 0x2}, 0x1c) setsockopt$inet6_int(r0, 0x29, 0x42, &(0x7f00000000c0)=0x6, 0x4) setsockopt$inet6_tcp_int(r0, 0x6, 0xa, &(0x7f0000000080)=0x4, 0x4) sendto$inet6(r0, &(0x7f0000f6f000), 0xfffffffffffffea7, 0x20000004, &(0x7f0000b63fe4)={0xa, 0x2, 0x983a, @rand_addr, 0x300}, 0x1c) 14:47:03 executing program 2: pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r1, 0x0, 0x0, 0x1) r2 = socket$inet_udplite(0x2, 0x2, 0x88) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) close(r1) r4 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r4, 0x10e, 0xc, &(0x7f0000000040)={0xf3a}, 0x10) sendmsg$NLBL_CIPSOV4_C_ADD(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={0x0}}, 0x0) write(0xffffffffffffffff, &(0x7f0000000180)="1c0000004a005f0214f9f424000904000a", 0xfffffffffffffc70) splice(r0, 0x0, r1, 0x0, 0xfffd, 0x0) 14:47:03 executing program 4: r0 = socket$nl_audit(0x10, 0x3, 0x9) r1 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r1, 0x1, 0x11, 0x0, &(0x7f0000000280)) setuid(0x0) sendmsg$AUDIT_USER_AVC(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)={0x10}, 0x10}}, 0x0) [ 238.614871][ T9599] attempt to access beyond end of device 14:47:03 executing program 1: clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) setsockopt$IPT_SO_SET_REPLACE(r0, 0x4000000000000, 0x40, 0x0, 0x0) [ 238.673258][ T9599] loop0: rw=2049, want=64, limit=60 [ 238.725496][ T9599] attempt to access beyond end of device 14:47:03 executing program 5: fanotify_init(0x0, 0x0) openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040)='/dev/rfkill\x00', 0x0, 0x0) r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) unshare(0x8000400) mq_open(&(0x7f0000000000)='-$\x00', 0x6e93ebbbcc0884ee, 0x0, 0x0) ioctl$int_in(r0, 0x800000c004500a, &(0x7f0000000300)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000240)={0x0, 0x0}) mq_getsetattr(0xffffffffffffffff, 0x0, 0x0) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r1+30000000}, 0x0) 14:47:03 executing program 2: pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r1, 0x0, 0x0, 0x1) r2 = socket$inet_udplite(0x2, 0x2, 0x88) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) close(r1) r4 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r4, 0x10e, 0xc, &(0x7f0000000040)={0xf3a}, 0x10) sendmsg$NLBL_CIPSOV4_C_ADD(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={0x0}}, 0x0) write(0xffffffffffffffff, &(0x7f0000000180)="1c0000004a005f0214f9f424000904000a", 0xfffffffffffffc70) splice(r0, 0x0, r1, 0x0, 0xfffd, 0x0) [ 238.789371][ T9599] loop0: rw=2049, want=66, limit=60 14:47:03 executing program 1: clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) setsockopt$IPT_SO_SET_REPLACE(r0, 0x4000000000000, 0x40, 0x0, 0x0) 14:47:03 executing program 0: syz_mount_image$msdos(&(0x7f0000000040)='msdos\x00', &(0x7f00000003c0)='./file1\x00', 0x79d5, 0x1, &(0x7f0000000300)=[{&(0x7f0000000140)="040005090000000066617400040409000200027400f801", 0x17}], 0x0, &(0x7f0000000080)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') r0 = creat(&(0x7f0000000680)='./bus\x00', 0x0) ftruncate(r0, 0x800) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) lseek(r0, 0x0, 0x2) r2 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0) r3 = open(&(0x7f0000000400)='./bus\x00', 0x14183e, 0x0) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x7ffffe, 0x11, r3, 0x0) write$P9_RLERROR(r3, &(0x7f0000000080)={0x9}, 0x9) sendfile(r0, r2, 0x0, 0x8400f7fffff8) 14:47:03 executing program 4: r0 = socket$nl_audit(0x10, 0x3, 0x9) r1 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0}, 0x0) setuid(r2) sendmsg$AUDIT_USER_AVC(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)={0x10}, 0x10}}, 0x0) 14:47:03 executing program 1: clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) setsockopt$IPT_SO_SET_REPLACE(r0, 0x4000000000000, 0x40, &(0x7f0000000540)=@raw={'raw\x00', 0x4001, 0x3, 0x4b0, 0x0, 0x0, 0x148, 0x360, 0x148, 0x440, 0x240, 0x240, 0x440, 0x240, 0x3, 0x0, {[{{@ip={@local, @empty, 0x0, 0x0, 'ip6gretap0\x00', 'team_slave_0\x00'}, 0x0, 0x2f8, 0x360, 0x0, {}, [@common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'lo\x00', {0x35, 0x2, 0x0, 0xf203, 0x0, 0x40000ec, 0x7}}}, @common=@unspec=@bpf1={{0x230, 'bpf\x00', 0x0}, @bytecode={0x2, 0x0, 0x0, [{0x0, 0x0, 0x0, 0x35}]}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, '\x00', 'syz0\x00'}}}, {{@uncond, 0x0, 0x98, 0xb8, 0x0, {}, [@inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @unspec=@TRACE={0x20, 'TRACE\x00'}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x510) 14:47:04 executing program 5: fanotify_init(0x0, 0x0) openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040)='/dev/rfkill\x00', 0x0, 0x0) r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) unshare(0x8000400) mq_open(&(0x7f0000000000)='-$\x00', 0x6e93ebbbcc0884ee, 0x0, 0x0) ioctl$int_in(r0, 0x800000c004500a, &(0x7f0000000300)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000240)={0x0, 0x0}) mq_getsetattr(0xffffffffffffffff, 0x0, 0x0) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r1+30000000}, 0x0) [ 238.977299][ T639] attempt to access beyond end of device [ 238.987474][ T639] loop0: rw=1, want=68, limit=60 [ 239.016758][ T639] buffer_io_error: 16 callbacks suppressed 14:47:04 executing program 2: pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r1, 0x0, 0x0, 0x1) r2 = socket$inet_udplite(0x2, 0x2, 0x88) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) close(r1) r4 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r4, 0x10e, 0xc, &(0x7f0000000040)={0xf3a}, 0x10) sendmsg$NLBL_CIPSOV4_C_ADD(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={0x0}}, 0x0) write(0xffffffffffffffff, &(0x7f0000000180)="1c0000004a005f0214f9f424000904000a", 0xfffffffffffffc70) splice(r0, 0x0, r1, 0x0, 0xfffd, 0x0) [ 239.016769][ T639] Buffer I/O error on dev loop0, logical block 33, lost async page write [ 239.178965][ T639] attempt to access beyond end of device [ 239.214673][ T639] loop0: rw=1, want=70, limit=60 [ 239.237686][ T639] Buffer I/O error on dev loop0, logical block 34, lost async page write [ 239.271670][ T639] attempt to access beyond end of device [ 239.277350][ T639] loop0: rw=1, want=230, limit=60 14:47:04 executing program 3: iopl(0x3) setgid(0xffffffffffffffff) 14:47:04 executing program 1: clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) setsockopt$IPT_SO_SET_REPLACE(r0, 0x4000000000000, 0x40, &(0x7f0000000540)=@raw={'raw\x00', 0x4001, 0x3, 0x4b0, 0x0, 0x0, 0x148, 0x360, 0x148, 0x440, 0x240, 0x240, 0x440, 0x240, 0x3, 0x0, {[{{@ip={@local, @empty, 0x0, 0x0, 'ip6gretap0\x00', 'team_slave_0\x00'}, 0x0, 0x2f8, 0x360, 0x0, {}, [@common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'lo\x00', {0x35, 0x2, 0x0, 0xf203, 0x0, 0x40000ec, 0x7}}}, @common=@unspec=@bpf1={{0x230, 'bpf\x00', 0x0}, @bytecode={0x2, 0x0, 0x0, [{0x0, 0x0, 0x0, 0x35}]}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, '\x00', 'syz0\x00'}}}, {{@uncond, 0x0, 0x98, 0xb8, 0x0, {}, [@inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @unspec=@TRACE={0x20, 'TRACE\x00'}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x510) 14:47:04 executing program 4: r0 = socket$nl_audit(0x10, 0x3, 0x9) r1 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0}, 0x0) setuid(r2) sendmsg$AUDIT_USER_AVC(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)={0x10}, 0x10}}, 0x0) 14:47:04 executing program 2: pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r1, &(0x7f00000000c0), 0x0, 0x1) r2 = socket$inet_udplite(0x2, 0x2, 0x88) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) close(r1) r4 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r4, 0x10e, 0xc, &(0x7f0000000040)={0xf3a}, 0x10) sendmsg$NLBL_CIPSOV4_C_ADD(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={0x0}}, 0x0) write(0xffffffffffffffff, &(0x7f0000000180)="1c0000004a005f0214f9f424000904000a", 0xfffffffffffffc70) splice(r0, 0x0, r1, 0x0, 0xfffd, 0x0) 14:47:04 executing program 5: fanotify_init(0x0, 0x0) openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040)='/dev/rfkill\x00', 0x0, 0x0) r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) unshare(0x8000400) mq_open(&(0x7f0000000000)='-$\x00', 0x6e93ebbbcc0884ee, 0x0, 0x0) ioctl$int_in(r0, 0x800000c004500a, &(0x7f0000000300)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000240)={0x0, 0x0}) mq_getsetattr(0xffffffffffffffff, 0x0, 0x0) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r1+30000000}, 0x0) 14:47:04 executing program 4: r0 = socket$nl_audit(0x10, 0x3, 0x9) r1 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0}, 0x0) setuid(r2) sendmsg$AUDIT_USER_AVC(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)={0x10}, 0x10}}, 0x0) 14:47:04 executing program 2: pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r1, &(0x7f00000000c0), 0x0, 0x1) r2 = socket$inet_udplite(0x2, 0x2, 0x88) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) close(r1) r4 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r4, 0x10e, 0xc, &(0x7f0000000040)={0xf3a}, 0x10) sendmsg$NLBL_CIPSOV4_C_ADD(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={0x0}}, 0x0) write(0xffffffffffffffff, &(0x7f0000000180)="1c0000004a005f0214f9f424000904000a", 0xfffffffffffffc70) splice(r0, 0x0, r1, 0x0, 0xfffd, 0x0) [ 239.596522][ T28] kauditd_printk_skb: 14 callbacks suppressed [ 239.596536][ T28] audit: type=1804 audit(1599749224.606:64): pid=9645 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir844479570/syzkaller.BBXZ1Y/40/file1/bus" dev="loop0" ino=152 res=1 errno=0 [ 239.648561][ T9645] attempt to access beyond end of device [ 239.678921][ T9645] loop0: rw=2049, want=64, limit=60 [ 239.718306][ T9645] Buffer I/O error on dev loop0, logical block 31, lost async page write [ 239.781479][ T9645] attempt to access beyond end of device [ 239.787152][ T9645] loop0: rw=2049, want=66, limit=60 [ 239.791155][ T28] audit: type=1804 audit(1599749224.646:65): pid=9645 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir844479570/syzkaller.BBXZ1Y/40/file1/bus" dev="loop0" ino=152 res=1 errno=0 [ 239.801461][ T9645] Buffer I/O error on dev loop0, logical block 32, lost async page write 14:47:04 executing program 0: syz_mount_image$msdos(&(0x7f0000000040)='msdos\x00', &(0x7f00000003c0)='./file1\x00', 0x79d5, 0x1, &(0x7f0000000300)=[{&(0x7f0000000140)="040005090000000066617400040409000200027400f801", 0x17}], 0x0, &(0x7f0000000080)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') r0 = creat(&(0x7f0000000680)='./bus\x00', 0x0) ftruncate(r0, 0x800) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) lseek(r0, 0x0, 0x2) r2 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0) r3 = open(&(0x7f0000000400)='./bus\x00', 0x14183e, 0x0) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x7ffffe, 0x11, r3, 0x0) write$P9_RLERROR(r3, &(0x7f0000000080)={0x9}, 0x9) sendfile(r0, r2, 0x0, 0x8400f7fffff8) 14:47:04 executing program 1: clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) setsockopt$IPT_SO_SET_REPLACE(r0, 0x4000000000000, 0x40, &(0x7f0000000540)=@raw={'raw\x00', 0x4001, 0x3, 0x4b0, 0x0, 0x0, 0x148, 0x360, 0x148, 0x440, 0x240, 0x240, 0x440, 0x240, 0x3, 0x0, {[{{@ip={@local, @empty, 0x0, 0x0, 'ip6gretap0\x00', 'team_slave_0\x00'}, 0x0, 0x2f8, 0x360, 0x0, {}, [@common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'lo\x00', {0x35, 0x2, 0x0, 0xf203, 0x0, 0x40000ec, 0x7}}}, @common=@unspec=@bpf1={{0x230, 'bpf\x00', 0x0}, @bytecode={0x2, 0x0, 0x0, [{0x0, 0x0, 0x0, 0x35}]}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, '\x00', 'syz0\x00'}}}, {{@uncond, 0x0, 0x98, 0xb8, 0x0, {}, [@inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @unspec=@TRACE={0x20, 'TRACE\x00'}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x510) 14:47:04 executing program 3: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz0\x00', 0x200002, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x8, 0xe, &(0x7f0000002240)=ANY=[@ANYBLOB="b702000000000000bfa30000000000000703000000feffff7a0af0ff1100000079a4f0ff00000000b706000000000081ad64020000000000450404000100ff261704000001130a00b7040000050000006a0af2fe00000000850000001a000000b700000000000000950000000000000000e154cd844a14eeabb140172c26b1954b26c933f7ffffffffffffff55bb2007ee51050512b5b42128aa090a79507d71307b534bf901115e17392ac66ad029d1c000006146001e04aeacea799a22a2fa798b5adc43eb27d53319d0ad229e5752548300000000dbc2777df150b7cdd77b85b141092314fd085f028f2ed1a4537a670838337af2abd55a87ac0394b2f92ffab7d153d62058d0a413b217369c8eb6712f3024b7041b1df65b3e1b9bf115646d14ce53d13d0ccacdefc5f9094fa737c28b994a8512c816fdcceaede3faedc51d29a47fc813ce3d32cfc7a53ac271d6d6f4ea6bf97f2f33e2ea2e3b4300bcb3fdc4b4861004eefbda7f54f82a7f358ff0bf9bc5fa77ee293fbd165a5a68488e40b030166565a097b1b44b451de736bb6d43db8db03d4b7745fef1d04ec633dee254a6d491b8496da787e814c4fd21a18986252a70f8f92eb6f0e8c7db3503680e5e5971ff4bf23242a1f2c28159f09943b1b0452d1b72183aacf4a84f9130b775dd4e9e3070756f97ad791fa909ac06b57479321a0574fb304bc2a1681989328c8ddc20ea011bf5742e0ef94234db8b20ce3f9f16cb7fc20fb4791ec85821d0c48fb657c29b309c73f0977e7cde65a82b94c461d7962b0d2277a84af326f37f3e2c25a61ec45c3af97a4aff3fc8c108755f75ca13fb7c8bbd8b6e7dac1aba4b20dc61e058a4dfa7e85a8bdf1d41a2d8bda74d66f47cc180f82c5f573c6d294d3665016ac500da0fde0745db06753a7ac7fe13cab6692422a46e9ffe2d4a2d32f7528751313694bf575c553b114d1945aa00b20ef0c248ddd3da32396a614cacad4aff2066bb5d4045c9585638c2153a6eee01738b0c10671f4f619b7dcb98a6273b8c5f1e24d9f679e4fbe948dfb4cc4a389469608241730459f0123fd39206000000000000eb55d000abcdb040f6266e548b01623258a141bd587cc9dad46de56ef907b059b90b8aa49afb9a79ae5498f6589880ed6e657b9c670012be05e7de0940313c5870786554df26239bcf67d90be485a1b8375d936a7d2120eca291963eb2d537d87cbb54e588ee5d6944ee4de5c183c960119451c31539b22809e1d7f0cda06a9fa814df388983a86b3fd24bde2b7d64cb77872a0aa9a104e16bb1a2bacf13464ca03aff14b9aa4bd9539f5096412b92012e095b84c20243ff98df3347f0e399d1b9f27e3c33269c0e153b28b2d4410572bc45b9d3fa02208d304d455c363000000000223201780200c6ed79547dbf8b497adda77f52f2cd1d0000002000000001c800000000000000000000000928ee53595a779d243a48cea769470424d28804c026ab7f4a5c81921f0128dfd70b438af60b060000000000000056642b49b70000001001808b6d7d748308eea09fc361b4735efbf3411718d6ee7aebf9ef40662d7836d252c566f5ee938a836804ed3a1079b0282a12043408cd61b687dcff910700000000000000456f7d2a42bd13da2022f23daec61854f640f701db0276652f6c74f20675eb781925441578e93046aaddea394cd8fff71c2710a7ea8ae0dc214e1cc275b26adfa892e6de9200000000e50e5bafecea4d4134f9d006c8d6883eca5c9c58c9e93311ab50fe82d5a96b09c68c73de2fea65559eb00e76e9d0ada209bcbb5c252b28a60ca770663da451790cc36000906d189fad98c308e39bd5ffb6151d79c1cee1cdfba05e2bbf9ec5499f79650f2e33bc3633be3f00000015762e5f5a3a0bc33fdbe28a5ffc83f2f085185cc92fe7f7919309d6adab4b7e508e5bf024ed8f8a005f2bbf96c89739f5d81e750d50515a59a3ad09e8802e8f4f535437dc0fc96f00000000000000ad69da9cd4375c624600e78f4458542b14f29611f95d4a31838eeb20c20bb82aa31771cd379ec83554cea5e6539db7384e1f58d8302fb1bdc4d9818708e27c89b552d310ab16bce9c764c714c9402c21d181aae59efb28d4f91652f6750b6ec962802c0320f8059195729d60c534ee8e8ff0755b67fe4c25edb85bcff24c757aa8090000000000008c420eb4304f66e3a37aaf000000c42a570f0e9dd5fd545470f862f8c3c14fa9e2d1e877b0d8ca84c044859e85e6158f9184bc61a9a284db80e4636c25b96174327d82761c26e329555f9290af4000000000000000749efd3763655500344bae34347f5ab0d534b8d63e4ca3b671f2de1cdf519192c6b59a601fd419a5c16e2055b850580994484305d7a1759782e4c571ee855a47bc00edf5e9020c09ab004321610b857e8717764b633b21cb32f0e03280e09758bd445ab91d20baca005452b79d7bf8ff247f1d2fe45b3c4e93da3d51de647c10dd49944dc87c92332af00f191b66b6a6f732a91f0a2e9120be61e58c79d497247d278888901d44bf77ff246605a644e9e3d769db497c3960dfde12182334caee994adc38a436367a54b9e182b78e9a0ceb9a2c4f63902c1ad1a7c5a0cd0920a23c2a86abbdf357849a651733e57f3101987602688888ccb85c86b4f8ffffff5f000000002c331f550346115b43f8b1894c1d770750dfd2f7dfae96c18cc7130000000000002100000000000000000000000027c9a46157a3609b6fd9843ee19fc647249a9375de5858818f3c4a4fa6ce46f4d42b07199de8b99231ace58c77a23b0000e49666c464d35ca9b50f2d0000000000000092759ccf5a205311b7ab22532697b861dfb54609fd88e6043bd52ae84c1bb0c8a6c769f952283a1f4e3842edb3d42c68a2102fa1296dfff4a979a1bb3c5e3f007c0e169c3e75b9369b0e8ebc62887aa46e820a98e353047dbf0686d147357024eb3cb94f0489cb5ba0a56aa046b4dc521a3d9356b4b8b5917c4c860495b240e80063bde261fd00000000007271e28ef6806bc8e139c49b91c76b0d3958f7f05b47d3e519f1634e8fbd8d31330d89069f9648a2ff93060ff073b3a113e47edf76f7d1b8b90bc0df4cfb0b9c8c80158b44ecae9420654f7016b0aac117087406d343e27b372d6027ab2aec8f2bcad7fe6bb932bc5751d2974e9549771debd1dce8c2356d306bc147455a277f9a9aeb29aa185d7fe74b25a3b472bc7bbdd2ac5a1ea608e8137ace03361607cc1a84be659355629ab13ad49008c3fcfa2423439aaf3e36cbf537801d3b384d63b95a3607961d5b59da48a0155e8e42cc13c703cc40c89cf86c2021d72f9f4ab1b00de555a5a39593c93871ff7eb5ecadb64837a2d887236cedaa5152e3d5864e57581b61f2b0960600000000000000265f091e7bce17d20604c5ab751773a5cf2ed6c94682ebf13548209b8a719a7abc06ed03832bf274787c7c970edc20d2cb639ee758709b05a20097208d03f7a146a6901913618738679d4e0af53eae997eecfa0dc3dcec19d3d901ee75c8710470d9eb6f62c5c721883f1544ba6627a9d2b58e8fbade7716f159af1c8dab05a933746c16b6e93294b561c6715a32a394ed1e6c014e0c931bfa52c58c6f34d64e758a7a7f7dcbcc55257215c8ae719dc1c232fc6699ef83f85887d04a543030b4328ab48744ac23ff56fd2da52eb9fb2eefddd2d92d73ac1b111ea8b1e1fec36a3579879acfe366d393f1fa9cbe08d9ba57a443643e9cd2519c88e9185e458e66ea26822d27a45e0a9c10a127fed19e36b5264660665dfdbeab3ec99495639b859dfe8fdd919a95eb4c25a08cb6e1a9b4d6813a0fd07a4ad9df661ab8b86a932db0df838b178540d88be2983200703864a3b9e1482cb479dad6d34d211b05267eb1355520e9ec0c5014b0832f7fb35782fdbfcbf5e23a7f5d51ea480371748d18d8e10608ab8261fe058d1732f28814a9981d84a04a2bb36c89bdd245e3293a14df1ac567300000514f103abd387d6ef2d9d94508ac0f6135c8921279573e9ef585980789a92b9848906f545559d32112b5040f0776703363249ca98499efbb9e7362e4999594c1086d8954e9469db01d85fb0b9b3148663e9ea2e755d96c2986712d25a9a32565e947d03c42215118426d5451c262985bd571c363d260faea1db53e2cf3427c90aefa2662a1c2b28b0e020e872bda1d39da508de5dbc37d03ee056b2579a1d16799589a265ba6ae3ece8887c5daca8ade81ab9fc79a69822c9fba4500b1f68ebd695a5163007f2f9ef8b3c6b1b13340671f1ffc483528000000000000b9a4d370302b12101dab71d3e31160a40250ef0cbfffded601dce47f40f96e4646787cef5ad6ad4ee2d3876f9cf50e45d021a81ba62340c4c352581163c48938000000000000a8268a8247adcd7165421170bfdf5df908f207498ccfed607b10c54a68ef02194a231060b0bb2a0ef1a496db598a95838d842d777684f9c827979a5c2a61cd5e3efa1a2f3f57ee55237d7e56595e5d9e0c6bf104d3a04b23f9b73aa9d09a26e5af68e5e368381e28327c1e24d740612930680742cb8925ca04a6d5b030ecd10fef31d2ffd02cbe197cd718ae25458975dc762d29b843069c2ea1ed94c713570286e5478e01409b844e16f1a74c005f05caf5322736aabb89970c0ae3c55a54974da7ebe936692b1e98290870399de75602e93688d6f70abcd7d2aaa033120255f926b6a38a31ca6b889daf2c6ed2bdb59704ede4bdaafefa92f83fef9eed7fa554a982a10b2a1725ce65192cb07c37ec141cc63be20981b333e63d712c7ec1927eb7288f24c3a70a10e61f7e2604641783f9093b489f4a8e6c44f64d1dc95293def6af25b0d7150231cfa3150cdfd1dc8e6f0385456a6e6b259284081d8d1f18a57d9b0292721b91603e5382623f38fc7bfdd7b0ca5a17b290235186f7d1731eedb28942319af2927f99fff1f3b5c2335384c856d5e5cc553e45344894fef0f1c0980b1f62eb1ea4c5b030c284a181b0296f8e4313f466323b0f565c51b456f31e8edc7e548246292052a9fe7a67b076afe647a1db12056bb6023e8f6cdc3d64a4f381d8a13744621e3a1f45078c46b0e363819afa59966196cf4ad6d072d4565391c52ca93d475b8e8953bbe157d3a78ddf26d5b34035218429056211164e9bdaf611ae7a4ddcedc1f6f56b7e308f98fcefa9380b8f0dd8ac231b39594ec2af7adf173b96f69a9e6c1660789951d6d02c0a5ce6b5e1ebaa050d26e38c5d1fb8f594e20a09c9130bd2a1f6caf7bc910f24a3985027ac7a1e7a089388b5d83dfd6163a689dca92d48d44503ad8c4d57256bbfbb35e574930931308855d7a1c993c3c180dd64aacacc49f2af8170ad0258fed175d07b7fe88a1f5ebfae3d91177c636e0e55cefa496bc74b31691405a397bdebfee3bdee0908237ab8e6dd0a90f156112e028567c0bbb17d83a52faaa3870a4468418d7d43efaa81bd295412fe0bf1b9038eda2157f8d4d508532d9c60068835003ef327ba0bb0742b07c5ba28257a841aba1133b47223be3d52d4abc6d7221bd3a7634edb715a41047695ebe54cbc3425f544cb8cd91597200be13b67d8ae0ce957c7575aff14c4ebc1690b3fdaa283b3431d9d2fe1cfc63cdd767cb97b58542870888e7e56eb95cbe979b682031e62c5310149b0f47f2c155705bd6ec941eab85f0000285a2ddf44248b663c6edba45ad5e0c14e5566f343a9667bbbc3b21f2effcbd6109974f16635b4dbad9c72cbea7f7240328641eef80c6c7b25a7193b04bfc6a4f003fde7f6c915a0d63ab57bea0d800063c8ac4432eb112a88aaba4b0597e4a8beea7f1bb9f3f40c94655c6102393bf60de4938c9bcf0e7787a021549d21deefe097f1a3590e33bc397a197747cbcf83ed32efb5e9e8de0bbf1c647d10783f8153b891a70c42ccc604feb72735"], &(0x7f0000000100)='GPL\x00'}, 0x48) bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000040)={r1, r0}, 0x10) bpf$LINK_GET_FD_BY_ID(0x1e, &(0x7f00000009c0)=0xffffffffffffffff, 0x4) 14:47:04 executing program 2: pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r1, &(0x7f00000000c0), 0x0, 0x1) r2 = socket$inet_udplite(0x2, 0x2, 0x88) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) close(r1) r4 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r4, 0x10e, 0xc, &(0x7f0000000040)={0xf3a}, 0x10) sendmsg$NLBL_CIPSOV4_C_ADD(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={0x0}}, 0x0) write(0xffffffffffffffff, &(0x7f0000000180)="1c0000004a005f0214f9f424000904000a", 0xfffffffffffffc70) splice(r0, 0x0, r1, 0x0, 0xfffd, 0x0) 14:47:04 executing program 4: r0 = socket$nl_audit(0x10, 0x3, 0x9) r1 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000240), &(0x7f0000000280)=0x5) setuid(0x0) sendmsg$AUDIT_USER_AVC(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)={0x10}, 0x10}}, 0x0) 14:47:04 executing program 5: creat(0x0, 0x32) fanotify_init(0x0, 0x0) openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040)='/dev/rfkill\x00', 0x0, 0x0) r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) unshare(0x8000400) mq_open(&(0x7f0000000000)='-$\x00', 0x6e93ebbbcc0884ee, 0x0, 0x0) ioctl$int_in(r0, 0x800000c004500a, &(0x7f0000000300)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000240)={0x0, 0x0}) mq_getsetattr(0xffffffffffffffff, 0x0, 0x0) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r1+30000000}, 0x0) [ 239.826956][ T28] audit: type=1804 audit(1599749224.646:66): pid=9645 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir844479570/syzkaller.BBXZ1Y/40/file1/bus" dev="loop0" ino=152 res=1 errno=0 14:47:04 executing program 1: clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) setsockopt$IPT_SO_SET_REPLACE(r0, 0x4000000000000, 0x40, &(0x7f0000000540)=@raw={'raw\x00', 0x4001, 0x3, 0x4b0, 0x0, 0x0, 0x148, 0x360, 0x148, 0x440, 0x240, 0x240, 0x440, 0x240, 0x3, 0x0, {[{{@ip={@local, @empty, 0x0, 0x0, 'ip6gretap0\x00', 'team_slave_0\x00'}, 0x0, 0x2f8, 0x360, 0x0, {}, [@common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'lo\x00', {0x35, 0x2, 0x0, 0xf203, 0x0, 0x40000ec, 0x7}}}, @common=@unspec=@bpf1={{0x230, 'bpf\x00', 0x0}, @bytecode={0x2, 0x0, 0x0, [{0x0, 0x0, 0x0, 0x35}]}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, '\x00', 'syz0\x00'}}}, {{@uncond, 0x0, 0x98, 0xb8, 0x0, {}, [@inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @unspec=@TRACE={0x20, 'TRACE\x00'}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x510) [ 239.903730][ T21] attempt to access beyond end of device [ 239.909574][ T21] loop0: rw=1, want=68, limit=60 [ 239.936991][ T21] Buffer I/O error on dev loop0, logical block 33, lost async page write [ 239.996954][ T21] attempt to access beyond end of device [ 240.031291][ T21] loop0: rw=1, want=70, limit=60 14:47:05 executing program 4: r0 = socket$nl_audit(0x10, 0x3, 0x9) r1 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000240), &(0x7f0000000280)=0x5) setuid(0x0) sendmsg$AUDIT_USER_AVC(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)={0x10}, 0x10}}, 0x0) 14:47:05 executing program 2: pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r1, &(0x7f00000000c0)=[{0x0}], 0x1, 0x1) r2 = socket$inet_udplite(0x2, 0x2, 0x88) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) close(r1) r4 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r4, 0x10e, 0xc, &(0x7f0000000040)={0xf3a}, 0x10) sendmsg$NLBL_CIPSOV4_C_ADD(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={0x0}}, 0x0) write(0xffffffffffffffff, &(0x7f0000000180)="1c0000004a005f0214f9f424000904000a", 0xfffffffffffffc70) splice(r0, 0x0, r1, 0x0, 0xfffd, 0x0) 14:47:05 executing program 3: r0 = socket(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0xa00000000000000, 0x80, &(0x7f00000000c0)=@broute={'broute\x00', 0x20, 0x1, 0x990, [0xc, 0x0, 0x600000000000000, 0x0, 0x0, 0x20000e00], 0x0, 0x0, &(0x7f0000000e00)=ANY=[@ANYBLOB="00000000000000000000020000000000000000006dc9fdba00000000000000000000000000000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff010000000b00000000000000000062726964676530000000000000000000766c616e300000000000000000000000736974300000000000000000000000007465716c3000000000000000000000000000000000000000000000000180c20000000000000000070000b8080000b808000030090000616d6f6e670000000000000000000000000000000000000000000000020000002008000000000000140400000c000000000000000a000000000000000000000000000000000000000000080000000000000000000000000000000000000000000094000000000000000000000000000000000000000000fcffffffffffffff00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000584900000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001ead800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000b4b918d3e29a2e2c4dc5c8910000000000000000000000000000000000000000800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000440a00000000000000000000000000000000000000000000000000000000000000006401000000000000000000000000000000000000f18a0afe99350000210000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001a000000000000000000000001800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008c7f8f1b44f0000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000029abde2255a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e7ffffffffffffff00000000000000000000e0ffffff000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffffffffffe500000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000fffffff90400000000000000000000000000000000000000000000000000000000000000000000000000000000000000f2573bd04a33000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000200000000000000000000000000000000000000000000000000000000000000000000000000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ea18fde51d55aaab000000000000000000000500000000000000000000000000000000000000003f7f1c00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000009feeeb7baab2836d00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001d00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000000000000000000000000000000000000000000000090000000000080000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003fc95bb0000000000000000000000000000000000000000000000000000000000006000000000007000000000000000000000000000000000000d3d2e85100000000400000000000000000000000000000000000000000000000006e666c6f670000001100000000000000000000000000000000000000000000005080000000000000000000000000000000000000a600a9e85725d89818472e65aba21d9bbc1b20e8331c6fd24a5aceaeefe102e42a013ac2c00eeb782c34eab997013e0506220c21a44cc58ff5bc83d5e4066c7700"/2448]}, 0xa08) [ 240.061264][ T21] Buffer I/O error on dev loop0, logical block 34, lost async page write 14:47:05 executing program 1: clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) setsockopt$IPT_SO_SET_REPLACE(r0, 0x4000000000000, 0x40, &(0x7f0000000540)=@raw={'raw\x00', 0x4001, 0x3, 0x4b0, 0x0, 0x0, 0x148, 0x360, 0x148, 0x440, 0x240, 0x240, 0x440, 0x240, 0x3, 0x0, {[{{@ip={@local, @empty, 0x0, 0x0, 'ip6gretap0\x00', 'team_slave_0\x00'}, 0x0, 0x2f8, 0x360, 0x0, {}, [@common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'lo\x00', {0x35, 0x2, 0x0, 0xf203, 0x0, 0x40000ec, 0x7}}}, @common=@unspec=@bpf1={{0x230, 'bpf\x00', 0x0}, @bytecode={0x2, 0x0, 0x0, [{0x0, 0x0, 0x0, 0x35}]}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, '\x00', 'syz0\x00'}}}, {{@uncond, 0x0, 0x98, 0xb8, 0x0, {}, [@inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @unspec=@TRACE={0x20, 'TRACE\x00'}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x510) [ 240.151945][ T21] attempt to access beyond end of device [ 240.178704][ T21] loop0: rw=1, want=230, limit=60 14:47:05 executing program 1: clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) setsockopt$IPT_SO_SET_REPLACE(r0, 0x4000000000000, 0x40, &(0x7f0000000540)=@raw={'raw\x00', 0x4001, 0x3, 0x4b0, 0x0, 0x0, 0x148, 0x360, 0x148, 0x440, 0x240, 0x240, 0x440, 0x240, 0x3, 0x0, {[{{@ip={@local, @empty, 0x0, 0x0, 'ip6gretap0\x00', 'team_slave_0\x00'}, 0x0, 0x2f8, 0x360, 0x0, {}, [@common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'lo\x00', {0x35, 0x2, 0x0, 0xf203, 0x0, 0x40000ec, 0x7}}}, @common=@unspec=@bpf1={{0x230, 'bpf\x00', 0x0}, @bytecode={0x2, 0x0, 0x0, [{0x0, 0x0, 0x0, 0x35}]}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, '\x00', 'syz0\x00'}}}, {{@uncond, 0x0, 0x98, 0xb8, 0x0, {}, [@inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @unspec=@TRACE={0x20, 'TRACE\x00'}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x510) [ 240.436119][ T28] audit: type=1804 audit(1599749225.446:67): pid=9684 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir844479570/syzkaller.BBXZ1Y/41/file1/bus" dev="loop0" ino=153 res=1 errno=0 [ 240.495581][ T9684] attempt to access beyond end of device [ 240.552027][ T9684] loop0: rw=2049, want=64, limit=60 [ 240.571502][ T9684] Buffer I/O error on dev loop0, logical block 31, lost async page write [ 240.607911][ T28] audit: type=1804 audit(1599749225.476:68): pid=9684 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir844479570/syzkaller.BBXZ1Y/41/file1/bus" dev="loop0" ino=153 res=1 errno=0 [ 240.661016][ T9684] attempt to access beyond end of device [ 240.669030][ T9684] loop0: rw=2049, want=66, limit=60 [ 240.674812][ T9684] Buffer I/O error on dev loop0, logical block 32, lost async page write [ 240.695128][ T28] audit: type=1804 audit(1599749225.496:69): pid=9684 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir844479570/syzkaller.BBXZ1Y/41/file1/bus" dev="loop0" ino=153 res=1 errno=0 14:47:05 executing program 0: syz_mount_image$msdos(&(0x7f0000000040)='msdos\x00', &(0x7f00000003c0)='./file1\x00', 0x79d5, 0x1, &(0x7f0000000300)=[{&(0x7f0000000140)="040005090000000066617400040409000200027400f801", 0x17}], 0x0, &(0x7f0000000080)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') r0 = creat(&(0x7f0000000680)='./bus\x00', 0x0) ftruncate(r0, 0x800) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) lseek(r0, 0x0, 0x2) r2 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0) r3 = open(&(0x7f0000000400)='./bus\x00', 0x14183e, 0x0) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x7ffffe, 0x11, r3, 0x0) write$P9_RLERROR(r3, &(0x7f0000000080)={0x9}, 0x9) sendfile(r0, r2, 0x0, 0x8400f7fffff8) 14:47:05 executing program 4: r0 = socket$nl_audit(0x10, 0x3, 0x9) r1 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000240), &(0x7f0000000280)=0x5) setuid(0x0) sendmsg$AUDIT_USER_AVC(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)={0x10}, 0x10}}, 0x0) 14:47:05 executing program 2: pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r1, &(0x7f00000000c0)=[{0x0}], 0x1, 0x1) r2 = socket$inet_udplite(0x2, 0x2, 0x88) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) close(r1) r4 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r4, 0x10e, 0xc, &(0x7f0000000040)={0xf3a}, 0x10) sendmsg$NLBL_CIPSOV4_C_ADD(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={0x0}}, 0x0) write(0xffffffffffffffff, &(0x7f0000000180)="1c0000004a005f0214f9f424000904000a", 0xfffffffffffffc70) splice(r0, 0x0, r1, 0x0, 0xfffd, 0x0) 14:47:05 executing program 3: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x9c2, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f00006d4000/0x4000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_ASYNC_CANCEL={0xe, 0x8}, 0x0) io_uring_enter(r0, 0x450c, 0x0, 0x0, 0x0, 0x0) 14:47:05 executing program 1: clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) setsockopt$IPT_SO_SET_REPLACE(r0, 0x4000000000000, 0x40, &(0x7f0000000540)=@raw={'raw\x00', 0x4001, 0x3, 0x2a8, 0x0, 0x0, 0x148, 0x360, 0x148, 0x440, 0x240, 0x240, 0x440, 0x240, 0x3, 0x0, {[{{@ip={@local, @empty, 0x0, 0x0, 'ip6gretap0\x00', 'team_slave_0\x00'}, 0x0, 0xc8, 0x130, 0x0, {}, [@common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'lo\x00', {0x35, 0x2, 0x0, 0xf203, 0x0, 0x40000ec, 0x7}}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, '\x00', 'syz0\x00'}}}, {{@uncond, 0x0, 0xc0, 0xe0, 0x0, {}, [@inet=@rpfilter={{0x28, 'rpfilter\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @unspec=@TRACE={0x20, 'TRACE\x00'}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x308) 14:47:05 executing program 5: creat(0x0, 0x32) fanotify_init(0x0, 0x0) openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040)='/dev/rfkill\x00', 0x0, 0x0) r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) unshare(0x8000400) mq_open(&(0x7f0000000000)='-$\x00', 0x6e93ebbbcc0884ee, 0x0, 0x0) ioctl$int_in(r0, 0x800000c004500a, &(0x7f0000000300)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000240)={0x0, 0x0}) mq_getsetattr(0xffffffffffffffff, 0x0, 0x0) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r1+30000000}, 0x0) [ 240.798640][ T21] attempt to access beyond end of device [ 240.838571][ T21] loop0: rw=1, want=68, limit=60 14:47:05 executing program 1: clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) setsockopt$IPT_SO_SET_REPLACE(r0, 0x4000000000000, 0x40, &(0x7f0000000540)=@raw={'raw\x00', 0x4001, 0x3, 0x2a8, 0x0, 0x0, 0x148, 0x360, 0x148, 0x440, 0x240, 0x240, 0x440, 0x240, 0x3, 0x0, {[{{@ip={@local, @empty, 0x0, 0x0, 'ip6gretap0\x00', 'team_slave_0\x00'}, 0x0, 0xc8, 0x130, 0x0, {}, [@common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'lo\x00', {0x35, 0x2, 0x0, 0xf203, 0x0, 0x40000ec, 0x7}}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, '\x00', 'syz0\x00'}}}, {{@uncond, 0x0, 0xc0, 0xe0, 0x0, {}, [@inet=@rpfilter={{0x28, 'rpfilter\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @unspec=@TRACE={0x20, 'TRACE\x00'}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x308) [ 240.866707][ T21] Buffer I/O error on dev loop0, logical block 33, lost async page write 14:47:05 executing program 3: migrate_pages(0xffffffffffffffff, 0x982, 0x0, 0xfffffffffffffffd) 14:47:05 executing program 4: socket$nl_audit(0x10, 0x3, 0x9) r0 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0}, &(0x7f0000000280)=0x5) setuid(r1) sendmsg$AUDIT_USER_AVC(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)={0x10}, 0x10}}, 0x0) [ 240.942452][ T21] attempt to access beyond end of device 14:47:06 executing program 1: clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) setsockopt$IPT_SO_SET_REPLACE(r0, 0x4000000000000, 0x40, &(0x7f0000000540)=@raw={'raw\x00', 0x4001, 0x3, 0x2a8, 0x0, 0x0, 0x148, 0x360, 0x148, 0x440, 0x240, 0x240, 0x440, 0x240, 0x3, 0x0, {[{{@ip={@local, @empty, 0x0, 0x0, 'ip6gretap0\x00', 'team_slave_0\x00'}, 0x0, 0xc8, 0x130, 0x0, {}, [@common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'lo\x00', {0x35, 0x2, 0x0, 0xf203, 0x0, 0x40000ec, 0x7}}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, '\x00', 'syz0\x00'}}}, {{@uncond, 0x0, 0xc0, 0xe0, 0x0, {}, [@inet=@rpfilter={{0x28, 'rpfilter\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @unspec=@TRACE={0x20, 'TRACE\x00'}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x308) 14:47:06 executing program 2: pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r1, &(0x7f00000000c0)=[{0x0}], 0x1, 0x1) r2 = socket$inet_udplite(0x2, 0x2, 0x88) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) close(r1) r4 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r4, 0x10e, 0xc, &(0x7f0000000040)={0xf3a}, 0x10) sendmsg$NLBL_CIPSOV4_C_ADD(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={0x0}}, 0x0) write(0xffffffffffffffff, &(0x7f0000000180)="1c0000004a005f0214f9f424000904000a", 0xfffffffffffffc70) splice(r0, 0x0, r1, 0x0, 0xfffd, 0x0) 14:47:06 executing program 5: creat(0x0, 0x32) fanotify_init(0x0, 0x0) openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040)='/dev/rfkill\x00', 0x0, 0x0) r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) unshare(0x8000400) mq_open(&(0x7f0000000000)='-$\x00', 0x6e93ebbbcc0884ee, 0x0, 0x0) ioctl$int_in(r0, 0x800000c004500a, &(0x7f0000000300)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000240)={0x0, 0x0}) mq_getsetattr(0xffffffffffffffff, 0x0, 0x0) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r1+30000000}, 0x0) [ 240.992413][ T21] loop0: rw=1, want=70, limit=60 [ 241.028346][ T21] Buffer I/O error on dev loop0, logical block 34, lost async page write [ 241.061754][ T21] attempt to access beyond end of device [ 241.096027][ T21] loop0: rw=1, want=230, limit=60 [ 241.288150][ T28] audit: type=1804 audit(1599749226.296:70): pid=9724 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir844479570/syzkaller.BBXZ1Y/42/file1/bus" dev="loop0" ino=154 res=1 errno=0 [ 241.338531][ T9724] attempt to access beyond end of device [ 241.371738][ T28] audit: type=1804 audit(1599749226.336:71): pid=9724 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir844479570/syzkaller.BBXZ1Y/42/file1/bus" dev="loop0" ino=154 res=1 errno=0 [ 241.387175][ T9724] loop0: rw=2049, want=64, limit=60 [ 241.395272][ T28] audit: type=1804 audit(1599749226.336:72): pid=9724 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir844479570/syzkaller.BBXZ1Y/42/file1/bus" dev="loop0" ino=154 res=1 errno=0 [ 241.461952][ T9724] attempt to access beyond end of device [ 241.467615][ T9724] loop0: rw=2049, want=66, limit=60 14:47:06 executing program 0: syz_mount_image$msdos(&(0x7f0000000040)='msdos\x00', &(0x7f00000003c0)='./file1\x00', 0x79d5, 0x1, &(0x7f0000000300)=[{&(0x7f0000000140)="040005090000000066617400040409000200027400f801", 0x17}], 0x0, &(0x7f0000000080)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') r0 = creat(&(0x7f0000000680)='./bus\x00', 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = fcntl$dupfd(r1, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) lseek(r0, 0x0, 0x2) r4 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0) r5 = open(&(0x7f0000000400)='./bus\x00', 0x14183e, 0x0) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x7ffffe, 0x11, r5, 0x0) write$P9_RLERROR(r5, &(0x7f0000000080)={0x9}, 0x9) sendfile(r0, r4, 0x0, 0x8400f7fffff8) 14:47:06 executing program 3: timer_create(0x0, &(0x7f0000000300)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000080)) timer_settime(0x0, 0x0, &(0x7f00000002c0)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x16}, &(0x7f0000000100)=0x0) timer_settime(r0, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) pipe(&(0x7f00000004c0)={0xffffffffffffffff, 0xffffffffffffffff}) splice(r2, 0x0, r1, 0x0, 0xffffffffffff8001, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r5 = dup(r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) write$P9_RLERROR(r3, &(0x7f0000000040)=ANY=[], 0x9) 14:47:06 executing program 2: pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)}], 0x1, 0x1) r2 = socket$inet_udplite(0x2, 0x2, 0x88) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) close(r1) r4 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r4, 0x10e, 0xc, &(0x7f0000000040)={0xf3a}, 0x10) sendmsg$NLBL_CIPSOV4_C_ADD(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={0x0}}, 0x0) write(0xffffffffffffffff, &(0x7f0000000180)="1c0000004a005f0214f9f424000904000a", 0xfffffffffffffc70) splice(r0, 0x0, r1, 0x0, 0xfffd, 0x0) 14:47:06 executing program 4: socket$nl_audit(0x10, 0x3, 0x9) r0 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0}, &(0x7f0000000280)=0x5) setuid(r1) sendmsg$AUDIT_USER_AVC(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)={0x10}, 0x10}}, 0x0) 14:47:06 executing program 1: clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) setsockopt$IPT_SO_SET_REPLACE(r0, 0x4000000000000, 0x40, &(0x7f0000000540)=@raw={'raw\x00', 0x4001, 0x3, 0x4d8, 0x0, 0x0, 0x148, 0x360, 0x148, 0x440, 0x240, 0x240, 0x440, 0x240, 0x3, 0x0, {[{{@ip={@local, @empty, 0x0, 0x0, 'ip6gretap0\x00', 'team_slave_0\x00'}, 0x0, 0x2f8, 0x360, 0x0, {}, [@common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'lo\x00', {0x35, 0x2, 0x0, 0xf203, 0x0, 0x40000ec, 0x7}}}, @common=@unspec=@bpf1={{0x230, 'bpf\x00', 0x0}, @bytecode={0x2}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, '\x00', 'syz0\x00'}}}, {{@uncond, 0x0, 0xc0, 0xe0, 0x0, {}, [@inet=@rpfilter={{0x28, 'rpfilter\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @unspec=@TRACE={0x20, 'TRACE\x00'}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x538) 14:47:06 executing program 5: creat(&(0x7f00000001c0)='./file0\x00', 0x0) fanotify_init(0x0, 0x0) openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040)='/dev/rfkill\x00', 0x0, 0x0) r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) unshare(0x8000400) mq_open(&(0x7f0000000000)='-$\x00', 0x6e93ebbbcc0884ee, 0x0, 0x0) ioctl$int_in(r0, 0x800000c004500a, &(0x7f0000000300)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000240)={0x0, 0x0}) mq_getsetattr(0xffffffffffffffff, 0x0, 0x0) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r1+30000000}, 0x0) [ 241.572337][ T89] attempt to access beyond end of device [ 241.578014][ T89] loop0: rw=1, want=68, limit=60 14:47:06 executing program 4: socket$nl_audit(0x10, 0x3, 0x9) r0 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0}, &(0x7f0000000280)=0x5) setuid(r1) sendmsg$AUDIT_USER_AVC(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)={0x10}, 0x10}}, 0x0) [ 241.621075][ T89] attempt to access beyond end of device [ 241.640121][ T9737] xt_bpf: check failed: parse error [ 241.654208][ T89] loop0: rw=1, want=70, limit=60 14:47:06 executing program 2: pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)}], 0x1, 0x1) r2 = socket$inet_udplite(0x2, 0x2, 0x88) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) close(r1) r4 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r4, 0x10e, 0xc, &(0x7f0000000040)={0xf3a}, 0x10) sendmsg$NLBL_CIPSOV4_C_ADD(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={0x0}}, 0x0) write(0xffffffffffffffff, &(0x7f0000000180)="1c0000004a005f0214f9f424000904000a", 0xfffffffffffffc70) splice(r0, 0x0, r1, 0x0, 0xfffd, 0x0) [ 241.677213][ T89] attempt to access beyond end of device [ 241.713900][ T89] loop0: rw=1, want=230, limit=60 14:47:06 executing program 4: r0 = socket$nl_audit(0x10, 0x3, 0x9) r1 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0}, &(0x7f0000000280)=0x5) setuid(r2) sendmsg$AUDIT_USER_AVC(r0, 0x0, 0x0) 14:47:06 executing program 2: pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)}], 0x1, 0x1) r2 = socket$inet_udplite(0x2, 0x2, 0x88) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) close(r1) r4 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r4, 0x10e, 0xc, &(0x7f0000000040)={0xf3a}, 0x10) sendmsg$NLBL_CIPSOV4_C_ADD(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={0x0}}, 0x0) write(0xffffffffffffffff, &(0x7f0000000180)="1c0000004a005f0214f9f424000904000a", 0xfffffffffffffc70) splice(r0, 0x0, r1, 0x0, 0xfffd, 0x0) [ 241.909437][ T28] audit: type=1804 audit(1599749226.916:73): pid=9751 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir844479570/syzkaller.BBXZ1Y/43/file1/bus" dev="loop0" ino=155 res=1 errno=0 14:47:06 executing program 4: r0 = socket$nl_audit(0x10, 0x3, 0x9) r1 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0}, &(0x7f0000000280)=0x5) setuid(r2) sendmsg$AUDIT_USER_AVC(r0, 0x0, 0x0) 14:47:06 executing program 1: clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) setsockopt$IPT_SO_SET_REPLACE(r0, 0x4000000000000, 0x40, &(0x7f0000000540)=@raw={'raw\x00', 0x4001, 0x3, 0x4d8, 0x0, 0x0, 0x148, 0x360, 0x148, 0x440, 0x240, 0x240, 0x440, 0x240, 0x3, 0x0, {[{{@ip={@local, @empty, 0x0, 0x0, 'ip6gretap0\x00', 'team_slave_0\x00'}, 0x0, 0x2f8, 0x360, 0x0, {}, [@common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'lo\x00', {0x35, 0x2, 0x0, 0xf203, 0x0, 0x40000ec, 0x7}}}, @common=@unspec=@bpf1={{0x230, 'bpf\x00', 0x0}, @bytecode={0x2}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, '\x00', 'syz0\x00'}}}, {{@uncond, 0x0, 0xc0, 0xe0, 0x0, {}, [@inet=@rpfilter={{0x28, 'rpfilter\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @unspec=@TRACE={0x20, 'TRACE\x00'}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x538) 14:47:07 executing program 0: syz_mount_image$msdos(&(0x7f0000000040)='msdos\x00', &(0x7f00000003c0)='./file1\x00', 0x79d5, 0x1, &(0x7f0000000300)=[{&(0x7f0000000140)="040005090000000066617400040409000200027400f801", 0x17}], 0x0, &(0x7f0000000080)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') r0 = creat(&(0x7f0000000680)='./bus\x00', 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = fcntl$dupfd(r1, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) lseek(r0, 0x0, 0x2) r4 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0) r5 = open(&(0x7f0000000400)='./bus\x00', 0x14183e, 0x0) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x7ffffe, 0x11, r5, 0x0) write$P9_RLERROR(r5, &(0x7f0000000080)={0x9}, 0x9) sendfile(r0, r4, 0x0, 0x8400f7fffff8) [ 242.128666][ T9762] xt_bpf: check failed: parse error 14:47:07 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_KVMCLOCK_CTRL(0xffffffffffffffff, 0xaead) r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000280)='/dev/nullb0\x00', 0x4400, 0x0) preadv(r0, &(0x7f0000000040)=[{&(0x7f0000000400)=""/4096, 0x3ffc00}], 0x1, 0x0, 0x0) 14:47:07 executing program 4: r0 = socket$nl_audit(0x10, 0x3, 0x9) r1 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0}, &(0x7f0000000280)=0x5) setuid(r2) sendmsg$AUDIT_USER_AVC(r0, 0x0, 0x0) 14:47:07 executing program 2: pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcf", 0x5}], 0x1, 0x1) r2 = socket$inet_udplite(0x2, 0x2, 0x88) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) close(r1) r4 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r4, 0x10e, 0xc, &(0x7f0000000040)={0xf3a}, 0x10) sendmsg$NLBL_CIPSOV4_C_ADD(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={0x0}}, 0x0) write(0xffffffffffffffff, &(0x7f0000000180)="1c0000004a005f0214f9f424000904000a", 0xfffffffffffffc70) splice(r0, 0x0, r1, 0x0, 0xfffd, 0x0) 14:47:07 executing program 0: syz_mount_image$msdos(&(0x7f0000000040)='msdos\x00', &(0x7f00000003c0)='./file1\x00', 0x79d5, 0x1, &(0x7f0000000300)=[{&(0x7f0000000140)="040005090000000066617400040409000200027400f801", 0x17}], 0x0, &(0x7f0000000080)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') r0 = creat(&(0x7f0000000680)='./bus\x00', 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = fcntl$dupfd(r1, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) lseek(r0, 0x0, 0x2) r4 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0) r5 = open(&(0x7f0000000400)='./bus\x00', 0x14183e, 0x0) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x7ffffe, 0x11, r5, 0x0) write$P9_RLERROR(r5, &(0x7f0000000080)={0x9}, 0x9) sendfile(r0, r4, 0x0, 0x8400f7fffff8) 14:47:07 executing program 5: creat(&(0x7f00000001c0)='./file0\x00', 0x0) fanotify_init(0x0, 0x0) openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040)='/dev/rfkill\x00', 0x0, 0x0) r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) unshare(0x8000400) mq_open(&(0x7f0000000000)='-$\x00', 0x6e93ebbbcc0884ee, 0x0, 0x0) ioctl$int_in(r0, 0x800000c004500a, &(0x7f0000000300)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000240)={0x0, 0x0}) mq_getsetattr(0xffffffffffffffff, 0x0, 0x0) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r1+30000000}, 0x0) 14:47:07 executing program 1: clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) setsockopt$IPT_SO_SET_REPLACE(r0, 0x4000000000000, 0x40, &(0x7f0000000540)=@raw={'raw\x00', 0x4001, 0x3, 0x4d8, 0x0, 0x0, 0x148, 0x360, 0x148, 0x440, 0x240, 0x240, 0x440, 0x240, 0x3, 0x0, {[{{@ip={@local, @empty, 0x0, 0x0, 'ip6gretap0\x00', 'team_slave_0\x00'}, 0x0, 0x2f8, 0x360, 0x0, {}, [@common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'lo\x00', {0x35, 0x2, 0x0, 0xf203, 0x0, 0x40000ec, 0x7}}}, @common=@unspec=@bpf1={{0x230, 'bpf\x00', 0x0}, @bytecode={0x2}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, '\x00', 'syz0\x00'}}}, {{@uncond, 0x0, 0xc0, 0xe0, 0x0, {}, [@inet=@rpfilter={{0x28, 'rpfilter\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @unspec=@TRACE={0x20, 'TRACE\x00'}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x538) [ 242.501207][ T9777] xt_bpf: check failed: parse error 14:47:07 executing program 4: r0 = socket$nl_audit(0x10, 0x3, 0x9) r1 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0}, &(0x7f0000000280)=0x5) setuid(r2) sendmsg$AUDIT_USER_AVC(r0, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x0) 14:47:07 executing program 2: pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcf", 0x5}], 0x1, 0x1) r2 = socket$inet_udplite(0x2, 0x2, 0x88) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) close(r1) r4 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r4, 0x10e, 0xc, &(0x7f0000000040)={0xf3a}, 0x10) sendmsg$NLBL_CIPSOV4_C_ADD(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={0x0}}, 0x0) write(0xffffffffffffffff, &(0x7f0000000180)="1c0000004a005f0214f9f424000904000a", 0xfffffffffffffc70) splice(r0, 0x0, r1, 0x0, 0xfffd, 0x0) 14:47:07 executing program 0: syz_mount_image$msdos(&(0x7f0000000040)='msdos\x00', &(0x7f00000003c0)='./file1\x00', 0x79d5, 0x1, &(0x7f0000000300)=[{&(0x7f0000000140)="040005090000000066617400040409000200027400f801", 0x17}], 0x0, &(0x7f0000000080)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') ftruncate(0xffffffffffffffff, 0x800) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) lseek(0xffffffffffffffff, 0x0, 0x2) r3 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0) r4 = open(&(0x7f0000000400)='./bus\x00', 0x14183e, 0x0) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x7ffffe, 0x11, r4, 0x0) write$P9_RLERROR(r4, &(0x7f0000000080)={0x9}, 0x9) sendfile(0xffffffffffffffff, r3, 0x0, 0x8400f7fffff8) 14:47:07 executing program 4: r0 = socket$nl_audit(0x10, 0x3, 0x9) r1 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0}, &(0x7f0000000280)=0x5) setuid(r2) sendmsg$AUDIT_USER_AVC(r0, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x0) 14:47:07 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_KVMCLOCK_CTRL(0xffffffffffffffff, 0xaead) r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000280)='/dev/nullb0\x00', 0x4400, 0x0) preadv(r0, &(0x7f0000000040)=[{&(0x7f0000000400)=""/4096, 0x3ffc00}], 0x1, 0x0, 0x0) 14:47:07 executing program 2: pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcf", 0x5}], 0x1, 0x1) r2 = socket$inet_udplite(0x2, 0x2, 0x88) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) close(r1) r4 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r4, 0x10e, 0xc, &(0x7f0000000040)={0xf3a}, 0x10) sendmsg$NLBL_CIPSOV4_C_ADD(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={0x0}}, 0x0) write(0xffffffffffffffff, &(0x7f0000000180)="1c0000004a005f0214f9f424000904000a", 0xfffffffffffffc70) splice(r0, 0x0, r1, 0x0, 0xfffd, 0x0) 14:47:07 executing program 0: syz_mount_image$msdos(&(0x7f0000000040)='msdos\x00', &(0x7f00000003c0)='./file1\x00', 0x79d5, 0x1, &(0x7f0000000300)=[{&(0x7f0000000140)="040005090000000066617400040409000200027400f801", 0x17}], 0x0, &(0x7f0000000080)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') ftruncate(0xffffffffffffffff, 0x800) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) lseek(0xffffffffffffffff, 0x0, 0x2) r3 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0) r4 = open(&(0x7f0000000400)='./bus\x00', 0x14183e, 0x0) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x7ffffe, 0x11, r4, 0x0) write$P9_RLERROR(r4, &(0x7f0000000080)={0x9}, 0x9) sendfile(0xffffffffffffffff, r3, 0x0, 0x8400f7fffff8) 14:47:07 executing program 1: clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) setsockopt$IPT_SO_SET_REPLACE(r0, 0x4000000000000, 0x40, &(0x7f0000000540)=@raw={'raw\x00', 0x4001, 0x3, 0x480, 0x0, 0x0, 0x148, 0x360, 0x148, 0x440, 0x240, 0x240, 0x440, 0x240, 0x3, 0x0, {[{{@ip={@local, @empty, 0x0, 0x0, 'ip6gretap0\x00', 'team_slave_0\x00'}, 0x0, 0x2a0, 0x308, 0x0, {}, [@common=@unspec=@bpf1={{0x230, 'bpf\x00', 0x0}, @bytecode={0x2, 0x0, 0x0, [{0x0, 0x0, 0x0, 0x35}]}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, '\x00', 'syz0\x00'}}}, {{@uncond, 0x0, 0xc0, 0xe0, 0x0, {}, [@inet=@rpfilter={{0x28, 'rpfilter\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @unspec=@TRACE={0x20, 'TRACE\x00'}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x4e0) 14:47:08 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_CPUID2(r2, 0xc008ae88, &(0x7f00000000c0)={0x1, 0x0, [{0xfe}]}) 14:47:08 executing program 4: r0 = socket$nl_audit(0x10, 0x3, 0x9) r1 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0}, &(0x7f0000000280)=0x5) setuid(r2) sendmsg$AUDIT_USER_AVC(r0, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x0) 14:47:08 executing program 5: creat(&(0x7f00000001c0)='./file0\x00', 0x0) fanotify_init(0x0, 0x0) openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040)='/dev/rfkill\x00', 0x0, 0x0) r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) unshare(0x8000400) mq_open(&(0x7f0000000000)='-$\x00', 0x6e93ebbbcc0884ee, 0x0, 0x0) ioctl$int_in(r0, 0x800000c004500a, &(0x7f0000000300)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000240)={0x0, 0x0}) mq_getsetattr(0xffffffffffffffff, 0x0, 0x0) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r1+30000000}, 0x0) 14:47:08 executing program 2: pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb", 0x8}], 0x1, 0x1) r2 = socket$inet_udplite(0x2, 0x2, 0x88) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) close(r1) r4 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r4, 0x10e, 0xc, &(0x7f0000000040)={0xf3a}, 0x10) sendmsg$NLBL_CIPSOV4_C_ADD(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={0x0}}, 0x0) write(0xffffffffffffffff, &(0x7f0000000180)="1c0000004a005f0214f9f424000904000a", 0xfffffffffffffc70) splice(r0, 0x0, r1, 0x0, 0xfffd, 0x0) 14:47:08 executing program 1: clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) setsockopt$IPT_SO_SET_REPLACE(r0, 0x4000000000000, 0x40, &(0x7f0000000540)=@raw={'raw\x00', 0x4001, 0x3, 0x480, 0x0, 0x0, 0x148, 0x360, 0x148, 0x440, 0x240, 0x240, 0x440, 0x240, 0x3, 0x0, {[{{@ip={@local, @empty, 0x0, 0x0, 'ip6gretap0\x00', 'team_slave_0\x00'}, 0x0, 0x2a0, 0x308, 0x0, {}, [@common=@unspec=@bpf1={{0x230, 'bpf\x00', 0x0}, @bytecode={0x2, 0x0, 0x0, [{0x0, 0x0, 0x0, 0x35}]}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, '\x00', 'syz0\x00'}}}, {{@uncond, 0x0, 0xc0, 0xe0, 0x0, {}, [@inet=@rpfilter={{0x28, 'rpfilter\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @unspec=@TRACE={0x20, 'TRACE\x00'}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x4e0) 14:47:08 executing program 0: syz_mount_image$msdos(&(0x7f0000000040)='msdos\x00', &(0x7f00000003c0)='./file1\x00', 0x79d5, 0x1, &(0x7f0000000300)=[{&(0x7f0000000140)="040005090000000066617400040409000200027400f801", 0x17}], 0x0, &(0x7f0000000080)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') ftruncate(0xffffffffffffffff, 0x800) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) lseek(0xffffffffffffffff, 0x0, 0x2) r3 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0) r4 = open(&(0x7f0000000400)='./bus\x00', 0x14183e, 0x0) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x7ffffe, 0x11, r4, 0x0) write$P9_RLERROR(r4, &(0x7f0000000080)={0x9}, 0x9) sendfile(0xffffffffffffffff, r3, 0x0, 0x8400f7fffff8) 14:47:08 executing program 4: r0 = socket$nl_audit(0x10, 0x3, 0x9) r1 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0}, &(0x7f0000000280)=0x5) setuid(r2) sendmsg$AUDIT_USER_AVC(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={0x0}}, 0x0) 14:47:08 executing program 3: rt_sigaction(0x3b, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0, 0x8, &(0x7f00000001c0)) 14:47:08 executing program 1: clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) setsockopt$IPT_SO_SET_REPLACE(r0, 0x4000000000000, 0x40, &(0x7f0000000540)=@raw={'raw\x00', 0x4001, 0x3, 0x480, 0x0, 0x0, 0x148, 0x360, 0x148, 0x440, 0x240, 0x240, 0x440, 0x240, 0x3, 0x0, {[{{@ip={@local, @empty, 0x0, 0x0, 'ip6gretap0\x00', 'team_slave_0\x00'}, 0x0, 0x2a0, 0x308, 0x0, {}, [@common=@unspec=@bpf1={{0x230, 'bpf\x00', 0x0}, @bytecode={0x2, 0x0, 0x0, [{0x0, 0x0, 0x0, 0x35}]}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, '\x00', 'syz0\x00'}}}, {{@uncond, 0x0, 0xc0, 0xe0, 0x0, {}, [@inet=@rpfilter={{0x28, 'rpfilter\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @unspec=@TRACE={0x20, 'TRACE\x00'}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x4e0) 14:47:08 executing program 0: syz_mount_image$msdos(&(0x7f0000000040)='msdos\x00', &(0x7f00000003c0)='./file1\x00', 0x79d5, 0x1, &(0x7f0000000300)=[{&(0x7f0000000140)="040005090000000066617400040409000200027400f801", 0x17}], 0x0, &(0x7f0000000080)=ANY=[]) r0 = creat(&(0x7f0000000680)='./bus\x00', 0x0) ftruncate(r0, 0x800) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = fcntl$dupfd(r1, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) lseek(r0, 0x0, 0x2) r4 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0) r5 = open(&(0x7f0000000400)='./bus\x00', 0x14183e, 0x0) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x7ffffe, 0x11, r5, 0x0) write$P9_RLERROR(r5, &(0x7f0000000080)={0x9}, 0x9) sendfile(r0, r4, 0x0, 0x8400f7fffff8) 14:47:08 executing program 2: pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb", 0x8}], 0x1, 0x1) r2 = socket$inet_udplite(0x2, 0x2, 0x88) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) close(r1) r4 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r4, 0x10e, 0xc, &(0x7f0000000040)={0xf3a}, 0x10) sendmsg$NLBL_CIPSOV4_C_ADD(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={0x0}}, 0x0) write(0xffffffffffffffff, &(0x7f0000000180)="1c0000004a005f0214f9f424000904000a", 0xfffffffffffffc70) splice(r0, 0x0, r1, 0x0, 0xfffd, 0x0) 14:47:08 executing program 4: r0 = socket$nl_audit(0x10, 0x3, 0x9) r1 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0}, &(0x7f0000000280)=0x5) setuid(r2) sendmsg$AUDIT_USER_AVC(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={0x0}}, 0x0) 14:47:08 executing program 3: bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000240)={&(0x7f0000000740)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x6, [@union={0x2}]}, {0x0, [0x0, 0x4f, 0x71, 0x61]}}, 0x0, 0x2a}, 0x20) 14:47:08 executing program 1: clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) setsockopt$IPT_SO_SET_REPLACE(r0, 0x4000000000000, 0x40, &(0x7f0000000540)=@raw={'raw\x00', 0x4001, 0x3, 0x4d8, 0x0, 0x0, 0x148, 0x360, 0x148, 0x440, 0x240, 0x240, 0x440, 0x240, 0x3, 0x0, {[{{@ip={@local, @empty, 0x0, 0x0, 'ip6gretap0\x00', 'team_slave_0\x00'}, 0x0, 0x2f8, 0x360, 0x0, {}, [@common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'lo\x00', {0x0, 0x2, 0x0, 0xf203, 0x0, 0x40000ec, 0x7}}}, @common=@unspec=@bpf1={{0x230, 'bpf\x00', 0x0}, @bytecode={0x2, 0x0, 0x0, [{0x0, 0x0, 0x0, 0x35}]}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, '\x00', 'syz0\x00'}}}, {{@uncond, 0x0, 0xc0, 0xe0, 0x0, {}, [@inet=@rpfilter={{0x28, 'rpfilter\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @unspec=@TRACE={0x20, 'TRACE\x00'}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x538) [ 243.673795][ T9853] xt_hashlimit: overflow, try lower: 2/0 14:47:09 executing program 5: creat(&(0x7f00000001c0)='./file0\x00', 0x32) fanotify_init(0x0, 0x0) openat$rfkill(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) unshare(0x8000400) mq_open(&(0x7f0000000000)='-$\x00', 0x6e93ebbbcc0884ee, 0x0, 0x0) ioctl$int_in(r0, 0x800000c004500a, &(0x7f0000000300)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000240)={0x0, 0x0}) mq_getsetattr(0xffffffffffffffff, 0x0, 0x0) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r1+30000000}, 0x0) 14:47:09 executing program 2: pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb", 0x8}], 0x1, 0x1) r2 = socket$inet_udplite(0x2, 0x2, 0x88) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) close(r1) r4 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r4, 0x10e, 0xc, &(0x7f0000000040)={0xf3a}, 0x10) sendmsg$NLBL_CIPSOV4_C_ADD(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={0x0}}, 0x0) write(0xffffffffffffffff, &(0x7f0000000180)="1c0000004a005f0214f9f424000904000a", 0xfffffffffffffc70) splice(r0, 0x0, r1, 0x0, 0xfffd, 0x0) 14:47:09 executing program 3: r0 = socket$inet6_sctp(0xa, 0x1, 0x84) ioctl$sock_inet6_SIOCADDRT(r0, 0x8918, &(0x7f0000000000)={@empty, @dev={0xfe, 0x80, [0x0, 0x0, 0x8]}, @mcast2}) 14:47:09 executing program 4: r0 = socket$nl_audit(0x10, 0x3, 0x9) r1 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0}, &(0x7f0000000280)=0x5) setuid(r2) sendmsg$AUDIT_USER_AVC(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={0x0}}, 0x0) 14:47:09 executing program 1: clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) setsockopt$IPT_SO_SET_REPLACE(r0, 0x4000000000000, 0x40, &(0x7f0000000540)=@raw={'raw\x00', 0x4001, 0x3, 0x4d8, 0x0, 0x0, 0x148, 0x360, 0x148, 0x440, 0x240, 0x240, 0x440, 0x240, 0x3, 0x0, {[{{@ip={@local, @empty, 0x0, 0x0, 'ip6gretap0\x00', 'team_slave_0\x00'}, 0x0, 0x2f8, 0x360, 0x0, {}, [@common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'lo\x00', {0x0, 0x2, 0x0, 0xf203, 0x0, 0x40000ec, 0x7}}}, @common=@unspec=@bpf1={{0x230, 'bpf\x00', 0x0}, @bytecode={0x2, 0x0, 0x0, [{0x0, 0x0, 0x0, 0x35}]}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, '\x00', 'syz0\x00'}}}, {{@uncond, 0x0, 0xc0, 0xe0, 0x0, {}, [@inet=@rpfilter={{0x28, 'rpfilter\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @unspec=@TRACE={0x20, 'TRACE\x00'}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x538) 14:47:09 executing program 0: syz_mount_image$msdos(&(0x7f0000000040)='msdos\x00', &(0x7f00000003c0)='./file1\x00', 0x79d5, 0x1, &(0x7f0000000300)=[{&(0x7f0000000140)="040005090000000066617400040409000200027400f801", 0x17}], 0x0, &(0x7f0000000080)=ANY=[]) r0 = creat(&(0x7f0000000680)='./bus\x00', 0x0) ftruncate(r0, 0x800) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = fcntl$dupfd(r1, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) lseek(r0, 0x0, 0x2) r4 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0) r5 = open(&(0x7f0000000400)='./bus\x00', 0x14183e, 0x0) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x7ffffe, 0x11, r5, 0x0) write$P9_RLERROR(r5, &(0x7f0000000080)={0x9}, 0x9) sendfile(r0, r4, 0x0, 0x8400f7fffff8) 14:47:09 executing program 2: pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66", 0x9}], 0x1, 0x1) r2 = socket$inet_udplite(0x2, 0x2, 0x88) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) close(r1) r4 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r4, 0x10e, 0xc, &(0x7f0000000040)={0xf3a}, 0x10) sendmsg$NLBL_CIPSOV4_C_ADD(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={0x0}}, 0x0) write(0xffffffffffffffff, &(0x7f0000000180)="1c0000004a005f0214f9f424000904000a", 0xfffffffffffffc70) splice(r0, 0x0, r1, 0x0, 0xfffd, 0x0) 14:47:09 executing program 1: clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) setsockopt$IPT_SO_SET_REPLACE(r0, 0x4000000000000, 0x40, &(0x7f0000000540)=@raw={'raw\x00', 0x4001, 0x3, 0x4d8, 0x0, 0x0, 0x148, 0x360, 0x148, 0x440, 0x240, 0x240, 0x440, 0x240, 0x3, 0x0, {[{{@ip={@local, @empty, 0x0, 0x0, 'ip6gretap0\x00', 'team_slave_0\x00'}, 0x0, 0x2f8, 0x360, 0x0, {}, [@common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'lo\x00', {0x0, 0x2, 0x0, 0xf203, 0x0, 0x40000ec, 0x7}}}, @common=@unspec=@bpf1={{0x230, 'bpf\x00', 0x0}, @bytecode={0x2, 0x0, 0x0, [{0x0, 0x0, 0x0, 0x35}]}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, '\x00', 'syz0\x00'}}}, {{@uncond, 0x0, 0xc0, 0xe0, 0x0, {}, [@inet=@rpfilter={{0x28, 'rpfilter\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @unspec=@TRACE={0x20, 'TRACE\x00'}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x538) 14:47:09 executing program 3: r0 = fsopen(&(0x7f00000000c0)='tracefs\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f0000000000)='*}\'%$/+(}:\x00', &(0x7f0000000040)='tracefs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) fsmount(r0, 0x0, 0x0) [ 244.743307][ T9872] xt_hashlimit: overflow, try lower: 2/0 14:47:09 executing program 4: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) setsockopt$ARPT_SO_SET_REPLACE(r1, 0xa02000000000000, 0x60, &(0x7f0000000340)={'filter\x00', 0x2801, 0x4, 0x428, 0x0, 0x0, 0x0, 0x302, 0x340, 0x340, 0x4, 0x0, {[{{@uncond=[0x2], 0xc0, 0x130}, @unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, "f67b23ffdfa27f907a03732da3acbc6518e62a77ca06f258762e88c0d9f9d2f413b976613bad414a105f4bdf01425ce81c5d00"}}}, {{@arp={@multicast2, @empty, 0x0, 0x0, 0x0, 0x0, {}, {}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 'ip6tnl0\x00'}, 0xc0, 0x100}, @unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "dcd23740354236d4baa41782325b176ddf7ab200d82bdbd14aa429ea1692"}}, {{@arp={@rand_addr, @multicast1, 0x0, 0x0, 0x0, 0x0, {@mac=@broadcast}, {@mac=@dev}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'gretap0\x00', 'wg0\x00'}, 0xc0, 0x110}, @mangle={0x50, 'mangle\x00', 0x0, {@empty, @empty, @loopback, @local}}}], {{[], 0xc0, 0xe8}, {0x28}}}}, 0x478) [ 244.915640][ T28] kauditd_printk_skb: 11 callbacks suppressed [ 244.915652][ T28] audit: type=1804 audit(1599749229.917:85): pid=9875 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir844479570/syzkaller.BBXZ1Y/50/bus" dev="sda1" ino=15691 res=1 errno=0 [ 244.980387][ T9885] xt_hashlimit: overflow, try lower: 2/0 14:47:10 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_open_pts(0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x70, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x200, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_open_procfs(0xffffffffffffffff, &(0x7f0000000380)='net/ip6_flowlabel\x00') r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x541c, &(0x7f0000000040)={0x2, {0x3, 0x0, 0x0, 0x400}}) r1 = gettid() ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(0x0, 0x0) 14:47:10 executing program 2: pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66", 0x9}], 0x1, 0x1) r2 = socket$inet_udplite(0x2, 0x2, 0x88) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) close(r1) r4 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r4, 0x10e, 0xc, &(0x7f0000000040)={0xf3a}, 0x10) sendmsg$NLBL_CIPSOV4_C_ADD(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={0x0}}, 0x0) write(0xffffffffffffffff, &(0x7f0000000180)="1c0000004a005f0214f9f424000904000a", 0xfffffffffffffc70) splice(r0, 0x0, r1, 0x0, 0xfffd, 0x0) 14:47:10 executing program 5: creat(&(0x7f00000001c0)='./file0\x00', 0x32) fanotify_init(0x0, 0x0) openat$rfkill(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) unshare(0x8000400) mq_open(&(0x7f0000000000)='-$\x00', 0x6e93ebbbcc0884ee, 0x0, 0x0) ioctl$int_in(r0, 0x800000c004500a, &(0x7f0000000300)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000240)={0x0, 0x0}) mq_getsetattr(0xffffffffffffffff, 0x0, 0x0) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r1+30000000}, 0x0) 14:47:10 executing program 3: r0 = syz_open_dev$sndpcmc(&(0x7f0000000040)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) ioctl$SNDRV_PCM_IOCTL_HW_REFINE_OLD(r0, 0xc1004110, &(0x7f0000000080)={0x0, [0x6], [], 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}) [ 245.074485][ T28] audit: type=1804 audit(1599749229.947:86): pid=9875 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir844479570/syzkaller.BBXZ1Y/50/bus" dev="sda1" ino=15691 res=1 errno=0 14:47:10 executing program 1: clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) setsockopt$IPT_SO_SET_REPLACE(r0, 0x4000000000000, 0x40, &(0x7f0000000540)=@raw={'raw\x00', 0x4001, 0x3, 0x4d8, 0x0, 0x0, 0x148, 0x360, 0x148, 0x440, 0x240, 0x240, 0x440, 0x240, 0x3, 0x0, {[{{@ip={@local, @empty, 0x0, 0x0, 'ip6gretap0\x00', 'team_slave_0\x00'}, 0x0, 0x2f8, 0x360, 0x0, {}, [@common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'lo\x00', {0x35, 0x0, 0x0, 0xf203, 0x0, 0x40000ec, 0x7}}}, @common=@unspec=@bpf1={{0x230, 'bpf\x00', 0x0}, @bytecode={0x2, 0x0, 0x0, [{0x0, 0x0, 0x0, 0x35}]}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, '\x00', 'syz0\x00'}}}, {{@uncond, 0x0, 0xc0, 0xe0, 0x0, {}, [@inet=@rpfilter={{0x28, 'rpfilter\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @unspec=@TRACE={0x20, 'TRACE\x00'}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x538) 14:47:10 executing program 1: clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) setsockopt$IPT_SO_SET_REPLACE(r0, 0x4000000000000, 0x40, &(0x7f0000000540)=@raw={'raw\x00', 0x4001, 0x3, 0x4d8, 0x0, 0x0, 0x148, 0x360, 0x148, 0x440, 0x240, 0x240, 0x440, 0x240, 0x3, 0x0, {[{{@ip={@local, @empty, 0x0, 0x0, 'ip6gretap0\x00', 'team_slave_0\x00'}, 0x0, 0x2f8, 0x360, 0x0, {}, [@common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'lo\x00', {0x35, 0x0, 0x0, 0xf203, 0x0, 0x40000ec, 0x7}}}, @common=@unspec=@bpf1={{0x230, 'bpf\x00', 0x0}, @bytecode={0x2, 0x0, 0x0, [{0x0, 0x0, 0x0, 0x35}]}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, '\x00', 'syz0\x00'}}}, {{@uncond, 0x0, 0xc0, 0xe0, 0x0, {}, [@inet=@rpfilter={{0x28, 'rpfilter\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @unspec=@TRACE={0x20, 'TRACE\x00'}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x538) [ 245.270620][ T9904] xt_hashlimit: overflow, rate too high: 0 [ 245.288995][ T28] audit: type=1804 audit(1599749229.957:87): pid=9875 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir844479570/syzkaller.BBXZ1Y/50/bus" dev="sda1" ino=15691 res=1 errno=0 14:47:10 executing program 2: pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66", 0x9}], 0x1, 0x1) r2 = socket$inet_udplite(0x2, 0x2, 0x88) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) close(r1) r4 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r4, 0x10e, 0xc, &(0x7f0000000040)={0xf3a}, 0x10) sendmsg$NLBL_CIPSOV4_C_ADD(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={0x0}}, 0x0) write(0xffffffffffffffff, &(0x7f0000000180)="1c0000004a005f0214f9f424000904000a", 0xfffffffffffffc70) splice(r0, 0x0, r1, 0x0, 0xfffd, 0x0) [ 245.452811][ T9910] xt_hashlimit: overflow, rate too high: 0 14:47:10 executing program 0: syz_mount_image$msdos(&(0x7f0000000040)='msdos\x00', &(0x7f00000003c0)='./file1\x00', 0x79d5, 0x1, &(0x7f0000000300)=[{&(0x7f0000000140)="040005090000000066617400040409000200027400f801", 0x17}], 0x0, &(0x7f0000000080)=ANY=[]) r0 = creat(&(0x7f0000000680)='./bus\x00', 0x0) ftruncate(r0, 0x800) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = fcntl$dupfd(r1, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) lseek(r0, 0x0, 0x2) r4 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0) r5 = open(&(0x7f0000000400)='./bus\x00', 0x14183e, 0x0) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x7ffffe, 0x11, r5, 0x0) write$P9_RLERROR(r5, &(0x7f0000000080)={0x9}, 0x9) sendfile(r0, r4, 0x0, 0x8400f7fffff8) 14:47:10 executing program 3: bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000000000000000000000611200000000000095000000000000007c0493250b892e97c689c050ff0473608c1d28d9d608"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) r2 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000100)={r1, r0, 0x2}, 0x10) socket$kcm(0xa, 0x2, 0x73) 14:47:10 executing program 1: clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) setsockopt$IPT_SO_SET_REPLACE(r0, 0x4000000000000, 0x40, &(0x7f0000000540)=@raw={'raw\x00', 0x4001, 0x3, 0x4d8, 0x0, 0x0, 0x148, 0x360, 0x148, 0x440, 0x240, 0x240, 0x440, 0x240, 0x3, 0x0, {[{{@ip={@local, @empty, 0x0, 0x0, 'ip6gretap0\x00', 'team_slave_0\x00'}, 0x0, 0x2f8, 0x360, 0x0, {}, [@common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'lo\x00', {0x35, 0x0, 0x0, 0xf203, 0x0, 0x40000ec, 0x7}}}, @common=@unspec=@bpf1={{0x230, 'bpf\x00', 0x0}, @bytecode={0x2, 0x0, 0x0, [{0x0, 0x0, 0x0, 0x35}]}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, '\x00', 'syz0\x00'}}}, {{@uncond, 0x0, 0xc0, 0xe0, 0x0, {}, [@inet=@rpfilter={{0x28, 'rpfilter\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @unspec=@TRACE={0x20, 'TRACE\x00'}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x538) 14:47:10 executing program 2: pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xa}], 0x1, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) close(r1) r4 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r4, 0x10e, 0xc, &(0x7f0000000040)={0xf3a}, 0x10) sendmsg$NLBL_CIPSOV4_C_ADD(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={0x0}}, 0x0) write(0xffffffffffffffff, &(0x7f0000000180)="1c0000004a005f0214f9f424000904000a", 0xfffffffffffffc70) splice(r0, 0x0, r1, 0x0, 0xfffd, 0x0) 14:47:10 executing program 4: r0 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x203, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair(0x15, 0x5, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) recvmsg$kcm(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000040)=@ax25, 0xfe76, &(0x7f0000000000)=[{&(0x7f0000000080)=""/151, 0x6129d00b}], 0x1, &(0x7f00000001c0)=""/4, 0x10036, 0x7301}, 0x3f9c) r2 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) sendmsg(r1, 0x0, 0x0) ioctl$TUNATTACHFILTER(r2, 0x401054d5, &(0x7f0000000340)={0x3f, &(0x7f0000000280)}) ioctl$PERF_EVENT_IOC_REFRESH(r0, 0x2402, 0xe43) r3 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) perf_event_open(0x0, 0x0, 0xffffffffffffffff, r3, 0x0) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x7, 0x0, 0x0) 14:47:10 executing program 5: creat(&(0x7f00000001c0)='./file0\x00', 0x32) fanotify_init(0x0, 0x0) openat$rfkill(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) unshare(0x8000400) mq_open(&(0x7f0000000000)='-$\x00', 0x6e93ebbbcc0884ee, 0x0, 0x0) ioctl$int_in(r0, 0x800000c004500a, &(0x7f0000000300)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000240)={0x0, 0x0}) mq_getsetattr(0xffffffffffffffff, 0x0, 0x0) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r1+30000000}, 0x0) 14:47:10 executing program 1: clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) setsockopt$IPT_SO_SET_REPLACE(r0, 0x4000000000000, 0x40, &(0x7f0000000540)=@raw={'raw\x00', 0x4001, 0x3, 0x4d8, 0x0, 0x0, 0x148, 0x360, 0x148, 0x440, 0x240, 0x240, 0x440, 0x240, 0x3, 0x0, {[{{@ip={@local, @empty, 0x0, 0x0, 'ip6gretap0\x00', 'team_slave_0\x00'}, 0x0, 0x2f8, 0x360, 0x0, {}, [@common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'lo\x00', {0x35, 0x2, 0x0, 0x0, 0x0, 0x40000ec, 0x7}}}, @common=@unspec=@bpf1={{0x230, 'bpf\x00', 0x0}, @bytecode={0x2, 0x0, 0x0, [{0x0, 0x0, 0x0, 0x35}]}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, '\x00', 'syz0\x00'}}}, {{@uncond, 0x0, 0xc0, 0xe0, 0x0, {}, [@inet=@rpfilter={{0x28, 'rpfilter\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @unspec=@TRACE={0x20, 'TRACE\x00'}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x538) [ 245.684635][ T9919] xt_hashlimit: overflow, rate too high: 0 14:47:10 executing program 3: bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000000000000000000000611200000000000095000000000000007c0493250b892e97c689c050ff0473608c1d28d9d608"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) r2 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000100)={r1, r0, 0x2}, 0x10) socket$kcm(0xa, 0x2, 0x73) 14:47:10 executing program 2: pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xa}], 0x1, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) close(r1) r4 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r4, 0x10e, 0xc, &(0x7f0000000040)={0xf3a}, 0x10) sendmsg$NLBL_CIPSOV4_C_ADD(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={0x0}}, 0x0) write(0xffffffffffffffff, &(0x7f0000000180)="1c0000004a005f0214f9f424000904000a", 0xfffffffffffffc70) splice(r0, 0x0, r1, 0x0, 0xfffd, 0x0) 14:47:10 executing program 4: bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000000000000000000000611200000000000095000000000000007c0493250b892e97c689c050ff0473608c1d28d9d608"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) r2 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000100)={r1, r0, 0x2}, 0x10) socket$kcm(0xa, 0x2, 0x73) [ 245.832348][ T9930] xt_bpf: check failed: parse error [ 245.879806][ T28] audit: type=1804 audit(1599749230.877:88): pid=9931 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir844479570/syzkaller.BBXZ1Y/51/bus" dev="sda1" ino=15959 res=1 errno=0 14:47:10 executing program 1: clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) setsockopt$IPT_SO_SET_REPLACE(r0, 0x4000000000000, 0x40, &(0x7f0000000540)=@raw={'raw\x00', 0x4001, 0x3, 0x4d8, 0x0, 0x0, 0x148, 0x360, 0x148, 0x440, 0x240, 0x240, 0x440, 0x240, 0x3, 0x0, {[{{@ip={@local, @empty, 0x0, 0x0, 'ip6gretap0\x00', 'team_slave_0\x00'}, 0x0, 0x2f8, 0x360, 0x0, {}, [@common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'lo\x00', {0x35, 0x2, 0x0, 0x0, 0x0, 0x40000ec, 0x7}}}, @common=@unspec=@bpf1={{0x230, 'bpf\x00', 0x0}, @bytecode={0x2, 0x0, 0x0, [{0x0, 0x0, 0x0, 0x35}]}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, '\x00', 'syz0\x00'}}}, {{@uncond, 0x0, 0xc0, 0xe0, 0x0, {}, [@inet=@rpfilter={{0x28, 'rpfilter\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @unspec=@TRACE={0x20, 'TRACE\x00'}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x538) 14:47:11 executing program 3: bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000000000000000000000611200000000000095000000000000007c0493250b892e97c689c050ff0473608c1d28d9d608"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) r2 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000100)={r1, r0, 0x2}, 0x10) socket$kcm(0xa, 0x2, 0x73) [ 245.989801][ T28] audit: type=1804 audit(1599749230.877:89): pid=9931 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir844479570/syzkaller.BBXZ1Y/51/bus" dev="sda1" ino=15959 res=1 errno=0 [ 246.024093][ T28] audit: type=1804 audit(1599749230.877:90): pid=9931 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir844479570/syzkaller.BBXZ1Y/51/bus" dev="sda1" ino=15959 res=1 errno=0 [ 246.099077][ T9943] xt_bpf: check failed: parse error 14:47:11 executing program 0: chdir(&(0x7f0000000000)='./file1\x00') r0 = creat(&(0x7f0000000680)='./bus\x00', 0x0) ftruncate(r0, 0x800) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = fcntl$dupfd(r1, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) lseek(r0, 0x0, 0x2) r4 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0) r5 = open(&(0x7f0000000400)='./bus\x00', 0x14183e, 0x0) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x7ffffe, 0x11, r5, 0x0) write$P9_RLERROR(r5, &(0x7f0000000080)={0x9}, 0x9) sendfile(r0, r4, 0x0, 0x8400f7fffff8) 14:47:11 executing program 2: pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xa}], 0x1, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) close(r1) r4 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r4, 0x10e, 0xc, &(0x7f0000000040)={0xf3a}, 0x10) sendmsg$NLBL_CIPSOV4_C_ADD(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={0x0}}, 0x0) write(0xffffffffffffffff, &(0x7f0000000180)="1c0000004a005f0214f9f424000904000a", 0xfffffffffffffc70) splice(r0, 0x0, r1, 0x0, 0xfffd, 0x0) 14:47:11 executing program 5: creat(&(0x7f00000001c0)='./file0\x00', 0x32) fanotify_init(0x0, 0x0) openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040)='/dev/rfkill\x00', 0x0, 0x0) r0 = openat$audio(0xffffffffffffff9c, 0x0, 0x0, 0x0) unshare(0x8000400) mq_open(&(0x7f0000000000)='-$\x00', 0x6e93ebbbcc0884ee, 0x0, 0x0) ioctl$int_in(r0, 0x800000c004500a, &(0x7f0000000300)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000240)={0x0, 0x0}) mq_getsetattr(0xffffffffffffffff, 0x0, 0x0) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r1+30000000}, 0x0) 14:47:11 executing program 4: bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000000000000000000000611200000000000095000000000000007c0493250b892e97c689c050ff0473608c1d28d9d608"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) r2 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000100)={r1, r0, 0x2}, 0x10) socket$kcm(0xa, 0x2, 0x73) 14:47:11 executing program 1: clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) setsockopt$IPT_SO_SET_REPLACE(r0, 0x4000000000000, 0x40, &(0x7f0000000540)=@raw={'raw\x00', 0x4001, 0x3, 0x4d8, 0x0, 0x0, 0x148, 0x360, 0x148, 0x440, 0x240, 0x240, 0x440, 0x240, 0x3, 0x0, {[{{@ip={@local, @empty, 0x0, 0x0, 'ip6gretap0\x00', 'team_slave_0\x00'}, 0x0, 0x2f8, 0x360, 0x0, {}, [@common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'lo\x00', {0x35, 0x2, 0x0, 0x0, 0x0, 0x40000ec, 0x7}}}, @common=@unspec=@bpf1={{0x230, 'bpf\x00', 0x0}, @bytecode={0x2, 0x0, 0x0, [{0x0, 0x0, 0x0, 0x35}]}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, '\x00', 'syz0\x00'}}}, {{@uncond, 0x0, 0xc0, 0xe0, 0x0, {}, [@inet=@rpfilter={{0x28, 'rpfilter\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @unspec=@TRACE={0x20, 'TRACE\x00'}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x538) 14:47:11 executing program 3: bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000000000000000000000611200000000000095000000000000007c0493250b892e97c689c050ff0473608c1d28d9d608"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) r2 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000100)={r1, r0, 0x2}, 0x10) socket$kcm(0xa, 0x2, 0x73) [ 246.680407][ T9960] xt_bpf: check failed: parse error 14:47:11 executing program 2: pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1) socket$inet_udplite(0x2, 0x2, 0x88) r2 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) close(r1) r3 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r3, 0x10e, 0xc, &(0x7f0000000040)={0xf3a}, 0x10) sendmsg$NLBL_CIPSOV4_C_ADD(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={0x0}}, 0x0) write(0xffffffffffffffff, &(0x7f0000000180)="1c0000004a005f0214f9f424000904000a", 0xfffffffffffffc70) splice(r0, 0x0, r1, 0x0, 0xfffd, 0x0) 14:47:11 executing program 5: creat(&(0x7f00000001c0)='./file0\x00', 0x32) fanotify_init(0x0, 0x0) openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040)='/dev/rfkill\x00', 0x0, 0x0) r0 = openat$audio(0xffffffffffffff9c, 0x0, 0x0, 0x0) unshare(0x8000400) mq_open(&(0x7f0000000000)='-$\x00', 0x6e93ebbbcc0884ee, 0x0, 0x0) ioctl$int_in(r0, 0x800000c004500a, &(0x7f0000000300)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000240)={0x0, 0x0}) mq_getsetattr(0xffffffffffffffff, 0x0, 0x0) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r1+30000000}, 0x0) 14:47:11 executing program 4: bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000000000000000000000611200000000000095000000000000007c0493250b892e97c689c050ff0473608c1d28d9d608"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) r2 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000100)={r1, r0, 0x2}, 0x10) socket$kcm(0xa, 0x2, 0x73) 14:47:11 executing program 3: bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000000000000000000000611200000000000095000000000000007c0493250b892e97c689c050ff0473608c1d28d9d608"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) r0 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) socket$kcm(0xa, 0x2, 0x73) 14:47:11 executing program 1: clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) setsockopt$IPT_SO_SET_REPLACE(r0, 0x4000000000000, 0x40, &(0x7f0000000540)=@raw={'raw\x00', 0x4001, 0x3, 0x4d8, 0x0, 0x0, 0x148, 0x360, 0x148, 0x440, 0x240, 0x240, 0x440, 0x240, 0x3, 0x0, {[{{@ip={@local, @empty, 0x0, 0x0, 'ip6gretap0\x00', 'team_slave_0\x00'}, 0x0, 0x2f8, 0x360, 0x0, {}, [@common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'lo\x00', {0x35, 0x2, 0x0, 0xf203, 0x0, 0x0, 0x7}}}, @common=@unspec=@bpf1={{0x230, 'bpf\x00', 0x0}, @bytecode={0x2, 0x0, 0x0, [{0x0, 0x0, 0x0, 0x35}]}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, '\x00', 'syz0\x00'}}}, {{@uncond, 0x0, 0xc0, 0xe0, 0x0, {}, [@inet=@rpfilter={{0x28, 'rpfilter\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @unspec=@TRACE={0x20, 'TRACE\x00'}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x538) 14:47:11 executing program 1: clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) setsockopt$IPT_SO_SET_REPLACE(r0, 0x4000000000000, 0x40, &(0x7f0000000540)=@raw={'raw\x00', 0x4001, 0x3, 0x4d8, 0x0, 0x0, 0x148, 0x360, 0x148, 0x440, 0x240, 0x240, 0x440, 0x240, 0x3, 0x0, {[{{@ip={@local, @empty, 0x0, 0x0, 'ip6gretap0\x00', 'team_slave_0\x00'}, 0x0, 0x2f8, 0x360, 0x0, {}, [@common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'lo\x00', {0x35, 0x2, 0x0, 0xf203, 0x0, 0x0, 0x7}}}, @common=@unspec=@bpf1={{0x230, 'bpf\x00', 0x0}, @bytecode={0x2, 0x0, 0x0, [{0x0, 0x0, 0x0, 0x35}]}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, '\x00', 'syz0\x00'}}}, {{@uncond, 0x0, 0xc0, 0xe0, 0x0, {}, [@inet=@rpfilter={{0x28, 'rpfilter\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @unspec=@TRACE={0x20, 'TRACE\x00'}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x538) [ 246.874027][ T28] audit: type=1804 audit(1599749231.877:91): pid=9970 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir844479570/syzkaller.BBXZ1Y/52/bus" dev="sda1" ino=15962 res=1 errno=0 [ 247.008718][ T28] audit: type=1804 audit(1599749231.907:92): pid=9970 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir844479570/syzkaller.BBXZ1Y/52/bus" dev="sda1" ino=15962 res=1 errno=0 [ 247.153356][ T28] audit: type=1804 audit(1599749231.907:93): pid=9970 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir844479570/syzkaller.BBXZ1Y/52/bus" dev="sda1" ino=15962 res=1 errno=0 14:47:12 executing program 0: chdir(&(0x7f0000000000)='./file1\x00') r0 = creat(&(0x7f0000000680)='./bus\x00', 0x0) ftruncate(r0, 0x800) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = fcntl$dupfd(r1, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) lseek(r0, 0x0, 0x2) r4 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0) r5 = open(&(0x7f0000000400)='./bus\x00', 0x14183e, 0x0) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x7ffffe, 0x11, r5, 0x0) write$P9_RLERROR(r5, &(0x7f0000000080)={0x9}, 0x9) sendfile(r0, r4, 0x0, 0x8400f7fffff8) 14:47:12 executing program 3: bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000000000000000000000611200000000000095000000000000007c0493250b892e97c689c050ff0473608c1d28d9d608"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) r0 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) socket$kcm(0xa, 0x2, 0x73) 14:47:12 executing program 1: clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) setsockopt$IPT_SO_SET_REPLACE(r0, 0x4000000000000, 0x40, &(0x7f0000000540)=@raw={'raw\x00', 0x4001, 0x3, 0x4d8, 0x0, 0x0, 0x148, 0x360, 0x148, 0x440, 0x240, 0x240, 0x440, 0x240, 0x3, 0x0, {[{{@ip={@local, @empty, 0x0, 0x0, 'ip6gretap0\x00', 'team_slave_0\x00'}, 0x0, 0x2f8, 0x360, 0x0, {}, [@common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'lo\x00', {0x35, 0x2, 0x0, 0xf203, 0x0, 0x0, 0x7}}}, @common=@unspec=@bpf1={{0x230, 'bpf\x00', 0x0}, @bytecode={0x2, 0x0, 0x0, [{0x0, 0x0, 0x0, 0x35}]}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, '\x00', 'syz0\x00'}}}, {{@uncond, 0x0, 0xc0, 0xe0, 0x0, {}, [@inet=@rpfilter={{0x28, 'rpfilter\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @unspec=@TRACE={0x20, 'TRACE\x00'}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x538) 14:47:12 executing program 4: bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000000000000000000000611200000000000095000000000000007c0493250b892e97c689c050ff0473608c1d28d9d608"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) r2 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000100)={r1, r0, 0x2}, 0x10) 14:47:12 executing program 2: pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1) socket$inet_udplite(0x2, 0x2, 0x88) r2 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) close(r1) r3 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r3, 0x10e, 0xc, &(0x7f0000000040)={0xf3a}, 0x10) sendmsg$NLBL_CIPSOV4_C_ADD(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={0x0}}, 0x0) write(0xffffffffffffffff, &(0x7f0000000180)="1c0000004a005f0214f9f424000904000a", 0xfffffffffffffc70) splice(r0, 0x0, r1, 0x0, 0xfffd, 0x0) 14:47:12 executing program 5: creat(&(0x7f00000001c0)='./file0\x00', 0x32) fanotify_init(0x0, 0x0) openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040)='/dev/rfkill\x00', 0x0, 0x0) r0 = openat$audio(0xffffffffffffff9c, 0x0, 0x0, 0x0) unshare(0x8000400) mq_open(&(0x7f0000000000)='-$\x00', 0x6e93ebbbcc0884ee, 0x0, 0x0) ioctl$int_in(r0, 0x800000c004500a, &(0x7f0000000300)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000240)={0x0, 0x0}) mq_getsetattr(0xffffffffffffffff, 0x0, 0x0) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r1+30000000}, 0x0) 14:47:12 executing program 1: clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) setsockopt$IPT_SO_SET_REPLACE(r0, 0x4000000000000, 0x40, &(0x7f0000000540)=@raw={'raw\x00', 0x4001, 0x3, 0x4d8, 0x0, 0x0, 0x148, 0x360, 0x148, 0x440, 0x240, 0x240, 0x440, 0x240, 0x3, 0x0, {[{{@ip={@local, @empty, 0x0, 0x0, 'ip6gretap0\x00', 'team_slave_0\x00'}, 0x0, 0x2f8, 0x360, 0x0, {}, [@common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'lo\x00', {0x35, 0x2, 0x0, 0xf203, 0x0, 0x40000ec}}}, @common=@unspec=@bpf1={{0x230, 'bpf\x00', 0x0}, @bytecode={0x2, 0x0, 0x0, [{0x0, 0x0, 0x0, 0x35}]}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, '\x00', 'syz0\x00'}}}, {{@uncond, 0x0, 0xc0, 0xe0, 0x0, {}, [@inet=@rpfilter={{0x28, 'rpfilter\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @unspec=@TRACE={0x20, 'TRACE\x00'}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x538) 14:47:12 executing program 3: bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000000000000000000000611200000000000095000000000000007c0493250b892e97c689c050ff0473608c1d28d9d608"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) r0 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) socket$kcm(0xa, 0x2, 0x73) 14:47:12 executing program 4: bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000000000000000000000611200000000000095000000000000007c0493250b892e97c689c050ff0473608c1d28d9d608"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) socket$kcm(0x2b, 0x1, 0x0) bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000100)={r1, r0, 0x2}, 0x10) 14:47:12 executing program 2: pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1) socket$inet_udplite(0x2, 0x2, 0x88) r2 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) close(r1) r3 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r3, 0x10e, 0xc, &(0x7f0000000040)={0xf3a}, 0x10) sendmsg$NLBL_CIPSOV4_C_ADD(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={0x0}}, 0x0) write(0xffffffffffffffff, &(0x7f0000000180)="1c0000004a005f0214f9f424000904000a", 0xfffffffffffffc70) splice(r0, 0x0, r1, 0x0, 0xfffd, 0x0) 14:47:12 executing program 1: clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) setsockopt$IPT_SO_SET_REPLACE(r0, 0x4000000000000, 0x40, &(0x7f0000000540)=@raw={'raw\x00', 0x4001, 0x3, 0x4d8, 0x0, 0x0, 0x148, 0x360, 0x148, 0x440, 0x240, 0x240, 0x440, 0x240, 0x3, 0x0, {[{{@ip={@local, @empty, 0x0, 0x0, 'ip6gretap0\x00', 'team_slave_0\x00'}, 0x0, 0x2f8, 0x360, 0x0, {}, [@common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'lo\x00', {0x35, 0x2, 0x0, 0xf203, 0x0, 0x40000ec}}}, @common=@unspec=@bpf1={{0x230, 'bpf\x00', 0x0}, @bytecode={0x2, 0x0, 0x0, [{0x0, 0x0, 0x0, 0x35}]}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, '\x00', 'syz0\x00'}}}, {{@uncond, 0x0, 0xc0, 0xe0, 0x0, {}, [@inet=@rpfilter={{0x28, 'rpfilter\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @unspec=@TRACE={0x20, 'TRACE\x00'}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x538) [ 247.893146][ T28] audit: type=1804 audit(1599749232.897:94): pid=9999 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir844479570/syzkaller.BBXZ1Y/53/bus" dev="sda1" ino=15984 res=1 errno=0 14:47:13 executing program 3: bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000000000000000000000611200000000000095000000000000007c0493250b892e97c689c050ff0473608c1d28d9d608"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) socket$kcm(0x2b, 0x1, 0x0) bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000100)={r1, r0, 0x2}, 0x10) socket$kcm(0xa, 0x2, 0x73) 14:47:13 executing program 0: chdir(&(0x7f0000000000)='./file1\x00') r0 = creat(&(0x7f0000000680)='./bus\x00', 0x0) ftruncate(r0, 0x800) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = fcntl$dupfd(r1, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) lseek(r0, 0x0, 0x2) r4 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0) r5 = open(&(0x7f0000000400)='./bus\x00', 0x14183e, 0x0) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x7ffffe, 0x11, r5, 0x0) write$P9_RLERROR(r5, &(0x7f0000000080)={0x9}, 0x9) sendfile(r0, r4, 0x0, 0x8400f7fffff8) 14:47:13 executing program 2: pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1) r2 = socket$inet_udplite(0x2, 0x2, 0x88) dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) close(r1) r3 