ffffff, 0xffffffffffffffff}) ioctl$sock_kcm_SIOCKCMATTACH(0xffffffffffffffff, 0x89e0, 0x0) vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1) readv(r0, &(0x7f00000001c0)=[{0x0}], 0x1) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$VT_WAITACTIVE(0xffffffffffffffff, 0x5607) close(r1) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x80000000000002, &(0x7f0000000800)=0x16c, 0x4) setsockopt$inet_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f0000000480)={@in={{0x2, 0x0, @local}}, 0x0, 0x20000000005, 0x2}, 0xd8) bind$inet(r3, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r3, 0x0, 0x0, 0x200007fd, &(0x7f0000000100)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r3, 0x1, 0x8, &(0x7f0000000000), 0x9f) recvmsg(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000840)=""/4096, 0x1000}, {&(0x7f0000001840)=""/4096, 0x1000}, {0x0}], 0x3}, 0x300) [ 641.203800][ T28] audit: type=1804 audit(1590300696.191:120): pid=17390 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir182037091/syzkaller.fFo22x/335/file0/bus" dev="loop2" ino=79 res=1 [ 641.304329][ T28] audit: type=1804 audit(1590300696.271:121): pid=17394 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir182037091/syzkaller.fFo22x/335/file0/bus" dev="loop2" ino=79 res=1 06:11:36 executing program 1: pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_kcm_SIOCKCMATTACH(0xffffffffffffffff, 0x89e0, 0x0) vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1) readv(r0, &(0x7f00000001c0)=[{0x0}], 0x1) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$VT_WAITACTIVE(0xffffffffffffffff, 0x5607) close(r1) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x80000000000002, &(0x7f0000000800)=0x16c, 0x4) setsockopt$inet_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f0000000480)={@in={{0x2, 0x0, @local}}, 0x0, 0x20000000005, 0x2}, 0xd8) bind$inet(r3, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r3, 0x0, 0x0, 0x200007fd, &(0x7f0000000100)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r3, 0x1, 0x8, &(0x7f0000000000), 0x9f) recvmsg(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000840)=""/4096, 0x1000}, {&(0x7f0000001840)=""/4096, 0x1000}, {0x0}], 0x3}, 0x300) 06:11:36 executing program 2: prlimit64(0x0, 0x0, 0x0, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000240)={0x38, 0x2, 0x0, 0xffffffff, 0x5, 0x0, 0x0, 0xfffffffffffffff9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x9}, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sched_setattr(0x0, &(0x7f0000000180)={0x38, 0x1, 0x0, 0x0, 0x3}, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000000200)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r2 = open(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) fchdir(r2) r3 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ftruncate(r3, 0x800) lseek(r3, 0x0, 0x2) r4 = open(&(0x7f0000001840)='./bus\x00', 0x80, 0x0) sendfile(r3, r4, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0xa0) 06:11:36 executing program 1: pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_kcm_SIOCKCMATTACH(0xffffffffffffffff, 0x89e0, 0x0) vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1) readv(r0, &(0x7f00000001c0)=[{0x0}], 0x1) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$VT_WAITACTIVE(0xffffffffffffffff, 0x5607) close(r1) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x80000000000002, &(0x7f0000000800)=0x16c, 0x4) setsockopt$inet_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f0000000480)={@in={{0x2, 0x0, @local}}, 0x0, 0x20000000005, 0x2}, 0xd8) bind$inet(r3, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r3, 0x0, 0x0, 0x200007fd, &(0x7f0000000100)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r3, 0x1, 0x8, &(0x7f0000000000), 0x9f) recvmsg(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000840)=""/4096, 0x1000}, {&(0x7f0000001840)=""/4096, 0x1000}, {0x0}], 0x3}, 0x300) [ 641.964666][ T169] attempt to access beyond end of device [ 641.979489][ T169] loop2: rw=1, want=4537, limit=63 [ 642.011255][ T169] attempt to access beyond end of device [ 642.025709][ T169] loop2: rw=1, want=6593, limit=63 [ 642.038087][ T169] attempt to access beyond end of device [ 642.046588][ T169] loop2: rw=1, want=8641, limit=63 [ 642.062572][ T169] attempt to access beyond end of device [ 642.071532][ T169] loop2: rw=1, want=10689, limit=63 [ 642.093140][ T169] attempt to access beyond end of device [ 642.116112][ T169] loop2: rw=1, want=12737, limit=63 [ 642.140238][ T169] attempt to access beyond end of device [ 642.146060][ T169] loop2: rw=1, want=14785, limit=63 [ 642.173461][ T169] attempt to access beyond end of device [ 642.187219][ T169] loop2: rw=1, want=16833, limit=63 [ 642.198101][ T169] attempt to access beyond end of device [ 642.203945][ T169] loop2: rw=1, want=18881, limit=63 [ 642.214024][ T169] attempt to access beyond end of device [ 642.220201][ T169] loop2: rw=1, want=21625, limit=63 [ 642.232766][ T169] attempt to access beyond end of device 06:11:37 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {0x0}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0xfd, &(0x7f00000193c0)="f7f258480aa4ce20d179e70076cc036a2a1605000000320800000000000000a172903acab90671ffbb70cef20d945aa586d65a3d7f02224c14f1bdd7d464089414700000000000d384d29308f038cb863cce9acc92b74162953f799a801e4f0a49bd983a793d0f756d427b702ca97d7ba31392f173f30271fa144340a90d74208ee26834d00e37642d03645ffbe9e50affba1233832cbf4882a813cb286fcf95f9db2dd885905284f167992356c7667b5f2e5dddb33f7b43e9988f2c5ebe21e47dc96e22e3d9b9a00a153f2534b2302c88a1d58ac9defdb908981b674ae9470a1a00c47bcc6f9b2d875f101167322be2bfef76a9d17317abc90ab10880"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 06:11:37 executing program 1: pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_kcm_SIOCKCMATTACH(0xffffffffffffffff, 0x89e0, 0x0) vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1) readv(r0, &(0x7f00000001c0)=[{0x0}], 0x1) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$VT_WAITACTIVE(0xffffffffffffffff, 0x5607) close(r1) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x80000000000002, &(0x7f0000000800)=0x16c, 0x4) setsockopt$inet_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f0000000480)={@in={{0x2, 0x0, @local}}, 0x0, 0x20000000005, 0x2}, 0xd8) bind$inet(r3, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r3, 0x0, 0x0, 0x200007fd, &(0x7f0000000100)={0x2, 0x4e23, @local}, 0x10) recvmsg(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000840)=""/4096, 0x1000}, {&(0x7f0000001840)=""/4096, 0x1000}, {0x0}], 0x3}, 0x300) splice(r0, 0x0, r1, 0x0, 0xfffd, 0x0) [ 642.238521][ T169] loop2: rw=1, want=25721, limit=63 [ 642.253013][ T169] attempt to access beyond end of device [ 642.258652][ T169] loop2: rw=1, want=29417, limit=63 06:11:37 executing program 0: sendmmsg$inet(0xffffffffffffffff, 0x0, 0x0, 0x0) r0 = gettid() prctl$PR_SET_PTRACER(0x59616d61, r0) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000740)="0f34", 0x2}], 0x1, 0x0) ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f00000000c0)={@mcast2, 0xe}) ptrace$setopts(0x4206, r1, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000140)=""/71, 0x47}], 0x3, 0x0, 0x0, 0x0) tkill(r1, 0x3c) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r1, 0x0, 0x0) 06:11:37 executing program 1: pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_kcm_SIOCKCMATTACH(0xffffffffffffffff, 0x89e0, 0x0) vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1) readv(r0, &(0x7f00000001c0)=[{0x0}], 0x1) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$VT_WAITACTIVE(0xffffffffffffffff, 0x5607) close(r1) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x80000000000002, &(0x7f0000000800)=0x16c, 0x4) setsockopt$inet_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f0000000480)={@in={{0x2, 0x0, @local}}, 0x0, 0x20000000005, 0x2}, 0xd8) bind$inet(r3, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r3, 0x0, 0x0, 0x200007fd, &(0x7f0000000100)={0x2, 0x4e23, @local}, 0x10) recvmsg(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000840)=""/4096, 0x1000}, {&(0x7f0000001840)=""/4096, 0x1000}, {0x0}], 0x3}, 0x300) splice(r0, 0x0, r1, 0x0, 0xfffd, 0x0) [ 642.561577][ T28] audit: type=1804 audit(1590300697.552:122): pid=17413 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir182037091/syzkaller.fFo22x/336/file0/bus" dev="loop2" ino=80 res=1 06:11:37 executing program 5: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102385, 0x18ff1}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @ext={0x2a, &(0x7f00000193c0)="f7f258480aa42220e779e70076cc036a2a160500000032a56f7259e480249950f34c6aa172903acab906"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 06:11:37 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102385, 0x18ff1}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x128, &(0x7f00000193c0)="f7f258480aa4ce20d179e70076cc036a2a1605000000320800000000000000a172903acab90671ffbb70cef20d945aa586d65a3d7f02224c14f1bdd7d464089414700000000000d384d29308f038cb863cce9acc92b74162953f799a801e4f0a49bd983a793d0f756d427b702ca97d7ba31392f173f30271fa144340a90d74208ee26834d00e37642d03645ffbe9e50affba1233832cbf4882a813cb286fcf95f9db2dd885905284f167992356c7667b5f2e5dddb33f7b43e9988f2c5ebe21e47dc96e22e3d9b9a00a153f2534b2302c88a1d58ac9defdb908981b674ae9470a1a00c47bcc6f9b2d875f101167322be2bfef76a9d17317abc90ab10880ef5ae883053823dc9c2a67c1b51cbcc45af13b649a7d860df49873b7d80b1caaae549e581dd3c8d960320a"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 06:11:37 executing program 1: pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_kcm_SIOCKCMATTACH(0xffffffffffffffff, 0x89e0, 0x0) vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1) readv(r0, &(0x7f00000001c0)=[{0x0}], 0x1) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$VT_WAITACTIVE(0xffffffffffffffff, 0x5607) close(r1) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x80000000000002, &(0x7f0000000800)=0x16c, 0x4) setsockopt$inet_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f0000000480)={@in={{0x2, 0x0, @local}}, 0x0, 0x20000000005, 0x2}, 0xd8) bind$inet(r3, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r3, 0x0, 0x0, 0x200007fd, &(0x7f0000000100)={0x2, 0x4e23, @local}, 0x10) recvmsg(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000840)=""/4096, 0x1000}, {&(0x7f0000001840)=""/4096, 0x1000}, {0x0}], 0x3}, 0x300) splice(r0, 0x0, r1, 0x0, 0xfffd, 0x0) [ 642.633083][ T28] audit: type=1804 audit(1590300697.622:123): pid=17423 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir182037091/syzkaller.fFo22x/336/file0/bus" dev="loop2" ino=80 res=1 06:11:37 executing program 1: pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_kcm_SIOCKCMATTACH(0xffffffffffffffff, 0x89e0, 0x0) vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1) readv(r0, &(0x7f00000001c0)=[{0x0}], 0x1) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$VT_WAITACTIVE(0xffffffffffffffff, 0x5607) close(r1) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x80000000000002, &(0x7f0000000800)=0x16c, 0x4) setsockopt$inet_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f0000000480)={@in={{0x2, 0x0, @local}}, 0x0, 0x20000000005, 0x2}, 0xd8) bind$inet(r3, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1}, 0x10) setsockopt$sock_int(r3, 0x1, 0x8, &(0x7f0000000000), 0x9f) recvmsg(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000840)=""/4096, 0x1000}, {&(0x7f0000001840)=""/4096, 0x1000}, {0x0}], 0x3}, 0x300) splice(r0, 0x0, r1, 0x0, 0xfffd, 0x0) 06:11:37 executing program 1: pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_kcm_SIOCKCMATTACH(0xffffffffffffffff, 0x89e0, 0x0) vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1) readv(r0, &(0x7f00000001c0)=[{0x0}], 0x1) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$VT_WAITACTIVE(0xffffffffffffffff, 0x5607) close(r1) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x80000000000002, &(0x7f0000000800)=0x16c, 0x4) setsockopt$inet_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f0000000480)={@in={{0x2, 0x0, @local}}, 0x0, 0x20000000005, 0x2}, 0xd8) bind$inet(r3, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1}, 0x10) setsockopt$sock_int(r3, 0x1, 0x8, &(0x7f0000000000), 0x9f) recvmsg(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000840)=""/4096, 0x1000}, {&(0x7f0000001840)=""/4096, 0x1000}, {0x0}], 0x3}, 0x300) splice(r0, 0x0, r1, 0x0, 0xfffd, 0x0) 06:11:37 executing program 1: pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_kcm_SIOCKCMATTACH(0xffffffffffffffff, 0x89e0, 0x0) vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1) readv(r0, &(0x7f00000001c0)=[{0x0}], 0x1) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$VT_WAITACTIVE(0xffffffffffffffff, 0x5607) close(r1) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x80000000000002, &(0x7f0000000800)=0x16c, 0x4) setsockopt$inet_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f0000000480)={@in={{0x2, 0x0, @local}}, 0x0, 0x20000000005, 0x2}, 0xd8) bind$inet(r3, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1}, 0x10) setsockopt$sock_int(r3, 0x1, 0x8, &(0x7f0000000000), 0x9f) recvmsg(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000840)=""/4096, 0x1000}, {&(0x7f0000001840)=""/4096, 0x1000}, {0x0}], 0x3}, 0x300) splice(r0, 0x0, r1, 0x0, 0xfffd, 0x0) 06:11:38 executing program 2: prlimit64(0x0, 0x0, 0x0, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000240)={0x38, 0x2, 0x0, 0xffffffff, 0x5, 0x0, 0x0, 0xfffffffffffffff9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x9}, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sched_setattr(0x0, &(0x7f0000000180)={0x38, 0x1, 0x0, 0x0, 0x3}, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000000200)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r2 = open(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) fchdir(r2) r3 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ftruncate(r3, 0x800) lseek(r3, 0x0, 0x2) r4 = open(&(0x7f0000001840)='./bus\x00', 0x80, 0x0) sendfile(r3, r4, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0xa0) 06:11:38 executing program 1: pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_kcm_SIOCKCMATTACH(0xffffffffffffffff, 0x89e0, 0x0) vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1) readv(r0, &(0x7f00000001c0)=[{0x0}], 0x1) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$VT_WAITACTIVE(0xffffffffffffffff, 0x5607) close(r1) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x80000000000002, &(0x7f0000000800)=0x16c, 0x4) setsockopt$inet_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f0000000480)={@in={{0x2, 0x0, @local}}, 0x0, 0x20000000005, 0x2}, 0xd8) sendto$inet(r3, 0x0, 0x0, 0x200007fd, &(0x7f0000000100)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r3, 0x1, 0x8, &(0x7f0000000000), 0x9f) recvmsg(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000840)=""/4096, 0x1000}, {&(0x7f0000001840)=""/4096, 0x1000}, {0x0}], 0x3}, 0x300) splice(r0, 0x0, r1, 0x0, 0xfffd, 0x0) [ 643.290611][ T169] attempt to access beyond end of device [ 643.296321][ T169] loop2: rw=1, want=3677, limit=63 [ 643.334328][ T169] attempt to access beyond end of device [ 643.352970][ T169] loop2: rw=1, want=5725, limit=63 [ 643.368241][ T169] attempt to access beyond end of device [ 643.374477][ T169] loop2: rw=1, want=7773, limit=63 [ 643.388649][ T169] attempt to access beyond end of device [ 643.394790][ T169] loop2: rw=1, want=9829, limit=63 [ 643.417374][ T169] attempt to access beyond end of device [ 643.425907][ T169] loop2: rw=1, want=11877, limit=63 [ 643.435601][ T169] attempt to access beyond end of device [ 643.443488][ T169] loop2: rw=1, want=13669, limit=63 [ 643.666671][ T28] audit: type=1804 audit(1590300698.652:124): pid=17454 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir182037091/syzkaller.fFo22x/337/file0/bus" dev="loop2" ino=81 res=1 [ 643.715582][ T28] audit: type=1804 audit(1590300698.702:125): pid=17458 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir182037091/syzkaller.fFo22x/337/file0/bus" dev="loop2" ino=81 res=1 [ 644.403617][ T169] attempt to access beyond end of device [ 644.409493][ T169] loop2: rw=1, want=3269, limit=63 [ 644.421252][ T169] attempt to access beyond end of device [ 644.426896][ T169] loop2: rw=1, want=5317, limit=63 [ 644.436359][ T169] attempt to access beyond end of device [ 644.442170][ T169] loop2: rw=1, want=7373, limit=63 [ 644.451996][ T169] attempt to access beyond end of device [ 644.457627][ T169] loop2: rw=1, want=9421, limit=63 [ 644.466945][ T169] attempt to access beyond end of device [ 644.472729][ T169] loop2: rw=1, want=11469, limit=63 [ 644.483438][ T169] attempt to access beyond end of device [ 644.489162][ T169] loop2: rw=1, want=13517, limit=63 [ 644.498382][ T169] attempt to access beyond end of device [ 644.504071][ T169] loop2: rw=1, want=15565, limit=63 [ 644.513963][ T169] attempt to access beyond end of device [ 644.519717][ T169] loop2: rw=1, want=17613, limit=63 [ 644.529531][ T169] attempt to access beyond end of device [ 644.535202][ T169] loop2: rw=1, want=19893, limit=63 [ 644.547745][ T169] attempt to access beyond end of device [ 644.553546][ T169] loop2: rw=1, want=23989, limit=63 [ 644.567479][ T169] attempt to access beyond end of device [ 644.573131][ T169] loop2: rw=1, want=28085, limit=63 [ 644.582488][ T169] attempt to access beyond end of device [ 644.588124][ T169] loop2: rw=1, want=28589, limit=63 06:11:40 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {0x0}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0xfd, &(0x7f00000193c0)="f7f258480aa4ce20d179e70076cc036a2a1605000000320800000000000000a172903acab90671ffbb70cef20d945aa586d65a3d7f02224c14f1bdd7d464089414700000000000d384d29308f038cb863cce9acc92b74162953f799a801e4f0a49bd983a793d0f756d427b702ca97d7ba31392f173f30271fa144340a90d74208ee26834d00e37642d03645ffbe9e50affba1233832cbf4882a813cb286fcf95f9db2dd885905284f167992356c7667b5f2e5dddb33f7b43e9988f2c5ebe21e47dc96e22e3d9b9a00a153f2534b2302c88a1d58ac9defdb908981b674ae9470a1a00c47bcc6f9b2d875f101167322be2bfef76a9d17317abc90ab10880"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 06:11:40 executing program 1: pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_kcm_SIOCKCMATTACH(0xffffffffffffffff, 0x89e0, 0x0) vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1) readv(r0, &(0x7f00000001c0)=[{0x0}], 0x1) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$VT_WAITACTIVE(0xffffffffffffffff, 0x5607) close(r1) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x80000000000002, &(0x7f0000000800)=0x16c, 0x4) setsockopt$inet_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f0000000480)={@in={{0x2, 0x0, @local}}, 0x0, 0x20000000005, 0x2}, 0xd8) sendto$inet(r3, 0x0, 0x0, 0x200007fd, &(0x7f0000000100)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r3, 0x1, 0x8, &(0x7f0000000000), 0x9f) recvmsg(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000840)=""/4096, 0x1000}, {&(0x7f0000001840)=""/4096, 0x1000}, {0x0}], 0x3}, 0x300) splice(r0, 0x0, r1, 0x0, 0xfffd, 0x0) 06:11:40 executing program 0: sendmmsg$inet(0xffffffffffffffff, 0x0, 0x0, 0x0) r0 = gettid() prctl$PR_SET_PTRACER(0x59616d61, r0) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000740)="0f34", 0x2}], 0x1, 0x0) ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f00000000c0)={@mcast2, 0xe}) ptrace$setopts(0x4206, r1, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000140)=""/71, 0x47}], 0x3, 0x0, 0x0, 0x0) tkill(r1, 0x3c) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r1, 0x0, 0x0) 06:11:40 executing program 2: prlimit64(0x0, 0xe, 0x0, 0x0) getpid() sched_setattr(0x0, &(0x7f0000000240)={0x38, 0x2, 0x0, 0xffffffff, 0x5, 0x0, 0x0, 0xfffffffffffffff9}, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r0, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x9}, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sched_setattr(0x0, &(0x7f0000000180)={0x38, 0x1, 0x0, 0x0, 0x3}, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000000200)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r1 = open(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) fchdir(r1) r2 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ftruncate(r2, 0x800) lseek(r2, 0x0, 0x2) r3 = open(&(0x7f0000001840)='./bus\x00', 0x80, 0x0) sendfile(r2, r3, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0xa0) [ 645.695564][ T28] audit: type=1804 audit(1590300700.682:126): pid=17478 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir182037091/syzkaller.fFo22x/338/file0/bus" dev="loop2" ino=82 res=1 06:11:40 executing program 5: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102385, 0x18ff1}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @ext={0x2a, &(0x7f00000193c0)="f7f258480aa42220e779e70076cc036a2a160500000032a56f7259e480249950f34c6aa172903acab906"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 06:11:40 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102385, 0x18ff1}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x128, &(0x7f00000193c0)="f7f258480aa4ce20d179e70076cc036a2a1605000000320800000000000000a172903acab90671ffbb70cef20d945aa586d65a3d7f02224c14f1bdd7d464089414700000000000d384d29308f038cb863cce9acc92b74162953f799a801e4f0a49bd983a793d0f756d427b702ca97d7ba31392f173f30271fa144340a90d74208ee26834d00e37642d03645ffbe9e50affba1233832cbf4882a813cb286fcf95f9db2dd885905284f167992356c7667b5f2e5dddb33f7b43e9988f2c5ebe21e47dc96e22e3d9b9a00a153f2534b2302c88a1d58ac9defdb908981b674ae9470a1a00c47bcc6f9b2d875f101167322be2bfef76a9d17317abc90ab10880ef5ae883053823dc9c2a67c1b51cbcc45af13b649a7d860df49873b7d80b1caaae549e581dd3c8d960320a"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 06:11:40 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102385, 0x18ff1}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x128, &(0x7f00000193c0)="f7f258480aa4ce20d179e70076cc036a2a1605000000320800000000000000a172903acab90671ffbb70cef20d945aa586d65a3d7f02224c14f1bdd7d464089414700000000000d384d29308f038cb863cce9acc92b74162953f799a801e4f0a49bd983a793d0f756d427b702ca97d7ba31392f173f30271fa144340a90d74208ee26834d00e37642d03645ffbe9e50affba1233832cbf4882a813cb286fcf95f9db2dd885905284f167992356c7667b5f2e5dddb33f7b43e9988f2c5ebe21e47dc96e22e3d9b9a00a153f2534b2302c88a1d58ac9defdb908981b674ae9470a1a00c47bcc6f9b2d875f101167322be2bfef76a9d17317abc90ab10880ef5ae883053823dc9c2a67c1b51cbcc45af13b649a7d860df49873b7d80b1caaae549e581dd3c8d960320a"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) [ 645.851675][ T28] audit: type=1804 audit(1590300700.752:127): pid=17483 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir182037091/syzkaller.fFo22x/338/file0/bus" dev="loop2" ino=82 res=1 06:11:40 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102385, 0x18ff1}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x128, &(0x7f00000193c0)="f7f258480aa4ce20d179e70076cc036a2a1605000000320800000000000000a172903acab90671ffbb70cef20d945aa586d65a3d7f02224c14f1bdd7d464089414700000000000d384d29308f038cb863cce9acc92b74162953f799a801e4f0a49bd983a793d0f756d427b702ca97d7ba31392f173f30271fa144340a90d74208ee26834d00e37642d03645ffbe9e50affba1233832cbf4882a813cb286fcf95f9db2dd885905284f167992356c7667b5f2e5dddb33f7b43e9988f2c5ebe21e47dc96e22e3d9b9a00a153f2534b2302c88a1d58ac9defdb908981b674ae9470a1a00c47bcc6f9b2d875f101167322be2bfef76a9d17317abc90ab10880ef5ae883053823dc9c2a67c1b51cbcc45af13b649a7d860df49873b7d80b1caaae549e581dd3c8d960320a"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 06:11:40 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, 0x0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102385, 0x18ff1}], 0x3, 0x0, 0x0, 0x0) tkill(0x0, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x128, &(0x7f00000193c0)="f7f258480aa4ce20d179e70076cc036a2a1605000000320800000000000000a172903acab90671ffbb70cef20d945aa586d65a3d7f02224c14f1bdd7d464089414700000000000d384d29308f038cb863cce9acc92b74162953f799a801e4f0a49bd983a793d0f756d427b702ca97d7ba31392f173f30271fa144340a90d74208ee26834d00e37642d03645ffbe9e50affba1233832cbf4882a813cb286fcf95f9db2dd885905284f167992356c7667b5f2e5dddb33f7b43e9988f2c5ebe21e47dc96e22e3d9b9a00a153f2534b2302c88a1d58ac9defdb908981b674ae9470a1a00c47bcc6f9b2d875f101167322be2bfef76a9d17317abc90ab10880ef5ae883053823dc9c2a67c1b51cbcc45af13b649a7d860df49873b7d80b1caaae549e581dd3c8d960320a"}}], 0x1c) ptrace$setregs(0xd, 0x0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, 0x0, 0x0, 0x0) 06:11:40 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, 0x0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102385, 0x18ff1}], 0x3, 0x0, 0x0, 0x0) tkill(0x0, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x128, &(0x7f00000193c0)="f7f258480aa4ce20d179e70076cc036a2a1605000000320800000000000000a172903acab90671ffbb70cef20d945aa586d65a3d7f02224c14f1bdd7d464089414700000000000d384d29308f038cb863cce9acc92b74162953f799a801e4f0a49bd983a793d0f756d427b702ca97d7ba31392f173f30271fa144340a90d74208ee26834d00e37642d03645ffbe9e50affba1233832cbf4882a813cb286fcf95f9db2dd885905284f167992356c7667b5f2e5dddb33f7b43e9988f2c5ebe21e47dc96e22e3d9b9a00a153f2534b2302c88a1d58ac9defdb908981b674ae9470a1a00c47bcc6f9b2d875f101167322be2bfef76a9d17317abc90ab10880ef5ae883053823dc9c2a67c1b51cbcc45af13b649a7d860df49873b7d80b1caaae549e581dd3c8d960320a"}}], 0x1c) ptrace$setregs(0xd, 0x0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, 0x0, 0x0, 0x0) 06:11:40 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, 0x0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102385, 0x18ff1}], 0x3, 0x0, 0x0, 0x0) tkill(0x0, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x128, &(0x7f00000193c0)="f7f258480aa4ce20d179e70076cc036a2a1605000000320800000000000000a172903acab90671ffbb70cef20d945aa586d65a3d7f02224c14f1bdd7d464089414700000000000d384d29308f038cb863cce9acc92b74162953f799a801e4f0a49bd983a793d0f756d427b702ca97d7ba31392f173f30271fa144340a90d74208ee26834d00e37642d03645ffbe9e50affba1233832cbf4882a813cb286fcf95f9db2dd885905284f167992356c7667b5f2e5dddb33f7b43e9988f2c5ebe21e47dc96e22e3d9b9a00a153f2534b2302c88a1d58ac9defdb908981b674ae9470a1a00c47bcc6f9b2d875f101167322be2bfef76a9d17317abc90ab10880ef5ae883053823dc9c2a67c1b51cbcc45af13b649a7d860df49873b7d80b1caaae549e581dd3c8d960320a"}}], 0x1c) ptrace$setregs(0xd, 0x0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, 0x0, 0x0, 0x0) 06:11:41 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102385, 0x18ff1}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x128, &(0x7f00000193c0)="f7f258480aa4ce20d179e70076cc036a2a1605000000320800000000000000a172903acab90671ffbb70cef20d945aa586d65a3d7f02224c14f1bdd7d464089414700000000000d384d29308f038cb863cce9acc92b74162953f799a801e4f0a49bd983a793d0f756d427b702ca97d7ba31392f173f30271fa144340a90d74208ee26834d00e37642d03645ffbe9e50affba1233832cbf4882a813cb286fcf95f9db2dd885905284f167992356c7667b5f2e5dddb33f7b43e9988f2c5ebe21e47dc96e22e3d9b9a00a153f2534b2302c88a1d58ac9defdb908981b674ae9470a1a00c47bcc6f9b2d875f101167322be2bfef76a9d17317abc90ab10880ef5ae883053823dc9c2a67c1b51cbcc45af13b649a7d860df49873b7d80b1caaae549e581dd3c8d960320a"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) [ 646.443486][ T169] attempt to access beyond end of device [ 646.449361][ T169] loop2: rw=1, want=4901, limit=63 [ 646.459371][ T169] attempt to access beyond end of device [ 646.465144][ T169] loop2: rw=1, want=6949, limit=63 [ 646.474861][ T169] attempt to access beyond end of device [ 646.480658][ T169] loop2: rw=1, want=9005, limit=63 [ 646.489919][ T169] attempt to access beyond end of device [ 646.495636][ T169] loop2: rw=1, want=11053, limit=63 [ 646.505607][ T169] attempt to access beyond end of device [ 646.512077][ T169] loop2: rw=1, want=13101, limit=63 [ 646.523429][ T169] attempt to access beyond end of device [ 646.529128][ T169] loop2: rw=1, want=15149, limit=63 [ 646.536622][ T169] attempt to access beyond end of device [ 646.542674][ T169] loop2: rw=1, want=15845, limit=63 06:11:43 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102385, 0x18ff1}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x128, &(0x7f00000193c0)="f7f258480aa4ce20d179e70076cc036a2a1605000000320800000000000000a172903acab90671ffbb70cef20d945aa586d65a3d7f02224c14f1bdd7d464089414700000000000d384d29308f038cb863cce9acc92b74162953f799a801e4f0a49bd983a793d0f756d427b702ca97d7ba31392f173f30271fa144340a90d74208ee26834d00e37642d03645ffbe9e50affba1233832cbf4882a813cb286fcf95f9db2dd885905284f167992356c7667b5f2e5dddb33f7b43e9988f2c5ebe21e47dc96e22e3d9b9a00a153f2534b2302c88a1d58ac9defdb908981b674ae9470a1a00c47bcc6f9b2d875f101167322be2bfef76a9d17317abc90ab10880ef5ae883053823dc9c2a67c1b51cbcc45af13b649a7d860df49873b7d80b1caaae549e581dd3c8d960320a"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 06:11:43 executing program 1: pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_kcm_SIOCKCMATTACH(0xffffffffffffffff, 0x89e0, 0x0) vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1) readv(r0, &(0x7f00000001c0)=[{0x0}], 0x1) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$VT_WAITACTIVE(0xffffffffffffffff, 0x5607) close(r1) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x80000000000002, &(0x7f0000000800)=0x16c, 0x4) setsockopt$inet_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f0000000480)={@in={{0x2, 0x0, @local}}, 0x0, 0x20000000005, 0x2}, 0xd8) sendto$inet(r3, 0x0, 0x0, 0x200007fd, &(0x7f0000000100)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r3, 0x1, 0x8, &(0x7f0000000000), 0x9f) recvmsg(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000840)=""/4096, 0x1000}, {&(0x7f0000001840)=""/4096, 0x1000}, {0x0}], 0x3}, 0x300) splice(r0, 0x0, r1, 0x0, 0xfffd, 0x0) 06:11:43 executing program 0: sendmmsg$inet(0xffffffffffffffff, 0x0, 0x0, 0x0) r0 = gettid() prctl$PR_SET_PTRACER(0x59616d61, r0) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000740)="0f34", 0x2}], 0x1, 0x0) ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f00000000c0)={@mcast2, 0xe}) ptrace$setopts(0x4206, r1, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000140)=""/71, 0x47}], 0x3, 0x0, 0x0, 0x0) tkill(r1, 0x3c) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r1, 0x0, 0x0) 06:11:43 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {&(0x7f00000003c0)=""/102385, 0x18ff1}], 0x2, 0x0, 0x0, 0x0) tkill(r0, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0xfd, &(0x7f00000193c0)="f7f258480aa4ce20d179e70076cc036a2a1605000000320800000000000000a172903acab90671ffbb70cef20d945aa586d65a3d7f02224c14f1bdd7d464089414700000000000d384d29308f038cb863cce9acc92b74162953f799a801e4f0a49bd983a793d0f756d427b702ca97d7ba31392f173f30271fa144340a90d74208ee26834d00e37642d03645ffbe9e50affba1233832cbf4882a813cb286fcf95f9db2dd885905284f167992356c7667b5f2e5dddb33f7b43e9988f2c5ebe21e47dc96e22e3d9b9a00a153f2534b2302c88a1d58ac9defdb908981b674ae9470a1a00c47bcc6f9b2d875f101167322be2bfef76a9d17317abc90ab10880"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 06:11:43 executing program 5: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102385, 0x18ff1}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @ext={0x2a, &(0x7f00000193c0)="f7f258480aa42220e779e70076cc036a2a160500000032a56f7259e480249950f34c6aa172903acab906"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 06:11:43 executing program 2: prlimit64(0x0, 0xe, 0x0, 0x0) getpid() sched_setattr(0x0, &(0x7f0000000240)={0x38, 0x2, 0x0, 0xffffffff, 0x5, 0x0, 0x0, 0xfffffffffffffff9}, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r0, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x9}, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sched_setattr(0x0, &(0x7f0000000180)={0x38, 0x1, 0x0, 0x0, 0x3}, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000000200)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r1 = open(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) fchdir(r1) r2 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ftruncate(r2, 0x800) lseek(r2, 0x0, 0x2) r3 = open(&(0x7f0000001840)='./bus\x00', 0x80, 0x0) sendfile(r2, r3, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0xa0) 06:11:43 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102385, 0x18ff1}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x128, &(0x7f00000193c0)="f7f258480aa4ce20d179e70076cc036a2a1605000000320800000000000000a172903acab90671ffbb70cef20d945aa586d65a3d7f02224c14f1bdd7d464089414700000000000d384d29308f038cb863cce9acc92b74162953f799a801e4f0a49bd983a793d0f756d427b702ca97d7ba31392f173f30271fa144340a90d74208ee26834d00e37642d03645ffbe9e50affba1233832cbf4882a813cb286fcf95f9db2dd885905284f167992356c7667b5f2e5dddb33f7b43e9988f2c5ebe21e47dc96e22e3d9b9a00a153f2534b2302c88a1d58ac9defdb908981b674ae9470a1a00c47bcc6f9b2d875f101167322be2bfef76a9d17317abc90ab10880ef5ae883053823dc9c2a67c1b51cbcc45af13b649a7d860df49873b7d80b1caaae549e581dd3c8d960320a"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 06:11:43 executing program 4: clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102385, 0x18ff1}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x128, &(0x7f00000193c0)="f7f258480aa4ce20d179e70076cc036a2a1605000000320800000000000000a172903acab90671ffbb70cef20d945aa586d65a3d7f02224c14f1bdd7d464089414700000000000d384d29308f038cb863cce9acc92b74162953f799a801e4f0a49bd983a793d0f756d427b702ca97d7ba31392f173f30271fa144340a90d74208ee26834d00e37642d03645ffbe9e50affba1233832cbf4882a813cb286fcf95f9db2dd885905284f167992356c7667b5f2e5dddb33f7b43e9988f2c5ebe21e47dc96e22e3d9b9a00a153f2534b2302c88a1d58ac9defdb908981b674ae9470a1a00c47bcc6f9b2d875f101167322be2bfef76a9d17317abc90ab10880ef5ae883053823dc9c2a67c1b51cbcc45af13b649a7d860df49873b7d80b1caaae549e581dd3c8d960320a"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 06:11:43 executing program 4: clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102385, 0x18ff1}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x128, &(0x7f00000193c0)="f7f258480aa4ce20d179e70076cc036a2a1605000000320800000000000000a172903acab90671ffbb70cef20d945aa586d65a3d7f02224c14f1bdd7d464089414700000000000d384d29308f038cb863cce9acc92b74162953f799a801e4f0a49bd983a793d0f756d427b702ca97d7ba31392f173f30271fa144340a90d74208ee26834d00e37642d03645ffbe9e50affba1233832cbf4882a813cb286fcf95f9db2dd885905284f167992356c7667b5f2e5dddb33f7b43e9988f2c5ebe21e47dc96e22e3d9b9a00a153f2534b2302c88a1d58ac9defdb908981b674ae9470a1a00c47bcc6f9b2d875f101167322be2bfef76a9d17317abc90ab10880ef5ae883053823dc9c2a67c1b51cbcc45af13b649a7d860df49873b7d80b1caaae549e581dd3c8d960320a"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) [ 648.927718][T17540] ptrace attach of "/root/syz-executor.4"[17539] was attempted by "/root/syz-executor.4"[17540] [ 648.993060][ T28] audit: type=1804 audit(1590300703.972:128): pid=17541 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir182037091/syzkaller.fFo22x/339/file0/bus" dev="loop2" ino=83 res=1 [ 649.048228][T17548] ptrace attach of "/root/syz-executor.4"[17547] was attempted by "/root/syz-executor.4"[17548] [ 649.075905][ T28] audit: type=1804 audit(1590300704.042:129): pid=17549 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir182037091/syzkaller.fFo22x/339/file0/bus" dev="loop2" ino=83 res=1 06:11:44 executing program 4: clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102385, 0x18ff1}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x128, &(0x7f00000193c0)="f7f258480aa4ce20d179e70076cc036a2a1605000000320800000000000000a172903acab90671ffbb70cef20d945aa586d65a3d7f02224c14f1bdd7d464089414700000000000d384d29308f038cb863cce9acc92b74162953f799a801e4f0a49bd983a793d0f756d427b702ca97d7ba31392f173f30271fa144340a90d74208ee26834d00e37642d03645ffbe9e50affba1233832cbf4882a813cb286fcf95f9db2dd885905284f167992356c7667b5f2e5dddb33f7b43e9988f2c5ebe21e47dc96e22e3d9b9a00a153f2534b2302c88a1d58ac9defdb908981b674ae9470a1a00c47bcc6f9b2d875f101167322be2bfef76a9d17317abc90ab10880ef5ae883053823dc9c2a67c1b51cbcc45af13b649a7d860df49873b7d80b1caaae549e581dd3c8d960320a"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 06:11:44 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102385, 0x18ff1}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x128, &(0x7f00000193c0)="f7f258480aa4ce20d179e70076cc036a2a1605000000320800000000000000a172903acab90671ffbb70cef20d945aa586d65a3d7f02224c14f1bdd7d464089414700000000000d384d29308f038cb863cce9acc92b74162953f799a801e4f0a49bd983a793d0f756d427b702ca97d7ba31392f173f30271fa144340a90d74208ee26834d00e37642d03645ffbe9e50affba1233832cbf4882a813cb286fcf95f9db2dd885905284f167992356c7667b5f2e5dddb33f7b43e9988f2c5ebe21e47dc96e22e3d9b9a00a153f2534b2302c88a1d58ac9defdb908981b674ae9470a1a00c47bcc6f9b2d875f101167322be2bfef76a9d17317abc90ab10880ef5ae883053823dc9c2a67c1b51cbcc45af13b649a7d860df49873b7d80b1caaae549e581dd3c8d960320a"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) [ 649.181816][T17555] ptrace attach of "/root/syz-executor.4"[17554] was attempted by "/root/syz-executor.4"[17555] 06:11:44 executing program 1: pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_kcm_SIOCKCMATTACH(0xffffffffffffffff, 0x89e0, 0x0) vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1) readv(r0, &(0x7f00000001c0)=[{0x0}], 0x1) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$VT_WAITACTIVE(0xffffffffffffffff, 0x5607) close(r1) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x80000000000002, &(0x7f0000000800)=0x16c, 0x4) bind$inet(r3, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r3, 0x0, 0x0, 0x200007fd, &(0x7f0000000100)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r3, 0x1, 0x8, &(0x7f0000000000), 0x9f) recvmsg(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000840)=""/4096, 0x1000}, {&(0x7f0000001840)=""/4096, 0x1000}, {0x0}], 0x3}, 0x300) splice(r0, 0x0, r1, 0x0, 0xfffd, 0x0) 06:11:44 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102385, 0x18ff1}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x128, &(0x7f00000193c0)="f7f258480aa4ce20d179e70076cc036a2a1605000000320800000000000000a172903acab90671ffbb70cef20d945aa586d65a3d7f02224c14f1bdd7d464089414700000000000d384d29308f038cb863cce9acc92b74162953f799a801e4f0a49bd983a793d0f756d427b702ca97d7ba31392f173f30271fa144340a90d74208ee26834d00e37642d03645ffbe9e50affba1233832cbf4882a813cb286fcf95f9db2dd885905284f167992356c7667b5f2e5dddb33f7b43e9988f2c5ebe21e47dc96e22e3d9b9a00a153f2534b2302c88a1d58ac9defdb908981b674ae9470a1a00c47bcc6f9b2d875f101167322be2bfef76a9d17317abc90ab10880ef5ae883053823dc9c2a67c1b51cbcc45af13b649a7d860df49873b7d80b1caaae549e581dd3c8d960320a"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 06:11:44 executing program 1: pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_kcm_SIOCKCMATTACH(0xffffffffffffffff, 0x89e0, 0x0) vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1) readv(r0, &(0x7f00000001c0)=[{0x0}], 0x1) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$VT_WAITACTIVE(0xffffffffffffffff, 0x5607) close(r1) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x80000000000002, &(0x7f0000000800)=0x16c, 0x4) bind$inet(r3, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r3, 0x0, 0x0, 0x200007fd, &(0x7f0000000100)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r3, 0x1, 0x8, &(0x7f0000000000), 0x9f) recvmsg(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000840)=""/4096, 0x1000}, {&(0x7f0000001840)=""/4096, 0x1000}, {0x0}], 0x3}, 0x300) splice(r0, 0x0, r1, 0x0, 0xfffd, 0x0) 06:11:46 executing program 0: sendmmsg$inet(0xffffffffffffffff, &(0x7f0000000080)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) r0 = gettid() prctl$PR_SET_PTRACER(0x59616d61, r0) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000740)="0f34", 0x2}], 0x1, 0x0) ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f00000000c0)={@mcast2, 0xe}) ptrace$setopts(0x4206, r1, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000140)=""/71, 0x47}], 0x3, 0x0, 0x0, 0x0) tkill(r1, 0x3c) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r1, 0x0, 0x0) 06:11:46 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {&(0x7f00000003c0)=""/102385, 0x18ff1}], 0x2, 0x0, 0x0, 0x0) tkill(r0, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0xfd, &(0x7f00000193c0)="f7f258480aa4ce20d179e70076cc036a2a1605000000320800000000000000a172903acab90671ffbb70cef20d945aa586d65a3d7f02224c14f1bdd7d464089414700000000000d384d29308f038cb863cce9acc92b74162953f799a801e4f0a49bd983a793d0f756d427b702ca97d7ba31392f173f30271fa144340a90d74208ee26834d00e37642d03645ffbe9e50affba1233832cbf4882a813cb286fcf95f9db2dd885905284f167992356c7667b5f2e5dddb33f7b43e9988f2c5ebe21e47dc96e22e3d9b9a00a153f2534b2302c88a1d58ac9defdb908981b674ae9470a1a00c47bcc6f9b2d875f101167322be2bfef76a9d17317abc90ab10880"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 06:11:46 executing program 5: r0 = dup2(0xffffffffffffffff, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r1, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102385, 0x18ff1}], 0x3, 0x0, 0x0, 0x0) tkill(r1, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @ext={0x2a, &(0x7f00000193c0)="f7f258480aa42220e779e70076cc036a2a160500000032a56f7259e480249950f34c6aa172903acab906"}}], 0x1c) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r1, 0x0, 0x0) 06:11:46 executing program 1: pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_kcm_SIOCKCMATTACH(0xffffffffffffffff, 0x89e0, 0x0) vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1) readv(r0, &(0x7f00000001c0)=[{0x0}], 0x1) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$VT_WAITACTIVE(0xffffffffffffffff, 0x5607) close(r1) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x80000000000002, &(0x7f0000000800)=0x16c, 0x4) bind$inet(r3, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r3, 0x0, 0x0, 0x200007fd, &(0x7f0000000100)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r3, 0x1, 0x8, &(0x7f0000000000), 0x9f) recvmsg(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000840)=""/4096, 0x1000}, {&(0x7f0000001840)=""/4096, 0x1000}, {0x0}], 0x3}, 0x300) splice(r0, 0x0, r1, 0x0, 0xfffd, 0x0) 06:11:46 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102385, 0x18ff1}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x128, &(0x7f00000193c0)="f7f258480aa4ce20d179e70076cc036a2a1605000000320800000000000000a172903acab90671ffbb70cef20d945aa586d65a3d7f02224c14f1bdd7d464089414700000000000d384d29308f038cb863cce9acc92b74162953f799a801e4f0a49bd983a793d0f756d427b702ca97d7ba31392f173f30271fa144340a90d74208ee26834d00e37642d03645ffbe9e50affba1233832cbf4882a813cb286fcf95f9db2dd885905284f167992356c7667b5f2e5dddb33f7b43e9988f2c5ebe21e47dc96e22e3d9b9a00a153f2534b2302c88a1d58ac9defdb908981b674ae9470a1a00c47bcc6f9b2d875f101167322be2bfef76a9d17317abc90ab10880ef5ae883053823dc9c2a67c1b51cbcc45af13b649a7d860df49873b7d80b1caaae549e581dd3c8d960320a"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 06:11:46 executing program 2: prlimit64(0x0, 0xe, 0x0, 0x0) getpid() sched_setattr(0x0, &(0x7f0000000240)={0x38, 0x2, 0x0, 0xffffffff, 0x5, 0x0, 0x0, 0xfffffffffffffff9}, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r0, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x9}, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sched_setattr(0x0, &(0x7f0000000180)={0x38, 0x1, 0x0, 0x0, 0x3}, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000000200)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r1 = open(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) fchdir(r1) r2 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ftruncate(r2, 0x800) lseek(r2, 0x0, 0x2) r3 = open(&(0x7f0000001840)='./bus\x00', 0x80, 0x0) sendfile(r2, r3, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0xa0) 06:11:46 executing program 1: pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_kcm_SIOCKCMATTACH(0xffffffffffffffff, 0x89e0, 0x0) vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1) readv(r0, &(0x7f00000001c0)=[{0x0}], 0x1) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$VT_WAITACTIVE(0xffffffffffffffff, 0x5607) close(r1) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f0000000480)={@in={{0x2, 0x0, @local}}, 0x0, 0x20000000005, 0x2}, 0xd8) bind$inet(r3, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r3, 0x0, 0x0, 0x200007fd, &(0x7f0000000100)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r3, 0x1, 0x8, &(0x7f0000000000), 0x9f) recvmsg(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000840)=""/4096, 0x1000}, {&(0x7f0000001840)=""/4096, 0x1000}, {0x0}], 0x3}, 0x300) splice(r0, 0x0, r1, 0x0, 0xfffd, 0x0) 06:11:47 executing program 1: pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_kcm_SIOCKCMATTACH(0xffffffffffffffff, 0x89e0, 0x0) vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1) readv(r0, &(0x7f00000001c0)=[{0x0}], 0x1) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$VT_WAITACTIVE(0xffffffffffffffff, 0x5607) close(r1) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f0000000480)={@in={{0x2, 0x0, @local}}, 0x0, 0x20000000005, 0x2}, 0xd8) bind$inet(r3, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r3, 0x0, 0x0, 0x200007fd, &(0x7f0000000100)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r3, 0x1, 0x8, &(0x7f0000000000), 0x9f) recvmsg(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000840)=""/4096, 0x1000}, {&(0x7f0000001840)=""/4096, 0x1000}, {0x0}], 0x3}, 0x300) splice(r0, 0x0, r1, 0x0, 0xfffd, 0x0) [ 652.013629][ T28] audit: type=1804 audit(1590300706.992:130): pid=17597 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir182037091/syzkaller.fFo22x/340/file0/bus" dev="loop2" ino=84 res=1 06:11:47 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102385, 0x18ff1}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x128, &(0x7f00000193c0)="f7f258480aa4ce20d179e70076cc036a2a1605000000320800000000000000a172903acab90671ffbb70cef20d945aa586d65a3d7f02224c14f1bdd7d464089414700000000000d384d29308f038cb863cce9acc92b74162953f799a801e4f0a49bd983a793d0f756d427b702ca97d7ba31392f173f30271fa144340a90d74208ee26834d00e37642d03645ffbe9e50affba1233832cbf4882a813cb286fcf95f9db2dd885905284f167992356c7667b5f2e5dddb33f7b43e9988f2c5ebe21e47dc96e22e3d9b9a00a153f2534b2302c88a1d58ac9defdb908981b674ae9470a1a00c47bcc6f9b2d875f101167322be2bfef76a9d17317abc90ab10880ef5ae883053823dc9c2a67c1b51cbcc45af13b649a7d860df49873b7d80b1caaae549e581dd3c8d960320a"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) [ 652.101210][ T28] audit: type=1804 audit(1590300707.082:131): pid=17603 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir182037091/syzkaller.fFo22x/340/file0/bus" dev="loop2" ino=84 res=1 06:11:47 executing program 1: pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_kcm_SIOCKCMATTACH(0xffffffffffffffff, 0x89e0, 0x0) vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1) readv(r0, &(0x7f00000001c0)=[{0x0}], 0x1) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$VT_WAITACTIVE(0xffffffffffffffff, 0x5607) close(r1) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f0000000480)={@in={{0x2, 0x0, @local}}, 0x0, 0x20000000005, 0x2}, 0xd8) bind$inet(r3, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r3, 0x0, 0x0, 0x200007fd, &(0x7f0000000100)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r3, 0x1, 0x8, &(0x7f0000000000), 0x9f) recvmsg(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000840)=""/4096, 0x1000}, {&(0x7f0000001840)=""/4096, 0x1000}, {0x0}], 0x3}, 0x300) splice(r0, 0x0, r1, 0x0, 0xfffd, 0x0) 06:11:47 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102385, 0x18ff1}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x128, &(0x7f00000193c0)="f7f258480aa4ce20d179e70076cc036a2a1605000000320800000000000000a172903acab90671ffbb70cef20d945aa586d65a3d7f02224c14f1bdd7d464089414700000000000d384d29308f038cb863cce9acc92b74162953f799a801e4f0a49bd983a793d0f756d427b702ca97d7ba31392f173f30271fa144340a90d74208ee26834d00e37642d03645ffbe9e50affba1233832cbf4882a813cb286fcf95f9db2dd885905284f167992356c7667b5f2e5dddb33f7b43e9988f2c5ebe21e47dc96e22e3d9b9a00a153f2534b2302c88a1d58ac9defdb908981b674ae9470a1a00c47bcc6f9b2d875f101167322be2bfef76a9d17317abc90ab10880ef5ae883053823dc9c2a67c1b51cbcc45af13b649a7d860df49873b7d80b1caaae549e581dd3c8d960320a"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 06:11:47 executing program 1: pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_kcm_SIOCKCMATTACH(0xffffffffffffffff, 0x89e0, 0x0) vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1) readv(r0, &(0x7f00000001c0)=[{0x0}], 0x1) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$VT_WAITACTIVE(0xffffffffffffffff, 0x5607) close(r1) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x80000000000002, &(0x7f0000000800)=0x16c, 0x4) setsockopt$inet_tcp_TCP_MD5SIG(0xffffffffffffffff, 0x6, 0xe, &(0x7f0000000480)={@in={{0x2, 0x0, @local}}, 0x0, 0x20000000005, 0x2}, 0xd8) bind$inet(0xffffffffffffffff, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x200007fd, &(0x7f0000000100)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x8, &(0x7f0000000000), 0x9f) recvmsg(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000840)=""/4096, 0x1000}, {&(0x7f0000001840)=""/4096, 0x1000}, {0x0}], 0x3}, 0x300) splice(r0, 0x0, r1, 0x0, 0xfffd, 0x0) [ 652.751047][ T169] attempt to access beyond end of device [ 652.756767][ T169] loop2: rw=1, want=2849, limit=63 [ 652.767528][ T169] attempt to access beyond end of device [ 652.773672][ T169] loop2: rw=1, want=4905, limit=63 [ 652.783841][ T169] attempt to access beyond end of device [ 652.789932][ T169] loop2: rw=1, want=6953, limit=63 [ 652.800298][ T169] attempt to access beyond end of device [ 652.805944][ T169] loop2: rw=1, want=9001, limit=63 [ 652.816221][ T169] attempt to access beyond end of device [ 652.822436][ T169] loop2: rw=1, want=11049, limit=63 [ 652.832438][ T169] attempt to access beyond end of device [ 652.838069][ T169] loop2: rw=1, want=13097, limit=63 [ 652.847162][ T169] attempt to access beyond end of device [ 652.853350][ T169] loop2: rw=1, want=14361, limit=63 06:11:49 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102385, 0x18ff1}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x128, &(0x7f00000193c0)="f7f258480aa4ce20d179e70076cc036a2a1605000000320800000000000000a172903acab90671ffbb70cef20d945aa586d65a3d7f02224c14f1bdd7d464089414700000000000d384d29308f038cb863cce9acc92b74162953f799a801e4f0a49bd983a793d0f756d427b702ca97d7ba31392f173f30271fa144340a90d74208ee26834d00e37642d03645ffbe9e50affba1233832cbf4882a813cb286fcf95f9db2dd885905284f167992356c7667b5f2e5dddb33f7b43e9988f2c5ebe21e47dc96e22e3d9b9a00a153f2534b2302c88a1d58ac9defdb908981b674ae9470a1a00c47bcc6f9b2d875f101167322be2bfef76a9d17317abc90ab10880ef5ae883053823dc9c2a67c1b51cbcc45af13b649a7d860df49873b7d80b1caaae549e581dd3c8d960320a"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 06:11:49 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {&(0x7f00000003c0)=""/102385, 0x18ff1}], 0x2, 0x0, 0x0, 0x0) tkill(r0, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0xfd, &(0x7f00000193c0)="f7f258480aa4ce20d179e70076cc036a2a1605000000320800000000000000a172903acab90671ffbb70cef20d945aa586d65a3d7f02224c14f1bdd7d464089414700000000000d384d29308f038cb863cce9acc92b74162953f799a801e4f0a49bd983a793d0f756d427b702ca97d7ba31392f173f30271fa144340a90d74208ee26834d00e37642d03645ffbe9e50affba1233832cbf4882a813cb286fcf95f9db2dd885905284f167992356c7667b5f2e5dddb33f7b43e9988f2c5ebe21e47dc96e22e3d9b9a00a153f2534b2302c88a1d58ac9defdb908981b674ae9470a1a00c47bcc6f9b2d875f101167322be2bfef76a9d17317abc90ab10880"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 06:11:49 executing program 5: r0 = dup2(0xffffffffffffffff, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r1, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102385, 0x18ff1}], 0x3, 0x0, 0x0, 0x0) tkill(r1, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @ext={0x2a, &(0x7f00000193c0)="f7f258480aa42220e779e70076cc036a2a160500000032a56f7259e480249950f34c6aa172903acab906"}}], 0x1c) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r1, 0x0, 0x0) 06:11:49 executing program 0: sendmmsg$inet(0xffffffffffffffff, &(0x7f0000000080)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) r0 = gettid() prctl$PR_SET_PTRACER(0x59616d61, r0) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000740)="0f34", 0x2}], 0x1, 0x0) ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f00000000c0)={@mcast2, 0xe}) ptrace$setopts(0x4206, r1, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000140)=""/71, 0x47}], 0x3, 0x0, 0x0, 0x0) tkill(r1, 0x3c) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r1, 0x0, 0x0) 06:11:49 executing program 2: prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setattr(r0, 0x0, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x9}, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sched_setattr(0x0, &(0x7f0000000180)={0x38, 0x1, 0x0, 0x0, 0x3}, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000000200)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r2 = open(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) fchdir(r2) r3 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ftruncate(r3, 0x800) lseek(r3, 0x0, 0x2) r4 = open(&(0x7f0000001840)='./bus\x00', 0x80, 0x0) sendfile(r3, r4, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0xa0) 06:11:49 executing program 1: pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_kcm_SIOCKCMATTACH(0xffffffffffffffff, 0x89e0, 0x0) vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1) readv(r0, &(0x7f00000001c0)=[{0x0}], 0x1) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$VT_WAITACTIVE(0xffffffffffffffff, 0x5607) close(r1) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x80000000000002, &(0x7f0000000800)=0x16c, 0x4) setsockopt$inet_tcp_TCP_MD5SIG(0xffffffffffffffff, 0x6, 0xe, &(0x7f0000000480)={@in={{0x2, 0x0, @local}}, 0x0, 0x20000000005, 0x2}, 0xd8) bind$inet(0xffffffffffffffff, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x200007fd, &(0x7f0000000100)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x8, &(0x7f0000000000), 0x9f) recvmsg(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000840)=""/4096, 0x1000}, {&(0x7f0000001840)=""/4096, 0x1000}, {0x0}], 0x3}, 0x300) splice(r0, 0x0, r1, 0x0, 0xfffd, 0x0) 06:11:49 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102385, 0x18ff1}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x128, &(0x7f00000193c0)="f7f258480aa4ce20d179e70076cc036a2a1605000000320800000000000000a172903acab90671ffbb70cef20d945aa586d65a3d7f02224c14f1bdd7d464089414700000000000d384d29308f038cb863cce9acc92b74162953f799a801e4f0a49bd983a793d0f756d427b702ca97d7ba31392f173f30271fa144340a90d74208ee26834d00e37642d03645ffbe9e50affba1233832cbf4882a813cb286fcf95f9db2dd885905284f167992356c7667b5f2e5dddb33f7b43e9988f2c5ebe21e47dc96e22e3d9b9a00a153f2534b2302c88a1d58ac9defdb908981b674ae9470a1a00c47bcc6f9b2d875f101167322be2bfef76a9d17317abc90ab10880ef5ae883053823dc9c2a67c1b51cbcc45af13b649a7d860df49873b7d80b1caaae549e581dd3c8d960320a"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 06:11:50 executing program 1: pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_kcm_SIOCKCMATTACH(0xffffffffffffffff, 0x89e0, 0x0) vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1) readv(r0, &(0x7f00000001c0)=[{0x0}], 0x1) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$VT_WAITACTIVE(0xffffffffffffffff, 0x5607) close(r1) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x80000000000002, &(0x7f0000000800)=0x16c, 0x4) setsockopt$inet_tcp_TCP_MD5SIG(0xffffffffffffffff, 0x6, 0xe, &(0x7f0000000480)={@in={{0x2, 0x0, @local}}, 0x0, 0x20000000005, 0x2}, 0xd8) bind$inet(0xffffffffffffffff, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x200007fd, &(0x7f0000000100)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x8, &(0x7f0000000000), 0x9f) recvmsg(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000840)=""/4096, 0x1000}, {&(0x7f0000001840)=""/4096, 0x1000}, {0x0}], 0x3}, 0x300) splice(r0, 0x0, r1, 0x0, 0xfffd, 0x0) 06:11:50 executing program 1: pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_kcm_SIOCKCMATTACH(0xffffffffffffffff, 0x89e0, 0x0) vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1) readv(r0, &(0x7f00000001c0)=[{0x0}], 0x1) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$VT_WAITACTIVE(0xffffffffffffffff, 0x5607) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x80000000000002, &(0x7f0000000800)=0x16c, 0x4) setsockopt$inet_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f0000000480)={@in={{0x2, 0x0, @local}}, 0x0, 0x20000000005, 0x2}, 0xd8) bind$inet(r3, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r3, 0x0, 0x0, 0x200007fd, &(0x7f0000000100)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r3, 0x1, 0x8, &(0x7f0000000000), 0x9f) recvmsg(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000840)=""/4096, 0x1000}, {&(0x7f0000001840)=""/4096, 0x1000}, {0x0}], 0x3}, 0x300) splice(r0, 0x0, r1, 0x0, 0xfffd, 0x0) [ 655.092477][ T28] audit: type=1804 audit(1590300710.072:132): pid=17653 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir182037091/syzkaller.fFo22x/341/file0/bus" dev="loop2" ino=85 res=1 06:11:50 executing program 1: pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_kcm_SIOCKCMATTACH(0xffffffffffffffff, 0x89e0, 0x0) vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1) readv(r0, &(0x7f00000001c0)=[{0x0}], 0x1) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$VT_WAITACTIVE(0xffffffffffffffff, 0x5607) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x80000000000002, &(0x7f0000000800)=0x16c, 0x4) setsockopt$inet_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f0000000480)={@in={{0x2, 0x0, @local}}, 0x0, 0x20000000005, 0x2}, 0xd8) bind$inet(r3, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r3, 0x0, 0x0, 0x200007fd, &(0x7f0000000100)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r3, 0x1, 0x8, &(0x7f0000000000), 0x9f) recvmsg(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000840)=""/4096, 0x1000}, {&(0x7f0000001840)=""/4096, 0x1000}, {0x0}], 0x3}, 0x300) splice(r0, 0x0, r1, 0x0, 0xfffd, 0x0) [ 655.179276][ T28] audit: type=1804 audit(1590300710.162:133): pid=17660 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir182037091/syzkaller.fFo22x/341/file0/bus" dev="loop2" ino=85 res=1 06:11:50 executing program 1: pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_kcm_SIOCKCMATTACH(0xffffffffffffffff, 0x89e0, 0x0) vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1) readv(r0, &(0x7f00000001c0)=[{0x0}], 0x1) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$VT_WAITACTIVE(0xffffffffffffffff, 0x5607) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x80000000000002, &(0x7f0000000800)=0x16c, 0x4) setsockopt$inet_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f0000000480)={@in={{0x2, 0x0, @local}}, 0x0, 0x20000000005, 0x2}, 0xd8) bind$inet(r3, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r3, 0x0, 0x0, 0x200007fd, &(0x7f0000000100)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r3, 0x1, 0x8, &(0x7f0000000000), 0x9f) recvmsg(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000840)=""/4096, 0x1000}, {&(0x7f0000001840)=""/4096, 0x1000}, {0x0}], 0x3}, 0x300) splice(r0, 0x0, r1, 0x0, 0xfffd, 0x0) 06:11:50 executing program 1: pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_kcm_SIOCKCMATTACH(0xffffffffffffffff, 0x89e0, 0x0) vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1) readv(r0, &(0x7f00000001c0)=[{0x0}], 0x1) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) close(r1) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x80000000000002, &(0x7f0000000800)=0x16c, 0x4) setsockopt$inet_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f0000000480)={@in={{0x2, 0x0, @local}}, 0x0, 0x20000000005, 0x2}, 0xd8) bind$inet(r3, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r3, 0x0, 0x0, 0x200007fd, &(0x7f0000000100)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r3, 0x1, 0x8, &(0x7f0000000000), 0x9f) recvmsg(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000840)=""/4096, 0x1000}, {&(0x7f0000001840)=""/4096, 0x1000}, {0x0}], 0x3}, 0x300) splice(r0, 0x0, r1, 0x0, 0xfffd, 0x0) 06:11:50 executing program 1: pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_kcm_SIOCKCMATTACH(0xffffffffffffffff, 0x89e0, 0x0) vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1) readv(r0, &(0x7f00000001c0)=[{0x0}], 0x1) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) close(r1) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x80000000000002, &(0x7f0000000800)=0x16c, 0x4) setsockopt$inet_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f0000000480)={@in={{0x2, 0x0, @local}}, 0x0, 0x20000000005, 0x2}, 0xd8) bind$inet(r3, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r3, 0x0, 0x0, 0x200007fd, &(0x7f0000000100)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r3, 0x1, 0x8, &(0x7f0000000000), 0x9f) recvmsg(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000840)=""/4096, 0x1000}, {&(0x7f0000001840)=""/4096, 0x1000}, {0x0}], 0x3}, 0x300) splice(r0, 0x0, r1, 0x0, 0xfffd, 0x0) 06:11:52 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {&(0x7f00000003c0)=""/102385, 0x18ff1}], 0x2, 0x0, 0x0, 0x0) tkill(r0, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0xfd, &(0x7f00000193c0)="f7f258480aa4ce20d179e70076cc036a2a1605000000320800000000000000a172903acab90671ffbb70cef20d945aa586d65a3d7f02224c14f1bdd7d464089414700000000000d384d29308f038cb863cce9acc92b74162953f799a801e4f0a49bd983a793d0f756d427b702ca97d7ba31392f173f30271fa144340a90d74208ee26834d00e37642d03645ffbe9e50affba1233832cbf4882a813cb286fcf95f9db2dd885905284f167992356c7667b5f2e5dddb33f7b43e9988f2c5ebe21e47dc96e22e3d9b9a00a153f2534b2302c88a1d58ac9defdb908981b674ae9470a1a00c47bcc6f9b2d875f101167322be2bfef76a9d17317abc90ab10880"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 06:11:53 executing program 5: r0 = dup2(0xffffffffffffffff, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r1, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102385, 0x18ff1}], 0x3, 0x0, 0x0, 0x0) tkill(r1, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @ext={0x2a, &(0x7f00000193c0)="f7f258480aa42220e779e70076cc036a2a160500000032a56f7259e480249950f34c6aa172903acab906"}}], 0x1c) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r1, 0x0, 0x0) 06:11:53 executing program 1: pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_kcm_SIOCKCMATTACH(0xffffffffffffffff, 0x89e0, 0x0) vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1) readv(r0, &(0x7f00000001c0)=[{0x0}], 0x1) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) close(r1) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x80000000000002, &(0x7f0000000800)=0x16c, 0x4) setsockopt$inet_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f0000000480)={@in={{0x2, 0x0, @local}}, 0x0, 0x20000000005, 0x2}, 0xd8) bind$inet(r3, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r3, 0x0, 0x0, 0x200007fd, &(0x7f0000000100)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r3, 0x1, 0x8, &(0x7f0000000000), 0x9f) recvmsg(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000840)=""/4096, 0x1000}, {&(0x7f0000001840)=""/4096, 0x1000}, {0x0}], 0x3}, 0x300) splice(r0, 0x0, r1, 0x0, 0xfffd, 0x0) 06:11:53 executing program 2: prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setattr(r0, 0x0, 0x0) r1 = socket$inet6(0xa, 0x0, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x9}, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sched_setattr(0x0, &(0x7f0000000180)={0x38, 0x1, 0x0, 0x0, 0x3}, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000000200)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r2 = open(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) fchdir(r2) r3 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ftruncate(r3, 0x800) lseek(r3, 0x0, 0x2) r4 = open(&(0x7f0000001840)='./bus\x00', 0x80, 0x0) sendfile(r3, r4, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0xa0) 06:11:53 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {&(0x7f00000003c0)=""/102385, 0x18ff1}], 0x2, 0x0, 0x0, 0x0) tkill(r0, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0xfd, &(0x7f00000193c0)="f7f258480aa4ce20d179e70076cc036a2a1605000000320800000000000000a172903acab90671ffbb70cef20d945aa586d65a3d7f02224c14f1bdd7d464089414700000000000d384d29308f038cb863cce9acc92b74162953f799a801e4f0a49bd983a793d0f756d427b702ca97d7ba31392f173f30271fa144340a90d74208ee26834d00e37642d03645ffbe9e50affba1233832cbf4882a813cb286fcf95f9db2dd885905284f167992356c7667b5f2e5dddb33f7b43e9988f2c5ebe21e47dc96e22e3d9b9a00a153f2534b2302c88a1d58ac9defdb908981b674ae9470a1a00c47bcc6f9b2d875f101167322be2bfef76a9d17317abc90ab10880"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 06:11:53 executing program 0: sendmmsg$inet(0xffffffffffffffff, &(0x7f0000000080)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) r0 = gettid() prctl$PR_SET_PTRACER(0x59616d61, r0) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000740)="0f34", 0x2}], 0x1, 0x0) ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f00000000c0)={@mcast2, 0xe}) ptrace$setopts(0x4206, r1, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000140)=""/71, 0x47}], 0x3, 0x0, 0x0, 0x0) tkill(r1, 0x3c) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r1, 0x0, 0x0) 06:11:53 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102385, 0x18ff1}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x128, &(0x7f00000193c0)="f7f258480aa4ce20d179e70076cc036a2a1605000000320800000000000000a172903acab90671ffbb70cef20d945aa586d65a3d7f02224c14f1bdd7d464089414700000000000d384d29308f038cb863cce9acc92b74162953f799a801e4f0a49bd983a793d0f756d427b702ca97d7ba31392f173f30271fa144340a90d74208ee26834d00e37642d03645ffbe9e50affba1233832cbf4882a813cb286fcf95f9db2dd885905284f167992356c7667b5f2e5dddb33f7b43e9988f2c5ebe21e47dc96e22e3d9b9a00a153f2534b2302c88a1d58ac9defdb908981b674ae9470a1a00c47bcc6f9b2d875f101167322be2bfef76a9d17317abc90ab10880ef5ae883053823dc9c2a67c1b51cbcc45af13b649a7d860df49873b7d80b1caaae549e581dd3c8d960320a"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 06:11:53 executing program 1: pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_kcm_SIOCKCMATTACH(0xffffffffffffffff, 0x89e0, 0x0) vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1) readv(r0, &(0x7f00000001c0)=[{0x0}], 0x1) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$inet6_tcp(0xa, 0x1, 0x0) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$VT_WAITACTIVE(0xffffffffffffffff, 0x5607) close(r1) r2 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r2, 0x6, 0x80000000000002, &(0x7f0000000800)=0x16c, 0x4) setsockopt$inet_tcp_TCP_MD5SIG(r2, 0x6, 0xe, &(0x7f0000000480)={@in={{0x2, 0x0, @local}}, 0x0, 0x20000000005, 0x2}, 0xd8) bind$inet(r2, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r2, 0x0, 0x0, 0x200007fd, &(0x7f0000000100)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r2, 0x1, 0x8, &(0x7f0000000000), 0x9f) recvmsg(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000840)=""/4096, 0x1000}, {&(0x7f0000001840)=""/4096, 0x1000}, {0x0}], 0x3}, 0x300) splice(r0, 0x0, r1, 0x0, 0xfffd, 0x0) [ 658.164104][ T28] audit: type=1804 audit(1590300713.143:134): pid=17695 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir182037091/syzkaller.fFo22x/342/file0/bus" dev="loop2" ino=86 res=1 06:11:53 executing program 1: pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_kcm_SIOCKCMATTACH(0xffffffffffffffff, 0x89e0, 0x0) vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1) readv(r0, &(0x7f00000001c0)=[{0x0}], 0x1) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$inet6_tcp(0xa, 0x1, 0x0) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$VT_WAITACTIVE(0xffffffffffffffff, 0x5607) close(r1) r2 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r2, 0x6, 0x80000000000002, &(0x7f0000000800)=0x16c, 0x4) setsockopt$inet_tcp_TCP_MD5SIG(r2, 0x6, 0xe, &(0x7f0000000480)={@in={{0x2, 0x0, @local}}, 0x0, 0x20000000005, 0x2}, 0xd8) bind$inet(r2, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r2, 0x0, 0x0, 0x200007fd, &(0x7f0000000100)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r2, 0x1, 0x8, &(0x7f0000000000), 0x9f) recvmsg(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000840)=""/4096, 0x1000}, {&(0x7f0000001840)=""/4096, 0x1000}, {0x0}], 0x3}, 0x300) splice(r0, 0x0, r1, 0x0, 0xfffd, 0x0) [ 658.265235][ T28] audit: type=1804 audit(1590300713.243:135): pid=17712 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir182037091/syzkaller.fFo22x/342/file0/bus" dev="loop2" ino=86 res=1 06:11:53 executing program 2: prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setattr(r0, 0x0, 0x0) r1 = socket$inet6(0xa, 0x0, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x9}, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sched_setattr(0x0, &(0x7f0000000180)={0x38, 0x1, 0x0, 0x0, 0x3}, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000000200)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r2 = open(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) fchdir(r2) r3 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ftruncate(r3, 0x800) lseek(r3, 0x0, 0x2) r4 = open(&(0x7f0000001840)='./bus\x00', 0x80, 0x0) sendfile(r3, r4, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0xa0) 06:11:53 executing program 1: pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_kcm_SIOCKCMATTACH(0xffffffffffffffff, 0x89e0, 0x0) vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1) readv(r0, &(0x7f00000001c0)=[{0x0}], 0x1) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$inet6_tcp(0xa, 0x1, 0x0) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$VT_WAITACTIVE(0xffffffffffffffff, 0x5607) close(r1) r2 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r2, 0x6, 0x80000000000002, &(0x7f0000000800)=0x16c, 0x4) setsockopt$inet_tcp_TCP_MD5SIG(r2, 0x6, 0xe, &(0x7f0000000480)={@in={{0x2, 0x0, @local}}, 0x0, 0x20000000005, 0x2}, 0xd8) bind$inet(r2, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r2, 0x0, 0x0, 0x200007fd, &(0x7f0000000100)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r2, 0x1, 0x8, &(0x7f0000000000), 0x9f) recvmsg(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000840)=""/4096, 0x1000}, {&(0x7f0000001840)=""/4096, 0x1000}, {0x0}], 0x3}, 0x300) splice(r0, 0x0, r1, 0x0, 0xfffd, 0x0) 06:11:53 executing program 1: pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_kcm_SIOCKCMATTACH(0xffffffffffffffff, 0x89e0, 0x0) vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1) readv(r0, &(0x7f00000001c0)=[{0x0}], 0x1) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) ioctl$VT_WAITACTIVE(0xffffffffffffffff, 0x5607) close(r1) r2 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r2, 0x6, 0x80000000000002, &(0x7f0000000800)=0x16c, 0x4) setsockopt$inet_tcp_TCP_MD5SIG(r2, 0x6, 0xe, &(0x7f0000000480)={@in={{0x2, 0x0, @local}}, 0x0, 0x20000000005, 0x2}, 0xd8) bind$inet(r2, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r2, 0x0, 0x0, 0x200007fd, &(0x7f0000000100)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r2, 0x1, 0x8, &(0x7f0000000000), 0x9f) recvmsg(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000840)=""/4096, 0x1000}, {&(0x7f0000001840)=""/4096, 0x1000}, {0x0}], 0x3}, 0x300) splice(r0, 0x0, r1, 0x0, 0xfffd, 0x0) 06:11:53 executing program 1: pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_kcm_SIOCKCMATTACH(0xffffffffffffffff, 0x89e0, 0x0) vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1) readv(r0, &(0x7f00000001c0)=[{0x0}], 0x1) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) ioctl$VT_WAITACTIVE(0xffffffffffffffff, 0x5607) close(r1) r2 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r2, 0x6, 0x80000000000002, &(0x7f0000000800)=0x16c, 0x4) setsockopt$inet_tcp_TCP_MD5SIG(r2, 0x6, 0xe, &(0x7f0000000480)={@in={{0x2, 0x0, @local}}, 0x0, 0x20000000005, 0x2}, 0xd8) bind$inet(r2, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r2, 0x0, 0x0, 0x200007fd, &(0x7f0000000100)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r2, 0x1, 0x8, &(0x7f0000000000), 0x9f) recvmsg(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000840)=""/4096, 0x1000}, {&(0x7f0000001840)=""/4096, 0x1000}, {0x0}], 0x3}, 0x300) splice(r0, 0x0, r1, 0x0, 0xfffd, 0x0) [ 658.604991][ T28] audit: type=1804 audit(1590300713.583:136): pid=17721 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir182037091/syzkaller.fFo22x/343/file0/bus" dev="loop2" ino=87 res=1 [ 658.727871][ T28] audit: type=1804 audit(1590300713.673:137): pid=17731 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir182037091/syzkaller.fFo22x/343/file0/bus" dev="loop2" ino=87 res=1 [ 659.330630][T16016] attempt to access beyond end of device [ 659.336383][T16016] loop2: rw=1, want=2529, limit=63 [ 659.346612][T16016] attempt to access beyond end of device [ 659.356038][T16016] loop2: rw=1, want=4577, limit=63 [ 659.365921][T16016] attempt to access beyond end of device [ 659.374245][T16016] loop2: rw=1, want=6625, limit=63 [ 659.383872][T16016] attempt to access beyond end of device [ 659.391084][T16016] loop2: rw=1, want=8673, limit=63 [ 659.401138][T16016] attempt to access beyond end of device [ 659.406781][T16016] loop2: rw=1, want=10721, limit=63 [ 659.416688][T16016] attempt to access beyond end of device [ 659.422638][T16016] loop2: rw=1, want=12769, limit=63 [ 659.433037][T16016] attempt to access beyond end of device [ 659.438988][T16016] loop2: rw=1, want=15281, limit=63 [ 659.451261][T16016] attempt to access beyond end of device [ 659.456902][T16016] loop2: rw=1, want=19377, limit=63 [ 659.466824][T16016] attempt to access beyond end of device [ 659.472784][T16016] loop2: rw=1, want=20773, limit=63 06:11:56 executing program 5: socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r2, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102385, 0x18ff1}], 0x3, 0x0, 0x0, 0x0) tkill(r2, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @ext={0x2a, &(0x7f00000193c0)="f7f258480aa42220e779e70076cc036a2a160500000032a56f7259e480249950f34c6aa172903acab906"}}], 0x1c) ptrace$setregs(0xd, r2, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r2, 0x0, 0x0) 06:11:56 executing program 1: pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_kcm_SIOCKCMATTACH(0xffffffffffffffff, 0x89e0, 0x0) vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1) readv(r0, &(0x7f00000001c0)=[{0x0}], 0x1) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) ioctl$VT_WAITACTIVE(0xffffffffffffffff, 0x5607) close(r1) r2 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r2, 0x6, 0x80000000000002, &(0x7f0000000800)=0x16c, 0x4) setsockopt$inet_tcp_TCP_MD5SIG(r2, 0x6, 0xe, &(0x7f0000000480)={@in={{0x2, 0x0, @local}}, 0x0, 0x20000000005, 0x2}, 0xd8) bind$inet(r2, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r2, 0x0, 0x0, 0x200007fd, &(0x7f0000000100)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r2, 0x1, 0x8, &(0x7f0000000000), 0x9f) recvmsg(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000840)=""/4096, 0x1000}, {&(0x7f0000001840)=""/4096, 0x1000}, {0x0}], 0x3}, 0x300) splice(r0, 0x0, r1, 0x0, 0xfffd, 0x0) 06:11:56 executing program 2: prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setattr(r0, 0x0, 0x0) r1 = socket$inet6(0xa, 0x0, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x9}, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sched_setattr(0x0, &(0x7f0000000180)={0x38, 0x1, 0x0, 0x0, 0x3}, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000000200)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r2 = open(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) fchdir(r2) r3 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ftruncate(r3, 0x800) lseek(r3, 0x0, 0x2) r4 = open(&(0x7f0000001840)='./bus\x00', 0x80, 0x0) sendfile(r3, r4, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0xa0) 06:11:56 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {&(0x7f00000003c0)=""/102385, 0x18ff1}], 0x2, 0x0, 0x0, 0x0) tkill(r0, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0xfd, &(0x7f00000193c0)="f7f258480aa4ce20d179e70076cc036a2a1605000000320800000000000000a172903acab90671ffbb70cef20d945aa586d65a3d7f02224c14f1bdd7d464089414700000000000d384d29308f038cb863cce9acc92b74162953f799a801e4f0a49bd983a793d0f756d427b702ca97d7ba31392f173f30271fa144340a90d74208ee26834d00e37642d03645ffbe9e50affba1233832cbf4882a813cb286fcf95f9db2dd885905284f167992356c7667b5f2e5dddb33f7b43e9988f2c5ebe21e47dc96e22e3d9b9a00a153f2534b2302c88a1d58ac9defdb908981b674ae9470a1a00c47bcc6f9b2d875f101167322be2bfef76a9d17317abc90ab10880"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 06:11:56 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102385, 0x18ff1}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x128, &(0x7f00000193c0)="f7f258480aa4ce20d179e70076cc036a2a1605000000320800000000000000a172903acab90671ffbb70cef20d945aa586d65a3d7f02224c14f1bdd7d464089414700000000000d384d29308f038cb863cce9acc92b74162953f799a801e4f0a49bd983a793d0f756d427b702ca97d7ba31392f173f30271fa144340a90d74208ee26834d00e37642d03645ffbe9e50affba1233832cbf4882a813cb286fcf95f9db2dd885905284f167992356c7667b5f2e5dddb33f7b43e9988f2c5ebe21e47dc96e22e3d9b9a00a153f2534b2302c88a1d58ac9defdb908981b674ae9470a1a00c47bcc6f9b2d875f101167322be2bfef76a9d17317abc90ab10880ef5ae883053823dc9c2a67c1b51cbcc45af13b649a7d860df49873b7d80b1caaae549e581dd3c8d960320a"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 06:11:56 executing program 0: sendmmsg$inet(0xffffffffffffffff, &(0x7f0000000080)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}], 0x2, 0x0) r0 = gettid() prctl$PR_SET_PTRACER(0x59616d61, r0) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000740)="0f34", 0x2}], 0x1, 0x0) ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f00000000c0)={@mcast2, 0xe}) ptrace$setopts(0x4206, r1, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000140)=""/71, 0x47}], 0x3, 0x0, 0x0, 0x0) tkill(r1, 0x3c) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r1, 0x0, 0x0) [ 661.231259][ T28] audit: type=1804 audit(1590300716.213:138): pid=17751 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir182037091/syzkaller.fFo22x/344/file0/bus" dev="loop2" ino=88 res=1 06:11:56 executing program 1: pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_kcm_SIOCKCMATTACH(0xffffffffffffffff, 0x89e0, 0x0) vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1) readv(r0, &(0x7f00000001c0)=[{0x0}], 0x1) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) r2 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$VT_WAITACTIVE(0xffffffffffffffff, 0x5607) close(r1) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x80000000000002, &(0x7f0000000800)=0x16c, 0x4) setsockopt$inet_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f0000000480)={@in={{0x2, 0x0, @local}}, 0x0, 0x20000000005, 0x2}, 0xd8) bind$inet(r3, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r3, 0x0, 0x0, 0x200007fd, &(0x7f0000000100)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r3, 0x1, 0x8, &(0x7f0000000000), 0x9f) recvmsg(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000840)=""/4096, 0x1000}, {&(0x7f0000001840)=""/4096, 0x1000}, {0x0}], 0x3}, 0x300) splice(r0, 0x0, r1, 0x0, 0xfffd, 0x0) [ 661.315920][ T28] audit: type=1804 audit(1590300716.273:139): pid=17759 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir182037091/syzkaller.fFo22x/344/file0/bus" dev="loop2" ino=88 res=1 06:11:56 executing program 1: pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_kcm_SIOCKCMATTACH(0xffffffffffffffff, 0x89e0, 0x0) vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1) readv(r0, &(0x7f00000001c0)=[{0x0}], 0x1) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) r2 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$VT_WAITACTIVE(0xffffffffffffffff, 0x5607) close(r1) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x80000000000002, &(0x7f0000000800)=0x16c, 0x4) setsockopt$inet_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f0000000480)={@in={{0x2, 0x0, @local}}, 0x0, 0x20000000005, 0x2}, 0xd8) bind$inet(r3, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r3, 0x0, 0x0, 0x200007fd, &(0x7f0000000100)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r3, 0x1, 0x8, &(0x7f0000000000), 0x9f) recvmsg(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000840)=""/4096, 0x1000}, {&(0x7f0000001840)=""/4096, 0x1000}, {0x0}], 0x3}, 0x300) splice(r0, 0x0, r1, 0x0, 0xfffd, 0x0) 06:11:56 executing program 1: pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_kcm_SIOCKCMATTACH(0xffffffffffffffff, 0x89e0, 0x0) vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1) readv(r0, &(0x7f00000001c0)=[{0x0}], 0x1) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) r2 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$VT_WAITACTIVE(0xffffffffffffffff, 0x5607) close(r1) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x80000000000002, &(0x7f0000000800)=0x16c, 0x4) setsockopt$inet_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f0000000480)={@in={{0x2, 0x0, @local}}, 0x0, 0x20000000005, 0x2}, 0xd8) bind$inet(r3, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r3, 0x0, 0x0, 0x200007fd, &(0x7f0000000100)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r3, 0x1, 0x8, &(0x7f0000000000), 0x9f) recvmsg(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000840)=""/4096, 0x1000}, {&(0x7f0000001840)=""/4096, 0x1000}, {0x0}], 0x3}, 0x300) splice(r0, 0x0, r1, 0x0, 0xfffd, 0x0) 06:11:56 executing program 1: pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_kcm_SIOCKCMATTACH(0xffffffffffffffff, 0x89e0, 0x0) vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1) readv(r0, &(0x7f00000001c0)=[{0x0}], 0x1) socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$VT_WAITACTIVE(0xffffffffffffffff, 0x5607) close(r1) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x80000000000002, &(0x7f0000000800)=0x16c, 0x4) setsockopt$inet_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f0000000480)={@in={{0x2, 0x0, @local}}, 0x0, 0x20000000005, 0x2}, 0xd8) bind$inet(r3, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r3, 0x0, 0x0, 0x200007fd, &(0x7f0000000100)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r3, 0x1, 0x8, &(0x7f0000000000), 0x9f) recvmsg(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000840)=""/4096, 0x1000}, {&(0x7f0000001840)=""/4096, 0x1000}, {0x0}], 0x3}, 0x300) splice(r0, 0x0, r1, 0x0, 0xfffd, 0x0) 06:11:56 executing program 1: pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_kcm_SIOCKCMATTACH(0xffffffffffffffff, 0x89e0, 0x0) vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1) readv(r0, &(0x7f00000001c0)=[{0x0}], 0x1) socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$VT_WAITACTIVE(0xffffffffffffffff, 0x5607) close(r1) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x80000000000002, &(0x7f0000000800)=0x16c, 0x4) setsockopt$inet_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f0000000480)={@in={{0x2, 0x0, @local}}, 0x0, 0x20000000005, 0x2}, 0xd8) bind$inet(r3, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r3, 0x0, 0x0, 0x200007fd, &(0x7f0000000100)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r3, 0x1, 0x8, &(0x7f0000000000), 0x9f) recvmsg(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000840)=""/4096, 0x1000}, {&(0x7f0000001840)=""/4096, 0x1000}, {0x0}], 0x3}, 0x300) splice(r0, 0x0, r1, 0x0, 0xfffd, 0x0) 06:11:56 executing program 1: pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_kcm_SIOCKCMATTACH(0xffffffffffffffff, 0x89e0, 0x0) vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1) readv(r0, &(0x7f00000001c0)=[{0x0}], 0x1) socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$VT_WAITACTIVE(0xffffffffffffffff, 0x5607) close(r1) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x80000000000002, &(0x7f0000000800)=0x16c, 0x4) setsockopt$inet_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f0000000480)={@in={{0x2, 0x0, @local}}, 0x0, 0x20000000005, 0x2}, 0xd8) bind$inet(r3, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r3, 0x0, 0x0, 0x200007fd, &(0x7f0000000100)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r3, 0x1, 0x8, &(0x7f0000000000), 0x9f) recvmsg(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000840)=""/4096, 0x1000}, {&(0x7f0000001840)=""/4096, 0x1000}, {0x0}], 0x3}, 0x300) splice(r0, 0x0, r1, 0x0, 0xfffd, 0x0) [ 662.046224][ T169] attempt to access beyond end of device [ 662.055478][ T169] loop2: rw=1, want=3729, limit=63 [ 662.070879][ T169] attempt to access beyond end of device [ 662.076670][ T169] loop2: rw=1, want=5777, limit=63 [ 662.091200][ T169] attempt to access beyond end of device [ 662.096993][ T169] loop2: rw=1, want=7825, limit=63 [ 662.121399][ T169] attempt to access beyond end of device [ 662.127045][ T169] loop2: rw=1, want=9873, limit=63 [ 662.139255][ T169] attempt to access beyond end of device [ 662.155957][ T169] loop2: rw=1, want=11921, limit=63 [ 662.165807][ T169] attempt to access beyond end of device [ 662.172646][ T169] loop2: rw=1, want=13969, limit=63 [ 662.182986][ T169] attempt to access beyond end of device [ 662.189411][ T169] loop2: rw=1, want=16017, limit=63 [ 662.196932][ T169] attempt to access beyond end of device [ 662.203147][ T169] loop2: rw=1, want=16657, limit=63 06:11:59 executing program 5: socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r2, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102385, 0x18ff1}], 0x3, 0x0, 0x0, 0x0) tkill(r2, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @ext={0x2a, &(0x7f00000193c0)="f7f258480aa42220e779e70076cc036a2a160500000032a56f7259e480249950f34c6aa172903acab906"}}], 0x1c) ptrace$setregs(0xd, r2, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r2, 0x0, 0x0) 06:11:59 executing program 1: pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_kcm_SIOCKCMATTACH(0xffffffffffffffff, 0x89e0, 0x0) vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$VT_WAITACTIVE(0xffffffffffffffff, 0x5607) close(r1) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x80000000000002, &(0x7f0000000800)=0x16c, 0x4) setsockopt$inet_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f0000000480)={@in={{0x2, 0x0, @local}}, 0x0, 0x20000000005, 0x2}, 0xd8) bind$inet(r3, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r3, 0x0, 0x0, 0x200007fd, &(0x7f0000000100)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r3, 0x1, 0x8, &(0x7f0000000000), 0x9f) recvmsg(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000840)=""/4096, 0x1000}, {&(0x7f0000001840)=""/4096, 0x1000}, {0x0}], 0x3}, 0x300) splice(r0, 0x0, r1, 0x0, 0xfffd, 0x0) 06:11:59 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100), 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102385, 0x18ff1}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x128, &(0x7f00000193c0)="f7f258480aa4ce20d179e70076cc036a2a1605000000320800000000000000a172903acab90671ffbb70cef20d945aa586d65a3d7f02224c14f1bdd7d464089414700000000000d384d29308f038cb863cce9acc92b74162953f799a801e4f0a49bd983a793d0f756d427b702ca97d7ba31392f173f30271fa144340a90d74208ee26834d00e37642d03645ffbe9e50affba1233832cbf4882a813cb286fcf95f9db2dd885905284f167992356c7667b5f2e5dddb33f7b43e9988f2c5ebe21e47dc96e22e3d9b9a00a153f2534b2302c88a1d58ac9defdb908981b674ae9470a1a00c47bcc6f9b2d875f101167322be2bfef76a9d17317abc90ab10880ef5ae883053823dc9c2a67c1b51cbcc45af13b649a7d860df49873b7d80b1caaae549e581dd3c8d960320a"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 06:11:59 executing program 2: prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setattr(r0, 0x0, 0x0) socket$inet6(0xa, 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x9}, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sched_setattr(0x0, &(0x7f0000000180)={0x38, 0x1, 0x0, 0x0, 0x3}, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000000200)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r1 = open(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) fchdir(r1) r2 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ftruncate(r2, 0x800) lseek(r2, 0x0, 0x2) r3 = open(&(0x7f0000001840)='./bus\x00', 0x80, 0x0) sendfile(r2, r3, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0xa0) 06:11:59 executing program 0: sendmmsg$inet(0xffffffffffffffff, &(0x7f0000000080)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}], 0x2, 0x0) r0 = gettid() prctl$PR_SET_PTRACER(0x59616d61, r0) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000740)="0f34", 0x2}], 0x1, 0x0) ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f00000000c0)={@mcast2, 0xe}) ptrace$setopts(0x4206, r1, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000140)=""/71, 0x47}], 0x3, 0x0, 0x0, 0x0) tkill(r1, 0x3c) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r1, 0x0, 0x0) 06:11:59 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102385, 0x18ff1}], 0x3, 0x0, 0x0, 0x0) tkill(0x0, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0xfd, &(0x7f00000193c0)="f7f258480aa4ce20d179e70076cc036a2a1605000000320800000000000000a172903acab90671ffbb70cef20d945aa586d65a3d7f02224c14f1bdd7d464089414700000000000d384d29308f038cb863cce9acc92b74162953f799a801e4f0a49bd983a793d0f756d427b702ca97d7ba31392f173f30271fa144340a90d74208ee26834d00e37642d03645ffbe9e50affba1233832cbf4882a813cb286fcf95f9db2dd885905284f167992356c7667b5f2e5dddb33f7b43e9988f2c5ebe21e47dc96e22e3d9b9a00a153f2534b2302c88a1d58ac9defdb908981b674ae9470a1a00c47bcc6f9b2d875f101167322be2bfef76a9d17317abc90ab10880"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 06:11:59 executing program 1: pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_kcm_SIOCKCMATTACH(0xffffffffffffffff, 0x89e0, 0x0) vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$VT_WAITACTIVE(0xffffffffffffffff, 0x5607) close(r1) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x80000000000002, &(0x7f0000000800)=0x16c, 0x4) setsockopt$inet_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f0000000480)={@in={{0x2, 0x0, @local}}, 0x0, 0x20000000005, 0x2}, 0xd8) bind$inet(r3, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r3, 0x0, 0x0, 0x200007fd, &(0x7f0000000100)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r3, 0x1, 0x8, &(0x7f0000000000), 0x9f) recvmsg(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000840)=""/4096, 0x1000}, {&(0x7f0000001840)=""/4096, 0x1000}, {0x0}], 0x3}, 0x300) splice(r0, 0x0, r1, 0x0, 0xfffd, 0x0) [ 664.329460][ T28] audit: type=1804 audit(1590300719.313:140): pid=17794 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir182037091/syzkaller.fFo22x/345/file0/bus" dev="loop2" ino=89 res=1 06:11:59 executing program 1: pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_kcm_SIOCKCMATTACH(0xffffffffffffffff, 0x89e0, 0x0) vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$VT_WAITACTIVE(0xffffffffffffffff, 0x5607) close(r1) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x80000000000002, &(0x7f0000000800)=0x16c, 0x4) setsockopt$inet_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f0000000480)={@in={{0x2, 0x0, @local}}, 0x0, 0x20000000005, 0x2}, 0xd8) bind$inet(r3, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r3, 0x0, 0x0, 0x200007fd, &(0x7f0000000100)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r3, 0x1, 0x8, &(0x7f0000000000), 0x9f) recvmsg(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000840)=""/4096, 0x1000}, {&(0x7f0000001840)=""/4096, 0x1000}, {0x0}], 0x3}, 0x300) splice(r0, 0x0, r1, 0x0, 0xfffd, 0x0) [ 664.401881][ T28] audit: type=1804 audit(1590300719.383:141): pid=17808 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir182037091/syzkaller.fFo22x/345/file0/bus" dev="loop2" ino=89 res=1 06:11:59 executing program 1: pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_kcm_SIOCKCMATTACH(0xffffffffffffffff, 0x89e0, 0x0) readv(r0, &(0x7f00000001c0)=[{0x0}], 0x1) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$VT_WAITACTIVE(0xffffffffffffffff, 0x5607) close(r1) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x80000000000002, &(0x7f0000000800)=0x16c, 0x4) setsockopt$inet_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f0000000480)={@in={{0x2, 0x0, @local}}, 0x0, 0x20000000005, 0x2}, 0xd8) bind$inet(r3, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r3, 0x0, 0x0, 0x200007fd, &(0x7f0000000100)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r3, 0x1, 0x8, &(0x7f0000000000), 0x9f) recvmsg(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000840)=""/4096, 0x1000}, {&(0x7f0000001840)=""/4096, 0x1000}, {0x0}], 0x3}, 0x300) splice(r0, 0x0, r1, 0x0, 0xfffd, 0x0) 06:11:59 executing program 2: prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setattr(r0, 0x0, 0x0) socket$inet6(0xa, 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x9}, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sched_setattr(0x0, &(0x7f0000000180)={0x38, 0x1, 0x0, 0x0, 0x3}, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000000200)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r1 = open(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) fchdir(r1) r2 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ftruncate(r2, 0x800) lseek(r2, 0x0, 0x2) r3 = open(&(0x7f0000001840)='./bus\x00', 0x80, 0x0) sendfile(r2, r3, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0xa0) 06:11:59 executing program 1: pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_kcm_SIOCKCMATTACH(0xffffffffffffffff, 0x89e0, 0x0) readv(r0, &(0x7f00000001c0)=[{0x0}], 0x1) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$VT_WAITACTIVE(0xffffffffffffffff, 0x5607) close(r1) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x80000000000002, &(0x7f0000000800)=0x16c, 0x4) setsockopt$inet_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f0000000480)={@in={{0x2, 0x0, @local}}, 0x0, 0x20000000005, 0x2}, 0xd8) bind$inet(r3, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r3, 0x0, 0x0, 0x200007fd, &(0x7f0000000100)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r3, 0x1, 0x8, &(0x7f0000000000), 0x9f) recvmsg(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000840)=""/4096, 0x1000}, {&(0x7f0000001840)=""/4096, 0x1000}, {0x0}], 0x3}, 0x300) splice(r0, 0x0, r1, 0x0, 0xfffd, 0x0) 06:11:59 executing program 1: pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_kcm_SIOCKCMATTACH(0xffffffffffffffff, 0x89e0, 0x0) readv(r0, &(0x7f00000001c0)=[{0x0}], 0x1) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$VT_WAITACTIVE(0xffffffffffffffff, 0x5607) close(r1) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x80000000000002, &(0x7f0000000800)=0x16c, 0x4) setsockopt$inet_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f0000000480)={@in={{0x2, 0x0, @local}}, 0x0, 0x20000000005, 0x2}, 0xd8) bind$inet(r3, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r3, 0x0, 0x0, 0x200007fd, &(0x7f0000000100)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r3, 0x1, 0x8, &(0x7f0000000000), 0x9f) recvmsg(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000840)=""/4096, 0x1000}, {&(0x7f0000001840)=""/4096, 0x1000}, {0x0}], 0x3}, 0x300) splice(r0, 0x0, r1, 0x0, 0xfffd, 0x0) [ 664.665162][ T28] audit: type=1804 audit(1590300719.643:142): pid=17819 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir182037091/syzkaller.fFo22x/346/file0/bus" dev="loop2" ino=90 res=1 [ 664.733177][ T28] audit: type=1804 audit(1590300719.713:143): pid=17825 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir182037091/syzkaller.fFo22x/346/file0/bus" dev="loop2" ino=90 res=1 [ 665.433458][ T628] attempt to access beyond end of device [ 665.439225][ T628] loop2: rw=1, want=2769, limit=63 [ 665.448727][ T628] attempt to access beyond end of device [ 665.454508][ T628] loop2: rw=1, want=4817, limit=63 [ 665.463676][ T628] attempt to access beyond end of device [ 665.470196][ T628] loop2: rw=1, want=6865, limit=63 [ 665.479681][ T628] attempt to access beyond end of device [ 665.485678][ T628] loop2: rw=1, want=8913, limit=63 [ 665.495174][ T628] attempt to access beyond end of device [ 665.501294][ T628] loop2: rw=1, want=10961, limit=63 [ 665.510627][ T628] attempt to access beyond end of device [ 665.516248][ T628] loop2: rw=1, want=13009, limit=63 [ 665.525752][ T628] attempt to access beyond end of device [ 665.531630][ T628] loop2: rw=1, want=15057, limit=63 [ 665.544265][ T628] attempt to access beyond end of device [ 665.549957][ T628] loop2: rw=1, want=18985, limit=63 [ 665.563766][ T628] attempt to access beyond end of device [ 665.569472][ T628] loop2: rw=1, want=23081, limit=63 [ 665.579276][ T628] attempt to access beyond end of device [ 665.584915][ T628] loop2: rw=1, want=24209, limit=63 06:12:02 executing program 5: socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r2, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102385, 0x18ff1}], 0x3, 0x0, 0x0, 0x0) tkill(r2, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @ext={0x2a, &(0x7f00000193c0)="f7f258480aa42220e779e70076cc036a2a160500000032a56f7259e480249950f34c6aa172903acab906"}}], 0x1c) ptrace$setregs(0xd, r2, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r2, 0x0, 0x0) 06:12:02 executing program 1: pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1) readv(r0, &(0x7f00000001c0)=[{0x0}], 0x1) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$VT_WAITACTIVE(0xffffffffffffffff, 0x5607) close(r1) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x80000000000002, &(0x7f0000000800)=0x16c, 0x4) setsockopt$inet_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f0000000480)={@in={{0x2, 0x0, @local}}, 0x0, 0x20000000005, 0x2}, 0xd8) bind$inet(r3, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r3, 0x0, 0x0, 0x200007fd, &(0x7f0000000100)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r3, 0x1, 0x8, &(0x7f0000000000), 0x9f) recvmsg(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000840)=""/4096, 0x1000}, {&(0x7f0000001840)=""/4096, 0x1000}, {0x0}], 0x3}, 0x300) splice(r0, 0x0, r1, 0x0, 0xfffd, 0x0) 06:12:02 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100), 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102385, 0x18ff1}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x128, &(0x7f00000193c0)="f7f258480aa4ce20d179e70076cc036a2a1605000000320800000000000000a172903acab90671ffbb70cef20d945aa586d65a3d7f02224c14f1bdd7d464089414700000000000d384d29308f038cb863cce9acc92b74162953f799a801e4f0a49bd983a793d0f756d427b702ca97d7ba31392f173f30271fa144340a90d74208ee26834d00e37642d03645ffbe9e50affba1233832cbf4882a813cb286fcf95f9db2dd885905284f167992356c7667b5f2e5dddb33f7b43e9988f2c5ebe21e47dc96e22e3d9b9a00a153f2534b2302c88a1d58ac9defdb908981b674ae9470a1a00c47bcc6f9b2d875f101167322be2bfef76a9d17317abc90ab10880ef5ae883053823dc9c2a67c1b51cbcc45af13b649a7d860df49873b7d80b1caaae549e581dd3c8d960320a"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 06:12:02 executing program 2: prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setattr(r0, 0x0, 0x0) socket$inet6(0xa, 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x9}, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sched_setattr(0x0, &(0x7f0000000180)={0x38, 0x1, 0x0, 0x0, 0x3}, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000000200)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r1 = open(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) fchdir(r1) r2 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ftruncate(r2, 0x800) lseek(r2, 0x0, 0x2) r3 = open(&(0x7f0000001840)='./bus\x00', 0x80, 0x0) sendfile(r2, r3, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0xa0) 06:12:02 executing program 0: sendmmsg$inet(0xffffffffffffffff, &(0x7f0000000080)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}], 0x2, 0x0) r0 = gettid() prctl$PR_SET_PTRACER(0x59616d61, r0) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000740)="0f34", 0x2}], 0x1, 0x0) ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f00000000c0)={@mcast2, 0xe}) ptrace$setopts(0x4206, r1, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000140)=""/71, 0x47}], 0x3, 0x0, 0x0, 0x0) tkill(r1, 0x3c) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r1, 0x0, 0x0) 06:12:02 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102385, 0x18ff1}], 0x3, 0x0, 0x0, 0x0) tkill(0x0, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0xfd, &(0x7f00000193c0)="f7f258480aa4ce20d179e70076cc036a2a1605000000320800000000000000a172903acab90671ffbb70cef20d945aa586d65a3d7f02224c14f1bdd7d464089414700000000000d384d29308f038cb863cce9acc92b74162953f799a801e4f0a49bd983a793d0f756d427b702ca97d7ba31392f173f30271fa144340a90d74208ee26834d00e37642d03645ffbe9e50affba1233832cbf4882a813cb286fcf95f9db2dd885905284f167992356c7667b5f2e5dddb33f7b43e9988f2c5ebe21e47dc96e22e3d9b9a00a153f2534b2302c88a1d58ac9defdb908981b674ae9470a1a00c47bcc6f9b2d875f101167322be2bfef76a9d17317abc90ab10880"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 06:12:02 executing program 1: pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1) readv(r0, &(0x7f00000001c0)=[{0x0}], 0x1) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$VT_WAITACTIVE(0xffffffffffffffff, 0x5607) close(r1) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x80000000000002, &(0x7f0000000800)=0x16c, 0x4) setsockopt$inet_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f0000000480)={@in={{0x2, 0x0, @local}}, 0x0, 0x20000000005, 0x2}, 0xd8) bind$inet(r3, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r3, 0x0, 0x0, 0x200007fd, &(0x7f0000000100)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r3, 0x1, 0x8, &(0x7f0000000000), 0x9f) recvmsg(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000840)=""/4096, 0x1000}, {&(0x7f0000001840)=""/4096, 0x1000}, {0x0}], 0x3}, 0x300) splice(r0, 0x0, r1, 0x0, 0xfffd, 0x0) [ 667.415256][ T28] audit: type=1804 audit(1590300722.393:144): pid=17841 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir182037091/syzkaller.fFo22x/347/file0/bus" dev="loop2" ino=91 res=1 [ 667.544434][ T28] audit: type=1804 audit(1590300722.503:145): pid=17857 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir182037091/syzkaller.fFo22x/347/file0/bus" dev="loop2" ino=91 res=1 06:12:02 executing program 1: pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1) readv(r0, &(0x7f00000001c0)=[{0x0}], 0x1) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$VT_WAITACTIVE(0xffffffffffffffff, 0x5607) close(r1) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x80000000000002, &(0x7f0000000800)=0x16c, 0x4) setsockopt$inet_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f0000000480)={@in={{0x2, 0x0, @local}}, 0x0, 0x20000000005, 0x2}, 0xd8) bind$inet(r3, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r3, 0x0, 0x0, 0x200007fd, &(0x7f0000000100)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r3, 0x1, 0x8, &(0x7f0000000000), 0x9f) recvmsg(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000840)=""/4096, 0x1000}, {&(0x7f0000001840)=""/4096, 0x1000}, {0x0}], 0x3}, 0x300) splice(r0, 0x0, r1, 0x0, 0xfffd, 0x0) 06:12:02 executing program 1: ioctl$sock_kcm_SIOCKCMATTACH(0xffffffffffffffff, 0x89e0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1) readv(0xffffffffffffffff, &(0x7f00000001c0)=[{0x0}], 0x1) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$inet6_tcp(0xa, 0x1, 0x0) r0 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) ioctl$VT_WAITACTIVE(0xffffffffffffffff, 0x5607) close(0xffffffffffffffff) r1 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x80000000000002, &(0x7f0000000800)=0x16c, 0x4) setsockopt$inet_tcp_TCP_MD5SIG(r1, 0x6, 0xe, &(0x7f0000000480)={@in={{0x2, 0x0, @local}}, 0x0, 0x20000000005, 0x2}, 0xd8) bind$inet(r1, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r1, 0x0, 0x0, 0x200007fd, &(0x7f0000000100)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f0000000000), 0x9f) recvmsg(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000840)=""/4096, 0x1000}, {&(0x7f0000001840)=""/4096, 0x1000}, {0x0}], 0x3}, 0x300) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0xfffd, 0x0) 06:12:02 executing program 1: ioctl$sock_kcm_SIOCKCMATTACH(0xffffffffffffffff, 0x89e0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1) readv(0xffffffffffffffff, &(0x7f00000001c0)=[{0x0}], 0x1) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$inet6_tcp(0xa, 0x1, 0x0) r0 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) ioctl$VT_WAITACTIVE(0xffffffffffffffff, 0x5607) close(0xffffffffffffffff) r1 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x80000000000002, &(0x7f0000000800)=0x16c, 0x4) setsockopt$inet_tcp_TCP_MD5SIG(r1, 0x6, 0xe, &(0x7f0000000480)={@in={{0x2, 0x0, @local}}, 0x0, 0x20000000005, 0x2}, 0xd8) bind$inet(r1, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r1, 0x0, 0x0, 0x200007fd, &(0x7f0000000100)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f0000000000), 0x9f) recvmsg(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000840)=""/4096, 0x1000}, {&(0x7f0000001840)=""/4096, 0x1000}, {0x0}], 0x3}, 0x300) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0xfffd, 0x0) 06:12:02 executing program 1: ioctl$sock_kcm_SIOCKCMATTACH(0xffffffffffffffff, 0x89e0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1) readv(0xffffffffffffffff, &(0x7f00000001c0)=[{0x0}], 0x1) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$inet6_tcp(0xa, 0x1, 0x0) r0 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) ioctl$VT_WAITACTIVE(0xffffffffffffffff, 0x5607) close(0xffffffffffffffff) r1 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x80000000000002, &(0x7f0000000800)=0x16c, 0x4) setsockopt$inet_tcp_TCP_MD5SIG(r1, 0x6, 0xe, &(0x7f0000000480)={@in={{0x2, 0x0, @local}}, 0x0, 0x20000000005, 0x2}, 0xd8) bind$inet(r1, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r1, 0x0, 0x0, 0x200007fd, &(0x7f0000000100)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f0000000000), 0x9f) recvmsg(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000840)=""/4096, 0x1000}, {&(0x7f0000001840)=""/4096, 0x1000}, {0x0}], 0x3}, 0x300) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0xfffd, 0x0) 06:12:03 executing program 1: pipe(0x0) ioctl$sock_kcm_SIOCKCMATTACH(0xffffffffffffffff, 0x89e0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1) readv(0xffffffffffffffff, &(0x7f00000001c0)=[{0x0}], 0x1) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$inet6_tcp(0xa, 0x1, 0x0) r0 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) ioctl$VT_WAITACTIVE(0xffffffffffffffff, 0x5607) close(0xffffffffffffffff) r1 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x80000000000002, &(0x7f0000000800)=0x16c, 0x4) setsockopt$inet_tcp_TCP_MD5SIG(r1, 0x6, 0xe, &(0x7f0000000480)={@in={{0x2, 0x0, @local}}, 0x0, 0x20000000005, 0x2}, 0xd8) bind$inet(r1, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r1, 0x0, 0x0, 0x200007fd, &(0x7f0000000100)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f0000000000), 0x9f) recvmsg(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000840)=""/4096, 0x1000}, {&(0x7f0000001840)=""/4096, 0x1000}, {0x0}], 0x3}, 0x300) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0xfffd, 0x0) [ 668.199989][T16016] attempt to access beyond end of device [ 668.205839][T16016] loop2: rw=1, want=2885, limit=63 [ 668.217642][T16016] attempt to access beyond end of device [ 668.223550][T16016] loop2: rw=1, want=4933, limit=63 [ 668.236860][T16016] attempt to access beyond end of device [ 668.245613][T16016] loop2: rw=1, want=6981, limit=63 [ 668.258825][T16016] attempt to access beyond end of device [ 668.274541][T16016] loop2: rw=1, want=9029, limit=63 [ 668.284808][T16016] attempt to access beyond end of device [ 668.290932][T16016] loop2: rw=1, want=11261, limit=63 [ 668.300766][T16016] attempt to access beyond end of device [ 668.306459][T16016] loop2: rw=1, want=13309, limit=63 [ 668.314610][T16016] attempt to access beyond end of device [ 668.320655][T16016] loop2: rw=1, want=13981, limit=63 06:12:05 executing program 5: socketpair$unix(0x1, 0x5, 0x0, 0x0) r0 = dup2(0xffffffffffffffff, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r1, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102385, 0x18ff1}], 0x3, 0x0, 0x0, 0x0) tkill(r1, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @ext={0x2a, &(0x7f00000193c0)="f7f258480aa42220e779e70076cc036a2a160500000032a56f7259e480249950f34c6aa172903acab906"}}], 0x1c) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r1, 0x0, 0x0) 06:12:05 executing program 1: pipe(0x0) ioctl$sock_kcm_SIOCKCMATTACH(0xffffffffffffffff, 0x89e0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1) readv(0xffffffffffffffff, &(0x7f00000001c0)=[{0x0}], 0x1) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$inet6_tcp(0xa, 0x1, 0x0) r0 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) ioctl$VT_WAITACTIVE(0xffffffffffffffff, 0x5607) close(0xffffffffffffffff) r1 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x80000000000002, &(0x7f0000000800)=0x16c, 0x4) setsockopt$inet_tcp_TCP_MD5SIG(r1, 0x6, 0xe, &(0x7f0000000480)={@in={{0x2, 0x0, @local}}, 0x0, 0x20000000005, 0x2}, 0xd8) bind$inet(r1, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r1, 0x0, 0x0, 0x200007fd, &(0x7f0000000100)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f0000000000), 0x9f) recvmsg(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000840)=""/4096, 0x1000}, {&(0x7f0000001840)=""/4096, 0x1000}, {0x0}], 0x3}, 0x300) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0xfffd, 0x0) 06:12:05 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100), 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102385, 0x18ff1}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x128, &(0x7f00000193c0)="f7f258480aa4ce20d179e70076cc036a2a1605000000320800000000000000a172903acab90671ffbb70cef20d945aa586d65a3d7f02224c14f1bdd7d464089414700000000000d384d29308f038cb863cce9acc92b74162953f799a801e4f0a49bd983a793d0f756d427b702ca97d7ba31392f173f30271fa144340a90d74208ee26834d00e37642d03645ffbe9e50affba1233832cbf4882a813cb286fcf95f9db2dd885905284f167992356c7667b5f2e5dddb33f7b43e9988f2c5ebe21e47dc96e22e3d9b9a00a153f2534b2302c88a1d58ac9defdb908981b674ae9470a1a00c47bcc6f9b2d875f101167322be2bfef76a9d17317abc90ab10880ef5ae883053823dc9c2a67c1b51cbcc45af13b649a7d860df49873b7d80b1caaae549e581dd3c8d960320a"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 06:12:05 executing program 2: prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setattr(r0, 0x0, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, 0x0, 0x0, 0x0, 0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x9}, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sched_setattr(0x0, &(0x7f0000000180)={0x38, 0x1, 0x0, 0x0, 0x3}, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000000200)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r2 = open(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) fchdir(r2) r3 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ftruncate(r3, 0x800) lseek(r3, 0x0, 0x2) r4 = open(&(0x7f0000001840)='./bus\x00', 0x80, 0x0) sendfile(r3, r4, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0xa0) 06:12:05 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102385, 0x18ff1}], 0x3, 0x0, 0x0, 0x0) tkill(0x0, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0xfd, &(0x7f00000193c0)="f7f258480aa4ce20d179e70076cc036a2a1605000000320800000000000000a172903acab90671ffbb70cef20d945aa586d65a3d7f02224c14f1bdd7d464089414700000000000d384d29308f038cb863cce9acc92b74162953f799a801e4f0a49bd983a793d0f756d427b702ca97d7ba31392f173f30271fa144340a90d74208ee26834d00e37642d03645ffbe9e50affba1233832cbf4882a813cb286fcf95f9db2dd885905284f167992356c7667b5f2e5dddb33f7b43e9988f2c5ebe21e47dc96e22e3d9b9a00a153f2534b2302c88a1d58ac9defdb908981b674ae9470a1a00c47bcc6f9b2d875f101167322be2bfef76a9d17317abc90ab10880"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 06:12:05 executing program 0: sendmmsg$inet(0xffffffffffffffff, &(0x7f0000000080)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000380)}}], 0x1, 0x0) r0 = gettid() prctl$PR_SET_PTRACER(0x59616d61, r0) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000740)="0f34", 0x2}], 0x1, 0x0) ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f00000000c0)={@mcast2, 0xe}) ptrace$setopts(0x4206, r1, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000140)=""/71, 0x47}], 0x3, 0x0, 0x0, 0x0) tkill(r1, 0x3c) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r1, 0x0, 0x0) 06:12:05 executing program 1: pipe(0x0) ioctl$sock_kcm_SIOCKCMATTACH(0xffffffffffffffff, 0x89e0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1) readv(0xffffffffffffffff, &(0x7f00000001c0)=[{0x0}], 0x1) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$inet6_tcp(0xa, 0x1, 0x0) r0 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) ioctl$VT_WAITACTIVE(0xffffffffffffffff, 0x5607) close(0xffffffffffffffff) r1 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x80000000000002, &(0x7f0000000800)=0x16c, 0x4) setsockopt$inet_tcp_TCP_MD5SIG(r1, 0x6, 0xe, &(0x7f0000000480)={@in={{0x2, 0x0, @local}}, 0x0, 0x20000000005, 0x2}, 0xd8) bind$inet(r1, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r1, 0x0, 0x0, 0x200007fd, &(0x7f0000000100)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f0000000000), 0x9f) recvmsg(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000840)=""/4096, 0x1000}, {&(0x7f0000001840)=""/4096, 0x1000}, {0x0}], 0x3}, 0x300) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0xfffd, 0x0) 06:12:05 executing program 1: pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_kcm_SIOCKCMATTACH(0xffffffffffffffff, 0x89e0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1) readv(r0, &(0x7f00000001c0)=[{0x0}], 0x1) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$VT_WAITACTIVE(0xffffffffffffffff, 0x5607) close(r1) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x80000000000002, &(0x7f0000000800)=0x16c, 0x4) setsockopt$inet_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f0000000480)={@in={{0x2, 0x0, @local}}, 0x0, 0x20000000005, 0x2}, 0xd8) bind$inet(r3, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r3, 0x0, 0x0, 0x200007fd, &(0x7f0000000100)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r3, 0x1, 0x8, &(0x7f0000000000), 0x9f) recvmsg(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000840)=""/4096, 0x1000}, {&(0x7f0000001840)=""/4096, 0x1000}, {0x0}], 0x3}, 0x300) splice(r0, 0x0, r1, 0x0, 0xfffd, 0x0) [ 670.554421][ T28] audit: type=1804 audit(1590300725.534:146): pid=17890 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir182037091/syzkaller.fFo22x/348/file0/bus" dev="loop2" ino=92 res=1 06:12:05 executing program 1: pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_kcm_SIOCKCMATTACH(0xffffffffffffffff, 0x89e0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1) readv(r0, &(0x7f00000001c0)=[{0x0}], 0x1) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$VT_WAITACTIVE(0xffffffffffffffff, 0x5607) close(r1) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x80000000000002, &(0x7f0000000800)=0x16c, 0x4) setsockopt$inet_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f0000000480)={@in={{0x2, 0x0, @local}}, 0x0, 0x20000000005, 0x2}, 0xd8) bind$inet(r3, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r3, 0x0, 0x0, 0x200007fd, &(0x7f0000000100)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r3, 0x1, 0x8, &(0x7f0000000000), 0x9f) recvmsg(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000840)=""/4096, 0x1000}, {&(0x7f0000001840)=""/4096, 0x1000}, {0x0}], 0x3}, 0x300) splice(r0, 0x0, r1, 0x0, 