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r3, 0x10e, 0xc, &(0x7f0000000040)={0xf3a}, 0x10) sendmsg$NLBL_CIPSOV4_C_ADD(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={0x0}}, 0x0) write(0xffffffffffffffff, &(0x7f0000000180)="1c0000004a005f0214f9f424000904000a", 0xfffffffffffffc70) splice(r0, 0x0, r1, 0x0, 0xfffd, 0x0) 14:47:13 executing program 1: clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) setsockopt$IPT_SO_SET_REPLACE(r0, 0x4000000000000, 0x40, &(0x7f0000000540)=@raw={'raw\x00', 0x4001, 0x3, 0x4d8, 0x0, 0x0, 0x148, 0x360, 0x148, 0x440, 0x240, 0x240, 0x440, 0x240, 0x3, 0x0, {[{{@ip={@local, @empty, 0x0, 0x0, 'ip6gretap0\x00', 'team_slave_0\x00'}, 0x0, 0x2f8, 0x360, 0x0, {}, [@common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'lo\x00', {0x35, 0x2, 0x0, 0xf203, 0x0, 0x40000ec}}}, @common=@unspec=@bpf1={{0x230, 'bpf\x00', 0x0}, @bytecode={0x2, 0x0, 0x0, [{0x0, 0x0, 0x0, 0x35}]}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, '\x00', 'syz0\x00'}}}, {{@uncond, 0x0, 0xc0, 0xe0, 0x0, {}, [@inet=@rpfilter={{0x28, 'rpfilter\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @unspec=@TRACE={0x20, 'TRACE\x00'}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x538) 14:47:13 executing program 4: bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000000000000000000000611200000000000095000000000000007c0493250b892e97c689c050ff0473608c1d28d9d608"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) socket$kcm(0x2b, 0x1, 0x0) bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000100)={r1, r0, 0x2}, 0x10) 14:47:13 executing program 3: bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000000000000000000000611200000000000095000000000000007c0493250b892e97c689c050ff0473608c1d28d9d608"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) socket$kcm(0x2b, 0x1, 0x0) bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000100)={r1, r0, 0x2}, 0x10) socket$kcm(0xa, 0x2, 0x73) 14:47:13 executing program 5: creat(&(0x7f00000001c0)='./file0\x00', 0x32) fanotify_init(0x0, 0x0) openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040)='/dev/rfkill\x00', 0x0, 0x0) r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) unshare(0x0) mq_open(&(0x7f0000000000)='-$\x00', 0x6e93ebbbcc0884ee, 0x0, 0x0) ioctl$int_in(r0, 0x800000c004500a, &(0x7f0000000300)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000240)={0x0, 0x0}) mq_getsetattr(0xffffffffffffffff, 0x0, 0x0) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r1+30000000}, 0x0) 14:47:13 executing program 5: creat(&(0x7f00000001c0)='./file0\x00', 0x32) fanotify_init(0x0, 0x0) openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040)='/dev/rfkill\x00', 0x0, 0x0) r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) unshare(0x0) mq_open(&(0x7f0000000000)='-$\x00', 0x6e93ebbbcc0884ee, 0x0, 0x0) ioctl$int_in(r0, 0x800000c004500a, &(0x7f0000000300)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000240)={0x0, 0x0}) mq_getsetattr(0xffffffffffffffff, 0x0, 0x0) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r1+30000000}, 0x0) 14:47:13 executing program 4: bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000000000000000000000611200000000000095000000000000007c0493250b892e97c689c050ff0473608c1d28d9d608"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) socket$kcm(0x2b, 0x1, 0x0) bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000100)={r1, r0, 0x2}, 0x10) 14:47:13 executing program 3: bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000000000000000000000611200000000000095000000000000007c0493250b892e97c689c050ff0473608c1d28d9d608"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) socket$kcm(0x2b, 0x1, 0x0) bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000100)={r1, r0, 0x2}, 0x10) socket$kcm(0xa, 0x2, 0x73) 14:47:13 executing program 2: pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1) r2 = socket$inet_udplite(0x2, 0x2, 0x88) dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) close(r1) r3 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r3, 0x10e, 0xc, &(0x7f0000000040)={0xf3a}, 0x10) sendmsg$NLBL_CIPSOV4_C_ADD(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={0x0}}, 0x0) write(0xffffffffffffffff, &(0x7f0000000180)="1c0000004a005f0214f9f424000904000a", 0xfffffffffffffc70) splice(r0, 0x0, r1, 0x0, 0xfffd, 0x0) 14:47:13 executing program 1: r0 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_UMEM_REG(r0, 0x11b, 0x4, &(0x7f0000000040)={&(0x7f0000000000)=""/2, 0x2000, 0x800}, 0x18) mmap$xdp(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x0, 0x11, r0, 0x100000000) 14:47:14 executing program 4: bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000000000000000000000611200000000000095000000000000007c0493250b892e97c689c050ff0473608c1d28d9d608"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000100)={r1, r0, 0x2}, 0x10) 14:47:14 executing program 0: syz_mount_image$msdos(0x0, &(0x7f00000003c0)='./file1\x00', 0x79d5, 0x1, &(0x7f0000000300)=[{&(0x7f0000000140)="040005090000000066617400040409000200027400f801", 0x17}], 0x0, &(0x7f0000000080)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') r0 = creat(&(0x7f0000000680)='./bus\x00', 0x0) ftruncate(r0, 0x800) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = fcntl$dupfd(r1, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) lseek(r0, 0x0, 0x2) r4 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0) r5 = open(&(0x7f0000000400)='./bus\x00', 0x14183e, 0x0) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x7ffffe, 0x11, r5, 0x0) write$P9_RLERROR(r5, &(0x7f0000000080)={0x9}, 0x9) sendfile(r0, r4, 0x0, 0x8400f7fffff8) 14:47:14 executing program 5: creat(&(0x7f00000001c0)='./file0\x00', 0x32) fanotify_init(0x0, 0x0) openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040)='/dev/rfkill\x00', 0x0, 0x0) r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) unshare(0x0) mq_open(&(0x7f0000000000)='-$\x00', 0x6e93ebbbcc0884ee, 0x0, 0x0) ioctl$int_in(r0, 0x800000c004500a, &(0x7f0000000300)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000240)={0x0, 0x0}) mq_getsetattr(0xffffffffffffffff, 0x0, 0x0) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r1+30000000}, 0x0) 14:47:14 executing program 3: bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000000000000000000000611200000000000095000000000000007c0493250b892e97c689c050ff0473608c1d28d9d608"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000100)={r1, r0, 0x2}, 0x10) socket$kcm(0xa, 0x2, 0x73) 14:47:14 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = dup(r0) fsconfig$FSCONFIG_SET_FD(r1, 0x7, 0x0, 0x0, 0xffffffffffffffff) 14:47:14 executing program 2: pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1) r2 = socket$inet_udplite(0x2, 0x2, 0x88) dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) close(r1) r3 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r3, 0x10e, 0xc, &(0x7f0000000040)={0xf3a}, 0x10) sendmsg$NLBL_CIPSOV4_C_ADD(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={0x0}}, 0x0) write(0xffffffffffffffff, &(0x7f0000000180)="1c0000004a005f0214f9f424000904000a", 0xfffffffffffffc70) splice(r0, 0x0, r1, 0x0, 0xfffd, 0x0) 14:47:14 executing program 4: bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000000000000000000000611200000000000095000000000000007c0493250b892e97c689c050ff0473608c1d28d9d608"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000100)={r1, r0, 0x2}, 0x10) 14:47:14 executing program 1: setresuid(0xffffffffffffffff, 0xee00, 0xee00) syz_init_net_socket$x25(0x9, 0x5, 0x0) 14:47:14 executing program 5: creat(&(0x7f00000001c0)='./file0\x00', 0x32) fanotify_init(0x0, 0x0) openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040)='/dev/rfkill\x00', 0x0, 0x0) r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) unshare(0x8000400) mq_open(0x0, 0x6e93ebbbcc0884ee, 0x0, 0x0) ioctl$int_in(r0, 0x800000c004500a, &(0x7f0000000300)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000240)={0x0, 0x0}) mq_getsetattr(0xffffffffffffffff, 0x0, 0x0) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r1+30000000}, 0x0) 14:47:14 executing program 3: bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000000000000000000000611200000000000095000000000000007c0493250b892e97c689c050ff0473608c1d28d9d608"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000100)={r1, r0, 0x2}, 0x10) socket$kcm(0xa, 0x2, 0x73) 14:47:14 executing program 2: pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1) r2 = socket$inet_udplite(0x2, 0x2, 0x88) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x0) close(r1) r4 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r4, 0x10e, 0xc, &(0x7f0000000040)={0xf3a}, 0x10) sendmsg$NLBL_CIPSOV4_C_ADD(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={0x0}}, 0x0) write(0xffffffffffffffff, &(0x7f0000000180)="1c0000004a005f0214f9f424000904000a", 0xfffffffffffffc70) splice(r0, 0x0, r1, 0x0, 0xfffd, 0x0) 14:47:14 executing program 4: bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000000000000000000000611200000000000095000000000000007c0493250b892e97c689c050ff0473608c1d28d9d608"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000100)={r1, r0, 0x2}, 0x10) 14:47:14 executing program 1: mkdir(&(0x7f00000001c0)='./file0\x00', 0x0) mkdir(&(0x7f00000009c0)='./file1\x00', 0x0) r0 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) setxattr$system_posix_acl(&(0x7f0000000580)='./file1\x00', &(0x7f00000005c0)='system.posix_acl_default\x00', &(0x7f0000000c40)=ANY=[@ANYBLOB="02000000010000000000000002000000", @ANYRES32=0x0, @ANYBLOB="02000000", @ANYRES32=0x0, @ANYBLOB="0400000000000400080000", @ANYRES32=0x0, @ANYBLOB='\b\x00\x00\x00', @ANYRES32=0x0, @ANYBLOB='\b\x00', @ANYRES32=0x0, @ANYBLOB='\b\x00\x00\x00', @ANYRES32=0x0, @ANYBLOB='\b\x00\x00\x00', @ANYRES32=0x0, @ANYBLOB="100000000000000020"], 0x5c, 0x0) ioctl$F2FS_IOC_MOVE_RANGE(r0, 0xc020f509, &(0x7f0000000040)={r0, 0x0, 0x401, 0x1}) ioctl$NBD_SET_SOCK(0xffffffffffffffff, 0xab00, r1) mount$overlay(0x40000a, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='overlay\x00', 0xb, &(0x7f0000000100)={[{@upperdir={'upperdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './file1'}, 0x5c}], [], 0xf603000000000000}) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='cgroup2\x00', 0x0, 0x0) [ 250.334859][T10080] overlayfs: filesystem on './file0' not supported as upperdir 14:47:15 executing program 4: bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000100)={0xffffffffffffffff, r0, 0x2}, 0x10) 14:47:15 executing program 3: bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000000000000000000000611200000000000095000000000000007c0493250b892e97c689c050ff0473608c1d28d9d608"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000100)={r1, r0, 0x2}, 0x10) socket$kcm(0xa, 0x2, 0x73) 14:47:15 executing program 2: pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1) r2 = socket$inet_udplite(0x2, 0x2, 0x88) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x0) close(r1) r4 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r4, 0x10e, 0xc, &(0x7f0000000040)={0xf3a}, 0x10) sendmsg$NLBL_CIPSOV4_C_ADD(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={0x0}}, 0x0) write(0xffffffffffffffff, &(0x7f0000000180)="1c0000004a005f0214f9f424000904000a", 0xfffffffffffffc70) splice(r0, 0x0, r1, 0x0, 0xfffd, 0x0) 14:47:15 executing program 1: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair(0x1, 0x1, 0x0, &(0x7f0000000140)={0x0, 0x0}) recvmsg$kcm(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000380), 0x10000023, &(0x7f00000002c0)=""/77, 0x42e}, 0x0) recvmsg$kcm(r0, &(0x7f0000000200)={&(0x7f0000000040)=@ax25, 0xfe76, &(0x7f0000000000)=[{&(0x7f0000000080)=""/151, 0x6129d00b}], 0x1, &(0x7f00000001c0)=""/4, 0x10036, 0x7301}, 0x3f9c) sendmsg(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000100), 0x47, &(0x7f0000000000)}, 0x0) recvmsg(r0, &(0x7f0000000a80)={0x0, 0x0, 0x0}, 0x40000000) 14:47:15 executing program 5: creat(&(0x7f00000001c0)='./file0\x00', 0x32) fanotify_init(0x0, 0x0) openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040)='/dev/rfkill\x00', 0x0, 0x0) r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) unshare(0x8000400) mq_open(0x0, 0x6e93ebbbcc0884ee, 0x0, 0x0) ioctl$int_in(r0, 0x800000c004500a, &(0x7f0000000300)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000240)={0x0, 0x0}) mq_getsetattr(0xffffffffffffffff, 0x0, 0x0) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r1+30000000}, 0x0) 14:47:15 executing program 0: syz_mount_image$msdos(0x0, &(0x7f00000003c0)='./file1\x00', 0x79d5, 0x1, &(0x7f0000000300)=[{&(0x7f0000000140)="040005090000000066617400040409000200027400f801", 0x17}], 0x0, &(0x7f0000000080)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') r0 = creat(&(0x7f0000000680)='./bus\x00', 0x0) ftruncate(r0, 0x800) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = fcntl$dupfd(r1, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) lseek(r0, 0x0, 0x2) r4 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0) r5 = open(&(0x7f0000000400)='./bus\x00', 0x14183e, 0x0) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x7ffffe, 0x11, r5, 0x0) write$P9_RLERROR(r5, &(0x7f0000000080)={0x9}, 0x9) sendfile(r0, r4, 0x0, 0x8400f7fffff8) 14:47:15 executing program 5: creat(&(0x7f00000001c0)='./file0\x00', 0x32) fanotify_init(0x0, 0x0) openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040)='/dev/rfkill\x00', 0x0, 0x0) r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) unshare(0x8000400) mq_open(0x0, 0x6e93ebbbcc0884ee, 0x0, 0x0) ioctl$int_in(r0, 0x800000c004500a, &(0x7f0000000300)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000240)={0x0, 0x0}) mq_getsetattr(0xffffffffffffffff, 0x0, 0x0) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r1+30000000}, 0x0) 14:47:15 executing program 3: bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000100)={0xffffffffffffffff, r0, 0x2}, 0x10) socket$kcm(0xa, 0x2, 0x73) 14:47:15 executing program 4: bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000100)={0xffffffffffffffff, r0, 0x2}, 0x10) 14:47:15 executing program 2: pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1) r2 = socket$inet_udplite(0x2, 0x2, 0x88) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x0) close(r1) r4 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r4, 0x10e, 0xc, &(0x7f0000000040)={0xf3a}, 0x10) sendmsg$NLBL_CIPSOV4_C_ADD(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={0x0}}, 0x0) write(0xffffffffffffffff, &(0x7f0000000180)="1c0000004a005f0214f9f424000904000a", 0xfffffffffffffc70) splice(r0, 0x0, r1, 0x0, 0xfffd, 0x0) [ 250.884417][ T28] kauditd_printk_skb: 8 callbacks suppressed [ 250.884465][ T28] audit: type=1804 audit(1599749235.887:103): pid=10098 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir844479570/syzkaller.BBXZ1Y/56/file1/bus" dev="sda1" ino=15977 res=1 errno=0 [ 251.124013][ T28] audit: type=1804 audit(1599749235.947:104): pid=10101 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir844479570/syzkaller.BBXZ1Y/56/file1/bus" dev="sda1" ino=15977 res=1 errno=0 14:47:16 executing program 3: bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000100)={0xffffffffffffffff, r0, 0x2}, 0x10) socket$kcm(0xa, 0x2, 0x73) 14:47:16 executing program 4: bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000100)={0xffffffffffffffff, r0, 0x2}, 0x10) 14:47:16 executing program 2: pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1) r2 = socket$inet_udplite(0x2, 0x2, 0x88) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) close(0xffffffffffffffff) r4 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r4, 0x10e, 0xc, &(0x7f0000000040)={0xf3a}, 0x10) sendmsg$NLBL_CIPSOV4_C_ADD(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={0x0}}, 0x0) write(0xffffffffffffffff, &(0x7f0000000180)="1c0000004a005f0214f9f424000904000a", 0xfffffffffffffc70) splice(r0, 0x0, r1, 0x0, 0xfffd, 0x0) [ 251.304791][ T28] audit: type=1804 audit(1599749235.947:105): pid=10098 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir844479570/syzkaller.BBXZ1Y/56/file1/bus" dev="sda1" ino=15977 res=1 errno=0 14:47:16 executing program 4: bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000000000000000000000611200000000000095000000000000007c0493250b892e97c689c050ff0473608c1d28d9d608"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000100)={r0, 0xffffffffffffffff, 0x2}, 0x10) 14:47:16 executing program 3: bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000100)={0xffffffffffffffff, r0, 0x2}, 0x10) socket$kcm(0xa, 0x2, 0x73) 14:47:16 executing program 1: r0 = memfd_create(&(0x7f0000000780)='\x00', 0x0) write(r0, &(0x7f00000000c0)='i', 0x1) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1000001, 0x11, r0, 0x0) r1 = socket(0x15, 0x5, 0x0) getsockopt(r1, 0x200000000114, 0x271f, 0x0, &(0x7f0000000000)) 14:47:16 executing program 2: pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1) r2 = socket$inet_udplite(0x2, 0x2, 0x88) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) close(0xffffffffffffffff) r4 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r4, 0x10e, 0xc, &(0x7f0000000040)={0xf3a}, 0x10) sendmsg$NLBL_CIPSOV4_C_ADD(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={0x0}}, 0x0) write(0xffffffffffffffff, &(0x7f0000000180)="1c0000004a005f0214f9f424000904000a", 0xfffffffffffffc70) splice(r0, 0x0, r1, 0x0, 0xfffd, 0x0) 14:47:16 executing program 0: syz_mount_image$msdos(0x0, &(0x7f00000003c0)='./file1\x00', 0x79d5, 0x1, &(0x7f0000000300)=[{&(0x7f0000000140)="040005090000000066617400040409000200027400f801", 0x17}], 0x0, &(0x7f0000000080)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') r0 = creat(&(0x7f0000000680)='./bus\x00', 0x0) ftruncate(r0, 0x800) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = fcntl$dupfd(r1, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) lseek(r0, 0x0, 0x2) r4 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0) r5 = open(&(0x7f0000000400)='./bus\x00', 0x14183e, 0x0) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x7ffffe, 0x11, r5, 0x0) write$P9_RLERROR(r5, &(0x7f0000000080)={0x9}, 0x9) sendfile(r0, r4, 0x0, 0x8400f7fffff8) 14:47:16 executing program 5: creat(&(0x7f00000001c0)='./file0\x00', 0x32) fanotify_init(0x0, 0x0) openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040)='/dev/rfkill\x00', 0x0, 0x0) r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) unshare(0x8000400) mq_open(&(0x7f0000000000)='-$\x00', 0x0, 0x0, 0x0) ioctl$int_in(r0, 0x800000c004500a, &(0x7f0000000300)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000240)={0x0, 0x0}) mq_getsetattr(0xffffffffffffffff, 0x0, 0x0) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r1+30000000}, 0x0) 14:47:16 executing program 3: bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000000000000000000000611200000000000095000000000000007c0493250b892e97c689c050ff0473608c1d28d9d608"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000100)={r0, 0xffffffffffffffff, 0x2}, 0x10) socket$kcm(0xa, 0x2, 0x73) 14:47:16 executing program 4: bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000000000000000000000611200000000000095000000000000007c0493250b892e97c689c050ff0473608c1d28d9d608"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000100)={r0, 0xffffffffffffffff, 0x2}, 0x10) 14:47:16 executing program 2: pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1) r2 = socket$inet_udplite(0x2, 0x2, 0x88) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) close(0xffffffffffffffff) r4 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r4, 0x10e, 0xc, &(0x7f0000000040)={0xf3a}, 0x10) sendmsg$NLBL_CIPSOV4_C_ADD(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={0x0}}, 0x0) write(0xffffffffffffffff, &(0x7f0000000180)="1c0000004a005f0214f9f424000904000a", 0xfffffffffffffc70) splice(r0, 0x0, r1, 0x0, 0xfffd, 0x0) 14:47:16 executing program 1: unshare(0x20400) r0 = open(&(0x7f0000002000)='./bus\x00', 0x143042, 0x0) ioctl$FS_IOC_GET_ENCRYPTION_PWSALT(r0, 0x6612, 0x0) 14:47:16 executing program 4: bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000000000000000000000611200000000000095000000000000007c0493250b892e97c689c050ff0473608c1d28d9d608"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000100)={r0, 0xffffffffffffffff, 0x2}, 0x10) 14:47:16 executing program 3: bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000000000000000000000611200000000000095000000000000007c0493250b892e97c689c050ff0473608c1d28d9d608"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000100)={r0, 0xffffffffffffffff, 0x2}, 0x10) socket$kcm(0xa, 0x2, 0x73) [ 251.962958][ T28] audit: type=1804 audit(1599749236.968:106): pid=10134 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir844479570/syzkaller.BBXZ1Y/57/file1/bus" dev="sda1" ino=15920 res=1 errno=0 14:47:17 executing program 2: pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1) r2 = socket$inet_udplite(0x2, 0x2, 0x88) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) close(r1) r4 = socket(0x0, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r4, 0x10e, 0xc, &(0x7f0000000040)={0xf3a}, 0x10) sendmsg$NLBL_CIPSOV4_C_ADD(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={0x0}}, 0x0) write(0xffffffffffffffff, &(0x7f0000000180)="1c0000004a005f0214f9f424000904000a", 0xfffffffffffffc70) splice(r0, 0x0, r1, 0x0, 0xfffd, 0x0) [ 252.152752][ T28] audit: type=1804 audit(1599749237.008:107): pid=10134 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir844479570/syzkaller.BBXZ1Y/57/file1/bus" dev="sda1" ino=15920 res=1 errno=0 14:47:17 executing program 4: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000000000000000000000611200000000000095000000000000007c0493250b892e97c689c050ff0473608c1d28d9d608"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) r2 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000100)={r1, r0, 0x2}, 0x10) 14:47:17 executing program 3: bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000000000000000000000611200000000000095000000000000007c0493250b892e97c689c050ff0473608c1d28d9d608"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000100)={r0, 0xffffffffffffffff, 0x2}, 0x10) socket$kcm(0xa, 0x2, 0x73) 14:47:17 executing program 1: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair(0x1e, 0x1, 0x0, &(0x7f0000000140)={0x0, 0x0}) close(r0) bpf$MAP_CREATE(0x0, &(0x7f0000000180)={0x0, 0x0, 0x3, 0xfffffffd}, 0x40) setsockopt$sock_attach_bpf(r1, 0x10f, 0x87, &(0x7f0000000180), 0x4bd) socketpair(0x1e, 0x80005, 0x0, &(0x7f0000000340)={0x0, 0x0}) close(r2) setsockopt$sock_attach_bpf(r3, 0x10f, 0x87, &(0x7f0000000180), 0x127) sendmsg$tipc(r3, &(0x7f0000000500)={&(0x7f0000000280), 0x10, &(0x7f0000000100)=[{&(0x7f0000001580)="276c5bd6f0db828036f59b152925d176a9e51a4722f8fd829657ff48969c3c5f309ceaf42e7b242b7fe4fa128061aec9827004000c31fd9e31cb1c79990c2b89045ea4dc3ad63a775c80850ea10827e8a40a6c8b5fa7cc514639bb99f13c6a3d0825a738a1a53433042c75230d368c95f8a0b5562b58ecf50fd78e5def7375cd62fb5728535bf371b2ffc7d8058398075e1d0a7a4451395c39f79c26b7287cebd130de7737e77714686b9d67d87a3cf8da02cc70fdc99c1a7c916ae542b9d5baaf1f9daa4fb845fd5d5cad2073a61ce51c345150f84b3900997296d55c7d394af17b01d445465ef377508a1a29a5d6b03b0da22c973f22814fb2a802d50fb1f051e7d95d53d598a0599ec79cd27123fa1d13b7996609d4548e81ef7b1e8de8f32593ef46c3081ab55929a3c1cb1fa28a485518391a76b7b80d5941aa42222cb6f25be29ebc938af75971ffffdd4dea114ac37f38e69cb670020a7448d99b7b5e3d09bcf2625c94d6599182ce9edb0bbfea111dae3b1c9d6cd3162ce0aaebcdcf22a8d29dca0d04ebf5944168f398c500915579070586dff7a2ec6d345d1f69a8c749740aea0dbb2d30c9f7e3afd498a886c906fe09a83322d8e94b3ebe288ec1601e6a16122fa44191b6b3f5315eb0b35cb628540438919b906502eeb7cacc7d15753e456b056e6145ab65ac7c01253f3c5663495a74a0598feed07436a72d3ee1185d0fbcf89e8c5d449e0216cab8110efe923be24366dffc65bb386e7f015bb40b6fd9abbf7180b217f88d99f168c113f3ff187c202e2ae32a0238e43af612678a44a3d8373b6dc6bf820f8bf73e6411c51152f51993c66effe25c6e72a3127da6996f13691ded659e1f9d6eab1124435750dfeb60de2b2d59d9196bda3a3c5cd5054b2960481d50ce28ac4159b54f3f26a9decfc8ab36b6110eda741e21c95e3631b3de40fd3c7828fb0e3c85070eb233d4d4b1b75e0167ec62e81f1a12a0cd2e02a7a43edb384e4d0d59744bbe86611575966efe25b4191f14a368a72c13aeb4de7caff7a9439b583d08714fd22a9b1ff08297a562a859e2d21dd4f8ecf6701bcd9a30d28909c52c56a8ef739f0841ae895ad858121b1ec82ae1bbec856730aba8e2f42841c33caa862fdf8b651d90055b6725e5bf0af348ec550ad23c5a3c15c7455fdb13a57a6e452bdebbeb32200ab7dce3fab98b206ec2571e3de8904bea2265288dbaec64359cb5cd926dc025343fff78e7bdab6f541a3d2b569f37b8339d14e706163854d01ba5380d648391740e1fc2e118557692796acf6e0fa8ab21c5657259bf05a8b510eb285f306c8cdd6e185094b0ff46ec71d5a9b8e344176f263730468db893eaba00c32bdafdb1ebdc3ec441abaf4e7b2db744411ae02f33b340a373ea1a485b88073c2da7bd6828bbe4028fef4c30088c9b28daf899741029da8f52d2927250c582f16ca173", 0xffe0}], 0x1, 0x0, 0x0, 0xa000a0}, 0x4000) [ 252.320696][ T28] audit: type=1804 audit(1599749237.008:108): pid=10134 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir844479570/syzkaller.BBXZ1Y/57/file1/bus" dev="sda1" ino=15920 res=1 errno=0 14:47:17 executing program 0: syz_mount_image$msdos(&(0x7f0000000040)='msdos\x00', 0x0, 0x79d5, 0x1, &(0x7f0000000300)=[{&(0x7f0000000140)="040005090000000066617400040409000200027400f801", 0x17}], 0x0, &(0x7f0000000080)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') r0 = creat(&(0x7f0000000680)='./bus\x00', 0x0) ftruncate(r0, 0x800) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = fcntl$dupfd(r1, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) lseek(r0, 0x0, 0x2) r4 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0) r5 = open(&(0x7f0000000400)='./bus\x00', 0x14183e, 0x0) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x7ffffe, 0x11, r5, 0x0) write$P9_RLERROR(r5, &(0x7f0000000080)={0x9}, 0x9) sendfile(r0, r4, 0x0, 0x8400f7fffff8) 14:47:17 executing program 2: pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1) r2 = socket$inet_udplite(0x2, 0x2, 0x88) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) close(r1) r4 = socket(0x0, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r4, 0x10e, 0xc, &(0x7f0000000040)={0xf3a}, 0x10) sendmsg$NLBL_CIPSOV4_C_ADD(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={0x0}}, 0x0) write(0xffffffffffffffff, &(0x7f0000000180)="1c0000004a005f0214f9f424000904000a", 0xfffffffffffffc70) splice(r0, 0x0, r1, 0x0, 0xfffd, 0x0) 14:47:17 executing program 5: creat(&(0x7f00000001c0)='./file0\x00', 0x32) fanotify_init(0x0, 0x0) openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040)='/dev/rfkill\x00', 0x0, 0x0) r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) unshare(0x8000400) mq_open(&(0x7f0000000000)='-$\x00', 0x0, 0x0, 0x0) ioctl$int_in(r0, 0x800000c004500a, &(0x7f0000000300)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000240)={0x0, 0x0}) mq_getsetattr(0xffffffffffffffff, 0x0, 0x0) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r1+30000000}, 0x0) 14:47:17 executing program 4: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000000000000000000000611200000000000095000000000000007c0493250b892e97c689c050ff0473608c1d28d9d608"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) r2 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000100)={r1, r0, 0x2}, 0x10) 14:47:17 executing program 3: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000000000000000000000611200000000000095000000000000007c0493250b892e97c689c050ff0473608c1d28d9d608"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) r2 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000100)={r1, r0, 0x2}, 0x10) socket$kcm(0xa, 0x2, 0x73) 14:47:17 executing program 1: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair(0x1e, 0x1, 0x0, &(0x7f0000000140)={0x0, 0x0}) close(r0) bpf$MAP_CREATE(0x0, &(0x7f0000000180)={0x0, 0x0, 0x3, 0xfffffffd}, 0x40) setsockopt$sock_attach_bpf(r1, 0x10f, 0x87, &(0x7f0000000180), 0x4bd) socketpair(0x1e, 0x80005, 0x0, &(0x7f0000000340)={0x0, 0x0}) close(r2) setsockopt$sock_attach_bpf(r3, 0x10f, 0x87, &(0x7f0000000180), 0x127) sendmsg$tipc(r3, &(0x7f0000000500)={&(0x7f0000000280), 0x10, &(0x7f0000000100)=[{&(0x7f0000001580)="276c5bd6f0db828036f59b152925d176a9e51a4722f8fd829657ff48969c3c5f309ceaf42e7b242b7fe4fa128061aec9827004000c31fd9e31cb1c79990c2b89045ea4dc3ad63a775c80850ea10827e8a40a6c8b5fa7cc514639bb99f13c6a3d0825a738a1a53433042c75230d368c95f8a0b5562b58ecf50fd78e5def7375cd62fb5728535bf371b2ffc7d8058398075e1d0a7a4451395c39f79c26b7287cebd130de7737e77714686b9d67d87a3cf8da02cc70fdc99c1a7c916ae542b9d5baaf1f9daa4fb845fd5d5cad2073a61ce51c345150f84b3900997296d55c7d394af17b01d445465ef377508a1a29a5d6b03b0da22c973f22814fb2a802d50fb1f051e7d95d53d598a0599ec79cd27123fa1d13b7996609d4548e81ef7b1e8de8f32593ef46c3081ab55929a3c1cb1fa28a485518391a76b7b80d5941aa42222cb6f25be29ebc938af75971ffffdd4dea114ac37f38e69cb670020a7448d99b7b5e3d09bcf2625c94d6599182ce9edb0bbfea111dae3b1c9d6cd3162ce0aaebcdcf22a8d29dca0d04ebf5944168f398c500915579070586dff7a2ec6d345d1f69a8c749740aea0dbb2d30c9f7e3afd498a886c906fe09a83322d8e94b3ebe288ec1601e6a16122fa44191b6b3f5315eb0b35cb628540438919b906502eeb7cacc7d15753e456b056e6145ab65ac7c01253f3c5663495a74a0598feed07436a72d3ee1185d0fbcf89e8c5d449e0216cab8110efe923be24366dffc65bb386e7f015bb40b6fd9abbf7180b217f88d99f168c113f3ff187c202e2ae32a0238e43af612678a44a3d8373b6dc6bf820f8bf73e6411c51152f51993c66effe25c6e72a3127da6996f13691ded659e1f9d6eab1124435750dfeb60de2b2d59d9196bda3a3c5cd5054b2960481d50ce28ac4159b54f3f26a9decfc8ab36b6110eda741e21c95e3631b3de40fd3c7828fb0e3c85070eb233d4d4b1b75e0167ec62e81f1a12a0cd2e02a7a43edb384e4d0d59744bbe86611575966efe25b4191f14a368a72c13aeb4de7caff7a9439b583d08714fd22a9b1ff08297a562a859e2d21dd4f8ecf6701bcd9a30d28909c52c56a8ef739f0841ae895ad858121b1ec82ae1bbec856730aba8e2f42841c33caa862fdf8b651d90055b6725e5bf0af348ec550ad23c5a3c15c7455fdb13a57a6e452bdebbeb32200ab7dce3fab98b206ec2571e3de8904bea2265288dbaec64359cb5cd926dc025343fff78e7bdab6f541a3d2b569f37b8339d14e706163854d01ba5380d648391740e1fc2e118557692796acf6e0fa8ab21c5657259bf05a8b510eb285f306c8cdd6e185094b0ff46ec71d5a9b8e344176f263730468db893eaba00c32bdafdb1ebdc3ec441abaf4e7b2db744411ae02f33b340a373ea1a485b88073c2da7bd6828bbe4028fef4c30088c9b28daf899741029da8f52d2927250c582f16ca173", 0xffe0}], 0x1, 0x0, 0x0, 0xa000a0}, 0x4000) 14:47:17 executing program 3: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000000000000000000000611200000000000095000000000000007c0493250b892e97c689c050ff0473608c1d28d9d608"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) r2 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000100)={r1, r0, 0x2}, 0x10) socket$kcm(0xa, 0x2, 0x73) 14:47:17 executing program 4: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000000000000000000000611200000000000095000000000000007c0493250b892e97c689c050ff0473608c1d28d9d608"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) r2 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000100)={r1, r0, 0x2}, 0x10) 14:47:17 executing program 1: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair(0x1e, 0x1, 0x0, &(0x7f0000000140)={0x0, 0x0}) close(r0) bpf$MAP_CREATE(0x0, &(0x7f0000000180)={0x0, 0x0, 0x3, 0xfffffffd}, 0x40) setsockopt$sock_attach_bpf(r1, 0x10f, 0x87, &(0x7f0000000180), 0x4bd) socketpair(0x1e, 0x80005, 0x0, &(0x7f0000000340)={0x0, 0x0}) close(r2) setsockopt$sock_attach_bpf(r3, 0x10f, 0x87, &(0x7f0000000180), 0x127) sendmsg$tipc(r3, &(0x7f0000000500)={&(0x7f0000000280), 0x10, &(0x7f0000000100)=[{&(0x7f0000001580)="276c5bd6f0db828036f59b152925d176a9e51a4722f8fd829657ff48969c3c5f309ceaf42e7b242b7fe4fa128061aec9827004000c31fd9e31cb1c79990c2b89045ea4dc3ad63a775c80850ea10827e8a40a6c8b5fa7cc514639bb99f13c6a3d0825a738a1a53433042c75230d368c95f8a0b5562b58ecf50fd78e5def7375cd62fb5728535bf371b2ffc7d8058398075e1d0a7a4451395c39f79c26b7287cebd130de7737e77714686b9d67d87a3cf8da02cc70fdc99c1a7c916ae542b9d5baaf1f9daa4fb845fd5d5cad2073a61ce51c345150f84b3900997296d55c7d394af17b01d445465ef377508a1a29a5d6b03b0da22c973f22814fb2a802d50fb1f051e7d95d53d598a0599ec79cd27123fa1d13b7996609d4548e81ef7b1e8de8f32593ef46c3081ab55929a3c1cb1fa28a485518391a76b7b80d5941aa42222cb6f25be29ebc938af75971ffffdd4dea114ac37f38e69cb670020a7448d99b7b5e3d09bcf2625c94d6599182ce9edb0bbfea111dae3b1c9d6cd3162ce0aaebcdcf22a8d29dca0d04ebf5944168f398c500915579070586dff7a2ec6d345d1f69a8c749740aea0dbb2d30c9f7e3afd498a886c906fe09a83322d8e94b3ebe288ec1601e6a16122fa44191b6b3f5315eb0b35cb628540438919b906502eeb7cacc7d15753e456b056e6145ab65ac7c01253f3c5663495a74a0598feed07436a72d3ee1185d0fbcf89e8c5d449e0216cab8110efe923be24366dffc65bb386e7f015bb40b6fd9abbf7180b217f88d99f168c113f3ff187c202e2ae32a0238e43af612678a44a3d8373b6dc6bf820f8bf73e6411c51152f51993c66effe25c6e72a3127da6996f13691ded659e1f9d6eab1124435750dfeb60de2b2d59d9196bda3a3c5cd5054b2960481d50ce28ac4159b54f3f26a9decfc8ab36b6110eda741e21c95e3631b3de40fd3c7828fb0e3c85070eb233d4d4b1b75e0167ec62e81f1a12a0cd2e02a7a43edb384e4d0d59744bbe86611575966efe25b4191f14a368a72c13aeb4de7caff7a9439b583d08714fd22a9b1ff08297a562a859e2d21dd4f8ecf6701bcd9a30d28909c52c56a8ef739f0841ae895ad858121b1ec82ae1bbec856730aba8e2f42841c33caa862fdf8b651d90055b6725e5bf0af348ec550ad23c5a3c15c7455fdb13a57a6e452bdebbeb32200ab7dce3fab98b206ec2571e3de8904bea2265288dbaec64359cb5cd926dc025343fff78e7bdab6f541a3d2b569f37b8339d14e706163854d01ba5380d648391740e1fc2e118557692796acf6e0fa8ab21c5657259bf05a8b510eb285f306c8cdd6e185094b0ff46ec71d5a9b8e344176f263730468db893eaba00c32bdafdb1ebdc3ec441abaf4e7b2db744411ae02f33b340a373ea1a485b88073c2da7bd6828bbe4028fef4c30088c9b28daf899741029da8f52d2927250c582f16ca173", 0xffe0}], 0x1, 0x0, 0x0, 0xa000a0}, 0x4000) 14:47:18 executing program 2: pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1) r2 = socket$inet_udplite(0x2, 0x2, 0x88) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) close(r1) r4 = socket(0x0, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r4, 0x10e, 0xc, &(0x7f0000000040)={0xf3a}, 0x10) sendmsg$NLBL_CIPSOV4_C_ADD(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={0x0}}, 0x0) write(0xffffffffffffffff, &(0x7f0000000180)="1c0000004a005f0214f9f424000904000a", 0xfffffffffffffc70) splice(r0, 0x0, r1, 0x0, 0xfffd, 0x0) [ 253.094552][ T28] audit: type=1804 audit(1599749238.098:109): pid=10174 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir844479570/syzkaller.BBXZ1Y/58/bus" dev="sda1" ino=16027 res=1 errno=0 14:47:18 executing program 3: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000000000000000000000611200000000000095000000000000007c0493250b892e97c689c050ff0473608c1d28d9d608"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) r2 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000100)={r1, r0, 0x2}, 0x10) socket$kcm(0xa, 0x2, 0x73) 14:47:18 executing program 4: bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000000000000000000000611200000000000095000000000000007c0493250b892e97c689c050ff0473608c1d28d9d608"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) r2 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000100)={r1, r0, 0x2}, 0x10) [ 253.254252][ T28] audit: type=1804 audit(1599749238.098:110): pid=10174 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir844479570/syzkaller.BBXZ1Y/58/bus" dev="sda1" ino=16027 res=1 errno=0 [ 253.462650][ T28] audit: type=1804 audit(1599749238.098:111): pid=10174 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir844479570/syzkaller.BBXZ1Y/58/bus" dev="sda1" ino=16027 res=1 errno=0 14:47:18 executing program 0: syz_mount_image$msdos(&(0x7f0000000040)='msdos\x00', 0x0, 0x79d5, 0x1, &(0x7f0000000300)=[{&(0x7f0000000140)="040005090000000066617400040409000200027400f801", 0x17}], 0x0, &(0x7f0000000080)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') r0 = creat(&(0x7f0000000680)='./bus\x00', 0x0) ftruncate(r0, 0x800) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = fcntl$dupfd(r1, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) lseek(r0, 0x0, 0x2) r4 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0) r5 = open(&(0x7f0000000400)='./bus\x00', 0x14183e, 0x0) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x7ffffe, 0x11, r5, 0x0) write$P9_RLERROR(r5, &(0x7f0000000080)={0x9}, 0x9) sendfile(r0, r4, 0x0, 0x8400f7fffff8) 14:47:18 executing program 2: pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1) r2 = socket$inet_udplite(0x2, 0x2, 0x88) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) close(r1) r4 = socket(0x10, 0x0, 0x0) setsockopt$netlink_NETLINK_TX_RING(r4, 0x10e, 0xc, &(0x7f0000000040)={0xf3a}, 0x10) sendmsg$NLBL_CIPSOV4_C_ADD(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={0x0}}, 0x0) write(0xffffffffffffffff, &(0x7f0000000180)="1c0000004a005f0214f9f424000904000a", 0xfffffffffffffc70) splice(r0, 0x0, r1, 0x0, 0xfffd, 0x0) 14:47:18 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet6_udplite(0xa, 0x2, 0x88) close(r2) 14:47:18 executing program 3: bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000000000000000000000611200000000000095000000000000007c0493250b892e97c689c050ff0473608c1d28d9d608"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) r2 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000100)={r1, r0, 0x2}, 0x10) socket$kcm(0xa, 0x2, 0x73) 14:47:18 executing program 4: bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000000000000000000000611200000000000095000000000000007c0493250b892e97c689c050ff0473608c1d28d9d608"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) r2 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000100)={r1, r0, 0x2}, 0x10) 14:47:18 executing program 5: creat(&(0x7f00000001c0)='./file0\x00', 0x32) fanotify_init(0x0, 0x0) openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040)='/dev/rfkill\x00', 0x0, 0x0) r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) unshare(0x8000400) mq_open(&(0x7f0000000000)='-$\x00', 0x0, 0x0, 0x0) ioctl$int_in(r0, 0x800000c004500a, &(0x7f0000000300)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000240)={0x0, 0x0}) mq_getsetattr(0xffffffffffffffff, 0x0, 0x0) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r1+30000000}, 0x0) 14:47:18 executing program 4: bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000000000000000000000611200000000000095000000000000007c0493250b892e97c689c050ff0473608c1d28d9d608"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) r2 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000100)={r1, r0, 0x2}, 0x10) 14:47:18 executing program 3: bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000000000000000000000611200000000000095000000000000007c0493250b892e97c689c050ff0473608c1d28d9d608"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) r2 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000100)={r1, r0, 0x2}, 0x10) socket$kcm(0xa, 0x2, 0x73) 14:47:18 executing program 2: pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1) r2 = socket$inet_udplite(0x2, 0x2, 0x88) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) close(r1) r4 = socket(0x10, 0x0, 0x0) setsockopt$netlink_NETLINK_TX_RING(r4, 0x10e, 0xc, &(0x7f0000000040)={0xf3a}, 0x10) sendmsg$NLBL_CIPSOV4_C_ADD(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={0x0}}, 0x0) write(0xffffffffffffffff, &(0x7f0000000180)="1c0000004a005f0214f9f424000904000a", 0xfffffffffffffc70) splice(r0, 0x0, r1, 0x0, 0xfffd, 0x0) 14:47:19 executing program 1: r0 = socket(0x1e, 0x2, 0x0) io_setup(0x4, &(0x7f0000000040)=0x0) io_submit(r1, 0x1, &(0x7f0000002580)=[&(0x7f0000000080)={0x0, 0x0, 0x0, 0x5, 0x0, r0, 0x0}]) [ 253.992239][ T28] audit: type=1804 audit(1599749238.998:112): pid=10210 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir844479570/syzkaller.BBXZ1Y/59/bus" dev="sda1" ino=15917 res=1 errno=0 14:47:19 executing program 4: bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0}, 0x30) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000000000000000000000611200000000000095000000000000007c0493250b892e97c689c050ff0473608c1d28d9d608"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) r2 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000100)={r1, r0, 0x2}, 0x10) 14:47:19 executing program 3: bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000000000000000000000611200000000000095000000000000007c0493250b892e97c689c050ff0473608c1d28d9d608"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) r2 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000100)={r1, r0, 0x2}, 0x10) socket$kcm(0xa, 0x2, 0x73) 14:47:19 executing program 0: syz_mount_image$msdos(&(0x7f0000000040)='msdos\x00', 0x0, 0x79d5, 0x1, &(0x7f0000000300)=[{&(0x7f0000000140)="040005090000000066617400040409000200027400f801", 0x17}], 0x0, &(0x7f0000000080)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') r0 = creat(&(0x7f0000000680)='./bus\x00', 0x0) ftruncate(r0, 0x800) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = fcntl$dupfd(r1, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) lseek(r0, 0x0, 0x2) r4 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0) r5 = open(&(0x7f0000000400)='./bus\x00', 0x14183e, 0x0) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x7ffffe, 0x11, r5, 0x0) write$P9_RLERROR(r5, &(0x7f0000000080)={0x9}, 0x9) sendfile(r0, r4, 0x0, 0x8400f7fffff8) 14:47:19 executing program 2: pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1) r2 = socket$inet_udplite(0x2, 0x2, 0x88) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) close(r1) r4 = socket(0x10, 0x0, 0x0) setsockopt$netlink_NETLINK_TX_RING(r4, 0x10e, 0xc, &(0x7f0000000040)={0xf3a}, 0x10) sendmsg$NLBL_CIPSOV4_C_ADD(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={0x0}}, 0x0) write(0xffffffffffffffff, &(0x7f0000000180)="1c0000004a005f0214f9f424000904000a", 0xfffffffffffffc70) splice(r0, 0x0, r1, 0x0, 0xfffd, 0x0) 14:47:19 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000200)) ioctl$KVM_SET_PIT2(r1, 0x4070aea0, &(0x7f0000000000)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}]}) 14:47:19 executing program 5: creat(&(0x7f00000001c0)='./file0\x00', 0x32) fanotify_init(0x0, 0x0) openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040)='/dev/rfkill\x00', 0x0, 0x0) openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) unshare(0x8000400) mq_open(&(0x7f0000000000)='-$\x00', 0x6e93ebbbcc0884ee, 0x0, 0x0) ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000240)={0x0, 0x0}) mq_getsetattr(0xffffffffffffffff, 0x0, 0x0) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r0+30000000}, 0x0) 14:47:19 executing program 4: bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0}, 0x30) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000000000000000000000611200000000000095000000000000007c0493250b892e97c689c050ff0473608c1d28d9d608"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) r2 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000100)={r1, r0, 0x2}, 0x10) 14:47:19 executing program 3: bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0}, 0x30) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000000000000000000000611200000000000095000000000000007c0493250b892e97c689c050ff0473608c1d28d9d608"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) r2 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000100)={r1, r0, 0x2}, 0x10) socket$kcm(0xa, 0x2, 0x73) 14:47:19 executing program 4: bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0}, 0x30) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000000000000000000000611200000000000095000000000000007c0493250b892e97c689c050ff0473608c1d28d9d608"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) r2 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000100)={r1, r0, 0x2}, 0x10) 14:47:19 executing program 2: pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1) r2 = socket$inet_udplite(0x2, 0x2, 0x88) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) close(r1) socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(0xffffffffffffffff, 0x10e, 0xc, &(0x7f0000000040)={0xf3a}, 0x10) sendmsg$NLBL_CIPSOV4_C_ADD(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={0x0}}, 0x0) write(0xffffffffffffffff, &(0x7f0000000180)="1c0000004a005f0214f9f424000904000a", 0xfffffffffffffc70) splice(r0, 0x0, r1, 0x0, 0xfffd, 0x0) 14:47:19 executing program 3: bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0}, 0x30) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000000000000000000000611200000000000095000000000000007c0493250b892e97c689c050ff0473608c1d28d9d608"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) r2 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000100)={r1, r0, 0x2}, 0x10) socket$kcm(0xa, 0x2, 0x73) 14:47:20 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=@newlink={0x3c, 0x10, 0xffffff1f, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @bond={{0x9, 0x1, 'bond\x00'}, {0xc, 0x2, 0x0, 0x1, [@IFLA_BOND_MIN_LINKS={0x8, 0x12, 0x2}]}}}]}, 0x3c}}, 0x0) 14:47:20 executing program 4: bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) r0 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000000000000000000000611200000000000095000000000000007c0493250b892e97c689c050ff0473608c1d28d9d608"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) r2 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000100)={r1, r0, 0x2}, 0x10) 14:47:20 executing program 2: pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1) r2 = socket$inet_udplite(0x2, 0x2, 0x88) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) close(r1) socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(0xffffffffffffffff, 0x10e, 0xc, &(0x7f0000000040)={0xf3a}, 0x10) sendmsg$NLBL_CIPSOV4_C_ADD(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={0x0}}, 0x0) write(0xffffffffffffffff, &(0x7f0000000180)="1c0000004a005f0214f9f424000904000a", 0xfffffffffffffc70) splice(r0, 0x0, r1, 0x0, 0xfffd, 0x0) 14:47:20 executing program 4: bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) r0 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000000000000000000000611200000000000095000000000000007c0493250b892e97c689c050ff0473608c1d28d9d608"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) r2 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000100)={r1, r0, 0x2}, 0x10) 14:47:20 executing program 3: bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0}, 0x30) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000000000000000000000611200000000000095000000000000007c0493250b892e97c689c050ff0473608c1d28d9d608"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) r2 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000100)={r1, r0, 0x2}, 0x10) socket$kcm(0xa, 0x2, 0x73) 14:47:20 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f0000000680)={0x1, 0x0, @ioapic={0x0, 