0xfffd, 0x0) [ 670.610836][ T28] audit: type=1804 audit(1590300725.594:147): pid=17904 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir182037091/syzkaller.fFo22x/348/file0/bus" dev="loop2" ino=92 res=1 06:12:05 executing program 1: pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_kcm_SIOCKCMATTACH(0xffffffffffffffff, 0x89e0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1) readv(r0, &(0x7f00000001c0)=[{0x0}], 0x1) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$VT_WAITACTIVE(0xffffffffffffffff, 0x5607) close(r1) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x80000000000002, &(0x7f0000000800)=0x16c, 0x4) setsockopt$inet_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f0000000480)={@in={{0x2, 0x0, @local}}, 0x0, 0x20000000005, 0x2}, 0xd8) bind$inet(r3, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r3, 0x0, 0x0, 0x200007fd, &(0x7f0000000100)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r3, 0x1, 0x8, &(0x7f0000000000), 0x9f) recvmsg(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000840)=""/4096, 0x1000}, {&(0x7f0000001840)=""/4096, 0x1000}, {0x0}], 0x3}, 0x300) splice(r0, 0x0, r1, 0x0, 0xfffd, 0x0) 06:12:05 executing program 2: prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setattr(r0, 0x0, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, 0x0, 0x0, 0x0, 0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x9}, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sched_setattr(0x0, &(0x7f0000000180)={0x38, 0x1, 0x0, 0x0, 0x3}, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000000200)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r2 = open(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) fchdir(r2) r3 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ftruncate(r3, 0x800) lseek(r3, 0x0, 0x2) r4 = open(&(0x7f0000001840)='./bus\x00', 0x80, 0x0) sendfile(r3, r4, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0xa0) 06:12:05 executing program 1: pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_kcm_SIOCKCMATTACH(0xffffffffffffffff, 0x89e0, 0x0) vmsplice(r1, 0x0, 0x0, 0x1) readv(r0, &(0x7f00000001c0)=[{0x0}], 0x1) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$VT_WAITACTIVE(0xffffffffffffffff, 0x5607) close(r1) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x80000000000002, &(0x7f0000000800)=0x16c, 0x4) setsockopt$inet_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f0000000480)={@in={{0x2, 0x0, @local}}, 0x0, 0x20000000005, 0x2}, 0xd8) bind$inet(r3, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r3, 0x0, 0x0, 0x200007fd, &(0x7f0000000100)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r3, 0x1, 0x8, &(0x7f0000000000), 0x9f) recvmsg(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000840)=""/4096, 0x1000}, {&(0x7f0000001840)=""/4096, 0x1000}, {0x0}], 0x3}, 0x300) splice(r0, 0x0, r1, 0x0, 0xfffd, 0x0) [ 670.881583][ T28] audit: type=1804 audit(1590300725.864:148): pid=17915 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir182037091/syzkaller.fFo22x/349/file0/bus" dev="loop2" ino=93 res=1 [ 670.970196][ T28] audit: type=1804 audit(1590300725.914:149): pid=17920 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir182037091/syzkaller.fFo22x/349/file0/bus" dev="loop2" ino=93 res=1 [ 671.667243][T16016] attempt to access beyond end of device [ 671.674120][T16016] loop2: rw=1, want=3705, limit=63 [ 671.683618][T16016] attempt to access beyond end of device [ 671.689429][T16016] loop2: rw=1, want=5753, limit=63 [ 671.700233][T16016] attempt to access beyond end of device [ 671.705862][T16016] loop2: rw=1, want=7801, limit=63 [ 671.715639][T16016] attempt to access beyond end of device [ 671.721327][T16016] loop2: rw=1, want=9849, limit=63 [ 671.731078][T16016] attempt to access beyond end of device [ 671.736804][T16016] loop2: rw=1, want=11897, limit=63 [ 671.746649][T16016] attempt to access beyond end of device [ 671.752363][T16016] loop2: rw=1, want=13945, limit=63 [ 671.762067][T16016] attempt to access beyond end of device [ 671.767837][T16016] loop2: rw=1, want=15993, limit=63 [ 671.779979][T16016] attempt to access beyond end of device [ 671.785626][T16016] loop2: rw=1, want=19961, limit=63 [ 671.797979][T16016] attempt to access beyond end of device [ 671.803616][T16016] loop2: rw=1, want=23189, limit=63 06:12:08 executing program 5: socketpair$unix(0x1, 0x5, 0x0, 0x0) r0 = dup2(0xffffffffffffffff, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r1, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102385, 0x18ff1}], 0x3, 0x0, 0x0, 0x0) tkill(r1, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @ext={0x2a, &(0x7f00000193c0)="f7f258480aa42220e779e70076cc036a2a160500000032a56f7259e480249950f34c6aa172903acab906"}}], 0x1c) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r1, 0x0, 0x0) 06:12:08 executing program 1: pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_kcm_SIOCKCMATTACH(0xffffffffffffffff, 0x89e0, 0x0) vmsplice(r1, 0x0, 0x0, 0x1) readv(r0, &(0x7f00000001c0)=[{0x0}], 0x1) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$VT_WAITACTIVE(0xffffffffffffffff, 0x5607) close(r1) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x80000000000002, &(0x7f0000000800)=0x16c, 0x4) setsockopt$inet_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f0000000480)={@in={{0x2, 0x0, @local}}, 0x0, 0x20000000005, 0x2}, 0xd8) bind$inet(r3, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r3, 0x0, 0x0, 0x200007fd, &(0x7f0000000100)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r3, 0x1, 0x8, &(0x7f0000000000), 0x9f) recvmsg(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000840)=""/4096, 0x1000}, {&(0x7f0000001840)=""/4096, 0x1000}, {0x0}], 0x3}, 0x300) splice(r0, 0x0, r1, 0x0, 0xfffd, 0x0) 06:12:08 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{0x0}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102385, 0x18ff1}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x128, &(0x7f00000193c0)="f7f258480aa4ce20d179e70076cc036a2a1605000000320800000000000000a172903acab90671ffbb70cef20d945aa586d65a3d7f02224c14f1bdd7d464089414700000000000d384d29308f038cb863cce9acc92b74162953f799a801e4f0a49bd983a793d0f756d427b702ca97d7ba31392f173f30271fa144340a90d74208ee26834d00e37642d03645ffbe9e50affba1233832cbf4882a813cb286fcf95f9db2dd885905284f167992356c7667b5f2e5dddb33f7b43e9988f2c5ebe21e47dc96e22e3d9b9a00a153f2534b2302c88a1d58ac9defdb908981b674ae9470a1a00c47bcc6f9b2d875f101167322be2bfef76a9d17317abc90ab10880ef5ae883053823dc9c2a67c1b51cbcc45af13b649a7d860df49873b7d80b1caaae549e581dd3c8d960320a"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 06:12:08 executing program 2: prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setattr(r0, 0x0, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, 0x0, 0x0, 0x0, 0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x9}, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sched_setattr(0x0, &(0x7f0000000180)={0x38, 0x1, 0x0, 0x0, 0x3}, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000000200)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r2 = open(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) fchdir(r2) r3 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ftruncate(r3, 0x800) lseek(r3, 0x0, 0x2) r4 = open(&(0x7f0000001840)='./bus\x00', 0x80, 0x0) sendfile(r3, r4, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0xa0) 06:12:08 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102385, 0x18ff1}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x0) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0xfd, &(0x7f00000193c0)="f7f258480aa4ce20d179e70076cc036a2a1605000000320800000000000000a172903acab90671ffbb70cef20d945aa586d65a3d7f02224c14f1bdd7d464089414700000000000d384d29308f038cb863cce9acc92b74162953f799a801e4f0a49bd983a793d0f756d427b702ca97d7ba31392f173f30271fa144340a90d74208ee26834d00e37642d03645ffbe9e50affba1233832cbf4882a813cb286fcf95f9db2dd885905284f167992356c7667b5f2e5dddb33f7b43e9988f2c5ebe21e47dc96e22e3d9b9a00a153f2534b2302c88a1d58ac9defdb908981b674ae9470a1a00c47bcc6f9b2d875f101167322be2bfef76a9d17317abc90ab10880"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 06:12:08 executing program 0: sendmmsg$inet(0xffffffffffffffff, &(0x7f0000000080)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000380)}}], 0x1, 0x0) r0 = gettid() prctl$PR_SET_PTRACER(0x59616d61, r0) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000740)="0f34", 0x2}], 0x1, 0x0) ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f00000000c0)={@mcast2, 0xe}) ptrace$setopts(0x4206, r1, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000140)=""/71, 0x47}], 0x3, 0x0, 0x0, 0x0) tkill(r1, 0x3c) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r1, 0x0, 0x0) 06:12:08 executing program 1: pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_kcm_SIOCKCMATTACH(0xffffffffffffffff, 0x89e0, 0x0) vmsplice(r1, 0x0, 0x0, 0x1) readv(r0, &(0x7f00000001c0)=[{0x0}], 0x1) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$VT_WAITACTIVE(0xffffffffffffffff, 0x5607) close(r1) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x80000000000002, &(0x7f0000000800)=0x16c, 0x4) setsockopt$inet_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f0000000480)={@in={{0x2, 0x0, @local}}, 0x0, 0x20000000005, 0x2}, 0xd8) bind$inet(r3, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r3, 0x0, 0x0, 0x200007fd, &(0x7f0000000100)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r3, 0x1, 0x8, &(0x7f0000000000), 0x9f) recvmsg(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000840)=""/4096, 0x1000}, {&(0x7f0000001840)=""/4096, 0x1000}, {0x0}], 0x3}, 0x300) splice(r0, 0x0, r1, 0x0, 0xfffd, 0x0) 06:12:08 executing program 1: pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_kcm_SIOCKCMATTACH(0xffffffffffffffff, 0x89e0, 0x0) vmsplice(r1, &(0x7f00000000c0), 0x0, 0x1) readv(r0, &(0x7f00000001c0)=[{0x0}], 0x1) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$VT_WAITACTIVE(0xffffffffffffffff, 0x5607) close(r1) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x80000000000002, &(0x7f0000000800)=0x16c, 0x4) setsockopt$inet_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f0000000480)={@in={{0x2, 0x0, @local}}, 0x0, 0x20000000005, 0x2}, 0xd8) bind$inet(r3, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r3, 0x0, 0x0, 0x200007fd, &(0x7f0000000100)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r3, 0x1, 0x8, &(0x7f0000000000), 0x9f) recvmsg(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000840)=""/4096, 0x1000}, {&(0x7f0000001840)=""/4096, 0x1000}, {0x0}], 0x3}, 0x300) splice(r0, 0x0, r1, 0x0, 0xfffd, 0x0) [ 673.684809][ T28] audit: type=1804 audit(1590300728.664:150): pid=17938 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir182037091/syzkaller.fFo22x/350/file0/bus" dev="loop2" ino=94 res=1 06:12:08 executing program 1: pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_kcm_SIOCKCMATTACH(0xffffffffffffffff, 0x89e0, 0x0) vmsplice(r1, &(0x7f00000000c0), 0x0, 0x1) readv(r0, &(0x7f00000001c0)=[{0x0}], 0x1) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$VT_WAITACTIVE(0xffffffffffffffff, 0x5607) close(r1) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x80000000000002, &(0x7f0000000800)=0x16c, 0x4) setsockopt$inet_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f0000000480)={@in={{0x2, 0x0, @local}}, 0x0, 0x20000000005, 0x2}, 0xd8) bind$inet(r3, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r3, 0x0, 0x0, 0x200007fd, &(0x7f0000000100)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r3, 0x1, 0x8, &(0x7f0000000000), 0x9f) recvmsg(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000840)=""/4096, 0x1000}, {&(0x7f0000001840)=""/4096, 0x1000}, {0x0}], 0x3}, 0x300) splice(r0, 0x0, r1, 0x0, 0xfffd, 0x0) 06:12:08 executing program 1: pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_kcm_SIOCKCMATTACH(0xffffffffffffffff, 0x89e0, 0x0) vmsplice(r1, &(0x7f00000000c0), 0x0, 0x1) readv(r0, &(0x7f00000001c0)=[{0x0}], 0x1) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$VT_WAITACTIVE(0xffffffffffffffff, 0x5607) close(r1) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x80000000000002, &(0x7f0000000800)=0x16c, 0x4) setsockopt$inet_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f0000000480)={@in={{0x2, 0x0, @local}}, 0x0, 0x20000000005, 0x2}, 0xd8) bind$inet(r3, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r3, 0x0, 0x0, 0x200007fd, &(0x7f0000000100)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r3, 0x1, 0x8, &(0x7f0000000000), 0x9f) recvmsg(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000840)=""/4096, 0x1000}, {&(0x7f0000001840)=""/4096, 0x1000}, {0x0}], 0x3}, 0x300) splice(r0, 0x0, r1, 0x0, 0xfffd, 0x0) [ 673.771463][ T28] audit: type=1804 audit(1590300728.754:151): pid=17953 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir182037091/syzkaller.fFo22x/350/file0/bus" dev="loop2" ino=94 res=1 06:12:08 executing program 1: pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_kcm_SIOCKCMATTACH(0xffffffffffffffff, 0x89e0, 0x0) vmsplice(r1, &(0x7f00000000c0)=[{0x0}], 0x1, 0x1) readv(r0, &(0x7f00000001c0)=[{0x0}], 0x1) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$VT_WAITACTIVE(0xffffffffffffffff, 0x5607) close(r1) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x80000000000002, &(0x7f0000000800)=0x16c, 0x4) setsockopt$inet_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f0000000480)={@in={{0x2, 0x0, @local}}, 0x0, 0x20000000005, 0x2}, 0xd8) bind$inet(r3, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r3, 0x0, 0x0, 0x200007fd, &(0x7f0000000100)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r3, 0x1, 0x8, &(0x7f0000000000), 0x9f) recvmsg(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000840)=""/4096, 0x1000}, {&(0x7f0000001840)=""/4096, 0x1000}, {0x0}], 0x3}, 0x300) splice(r0, 0x0, r1, 0x0, 0xfffd, 0x0) 06:12:08 executing program 1: pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_kcm_SIOCKCMATTACH(0xffffffffffffffff, 0x89e0, 0x0) vmsplice(r1, &(0x7f00000000c0)=[{0x0}], 0x1, 0x1) readv(r0, &(0x7f00000001c0)=[{0x0}], 0x1) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$VT_WAITACTIVE(0xffffffffffffffff, 0x5607) close(r1) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x80000000000002, &(0x7f0000000800)=0x16c, 0x4) setsockopt$inet_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f0000000480)={@in={{0x2, 0x0, @local}}, 0x0, 0x20000000005, 0x2}, 0xd8) bind$inet(r3, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r3, 0x0, 0x0, 0x200007fd, &(0x7f0000000100)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r3, 0x1, 0x8, &(0x7f0000000000), 0x9f) recvmsg(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000840)=""/4096, 0x1000}, {&(0x7f0000001840)=""/4096, 0x1000}, {0x0}], 0x3}, 0x300) splice(r0, 0x0, r1, 0x0, 0xfffd, 0x0) [ 674.443249][T16016] attempt to access beyond end of device [ 674.451162][T16016] loop2: rw=1, want=3553, limit=63 [ 674.461395][T16016] attempt to access beyond end of device [ 674.467119][T16016] loop2: rw=1, want=5601, limit=63 [ 674.476331][T16016] attempt to access beyond end of device [ 674.483066][T16016] loop2: rw=1, want=7777, limit=63 [ 674.492854][T16016] attempt to access beyond end of device [ 674.498740][T16016] loop2: rw=1, want=9825, limit=63 [ 674.508371][T16016] attempt to access beyond end of device [ 674.514011][T16016] loop2: rw=1, want=11873, limit=63 [ 674.523747][T16016] attempt to access beyond end of device [ 674.529543][T16016] loop2: rw=1, want=13929, limit=63 [ 674.536799][T16016] attempt to access beyond end of device [ 674.542440][T16016] loop2: rw=1, want=14333, limit=63 06:12:11 executing program 1: pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_kcm_SIOCKCMATTACH(0xffffffffffffffff, 0x89e0, 0x0) vmsplice(r1, &(0x7f00000000c0)=[{0x0}], 0x1, 0x1) readv(r0, &(0x7f00000001c0)=[{0x0}], 0x1) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$VT_WAITACTIVE(0xffffffffffffffff, 0x5607) close(r1) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x80000000000002, &(0x7f0000000800)=0x16c, 0x4) setsockopt$inet_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f0000000480)={@in={{0x2, 0x0, @local}}, 0x0, 0x20000000005, 0x2}, 0xd8) bind$inet(r3, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r3, 0x0, 0x0, 0x200007fd, &(0x7f0000000100)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r3, 0x1, 0x8, &(0x7f0000000000), 0x9f) recvmsg(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000840)=""/4096, 0x1000}, {&(0x7f0000001840)=""/4096, 0x1000}, {0x0}], 0x3}, 0x300) splice(r0, 0x0, r1, 0x0, 0xfffd, 0x0) 06:12:11 executing program 5: socketpair$unix(0x1, 0x5, 0x0, 0x0) r0 = dup2(0xffffffffffffffff, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r1, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102385, 0x18ff1}], 0x3, 0x0, 0x0, 0x0) tkill(r1, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @ext={0x2a, &(0x7f00000193c0)="f7f258480aa42220e779e70076cc036a2a160500000032a56f7259e480249950f34c6aa172903acab906"}}], 0x1c) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r1, 0x0, 0x0) 06:12:11 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{0x0}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102385, 0x18ff1}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x128, &(0x7f00000193c0)="f7f258480aa4ce20d179e70076cc036a2a1605000000320800000000000000a172903acab90671ffbb70cef20d945aa586d65a3d7f02224c14f1bdd7d464089414700000000000d384d29308f038cb863cce9acc92b74162953f799a801e4f0a49bd983a793d0f756d427b702ca97d7ba31392f173f30271fa144340a90d74208ee26834d00e37642d03645ffbe9e50affba1233832cbf4882a813cb286fcf95f9db2dd885905284f167992356c7667b5f2e5dddb33f7b43e9988f2c5ebe21e47dc96e22e3d9b9a00a153f2534b2302c88a1d58ac9defdb908981b674ae9470a1a00c47bcc6f9b2d875f101167322be2bfef76a9d17317abc90ab10880ef5ae883053823dc9c2a67c1b51cbcc45af13b649a7d860df49873b7d80b1caaae549e581dd3c8d960320a"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 06:12:11 executing program 2: prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setattr(r0, 0x0, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) vmsplice(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x9}, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sched_setattr(0x0, &(0x7f0000000180)={0x38, 0x1, 0x0, 0x0, 0x3}, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000000200)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r2 = open(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) fchdir(r2) r3 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ftruncate(r3, 0x800) lseek(r3, 0x0, 0x2) r4 = open(&(0x7f0000001840)='./bus\x00', 0x80, 0x0) sendfile(r3, r4, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0xa0) 06:12:11 executing program 1: pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_kcm_SIOCKCMATTACH(0xffffffffffffffff, 0x89e0, 0x0) vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)}], 0x1, 0x1) readv(r0, &(0x7f00000001c0)=[{0x0}], 0x1) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$VT_WAITACTIVE(0xffffffffffffffff, 0x5607) close(r1) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x80000000000002, &(0x7f0000000800)=0x16c, 0x4) setsockopt$inet_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f0000000480)={@in={{0x2, 0x0, @local}}, 0x0, 0x20000000005, 0x2}, 0xd8) bind$inet(r3, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r3, 0x0, 0x0, 0x200007fd, &(0x7f0000000100)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r3, 0x1, 0x8, &(0x7f0000000000), 0x9f) recvmsg(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000840)=""/4096, 0x1000}, {&(0x7f0000001840)=""/4096, 0x1000}, {0x0}], 0x3}, 0x300) splice(r0, 0x0, r1, 0x0, 0xfffd, 0x0) 06:12:11 executing program 0: sendmmsg$inet(0xffffffffffffffff, &(0x7f0000000080)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000380)}}], 0x1, 0x0) r0 = gettid() prctl$PR_SET_PTRACER(0x59616d61, r0) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000740)="0f34", 0x2}], 0x1, 0x0) ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f00000000c0)={@mcast2, 0xe}) ptrace$setopts(0x4206, r1, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000140)=""/71, 0x47}], 0x3, 0x0, 0x0, 0x0) tkill(r1, 0x3c) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r1, 0x0, 0x0) 06:12:11 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102385, 0x18ff1}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x0) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0xfd, &(0x7f00000193c0)="f7f258480aa4ce20d179e70076cc036a2a1605000000320800000000000000a172903acab90671ffbb70cef20d945aa586d65a3d7f02224c14f1bdd7d464089414700000000000d384d29308f038cb863cce9acc92b74162953f799a801e4f0a49bd983a793d0f756d427b702ca97d7ba31392f173f30271fa144340a90d74208ee26834d00e37642d03645ffbe9e50affba1233832cbf4882a813cb286fcf95f9db2dd885905284f167992356c7667b5f2e5dddb33f7b43e9988f2c5ebe21e47dc96e22e3d9b9a00a153f2534b2302c88a1d58ac9defdb908981b674ae9470a1a00c47bcc6f9b2d875f101167322be2bfef76a9d17317abc90ab10880"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 06:12:11 executing program 1: pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_kcm_SIOCKCMATTACH(0xffffffffffffffff, 0x89e0, 0x0) vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)}], 0x1, 0x1) readv(r0, &(0x7f00000001c0)=[{0x0}], 0x1) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$VT_WAITACTIVE(0xffffffffffffffff, 0x5607) close(r1) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x80000000000002, &(0x7f0000000800)=0x16c, 0x4) setsockopt$inet_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f0000000480)={@in={{0x2, 0x0, @local}}, 0x0, 0x20000000005, 0x2}, 0xd8) bind$inet(r3, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r3, 0x0, 0x0, 0x200007fd, &(0x7f0000000100)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r3, 0x1, 0x8, &(0x7f0000000000), 0x9f) recvmsg(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000840)=""/4096, 0x1000}, {&(0x7f0000001840)=""/4096, 0x1000}, {0x0}], 0x3}, 0x300) splice(r0, 0x0, r1, 0x0, 0xfffd, 0x0) [ 676.829539][ T28] audit: type=1804 audit(1590300731.814:152): pid=17996 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir182037091/syzkaller.fFo22x/351/file0/bus" dev="loop2" ino=95 res=1 06:12:11 executing program 1: pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_kcm_SIOCKCMATTACH(0xffffffffffffffff, 0x89e0, 0x0) vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)}], 0x1, 0x1) readv(r0, &(0x7f00000001c0)=[{0x0}], 0x1) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$VT_WAITACTIVE(0xffffffffffffffff, 0x5607) close(r1) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x80000000000002, &(0x7f0000000800)=0x16c, 0x4) setsockopt$inet_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f0000000480)={@in={{0x2, 0x0, @local}}, 0x0, 0x20000000005, 0x2}, 0xd8) bind$inet(r3, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r3, 0x0, 0x0, 0x200007fd, &(0x7f0000000100)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r3, 0x1, 0x8, &(0x7f0000000000), 0x9f) recvmsg(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000840)=""/4096, 0x1000}, {&(0x7f0000001840)=""/4096, 0x1000}, {0x0}], 0x3}, 0x300) splice(r0, 0x0, r1, 0x0, 0xfffd, 0x0) [ 676.920286][ T28] audit: type=1804 audit(1590300731.874:153): pid=18001 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir182037091/syzkaller.fFo22x/351/file0/bus" dev="loop2" ino=95 res=1 06:12:12 executing program 1: pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_kcm_SIOCKCMATTACH(0xffffffffffffffff, 0x89e0, 0x0) vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcf", 0x5}], 0x1, 0x1) readv(r0, &(0x7f00000001c0)=[{0x0}], 0x1) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$VT_WAITACTIVE(0xffffffffffffffff, 0x5607) close(r1) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x80000000000002, &(0x7f0000000800)=0x16c, 0x4) setsockopt$inet_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f0000000480)={@in={{0x2, 0x0, @local}}, 0x0, 0x20000000005, 0x2}, 0xd8) bind$inet(r3, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r3, 0x0, 0x0, 0x200007fd, &(0x7f0000000100)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r3, 0x1, 0x8, &(0x7f0000000000), 0x9f) recvmsg(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000840)=""/4096, 0x1000}, {&(0x7f0000001840)=""/4096, 0x1000}, {0x0}], 0x3}, 0x300) splice(r0, 0x0, r1, 0x0, 0xfffd, 0x0) 06:12:12 executing program 1: pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_kcm_SIOCKCMATTACH(0xffffffffffffffff, 0x89e0, 0x0) vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcf", 0x5}], 0x1, 0x1) readv(r0, &(0x7f00000001c0)=[{0x0}], 0x1) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$VT_WAITACTIVE(0xffffffffffffffff, 0x5607) close(r1) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x80000000000002, &(0x7f0000000800)=0x16c, 0x4) setsockopt$inet_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f0000000480)={@in={{0x2, 0x0, @local}}, 0x0, 0x20000000005, 0x2}, 0xd8) bind$inet(r3, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r3, 0x0, 0x0, 0x200007fd, &(0x7f0000000100)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r3, 0x1, 0x8, &(0x7f0000000000), 0x9f) recvmsg(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000840)=""/4096, 0x1000}, {&(0x7f0000001840)=""/4096, 0x1000}, {0x0}], 0x3}, 0x300) splice(r0, 0x0, r1, 0x0, 0xfffd, 0x0) 06:12:12 executing program 1: pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_kcm_SIOCKCMATTACH(0xffffffffffffffff, 0x89e0, 0x0) vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcf", 0x5}], 0x1, 0x1) readv(r0, &(0x7f00000001c0)=[{0x0}], 0x1) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$VT_WAITACTIVE(0xffffffffffffffff, 0x5607) close(r1) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x80000000000002, &(0x7f0000000800)=0x16c, 0x4) setsockopt$inet_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f0000000480)={@in={{0x2, 0x0, @local}}, 0x0, 0x20000000005, 0x2}, 0xd8) bind$inet(r3, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r3, 0x0, 0x0, 0x200007fd, &(0x7f0000000100)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r3, 0x1, 0x8, &(0x7f0000000000), 0x9f) recvmsg(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000840)=""/4096, 0x1000}, {&(0x7f0000001840)=""/4096, 0x1000}, {0x0}], 0x3}, 0x300) splice(r0, 0x0, r1, 0x0, 0xfffd, 0x0) 06:12:12 executing program 1: pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_kcm_SIOCKCMATTACH(0xffffffffffffffff, 0x89e0, 0x0) vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb", 0x8}], 0x1, 0x1) readv(r0, &(0x7f00000001c0)=[{0x0}], 0x1) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$VT_WAITACTIVE(0xffffffffffffffff, 0x5607) close(r1) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x80000000000002, &(0x7f0000000800)=0x16c, 0x4) setsockopt$inet_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f0000000480)={@in={{0x2, 0x0, @local}}, 0x0, 0x20000000005, 0x2}, 0xd8) bind$inet(r3, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r3, 0x0, 0x0, 0x200007fd, &(0x7f0000000100)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r3, 0x1, 0x8, &(0x7f0000000000), 0x9f) recvmsg(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000840)=""/4096, 0x1000}, {&(0x7f0000001840)=""/4096, 0x1000}, {0x0}], 0x3}, 0x300) splice(r0, 0x0, r1, 0x0, 0xfffd, 0x0) [ 677.601377][ T169] attempt to access beyond end of device [ 677.608674][ T169] loop2: rw=1, want=3929, limit=63 [ 677.631301][ T169] attempt to access beyond end of device [ 677.649106][ T169] loop2: rw=1, want=5977, limit=63 [ 677.669556][ T169] attempt to access beyond end of device [ 677.675719][ T169] loop2: rw=1, want=8025, limit=63 [ 677.685900][ T169] attempt to access beyond end of device [ 677.691596][ T169] loop2: rw=1, want=10073, limit=63 [ 677.701852][ T169] attempt to access beyond end of device [ 677.707579][ T169] loop2: rw=1, want=12121, limit=63 [ 677.717540][ T169] attempt to access beyond end of device [ 677.723207][ T169] loop2: rw=1, want=14169, limit=63 [ 677.732623][ T169] attempt to access beyond end of device [ 677.738308][ T169] loop2: rw=1, want=16277, limit=63 06:12:14 executing program 5: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r1 = dup2(0xffffffffffffffff, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r2, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102385, 0x18ff1}], 0x3, 0x0, 0x0, 0x0) tkill(r2, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @ext={0x2a, &(0x7f00000193c0)="f7f258480aa42220e779e70076cc036a2a160500000032a56f7259e480249950f34c6aa172903acab906"}}], 0x1c) ptrace$setregs(0xd, r2, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r2, 0x0, 0x0) 06:12:14 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{0x0}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102385, 0x18ff1}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x128, &(0x7f00000193c0)="f7f258480aa4ce20d179e70076cc036a2a1605000000320800000000000000a172903acab90671ffbb70cef20d945aa586d65a3d7f02224c14f1bdd7d464089414700000000000d384d29308f038cb863cce9acc92b74162953f799a801e4f0a49bd983a793d0f756d427b702ca97d7ba31392f173f30271fa144340a90d74208ee26834d00e37642d03645ffbe9e50affba1233832cbf4882a813cb286fcf95f9db2dd885905284f167992356c7667b5f2e5dddb33f7b43e9988f2c5ebe21e47dc96e22e3d9b9a00a153f2534b2302c88a1d58ac9defdb908981b674ae9470a1a00c47bcc6f9b2d875f101167322be2bfef76a9d17317abc90ab10880ef5ae883053823dc9c2a67c1b51cbcc45af13b649a7d860df49873b7d80b1caaae549e581dd3c8d960320a"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 06:12:14 executing program 1: pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_kcm_SIOCKCMATTACH(0xffffffffffffffff, 0x89e0, 0x0) vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb", 0x8}], 0x1, 0x1) readv(r0, &(0x7f00000001c0)=[{0x0}], 0x1) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$VT_WAITACTIVE(0xffffffffffffffff, 0x5607) close(r1) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x80000000000002, &(0x7f0000000800)=0x16c, 0x4) setsockopt$inet_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f0000000480)={@in={{0x2, 0x0, @local}}, 0x0, 0x20000000005, 0x2}, 0xd8) bind$inet(r3, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r3, 0x0, 0x0, 0x200007fd, &(0x7f0000000100)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r3, 0x1, 0x8, &(0x7f0000000000), 0x9f) recvmsg(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000840)=""/4096, 0x1000}, {&(0x7f0000001840)=""/4096, 0x1000}, {0x0}], 0x3}, 0x300) splice(r0, 0x0, r1, 0x0, 0xfffd, 0x0) 06:12:14 executing program 2: prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setattr(r0, 0x0, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) vmsplice(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x9}, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sched_setattr(0x0, &(0x7f0000000180)={0x38, 0x1, 0x0, 0x0, 0x3}, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000000200)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r2 = open(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) fchdir(r2) r3 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ftruncate(r3, 0x800) lseek(r3, 0x0, 0x2) r4 = open(&(0x7f0000001840)='./bus\x00', 0x80, 0x0) sendfile(r3, r4, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0xa0) 06:12:14 executing program 5: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r1 = dup2(0xffffffffffffffff, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r2, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102385, 0x18ff1}], 0x3, 0x0, 0x0, 0x0) tkill(r2, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @ext={0x2a, &(0x7f00000193c0)="f7f258480aa42220e779e70076cc036a2a160500000032a56f7259e480249950f34c6aa172903acab906"}}], 0x1c) ptrace$setregs(0xd, r2, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r2, 0x0, 0x0) 06:12:14 executing program 0: sendmmsg$inet(0xffffffffffffffff, &(0x7f0000000080)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0, 0xfffffd6b, &(0x7f0000000380)}}], 0x2, 0x0) gettid() prctl$PR_SET_PTRACER(0x59616d61, 0x0) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000740)="0f34", 0x2}], 0x1, 0x0) ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f00000000c0)={@mcast2, 0xe}) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000140)=""/71, 0x47}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r0, 0x0, 0x0) 06:12:14 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102385, 0x18ff1}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x0) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0xfd, &(0x7f00000193c0)="f7f258480aa4ce20d179e70076cc036a2a1605000000320800000000000000a172903acab90671ffbb70cef20d945aa586d65a3d7f02224c14f1bdd7d464089414700000000000d384d29308f038cb863cce9acc92b74162953f799a801e4f0a49bd983a793d0f756d427b702ca97d7ba31392f173f30271fa144340a90d74208ee26834d00e37642d03645ffbe9e50affba1233832cbf4882a813cb286fcf95f9db2dd885905284f167992356c7667b5f2e5dddb33f7b43e9988f2c5ebe21e47dc96e22e3d9b9a00a153f2534b2302c88a1d58ac9defdb908981b674ae9470a1a00c47bcc6f9b2d875f101167322be2bfef76a9d17317abc90ab10880"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 06:12:14 executing program 0: sendmmsg$inet(0xffffffffffffffff, &(0x7f0000000080)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0, 0xfffffd6b, &(0x7f0000000380)}}], 0x2, 0x0) gettid() prctl$PR_SET_PTRACER(0x59616d61, 0x0) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000740)="0f34", 0x2}], 0x1, 0x0) ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f00000000c0)={@mcast2, 0xe}) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000140)=""/71, 0x47}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r0, 0x0, 0x0) [ 679.835630][T18037] ptrace attach of "/root/syz-executor.0"[18034] was attempted by "/root/syz-executor.0"[18037] 06:12:14 executing program 1: pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_kcm_SIOCKCMATTACH(0xffffffffffffffff, 0x89e0, 0x0) vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb", 0x8}], 0x1, 0x1) readv(r0, &(0x7f00000001c0)=[{0x0}], 0x1) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$VT_WAITACTIVE(0xffffffffffffffff, 0x5607) close(r1) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x80000000000002, &(0x7f0000000800)=0x16c, 0x4) setsockopt$inet_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f0000000480)={@in={{0x2, 0x0, @local}}, 0x0, 0x20000000005, 0x2}, 0xd8) bind$inet(r3, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r3, 0x0, 0x0, 0x200007fd, &(0x7f0000000100)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r3, 0x1, 0x8, &(0x7f0000000000), 0x9f) recvmsg(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000840)=""/4096, 0x1000}, {&(0x7f0000001840)=""/4096, 0x1000}, {0x0}], 0x3}, 0x300) splice(r0, 0x0, r1, 0x0, 0xfffd, 0x0) [ 679.934939][ T28] audit: type=1804 audit(1590300734.914:154): pid=18043 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir182037091/syzkaller.fFo22x/352/file0/bus" dev="loop2" ino=96 res=1 [ 679.953132][T18052] ptrace attach of "/root/syz-executor.0"[18051] was attempted by "/root/syz-executor.0"[18052] 06:12:15 executing program 0: sendmmsg$inet(0xffffffffffffffff, &(0x7f0000000080)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0, 0xfffffd6b, &(0x7f0000000380)}}], 0x2, 0x0) gettid() prctl$PR_SET_PTRACER(0x59616d61, 0x0) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000740)="0f34", 0x2}], 0x1, 0x0) ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f00000000c0)={@mcast2, 0xe}) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000140)=""/71, 0x47}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r0, 0x0, 0x0) [ 679.985995][ T28] audit: type=1804 audit(1590300734.964:155): pid=18054 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir182037091/syzkaller.fFo22x/352/file0/bus" dev="loop2" ino=96 res=1 06:12:15 executing program 1: pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_kcm_SIOCKCMATTACH(0xffffffffffffffff, 0x89e0, 0x0) vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66", 0x9}], 0x1, 0x1) readv(r0, &(0x7f00000001c0)=[{0x0}], 0x1) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$VT_WAITACTIVE(0xffffffffffffffff, 0x5607) close(r1) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x80000000000002, &(0x7f0000000800)=0x16c, 0x4) setsockopt$inet_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f0000000480)={@in={{0x2, 0x0, @local}}, 0x0, 0x20000000005, 0x2}, 0xd8) bind$inet(r3, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r3, 0x0, 0x0, 0x200007fd, &(0x7f0000000100)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r3, 0x1, 0x8, &(0x7f0000000000), 0x9f) recvmsg(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000840)=""/4096, 0x1000}, {&(0x7f0000001840)=""/4096, 0x1000}, {0x0}], 0x3}, 0x300) splice(r0, 0x0, r1, 0x0, 0xfffd, 0x0) 06:12:15 executing program 1: pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_kcm_SIOCKCMATTACH(0xffffffffffffffff, 0x89e0, 0x0) vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66", 0x9}], 0x1, 0x1) readv(r0, &(0x7f00000001c0)=[{0x0}], 0x1) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$VT_WAITACTIVE(0xffffffffffffffff, 0x5607) close(r1) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x80000000000002, &(0x7f0000000800)=0x16c, 0x4) setsockopt$inet_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f0000000480)={@in={{0x2, 0x0, @local}}, 0x0, 0x20000000005, 0x2}, 0xd8) bind$inet(r3, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r3, 0x0, 0x0, 0x200007fd, &(0x7f0000000100)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r3, 0x1, 0x8, &(0x7f0000000000), 0x9f) recvmsg(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000840)=""/4096, 0x1000}, {&(0x7f0000001840)=""/4096, 0x1000}, {0x0}], 0x3}, 0x300) splice(r0, 0x0, r1, 0x0, 0xfffd, 0x0) 06:12:15 executing program 0: sendmmsg$inet(0xffffffffffffffff, &(0x7f0000000080)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0, 0xfffffd6b, &(0x7f0000000380)}}], 0x2, 0x0) r0 = gettid() prctl$PR_SET_PTRACER(0x59616d61, r0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000740)="0f34", 0x2}], 0x1, 0x0) ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f00000000c0)={@mcast2, 0xe}) ptrace$setopts(0x4206, r1, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000140)=""/71, 0x47}], 0x3, 0x0, 0x0, 0x0) tkill(r1, 0x3c) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r1, 0x0, 0x0) [ 680.116631][T18062] ptrace attach of "/root/syz-executor.0"[18061] was attempted by "/root/syz-executor.0"[18062] [ 680.658656][T16016] attempt to access beyond end of device [ 680.664483][T16016] loop2: rw=1, want=2925, limit=63 [ 680.675201][T16016] attempt to access beyond end of device [ 680.681941][T16016] loop2: rw=1, want=5085, limit=63 [ 680.691747][T16016] attempt to access beyond end of device [ 680.698962][T16016] loop2: rw=1, want=7133, limit=63 [ 680.709239][T16016] attempt to access beyond end of device [ 680.714982][T16016] loop2: rw=1, want=9181, limit=63 [ 680.725197][T16016] attempt to access beyond end of device [ 680.731307][T16016] loop2: rw=1, want=11229, limit=63 [ 680.741117][T16016] attempt to access beyond end of device [ 680.747188][T16016] loop2: rw=1, want=13277, limit=63 [ 680.754136][T16016] attempt to access beyond end of device [ 680.760390][T16016] loop2: rw=1, want=13577, limit=63 06:12:17 executing program 0: sendmmsg$inet(0xffffffffffffffff, &(0x7f0000000080)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0, 0xfffffd6b, &(0x7f0000000380)}}], 0x2, 0x0) r0 = gettid() prctl$PR_SET_PTRACER(0x59616d61, r0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000740)="0f34", 0x2}], 0x1, 0x0) ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f00000000c0)={@mcast2, 0xe}) ptrace$setopts(0x4206, r1, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000140)=""/71, 0x47}], 0x3, 0x0, 0x0, 0x0) tkill(r1, 0x3c) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r1, 0x0, 0x0) 06:12:17 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102385, 0x18ff1}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x128, &(0x7f00000193c0)="f7f258480aa4ce20d179e70076cc036a2a1605000000320800000000000000a172903acab90671ffbb70cef20d945aa586d65a3d7f02224c14f1bdd7d464089414700000000000d384d29308f038cb863cce9acc92b74162953f799a801e4f0a49bd983a793d0f756d427b702ca97d7ba31392f173f30271fa144340a90d74208ee26834d00e37642d03645ffbe9e50affba1233832cbf4882a813cb286fcf95f9db2dd885905284f167992356c7667b5f2e5dddb33f7b43e9988f2c5ebe21e47dc96e22e3d9b9a00a153f2534b2302c88a1d58ac9defdb908981b674ae9470a1a00c47bcc6f9b2d875f101167322be2bfef76a9d17317abc90ab10880ef5ae883053823dc9c2a67c1b51cbcc45af13b649a7d860df49873b7d80b1caaae549e581dd3c8d960320a"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 06:12:17 executing program 1: pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_kcm_SIOCKCMATTACH(0xffffffffffffffff, 0x89e0, 0x0) vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66", 0x9}], 0x1, 0x1) readv(r0, &(0x7f00000001c0)=[{0x0}], 0x1) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$VT_WAITACTIVE(0xffffffffffffffff, 0x5607) close(r1) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x80000000000002, &(0x7f0000000800)=0x16c, 0x4) setsockopt$inet_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f0000000480)={@in={{0x2, 0x0, @local}}, 0x0, 0x20000000005, 0x2}, 0xd8) bind$inet(r3, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r3, 0x0, 0x0, 0x200007fd, &(0x7f0000000100)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r3, 0x1, 0x8, &(0x7f0000000000), 0x9f) recvmsg(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000840)=""/4096, 0x1000}, {&(0x7f0000001840)=""/4096, 0x1000}, {0x0}], 0x3}, 0x300) splice(r0, 0x0, r1, 0x0, 0xfffd, 0x0) 06:12:17 executing program 2: prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setattr(r0, 0x0, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) vmsplice(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x9}, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sched_setattr(0x0, &(0x7f0000000180)={0x38, 0x1, 0x0, 0x0, 0x3}, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000000200)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r2 = open(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) fchdir(r2) r3 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ftruncate(r3, 0x800) lseek(r3, 0x0, 0x2) r4 = open(&(0x7f0000001840)='./bus\x00', 0x80, 0x0) sendfile(r3, r4, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0xa0) 06:12:17 executing program 5: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r1 = dup2(0xffffffffffffffff, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r2, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102385, 0x18ff1}], 0x3, 0x0, 0x0, 0x0) tkill(r2, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @ext={0x2a, &(0x7f00000193c0)="f7f258480aa42220e779e70076cc036a2a160500000032a56f7259e480249950f34c6aa172903acab906"}}], 0x1c) ptrace$setregs(0xd, r2, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r2, 0x0, 0x0) 06:12:17 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102385, 0x18ff1}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x40) write$sndseq(0xffffffffffffffff, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 06:12:18 executing program 0: sendmmsg$inet(0xffffffffffffffff, &(0x7f0000000080)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0, 0xfffffd6b, &(0x7f0000000380)}}], 0x2, 0x0) r0 = gettid() prctl$PR_SET_PTRACER(0x59616d61, r0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000740)="0f34", 0x2}], 0x1, 0x0) ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f00000000c0)={@mcast2, 0xe}) ptrace$setopts(0x4206, r1, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000140)=""/71, 0x47}], 0x3, 0x0, 0x0, 0x0) tkill(r1, 0x3c) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r1, 0x0, 0x0) 06:12:18 executing program 1: pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_kcm_SIOCKCMATTACH(0xffffffffffffffff, 0x89e0, 0x0) vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xa}], 0x1, 0x0) readv(r0, &(0x7f00000001c0)=[{0x0}], 0x1) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$VT_WAITACTIVE(0xffffffffffffffff, 0x5607) close(r1) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x80000000000002, &(0x7f0000000800)=0x16c, 0x4) setsockopt$inet_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f0000000480)={@in={{0x2, 0x0, @local}}, 0x0, 0x20000000005, 0x2}, 0xd8) bind$inet(r3, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r3, 0x0, 0x0, 0x200007fd, &(0x7f0000000100)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r3, 0x1, 0x8, &(0x7f0000000000), 0x9f) recvmsg(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000840)=""/4096, 0x1000}, {&(0x7f0000001840)=""/4096, 0x1000}, {0x0}], 0x3}, 0x300) splice(r0, 0x0, r1, 0x0, 0xfffd, 0x0) [ 683.046097][ T28] audit: type=1804 audit(1590300738.024:156): pid=18096 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir182037091/syzkaller.fFo22x/353/file0/bus" dev="loop2" ino=97 res=1 06:12:18 executing program 1: pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_kcm_SIOCKCMATTACH(0xffffffffffffffff, 0x89e0, 0x0) vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xa}], 0x1, 0x0) readv(r0, &(0x7f00000001c0)=[{0x0}], 0x1) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$VT_WAITACTIVE(0xffffffffffffffff, 0x5607) close(r1) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x80000000000002, &(0x7f0000000800)=0x16c, 0x4) setsockopt$inet_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f0000000480)={@in={{0x2, 0x0, @local}}, 0x0, 0x20000000005, 0x2}, 0xd8) bind$inet(r3, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r3, 0x0, 0x0, 0x200007fd, &(0x7f0000000100)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r3, 0x1, 0x8, &(0x7f0000000000), 0x9f) recvmsg(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000840)=""/4096, 0x1000}, {&(0x7f0000001840)=""/4096, 0x1000}, {0x0}], 0x3}, 0x300) splice(r0, 0x0, r1, 0x0, 0xfffd, 0x0) [ 683.137131][ T28] audit: type=1804 audit(1590300738.074:157): pid=18096 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir182037091/syzkaller.fFo22x/353/file0/bus" dev="loop2" ino=97 res=1 06:12:18 executing program 1: pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_kcm_SIOCKCMATTACH(0xffffffffffffffff, 0x89e0, 0x0) vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xa}], 0x1, 0x0) readv(r0, &(0x7f00000001c0)=[{0x0}], 0x1) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$VT_WAITACTIVE(0xffffffffffffffff, 0x5607) close(r1) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x80000000000002, &(0x7f0000000800)=0x16c, 0x4) setsockopt$inet_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f0000000480)={@in={{0x2, 0x0, @local}}, 0x0, 0x20000000005, 0x2}, 0xd8) bind$inet(r3, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r3, 0x0, 0x0, 0x200007fd, &(0x7f0000000100)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r3, 0x1, 0x8, &(0x7f0000000000), 0x9f) recvmsg(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000840)=""/4096, 0x1000}, {&(0x7f0000001840)=""/4096, 0x1000}, {0x0}], 0x3}, 0x300) splice(r0, 0x0, r1, 0x0, 0xfffd, 0x0) 06:12:18 executing program 0: sendmmsg$inet(0xffffffffffffffff, &(0x7f0000000080)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0, 0xfffffd6b, &(0x7f0000000380)}}], 0x2, 0x0) r0 = gettid() prctl$PR_SET_PTRACER(0x59616d61, r0) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() wait4(0x0, 0x0, 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000740)="0f34", 0x2}], 0x1, 0x0) ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f00000000c0)={@mcast2, 0xe}) ptrace$setopts(0x4206, r1, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000140)=""/71, 0x47}], 0x3, 0x0, 0x0, 0x0) tkill(r1, 0x3c) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r1, 0x0, 0x0) 06:12:18 executing program 1: pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_kcm_SIOCKCMATTACH(0xffffffffffffffff, 0x89e0, 0x0) vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1) readv(0xffffffffffffffff, &(0x7f00000001c0)=[{0x0}], 0x1) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$VT_WAITACTIVE(0xffffffffffffffff, 0x5607) close(r1) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x80000000000002, &(0x7f0000000800)=0x16c, 0x4) setsockopt$inet_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f0000000480)={@in={{0x2, 0x0, @local}}, 0x0, 0x20000000005, 0x2}, 0xd8) bind$inet(r3, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r3, 0x0, 0x0, 0x200007fd, &(0x7f0000000100)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r3, 0x1, 0x8, &(0x7f0000000000), 0x9f) recvmsg(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000840)=""/4096, 0x1000}, {&(0x7f0000001840)=""/4096, 0x1000}, {0x0}], 0x3}, 0x300) splice(r0, 0x0, r1, 0x0, 0xfffd, 0x0) 06:12:18 executing program 0: sendmmsg$inet(0xffffffffffffffff, &(0x7f0000000080)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0, 0xfffffd6b, &(0x7f0000000380)}}], 0x2, 0x0) r0 = gettid() prctl$PR_SET_PTRACER(0x59616d61, r0) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() wait4(0x0, 0x0, 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000740)="0f34", 0x2}], 0x1, 0x0) ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f00000000c0)={@mcast2, 0xe}) ptrace$setopts(0x4206, r1, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000140)=""/71, 0x47}], 0x3, 0x0, 0x0, 0x0) tkill(r1, 0x3c) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r1, 0x0, 0x0) 06:12:21 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102385, 0x18ff1}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x128, &(0x7f00000193c0)="f7f258480aa4ce20d179e70076cc036a2a1605000000320800000000000000a172903acab90671ffbb70cef20d945aa586d65a3d7f02224c14f1bdd7d464089414700000000000d384d29308f038cb863cce9acc92b74162953f799a801e4f0a49bd983a793d0f756d427b702ca97d7ba31392f173f30271fa144340a90d74208ee26834d00e37642d03645ffbe9e50affba1233832cbf4882a813cb286fcf95f9db2dd885905284f167992356c7667b5f2e5dddb33f7b43e9988f2c5ebe21e47dc96e22e3d9b9a00a153f2534b2302c88a1d58ac9defdb908981b674ae9470a1a00c47bcc6f9b2d875f101167322be2bfef76a9d17317abc90ab10880ef5ae883053823dc9c2a67c1b51cbcc45af13b649a7d860df49873b7d80b1caaae549e581dd3c8d960320a"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 06:12:21 executing program 0: sendmmsg$inet(0xffffffffffffffff, &(0x7f0000000080)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0, 0xfffffd6b, &(0x7f0000000380)}}], 0x2, 0x0) r0 = gettid() prctl$PR_SET_PTRACER(0x59616d61, r0) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() wait4(0x0, 0x0, 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000740)="0f34", 0x2}], 0x1, 0x0) ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f00000000c0)={@mcast2, 0xe}) ptrace$setopts(0x4206, r1, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000140)=""/71, 0x47}], 0x3, 0x0, 0x0, 0x0) tkill(r1, 0x3c) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r1, 0x0, 0x0) 06:12:21 executing program 1: pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_kcm_SIOCKCMATTACH(0xffffffffffffffff, 0x89e0, 0x0) vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1) readv(0xffffffffffffffff, &(0x7f00000001c0)=[{0x0}], 0x1) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$VT_WAITACTIVE(0xffffffffffffffff, 0x5607) close(r1) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x80000000000002, &(0x7f0000000800)=0x16c, 0x4) setsockopt$inet_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f0000000480)={@in={{0x2, 0x0, @local}}, 0x0, 0x20000000005, 0x2}, 0xd8) bind$inet(r3, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r3, 0x0, 0x0, 0x200007fd, &(0x7f0000000100)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r3, 0x1, 0x8, &(0x7f0000000000), 0x9f) recvmsg(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000840)=""/4096, 0x1000}, {&(0x7f0000001840)=""/4096, 0x1000}, {0x0}], 0x3}, 0x300) splice(r0, 0x0, r1, 0x0, 0xfffd, 0x0) 06:12:21 executing program 2: prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setattr(r0, 0x0, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x9}, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sched_setattr(0x0, &(0x7f0000000180)={0x38, 0x1, 0x0, 0x0, 0x3}, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000000200)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r2 = open(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) fchdir(r2) r3 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ftruncate(r3, 0x800) lseek(r3, 0x0, 0x2) r4 = open(&(0x7f0000001840)='./bus\x00', 0x80, 0x0) sendfile(r3, r4, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0xa0) 06:12:21 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102385, 0x18ff1}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x40) write$sndseq(0xffffffffffffffff, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 06:12:21 executing program 5: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r1 = dup2(r0, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r2, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102385, 0x18ff1}], 0x3, 0x0, 0x0, 0x0) tkill(r2, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @ext={0x2a, &(0x7f00000193c0)="f7f258480aa42220e779e70076cc036a2a160500000032a56f7259e480249950f34c6aa172903acab906"}}], 0x1c) ptrace$setregs(0xd, r2, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r2, 0x0, 0x0) 06:12:21 executing program 0: sendmmsg$inet(0xffffffffffffffff, &(0x7f0000000080)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0, 0xfffffd6b, &(0x7f0000000380)}}], 0x2, 0x0) r0 = gettid() prctl$PR_SET_PTRACER(0x59616d61, r0) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) vmsplice(0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f00000000c0)={@mcast2, 0xe}) ptrace$setopts(0x4206, r1, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000140)=""/71, 0x47}], 0x3, 0x0, 0x0, 0x0) tkill(r1, 0x3c) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r1, 0x0, 0x0) 06:12:21 executing program 1: pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_kcm_SIOCKCMATTACH(0xffffffffffffffff, 0x89e0, 0x0) vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1) readv(0xffffffffffffffff, &(0x7f00000001c0)=[{0x0}], 0x1) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$VT_WAITACTIVE(0xffffffffffffffff, 0x5607) close(r1) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x80000000000002, &(0x7f0000000800)=0x16c, 0x4) setsockopt$inet_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f0000000480)={@in={{0x2, 0x0, @local}}, 0x0, 0x20000000005, 0x2}, 0xd8) bind$inet(r3, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r3, 0x0, 0x0, 0x200007fd, &(0x7f0000000100)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r3, 0x1, 0x8, &(0x7f0000000000), 0x9f) recvmsg(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000840)=""/4096, 0x1000}, {&(0x7f0000001840)=""/4096, 0x1000}, {0x0}], 0x3}, 0x300) splice(r0, 0x0, r1, 0x0, 0xfffd, 0x0) [ 686.146929][ T28] audit: type=1804 audit(1590300741.135:158): pid=18141 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir182037091/syzkaller.fFo22x/354/file0/bus" dev="loop2" ino=98 res=1 [ 686.196385][ T28] audit: type=1804 audit(1590300741.175:159): pid=18152 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir182037091/syzkaller.fFo22x/354/file0/bus" dev="loop2" ino=98 res=1 06:12:21 executing program 1: pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_kcm_SIOCKCMATTACH(0xffffffffffffffff, 0x89e0, 0x0) vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1) readv(r0, 0x0, 0x0) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$VT_WAITACTIVE(0xffffffffffffffff, 0x5607) close(r1) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x80000000000002, &(0x7f0000000800)=0x16c, 0x4) setsockopt$inet_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f0000000480)={@in={{0x2, 0x0, @local}}, 0x0, 0x20000000005, 0x2}, 0xd8) bind$inet(r3, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r3, 0x0, 0x0, 0x200007fd, &(0x7f0000000100)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r3, 0x1, 0x8, &(0x7f0000000000), 0x9f) recvmsg(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000840)=""/4096, 0x1000}, {&(0x7f0000001840)=""/4096, 0x1000}, {0x0}], 0x3}, 0x300) splice(r0, 0x0, r1, 0x0, 0xfffd, 0x0) 06:12:21 executing program 1: pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_kcm_SIOCKCMATTACH(0xffffffffffffffff, 0x89e0, 0x0) vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1) readv(r0, 0x0, 0x0) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$VT_WAITACTIVE(0xffffffffffffffff, 0x5607) close(r1) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x80000000000002, &(0x7f0000000800)=0x16c, 0x4) setsockopt$inet_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f0000000480)={@in={{0x2, 0x0, @local}}, 0x0, 0x20000000005, 0x2}, 0xd8) bind$inet(r3, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r3, 0x0, 0x0, 0x200007fd, &(0x7f0000000100)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r3, 0x1, 0x8, &(0x7f0000000000), 0x9f) recvmsg(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000840)=""/4096, 0x1000}, {&(0x7f0000001840)=""/4096, 0x1000}, {0x0}], 0x3}, 0x300) splice(r0, 0x0, r1, 0x0, 0xfffd, 0x0) 06:12:21 executing program 1: pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_kcm_SIOCKCMATTACH(0xffffffffffffffff, 0x89e0, 0x0) vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1) readv(r0, 0x0, 0x0) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$VT_WAITACTIVE(0xffffffffffffffff, 0x5607) close(r1) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x80000000000002, &(0x7f0000000800)=0x16c, 0x4) setsockopt$inet_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f0000000480)={@in={{0x2, 