0x0, 0x10000}}) ioctl$KVM_IRQ_LINE_STATUS(r1, 0xc008ae67, &(0x7f0000000140)={0x8, 0x785}) 14:47:20 executing program 5: creat(&(0x7f00000001c0)='./file0\x00', 0x32) fanotify_init(0x0, 0x0) openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040)='/dev/rfkill\x00', 0x0, 0x0) openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) unshare(0x8000400) mq_open(&(0x7f0000000000)='-$\x00', 0x6e93ebbbcc0884ee, 0x0, 0x0) ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000240)={0x0, 0x0}) mq_getsetattr(0xffffffffffffffff, 0x0, 0x0) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r0+30000000}, 0x0) 14:47:20 executing program 0: syz_mount_image$msdos(&(0x7f0000000040)='msdos\x00', &(0x7f00000003c0)='./file1\x00', 0x0, 0x1, &(0x7f0000000300)=[{&(0x7f0000000140)="040005090000000066617400040409000200027400f801", 0x17}], 0x0, &(0x7f0000000080)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') r0 = creat(&(0x7f0000000680)='./bus\x00', 0x0) ftruncate(r0, 0x800) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = fcntl$dupfd(r1, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) lseek(r0, 0x0, 0x2) r4 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0) r5 = open(&(0x7f0000000400)='./bus\x00', 0x14183e, 0x0) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x7ffffe, 0x11, r5, 0x0) write$P9_RLERROR(r5, &(0x7f0000000080)={0x9}, 0x9) sendfile(r0, r4, 0x0, 0x8400f7fffff8) 14:47:20 executing program 2: pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1) r2 = socket$inet_udplite(0x2, 0x2, 0x88) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) close(r1) socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(0xffffffffffffffff, 0x10e, 0xc, &(0x7f0000000040)={0xf3a}, 0x10) sendmsg$NLBL_CIPSOV4_C_ADD(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={0x0}}, 0x0) write(0xffffffffffffffff, &(0x7f0000000180)="1c0000004a005f0214f9f424000904000a", 0xfffffffffffffc70) splice(r0, 0x0, r1, 0x0, 0xfffd, 0x0) 14:47:20 executing program 4: bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) r0 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000000000000000000000611200000000000095000000000000007c0493250b892e97c689c050ff0473608c1d28d9d608"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) r2 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000100)={r1, r0, 0x2}, 0x10) 14:47:20 executing program 3: bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) r0 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000000000000000000000611200000000000095000000000000007c0493250b892e97c689c050ff0473608c1d28d9d608"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) r2 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000100)={r1, r0, 0x2}, 0x10) socket$kcm(0xa, 0x2, 0x73) 14:47:20 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=@newtaction={0x64, 0x30, 0x70b, 0x0, 0x0, {}, [{0x50, 0x1, [@m_mpls={0x4c, 0x1, 0x0, 0x0, {{0x9, 0x1, 'mpls\x00'}, {0x20, 0x2, 0x0, 0x1, [@TCA_MPLS_PARMS={0x4}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x64}}, 0x0) 14:47:21 executing program 4: bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = bpf$PROG_LOAD(0x5, 0x0, 0x0) r2 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000100)={r1, r0, 0x2}, 0x10) [ 255.976535][T10328] FAT-fs (loop0): bogus number of reserved sectors [ 256.055665][ T28] kauditd_printk_skb: 5 callbacks suppressed [ 256.055678][ T28] audit: type=1804 audit(1599749241.058:118): pid=10334 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir844479570/syzkaller.BBXZ1Y/61/file1/bus" dev="sda1" ino=16046 res=1 errno=0 [ 256.071589][T10328] FAT-fs (loop0): Can't find a valid FAT filesystem 14:47:21 executing program 3: bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) r0 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000000000000000000000611200000000000095000000000000007c0493250b892e97c689c050ff0473608c1d28d9d608"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) r2 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000100)={r1, r0, 0x2}, 0x10) socket$kcm(0xa, 0x2, 0x73) 14:47:21 executing program 1: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a090000006500660f3882af724d00002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0x51}], 0x1, 0x0, 0x0, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x4, 0x0, 0x0, 0x0, 0x6, 0x0, 0xc5b, 0x0, 0x0, 0xffff]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 14:47:21 executing program 2: pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1) r2 = socket$inet_udplite(0x2, 0x2, 0x88) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) close(r1) r4 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r4, 0x10e, 0xc, 0x0, 0x0) sendmsg$NLBL_CIPSOV4_C_ADD(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={0x0}}, 0x0) write(0xffffffffffffffff, &(0x7f0000000180)="1c0000004a005f0214f9f424000904000a", 0xfffffffffffffc70) splice(r0, 0x0, r1, 0x0, 0xfffd, 0x0) 14:47:21 executing program 5: creat(&(0x7f00000001c0)='./file0\x00', 0x32) fanotify_init(0x0, 0x0) openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040)='/dev/rfkill\x00', 0x0, 0x0) openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) unshare(0x8000400) mq_open(&(0x7f0000000000)='-$\x00', 0x6e93ebbbcc0884ee, 0x0, 0x0) ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000240)={0x0, 0x0}) mq_getsetattr(0xffffffffffffffff, 0x0, 0x0) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r0+30000000}, 0x0) 14:47:21 executing program 4: bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = bpf$PROG_LOAD(0x5, 0x0, 0x0) r2 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000100)={r1, r0, 0x2}, 0x10) [ 256.260813][ T28] audit: type=1804 audit(1599749241.138:119): pid=10336 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir844479570/syzkaller.BBXZ1Y/61/file1/bus" dev="sda1" ino=16046 res=1 errno=0 14:47:21 executing program 2: pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1) r2 = socket$inet_udplite(0x2, 0x2, 0x88) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) close(r1) r4 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r4, 0x10e, 0xc, 0x0, 0x0) sendmsg$NLBL_CIPSOV4_C_ADD(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={0x0}}, 0x0) write(0xffffffffffffffff, &(0x7f0000000180)="1c0000004a005f0214f9f424000904000a", 0xfffffffffffffc70) splice(r0, 0x0, r1, 0x0, 0xfffd, 0x0) [ 256.423135][ T28] audit: type=1804 audit(1599749241.138:120): pid=10334 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir844479570/syzkaller.BBXZ1Y/61/file1/bus" dev="sda1" ino=16046 res=1 errno=0 14:47:21 executing program 1: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000180)="f084153138dd9586940fc9e190d3ba763169c2fae93db272348d937317b8a461e1ab80f02c091db80f1eff7a4e8c16c3327d23d22c2ba061305d2a0d84e4499d41a11aa5a8e62ac25c159b13d0a2a520", 0x50) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f0000000200)={0x26, 'hash\x00', 0x0, 0x0, 'sha384\x00'}, 0x58) r3 = accept4(r2, 0x0, 0x0, 0x0) splice(r0, 0x0, r3, 0x0, 0x30007, 0x0) 14:47:21 executing program 3: bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) r0 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000000000000000000000611200000000000095000000000000007c0493250b892e97c689c050ff0473608c1d28d9d608"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) r2 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000100)={r1, r0, 0x2}, 0x10) socket$kcm(0xa, 0x2, 0x73) 14:47:21 executing program 0: syz_mount_image$msdos(&(0x7f0000000040)='msdos\x00', &(0x7f00000003c0)='./file1\x00', 0x0, 0x1, &(0x7f0000000300)=[{&(0x7f0000000140)="040005090000000066617400040409000200027400f801", 0x17}], 0x0, &(0x7f0000000080)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') r0 = creat(&(0x7f0000000680)='./bus\x00', 0x0) ftruncate(r0, 0x800) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = fcntl$dupfd(r1, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) lseek(r0, 0x0, 0x2) r4 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0) r5 = open(&(0x7f0000000400)='./bus\x00', 0x14183e, 0x0) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x7ffffe, 0x11, r5, 0x0) write$P9_RLERROR(r5, &(0x7f0000000080)={0x9}, 0x9) sendfile(r0, r4, 0x0, 0x8400f7fffff8) 14:47:21 executing program 4: bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = bpf$PROG_LOAD(0x5, 0x0, 0x0) r2 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000100)={r1, r0, 0x2}, 0x10) 14:47:21 executing program 2: pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1) r2 = socket$inet_udplite(0x2, 0x2, 0x88) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) close(r1) r4 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r4, 0x10e, 0xc, 0x0, 0x0) sendmsg$NLBL_CIPSOV4_C_ADD(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={0x0}}, 0x0) write(0xffffffffffffffff, &(0x7f0000000180)="1c0000004a005f0214f9f424000904000a", 0xfffffffffffffc70) splice(r0, 0x0, r1, 0x0, 0xfffd, 0x0) 14:47:21 executing program 4: bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000000000000000000000611200000000000095000000000000007c0493250b892e97c689c050ff0473608c1d28d9d608"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) r2 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000100)={r1, r0, 0x2}, 0x10) 14:47:21 executing program 3: bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = bpf$PROG_LOAD(0x5, 0x0, 0x0) r2 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000100)={r1, r0, 0x2}, 0x10) socket$kcm(0xa, 0x2, 0x73) [ 256.925890][T10370] FAT-fs (loop0): bogus number of reserved sectors 14:47:22 executing program 2: pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1) r2 = socket$inet_udplite(0x2, 0x2, 0x88) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) close(r1) r4 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r4, 0x10e, 0xc, &(0x7f0000000040), 0x10) sendmsg$NLBL_CIPSOV4_C_ADD(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={0x0}}, 0x0) write(0xffffffffffffffff, &(0x7f0000000180)="1c0000004a005f0214f9f424000904000a", 0xfffffffffffffc70) splice(r0, 0x0, r1, 0x0, 0xfffd, 0x0) [ 256.974604][T10370] FAT-fs (loop0): Can't find a valid FAT filesystem 14:47:22 executing program 5: creat(&(0x7f00000001c0)='./file0\x00', 0x32) fanotify_init(0x0, 0x0) openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040)='/dev/rfkill\x00', 0x0, 0x0) r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) unshare(0x8000400) mq_open(&(0x7f0000000000)='-$\x00', 0x6e93ebbbcc0884ee, 0x0, 0x0) ioctl$int_in(r0, 0x0, &(0x7f0000000300)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000240)={0x0, 0x0}) mq_getsetattr(0xffffffffffffffff, 0x0, 0x0) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r1+30000000}, 0x0) [ 257.070359][ T28] audit: type=1804 audit(1599749242.078:121): pid=10376 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir844479570/syzkaller.BBXZ1Y/62/file1/bus" dev="sda1" ino=16035 res=1 errno=0 14:47:22 executing program 4: bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000000000000000000000611200000000000095000000000000007c0493250b892e97c689c050ff0473608c1d28d9d608"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) r2 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000100)={r1, r0, 0x2}, 0x10) [ 257.148053][ T28] audit: type=1804 audit(1599749242.078:122): pid=10376 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir844479570/syzkaller.BBXZ1Y/62/file1/bus" dev="sda1" ino=16035 res=1 errno=0 14:47:22 executing program 2: pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1) r2 = socket$inet_udplite(0x2, 0x2, 0x88) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) close(r1) r4 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r4, 0x10e, 0xc, &(0x7f0000000040), 0x10) sendmsg$NLBL_CIPSOV4_C_ADD(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={0x0}}, 0x0) write(0xffffffffffffffff, &(0x7f0000000180)="1c0000004a005f0214f9f424000904000a", 0xfffffffffffffc70) splice(r0, 0x0, r1, 0x0, 0xfffd, 0x0) 14:47:22 executing program 3: bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = bpf$PROG_LOAD(0x5, 0x0, 0x0) r2 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000100)={r1, r0, 0x2}, 0x10) socket$kcm(0xa, 0x2, 0x73) [ 257.281811][ T28] audit: type=1804 audit(1599749242.108:123): pid=10370 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir844479570/syzkaller.BBXZ1Y/62/file1/bus" dev="sda1" ino=16035 res=1 errno=0 14:47:22 executing program 1: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000180)="f084153138dd9586940fc9e190d3ba763169c2fae93db272348d937317b8a461e1ab80f02c091db80f1eff7a4e8c16c3327d23d22c2ba061305d2a0d84e4499d41a11aa5a8e62ac25c159b13d0a2a520", 0x50) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f0000000200)={0x26, 'hash\x00', 0x0, 0x0, 'sha384\x00'}, 0x58) r3 = accept4(r2, 0x0, 0x0, 0x0) splice(r0, 0x0, r3, 0x0, 0x30007, 0x0) 14:47:22 executing program 4: bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000000000000000000000611200000000000095000000000000007c0493250b892e97c689c050ff0473608c1d28d9d608"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) r2 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000100)={r1, r0, 0x2}, 0x10) 14:47:22 executing program 3: bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = bpf$PROG_LOAD(0x5, 0x0, 0x0) r2 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000100)={r1, r0, 0x2}, 0x10) socket$kcm(0xa, 0x2, 0x73) 14:47:22 executing program 2: pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1) r2 = socket$inet_udplite(0x2, 0x2, 0x88) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) close(r1) r4 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r4, 0x10e, 0xc, &(0x7f0000000040), 0x10) sendmsg$NLBL_CIPSOV4_C_ADD(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={0x0}}, 0x0) write(0xffffffffffffffff, &(0x7f0000000180)="1c0000004a005f0214f9f424000904000a", 0xfffffffffffffc70) splice(r0, 0x0, r1, 0x0, 0xfffd, 0x0) 14:47:22 executing program 5: creat(&(0x7f00000001c0)='./file0\x00', 0x32) fanotify_init(0x0, 0x0) openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040)='/dev/rfkill\x00', 0x0, 0x0) r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) unshare(0x8000400) mq_open(&(0x7f0000000000)='-$\x00', 0x6e93ebbbcc0884ee, 0x0, 0x0) ioctl$int_in(r0, 0x0, &(0x7f0000000300)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000240)={0x0, 0x0}) mq_getsetattr(0xffffffffffffffff, 0x0, 0x0) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r1+30000000}, 0x0) 14:47:22 executing program 0: syz_mount_image$msdos(&(0x7f0000000040)='msdos\x00', &(0x7f00000003c0)='./file1\x00', 0x0, 0x1, &(0x7f0000000300)=[{&(0x7f0000000140)="040005090000000066617400040409000200027400f801", 0x17}], 0x0, &(0x7f0000000080)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') r0 = creat(&(0x7f0000000680)='./bus\x00', 0x0) ftruncate(r0, 0x800) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = fcntl$dupfd(r1, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) lseek(r0, 0x0, 0x2) r4 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0) r5 = open(&(0x7f0000000400)='./bus\x00', 0x14183e, 0x0) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x7ffffe, 0x11, r5, 0x0) write$P9_RLERROR(r5, &(0x7f0000000080)={0x9}, 0x9) sendfile(r0, r4, 0x0, 0x8400f7fffff8) 14:47:22 executing program 4: bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, 0x0, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78) r2 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000100)={r1, r0, 0x2}, 0x10) 14:47:22 executing program 3: bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000000000000000000000611200000000000095000000000000007c0493250b892e97c689c050ff0473608c1d28d9d608"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) r2 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000100)={r1, r0, 0x2}, 0x10) socket$kcm(0xa, 0x2, 0x73) 14:47:22 executing program 2: pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1) r2 = socket$inet_udplite(0x2, 0x2, 0x88) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) close(r1) r4 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r4, 0x10e, 0xc, &(0x7f0000000040)={0xf3a}, 0x10) sendmsg$NLBL_CIPSOV4_C_ADD(0xffffffffffffffff, 0x0, 0x0) write(0xffffffffffffffff, &(0x7f0000000180)="1c0000004a005f0214f9f424000904000a", 0xfffffffffffffc70) splice(r0, 0x0, r1, 0x0, 0xfffd, 0x0) 14:47:23 executing program 4: bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, 0x0, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78) r2 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000100)={r1, r0, 0x2}, 0x10) [ 257.981942][T10411] FAT-fs (loop0): bogus number of reserved sectors [ 257.991981][T10411] FAT-fs (loop0): Can't find a valid FAT filesystem 14:47:23 executing program 3: bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000000000000000000000611200000000000095000000000000007c0493250b892e97c689c050ff0473608c1d28d9d608"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) r2 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000100)={r1, r0, 0x2}, 0x10) socket$kcm(0xa, 0x2, 0x73) 14:47:23 executing program 2: pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1) r2 = socket$inet_udplite(0x2, 0x2, 0x88) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) close(r1) r4 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r4, 0x10e, 0xc, &(0x7f0000000040)={0xf3a}, 0x10) sendmsg$NLBL_CIPSOV4_C_ADD(0xffffffffffffffff, 0x0, 0x0) write(0xffffffffffffffff, &(0x7f0000000180)="1c0000004a005f0214f9f424000904000a", 0xfffffffffffffc70) splice(r0, 0x0, r1, 0x0, 0xfffd, 0x0) [ 258.064516][ T28] audit: type=1804 audit(1599749243.068:124): pid=10411 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir844479570/syzkaller.BBXZ1Y/63/file1/bus" dev="sda1" ino=16035 res=1 errno=0 [ 258.166276][ T28] audit: type=1804 audit(1599749243.068:125): pid=10411 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir844479570/syzkaller.BBXZ1Y/63/file1/bus" dev="sda1" ino=16035 res=1 errno=0 [ 258.296176][ T28] audit: type=1804 audit(1599749243.068:126): pid=10411 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir844479570/syzkaller.BBXZ1Y/63/file1/bus" dev="sda1" ino=16035 res=1 errno=0 14:47:23 executing program 1: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000180)="f084153138dd9586940fc9e190d3ba763169c2fae93db272348d937317b8a461e1ab80f02c091db80f1eff7a4e8c16c3327d23d22c2ba061305d2a0d84e4499d41a11aa5a8e62ac25c159b13d0a2a520", 0x50) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f0000000200)={0x26, 'hash\x00', 0x0, 0x0, 'sha384\x00'}, 0x58) r3 = accept4(r2, 0x0, 0x0, 0x0) splice(r0, 0x0, r3, 0x0, 0x30007, 0x0) 14:47:23 executing program 4: bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, 0x0, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78) r2 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000100)={r1, r0, 0x2}, 0x10) 14:47:23 executing program 3: bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000000000000000000000611200000000000095000000000000007c0493250b892e97c689c050ff0473608c1d28d9d608"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) r2 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000100)={r1, r0, 0x2}, 0x10) socket$kcm(0xa, 0x2, 0x73) 14:47:23 executing program 2: pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1) r2 = socket$inet_udplite(0x2, 0x2, 0x88) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) close(r1) r4 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r4, 0x10e, 0xc, &(0x7f0000000040)={0xf3a}, 0x10) sendmsg$NLBL_CIPSOV4_C_ADD(0xffffffffffffffff, 0x0, 0x0) write(0xffffffffffffffff, &(0x7f0000000180)="1c0000004a005f0214f9f424000904000a", 0xfffffffffffffc70) splice(r0, 0x0, r1, 0x0, 0xfffd, 0x0) 14:47:23 executing program 5: creat(&(0x7f00000001c0)='./file0\x00', 0x32) fanotify_init(0x0, 0x0) openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040)='/dev/rfkill\x00', 0x0, 0x0) r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) unshare(0x8000400) mq_open(&(0x7f0000000000)='-$\x00', 0x6e93ebbbcc0884ee, 0x0, 0x0) ioctl$int_in(r0, 0x0, &(0x7f0000000300)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000240)={0x0, 0x0}) mq_getsetattr(0xffffffffffffffff, 0x0, 0x0) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r1+30000000}, 0x0) 14:47:23 executing program 2: pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1) r2 = socket$inet_udplite(0x2, 0x2, 0x88) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) close(r1) r4 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r4, 0x10e, 0xc, &(0x7f0000000040)={0xf3a}, 0x10) sendmsg$NLBL_CIPSOV4_C_ADD(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) write(0xffffffffffffffff, &(0x7f0000000180)="1c0000004a005f0214f9f424000904000a", 0xfffffffffffffc70) splice(r0, 0x0, r1, 0x0, 0xfffd, 0x0) 14:47:23 executing program 4: bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f0000000040)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78) r2 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000100)={r1, r0, 0x2}, 0x10) 14:47:23 executing program 3: bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, 0x0, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78) r2 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000100)={r1, r0, 0x2}, 0x10) socket$kcm(0xa, 0x2, 0x73) 14:47:23 executing program 0: syz_mount_image$msdos(&(0x7f0000000040)='msdos\x00', &(0x7f00000003c0)='./file1\x00', 0x79d5, 0x0, 0x0, 0x0, &(0x7f0000000080)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') r0 = creat(&(0x7f0000000680)='./bus\x00', 0x0) ftruncate(r0, 0x800) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = fcntl$dupfd(r1, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) lseek(r0, 0x0, 0x2) r4 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0) r5 = open(&(0x7f0000000400)='./bus\x00', 0x14183e, 0x0) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x7ffffe, 0x11, r5, 0x0) write$P9_RLERROR(r5, &(0x7f0000000080)={0x9}, 0x9) sendfile(r0, r4, 0x0, 0x8400f7fffff8) 14:47:23 executing program 1: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000180)="f084153138dd9586940fc9e190d3ba763169c2fae93db272348d937317b8a461e1ab80f02c091db80f1eff7a4e8c16c3327d23d22c2ba061305d2a0d84e4499d41a11aa5a8e62ac25c159b13d0a2a520", 0x50) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f0000000200)={0x26, 'hash\x00', 0x0, 0x0, 'sha384\x00'}, 0x58) r3 = accept4(r2, 0x0, 0x0, 0x0) splice(r0, 0x0, r3, 0x0, 0x30007, 0x0) 14:47:24 executing program 4: bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f0000000040)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78) r2 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000100)={r1, r0, 0x2}, 0x10) 14:47:24 executing program 3: bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, 0x0, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78) r2 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000100)={r1, r0, 0x2}, 0x10) socket$kcm(0xa, 0x2, 0x73) 14:47:24 executing program 2: pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1) r2 = socket$inet_udplite(0x2, 0x2, 0x88) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) close(r1) r4 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r4, 0x10e, 0xc, &(0x7f0000000040)={0xf3a}, 0x10) sendmsg$NLBL_CIPSOV4_C_ADD(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) write(0xffffffffffffffff, 0x0, 0x0) splice(r0, 0x0, r1, 0x0, 0xfffd, 0x0) [ 259.079826][ T28] audit: type=1804 audit(1599749244.088:127): pid=10450 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir844479570/syzkaller.BBXZ1Y/64/file1/bus" dev="sda1" ino=16019 res=1 errno=0 14:47:24 executing program 5: creat(&(0x7f00000001c0)='./file0\x00', 0x32) fanotify_init(0x0, 0x0) openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040)='/dev/rfkill\x00', 0x0, 0x0) r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) unshare(0x8000400) mq_open(&(0x7f0000000000)='-$\x00', 0x6e93ebbbcc0884ee, 0x0, 0x0) ioctl$int_in(r0, 0x800000c004500a, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000240)={0x0, 0x0}) mq_getsetattr(0xffffffffffffffff, 0x0, 0x0) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r1+30000000}, 0x0) 14:47:24 executing program 4: bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f0000000040)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78) r2 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000100)={r1, r0, 0x2}, 0x10) 14:47:24 executing program 3: bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, 0x0, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78) r2 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000100)={r1, r0, 0x2}, 0x10) socket$kcm(0xa, 0x2, 0x73) 14:47:24 executing program 2: pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1) r2 = socket$inet_udplite(0x2, 0x2, 0x88) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) close(r1) r4 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r4, 0x10e, 0xc, &(0x7f0000000040)={0xf3a}, 0x10) sendmsg$NLBL_CIPSOV4_C_ADD(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) write(0xffffffffffffffff, 0x0, 0x0) splice(r0, 0x0, r1, 0x0, 0xfffd, 0x0) 14:47:24 executing program 4: bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78) r2 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000100)={r1, r0, 0x2}, 0x10) 14:47:24 executing program 3: bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f0000000040)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78) r2 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000100)={r1, r0, 0x2}, 0x10) socket$kcm(0xa, 0x2, 0x73) 14:47:24 executing program 2: pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1) r2 = socket$inet_udplite(0x2, 0x2, 0x88) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) close(r1) r4 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r4, 0x10e, 0xc, &(0x7f0000000040)={0xf3a}, 0x10) sendmsg$NLBL_CIPSOV4_C_ADD(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) write(0xffffffffffffffff, 0x0, 0x0) splice(r0, 0x0, r1, 0x0, 0xfffd, 0x0) 14:47:24 executing program 3: bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f0000000040)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78) r2 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000100)={r1, r0, 0x2}, 0x10) socket$kcm(0xa, 0x2, 0x73) 14:47:24 executing program 4: bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78) r2 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000100)={r1, r0, 0x2}, 0x10) 14:47:24 executing program 2: pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1) r2 = socket$inet_udplite(0x2, 0x2, 0x88) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) close(r1) r4 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r4, 0x10e, 0xc, &(0x7f0000000040)={0xf3a}, 0x10) sendmsg$NLBL_CIPSOV4_C_ADD(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) write(0xffffffffffffffff, &(0x7f0000000180), 0x0) splice(r0, 0x0, r1, 0x0, 0xfffd, 0x0) 14:47:24 executing program 0: syz_mount_image$msdos(&(0x7f0000000040)='msdos\x00', &(0x7f00000003c0)='./file1\x00', 0x79d5, 0x0, 0x0, 0x0, &(0x7f0000000080)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') r0 = creat(&(0x7f0000000680)='./bus\x00', 0x0) ftruncate(r0, 0x800) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = fcntl$dupfd(r1, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) lseek(r0, 0x0, 0x2) r4 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0) r5 = open(&(0x7f0000000400)='./bus\x00', 0x14183e, 0x0) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x7ffffe, 0x11, r5, 0x0) write$P9_RLERROR(r5, &(0x7f0000000080)={0x9}, 0x9) sendfile(r0, r4, 0x0, 0x8400f7fffff8) 14:47:24 executing program 1: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000180)="f084153138dd9586940fc9e190d3ba763169c2fae93db272348d937317b8a461e1ab80f02c091db80f1eff7a4e8c16c3327d23d22c2ba061305d2a0d84e4499d41a11aa5a8e62ac25c159b13d0a2a520", 0x50) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f0000000200)={0x26, 'hash\x00', 0x0, 0x0, 'sha384\x00'}, 0x58) splice(r0, 0x0, 0xffffffffffffffff, 0x0, 0x30007, 0x0) 14:47:25 executing program 5: creat(&(0x7f00000001c0)='./file0\x00', 0x32) fanotify_init(0x0, 0x0) openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040)='/dev/rfkill\x00', 0x0, 0x0) r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) unshare(0x8000400) mq_open(&(0x7f0000000000)='-$\x00', 0x6e93ebbbcc0884ee, 0x0, 0x0) ioctl$int_in(r0, 0x800000c004500a, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000240)={0x0, 0x0}) mq_getsetattr(0xffffffffffffffff, 0x0, 0x0) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r1+30000000}, 0x0) 14:47:25 executing program 2: pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1) r2 = socket$inet_udplite(0x2, 0x2, 0x88) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) close(r1) r4 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r4, 0x10e, 0xc, &(0x7f0000000040)={0xf3a}, 0x10) sendmsg$NLBL_CIPSOV4_C_ADD(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) write(0xffffffffffffffff, &(0x7f0000000180), 0x0) splice(r0, 0x0, r1, 0x0, 0xfffd, 0x0) 14:47:25 executing program 3: bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f0000000040)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78) r2 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000100)={r1, r0, 0x2}, 0x10) socket$kcm(0xa, 0x2, 0x73) 14:47:25 executing program 4: bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78) r2 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000100)={r1, r0, 0x2}, 0x10) 14:47:25 executing program 2: pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1) r2 = socket$inet_udplite(0x2, 0x2, 0x88) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) close(r1) r4 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r4, 0x10e, 0xc, &(0x7f0000000040)={0xf3a}, 0x10) sendmsg$NLBL_CIPSOV4_C_ADD(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) write(0xffffffffffffffff, &(0x7f0000000180), 0x0) splice(r0, 0x0, r1, 0x0, 0xfffd, 0x0) 14:47:25 executing program 3: bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78) r2 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000100)={r1, r0, 0x2}, 0x10) socket$kcm(0xa, 0x2, 0x73) 14:47:25 executing program 4: bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="180000000000000000000000000000006112000000000000950000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78) r2 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000100)={r1, r0, 0x2}, 0x10) 14:47:25 executing program 2: pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1) r2 = socket$inet_udplite(0x2, 0x2, 0x88) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) close(r1) r4 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r4, 0x10e, 0xc, &(0x7f0000000040)={0xf3a}, 0x10) sendmsg$NLBL_CIPSOV4_C_ADD(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) write(0xffffffffffffffff, &(0x7f0000000180)="1c0000004a005f0214", 0x9) splice(r0, 0x0, r1, 0x0, 0xfffd, 0x0) 14:47:25 executing program 4: bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="180000000000000000000000000000006112000000000000950000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78) r2 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000100)={r1, r0, 0x2}, 0x10) 14:47:25 executing program 3: bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78) r2 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000100)={r1, r0, 0x2}, 0x10) socket$kcm(0xa, 0x2, 0x73) 14:47:26 executing program 0: syz_mount_image$msdos(&(0x7f0000000040)='msdos\x00', &(0x7f00000003c0)='./file1\x00', 0x79d5, 0x0, 0x0, 0x0, &(0x7f0000000080)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') r0 = creat(&(0x7f0000000680)='./bus\x00', 0x0) ftruncate(r0, 0x800) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = fcntl$dupfd(r1, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) lseek(r0, 0x0, 0x2) r4 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0) r5 = open(&(0x7f0000000400)='./bus\x00', 0x14183e, 0x0) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x7ffffe, 0x11, r5, 0x0) write$P9_RLERROR(r5, &(0x7f0000000080)={0x9}, 0x9) sendfile(r0, r4, 0x0, 0x8400f7fffff8) 14:47:26 executing program 2: pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1) r2 = socket$inet_udplite(0x2, 0x2, 0x88) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) close(r1) r4 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r4, 0x10e, 0xc, &(0x7f0000000040)={0xf3a}, 0x10) sendmsg$NLBL_CIPSOV4_C_ADD(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) write(0xffffffffffffffff, &(0x7f0000000180)="1c0000004a005f0214", 0x9) splice(r0, 0x0, r1, 0x0, 0xfffd, 0x0) [ 261.091967][ T28] kauditd_printk_skb: 5 callbacks suppressed [ 261.091980][ T28] audit: type=1804 audit(1599749246.099:133): pid=10516 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir844479570/syzkaller.BBXZ1Y/66/file1/bus" dev="sda1" ino=16076 res=1 errno=0 [ 261.257617][ T28] audit: type=1804 audit(1599749246.099:134): pid=10516 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir844479570/syzkaller.BBXZ1Y/66/file1/bus" dev="sda1" ino=16076 res=1 errno=0 14:47:26 executing program 5: creat(&(0x7f00000001c0)='./file0\x00', 0x32) fanotify_init(0x0, 0x0) openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040)='/dev/rfkill\x00', 0x0, 0x0) r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) unshare(0x8000400) mq_open(&(0x7f0000000000)='-$\x00', 0x6e93ebbbcc0884ee, 0x0, 0x0) ioctl$int_in(r0, 0x800000c004500a, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000240)={0x0, 0x0}) mq_getsetattr(0xffffffffffffffff, 0x0, 0x0) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r1+30000000}, 0x0) 14:47:26 executing program 4: bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="180000000000000000000000000000006112000000000000950000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78) r2 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000100)={r1, r0, 0x2}, 0x10) 14:47:26 executing program 1: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000180)="f084153138dd9586940fc9e190d3ba763169c2fae93db272348d937317b8a461e1ab80f02c091db80f1eff7a4e8c16c3327d23d22c2ba061305d2a0d84e4499d41a11aa5a8e62ac25c159b13d0a2a520", 0x50) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f0000000200)={0x26, 'hash\x00', 0x0, 0x0, 'sha384\x00'}, 0x58) splice(r0, 0x0, 0xffffffffffffffff, 0x0, 0x30007, 0x0) 14:47:26 executing program 3: bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78) r2 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000100)={r1, r0, 0x2}, 0x10) socket$kcm(0xa, 0x2, 0x73) 14:47:26 executing program 2: pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1) r2 = socket$inet_udplite(0x2, 0x2, 0x88) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) close(r1) r4 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r4, 0x10e, 0xc, &(0x7f0000000040)={0xf3a}, 0x10) sendmsg$NLBL_CIPSOV4_C_ADD(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) write(0xffffffffffffffff, &(0x7f0000000180)="1c0000004a005f0214", 0x9) splice(r0, 0x0, r1, 0x0, 0xfffd, 0x0) [ 261.446510][ T28] audit: type=1804 audit(1599749246.099:135): pid=10516 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir844479570/syzkaller.BBXZ1Y/66/file1/bus" dev="sda1" ino=16076 res=1 errno=0 14:47:26 executing program 3: bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="180000000000000000000000000000006112000000000000950000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78) r2 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000100)={r1, r0, 0x2}, 0x10) socket$kcm(0xa, 0x2, 0x73) 14:47:26 executing program 4: bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000000000000000000000611200000000000095000000000000007c0493250b892e97c6"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78) r2 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000100)={r1, r0, 0x2}, 0x10) 14:47:26 executing program 2: pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1) r2 = socket$inet_udplite(0x2, 0x2, 0x88) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) close(r1) r4 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r4, 0x10e, 0xc, &(0x7f0000000040)={0xf3a}, 0x10) sendmsg$NLBL_CIPSOV4_C_ADD(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) write(0xffffffffffffffff, &(0x7f0000000180)="1c0000004a005f0214f9f42400", 0xd) splice(r0, 0x0, r1, 0x0, 0xfffd, 0x0) 14:47:26 executing program 3: bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="180000000000000000000000000000006112000000000000950000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78) r2 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000100)={r1, r0, 0x2}, 0x10) socket$kcm(0xa, 0x2, 0x73) 14:47:26 executing program 4: bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000000000000000000000611200000000000095000000000000007c0493250b892e97c6"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78) r2 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000100)={r1, r0, 0x2}, 0x10) 14:47:26 executing program 2: pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1) r2 = socket$inet_udplite(0x2, 0x2, 0x88) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) close(r1) r4 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r4, 0x10e, 0xc, &(0x7f0000000040)={0xf3a}, 0x10) sendmsg$NLBL_CIPSOV4_C_ADD(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) write(0xffffffffffffffff, &(0x7f0000000180)="1c0000004a005f0214f9f42400", 0xd) splice(r0, 0x0, r1, 0x0, 0xfffd, 0x0) 14:47:26 executing program 0: syz_mount_image$msdos(&(0x7f0000000040)='msdos\x00', &(0x7f00000003c0)='./file1\x00', 0x79d5, 0x0, &(0x7f0000000300), 0x0, &(0x7f0000000080)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') r0 = creat(&(0x7f0000000680)='./bus\x00', 0x0) ftruncate(r0, 0x800) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = fcntl$dupfd(r1, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) lseek(r0, 0x0, 0x2) r4 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0) r5 = open(&(0x7f0000000400)='./bus\x00', 0x14183e, 0x0) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x7ffffe, 0x11, r5, 0x0) write$P9_RLERROR(r5, &(0x7f0000000080)={0x9}, 0x9) sendfile(r0, r4, 0x0, 0x8400f7fffff8) [ 262.054335][T10545] FAT-fs (loop0): bogus number of reserved sectors [ 262.067259][T10545] FAT-fs (loop0): Can't find a valid FAT filesystem [ 262.145339][ T28] audit: type=1804 audit(1599749247.149:136): pid=10549 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir844479570/syzkaller.BBXZ1Y/67/file1/bus" dev="sda1" ino=16085 res=1 errno=0 [ 262.212571][ T28] audit: type=1804 audit(1599749247.149:137): pid=10549 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir844479570/syzkaller.BBXZ1Y/67/file1/bus" dev="sda1" ino=16085 res=1 errno=0 [ 262.237650][ T28] audit: type=1804 audit(1599749247.159:138): pid=10549 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir844479570/syzkaller.BBXZ1Y/67/file1/bus" dev="sda1" ino=16085 res=1 errno=0 14:47:27 executing program 5: creat(&(0x7f00000001c0)='./file0\x00', 0x32) fanotify_init(0x0, 0x0) openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040)='/dev/rfkill\x00', 0x0, 0x0) r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) unshare(0x8000400) mq_open(&(0x7f0000000000)='-$\x00', 0x6e93ebbbcc0884ee, 0x0, 0x0) ioctl$int_in(r0, 0x800000c004500a, &(0x7f0000000300)) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000240)={0x0, 0x0}) mq_getsetattr(0xffffffffffffffff, 0x0, 0x0) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r1+30000000}, 0x0) 14:47:27 executing program 4: bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000000000000000000000611200000000000095000000000000007c0493250b892e97c6"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78) r2 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000100)={r1, r0, 0x2}, 0x10) 14:47:27 executing program 3: bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="180000000000000000000000000000006112000000000000950000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78) r2 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000100)={r1, r0, 0x2}, 0x10) socket$kcm(0xa, 0x2, 0x73) 14:47:27 executing program 2: pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1) r2 = socket$inet_udplite(0x2, 0x2, 0x88) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) close(r1) r4 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r4, 0x10e, 0xc, &(0x7f0000000040)={0xf3a}, 0x10) sendmsg$NLBL_CIPSOV4_C_ADD(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) write(0xffffffffffffffff, &(0x7f0000000180)="1c0000004a005f0214f9f42400", 0xd) splice(r0, 0x0, r1, 0x0, 0xfffd, 0x0) 14:47:27 executing program 1: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000180)="f084153138dd9586940fc9e190d3ba763169c2fae93db272348d937317b8a461e1ab80f02c091db80f1eff7a4e8c16c3327d23d22c2ba061305d2a0d84e4499d41a11aa5a8e62ac25c159b13d0a2a520", 0x50) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f0000000200)={0x26, 'hash\x00', 0x0, 0x0, 'sha384\x00'}, 0x58) splice(r0, 0x0, 0xffffffffffffffff, 0x0, 0x30007, 0x0) 14:47:27 executing program 2: pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1) r2 = socket$inet_udplite(0x2, 0x2, 0x88) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) close(r1) r4 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r4, 0x10e, 0xc, &(0x7f0000000040)={0xf3a}, 0x10) sendmsg$NLBL_CIPSOV4_C_ADD(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) write(0xffffffffffffffff, &(0x7f0000000180)="1c0000004a005f0214f9f424000904", 0xf) splice(r0, 0x0, r1, 0x0, 0xfffd, 0x0) 14:47:27 executing program 3: bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000000000000000000000611200000000000095000000000000007c0493250b892e97c6"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78) r2 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000100)={r1, r0, 0x2}, 0x10) socket$kcm(0xa, 0x2, 0x73) 14:47:27 executing program 4: bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000000000000000000000611200000000000095000000000000007c0493250b892e97c689c050ff047360"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78) r2 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000100)={r1, r0, 0x2}, 0x10) 14:47:27 executing program 5: creat(&(0x7f00000001c0)='./file0\x00', 0x32) fanotify_init(0x0, 0x0) openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040)='/dev/rfkill\x00', 0x0, 0x0) r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) unshare(0x8000400) mq_open(&(0x7f0000000000)='-$\x00', 0x6e93ebbbcc0884ee, 0x0, 0x0) ioctl$int_in(r0, 0x800000c004500a, &(0x7f0000000300)) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000240)={0x0, 0x0}) mq_getsetattr(0xffffffffffffffff, 0x0, 0x0) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r1+30000000}, 0x0) 14:47:27 executing program 3: bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000000000000000000000611200000000000095000000000000007c0493250b892e97c6"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78) r2 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000100)={r1, r0, 0x2}, 0x10) socket$kcm(0xa, 0x2, 0x73) 14:47:27 executing program 4: bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000000000000000000000611200000000000095000000000000007c0493250b892e97c689c050ff047360"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78) r2 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000100)={r1, r0, 0x2}, 0x10) 14:47:27 executing program 0: syz_mount_image$msdos(&(0x7f0000000040)='msdos\x00', &(0x7f00000003c0)='./file1\x00', 0x79d5, 0x0, &(0x7f0000000300), 0x0, &(0x7f0000000080)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') r0 = creat(&(0x7f0000000680)='./bus\x00', 0x0) ftruncate(r0, 0x800) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = fcntl$dupfd(r1, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) lseek(r0, 0x0, 0x2) r4 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0) r5 = open(&(0x7f0000000400)='./bus\x00', 0x14183e, 0x0) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x7ffffe, 0x11, r5, 0x0) write$P9_RLERROR(r5, &(0x7f0000000080)={0x9}, 0x9) sendfile(r0, r4, 0x0, 0x8400f7fffff8) 14:47:27 executing program 2: pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1) r2 = socket$inet_udplite(0x2, 0x2, 0x88) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) close(r1) r4 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r4, 0x10e, 0xc, &(0x7f0000000040)={0xf3a}, 0x10) sendmsg$NLBL_CIPSOV4_C_ADD(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) write(0xffffffffffffffff, &(0x7f0000000180)="1c0000004a005f0214f9f424000904", 0xf) splice(r0, 0x0, r1, 0x0, 0xfffd, 0x0) 14:47:28 executing program 4: bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000000000000000000000611200000000000095000000000000007c0493250b892e97c689c050ff047360"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78) r2 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000100)={r1, r0, 0x2}, 0x10) 14:47:28 executing program 5: creat(&(0x7f00000001c0)='./file0\x00', 0x32) fanotify_init(0x0, 0x0) openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040)='/dev/rfkill\x00', 0x0, 0x0) r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) unshare(0x8000400) mq_open(&(0x7f0000000000)='-$\x00', 0x6e93ebbbcc0884ee, 0x0, 0x0) ioctl$int_in(r0, 0x800000c004500a, &(0x7f0000000300)) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000240)={0x0, 0x0}) mq_getsetattr(0xffffffffffffffff, 0x0, 0x0) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r1+30000000}, 0x0) 14:47:28 executing program 3: bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000000000000000000000611200000000000095000000000000007c0493250b892e97c6"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78) r2 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000100)={r1, r0, 0x2}, 0x10) socket$kcm(0xa, 0x2, 0x73) [ 263.048433][T10580] FAT-fs (loop0): bogus number of reserved sectors [ 263.086469][T10580] FAT-fs (loop0): Can't find a valid FAT filesystem [ 263.197501][ T28] audit: type=1804 audit(1599749248.199:139): pid=10580 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir844479570/syzkaller.BBXZ1Y/68/file1/bus" dev="sda1" ino=16074 res=1 errno=0 14:47:28 executing program 1: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000180)="f084153138dd9586940fc9e190d3ba763169c2fae93db272348d937317b8a461e1ab80f02c091db80f1eff7a4e8c16c3327d23d22c2ba061305d2a0d84e4499d41a11aa5a8e62ac25c159b13d0a2a520", 0x50) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) r2 = socket$alg(0x26, 0x5, 0x0) r3 = accept4(r2, 0x0, 0x0, 0x0) splice(r0, 0x0, r3, 0x0, 0x30007, 0x0) 14:47:28 executing program 