0x0, @local}}, 0x0, 0x20000000005, 0x2}, 0xd8) bind$inet(r3, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r3, 0x0, 0x0, 0x200007fd, &(0x7f0000000100)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r3, 0x1, 0x8, &(0x7f0000000000), 0x9f) recvmsg(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000840)=""/4096, 0x1000}, {&(0x7f0000001840)=""/4096, 0x1000}, {0x0}], 0x3}, 0x300) splice(r0, 0x0, r1, 0x0, 0xfffd, 0x0) 06:12:21 executing program 1: pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_kcm_SIOCKCMATTACH(0xffffffffffffffff, 0x89e0, 0x0) vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1) readv(r0, &(0x7f00000001c0), 0x0) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$VT_WAITACTIVE(0xffffffffffffffff, 0x5607) close(r1) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x80000000000002, &(0x7f0000000800)=0x16c, 0x4) setsockopt$inet_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f0000000480)={@in={{0x2, 0x0, @local}}, 0x0, 0x20000000005, 0x2}, 0xd8) bind$inet(r3, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r3, 0x0, 0x0, 0x200007fd, &(0x7f0000000100)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r3, 0x1, 0x8, &(0x7f0000000000), 0x9f) recvmsg(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000840)=""/4096, 0x1000}, {&(0x7f0000001840)=""/4096, 0x1000}, {0x0}], 0x3}, 0x300) splice(r0, 0x0, r1, 0x0, 0xfffd, 0x0) [ 686.864020][ T169] attempt to access beyond end of device [ 686.870018][ T169] loop2: rw=1, want=2425, limit=63 [ 686.881958][ T169] attempt to access beyond end of device [ 686.887820][ T169] loop2: rw=1, want=4473, limit=63 [ 686.898838][ T169] attempt to access beyond end of device [ 686.913582][ T169] loop2: rw=1, want=6521, limit=63 [ 686.923337][ T169] attempt to access beyond end of device [ 686.929493][ T169] loop2: rw=1, want=8569, limit=63 [ 686.939412][ T169] attempt to access beyond end of device [ 686.945035][ T169] loop2: rw=1, want=10617, limit=63 [ 686.956695][ T169] attempt to access beyond end of device [ 686.962407][ T169] loop2: rw=1, want=12937, limit=63 [ 686.971645][ T169] attempt to access beyond end of device [ 686.977559][ T169] loop2: rw=1, want=14437, limit=63 06:12:24 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102385, 0x18ff1}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x128, &(0x7f00000193c0)="f7f258480aa4ce20d179e70076cc036a2a1605000000320800000000000000a172903acab90671ffbb70cef20d945aa586d65a3d7f02224c14f1bdd7d464089414700000000000d384d29308f038cb863cce9acc92b74162953f799a801e4f0a49bd983a793d0f756d427b702ca97d7ba31392f173f30271fa144340a90d74208ee26834d00e37642d03645ffbe9e50affba1233832cbf4882a813cb286fcf95f9db2dd885905284f167992356c7667b5f2e5dddb33f7b43e9988f2c5ebe21e47dc96e22e3d9b9a00a153f2534b2302c88a1d58ac9defdb908981b674ae9470a1a00c47bcc6f9b2d875f101167322be2bfef76a9d17317abc90ab10880ef5ae883053823dc9c2a67c1b51cbcc45af13b649a7d860df49873b7d80b1caaae549e581dd3c8d960320a"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 06:12:24 executing program 1: pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_kcm_SIOCKCMATTACH(0xffffffffffffffff, 0x89e0, 0x0) vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1) readv(r0, &(0x7f00000001c0), 0x0) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$VT_WAITACTIVE(0xffffffffffffffff, 0x5607) close(r1) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x80000000000002, &(0x7f0000000800)=0x16c, 0x4) setsockopt$inet_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f0000000480)={@in={{0x2, 0x0, @local}}, 0x0, 0x20000000005, 0x2}, 0xd8) bind$inet(r3, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r3, 0x0, 0x0, 0x200007fd, &(0x7f0000000100)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r3, 0x1, 0x8, &(0x7f0000000000), 0x9f) recvmsg(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000840)=""/4096, 0x1000}, {&(0x7f0000001840)=""/4096, 0x1000}, {0x0}], 0x3}, 0x300) splice(r0, 0x0, r1, 0x0, 0xfffd, 0x0) 06:12:24 executing program 2: prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setattr(r0, 0x0, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x9}, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sched_setattr(0x0, &(0x7f0000000180)={0x38, 0x1, 0x0, 0x0, 0x3}, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000000200)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r2 = open(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) fchdir(r2) r3 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ftruncate(r3, 0x800) lseek(r3, 0x0, 0x2) r4 = open(&(0x7f0000001840)='./bus\x00', 0x80, 0x0) sendfile(r3, r4, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0xa0) 06:12:24 executing program 5: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r1 = dup2(r0, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r2, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102385, 0x18ff1}], 0x3, 0x0, 0x0, 0x0) tkill(r2, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @ext={0x2a, &(0x7f00000193c0)="f7f258480aa42220e779e70076cc036a2a160500000032a56f7259e480249950f34c6aa172903acab906"}}], 0x1c) ptrace$setregs(0xd, r2, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r2, 0x0, 0x0) 06:12:24 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102385, 0x18ff1}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x40) write$sndseq(0xffffffffffffffff, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 06:12:24 executing program 0: sendmmsg$inet(0xffffffffffffffff, &(0x7f0000000080)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0, 0xfffffd6b, &(0x7f0000000380)}}], 0x2, 0x0) r0 = gettid() prctl$PR_SET_PTRACER(0x59616d61, r0) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) vmsplice(0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f00000000c0)={@mcast2, 0xe}) ptrace$setopts(0x4206, r1, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000140)=""/71, 0x47}], 0x3, 0x0, 0x0, 0x0) tkill(r1, 0x3c) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r1, 0x0, 0x0) 06:12:24 executing program 1: pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_kcm_SIOCKCMATTACH(0xffffffffffffffff, 0x89e0, 0x0) vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1) readv(r0, &(0x7f00000001c0), 0x0) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$VT_WAITACTIVE(0xffffffffffffffff, 0x5607) close(r1) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x80000000000002, &(0x7f0000000800)=0x16c, 0x4) setsockopt$inet_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f0000000480)={@in={{0x2, 0x0, @local}}, 0x0, 0x20000000005, 0x2}, 0xd8) bind$inet(r3, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r3, 0x0, 0x0, 0x200007fd, &(0x7f0000000100)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r3, 0x1, 0x8, &(0x7f0000000000), 0x9f) recvmsg(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000840)=""/4096, 0x1000}, {&(0x7f0000001840)=""/4096, 0x1000}, {0x0}], 0x3}, 0x300) splice(r0, 0x0, r1, 0x0, 0xfffd, 0x0) [ 689.242246][ T28] audit: type=1804 audit(1590300744.225:160): pid=18185 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir182037091/syzkaller.fFo22x/355/file0/bus" dev="loop2" ino=99 res=1 06:12:24 executing program 1: pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_kcm_SIOCKCMATTACH(0xffffffffffffffff, 0x89e0, 0x0) vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1) readv(r0, &(0x7f00000001c0)=[{0x0}], 0x1) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$inet6_tcp(0xa, 0x1, 0x0) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) ioctl$VT_WAITACTIVE(0xffffffffffffffff, 0x5607) close(r1) r2 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r2, 0x6, 0x80000000000002, &(0x7f0000000800)=0x16c, 0x4) setsockopt$inet_tcp_TCP_MD5SIG(r2, 0x6, 0xe, &(0x7f0000000480)={@in={{0x2, 0x0, @local}}, 0x0, 0x20000000005, 0x2}, 0xd8) bind$inet(r2, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r2, 0x0, 0x0, 0x200007fd, &(0x7f0000000100)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r2, 0x1, 0x8, &(0x7f0000000000), 0x9f) recvmsg(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000840)=""/4096, 0x1000}, {&(0x7f0000001840)=""/4096, 0x1000}, {0x0}], 0x3}, 0x300) splice(r0, 0x0, r1, 0x0, 0xfffd, 0x0) [ 689.366379][ T28] audit: type=1804 audit(1590300744.285:161): pid=18196 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir182037091/syzkaller.fFo22x/355/file0/bus" dev="loop2" ino=99 res=1 06:12:24 executing program 1: pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_kcm_SIOCKCMATTACH(0xffffffffffffffff, 0x89e0, 0x0) vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1) readv(r0, &(0x7f00000001c0)=[{0x0}], 0x1) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$inet6_tcp(0xa, 0x1, 0x0) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) ioctl$VT_WAITACTIVE(0xffffffffffffffff, 0x5607) close(r1) r2 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r2, 0x6, 0x80000000000002, &(0x7f0000000800)=0x16c, 0x4) setsockopt$inet_tcp_TCP_MD5SIG(r2, 0x6, 0xe, &(0x7f0000000480)={@in={{0x2, 0x0, @local}}, 0x0, 0x20000000005, 0x2}, 0xd8) bind$inet(r2, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r2, 0x0, 0x0, 0x200007fd, &(0x7f0000000100)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r2, 0x1, 0x8, &(0x7f0000000000), 0x9f) recvmsg(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000840)=""/4096, 0x1000}, {&(0x7f0000001840)=""/4096, 0x1000}, {0x0}], 0x3}, 0x300) splice(r0, 0x0, r1, 0x0, 0xfffd, 0x0) 06:12:24 executing program 1: pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_kcm_SIOCKCMATTACH(0xffffffffffffffff, 0x89e0, 0x0) vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1) readv(r0, &(0x7f00000001c0)=[{0x0}], 0x1) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$inet6_tcp(0xa, 0x1, 0x0) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) ioctl$VT_WAITACTIVE(0xffffffffffffffff, 0x5607) close(r1) r2 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r2, 0x6, 0x80000000000002, &(0x7f0000000800)=0x16c, 0x4) setsockopt$inet_tcp_TCP_MD5SIG(r2, 0x6, 0xe, &(0x7f0000000480)={@in={{0x2, 0x0, @local}}, 0x0, 0x20000000005, 0x2}, 0xd8) bind$inet(r2, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r2, 0x0, 0x0, 0x200007fd, &(0x7f0000000100)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r2, 0x1, 0x8, &(0x7f0000000000), 0x9f) recvmsg(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000840)=""/4096, 0x1000}, {&(0x7f0000001840)=""/4096, 0x1000}, {0x0}], 0x3}, 0x300) splice(r0, 0x0, r1, 0x0, 0xfffd, 0x0) 06:12:24 executing program 1: pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_kcm_SIOCKCMATTACH(0xffffffffffffffff, 0x89e0, 0x0) vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1) readv(r0, &(0x7f00000001c0)=[{0x0}], 0x1) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x0) ioctl$VT_WAITACTIVE(0xffffffffffffffff, 0x5607) close(r1) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x80000000000002, &(0x7f0000000800)=0x16c, 0x4) setsockopt$inet_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f0000000480)={@in={{0x2, 0x0, @local}}, 0x0, 0x20000000005, 0x2}, 0xd8) bind$inet(r3, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r3, 0x0, 0x0, 0x200007fd, &(0x7f0000000100)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r3, 0x1, 0x8, &(0x7f0000000000), 0x9f) recvmsg(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000840)=""/4096, 0x1000}, {&(0x7f0000001840)=""/4096, 0x1000}, {0x0}], 0x3}, 0x300) splice(r0, 0x0, r1, 0x0, 0xfffd, 0x0) 06:12:24 executing program 1: pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_kcm_SIOCKCMATTACH(0xffffffffffffffff, 0x89e0, 0x0) vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1) readv(r0, &(0x7f00000001c0)=[{0x0}], 0x1) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x0) ioctl$VT_WAITACTIVE(0xffffffffffffffff, 0x5607) close(r1) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x80000000000002, &(0x7f0000000800)=0x16c, 0x4) setsockopt$inet_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f0000000480)={@in={{0x2, 0x0, @local}}, 0x0, 0x20000000005, 0x2}, 0xd8) bind$inet(r3, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r3, 0x0, 0x0, 0x200007fd, &(0x7f0000000100)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r3, 0x1, 0x8, &(0x7f0000000000), 0x9f) recvmsg(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000840)=""/4096, 0x1000}, {&(0x7f0000001840)=""/4096, 0x1000}, {0x0}], 0x3}, 0x300) splice(r0, 0x0, r1, 0x0, 0xfffd, 0x0) 06:12:27 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f", 0x1}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102385, 0x18ff1}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x128, &(0x7f00000193c0)="f7f258480aa4ce20d179e70076cc036a2a1605000000320800000000000000a172903acab90671ffbb70cef20d945aa586d65a3d7f02224c14f1bdd7d464089414700000000000d384d29308f038cb863cce9acc92b74162953f799a801e4f0a49bd983a793d0f756d427b702ca97d7ba31392f173f30271fa144340a90d74208ee26834d00e37642d03645ffbe9e50affba1233832cbf4882a813cb286fcf95f9db2dd885905284f167992356c7667b5f2e5dddb33f7b43e9988f2c5ebe21e47dc96e22e3d9b9a00a153f2534b2302c88a1d58ac9defdb908981b674ae9470a1a00c47bcc6f9b2d875f101167322be2bfef76a9d17317abc90ab10880ef5ae883053823dc9c2a67c1b51cbcc45af13b649a7d860df49873b7d80b1caaae549e581dd3c8d960320a"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 06:12:27 executing program 1: pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_kcm_SIOCKCMATTACH(0xffffffffffffffff, 0x89e0, 0x0) vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1) readv(r0, &(0x7f00000001c0)=[{0x0}], 0x1) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x0) ioctl$VT_WAITACTIVE(0xffffffffffffffff, 0x5607) close(r1) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x80000000000002, &(0x7f0000000800)=0x16c, 0x4) setsockopt$inet_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f0000000480)={@in={{0x2, 0x0, @local}}, 0x0, 0x20000000005, 0x2}, 0xd8) bind$inet(r3, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r3, 0x0, 0x0, 0x200007fd, &(0x7f0000000100)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r3, 0x1, 0x8, &(0x7f0000000000), 0x9f) recvmsg(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000840)=""/4096, 0x1000}, {&(0x7f0000001840)=""/4096, 0x1000}, {0x0}], 0x3}, 0x300) splice(r0, 0x0, r1, 0x0, 0xfffd, 0x0) 06:12:27 executing program 2: prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setattr(r0, 0x0, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x9}, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sched_setattr(0x0, &(0x7f0000000180)={0x38, 0x1, 0x0, 0x0, 0x3}, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000000200)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r2 = open(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) fchdir(r2) r3 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ftruncate(r3, 0x800) lseek(r3, 0x0, 0x2) r4 = open(&(0x7f0000001840)='./bus\x00', 0x80, 0x0) sendfile(r3, r4, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0xa0) 06:12:27 executing program 5: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r1 = dup2(r0, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r2, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102385, 0x18ff1}], 0x3, 0x0, 0x0, 0x0) tkill(r2, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @ext={0x2a, &(0x7f00000193c0)="f7f258480aa42220e779e70076cc036a2a160500000032a56f7259e480249950f34c6aa172903acab906"}}], 0x1c) ptrace$setregs(0xd, r2, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r2, 0x0, 0x0) 06:12:27 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102385, 0x18ff1}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0), 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 06:12:27 executing program 0: sendmmsg$inet(0xffffffffffffffff, &(0x7f0000000080)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0, 0xfffffd6b, &(0x7f0000000380)}}], 0x2, 0x0) r0 = gettid() prctl$PR_SET_PTRACER(0x59616d61, r0) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) vmsplice(0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f00000000c0)={@mcast2, 0xe}) ptrace$setopts(0x4206, r1, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000140)=""/71, 0x47}], 0x3, 0x0, 0x0, 0x0) tkill(r1, 0x3c) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r1, 0x0, 0x0) 06:12:27 executing program 1: pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_kcm_SIOCKCMATTACH(0xffffffffffffffff, 0x89e0, 0x0) vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1) readv(r0, &(0x7f00000001c0)=[{0x0}], 0x1) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$VT_WAITACTIVE(0xffffffffffffffff, 0x5607) close(0xffffffffffffffff) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x80000000000002, &(0x7f0000000800)=0x16c, 0x4) setsockopt$inet_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f0000000480)={@in={{0x2, 0x0, @local}}, 0x0, 0x20000000005, 0x2}, 0xd8) bind$inet(r3, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r3, 0x0, 0x0, 0x200007fd, &(0x7f0000000100)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r3, 0x1, 0x8, &(0x7f0000000000), 0x9f) recvmsg(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000840)=""/4096, 0x1000}, {&(0x7f0000001840)=""/4096, 0x1000}, {0x0}], 0x3}, 0x300) splice(r0, 0x0, r1, 0x0, 0xfffd, 0x0) [ 692.366292][ T28] audit: type=1804 audit(1590300747.355:162): pid=18232 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir182037091/syzkaller.fFo22x/356/file0/bus" dev="loop2" ino=100 res=1 [ 692.474101][ T28] audit: type=1804 audit(1590300747.435:163): pid=18246 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir182037091/syzkaller.fFo22x/356/file0/bus" dev="loop2" ino=100 res=1 06:12:27 executing program 1: pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_kcm_SIOCKCMATTACH(0xffffffffffffffff, 0x89e0, 0x0) vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1) readv(r0, &(0x7f00000001c0)=[{0x0}], 0x1) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$VT_WAITACTIVE(0xffffffffffffffff, 0x5607) close(0xffffffffffffffff) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x80000000000002, &(0x7f0000000800)=0x16c, 0x4) setsockopt$inet_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f0000000480)={@in={{0x2, 0x0, @local}}, 0x0, 0x20000000005, 0x2}, 0xd8) bind$inet(r3, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r3, 0x0, 0x0, 0x200007fd, &(0x7f0000000100)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r3, 0x1, 0x8, &(0x7f0000000000), 0x9f) recvmsg(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000840)=""/4096, 0x1000}, {&(0x7f0000001840)=""/4096, 0x1000}, {0x0}], 0x3}, 0x300) splice(r0, 0x0, r1, 0x0, 0xfffd, 0x0) 06:12:27 executing program 1: pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_kcm_SIOCKCMATTACH(0xffffffffffffffff, 0x89e0, 0x0) vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1) readv(r0, &(0x7f00000001c0)=[{0x0}], 0x1) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$VT_WAITACTIVE(0xffffffffffffffff, 0x5607) close(0xffffffffffffffff) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x80000000000002, &(0x7f0000000800)=0x16c, 0x4) setsockopt$inet_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f0000000480)={@in={{0x2, 0x0, @local}}, 0x0, 0x20000000005, 0x2}, 0xd8) bind$inet(r3, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r3, 0x0, 0x0, 0x200007fd, &(0x7f0000000100)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r3, 0x1, 0x8, &(0x7f0000000000), 0x9f) recvmsg(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000840)=""/4096, 0x1000}, {&(0x7f0000001840)=""/4096, 0x1000}, {0x0}], 0x3}, 0x300) splice(r0, 0x0, r1, 0x0, 0xfffd, 0x0) 06:12:27 executing program 1: pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_kcm_SIOCKCMATTACH(0xffffffffffffffff, 0x89e0, 0x0) vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1) readv(r0, &(0x7f00000001c0)=[{0x0}], 0x1) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$VT_WAITACTIVE(0xffffffffffffffff, 0x5607) close(r1) r3 = socket$inet(0x2, 0x0, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x80000000000002, &(0x7f0000000800)=0x16c, 0x4) setsockopt$inet_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f0000000480)={@in={{0x2, 0x0, @local}}, 0x0, 0x20000000005, 0x2}, 0xd8) bind$inet(r3, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r3, 0x0, 0x0, 0x200007fd, &(0x7f0000000100)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r3, 0x1, 0x8, &(0x7f0000000000), 0x9f) recvmsg(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000840)=""/4096, 0x1000}, {&(0x7f0000001840)=""/4096, 0x1000}, {0x0}], 0x3}, 0x300) splice(r0, 0x0, r1, 0x0, 0xfffd, 0x0) 06:12:27 executing program 1: pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_kcm_SIOCKCMATTACH(0xffffffffffffffff, 0x89e0, 0x0) vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1) readv(r0, &(0x7f00000001c0)=[{0x0}], 0x1) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$VT_WAITACTIVE(0xffffffffffffffff, 0x5607) close(r1) r3 = socket$inet(0x2, 0x0, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x80000000000002, &(0x7f0000000800)=0x16c, 0x4) setsockopt$inet_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f0000000480)={@in={{0x2, 0x0, @local}}, 0x0, 0x20000000005, 0x2}, 0xd8) bind$inet(r3, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r3, 0x0, 0x0, 0x200007fd, &(0x7f0000000100)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r3, 0x1, 0x8, &(0x7f0000000000), 0x9f) recvmsg(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000840)=""/4096, 0x1000}, {&(0x7f0000001840)=""/4096, 0x1000}, {0x0}], 0x3}, 0x300) splice(r0, 0x0, r1, 0x0, 0xfffd, 0x0) 06:12:27 executing program 1: pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_kcm_SIOCKCMATTACH(0xffffffffffffffff, 0x89e0, 0x0) vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1) readv(r0, &(0x7f00000001c0)=[{0x0}], 0x1) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$VT_WAITACTIVE(0xffffffffffffffff, 0x5607) close(r1) r3 = socket$inet(0x2, 0x0, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x80000000000002, &(0x7f0000000800)=0x16c, 0x4) setsockopt$inet_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f0000000480)={@in={{0x2, 0x0, @local}}, 0x0, 0x20000000005, 0x2}, 0xd8) bind$inet(r3, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r3, 0x0, 0x0, 0x200007fd, &(0x7f0000000100)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r3, 0x1, 0x8, &(0x7f0000000000), 0x9f) recvmsg(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000840)=""/4096, 0x1000}, {&(0x7f0000001840)=""/4096, 0x1000}, {0x0}], 0x3}, 0x300) splice(r0, 0x0, r1, 0x0, 0xfffd, 0x0) [ 693.097978][ T628] attempt to access beyond end of device [ 693.103644][ T628] loop2: rw=1, want=2749, limit=63 [ 693.117257][ T628] attempt to access beyond end of device [ 693.122912][ T628] loop2: rw=1, want=4797, limit=63 [ 693.136553][ T628] attempt to access beyond end of device [ 693.142324][ T628] loop2: rw=1, want=6845, limit=63 [ 693.155678][ T628] attempt to access beyond end of device [ 693.161362][ T628] loop2: rw=1, want=8893, limit=63 [ 693.182800][ T628] attempt to access beyond end of device [ 693.190794][ T628] loop2: rw=1, want=10941, limit=63 [ 693.199521][ T628] attempt to access beyond end of device [ 693.205170][ T628] loop2: rw=1, want=11965, limit=63 06:12:30 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f", 0x1}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102385, 0x18ff1}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x128, &(0x7f00000193c0)="f7f258480aa4ce20d179e70076cc036a2a1605000000320800000000000000a172903acab90671ffbb70cef20d945aa586d65a3d7f02224c14f1bdd7d464089414700000000000d384d29308f038cb863cce9acc92b74162953f799a801e4f0a49bd983a793d0f756d427b702ca97d7ba31392f173f30271fa144340a90d74208ee26834d00e37642d03645ffbe9e50affba1233832cbf4882a813cb286fcf95f9db2dd885905284f167992356c7667b5f2e5dddb33f7b43e9988f2c5ebe21e47dc96e22e3d9b9a00a153f2534b2302c88a1d58ac9defdb908981b674ae9470a1a00c47bcc6f9b2d875f101167322be2bfef76a9d17317abc90ab10880ef5ae883053823dc9c2a67c1b51cbcc45af13b649a7d860df49873b7d80b1caaae549e581dd3c8d960320a"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 06:12:30 executing program 2: prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setattr(r0, 0x0, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{0x0}], 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x9}, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sched_setattr(0x0, &(0x7f0000000180)={0x38, 0x1, 0x0, 0x0, 0x3}, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000000200)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r2 = open(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) fchdir(r2) r3 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ftruncate(r3, 0x800) lseek(r3, 0x0, 0x2) r4 = open(&(0x7f0000001840)='./bus\x00', 0x80, 0x0) sendfile(r3, r4, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0xa0) 06:12:30 executing program 1: pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_kcm_SIOCKCMATTACH(0xffffffffffffffff, 0x89e0, 0x0) vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1) readv(r0, &(0x7f00000001c0)=[{0x0}], 0x1) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$VT_WAITACTIVE(0xffffffffffffffff, 0x5607) close(r1) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x80000000000002, &(0x7f0000000800)=0x16c, 0x4) setsockopt$inet_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f0000000480)={@in={{0x2, 0x0, @local}}, 0x0, 0x20000000005, 0x2}, 0xd8) bind$inet(r3, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r3, 0x0, 0x0, 0x200007fd, &(0x7f0000000100)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r3, 0x1, 0x8, &(0x7f0000000000), 0x9f) recvmsg(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000840)=""/4096, 0x1000}, {&(0x7f0000001840)=""/4096, 0x1000}, {0x0}], 0x3}, 0x300) splice(r0, 0x0, r1, 0x0, 0xfffd, 0x0) 06:12:30 executing program 5: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r1, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102385, 0x18ff1}], 0x3, 0x0, 0x0, 0x0) tkill(r1, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @ext={0x2a, &(0x7f00000193c0)="f7f258480aa42220e779e70076cc036a2a160500000032a56f7259e480249950f34c6aa172903acab906"}}], 0x1c) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r1, 0x0, 0x0) 06:12:30 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102385, 0x18ff1}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0), 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 06:12:30 executing program 0: sendmmsg$inet(0xffffffffffffffff, &(0x7f0000000080)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0, 0xfffffd6b, &(0x7f0000000380)}}], 0x2, 0x0) r0 = gettid() prctl$PR_SET_PTRACER(0x59616d61, r0) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100), 0x0, 0x0) ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f00000000c0)={@mcast2, 0xe}) ptrace$setopts(0x4206, r1, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000140)=""/71, 0x47}], 0x3, 0x0, 0x0, 0x0) tkill(r1, 0x3c) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r1, 0x0, 0x0) 06:12:30 executing program 1: pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_kcm_SIOCKCMATTACH(0xffffffffffffffff, 0x89e0, 0x0) vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1) readv(r0, &(0x7f00000001c0)=[{0x0}], 0x1) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$VT_WAITACTIVE(0xffffffffffffffff, 0x5607) close(r1) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x80000000000002, &(0x7f0000000800)=0x16c, 0x4) setsockopt$inet_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f0000000480)={@in={{0x2, 0x0, @local}}, 0x0, 0x20000000005, 0x2}, 0xd8) bind$inet(r3, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r3, 0x0, 0x0, 0x200007fd, &(0x7f0000000100)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r3, 0x1, 0x8, &(0x7f0000000000), 0x9f) recvmsg(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000840)=""/4096, 0x1000}, {&(0x7f0000001840)=""/4096, 0x1000}, {0x0}], 0x3}, 0x300) splice(r0, 0x0, r1, 0x0, 0xfffd, 0x0) [ 695.419611][ T28] audit: type=1804 audit(1590300750.405:164): pid=18288 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir182037091/syzkaller.fFo22x/357/file0/bus" dev="loop2" ino=101 res=1 [ 695.505168][ T28] audit: type=1804 audit(1590300750.485:165): pid=18297 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir182037091/syzkaller.fFo22x/357/file0/bus" dev="loop2" ino=101 res=1 06:12:30 executing program 1: pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_kcm_SIOCKCMATTACH(0xffffffffffffffff, 0x89e0, 0x0) vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1) readv(r0, &(0x7f00000001c0)=[{0x0}], 0x1) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$VT_WAITACTIVE(0xffffffffffffffff, 0x5607) close(r1) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x80000000000002, &(0x7f0000000800)=0x16c, 0x4) setsockopt$inet_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f0000000480)={@in={{0x2, 0x0, @local}}, 0x0, 0x20000000005, 0x2}, 0xd8) bind$inet(r3, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r3, 0x0, 0x0, 0x200007fd, &(0x7f0000000100)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r3, 0x1, 0x8, &(0x7f0000000000), 0x9f) recvmsg(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000840)=""/4096, 0x1000}, {&(0x7f0000001840)=""/4096, 0x1000}, {0x0}], 0x3}, 0x300) splice(r0, 0x0, r1, 0x0, 0xfffd, 0x0) 06:12:30 executing program 1: pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_kcm_SIOCKCMATTACH(0xffffffffffffffff, 0x89e0, 0x0) vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1) readv(r0, &(0x7f00000001c0)=[{0x0}], 0x1) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$VT_WAITACTIVE(0xffffffffffffffff, 0x5607) close(r1) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x0, &(0x7f0000000800)=0x16c, 0x4) setsockopt$inet_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f0000000480)={@in={{0x2, 0x0, @local}}, 0x0, 0x20000000005, 0x2}, 0xd8) bind$inet(r3, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r3, 0x0, 0x0, 0x200007fd, &(0x7f0000000100)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r3, 0x1, 0x8, &(0x7f0000000000), 0x9f) recvmsg(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000840)=""/4096, 0x1000}, {&(0x7f0000001840)=""/4096, 0x1000}, {0x0}], 0x3}, 0x300) splice(r0, 0x0, r1, 0x0, 0xfffd, 0x0) 06:12:30 executing program 1: pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_kcm_SIOCKCMATTACH(0xffffffffffffffff, 0x89e0, 0x0) vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1) readv(r0, &(0x7f00000001c0)=[{0x0}], 0x1) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$VT_WAITACTIVE(0xffffffffffffffff, 0x5607) close(r1) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x0, &(0x7f0000000800)=0x16c, 0x4) setsockopt$inet_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f0000000480)={@in={{0x2, 0x0, @local}}, 0x0, 0x20000000005, 0x2}, 0xd8) bind$inet(r3, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r3, 0x0, 0x0, 0x200007fd, &(0x7f0000000100)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r3, 0x1, 0x8, &(0x7f0000000000), 0x9f) recvmsg(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000840)=""/4096, 0x1000}, {&(0x7f0000001840)=""/4096, 0x1000}, {0x0}], 0x3}, 0x300) splice(r0, 0x0, r1, 0x0, 0xfffd, 0x0) 06:12:30 executing program 1: pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_kcm_SIOCKCMATTACH(0xffffffffffffffff, 0x89e0, 0x0) vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1) readv(r0, &(0x7f00000001c0)=[{0x0}], 0x1) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$VT_WAITACTIVE(0xffffffffffffffff, 0x5607) close(r1) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x0, &(0x7f0000000800)=0x16c, 0x4) setsockopt$inet_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f0000000480)={@in={{0x2, 0x0, @local}}, 0x0, 0x20000000005, 0x2}, 0xd8) bind$inet(r3, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r3, 0x0, 0x0, 0x200007fd, &(0x7f0000000100)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r3, 0x1, 0x8, &(0x7f0000000000), 0x9f) recvmsg(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000840)=""/4096, 0x1000}, {&(0x7f0000001840)=""/4096, 0x1000}, {0x0}], 0x3}, 0x300) splice(r0, 0x0, r1, 0x0, 0xfffd, 0x0) 06:12:31 executing program 1: pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_kcm_SIOCKCMATTACH(0xffffffffffffffff, 0x89e0, 0x0) vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1) readv(r0, &(0x7f00000001c0)=[{0x0}], 0x1) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$VT_WAITACTIVE(0xffffffffffffffff, 0x5607) close(r1) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x80000000000002, 0x0, 0x0) setsockopt$inet_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f0000000480)={@in={{0x2, 0x0, @local}}, 0x0, 0x20000000005, 0x2}, 0xd8) bind$inet(r3, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r3, 0x0, 0x0, 0x200007fd, &(0x7f0000000100)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r3, 0x1, 0x8, &(0x7f0000000000), 0x9f) recvmsg(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000840)=""/4096, 0x1000}, {&(0x7f0000001840)=""/4096, 0x1000}, {0x0}], 0x3}, 0x300) splice(r0, 0x0, r1, 0x0, 0xfffd, 0x0) [ 696.159963][ T169] attempt to access beyond end of device [ 696.166925][ T169] loop2: rw=1, want=3161, limit=63 [ 696.178047][ T169] attempt to access beyond end of device [ 696.183866][ T169] loop2: rw=1, want=5209, limit=63 [ 696.195468][ T169] attempt to access beyond end of device [ 696.201301][ T169] loop2: rw=1, want=7257, limit=63 [ 696.212286][ T169] attempt to access beyond end of device [ 696.218131][ T169] loop2: rw=1, want=9305, limit=63 [ 696.229866][ T169] attempt to access beyond end of device [ 696.235712][ T169] loop2: rw=1, want=11353, limit=63 [ 696.242971][ T169] attempt to access beyond end of device [ 696.248836][ T169] loop2: rw=1, want=11765, limit=63 06:12:33 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f", 0x1}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102385, 0x18ff1}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x128, &(0x7f00000193c0)="f7f258480aa4ce20d179e70076cc036a2a1605000000320800000000000000a172903acab90671ffbb70cef20d945aa586d65a3d7f02224c14f1bdd7d464089414700000000000d384d29308f038cb863cce9acc92b74162953f799a801e4f0a49bd983a793d0f756d427b702ca97d7ba31392f173f30271fa144340a90d74208ee26834d00e37642d03645ffbe9e50affba1233832cbf4882a813cb286fcf95f9db2dd885905284f167992356c7667b5f2e5dddb33f7b43e9988f2c5ebe21e47dc96e22e3d9b9a00a153f2534b2302c88a1d58ac9defdb908981b674ae9470a1a00c47bcc6f9b2d875f101167322be2bfef76a9d17317abc90ab10880ef5ae883053823dc9c2a67c1b51cbcc45af13b649a7d860df49873b7d80b1caaae549e581dd3c8d960320a"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 06:12:33 executing program 1: pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_kcm_SIOCKCMATTACH(0xffffffffffffffff, 0x89e0, 0x0) vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1) readv(r0, &(0x7f00000001c0)=[{0x0}], 0x1) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$VT_WAITACTIVE(0xffffffffffffffff, 0x5607) close(r1) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x80000000000002, 0x0, 0x0) setsockopt$inet_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f0000000480)={@in={{0x2, 0x0, @local}}, 0x0, 0x20000000005, 0x2}, 0xd8) bind$inet(r3, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r3, 0x0, 0x0, 0x200007fd, &(0x7f0000000100)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r3, 0x1, 0x8, &(0x7f0000000000), 0x9f) recvmsg(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000840)=""/4096, 0x1000}, {&(0x7f0000001840)=""/4096, 0x1000}, {0x0}], 0x3}, 0x300) splice(r0, 0x0, r1, 0x0, 0xfffd, 0x0) 06:12:33 executing program 2: prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setattr(r0, 0x0, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{0x0}], 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x9}, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sched_setattr(0x0, &(0x7f0000000180)={0x38, 0x1, 0x0, 0x0, 0x3}, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000000200)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r2 = open(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) fchdir(r2) r3 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ftruncate(r3, 0x800) lseek(r3, 0x0, 0x2) r4 = open(&(0x7f0000001840)='./bus\x00', 0x80, 0x0) sendfile(r3, r4, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0xa0) 06:12:33 executing program 5: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r1, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102385, 0x18ff1}], 0x3, 0x0, 0x0, 0x0) tkill(r1, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @ext={0x2a, &(0x7f00000193c0)="f7f258480aa42220e779e70076cc036a2a160500000032a56f7259e480249950f34c6aa172903acab906"}}], 0x1c) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r1, 0x0, 0x0) 06:12:33 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102385, 0x18ff1}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0), 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 06:12:33 executing program 0: sendmmsg$inet(0xffffffffffffffff, &(0x7f0000000080)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0, 0xfffffd6b, &(0x7f0000000380)}}], 0x2, 0x0) r0 = gettid() prctl$PR_SET_PTRACER(0x59616d61, r0) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100), 0x0, 0x0) ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f00000000c0)={@mcast2, 0xe}) ptrace$setopts(0x4206, r1, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000140)=""/71, 0x47}], 0x3, 0x0, 0x0, 0x0) tkill(r1, 0x3c) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r1, 0x0, 0x0) 06:12:33 executing program 1: pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_kcm_SIOCKCMATTACH(0xffffffffffffffff, 0x89e0, 0x0) vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1) readv(r0, &(0x7f00000001c0)=[{0x0}], 0x1) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$VT_WAITACTIVE(0xffffffffffffffff, 0x5607) close(r1) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x80000000000002, 0x0, 0x0) setsockopt$inet_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f0000000480)={@in={{0x2, 0x0, @local}}, 0x0, 0x20000000005, 0x2}, 0xd8) bind$inet(r3, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r3, 0x0, 0x0, 0x200007fd, &(0x7f0000000100)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r3, 0x1, 0x8, &(0x7f0000000000), 0x9f) recvmsg(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000840)=""/4096, 0x1000}, {&(0x7f0000001840)=""/4096, 0x1000}, {0x0}], 0x3}, 0x300) splice(r0, 0x0, r1, 0x0, 0xfffd, 0x0) [ 698.509628][ T28] audit: type=1804 audit(1590300753.495:166): pid=18336 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir182037091/syzkaller.fFo22x/358/file0/bus" dev="loop2" ino=102 res=1 06:12:33 executing program 1: pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_kcm_SIOCKCMATTACH(0xffffffffffffffff, 0x89e0, 0x0) vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1) readv(r0, &(0x7f00000001c0)=[{0x0}], 0x1) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$VT_WAITACTIVE(0xffffffffffffffff, 0x5607) close(r1) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x80000000000002, &(0x7f0000000800), 0x4) setsockopt$inet_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f0000000480)={@in={{0x2, 0x0, @local}}, 0x0, 0x20000000005, 0x2}, 0xd8) bind$inet(r3, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r3, 0x0, 0x0, 0x200007fd, &(0x7f0000000100)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r3, 0x1, 0x8, &(0x7f0000000000), 0x9f) recvmsg(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000840)=""/4096, 0x1000}, {&(0x7f0000001840)=""/4096, 0x1000}, {0x0}], 0x3}, 0x300) splice(r0, 0x0, r1, 0x0, 0xfffd, 0x0) [ 698.606103][ T28] audit: type=1804 audit(1590300753.555:167): pid=18336 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir182037091/syzkaller.fFo22x/358/file0/bus" dev="loop2" ino=102 res=1 06:12:33 executing program 1: pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_kcm_SIOCKCMATTACH(0xffffffffffffffff, 0x89e0, 0x0) vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1) readv(r0, &(0x7f00000001c0)=[{0x0}], 0x1) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$VT_WAITACTIVE(0xffffffffffffffff, 0x5607) close(r1) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x80000000000002, &(0x7f0000000800), 0x4) setsockopt$inet_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f0000000480)={@in={{0x2, 0x0, @local}}, 0x0, 0x20000000005, 0x2}, 0xd8) bind$inet(r3, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r3, 0x0, 0x0, 0x200007fd, &(0x7f0000000100)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r3, 0x1, 0x8, &(0x7f0000000000), 0x9f) recvmsg(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000840)=""/4096, 0x1000}, {&(0x7f0000001840)=""/4096, 0x1000}, {0x0}], 0x3}, 0x300) splice(r0, 0x0, r1, 0x0, 0xfffd, 0x0) 06:12:33 executing program 1: pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_kcm_SIOCKCMATTACH(0xffffffffffffffff, 0x89e0, 0x0) vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1) readv(r0, &(0x7f00000001c0)=[{0x0}], 0x1) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$VT_WAITACTIVE(0xffffffffffffffff, 0x5607) close(r1) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x80000000000002, &(0x7f0000000800), 0x4) setsockopt$inet_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f0000000480)={@in={{0x2, 0x0, @local}}, 0x0, 0x20000000005, 0x2}, 0xd8) bind$inet(r3, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r3, 0x0, 0x0, 0x200007fd, &(0x7f0000000100)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r3, 0x1, 0x8, &(0x7f0000000000), 0x9f) recvmsg(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000840)=""/4096, 0x1000}, {&(0x7f0000001840)=""/4096, 0x1000}, {0x0}], 0x3}, 0x300) splice(r0, 0x0, r1, 0x0, 0xfffd, 0x0) 06:12:33 executing program 1: pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_kcm_SIOCKCMATTACH(0xffffffffffffffff, 0x89e0, 0x0) vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1) readv(r0, &(0x7f00000001c0)=[{0x0}], 0x1) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$VT_WAITACTIVE(0xffffffffffffffff, 0x5607) close(r1) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x80000000000002, &(0x7f0000000800)=0x16c, 0x4) setsockopt$inet_tcp_TCP_MD5SIG(0xffffffffffffffff, 0x6, 0xe, &(0x7f0000000480)={@in={{0x2, 0x0, @local}}, 0x0, 0x20000000005, 0x2}, 0xd8) bind$inet(r3, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r3, 0x0, 0x0, 0x200007fd, &(0x7f0000000100)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r3, 0x1, 0x8, &(0x7f0000000000), 0x9f) recvmsg(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000840)=""/4096, 0x1000}, {&(0x7f0000001840)=""/4096, 0x1000}, {0x0}], 0x3}, 0x300) splice(r0, 0x0, r1, 0x0, 0xfffd, 0x0) 06:12:33 executing program 1: pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_kcm_SIOCKCMATTACH(0xffffffffffffffff, 0x89e0, 0x0) vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1) readv(r0, &(0x7f00000001c0)=[{0x0}], 0x1) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$VT_WAITACTIVE(0xffffffffffffffff, 0x5607) close(r1) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x80000000000002, &(0x7f0000000800)=0x16c, 0x4) setsockopt$inet_tcp_TCP_MD5SIG(0xffffffffffffffff, 0x6, 0xe, &(0x7f0000000480)={@in={{0x2, 0x0, @local}}, 0x0, 0x20000000005, 0x2}, 0xd8) bind$inet(r3, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r3, 0x0, 0x0, 0x200007fd, &(0x7f0000000100)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r3, 0x1, 0x8, &(0x7f0000000000), 0x9f) recvmsg(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000840)=""/4096, 0x1000}, {&(0x7f0000001840)=""/4096, 0x1000}, {0x0}], 0x3}, 0x300) splice(r0, 0x0, r1, 0x0, 0xfffd, 0x0) 06:12:36 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0xffffffffffffffff, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102385, 0x18ff1}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x128, &(0x7f00000193c0)="f7f258480aa4ce20d179e70076cc036a2a1605000000320800000000000000a172903acab90671ffbb70cef20d945aa586d65a3d7f02224c14f1bdd7d464089414700000000000d384d29308f038cb863cce9acc92b74162953f799a801e4f0a49bd983a793d0f756d427b702ca97d7ba31392f173f30271fa144340a90d74208ee26834d00e37642d03645ffbe9e50affba1233832cbf4882a813cb286fcf95f9db2dd885905284f167992356c7667b5f2e5dddb33f7b43e9988f2c5ebe21e47dc96e22e3d9b9a00a153f2534b2302c88a1d58ac9defdb908981b674ae9470a1a00c47bcc6f9b2d875f101167322be2bfef76a9d17317abc90ab10880ef5ae883053823dc9c2a67c1b51cbcc45af13b649a7d860df49873b7d80b1caaae549e581dd3c8d960320a"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 06:12:36 executing program 1: pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_kcm_SIOCKCMATTACH(0xffffffffffffffff, 0x89e0, 0x0) vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1) readv(r0, &(0x7f00000001c0)=[{0x0}], 0x1) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$VT_WAITACTIVE(0xffffffffffffffff, 0x5607) close(r1) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x80000000000002, &(0x7f0000000800)=0x16c, 0x4) setsockopt$inet_tcp_TCP_MD5SIG(0xffffffffffffffff, 0x6, 0xe, &(0x7f0000000480)={@in={{0x2, 0x0, @local}}, 0x0, 0x20000000005, 0x2}, 0xd8) bind$inet(r3, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r3, 0x0, 0x0, 0x200007fd, &(0x7f0000000100)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r3, 0x1, 0x8, &(0x7f0000000000), 0x9f) recvmsg(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000840)=""/4096, 0x1000}, {&(0x7f0000001840)=""/4096, 0x1000}, {0x0}], 0x3}, 0x300) splice(r0, 0x0, r1, 0x0, 0xfffd, 0x0) 06:12:36 executing program 2: prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setattr(r0, 0x0, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{0x0}], 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x9}, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sched_setattr(0x0, &(0x7f0000000180)={0x38, 0x1, 0x0, 0x0, 0x3}, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000000200)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r2 = open(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) fchdir(r2) r3 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ftruncate(r3, 0x800) lseek(r3, 0x0, 0x2) r4 = open(&(0x7f0000001840)='./bus\x00', 0x80, 0x0) sendfile(r3, r4, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0xa0) 06:12:36 executing program 5: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r1, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102385, 0x18ff1}], 0x3, 0x0, 0x0, 0x0) tkill(r1, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @ext={0x2a, &(0x7f00000193c0)="f7f258480aa42220e779e70076cc036a2a160500000032a56f7259e480249950f34c6aa172903acab906"}}], 0x1c) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r1, 0x0, 0x0) 06:12:36 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102385, 0x18ff1}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x0, 0x0}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 06:12:36 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0xffffffffffffffff, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102385, 0x18ff1}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x128, &(0x7f00000193c0)="f7f258480aa4ce20d179e70076cc036a2a1605000000320800000000000000a172903acab90671ffbb70cef20d945aa586d65a3d7f02224c14f1bdd7d464089414700000000000d384d29308f038cb863cce9acc92b74162953f799a801e4f0a49bd983a793d0f756d427b702ca97d7ba31392f173f30271fa144340a90d74208ee26834d00e37642d03645ffbe9e50affba1233832cbf4882a813cb286fcf95f9db2dd885905284f167992356c7667b5f2e5dddb33f7b43e9988f2c5ebe21e47dc96e22e3d9b9a00a153f2534b2302c88a1d58ac9defdb908981b674ae9470a1a00c47bcc6f9b2d875f101167322be2bfef76a9d17317abc90ab10880ef5ae883053823dc9c2a67c1b51cbcc45af13b649a7d860df49873b7d80b1caaae549e581dd3c8d960320a"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 06:12:36 executing program 0: sendmmsg$inet(0xffffffffffffffff, &(0x7f0000000080)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0, 0xfffffd6b, &(0x7f0000000380)}}], 0x2, 0x0) r0 = gettid() prctl$PR_SET_PTRACER(0x59616d61, r0) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100), 0x0, 0x0) ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f00000000c0)={@mcast2, 0xe}) ptrace$setopts(0x4206, r1, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000140)=""/71, 0x47}], 0x3, 0x0, 0x0, 0x0) tkill(r1, 0x3c) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r1, 0x0, 0x0) 06:12:36 executing program 1: pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_kcm_SIOCKCMATTACH(0xffffffffffffffff, 0x89e0, 0x0) vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1) readv(r0, &(0x7f00000001c0)=[{0x0}], 0x1) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$VT_WAITACTIVE(0xffffffffffffffff, 0x5607) close(r1) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x80000000000002, &(0x7f0000000800)=0x16c, 0x4) setsockopt$inet_tcp_TCP_MD5SIG(r3, 0x6, 0xe, 0x0, 0x0) bind$inet(r3, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r3, 0x0, 0x0, 0x200007fd, &(0x7f0000000100)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r3, 0x1, 0x8, &(0x7f0000000000), 0x9f) recvmsg(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000840)=""/4096, 0x1000}, {&(0x7f0000001840)=""/4096, 0x1000}, {0x0}], 0x3}, 0x300) splice(r0, 0x0, r1, 0x0, 0xfffd, 0x0) [ 701.617384][ T28] audit: type=1804 audit(1590300756.596:168): pid=18382 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir182037091/syzkaller.fFo22x/359/file0/bus" dev="loop2" ino=103 res=1 06:12:36 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0xffffffffffffffff, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102385, 0x18ff1}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x128, &(0x7f00000193c0)="f7f258480aa4ce20d179e70076cc036a2a1605000000320800000000000000a172903acab90671ffbb70cef20d945aa586d65a3d7f02224c14f1bdd7d464089414700000000000d384d29308f038cb863cce9acc92b74162953f799a801e4f0a49bd983a793d0f756d427b702ca97d7ba31392f173f30271fa144340a90d74208ee26834d00e37642d03645ffbe9e50affba1233832cbf4882a813cb286fcf95f9db2dd885905284f167992356c7667b5f2e5dddb33f7b43e9988f2c5ebe21e47dc96e22e3d9b9a00a153f2534b2302c88a1d58ac9defdb908981b674ae9470a1a00c47bcc6f9b2d875f101167322be2bfef76a9d17317abc90ab10880ef5ae883053823dc9c2a67c1b51cbcc45af13b649a7d860df49873b7d80b1caaae549e581dd3c8d960320a"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 06:12:36 executing program 1: pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_kcm_SIOCKCMATTACH(0xffffffffffffffff, 0x89e0, 0x0) vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1) readv(r0, &(0x7f00000001c0)=[{0x0}], 0x1) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$VT_WAITACTIVE(0xffffffffffffffff, 0x5607) close(r1) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x80000000000002, &(0x7f0000000800)=0x16c, 0x4) setsockopt$inet_tcp_TCP_MD5SIG(r3, 0x6, 0xe, 0x0, 0x0) bind$inet(r3, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r3, 0x0, 0x0, 0x200007fd, &(0x7f0000000100)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r3, 0x1, 0x8, &(0x7f0000000000), 0x9f) recvmsg(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000840)=""/4096, 0x1000}, {&(0x7f0000001840)=""/4096, 0x1000}, {0x0}], 0x3}, 0x300) splice(r0, 0x0, r1, 0x0, 0xfffd, 0x0) [ 701.725819][ T28] audit: type=1804 audit(1590300756.686:169): pid=18390 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir182037091/syzkaller.fFo22x/359/file0/bus" dev="loop2" ino=103 res=1 06:12:36 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, 0x0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102385, 0x18ff1}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x128, &(0x7f00000193c0)="f7f258480aa4ce20d179e70076cc036a2a1605000000320800000000000000a172903acab90671ffbb70cef20d945aa586d65a3d7f02224c14f1bdd7d464089414700000000000d384d29308f038cb863cce9acc92b74162953f799a801e4f0a49bd983a793d0f756d427b702ca97d7ba31392f173f30271fa144340a90d74208ee26834d00e37642d03645ffbe9e50affba1233832cbf4882a813cb286fcf95f9db2dd885905284f167992356c7667b5f2e5dddb33f7b43e9988f2c5ebe21e47dc96e22e3d9b9a00a153f2534b2302c88a1d58ac9defdb908981b674ae9470a1a00c47bcc6f9b2d875f101167322be2bfef76a9d17317abc90ab10880ef5ae883053823dc9c2a67c1b51cbcc45af13b649a7d860df49873b7d80b1caaae549e581dd3c8d960320a"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 06:12:36 executing program 1: pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_kcm_SIOCKCMATTACH(0xffffffffffffffff, 0x89e0, 0x0) vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1) readv(r0, &(0x7f00000001c0)=[{0x0}], 0x1) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$VT_WAITACTIVE(0xffffffffffffffff, 0x5607) close(r1) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x80000000000002, &(0x7f0000000800)=0x16c, 0x4) setsockopt$inet_tcp_TCP_MD5SIG(r3, 0x6, 0xe, 0x0, 0x0) bind$inet(r3, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r3, 0x0, 0x0, 0x200007fd, &(0x7f0000000100)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r3, 0x1, 0x8, &(0x7f0000000000), 0x9f) recvmsg(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000840)=""/4096, 0x1000}, {&(0x7f0000001840)=""/4096, 0x1000}, {0x0}], 0x3}, 0x300) splice(r0, 0x0, r1, 0x0, 0xfffd, 0x0) 06:12:36 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, 0x0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102385, 0x18ff1}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x128, &(0x7f00000193c0)="f7f258480aa4ce20d179e70076cc036a2a1605000000320800000000000000a172903acab90671ffbb70cef20d945aa586d65a3d7f02224c14f1bdd7d464089414700000000000d384d29308f038cb863cce9acc92b74162953f799a801e4f0a49bd983a793d0f756d427b702ca97d7ba31392f173f30271fa144340a90d74208ee26834d00e37642d03645ffbe9e50affba1233832cbf4882a813cb286fcf95f9db2dd885905284f167992356c7667b5f2e5dddb33f7b43e9988f2c5ebe21e47dc96e22e3d9b9a00a153f2534b2302c88a1d58ac9defdb908981b674ae9470a1a00c47bcc6f9b2d875f101167322be2bfef76a9d17317abc90ab10880ef5ae883053823dc9c2a67c1b51cbcc45af13b649a7d860df49873b7d80b1caaae549e581dd3c8d960320a"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 06:12:36 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, 0x0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102385, 0x18ff1}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x128, &(0x7f00000193c0)="f7f258480aa4ce20d179e70076cc036a2a1605000000320800000000000000a172903acab90671ffbb70cef20d945aa586d65a3d7f02224c14f1bdd7d464089414700000000000d384d29308f038cb863cce9acc92b74162953f799a801e4f0a49bd983a793d0f756d427b702ca97d7ba31392f173f30271fa144340a90d74208ee26834d00e37642d03645ffbe9e50affba1233832cbf4882a813cb286fcf95f9db2dd885905284f167992356c7667b5f2e5dddb33f7b43e9988f2c5ebe21e47dc96e22e3d9b9a00a153f2534b2302c88a1d58ac9defdb908981b674ae9470a1a00c47bcc6f9b2d875f101167322be2bfef76a9d17317abc90ab10880ef5ae883053823dc9c2a67c1b51cbcc45af13b649a7d860df49873b7d80b1caaae549e581dd3c8d960320a"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 06:12:37 executing program 2: prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setattr(r0, 0x0, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sched_setattr(0x0, &(0x7f0000000180)={0x38, 0x1, 0x0, 0x0, 0x3}, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000000200)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r2 = open(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) fchdir(r2) r3 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ftruncate(r3, 0x800) lseek(r3, 0x0, 0x2) r4 = open(&(0x7f0000001840)='./bus\x00', 0x80, 0x0) sendfile(r3, r4, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0xa0) [ 702.435651][ T28] audit: type=1804 audit(1590300757.426:170): pid=18426 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir182037091/syzkaller.fFo22x/360/file0/bus" dev="loop2" ino=104 res=1 [ 702.511738][ T28] audit: type=1804 audit(1590300757.486:171): pid=18430 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir182037091/syzkaller.fFo22x/360/file0/bus" dev="loop2" ino=104 res=1 [ 703.192442][T16016] attempt to access beyond end of device [ 703.198633][T16016] loop2: rw=1, want=4381, limit=63 [ 703.208284][T16016] attempt to access beyond end of device [ 703.213921][T16016] loop2: rw=1, want=6429, limit=63 [ 703.223148][T16016] attempt to access beyond end of device [ 703.228895][T16016] loop2: rw=1, want=8477, limit=63 [ 703.238655][T16016] attempt to access beyond end of device [ 703.244382][T16016] loop2: rw=1, want=10525, limit=63 [ 703.253743][T16016] attempt to access beyond end of device [ 703.260470][T16016] loop2: rw=1, want=12573, limit=63 [ 703.273067][T16016] attempt to access beyond end of device [ 703.279035][T16016] loop2: rw=1, want=16053, limit=63 [ 703.293317][T16016] attempt to access beyond end of device [ 703.299073][T16016] loop2: rw=1, want=20149, limit=63 [ 703.313592][T16016] attempt to access beyond end of device [ 703.319300][T16016] loop2: rw=1, want=24245, limit=63 [ 703.333754][T16016] attempt to access beyond end of device [ 703.339814][T16016] loop2: rw=1, want=28341, limit=63 [ 703.353820][T16016] attempt to access beyond end of device [ 703.359850][T16016] loop2: rw=1, want=32437, limit=63 [ 703.370071][T16016] attempt to access beyond end of device [ 703.375995][T16016] loop2: rw=1, want=33361, limit=63 06:12:39 executing program 5: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x0) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r2, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102385, 0x18ff1}], 0x3, 0x0, 0x0, 0x0) tkill(r2, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @ext={0x2a, &(0x7f00000193c0)="f7f258480aa42220e779e70076cc036a2a160500000032a56f7259e480249950f34c6aa172903acab906"}}], 0x1c) ptrace$setregs(0xd, r2, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r2, 0x0, 0x0) 06:12:39 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102385, 0x18ff1}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x0, 0x0}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 06:12:39 executing program 1: pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_kcm_SIOCKCMATTACH(0xffffffffffffffff, 0x89e0, 0x0) vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1) readv(r0, &(0x7f00000001c0)=[{0x0}], 0x1) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$VT_WAITACTIVE(0xffffffffffffffff, 0x5607) close(r1) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x80000000000002, &(0x7f0000000800)=0x16c, 0x4) setsockopt$inet_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f0000000480)={@in={{0x2, 0x0, @local}}, 0x0, 0x20000000005}, 0xd8) bind$inet(r3, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r3, 0x0, 0x0, 0x200007fd, &(0x7f0000000100)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r3, 0x1, 0x8, &(0x7f0000000000), 0x9f) recvmsg(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000840)=""/4096, 0x1000}, {&(0x7f0000001840)=""/4096, 0x1000}, {0x0}], 0x3}, 0x300) splice(r0, 0x0, r1, 0x0, 0xfffd, 0x0) 06:12:39 executing program 0: sendmmsg$inet(0xffffffffffffffff, &(0x7f0000000080)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0, 0xfffffd6b, &(0x7f0000000380)}}], 0x2, 0x0) r0 = gettid() prctl$PR_SET_PTRACER(0x59616d61, r0) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{0x0}], 0x1, 0x0) ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f00000000c0)={@mcast2, 0xe}) ptrace$setopts(0x4206, r1, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000140)=""/71, 0x47}], 0x3, 0x0, 0x0, 0x0) tkill(r1, 0x3c) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r1, 0x0, 0x0) 06:12:39 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) tkill(r0, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x128, &(0x7f00000193c0)="f7f258480aa4ce20d179e70076cc036a2a1605000000320800000000000000a172903acab90671ffbb70cef20d945aa586d65a3d7f02224c14f1bdd7d464089414700000000000d384d29308f038cb863cce9acc92b74162953f799a801e4f0a49bd983a793d0f756d427b702ca97d7ba31392f173f30271fa144340a90d74208ee26834d00e37642d03645ffbe9e50affba1233832cbf4882a813cb286fcf95f9db2dd885905284f167992356c7667b5f2e5dddb33f7b43e9988f2c5ebe21e47dc96e22e3d9b9a00a153f2534b2302c88a1d58ac9defdb908981b674ae9470a1a00c47bcc6f9b2d875f101167322be2bfef76a9d17317abc90ab10880ef5ae883053823dc9c2a67c1b51cbcc45af13b649a7d860df49873b7d80b1caaae549e581dd3c8d960320a"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 06:12:39 executing program 2: prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setattr(r0, 0x0, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sched_setattr(0x0, &(0x7f0000000180)={0x38, 0x1, 0x0, 0x0, 0x3}, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000000200)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r2 = open(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) fchdir(r2) r3 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ftruncate(r3, 0x800) lseek(r3, 0x0, 0x2) r4 = open(&(0x7f0000001840)='./bus\x00', 0x80, 0x0) sendfile(r3, r4, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0xa0) 06:12:39 executing program 1: pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_kcm_SIOCKCMATTACH(0xffffffffffffffff, 0x89e0, 0x0) vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1) readv(r0, &(0x7f00000001c0)=[{0x0}], 0x1) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$VT_WAITACTIVE(0xffffffffffffffff, 0x5607) close(r1) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x80000000000002, &(0x7f0000000800)=0x16c, 0x4) setsockopt$inet_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f0000000480)={@in={{0x2, 0x0, @local}}, 0x0, 0x20000000005}, 0xd8) bind$inet(r3, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r3, 0x0, 0x0, 0x200007fd, &(0x7f0000000100)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r3, 0x1, 0x8, &(0x7f0000000000), 0x9f) recvmsg(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000840)=""/4096, 0x1000}, {&(0x7f0000001840)=""/4096, 0x1000}, {0x0}], 0x3}, 0x300) splice(r0, 0x0, r1, 0x0, 0xfffd, 0x0) [ 704.863642][ T28] audit: type=1804 audit(1590300759.846:172): pid=18458 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir182037091/syzkaller.fFo22x/361/file0/bus" dev="loop2" ino=105 res=1 [ 704.943089][ T28] audit: type=1804 audit(1590300759.926:173): pid=18463 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir182037091/syzkaller.fFo22x/361/file0/bus" dev="loop2" ino=105 res=1 06:12:40 executing program 1: pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_kcm_SIOCKCMATTACH(0xffffffffffffffff, 0x89e0, 0x0) vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1) readv(r0, &(0x7f00000001c0)=[{0x0}], 0x1) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$VT_WAITACTIVE(0xffffffffffffffff, 0x5607) close(r1) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x80000000000002, &(0x7f0000000800)=0x16c, 0x4) setsockopt$inet_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f0000000480)={@in={{0x2, 0x0, @local}}, 0x0, 0x20000000005}, 0xd8) bind$inet(0xffffffffffffffff, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r3, 0x0, 0x0, 0x200007fd, &(0x7f0000000100)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r3, 0x1, 0x8, &(0x7f0000000000), 0x9f) recvmsg(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000840)=""/4096, 0x1000}, {&(0x7f0000001840)=""/4096, 0x1000}, {0x0}], 0x3}, 0x300) splice(r0, 0x0, r1, 0x0, 0xfffd, 0x0) 06:12:40 executing program 2: prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setattr(r0, 0x0, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sched_setattr(0x0, &(0x7f0000000180)={0x38, 0x1, 0x0, 0x0, 0x3}, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000000200)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r2 = open(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) fchdir(r2) r3 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ftruncate(r3, 0x800) lseek(r3, 0x0, 0x2) r4 = open(&(0x7f0000001840)='./bus\x00', 0x80, 0x0) sendfile(r3, r4, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0xa0) [ 705.603042][ T628] attempt to access beyond end of device [ 705.627789][ T628] loop2: rw=1, want=3429, limit=63 [ 705.638860][ T628] attempt to access beyond end of device [ 705.644596][ T628] loop2: rw=1, want=5477, limit=63 06:12:40 executing program 1: pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_kcm_SIOCKCMATTACH(0xffffffffffffffff, 0x89e0, 0x0) vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1) readv(r0, &(0x7f00000001c0)=[{0x0}], 0x1) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$VT_WAITACTIVE(0xffffffffffffffff, 0x5607) close(r1) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x80000000000002, &(0x7f0000000800)=0x16c, 0x4) setsockopt$inet_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f0000000480)={@in={{0x2, 0x0, @local}}, 0x0, 0x20000000005}, 0xd8) bind$inet(0xffffffffffffffff, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r3, 0x0, 0x0, 0x200007fd, &(0x7f0000000100)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r3, 0x1, 0x8, &(0x7f0000000000), 0x9f) recvmsg(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000840)=""/4096, 0x1000}, {&(0x7f0000001840)=""/4096, 0x1000}, {0x0}], 0x3}, 0x300) splice(r0, 0x0, r1, 0x0, 0xfffd, 0x0) [ 705.660683][ T628] attempt to access beyond end of device [ 705.666513][ T628] loop2: rw=1, want=7525, limit=63 [ 705.676610][ T628] attempt to access beyond end of device [ 705.682299][ T628] loop2: rw=1, want=9573, limit=63 [ 705.692844][ T628] attempt to access beyond end of device [ 705.698620][ T628] loop2: rw=1, want=11621, limit=63 [ 705.727754][ T628] attempt to access beyond end of device [ 705.733510][ T628] loop2: rw=1, want=13669, limit=63 [ 705.771740][ T628] attempt to access beyond end of device [ 705.794795][ T628] loop2: rw=1, want=17077, limit=63 [ 705.814303][ T628] attempt to access beyond end of device [ 705.830486][ T628] loop2: rw=1, want=21173, limit=63 06:12:40 executing program 1: pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_kcm_SIOCKCMATTACH(0xffffffffffffffff, 0x89e0, 0x0) vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1) readv(r0, &(0x7f00000001c0)=[{0x0}], 0x1) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$VT_WAITACTIVE(0xffffffffffffffff, 0x5607) close(r1) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x80000000000002, &(0x7f0000000800)=0x16c, 0x4) setsockopt$inet_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f0000000480)={@in={{0x2, 0x0, @local}}, 0x0, 0x20000000005}, 0xd8) bind$inet(0xffffffffffffffff, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r3, 0x0, 0x0, 0x200007fd, &(0x7f0000000100)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r3, 0x1, 0x8, &(0x7f0000000000), 0x9f) recvmsg(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000840)=""/4096, 0x1000}, {&(0x7f0000001840)=""/4096, 0x1000}, {0x0}], 0x3}, 0x300) splice(r0, 0x0, r1, 0x0, 0xfffd, 0x0) [ 705.851032][ T628] attempt to access beyond end of device [ 705.856874][ T628] loop2: rw=1, want=25269, limit=63 [ 705.873407][ T628] attempt to access beyond end of device [ 705.879184][ T628] loop2: rw=1, want=26865, limit=63 06:12:40 executing program 1: pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_kcm_SIOCKCMATTACH(0xffffffffffffffff, 0x89e0, 0x0) vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1) readv(r0, &(0x7f00000001c0)=[{0x0}], 0x1) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$VT_WAITACTIVE(0xffffffffffffffff, 0x5607) close(r1) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x80000000000002, &(0x7f0000000800)=0x16c, 0x4) setsockopt$inet_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f0000000480)={@in={{0x2, 0x0, @local}}, 0x0, 0x20000000005}, 0xd8) bind$inet(r3, 0x0, 0x0) sendto$inet(r3, 0x0, 0x0, 0x200007fd, &(0x7f0000000100)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r3, 0x1, 0x8, &(0x7f0000000000), 0x9f) recvmsg(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000840)=""/4096, 0x1000}, {&(0x7f0000001840)=""/4096, 0x1000}, {0x0}], 0x3}, 0x300) splice(r0, 0x0, r1, 0x0, 0xfffd, 0x0) [ 706.115498][ T28] audit: type=1804 audit(1590300761.106:174): pid=18480 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir182037091/syzkaller.fFo22x/362/file0/bus" dev="loop2" ino=106 res=1 [ 706.194101][ T28] audit: type=1804 audit(1590300761.176:175): pid=18485 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir182037091/syzkaller.fFo22x/362/file0/bus" dev="loop2" ino=106 res=1 [ 706.859845][ T628] attempt to access beyond end of device [ 706.865988][ T628] loop2: rw=1, want=3405, limit=63 [ 706.875425][ T628] attempt to access beyond end of device [ 706.881340][ T628] loop2: rw=1, want=5453, limit=63 [ 706.893229][ T628] attempt to access beyond end of device [ 706.899222][ T628] loop2: rw=1, want=7501, limit=63 [ 706.908490][ T628] attempt to access beyond end of device [ 706.914136][ T628] loop2: rw=1, want=9549, limit=63 [ 706.926309][ T628] attempt to access beyond end of device [ 706.931959][ T628] loop2: rw=1, want=11597, limit=63 [ 706.943375][ T628] attempt to access beyond end of device [ 706.950036][ T628] loop2: rw=1, want=13645, limit=63 [ 706.960029][ T628] attempt to access beyond end of device [ 706.966110][ T628] loop2: rw=1, want=16037, limit=63 [ 706.979049][ T628] attempt to access beyond end of device [ 706.984721][ T628] loop2: rw=1, want=20133, limit=63 [ 706.999451][ T628] attempt to access beyond end of device [ 707.005127][ T628] loop2: rw=1, want=24229, limit=63 [ 707.019024][ T628] attempt to access beyond end of device [ 707.025001][ T628] loop2: rw=1, want=28325, limit=63 [ 707.033163][ T628] attempt to access beyond end of device [ 707.039718][ T628] loop2: rw=1, want=28697, limit=63 06:12:42 executing program 5: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x0) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r2, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102385, 0x18ff1}], 0x3, 0x0, 0x0, 0x0) tkill(r2, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @ext={0x2a, &(0x7f00000193c0)="f7f258480aa42220e779e70076cc036a2a160500000032a56f7259e480249950f34c6aa172903acab906"}}], 0x1c) ptrace$setregs(0xd, r2, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r2, 0x0, 0x0) 06:12:42 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102385, 0x18ff1}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x0, 0x0}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 06:12:42 executing program 1: pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_kcm_SIOCKCMATTACH(0xffffffffffffffff, 0x89e0, 0x0) vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1) readv(r0, &(0x7f00000001c0)=[{0x0}], 0x1) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$VT_WAITACTIVE(0xffffffffffffffff, 0x5607) close(r1) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x80000000000002, &(0x7f0000000800)=0x16c, 0x4) setsockopt$inet_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f0000000480)={@in={{0x2, 0x0, @local}}, 0x0, 0x20000000005}, 0xd8) bind$inet(r3, 0x0, 0x0) sendto$inet(r3, 0x0, 0x0, 0x200007fd, &(0x7f0000000100)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r3, 0x1, 0x8, &(0x7f0000000000), 0x9f) recvmsg(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000840)=""/4096, 0x1000}, {&(0x7f0000001840)=""/4096, 0x1000}, {0x0}], 0x3}, 0x300) splice(r0, 0x0, r1, 0x0, 0xfffd, 0x0) 06:12:42 executing program 0: sendmmsg$inet(0xffffffffffffffff, &(0x7f0000000080)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0, 0xfffffd6b, &(0x7f0000000380)}}], 0x2, 0x0) r0 = gettid() prctl$PR_SET_PTRACER(0x59616d61, r0) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{0x0}], 0x1, 0x0) ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f00000000c0)={@mcast2, 0xe}) ptrace$setopts(0x4206, r1, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000140)=""/71, 0x47}], 0x3, 0x0, 0x0, 0x0) tkill(r1, 0x3c) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r1, 0x0, 0x0) 06:12:42 executing program 2: prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setattr(r0, 0x0, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x9}, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sched_setattr(0x0, &(0x7f0000000180)={0x38, 0x1, 0x0, 0x0, 0x3}, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000000200)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r2 = open(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) fchdir(r2) r3 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ftruncate(r3, 0x800) lseek(r3, 0x0, 0x2) r4 = open(&(0x7f0000001840)='./bus\x00', 0x80, 0x0) sendfile(r3, r4, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0xa0) 06:12:42 executing program 5: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x0) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r2, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102385, 0x18ff1}], 0x3, 0x0, 0x0, 0x0) tkill(r2, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @ext={0x2a, &(0x7f00000193c0)="f7f258480aa42220e779e70076cc036a2a160500000032a56f7259e480249950f34c6aa172903acab906"}}], 0x1c) ptrace$setregs(0xd, r2, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r2, 0x0, 0x0) 06:12:42 executing program 1: pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_kcm_SIOCKCMATTACH(0xffffffffffffffff, 0x89e0, 0x0) vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1) readv(r0, &(0x7f00000001c0)=[{0x0}], 0x1) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$VT_WAITACTIVE(0xffffffffffffffff, 0x5607) close(r1) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x80000000000002, &(0x7f0000000800)=0x16c, 0x4) setsockopt$inet_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f0000000480)={@in={{0x2, 0x0, @local}}, 0x0, 0x20000000005}, 0xd8) bind$inet(r3, 0x0, 0x0) sendto$inet(r3, 0x0, 0x0, 0x200007fd, &(0x7f0000000100)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r3, 0x1, 0x8, &(0x7f0000000000), 0x9f) recvmsg(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000840)=""/4096, 0x1000}, {&(0x7f0000001840)=""/4096, 0x1000}, {0x0}], 0x3}, 0x300) splice(r0, 0x0, r1, 0x0, 0xfffd, 0x0) 06:12:42 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102385, 0x18ff1}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x0, &(0x7f00000193c0)}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 06:12:42 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) tkill(r0, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x128, &(0x7f00000193c0)="f7f258480aa4ce20d179e70076cc036a2a1605000000320800000000000000a172903acab90671ffbb70cef20d945aa586d65a3d7f02224c14f1bdd7d464089414700000000000d384d29308f038cb863cce9acc92b74162953f799a801e4f0a49bd983a793d0f756d427b702ca97d7ba31392f173f30271fa144340a90d74208ee26834d00e37642d03645ffbe9e50affba1233832cbf4882a813cb286fcf95f9db2dd885905284f167992356c7667b5f2e5dddb33f7b43e9988f2c5ebe21e47dc96e22e3d9b9a00a153f2534b2302c88a1d58ac9defdb908981b674ae9470a1a00c47bcc6f9b2d875f101167322be2bfef76a9d17317abc90ab10880ef5ae883053823dc9c2a67c1b51cbcc45af13b649a7d860df49873b7d80b1caaae549e581dd3c8d960320a"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 06:12:42 executing program 1: pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_kcm_SIOCKCMATTACH(0xffffffffffffffff, 0x89e0, 0x0) vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1) readv(r0, &(0x7f00000001c0)=[{0x0}], 0x1) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$VT_WAITACTIVE(0xffffffffffffffff, 0x5607) close(r1) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x80000000000002, &(0x7f0000000800)=0x16c, 0x4) setsockopt$inet_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f0000000480)={@in={{0x2, 0x0, @local}}, 0x0, 0x20000000005}, 0xd8) bind$inet(r3, &(0x7f0000deb000)={0x2, 0x0, @multicast1}, 0x10) sendto$inet(r3, 0x0, 0x0, 0x200007fd, &(0x7f0000000100)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r3, 0x1, 0x8, &(0x7f0000000000), 0x9f) recvmsg(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000840)=""/4096, 0x1000}, {&(0x7f0000001840)=""/4096, 0x1000}, {0x0}], 0x3}, 0x300) splice(r0, 0x0, r1, 0x0, 0xfffd, 0x0) 06:12:42 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) tkill(r0, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x128, &(0x7f00000193c0)="f7f258480aa4ce20d179e70076cc036a2a1605000000320800000000000000a172903acab90671ffbb70cef20d945aa586d65a3d7f02224c14f1bdd7d464089414700000000000d384d29308f038cb863cce9acc92b74162953f799a801e4f0a49bd983a793d0f756d427b702ca97d7ba31392f173f30271fa144340a90d74208ee26834d00e37642d03645ffbe9e50affba1233832cbf4882a813cb286fcf95f9db2dd885905284f167992356c7667b5f2e5dddb33f7b43e9988f2c5ebe21e47dc96e22e3d9b9a00a153f2534b2302c88a1d58ac9defdb908981b674ae9470a1a00c47bcc6f9b2d875f101167322be2bfef76a9d17317abc90ab10880ef5ae883053823dc9c2a67c1b51cbcc45af13b649a7d860df49873b7d80b1caaae549e581dd3c8d960320a"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 06:12:43 executing program 5: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r2, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102385, 0x18ff1}], 0x3, 0x0, 0x0, 0x0) tkill(r2, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @ext={0x2a, &(0x7f00000193c0)="f7f258480aa42220e779e70076cc036a2a160500000032a56f7259e480249950f34c6aa172903acab906"}}], 0x1c) ptrace$setregs(0xd, r2, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r2, 0x0, 0x0) 06:12:43 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102385, 0x18ff1}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x0, &(0x7f00000193c0)}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) [ 708.014587][ T28] audit: type=1804 audit(1590300762.996:176): pid=18519 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir182037091/syzkaller.fFo22x/363/file0/bus" dev="loop2" ino=107 res=1 [ 708.133417][ T28] audit: type=1804 audit(1590300763.076:177): pid=18525 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir182037091/syzkaller.fFo22x/363/file0/bus" dev="loop2" ino=107 res=1 06:12:43 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}], 0x2, 0x0, 0x0, 0x0) tkill(r0, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x128, &(0x7f00000193c0)="f7f258480aa4ce20d179e70076cc036a2a1605000000320800000000000000a172903acab90671ffbb70cef20d945aa586d65a3d7f02224c14f1bdd7d464089414700000000000d384d29308f038cb863cce9acc92b74162953f799a801e4f0a49bd983a793d0f756d427b702ca97d7ba31392f173f30271fa144340a90d74208ee26834d00e37642d03645ffbe9e50affba1233832cbf4882a813cb286fcf95f9db2dd885905284f167992356c7667b5f2e5dddb33f7b43e9988f2c5ebe21e47dc96e22e3d9b9a00a153f2534b2302c88a1d58ac9defdb908981b674ae9470a1a00c47bcc6f9b2d875f101167322be2bfef76a9d17317abc90ab10880ef5ae883053823dc9c2a67c1b51cbcc45af13b649a7d860df49873b7d80b1caaae549e581dd3c8d960320a"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 06:12:43 executing program 1: pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_kcm_SIOCKCMATTACH(0xffffffffffffffff, 0x89e0, 0x0) vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1) readv(r0, &(0x7f00000001c0)=[{0x0}], 0x1) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$VT_WAITACTIVE(0xffffffffffffffff, 0x5607) close(r1) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x80000000000002, &(0x7f0000000800)=0x16c, 0x4) setsockopt$inet_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f0000000480)={@in={{0x2, 0x0, @local}}, 0x0, 0x20000000005}, 0xd8) bind$inet(r3, &(0x7f0000deb000)={0x2, 0x0, @multicast1}, 0x10) sendto$inet(r3, 0x0, 0x0, 0x200007fd, &(0x7f0000000100)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r3, 0x1, 0x8, &(0x7f0000000000), 0x9f) recvmsg(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000840)=""/4096, 0x1000}, {&(0x7f0000001840)=""/4096, 0x1000}, {0x0}], 0x3}, 0x300) splice(r0, 0x0, r1, 0x0, 0xfffd, 0x0) 06:12:45 executing program 0: sendmmsg$inet(0xffffffffffffffff, &(0x7f0000000080)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0, 0xfffffd6b, &(0x7f0000000380)}}], 0x2, 0x0) r0 = gettid() prctl$PR_SET_PTRACER(0x59616d61, r0) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{0x0}], 0x1, 0x0) ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f00000000c0)={@mcast2, 0xe}) ptrace$setopts(0x4206, r1, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000140)=""/71, 0x47}], 0x3, 0x0, 0x0, 0x0) tkill(r1, 0x3c) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r1, 0x0, 0x0) 06:12:45 executing program 5: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r2, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102385, 0x18ff1}], 0x3, 0x0, 0x0, 0x0) tkill(r2, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @ext={0x2a, &(0x7f00000193c0)="f7f258480aa42220e779e70076cc036a2a160500000032a56f7259e480249950f34c6aa172903acab906"}}], 0x1c) ptrace$setregs(0xd, r2, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r2, 0x0, 0x0) 06:12:45 executing program 1: pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_kcm_SIOCKCMATTACH(0xffffffffffffffff, 0x89e0, 0x0) vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1) readv(r0, &(0x7f00000001c0)=[{0x0}], 0x1) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$VT_WAITACTIVE(0xffffffffffffffff, 0x5607) close(r1) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x80000000000002, &(0x7f0000000800)=0x16c, 0x4) setsockopt$inet_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f0000000480)={@in={{0x2, 0x0, @local}}, 0x0, 0x20000000005}, 0xd8) bind$inet(r3, &(0x7f0000deb000)={0x2, 0x0, @multicast1}, 0x10) sendto$inet(r3, 0x0, 0x0, 0x200007fd, &(0x7f0000000100)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r3, 0x1, 0x8, &(0x7f0000000000), 0x9f) recvmsg(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000840)=""/4096, 0x1000}, {&(0x7f0000001840)=""/4096, 0x1000}, {0x0}], 0x3}, 0x300) splice(r0, 0x0, r1, 0x0, 0xfffd, 0x0) 06:12:45 executing program 2: prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setattr(r0, 0x0, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x9}, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sched_setattr(0x0, &(0x7f0000000180)={0x38, 0x1, 0x0, 0x0, 0x3}, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000000200)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r2 = open(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) fchdir(r2) r3 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ftruncate(r3, 0x800) lseek(r3, 0x0, 0x2) r4 = open(&(0x7f0000001840)='./bus\x00', 0x80, 0x0) sendfile(r3, r4, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0xa0) 06:12:45 executing program 1: pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_kcm_SIOCKCMATTACH(0xffffffffffffffff, 0x89e0, 0x0) vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1) readv(r0, &(0x7f00000001c0)=[{0x0}], 0x1) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$VT_WAITACTIVE(0xffffffffffffffff, 0x5607) close(r1) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x80000000000002, &(0x7f0000000800)=0x16c, 0x4) setsockopt$inet_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f0000000480)={@in={{0x2, 0x0, @local}}, 0x0, 0x20000000005}, 0xd8) bind$inet(r3, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x200007fd, &(0x7f0000000100)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r3, 0x1, 0x8, &(0x7f0000000000), 0x9f) recvmsg(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000840)=""/4096, 0x1000}, {&(0x7f0000001840)=""/4096, 0x1000}, {0x0}], 0x3}, 0x300) splice(r0, 0x0, r1, 0x0, 0xfffd, 0x0) [ 711.064233][ T28] audit: type=1804 audit(1590300766.046:178): pid=18561 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir182037091/syzkaller.fFo22x/364/file0/bus" dev="loop2" ino=108 res=1 06:12:46 executing program 5: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r2, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102385, 0x18ff1}], 0x3, 0x0, 0x0, 0x0) tkill(r2, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @ext={0x2a, &(0x7f00000193c0)="f7f258480aa42220e779e70076cc036a2a160500000032a56f7259e480249950f34c6aa172903acab906"}}], 0x1c) ptrace$setregs(0xd, r2, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r2, 0x0, 0x0) 06:12:46 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102385, 0x18ff1}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x0, &(0x7f00000193c0)}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) [ 711.162497][ T28] audit: type=1804 audit(1590300766.146:179): pid=18571 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir182037091/syzkaller.fFo22x/364/file0/bus" dev="loop2" ino=108 res=1 06:12:46 executing program 1: pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_kcm_SIOCKCMATTACH(0xffffffffffffffff, 0x89e0, 0x0) vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1) readv(r0, &(0x7f00000001c0)=[{0x0}], 0x1) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$VT_WAITACTIVE(0xffffffffffffffff, 0x5607) close(r1) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x80000000000002, &(0x7f0000000800)=0x16c, 0x4) setsockopt$inet_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f0000000480)={@in={{0x2, 0x0, @local}}, 0x0, 0x20000000005}, 0xd8) bind$inet(r3, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x200007fd, &(0x7f0000000100)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r3, 0x1, 0x8, &(0x7f0000000000), 0x9f) recvmsg(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000840)=""/4096, 0x1000}, {&(0x7f0000001840)=""/4096, 0x1000}, {0x0}], 0x3}, 0x300) splice(r0, 0x0, r1, 0x0, 0xfffd, 0x0) 06:12:46 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}], 0x2, 0x0, 0x0, 0x0) tkill(r0, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x128, &(0x7f00000193c0)="f7f258480aa4ce20d179e70076cc036a2a1605000000320800000000000000a172903acab90671ffbb70cef20d945aa586d65a3d7f02224c14f1bdd7d464089414700000000000d384d29308f038cb863cce9acc92b74162953f799a801e4f0a49bd983a793d0f756d427b702ca97d7ba31392f173f30271fa144340a90d74208ee26834d00e37642d03645ffbe9e50affba1233832cbf4882a813cb286fcf95f9db2dd885905284f167992356c7667b5f2e5dddb33f7b43e9988f2c5ebe21e47dc96e22e3d9b9a00a153f2534b2302c88a1d58ac9defdb908981b674ae9470a1a00c47bcc6f9b2d875f101167322be2bfef76a9d17317abc90ab10880ef5ae883053823dc9c2a67c1b51cbcc45af13b649a7d860df49873b7d80b1caaae549e581dd3c8d960320a"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 06:12:46 executing program 1: pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_kcm_SIOCKCMATTACH(0xffffffffffffffff, 0x89e0, 0x0) vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1) readv(r0, &(0x7f00000001c0)=[{0x0}], 0x1) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$VT_WAITACTIVE(0xffffffffffffffff, 0x5607) close(r1) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x80000000000002, &(0x7f0000000800)=0x16c, 0x4) setsockopt$inet_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f0000000480)={@in={{0x2, 0x0, @local}}, 0x0, 0x20000000005}, 0xd8) bind$inet(r3, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x200007fd, &(0x7f0000000100)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r3, 0x1, 0x8, &(0x7f0000000000), 0x9f) recvmsg(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000840)=""/4096, 0x1000}, {&(0x7f0000001840)=""/4096, 0x1000}, {0x0}], 0x3}, 0x300) splice(r0, 0x0, r1, 0x0, 0xfffd, 0x0) 06:12:46 executing program 5: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() wait4(0x0, 0x0, 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r2, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102385, 0x18ff1}], 0x3, 0x0, 0x0, 0x0) tkill(r2, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @ext={0x2a, &(0x7f00000193c0)="f7f258480aa42220e779e70076cc036a2a160500000032a56f7259e480249950f34c6aa172903acab906"}}], 0x1c) ptrace$setregs(0xd, r2, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r2, 0x0, 0x0) 06:12:46 executing program 5: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() wait4(0x0, 0x0, 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r2, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102385, 0x18ff1}], 0x3, 0x0, 0x0, 0x0) tkill(r2, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @ext={0x2a, &(0x7f00000193c0)="f7f258480aa42220e779e70076cc036a2a160500000032a56f7259e480249950f34c6aa172903acab906"}}], 0x1c) ptrace$setregs(0xd, r2, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r2, 0x0, 0x0) 06:12:48 executing program 1: pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_kcm_SIOCKCMATTACH(0xffffffffffffffff, 0x89e0, 0x0) vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1) readv(r0, &(0x7f00000001c0)=[{0x0}], 0x1) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$VT_WAITACTIVE(0xffffffffffffffff, 0x5607) close(r1) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x80000000000002, &(0x7f0000000800)=0x16c, 0x4) setsockopt$inet_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f0000000480)={@in={{0x2, 0x0, @local}}, 0x0, 0x20000000005}, 0xd8) bind$inet(r3, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r3, 0x0, 0x0, 0x0, &(0x7f0000000100)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r3, 0x1, 0x8, &(0x7f0000000000), 0x9f) recvmsg(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000840)=""/4096, 0x1000}, {&(0x7f0000001840)=""/4096, 0x1000}, {0x0}], 0x3}, 0x300) splice(r0, 0x0, r1, 0x0, 0xfffd, 0x0) 06:12:48 executing program 0: sendmmsg$inet(0xffffffffffffffff, &(0x7f0000000080)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0, 0xfffffd6b, &(0x7f0000000380)}}], 0x2, 0x0) r0 = gettid() prctl$PR_SET_PTRACER(0x59616d61, r0) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000740)}], 0x1, 0x0) ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f00000000c0)={@mcast2, 0xe}) ptrace$setopts(0x4206, r1, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000140)=""/71, 0x47}], 0x3, 0x0, 0x0, 0x0) tkill(r1, 0x3c) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r1, 0x0, 0x0) 06:12:48 executing program 2: prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setattr(r0, 0x0, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x9}, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sched_setattr(0x0, &(0x7f0000000180)={0x38, 0x1, 0x0, 0x0, 0x3}, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000000200)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r2 = open(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) fchdir(r2) r3 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ftruncate(r3, 0x800) lseek(r3, 0x0, 0x2) r4 = open(&(0x7f0000001840)='./bus\x00', 0x80, 0x0) sendfile(r3, r4, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0xa0) 06:12:48 executing program 5: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() wait4(0x0, 0x0, 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r2, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102385, 0x18ff1}], 0x3, 0x0, 0x0, 0x0) tkill(r2, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @ext={0x2a, &(0x7f00000193c0)="f7f258480aa42220e779e70076cc036a2a160500000032a56f7259e480249950f34c6aa172903acab906"}}], 0x1c) ptrace$setregs(0xd, r2, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r2, 0x0, 0x0) 06:12:48 executing program 5: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r2, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102385, 0x18ff1}], 0x3, 0x0, 0x0, 0x0) tkill(r2, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @ext={0x2a, &(0x7f00000193c0)="f7f258480aa42220e779e70076cc036a2a160500000032a56f7259e480249950f34c6aa172903acab906"}}], 0x1c) ptrace$setregs(0xd, r2, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r2, 0x0, 0x0) 06:12:49 executing program 1: pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_kcm_SIOCKCMATTACH(0xffffffffffffffff, 0x89e0, 0x0) vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1) readv(r0, &(0x7f00000001c0)=[{0x0}], 0x1) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$VT_WAITACTIVE(0xffffffffffffffff, 0x5607) close(r1) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x80000000000002, &(0x7f0000000800)=0x16c, 0x4) setsockopt$inet_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f0000000480)={@in={{0x2, 0x0, @local}}, 0x0, 0x20000000005}, 0xd8) bind$inet(r3, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r3, 0x0, 0x0, 0x0, &(0x7f0000000100)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r3, 0x1, 0x8, &(0x7f0000000000), 0x9f) recvmsg(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000840)=""/4096, 0x1000}, {&(0x7f0000001840)=""/4096, 0x1000}, {0x0}], 0x3}, 0x300) splice(r0, 0x0, r1, 0x0, 0xfffd, 0x0) [ 714.071791][ T28] audit: type=1804 audit(1590300769.056:180): pid=18615 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir182037091/syzkaller.fFo22x/365/file0/bus" dev="loop2" ino=109 res=1 [ 714.161881][ T28] audit: type=1804 audit(1590300769.146:181): pid=18623 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir182037091/syzkaller.fFo22x/365/file0/bus" dev="loop2" ino=109 res=1 06:12:49 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102385, 0x18ff1}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x7f, &(0x7f00000193c0)="f7f258480aa4ce20d179e70076cc036a2a1605000000320800000000000000a172903acab90671ffbb70cef20d945aa586d65a3d7f02224c14f1bdd7d464089414700000000000d384d29308f038cb863cce9acc92b74162953f799a801e4f0a49bd983a793d0f756d427b702ca97d7ba31392f173f30271fa144340a90d74"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 06:12:49 executing program 1: pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_kcm_SIOCKCMATTACH(0xffffffffffffffff, 0x89e0, 0x0) vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1) readv(r0, &(0x7f00000001c0)=[{0x0}], 0x1) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$VT_WAITACTIVE(0xffffffffffffffff, 0x5607) close(r1) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x80000000000002, &(0x7f0000000800)=0x16c, 0x4) setsockopt$inet_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f0000000480)={@in={{0x2, 0x0, @local}}, 0x0, 0x20000000005}, 0xd8) bind$inet(r3, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r3, 0x0, 0x0, 0x0, &(0x7f0000000100)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r3, 0x1, 0x8, &(0x7f0000000000), 0x9f) recvmsg(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000840)=""/4096, 0x1000}, {&(0x7f0000001840)=""/4096, 0x1000}, {0x0}], 0x3}, 0x300) splice(r0, 0x0, r1, 0x0, 0xfffd, 0x0) 06:12:49 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}], 0x2, 0x0, 0x0, 0x0) tkill(r0, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x128, &(0x7f00000193c0)="f7f258480aa4ce20d179e70076cc036a2a1605000000320800000000000000a172903acab90671ffbb70cef20d945aa586d65a3d7f02224c14f1bdd7d464089414700000000000d384d29308f038cb863cce9acc92b74162953f799a801e4f0a49bd983a793d0f756d427b702ca97d7ba31392f173f30271fa144340a90d74208ee26834d00e37642d03645ffbe9e50affba1233832cbf4882a813cb286fcf95f9db2dd885905284f167992356c7667b5f2e5dddb33f7b43e9988f2c5ebe21e47dc96e22e3d9b9a00a153f2534b2302c88a1d58ac9defdb908981b674ae9470a1a00c47bcc6f9b2d875f101167322be2bfef76a9d17317abc90ab10880ef5ae883053823dc9c2a67c1b51cbcc45af13b649a7d860df49873b7d80b1caaae549e581dd3c8d960320a"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 06:12:49 executing program 1: pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_kcm_SIOCKCMATTACH(0xffffffffffffffff, 0x89e0, 0x0) vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1) readv(r0, &(0x7f00000001c0)=[{0x0}], 0x1) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$VT_WAITACTIVE(0xffffffffffffffff, 0x5607) close(r1) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x80000000000002, &(0x7f0000000800)=0x16c, 0x4) setsockopt$inet_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f0000000480)={@in={{0x2, 0x0, @local}}, 0x0, 0x20000000005}, 0xd8) bind$inet(r3, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r3, 0x0, 0x0, 0x200007fd, 0x0, 0x0) setsockopt$sock_int(r3, 0x1, 0x8, &(0x7f0000000000), 0x9f) recvmsg(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000840)=""/4096, 0x1000}, {&(0x7f0000001840)=""/4096, 0x1000}, {0x0}], 0x3}, 0x300) splice(r0, 0x0, r1, 0x0, 0xfffd, 0x0) 06:12:49 executing program 1: pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_kcm_SIOCKCMATTACH(0xffffffffffffffff, 0x89e0, 0x0) vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1) readv(r0, &(0x7f00000001c0)=[{0x0}], 0x1) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$VT_WAITACTIVE(0xffffffffffffffff, 0x5607) close(r1) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x80000000000002, &(0x7f0000000800)=0x16c, 0x4) setsockopt$inet_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f0000000480)={@in={{0x2, 0x0, @local}}, 0x0, 0x20000000005}, 0xd8) bind$inet(r3, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r3, 0x0, 0x0, 0x200007fd, 0x0, 0x0) setsockopt$sock_int(r3, 0x1, 0x8, &(0x7f0000000000), 0x9f) recvmsg(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000840)=""/4096, 0x1000}, {&(0x7f0000001840)=""/4096, 0x1000}, {0x0}], 0x3}, 0x300) splice(r0, 0x0, r1, 0x0, 0xfffd, 0x0) 06:12:49 executing program 1: pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_kcm_SIOCKCMATTACH(0xffffffffffffffff, 0x89e0, 0x0) vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1) readv(r0, &(0x7f00000001c0)=[{0x0}], 0x1) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$VT_WAITACTIVE(0xffffffffffffffff, 0x5607) close(r1) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x80000000000002, &(0x7f0000000800)=0x16c, 0x4) setsockopt$inet_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f0000000480)={@in={{0x2, 0x0, @local}}, 0x0, 0x20000000005}, 0xd8) bind$inet(r3, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r3, 0x0, 0x0, 0x200007fd, 0x0, 0x0) setsockopt$sock_int(r3, 0x1, 0x8, &(0x7f0000000000), 0x9f) recvmsg(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000840)=""/4096, 0x1000}, {&(0x7f0000001840)=""/4096, 0x1000}, {0x0}], 0x3}, 0x300) splice(r0, 0x0, r1, 0x0, 0xfffd, 0x0) 06:12:49 executing program 1: pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_kcm_SIOCKCMATTACH(0xffffffffffffffff, 0x89e0, 0x0) vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1) readv(r0, &(0x7f00000001c0)=[{0x0}], 0x1) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$VT_WAITACTIVE(0xffffffffffffffff, 0x5607) close(r1) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x80000000000002, &(0x7f0000000800)=0x16c, 0x4) setsockopt$inet_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f0000000480)={@in={{0x2, 0x0, @local}}, 0x0, 0x20000000005}, 0xd8) bind$inet(r3, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r3, 0x0, 0x0, 0x200007fd, &(0x7f0000000100)={0x2, 0x0, @local}, 0x10) setsockopt$sock_int(r3, 0x1, 0x8, &(0x7f0000000000), 0x9f) recvmsg(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000840)=""/4096, 0x1000}, {&(0x7f0000001840)=""/4096, 0x1000}, {0x0}], 0x3}, 0x300) splice(r0, 0x0, r1, 0x0, 0xfffd, 0x0) 06:12:49 executing program 1: pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_kcm_SIOCKCMATTACH(0xffffffffffffffff, 0x89e0, 0x0) vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1) readv(r0, &(0x7f00000001c0)=[{0x0}], 0x1) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$VT_WAITACTIVE(0xffffffffffffffff, 0x5607) close(r1) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x80000000000002, &(0x7f0000000800)=0x16c, 0x4) setsockopt$inet_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f0000000480)={@in={{0x2, 0x0, @local}}, 0x0, 0x20000000005}, 0xd8) bind$inet(r3, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r3, 0x0, 0x0, 0x200007fd, &(0x7f0000000100)={0x2, 0x0, @local}, 0x10) setsockopt$sock_int(r3, 0x1, 0x8, &(0x7f0000000000), 0x9f) recvmsg(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000840)=""/4096, 0x1000}, {&(0x7f0000001840)=""/4096, 0x1000}, {0x0}], 0x3}, 0x300) splice(r0, 0x0, r1, 0x0, 0xfffd, 0x0) 06:12:51 executing program 0: sendmmsg$inet(0xffffffffffffffff, &(0x7f0000000080)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0, 0xfffffd6b, &(0x7f0000000380)}}], 0x2, 0x0) r0 = gettid() prctl$PR_SET_PTRACER(0x59616d61, r0) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000740)}], 0x1, 0x0) ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f00000000c0)={@mcast2, 0xe}) ptrace$setopts(0x4206, r1, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000140)=""/71, 0x47}], 0x3, 0x0, 0x0, 0x0) tkill(r1, 0x3c) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r1, 0x0, 0x0) 06:12:51 executing program 1: pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_kcm_SIOCKCMATTACH(0xffffffffffffffff, 0x89e0, 0x0) vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1) readv(r0, &(0x7f00000001c0)=[{0x0}], 0x1) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$VT_WAITACTIVE(0xffffffffffffffff, 0x5607) close(r1) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x80000000000002, &(0x7f0000000800)=0x16c, 0x4) setsockopt$inet_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f0000000480)={@in={{0x2, 0x0, @local}}, 0x0, 0x20000000005}, 0xd8) bind$inet(r3, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r3, 0x0, 0x0, 0x200007fd, &(0x7f0000000100)={0x2, 0x0, @local}, 0x10) setsockopt$sock_int(r3, 0x1, 0x8, &(0x7f0000000000), 0x9f) recvmsg(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000840)=""/4096, 0x1000}, {&(0x7f0000001840)=""/4096, 0x1000}, {0x0}], 0x3}, 0x300) splice(r0, 0x0, r1, 0x0, 0xfffd, 0x0) 06:12:52 executing program 5: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r2, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102385, 0x18ff1}], 0x3, 0x0, 0x0, 0x0) tkill(r2, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @ext={0x2a, &(0x7f00000193c0)="f7f258480aa42220e779e70076cc036a2a160500000032a56f7259e480249950f34c6aa172903acab906"}}], 0x1c) ptrace$setregs(0xd, r2, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r2, 0x0, 0x0) 06:12:52 executing program 2: prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setattr(r0, 0x0, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x9}, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sched_setattr(0x0, &(0x7f0000000180)={0x38, 0x1, 0x0, 0x0, 0x3}, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000000200)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r2 = open(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) fchdir(r2) r3 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ftruncate(r3, 0x800) lseek(r3, 0x0, 0x2) r4 = open(&(0x7f0000001840)='./bus\x00', 0x80, 0x0) sendfile(r3, r4, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0xa0) [ 717.159643][ T28] audit: type=1804 audit(1590300772.146:182): pid=18663 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir182037091/syzkaller.fFo22x/366/file0/bus" dev="loop2" ino=110 res=1 [ 717.222281][ T28] audit: type=1804 audit(1590300772.206:183): pid=18667 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir182037091/syzkaller.fFo22x/366/file0/bus" dev="loop2" ino=110 res=1 06:12:52 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102385, 0x18ff1}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x7f, &(0x7f00000193c0)="f7f258480aa4ce20d179e70076cc036a2a1605000000320800000000000000a172903acab90671ffbb70cef20d945aa586d65a3d7f02224c14f1bdd7d464089414700000000000d384d29308f038cb863cce9acc92b74162953f799a801e4f0a49bd983a793d0f756d427b702ca97d7ba31392f173f30271fa144340a90d74"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 06:12:52 executing program 1: pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_kcm_SIOCKCMATTACH(0xffffffffffffffff, 0x89e0, 0x0) vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1) readv(r0, &(0x7f00000001c0)=[{0x0}], 0x1) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$VT_WAITACTIVE(0xffffffffffffffff, 0x5607) close(r1) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x80000000000002, &(0x7f0000000800)=0x16c, 0x4) setsockopt$inet_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f0000000480)={@in={{0x2, 0x0, @local}}, 0x0, 0x20000000005}, 0xd8) bind$inet(r3, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r3, 0x0, 0x0, 0x200007fd, &(0x7f0000000100)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x8, &(0x7f0000000000), 0x9f) recvmsg(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000840)=""/4096, 0x1000}, {&(0x7f0000001840)=""/4096, 0x1000}, {0x0}], 0x3}, 0x300) splice(r0, 0x0, r1, 0x0, 0xfffd, 0x0) 06:12:52 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {0x0}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x128, &(0x7f00000193c0)="f7f258480aa4ce20d179e70076cc036a2a1605000000320800000000000000a172903acab90671ffbb70cef20d945aa586d65a3d7f02224c14f1bdd7d464089414700000000000d384d29308f038cb863cce9acc92b74162953f799a801e4f0a49bd983a793d0f756d427b702ca97d7ba31392f173f30271fa144340a90d74208ee26834d00e37642d03645ffbe9e50affba1233832cbf4882a813cb286fcf95f9db2dd885905284f167992356c7667b5f2e5dddb33f7b43e9988f2c5ebe21e47dc96e22e3d9b9a00a153f2534b2302c88a1d58ac9defdb908981b674ae9470a1a00c47bcc6f9b2d875f101167322be2bfef76a9d17317abc90ab10880ef5ae883053823dc9c2a67c1b51cbcc45af13b649a7d860df49873b7d80b1caaae549e581dd3c8d960320a"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 06:12:52 executing program 1: pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_kcm_SIOCKCMATTACH(0xffffffffffffffff, 0x89e0, 0x0) vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1) readv(r0, &(0x7f00000001c0)=[{0x0}], 0x1) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$VT_WAITACTIVE(0xffffffffffffffff, 0x5607) close(r1) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x80000000000002, &(0x7f0000000800)=0x16c, 0x4) setsockopt$inet_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f0000000480)={@in={{0x2, 0x0, @local}}, 0x0, 0x20000000005}, 0xd8) bind$inet(r3, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r3, 0x0, 0x0, 0x200007fd, &(0x7f0000000100)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x8, &(0x7f0000000000), 0x9f) recvmsg(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000840)=""/4096, 0x1000}, {&(0x7f0000001840)=""/4096, 0x1000}, {0x0}], 0x3}, 0x300) splice(r0, 0x0, r1, 0x0, 0xfffd, 0x0) 06:12:52 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {0x0}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x128, &(0x7f00000193c0)="f7f258480aa4ce20d179e70076cc036a2a1605000000320800000000000000a172903acab90671ffbb70cef20d945aa586d65a3d7f02224c14f1bdd7d464089414700000000000d384d29308f038cb863cce9acc92b74162953f799a801e4f0a49bd983a793d0f756d427b702ca97d7ba31392f173f30271fa144340a90d74208ee26834d00e37642d03645ffbe9e50affba1233832cbf4882a813cb286fcf95f9db2dd885905284f167992356c7667b5f2e5dddb33f7b43e9988f2c5ebe21e47dc96e22e3d9b9a00a153f2534b2302c88a1d58ac9defdb908981b674ae9470a1a00c47bcc6f9b2d875f101167322be2bfef76a9d17317abc90ab10880ef5ae883053823dc9c2a67c1b51cbcc45af13b649a7d860df49873b7d80b1caaae549e581dd3c8d960320a"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 06:12:52 executing program 1: pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_kcm_SIOCKCMATTACH(0xffffffffffffffff, 0x89e0, 0x0) vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1) readv(r0, &(0x7f00000001c0)=[{0x0}], 0x1) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$VT_WAITACTIVE(0xffffffffffffffff, 0x5607) close(r1) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x80000000000002, &(0x7f0000000800)=0x16c, 0x4) setsockopt$inet_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f0000000480)={@in={{0x2, 0x0, @local}}, 0x0, 0x20000000005}, 0xd8) bind$inet(r3, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r3, 0x0, 0x0, 0x200007fd, &(0x7f0000000100)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x8, &(0x7f0000000000), 0x9f) recvmsg(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000840)=""/4096, 0x1000}, {&(0x7f0000001840)=""/4096, 0x1000}, {0x0}], 0x3}, 0x300) splice(r0, 0x0, r1, 0x0, 0xfffd, 0x0) 06:12:52 executing program 1: pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_kcm_SIOCKCMATTACH(0xffffffffffffffff, 0x89e0, 0x0) vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1) readv(r0, &(0x7f00000001c0)=[{0x0}], 0x1) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$VT_WAITACTIVE(0xffffffffffffffff, 0x5607) close(r1) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x80000000000002, &(0x7f0000000800)=0x16c, 0x4) setsockopt$inet_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f0000000480)={@in={{0x2, 0x0, @local}}, 0x0, 0x20000000005}, 0xd8) bind$inet(r3, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r3, 0x0, 0x0, 0x200007fd, &(0x7f0000000100)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r3, 0x1, 0x0, &(0x7f0000000000), 0x9f) recvmsg(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000840)=""/4096, 0x1000}, {&(0x7f0000001840)=""/4096, 0x1000}, {0x0}], 0x3}, 0x300) splice(r0, 0x0, r1, 0x0, 0xfffd, 0x0) 06:12:52 executing program 2: prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setattr(r0, 0x0, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x9}, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sched_setattr(0x0, &(0x7f0000000180)={0x38, 0x1, 0x0, 0x0, 0x3}, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000000200)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r2 = open(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) fchdir(r2) r3 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ftruncate(r3, 0x800) lseek(r3, 0x0, 0x2) r4 = open(&(0x7f0000001840)='./bus\x00', 0x80, 0x0) sendfile(r3, r4, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0xa0) [ 717.948083][ T169] attempt to access beyond end of device [ 717.953893][ T169] loop2: rw=1, want=3177, limit=63 [ 717.974935][ T169] attempt to access beyond end of device [ 717.980906][ T169] loop2: rw=1, want=5241, limit=63 [ 718.019569][ T169] attempt to access beyond end of device [ 718.032062][ T169] loop2: rw=1, want=7289, limit=63 [ 718.049397][ T169] attempt to access beyond end of device [ 718.056621][ T169] loop2: rw=1, want=9337, limit=63 [ 718.081694][ T169] attempt to access beyond end of device [ 718.088802][ T169] loop2: rw=1, want=11385, limit=63 [ 718.100359][ T169] attempt to access beyond end of device [ 718.107716][ T169] loop2: rw=1, want=13433, limit=63 [ 718.115801][ T169] attempt to access beyond end of device [ 718.121622][ T169] loop2: rw=1, want=13861, limit=63 [ 718.339750][ T28] audit: type=1804 audit(1590300773.327:184): pid=18702 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir182037091/syzkaller.fFo22x/367/file0/bus" dev="loop2" ino=111 res=1 [ 718.414945][ T28] audit: type=1804 audit(1590300773.397:185): pid=18706 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir182037091/syzkaller.fFo22x/367/file0/bus" dev="loop2" ino=111 res=1 [ 719.080020][ T169] attempt to access beyond end of device [ 719.085848][ T169] loop2: rw=1, want=4185, limit=63 [ 719.097436][ T169] attempt to access beyond end of device [ 719.103622][ T169] loop2: rw=1, want=6233, limit=63 [ 719.114183][ T169] attempt to access beyond end of device [ 719.119830][ T169] loop2: rw=1, want=8281, limit=63 [ 719.129778][ T169] attempt to access beyond end of device [ 719.135992][ T169] loop2: rw=1, want=10329, limit=63 [ 719.146077][ T169] attempt to access beyond end of device [ 719.151751][ T169] loop2: rw=1, want=12377, limit=63 [ 719.162963][ T169] attempt to access beyond end of device [ 719.169108][ T169] loop2: rw=1, want=14857, limit=63 [ 719.184074][ T169] attempt to access beyond end of device [ 719.189814][ T169] loop2: rw=1, want=18953, limit=63 [ 719.204418][ T169] attempt to access beyond end of device [ 719.210080][ T169] loop2: rw=1, want=23049, limit=63 [ 719.223736][ T169] attempt to access beyond end of device [ 719.229834][ T169] loop2: rw=1, want=27145, limit=63 [ 719.244034][ T169] attempt to access beyond end of device [ 719.249681][ T169] loop2: rw=1, want=31241, limit=63 [ 719.259472][ T169] attempt to access beyond end of device [ 719.265471][ T169] loop2: rw=1, want=31981, limit=63 06:12:55 executing program 0: sendmmsg$inet(0xffffffffffffffff, &(0x7f0000000080)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0, 0xfffffd6b, &(0x7f0000000380)}}], 0x2, 0x0) r0 = gettid() prctl$PR_SET_PTRACER(0x59616d61, r0) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000740)}], 0x1, 0x0) ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f00000000c0)={@mcast2, 0xe}) ptrace$setopts(0x4206, r1, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000140)=""/71, 0x47}], 0x3, 0x0, 0x0, 0x0) tkill(r1, 0x3c) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r1, 0x0, 0x0) 06:12:55 executing program 1: pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_kcm_SIOCKCMATTACH(0xffffffffffffffff, 0x89e0, 0x0) vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1) readv(r0, &(0x7f00000001c0)=[{0x0}], 0x1) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$VT_WAITACTIVE(0xffffffffffffffff, 0x5607) close(r1) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x80000000000002, &(0x7f0000000800)=0x16c, 0x4) setsockopt$inet_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f0000000480)={@in={{0x2, 0x0, @local}}, 0x0, 0x20000000005}, 0xd8) bind$inet(r3, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r3, 0x0, 0x0, 0x200007fd, &(0x7f0000000100)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r3, 0x1, 0x0, &(0x7f0000000000), 0x9f) recvmsg(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000840)=""/4096, 0x1000}, {&(0x7f0000001840)=""/4096, 0x1000}, {0x0}], 0x3}, 0x300) splice(r0, 0x0, r1, 0x0, 0xfffd, 0x0) 06:12:55 executing program 5: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r2, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102385, 0x18ff1}], 0x3, 0x0, 0x0, 0x0) tkill(r2, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @ext={0x2a, &(0x7f00000193c0)="f7f258480aa42220e779e70076cc036a2a160500000032a56f7259e480249950f34c6aa172903acab906"}}], 0x1c) ptrace$setregs(0xd, r2, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r2, 0x0, 0x0) 06:12:55 executing program 2: prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setattr(r0, 0x0, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x9}, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sched_setattr(0x0, &(0x7f0000000180)={0x38, 0x1, 0x0, 0x0, 0x3}, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000000200)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r2 = open(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) fchdir(r2) r3 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ftruncate(r3, 0x800) lseek(r3, 0x0, 0x2) r4 = open(&(0x7f0000001840)='./bus\x00', 0x80, 0x0) sendfile(r3, r4, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0xa0) [ 720.279265][ T28] audit: type=1804 audit(1590300775.267:186): pid=18722 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir182037091/syzkaller.fFo22x/368/file0/bus" dev="loop2" ino=112 res=1 06:12:55 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102385, 0x18ff1}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x7f, &(0x7f00000193c0)="f7f258480aa4ce20d179e70076cc036a2a1605000000320800000000000000a172903acab90671ffbb70cef20d945aa586d65a3d7f02224c14f1bdd7d464089414700000000000d384d29308f038cb863cce9acc92b74162953f799a801e4f0a49bd983a793d0f756d427b702ca97d7ba31392f173f30271fa144340a90d74"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 06:12:55 executing program 1: pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_kcm_SIOCKCMATTACH(0xffffffffffffffff, 0x89e0, 0x0) vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1) readv(r0, &(0x7f00000001c0)=[{0x0}], 0x1) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$VT_WAITACTIVE(0xffffffffffffffff, 0x5607) close(r1) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x80000000000002, &(0x7f0000000800)=0x16c, 