2: pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1) r2 = socket$inet_udplite(0x2, 0x2, 0x88) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) close(r1) r4 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r4, 0x10e, 0xc, &(0x7f0000000040)={0xf3a}, 0x10) sendmsg$NLBL_CIPSOV4_C_ADD(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) write(0xffffffffffffffff, &(0x7f0000000180)="1c0000004a005f0214f9f424000904", 0xf) splice(r0, 0x0, r1, 0x0, 0xfffd, 0x0) 14:47:28 executing program 5: creat(&(0x7f00000001c0)='./file0\x00', 0x32) fanotify_init(0x0, 0x0) openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040)='/dev/rfkill\x00', 0x0, 0x0) r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) unshare(0x8000400) mq_open(&(0x7f0000000000)='-$\x00', 0x6e93ebbbcc0884ee, 0x0, 0x0) ioctl$int_in(r0, 0x800000c004500a, &(0x7f0000000300)) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000240)={0x0, 0x0}) mq_getsetattr(0xffffffffffffffff, 0x0, 0x0) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r1+30000000}, 0x0) 14:47:28 executing program 4: bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000000000000000000000611200000000000095000000000000007c0493250b892e97c689c050ff0473608c1d28"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78) r2 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000100)={r1, r0, 0x2}, 0x10) 14:47:28 executing program 3: bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000000000000000000000611200000000000095000000000000007c0493250b892e97c689c050ff047360"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78) r2 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000100)={r1, r0, 0x2}, 0x10) socket$kcm(0xa, 0x2, 0x73) [ 263.350162][ T28] audit: type=1804 audit(1599749248.239:140): pid=10580 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir844479570/syzkaller.BBXZ1Y/68/file1/bus" dev="sda1" ino=16074 res=1 errno=0 14:47:28 executing program 4: bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000000000000000000000611200000000000095000000000000007c0493250b892e97c689c050ff0473608c1d28"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78) r2 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000100)={r1, r0, 0x2}, 0x10) 14:47:28 executing program 2: pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1) r2 = socket$inet_udplite(0x2, 0x2, 0x88) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) close(r1) r4 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r4, 0x10e, 0xc, &(0x7f0000000040)={0xf3a}, 0x10) sendmsg$NLBL_CIPSOV4_C_ADD(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) write(0xffffffffffffffff, &(0x7f0000000180)="1c0000004a005f0214f9f42400090400", 0x10) splice(r0, 0x0, r1, 0x0, 0xfffd, 0x0) [ 263.556450][ T28] audit: type=1804 audit(1599749248.239:141): pid=10580 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir844479570/syzkaller.BBXZ1Y/68/file1/bus" dev="sda1" ino=16074 res=1 errno=0 14:47:28 executing program 0: syz_mount_image$msdos(&(0x7f0000000040)='msdos\x00', &(0x7f00000003c0)='./file1\x00', 0x79d5, 0x0, &(0x7f0000000300), 0x0, &(0x7f0000000080)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') r0 = creat(&(0x7f0000000680)='./bus\x00', 0x0) ftruncate(r0, 0x800) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = fcntl$dupfd(r1, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) lseek(r0, 0x0, 0x2) r4 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0) r5 = open(&(0x7f0000000400)='./bus\x00', 0x14183e, 0x0) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x7ffffe, 0x11, r5, 0x0) write$P9_RLERROR(r5, &(0x7f0000000080)={0x9}, 0x9) sendfile(r0, r4, 0x0, 0x8400f7fffff8) 14:47:28 executing program 5: creat(&(0x7f00000001c0)='./file0\x00', 0x32) fanotify_init(0x0, 0x0) openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040)='/dev/rfkill\x00', 0x0, 0x0) r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) unshare(0x8000400) mq_open(&(0x7f0000000000)='-$\x00', 0x6e93ebbbcc0884ee, 0x0, 0x0) ioctl$int_in(r0, 0x800000c004500a, &(0x7f0000000300)) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000240)={0x0, 0x0}) mq_getsetattr(0xffffffffffffffff, 0x0, 0x0) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r1+30000000}, 0x0) 14:47:28 executing program 3: bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000000000000000000000611200000000000095000000000000007c0493250b892e97c689c050ff047360"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78) r2 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000100)={r1, r0, 0x2}, 0x10) socket$kcm(0xa, 0x2, 0x73) 14:47:28 executing program 4: bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000000000000000000000611200000000000095000000000000007c0493250b892e97c689c050ff0473608c1d28"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78) r2 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000100)={r1, r0, 0x2}, 0x10) 14:47:28 executing program 2: pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1) r2 = socket$inet_udplite(0x2, 0x2, 0x88) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) close(r1) r4 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r4, 0x10e, 0xc, &(0x7f0000000040)={0xf3a}, 0x10) sendmsg$NLBL_CIPSOV4_C_ADD(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) write(0xffffffffffffffff, &(0x7f0000000180)="1c0000004a005f0214f9f42400090400", 0x10) splice(r0, 0x0, r1, 0x0, 0xfffd, 0x0) [ 264.016660][T10620] FAT-fs (loop0): bogus number of reserved sectors [ 264.067277][T10620] FAT-fs (loop0): Can't find a valid FAT filesystem [ 264.110017][ T28] audit: type=1804 audit(1599749249.119:142): pid=10623 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir844479570/syzkaller.BBXZ1Y/69/file1/bus" dev="sda1" ino=15861 res=1 errno=0 14:47:29 executing program 1: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000180)="f084153138dd9586940fc9e190d3ba763169c2fae93db272348d937317b8a461e1ab80f02c091db80f1eff7a4e8c16c3327d23d22c2ba061305d2a0d84e4499d41a11aa5a8e62ac25c159b13d0a2a520", 0x50) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) r2 = socket$alg(0x26, 0x5, 0x0) r3 = accept4(r2, 0x0, 0x0, 0x0) splice(r0, 0x0, r3, 0x0, 0x30007, 0x0) 14:47:29 executing program 3: bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000000000000000000000611200000000000095000000000000007c0493250b892e97c689c050ff047360"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78) r2 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000100)={r1, r0, 0x2}, 0x10) socket$kcm(0xa, 0x2, 0x73) 14:47:29 executing program 4: bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000000000000000000000611200000000000095000000000000007c0493250b892e97c689c050ff0473608c1d28d9d6"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78) r2 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000100)={r1, r0, 0x2}, 0x10) 14:47:29 executing program 2: pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1) r2 = socket$inet_udplite(0x2, 0x2, 0x88) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) close(r1) r4 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r4, 0x10e, 0xc, &(0x7f0000000040)={0xf3a}, 0x10) sendmsg$NLBL_CIPSOV4_C_ADD(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) write(0xffffffffffffffff, &(0x7f0000000180)="1c0000004a005f0214f9f42400090400", 0x10) splice(r0, 0x0, r1, 0x0, 0xfffd, 0x0) 14:47:29 executing program 5: creat(&(0x7f00000001c0)='./file0\x00', 0x32) fanotify_init(0x0, 0x0) openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040)='/dev/rfkill\x00', 0x0, 0x0) r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) unshare(0x8000400) mq_open(&(0x7f0000000000)='-$\x00', 0x6e93ebbbcc0884ee, 0x0, 0x0) ioctl$int_in(r0, 0x800000c004500a, &(0x7f0000000300)) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000240)={0x0, 0x0}) mq_getsetattr(0xffffffffffffffff, 0x0, 0x0) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r1+30000000}, 0x0) 14:47:29 executing program 3: bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000000000000000000000611200000000000095000000000000007c0493250b892e97c689c050ff0473608c1d28"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78) r2 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000100)={r1, r0, 0x2}, 0x10) socket$kcm(0xa, 0x2, 0x73) 14:47:29 executing program 4: bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000000000000000000000611200000000000095000000000000007c0493250b892e97c689c050ff0473608c1d28d9d6"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78) r2 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000100)={r1, r0, 0x2}, 0x10) 14:47:29 executing program 5: creat(&(0x7f00000001c0)='./file0\x00', 0x32) fanotify_init(0x0, 0x0) openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040)='/dev/rfkill\x00', 0x0, 0x0) r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) unshare(0x8000400) mq_open(&(0x7f0000000000)='-$\x00', 0x6e93ebbbcc0884ee, 0x0, 0x0) ioctl$int_in(r0, 0x800000c004500a, &(0x7f0000000300)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000240)={0x0, 0x0}) mq_getsetattr(0xffffffffffffffff, 0x0, 0x0) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r1+30000000}, 0x0) 14:47:29 executing program 2: pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r0, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1) r1 = socket$inet_udplite(0x2, 0x2, 0x88) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) close(r0) r3 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r3, 0x10e, 0xc, &(0x7f0000000040)={0xf3a}, 0x10) sendmsg$NLBL_CIPSOV4_C_ADD(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) write(0xffffffffffffffff, &(0x7f0000000180)="1c0000004a005f0214f9f424000904000a", 0xfffffffffffffc70) splice(0xffffffffffffffff, 0x0, r0, 0x0, 0xfffd, 0x0) 14:47:29 executing program 3: bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000000000000000000000611200000000000095000000000000007c0493250b892e97c689c050ff0473608c1d28"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78) r2 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000100)={r1, r0, 0x2}, 0x10) socket$kcm(0xa, 0x2, 0x73) 14:47:29 executing program 4: bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000000000000000000000611200000000000095000000000000007c0493250b892e97c689c050ff0473608c1d28d9d6"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78) r2 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000100)={r1, r0, 0x2}, 0x10) 14:47:29 executing program 0: syz_mount_image$msdos(&(0x7f0000000040)='msdos\x00', &(0x7f00000003c0)='./file1\x00', 0x79d5, 0x1, &(0x7f0000000300)=[{0x0}], 0x0, &(0x7f0000000080)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') r0 = creat(&(0x7f0000000680)='./bus\x00', 0x0) ftruncate(r0, 0x800) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = fcntl$dupfd(r1, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) lseek(r0, 0x0, 0x2) r4 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0) r5 = open(&(0x7f0000000400)='./bus\x00', 0x14183e, 0x0) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x7ffffe, 0x11, r5, 0x0) write$P9_RLERROR(r5, &(0x7f0000000080)={0x9}, 0x9) sendfile(r0, r4, 0x0, 0x8400f7fffff8) [ 264.974197][T10655] FAT-fs (loop0): bogus number of reserved sectors [ 264.985665][T10655] FAT-fs (loop0): Can't find a valid FAT filesystem 14:47:30 executing program 1: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000180)="f084153138dd9586940fc9e190d3ba763169c2fae93db272348d937317b8a461e1ab80f02c091db80f1eff7a4e8c16c3327d23d22c2ba061305d2a0d84e4499d41a11aa5a8e62ac25c159b13d0a2a520", 0x50) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) r2 = socket$alg(0x26, 0x5, 0x0) r3 = accept4(r2, 0x0, 0x0, 0x0) splice(r0, 0x0, r3, 0x0, 0x30007, 0x0) 14:47:30 executing program 4: bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000000000000000000000611200000000000095000000000000007c0493250b892e97c689c050ff0473608c1d28d9d608"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78) r2 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000100)={r1, r0, 0x2}, 0x10) 14:47:30 executing program 3: bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000000000000000000000611200000000000095000000000000007c0493250b892e97c689c050ff0473608c1d28"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78) r2 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000100)={r1, r0, 0x2}, 0x10) socket$kcm(0xa, 0x2, 0x73) 14:47:30 executing program 2: pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r0, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1) r1 = socket$inet_udplite(0x2, 0x2, 0x88) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) close(r0) r3 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r3, 0x10e, 0xc, &(0x7f0000000040)={0xf3a}, 0x10) sendmsg$NLBL_CIPSOV4_C_ADD(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) write(0xffffffffffffffff, &(0x7f0000000180)="1c0000004a005f0214f9f424000904000a", 0xfffffffffffffc70) splice(0xffffffffffffffff, 0x0, r0, 0x0, 0xfffd, 0x0) 14:47:30 executing program 3: bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000000000000000000000611200000000000095000000000000007c0493250b892e97c689c050ff0473608c1d28d9d6"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78) r2 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000100)={r1, r0, 0x2}, 0x10) socket$kcm(0xa, 0x2, 0x73) 14:47:30 executing program 4: bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000000000000000000000611200000000000095000000000000007c0493250b892e97c689c050ff0473608c1d28d9d608"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78) r2 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000100)={r1, r0, 0x2}, 0x10) 14:47:30 executing program 2: pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r0, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1) r1 = socket$inet_udplite(0x2, 0x2, 0x88) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) close(r0) r3 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r3, 0x10e, 0xc, &(0x7f0000000040)={0xf3a}, 0x10) sendmsg$NLBL_CIPSOV4_C_ADD(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) write(0xffffffffffffffff, &(0x7f0000000180)="1c0000004a005f0214f9f424000904000a", 0xfffffffffffffc70) splice(0xffffffffffffffff, 0x0, r0, 0x0, 0xfffd, 0x0) 14:47:30 executing program 5: creat(&(0x7f00000001c0)='./file0\x00', 0x32) fanotify_init(0x0, 0x0) openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040)='/dev/rfkill\x00', 0x0, 0x0) r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) unshare(0x8000400) mq_open(&(0x7f0000000000)='-$\x00', 0x6e93ebbbcc0884ee, 0x0, 0x0) ioctl$int_in(r0, 0x800000c004500a, &(0x7f0000000300)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000240)={0x0, 0x0}) mq_getsetattr(0xffffffffffffffff, 0x0, 0x0) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r1+30000000}, 0x0) 14:47:30 executing program 4: bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000000000000000000000611200000000000095000000000000007c0493250b892e97c689c050ff0473608c1d28d9d608"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78) r2 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000100)={r1, r0, 0x2}, 0x10) 14:47:30 executing program 3: bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000000000000000000000611200000000000095000000000000007c0493250b892e97c689c050ff0473608c1d28d9d6"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78) r2 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000100)={r1, r0, 0x2}, 0x10) socket$kcm(0xa, 0x2, 0x73) 14:47:30 executing program 2: pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1) r2 = socket$inet_udplite(0x2, 0x2, 0x88) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) close(r1) r4 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r4, 0x10e, 0xc, &(0x7f0000000040)={0xf3a}, 0x10) sendmsg$NLBL_CIPSOV4_C_ADD(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) write(0xffffffffffffffff, &(0x7f0000000180)="1c0000004a005f0214f9f424000904000a", 0xfffffffffffffc70) splice(r0, 0x0, 0xffffffffffffffff, 0x0, 0xfffd, 0x0) 14:47:30 executing program 0: syz_mount_image$msdos(&(0x7f0000000040)='msdos\x00', &(0x7f00000003c0)='./file1\x00', 0x79d5, 0x1, &(0x7f0000000300)=[{0x0}], 0x0, &(0x7f0000000080)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') r0 = creat(&(0x7f0000000680)='./bus\x00', 0x0) ftruncate(r0, 0x800) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = fcntl$dupfd(r1, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) lseek(r0, 0x0, 0x2) r4 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0) r5 = open(&(0x7f0000000400)='./bus\x00', 0x14183e, 0x0) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x7ffffe, 0x11, r5, 0x0) write$P9_RLERROR(r5, &(0x7f0000000080)={0x9}, 0x9) sendfile(r0, r4, 0x0, 0x8400f7fffff8) [ 265.993667][T10689] FAT-fs (loop0): bogus number of reserved sectors [ 266.000800][T10689] FAT-fs (loop0): Can't find a valid FAT filesystem 14:47:31 executing program 1: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000180)="f084153138dd9586940fc9e190d3ba763169c2fae93db272348d937317b8a461e1ab80f02c091db80f1eff7a4e8c16c3327d23d22c2ba061305d2a0d84e4499d41a11aa5a8e62ac25c159b13d0a2a520", 0x50) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) bind$alg(0xffffffffffffffff, &(0x7f0000000200)={0x26, 'hash\x00', 0x0, 0x0, 'sha384\x00'}, 0x58) r2 = accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) splice(r0, 0x0, r2, 0x0, 0x30007, 0x0) 14:47:31 executing program 3: bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000000000000000000000611200000000000095000000000000007c0493250b892e97c689c050ff0473608c1d28d9d6"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78) r2 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000100)={r1, r0, 0x2}, 0x10) socket$kcm(0xa, 0x2, 0x73) 14:47:31 executing program 2: pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1) r2 = socket$inet_udplite(0x2, 0x2, 0x88) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) close(r1) r4 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r4, 0x10e, 0xc, &(0x7f0000000040)={0xf3a}, 0x10) sendmsg$NLBL_CIPSOV4_C_ADD(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) write(0xffffffffffffffff, &(0x7f0000000180)="1c0000004a005f0214f9f424000904000a", 0xfffffffffffffc70) splice(r0, 0x0, 0xffffffffffffffff, 0x0, 0xfffd, 0x0) 14:47:31 executing program 4: bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000000000000000000000611200000000000095000000000000007c0493250b892e97c689c050ff0473608c1d28d9d608"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) r2 = socket$kcm(0x2b, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000100)={r1, r0, 0x2}, 0x10) 14:47:31 executing program 2: pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1) r2 = socket$inet_udplite(0x2, 0x2, 0x88) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) close(r1) r4 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r4, 0x10e, 0xc, &(0x7f0000000040)={0xf3a}, 0x10) sendmsg$NLBL_CIPSOV4_C_ADD(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) write(0xffffffffffffffff, &(0x7f0000000180)="1c0000004a005f0214f9f424000904000a", 0xfffffffffffffc70) splice(r0, 0x0, 0xffffffffffffffff, 0x0, 0xfffd, 0x0) 14:47:31 executing program 3: bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000000000000000000000611200000000000095000000000000007c0493250b892e97c689c050ff0473608c1d28d9d608"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78) r2 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000100)={r1, r0, 0x2}, 0x10) socket$kcm(0xa, 0x2, 0x73) 14:47:31 executing program 4: bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000000000000000000000611200000000000095000000000000007c0493250b892e97c689c050ff0473608c1d28d9d608"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) r2 = socket$kcm(0x2b, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000100)={r1, r0, 0x2}, 0x10) 14:47:31 executing program 5: creat(&(0x7f00000001c0)='./file0\x00', 0x32) fanotify_init(0x0, 0x0) openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040)='/dev/rfkill\x00', 0x0, 0x0) r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) unshare(0x8000400) mq_open(&(0x7f0000000000)='-$\x00', 0x6e93ebbbcc0884ee, 0x0, 0x0) ioctl$int_in(r0, 0x800000c004500a, &(0x7f0000000300)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000240)={0x0, 0x0}) mq_getsetattr(0xffffffffffffffff, 0x0, 0x0) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r1+30000000}, 0x0) 14:47:31 executing program 2: pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1) r2 = socket$inet_udplite(0x2, 0x2, 0x88) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) close(r1) r4 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r4, 0x10e, 0xc, &(0x7f0000000040)={0xf3a}, 0x10) sendmsg$NLBL_CIPSOV4_C_ADD(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) write(0xffffffffffffffff, &(0x7f0000000180)="1c0000004a005f0214f9f424000904000a", 0xfffffffffffffc70) splice(r0, 0x0, r1, 0x0, 0x0, 0x0) 14:47:31 executing program 3: bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000000000000000000000611200000000000095000000000000007c0493250b892e97c689c050ff0473608c1d28d9d608"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78) r2 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000100)={r1, r0, 0x2}, 0x10) socket$kcm(0xa, 0x2, 0x73) 14:47:31 executing program 4: bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000000000000000000000611200000000000095000000000000007c0493250b892e97c689c050ff0473608c1d28d9d608"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) r2 = socket$kcm(0x2b, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000100)={r1, r0, 0x2}, 0x10) 14:47:31 executing program 2: pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1) r2 = socket$inet_udplite(0x2, 0x2, 0x88) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) close(r1) r4 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r4, 0x10e, 0xc, &(0x7f0000000040)={0xf3a}, 0x10) sendmsg$NLBL_CIPSOV4_C_ADD(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) write(0xffffffffffffffff, &(0x7f0000000180)="1c0000004a005f0214f9f424000904000a", 0xfffffffffffffc70) splice(r0, 0x0, r1, 0x0, 0x0, 0x0) 14:47:32 executing program 1: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000180)="f084153138dd9586940fc9e190d3ba763169c2fae93db272348d937317b8a461e1ab80f02c091db80f1eff7a4e8c16c3327d23d22c2ba061305d2a0d84e4499d41a11aa5a8e62ac25c159b13d0a2a520", 0x50) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) bind$alg(0xffffffffffffffff, &(0x7f0000000200)={0x26, 'hash\x00', 0x0, 0x0, 'sha384\x00'}, 0x58) r2 = accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) splice(r0, 0x0, r2, 0x0, 0x30007, 0x0) 14:47:32 executing program 0: syz_mount_image$msdos(&(0x7f0000000040)='msdos\x00', &(0x7f00000003c0)='./file1\x00', 0x79d5, 0x1, &(0x7f0000000300)=[{0x0}], 0x0, &(0x7f0000000080)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') r0 = creat(&(0x7f0000000680)='./bus\x00', 0x0) ftruncate(r0, 0x800) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = fcntl$dupfd(r1, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) lseek(r0, 0x0, 0x2) r4 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0) r5 = open(&(0x7f0000000400)='./bus\x00', 0x14183e, 0x0) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x7ffffe, 0x11, r5, 0x0) write$P9_RLERROR(r5, &(0x7f0000000080)={0x9}, 0x9) sendfile(r0, r4, 0x0, 0x8400f7fffff8) 14:47:32 executing program 3: bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000000000000000000000611200000000000095000000000000007c0493250b892e97c689c050ff0473608c1d28d9d608"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78) r2 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000100)={r1, r0, 0x2}, 0x10) socket$kcm(0xa, 0x2, 0x73) 14:47:32 executing program 4: bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000000000000000000000611200000000000095000000000000007c0493250b892e97c689c050ff0473608c1d28d9d608"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000100)={r1, r0, 0x2}, 0x10) 14:47:32 executing program 2: pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1) r2 = socket$inet_udplite(0x2, 0x2, 0x88) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) close(r1) r4 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r4, 0x10e, 0xc, &(0x7f0000000040)={0xf3a}, 0x10) sendmsg$NLBL_CIPSOV4_C_ADD(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) write(0xffffffffffffffff, &(0x7f0000000180)="1c0000004a005f0214f9f424000904000a", 0xfffffffffffffc70) splice(r0, 0x0, r1, 0x0, 0x0, 0x0) 14:47:32 executing program 4: bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000000000000000000000611200000000000095000000000000007c0493250b892e97c689c050ff0473608c1d28d9d608"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000100)={r1, r0, 0x2}, 0x10) 14:47:32 executing program 3: bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000000000000000000000611200000000000095000000000000007c0493250b892e97c689c050ff0473608c1d28d9d608"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) r2 = socket$kcm(0x2b, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000100)={r1, r0, 0x2}, 0x10) socket$kcm(0xa, 0x2, 0x73) [ 267.229552][T10731] FAT-fs (loop0): bogus number of reserved sectors [ 267.236375][T10731] FAT-fs (loop0): Can't find a valid FAT filesystem [ 267.293412][ T28] kauditd_printk_skb: 8 callbacks suppressed [ 267.293426][ T28] audit: type=1804 audit(1599749252.299:151): pid=10731 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir844479570/syzkaller.BBXZ1Y/72/file1/bus" dev="sda1" ino=16113 res=1 errno=0 [ 267.397142][ T28] audit: type=1804 audit(1599749252.339:152): pid=10731 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir844479570/syzkaller.BBXZ1Y/72/file1/bus" dev="sda1" ino=16113 res=1 errno=0 [ 267.429313][ T28] audit: type=1804 audit(1599749252.339:153): pid=10731 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir844479570/syzkaller.BBXZ1Y/72/file1/bus" dev="sda1" ino=16113 res=1 errno=0 14:47:32 executing program 5: creat(&(0x7f00000001c0)='./file0\x00', 0x32) fanotify_init(0x0, 0x0) openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040)='/dev/rfkill\x00', 0x0, 0x0) r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) unshare(0x8000400) mq_open(&(0x7f0000000000)='-$\x00', 0x6e93ebbbcc0884ee, 0x0, 0x0) ioctl$int_in(r0, 0x800000c004500a, &(0x7f0000000300)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_gettime(0x0, 0x0) mq_getsetattr(0xffffffffffffffff, 0x0, 0x0) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200), 0x0) 14:47:32 executing program 2: mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x3000009, 0x10032, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = userfaultfd(0x0) ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000000040)) ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000000000)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r3 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_DELAYED_SACK(r3, 0x84, 0x70, &(0x7f0000013ff4)=@assoc_value, &(0x7f0000002000)=0x8) getsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r3, 0x84, 0xa, &(0x7f00000001c0), &(0x7f0000000200)=0x20) r4 = socket$inet_udp(0x2, 0x2, 0x0) r5 = dup2(r4, r3) dup3(r5, r2, 0x0) 14:47:32 executing program 4: bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000000000000000000000611200000000000095000000000000007c0493250b892e97c689c050ff0473608c1d28d9d608"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000100)={r1, r0, 0x2}, 0x10) 14:47:32 executing program 3: bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000000000000000000000611200000000000095000000000000007c0493250b892e97c689c050ff0473608c1d28d9d608"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) r2 = socket$kcm(0x2b, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000100)={r1, r0, 0x2}, 0x10) socket$kcm(0xa, 0x2, 0x73) 14:47:32 executing program 3: bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000000000000000000000611200000000000095000000000000007c0493250b892e97c689c050ff0473608c1d28d9d608"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) r2 = socket$kcm(0x2b, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000100)={r1, r0, 0x2}, 0x10) socket$kcm(0xa, 0x2, 0x73) 14:47:33 executing program 1: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000180)="f084153138dd9586940fc9e190d3ba763169c2fae93db272348d937317b8a461e1ab80f02c091db80f1eff7a4e8c16c3327d23d22c2ba061305d2a0d84e4499d41a11aa5a8e62ac25c159b13d0a2a520", 0x50) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) bind$alg(0xffffffffffffffff, &(0x7f0000000200)={0x26, 'hash\x00', 0x0, 0x0, 'sha384\x00'}, 0x58) r2 = accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) splice(r0, 0x0, r2, 0x0, 0x30007, 0x0) 14:47:33 executing program 0: syz_mount_image$msdos(&(0x7f0000000040)='msdos\x00', &(0x7f00000003c0)='./file1\x00', 0x79d5, 0x1, &(0x7f0000000300)=[{&(0x7f0000000140)}], 0x0, &(0x7f0000000080)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') r0 = creat(&(0x7f0000000680)='./bus\x00', 0x0) ftruncate(r0, 0x800) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = fcntl$dupfd(r1, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) lseek(r0, 0x0, 0x2) r4 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0) r5 = open(&(0x7f0000000400)='./bus\x00', 0x14183e, 0x0) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x7ffffe, 0x11, r5, 0x0) write$P9_RLERROR(r5, &(0x7f0000000080)={0x9}, 0x9) sendfile(r0, r4, 0x0, 0x8400f7fffff8) 14:47:33 executing program 4: bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000000000000000000000611200000000000095000000000000007c0493250b892e97c689c050ff0473608c1d28d9d608"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) r2 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x0) bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000100)={r1, r0, 0x2}, 0x10) 14:47:33 executing program 2: mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x3000009, 0x10032, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = userfaultfd(0x0) ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000000040)) ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000000000)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r3 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_DELAYED_SACK(r3, 0x84, 0x70, &(0x7f0000013ff4)=@assoc_value, &(0x7f0000002000)=0x8) getsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r3, 0x84, 0xa, &(0x7f00000001c0), &(0x7f0000000200)=0x20) r4 = socket$inet_udp(0x2, 0x2, 0x0) r5 = dup2(r4, r3) dup3(r5, r2, 0x0) 14:47:33 executing program 3: bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000000000000000000000611200000000000095000000000000007c0493250b892e97c689c050ff0473608c1d28d9d608"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000100)={r1, r0, 0x2}, 0x10) socket$kcm(0xa, 0x2, 0x73) 14:47:33 executing program 3: bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000000000000000000000611200000000000095000000000000007c0493250b892e97c689c050ff0473608c1d28d9d608"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000100)={r1, r0, 0x2}, 0x10) socket$kcm(0xa, 0x2, 0x73) 14:47:33 executing program 4: bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000000000000000000000611200000000000095000000000000007c0493250b892e97c689c050ff0473608c1d28d9d608"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) r2 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x0) bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000100)={r1, r0, 0x2}, 0x10) [ 268.379434][T10772] FAT-fs (loop0): bogus number of reserved sectors [ 268.404988][T10772] FAT-fs (loop0): Can't find a valid FAT filesystem 14:47:33 executing program 5: creat(&(0x7f00000001c0)='./file0\x00', 0x32) fanotify_init(0x0, 0x0) openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040)='/dev/rfkill\x00', 0x0, 0x0) r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) unshare(0x8000400) mq_open(&(0x7f0000000000)='-$\x00', 0x6e93ebbbcc0884ee, 0x0, 0x0) ioctl$int_in(r0, 0x800000c004500a, &(0x7f0000000300)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_gettime(0x0, 0x0) mq_getsetattr(0xffffffffffffffff, 0x0, 0x0) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200), 0x0) [ 268.480858][ T28] audit: type=1804 audit(1599749253.490:154): pid=10777 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir844479570/syzkaller.BBXZ1Y/73/file1/bus" dev="sda1" ino=16120 res=1 errno=0 14:47:33 executing program 2: mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x3000009, 0x10032, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = userfaultfd(0x0) ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000000040)) ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000000000)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r3 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_DELAYED_SACK(r3, 0x84, 0x70, &(0x7f0000013ff4)=@assoc_value, &(0x7f0000002000)=0x8) getsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r3, 0x84, 0xa, &(0x7f00000001c0), &(0x7f0000000200)=0x20) r4 = socket$inet_udp(0x2, 0x2, 0x0) r5 = dup2(r4, r3) dup3(r5, r2, 0x0) 14:47:33 executing program 3: bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000000000000000000000611200000000000095000000000000007c0493250b892e97c689c050ff0473608c1d28d9d608"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000100)={r1, r0, 0x2}, 0x10) socket$kcm(0xa, 0x2, 0x73) 14:47:33 executing program 4: bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000000000000000000000611200000000000095000000000000007c0493250b892e97c689c050ff0473608c1d28d9d608"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) r2 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x0) bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000100)={r1, r0, 0x2}, 0x10) [ 268.619831][ T28] audit: type=1804 audit(1599749253.520:155): pid=10777 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir844479570/syzkaller.BBXZ1Y/73/file1/bus" dev="sda1" ino=16120 res=1 errno=0 [ 268.651847][ T28] audit: type=1804 audit(1599749253.520:156): pid=10777 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir844479570/syzkaller.BBXZ1Y/73/file1/bus" dev="sda1" ino=16120 res=1 errno=0 14:47:33 executing program 3: bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000000000000000000000611200000000000095000000000000007c0493250b892e97c689c050ff0473608c1d28d9d608"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) r2 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x0) bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000100)={r1, r0, 0x2}, 0x10) socket$kcm(0xa, 0x2, 0x73) 14:47:34 executing program 1: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000180)="f084153138dd9586940fc9e190d3ba763169c2fae93db272348d937317b8a461e1ab80f02c091db80f1eff7a4e8c16c3327d23d22c2ba061305d2a0d84e4499d41a11aa5a8e62ac25c159b13d0a2a520", 0x50) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f0000000200)={0x26, 'hash\x00', 0x0, 0x0, 'sha384\x00'}, 0x58) r3 = accept4(r2, 0x0, 0x0, 0x0) splice(r0, 0x0, r3, 0x0, 0x30007, 0x0) 14:47:34 executing program 4: bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000000000000000000000611200000000000095000000000000007c0493250b892e97c689c050ff0473608c1d28d9d608"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) r0 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) bpf$BPF_LINK_CREATE(0x1c, 0x0, 0x0) 14:47:34 executing program 5: creat(&(0x7f00000001c0)='./file0\x00', 0x32) fanotify_init(0x0, 0x0) openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040)='/dev/rfkill\x00', 0x0, 0x0) r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) unshare(0x8000400) mq_open(&(0x7f0000000000)='-$\x00', 0x6e93ebbbcc0884ee, 0x0, 0x0) ioctl$int_in(r0, 0x800000c004500a, &(0x7f0000000300)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_gettime(0x0, 0x0) mq_getsetattr(0xffffffffffffffff, 0x0, 0x0) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200), 0x0) 14:47:34 executing program 3: bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000000000000000000000611200000000000095000000000000007c0493250b892e97c689c050ff0473608c1d28d9d608"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) r2 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x0) bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000100)={r1, r0, 0x2}, 0x10) socket$kcm(0xa, 0x2, 0x73) 14:47:34 executing program 2: mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x3000009, 0x10032, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = userfaultfd(0x0) ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000000040)) ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000000000)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r3 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_DELAYED_SACK(r3, 0x84, 0x70, &(0x7f0000013ff4)=@assoc_value, &(0x7f0000002000)=0x8) getsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r3, 0x84, 0xa, &(0x7f00000001c0), &(0x7f0000000200)=0x20) r4 = socket$inet_udp(0x2, 0x2, 0x0) r5 = dup2(r4, r3) dup3(r5, r2, 0x0) 14:47:34 executing program 1: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000180)="f084153138dd9586940fc9e190d3ba763169c2fae93db272348d937317b8a461e1ab80f02c091db80f1eff7a4e8c16c3327d23d22c2ba061305d2a0d84e4499d41a11aa5a8e62ac25c159b13d0a2a520", 0x50) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f0000000200)={0x26, 'hash\x00', 0x0, 0x0, 'sha384\x00'}, 0x58) r3 = accept4(r2, 0x0, 0x0, 0x0) splice(r0, 0x0, r3, 0x0, 0x30007, 0x0) 14:47:34 executing program 0: syz_mount_image$msdos(&(0x7f0000000040)='msdos\x00', &(0x7f00000003c0)='./file1\x00', 0x79d5, 0x1, &(0x7f0000000300)=[{&(0x7f0000000140)}], 0x0, &(0x7f0000000080)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') r0 = creat(&(0x7f0000000680)='./bus\x00', 0x0) ftruncate(r0, 0x800) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = fcntl$dupfd(r1, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) lseek(r0, 0x0, 0x2) r4 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0) r5 = open(&(0x7f0000000400)='./bus\x00', 0x14183e, 0x0) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x7ffffe, 0x11, r5, 0x0) write$P9_RLERROR(r5, &(0x7f0000000080)={0x9}, 0x9) sendfile(r0, r4, 0x0, 0x8400f7fffff8) 14:47:34 executing program 1: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000180)="f084153138dd9586940fc9e190d3ba763169c2fae93db272348d937317b8a461e1ab80f02c091db80f1eff7a4e8c16c3327d23d22c2ba061305d2a0d84e4499d41a11aa5a8e62ac25c159b13d0a2a520", 0x50) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f0000000200)={0x26, 'hash\x00', 0x0, 0x0, 'sha384\x00'}, 0x58) r3 = accept4(r2, 0x0, 0x0, 0x0) splice(r0, 0x0, r3, 0x0, 0x30007, 0x0) 14:47:34 executing program 3: bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000000000000000000000611200000000000095000000000000007c0493250b892e97c689c050ff0473608c1d28d9d608"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) r2 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x0) bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000100)={r1, r0, 0x2}, 0x10) socket$kcm(0xa, 0x2, 0x73) [ 269.332957][T10809] FAT-fs (loop0): bogus number of reserved sectors [ 269.342153][T10809] FAT-fs (loop0): Can't find a valid FAT filesystem 14:47:34 executing program 4: bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000000000000000000000611200000000000095000000000000007c0493250b892e97c689c050ff0473608c1d28d9d608"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) r0 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) bpf$BPF_LINK_CREATE(0x1c, 0x0, 0x0) [ 269.388449][ T28] audit: type=1804 audit(1599749254.400:157): pid=10816 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir844479570/syzkaller.BBXZ1Y/74/file1/bus" dev="sda1" ino=16149 res=1 errno=0 14:47:34 executing program 1: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f0000000200)={0x26, 'hash\x00', 0x0, 0x0, 'sha384\x00'}, 0x58) r3 = accept4(r2, 0x0, 0x0, 0x0) splice(r0, 0x0, r3, 0x0, 0x30007, 0x0) 14:47:34 executing program 3: bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000000000000000000000611200000000000095000000000000007c0493250b892e97c689c050ff0473608c1d28d9d608"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) r0 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) bpf$BPF_LINK_CREATE(0x1c, 0x0, 0x0) socket$kcm(0xa, 0x2, 0x73) [ 269.532412][ T28] audit: type=1804 audit(1599749254.430:158): pid=10809 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir844479570/syzkaller.BBXZ1Y/74/file1/bus" dev="sda1" ino=16149 res=1 errno=0 14:47:34 executing program 2: mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x3000009, 0x10032, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = userfaultfd(0x0) ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000000040)) ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000000000)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r3 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_DELAYED_SACK(r3, 0x84, 0x70, &(0x7f0000013ff4)=@assoc_value, &(0x7f0000002000)=0x8) getsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r3, 0x84, 0xa, &(0x7f00000001c0), &(0x7f0000000200)=0x20) r4 = socket$inet_udp(0x2, 0x2, 0x0) dup2(r4, r3) 14:47:34 executing program 4: bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000000000000000000000611200000000000095000000000000007c0493250b892e97c689c050ff0473608c1d28d9d608"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) r0 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) bpf$BPF_LINK_CREATE(0x1c, 0x0, 0x0) [ 269.750091][ T28] audit: type=1804 audit(1599749254.430:159): pid=10809 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir844479570/syzkaller.BBXZ1Y/74/file1/bus" dev="sda1" ino=16149 res=1 errno=0 14:47:34 executing program 5: creat(&(0x7f00000001c0)='./file0\x00', 0x32) fanotify_init(0x0, 0x0) openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040)='/dev/rfkill\x00', 0x0, 0x0) r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) unshare(0x8000400) mq_open(&(0x7f0000000000)='-$\x00', 0x6e93ebbbcc0884ee, 0x0, 0x0) ioctl$int_in(r0, 0x800000c004500a, &(0x7f0000000300)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000240)={0x0, 0x0}) mq_getsetattr(0xffffffffffffffff, 0x0, 0x0) pselect6(0x0, 0x0, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r1+30000000}, 0x0) 14:47:34 executing program 3: bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000000000000000000000611200000000000095000000000000007c0493250b892e97c689c050ff0473608c1d28d9d608"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) r0 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) bpf$BPF_LINK_CREATE(0x1c, 0x0, 0x0) socket$kcm(0xa, 0x2, 0x73) 14:47:35 executing program 4: bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000000000000000000000611200000000000095000000000000007c0493250b892e97c689c050ff0473608c1d28d9d608"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000100)={0xffffffffffffffff, r0, 0x2}, 0x10) 14:47:35 executing program 0: syz_mount_image$msdos(&(0x7f0000000040)='msdos\x00', &(0x7f00000003c0)='./file1\x00', 0x79d5, 0x1, &(0x7f0000000300)=[{&(0x7f0000000140)}], 0x0, &(0x7f0000000080)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') r0 = creat(&(0x7f0000000680)='./bus\x00', 0x0) ftruncate(r0, 0x800) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = fcntl$dupfd(r1, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) lseek(r0, 0x0, 0x2) r4 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0) r5 = open(&(0x7f0000000400)='./bus\x00', 0x14183e, 0x0) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x7ffffe, 0x11, r5, 0x0) write$P9_RLERROR(r5, &(0x7f0000000080)={0x9}, 0x9) sendfile(r0, r4, 0x0, 0x8400f7fffff8) 14:47:35 executing program 3: bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000000000000000000000611200000000000095000000000000007c0493250b892e97c689c050ff0473608c1d28d9d608"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) r0 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) bpf$BPF_LINK_CREATE(0x1c, 0x0, 0x0) socket$kcm(0xa, 0x2, 0x73) 14:47:35 executing program 4: bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000000000000000000000611200000000000095000000000000007c0493250b892e97c689c050ff0473608c1d28d9d608"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000100)={0xffffffffffffffff, r0, 0x2}, 0x10) 14:47:35 executing program 4: bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000000000000000000000611200000000000095000000000000007c0493250b892e97c689c050ff0473608c1d28d9d608"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000100)={0xffffffffffffffff, r0, 0x2}, 0x10) 14:47:35 executing program 4: bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000000000000000000000611200000000000095000000000000007c0493250b892e97c689c050ff0473608c1d28d9d608"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000100)={r0, 0xffffffffffffffff, 0x2}, 0x10) [ 270.288056][T10848] FAT-fs (loop0): bogus number of reserved sectors [ 270.294594][T10848] FAT-fs (loop0): Can't find a valid FAT filesystem [ 270.359735][ T28] audit: type=1804 audit(1599749255.370:160): pid=10853 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir844479570/syzkaller.BBXZ1Y/75/file1/bus" dev="sda1" ino=16143 res=1 errno=0 14:47:35 executing program 1: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f0000000200)={0x26, 'hash\x00', 0x0, 0x0, 'sha384\x00'}, 0x58) r3 = accept4(r2, 0x0, 0x0, 0x0) splice(r0, 0x0, r3, 0x0, 0x30007, 0x0) 14:47:35 executing program 4: bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000000000000000000000611200000000000095000000000000007c0493250b892e97c689c050ff0473608c1d28d9d608"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000100)={r0, 0xffffffffffffffff, 0x2}, 0x10) 14:47:35 executing program 2: mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x3000009, 0x10032, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = userfaultfd(0x0) ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000000040)) ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000000000)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r3 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_DELAYED_SACK(r3, 0x84, 0x70, &(0x7f0000013ff4)=@assoc_value, &(0x7f0000002000)=0x8) getsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r3, 0x84, 0xa, &(0x7f00000001c0), &(0x7f0000000200)=0x20) r4 = socket$inet_udp(0x2, 0x2, 0x0) dup2(r4, r3) 14:47:35 executing program 3: bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000000000000000000000611200000000000095000000000000007c0493250b892e97c689c050ff0473608c1d28d9d608"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000100)={0xffffffffffffffff, r0, 