0x4) setsockopt$inet_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f0000000480)={@in={{0x2, 0x0, @local}}, 0x0, 0x20000000005}, 0xd8) bind$inet(r3, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r3, 0x0, 0x0, 0x200007fd, &(0x7f0000000100)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r3, 0x1, 0x0, &(0x7f0000000000), 0x9f) recvmsg(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000840)=""/4096, 0x1000}, {&(0x7f0000001840)=""/4096, 0x1000}, {0x0}], 0x3}, 0x300) splice(r0, 0x0, r1, 0x0, 0xfffd, 0x0) [ 720.355055][ T28] audit: type=1804 audit(1590300775.337:187): pid=18728 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir182037091/syzkaller.fFo22x/368/file0/bus" dev="loop2" ino=112 res=1 06:12:55 executing program 1: pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_kcm_SIOCKCMATTACH(0xffffffffffffffff, 0x89e0, 0x0) vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1) readv(r0, &(0x7f00000001c0)=[{0x0}], 0x1) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$VT_WAITACTIVE(0xffffffffffffffff, 0x5607) close(r1) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x80000000000002, &(0x7f0000000800)=0x16c, 0x4) setsockopt$inet_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f0000000480)={@in={{0x2, 0x0, @local}}, 0x0, 0x20000000005}, 0xd8) bind$inet(r3, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r3, 0x0, 0x0, 0x200007fd, &(0x7f0000000100)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r3, 0x1, 0x8, 0x0, 0x0) recvmsg(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000840)=""/4096, 0x1000}, {&(0x7f0000001840)=""/4096, 0x1000}, {0x0}], 0x3}, 0x300) splice(r0, 0x0, r1, 0x0, 0xfffd, 0x0) 06:12:55 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {0x0}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x128, &(0x7f00000193c0)="f7f258480aa4ce20d179e70076cc036a2a1605000000320800000000000000a172903acab90671ffbb70cef20d945aa586d65a3d7f02224c14f1bdd7d464089414700000000000d384d29308f038cb863cce9acc92b74162953f799a801e4f0a49bd983a793d0f756d427b702ca97d7ba31392f173f30271fa144340a90d74208ee26834d00e37642d03645ffbe9e50affba1233832cbf4882a813cb286fcf95f9db2dd885905284f167992356c7667b5f2e5dddb33f7b43e9988f2c5ebe21e47dc96e22e3d9b9a00a153f2534b2302c88a1d58ac9defdb908981b674ae9470a1a00c47bcc6f9b2d875f101167322be2bfef76a9d17317abc90ab10880ef5ae883053823dc9c2a67c1b51cbcc45af13b649a7d860df49873b7d80b1caaae549e581dd3c8d960320a"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 06:12:55 executing program 1: pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_kcm_SIOCKCMATTACH(0xffffffffffffffff, 0x89e0, 0x0) vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1) readv(r0, &(0x7f00000001c0)=[{0x0}], 0x1) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$VT_WAITACTIVE(0xffffffffffffffff, 0x5607) close(r1) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x80000000000002, &(0x7f0000000800)=0x16c, 0x4) setsockopt$inet_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f0000000480)={@in={{0x2, 0x0, @local}}, 0x0, 0x20000000005}, 0xd8) bind$inet(r3, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r3, 0x0, 0x0, 0x200007fd, &(0x7f0000000100)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r3, 0x1, 0x8, 0x0, 0x0) recvmsg(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000840)=""/4096, 0x1000}, {&(0x7f0000001840)=""/4096, 0x1000}, {0x0}], 0x3}, 0x300) splice(r0, 0x0, r1, 0x0, 0xfffd, 0x0) 06:12:55 executing program 1: pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_kcm_SIOCKCMATTACH(0xffffffffffffffff, 0x89e0, 0x0) vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1) readv(r0, &(0x7f00000001c0)=[{0x0}], 0x1) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$VT_WAITACTIVE(0xffffffffffffffff, 0x5607) close(r1) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x80000000000002, &(0x7f0000000800)=0x16c, 0x4) setsockopt$inet_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f0000000480)={@in={{0x2, 0x0, @local}}, 0x0, 0x20000000005}, 0xd8) bind$inet(r3, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r3, 0x0, 0x0, 0x200007fd, &(0x7f0000000100)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r3, 0x1, 0x8, 0x0, 0x0) recvmsg(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000840)=""/4096, 0x1000}, {&(0x7f0000001840)=""/4096, 0x1000}, {0x0}], 0x3}, 0x300) splice(r0, 0x0, r1, 0x0, 0xfffd, 0x0) 06:12:55 executing program 2: prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setattr(r0, 0x0, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sched_setattr(0x0, &(0x7f0000000180)={0x38, 0x1, 0x0, 0x0, 0x3}, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000000200)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r2 = open(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) fchdir(r2) r3 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ftruncate(r3, 0x800) lseek(r3, 0x0, 0x2) r4 = open(&(0x7f0000001840)='./bus\x00', 0x80, 0x0) sendfile(r3, r4, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0xa0) 06:12:56 executing program 1: pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_kcm_SIOCKCMATTACH(0xffffffffffffffff, 0x89e0, 0x0) vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1) readv(r0, &(0x7f00000001c0)=[{0x0}], 0x1) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$VT_WAITACTIVE(0xffffffffffffffff, 0x5607) close(r1) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x80000000000002, &(0x7f0000000800)=0x16c, 0x4) setsockopt$inet_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f0000000480)={@in={{0x2, 0x0, @local}}, 0x0, 0x20000000005}, 0xd8) bind$inet(r3, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r3, 0x0, 0x0, 0x200007fd, &(0x7f0000000100)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r3, 0x1, 0x8, &(0x7f0000000000), 0x9f) recvmsg(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000840)=""/4096, 0x1000}, {&(0x7f0000001840)=""/4096, 0x1000}, {0x0}], 0x3}, 0x300) splice(r0, 0x0, r1, 0x0, 0xfffd, 0x0) [ 721.176029][ T28] audit: type=1804 audit(1590300776.167:188): pid=18760 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir182037091/syzkaller.fFo22x/369/file0/bus" dev="loop2" ino=113 res=1 [ 721.266267][ T28] audit: type=1804 audit(1590300776.247:189): pid=18767 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir182037091/syzkaller.fFo22x/369/file0/bus" dev="loop2" ino=113 res=1 [ 721.914400][ T628] attempt to access beyond end of device [ 721.920233][ T628] loop2: rw=1, want=2997, limit=63 [ 721.930480][ T628] attempt to access beyond end of device [ 721.944578][ T628] loop2: rw=1, want=5045, limit=63 [ 721.955123][ T628] attempt to access beyond end of device [ 721.960780][ T628] loop2: rw=1, want=7093, limit=63 [ 721.971907][ T628] attempt to access beyond end of device [ 721.979611][ T628] loop2: rw=1, want=9141, limit=63 [ 721.992519][ T628] attempt to access beyond end of device [ 721.998630][ T628] loop2: rw=1, want=11189, limit=63 [ 722.009728][ T628] attempt to access beyond end of device [ 722.015805][ T628] loop2: rw=1, want=13237, limit=63 [ 722.030352][ T628] attempt to access beyond end of device [ 722.036128][ T628] loop2: rw=1, want=17229, limit=63 [ 722.054118][ T628] attempt to access beyond end of device [ 722.060055][ T628] loop2: rw=1, want=21325, limit=63 [ 722.077618][ T628] attempt to access beyond end of device [ 722.083392][ T628] loop2: rw=1, want=25421, limit=63 [ 722.096522][ T628] attempt to access beyond end of device [ 722.102239][ T628] loop2: rw=1, want=27557, limit=63 06:12:58 executing program 2: prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setattr(r0, 0x0, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sched_setattr(0x0, &(0x7f0000000180)={0x38, 0x1, 0x0, 0x0, 0x3}, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000000200)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r2 = open(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) fchdir(r2) r3 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ftruncate(r3, 0x800) lseek(r3, 0x0, 0x2) r4 = open(&(0x7f0000001840)='./bus\x00', 0x80, 0x0) sendfile(r3, r4, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0xa0) 06:12:58 executing program 0: sendmmsg$inet(0xffffffffffffffff, &(0x7f0000000080)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0, 0xfffffd6b, &(0x7f0000000380)}}], 0x2, 0x0) r0 = gettid() prctl$PR_SET_PTRACER(0x59616d61, r0) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000740)="0f", 0x1}], 0x1, 0x0) ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f00000000c0)={@mcast2, 0xe}) ptrace$setopts(0x4206, r1, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000140)=""/71, 0x47}], 0x3, 0x0, 0x0, 0x0) tkill(r1, 0x3c) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r1, 0x0, 0x0) 06:12:58 executing program 5: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100), 0x0, 0x0) ptrace$setopts(0x4206, r2, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102385, 0x18ff1}], 0x3, 0x0, 0x0, 0x0) tkill(r2, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @ext={0x2a, &(0x7f00000193c0)="f7f258480aa42220e779e70076cc036a2a160500000032a56f7259e480249950f34c6aa172903acab906"}}], 0x1c) ptrace$setregs(0xd, r2, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r2, 0x0, 0x0) 06:12:58 executing program 1: pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_kcm_SIOCKCMATTACH(0xffffffffffffffff, 0x89e0, 0x0) vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1) readv(r0, &(0x7f00000001c0)=[{0x0}], 0x1) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$VT_WAITACTIVE(0xffffffffffffffff, 0x5607) close(r1) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x80000000000002, &(0x7f0000000800)=0x16c, 0x4) setsockopt$inet_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f0000000480)={@in={{0x2, 0x0, @local}}, 0x0, 0x20000000005}, 0xd8) bind$inet(r3, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r3, 0x0, 0x0, 0x200007fd, &(0x7f0000000100)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r3, 0x1, 0x8, &(0x7f0000000000), 0x9f) recvmsg(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000840)=""/4096, 0x1000}, {&(0x7f0000001840)=""/4096, 0x1000}, {0x0}], 0x3}, 0x300) splice(r0, 0x0, r1, 0x0, 0xfffd, 0x0) [ 723.242987][ T28] audit: type=1804 audit(1590300778.227:190): pid=18777 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir182037091/syzkaller.fFo22x/370/file0/bus" dev="loop2" ino=114 res=1 [ 723.301101][ T28] audit: type=1804 audit(1590300778.287:191): pid=18788 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir182037091/syzkaller.fFo22x/370/file0/bus" dev="loop2" ino=114 res=1 06:12:58 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102385, 0x18ff1}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0xbe, &(0x7f00000193c0)="f7f258480aa4ce20d179e70076cc036a2a1605000000320800000000000000a172903acab90671ffbb70cef20d945aa586d65a3d7f02224c14f1bdd7d464089414700000000000d384d29308f038cb863cce9acc92b74162953f799a801e4f0a49bd983a793d0f756d427b702ca97d7ba31392f173f30271fa144340a90d74208ee26834d00e37642d03645ffbe9e50affba1233832cbf4882a813cb286fcf95f9db2dd885905284f167992356c7667b5f2e5dddb33f7b43e9988f2c5ebe"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 06:12:58 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102385, 0x18ff1}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0xbe, &(0x7f00000193c0)="f7f258480aa4ce20d179e70076cc036a2a1605000000320800000000000000a172903acab90671ffbb70cef20d945aa586d65a3d7f02224c14f1bdd7d464089414700000000000d384d29308f038cb863cce9acc92b74162953f799a801e4f0a49bd983a793d0f756d427b702ca97d7ba31392f173f30271fa144340a90d74208ee26834d00e37642d03645ffbe9e50affba1233832cbf4882a813cb286fcf95f9db2dd885905284f167992356c7667b5f2e5dddb33f7b43e9988f2c5ebe"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 06:12:58 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102385, 0x18ff1}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0xbe, &(0x7f00000193c0)="f7f258480aa4ce20d179e70076cc036a2a1605000000320800000000000000a172903acab90671ffbb70cef20d945aa586d65a3d7f02224c14f1bdd7d464089414700000000000d384d29308f038cb863cce9acc92b74162953f799a801e4f0a49bd983a793d0f756d427b702ca97d7ba31392f173f30271fa144340a90d74208ee26834d00e37642d03645ffbe9e50affba1233832cbf4882a813cb286fcf95f9db2dd885905284f167992356c7667b5f2e5dddb33f7b43e9988f2c5ebe"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 06:12:58 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {&(0x7f00000003c0)=""/102385, 0x18ff1}], 0x2, 0x0, 0x0, 0x0) tkill(r0, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x128, &(0x7f00000193c0)="f7f258480aa4ce20d179e70076cc036a2a1605000000320800000000000000a172903acab90671ffbb70cef20d945aa586d65a3d7f02224c14f1bdd7d464089414700000000000d384d29308f038cb863cce9acc92b74162953f799a801e4f0a49bd983a793d0f756d427b702ca97d7ba31392f173f30271fa144340a90d74208ee26834d00e37642d03645ffbe9e50affba1233832cbf4882a813cb286fcf95f9db2dd885905284f167992356c7667b5f2e5dddb33f7b43e9988f2c5ebe21e47dc96e22e3d9b9a00a153f2534b2302c88a1d58ac9defdb908981b674ae9470a1a00c47bcc6f9b2d875f101167322be2bfef76a9d17317abc90ab10880ef5ae883053823dc9c2a67c1b51cbcc45af13b649a7d860df49873b7d80b1caaae549e581dd3c8d960320a"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 06:12:58 executing program 2: prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setattr(r0, 0x0, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sched_setattr(0x0, &(0x7f0000000180)={0x38, 0x1, 0x0, 0x0, 0x3}, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000000200)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r2 = open(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) fchdir(r2) r3 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ftruncate(r3, 0x800) lseek(r3, 0x0, 0x2) r4 = open(&(0x7f0000001840)='./bus\x00', 0x80, 0x0) sendfile(r3, r4, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0xa0) 06:12:59 executing program 1: pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_kcm_SIOCKCMATTACH(0xffffffffffffffff, 0x89e0, 0x0) vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1) readv(r0, &(0x7f00000001c0)=[{0x0}], 0x1) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$VT_WAITACTIVE(0xffffffffffffffff, 0x5607) close(r1) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x80000000000002, &(0x7f0000000800)=0x16c, 0x4) setsockopt$inet_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f0000000480)={@in={{0x2, 0x0, @local}}, 0x0, 0x20000000005}, 0xd8) bind$inet(r3, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r3, 0x0, 0x0, 0x200007fd, &(0x7f0000000100)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r3, 0x1, 0x8, &(0x7f0000000000), 0x9f) recvmsg(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000840)=""/4096, 0x1000}, {&(0x7f0000001840)=""/4096, 0x1000}, {0x0}], 0x3}, 0x300) splice(r0, 0x0, r1, 0x0, 0xfffd, 0x0) [ 724.100483][ T28] audit: type=1804 audit(1590300779.087:192): pid=18814 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir182037091/syzkaller.fFo22x/371/file0/bus" dev="loop2" ino=115 res=1 [ 724.188120][ T28] audit: type=1804 audit(1590300779.177:193): pid=18820 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir182037091/syzkaller.fFo22x/371/file0/bus" dev="loop2" ino=115 res=1 06:12:59 executing program 2: prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setattr(r0, 0x0, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x9}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sched_setattr(0x0, &(0x7f0000000180)={0x38, 0x1, 0x0, 0x0, 0x3}, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000000200)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r2 = open(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) fchdir(r2) r3 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ftruncate(r3, 0x800) lseek(r3, 0x0, 0x2) r4 = open(&(0x7f0000001840)='./bus\x00', 0x80, 0x0) sendfile(r3, r4, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0xa0) [ 724.849950][T16016] attempt to access beyond end of device [ 724.855849][T16016] loop2: rw=1, want=3853, limit=63 [ 724.866457][T16016] attempt to access beyond end of device [ 724.872096][T16016] loop2: rw=1, want=5901, limit=63 [ 724.882667][T16016] attempt to access beyond end of device [ 724.888440][T16016] loop2: rw=1, want=7949, limit=63 06:12:59 executing program 1: pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_kcm_SIOCKCMATTACH(0xffffffffffffffff, 0x89e0, 0x0) vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1) readv(r0, &(0x7f00000001c0)=[{0x0}], 0x1) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$VT_WAITACTIVE(0xffffffffffffffff, 0x5607) close(r1) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x80000000000002, &(0x7f0000000800)=0x16c, 0x4) setsockopt$inet_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f0000000480)={@in={{0x2, 0x0, @local}}, 0x0, 0x20000000005}, 0xd8) bind$inet(r3, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r3, 0x0, 0x0, 0x200007fd, &(0x7f0000000100)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r3, 0x1, 0x8, &(0x7f0000000000), 0x9f) recvmsg(r3, 0x0, 0x300) splice(r0, 0x0, r1, 0x0, 0xfffd, 0x0) [ 724.898570][T16016] attempt to access beyond end of device [ 724.905934][T16016] loop2: rw=1, want=9997, limit=63 [ 724.928659][T16016] attempt to access beyond end of device [ 724.943615][T16016] loop2: rw=1, want=12045, limit=63 [ 724.956870][T16016] attempt to access beyond end of device [ 724.962527][T16016] loop2: rw=1, want=14093, limit=63 [ 724.976982][T16016] attempt to access beyond end of device [ 724.982634][T16016] loop2: rw=1, want=17093, limit=63 [ 725.000826][T16016] attempt to access beyond end of device [ 725.007023][T16016] loop2: rw=1, want=21189, limit=63 [ 725.027753][T16016] attempt to access beyond end of device [ 725.043574][T16016] loop2: rw=1, want=25285, limit=63 [ 725.053265][T16016] attempt to access beyond end of device [ 725.062733][T16016] loop2: rw=1, want=25905, limit=63 [ 725.273084][ T28] audit: type=1804 audit(1590300780.257:194): pid=18831 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir182037091/syzkaller.fFo22x/372/file0/bus" dev="loop2" ino=116 res=1 [ 725.361369][ T28] audit: type=1804 audit(1590300780.347:195): pid=18835 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir182037091/syzkaller.fFo22x/372/file0/bus" dev="loop2" ino=116 res=1 06:13:00 executing program 1: pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_kcm_SIOCKCMATTACH(0xffffffffffffffff, 0x89e0, 0x0) vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1) readv(r0, &(0x7f00000001c0)=[{0x0}], 0x1) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$VT_WAITACTIVE(0xffffffffffffffff, 0x5607) close(r1) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x80000000000002, &(0x7f0000000800)=0x16c, 0x4) setsockopt$inet_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f0000000480)={@in={{0x2, 0x0, @local}}, 0x0, 0x20000000005}, 0xd8) bind$inet(r3, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r3, 0x0, 0x0, 0x200007fd, &(0x7f0000000100)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r3, 0x1, 0x8, &(0x7f0000000000), 0x9f) recvmsg(r3, 0x0, 0x300) splice(r0, 0x0, r1, 0x0, 0xfffd, 0x0) 06:13:01 executing program 0: sendmmsg$inet(0xffffffffffffffff, &(0x7f0000000080)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0, 0xfffffd6b, &(0x7f0000000380)}}], 0x2, 0x0) r0 = gettid() prctl$PR_SET_PTRACER(0x59616d61, r0) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000740)="0f", 0x1}], 0x1, 0x0) ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f00000000c0)={@mcast2, 0xe}) ptrace$setopts(0x4206, r1, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000140)=""/71, 0x47}], 0x3, 0x0, 0x0, 0x0) tkill(r1, 0x3c) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r1, 0x0, 0x0) 06:13:01 executing program 5: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100), 0x0, 0x0) ptrace$setopts(0x4206, r2, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102385, 0x18ff1}], 0x3, 0x0, 0x0, 0x0) tkill(r2, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @ext={0x2a, &(0x7f00000193c0)="f7f258480aa42220e779e70076cc036a2a160500000032a56f7259e480249950f34c6aa172903acab906"}}], 0x1c) ptrace$setregs(0xd, r2, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r2, 0x0, 0x0) 06:13:01 executing program 2: prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setattr(r0, 0x0, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x9}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sched_setattr(0x0, 0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000000200)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r2 = open(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) fchdir(r2) r3 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ftruncate(r3, 0x800) lseek(r3, 0x0, 0x2) r4 = open(&(0x7f0000001840)='./bus\x00', 0x80, 0x0) sendfile(r3, r4, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0xa0) 06:13:01 executing program 5: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100), 0x0, 0x0) ptrace$setopts(0x4206, r2, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102385, 0x18ff1}], 0x3, 0x0, 0x0, 0x0) tkill(r2, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @ext={0x2a, &(0x7f00000193c0)="f7f258480aa42220e779e70076cc036a2a160500000032a56f7259e480249950f34c6aa172903acab906"}}], 0x1c) ptrace$setregs(0xd, r2, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r2, 0x0, 0x0) [ 726.381099][ T28] audit: type=1804 audit(1590300781.367:196): pid=18853 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir182037091/syzkaller.fFo22x/373/file0/bus" dev="loop2" ino=117 res=1 [ 726.464391][ T28] audit: type=1804 audit(1590300781.437:197): pid=18856 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir182037091/syzkaller.fFo22x/373/file0/bus" dev="loop2" ino=117 res=1 06:13:01 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102385, 0x18ff1}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0xde, &(0x7f00000193c0)="f7f258480aa4ce20d179e70076cc036a2a1605000000320800000000000000a172903acab90671ffbb70cef20d945aa586d65a3d7f02224c14f1bdd7d464089414700000000000d384d29308f038cb863cce9acc92b74162953f799a801e4f0a49bd983a793d0f756d427b702ca97d7ba31392f173f30271fa144340a90d74208ee26834d00e37642d03645ffbe9e50affba1233832cbf4882a813cb286fcf95f9db2dd885905284f167992356c7667b5f2e5dddb33f7b43e9988f2c5ebe21e47dc96e22e3d9b9a00a153f2534b2302c88a1d58ac9defdb908981b674ae9"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 06:13:01 executing program 1: pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_kcm_SIOCKCMATTACH(0xffffffffffffffff, 0x89e0, 0x0) vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1) readv(r0, &(0x7f00000001c0)=[{0x0}], 0x1) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$VT_WAITACTIVE(0xffffffffffffffff, 0x5607) close(r1) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x80000000000002, &(0x7f0000000800)=0x16c, 0x4) setsockopt$inet_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f0000000480)={@in={{0x2, 0x0, @local}}, 0x0, 0x20000000005}, 0xd8) bind$inet(r3, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r3, 0x0, 0x0, 0x200007fd, &(0x7f0000000100)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r3, 0x1, 0x8, &(0x7f0000000000), 0x9f) recvmsg(r3, 0x0, 0x300) splice(r0, 0x0, r1, 0x0, 0xfffd, 0x0) 06:13:01 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {&(0x7f00000003c0)=""/102385, 0x18ff1}], 0x2, 0x0, 0x0, 0x0) tkill(r0, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x128, &(0x7f00000193c0)="f7f258480aa4ce20d179e70076cc036a2a1605000000320800000000000000a172903acab90671ffbb70cef20d945aa586d65a3d7f02224c14f1bdd7d464089414700000000000d384d29308f038cb863cce9acc92b74162953f799a801e4f0a49bd983a793d0f756d427b702ca97d7ba31392f173f30271fa144340a90d74208ee26834d00e37642d03645ffbe9e50affba1233832cbf4882a813cb286fcf95f9db2dd885905284f167992356c7667b5f2e5dddb33f7b43e9988f2c5ebe21e47dc96e22e3d9b9a00a153f2534b2302c88a1d58ac9defdb908981b674ae9470a1a00c47bcc6f9b2d875f101167322be2bfef76a9d17317abc90ab10880ef5ae883053823dc9c2a67c1b51cbcc45af13b649a7d860df49873b7d80b1caaae549e581dd3c8d960320a"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 06:13:02 executing program 2: prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setattr(r0, 0x0, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x9}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sched_setattr(0x0, 0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000000200)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r2 = open(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) fchdir(r2) r3 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ftruncate(r3, 0x800) lseek(r3, 0x0, 0x2) r4 = open(&(0x7f0000001840)='./bus\x00', 0x80, 0x0) sendfile(r3, r4, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0xa0) [ 727.129538][ T169] attempt to access beyond end of device [ 727.135349][ T169] loop2: rw=1, want=4389, limit=63 [ 727.146440][ T169] attempt to access beyond end of device [ 727.152086][ T169] loop2: rw=1, want=6677, limit=63 [ 727.162815][ T169] attempt to access beyond end of device [ 727.169202][ T169] loop2: rw=1, want=8733, limit=63 [ 727.179033][ T169] attempt to access beyond end of device [ 727.185148][ T169] loop2: rw=1, want=10781, limit=63 [ 727.194980][ T169] attempt to access beyond end of device [ 727.200603][ T169] loop2: rw=1, want=12829, limit=63 [ 727.210424][ T169] attempt to access beyond end of device [ 727.216430][ T169] loop2: rw=1, want=14877, limit=63 [ 727.226776][ T169] attempt to access beyond end of device [ 727.232431][ T169] loop2: rw=1, want=16925, limit=63 [ 727.241339][ T169] attempt to access beyond end of device [ 727.247353][ T169] loop2: rw=1, want=17953, limit=63 [ 727.431956][ T28] audit: type=1804 audit(1590300782.417:198): pid=18878 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir182037091/syzkaller.fFo22x/374/file0/bus" dev="loop2" ino=118 res=1 06:13:02 executing program 1: pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_kcm_SIOCKCMATTACH(0xffffffffffffffff, 0x89e0, 0x0) vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1) readv(r0, &(0x7f00000001c0)=[{0x0}], 0x1) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$VT_WAITACTIVE(0xffffffffffffffff, 0x5607) close(r1) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x80000000000002, &(0x7f0000000800)=0x16c, 0x4) setsockopt$inet_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f0000000480)={@in={{0x2, 0x0, @local}}, 0x0, 0x20000000005}, 0xd8) bind$inet(r3, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r3, 0x0, 0x0, 0x200007fd, &(0x7f0000000100)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r3, 0x1, 0x8, &(0x7f0000000000), 0x9f) recvmsg(r3, &(0x7f0000000240)={0x0, 0x0, 0x0}, 0x300) splice(r0, 0x0, r1, 0x0, 0xfffd, 0x0) [ 727.514742][ T28] audit: type=1804 audit(1590300782.497:199): pid=18882 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir182037091/syzkaller.fFo22x/374/file0/bus" dev="loop2" ino=118 res=1 06:13:03 executing program 2: prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setattr(r0, 0x0, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x9}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sched_setattr(0x0, 0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000000200)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r2 = open(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) fchdir(r2) r3 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ftruncate(r3, 0x800) lseek(r3, 0x0, 0x2) r4 = open(&(0x7f0000001840)='./bus\x00', 0x80, 0x0) sendfile(r3, r4, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0xa0) [ 728.331871][ T28] audit: type=1804 audit(1590300783.317:200): pid=18891 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir182037091/syzkaller.fFo22x/375/file0/bus" dev="loop2" ino=119 res=1 06:13:03 executing program 1: pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_kcm_SIOCKCMATTACH(0xffffffffffffffff, 0x89e0, 0x0) vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1) readv(r0, &(0x7f00000001c0)=[{0x0}], 0x1) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$VT_WAITACTIVE(0xffffffffffffffff, 0x5607) close(r1) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x80000000000002, &(0x7f0000000800)=0x16c, 0x4) setsockopt$inet_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f0000000480)={@in={{0x2, 0x0, @local}}, 0x0, 0x20000000005}, 0xd8) bind$inet(r3, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r3, 0x0, 0x0, 0x200007fd, &(0x7f0000000100)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r3, 0x1, 0x8, &(0x7f0000000000), 0x9f) recvmsg(r3, &(0x7f0000000240)={0x0, 0x0, 0x0}, 0x300) splice(r0, 0x0, r1, 0x0, 0xfffd, 0x0) [ 728.420863][ T28] audit: type=1804 audit(1590300783.407:201): pid=18895 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir182037091/syzkaller.fFo22x/375/file0/bus" dev="loop2" ino=119 res=1 06:13:04 executing program 2: prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setattr(r0, 0x0, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x9}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sched_setattr(0x0, &(0x7f0000000180)={0x38, 0x0, 0x0, 0x0, 0x3}, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000000200)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r2 = open(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) fchdir(r2) r3 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ftruncate(r3, 0x800) lseek(r3, 0x0, 0x2) r4 = open(&(0x7f0000001840)='./bus\x00', 0x80, 0x0) sendfile(r3, r4, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0xa0) [ 729.088131][T16016] attempt to access beyond end of device [ 729.093927][T16016] loop2: rw=1, want=3149, limit=63 [ 729.104576][T16016] attempt to access beyond end of device [ 729.110224][T16016] loop2: rw=1, want=5205, limit=63 [ 729.120582][T16016] attempt to access beyond end of device [ 729.126734][T16016] loop2: rw=1, want=7253, limit=63 [ 729.137347][T16016] attempt to access beyond end of device [ 729.142987][T16016] loop2: rw=1, want=9301, limit=63 [ 729.153974][T16016] attempt to access beyond end of device [ 729.159711][T16016] loop2: rw=1, want=11349, limit=63 [ 729.169824][T16016] attempt to access beyond end of device [ 729.176017][T16016] loop2: rw=1, want=13397, limit=63 06:13:04 executing program 0: sendmmsg$inet(0xffffffffffffffff, &(0x7f0000000080)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0, 0xfffffd6b, &(0x7f0000000380)}}], 0x2, 0x0) r0 = gettid() prctl$PR_SET_PTRACER(0x59616d61, r0) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000740)="0f", 0x1}], 0x1, 0x0) ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f00000000c0)={@mcast2, 0xe}) ptrace$setopts(0x4206, r1, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000140)=""/71, 0x47}], 0x3, 0x0, 0x0, 0x0) tkill(r1, 0x3c) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r1, 0x0, 0x0) [ 729.196870][T16016] attempt to access beyond end of device [ 729.202509][T16016] loop2: rw=1, want=15837, limit=63 [ 729.217744][T16016] attempt to access beyond end of device [ 729.233251][T16016] loop2: rw=1, want=19933, limit=63 06:13:04 executing program 1: pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_kcm_SIOCKCMATTACH(0xffffffffffffffff, 0x89e0, 0x0) vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1) readv(r0, &(0x7f00000001c0)=[{0x0}], 0x1) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$VT_WAITACTIVE(0xffffffffffffffff, 0x5607) close(r1) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x80000000000002, &(0x7f0000000800)=0x16c, 0x4) setsockopt$inet_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f0000000480)={@in={{0x2, 0x0, @local}}, 0x0, 0x20000000005}, 0xd8) bind$inet(r3, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r3, 0x0, 0x0, 0x200007fd, &(0x7f0000000100)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r3, 0x1, 0x8, &(0x7f0000000000), 0x9f) recvmsg(r3, &(0x7f0000000240)={0x0, 0x0, 0x0}, 0x300) splice(r0, 0x0, r1, 0x0, 0xfffd, 0x0) [ 729.266635][T16016] attempt to access beyond end of device [ 729.283272][T16016] loop2: rw=1, want=22925, limit=63 06:13:04 executing program 5: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{0x0}], 0x1, 0x0) ptrace$setopts(0x4206, r2, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102385, 0x18ff1}], 0x3, 0x0, 0x0, 0x0) tkill(r2, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @ext={0x2a, &(0x7f00000193c0)="f7f258480aa42220e779e70076cc036a2a160500000032a56f7259e480249950f34c6aa172903acab906"}}], 0x1c) ptrace$setregs(0xd, r2, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r2, 0x0, 0x0) [ 729.565731][ T28] audit: type=1804 audit(1590300784.557:202): pid=18917 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir182037091/syzkaller.fFo22x/376/file0/bus" dev="loop2" ino=120 res=1 [ 729.642541][ T28] audit: type=1804 audit(1590300784.607:203): pid=18923 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir182037091/syzkaller.fFo22x/376/file0/bus" dev="loop2" ino=120 res=1 06:13:04 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102385, 0x18ff1}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0xde, &(0x7f00000193c0)="f7f258480aa4ce20d179e70076cc036a2a1605000000320800000000000000a172903acab90671ffbb70cef20d945aa586d65a3d7f02224c14f1bdd7d464089414700000000000d384d29308f038cb863cce9acc92b74162953f799a801e4f0a49bd983a793d0f756d427b702ca97d7ba31392f173f30271fa144340a90d74208ee26834d00e37642d03645ffbe9e50affba1233832cbf4882a813cb286fcf95f9db2dd885905284f167992356c7667b5f2e5dddb33f7b43e9988f2c5ebe21e47dc96e22e3d9b9a00a153f2534b2302c88a1d58ac9defdb908981b674ae9"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 06:13:04 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102385, 0x18ff1}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0xde, &(0x7f00000193c0)="f7f258480aa4ce20d179e70076cc036a2a1605000000320800000000000000a172903acab90671ffbb70cef20d945aa586d65a3d7f02224c14f1bdd7d464089414700000000000d384d29308f038cb863cce9acc92b74162953f799a801e4f0a49bd983a793d0f756d427b702ca97d7ba31392f173f30271fa144340a90d74208ee26834d00e37642d03645ffbe9e50affba1233832cbf4882a813cb286fcf95f9db2dd885905284f167992356c7667b5f2e5dddb33f7b43e9988f2c5ebe21e47dc96e22e3d9b9a00a153f2534b2302c88a1d58ac9defdb908981b674ae9"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 06:13:04 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {&(0x7f00000003c0)=""/102385, 0x18ff1}], 0x2, 0x0, 0x0, 0x0) tkill(r0, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x128, &(0x7f00000193c0)="f7f258480aa4ce20d179e70076cc036a2a1605000000320800000000000000a172903acab90671ffbb70cef20d945aa586d65a3d7f02224c14f1bdd7d464089414700000000000d384d29308f038cb863cce9acc92b74162953f799a801e4f0a49bd983a793d0f756d427b702ca97d7ba31392f173f30271fa144340a90d74208ee26834d00e37642d03645ffbe9e50affba1233832cbf4882a813cb286fcf95f9db2dd885905284f167992356c7667b5f2e5dddb33f7b43e9988f2c5ebe21e47dc96e22e3d9b9a00a153f2534b2302c88a1d58ac9defdb908981b674ae9470a1a00c47bcc6f9b2d875f101167322be2bfef76a9d17317abc90ab10880ef5ae883053823dc9c2a67c1b51cbcc45af13b649a7d860df49873b7d80b1caaae549e581dd3c8d960320a"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 06:13:05 executing program 1: pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_kcm_SIOCKCMATTACH(0xffffffffffffffff, 0x89e0, 0x0) vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1) readv(r0, &(0x7f00000001c0)=[{0x0}], 0x1) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$VT_WAITACTIVE(0xffffffffffffffff, 0x5607) close(r1) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x80000000000002, &(0x7f0000000800)=0x16c, 0x4) setsockopt$inet_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f0000000480)={@in={{0x2, 0x0, @local}}, 0x0, 0x20000000005}, 0xd8) bind$inet(r3, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r3, 0x0, 0x0, 0x200007fd, &(0x7f0000000100)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r3, 0x1, 0x8, &(0x7f0000000000), 0x9f) recvmsg(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000840)=""/4096, 0x1000}, {&(0x7f0000001840)=""/4096, 0x1000}], 0x2}, 0x300) splice(r0, 0x0, r1, 0x0, 0xfffd, 0x0) 06:13:05 executing program 2: prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setattr(r0, 0x0, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x9}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sched_setattr(0x0, &(0x7f0000000180)={0x38, 0x0, 0x0, 0x0, 0x3}, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000000200)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r2 = open(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) fchdir(r2) r3 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ftruncate(r3, 0x800) lseek(r3, 0x0, 0x2) r4 = open(&(0x7f0000001840)='./bus\x00', 0x80, 0x0) sendfile(r3, r4, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0xa0) [ 730.420746][ T28] audit: type=1804 audit(1590300785.407:204): pid=18946 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir182037091/syzkaller.fFo22x/377/file0/bus" dev="loop2" ino=121 res=1 [ 730.469100][ T28] audit: type=1804 audit(1590300785.457:205): pid=18950 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir182037091/syzkaller.fFo22x/377/file0/bus" dev="loop2" ino=121 res=1 06:13:06 executing program 1: pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_kcm_SIOCKCMATTACH(0xffffffffffffffff, 0x89e0, 0x0) vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1) readv(r0, &(0x7f00000001c0)=[{0x0}], 0x1) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$VT_WAITACTIVE(0xffffffffffffffff, 0x5607) close(r1) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x80000000000002, &(0x7f0000000800)=0x16c, 0x4) setsockopt$inet_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f0000000480)={@in={{0x2, 0x0, @local}}, 0x0, 0x20000000005}, 0xd8) bind$inet(r3, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r3, 0x0, 0x0, 0x200007fd, &(0x7f0000000100)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r3, 0x1, 0x8, &(0x7f0000000000), 0x9f) recvmsg(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000840)=""/4096, 0x1000}], 0x1}, 0x300) splice(r0, 0x0, r1, 0x0, 0xfffd, 0x0) 06:13:06 executing program 2: prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setattr(r0, 0x0, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x9}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sched_setattr(0x0, &(0x7f0000000180)={0x38, 0x0, 0x0, 0x0, 0x3}, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000000200)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r2 = open(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) fchdir(r2) r3 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ftruncate(r3, 0x800) lseek(r3, 0x0, 0x2) r4 = open(&(0x7f0000001840)='./bus\x00', 0x80, 0x0) sendfile(r3, r4, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0xa0) [ 731.208762][T16016] attempt to access beyond end of device [ 731.215610][T16016] loop2: rw=1, want=3633, limit=63 [ 731.227432][T16016] attempt to access beyond end of device [ 731.233065][T16016] loop2: rw=1, want=5681, limit=63 [ 731.242157][T16016] attempt to access beyond end of device [ 731.250273][T16016] loop2: rw=1, want=7729, limit=63 [ 731.259799][T16016] attempt to access beyond end of device [ 731.265595][T16016] loop2: rw=1, want=9777, limit=63 [ 731.274618][T16016] attempt to access beyond end of device [ 731.280244][T16016] loop2: rw=1, want=11825, limit=63 [ 731.290299][T16016] attempt to access beyond end of device [ 731.295991][T16016] loop2: rw=1, want=13873, limit=63 [ 731.306294][T16016] attempt to access beyond end of device [ 731.311943][T16016] loop2: rw=1, want=16041, limit=63 [ 731.325276][T16016] attempt to access beyond end of device [ 731.330915][T16016] loop2: rw=1, want=20137, limit=63 [ 731.347413][T16016] attempt to access beyond end of device [ 731.353069][T16016] loop2: rw=1, want=24233, limit=63 [ 731.367152][T16016] attempt to access beyond end of device [ 731.372835][T16016] loop2: rw=1, want=28289, limit=63 [ 731.381474][T16016] attempt to access beyond end of device [ 731.387168][T16016] loop2: rw=1, want=28681, limit=63 [ 731.608911][ T28] audit: type=1804 audit(1590300786.597:206): pid=18960 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir182037091/syzkaller.fFo22x/378/file0/bus" dev="loop2" ino=122 res=1 [ 731.682928][ T28] audit: type=1804 audit(1590300786.667:207): pid=18964 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir182037091/syzkaller.fFo22x/378/file0/bus" dev="loop2" ino=122 res=1 06:13:06 executing program 1: pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_kcm_SIOCKCMATTACH(0xffffffffffffffff, 0x89e0, 0x0) vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1) readv(r0, &(0x7f00000001c0)=[{0x0}], 0x1) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$VT_WAITACTIVE(0xffffffffffffffff, 0x5607) close(r1) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x80000000000002, &(0x7f0000000800)=0x16c, 0x4) setsockopt$inet_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f0000000480)={@in={{0x2, 0x0, @local}}, 0x0, 0x20000000005}, 0xd8) bind$inet(r3, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r3, 0x0, 0x0, 0x200007fd, &(0x7f0000000100)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r3, 0x1, 0x8, &(0x7f0000000000), 0x9f) recvmsg(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000840)=""/4096, 0x1000}], 0x1}, 0x300) splice(r0, 0x0, r1, 0x0, 0xfffd, 0x0) 06:13:07 executing program 0: sendmmsg$inet(0xffffffffffffffff, &(0x7f0000000080)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0, 0xfffffd6b, &(0x7f0000000380)}}], 0x2, 0x0) r0 = gettid() prctl$PR_SET_PTRACER(0x59616d61, r0) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000740)="0f34", 0x2}], 0x1, 0x0) ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, 0x0) ptrace$setopts(0x4206, r1, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000140)=""/71, 0x47}], 0x3, 0x0, 0x0, 0x0) tkill(r1, 0x3c) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r1, 0x0, 0x0) 06:13:07 executing program 2: prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setattr(r0, 0x0, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x9}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sched_setattr(0x0, &(0x7f0000000180)={0x38, 0x1}, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000000200)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r2 = open(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) fchdir(r2) r3 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ftruncate(r3, 0x800) lseek(r3, 0x0, 0x2) r4 = open(&(0x7f0000001840)='./bus\x00', 0x80, 0x0) sendfile(r3, r4, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0xa0) [ 732.363721][ T628] attempt to access beyond end of device [ 732.383123][ T628] loop2: rw=1, want=3145, limit=63 [ 732.396820][ T628] attempt to access beyond end of device [ 732.402768][ T628] loop2: rw=1, want=5873, limit=63 [ 732.415445][ T628] attempt to access beyond end of device [ 732.421295][ T628] loop2: rw=1, want=7921, limit=63 [ 732.436065][ T628] attempt to access beyond end of device [ 732.441876][ T628] loop2: rw=1, want=9969, limit=63 [ 732.452138][ T628] attempt to access beyond end of device [ 732.460265][ T628] loop2: rw=1, want=12017, limit=63 [ 732.469858][ T628] attempt to access beyond end of device [ 732.476148][ T628] loop2: rw=1, want=14065, limit=63 [ 732.485792][ T628] attempt to access beyond end of device [ 732.491422][ T628] loop2: rw=1, want=16113, limit=63 [ 732.504127][ T628] attempt to access beyond end of device [ 732.509873][ T628] loop2: rw=1, want=19873, limit=63 06:13:07 executing program 5: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{0x0}], 0x1, 0x0) ptrace$setopts(0x4206, r2, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102385, 0x18ff1}], 0x3, 0x0, 0x0, 0x0) tkill(r2, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @ext={0x2a, &(0x7f00000193c0)="f7f258480aa42220e779e70076cc036a2a160500000032a56f7259e480249950f34c6aa172903acab906"}}], 0x1c) ptrace$setregs(0xd, r2, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r2, 0x0, 0x0) [ 732.523307][ T628] attempt to access beyond end of device [ 732.529135][ T628] loop2: rw=1, want=22949, limit=63 06:13:07 executing program 1: pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_kcm_SIOCKCMATTACH(0xffffffffffffffff, 0x89e0, 0x0) vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1) readv(r0, &(0x7f00000001c0)=[{0x0}], 0x1) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$VT_WAITACTIVE(0xffffffffffffffff, 0x5607) close(r1) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x80000000000002, &(0x7f0000000800)=0x16c, 0x4) setsockopt$inet_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f0000000480)={@in={{0x2, 0x0, @local}}, 0x0, 0x20000000005}, 0xd8) bind$inet(r3, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r3, 0x0, 0x0, 0x200007fd, &(0x7f0000000100)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r3, 0x1, 0x8, &(0x7f0000000000), 0x9f) recvmsg(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000840)=""/4096, 0x1000}], 0x1}, 0x300) splice(r0, 0x0, r1, 0x0, 0xfffd, 0x0) 06:13:07 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102385, 0x18ff1}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0xee, &(0x7f00000193c0)="f7f258480aa4ce20d179e70076cc036a2a1605000000320800000000000000a172903acab90671ffbb70cef20d945aa586d65a3d7f02224c14f1bdd7d464089414700000000000d384d29308f038cb863cce9acc92b74162953f799a801e4f0a49bd983a793d0f756d427b702ca97d7ba31392f173f30271fa144340a90d74208ee26834d00e37642d03645ffbe9e50affba1233832cbf4882a813cb286fcf95f9db2dd885905284f167992356c7667b5f2e5dddb33f7b43e9988f2c5ebe21e47dc96e22e3d9b9a00a153f2534b2302c88a1d58ac9defdb908981b674ae9470a1a00c47bcc6f9b2d875f10116732"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) [ 732.868489][ T28] audit: type=1804 audit(1590300787.857:208): pid=18985 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir182037091/syzkaller.fFo22x/379/file0/bus" dev="loop2" ino=123 res=1 06:13:07 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {&(0x7f00000003c0)=""/102385, 0x18ff1}], 0x2, 0x0, 0x0, 0x0) tkill(r0, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x128, &(0x7f00000193c0)="f7f258480aa4ce20d179e70076cc036a2a1605000000320800000000000000a172903acab90671ffbb70cef20d945aa586d65a3d7f02224c14f1bdd7d464089414700000000000d384d29308f038cb863cce9acc92b74162953f799a801e4f0a49bd983a793d0f756d427b702ca97d7ba31392f173f30271fa144340a90d74208ee26834d00e37642d03645ffbe9e50affba1233832cbf4882a813cb286fcf95f9db2dd885905284f167992356c7667b5f2e5dddb33f7b43e9988f2c5ebe21e47dc96e22e3d9b9a00a153f2534b2302c88a1d58ac9defdb908981b674ae9470a1a00c47bcc6f9b2d875f101167322be2bfef76a9d17317abc90ab10880ef5ae883053823dc9c2a67c1b51cbcc45af13b649a7d860df49873b7d80b1caaae549e581dd3c8d960320a"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) [ 732.947988][ T28] audit: type=1804 audit(1590300787.937:209): pid=18992 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir182037091/syzkaller.fFo22x/379/file0/bus" dev="loop2" ino=123 res=1 06:13:08 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {&(0x7f00000003c0)=""/102385, 0x18ff1}], 0x2, 0x0, 0x0, 0x0) tkill(r0, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x128, &(0x7f00000193c0)="f7f258480aa4ce20d179e70076cc036a2a1605000000320800000000000000a172903acab90671ffbb70cef20d945aa586d65a3d7f02224c14f1bdd7d464089414700000000000d384d29308f038cb863cce9acc92b74162953f799a801e4f0a49bd983a793d0f756d427b702ca97d7ba31392f173f30271fa144340a90d74208ee26834d00e37642d03645ffbe9e50affba1233832cbf4882a813cb286fcf95f9db2dd885905284f167992356c7667b5f2e5dddb33f7b43e9988f2c5ebe21e47dc96e22e3d9b9a00a153f2534b2302c88a1d58ac9defdb908981b674ae9470a1a00c47bcc6f9b2d875f101167322be2bfef76a9d17317abc90ab10880ef5ae883053823dc9c2a67c1b51cbcc45af13b649a7d860df49873b7d80b1caaae549e581dd3c8d960320a"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 06:13:08 executing program 2: prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setattr(r0, 0x0, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x9}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sched_setattr(0x0, &(0x7f0000000180)={0x38, 0x1}, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000000200)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r2 = open(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) fchdir(r2) r3 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ftruncate(r3, 0x800) lseek(r3, 0x0, 0x2) r4 = open(&(0x7f0000001840)='./bus\x00', 0x80, 0x0) sendfile(r3, r4, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0xa0) 06:13:08 executing program 1: pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_kcm_SIOCKCMATTACH(0xffffffffffffffff, 0x89e0, 0x0) vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1) readv(r0, &(0x7f00000001c0)=[{0x0}], 0x1) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$VT_WAITACTIVE(0xffffffffffffffff, 0x5607) close(r1) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x80000000000002, &(0x7f0000000800)=0x16c, 0x4) setsockopt$inet_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f0000000480)={@in={{0x2, 0x0, @local}}, 0x0, 0x20000000005}, 0xd8) bind$inet(r3, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r3, 0x0, 0x0, 0x200007fd, &(0x7f0000000100)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r3, 0x1, 0x8, &(0x7f0000000000), 0x9f) recvmsg(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000840)=""/4096, 0x1000}, {0x0}], 0x2}, 0x300) splice(r0, 0x0, r1, 0x0, 0xfffd, 0x0) [ 733.688186][ T28] audit: type=1804 audit(1590300788.677:210): pid=19011 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir182037091/syzkaller.fFo22x/380/file0/bus" dev="loop2" ino=124 res=1 [ 733.783288][ T28] audit: type=1804 audit(1590300788.778:211): pid=19015 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir182037091/syzkaller.fFo22x/380/file0/bus" dev="loop2" ino=124 res=1 06:13:09 executing program 2: prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setattr(r0, 0x0, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x9}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sched_setattr(0x0, &(0x7f0000000180)={0x38, 0x1}, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000000200)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r2 = open(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) fchdir(r2) r3 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ftruncate(r3, 0x800) lseek(r3, 0x0, 0x2) r4 = open(&(0x7f0000001840)='./bus\x00', 0x80, 0x0) sendfile(r3, r4, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0xa0) [ 734.589429][ T28] audit: type=1804 audit(1590300789.578:212): pid=19025 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir182037091/syzkaller.fFo22x/381/file0/bus" dev="loop2" ino=125 res=1 06:13:09 executing program 1: pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_kcm_SIOCKCMATTACH(0xffffffffffffffff, 0x89e0, 0x0) vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1) readv(r0, &(0x7f00000001c0)=[{0x0}], 0x1) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$VT_WAITACTIVE(0xffffffffffffffff, 0x5607) close(r1) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x80000000000002, &(0x7f0000000800)=0x16c, 0x4) setsockopt$inet_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f0000000480)={@in={{0x2, 0x0, @local}}, 0x0, 0x20000000005}, 0xd8) bind$inet(r3, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r3, 0x0, 0x0, 0x200007fd, &(0x7f0000000100)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r3, 0x1, 0x8, &(0x7f0000000000), 0x9f) recvmsg(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000840)=""/4096, 0x1000}, {0x0}], 0x2}, 0x300) splice(r0, 0x0, r1, 0x0, 0xfffd, 0x0) [ 734.637507][ T28] audit: type=1804 audit(1590300789.628:213): pid=19029 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir182037091/syzkaller.fFo22x/381/file0/bus" dev="loop2" ino=125 res=1 06:13:10 executing program 0: sendmmsg$inet(0xffffffffffffffff, &(0x7f0000000080)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0, 0xfffffd6b, &(0x7f0000000380)}}], 0x2, 0x0) r0 = gettid() prctl$PR_SET_PTRACER(0x59616d61, r0) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000740)="0f34", 0x2}], 0x1, 0x0) ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, 0x0) ptrace$setopts(0x4206, r1, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000140)=""/71, 0x47}], 0x3, 0x0, 0x0, 0x0) tkill(r1, 0x3c) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r1, 0x0, 0x0) 06:13:10 executing program 2: prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setattr(r0, 0x0, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x9}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sched_setattr(0x0, &(0x7f0000000180)={0x38, 0x1, 0x0, 0x0, 0x3}, 0x0) syz_mount_image$vfat(0x0, &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000000200)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r2 = open(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) fchdir(r2) r3 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ftruncate(r3, 0x800) lseek(r3, 0x0, 0x2) r4 = open(&(0x7f0000001840)='./bus\x00', 0x80, 0x0) sendfile(r3, r4, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0xa0) [ 735.357123][T16016] attempt to access beyond end of device [ 735.365582][T16016] loop2: rw=1, want=3721, limit=63 [ 735.379556][T16016] attempt to access beyond end of device [ 735.389116][T16016] loop2: rw=1, want=5969, limit=63 [ 735.405258][T16016] attempt to access beyond end of device [ 735.411430][T16016] loop2: rw=1, want=8385, limit=63 [ 735.427386][T16016] attempt to access beyond end of device [ 735.433567][T16016] loop2: rw=1, want=10433, limit=63 [ 735.447716][T16016] attempt to access beyond end of device [ 735.454049][T16016] loop2: rw=1, want=12481, limit=63 [ 735.470135][T16016] attempt to access beyond end of device [ 735.478563][T16016] loop2: rw=1, want=14529, limit=63 [ 735.492163][T16016] attempt to access beyond end of device [ 735.500312][T16016] loop2: rw=1, want=16577, limit=63 06:13:10 executing program 1: pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_kcm_SIOCKCMATTACH(0xffffffffffffffff, 0x89e0, 0x0) vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1) readv(r0, &(0x7f00000001c0)=[{0x0}], 0x1) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$VT_WAITACTIVE(0xffffffffffffffff, 0x5607) close(r1) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x80000000000002, &(0x7f0000000800)=0x16c, 0x4) setsockopt$inet_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f0000000480)={@in={{0x2, 0x0, @local}}, 0x0, 0x20000000005}, 0xd8) bind$inet(r3, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r3, 0x0, 0x0, 0x200007fd, &(0x7f0000000100)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r3, 0x1, 0x8, &(0x7f0000000000), 0x9f) recvmsg(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000840)=""/4096, 0x1000}, {0x0}], 0x2}, 0x300) splice(r0, 0x0, r1, 0x0, 0xfffd, 0x0) [ 735.514043][T16016] attempt to access beyond end of device [ 735.520369][T16016] loop2: rw=1, want=19057, limit=63 [ 735.537513][T16016] attempt to access beyond end of device [ 735.545560][T16016] loop2: rw=1, want=23153, limit=63 06:13:10 executing program 5: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{0x0}], 0x1, 0x0) ptrace$setopts(0x4206, r2, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102385, 0x18ff1}], 0x3, 0x0, 0x0, 0x0) tkill(r2, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @ext={0x2a, &(0x7f00000193c0)="f7f258480aa42220e779e70076cc036a2a160500000032a56f7259e480249950f34c6aa172903acab906"}}], 0x1c) ptrace$setregs(0xd, r2, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r2, 0x0, 0x0) [ 735.560362][T16016] attempt to access beyond end of device [ 735.568464][T16016] loop2: rw=1, want=24049, limit=63 [ 735.818429][ T28] audit: type=1804 audit(1590300790.808:214): pid=19052 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir182037091/syzkaller.fFo22x/382/file0/bus" dev="sda1" ino=16131 res=1 [ 735.915118][ T28] audit: type=1804 audit(1590300790.898:215): pid=19058 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir182037091/syzkaller.fFo22x/382/file0/bus" dev="sda1" ino=16131 res=1 06:13:11 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102385, 0x18ff1}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0xee, &(0x7f00000193c0)="f7f258480aa4ce20d179e70076cc036a2a1605000000320800000000000000a172903acab90671ffbb70cef20d945aa586d65a3d7f02224c14f1bdd7d464089414700000000000d384d29308f038cb863cce9acc92b74162953f799a801e4f0a49bd983a793d0f756d427b702ca97d7ba31392f173f30271fa144340a90d74208ee26834d00e37642d03645ffbe9e50affba1233832cbf4882a813cb286fcf95f9db2dd885905284f167992356c7667b5f2e5dddb33f7b43e9988f2c5ebe21e47dc96e22e3d9b9a00a153f2534b2302c88a1d58ac9defdb908981b674ae9470a1a00c47bcc6f9b2d875f10116732"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 06:13:11 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {&(0x7f00000003c0)=""/102385, 0x18ff1}], 0x2, 0x0, 0x0, 0x0) tkill(r0, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x128, &(0x7f00000193c0)="f7f258480aa4ce20d179e70076cc036a2a1605000000320800000000000000a172903acab90671ffbb70cef20d945aa586d65a3d7f02224c14f1bdd7d464089414700000000000d384d29308f038cb863cce9acc92b74162953f799a801e4f0a49bd983a793d0f756d427b702ca97d7ba31392f173f30271fa144340a90d74208ee26834d00e37642d03645ffbe9e50affba1233832cbf4882a813cb286fcf95f9db2dd885905284f167992356c7667b5f2e5dddb33f7b43e9988f2c5ebe21e47dc96e22e3d9b9a00a153f2534b2302c88a1d58ac9defdb908981b674ae9470a1a00c47bcc6f9b2d875f101167322be2bfef76a9d17317abc90ab10880ef5ae883053823dc9c2a67c1b51cbcc45af13b649a7d860df49873b7d80b1caaae549e581dd3c8d960320a"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 06:13:11 executing program 1: pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_kcm_SIOCKCMATTACH(0xffffffffffffffff, 0x89e0, 0x0) vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1) readv(r0, &(0x7f00000001c0)=[{0x0}], 0x1) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$VT_WAITACTIVE(0xffffffffffffffff, 0x5607) close(r1) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x80000000000002, &(0x7f0000000800)=0x16c, 0x4) setsockopt$inet_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f0000000480)={@in={{0x2, 0x0, @local}}, 0x0, 0x20000000005}, 0xd8) bind$inet(r3, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r3, 0x0, 0x0, 0x200007fd, &(0x7f0000000100)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r3, 0x1, 0x8, &(0x7f0000000000), 0x9f) recvmsg(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000001840)=""/4096, 0x1000}], 0x1}, 0x300) splice(r0, 0x0, r1, 0x0, 0xfffd, 0x0) 06:13:11 executing program 2: prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setattr(r0, 0x0, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x9}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sched_setattr(0x0, &(0x7f0000000180)={0x38, 0x1, 0x0, 0x0, 0x3}, 0x0) syz_mount_image$vfat(0x0, &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000000200)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r2 = open(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) fchdir(r2) r3 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ftruncate(r3, 0x800) lseek(r3, 0x0, 0x2) r4 = open(&(0x7f0000001840)='./bus\x00', 0x80, 0x0) sendfile(r3, r4, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0xa0) [ 736.649108][ T28] audit: type=1804 audit(1590300791.638:216): pid=19078 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir182037091/syzkaller.fFo22x/383/file0/bus" dev="sda1" ino=16131 res=1 [ 736.736493][ T28] audit: type=1804 audit(1590300791.728:217): pid=19083 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir182037091/syzkaller.fFo22x/383/file0/bus" dev="sda1" ino=16131 res=1 06:13:12 executing program 1: pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_kcm_SIOCKCMATTACH(0xffffffffffffffff, 0x89e0, 0x0) vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1) readv(r0, &(0x7f00000001c0)=[{0x0}], 0x1) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$VT_WAITACTIVE(0xffffffffffffffff, 0x5607) close(r1) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x80000000000002, &(0x7f0000000800)=0x16c, 0x4) setsockopt$inet_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f0000000480)={@in={{0x2, 0x0, @local}}, 0x0, 0x20000000005}, 0xd8) bind$inet(r3, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r3, 0x0, 0x0, 0x200007fd, &(0x7f0000000100)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r3, 0x1, 0x8, &(0x7f0000000000), 0x9f) recvmsg(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000001840)=""/4096, 0x1000}], 0x1}, 0x300) splice(r0, 0x0, r1, 0x0, 0xfffd, 0x0) 06:13:12 executing program 2: prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setattr(r0, 0x0, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x9}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sched_setattr(0x0, &(0x7f0000000180)={0x38, 0x1, 0x0, 0x0, 0x3}, 0x0) syz_mount_image$vfat(0x0, &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000000200)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r2 = open(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) fchdir(r2) r3 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ftruncate(r3, 0x800) lseek(r3, 0x0, 0x2) r4 = open(&(0x7f0000001840)='./bus\x00', 0x80, 0x0) sendfile(r3, r4, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0xa0) [ 737.830334][ T28] audit: type=1804 audit(1590300792.818:218): pid=19091 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir182037091/syzkaller.fFo22x/384/file0/bus" dev="sda1" ino=16131 res=1 [ 737.912188][ T28] audit: type=1804 audit(1590300792.898:219): pid=19096 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir182037091/syzkaller.fFo22x/384/file0/bus" dev="sda1" ino=16131 res=1 06:13:13 executing program 1: pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_kcm_SIOCKCMATTACH(0xffffffffffffffff, 0x89e0, 0x0) vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1) readv(r0, &(0x7f00000001c0)=[{0x0}], 0x1) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$VT_WAITACTIVE(0xffffffffffffffff, 0x5607) close(r1) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x80000000000002, &(0x7f0000000800)=0x16c, 0x4) setsockopt$inet_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f0000000480)={@in={{0x2, 0x0, @local}}, 0x0, 0x20000000005}, 0xd8) bind$inet(r3, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r3, 0x0, 0x0, 0x200007fd, &(0x7f0000000100)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r3, 0x1, 0x8, &(0x7f0000000000), 0x9f) recvmsg(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000001840)=""/4096, 0x1000}], 0x1}, 0x300) splice(r0, 0x0, r1, 0x0, 0xfffd, 0x0) 06:13:13 executing program 0: sendmmsg$inet(0xffffffffffffffff, &(0x7f0000000080)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0, 0xfffffd6b, &(0x7f0000000380)}}], 0x2, 0x0) r0 = gettid() prctl$PR_SET_PTRACER(0x59616d61, r0) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000740)="0f34", 0x2}], 0x1, 0x0) ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, 0x0) ptrace$setopts(0x4206, r1, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000140)=""/71, 0x47}], 0x3, 0x0, 0x0, 0x0) tkill(r1, 0x3c) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r1, 0x0, 0x0) 06:13:13 executing program 5: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)}], 0x1, 0x0) ptrace$setopts(0x4206, r2, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102385, 0x18ff1}], 0x3, 0x0, 0x0, 0x0) tkill(r2, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @ext={0x2a, &(0x7f00000193c0)="f7f258480aa42220e779e70076cc036a2a160500000032a56f7259e480249950f34c6aa172903acab906"}}], 0x1c) ptrace$setregs(0xd, r2, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r2, 0x0, 0x0) 06:13:13 executing program 2: prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setattr(r0, 0x0, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x9}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sched_setattr(0x0, &(0x7f0000000180)={0x38, 0x1, 0x0, 0x0, 0x3}, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', 0x0, 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000000200)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r2 = open(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) fchdir(r2) r3 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ftruncate(r3, 0x800) lseek(r3, 0x0, 0x2) r4 = open(&(0x7f0000001840)='./bus\x00', 0x80, 0x0) sendfile(r3, r4, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0xa0) 06:13:14 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102385, 0x18ff1}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0xee, &(0x7f00000193c0)="f7f258480aa4ce20d179e70076cc036a2a1605000000320800000000000000a172903acab90671ffbb70cef20d945aa586d65a3d7f02224c14f1bdd7d464089414700000000000d384d29308f038cb863cce9acc92b74162953f799a801e4f0a49bd983a793d0f756d427b702ca97d7ba31392f173f30271fa144340a90d74208ee26834d00e37642d03645ffbe9e50affba1233832cbf4882a813cb286fcf95f9db2dd885905284f167992356c7667b5f2e5dddb33f7b43e9988f2c5ebe21e47dc96e22e3d9b9a00a153f2534b2302c88a1d58ac9defdb908981b674ae9470a1a00c47bcc6f9b2d875f10116732"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 06:13:14 executing program 1: pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_kcm_SIOCKCMATTACH(0xffffffffffffffff, 0x89e0, 0x0) vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1) readv(r0, &(0x7f00000001c0)=[{0x0}], 0x1) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$VT_WAITACTIVE(0xffffffffffffffff, 0x5607) close(r1) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x80000000000002, &(0x7f0000000800)=0x16c, 0x4) setsockopt$inet_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f0000000480)={@in={{0x2, 0x0, @local}}, 0x0, 0x20000000005}, 0xd8) bind$inet(r3, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r3, 0x0, 0x0, 0x200007fd, &(0x7f0000000100)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r3, 0x1, 0x8, &(0x7f0000000000), 0x9f) recvmsg(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000003c0)=[{0x0}, {&(0x7f0000001840)=""/4096, 0x1000}], 0x2}, 0x300) splice(r0, 0x0, r1, 0x0, 0xfffd, 0x0) [ 739.069550][ T28] audit: type=1804 audit(1590300794.058:220): pid=19115 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir182037091/syzkaller.fFo22x/385/bus" dev="sda1" ino=15780 res=1 [ 739.154938][ T28] audit: type=1804 audit(1590300794.148:221): pid=19121 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir182037091/syzkaller.fFo22x/385/bus" dev="sda1" ino=15780 res=1 06:13:14 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102385, 0x18ff1}], 0x3, 0x0, 0x0, 0x0) tkill(0x0, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x128, &(0x7f00000193c0)="f7f258480aa4ce20d179e70076cc036a2a1605000000320800000000000000a172903acab90671ffbb70cef20d945aa586d65a3d7f02224c14f1bdd7d464089414700000000000d384d29308f038cb863cce9acc92b74162953f799a801e4f0a49bd983a793d0f756d427b702ca97d7ba31392f173f30271fa144340a90d74208ee26834d00e37642d03645ffbe9e50affba1233832cbf4882a813cb286fcf95f9db2dd885905284f167992356c7667b5f2e5dddb33f7b43e9988f2c5ebe21e47dc96e22e3d9b9a00a153f2534b2302c88a1d58ac9defdb908981b674ae9470a1a00c47bcc6f9b2d875f101167322be2bfef76a9d17317abc90ab10880ef5ae883053823dc9c2a67c1b51cbcc45af13b649a7d860df49873b7d80b1caaae549e581dd3c8d960320a"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 06:13:14 executing program 2: prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setattr(r0, 0x0, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x9}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sched_setattr(0x0, &(0x7f0000000180)={0x38, 0x1, 0x0, 0x0, 0x3}, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', 0x0, 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000000200)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r2 = open(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) fchdir(r2) r3 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ftruncate(r3, 0x800) lseek(r3, 0x0, 0x2) r4 = open(&(0x7f0000001840)='./bus\x00', 0x80, 0x0) sendfile(r3, r4, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0xa0) 06:13:14 executing program 1: pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_kcm_SIOCKCMATTACH(0xffffffffffffffff, 0x89e0, 0x0) vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1) readv(r0, &(0x7f00000001c0)=[{0x0}], 0x1) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$VT_WAITACTIVE(0xffffffffffffffff, 0x5607) close(r1) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x80000000000002, &(0x7f0000000800)=0x16c, 0x4) setsockopt$inet_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f0000000480)={@in={{0x2, 0x0, @local}}, 0x0, 0x20000000005}, 0xd8) bind$inet(r3, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r3, 0x0, 0x0, 0x200007fd, &(0x7f0000000100)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r3, 0x1, 0x8, &(0x7f0000000000), 0x9f) recvmsg(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000003c0)=[{0x0}, {&(0x7f0000001840)=""/4096, 0x1000}], 0x2}, 0x300) splice(r0, 0x0, r1, 0x0, 0xfffd, 0x0) [ 740.058725][ T28] audit: type=1804 audit(1590300795.048:222): pid=19137 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir182037091/syzkaller.fFo22x/386/bus" dev="sda1" ino=15970 res=1 [ 740.118636][ T28] audit: type=1804 audit(1590300795.108:223): pid=19146 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir182037091/syzkaller.fFo22x/386/bus" dev="sda1" ino=15970 res=1 06:13:15 executing program 1: pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_kcm_SIOCKCMATTACH(0xffffffffffffffff, 0x89e0, 0x0) vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1) readv(r0, &(0x7f00000001c0)=[{0x0}], 0x1) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$VT_WAITACTIVE(0xffffffffffffffff, 0x5607) close(r1) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x80000000000002, &(0x7f0000000800)=0x16c, 0x4) setsockopt$inet_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f0000000480)={@in={{0x2, 0x0, @local}}, 0x0, 0x20000000005}, 0xd8) bind$inet(r3, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r3, 0x0, 0x0, 0x200007fd, &(0x7f0000000100)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r3, 0x1, 0x8, &(0x7f0000000000), 0x9f) recvmsg(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000003c0)=[{0x0}, {&(0x7f0000001840)=""/4096, 0x1000}], 0x2}, 0x300) splice(r0, 0x0, r1, 0x0, 0xfffd, 0x0) 06:13:16 executing program 2: prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setattr(r0, 0x0, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x9}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sched_setattr(0x0, &(0x7f0000000180)={0x38, 0x1, 0x0, 0x0, 0x3}, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', 0x0, 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000000200)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r2 = open(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) fchdir(r2) r3 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ftruncate(r3, 0x800) lseek(r3, 0x0, 0x2) r4 = open(&(0x7f0000001840)='./bus\x00', 0x80, 0x0) sendfile(r3, r4, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0xa0) [ 741.229419][ T28] audit: type=1804 audit(1590300796.218:224): pid=19155 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir182037091/syzkaller.fFo22x/387/bus" dev="sda1" ino=15970 res=1 [ 741.312966][ T28] audit: type=1804 audit(1590300796.308:225): pid=19160 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir182037091/syzkaller.fFo22x/387/bus" dev="sda1" ino=15970 res=1 06:13:16 executing program 0: sendmmsg$inet(0xffffffffffffffff, &(0x7f0000000080)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0, 0xfffffd6b, &(0x7f0000000380)}}], 0x2, 0x0) r0 = gettid() prctl$PR_SET_PTRACER(0x59616d61, r0) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000740)="0f34", 0x2}], 0x1, 0x0) ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f00000000c0)={@mcast2}) ptrace$setopts(0x4206, r1, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000140)=""/71, 0x47}], 0x3, 0x0, 0x0, 0x0) tkill(r1, 0x3c) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r1, 0x0, 0x0) 06:13:16 executing program 1: pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_kcm_SIOCKCMATTACH(0xffffffffffffffff, 0x89e0, 0x0) vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1) readv(r0, &(0x7f00000001c0)=[{0x0}], 0x1) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$VT_WAITACTIVE(0xffffffffffffffff, 0x5607) close(r1) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x80000000000002, &(0x7f0000000800)=0x16c, 0x4) setsockopt$inet_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f0000000480)={@in={{0x2, 0x0, @local}}, 0x0, 0x20000000005}, 0xd8) bind$inet(r3, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r3, 0x0, 0x0, 0x200007fd, &(0x7f0000000100)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r3, 0x1, 0x8, &(0x7f0000000000), 0x9f) recvmsg(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000840)=""/4096, 0x1000}, {&(0x7f0000001840)=""/4096, 0x1000}], 0x2}, 0x0) splice(r0, 0x0, r1, 0x0, 0xfffd, 0x0) 06:13:16 executing program 5: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)}], 0x1, 0x0) ptrace$setopts(0x4206, r2, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102385, 0x18ff1}], 0x3, 0x0, 0x0, 0x0) tkill(r2, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @ext={0x2a, &(0x7f00000193c0)="f7f258480aa42220e779e70076cc036a2a160500000032a56f7259e480249950f34c6aa172903acab906"}}], 0x1c) ptrace$setregs(0xd, r2, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r2, 0x0, 0x0) 06:13:17 executing program 2: prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setattr(r0, 0x0, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x9}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sched_setattr(0x0, &(0x7f0000000180)={0x38, 0x1, 0x0, 0x0, 0x3}, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000140)=[{&(0x7f0000000200)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r2 = open(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) fchdir(r2) r3 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ftruncate(r3, 0x800) lseek(r3, 0x0, 0x2) r4 = open(&(0x7f0000001840)='./bus\x00', 0x80, 0x0) sendfile(r3, r4, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0xa0) 06:13:17 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102385, 0x18ff1}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0xf6, &(0x7f00000193c0)="f7f258480aa4ce20d179e70076cc036a2a1605000000320800000000000000a172903acab90671ffbb70cef20d945aa586d65a3d7f02224c14f1bdd7d464089414700000000000d384d29308f038cb863cce9acc92b74162953f799a801e4f0a49bd983a793d0f756d427b702ca97d7ba31392f173f30271fa144340a90d74208ee26834d00e37642d03645ffbe9e50affba1233832cbf4882a813cb286fcf95f9db2dd885905284f167992356c7667b5f2e5dddb33f7b43e9988f2c5ebe21e47dc96e22e3d9b9a00a153f2534b2302c88a1d58ac9defdb908981b674ae9470a1a00c47bcc6f9b2d875f101167322be2bfef76a9d173"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) [ 742.150009][T19177] FAT-fs (loop2): bogus number of reserved sectors [ 742.170250][T19177] FAT-fs (loop2): Can't find a valid FAT filesystem 06:13:17 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102385, 0x18ff1}], 0x3, 0x0, 0x0, 0x0) tkill(0x0, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x128, &(0x7f00000193c0)="f7f258480aa4ce20d179e70076cc036a2a1605000000320800000000000000a172903acab90671ffbb70cef20d945aa586d65a3d7f02224c14f1bdd7d464089414700000000000d384d29308f038cb863cce9acc92b74162953f799a801e4f0a49bd983a793d0f756d427b702ca97d7ba31392f173f30271fa144340a90d74208ee26834d00e37642d03645ffbe9e50affba1233832cbf4882a813cb286fcf95f9db2dd885905284f167992356c7667b5f2e5dddb33f7b43e9988f2c5ebe21e47dc96e22e3d9b9a00a153f2534b2302c88a1d58ac9defdb908981b674ae9470a1a00c47bcc6f9b2d875f101167322be2bfef76a9d17317abc90ab10880ef5ae883053823dc9c2a67c1b51cbcc45af13b649a7d860df49873b7d80b1caaae549e581dd3c8d960320a"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) [ 742.217396][ T28] audit: type=1804 audit(1590300797.208:226): pid=19177 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir182037091/syzkaller.fFo22x/388/file0/bus" dev="sda1" ino=16136 res=1 [ 742.274603][ T28] audit: type=1804 audit(1590300797.268:227): pid=19185 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir182037091/syzkaller.fFo22x/388/file0/bus" dev="sda1" ino=16136 res=1 06:13:17 executing program 1: pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_kcm_SIOCKCMATTACH(0xffffffffffffffff, 0x89e0, 0x0) vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1) readv(r0, &(0x7f00000001c0)=[{0x0}], 0x1) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$VT_WAITACTIVE(0xffffffffffffffff, 0x5607) close(r1) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x80000000000002, &(0x7f0000000800)=0x16c, 0x4) setsockopt$inet_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f0000000480)={@in={{0x2, 0x0, @local}}, 0x0, 0x20000000005}, 0xd8) bind$inet(r3, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r3, 0x0, 0x0, 0x200007fd, &(0x7f0000000100)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r3, 0x1, 0x8, &(0x7f0000000000), 0x9f) recvmsg(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000840)=""/4096, 0x1000}, {&(0x7f0000001840)=""/4096, 0x1000}], 0x2}, 0x0) splice(r0, 0x0, r1, 0x0, 0xfffd, 0x0) 06:13:18 executing program 2: prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setattr(r0, 0x0, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x9}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sched_setattr(0x0, &(0x7f0000000180)={0x38, 0x1, 0x0, 0x0, 0x3}, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000140)=[{&(0x7f0000000200)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r2 = open(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) fchdir(r2) r3 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ftruncate(r3, 0x800) lseek(r3, 0x0, 0x2) r4 = open(&(0x7f0000001840)='./bus\x00', 0x80, 0x0) sendfile(r3, r4, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0xa0) [ 743.197896][T19201] FAT-fs (loop2): bogus number of reserved sectors [ 743.212476][T19201] FAT-fs (loop2): Can't find a valid FAT filesystem [ 743.229917][ T28] audit: type=1804 audit(1590300798.218:228): pid=19201 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir182037091/syzkaller.fFo22x/389/file0/bus" dev="sda1" ino=16136 res=1 [ 743.277000][ T28] audit: type=1804 audit(1590300798.268:229): pid=19205 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir182037091/syzkaller.fFo22x/389/file0/bus" dev="sda1" ino=16136 res=1 06:13:18 executing program 1: pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_kcm_SIOCKCMATTACH(0xffffffffffffffff, 0x89e0, 0x0) vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1) readv(r0, &(0x7f00000001c0)=[{0x0}], 0x1) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$VT_WAITACTIVE(0xffffffffffffffff, 0x5607) close(r1) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x80000000000002, &(0x7f0000000800)=0x16c, 0x4) setsockopt$inet_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f0000000480)={@in={{0x2, 0x0, @local}}, 0x0, 0x20000000005}, 0xd8) bind$inet(r3, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r3, 0x0, 0x0, 0x200007fd, &(0x7f0000000100)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r3, 0x1, 0x8, &(0x7f0000000000), 0x9f) recvmsg(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000840)=""/4096, 0x1000}, {&(0x7f0000001840)=""/4096, 0x1000}], 0x2}, 0x0) splice(r0, 0x0, r1, 0x0, 0xfffd, 0x0) 06:13:19 executing program 2: prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setattr(r0, 0x0, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x9}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sched_setattr(0x0, &(0x7f0000000180)={0x38, 0x1, 0x0, 0x0, 0x3}, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000140)=[{&(0x7f0000000200)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r2 = open(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) fchdir(r2) r3 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ftruncate(r3, 0x800) lseek(r3, 0x0, 0x2) r4 = open(&(0x7f0000001840)='./bus\x00', 0x80, 0x0) sendfile(r3, r4, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0xa0) 06:13:19 executing program 1: pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_kcm_SIOCKCMATTACH(0xffffffffffffffff, 0x89e0, 0x0) vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1) readv(r0, &(0x7f00000001c0)=[{0x0}], 0x1) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$VT_WAITACTIVE(0xffffffffffffffff, 0x5607) close(r1) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x80000000000002, &(0x7f0000000800)=0x16c, 0x4) setsockopt$inet_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f0000000480)={@in={{0x2, 0x0, @local}}, 0x0, 0x20000000005}, 0xd8) bind$inet(r3, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r3, 0x0, 0x0, 0x200007fd, &(0x7f0000000100)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r3, 0x1, 0x8, &(0x7f0000000000), 0x9f) recvmsg(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000840)=""/4096, 0x1000}, {&(0x7f0000001840)=""/4096, 0x1000}], 0x2}, 0x300) splice(0xffffffffffffffff, 0x0, r1, 0x0, 0xfffd, 0x0) [ 744.341141][T19212] FAT-fs (loop2): bogus number of reserved sectors [ 744.351119][T19212] FAT-fs (loop2): Can't find a valid FAT filesystem [ 744.366306][ T28] audit: type=1804 audit(1590300799.358:230): pid=19212 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir182037091/syzkaller.fFo22x/390/file0/bus" dev="sda1" ino=16136 res=1 [ 744.462409][ T28] audit: type=1804 audit(1590300799.448:231): pid=19221 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir182037091/syzkaller.fFo22x/390/file0/bus" dev="sda1" ino=16136 res=1 06:13:19 executing program 0: sendmmsg$inet(0xffffffffffffffff, &(0x7f0000000080)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0, 0xfffffd6b, &(0x7f0000000380)}}], 0x2, 0x0) r0 = gettid() prctl$PR_SET_PTRACER(0x59616d61, r0) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000740)="0f34", 0x2}], 0x1, 0x0) ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f00000000c0)={@mcast2}) ptrace$setopts(0x4206, r1, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000140)=""/71, 0x47}], 0x3, 0x0, 0x0, 0x0) tkill(r1, 0x3c) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r1, 0x0, 0x0) 06:13:19 executing program 5: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)}], 0x1, 0x0) ptrace$setopts(0x4206, r2, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102385, 0x18ff1}], 0x3, 0x0, 0x0, 0x0) tkill(r2, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @ext={0x2a, &(0x7f00000193c0)="f7f258480aa42220e779e70076cc036a2a160500000032a56f7259e480249950f34c6aa172903acab906"}}], 0x1c) ptrace$setregs(0xd, r2, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r2, 0x0, 0x0) 06:13:20 executing program 1: pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_kcm_SIOCKCMATTACH(0xffffffffffffffff, 0x89e0, 0x0) vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1) readv(r0, &(0x7f00000001c0)=[{0x0}], 0x1) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$VT_WAITACTIVE(0xffffffffffffffff, 0x5607) close(r1) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x80000000000002, &(0x7f0000000800)=0x16c, 0x4) setsockopt$inet_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f0000000480)={@in={{0x2, 0x0, @local}}, 0x0, 0x20000000005}, 0xd8) bind$inet(r3, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r3, 0x0, 0x0, 0x200007fd, &(0x7f0000000100)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r3, 0x1, 0x8, &(0x7f0000000000), 0x9f) recvmsg(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000840)=""/4096, 0x1000}, {&(0x7f0000001840)=""/4096, 0x1000}], 0x2}, 0x300) splice(0xffffffffffffffff, 0x0, r1, 0x0, 0xfffd, 0x0) 06:13:20 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102385, 0x18ff1}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0xf6, &(0x7f00000193c0)="f7f258480aa4ce20d179e70076cc036a2a1605000000320800000000000000a172903acab90671ffbb70cef20d945aa586d65a3d7f02224c14f1bdd7d464089414700000000000d384d29308f038cb863cce9acc92b74162953f799a801e4f0a49bd983a793d0f756d427b702ca97d7ba31392f173f30271fa144340a90d74208ee26834d00e37642d03645ffbe9e50affba1233832cbf4882a813cb286fcf95f9db2dd885905284f167992356c7667b5f2e5dddb33f7b43e9988f2c5ebe21e47dc96e22e3d9b9a00a153f2534b2302c88a1d58ac9defdb908981b674ae9470a1a00c47bcc6f9b2d875f101167322be2bfef76a9d173"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 06:13:20 executing program 2: prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setattr(r0, 0x0, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x9}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sched_setattr(0x0, &(0x7f0000000180)={0x38, 0x1, 0x0, 0x0, 0x3}, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x0, 0x0, 0x0, 0x0) r2 = open(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) fchdir(r2) r3 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ftruncate(r3, 0x800) lseek(r3, 0x0, 0x2) r4 = open(&(0x7f0000001840)='./bus\x00', 0x80, 0x0) sendfile(r3, r4, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0xa0) 06:13:20 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102385, 0x18ff1}], 0x3, 0x0, 0x0, 0x0) tkill(0x0, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x128, &(0x7f00000193c0)="f7f258480aa4ce20d179e70076cc036a2a1605000000320800000000000000a172903acab90671ffbb70cef20d945aa586d65a3d7f02224c14f1bdd7d464089414700000000000d384d29308f038cb863cce9acc92b74162953f799a801e4f0a49bd983a793d0f756d427b702ca97d7ba31392f173f30271fa144340a90d74208ee26834d00e37642d03645ffbe9e50affba1233832cbf4882a813cb286fcf95f9db2dd885905284f167992356c7667b5f2e5dddb33f7b43e9988f2c5ebe21e47dc96e22e3d9b9a00a153f2534b2302c88a1d58ac9defdb908981b674ae9470a1a00c47bcc6f9b2d875f101167322be2bfef76a9d17317abc90ab10880ef5ae883053823dc9c2a67c1b51cbcc45af13b649a7d860df49873b7d80b1caaae549e581dd3c8d960320a"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) [ 745.514772][T19247] FAT-fs (loop2): bogus number of reserved sectors [ 745.522151][T19247] FAT-fs (loop2): Can't find a valid FAT filesystem [ 745.596334][ T28] audit: type=1804 audit(1590300800.588:232): pid=19247 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir182037091/syzkaller.fFo22x/391/file0/bus" dev="sda1" ino=16136 res=1 [ 745.644286][ T28] audit: type=1804 audit(1590300800.638:233): pid=19252 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir182037091/syzkaller.fFo22x/391/file0/bus" dev="sda1" ino=16136 res=1 06:13:21 executing program 1: pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_kcm_SIOCKCMATTACH(0xffffffffffffffff, 0x89e0, 0x0) vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1) readv(r0, &(0x7f00000001c0)=[{0x0}], 0x1) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$VT_WAITACTIVE(0xffffffffffffffff, 0x5607) close(r1) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x80000000000002, &(0x7f0000000800)=0x16c, 0x4) setsockopt$inet_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f0000000480)={@in={{0x2, 0x0, @local}}, 0x0, 0x20000000005}, 0xd8) bind$inet(r3, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r3, 0x0, 0x0, 0x200007fd, &(0x7f0000000100)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r3, 0x1, 0x8, &(0x7f0000000000), 0x9f) recvmsg(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000840)=""/4096, 0x1000}, {&(0x7f0000001840)=""/4096, 0x1000}], 0x2}, 0x300) splice(0xffffffffffffffff, 0x0, r1, 0x0, 0xfffd, 0x0) 06:13:21 executing program 2: prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setattr(r0, 0x0, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x9}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sched_setattr(0x0, &(0x7f0000000180)={0x38, 0x1, 0x0, 0x0, 0x3}, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x0, 0x0, 0x0, 0x0) r2 = open(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) fchdir(r2) r3 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ftruncate(r3, 0x800) lseek(r3, 0x0, 0x2) r4 = open(&(0x7f0000001840)='./bus\x00', 0x80, 0x0) sendfile(r3, r4, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0xa0) [ 746.599058][T19258] FAT-fs (loop2): bogus number of reserved sectors [ 746.606902][T19258] FAT-fs (loop2): Can't find a valid FAT filesystem [ 746.626555][ T28] audit: type=1804 audit(1590300801.618:234): pid=19258 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir182037091/syzkaller.fFo22x/392/file0/bus" dev="sda1" ino=16136 res=1 [ 746.676199][ T28] audit: type=1804 audit(1590300801.668:235): pid=19263 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir182037091/syzkaller.fFo22x/392/file0/bus" dev="sda1" ino=16136 res=1 06:13:21 executing program 1: pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_kcm_SIOCKCMATTACH(0xffffffffffffffff, 0x89e0, 0x0) vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1) readv(r0, &(0x7f00000001c0)=[{0x0}], 0x1) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$VT_WAITACTIVE(0xffffffffffffffff, 0x5607) close(r1) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x80000000000002, &(0x7f0000000800)=0x16c, 0x4) setsockopt$inet_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f0000000480)={@in={{0x2, 0x0, @local}}, 0x0, 0x20000000005}, 0xd8) bind$inet(r3, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r3, 0x0, 0x0, 0x200007fd, &(0x7f0000000100)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r3, 0x1, 0x8, &(0x7f0000000000), 0x9f) recvmsg(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000840)=""/4096, 0x1000}, {&(0x7f0000001840)=""/4096, 0x1000}], 0x2}, 0x300) splice(r0, 0x0, 0xffffffffffffffff, 0x0, 0xfffd, 0x0) 06:13:22 executing program 0: sendmmsg$inet(0xffffffffffffffff, &(0x7f0000000080)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0, 0xfffffd6b, &(0x7f0000000380)}}], 0x2, 0x0) r0 = gettid() prctl$PR_SET_PTRACER(0x59616d61, r0) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000740)="0f34", 0x2}], 0x1, 0x0) ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f00000000c0)={@mcast2}) ptrace$setopts(0x4206, r1, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000140)=""/71, 0x47}], 0x3, 0x0, 0x0, 0x0) tkill(r1, 0x3c) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r1, 0x0, 0x0) 06:13:22 executing program 2: prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setattr(r0, 0x0, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x9}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sched_setattr(0x0, &(0x7f0000000180)={0x38, 0x1, 0x0, 0x0, 0x3}, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x0, 0x0, 0x0, 0x0) r2 = open(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) fchdir(r2) r3 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ftruncate(r3, 0x800) lseek(r3, 0x0, 0x2) r4 = open(&(0x7f0000001840)='./bus\x00', 0x80, 0x0) sendfile(r3, r4, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0xa0) 06:13:22 executing program 1: pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_kcm_SIOCKCMATTACH(0xffffffffffffffff, 0x89e0, 0x0) vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1) readv(r0, &(0x7f00000001c0)=[{0x0}], 0x1) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$VT_WAITACTIVE(0xffffffffffffffff, 0x5607) close(r1) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x80000000000002, &(0x7f0000000800)=0x16c, 0x4) setsockopt$inet_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f0000000480)={@in={{0x2, 0x0, @local}}, 0x0, 0x20000000005}, 0xd8) bind$inet(r3, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r3, 0x0, 0x0, 0x200007fd, &(0x7f0000000100)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r3, 0x1, 0x8, &(0x7f0000000000), 0x9f) recvmsg(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000840)=""/4096, 0x1000}, {&(0x7f0000001840)=""/4096, 0x1000}], 0x2}, 0x300) splice(r0, 0x0, 0xffffffffffffffff, 0x0, 0xfffd, 0x0) [ 747.810768][T19275] FAT-fs (loop2): bogus number of reserved sectors [ 747.817846][T19275] FAT-fs (loop2): Can't find a valid FAT filesystem [ 747.887981][ T28] audit: type=1804 audit(1590300802.878:236): pid=19275 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir182037091/syzkaller.fFo22x/393/file0/bus" dev="sda1" ino=16136 res=1 06:13:22 executing program 5: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f", 0x1}], 0x1, 0x0) ptrace$setopts(0x4206, r2, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102385, 0x18ff1}], 0x3, 0x0, 0x0, 0x0) tkill(r2, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @ext={0x2a, &(0x7f00000193c0)="f7f258480aa42220e779e70076cc036a2a160500000032a56f7259e480249950f34c6aa172903acab906"}}], 0x1c) ptrace$setregs(0xd, r2, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r2, 0x0, 0x0) [ 747.966808][ T28] audit: type=1804 audit(1590300802.958:237): pid=19284 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir182037091/syzkaller.fFo22x/393/file0/bus" dev="sda1" ino=16136 res=1 06:13:23 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102385, 0x18ff1}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0xf6, &(0x7f00000193c0)="f7f258480aa4ce20d179e70076cc036a2a1605000000320800000000000000a172903acab90671ffbb70cef20d945aa586d65a3d7f02224c14f1bdd7d464089414700000000000d384d29308f038cb863cce9acc92b74162953f799a801e4f0a49bd983a793d0f756d427b702ca97d7ba31392f173f30271fa144340a90d74208ee26834d00e37642d03645ffbe9e50affba1233832cbf4882a813cb286fcf95f9db2dd885905284f167992356c7667b5f2e5dddb33f7b43e9988f2c5ebe21e47dc96e22e3d9b9a00a153f2534b2302c88a1d58ac9defdb908981b674ae9470a1a00c47bcc6f9b2d875f101167322be2bfef76a9d173"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 06:13:23 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102385, 0x18ff1}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x0) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x128, &(0x7f00000193c0)="f7f258480aa4ce20d179e70076cc036a2a1605000000320800000000000000a172903acab90671ffbb70cef20d945aa586d65a3d7f02224c14f1bdd7d464089414700000000000d384d29308f038cb863cce9acc92b74162953f799a801e4f0a49bd983a793d0f756d427b702ca97d7ba31392f173f30271fa144340a90d74208ee26834d00e37642d03645ffbe9e50affba1233832cbf4882a813cb286fcf95f9db2dd885905284f167992356c7667b5f2e5dddb33f7b43e9988f2c5ebe21e47dc96e22e3d9b9a00a153f2534b2302c88a1d58ac9defdb908981b674ae9470a1a00c47bcc6f9b2d875f101167322be2bfef76a9d17317abc90ab10880ef5ae883053823dc9c2a67c1b51cbcc45af13b649a7d860df49873b7d80b1caaae549e581dd3c8d960320a"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 06:13:23 executing program 2: prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setattr(r0, 0x0, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x9}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sched_setattr(0x0, &(0x7f0000000180)={0x38, 0x1, 0x0, 0x0, 0x3}, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x0, &(0x7f0000000140), 0x0, 0x0) r2 = open(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) fchdir(r2) r3 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ftruncate(r3, 0x800) lseek(r3, 0x0, 0x2) r4 = open(&(0x7f0000001840)='./bus\x00', 0x80, 0x0) sendfile(r3, r4, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0xa0) 06:13:23 executing program 1: pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_kcm_SIOCKCMATTACH(0xffffffffffffffff, 0x89e0, 0x0) vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1) readv(r0, &(0x7f00000001c0)=[{0x0}], 0x1) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$VT_WAITACTIVE(0xffffffffffffffff, 0x5607) close(r1) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x80000000000002, &(0x7f0000000800)=0x16c, 0x4) setsockopt$inet_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f0000000480)={@in={{0x2, 0x0, @local}}, 0x0, 0x20000000005}, 0xd8) bind$inet(r3, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r3, 0x0, 0x0, 0x200007fd, &(0x7f0000000100)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r3, 0x1, 0x8, &(0x7f0000000000), 0x9f) recvmsg(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000840)=""/4096, 0x1000}, {&(0x7f0000001840)=""/4096, 0x1000}], 0x2}, 0x300) splice(r0, 0x0, 0xffffffffffffffff, 0x0, 0xfffd, 0x0) [ 748.691277][T19305] FAT-fs (loop2): bogus number of reserved sectors [ 748.698206][T19305] FAT-fs (loop2): Can't find a valid FAT filesystem [ 748.713504][ T28] audit: type=1804 audit(1590300803.708:238): pid=19305 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir182037091/syzkaller.fFo22x/394/file0/bus" dev="sda1" ino=16136 res=1 [ 748.785007][ T28] audit: type=1804 audit(1590300803.778:239): pid=19311 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir182037091/syzkaller.fFo22x/394/file0/bus" dev="sda1" ino=16136 res=1 06:13:24 executing program 1: pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_kcm_SIOCKCMATTACH(0xffffffffffffffff, 0x89e0, 0x0) vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1) readv(r0, &(0x7f00000001c0)=[{0x0}], 0x1) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$VT_WAITACTIVE(0xffffffffffffffff, 0x5607) close(r1) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x80000000000002, &(0x7f0000000800)=0x16c, 0x4) setsockopt$inet_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f0000000480)={@in={{0x2, 0x0, @local}}, 0x0, 0x20000000005}, 0xd8) bind$inet(r3, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r3, 0x0, 0x0, 0x200007fd, &(0x7f0000000100)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r3, 0x1, 0x8, &(0x7f0000000000), 0x9f) recvmsg(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000840)=""/4096, 0x1000}, {&(0x7f0000001840)=""/4096, 0x1000}], 0x2}, 0x300) splice(r0, 0x0, r1, 0x0, 0x0, 0x0) 06:13:24 executing program 2: prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setattr(r0, 0x0, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x9}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sched_setattr(0x0, &(0x7f0000000180)={0x38, 0x1, 0x0, 0x0, 0x3}, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x0, &(0x7f0000000140), 0x0, 0x0) r2 = open(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) fchdir(r2) r3 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ftruncate(r3, 0x800) lseek(r3, 0x0, 0x2) r4 = open(&(0x7f0000001840)='./bus\x00', 0x80, 0x0) sendfile(r3, r4, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0xa0) [ 749.810553][T19321] FAT-fs (loop2): bogus number of reserved sectors [ 749.819856][T19321] FAT-fs (loop2): Can't find a valid FAT filesystem [ 749.838289][ T28] audit: type=1804 audit(1590300804.828:240): pid=19321 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir182037091/syzkaller.fFo22x/395/file0/bus" dev="sda1" ino=16136 res=1 [ 749.897026][ T28] audit: type=1804 audit(1590300804.888:241): pid=19324 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir182037091/syzkaller.fFo22x/395/file0/bus" dev="sda1" ino=16136 res=1 06:13:25 executing program 1: pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_kcm_SIOCKCMATTACH(0xffffffffffffffff, 0x89e0, 0x0) vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1) readv(r0, &(0x7f00000001c0)=[{0x0}], 0x1) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$VT_WAITACTIVE(0xffffffffffffffff, 0x5607) close(r1) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x80000000000002, &(0x7f0000000800)=0x16c, 0x4) setsockopt$inet_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f0000000480)={@in={{0x2, 0x0, @local}}, 0x0, 0x20000000005}, 0xd8) bind$inet(r3, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r3, 0x0, 0x0, 0x200007fd, &(0x7f0000000100)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r3, 0x1, 0x8, &(0x7f0000000000), 0x9f) recvmsg(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000840)=""/4096, 0x1000}, {&(0x7f0000001840)=""/4096, 0x1000}], 0x2}, 0x300) splice(r0, 0x0, r1, 0x0, 0x0, 0x0) 06:13:25 executing program 0: sendmmsg$inet(0xffffffffffffffff, &(0x7f0000000080)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0, 0xfffffd6b, &(0x7f0000000380)}}], 0x2, 0x0) r0 = gettid() prctl$PR_SET_PTRACER(0x59616d61, r0) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000740)="0f34", 0x2}], 0x1, 0x0) ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f00000000c0)={@mcast2, 0xe}) ptrace$setopts(0xffffffffffffffff, r1, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000140)=""/71, 0x47}], 0x3, 0x0, 0x0, 0x0) tkill(r1, 0x3c) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r1, 0x0, 0x0) 06:13:25 executing program 0: sendmmsg$inet(0xffffffffffffffff, &(0x7f0000000080)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0, 0xfffffd6b, &(0x7f0000000380)}}], 0x2, 0x0) r0 = gettid() prctl$PR_SET_PTRACER(0x59616d61, r0) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000740)="0f34", 0x2}], 0x1, 0x0) ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f00000000c0)={@mcast2, 0xe}) ptrace$setopts(0xffffffffffffffff, r1, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000140)=""/71, 0x47}], 0x3, 0x0, 0x0, 0x0) tkill(r1, 0x3c) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r1, 0x0, 0x0) 06:13:25 executing program 0: sendmmsg$inet(0xffffffffffffffff, &(0x7f0000000080)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0, 0xfffffd6b, &(0x7f0000000380)}}], 0x2, 0x0) r0 = gettid() prctl$PR_SET_PTRACER(0x59616d61, r0) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000740)="0f34", 0x2}], 0x1, 0x0) ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f00000000c0)={@mcast2, 0xe}) ptrace$setopts(0xffffffffffffffff, r1, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000140)=""/71, 0x47}], 0x3, 0x0, 0x0, 0x0) tkill(r1, 0x3c) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r1, 0x0, 0x0) 06:13:25 executing program 0: sendmmsg$inet(0xffffffffffffffff, &(0x7f0000000080)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0, 0xfffffd6b, &(0x7f0000000380)}}], 0x2, 0x0) r0 = gettid() prctl$PR_SET_PTRACER(0x59616d61, r0) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000740)="0f34", 0x2}], 0x1, 0x0) ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f00000000c0)={@mcast2, 0xe}) ptrace$setopts(0x4206, 0x0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000140)=""/71, 0x47}], 0x3, 0x0, 0x0, 0x0) tkill(r1, 0x3c) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r1, 0x0, 0x0) 06:13:26 executing program 5: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f", 0x1}], 0x1, 0x0) ptrace$setopts(0x4206, r2, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102385, 0x18ff1}], 0x3, 0x0, 0x0, 0x0) tkill(r2, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @ext={0x2a, &(0x7f00000193c0)="f7f258480aa42220e779e70076cc036a2a160500000032a56f7259e480249950f34c6aa172903acab906"}}], 0x1c) ptrace$setregs(0xd, r2, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r2, 0x0, 0x0) 06:13:26 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102385, 0x18ff1}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0xfa, &(0x7f00000193c0)="f7f258480aa4ce20d179e70076cc036a2a1605000000320800000000000000a172903acab90671ffbb70cef20d945aa586d65a3d7f02224c14f1bdd7d464089414700000000000d384d29308f038cb863cce9acc92b74162953f799a801e4f0a49bd983a793d0f756d427b702ca97d7ba31392f173f30271fa144340a90d74208ee26834d00e37642d03645ffbe9e50affba1233832cbf4882a813cb286fcf95f9db2dd885905284f167992356c7667b5f2e5dddb33f7b43e9988f2c5ebe21e47dc96e22e3d9b9a00a153f2534b2302c88a1d58ac9defdb908981b674ae9470a1a00c47bcc6f9b2d875f101167322be2bfef76a9d17317abc90a"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 06:13:26 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102385, 0x18ff1}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x0) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x128, &(0x7f00000193c0)="f7f258480aa4ce20d179e70076cc036a2a1605000000320800000000000000a172903acab90671ffbb70cef20d945aa586d65a3d7f02224c14f1bdd7d464089414700000000000d384d29308f038cb863cce9acc92b74162953f799a801e4f0a49bd983a793d0f756d427b702ca97d7ba31392f173f30271fa144340a90d74208ee26834d00e37642d03645ffbe9e50affba1233832cbf4882a813cb286fcf95f9db2dd885905284f167992356c7667b5f2e5dddb33f7b43e9988f2c5ebe21e47dc96e22e3d9b9a00a153f2534b2302c88a1d58ac9defdb908981b674ae9470a1a00c47bcc6f9b2d875f101167322be2bfef76a9d17317abc90ab10880ef5ae883053823dc9c2a67c1b51cbcc45af13b649a7d860df49873b7d80b1caaae549e581dd3c8d960320a"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 06:13:26 executing program 0: sendmmsg$inet(0xffffffffffffffff, &(0x7f0000000080)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0, 0xfffffd6b, &(0x7f0000000380)}}], 0x2, 0x0) r0 = gettid() prctl$PR_SET_PTRACER(0x59616d61, r0) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000740)="0f34", 0x2}], 0x1, 0x0) ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f00000000c0)={@mcast2, 0xe}) ptrace$setopts(0x4206, 0x0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000140)=""/71, 0x47}], 0x3, 0x0, 0x0, 0x0) tkill(r1, 0x3c) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r1, 0x0, 0x0) 06:13:26 executing program 2: prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setattr(r0, 0x0, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x9}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sched_setattr(0x0, &(0x7f0000000180)={0x38, 0x1, 0x0, 0x0, 0x3}, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x0, &(0x7f0000000140), 0x0, 0x0) r2 = open(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) fchdir(r2) r3 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ftruncate(r3, 0x800) lseek(r3, 0x0, 0x2) r4 = open(&(0x7f0000001840)='./bus\x00', 0x80, 0x0) sendfile(r3, r4, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0xa0) 06:13:26 executing program 1: pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_kcm_SIOCKCMATTACH(0xffffffffffffffff, 0x89e0, 0x0) vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1) readv(r0, &(0x7f00000001c0)=[{0x0}], 0x1) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$VT_WAITACTIVE(0xffffffffffffffff, 0x5607) close(r1) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x80000000000002, &(0x7f0000000800)=0x16c, 0x4) setsockopt$inet_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f0000000480)={@in={{0x2, 0x0, @local}}, 0x0, 0x20000000005}, 0xd8) bind$inet(r3, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r3, 0x0, 0x0, 0x200007fd, &(0x7f0000000100)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r3, 0x1, 0x8, &(0x7f0000000000), 0x9f) recvmsg(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000840)=""/4096, 0x1000}, {&(0x7f0000001840)=""/4096, 0x1000}], 0x2}, 0x300) splice(r0, 0x0, r1, 0x0, 0x0, 0x0) 06:13:26 executing program 0: sendmmsg$inet(0xffffffffffffffff, &(0x7f0000000080)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0, 0xfffffd6b, &(0x7f0000000380)}}], 0x2, 0x0) r0 = gettid() prctl$PR_SET_PTRACER(0x59616d61, r0) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000740)="0f34", 0x2}], 0x1, 0x0) ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f00000000c0)={@mcast2, 0xe}) ptrace$setopts(0x4206, 0x0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000140)=""/71, 0x47}], 0x3, 0x0, 0x0, 0x0) tkill(r1, 0x3c) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r1, 0x0, 0x0) 06:13:26 executing program 0: sendmmsg$inet(0xffffffffffffffff, &(0x7f0000000080)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0, 0xfffffd6b, &(0x7f0000000380)}}], 0x2, 0x0) r0 = gettid() prctl$PR_SET_PTRACER(0x59616d61, r0) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000740)="0f34", 0x2}], 0x1, 0x0) ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f00000000c0)={@mcast2, 0xe}) ptrace$setopts(0x4206, r1, 0x0, 0x0) process_vm_writev(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) tkill(r1, 0x3c) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r1, 0x0, 0x0) [ 751.554037][T19372] FAT-fs (loop2): bogus number of reserved sectors [ 751.576505][T19372] FAT-fs (loop2): Can't find a valid FAT filesystem [ 751.650560][ T28] audit: type=1804 audit(1590300806.639:242): pid=19379 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir182037091/syzkaller.fFo22x/396/file0/bus" dev="sda1" ino=16151 res=1 [ 751.716118][ T28] audit: type=1804 audit(1590300806.709:243): pid=19383 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir182037091/syzkaller.fFo22x/396/file0/bus" dev="sda1" ino=16151 res=1 06:13:27 executing program 1: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$USBDEVFS_GETDRIVER(0xffffffffffffffff, 0x41045508, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000200)='/dev/sg#\x00', 0x0, 0x163882) write$binfmt_aout(r0, &(0x7f00000004c0)=ANY=[@ANYBLOB="00000000d5010400000000010000deffde6c68a94a86be9084baa5b5db0700000068000a01000020763f0362391c57bc2475cc6474c7469fee863a839c92ad97786d22730a7c4b891a5f9b1395cacd8f2a9aa2f4b8c2ee7a8483a098c82b5dc475e9f24df5d8e344916d76155f006d1a0000"], 0x92) readv(r0, &(0x7f0000000240)=[{&(0x7f00000003c0)=""/227, 0xe3}], 0x1) [ 752.389531][T19386] sg_write: data in/out 262577/104 bytes for SCSI command 0x1-- guessing data in; [ 752.389531][T19386] program syz-executor.1 not setting count and/or reply_len properly 06:13:27 executing program 1: r0 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000002000/0x4000)=nil, 0x4000, 0x0, 0x2812, r0, 0x0) perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1081}, 0x0, 0x0, 0xffffffffffffffff, 0x0) write$FUSE_DIRENTPLUS(r0, &(0x7f0000000040)=ANY=[@ANYBLOB='bs'], 0x4) mmap(&(0x7f0000004000/0x4000)=nil, 0x4000, 0x0, 0x32, 0xffffffffffffffff, 0x0) 06:13:27 executing program 2: prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setattr(r0, 0x0, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x9}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sched_setattr(0x0, &(0x7f0000000180)={0x38, 0x1, 0x0, 0x0, 0x3}, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{0x0}], 0x0, 0x0) r2 = open(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) fchdir(r2) r3 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ftruncate(r3, 0x800) lseek(r3, 0x0, 0x2) r4 = open(&(0x7f0000001840)='./bus\x00', 0x80, 0x0) sendfile(r3, r4, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0xa0) 06:13:27 executing program 1: r0 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000002000/0x4000)=nil, 0x4000, 0x0, 0x2812, r0, 0x0) perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1081}, 0x0, 0x0, 0xffffffffffffffff, 0x0) write$FUSE_DIRENTPLUS(r0, &(0x7f0000000040)=ANY=[@ANYBLOB='bs'], 0x4) mmap(&(0x7f0000004000/0x4000)=nil, 0x4000, 0x0, 0x32, 0xffffffffffffffff, 0x0) [ 752.745412][T19395] FAT-fs (loop2): bogus number of reserved sectors [ 752.763994][T19395] FAT-fs (loop2): Can't find a valid FAT filesystem [ 752.802455][ T28] audit: type=1804 audit(1590300807.799:244): pid=19395 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir182037091/syzkaller.fFo22x/397/file0/bus" dev="sda1" ino=16150 res=1 [ 752.850580][ T28] audit: type=1804 audit(1590300807.839:245): pid=19401 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir182037091/syzkaller.fFo22x/397/file0/bus" dev="sda1" ino=16150 res=1 06:13:29 executing program 5: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f", 0x1}], 0x1, 0x0) ptrace$setopts(0x4206, r2, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102385, 0x18ff1}], 0x3, 0x0, 0x0, 0x0) tkill(r2, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @ext={0x2a, &(0x7f00000193c0)="f7f258480aa42220e779e70076cc036a2a160500000032a56f7259e480249950f34c6aa172903acab906"}}], 0x1c) ptrace$setregs(0xd, r2, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r2, 0x0, 0x0) 06:13:29 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102385, 0x18ff1}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0xfa, &(0x7f00000193c0)="f7f258480aa4ce20d179e70076cc036a2a1605000000320800000000000000a172903acab90671ffbb70cef20d945aa586d65a3d7f02224c14f1bdd7d464089414700000000000d384d29308f038cb863cce9acc92b74162953f799a801e4f0a49bd983a793d0f756d427b702ca97d7ba31392f173f30271fa144340a90d74208ee26834d00e37642d03645ffbe9e50affba1233832cbf4882a813cb286fcf95f9db2dd885905284f167992356c7667b5f2e5dddb33f7b43e9988f2c5ebe21e47dc96e22e3d9b9a00a153f2534b2302c88a1d58ac9defdb908981b674ae9470a1a00c47bcc6f9b2d875f101167322be2bfef76a9d17317abc90a"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 06:13:29 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102385, 0x18ff1}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x0) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x128, &(0x7f00000193c0)="f7f258480aa4ce20d179e70076cc036a2a1605000000320800000000000000a172903acab90671ffbb70cef20d945aa586d65a3d7f02224c14f1bdd7d464089414700000000000d384d29308f038cb863cce9acc92b74162953f799a801e4f0a49bd983a793d0f756d427b702ca97d7ba31392f173f30271fa144340a90d74208ee26834d00e37642d03645ffbe9e50affba1233832cbf4882a813cb286fcf95f9db2dd885905284f167992356c7667b5f2e5dddb33f7b43e9988f2c5ebe21e47dc96e22e3d9b9a00a153f2534b2302c88a1d58ac9defdb908981b674ae9470a1a00c47bcc6f9b2d875f101167322be2bfef76a9d17317abc90ab10880ef5ae883053823dc9c2a67c1b51cbcc45af13b649a7d860df49873b7d80b1caaae549e581dd3c8d960320a"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 06:13:29 executing program 1: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f0000000380)='./file0\x00', 0x1000000, 0x1, &(0x7f0000000000)=[{&(0x7f0000000080)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000100)='./file0\x00', 0x40c2, 0x0) r2 = open$dir(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) write(r1, &(0x7f0000000600)="34fd98aa1d0e7adec937a5f331a75f487934f50242a0751944936972896c29a5068c8ecba1aa0a4e2a631b5180e1fbde79f4502dc4c4a1fba9dcd9ed83e639aefa1b87631c33d1a82cb0c0035676ddfeb0fe7984d7519b0f839d497fc9d64ef14d1de22220ff2623df4950134b9fb734a52adad95f131cce3672a9d7d7b400d2c62810b5f20351639330948107bf8d4534a03ac389455c54d8eb4d609b3e858b7213b38eb01f0eeaba3739ae927916e28da6a79a3fd5e32d30ab30bf959d4596e5ffbff6789a650b9e7d248d1ba849012336a4f3ef8fab07a8f5b81bb0bc45b2174538315ca12b7c723b2157562564a8a1f19d28179f8c565448e0e921b8c3e6fc4adaafa8b929ad077f633325b6a6f71a586cabc4883e03e19315f946b277858593a7367e232202fe9ad656c6768a1517da7f0498b48cb078e929fb11db0cc551f754bffc4859dd89a396915cc809b07d448573098409ea21371056f67ef4114ec10547f498d24513fe594308bf022868ad21e85bba811942fdc45161a1a8a7fe00d5c6b05ed7954f631bbd12a5c9a5cfa5965e0595de608b04ebe02b3fcbf3b9f57807a1a7ad8528992e2ec65949da2f4a0478dfd3ae52639c15d8aeaa351da6", 0x1c1) creat(0x0, 0x0) write$binfmt_elf32(0xffffffffffffffff, 0x0, 0x40) sendfile(r1, r2, 0x0, 0x7fffffa7) 06:13:29 executing program 2: prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setattr(r0, 0x0, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x9}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sched_setattr(0x0, &(0x7f0000000180)={0x38, 0x1, 0x0, 0x0, 0x3}, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{0x0}], 0x0, 0x0) r2 = open(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) fchdir(r2) r3 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ftruncate(r3, 0x800) lseek(r3, 0x0, 0x2) r4 = open(&(0x7f0000001840)='./bus\x00', 0x80, 0x0) sendfile(r3, r4, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0xa0) 06:13:29 executing program 5: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0xffffffffffffffff, r2, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102385, 0x18ff1}], 0x3, 0x0, 0x0, 0x0) tkill(r2, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @ext={0x2a, &(0x7f00000193c0)="f7f258480aa42220e779e70076cc036a2a160500000032a56f7259e480249950f34c6aa172903acab906"}}], 