0x2}, 0x10) socket$kcm(0xa, 0x2, 0x73) 14:47:35 executing program 5: creat(&(0x7f00000001c0)='./file0\x00', 0x32) fanotify_init(0x0, 0x0) openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040)='/dev/rfkill\x00', 0x0, 0x0) r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) unshare(0x8000400) mq_open(&(0x7f0000000000)='-$\x00', 0x6e93ebbbcc0884ee, 0x0, 0x0) ioctl$int_in(r0, 0x800000c004500a, &(0x7f0000000300)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000240)={0x0, 0x0}) mq_getsetattr(0xffffffffffffffff, 0x0, 0x0) pselect6(0x0, 0x0, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r1+30000000}, 0x0) 14:47:35 executing program 4: bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000000000000000000000611200000000000095000000000000007c0493250b892e97c689c050ff0473608c1d28d9d608"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000100)={r0, 0xffffffffffffffff, 0x2}, 0x10) 14:47:35 executing program 3: bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000000000000000000000611200000000000095000000000000007c0493250b892e97c689c050ff0473608c1d28d9d608"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000100)={0xffffffffffffffff, r0, 0x2}, 0x10) socket$kcm(0xa, 0x2, 0x73) 14:47:36 executing program 4: bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000000000000000000000611200000000000095000000000000007c0493250b892e97c689c050ff0473608c1d28d9d608"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) r2 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000100)={r1, r0}, 0x10) 14:47:36 executing program 3: bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000000000000000000000611200000000000095000000000000007c0493250b892e97c689c050ff0473608c1d28d9d608"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000100)={0xffffffffffffffff, r0, 0x2}, 0x10) socket$kcm(0xa, 0x2, 0x73) 14:47:36 executing program 0: syz_mount_image$msdos(&(0x7f0000000040)='msdos\x00', &(0x7f00000003c0)='./file1\x00', 0x79d5, 0x1, &(0x7f0000000300)=[{&(0x7f0000000140)="040005090000000066617400", 0xc}], 0x0, &(0x7f0000000080)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') r0 = creat(&(0x7f0000000680)='./bus\x00', 0x0) ftruncate(r0, 0x800) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = fcntl$dupfd(r1, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) lseek(r0, 0x0, 0x2) r4 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0) r5 = open(&(0x7f0000000400)='./bus\x00', 0x14183e, 0x0) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x7ffffe, 0x11, r5, 0x0) write$P9_RLERROR(r5, &(0x7f0000000080)={0x9}, 0x9) sendfile(r0, r4, 0x0, 0x8400f7fffff8) 14:47:36 executing program 4: bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000000000000000000000611200000000000095000000000000007c0493250b892e97c689c050ff0473608c1d28d9d608"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) r2 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000100)={r1, r0}, 0x10) 14:47:36 executing program 3: bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000000000000000000000611200000000000095000000000000007c0493250b892e97c689c050ff0473608c1d28d9d608"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000100)={r0, 0xffffffffffffffff, 0x2}, 0x10) socket$kcm(0xa, 0x2, 0x73) [ 271.186815][T10883] FAT-fs (loop0): bogus number of reserved sectors [ 271.214834][T10883] FAT-fs (loop0): Can't find a valid FAT filesystem 14:47:36 executing program 1: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f0000000200)={0x26, 'hash\x00', 0x0, 0x0, 'sha384\x00'}, 0x58) r3 = accept4(r2, 0x0, 0x0, 0x0) splice(r0, 0x0, r3, 0x0, 0x30007, 0x0) 14:47:36 executing program 4: bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000000000000000000000611200000000000095000000000000007c0493250b892e97c689c050ff0473608c1d28d9d608"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) r2 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000100)={r1, r0}, 0x10) 14:47:36 executing program 3: bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000000000000000000000611200000000000095000000000000007c0493250b892e97c689c050ff0473608c1d28d9d608"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000100)={r0, 0xffffffffffffffff, 0x2}, 0x10) socket$kcm(0xa, 0x2, 0x73) 14:47:36 executing program 2: mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x3000009, 0x10032, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = userfaultfd(0x0) ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000000040)) ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000000000)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r3 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_DELAYED_SACK(r3, 0x84, 0x70, &(0x7f0000013ff4)=@assoc_value, &(0x7f0000002000)=0x8) getsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r3, 0x84, 0xa, &(0x7f00000001c0), &(0x7f0000000200)=0x20) r4 = socket$inet_udp(0x2, 0x2, 0x0) dup2(r4, r3) 14:47:37 executing program 5: creat(&(0x7f00000001c0)='./file0\x00', 0x32) fanotify_init(0x0, 0x0) openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040)='/dev/rfkill\x00', 0x0, 0x0) r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) unshare(0x8000400) mq_open(&(0x7f0000000000)='-$\x00', 0x6e93ebbbcc0884ee, 0x0, 0x0) ioctl$int_in(r0, 0x800000c004500a, &(0x7f0000000300)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000240)={0x0, 0x0}) mq_getsetattr(0xffffffffffffffff, 0x0, 0x0) pselect6(0x0, 0x0, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r1+30000000}, 0x0) 14:47:37 executing program 4: r0 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_NL_BEARER_ENABLE(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000001c0)={0x60, r0, 0xc573de0d27bdfe6f, 0x0, 0x0, {}, [@TIPC_NLA_BEARER={0x4, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz0\x00'}, @TIPC_NLA_BEARER_UDP_OPTS={0x4, 0x4, {{0x20, 0x1, @in6={0xa, 0x0, 0x0, @dev}}, {0x14, 0x2, @in={0xa, 0x0, @empty}}}}]}]}, 0x60}}, 0x0) 14:47:37 executing program 3: bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000000000000000000000611200000000000095000000000000007c0493250b892e97c689c050ff0473608c1d28d9d608"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000100)={r0, 0xffffffffffffffff, 0x2}, 0x10) socket$kcm(0xa, 0x2, 0x73) 14:47:37 executing program 0: syz_mount_image$msdos(&(0x7f0000000040)='msdos\x00', &(0x7f00000003c0)='./file1\x00', 0x79d5, 0x1, &(0x7f0000000300)=[{&(0x7f0000000140)="040005090000000066617400", 0xc}], 0x0, &(0x7f0000000080)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') r0 = creat(&(0x7f0000000680)='./bus\x00', 0x0) ftruncate(r0, 0x800) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = fcntl$dupfd(r1, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) lseek(r0, 0x0, 0x2) r4 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0) r5 = open(&(0x7f0000000400)='./bus\x00', 0x14183e, 0x0) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x7ffffe, 0x11, r5, 0x0) write$P9_RLERROR(r5, &(0x7f0000000080)={0x9}, 0x9) sendfile(r0, r4, 0x0, 0x8400f7fffff8) [ 272.154679][T10911] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.4'. [ 272.229687][T10914] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.4'. [ 272.259659][T10913] FAT-fs (loop0): bogus number of reserved sectors 14:47:37 executing program 1: write(0xffffffffffffffff, &(0x7f0000000180)="f084153138dd9586940fc9e190d3ba763169c2fae93db272348d937317b8a461e1ab80f02c091db80f1eff7a4e8c16c3327d23d22c2ba061305d2a0d84e4499d41a11aa5a8e62ac25c159b13d0a2a520", 0x50) write$binfmt_misc(0xffffffffffffffff, &(0x7f0000000140)=ANY=[], 0x4240a2a0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000200)={0x26, 'hash\x00', 0x0, 0x0, 'sha384\x00'}, 0x58) r1 = accept4(r0, 0x0, 0x0, 0x0) splice(0xffffffffffffffff, 0x0, r1, 0x0, 0x30007, 0x0) 14:47:37 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) flock(r2, 0x5) flock(r3, 0x2) close(r3) flock(r2, 0x8) [ 272.307384][T10913] FAT-fs (loop0): Can't find a valid FAT filesystem 14:47:37 executing program 3: bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000000000000000000000611200000000000095000000000000007c0493250b892e97c689c050ff0473608c1d28d9d608"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) r2 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000100)={r1, r0}, 0x10) socket$kcm(0xa, 0x2, 0x73) [ 272.393647][ T28] kauditd_printk_skb: 5 callbacks suppressed [ 272.393662][ T28] audit: type=1804 audit(1599749257.400:166): pid=10919 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir844479570/syzkaller.BBXZ1Y/77/file1/bus" dev="sda1" ino=16166 res=1 errno=0 [ 272.428790][ T28] audit: type=1804 audit(1599749257.420:167): pid=10919 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir844479570/syzkaller.BBXZ1Y/77/file1/bus" dev="sda1" ino=16166 res=1 errno=0 14:47:37 executing program 2: mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x3000009, 0x10032, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = userfaultfd(0x0) ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000000040)) ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000000000)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r3 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_DELAYED_SACK(r3, 0x84, 0x70, &(0x7f0000013ff4)=@assoc_value, &(0x7f0000002000)=0x8) getsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r3, 0x84, 0xa, &(0x7f00000001c0), &(0x7f0000000200)=0x20) socket$inet_udp(0x2, 0x2, 0x0) dup3(0xffffffffffffffff, r2, 0x0) [ 272.526698][ T28] audit: type=1804 audit(1599749257.420:168): pid=10919 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir844479570/syzkaller.BBXZ1Y/77/file1/bus" dev="sda1" ino=16166 res=1 errno=0 14:47:37 executing program 3: bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000000000000000000000611200000000000095000000000000007c0493250b892e97c689c050ff0473608c1d28d9d608"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) r2 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000100)={r1, r0}, 0x10) socket$kcm(0xa, 0x2, 0x73) 14:47:37 executing program 1: write(0xffffffffffffffff, &(0x7f0000000180)="f084153138dd9586940fc9e190d3ba763169c2fae93db272348d937317b8a461e1ab80f02c091db80f1eff7a4e8c16c3327d23d22c2ba061305d2a0d84e4499d41a11aa5a8e62ac25c159b13d0a2a520", 0x50) write$binfmt_misc(0xffffffffffffffff, &(0x7f0000000140)=ANY=[], 0x4240a2a0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000200)={0x26, 'hash\x00', 0x0, 0x0, 'sha384\x00'}, 0x58) r1 = accept4(r0, 0x0, 0x0, 0x0) splice(0xffffffffffffffff, 0x0, r1, 0x0, 0x30007, 0x0) 14:47:37 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0xffffffffffffffff, 0x0, 0x40000000, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000580)="67e037f81ced25cc0220384896f1ac1dea61a7a765760036f300000000007d7cff30f363089c2840925900760000fa11427140722ddea3218fe55d", 0x3b}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 14:47:37 executing program 3: bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000000000000000000000611200000000000095000000000000007c0493250b892e97c689c050ff0473608c1d28d9d608"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) r2 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000100)={r1, r0}, 0x10) socket$kcm(0xa, 0x2, 0x73) 14:47:37 executing program 5: creat(&(0x7f00000001c0)='./file0\x00', 0x32) fanotify_init(0x0, 0x0) openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040)='/dev/rfkill\x00', 0x0, 0x0) r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) unshare(0x8000400) mq_open(&(0x7f0000000000)='-$\x00', 0x6e93ebbbcc0884ee, 0x0, 0x0) ioctl$int_in(r0, 0x800000c004500a, &(0x7f0000000300)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000240)={0x0, 0x0}) mq_getsetattr(0xffffffffffffffff, 0x0, 0x0) pselect6(0x40, &(0x7f00000000c0), 0x0, 0x0, &(0x7f0000000200)={0x0, r1+30000000}, 0x0) 14:47:37 executing program 1: write(0xffffffffffffffff, &(0x7f0000000180)="f084153138dd9586940fc9e190d3ba763169c2fae93db272348d937317b8a461e1ab80f02c091db80f1eff7a4e8c16c3327d23d22c2ba061305d2a0d84e4499d41a11aa5a8e62ac25c159b13d0a2a520", 0x50) write$binfmt_misc(0xffffffffffffffff, &(0x7f0000000140)=ANY=[], 0x4240a2a0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000200)={0x26, 'hash\x00', 0x0, 0x0, 'sha384\x00'}, 0x58) r1 = accept4(r0, 0x0, 0x0, 0x0) splice(0xffffffffffffffff, 0x0, r1, 0x0, 0x30007, 0x0) 14:47:37 executing program 1: pipe(0x0) write(0xffffffffffffffff, &(0x7f0000000180)="f084153138dd9586940fc9e190d3ba763169c2fae93db272348d937317b8a461e1ab80f02c091db80f1eff7a4e8c16c3327d23d22c2ba061305d2a0d84e4499d41a11aa5a8e62ac25c159b13d0a2a520", 0x50) write$binfmt_misc(0xffffffffffffffff, &(0x7f0000000140)=ANY=[], 0x4240a2a0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000200)={0x26, 'hash\x00', 0x0, 0x0, 'sha384\x00'}, 0x58) r1 = accept4(r0, 0x0, 0x0, 0x0) splice(0xffffffffffffffff, 0x0, r1, 0x0, 0x30007, 0x0) 14:47:38 executing program 0: syz_mount_image$msdos(&(0x7f0000000040)='msdos\x00', &(0x7f00000003c0)='./file1\x00', 0x79d5, 0x1, &(0x7f0000000300)=[{&(0x7f0000000140)="040005090000000066617400", 0xc}], 0x0, &(0x7f0000000080)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') r0 = creat(&(0x7f0000000680)='./bus\x00', 0x0) ftruncate(r0, 0x800) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = fcntl$dupfd(r1, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) lseek(r0, 0x0, 0x2) r4 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0) r5 = open(&(0x7f0000000400)='./bus\x00', 0x14183e, 0x0) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x7ffffe, 0x11, r5, 0x0) write$P9_RLERROR(r5, &(0x7f0000000080)={0x9}, 0x9) sendfile(r0, r4, 0x0, 0x8400f7fffff8) 14:47:38 executing program 3: bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000000000000000000000611200000000000095000000000000007c0493250b892e97c689c050ff0473608c1d28d9d608"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) r2 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000100)={r1, r0, 0x2}, 0x10) socket$kcm(0xa, 0x0, 0x73) 14:47:38 executing program 1: pipe(0x0) write(0xffffffffffffffff, &(0x7f0000000180)="f084153138dd9586940fc9e190d3ba763169c2fae93db272348d937317b8a461e1ab80f02c091db80f1eff7a4e8c16c3327d23d22c2ba061305d2a0d84e4499d41a11aa5a8e62ac25c159b13d0a2a520", 0x50) write$binfmt_misc(0xffffffffffffffff, &(0x7f0000000140)=ANY=[], 0x4240a2a0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000200)={0x26, 'hash\x00', 0x0, 0x0, 'sha384\x00'}, 0x58) r1 = accept4(r0, 0x0, 0x0, 0x0) splice(0xffffffffffffffff, 0x0, r1, 0x0, 0x30007, 0x0) 14:47:38 executing program 3: bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000000000000000000000611200000000000095000000000000007c0493250b892e97c689c050ff0473608c1d28d9d608"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) r2 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000100)={r1, r0, 0x2}, 0x10) socket$kcm(0xa, 0x0, 0x73) [ 273.226908][T10960] FAT-fs (loop0): bogus number of reserved sectors [ 273.251506][T10960] FAT-fs (loop0): Can't find a valid FAT filesystem [ 273.330805][ T28] audit: type=1804 audit(1599749258.340:169): pid=10960 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir844479570/syzkaller.BBXZ1Y/78/file1/bus" dev="sda1" ino=16151 res=1 errno=0 14:47:38 executing program 2: mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x3000009, 0x10032, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = userfaultfd(0x0) ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000000040)) ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000000000)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r3 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_DELAYED_SACK(r3, 0x84, 0x70, &(0x7f0000013ff4)=@assoc_value, &(0x7f0000002000)=0x8) getsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r3, 0x84, 0xa, &(0x7f00000001c0), &(0x7f0000000200)=0x20) socket$inet_udp(0x2, 0x2, 0x0) dup3(0xffffffffffffffff, r2, 0x0) 14:47:38 executing program 1: pipe(0x0) write(0xffffffffffffffff, &(0x7f0000000180)="f084153138dd9586940fc9e190d3ba763169c2fae93db272348d937317b8a461e1ab80f02c091db80f1eff7a4e8c16c3327d23d22c2ba061305d2a0d84e4499d41a11aa5a8e62ac25c159b13d0a2a520", 0x50) write$binfmt_misc(0xffffffffffffffff, &(0x7f0000000140)=ANY=[], 0x4240a2a0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000200)={0x26, 'hash\x00', 0x0, 0x0, 'sha384\x00'}, 0x58) r1 = accept4(r0, 0x0, 0x0, 0x0) splice(0xffffffffffffffff, 0x0, r1, 0x0, 0x30007, 0x0) [ 273.459349][ T28] audit: type=1804 audit(1599749258.370:170): pid=10960 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir844479570/syzkaller.BBXZ1Y/78/file1/bus" dev="sda1" ino=16151 res=1 errno=0 14:47:38 executing program 5: creat(&(0x7f00000001c0)='./file0\x00', 0x32) fanotify_init(0x0, 0x0) openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040)='/dev/rfkill\x00', 0x0, 0x0) r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) unshare(0x8000400) mq_open(&(0x7f0000000000)='-$\x00', 0x6e93ebbbcc0884ee, 0x0, 0x0) ioctl$int_in(r0, 0x800000c004500a, &(0x7f0000000300)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000240)={0x0, 0x0}) mq_getsetattr(0xffffffffffffffff, 0x0, 0x0) pselect6(0x40, &(0x7f00000000c0), 0x0, 0x0, &(0x7f0000000200)={0x0, r1+30000000}, 0x0) [ 273.589582][ T28] audit: type=1804 audit(1599749258.370:171): pid=10960 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir844479570/syzkaller.BBXZ1Y/78/file1/bus" dev="sda1" ino=16151 res=1 errno=0 14:47:40 executing program 1: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) write(0xffffffffffffffff, &(0x7f0000000180)="f084153138dd9586940fc9e190d3ba763169c2fae93db272348d937317b8a461e1ab80f02c091db80f1eff7a4e8c16c3327d23d22c2ba061305d2a0d84e4499d41a11aa5a8e62ac25c159b13d0a2a520", 0x50) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f0000000200)={0x26, 'hash\x00', 0x0, 0x0, 'sha384\x00'}, 0x58) r3 = accept4(r2, 0x0, 0x0, 0x0) splice(r0, 0x0, r3, 0x0, 0x30007, 0x0) 14:47:40 executing program 3: bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000000000000000000000611200000000000095000000000000007c0493250b892e97c689c050ff0473608c1d28d9d608"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) r2 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000100)={r1, r0, 0x2}, 0x10) socket$kcm(0xa, 0x0, 0x73) 14:47:40 executing program 0: syz_mount_image$msdos(&(0x7f0000000040)='msdos\x00', &(0x7f00000003c0)='./file1\x00', 0x79d5, 0x1, &(0x7f0000000300)=[{&(0x7f0000000140)="040005090000000066617400040409000200", 0x12}], 0x0, &(0x7f0000000080)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') r0 = creat(&(0x7f0000000680)='./bus\x00', 0x0) ftruncate(r0, 0x800) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = fcntl$dupfd(r1, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) lseek(r0, 0x0, 0x2) r4 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0) r5 = open(&(0x7f0000000400)='./bus\x00', 0x14183e, 0x0) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x7ffffe, 0x11, r5, 0x0) write$P9_RLERROR(r5, &(0x7f0000000080)={0x9}, 0x9) sendfile(r0, r4, 0x0, 0x8400f7fffff8) 14:47:40 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r0, &(0x7f0000000040)={0x2, 0x0, @remote}, 0x10) r1 = socket(0x10, 0x803, 0x0) write(r1, &(0x7f00000000c0)="24000000200099f0003fe9ffdfed190e020008160000100000ba1080080002007f196be0", 0x24) r2 = socket$unix(0x1, 0x2, 0x0) r3 = socket(0x10, 0x3, 0x0) r4 = fcntl$dupfd(r3, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) setsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x2a, &(0x7f0000000200)={{{@in=@multicast1, @in=@multicast2}}, {{@in6=@dev}, 0x0, @in6=@mcast2}}, 0xe8) 14:47:40 executing program 5: creat(&(0x7f00000001c0)='./file0\x00', 0x32) fanotify_init(0x0, 0x0) openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040)='/dev/rfkill\x00', 0x0, 0x0) r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) unshare(0x8000400) mq_open(&(0x7f0000000000)='-$\x00', 0x6e93ebbbcc0884ee, 0x0, 0x0) ioctl$int_in(r0, 0x800000c004500a, &(0x7f0000000300)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000240)={0x0, 0x0}) mq_getsetattr(0xffffffffffffffff, 0x0, 0x0) pselect6(0x40, &(0x7f00000000c0), 0x0, 0x0, &(0x7f0000000200)={0x0, r1+30000000}, 0x0) 14:47:40 executing program 2: mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x3000009, 0x10032, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = userfaultfd(0x0) ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000000040)) ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000000000)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r3 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_DELAYED_SACK(r3, 0x84, 0x70, &(0x7f0000013ff4)=@assoc_value, &(0x7f0000002000)=0x8) getsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r3, 0x84, 0xa, &(0x7f00000001c0), &(0x7f0000000200)=0x20) socket$inet_udp(0x2, 0x2, 0x0) dup3(0xffffffffffffffff, r2, 0x0) [ 275.833409][T10998] FAT-fs (loop0): invalid media value (0x00) [ 275.864797][T10998] FAT-fs (loop0): Can't find a valid FAT filesystem [ 275.912074][ T28] audit: type=1804 audit(1599749260.920:172): pid=11012 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir844479570/syzkaller.BBXZ1Y/79/file1/bus" dev="sda1" ino=16186 res=1 errno=0 14:47:41 executing program 4: r0 = socket$rds(0x15, 0x5, 0x0) connect(r0, &(0x7f0000000080)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80) [ 275.939374][ T28] audit: type=1804 audit(1599749260.920:173): pid=11012 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir844479570/syzkaller.BBXZ1Y/79/file1/bus" dev="sda1" ino=16186 res=1 errno=0 [ 275.973042][ T28] audit: type=1804 audit(1599749260.920:174): pid=11012 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir844479570/syzkaller.BBXZ1Y/79/file1/bus" dev="sda1" ino=16186 res=1 errno=0 14:47:41 executing program 3: pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r1, &(0x7f0000000180)=[{&(0x7f0000001b40)="647b0304276638cf6decec2a01a4ae02b193c2605b7639562c803196b1d5ed45ec74bb8fa40e9b3984d222bef58f66c72ece9b147d570db21b40e0418b7b569fd948fdcf74da4e3536af56c5857afc3834181ec83dba40acce94f5aaeaf5201ca99fb39e7287bd7ddf39af264927e0caba4c46982e190421658223465ad89549", 0x80}], 0x1, 0x0) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f0000000240)={0x26, 'hash\x00', 0x0, 0x0, 'sha512-generic\x00'}, 0x58) r3 = accept4(r2, 0x0, 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) r5 = fcntl$dupfd(r4, 0x0, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) splice(r0, 0x0, r3, 0x0, 0x30009, 0x0) 14:47:41 executing program 4: sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@newsa={0x13c, 0x10, 0x313, 0x0, 0x0, {{@in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', @in=@broadcast}, {@in6=@mcast1, 0x0, 0x32}, @in6=@private1, {}, {}, {}, 0x0, 0x0, 0xa}, [@algo_aead={0x4c, 0x12, {{'aegis128l-generic\x00'}, 0x0, 0x60}}]}, 0x13c}}, 0x0) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) r1 = socket$unix(0x1, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) sendmmsg(r0, &(0x7f0000000180), 0xf1, 0x0) 14:47:41 executing program 3: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = socket$inet6(0xa, 0x40000080806, 0x0) connect$inet6(r3, &(0x7f0000000080)={0xa, 0x0, 0x0, @empty}, 0x1c) close(r3) 14:47:41 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc(&(0x7f00000004c0)='TIPC\x00') sendmsg$TIPC_CMD_RESET_LINK_STATS(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000500)={0x28, r1, 0x401, 0x0, 0x0, {{}, {}, {0xc, 0x14, 'syz1\x00'}}}, 0x28}}, 0x0) 14:47:41 executing program 3: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = socket$inet6(0xa, 0x40000080806, 0x0) connect$inet6(r3, &(0x7f0000000080)={0xa, 0x0, 0x0, @empty}, 0x1c) close(r3) 14:47:41 executing program 1: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) write(0xffffffffffffffff, &(0x7f0000000180)="f084153138dd9586940fc9e190d3ba763169c2fae93db272348d937317b8a461e1ab80f02c091db80f1eff7a4e8c16c3327d23d22c2ba061305d2a0d84e4499d41a11aa5a8e62ac25c159b13d0a2a520", 0x50) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f0000000200)={0x26, 'hash\x00', 0x0, 0x0, 'sha384\x00'}, 0x58) r3 = accept4(r2, 0x0, 0x0, 0x0) splice(r0, 0x0, r3, 0x0, 0x30007, 0x0) 14:47:41 executing program 4: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x400000000001, 0x0) close(r0) r1 = socket(0x11, 0x2, 0x81) bind(r1, &(0x7f00000000c0)=@generic={0x11, "00000100000000000800ff7f4eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c954"}, 0x80) r2 = open(&(0x7f0000002000)='./bus\x00', 0x46042, 0x0) ftruncate(r2, 0x2008002) sendfile(r0, r2, 0x0, 0x200fff) 14:47:41 executing program 3: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = socket$inet6(0xa, 0x40000080806, 0x0) connect$inet6(r3, &(0x7f0000000080)={0xa, 0x0, 0x0, @empty}, 0x1c) close(r3) 14:47:41 executing program 0: syz_mount_image$msdos(&(0x7f0000000040)='msdos\x00', &(0x7f00000003c0)='./file1\x00', 0x79d5, 0x1, &(0x7f0000000300)=[{&(0x7f0000000140)="040005090000000066617400040409000200", 0x12}], 0x0, &(0x7f0000000080)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') r0 = creat(&(0x7f0000000680)='./bus\x00', 0x0) ftruncate(r0, 0x800) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = fcntl$dupfd(r1, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) lseek(r0, 0x0, 0x2) r4 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0) r5 = open(&(0x7f0000000400)='./bus\x00', 0x14183e, 0x0) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x7ffffe, 0x11, r5, 0x0) write$P9_RLERROR(r5, &(0x7f0000000080)={0x9}, 0x9) sendfile(r0, r4, 0x0, 0x8400f7fffff8) 14:47:41 executing program 5: creat(&(0x7f00000001c0)='./file0\x00', 0x32) fanotify_init(0x0, 0x0) openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040)='/dev/rfkill\x00', 0x0, 0x0) r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) unshare(0x8000400) mq_open(&(0x7f0000000000)='-$\x00', 0x6e93ebbbcc0884ee, 0x0, 0x0) ioctl$int_in(r0, 0x800000c004500a, &(0x7f0000000300)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000240)={0x0, 0x0}) mq_getsetattr(0xffffffffffffffff, 0x0, 0x0) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140), &(0x7f0000000200)={0x0, r1+30000000}, 0x0) 14:47:41 executing program 2: mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x3000009, 0x10032, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = userfaultfd(0x0) ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000000040)) ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000000000)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r3 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_DELAYED_SACK(r3, 0x84, 0x70, &(0x7f0000013ff4)=@assoc_value, &(0x7f0000002000)=0x8) getsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r3, 0x84, 0xa, &(0x7f00000001c0), &(0x7f0000000200)=0x20) r4 = dup2(0xffffffffffffffff, r3) dup3(r4, r2, 0x0) 14:47:41 executing program 3: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = socket$inet6(0xa, 0x40000080806, 0x0) connect$inet6(r3, &(0x7f0000000080)={0xa, 0x0, 0x0, @empty}, 0x1c) close(r3) [ 276.809948][T11048] FAT-fs (loop0): invalid media value (0x00) [ 276.819187][T11048] FAT-fs (loop0): Can't find a valid FAT filesystem [ 276.834860][ T28] audit: type=1800 audit(1599749261.840:175): pid=11045 uid=0 auid=0 ses=4 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.4" name="bus" dev="sda1" ino=16185 res=0 errno=0 14:47:41 executing program 4: r0 = socket(0x21, 0x2, 0x2) io_setup(0x8, &(0x7f0000000640)=0x0) io_submit(r1, 0x2, &(0x7f0000000340)=[&(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0, r0, 0x0}, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x3, 0x0, r0, 0x0, 0x2}]) 14:47:42 executing program 3: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = socket$inet6(0xa, 0x40000080806, 0x0) close(r3) 14:47:42 executing program 3: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = socket$inet6(0xa, 0x40000080806, 0x0) close(r3) 14:47:42 executing program 4: clone(0x4000000000003fe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000000)={&(0x7f00000000c0)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@typedef={0x1}]}}, &(0x7f0000000140)=""/210, 0x26, 0xd2, 0x8}, 0x20) 14:47:42 executing program 4: r0 = socket$inet6(0xa, 0x6, 0x0) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20}, 0x1c) listen(r0, 0x4d) r1 = socket$inet_dccp(0x2, 0x6, 0x0) connect$inet(r1, &(0x7f0000e5c000)={0x2, 0x4e20, @loopback=0x7f000002}, 0x10) getsockopt$inet_int(r1, 0x10d, 0xd0, &(0x7f0000000140), &(0x7f00000000c0)=0x4) [ 277.357031][T11074] BPF:[1] TYPEDEF [ 277.361428][T11074] BPF:type_id=0 [ 277.367274][T11075] BPF:[1] TYPEDEF [ 277.371973][T11074] BPF: [ 277.375801][T11075] BPF:type_id=0 [ 277.380354][T11074] BPF:Invalid name [ 277.385045][T11075] BPF: [ 277.388725][T11074] BPF: [ 277.388725][T11074] [ 277.394576][T11075] BPF:Invalid name [ 277.399499][T11075] BPF: [ 277.399499][T11075] 14:47:42 executing program 1: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) write(0xffffffffffffffff, &(0x7f0000000180)="f084153138dd9586940fc9e190d3ba763169c2fae93db272348d937317b8a461e1ab80f02c091db80f1eff7a4e8c16c3327d23d22c2ba061305d2a0d84e4499d41a11aa5a8e62ac25c159b13d0a2a520", 0x50) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f0000000200)={0x26, 'hash\x00', 0x0, 0x0, 'sha384\x00'}, 0x58) r3 = accept4(r2, 0x0, 0x0, 0x0) splice(r0, 0x0, r3, 0x0, 0x30007, 0x0) 14:47:42 executing program 3: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = socket$inet6(0xa, 0x40000080806, 0x0) close(r3) 14:47:42 executing program 4: set_mempolicy(0x1, 0x0, 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_MSG_GETRULE(r0, &(0x7f0000000d80)={0x0, 0x0, &(0x7f0000000d40)={&(0x7f0000000dc0)={0x20, 0x7, 0xa, 0x301, 0x0, 0x0, {}, [@NFTA_RULE_TABLE={0x9, 0x1, 'syz1\x00'}]}, 0x20}}, 0x0) 14:47:42 executing program 0: syz_mount_image$msdos(&(0x7f0000000040)='msdos\x00', &(0x7f00000003c0)='./file1\x00', 0x79d5, 0x1, &(0x7f0000000300)=[{&(0x7f0000000140)="040005090000000066617400040409000200", 0x12}], 0x0, &(0x7f0000000080)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') r0 = creat(&(0x7f0000000680)='./bus\x00', 0x0) ftruncate(r0, 0x800) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = fcntl$dupfd(r1, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) lseek(r0, 0x0, 0x2) r4 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0) r5 = open(&(0x7f0000000400)='./bus\x00', 0x14183e, 0x0) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x7ffffe, 0x11, r5, 0x0) write$P9_RLERROR(r5, &(0x7f0000000080)={0x9}, 0x9) sendfile(r0, r4, 0x0, 0x8400f7fffff8) 14:47:42 executing program 5: creat(&(0x7f00000001c0)='./file0\x00', 0x32) fanotify_init(0x0, 0x0) openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040)='/dev/rfkill\x00', 0x0, 0x0) r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) unshare(0x8000400) mq_open(&(0x7f0000000000)='-$\x00', 0x6e93ebbbcc0884ee, 0x0, 0x0) ioctl$int_in(r0, 0x800000c004500a, &(0x7f0000000300)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000240)={0x0, 0x0}) mq_getsetattr(0xffffffffffffffff, 0x0, 0x0) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140), &(0x7f0000000200)={0x0, r1+30000000}, 0x0) 14:47:42 executing program 2: mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x3000009, 0x10032, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = userfaultfd(0x0) ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000000040)) ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000000000)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r3 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_DELAYED_SACK(r3, 0x84, 0x70, &(0x7f0000013ff4)=@assoc_value, &(0x7f0000002000)=0x8) getsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r3, 0x84, 0xa, &(0x7f00000001c0), &(0x7f0000000200)=0x20) r4 = dup2(0xffffffffffffffff, r3) dup3(r4, r2, 0x0) 14:47:42 executing program 4: bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000000)={0xa, 0xd, 0x1400, 0x3fd, 0x0, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x2000000]}, 0x40) 14:47:42 executing program 3: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) connect$inet6(0xffffffffffffffff, &(0x7f0000000080)={0xa, 0x0, 0x0, @empty}, 0x1c) close(0xffffffffffffffff) [ 277.867599][T11090] FAT-fs (loop0): invalid media value (0x00) [ 277.898552][T11090] FAT-fs (loop0): Can't find a valid FAT filesystem [ 277.966136][ T28] kauditd_printk_skb: 4 callbacks suppressed [ 277.966149][ T28] audit: type=1804 audit(1599749262.971:180): pid=11090 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir844479570/syzkaller.BBXZ1Y/81/file1/bus" dev="sda1" ino=16158 res=1 errno=0 [ 278.136869][ T28] audit: type=1804 audit(1599749263.011:181): pid=11090 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir844479570/syzkaller.BBXZ1Y/81/file1/bus" dev="sda1" ino=16158 res=1 errno=0 14:47:43 executing program 3: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) connect$inet6(0xffffffffffffffff, &(0x7f0000000080)={0xa, 0x0, 0x0, @empty}, 0x1c) close(0xffffffffffffffff) [ 278.164980][ T28] audit: type=1804 audit(1599749263.011:182): pid=11090 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir844479570/syzkaller.BBXZ1Y/81/file1/bus" dev="sda1" ino=16158 res=1 errno=0 14:47:43 executing program 4: r0 = io_uring_setup(0x1, &(0x7f0000000040)) io_uring_register$IORING_REGISTER_PERSONALITY(r0, 0x9, 0x0, 0x0) r1 = socket$inet6_sctp(0xa, 0x801, 0x84) dup2(r1, r0) 14:47:43 executing program 5: creat(&(0x7f00000001c0)='./file0\x00', 0x32) fanotify_init(0x0, 0x0) openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040)='/dev/rfkill\x00', 0x0, 0x0) r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) unshare(0x8000400) mq_open(&(0x7f0000000000)='-$\x00', 0x6e93ebbbcc0884ee, 0x0, 0x0) ioctl$int_in(r0, 0x800000c004500a, &(0x7f0000000300)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000240)={0x0, 0x0}) mq_getsetattr(0xffffffffffffffff, 0x0, 0x0) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140), &(0x7f0000000200)={0x0, r1+30000000}, 0x0) 14:47:43 executing program 3: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) connect$inet6(0xffffffffffffffff, &(0x7f0000000080)={0xa, 0x0, 0x0, @empty}, 0x1c) close(0xffffffffffffffff) 14:47:43 executing program 1: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, 0x0, 0x0) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f0000000200)={0x26, 'hash\x00', 0x0, 0x0, 'sha384\x00'}, 0x58) r3 = accept4(r2, 0x0, 0x0, 0x0) splice(r0, 0x0, r3, 0x0, 0x30007, 0x0) 14:47:43 executing program 4: r0 = socket(0xa, 0x1, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = fcntl$dupfd(r2, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) setsockopt$IP_VS_SO_SET_STOPDAEMON(0xffffffffffffffff, 0x0, 0x48c, &(0x7f0000000000)={0x0, 'veth1_to_hsr\x00', 0x3}, 0x18) ioctl(r0, 0x8916, &(0x7f0000000000)) r4 = socket(0x80000000000000a, 0x2, 0x0) connect$inet6(r4, &(0x7f0000000040)={0xa, 0x0, 0x0, @rand_addr=' \x01\x00'}, 0x1c) ioctl(r0, 0x8936, &(0x7f0000000000)) setsockopt$inet6_group_source_req(r4, 0x29, 0x1d, 0x0, 0x0) 14:47:43 executing program 3: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) dup2(r0, r1) r2 = socket$inet6(0xa, 0x40000080806, 0x0) connect$inet6(r2, &(0x7f0000000080)={0xa, 0x0, 0x0, @empty}, 0x1c) close(r2) 14:47:43 executing program 0: syz_mount_image$msdos(&(0x7f0000000040)='msdos\x00', &(0x7f00000003c0)='./file1\x00', 0x79d5, 0x1, &(0x7f0000000300)=[{&(0x7f0000000140)="040005090000000066617400040409000200027400", 0x15}], 0x0, &(0x7f0000000080)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') r0 = creat(&(0x7f0000000680)='./bus\x00', 0x0) ftruncate(r0, 0x800) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = fcntl$dupfd(r1, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) lseek(r0, 0x0, 0x2) r4 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0) r5 = open(&(0x7f0000000400)='./bus\x00', 0x14183e, 0x0) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x7ffffe, 0x11, r5, 0x0) write$P9_RLERROR(r5, &(0x7f0000000080)={0x9}, 0x9) sendfile(r0, r4, 0x0, 0x8400f7fffff8) 14:47:43 executing program 2: mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x3000009, 0x10032, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = userfaultfd(0x0) ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000000040)) ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000000000)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r3 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_DELAYED_SACK(r3, 0x84, 0x70, &(0x7f0000013ff4)=@assoc_value, &(0x7f0000002000)=0x8) getsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r3, 0x84, 0xa, &(0x7f00000001c0), &(0x7f0000000200)=0x20) r4 = dup2(0xffffffffffffffff, r3) dup3(r4, r2, 0x0) 14:47:43 executing program 3: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) dup2(r0, r1) r2 = socket$inet6(0xa, 0x40000080806, 0x0) connect$inet6(r2, &(0x7f0000000080)={0xa, 0x0, 0x0, @empty}, 0x1c) close(r2) 14:47:43 executing program 4: r0 = bpf$MAP_CREATE(0x100000000000000, &(0x7f00000000c0)={0x2, 0x4, 0x4, 0xff, 0x0, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x2000000]}, 0x40) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000080)={&(0x7f0000000100), 0x0, 0x0, 0x0, 0x0, r0, 0x4}, 0x38) [ 278.877468][T11134] FAT-fs (loop0): invalid media value (0x00) [ 278.907701][T11134] FAT-fs (loop0): Can't find a valid FAT filesystem [ 278.999256][ T28] audit: type=1804 audit(1599749264.011:183): pid=11140 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir844479570/syzkaller.BBXZ1Y/82/file1/bus" dev="sda1" ino=16133 res=1 errno=0 [ 279.077636][ T28] audit: type=1804 audit(1599749264.011:184): pid=11140 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir844479570/syzkaller.BBXZ1Y/82/file1/bus" dev="sda1" ino=16133 res=1 errno=0 14:47:44 executing program 3: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) dup2(r0, r1) r2 = socket$inet6(0xa, 0x40000080806, 0x0) connect$inet6(r2, &(0x7f0000000080)={0xa, 0x0, 0x0, @empty}, 0x1c) close(r2) [ 279.172759][ T28] audit: type=1804 audit(1599749264.011:185): pid=11140 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir844479570/syzkaller.BBXZ1Y/82/file1/bus" dev="sda1" ino=16133 res=1 errno=0 14:47:44 executing program 3: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)) socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) r0 = socket$inet6(0xa, 0x40000080806, 0x0) connect$inet6(r0, &(0x7f0000000080)={0xa, 0x0, 0x0, @empty}, 0x1c) close(r0) 14:47:44 executing program 4: r0 = syz_open_dev$radio(&(0x7f0000000140)='/dev/radio#\x00', 0xffffffffffffffff, 0x2) ioctl$VIDIOC_QUERYCTRL(r0, 0xc0205647, &(0x7f00000000c0)={0xf010000, 0x0, "8c05f1b15f717707cb93c35981934e12da3b74ebc99a841040b2f01da735a172"}) 14:47:44 executing program 5: creat(&(0x7f00000001c0)='./file0\x00', 0x32) fanotify_init(0x0, 0x0) openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040)='/dev/rfkill\x00', 0x0, 0x0) r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) unshare(0x8000400) mq_open(&(0x7f0000000000)='-$\x00', 0x6e93ebbbcc0884ee, 0x0, 0x0) ioctl$int_in(r0, 0x800000c004500a, &(0x7f0000000300)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000240)) mq_getsetattr(0xffffffffffffffff, 0x0, 0x0) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, 0x0, 0x0) 14:47:44 executing program 4: r0 = socket(0x1000000010, 0x80002, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="0000000000000000280012000900010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r4, @ANYBLOB="00000800ffffffff00000000090001006866736300000000080002"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000340)=@deltfilter={0x24, 0x25, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0x0, 0x8}}}, 0x24}, 0x8}, 0x0) 14:47:44 executing program 3: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)) socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) r0 = socket$inet6(0xa, 0x40000080806, 0x0) connect$inet6(r0, &(0x7f0000000080)={0xa, 0x0, 0x0, @empty}, 0x1c) close(r0) 14:47:44 executing program 1: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, 0x0, 0x0) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f0000000200)={0x26, 'hash\x00', 0x0, 0x0, 'sha384\x00'}, 0x58) r3 = accept4(r2, 0x0, 0x0, 0x0) splice(r0, 0x0, r3, 0x0, 0x30007, 0x0) 14:47:44 executing program 0: syz_mount_image$msdos(&(0x7f0000000040)='msdos\x00', &(0x7f00000003c0)='./file1\x00', 0x79d5, 0x1, &(0x7f0000000300)=[{&(0x7f0000000140)="040005090000000066617400040409000200027400", 0x15}], 0x0, &(0x7f0000000080)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') r0 = creat(&(0x7f0000000680)='./bus\x00', 0x0) ftruncate(r0, 0x800) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = fcntl$dupfd(r1, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) lseek(r0, 0x0, 0x2) r4 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0) r5 = open(&(0x7f0000000400)='./bus\x00', 0x14183e, 0x0) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x7ffffe, 0x11, r5, 0x0) write$P9_RLERROR(r5, &(0x7f0000000080)={0x9}, 0x9) sendfile(r0, r4, 0x0, 0x8400f7fffff8) 14:47:44 executing program 2: mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x3000009, 0x10032, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = userfaultfd(0x0) ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000000040)) ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000000000)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r3 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r3, 0x84, 0xa, &(0x7f00000001c0), &(0x7f0000000200)=0x20) r4 = socket$inet_udp(0x2, 0x2, 0x0) r5 = dup2(r4, r3) dup3(r5, r2, 0x0) [ 279.906844][T11164] FAT-fs (loop0): invalid media value (0x00) [ 279.925675][T11165] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.4'. [ 279.940026][T11164] FAT-fs (loop0): Can't find a valid FAT filesystem 14:47:45 executing program 2: mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x3000009, 0x10032, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = userfaultfd(0x0) ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000000040)) ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000000000)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r3 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r3, 0x84, 0xa, &(0x7f00000001c0), &(0x7f0000000200)=0x20) r4 = socket$inet_udp(0x2, 0x2, 0x0) r5 = dup2(r4, r3) dup3(r5, r2, 0x0) 14:47:45 executing program 3: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)) socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) r0 = socket$inet6(0xa, 0x40000080806, 0x0) connect$inet6(r0, &(0x7f0000000080)={0xa, 0x0, 0x0, @empty}, 0x1c) close(r0) [ 279.990197][T11177] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.4'. [ 280.043281][ T28] audit: type=1804 audit(1599749265.051:186): pid=11164 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir844479570/syzkaller.BBXZ1Y/83/file1/bus" dev="sda1" ino=16205 res=1 errno=0 14:47:45 executing program 4: r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3) getsockopt$bt_BT_RCVMTU(r0, 0x112, 0xd, 0x0, &(0x7f00000001c0)) 14:47:45 executing program 3: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r1 = dup2(r0, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet6(0xa, 0x40000080806, 0x0) connect$inet6(r2, &(0x7f0000000080)={0xa, 0x0, 0x0, @empty}, 0x1c) close(r2) [ 280.120780][ T28] audit: type=1804 audit(1599749265.081:187): pid=11164 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir844479570/syzkaller.BBXZ1Y/83/file1/bus" dev="sda1" ino=16205 res=1 errno=0 14:47:45 executing program 2: mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x3000009, 0x10032, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = userfaultfd(0x0) ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000000040)) ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000000000)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r3 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r3, 0x84, 0xa, &(0x7f00000001c0), &(0x7f0000000200)=0x20) r4 = socket$inet_udp(0x2, 0x2, 0x0) r5 = dup2(r4, r3) dup3(r5, r2, 0x0) [ 280.243550][ T28] audit: type=1804 audit(1599749265.081:188): pid=11164 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir844479570/syzkaller.BBXZ1Y/83/file1/bus" dev="sda1" ino=16205 res=1 errno=0 14:47:45 executing program 4: r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3) getsockopt$bt_BT_RCVMTU(r0, 0x112, 0xd, 0x0, &(0x7f00000001c0)) 14:47:45 executing program 5: creat(&(0x7f00000001c0)='./file0\x00', 0x32) fanotify_init(0x0, 0x0) openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040)='/dev/rfkill\x00', 0x0, 0x0) r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) unshare(0x8000400) mq_open(&(0x7f0000000000)='-$\x00', 0x6e93ebbbcc0884ee, 0x0, 0x0) ioctl$int_in(r0, 0x800000c004500a, &(0x7f0000000300)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000240)) mq_getsetattr(0xffffffffffffffff, 0x0, 0x0) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, 0x0, 0x0) 14:47:45 executing program 3: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r1 = dup2(r0, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet6(0xa, 0x40000080806, 0x0) connect$inet6(r2, &(0x7f0000000080)={0xa, 0x0, 0x0, @empty}, 0x1c) close(r2) 14:47:45 executing program 2: mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x3000009, 0x10032, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = userfaultfd(0x0) ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000000040)) ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000000000)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) getsockopt$inet_sctp6_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x70, &(0x7f0000013ff4)=@assoc_value, &(0x7f0000002000)=0x8) getsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffffff, 0x84, 0xa, &(0x7f00000001c0), &(0x7f0000000200)=0x20) r3 = socket$inet_udp(0x2, 0x2, 0x0) r4 = dup2(r3, 0xffffffffffffffff) dup3(r4, r2, 0x0) 14:47:45 executing program 4: perf_event_open(&(0x7f00000006c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xbfffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KDDISABIO(0xffffffffffffffff, 0x4b37) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/igmp6\x00') r1 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x210000000013, &(0x7f0000000040)=0x100000001, 0x4) connect$inet(r1, &(0x7f0000000180)={0x2, 0x0, @remote}, 0x10) sendfile(r1, r0, 0x0, 0x4000000000edc0) 14:47:45 executing program 1: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, 0x0, 0x0) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f0000000200)={0x26, 'hash\x00', 0x0, 0x0, 'sha384\x00'}, 0x58) r3 = accept4(r2, 0x0, 0x0, 0x0) splice(r0, 0x0, r3, 0x0, 0x30007, 0x0) 14:47:45 executing program 0: syz_mount_image$msdos(&(0x7f0000000040)='msdos\x00', &(0x7f00000003c0)='./file1\x00', 0x79d5, 0x1, &(0x7f0000000300)=[{&(0x7f0000000140)="040005090000000066617400040409000200027400", 0x15}], 0x0, &(0x7f0000000080)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') r0 = creat(&(0x7f0000000680)='./bus\x00', 0x0) ftruncate(r0, 0x800) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = fcntl$dupfd(r1, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) lseek(r0, 0x0, 0x2) r4 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0) r5 = open(&(0x7f0000000400)='./bus\x00', 0x14183e, 0x0) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x7ffffe, 0x11, r5, 0x0) write$P9_RLERROR(r5, &(0x7f0000000080)={0x9}, 0x9) sendfile(r0, r4, 0x0, 0x8400f7fffff8) 14:47:45 executing program 3: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r1 = dup2(r0, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet6(0xa, 0x40000080806, 0x0) connect$inet6(r2, &(0x7f0000000080)={0xa, 0x0, 0x0, @empty}, 0x1c) close(r2) 14:47:46 executing program 2: mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x3000009, 0x10032, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = userfaultfd(0x0) ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000000040)) ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000000000)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) getsockopt$inet_sctp6_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x70, &(0x7f0000013ff4)=@assoc_value, &(0x7f0000002000)=0x8) getsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffffff, 0x84, 0xa, &(0x7f00000001c0), &(0x7f0000000200)=0x20) r3 = socket$inet_udp(0x2, 0x2, 0x0) r4 = dup2(r3, 0xffffffffffffffff) dup3(r4, r2, 0x0) [ 280.924032][T11204] FAT-fs (loop0): invalid media value (0x00) [ 280.945509][T11204] FAT-fs (loop0): Can't find a valid FAT filesystem [ 281.025271][ T28] audit: type=1804 audit(1599749266.031:189): pid=11212 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir844479570/syzkaller.BBXZ1Y/84/file1/bus" dev="sda1" ino=16182 res=1 errno=0 14:47:46 executing program 4: perf_event_open(&(0x7f00000006c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xbfffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KDDISABIO(0xffffffffffffffff, 0x4b37) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/igmp6\x00') r1 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x210000000013, &(0x7f0000000040)=0x100000001, 0x4) connect$inet(r1, &(0x7f0000000180)={0x2, 0x0, @remote}, 0x10) sendfile(r1, r0, 0x0, 0x4000000000edc0) 14:47:46 executing program 2: mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x3000009, 0x10032, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = userfaultfd(0x0) ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000000040)) ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000000000)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) getsockopt$inet_sctp6_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x70, &(0x7f0000013ff4)=@assoc_value, &(0x7f0000002000)=0x8) getsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffffff, 0x84, 0xa, &(0x7f00000001c0), &(0x7f0000000200)=0x20) r3 = socket$inet_udp(0x2, 0x2, 0x0) r4 = dup2(r3, 0xffffffffffffffff) dup3(r4, r2, 0x0) 14:47:46 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(0xffffffffffffffff, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet6(0xa, 0x40000080806, 0x0) connect$inet6(r2, &(0x7f0000000080)={0xa, 0x0, 0x0, @empty}, 0x1c) close(r2) 14:47:46 executing program 2: mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x3000009, 0x10032, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = userfaultfd(0x0) ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000000040)) r3 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_DELAYED_SACK(r3, 0x84, 0x70, &(0x7f0000013ff4)=@assoc_value, &(0x7f0000002000)=0x8) getsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r3, 0x84, 0xa, &(0x7f00000001c0), &(0x7f0000000200)=0x20) r4 = socket$inet_udp(0x2, 0x2, 0x0) r5 = dup2(r4, r3) dup3(r5, r2, 0x0) 14:47:46 executing program 5: creat(&(0x7f00000001c0)='./file0\x00', 0x32) fanotify_init(0x0, 0x0) openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040)='/dev/rfkill\x00', 0x0, 0x0) r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) unshare(0x8000400) mq_open(&(0x7f0000000000)='-$\x00', 0x6e93ebbbcc0884ee, 0x0, 0x0) ioctl$int_in(r0, 0x800000c004500a, &(0x7f0000000300)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000240)) mq_getsetattr(0xffffffffffffffff, 0x0, 0x0) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, 0x0, 0x0) 14:47:46 executing program 2: mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x3000009, 0x10032, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = userfaultfd(0x0) ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000000040)) r3 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_DELAYED_SACK(r3, 0x84, 0x70, &(0x7f0000013ff4)=@assoc_value, &(0x7f0000002000)=0x8) getsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r3, 0x84, 0xa, &(0x7f00000001c0), &(0x7f0000000200)=0x20) r4 = socket$inet_udp(0x2, 0x2, 0x0) r5 = dup2(r4, r3) dup3(r5, r2, 0x0) 14:47:46 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(0xffffffffffffffff, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet6(0xa, 0x40000080806, 0x0) connect$inet6(r2, &(0x7f0000000080)={0xa, 0x0, 0x0, @empty}, 0x1c) close(r2) 14:47:46 executing program 4: perf_event_open(&(0x7f00000006c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xbfffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KDDISABIO(0xffffffffffffffff, 0x4b37) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/igmp6\x00') r1 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x210000000013, &(0x7f0000000040)=0x100000001, 0x4) connect$inet(r1, &(0x7f0000000180)={0x2, 0x0, @remote}, 0x10) sendfile(r1, r0, 0x0, 0x4000000000edc0) 14:47:46 executing program 1: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000180), 0x0) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f0000000200)={0x26, 'hash\x00', 0x0, 0x0, 'sha384\x00'}, 0x58) r3 = accept4(r2, 0x0, 0x0, 0x0) splice(r0, 0x0, r3, 0x0, 0x30007, 0x0) 14:47:46 executing program 0: syz_mount_image$msdos(&(0x7f0000000040)='msdos\x00', &(0x7f00000003c0)='./file1\x00', 0x79d5, 0x1, &(0x7f0000000300)=[{&(0x7f0000000140)="040005090000000066617400040409000200027400f8", 0x16}], 0x0, &(0x7f0000000080)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') r0 = creat(&(0x7f0000000680)='./bus\x00', 0x0) ftruncate(r0, 0x800) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = fcntl$dupfd(r1, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) lseek(r0, 0x0, 0x2) r4 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0) r5 = open(&(0x7f0000000400)='./bus\x00', 0x14183e, 0x0) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x7ffffe, 0x11, r5, 0x0) write$P9_RLERROR(r5, &(0x7f0000000080)={0x9}, 0x9) sendfile(r0, r4, 0x0, 0x8400f7fffff8) 14:47:47 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(0xffffffffffffffff, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet6(0xa, 0x40000080806, 0x0) connect$inet6(r2, &(0x7f0000000080)={0xa, 0x0, 0x0, @empty}, 0x1c) close(r2) [ 281.962834][T11241] FAT-fs (loop0): bogus number of FAT sectors [ 281.999689][T11241] FAT-fs (loop0): Can't find a valid FAT filesystem 14:47:47 executing program 2: mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x3000009, 0x10032, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = userfaultfd(0x0) ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000000040)) r3 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_DELAYED_SACK(r3, 0x84, 0x70, &(0x7f0000013ff4)=@assoc_value, &(0x7f0000002000)=0x8) getsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r3, 0x84, 0xa, &(0x7f00000001c0), &(0x7f0000000200)=0x20) r4 = socket$inet_udp(0x2, 0x2, 0x0) r5 = dup2(r4, r3) dup3(r5, r2, 0x0) 14:47:47 executing program 4: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=@newlink={0x40, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @macsec={{0xb, 0x1, 'macsec\x00'}, {0x10, 0x2, 0x0, 0x1, [@IFLA_MACSEC_CIPHER_SUITE={0xc}]}}}]}, 0x40}}, 0x0) sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0) 14:47:47 executing program 2: mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x3000009, 0x10032, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = userfaultfd(0x0) ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000000000)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r3 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_DELAYED_SACK(r3, 0x84, 0x70, &(0x7f0000013ff4)=@assoc_value, &(0x7f0000002000)=0x8) getsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r3, 0x84, 0xa, &(0x7f00000001c0), &(0x7f0000000200)=0x20) r4 = socket$inet_udp(0x2, 0x2, 0x0) r5 = dup2(r4, r3) dup3(r5, r2, 0x0) 14:47:47 executing program 3: socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = socket$inet6(0xa, 0x40000080806, 0x0) connect$inet6(r3, &(0x7f0000000080)={0xa, 0x0, 0x0, @empty}, 0x1c) close(r3) 14:47:47 executing program 4: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$unix(0x1, 0x5, 0x0) r3 = epoll_create1(0x0) r4 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, r3, &(0x7f0000000000)={0x60000011}) epoll_pwait(r4, &(0x7f0000000100)=[{}], 0x1, 0x200034, 0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r2, &(0x7f0000000040)) 14:47:48 executing program 5: creat(&(0x7f00000001c0)='./file0\x00', 0x32) fanotify_init(0x0, 0x0) openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040)='/dev/rfkill\x00', 0x0, 0x0) r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) unshare(0x8000400) mq_open(&(0x7f0000000000)='-$\x00', 0x6e93ebbbcc0884ee, 0x0, 0x0) ioctl$int_in(r0, 0x800000c004500a, &(0x7f0000000300)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000240)) mq_getsetattr(0xffffffffffffffff, 0x0, 0x0) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, 0x0}, 0x0) 14:47:48 executing program 2: mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x3000009, 0x10032, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = userfaultfd(0x0) ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000000000)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r3 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_DELAYED_SACK(r3, 0x84, 0x70, &(0x7f0000013ff4)=@assoc_value, &(0x7f0000002000)=0x8) getsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r3, 0x84, 0xa, &(0x7f00000001c0), &(0x7f0000000200)=0x20) r4 = socket$inet_udp(0x2, 0x2, 0x0) r5 = dup2(r4, r3) dup3(r5, r2, 0x0) 14:47:48 executing program 3: socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = socket$inet6(0xa, 0x40000080806, 0x0) connect$inet6(r3, &(0x7f0000000080)={0xa, 0x0, 0x0, @empty}, 0x1c) close(r3) 14:47:48 executing program 4: r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0x5, &(0x7f00000000c0)=@req3={0x8000, 0x6, 0x8000, 0x6}, 0x1c) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000100)={0x0, 0x3}, 0x4) r1 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r1, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2, 0x9}, 0x1c) sendmmsg(r1, &(0x7f00000092c0), 0x40000000000003f, 0x0) 14:47:48 executing program 0: syz_mount_image$msdos(&(0x7f0000000040)='msdos\x00', &(0x7f00000003c0)='./file1\x00', 0x79d5, 0x1, &(0x7f0000000300)=[{&(0x7f0000000140)="040005090000000066617400040409000200027400f8", 0x16}], 0x0, &(0x7f0000000080)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') r0 = creat(&(0x7f0000000680)='./bus\x00', 0x0) ftruncate(r0, 0x800) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = fcntl$dupfd(r1, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) lseek(r0, 0x0, 0x2) r4 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0) r5 = open(&(0x7f0000000400)='./bus\x00', 0x14183e, 0x0) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x7ffffe, 0x11, r5, 0x0) write$P9_RLERROR(r5, &(0x7f0000000080)={0x9}, 0x9) sendfile(r0, r4, 0x0, 0x8400f7fffff8) 14:47:48 executing program 1: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000180), 0x0) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f0000000200)={0x26, 'hash\x00', 0x0, 0x0, 'sha384\x00'}, 0x58) r3 = accept4(r2, 0x0, 0x0, 0x0) splice(r0, 0x0, r3, 0x0, 0x30007, 0x0) 14:47:48 executing program 2: mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x3000009, 0x10032, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = userfaultfd(0x0) ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000000000)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r3 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_DELAYED_SACK(r3, 0x84, 0x70, &(0x7f0000013ff4)=@assoc_value, &(0x7f0000002000)=0x8) getsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r3, 0x84, 0xa, &(0x7f00000001c0), &(0x7f0000000200)=0x20) r4 = socket$inet_udp(0x2, 0x2, 0x0) r5 = dup2(r4, r3) dup3(r5, r2, 0x0) [ 283.338815][T11287] FAT-fs (loop0): bogus number of FAT sectors 14:47:48 executing program 2: mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x3000009, 0x10032, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, &(0x7f0000000040)) ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, &(0x7f0000000000)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r2 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_DELAYED_SACK(r2, 0x84, 0x70, &(0x7f0000013ff4)=@assoc_value, &(0x7f0000002000)=0x8) getsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r2, 0x84, 0xa, &(0x7f00000001c0), &(0x7f0000000200)=0x20) r3 = socket$inet_udp(0x2, 0x2, 0x0) r4 = dup2(r3, r2) dup3(r4, 0xffffffffffffffff, 0x0) 14:47:48 executing program 4: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x8d, 0x400000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000280)={0x38, 0x2, 0x0, 0x0, 0x8}, 0x0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) r2 = creat(&(0x7f0000000240)='./file0\x00', 0x0) write$cgroup_type(r2, &(0x7f0000000100)='threaded\x00', 0xd6f0e2de) lsetxattr$security_capability(&(0x7f0000000580)='./file0\x00', &(0x7f00000005c0)='security.capability\x00', 0x0, 0x0, 0x2) fallocate(r1, 0x0, 0x0, 0x2cbd) [ 283.449358][T11287] FAT-fs (loop0): Can't find a valid FAT filesystem [ 283.465779][ T28] kauditd_printk_skb: 5 callbacks suppressed [ 283.465791][ T28] audit: type=1804 audit(1599749268.471:195): pid=11297 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir844479570/syzkaller.BBXZ1Y/86/file1/bus" dev="sda1" ino=16229 res=1 errno=0 14:47:48 executing program 3: socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = socket$inet6(0xa, 0x40000080806, 0x0) connect$inet6(r3, &(0x7f0000000080)={0xa, 0x0, 0x0, @empty}, 0x1c) close(r3) 14:47:48 executing program 5: creat(&(0x7f00000001c0)='./file0\x00', 0x32) fanotify_init(0x0, 0x0) openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040)='/dev/rfkill\x00', 0x0, 0x0) r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) unshare(0x8000400) mq_open(&(0x7f0000000000)='-$\x00', 0x6e93ebbbcc0884ee, 0x0, 0x0) ioctl$int_in(r0, 0x800000c004500a, &(0x7f0000000300)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000240)) mq_getsetattr(0xffffffffffffffff, 0x0, 0x0) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, 0x0}, 0x0) [ 283.501009][ T28] audit: type=1804 audit(1599749268.471:196): pid=11297 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir844479570/syzkaller.BBXZ1Y/86/file1/bus" dev="sda1" ino=16229 res=1 errno=0 [ 283.552701][ T28] audit: type=1804 audit(1599749268.471:197): pid=11297 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir844479570/syzkaller.BBXZ1Y/86/file1/bus" dev="sda1" ino=16229 res=1 errno=0 14:47:48 executing program 3: socketpair$unix(0x1, 0x1, 0x0, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(0xffffffffffffffff, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet6(0xa, 0x40000080806, 0x0) connect$inet6(r2, &(0x7f0000000080)={0xa, 0x0, 0x0, @empty}, 0x1c) close(r2) 14:47:48 executing program 2: mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x3000009, 0x10032, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, &(0x7f0000000040)) ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, &(0x7f0000000000)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r2 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_DELAYED_SACK(r2, 0x84, 0x70, &(0x7f0000013ff4)=@assoc_value, &(0x7f0000002000)=0x8) getsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r2, 0x84, 0xa, &(0x7f00000001c0), &(0x7f0000000200)=0x20) r3 = socket$inet_udp(0x2, 0x2, 0x0) r4 = dup2(r3, r2) dup3(r4, 0xffffffffffffffff, 0x0) 14:47:49 executing program 5: creat(&(0x7f00000001c0)='./file0\x00', 0x32) fanotify_init(0x0, 0x0) openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040)='/dev/rfkill\x00', 0x0, 0x0) r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) unshare(0x8000400) mq_open(&(0x7f0000000000)='-$\x00', 0x6e93ebbbcc0884ee, 0x0, 0x0) ioctl$int_in(r0, 0x800000c004500a, &(0x7f0000000300)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000240)) mq_getsetattr(0xffffffffffffffff, 0x0, 0x0) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, 0x0}, 0x0) 14:47:49 executing program 3: socketpair$unix(0x1, 0x1, 0x0, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(0xffffffffffffffff, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet6(0xa, 0x40000080806, 0x0) connect$inet6(r2, &(0x7f0000000080)={0xa, 0x0, 0x0, @empty}, 0x1c) close(r2) 14:47:49 executing program 2: mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x3000009, 0x10032, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, &(0x7f0000000040)) ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, &(0x7f0000000000)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r2 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_DELAYED_SACK(r2, 0x84, 0x70, &(0x7f0000013ff4)=@assoc_value, &(0x7f0000002000)=0x8) getsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r2, 0x84, 0xa, &(0x7f00000001c0), &(0x7f0000000200)=0x20) r3 = socket$inet_udp(0x2, 0x2, 0x0) r4 = dup2(r3, r2) dup3(r4, 0xffffffffffffffff, 0x0) 14:47:49 executing program 1: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000180), 0x0) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f0000000200)={0x26, 'hash\x00', 0x0, 0x0, 'sha384\x00'}, 0x58) r3 = accept4(r2, 0x0, 0x0, 0x0) splice(r0, 0x0, r3, 0x0, 0x30007, 0x0) 14:47:49 executing program 0: syz_mount_image$msdos(&(0x7f0000000040)='msdos\x00', &(0x7f00000003c0)='./file1\x00', 0x79d5, 0x1, &(0x7f0000000300)=[{&(0x7f0000000140)="040005090000000066617400040409000200027400f8", 0x16}], 0x0, &(0x7f0000000080)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') r0 = creat(&(0x7f0000000680)='./bus\x00', 0x0) ftruncate(r0, 0x800) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = fcntl$dupfd(r1, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) lseek(r0, 0x0, 0x2) r4 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0) r5 = open(&(0x7f0000000400)='./bus\x00', 0x14183e, 0x0) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x7ffffe, 0x11, r5, 0x0) write$P9_RLERROR(r5, &(0x7f0000000080)={0x9}, 0x9) sendfile(r0, r4, 0x0, 0x8400f7fffff8) 14:47:49 executing program 2: mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x3000009, 0x10032, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) dup(r0) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000040)) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000000000)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r2 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_DELAYED_SACK(r2, 0x84, 0x70, &(0x7f0000013ff4)=@assoc_value, &(0x7f0000002000)=0x8) getsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r2, 0x84, 0xa, &(0x7f00000001c0), &(0x7f0000000200)=0x20) r3 = socket$inet_udp(0x2, 0x2, 0x0) r4 = dup2(r3, r2) dup3(r4, r1, 0x0) 14:47:49 executing program 3: socketpair$unix(0x1, 0x1, 0x0, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(0xffffffffffffffff, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet6(0xa, 0x40000080806, 0x0) connect$inet6(r2, &(0x7f0000000080)={0xa, 0x0, 0x0, @empty}, 0x1c) close(r2) [ 284.398741][T11327] FAT-fs (loop0): bogus number of FAT sectors [ 284.428285][T11327] FAT-fs (loop0): Can't find a valid FAT filesystem [ 284.500820][ T28] audit: type=1804 audit(1599749269.511:198): pid=11327 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir844479570/syzkaller.BBXZ1Y/87/file1/bus" dev="sda1" ino=16221 res=1 errno=0 14:47:49 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200)='nl80211\x00') r2 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0}, &(0x7f0000000280)=0x5) setreuid(0x0, r3) sendmsg$NL80211_CMD_START_AP(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000400)={0x14, r1, 0x729}, 0x14}}, 0x0) 14:47:49 executing program 3: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(0xffffffffffffffff, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet6(0xa, 0x40000080806, 0x0) connect$inet6(r2, &(0x7f0000000080)={0xa, 0x0, 0x0, @empty}, 0x1c) close(r2) [ 284.720498][ T28] audit: type=1804 audit(1599749269.511:199): pid=11327 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir844479570/syzkaller.BBXZ1Y/87/file1/bus" dev="sda1" ino=16221 res=1 errno=0 14:47:49 executing program 2: mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x3000009, 0x10032, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) dup(r0) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000040)) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000000000)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r2 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_DELAYED_SACK(r2, 0x84, 0x70, &(0x7f0000013ff4)=@assoc_value, &(0x7f0000002000)=0x8) getsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r2, 0x84, 0xa, &(0x7f00000001c0), &(0x7f0000000200)=0x20) r3 = socket$inet_udp(0x2, 0x2, 0x0) r4 = dup2(r3, r2) dup3(r4, r1, 0x0) [ 284.898580][ T28] audit: type=1804 audit(1599749269.511:200): pid=11327 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir844479570/syzkaller.BBXZ1Y/87/file1/bus" dev="sda1" ino=16221 res=1 errno=0 14:47:50 executing program 3: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(0xffffffffffffffff, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet6(0xa, 0x40000080806, 0x0) connect$inet6(r2, &(0x7f0000000080)={0xa, 0x0, 0x0, @empty}, 0x1c) close(r2) 14:47:50 executing program 4: r0 = socket(0x200000000000011, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000300)={'syz_tun\x00', 0x0}) bind$packet(r0, &(0x7f0000000000)={0x11, 0x800, r1, 0x1, 0x0, 0x6, @dev}, 0x14) syz_emit_ethernet(0x66, &(0x7f0000001680)={@multicast, @remote, @void, {@ipv4={0x800, @gre={{0x5, 0x4, 0x0, 0x0, 0x58, 0x0, 0x0, 0x0, 0x2f, 0x0, @loopback, @broadcast}}}}}, 0x0) 14:47:50 executing program 1: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000180)="f084153138dd9586940fc9e190d3ba763169c2fae93db272348d937317b8a461e1ab80f02c091db8", 0x28) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f0000000200)={0x26, 'hash\x00', 0x0, 0x0, 'sha384\x00'}, 0x58) r3 = accept4(r2, 0x0, 0x0, 0x0) splice(r0, 0x0, r3, 0x0, 0x30007, 0x0) 14:47:50 executing program 2: mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x3000009, 0x10032, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) dup(r0) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000040)) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000000000)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r2 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_DELAYED_SACK(r2, 0x84, 0x70, &(0x7f0000013ff4)=@assoc_value, &(0x7f0000002000)=0x8) getsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r2, 0x84, 0xa, &(0x7f00000001c0), &(0x7f0000000200)=0x20) r3 = socket$inet_udp(0x2, 0x2, 0x0) r4 = dup2(r3, r2) dup3(r4, r1, 0x0) 14:47:50 executing program 5: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_TIMEOUT_NEW(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)={0x44, 0x0, 0x8, 0x101, 0x0, 0x0, {}, [@CTA_TIMEOUT_L4PROTO={0x5, 0x3, 0x21}, @CTA_TIMEOUT_NAME={0x9, 0x1, 'syz0\x00'}, @CTA_TIMEOUT_L3PROTO={0x6, 0x2, 0x1, 0x0, 0x9}, @CTA_TIMEOUT_DATA={0x14, 0x4, 0x0, 0x1, @tcp=[@CTA_TIMEOUT_TCP_LAST_ACK={0x8}, @CTA_TIMEOUT_TCP_TIME_WAIT={0x8}]}]}, 0x44}}, 0x0) 14:47:50 executing program 0: syz_mount_image$msdos(&(0x7f0000000040)='msdos\x00', &(0x7f00000003c0)='./file1\x00', 0x79d5, 0x1, &(0x7f0000000300)=[{&(0x7f0000000140)="040005090000000066617400040409000200027400f801", 0x17}], 0x0, 0x0) chdir(&(0x7f0000000000)='./file1\x00') r0 = creat(&(0x7f0000000680)='./bus\x00', 0x0) ftruncate(r0, 0x800) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = fcntl$dupfd(r1, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) lseek(r0, 0x0, 0x2) r4 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0) r5 = open(&(0x7f0000000400)='./bus\x00', 0x14183e, 0x0) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x7ffffe, 0x11, r5, 0x0) write$P9_RLERROR(r5, &(0x7f0000000080)={0x9}, 0x9) sendfile(r0, r4, 0x0, 0x8400f7fffff8) 14:47:50 executing program 3: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(0xffffffffffffffff, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet6(0xa, 0x40000080806, 0x0) connect$inet6(r2, &(0x7f0000000080)={0xa, 0x0, 0x0, @empty}, 0x1c) close(r2) 14:47:50 executing program 4: openat$pfkey(0xffffffffffffff9c, 0x0, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_open_dev$usbfs(0x0, 0x0, 0x1) openat$ipvs(0xffffffffffffff9c, 0x0, 0x2, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000b80)=ANY=[@ANYBLOB="50000000100001040000000000000e00001d0000", @ANYRES32=0x0, @ANYBLOB="2b03000000000000200012800b00010067656e65766500001000028006000500000000000400060008000500", @ANYRES32=0x0, @ANYBLOB='\b\x00\n\x00', @ANYBLOB], 0x50}}, 0x0) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x7ffffe, 0x4002011, 0xffffffffffffffff, 0x0) ftruncate(0xffffffffffffffff, 0xcf01) mq_timedreceive(0xffffffffffffffff, &(0x7f00000000c0)=""/39, 0x27, 0x1, 0x0) 14:47:50 executing program 3: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet6(0xa, 0x40000080806, 0x0) connect$inet6(r2, &(0x7f0000000080)={0xa, 0x0, 0x0, @empty}, 0x1c) close(r2) [ 285.420362][ T28] audit: type=1804 audit(1599749270.431:201): pid=11367 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir844479570/syzkaller.BBXZ1Y/88/file1/bus" dev="sda1" ino=16226 res=1 errno=0 14:47:50 executing program 5: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$wireguard(&(0x7f0000000440)='wireguard\x00') r2 = socket(0x11, 0x800000003, 0x0) bind(r2, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1bbd000000db1c00010000000000006d3a09ffc2c65400"}, 0x80) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000340)=0x14) sendmsg$WG_CMD_SET_DEVICE(r0, &(0x7f0000000dc0)={0x0, 0x0, &(0x7f0000000d80)={&(0x7f0000000040)={0x1c, r1, 0x1, 0x0, 0x0, {}, [@WGDEVICE_A_IFINDEX={0x8, 0x1, r3}]}, 0x1c}}, 0x0) [ 285.449974][ T28] audit: type=1804 audit(1599749270.431:202): pid=11367 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir844479570/syzkaller.BBXZ1Y/88/file1/bus" dev="sda1" ino=16226 res=1 errno=0 14:47:50 executing program 2: mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x3000009, 0x10032, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000040)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000000)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_DELAYED_SACK(r1, 0x84, 0x70, &(0x7f0000013ff4)=@assoc_value, &(0x7f0000002000)=0x8) getsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r1, 0x84, 0xa, &(0x7f00000001c0), &(0x7f0000000200)=0x20) r2 = socket$inet_udp(0x2, 0x2, 0x0) r3 = dup2(r2, r1) dup3(r3, r0, 0x0) [ 285.493052][ T28] audit: type=1804 audit(1599749270.461:203): pid=11367 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir844479570/syzkaller.BBXZ1Y/88/file1/bus" dev="sda1" ino=16226 res=1 errno=0 14:47:50 executing program 5: unshare(0x600) r0 = syz_open_dev$ttys(0xc, 0x2, 0x1) ioctl$TCSETSW2(r0, 0x5437, 0x0) ioctl$KDFONTOP_COPY(r0, 0x4b72, 0x0) 14:47:50 executing program 3: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet6(0xa, 0x40000080806, 0x0) connect$inet6(r2, &(0x7f0000000080)={0xa, 0x0, 0x0, @empty}, 0x1c) close(r2) [ 285.701713][T11374] netdevsim netdevsim4 netdevsim0: set [1, 1] type 2 family 0 port 38000 - 0 [ 285.711795][T11374] netdevsim netdevsim4 netdevsim1: set [1, 1] type 2 family 0 port 38000 - 0 [ 285.737185][T11374] netdevsim netdevsim4 netdevsim2: set [1, 1] type 2 family 0 port 38000 - 0 [ 285.768904][T11374] netdevsim netdevsim4 netdevsim3: set [1, 1] type 2 family 0 port 38000 - 0 [ 285.800015][T11374] netdevsim netdevsim4 netdevsim0: set [1, 2] type 2 family 0 port 44897 - 0 14:47:50 executing program 2: mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x3000009, 0x10032, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000040)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000000)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_DELAYED_SACK(r1, 0x84, 0x70, &(0x7f0000013ff4)=@assoc_value, &(0x7f0000002000)=0x8) getsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r1, 0x84, 0xa, &(0x7f00000001c0), &(0x7f0000000200)=0x20) r2 = socket$inet_udp(0x2, 0x2, 0x0) r3 = dup2(r2, r1) dup3(r3, r0, 0x0) [ 285.830604][T11374] netdevsim netdevsim4 netdevsim1: set [1, 2] type 2 family 0 port 44897 - 0 [ 285.867361][T11374] netdevsim netdevsim4 netdevsim2: set [1, 2] type 2 family 0 port 44897 - 0 [ 285.897299][T11374] netdevsim netdevsim4 netdevsim3: set [1, 2] type 2 family 0 port 44897 - 0 [ 285.980669][T11374] device geneve2 entered promiscuous mode 14:47:51 executing program 1: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000180), 0x0) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f0000000200)={0x26, 'hash\x00', 0x0, 0x0, 'sha384\x00'}, 0x58) r3 = accept4(r2, 0x0, 0x0, 0x0) splice(r0, 0x0, r3, 0x0, 0x30007, 0x0) 14:47:51 executing program 5: syz_mount_image$tmpfs(&(0x7f0000000100)='tmpfs\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)={[{@mpol={'mpol', 0x3d, {'interleave', '', @val={0x3a, [0x34, 0x2d, 0x32]}}}, 0x30}], [], 0x9}) 14:47:51 executing program 3: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet6(0xa, 0x40000080806, 0x0) connect$inet6(r2, &(0x7f0000000080)={0xa, 0x0, 0x0, @empty}, 0x1c) close(r2) 14:47:51 executing program 4: openat$pfkey(0xffffffffffffff9c, 0x0, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_open_dev$usbfs(0x0, 0x0, 0x1) openat$ipvs(0xffffffffffffff9c, 0x0, 0x2, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000b80)=ANY=[@ANYBLOB="50000000100001040000000000000e00001d0000", @ANYRES32=0x0, @ANYBLOB="2b03000000000000200012800b00010067656e65766500001000028006000500000000000400060008000500", @ANYRES32=0x0, @ANYBLOB='\b\x00\n\x00', @ANYBLOB], 0x50}}, 0x0) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x7ffffe, 0x4002011, 0xffffffffffffffff, 0x0) ftruncate(0xffffffffffffffff, 0xcf01) mq_timedreceive(0xffffffffffffffff, &(0x7f00000000c0)=""/39, 0x27, 0x1, 0x0) 14:47:51 executing program 2: mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x3000009, 0x10032, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000040)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000000)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_DELAYED_SACK(r1, 0x84, 0x70, &(0x7f0000013ff4)=@assoc_value, &(0x7f0000002000)=0x8) getsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r1, 0x84, 0xa, &(0x7f00000001c0), &(0x7f0000000200)=0x20) r2 = socket$inet_udp(0x2, 0x2, 0x0) r3 = dup2(r2, r1) dup3(r3, r0, 0x0) 14:47:51 executing program 3: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) dup2(r0, r1) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) r2 = socket$inet6(0xa, 0x40000080806, 0x0) connect$inet6(r2, &(0x7f0000000080)={0xa, 0x0, 0x0, @empty}, 0x1c) close(r2) 14:47:51 executing program 0: syz_mount_image$msdos(&(0x7f0000000040)='msdos\x00', &(0x7f00000003c0)='./file1\x00', 0x79d5, 0x1, &(0x7f0000000300)=[{&(0x7f0000000140)="040005090000000066617400040409000200027400f801", 0x17}], 0x0, 0x0) chdir(&(0x7f0000000000)='./file1\x00') r0 = creat(&(0x7f0000000680)='./bus\x00', 0x0) ftruncate(r0, 0x800) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = fcntl$dupfd(r1, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) lseek(r0, 0x0, 0x2) r4 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0) r5 = open(&(0x7f0000000400)='./bus\x00', 0x14183e, 0x0) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x7ffffe, 0x11, r5, 0x0) write$P9_RLERROR(r5, &(0x7f0000000080)={0x9}, 0x9) sendfile(r0, r4, 0x0, 0x8400f7fffff8) [ 286.264498][T11404] tmpfs: Bad value for 'mpol' [ 286.291994][T11404] tmpfs: Bad value for 'mpol' 14:47:51 executing program 5: r0 = getpgid(0x0) perf_event_open(&(0x7f0000000700)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, r0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r1, &(0x7f0000000440)={0x2, 0x4e23, @broadcast}, 0x10) prctl$PR_SET_DUMPABLE(0x4, 0x0) sendto$inet(r1, 0x0, 0x0, 0x20000ffd, &(0x7f0000000040)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f0000000600), 0x4) semtimedop(0x0, &(0x7f0000000000)=[{0x0, 0xec00}], 0x1, 0x0) sendto$inet(r1, &(0x7f00000012c0)="0c268a927f1f6588b967481241ba7860005cf65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95425a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0xfe6a, 0x11, 0x0, 0x27) shutdown(r1, 0x1) recvmsg(r1, &(0x7f0000001500)={0x0, 0x0, &(0x7f0000002200)=[{&(0x7f00000035c0)=""/4106, 0x200045ca}], 0x1}, 0x100) 14:47:51 executing program 3: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) dup2(r0, r1) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) r2 = socket$inet6(0xa, 0x40000080806, 0x0) connect$inet6(r2, &(0x7f0000000080)={0xa, 0x0, 0x0, @empty}, 0x1c) close(r2) 14:47:51 executing program 4: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x88002, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller1\x00', 0xb732}) r1 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_inet_SIOCSIFADDR(r1, 0x8914, &(0x7f00000000c0)={'syzkaller1\x00', {0x7, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}) writev(r0, &(0x7f00000002c0)=[{&(0x7f0000000200)="fd9065a64a4174", 0x5f07}, {&(0x7f0000000140)="bffbfff3bc86dd", 0x7}], 0x2) [ 286.452365][ T28] audit: type=1804 audit(1599749271.461:204): pid=11417 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir844479570/syzkaller.BBXZ1Y/89/file1/bus" dev="sda1" ino=16213 res=1 errno=0 14:47:51 executing program 3: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) dup2(r0, r1) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) r2 = socket$inet6(0xa, 0x40000080806, 0x0) connect$inet6(r2, &(0x7f0000000080)={0xa, 0x0, 0x0, @empty}, 0x1c) close(r2) 14:47:51 executing program 2: mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x3000009, 0x10032, 0xffffffffffffffff, 0x0) r0 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000040)) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000000000)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r2 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_DELAYED_SACK(r2, 0x84, 0x70, &(0x7f0000013ff4)=@assoc_value, &(0x7f0000002000)=0x8) getsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r2, 0x84, 0xa, &(0x7f00000001c0), &(0x7f0000000200)=0x20) r3 = socket$inet_udp(0x2, 0x2, 0x0) r4 = dup2(r3, r2) dup3(r4, r1, 0x0) 14:47:52 executing program 1: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000180), 0x0) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f0000000200)={0x26, 'hash\x00', 0x0, 0x0, 'sha384\x00'}, 0x58) r3 = accept4(r2, 0x0, 0x0, 0x0) splice(r0, 0x0, r3, 0x0, 0x30007, 0x0) 14:47:52 executing program 3: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x0) r3 = socket$inet6(0xa, 0x40000080806, 0x0) connect$inet6(r3, &(0x7f0000000080)={0xa, 0x0, 0x0, @empty}, 0x1c) close(r3) 14:47:52 executing program 2: mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x3000009, 0x10032, 0xffffffffffffffff, 0x0) r0 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000040)) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000000000)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r2 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_DELAYED_SACK(r2, 0x84, 0x70, &(0x7f0000013ff4)=@assoc_value, &(0x7f0000002000)=0x8) getsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r2, 0x84, 0xa, &(0x7f00000001c0), &(0x7f0000000200)=0x20) r3 = socket$inet_udp(0x2, 0x2, 0x0) r4 = dup2(r3, r2) dup3(r4, r1, 0x0) 14:47:52 executing program 5: perf_event_open(&(0x7f0000001340)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x78, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) timer_create(0x0, &(0x7f0000066000)={0x0, 0x12}, &(0x7f00009b1ffc)) timer_settime(0x0, 0x0, &(0x7f0000000040)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14}, &(0x7f0000000040)=0x0) timer_settime(r0, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) r1 = syz_open_dev$dri(&(0x7f00000000c0)='/dev/dri/card#\x00', 0x0, 0x0) pread64(r1, 0x0, 0xfeffffff, 0x0) socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(0xffffffffffffffff, 0x0, 0x0) setsockopt$packet_int(0xffffffffffffffff, 0x107, 0x0, 0x0, 0x0) r2 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) dup2(r2, r1) 14:47:52 executing program 3: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x0) r3 = socket$inet6(0xa, 0x40000080806, 0x0) connect$inet6(r3, &(0x7f0000000080)={0xa, 0x0, 0x0, @empty}, 0x1c) close(r3) 14:47:52 executing program 0: syz_mount_image$msdos(&(0x7f0000000040)='msdos\x00', &(0x7f00000003c0)='./file1\x00', 0x79d5, 0x1, &(0x7f0000000300)=[{&(0x7f0000000140)="040005090000000066617400040409000200027400f801", 0x17}], 0x0, 0x0) chdir(&(0x7f0000000000)='./file1\x00') r0 = creat(&(0x7f0000000680)='./bus\x00', 0x0) ftruncate(r0, 0x800) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = fcntl$dupfd(r1, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) lseek(r0, 0x0, 0x2) r4 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0) r5 = open(&(0x7f0000000400)='./bus\x00', 0x14183e, 0x0) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x7ffffe, 0x11, r5, 0x0) write$P9_RLERROR(r5, &(0x7f0000000080)={0x9}, 0x9) sendfile(r0, r4, 0x0, 0x8400f7fffff8) 14:47:52 executing program 2: mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x3000009, 0x10032, 0xffffffffffffffff, 0x0) r0 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000040)) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000000000)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r2 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_DELAYED_SACK(r2, 0x84, 0x70, &(0x7f0000013ff4)=@assoc_value, &(0x7f0000002000)=0x8) getsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r2, 0x84, 0xa, &(0x7f00000001c0), &(0x7f0000000200)=0x20) r3 = socket$inet_udp(0x2, 0x2, 0x0) r4 = dup2(r3, r2) dup3(r4, r1, 0x0) 14:47:52 executing program 3: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x0) r3 = socket$inet6(0xa, 0x40000080806, 0x0) connect$inet6(r3, &(0x7f0000000080)={0xa, 0x0, 0x0, @empty}, 0x1c) close(r3) 14:47:52 executing program 4: r0 = socket(0x40000000015, 0x5, 0x0) sendto(r0, 0x0, 0x0, 0x0, &(0x7f00000002c0)=@alg={0xa, 'hash\x00', 0xffff0000, 0x0, 'blake2b-512\x00'}, 0x80) 14:47:52 executing program 3: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = socket$inet6(0xa, 0x0, 0x0) connect$inet6(r3, &(0x7f0000000080)={0xa, 0x0, 0x0, @empty}, 0x1c) close(r3) 14:47:52 executing program 4: r0 = openat$ttynull(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttynull\x00', 0x0, 0x0) ioctl$GIO_SCRNMAP(r0, 0x5402, 0x0) 14:47:52 executing program 2: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = userfaultfd(0x0) ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000000040)) ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000000000)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r3 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_DELAYED_SACK(r3, 0x84, 0x70, &(0x7f0000013ff4)=@assoc_value, &(0x7f0000002000)=0x8) getsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r3, 0x84, 0xa, &(0x7f00000001c0), &(0x7f0000000200)=0x20) r4 = socket$inet_udp(0x2, 0x2, 0x0) r5 = dup2(r4, r3) dup3(r5, r2, 0x0) 14:47:53 executing program 1: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000180), 0x0) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f0000000200)={0x26, 'hash\x00', 0x0, 0x0, 'sha384\x00'}, 0x58) r3 = accept4(r2, 0x0, 0x0, 0x0) splice(r0, 0x0, r3, 0x0, 0x30007, 0x0) 14:47:53 executing program 3: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = socket$inet6(0xa, 0x0, 0x0) connect$inet6(r3, &(0x7f0000000080)={0xa, 0x0, 0x0, @empty}, 0x1c) close(r3) 14:47:53 executing program 2: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = userfaultfd(0x0) ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000000040)) ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000000000)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r3 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_DELAYED_SACK(r3, 0x84, 0x70, &(0x7f0000013ff4)=@assoc_value, &(0x7f0000002000)=0x8) getsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r3, 0x84, 0xa, &(0x7f00000001c0), &(0x7f0000000200)=0x20) r4 = socket$inet_udp(0x2, 0x2, 0x0) r5 = dup2(r4, r3) dup3(r5, r2, 0x0) 14:47:54 executing program 5: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) getsockopt$netlink(r0, 0x10e, 0x5, 0x0, &(0x7f0000000140)=0x4) 14:47:54 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) unshare(0x40600) ioctl$KVM_SET_PIT2(r1, 0xc018aec0, &(0x7f0000000180)) 14:47:54 executing program 2: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = userfaultfd(0x0) ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000000040)) ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000000000)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r3 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_DELAYED_SACK(r3, 0x84, 0x70, &(0x7f0000013ff4)=@assoc_value, &(0x7f0000002000)=0x8) getsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r3, 0x84, 0xa, &(0x7f00000001c0), &(0x7f0000000200)=0x20) r4 = socket$inet_udp(0x2, 0x2, 0x0) r5 = dup2(r4, r3) dup3(r5, r2, 0x0) 14:47:54 executing program 3: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = socket$inet6(0xa, 0x0, 0x0) connect$inet6(r3, &(0x7f0000000080)={0xa, 0x0, 0x0, @empty}, 0x1c) close(r3) 14:47:54 executing program 0: syz_mount_image$msdos(&(0x7f0000000040)='msdos\x00', &(0x7f00000003c0)='./file1\x00', 0x79d5, 0x1, &(0x7f0000000300)=[{&(0x7f0000000140)="040005090000000066617400040409000200027400f801", 0x17}], 0x0, &(0x7f0000000080)=ANY=[]) chdir(0x0) r0 = creat(&(0x7f0000000680)='./bus\x00', 0x0) ftruncate(r0, 0x800) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = fcntl$dupfd(r1, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) lseek(r0, 0x0, 0x2) r4 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0) r5 = open(&(0x7f0000000400)='./bus\x00', 0x14183e, 0x0) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x7ffffe, 0x11, r5, 0x0) write$P9_RLERROR(r5, &(0x7f0000000080)={0x9}, 0x9) sendfile(r0, r4, 0x0, 0x8400f7fffff8) 14:47:54 executing program 1: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000180)="f084153138dd9586940fc9e190d3ba763169c2fa", 0x14) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f0000000200)={0x26, 'hash\x00', 0x0, 0x0, 'sha384\x00'}, 0x58) r3 = accept4(r2, 0x0, 0x0, 0x0) splice(r0, 0x0, r3, 0x0, 0x30007, 0x0) 14:47:54 executing program 2: mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x0, 0x10032, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = userfaultfd(0x0) ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000000040)) ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000000000)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r3 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_DELAYED_SACK(r3, 0x84, 0x70, &(0x7f0000013ff4)=@assoc_value, &(0x7f0000002000)=0x8) getsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r3, 0x84, 0xa, &(0x7f00000001c0), &(0x7f0000000200)=0x20) r4 = socket$inet_udp(0x2, 0x2, 0x0) r5 = dup2(r4, r3) dup3(r5, r2, 0x0) 14:47:54 executing program 3: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = socket$inet6(0xa, 0x40000080806, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000000080)={0xa, 0x0, 0x0, @empty}, 0x1c) close(r3) [ 289.390241][ T28] kauditd_printk_skb: 5 callbacks suppressed [ 289.390253][ T28] audit: type=1804 audit(1599749274.402:210): pid=11515 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir844479570/syzkaller.BBXZ1Y/91/bus" dev="sda1" ino=16249 res=1 errno=0 14:47:54 executing program 5: socket$packet(0x11, 0xa, 0x300) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$pppoe(0x18, 0x1, 0x0) ioctl$DMA_BUF_IOCTL_SYNC(0xffffffffffffffff, 0x40086201, 0x0) ioctl$RTC_WIE_OFF(0xffffffffffffffff, 0x7010) connect$pppoe(r0, &(0x7f0000000080)={0x18, 0x0, {0x100, @dev, 'geneve0\x00'}}, 0x1e) sendmmsg(r0, &(0x7f000000d180), 0x4000000000000eb, 0x0) [ 289.421343][ T28] audit: type=1804 audit(1599749274.402:211): pid=11515 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir844479570/syzkaller.BBXZ1Y/91/bus" dev="sda1" ino=16249 res=1 errno=0 14:47:54 executing program 2: mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x0, 0x10032, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = userfaultfd(0x0) ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000000040)) ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000000000)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r3 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_DELAYED_SACK(r3, 0x84, 0x70, &(0x7f0000013ff4)=@assoc_value, &(0x7f0000002000)=0x8) getsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r3, 0x84, 0xa, &(0x7f00000001c0), &(0x7f0000000200)=0x20) r4 = socket$inet_udp(0x2, 0x2, 0x0) r5 = dup2(r4, r3) dup3(r5, r2, 0x0) 14:47:54 executing program 4: r0 = syz_open_dev$video(&(0x7f0000000180)='/dev/video#\x00', 0x0, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05605, &(0x7f00000001c0)={0x1, @vbi={0x0, 0x0, 0x32314752}}) [ 289.502314][ T28] audit: type=1804 audit(1599749274.412:212): pid=11515 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir844479570/syzkaller.BBXZ1Y/91/bus" dev="sda1" ino=16249 res=1 errno=0 14:47:54 executing program 3: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = socket$inet6(0xa, 0x40000080806, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000000080)={0xa, 0x0, 0x0, @empty}, 0x1c) close(r3) 14:47:54 executing program 2: mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x0, 0x10032, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = userfaultfd(0x0) ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000000040)) ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000000000)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r3 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_DELAYED_SACK(r3, 0x84, 0x70, &(0x7f0000013ff4)=@assoc_value, &(0x7f0000002000)=0x8) getsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r3, 0x84, 0xa, &(0x7f00000001c0), &(0x7f0000000200)=0x20) r4 = socket$inet_udp(0x2, 0x2, 0x0) r5 = dup2(r4, r3) dup3(r5, r2, 0x0) 14:47:54 executing program 4: perf_event_open(&(0x7f0000000240)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x101, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x5) write$binfmt_misc(r0, &(0x7f00000006c0)=ANY=[@ANYBLOB="5300000044a6aeabc81e152000000000e4ffff0f3605f64017db9820000000000000d403ffff635427e59aa146175dd106736d173f0fc7ec58000000000000000081baf9459c5c953948c6801f2c0945c08ba80000fc99a7422007653872ecb4f63adb415ccdfe80810100"], 0xab) openat$sequencer(0xffffffffffffff9c, 0x0, 0x0, 0x0) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) gettid() setsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, 0x0, 0x0) ioctl$KVM_GET_SUPPORTED_CPUID(0xffffffffffffffff, 0xc008ae05, &(0x7f00000002c0)=""/248) 14:47:54 executing program 3: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = socket$inet6(0xa, 0x40000080806, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000000080)={0xa, 0x0, 0x0, @empty}, 0x1c) close(r3) [ 289.978162][ C0] sd 0:0:1:0: [sg0] tag#3836 FAILED Result: hostbyte=DID_ABORT driverbyte=DRIVER_OK cmd_age=0s [ 289.988741][ C0] sd 0:0:1:0: [sg0] tag#3836 CDB: Test Unit Ready [ 289.995188][ C0] sd 0:0:1:0: [sg0] tag#3836 CDB[00]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 290.004854][ C0] sd 0:0:1:0: [sg0] tag#3836 CDB[10]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 290.014499][ C0] sd 0:0:1:0: [sg0] tag#3836 CDB[20]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 290.024224][ C0] sd 0:0:1:0: [sg0] tag#3836 CDB[30]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 290.033865][ C0] sd 0:0:1:0: [sg0] tag#3836 CDB[40]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 290.043506][ C0] sd 0:0:1:0: [sg0] tag#3836 CDB[50]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 290.053147][ C0] sd 0:0:1:0: [sg0] tag#3836 CDB[60]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 290.062812][ C0] sd 0:0:1:0: [sg0] tag#3836 CDB[70]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 14:47:55 executing program 1: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000180), 0x0) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f0000000200)={0x26, 'hash\x00', 0x0, 0x0, 'sha384\x00'}, 0x58) r3 = accept4(r2, 0x0, 0x0, 0x0) splice(r0, 0x0, r3, 0x0, 0x30007, 0x0) [ 290.072455][ C0] sd 0:0:1:0: [sg0] tag#3836 CDB[80]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 290.082096][ C0] sd 0:0:1:0: [sg0] tag#3836 CDB[90]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 290.091724][ C0] sd 0:0:1:0: [sg0] tag#3836 CDB[a0]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 290.101353][ C0] sd 0:0:1:0: [sg0] tag#3836 CDB[b0]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 290.111058][ C0] sd 0:0:1:0: [sg0] tag#3836 CDB[c0]: 00 00 00 00 00 00 00 00 14:47:55 executing program 0: syz_mount_image$msdos(&(0x7f0000000040)='msdos\x00', &(0x7f00000003c0)='./file1\x00', 0x79d5, 0x1, &(0x7f0000000300)=[{&(0x7f0000000140)="040005090000000066617400040409000200027400f801", 0x17}], 0x0, &(0x7f0000000080)=ANY=[]) chdir(0x0) r0 = creat(&(0x7f0000000680)='./bus\x00', 0x0) ftruncate(r0, 0x800) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = fcntl$dupfd(r1, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) lseek(r0, 0x0, 0x2) r4 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0) r5 = open(&(0x7f0000000400)='./bus\x00', 0x14183e, 0x0) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x7ffffe, 0x11, r5, 0x0) write$P9_RLERROR(r5, &(0x7f0000000080)={0x9}, 0x9) sendfile(r0, r4, 0x0, 0x8400f7fffff8) 14:47:55 executing program 3: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = socket$inet6(0xa, 0x40000080806, 0x0) connect$inet6(r3, 0x0, 0x0) close(r3) 14:47:55 executing program 2: mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x3000009, 0x10, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = userfaultfd(0x0) ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000000040)) ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000000000)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r3 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_DELAYED_SACK(r3, 0x84, 0x70, &(0x7f0000013ff4)=@assoc_value, &(0x7f0000002000)=0x8) getsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r3, 0x84, 0xa, &(0x7f00000001c0), &(0x7f0000000200)=0x20) r4 = socket$inet_udp(0x2, 0x2, 0x0) r5 = dup2(r4, r3) dup3(r5, r2, 0x0) 14:47:55 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x2ba) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r2, @ANYBLOB="fe000000000000001c0012000c000100626f6e64"], 0x3c}}, 0x0) r3 = socket$unix(0x1, 0x5, 0x0) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) r5 = dup2(r4, r3) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) r6 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r6, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000ac0)=@newlink={0x20, 0x11, 0x40d, 0x0, 0x0, {0x10, 0x0, 0x0, r2}}, 0x20}}, 0x0) [ 290.346829][T11561] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.4'. 14:47:55 executing program 5: socket$packet(0x11, 0xa, 0x300) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$pppoe(0x18, 0x1, 0x0) ioctl$DMA_BUF_IOCTL_SYNC(0xffffffffffffffff, 0x40086201, 0x0) ioctl$RTC_WIE_OFF(0xffffffffffffffff, 0x7010) connect$pppoe(r0, &(0x7f0000000080)={0x18, 0x0, {0x100, @dev, 'geneve0\x00'}}, 0x1e) sendmmsg(r0, &(0x7f000000d180), 0x4000000000000eb, 0x0) 14:47:55 executing program 3: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = socket$inet6(0xa, 0x40000080806, 0x0) connect$inet6(r3, 0x0, 0x0) close(r3) [ 290.510710][T11591] bond1 (unregistering): Released all slaves 14:47:55 executing program 2: mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x3000009, 0x10, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = userfaultfd(0x0) ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000000040)) ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000000000)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r3 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_DELAYED_SACK(r3, 0x84, 0x70, &(0x7f0000013ff4)=@assoc_value, &(0x7f0000002000)=0x8) getsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r3, 0x84, 0xa, &(0x7f00000001c0), &(0x7f0000000200)=0x20) r4 = socket$inet_udp(0x2, 0x2, 0x0) r5 = dup2(r4, r3) dup3(r5, r2, 0x0) [ 290.622022][ T28] audit: type=1804 audit(1599749275.632:213): pid=11606 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir844479570/syzkaller.BBXZ1Y/92/bus" dev="sda1" ino=16250 res=1 errno=0 14:47:55 executing program 3: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = socket$inet6(0xa, 0x40000080806, 0x0) connect$inet6(r3, 0x0, 0x0) close(r3) [ 290.723520][T11566] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.4'. [ 290.731392][ T28] audit: type=1804 audit(1599749275.662:214): pid=11606 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir844479570/syzkaller.BBXZ1Y/92/bus" dev="sda1" ino=16250 res=1 errno=0 [ 290.952484][T11660] bond1 (unregistering): Released all slaves [ 291.010533][ T28] audit: type=1804 audit(1599749275.662:215): pid=11606 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir844479570/syzkaller.BBXZ1Y/92/bus" dev="sda1" ino=16250 res=1 errno=0 14:47:56 executing program 5: r0 = socket$inet6(0xa, 0x802, 0x73) sendmmsg$inet6(r0, &(0x7f0000000440)=[{{&(0x7f0000000000)={0xa, 0x0, 0x0, @empty}, 0x1c, 0x0}}, {{&(0x7f0000000140)={0xa, 0x0, 0x0, @ipv4={[], [], @loopback}}, 0x1c, 0x0, 0x0, &(0x7f00000003c0)=[@flowinfo={{0x14}}, @hopopts={{0x18, 0x29, 0x36, {0x0, 0x7}}}], 0x30}}], 0x2, 0x0) 14:47:56 executing program 1: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000180), 0x0) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f0000000200)={0x26, 'hash\x00', 0x0, 0x0, 'sha384\x00'}, 0x58) r3 = accept4(r2, 0x0, 0x0, 0x0) splice(r0, 0x0, r3, 0x0, 0x30007, 0x0) 14:47:56 executing program 3: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = socket$inet6(0xa, 0x40000080806, 0x0) connect$inet6(r3, &(0x7f0000000080)={0xa, 0x0, 0x0, @empty}, 0x1c) close(0xffffffffffffffff) 14:47:56 executing program 2: mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x3000009, 0x10, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = userfaultfd(0x0) ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000000040)) ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000000000)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r3 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_DELAYED_SACK(r3, 0x84, 0x70, &(0x7f0000013ff4)=@assoc_value, &(0x7f0000002000)=0x8) getsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r3, 0x84, 0xa, &(0x7f00000001c0), &(0x7f0000000200)=0x20) r4 = socket$inet_udp(0x2, 0x2, 0x0) r5 = dup2(r4, r3) dup3(r5, r2, 0x0) 14:47:56 executing program 0: syz_mount_image$msdos(&(0x7f0000000040)='msdos\x00', &(0x7f00000003c0)='./file1\x00', 0x79d5, 0x1, &(0x7f0000000300)=[{&(0x7f0000000140)="040005090000000066617400040409000200027400f801", 0x17}], 0x0, &(0x7f0000000080)=ANY=[]) chdir(0x0) r0 = creat(&(0x7f0000000680)='./bus\x00', 0x0) ftruncate(r0, 0x800) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = fcntl$dupfd(r1, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) lseek(r0, 0x0, 0x2) r4 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0) r5 = open(&(0x7f0000000400)='./bus\x00', 0x14183e, 0x0) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x7ffffe, 0x11, r5, 0x0) write$P9_RLERROR(r5, &(0x7f0000000080)={0x9}, 0x9) sendfile(r0, r4, 0x0, 0x8400f7fffff8) 14:47:56 executing program 4: r0 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000040)='TIPCv2\x00') r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_NL_UDP_GET_REMOTEIP(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)={0x20, r0, 0xb03, 0x0, 0x0, {0x13}, [@TIPC_NLA_MON={0xc, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_REF={0x8, 0x2, 0x7}]}]}, 0x20}}, 0x0) 14:47:56 executing program 5: perf_event_open(&(0x7f0000000200)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000280)={0xe, 0x4, 0x4, 0x3}, 0x40) socket$kcm(0x10, 0x2, 0x4) bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000080)={0xffffffffffffffff, 0x0, &(0x7f0000001740)=""/102400}, 0x20) perf_event_open(&(0x7f0000000400)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000080)={'erspan0\x00'}) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x8946, &(0x7f0000000080)) 14:47:56 executing program 3: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = socket$inet6(0xa, 0x40000080806, 0x0) connect$inet6(r3, &(0x7f0000000080)={0xa, 0x0, 0x0, @empty}, 0x1c) close(0xffffffffffffffff) 14:47:56 executing program 2: mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x3000009, 0x10032, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = userfaultfd(0x0) ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000000040)) ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000000000)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r3 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_DELAYED_SACK(r3, 0x84, 0x70, &(0x7f0000013ff4)=@assoc_value, &(0x7f0000002000)=0x8) getsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r3, 0x84, 0xa, &(0x7f00000001c0), &(0x7f0000000200)=0x20) r4 = socket$inet_udp(0x2, 0x2, 0x0) r5 = dup2(r4, r3) dup3(r5, r2, 0x0) 14:47:56 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000040)='l2tp\x00') sendmsg$L2TP_CMD_SESSION_MODIFY(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)={0x24, r1, 0x1, 0x0, 0x0, {}, [@L2TP_ATTR_SESSION_ID={0x8}, @L2TP_ATTR_CONN_ID={0x8}]}, 0x24}}, 0x0) 14:47:56 executing program 3: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = socket$inet6(0xa, 0x40000080806, 0x0) connect$inet6(r3, &(0x7f0000000080)={0xa, 0x0, 0x0, @empty}, 0x1c) close(0xffffffffffffffff) 14:47:56 executing program 5: r0 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_RES_CQ_GET(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=ANY=[@ANYBLOB="2000000015140107"], 0x20}}, 0x0) [ 291.596317][ T28] audit: type=1804 audit(1599749276.612:216): pid=11740 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir844479570/syzkaller.BBXZ1Y/93/bus" dev="sda1" ino=16257 res=1 errno=0 14:47:56 executing program 4: perf_event_open(&(0x7f0000000100)={0x2, 0x70, 0xd5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$nl_route(0x10, 0x3, 0x0) splice(r0, 0x0, r2, 0x0, 0x1420000a77, 0x0) write$binfmt_elf64(r1, 0x0, 0xfffffd88) [ 291.736880][T11756] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.5'. [ 291.751363][ T28] audit: type=1804 audit(1599749276.612:217): pid=11740 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir844479570/syzkaller.BBXZ1Y/93/bus" dev="sda1" ino=16257 res=1 errno=0 [ 291.794044][ T28] audit: type=1804 audit(1599749276.612:218): pid=11740 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir844479570/syzkaller.BBXZ1Y/93/bus" dev="sda1" ino=16257 res=1 errno=0 [ 291.856061][T11759] Scheduler tracepoints stat_sleep, stat_iowait, stat_blocked and stat_runtime require the kernel parameter schedstats=enable or kernel.sched_schedstats=1 14:47:57 executing program 1: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000180), 0x0) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f0000000200)={0x26, 'hash\x00', 0x0, 0x0, 'sha384\x00'}, 0x58) r3 = accept4(r2, 0x0, 0x0, 0x0) splice(r0, 0x0, r3, 0x0, 0x30007, 0x0) 14:47:57 executing program 3: timer_create(0x3, &(0x7f0000000040)={0x0, 0x14, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000000)) timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) r0 = signalfd(0xffffffffffffffff, &(0x7f00007aeff8)={[0xfffffffffffffffc]}, 0x8) read(r0, &(0x7f00000017c0)=""/407, 0x197) timer_settime(0x0, 0xffffffffffffffff, &(0x7f0000000080)={{0x77359400}, {0x0, 0x9}}, 0x0) 14:47:57 executing program 2: mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x3000009, 0x10032, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = userfaultfd(0x0) ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000000040)) ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000000000)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r3 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_DELAYED_SACK(r3, 0x84, 0x70, &(0x7f0000013ff4)=@assoc_value, &(0x7f0000002000)=0x8) getsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r3, 0x84, 0xa, &(0x7f00000001c0), &(0x7f0000000200)=0x20) r4 = socket$inet_udp(0x2, 0x2, 0x0) r5 = dup2(r4, r3) dup3(r5, r2, 0x0) 14:47:57 executing program 4: mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) r0 = socket(0x2, 0x2, 0x0) setsockopt$inet_opts(r0, 0x0, 0x1, 0x0, 0x0) 14:47:57 executing program 5: r0 = socket$inet_tcp(0x2, 0x1, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = socket$kcm(0x29, 0x5, 0x0) r4 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='net/arp\x00') sendfile(r3, r4, 0x0, 0x38a8) sendmmsg(r3, &(0x7f0000005980)=[{{0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000100)='.', 0x1}], 0x1}}, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x228}}], 0x2, 0x0) 14:47:57 executing program 2: mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x3000009, 0x10032, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = userfaultfd(0x0) ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000000040)) ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000000000)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r3 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_DELAYED_SACK(r3, 0x84, 0x70, &(0x7f0000013ff4)=@assoc_value, &(0x7f0000002000)=0x8) getsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r3, 0x84, 0xa, &(0x7f00000001c0), &(0x7f0000000200)=0x20) r4 = socket$inet_udp(0x2, 0x2, 0x0) r5 = dup2(r4, r3) dup3(r5, r2, 0x0) 14:47:57 executing program 3: r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) recvmsg(r0, &(0x7f0000001500)={0x0, 0x0, 0x0}, 0x0) 14:47:57 executing program 0: syz_mount_image$msdos(&(0x7f0000000040)='msdos\x00', &(0x7f00000003c0)='./file1\x00', 0x79d5, 0x1, &(0x7f0000000300)=[{&(0x7f0000000140)="040005090000000066617400040409000200027400f801", 0x17}], 0x0, &(0x7f0000000080)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') r0 = creat(0x0, 0x0) ftruncate(r0, 0x800) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = fcntl$dupfd(r1, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) lseek(r0, 0x0, 0x2) r4 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0) r5 = open(&(0x7f0000000400)='./bus\x00', 0x14183e, 0x0) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x7ffffe, 0x11, r5, 0x0) write$P9_RLERROR(r5, &(0x7f0000000080)={0x9}, 0x9) sendfile(r0, r4, 0x0, 0x8400f7fffff8) 14:47:57 executing program 3: r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/seq\x00', 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_PORT_INFO(r0, 0xc0a85320, &(0x7f0000000080)={{0x80, 0xfc}, 'port0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}) ioctl$SNDRV_SEQ_IOCTL_SET_PORT_INFO(r0, 0xc0a85320, &(0x7f0000000440)={{0x80}, 'port1\x00'}) 14:47:57 executing program 4: r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x8100, &(0x7f0000000080)=[{&(0x7f00000002c0)="3200000010008108040f80ecdb4cb92e18480e0040000000e8bd6efb250309000e000100240348ff050006001201", 0xc0}], 0x1, 0x0, 0x0, 0x2}, 0x0) 14:47:57 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x3a, &(0x7f0000000000)={@local, @dev, @void, {@ipv4={0x800, @tcp={{0x6, 0x4, 0x0, 0x0, 0x2c, 0x0, 0x0, 0x0, 0x6, 0x0, @remote, @local, {[@rr={0x6, 0x3}]}}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x6, 0x5}}}}}}, 0x0) socket$inet(0x2, 0x1, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$IPCTNL_MSG_EXP_GET(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={0x0}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=@newlink={0x30, 0x10, 0x1, 0x0, 0x0, {0x3}, [@IFLA_MASTER={0x8, 0xd}, @IFLA_GROUP={0x8}]}, 0x30}}, 0x0) 14:47:57 executing program 0: syz_mount_image$msdos(&(0x7f0000000040)='msdos\x00', &(0x7f00000003c0)='./file1\x00', 0x79d5, 0x1, &(0x7f0000000300)=[{&(0x7f0000000140)="040005090000000066617400040409000200027400f801", 0x17}], 0x0, &(0x7f0000000080)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') r0 = creat(0x0, 0x0) ftruncate(r0, 0x800) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = fcntl$dupfd(r1, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) lseek(r0, 0x0, 0x2) r4 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0) r5 = open(&(0x7f0000000400)='./bus\x00', 0x14183e, 0x0) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x7ffffe, 0x11, r5, 0x0) write$P9_RLERROR(r5, &(0x7f0000000080)={0x9}, 0x9) sendfile(r0, r4, 0x0, 0x8400f7fffff8) [ 292.673802][T11799] netlink: 2 bytes leftover after parsing attributes in process `syz-executor.4'. [ 292.803557][T11799] device veth1_macvtap left promiscuous mode [ 292.854338][T11799] device macsec0 entered promiscuous mode 14:47:57 executing program 1: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000180)="f084153138dd9586940f", 0xa) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f0000000200)={0x26, 'hash\x00', 0x0, 0x0, 'sha384\x00'}, 0x58) r3 = accept4(r2, 0x0, 0x0, 0x0) splice(r0, 0x0, r3, 0x0, 0x30007, 0x0) 14:47:57 executing program 3: sendmmsg(0xffffffffffffffff, &(0x7f0000002e80)=[{{0x0, 0x0, &(0x7f00000024c0)=[{&(0x7f0000000040)="c59f69ab2cd4cbfc9aca3da4a801181e440829a01aea1d8edcc87039fb74f5540cb46d71d27c01ff41b018f628860f6548f6f8af3692300a6a661a53ac67c57f5b0d6a09631321cd16656ae39d697db51d6906752d3e6c9536ca492a9a883131bc4ec0c94eaa06715b9c9a0039f8e82a5f85e44da48632e4e7827e75a81f4a11f6ced797bc71549e62b8466553259a094fee645ccd0284762712514d9b95587f9891250088d8b3327956a4cf7caa1b295ff4812226782b9d60f8f03691b72694f09b4a389d09a6ca02a5386975ebe1fe99", 0xd1}], 0x1, 0x0, 0x190}}], 0x1, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNATTACHFILTER(r0, 0x400454ca, &(0x7f0000000100)={0x0, 0x0}) ioctl$TUNSETOWNER(r0, 0x400454c9, 0xffffffffffffffff) ioctl$TUNGETVNETHDRSZ(r0, 0x401054d5, 0x0) 14:47:57 executing program 2: mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x3000009, 0x10032, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, 0x0) r0 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000040)) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000000000)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r2 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_DELAYED_SACK(r2, 0x84, 0x70, &(0x7f0000013ff4)=@assoc_value, &(0x7f0000002000)=0x8) getsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r2, 0x84, 0xa, &(0x7f00000001c0), &(0x7f0000000200)=0x20) r3 = socket$inet_udp(0x2, 0x2, 0x0) r4 = dup2(r3, r2) dup3(r4, r1, 0x0) 14:47:58 executing program 2: mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x3000009, 0x10032, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, 0x0) r0 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000040)) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000000000)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r2 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_DELAYED_SACK(r2, 0x84, 0x70, &(0x7f0000013ff4)=@assoc_value, &(0x7f0000002000)=0x8) getsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r2, 0x84, 0xa, &(0x7f00000001c0), &(0x7f0000000200)=0x20) r3 = socket$inet_udp(0x2, 0x2, 0x0) r4 = dup2(r3, r2) dup3(r4, r1, 0x0) 14:47:58 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = eventfd(0x0) ioctl$KVM_IOEVENTFD(r1, 0x4040ae79, &(0x7f0000000080)={0x0, 0x0, 0x0, r2, 0x5}) 14:47:58 executing program 2: mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x3000009, 0x10032, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, 0x0) r0 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000040)) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000000000)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r2 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_DELAYED_SACK(r2, 0x84, 0x70, &(0x7f0000013ff4)=@assoc_value, &(0x7f0000002000)=0x8) getsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r2, 0x84, 0xa, &(0x7f00000001c0), &(0x7f0000000200)=0x20) r3 = socket$inet_udp(0x2, 0x2, 0x0) r4 = dup2(r3, r2) dup3(r4, r1, 0x0) [ 293.576151][T11803] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 293.611490][T11803] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 293.634640][T11803] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready 14:47:58 executing program 2: mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x3000009, 0x10032, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)) r0 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000040)) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000000000)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r2 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_DELAYED_SACK(r2, 0x84, 0x70, &(0x7f0000013ff4)=@assoc_value, &(0x7f0000002000)=0x8) getsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r2, 0x84, 0xa, &(0x7f00000001c0), &(0x7f0000000200)=0x20) r3 = socket$inet_udp(0x2, 0x2, 0x0) r4 = dup2(r3, r2) dup3(r4, r1, 0x0) 14:47:58 executing program 0: syz_mount_image$msdos(&(0x7f0000000040)='msdos\x00', &(0x7f00000003c0)='./file1\x00', 0x79d5, 0x1, &(0x7f0000000300)=[{&(0x7f0000000140)="040005090000000066617400040409000200027400f801", 0x17}], 0x0, &(0x7f0000000080)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') r0 = creat(0x0, 0x0) ftruncate(r0, 0x800) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = fcntl$dupfd(r1, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) lseek(r0, 0x0, 0x2) r4 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0) r5 = open(&(0x7f0000000400)='./bus\x00', 0x14183e, 0x0) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x7ffffe, 0x11, r5, 0x0) write$P9_RLERROR(r5, &(0x7f0000000080)={0x9}, 0x9) sendfile(r0, r4, 0x0, 0x8400f7fffff8) [ 293.758425][T11820] tun0: tun_chr_ioctl cmd 1074812117 [ 293.769008][T11835] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 293.819988][T11835] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 293.840388][T11835] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready 14:47:58 executing program 1: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000180), 0x0) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f0000000200)={0x26, 'hash\x00', 0x0, 0x0, 'sha384\x00'}, 0x58) r3 = accept4(r2, 0x0, 0x0, 0x0) splice(r0, 0x0, r3, 0x0, 0x30007, 0x0) 14:47:58 executing program 4: perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$dsp1(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp1\x00', 0x109801, 0x0) ioctl$SNDCTL_DSP_SETFRAGMENT(r0, 0xc004500a, &(0x7f0000000040)=0x74000000) write$dsp(r0, &(0x7f0000002000)='`', 0x80000) 14:47:59 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x3a, &(0x7f0000000000)={@local, @dev, @void, {@ipv4={0x800, @tcp={{0x6, 0x4, 0x0, 0x0, 0x2c, 0x0, 0x0, 0x0, 0x6, 0x0, @remote, @local, {[@rr={0x6, 0x3}]}}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x6, 0x5}}}}}}, 0x0) socket$inet(0x2, 0x1, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$IPCTNL_MSG_EXP_GET(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={0x0}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=@newlink={0x30, 0x10, 0x1, 0x0, 0x0, {0x3}, [@IFLA_MASTER={0x8, 0xd}, @IFLA_GROUP={0x8}]}, 0x30}}, 0x0) 14:47:59 executing program 3: openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000040)={0x14, 0x4, 0x0, 0x9}, 0x40) r0 = getpid() timer_create(0x0, &(0x7f00000000c0)={0x0, 0x0, 0x4, @tid=r0}, 0x0) r1 = openat$ion(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r1, 0xc0184900, &(0x7f0000000000)={0x10010005, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3000500}) ioctl$DMA_BUF_IOCTL_SYNC(r2, 0x40086200, &(0x7f0000000100)=0x2) 14:47:59 executing program 0: syz_mount_image$msdos(&(0x7f0000000040)='msdos\x00', &(0x7f00000003c0)='./file1\x00', 0x79d5, 0x1, &(0x7f0000000300)=[{&(0x7f0000000140)="040005090000000066617400040409000200027400f801", 0x17}], 0x0, &(0x7f0000000080)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') r0 = creat(&(0x7f0000000680)='./bus\x00', 0x0) ftruncate(0xffffffffffffffff, 0x800) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = fcntl$dupfd(r1, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) lseek(r0, 0x0, 0x2) r4 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0) r5 = open(&(0x7f0000000400)='./bus\x00', 0x14183e, 0x0) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x7ffffe, 0x11, r5, 0x0) write$P9_RLERROR(r5, &(0x7f0000000080)={0x9}, 0x9) sendfile(r0, r4, 0x0, 0x8400f7fffff8) 14:47:59 executing program 2: mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x3000009, 0x10032, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)) r0 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000040)) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000000000)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r2 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_DELAYED_SACK(r2, 0x84, 0x70, &(0x7f0000013ff4)=@assoc_value, &(0x7f0000002000)=0x8) getsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r2, 0x84, 0xa, &(0x7f00000001c0), &(0x7f0000000200)=0x20) r3 = socket$inet_udp(0x2, 0x2, 0x0) r4 = dup2(r3, r2) dup3(r4, r1, 0x0) [ 294.322474][T11861] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready 14:47:59 executing program 2: mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x3000009, 0x10032, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)) r0 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000040)) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000000000)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r2 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_DELAYED_SACK(r2, 0x84, 0x70, &(0x7f0000013ff4)=@assoc_value, &(0x7f0000002000)=0x8) getsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r2, 0x84, 0xa, &(0x7f00000001c0), &(0x7f0000000200)=0x20) r3 = socket$inet_udp(0x2, 0x2, 0x0) r4 = dup2(r3, r2) dup3(r4, r1, 0x0) [ 294.408613][T11861] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 294.430635][ T28] audit: type=1804 audit(1599749279.442:219): pid=11876 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir844479570/syzkaller.BBXZ1Y/97/file1/bus" dev="loop0" ino=158 res=1 errno=0 [ 294.452913][T11861] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 294.459154][ T28] audit: type=1804 audit(1599749279.452:220): pid=11876 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir844479570/syzkaller.BBXZ1Y/97/file1/bus" dev="loop0" ino=158 res=1 errno=0 [ 294.486303][ T28] audit: type=1804 audit(1599749279.452:221): pid=11876 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir844479570/syzkaller.BBXZ1Y/97/file1/bus" dev="loop0" ino=158 res=1 errno=0 14:47:59 executing program 2: mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x3000009, 0x10032, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000040)) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000000000)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r2 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_DELAYED_SACK(r2, 0x84, 0x70, &(0x7f0000013ff4)=@assoc_value, &(0x7f0000002000)=0x8) getsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r2, 0x84, 0xa, &(0x7f00000001c0), &(0x7f0000000200)=0x20) r3 = socket$inet_udp(0x2, 0x2, 0x0) r4 = dup2(r3, r2) dup3(r4, r1, 0x0) 14:47:59 executing program 1: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000180), 0x0) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f0000000200)={0x26, 'hash\x00', 0x0, 0x0, 'sha384\x00'}, 0x58) r3 = accept4(r2, 0x0, 0x0, 0x0) splice(r0, 0x0, r3, 0x0, 0x30007, 0x0) 14:48:00 executing program 0: syz_mount_image$msdos(&(0x7f0000000040)='msdos\x00', &(0x7f00000003c0)='./file1\x00', 0x79d5, 0x1, &(0x7f0000000300)=[{&(0x7f0000000140)="040005090000000066617400040409000200027400f801", 0x17}], 0x0, &(0x7f0000000080)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') r0 = creat(&(0x7f0000000680)='./bus\x00', 0x0) ftruncate(0xffffffffffffffff, 0x800) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = fcntl$dupfd(r1, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) lseek(r0, 0x0, 0x2) r4 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0) r5 = open(&(0x7f0000000400)='./bus\x00', 0x14183e, 0x0) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x7ffffe, 0x11, r5, 0x0) write$P9_RLERROR(r5, &(0x7f0000000080)={0x9}, 0x9) sendfile(r0, r4, 0x0, 0x8400f7fffff8) 14:48:00 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x3a, &(0x7f0000000000)={@local, @dev, @void, {@ipv4={0x800, @tcp={{0x6, 0x4, 0x0, 0x0, 0x2c, 0x0, 0x0, 0x0, 0x6, 0x0, @remote, @local, {[@rr={0x6, 0x3}]}}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x6, 0x5}}}}}}, 0x0) socket$inet(0x2, 0x1, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$IPCTNL_MSG_EXP_GET(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={0x0}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=@newlink={0x30, 0x10, 0x1, 0x0, 0x0, {0x3}, [@IFLA_MASTER={0x8, 0xd}, @IFLA_GROUP={0x8}]}, 0x30}}, 0x0) 14:48:00 executing program 2: mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x3000009, 0x10032, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000040)) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000000000)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r2 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_DELAYED_SACK(r2, 0x84, 0x70, &(0x7f0000013ff4)=@assoc_value, &(0x7f0000002000)=0x8) getsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r2, 0x84, 0xa, &(0x7f00000001c0), &(0x7f0000000200)=0x20) r3 = socket$inet_udp(0x2, 0x2, 0x0) r4 = dup2(r3, r2) dup3(r4, r1, 0x0) 14:48:00 executing program 3: openat$ubi_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = add_key$user(&(0x7f00000000c0)='user\x00', &(0x7f0000000440)={'syz'}, &(0x7f0000000340)="585ccbe4ed83b836c1a6474914dc55e72206297b6895b66147b3c7218a9169a85ea2bdc9c1587a050000000000000042e33089754c8107c3cd4623dd4a71c2ff06007b6b4816122d2550829eaa9435c99926022b8753a188748c569f435fb3bae96efb7bb50ec93c152fa483198a29e5c0d0c60000ce0637ce0000b4ec24c53d3d661ff5ff70e48884ca000018cea71fcfacf40d32e4b58a8d2725561f6110fd7b0674cc5c1e298a16324fe27da2a908ba9ff3c009d36d691cc7911219a2fd5d", 0xc0, 0xfffffffffffffffe) r1 = add_key$user(&(0x7f0000000200)='user\x00', &(0x7f0000000040)={'syz', 0x1}, &(0x7f0000000100)="01", 0x1, 0xfffffffffffffffd) keyctl$dh_compute(0x17, &(0x7f0000000000)={r1, r0, r0}, &(0x7f0000000480)=""/250, 0x1b3, &(0x7f0000000580)={&(0x7f0000000080)={'wp256-generic\x00'}}) connect$inet(0xffffffffffffffff, 0x0, 0x0) [ 295.222995][ T28] audit: type=1804 audit(1599749280.232:222): pid=11896 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir844479570/syzkaller.BBXZ1Y/98/file1/bus" dev="loop0" ino=159 res=1 errno=0 [ 295.386760][T11900] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 295.400691][ T28] audit: type=1804 audit(1599749280.282:223): pid=11896 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir844479570/syzkaller.BBXZ1Y/98/file1/bus" dev="loop0" ino=159 res=1 errno=0 [ 295.451252][ T28] audit: type=1804 audit(1599749280.292:224): pid=11896 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir844479570/syzkaller.BBXZ1Y/98/file1/bus" dev="loop0" ino=159 res=1 errno=0 [ 295.470621][T11900] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 295.507052][T11900] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready 14:48:02 executing program 4: r0 = add_key$keyring(&(0x7f0000000180)='keyring\x00', &(0x7f0000000080)={'syz'}, 0x0, 0x0, 0xffffffffffffffff) keyctl$search(0x15, r0, 0x0, 0x0, 0x0) keyctl$chown(0xb, r0, 0xee00, 0xffffffffffffffff) 14:48:02 executing program 2: mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x3000009, 0x10032, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000040)) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000000000)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r2 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_DELAYED_SACK(r2, 0x84, 0x70, &(0x7f0000013ff4)=@assoc_value, &(0x7f0000002000)=0x8) getsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r2, 0x84, 0xa, &(0x7f00000001c0), &(0x7f0000000200)=0x20) r3 = socket$inet_udp(0x2, 0x2, 0x0) r4 = dup2(r3, r2) dup3(r4, r1, 0x0) 14:48:02 executing program 0: syz_mount_image$msdos(&(0x7f0000000040)='msdos\x00', &(0x7f00000003c0)='./file1\x00', 0x79d5, 0x1, &(0x7f0000000300)=[{&(0x7f0000000140)="040005090000000066617400040409000200027400f801", 0x17}], 0x0, &(0x7f0000000080)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') r0 = creat(&(0x7f0000000680)='./bus\x00', 0x0) ftruncate(0xffffffffffffffff, 0x800) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = fcntl$dupfd(r1, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) lseek(r0, 0x0, 0x2) r4 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0) r5 = open(&(0x7f0000000400)='./bus\x00', 0x14183e, 0x0) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x7ffffe, 0x11, r5, 0x0) write$P9_RLERROR(r5, &(0x7f0000000080)={0x9}, 0x9) sendfile(r0, r4, 0x0, 0x8400f7fffff8) 14:48:02 executing program 3: r0 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000080)='/dev/fb0\x00', 0x0, 0x0) ioctl$FBIOPUT_VSCREENINFO(r0, 0x4601, &(0x7f00000001c0)={0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, {}, {}, {}, {}, 0x40000000}) 14:48:02 executing program 1: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000180), 0x0) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f0000000200)={0x26, 'hash\x00', 0x0, 0x0, 'sha384\x00'}, 0x58) r3 = accept4(r2, 0x0, 0x0, 0x0) splice(r0, 0x0, r3, 0x0, 0x30007, 0x0) 14:48:02 executing program 5: fanotify_mark(0xffffffffffffffff, 0xd7, 0x0, 0xffffffffffffffff, 0x0) 14:48:02 executing program 5: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=ANY=[@ANYBLOB="1400000010efa8c68d000000000000000000000a2000000002030100000000f787060000000000000900010001"], 0xcc}}, 0x0) sendmsg$NFQNL_MSG_VERDICT(r0, &(0x7f0000000b80)={0x0, 0x0, &(0x7f0000000b40)={&(0x7f0000000300)={0x20, 0x2, 0x3, 0x201, 0x0, 0x0, {}, [@NFQA_VERDICT_HDR={0xc}]}, 0x20}}, 0x0) 14:48:02 executing program 4: r0 = socket$inet6(0xa, 0x1, 0x8010000400000084) bind$inet6(r0, &(0x7f0000ed3fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) shutdown(r0, 0x0) setsockopt$sock_linger(r0, 0x1, 0xd, &(0x7f0000000040)={0x1, 0xffffffff}, 0x8) sendto$inet6(r0, &(0x7f0000000100)="bf", 0x1, 0x0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) close(r0) 14:48:02 executing program 0: syz_mount_image$msdos(&(0x7f0000000040)='msdos\x00', &(0x7f00000003c0)='./file1\x00', 0x79d5, 0x1, &(0x7f0000000300)=[{&(0x7f0000000140)="040005090000000066617400040409000200027400f801", 0x17}], 0x0, &(0x7f0000000080)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') r0 = creat(&(0x7f0000000680)='./bus\x00', 0x0) ftruncate(r0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = fcntl$dupfd(r1, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) lseek(r0, 0x0, 0x2) r4 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0) r5 = open(&(0x7f0000000400)='./bus\x00', 0x14183e, 0x0) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x7ffffe, 0x11, r5, 0x0) write$P9_RLERROR(r5, &(0x7f0000000080)={0x9}, 0x9) sendfile(r0, r4, 0x0, 0x8400f7fffff8) [ 297.113540][ T28] audit: type=1804 audit(1599749282.122:225): pid=11924 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir844479570/syzkaller.BBXZ1Y/99/file1/bus" dev="loop0" ino=160 res=1 errno=0 [ 297.123084][ T28] audit: type=1804 audit(1599749282.132:226): pid=11924 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir844479570/syzkaller.BBXZ1Y/99/file1/bus" dev="loop0" ino=160 res=1 errno=0 [ 297.127335][ T28] audit: type=1804 audit(1599749282.142:227): pid=11924 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir844479570/syzkaller.BBXZ1Y/99/file1/bus" dev="loop0" ino=160 res=1 errno=0 [ 297.243990][T11923] ================================================================== [ 297.244084][T11923] BUG: KASAN: global-out-of-bounds in vga16fb_imageblit+0x1c36/0x2210 [ 297.244098][T11923] Read of size 2 at addr ffffffff8899f6be by task syz-executor.3/11923 [ 297.244103][T11923] [ 297.244118][T11923] CPU: 1 PID: 11923 Comm: syz-executor.3 Not tainted 5.9.0-rc4-syzkaller #0 [ 297.244128][T11923] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 297.244133][T11923] Call Trace: [ 297.244153][T11923] dump_stack+0x198/0x1fd [ 297.244172][T11923] ? vga16fb_imageblit+0x1c36/0x2210 [ 297.244186][T11923] ? vga16fb_imageblit+0x1c36/0x2210 [ 297.244206][T11923] print_address_description.constprop.0.cold+0x5/0x497 [ 297.244224][T11923] ? vga16fb_imageblit+0x1c36/0x2210 [ 297.244323][T11923] ? lockdep_hardirqs_off+0x96/0xd0 [ 297.244343][T11923] ? vprintk_func+0x97/0x1a6 [ 297.244365][T11923] ? vga16fb_imageblit+0x1c36/0x2210 [ 297.244380][T11923] ? vga16fb_imageblit+0x1c36/0x2210 [ 297.244394][T11923] kasan_report.cold+0x1f/0x37 [ 297.244414][T11923] ? vga16fb_imageblit+0x1c36/0x2210 [ 297.244432][T11923] vga16fb_imageblit+0x1c36/0x2210 [ 297.244458][T11923] ? fb_get_buffer_offset+0x18f/0x330 [ 297.244479][T11923] bit_putcs+0x6e1/0xd20 [ 297.244521][T11923] ? bit_cursor+0x17d0/0x17d0 [ 297.244543][T11923] ? mark_lock+0xbc/0x1710 [ 297.244560][T11923] ? io_schedule_timeout+0x140/0x140 [ 297.244575][T11923] ? sched_clock+0x2a/0x40 [ 297.244591][T11923] ? fb_get_color_depth+0x11a/0x240 [ 297.244613][T11923] ? __sanitizer_cov_trace_switch+0x45/0x70 [ 297.244633][T11923] ? bit_cursor+0x17d0/0x17d0 [ 297.244647][T11923] fbcon_putcs+0x33c/0x3f0 [ 297.244673][T11923] do_update_region+0x399/0x630 [ 297.244697][T11923] ? con_get_trans_old+0x280/0x280 [ 297.244715][T11923] ? fbcon_invert_region+0xd6/0x270 [ 297.244739][T11923] invert_screen+0x1d4/0x600 [ 297.244753][T11923] ? vc_uniscr_copy_line+0x4c0/0x4c0 [ 297.244766][T11923] ? vc_do_resize+0x2f6/0x1150 [ 297.244777][T11923] ? __kmalloc+0x1c7/0x310 [ 297.244797][T11923] clear_selection+0x55/0x70 [ 297.244810][T11923] vc_do_resize+0xe63/0x1150 [ 297.244836][T11923] ? fb_destroy_modelist+0x200/0x200 [ 297.244853][T11923] ? store_bind+0x6a0/0x6a0 [ 297.244881][T11923] fbcon_modechanged+0x36c/0x710 [ 297.244902][T11923] fbcon_update_vcs+0x3a/0x50 [ 297.244916][T11923] do_fb_ioctl+0x62e/0x690 [ 297.244933][T11923] ? fb_set_suspend+0x1a0/0x1a0 [ 297.244949][T11923] ? tomoyo_execute_permission+0x470/0x470 [ 297.244968][T11923] ? lock_is_held_type+0xbb/0xf0 [ 297.245003][T11923] ? __sanitizer_cov_trace_switch+0x45/0x70 [ 297.245019][T11923] ? do_vfs_ioctl+0x27d/0x1090 [ 297.245056][T11923] ? __fget_files+0x294/0x400 [ 297.245080][T11923] fb_ioctl+0xdd/0x130 [ 297.245094][T11923] ? do_fb_ioctl+0x690/0x690 [ 297.245109][T11923] __x64_sys_ioctl+0x193/0x200 [ 297.245128][T11923] do_syscall_64+0x2d/0x70 [ 297.245178][T11923] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 297.245191][T11923] RIP: 0033:0x45d5b9 [ 297.245207][T11923] Code: 5d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 2b b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 297.245216][T11923] RSP: 002b:00007f378f0a7c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 297.245232][T11923] RAX: ffffffffffffffda RBX: 000000000000e280 RCX: 000000000045d5b9 [ 297.245243][T11923] RDX: 00000000200001c0 RSI: 0000000000004601 RDI: 0000000000000003 [ 297.245252][T11923] RBP: 000000000118cf80 R08: 0000000000000000 R09: 0000000000000000 [ 297.245262][T11923] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000118cf4c [ 297.245272][T11923] R13: 00007ffc3b6f39df R14: 00007f378f0a89c0 R15: 000000000118cf4c [ 297.245296][T11923] [ 297.245301][T11923] The buggy address belongs to the variable: [ 297.245348][T11923] transl_h+0x3e/0x40 [ 297.245353][T11923] [ 297.245358][T11923] Memory state around the buggy address: [ 297.245372][T11923] ffffffff8899f580: f9 f9 f9 f9 00 00 00 00 00 00 00 00 00 00 00 00 [ 297.245384][T11923] ffffffff8899f600: 00 00 00 00 00 00 00 00 00 00 00 f9 f9 f9 f9 f9 [ 297.245396][T11923] >ffffffff8899f680: 00 00 00 00 f9 f9 f9 f9 00 00 00 00 f9 f9 f9 f9 [ 297.245403][T11923] ^ [ 297.245415][T11923] ffffffff8899f700: 00 01 f9 f9 f9 f9 f9 f9 00 00 00 04 f9 f9 f9 f9 [ 297.245428][T11923] ffffffff8899f780: 00 00 04 f9 f9 f9 f9 f9 00 00 00 00 00 00 02 f9 [ 297.245434][T11923] ================================================================== [ 297.245439][T11923] Disabling lock debugging due to kernel taint [ 297.269313][T11923] Kernel panic - not syncing: panic_on_warn set ... [ 297.269332][T11923] CPU: 1 PID: 11923 Comm: syz-executor.3 Tainted: G B 5.9.0-rc4-syzkaller #0 [ 297.269339][T11923] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 297.269343][T11923] Call Trace: [ 297.269361][T11923] dump_stack+0x198/0x1fd [ 297.269378][T11923] ? vga16fb_imageblit+0x1b40/0x2210 [ 297.269393][T11923] panic+0x347/0x7c0 [ 297.269405][T11923] ? __warn_printk+0xf3/0xf3 [ 297.269420][T11923] ? preempt_schedule_common+0x59/0xc0 [ 297.269433][T11923] ? vga16fb_imageblit+0x1c36/0x2210 [ 297.269447][T11923] ? preempt_schedule_thunk+0x16/0x18 [ 297.269459][T11923] ? trace_hardirqs_on+0x55/0x220 [ 297.269472][T11923] ? vga16fb_imageblit+0x1c36/0x2210 [ 297.269484][T11923] ? vga16fb_imageblit+0x1c36/0x2210 [ 297.269495][T11923] end_report+0x4d/0x53 [ 297.269507][T11923] kasan_report.cold+0xd/0x37 [ 297.269521][T11923] ? vga16fb_imageblit+0x1c36/0x2210 [ 297.269533][T11923] vga16fb_imageblit+0x1c36/0x2210 [ 297.269548][T11923] ? fb_get_buffer_offset+0x18f/0x330 [ 297.269560][T11923] bit_putcs+0x6e1/0xd20 [ 297.269580][T11923] ? bit_cursor+0x17d0/0x17d0 [ 297.269594][T11923] ? mark_lock+0xbc/0x1710 [ 297.269616][T11923] ? io_schedule_timeout+0x140/0x140 [ 297.269630][T11923] ? sched_clock+0x2a/0x40 [ 297.269645][T11923] ? fb_get_color_depth+0x11a/0x240 [ 297.269659][T11923] ? __sanitizer_cov_trace_switch+0x45/0x70 [ 297.269672][T11923] ? bit_cursor+0x17d0/0x17d0 [ 297.269683][T11923] fbcon_putcs+0x33c/0x3f0 [ 297.269699][T11923] do_update_region+0x399/0x630 [ 297.269715][T11923] ? con_get_trans_old+0x280/0x280 [ 297.269729][T11923] ? fbcon_invert_region+0xd6/0x270 [ 297.269743][T11923] invert_screen+0x1d4/0x600 [ 297.269755][T11923] ? vc_uniscr_copy_line+0x4c0/0x4c0 [ 297.269765][T11923] ? vc_do_resize+0x2f6/0x1150 [ 297.269776][T11923] ? __kmalloc+0x1c7/0x310 [ 297.269789][T11923] clear_selection+0x55/0x70 [ 297.269799][T11923] vc_do_resize+0xe63/0x1150 [ 297.269816][T11923] ? fb_destroy_modelist+0x200/0x200 [ 297.269828][T11923] ? store_bind+0x6a0/0x6a0 [ 297.269844][T11923] fbcon_modechanged+0x36c/0x710 [ 297.269857][T11923] fbcon_update_vcs+0x3a/0x50 [ 297.269870][T11923] do_fb_ioctl+0x62e/0x690 [ 297.269883][T11923] ? fb_set_suspend+0x1a0/0x1a0 [ 297.269896][T11923] ? tomoyo_execute_permission+0x470/0x470 [ 297.269910][T11923] ? lock_is_held_type+0xbb/0xf0 [ 297.269929][T11923] ? __sanitizer_cov_trace_switch+0x45/0x70 [ 297.269941][T11923] ? do_vfs_ioctl+0x27d/0x1090 [ 297.269960][T11923] ? __fget_files+0x294/0x400 [ 297.269975][T11923] fb_ioctl+0xdd/0x130 [ 297.269987][T11923] ? do_fb_ioctl+0x690/0x690 [ 297.269999][T11923] __x64_sys_ioctl+0x193/0x200 [ 297.270013][T11923] do_syscall_64+0x2d/0x70 [ 297.270025][T11923] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 297.270035][T11923] RIP: 0033:0x45d5b9 [ 297.270048][T11923] Code: 5d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 2b b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 297.270055][T11923] RSP: 002b:00007f378f0a7c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 297.270068][T11923] RAX: ffffffffffffffda RBX: 000000000000e280 RCX: 000000000045d5b9 [ 297.270076][T11923] RDX: 00000000200001c0 RSI: 0000000000004601 RDI: 0000000000000003 [ 297.270084][T11923] RBP: 000000000118cf80 R08: 0000000000000000 R09: 0000000000000000 [ 297.270091][T11923] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000118cf4c [ 297.270098][T11923] R13: 00007ffc3b6f39df R14: 00007f378f0a89c0 R15: 000000000118cf4c [ 297.271295][T11923] Kernel Offset: disabled [ 298.117479][T11923] Rebooting in 86400 seconds..