0x1c) ptrace$setregs(0xd, r2, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r2, 0x0, 0x0) 06:13:29 executing program 5: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0xffffffffffffffff, r2, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102385, 0x18ff1}], 0x3, 0x0, 0x0, 0x0) tkill(r2, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @ext={0x2a, &(0x7f00000193c0)="f7f258480aa42220e779e70076cc036a2a160500000032a56f7259e480249950f34c6aa172903acab906"}}], 0x1c) ptrace$setregs(0xd, r2, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r2, 0x0, 0x0) [ 754.588010][ T28] audit: type=1800 audit(1590300809.579:246): pid=19423 uid=0 auid=0 ses=4 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="file0" dev="loop1" ino=126 res=0 [ 754.645526][T19430] FAT-fs (loop2): bogus number of reserved sectors [ 754.661489][ T28] audit: type=1804 audit(1590300809.609:247): pid=19423 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir823060754/syzkaller.BH26Mm/357/file0/file0" dev="loop1" ino=126 res=1 [ 754.685063][T19430] FAT-fs (loop2): Can't find a valid FAT filesystem 06:13:29 executing program 0: sendmmsg$inet(0xffffffffffffffff, &(0x7f0000000080)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0, 0xfffffd6b, &(0x7f0000000380)}}], 0x2, 0x0) r0 = gettid() prctl$PR_SET_PTRACER(0x59616d61, r0) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000740)="0f34", 0x2}], 0x1, 0x0) ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f00000000c0)={@mcast2, 0xe}) ptrace$setopts(0x4206, r1, 0x0, 0x0) process_vm_writev(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) tkill(r1, 0x3c) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r1, 0x0, 0x0) 06:13:29 executing program 5: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0xffffffffffffffff, r2, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102385, 0x18ff1}], 0x3, 0x0, 0x0, 0x0) tkill(r2, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @ext={0x2a, &(0x7f00000193c0)="f7f258480aa42220e779e70076cc036a2a160500000032a56f7259e480249950f34c6aa172903acab906"}}], 0x1c) ptrace$setregs(0xd, r2, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r2, 0x0, 0x0) 06:13:29 executing program 1: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f0000000380)='./file0\x00', 0x1000000, 0x1, &(0x7f0000000000)=[{&(0x7f0000000080)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000100)='./file0\x00', 0x40c2, 0x0) r2 = open$dir(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) write(r1, &(0x7f0000000600)="34fd98aa1d0e7adec937a5f331a75f487934f50242a0751944936972896c29a5068c8ecba1aa0a4e2a631b5180e1fbde79f4502dc4c4a1fba9dcd9ed83e639aefa1b87631c33d1a82cb0c0035676ddfeb0fe7984d7519b0f839d497fc9d64ef14d1de22220ff2623df4950134b9fb734a52adad95f131cce3672a9d7d7b400d2c62810b5f20351639330948107bf8d4534a03ac389455c54d8eb4d609b3e858b7213b38eb01f0eeaba3739ae927916e28da6a79a3fd5e32d30ab30bf959d4596e5ffbff6789a650b9e7d248d1ba849012336a4f3ef8fab07a8f5b81bb0bc45b2174538315ca12b7c723b2157562564a8a1f19d28179f8c565448e0e921b8c3e6fc4adaafa8b929ad077f633325b6a6f71a586cabc4883e03e19315f946b277858593a7367e232202fe9ad656c6768a1517da7f0498b48cb078e929fb11db0cc551f754bffc4859dd89a396915cc809b07d448573098409ea21371056f67ef4114ec10547f498d24513fe594308bf022868ad21e85bba811942fdc45161a1a8a7fe00d5c6b05ed7954f631bbd12a5c9a5cfa5965e0595de608b04ebe02b3fcbf3b9f57807a1a7ad8528992e2ec65949da2f4a0478dfd3ae52639c15d8aeaa351da6", 0x1c1) creat(0x0, 0x0) write$binfmt_elf32(0xffffffffffffffff, 0x0, 0x40) sendfile(r1, r2, 0x0, 0x7fffffa7) [ 754.724405][ T28] audit: type=1804 audit(1590300809.719:248): pid=19439 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir182037091/syzkaller.fFo22x/398/file0/bus" dev="sda1" ino=16170 res=1 06:13:29 executing program 5: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, 0x0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102385, 0x18ff1}], 0x3, 0x0, 0x0, 0x0) tkill(r2, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @ext={0x2a, &(0x7f00000193c0)="f7f258480aa42220e779e70076cc036a2a160500000032a56f7259e480249950f34c6aa172903acab906"}}], 0x1c) ptrace$setregs(0xd, r2, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r2, 0x0, 0x0) 06:13:29 executing program 5: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, 0x0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102385, 0x18ff1}], 0x3, 0x0, 0x0, 0x0) tkill(r2, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @ext={0x2a, &(0x7f00000193c0)="f7f258480aa42220e779e70076cc036a2a160500000032a56f7259e480249950f34c6aa172903acab906"}}], 0x1c) ptrace$setregs(0xd, r2, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r2, 0x0, 0x0) 06:13:29 executing program 5: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, 0x0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102385, 0x18ff1}], 0x3, 0x0, 0x0, 0x0) tkill(r2, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @ext={0x2a, &(0x7f00000193c0)="f7f258480aa42220e779e70076cc036a2a160500000032a56f7259e480249950f34c6aa172903acab906"}}], 0x1c) ptrace$setregs(0xd, r2, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r2, 0x0, 0x0) [ 754.838750][ T28] audit: type=1804 audit(1590300809.799:249): pid=19430 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir182037091/syzkaller.fFo22x/398/file0/bus" dev="sda1" ino=16170 res=1 [ 754.955449][ T28] audit: type=1800 audit(1590300809.949:250): pid=19452 uid=0 auid=0 ses=4 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="file0" dev="loop1" ino=127 res=0 [ 754.996101][ T28] audit: type=1804 audit(1590300809.979:251): pid=19452 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir823060754/syzkaller.BH26Mm/358/file0/file0" dev="loop1" ino=127 res=1 06:13:32 executing program 5: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r2, 0x0, 0x0) process_vm_writev(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) tkill(r2, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @ext={0x2a, &(0x7f00000193c0)="f7f258480aa42220e779e70076cc036a2a160500000032a56f7259e480249950f34c6aa172903acab906"}}], 0x1c) ptrace$setregs(0xd, r2, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r2, 0x0, 0x0) 06:13:32 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102385, 0x18ff1}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x40) write$sndseq(0xffffffffffffffff, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 06:13:32 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102385, 0x18ff1}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0xfa, &(0x7f00000193c0)="f7f258480aa4ce20d179e70076cc036a2a1605000000320800000000000000a172903acab90671ffbb70cef20d945aa586d65a3d7f02224c14f1bdd7d464089414700000000000d384d29308f038cb863cce9acc92b74162953f799a801e4f0a49bd983a793d0f756d427b702ca97d7ba31392f173f30271fa144340a90d74208ee26834d00e37642d03645ffbe9e50affba1233832cbf4882a813cb286fcf95f9db2dd885905284f167992356c7667b5f2e5dddb33f7b43e9988f2c5ebe21e47dc96e22e3d9b9a00a153f2534b2302c88a1d58ac9defdb908981b674ae9470a1a00c47bcc6f9b2d875f101167322be2bfef76a9d17317abc90a"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 06:13:32 executing program 2: prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setattr(r0, 0x0, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x9}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sched_setattr(0x0, &(0x7f0000000180)={0x38, 0x1, 0x0, 0x0, 0x3}, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{0x0}], 0x0, 0x0) r2 = open(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) fchdir(r2) r3 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ftruncate(r3, 0x800) lseek(r3, 0x0, 0x2) r4 = open(&(0x7f0000001840)='./bus\x00', 0x80, 0x0) sendfile(r3, r4, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0xa0) 06:13:32 executing program 1: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f0000000380)='./file0\x00', 0x1000000, 0x1, &(0x7f0000000000)=[{&(0x7f0000000080)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000100)='./file0\x00', 0x40c2, 0x0) r2 = open$dir(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) write(r1, &(0x7f0000000600)="34fd98aa1d0e7adec937a5f331a75f487934f50242a0751944936972896c29a5068c8ecba1aa0a4e2a631b5180e1fbde79f4502dc4c4a1fba9dcd9ed83e639aefa1b87631c33d1a82cb0c0035676ddfeb0fe7984d7519b0f839d497fc9d64ef14d1de22220ff2623df4950134b9fb734a52adad95f131cce3672a9d7d7b400d2c62810b5f20351639330948107bf8d4534a03ac389455c54d8eb4d609b3e858b7213b38eb01f0eeaba3739ae927916e28da6a79a3fd5e32d30ab30bf959d4596e5ffbff6789a650b9e7d248d1ba849012336a4f3ef8fab07a8f5b81bb0bc45b2174538315ca12b7c723b2157562564a8a1f19d28179f8c565448e0e921b8c3e6fc4adaafa8b929ad077f633325b6a6f71a586cabc4883e03e19315f946b277858593a7367e232202fe9ad656c6768a1517da7f0498b48cb078e929fb11db0cc551f754bffc4859dd89a396915cc809b07d448573098409ea21371056f67ef4114ec10547f498d24513fe594308bf022868ad21e85bba811942fdc45161a1a8a7fe00d5c6b05ed7954f631bbd12a5c9a5cfa5965e0595de608b04ebe02b3fcbf3b9f57807a1a7ad8528992e2ec65949da2f4a0478dfd3ae52639c15d8aeaa351da6", 0x1c1) creat(0x0, 0x0) write$binfmt_elf32(0xffffffffffffffff, 0x0, 0x40) sendfile(r1, r2, 0x0, 0x7fffffa7) [ 757.686061][ T28] audit: type=1800 audit(1590300812.679:252): pid=19484 uid=0 auid=0 ses=4 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="file0" dev="loop1" ino=128 res=0 [ 757.758434][T19490] FAT-fs (loop2): bogus number of reserved sectors [ 757.782938][ T28] audit: type=1804 audit(1590300812.759:253): pid=19484 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir823060754/syzkaller.BH26Mm/359/file0/file0" dev="loop1" ino=128 res=1 [ 757.806606][T19490] FAT-fs (loop2): Can't find a valid FAT filesystem 06:13:32 executing program 0: sendmmsg$inet(0xffffffffffffffff, &(0x7f0000000080)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0, 0xfffffd6b, &(0x7f0000000380)}}], 0x2, 0x0) r0 = gettid() prctl$PR_SET_PTRACER(0x59616d61, r0) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000740)="0f34", 0x2}], 0x1, 0x0) ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f00000000c0)={@mcast2, 0xe}) ptrace$setopts(0x4206, r1, 0x0, 0x0) process_vm_writev(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) tkill(r1, 0x3c) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r1, 0x0, 0x0) [ 757.840242][ T28] audit: type=1804 audit(1590300812.829:254): pid=19495 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir182037091/syzkaller.fFo22x/399/file0/bus" dev="sda1" ino=16189 res=1 06:13:32 executing program 1: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @ext={0x74, &(0x7f0000000200)="c4fe910c6786cec96ddb5322addee07bee6333b5cacd891969b71832cb470c94d61f3514dca76fd1664d20b4712c225da4a455f4c9fd98a5680956f1291607e39a209852cea901000000a933137a89acd61c00000000000000fc012904b9ce36371060422e2cc232d5863cad44f8be41bcd89228"}}], 0x1c) wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)}, {&(0x7f0000000000)="0832f497d38350418e4bb321019511dc5df26e9a0b90cb6974f527cc14538d1efb1ffe03284f6d33265be9c604c893f20e96beeb2aa4c457ac37a3a3f1ce8682500fcecd80", 0x45}], 0x2, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x33) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) [ 757.916069][ T28] audit: type=1804 audit(1590300812.909:255): pid=19490 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir182037091/syzkaller.fFo22x/399/file0/bus" dev="sda1" ino=16189 res=1 06:13:33 executing program 2: prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setattr(r0, 0x0, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x9}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sched_setattr(0x0, &(0x7f0000000180)={0x38, 0x1, 0x0, 0x0, 0x3}, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000000200)}], 0x0, 0x0) r2 = open(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) fchdir(r2) r3 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ftruncate(r3, 0x800) lseek(r3, 0x0, 0x2) r4 = open(&(0x7f0000001840)='./bus\x00', 0x80, 0x0) sendfile(r3, r4, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0xa0) [ 758.528220][T19511] FAT-fs (loop2): bogus number of reserved sectors [ 758.535010][T19511] FAT-fs (loop2): Can't find a valid FAT filesystem [ 758.602787][ T28] audit: type=1804 audit(1590300813.599:256): pid=19511 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir182037091/syzkaller.fFo22x/400/file0/bus" dev="sda1" ino=16189 res=1 [ 758.693611][ T28] audit: type=1804 audit(1590300813.689:257): pid=19517 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir182037091/syzkaller.fFo22x/400/file0/bus" dev="sda1" ino=16189 res=1 06:13:34 executing program 2: prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setattr(r0, 0x0, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x9}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sched_setattr(0x0, &(0x7f0000000180)={0x38, 0x1, 0x0, 0x0, 0x3}, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000000200)}], 0x0, 0x0) r2 = open(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) fchdir(r2) r3 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ftruncate(r3, 0x800) lseek(r3, 0x0, 0x2) r4 = open(&(0x7f0000001840)='./bus\x00', 0x80, 0x0) sendfile(r3, r4, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0xa0) [ 759.505267][T19522] FAT-fs (loop2): bogus number of reserved sectors [ 759.514603][T19522] FAT-fs (loop2): Can't find a valid FAT filesystem [ 759.541068][ T28] audit: type=1804 audit(1590300814.529:258): pid=19522 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir182037091/syzkaller.fFo22x/401/file0/bus" dev="sda1" ino=16189 res=1 [ 759.622637][ T28] audit: type=1804 audit(1590300814.619:259): pid=19526 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir182037091/syzkaller.fFo22x/401/file0/bus" dev="sda1" ino=16189 res=1 06:13:35 executing program 5: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r2, 0x0, 0x0) process_vm_writev(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) tkill(r2, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @ext={0x2a, &(0x7f00000193c0)="f7f258480aa42220e779e70076cc036a2a160500000032a56f7259e480249950f34c6aa172903acab906"}}], 0x1c) ptrace$setregs(0xd, r2, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r2, 0x0, 0x0) 06:13:35 executing program 2: prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setattr(r0, 0x0, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x9}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sched_setattr(0x0, &(0x7f0000000180)={0x38, 0x1, 0x0, 0x0, 0x3}, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000000200)}], 0x0, 0x0) r2 = open(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) fchdir(r2) r3 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ftruncate(r3, 0x800) lseek(r3, 0x0, 0x2) r4 = open(&(0x7f0000001840)='./bus\x00', 0x80, 0x0) sendfile(r3, r4, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0xa0) 06:13:35 executing program 5: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r2, 0x0, 0x0) process_vm_writev(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) tkill(r2, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @ext={0x2a, &(0x7f00000193c0)="f7f258480aa42220e779e70076cc036a2a160500000032a56f7259e480249950f34c6aa172903acab906"}}], 0x1c) ptrace$setregs(0xd, r2, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r2, 0x0, 0x0) 06:13:35 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102385, 0x18ff1}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0xfc, &(0x7f00000193c0)="f7f258480aa4ce20d179e70076cc036a2a1605000000320800000000000000a172903acab90671ffbb70cef20d945aa586d65a3d7f02224c14f1bdd7d464089414700000000000d384d29308f038cb863cce9acc92b74162953f799a801e4f0a49bd983a793d0f756d427b702ca97d7ba31392f173f30271fa144340a90d74208ee26834d00e37642d03645ffbe9e50affba1233832cbf4882a813cb286fcf95f9db2dd885905284f167992356c7667b5f2e5dddb33f7b43e9988f2c5ebe21e47dc96e22e3d9b9a00a153f2534b2302c88a1d58ac9defdb908981b674ae9470a1a00c47bcc6f9b2d875f101167322be2bfef76a9d17317abc90ab108"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 06:13:35 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102385, 0x18ff1}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x40) write$sndseq(0xffffffffffffffff, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 06:13:35 executing program 0: sendmmsg$inet(0xffffffffffffffff, &(0x7f0000000080)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0, 0xfffffd6b, &(0x7f0000000380)}}], 0x2, 0x0) r0 = gettid() prctl$PR_SET_PTRACER(0x59616d61, r0) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000740)="0f34", 0x2}], 0x1, 0x0) ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f00000000c0)={@mcast2, 0xe}) ptrace$setopts(0x4206, r1, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}], 0x2, 0x0, 0x0, 0x0) tkill(r1, 0x3c) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r1, 0x0, 0x0) [ 760.904419][T19547] FAT-fs (loop2): bogus number of reserved sectors [ 760.924172][T19547] FAT-fs (loop2): Can't find a valid FAT filesystem [ 761.005836][ T28] audit: type=1804 audit(1590300815.999:260): pid=19547 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir182037091/syzkaller.fFo22x/402/file0/bus" dev="sda1" ino=16189 res=1 06:13:36 executing program 1: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000100)='/dev/fuse\x00', 0x2, 0x0) pwritev(r0, &(0x7f0000000740)=[{&(0x7f00000002c0)}, {&(0x7f0000000340)="2e0f62a2018a176c1affbd51ff6312016e7934ef9ca83a8d3516b20d5caec51110962b66bd444f05b25629ddc544c915ad6f02a075fbfe625afc642720c8fbb78573572c02a43d692c18a50861dc8cc020cb025ac21fc53db69c70eab6f8d87c858536bd98f29c74618c59ff17ca52f5d73b2ffb5a033f03e455384677fdd106", 0x80}, {&(0x7f00000005c0)}], 0x3, 0x1) perf_event_open(&(0x7f0000000400)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = open(&(0x7f0000000040)='./file0\x00', 0x638400, 0x0) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000940)='fuse\x00', 0x0, &(0x7f0000000780)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=0000000000000000010000', @ANYBLOB="2c6772800000006964", @ANYRESDEC=0x0, @ANYBLOB="2c005b65216703a51815c1598f5731a7653a9f94cf1eb7764b46cefd0a8675a241e1fe3775e41e1786d7ce818c3a2dcec93a755fc63a5b3a781c7ee9e33a3054afe3f62051ec150a505c5ccdf565940df150fcefc6bd8affbbc40fdc46d303a5d5db28a4ce7babfc604b958c3864438b81e530be6daf9df67d1f655d79ee0d3cb32d8173a9ea6e6410fcd446bb8b391610b1a7bd2fd7f3ad3d199e69dfb41d906c908063a516e0e5c2f4ddb342dae72878a775e15ae53398909edfdb680311c3639048673f97588bd3994f2cd0ecaf00551de89588e89aa442145de6cd54d3222fd193a77adbdd4ef4ea4b1304b740b462cfef9fd1e8548a91b32b495899e9105dfa08d3dce240ed7a7617a3095a0a"]) r2 = gettid() tkill(r2, 0x13) fcntl$setownex(0xffffffffffffffff, 0xf, &(0x7f0000000180)={0x1, r2}) setsockopt$inet6_tcp_TCP_REPAIR(r1, 0x6, 0x13, 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000080)='mountinfo\x00') openat$autofs(0xffffffffffffff9c, 0x0, 0x0, 0x0) [ 761.070830][ T28] audit: type=1804 audit(1590300816.059:261): pid=19554 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir182037091/syzkaller.fFo22x/402/file0/bus" dev="sda1" ino=16189 res=1 [ 761.194750][T19559] fuse: Unknown parameter 'gr€' 06:13:36 executing program 1: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000100)='/dev/fuse\x00', 0x2, 0x0) pwritev(r0, &(0x7f0000000740)=[{&(0x7f00000002c0)}, {&(0x7f0000000340)="2e0f62a2018a176c1affbd51ff6312016e7934ef9ca83a8d3516b20d5caec51110962b66bd444f05b25629ddc544c915ad6f02a075fbfe625afc642720c8fbb78573572c02a43d692c18a50861dc8cc020cb025ac21fc53db69c70eab6f8d87c858536bd98f29c74618c59ff17ca52f5d73b2ffb5a033f03e455384677fdd106", 0x80}, {&(0x7f00000005c0)}], 0x3, 0x1) perf_event_open(&(0x7f0000000400)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = open(&(0x7f0000000040)='./file0\x00', 0x638400, 0x0) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000940)='fuse\x00', 0x0, &(0x7f0000000780)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=0000000000000000010000', @ANYBLOB="2c6772800000006964", @ANYRESDEC=0x0, @ANYBLOB="2c005b65216703a51815c1598f5731a7653a9f94cf1eb7764b46cefd0a8675a241e1fe3775e41e1786d7ce818c3a2dcec93a755fc63a5b3a781c7ee9e33a3054afe3f62051ec150a505c5ccdf565940df150fcefc6bd8affbbc40fdc46d303a5d5db28a4ce7babfc604b958c3864438b81e530be6daf9df67d1f655d79ee0d3cb32d8173a9ea6e6410fcd446bb8b391610b1a7bd2fd7f3ad3d199e69dfb41d906c908063a516e0e5c2f4ddb342dae72878a775e15ae53398909edfdb680311c3639048673f97588bd3994f2cd0ecaf00551de89588e89aa442145de6cd54d3222fd193a77adbdd4ef4ea4b1304b740b462cfef9fd1e8548a91b32b495899e9105dfa08d3dce240ed7a7617a3095a0a"]) r2 = gettid() tkill(r2, 0x13) fcntl$setownex(0xffffffffffffffff, 0xf, &(0x7f0000000180)={0x1, r2}) setsockopt$inet6_tcp_TCP_REPAIR(r1, 0x6, 0x13, 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000080)='mountinfo\x00') openat$autofs(0xffffffffffffff9c, 0x0, 0x0, 0x0) [ 761.519210][T19565] fuse: Unknown parameter 'gr€' 06:13:36 executing program 1: socket$inet_icmp_raw(0x2, 0x3, 0x1) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ioctl$TUNSETVNETHDRSZ(r1, 0x400454d8, &(0x7f0000000000)=0x6) mkdir(&(0x7f0000000500)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f0000000180)='proc\x00', 0x0, 0x0) r2 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) renameat2(r2, &(0x7f00000000c0)='./bus\x00', r2, &(0x7f0000000040)='./bus\x00', 0x0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r3, 0x1, 0x11, &(0x7f0000000240), &(0x7f0000000280)=0x5) ioctl$sock_inet_SIOCADDRT(r3, 0x890b, &(0x7f0000000100)={0x0, {0x2, 0x4, @remote}, {0x2, 0x4e22, @dev}, {0x2, 0x0, @loopback}, 0x18f}) 06:13:36 executing program 1: prctl$PR_SET_THP_DISABLE(0x29, 0x2) pipe(&(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = syz_open_procfs(0x0, &(0x7f0000000040)='smaps\x00') sendfile(r0, r1, 0x0, 0x100000080000000) 06:13:36 executing program 2: prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setattr(r0, 0x0, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x9}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sched_setattr(0x0, &(0x7f0000000180)={0x38, 0x1, 0x0, 0x0, 0x3}, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000000200)="eb3c906d6b66732e666174", 0xb}], 0x0, 0x0) r2 = open(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) fchdir(r2) r3 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ftruncate(r3, 0x800) lseek(r3, 0x0, 0x2) r4 = open(&(0x7f0000001840)='./bus\x00', 0x80, 0x0) sendfile(r3, r4, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0xa0) 06:13:36 executing program 1: syz_mount_image$vfat(&(0x7f0000000380)='vfat\x00', &(0x7f0000000400)='./file0\x00', 0xfffffffffffffffa, 0x1, &(0x7f00000003c0)=[{&(0x7f0000000440)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x280001c, 0x0) r0 = open(&(0x7f0000000300)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f00000002c0)='./bus\x00', 0x0) open$dir(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) r2 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) fallocate(r2, 0x0, 0x0, 0x4003fe) syncfs(0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) write$cgroup_type(r1, &(0x7f0000000200)='threaded\x00', 0x175d9007) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) fdatasync(0xffffffffffffffff) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x0, 0x10012, r3, 0x0) ioctl$sock_inet_tcp_SIOCOUTQNSD(r0, 0x894b, &(0x7f0000000180)) [ 761.951240][T19583] FAT-fs (loop2): bogus number of reserved sectors [ 761.978203][T19583] FAT-fs (loop2): Can't find a valid FAT filesystem [ 762.042014][ T28] audit: type=1804 audit(1590300817.039:262): pid=19583 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir182037091/syzkaller.fFo22x/403/file0/bus" dev="sda1" ino=16195 res=1 [ 762.092923][T19588] FAT-fs (loop1): error, invalid access to FAT (entry 0x00004f4d) [ 762.092935][T19580] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000454d) [ 762.093009][T19580] FAT-fs (loop1): Filesystem has been set read-only [ 762.120168][T19580] FAT-fs (loop1): error, fat_get_cluster: invalid cluster chain (i_pos 19) [ 762.129888][T19580] FAT-fs (loop1): error, fat_get_cluster: invalid cluster chain (i_pos 19) [ 762.138942][ T28] audit: type=1804 audit(1590300817.109:263): pid=19589 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir182037091/syzkaller.fFo22x/403/file0/bus" dev="sda1" ino=16195 res=1 [ 762.164828][T19588] FAT-fs (loop1): error, invalid access to FAT (entry 0x00004f4d) 06:13:37 executing program 1: syz_mount_image$vfat(&(0x7f0000000380)='vfat\x00', &(0x7f0000000400)='./file0\x00', 0xfffffffffffffffa, 0x1, &(0x7f00000003c0)=[{&(0x7f0000000440)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x280001c, 0x0) r0 = open(&(0x7f0000000300)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f00000002c0)='./bus\x00', 0x0) open$dir(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) r2 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) fallocate(r2, 0x0, 0x0, 0x4003fe) syncfs(0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) write$cgroup_type(r1, &(0x7f0000000200)='threaded\x00', 0x175d9007) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) fdatasync(0xffffffffffffffff) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x0, 0x10012, r3, 0x0) ioctl$sock_inet_tcp_SIOCOUTQNSD(r0, 0x894b, &(0x7f0000000180)) [ 762.260731][ T9078] FAT-fs (loop1): error, fat_get_cluster: invalid cluster chain (i_pos 19) 06:13:37 executing program 2: prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setattr(r0, 0x0, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x9}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sched_setattr(0x0, &(0x7f0000000180)={0x38, 0x1, 0x0, 0x0, 0x3}, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000000200)="eb3c906d6b66732e666174", 0xb}], 0x0, 0x0) r2 = open(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) fchdir(r2) r3 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ftruncate(r3, 0x800) lseek(r3, 0x0, 0x2) r4 = open(&(0x7f0000001840)='./bus\x00', 0x80, 0x0) sendfile(r3, r4, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0xa0) [ 762.821640][T19604] FAT-fs (loop2): bogus number of reserved sectors [ 762.828525][T19604] FAT-fs (loop2): Can't find a valid FAT filesystem [ 762.888077][ T28] audit: type=1804 audit(1590300817.879:264): pid=19604 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir182037091/syzkaller.fFo22x/404/file0/bus" dev="sda1" ino=16195 res=1 [ 762.993406][ T28] audit: type=1804 audit(1590300817.969:265): pid=19610 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir182037091/syzkaller.fFo22x/404/file0/bus" dev="sda1" ino=16195 res=1 [ 763.242583][T19597] FAT-fs (loop1): error, fat_get_cluster: invalid cluster chain (i_pos 19) [ 763.262559][T19597] FAT-fs (loop1): Filesystem has been set read-only 06:13:38 executing program 5: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r2, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}], 0x2, 0x0, 0x0, 0x0) tkill(r2, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @ext={0x2a, &(0x7f00000193c0)="f7f258480aa42220e779e70076cc036a2a160500000032a56f7259e480249950f34c6aa172903acab906"}}], 0x1c) ptrace$setregs(0xd, r2, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r2, 0x0, 0x0) 06:13:38 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102385, 0x18ff1}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0xfc, &(0x7f00000193c0)="f7f258480aa4ce20d179e70076cc036a2a1605000000320800000000000000a172903acab90671ffbb70cef20d945aa586d65a3d7f02224c14f1bdd7d464089414700000000000d384d29308f038cb863cce9acc92b74162953f799a801e4f0a49bd983a793d0f756d427b702ca97d7ba31392f173f30271fa144340a90d74208ee26834d00e37642d03645ffbe9e50affba1233832cbf4882a813cb286fcf95f9db2dd885905284f167992356c7667b5f2e5dddb33f7b43e9988f2c5ebe21e47dc96e22e3d9b9a00a153f2534b2302c88a1d58ac9defdb908981b674ae9470a1a00c47bcc6f9b2d875f101167322be2bfef76a9d17317abc90ab108"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 06:13:38 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102385, 0x18ff1}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x40) write$sndseq(0xffffffffffffffff, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 06:13:39 executing program 0: sendmmsg$inet(0xffffffffffffffff, &(0x7f0000000080)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0, 0xfffffd6b, &(0x7f0000000380)}}], 0x2, 0x0) r0 = gettid() prctl$PR_SET_PTRACER(0x59616d61, r0) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000740)="0f34", 0x2}], 0x1, 0x0) ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f00000000c0)={@mcast2, 0xe}) ptrace$setopts(0x4206, r1, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}], 0x2, 0x0, 0x0, 0x0) tkill(r1, 0x3c) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r1, 0x0, 0x0) 06:13:39 executing program 1: perf_event_open(&(0x7f0000000400)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x48, 0x0, 0x0) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket(0x0, 0x0, 0x0) 06:13:39 executing program 2: prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setattr(r0, 0x0, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x9}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sched_setattr(0x0, &(0x7f0000000180)={0x38, 0x1, 0x0, 0x0, 0x3}, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000000200)="eb3c906d6b66732e666174", 0xb}], 0x0, 0x0) r2 = open(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) fchdir(r2) r3 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ftruncate(r3, 0x800) lseek(r3, 0x0, 0x2) r4 = open(&(0x7f0000001840)='./bus\x00', 0x80, 0x0) sendfile(r3, r4, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0xa0) 06:13:39 executing program 1: syz_open_dev$evdev(&(0x7f0000000240)='/dev/input/event#\x00', 0x1, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$RNDADDTOENTCNT(0xffffffffffffffff, 0x40045201, 0x0) sendmsg$alg(0xffffffffffffffff, &(0x7f0000001b00)={0x0, 0x0, &(0x7f0000000880)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000ac0)="93440d442fb8ca9c4325f1574e446b341fe4e5bdd147d78b6dc74eaff26bfa1eaab9b6759d75dd094e84782fd1809f0b9a3698c9b3cd617f5c2bfff228316b970581956f45ce11c26c991452eae94dfa064ca754d4181e85334b612e52f412f37ba76cd87c71a1651f46e5d7f96c49998a931f4cf50742f7f6ae51d786617d758e6f1e7ee4cfd1145101f0e8ed1b94ea03662b088be10d580f188cbc7079a75a0b60e34494e3c0bec7962d0b8743326a9a25c7e1c85e4d1dff76f8ef439189e35fa7796449afd256e47ef4722d90bff26ad7fda655c689fce1b4b828a72a404a7b5b2d63ba97852647da41b9ba62932b56de61b033a2d8533d664b13e2db2ea0d52e0ff78baadf3b80527a184468e8c8e2cdbc42fd5562d3f8a4904d8dc3349aa222410c143beb73806e100728181fb54caff80bee18cf3c4eb7ae07087b251e6604ef2741a30cf02f0e0c5b408f074958df2fe8078a6ddbeb15f7180e468c8160c1ac95931e555bbfcca029d12947b2119df6c75035be70cff2918665975e20aa75e2a15b456630b014427e9337df6bee762bf937c1cded4e24ca0847e3bc4001c07615772f08fdc72f29a7ea6d3681643097ac2d6771ab5dbdfa7421a1166b28b6985f076806c685c778106a2cb528cfa29ec43d2cafebafe494634b4a5b70527c073eefa8ada64b40c545de5e6b7c01401b4fc820905edd871030b370e84394f16ee4edb1e6763b50144e8344c14f793109de5f4f7a9871fbcd069b8cf6985ad76a8ad71c02e94130ec7bcd4c46f898810156ea6340da929cc5046ba3aa00689783c596965462c6589d0433e669662a9e3a6a22cbd6be83be82d24343959a8e65245ea1d226b101dd6c455d797bac65457e7ddc6aaac3220d7b9294cc47f16cc813933d2d3e0df44722620605a2f956423f966fbdc5c25cb0066aaffecee5ec83e571c7498439876276b4f195dec38ca8154b2d96b43c48295d7c9bfd60b128d008131ecfcc90f24394f3e06b3aa0ff48038d66495ffc74d69efe71e7a14398ed2082930e4001ed9fcd817edf345fd77d85921ffc01bdbfd7fd35be85b976dce485b03388de58f50a929874e6da82685cd237423acfe6ed333f58df0d2820f6f395538d31a65e17656efa965a7f6170587dc0516018e49ef95893a60d97c154c6e4bbee708987b4d4557f67fece01dfc948b7686eea91c8126c80e062873f953996c51502075610fed6c73a2b0b77684ba822b304a61f55912bfa0991141dcea75292b8c7de2a313214a4abb38293a165d302ac0c6a8dc4a34f2bde2c2308fd4669803a7badf4d1690b47fab74826c41c6cedfb3425704f7f7b85fb7e163e84393ea86983f17409e9522fa5e3b0724f1e975849dc3f9b8383c9fa8a3f8be416e1e95fd3cc7a1010b754323651528fbac3e7584461fc8f25b7a714653b2035204e93fcc128f9c9ece97fe8a2f4071ea77391b317a4343c15ef7fb4398a52033900bbdaa0490054ad6544aa859435f7c395b7d27f3d1c5543abc9b944f2cbd1de77966c69fe076424633e37f2118998026f15acdb7fce670ec50509ef4f4163f34eae35684fe525e1dd60efc5a1b100719f18f5158f9b7852de05725331c4664ed3d57f3eb6eee74f410df8464f8aad9fd0fe3df5f9a170c6f637804756b3ea2b242a6a99006e31e661a8821248934da737b18c4c103a31b3543b4e8a8f52d78ce87a0dbf22e5264dbbc5d8fe762a7c8403b61a1313461382847ce7fcedd51c3a63b2d58688e934e3a6e6d0ff2d38e2265578581c998fd6c11721043104363f13a035aea2c99b84f19c6b99aa43ffacde3599c193766442f249651be503a62feeaf86b082e3352680aae3601f742b514b3d8e2123ff45752a4c64b59126d8cde5e4184be1c03e09f5102d47997951a34e6309b6696abcc73c2198fdbdab88657d871f4835bad7c371a15d79efcad2aabfc685f0703835d35921353ffdedc2a8f406f3a626bceeb2ddc0d89bccd39334becc9326df579b8ce1a8d4b305de11de73838becad7f8056441c759e7f165893b474db93d98392374352e288e5998728873dfdc78f53674b2f8a1b767a9607ba22340a2e1165413ab878b6ce6a1394f923d6956fe2f13d77469628279a7e8176820e665ee1f115add832d1c4fc2336362890d6b2d4ca8e603fcc5f1cbc792bfa5b7f8d31e3c739ea036d216718c18284e61cde024484ea6d2b45780afe9576f64e8608d08cc27fb8aa49a46e9fab594133359c62ee9d0f562c7f7f9a06e3b69391cc3d5cacde4f64c09d259383b9ae72f1e260cbde6333a9b0bb093bf2c4c92fd90f3b37ed69f7ecb3f156970441ce0bab7aa02539708ce3389dcbbbd432e5863dacd972e34312315ea6791d8e98a472ac5539fc25e7bbbfef1fe0c6c58f76134e8830676b7be68f1b492565edc1794be162aa44e2bfa97414a441a729969af8c8a03212562accb92934fc6fa83ffd558df7b348e5ff4d917cc570fd1ef5c033c921138a688462046e7d17707e4e69ac9bac79ff5f5022fb0f80b5e40d8f71dd6eda1d23c30ffc41b57b1beaab0e50b8e3d68d4d53c9ee86a6c94620dd433d06879d37f1158b986cf2a72c74f7d3b2b159015c8f5876f7625f901aa49bd88d8097ac8eb9fb7d74d16e4e84b09f3c22c933c77be025476241012c37d0d782668da78aa3f34143a526f316d6ee3f99f4b8df5fbfbe1b229077969651750c2f931949399cc3257fe6b7309d535ce1ad00ca6b55f7bb33224d07428cee1396e03bf3d5b60ba267e2aef8e0881d9e714ef5f49b6ed16622423f573179c31530bf6b391167531a7c189202954ae43f95ec3f8effbb4659cf45ddaa7902d0c8423c74bc21211d93a0808c2e39507976db2fd333b7550ec009e9dba720e41b9786d6e11e2177405283f287664ef2089a7d94b8f91a6ba1ac772a5a2ccbd0f29681b3c972ecee049eb39403a6ff5c98b033713d61dd1c0c19e35302de031bcfc7f3784a34c0bf5f3d816e24cf95305516c8d10eb6106e5e638489deb49dcd6a402aca377e49c1f85ea85f3166ae23934f9159064ca9858de7782bb1d16c6c20d583b68f433fe8304c809ada3bc13b05f0216570c64fe59b8a6135d51336af375a4098409197a8b2a39982870ea5682071cc45522cd53581ea059b8b5fb3eac30f623b7ece03d7a5bed0192ff3498710c757fecb17b4b28c8d8b09fbcaa06105b8717a727c3ad82e2a9ce1763c50f31f5f61e7ae20115b1e437b5b407c4e1a163e06524322bce8bc7a3cef78f6f1464a09580021c281cbbc23112c669c0b909a3231188d819a4c7ef8d743e38360c73f9ad57e08576aa036ea9e00257f6b705ab6a6f3a50782f1a6759e4558715c1a8b4d155d25e6e039bfbf8da46a334f4a1562a63aae7d902e91217280cb932fb9b7164e7b821b54d60f4b2796e6d730f4437192cf608de9e177a2721197a47899e118a83567e9449b7888c278fd39cbdbe0a0c9aee50872de9f9608d5064361ba60d697636174591389d7ebfcc3883adc38f7f432d2fab77829c22dabc27e758ad803a857f45d2ec395c0e16091c68a9afd1df6ea1814505076b20d71c02c68f3bee7667145ddd23294614de9e9b9c83f06b63f9cda84d61dfd86252a5321046bb8888dfb46df908d4edfbc7c47a970b45b7ac9c4393329d4e6383ba42efce6efcf2f1e70a68c3ce1a64d3db4ed5d86319081d7493a2a788834d66b2b2e5fd0e4e735e679275d5c91b2b05e79ec795678b11223f77b475e218c42b1140bb82658e592f75f34c9e831db084bccac9664225038c917ee6f095975c2e02b3de534c8a477e3cf303daaf6fb5af675f09bbf4860d491f36927a8a4d9faf7e647926a21f2a972d864f676d1412420e78aa411cbfb8aa1cfe1ab36517231371d6271acce2bc951fb7f7b7f4460a2eedf7c2fea965f5cb9379a34465e0f165bbb9b53028f8b1e8267b167faecdad7e8e284f7dc9f4efe7fa703dd8684d62de3d4f78e21e8b1d3fb92c9b0ba57070321b089070bc87a1bc40bc94ab6354c1ef9ec6f9031817bb27995dbede5b6627142376ece5deca840a990ede1656b0b422eb3f13e51a591f268866a4c8597cbaf32aba77c79e623ed882a9ce345190beea0d670ddbfa0820a1245b9fc121a449e6e18b11648c08a16ab84e0ce16662ab24b2f500d5ea3bd26b7d26e58103f4314c206aba9568e7f4b6b88d6b32f516b99a04fe74cb54b957631b7da4a616863669e611a97dc808398e42155f42408f3b4a4eb7bba5ec9e2490624ea3681459d9ac81df59365f040bd98b189685df7e7d3b38683f4c8cbaf08922120dfcfbfe7d28e58f5672fe23054cc677024469a83e3adee26e6b23c76e562e11c5cf00f5cc12aa75d326a59e0a605ce8c8129e41a35aee42fff92e4cb2372b869f70d4bf62d7f8bb2fa2b2e9e729d91a92c3d5c696fe30263d7c21bd40eb2ef6ebf13f9cc592c176db97d575cd18f430a406a831df0da86cdabe7316fb0e8ce092c7193f8c86be880e0921a1b4bce4c79e3d1f95380429d14970517efa98751111dafbcb36767398dd63fef259470f2fde7e04416af3ff1667b8d3dc465c592e63244e101c9138cc83dc4675db96dadfe386cedab157ba91a41f0c1137af818ea3d2600103f815182dfdcae02ab61f494f38ff6077ec60503295b0a67238dc9ef335e5851de48a321423d29a040fcfc49c983a9b9deb9d5ea6088228ca22d315de6f588bea3ca389337b2adc718b4448c52ae634093de8d180901962331a1844a0cc58a8608152a131a96f141855b0decaf561d6151e91bdeb589b64d20da4ef9a4181833515268f94076111a53b6b6ccf443e927af2e24a68ea22f2b586358f4c49872863fa1648ed874624c33bcb219bf62beb2f2b4db78b1610ecd94e1aa3a5f99336a95b8b16c7184ad58993975337788bbffe21b5877de7cd0e18e1ada3f837facf4495ae66edf62b12a4c9061762b4c4fcfa1a0836a87dd467170fe27a91153b08c1a2e2cbf63017ad8beffd8e600a450b35c6ed25ee08299d4b97dcf4da433d30bca8471ae59b7da55d2ac637c1e84caf1f12d30f0d68ed29fd2f8d647aa32e70f5740d46dc7e00cbb70c3822682efe83c628f45f2f10094f6cd3c9f7a0e984bfd09b0d4207ef94154bce32aeda703ac5d3a8f981fdbe645fad3a67becbc6e3df0efaadf820e98ba0b19874a723f3e9cfce13f784fac7cedf77d35d213bd04a0ab52578b5611e883d53026f0d91ea9b2a83523d16320bd4085bfec25aa270b58eb317d67d5a4e0ff816a258ad677bb03a34e981b882f8d58bc0a88a835467154142bfa8812f536d8a170d2251aa9069c9dced028925611d262131b998de7bf45183b892063fca2f8923fbc770a7a0aa631ceb742c4c57af123601011f596bc58b81a96fca89ed0a72e44ab7ab72de84a824abbeaed3c977c401a659296c1008693047ef56db43eec8b0c7ff60fb398ddfd8b015b155d89f387b388aec04d82ff28beb41124ce9f024057c2d1920a05a0c9c30eb3fd7b896164e186d25d4cff558aa6ddb0db5c048686f6d0ef456f65281ca9c594400b30245d384be53168c7fc3fc619d2b001594405abc1c224c12045338adf6f9557a70bb476b570fc9fa82fbbbd5f37ebf911fec5e1ccd9d500446daad54c5c1c5e5a2d205bb81f2fef90ef54f5b7925cff40a8ac72c0559d79309904424fa016b524613104c9c6ea", 0xfdf}], 0x4, &(0x7f0000001ac0)=[@assoc={0x18}, @assoc={0x18, 0x117, 0x4, 0x6}], 0x30, 0x8000}, 0x80) openat$fuse(0xffffffffffffff9c, 0x0, 0x2, 0x0) perf_event_open(&(0x7f0000000400)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x800004}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f00000003c0)=@raw={'raw\x00', 0x3c1, 0x3, 0x360, 0x0, 0xffffff80, 0x178, 0x3803, 0xc7, 0x290, 0x258, 0x258, 0x290, 0x258, 0x3, 0x0, {[{{@ipv6={@mcast2, @mcast2, [], [], 'lo\x00', 'netpci0\x00'}, 0x0, 0x130, 0x1a0, 0x0, {}, [@common=@unspec=@connmark={{0x30, 'connmark\x00'}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'syzkaller1\x00', {0x0, 0x0, 0x4, 0x0, 0x0, 0x9, 0x401}}}]}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, "42c2f7ce28ef401335ddf6fb395bf4a4d216cfa5e921b6e919ef8a0d6093c6bcee49d7b46af988d8931f15a247cd97ebe28f918333489d8bc10f975c5989ee00"}}}, {{@ipv6={@loopback, @initdev={0xfe, 0x88, [], 0x0, 0x0}, [], [], 'veth0_to_team\x00', 'hsr0\x00'}, 0x0, 0xa8, 0xf0}, @unspec=@CT0={0x48, 'CT\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 'snmp_trap\x00'}}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3c0) pause() r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000)='/dev/bsg\x00', 0x100, 0x0) openat$full(0xffffffffffffff9c, 0x0, 0x220000, 0x0) r2 = openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) dup3(0xffffffffffffffff, r2, 0x80000) syz_genetlink_get_family_id$tipc2(0x0) sendmsg$TIPC_NL_MEDIA_GET(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000080), 0xc, &(0x7f0000000180)={0x0}}, 0x0) sendmsg$TIPC_NL_SOCK_GET(0xffffffffffffffff, 0x0, 0x20000000) sendmsg$TIPC_NL_PUBL_GET(r1, 0x0, 0x20044040) socket(0x0, 0x0, 0x0) [ 764.193965][T19641] FAT-fs (loop2): bogus number of reserved sectors [ 764.206163][T19641] FAT-fs (loop2): Can't find a valid FAT filesystem [ 764.232223][T19647] xt_CT: You must specify a L4 protocol and not use inversions on it [ 764.264555][ T28] audit: type=1804 audit(1590300819.259:266): pid=19641 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir182037091/syzkaller.fFo22x/405/file0/bus" dev="sda1" ino=16203 res=1 [ 764.333016][ T28] audit: type=1804 audit(1590300819.329:267): pid=19652 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir182037091/syzkaller.fFo22x/405/file0/bus" dev="sda1" ino=16203 res=1 06:13:39 executing program 1: syz_open_dev$evdev(&(0x7f0000000240)='/dev/input/event#\x00', 0x1, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$RNDADDTOENTCNT(0xffffffffffffffff, 0x40045201, 0x0) sendmsg$alg(0xffffffffffffffff, &(0x7f0000001b00)={0x0, 0x0, &(0x7f0000000880)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000ac0)="93440d442fb8ca9c4325f1574e446b341fe4e5bdd147d78b6dc74eaff26bfa1eaab9b6759d75dd094e84782fd1809f0b9a3698c9b3cd617f5c2bfff228316b970581956f45ce11c26c991452eae94dfa064ca754d4181e85334b612e52f412f37ba76cd87c71a1651f46e5d7f96c49998a931f4cf50742f7f6ae51d786617d758e6f1e7ee4cfd1145101f0e8ed1b94ea03662b088be10d580f188cbc7079a75a0b60e34494e3c0bec7962d0b8743326a9a25c7e1c85e4d1dff76f8ef439189e35fa7796449afd256e47ef4722d90bff26ad7fda655c689fce1b4b828a72a404a7b5b2d63ba97852647da41b9ba62932b56de61b033a2d8533d664b13e2db2ea0d52e0ff78baadf3b80527a184468e8c8e2cdbc42fd5562d3f8a4904d8dc3349aa222410c143beb73806e100728181fb54caff80bee18cf3c4eb7ae07087b251e6604ef2741a30cf02f0e0c5b408f074958df2fe8078a6ddbeb15f7180e468c8160c1ac95931e555bbfcca029d12947b2119df6c75035be70cff2918665975e20aa75e2a15b456630b014427e9337df6bee762bf937c1cded4e24ca0847e3bc4001c07615772f08fdc72f29a7ea6d3681643097ac2d6771ab5dbdfa7421a1166b28b6985f076806c685c778106a2cb528cfa29ec43d2cafebafe494634b4a5b70527c073eefa8ada64b40c545de5e6b7c01401b4fc820905edd871030b370e84394f16ee4edb1e6763b50144e8344c14f793109de5f4f7a9871fbcd069b8cf6985ad76a8ad71c02e94130ec7bcd4c46f898810156ea6340da929cc5046ba3aa00689783c596965462c6589d0433e669662a9e3a6a22cbd6be83be82d24343959a8e65245ea1d226b101dd6c455d797bac65457e7ddc6aaac3220d7b9294cc47f16cc813933d2d3e0df44722620605a2f956423f966fbdc5c25cb0066aaffecee5ec83e571c7498439876276b4f195dec38ca8154b2d96b43c48295d7c9bfd60b128d008131ecfcc90f24394f3e06b3aa0ff48038d66495ffc74d69efe71e7a14398ed2082930e4001ed9fcd817edf345fd77d85921ffc01bdbfd7fd35be85b976dce485b03388de58f50a929874e6da82685cd237423acfe6ed333f58df0d2820f6f395538d31a65e17656efa965a7f6170587dc0516018e49ef95893a60d97c154c6e4bbee708987b4d4557f67fece01dfc948b7686eea91c8126c80e062873f953996c51502075610fed6c73a2b0b77684ba822b304a61f55912bfa0991141dcea75292b8c7de2a313214a4abb38293a165d302ac0c6a8dc4a34f2bde2c2308fd4669803a7badf4d1690b47fab74826c41c6cedfb3425704f7f7b85fb7e163e84393ea86983f17409e9522fa5e3b0724f1e975849dc3f9b8383c9fa8a3f8be416e1e95fd3cc7a1010b754323651528fbac3e7584461fc8f25b7a714653b2035204e93fcc128f9c9ece97fe8a2f4071ea77391b317a4343c15ef7fb4398a52033900bbdaa0490054ad6544aa859435f7c395b7d27f3d1c5543abc9b944f2cbd1de77966c69fe076424633e37f2118998026f15acdb7fce670ec50509ef4f4163f34eae35684fe525e1dd60efc5a1b100719f18f5158f9b7852de05725331c4664ed3d57f3eb6eee74f410df8464f8aad9fd0fe3df5f9a170c6f637804756b3ea2b242a6a99006e31e661a8821248934da737b18c4c103a31b3543b4e8a8f52d78ce87a0dbf22e5264dbbc5d8fe762a7c8403b61a1313461382847ce7fcedd51c3a63b2d58688e934e3a6e6d0ff2d38e2265578581c998fd6c11721043104363f13a035aea2c99b84f19c6b99aa43ffacde3599c193766442f249651be503a62feeaf86b082e3352680aae3601f742b514b3d8e2123ff45752a4c64b59126d8cde5e4184be1c03e09f5102d47997951a34e6309b6696abcc73c2198fdbdab88657d871f4835bad7c371a15d79efcad2aabfc685f0703835d35921353ffdedc2a8f406f3a626bceeb2ddc0d89bccd39334becc9326df579b8ce1a8d4b305de11de73838becad7f8056441c759e7f165893b474db93d98392374352e288e5998728873dfdc78f53674b2f8a1b767a9607ba22340a2e1165413ab878b6ce6a1394f923d6956fe2f13d77469628279a7e8176820e665ee1f115add832d1c4fc2336362890d6b2d4ca8e603fcc5f1cbc792bfa5b7f8d31e3c739ea036d216718c18284e61cde024484ea6d2b45780afe9576f64e8608d08cc27fb8aa49a46e9fab594133359c62ee9d0f562c7f7f9a06e3b69391cc3d5cacde4f64c09d259383b9ae72f1e260cbde6333a9b0bb093bf2c4c92fd90f3b37ed69f7ecb3f156970441ce0bab7aa02539708ce3389dcbbbd432e5863dacd972e34312315ea6791d8e98a472ac5539fc25e7bbbfef1fe0c6c58f76134e8830676b7be68f1b492565edc1794be162aa44e2bfa97414a441a729969af8c8a03212562accb92934fc6fa83ffd558df7b348e5ff4d917cc570fd1ef5c033c921138a688462046e7d17707e4e69ac9bac79ff5f5022fb0f80b5e40d8f71dd6eda1d23c30ffc41b57b1beaab0e50b8e3d68d4d53c9ee86a6c94620dd433d06879d37f1158b986cf2a72c74f7d3b2b159015c8f5876f7625f901aa49bd88d8097ac8eb9fb7d74d16e4e84b09f3c22c933c77be025476241012c37d0d782668da78aa3f34143a526f316d6ee3f99f4b8df5fbfbe1b229077969651750c2f931949399cc3257fe6b7309d535ce1ad00ca6b55f7bb33224d07428cee1396e03bf3d5b60ba267e2aef8e0881d9e714ef5f49b6ed16622423f573179c31530bf6b391167531a7c189202954ae43f95ec3f8effbb4659cf45ddaa7902d0c8423c74bc21211d93a0808c2e39507976db2fd333b7550ec009e9dba720e41b9786d6e11e2177405283f287664ef2089a7d94b8f91a6ba1ac772a5a2ccbd0f29681b3c972ecee049eb39403a6ff5c98b033713d61dd1c0c19e35302de031bcfc7f3784a34c0bf5f3d816e24cf95305516c8d10eb6106e5e638489deb49dcd6a402aca377e49c1f85ea85f3166ae23934f9159064ca9858de7782bb1d16c6c20d583b68f433fe8304c809ada3bc13b05f0216570c64fe59b8a6135d51336af375a4098409197a8b2a39982870ea5682071cc45522cd53581ea059b8b5fb3eac30f623b7ece03d7a5bed0192ff3498710c757fecb17b4b28c8d8b09fbcaa06105b8717a727c3ad82e2a9ce1763c50f31f5f61e7ae20115b1e437b5b407c4e1a163e06524322bce8bc7a3cef78f6f1464a09580021c281cbbc23112c669c0b909a3231188d819a4c7ef8d743e38360c73f9ad57e08576aa036ea9e00257f6b705ab6a6f3a50782f1a6759e4558715c1a8b4d155d25e6e039bfbf8da46a334f4a1562a63aae7d902e91217280cb932fb9b7164e7b821b54d60f4b2796e6d730f4437192cf608de9e177a2721197a47899e118a83567e9449b7888c278fd39cbdbe0a0c9aee50872de9f9608d5064361ba60d697636174591389d7ebfcc3883adc38f7f432d2fab77829c22dabc27e758ad803a857f45d2ec395c0e16091c68a9afd1df6ea1814505076b20d71c02c68f3bee7667145ddd23294614de9e9b9c83f06b63f9cda84d61dfd86252a5321046bb8888dfb46df908d4edfbc7c47a970b45b7ac9c4393329d4e6383ba42efce6efcf2f1e70a68c3ce1a64d3db4ed5d86319081d7493a2a788834d66b2b2e5fd0e4e735e679275d5c91b2b05e79ec795678b11223f77b475e218c42b1140bb82658e592f75f34c9e831db084bccac9664225038c917ee6f095975c2e02b3de534c8a477e3cf303daaf6fb5af675f09bbf4860d491f36927a8a4d9faf7e647926a21f2a972d864f676d1412420e78aa411cbfb8aa1cfe1ab36517231371d6271acce2bc951fb7f7b7f4460a2eedf7c2fea965f5cb9379a34465e0f165bbb9b53028f8b1e8267b167faecdad7e8e284f7dc9f4efe7fa703dd8684d62de3d4f78e21e8b1d3fb92c9b0ba57070321b089070bc87a1bc40bc94ab6354c1ef9ec6f9031817bb27995dbede5b6627142376ece5deca840a990ede1656b0b422eb3f13e51a591f268866a4c8597cbaf32aba77c79e623ed882a9ce345190beea0d670ddbfa0820a1245b9fc121a449e6e18b11648c08a16ab84e0ce16662ab24b2f500d5ea3bd26b7d26e58103f4314c206aba9568e7f4b6b88d6b32f516b99a04fe74cb54b957631b7da4a616863669e611a97dc808398e42155f42408f3b4a4eb7bba5ec9e2490624ea3681459d9ac81df59365f040bd98b189685df7e7d3b38683f4c8cbaf08922120dfcfbfe7d28e58f5672fe23054cc677024469a83e3adee26e6b23c76e562e11c5cf00f5cc12aa75d326a59e0a605ce8c8129e41a35aee42fff92e4cb2372b869f70d4bf62d7f8bb2fa2b2e9e729d91a92c3d5c696fe30263d7c21bd40eb2ef6ebf13f9cc592c176db97d575cd18f430a406a831df0da86cdabe7316fb0e8ce092c7193f8c86be880e0921a1b4bce4c79e3d1f95380429d14970517efa98751111dafbcb36767398dd63fef259470f2fde7e04416af3ff1667b8d3dc465c592e63244e101c9138cc83dc4675db96dadfe386cedab157ba91a41f0c1137af818ea3d2600103f815182dfdcae02ab61f494f38ff6077ec60503295b0a67238dc9ef335e5851de48a321423d29a040fcfc49c983a9b9deb9d5ea6088228ca22d315de6f588bea3ca389337b2adc718b4448c52ae634093de8d180901962331a1844a0cc58a8608152a131a96f141855b0decaf561d6151e91bdeb589b64d20da4ef9a4181833515268f94076111a53b6b6ccf443e927af2e24a68ea22f2b586358f4c49872863fa1648ed874624c33bcb219bf62beb2f2b4db78b1610ecd94e1aa3a5f99336a95b8b16c7184ad58993975337788bbffe21b5877de7cd0e18e1ada3f837facf4495ae66edf62b12a4c9061762b4c4fcfa1a0836a87dd467170fe27a91153b08c1a2e2cbf63017ad8beffd8e600a450b35c6ed25ee08299d4b97dcf4da433d30bca8471ae59b7da55d2ac637c1e84caf1f12d30f0d68ed29fd2f8d647aa32e70f5740d46dc7e00cbb70c3822682efe83c628f45f2f10094f6cd3c9f7a0e984bfd09b0d4207ef94154bce32aeda703ac5d3a8f981fdbe645fad3a67becbc6e3df0efaadf820e98ba0b19874a723f3e9cfce13f784fac7cedf77d35d213bd04a0ab52578b5611e883d53026f0d91ea9b2a83523d16320bd4085bfec25aa270b58eb317d67d5a4e0ff816a258ad677bb03a34e981b882f8d58bc0a88a835467154142bfa8812f536d8a170d2251aa9069c9dced028925611d262131b998de7bf45183b892063fca2f8923fbc770a7a0aa631ceb742c4c57af123601011f596bc58b81a96fca89ed0a72e44ab7ab72de84a824abbeaed3c977c401a659296c1008693047ef56db43eec8b0c7ff60fb398ddfd8b015b155d89f387b388aec04d82ff28beb41124ce9f024057c2d1920a05a0c9c30eb3fd7b896164e186d25d4cff558aa6ddb0db5c048686f6d0ef456f65281ca9c594400b30245d384be53168c7fc3fc619d2b001594405abc1c224c12045338adf6f9557a70bb476b570fc9fa82fbbbd5f37ebf911fec5e1ccd9d500446daad54c5c1c5e5a2d205bb81f2fef90ef54f5b7925cff40a8ac72c0559d79309904424fa016b524613104c9c6ea", 0xfdf}], 0x4, &(0x7f0000001ac0)=[@assoc={0x18}, @assoc={0x18, 0x117, 0x4, 0x6}], 0x30, 0x8000}, 0x80) openat$fuse(0xffffffffffffff9c, 0x0, 0x2, 0x0) perf_event_open(&(0x7f0000000400)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x800004}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f00000003c0)=@raw={'raw\x00', 0x3c1, 0x3, 0x360, 0x0, 0xffffff80, 0x178, 0x3803, 0xc7, 0x290, 0x258, 0x258, 0x290, 0x258, 0x3, 0x0, {[{{@ipv6={@mcast2, @mcast2, [], [], 'lo\x00', 'netpci0\x00'}, 0x0, 0x130, 0x1a0, 0x0, {}, [@common=@unspec=@connmark={{0x30, 'connmark\x00'}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'syzkaller1\x00', {0x0, 0x0, 0x4, 0x0, 0x0, 0x9, 0x401}}}]}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, "42c2f7ce28ef401335ddf6fb395bf4a4d216cfa5e921b6e919ef8a0d6093c6bcee49d7b46af988d8931f15a247cd97ebe28f918333489d8bc10f975c5989ee00"}}}, {{@ipv6={@loopback, @initdev={0xfe, 0x88, [], 0x0, 0x0}, [], [], 'veth0_to_team\x00', 'hsr0\x00'}, 0x0, 0xa8, 0xf0}, @unspec=@CT0={0x48, 'CT\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 'snmp_trap\x00'}}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3c0) pause() r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000)='/dev/bsg\x00', 0x100, 0x0) openat$full(0xffffffffffffff9c, 0x0, 0x220000, 0x0) r2 = openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) dup3(0xffffffffffffffff, r2, 0x80000) syz_genetlink_get_family_id$tipc2(0x0) sendmsg$TIPC_NL_MEDIA_GET(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000080), 0xc, &(0x7f0000000180)={0x0}}, 0x0) sendmsg$TIPC_NL_SOCK_GET(0xffffffffffffffff, 0x0, 0x20000000) sendmsg$TIPC_NL_PUBL_GET(r1, 0x0, 0x20044040) socket(0x0, 0x0, 0x0) [ 764.375720][T19647] xt_CT: You must specify a L4 protocol and not use inversions on it [ 764.473879][T19659] xt_CT: You must specify a L4 protocol and not use inversions on it 06:13:39 executing program 1: ioctl$EVIOCSFF(0xffffffffffffffff, 0x402c4580, &(0x7f0000000080)={0x57, 0x7, 0x0, {0x8000, 0x2}, {0x1}}) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8927, &(0x7f0000000000)={'bond0\x00', 0x0}) setsockopt$inet6_MCAST_JOIN_GROUP(0xffffffffffffffff, 0x29, 0x2a, 0x0, 0x0) clock_gettime(0x0, 0x0) futimesat(0xffffffffffffffff, 0x0, 0x0) clone(0x8ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) syz_emit_ethernet(0x1, 0x0, 0x0) socket$key(0xf, 0x3, 0x2) shutdown(0xffffffffffffffff, 0x0) socket$packet(0x11, 0x0, 0x300) times(0x0) clock_gettime(0x0, &(0x7f0000000100)) getsockopt$packet_int(0xffffffffffffffff, 0x107, 0x0, 0x0, 0x0) sendmsg$NL80211_CMD_GET_MESH_CONFIG(0xffffffffffffffff, 0x0, 0x0) r0 = getpgrp(0x0) setsockopt$inet6_mtu(0xffffffffffffffff, 0x29, 0x17, &(0x7f0000000040), 0x4) perf_event_open(0x0, r0, 0x0, 0xffffffffffffffff, 0x0) sched_getaffinity(0x0, 0x0, 0x0) keyctl$set_reqkey_keyring(0xe, 0x5) request_key(&(0x7f0000000000)='user\x00', &(0x7f0000000140)={'syz', 0x1, 0x74}, &(0x7f00000000c0)='\x00vwx\n!p\xdd7\xb8\rS\x12\xe5\xec\xc1\xd5\x95bBS\xd9\x97\xdf\xdd\x05\xf8S5\x1c\x9f\xcc\xf0\x86an\x86B\x194\x04', 0x0) 06:13:39 executing program 1: sendmsg$IPCTNL_MSG_CT_GET(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) sendmsg$IPSET_CMD_LIST(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000003c0)=ANY=[@ANYBLOB="1c000000070605000000000000000003001a00000500010006"], 0x1c}}, 0x0) r0 = socket(0x10, 0x80002, 0xc) sendmmsg$alg(r0, &(0x7f0000000140), 0x492492492492805, 0x0) 06:13:39 executing program 1: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000b00)='cgroup.controllers\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28012, r0, 0x0) 06:13:39 executing program 1: r0 = socket$inet6(0xa, 0x2, 0x0) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) bind$inet6(r0, &(0x7f0000f13000)={0xa, 0x4e22, 0x0, @ipv4={[], [], @multicast1}}, 0x1c) syz_emit_ethernet(0x32, &(0x7f0000000300)={@multicast, @dev, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x24, 0x0, 0x0, 0x0, 0x11, 0x0, @rand_addr, @multicast1}, {0x0, 0x4e22, 0x10, 0x0, @gue={{0x2}}}}}}}, 0x0) 06:13:41 executing program 5: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r2, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}], 0x2, 0x0, 0x0, 0x0) tkill(r2, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @ext={0x2a, &(0x7f00000193c0)="f7f258480aa42220e779e70076cc036a2a160500000032a56f7259e480249950f34c6aa172903acab906"}}], 0x1c) ptrace$setregs(0xd, r2, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r2, 0x0, 0x0) 06:13:41 executing program 1: socket$inet6_tcp(0xa, 0x1, 0x0) sendmsg$NLBL_CIPSOV4_C_LIST(0xffffffffffffffff, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000100)={0x1d4, 0x0, 0x0, 0x0, 0x0, {}, [@NLBL_CIPSOV4_A_MTYPE={0x8}, @NLBL_CIPSOV4_A_MLSLVLLST={0xbc, 0x8, 0x0, 0x1, [{0x2c, 0x7, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSLVLREM={0x8}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8}]}, {0x14, 0x7, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSLVLREM={0x8}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8}]}, {0xc, 0x7, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSLVLLOC={0x8}]}, {0x54, 0x7, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSLVLLOC={0x8}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8}]}, {0xc, 0x7, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSLVLLOC={0x8}]}, {0xc, 0x7, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSLVLLOC={0x8}]}]}, @NLBL_CIPSOV4_A_MLSLVLLST={0x84, 0x8, 0x0, 0x1, [{0x3c, 0x7, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSLVLLOC={0x8}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8}]}, {0x44, 0x7, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSLVLREM={0x8}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8}]}]}, @NLBL_CIPSOV4_A_DOI={0x8}, @NLBL_CIPSOV4_A_TAGLST={0x34, 0x4, 0x0, 0x1, [{0x5}, {0x5}, {0x5}, {0x5}, {0x5}, {0x5}]}, @NLBL_CIPSOV4_A_MLSLVLLST={0x3c, 0x8, 0x0, 0x1, [{0x4}, {0x34, 0x7, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSLVLLOC={0x8}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0x77}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8}]}]}]}, 0x1d4}}, 0x0) syz_emit_ethernet(0x37, &(0x7f00000002c0)=ANY=[], 0x0) 06:13:41 executing program 2: prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setattr(r0, 0x0, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x9}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sched_setattr(0x0, &(0x7f0000000180)={0x38, 0x1, 0x0, 0x0, 0x3}, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000000200)="eb3c906d6b66732e666174000204010002", 0x11}], 0x0, 0x0) r2 = open(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) fchdir(r2) r3 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ftruncate(r3, 0x800) lseek(r3, 0x0, 0x2) r4 = open(&(0x7f0000001840)='./bus\x00', 0x80, 0x0) sendfile(r3, r4, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0xa0) [ 766.931937][T19698] FAT-fs (loop2): invalid media value (0x00) [ 766.937946][T19698] FAT-fs (loop2): Can't find a valid FAT filesystem [ 767.025284][ T28] audit: type=1804 audit(1590300822.019:268): pid=19698 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir182037091/syzkaller.fFo22x/406/file0/bus" dev="sda1" ino=16175 res=1 [ 767.077105][ T28] audit: type=1804 audit(1590300822.069:269): pid=19703 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir182037091/syzkaller.fFo22x/406/file0/bus" dev="sda1" ino=16175 res=1 06:13:42 executing program 0: sendmmsg$inet(0xffffffffffffffff, &(0x7f0000000080)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0, 0xfffffd6b, &(0x7f0000000380)}}], 0x2, 0x0) r0 = gettid() prctl$PR_SET_PTRACER(0x59616d61, r0) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000740)="0f34", 0x2}], 0x1, 0x0) ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f00000000c0)={@mcast2, 0xe}) ptrace$setopts(0x4206, r1, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}], 0x2, 0x0, 0x0, 0x0) tkill(r1, 0x3c) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r1, 0x0, 0x0) 06:13:42 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102385, 0x18ff1}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0), 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 06:13:42 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102385, 0x18ff1}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0xfc, &(0x7f00000193c0)="f7f258480aa4ce20d179e70076cc036a2a1605000000320800000000000000a172903acab90671ffbb70cef20d945aa586d65a3d7f02224c14f1bdd7d464089414700000000000d384d29308f038cb863cce9acc92b74162953f799a801e4f0a49bd983a793d0f756d427b702ca97d7ba31392f173f30271fa144340a90d74208ee26834d00e37642d03645ffbe9e50affba1233832cbf4882a813cb286fcf95f9db2dd885905284f167992356c7667b5f2e5dddb33f7b43e9988f2c5ebe21e47dc96e22e3d9b9a00a153f2534b2302c88a1d58ac9defdb908981b674ae9470a1a00c47bcc6f9b2d875f101167322be2bfef76a9d17317abc90ab108"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 06:13:42 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x4) writev(r0, &(0x7f00000001c0)=[{&(0x7f0000000000)="580000001400192340834b80043f679a10ff3d425f9cc3f4ff7f4e32f61bcdf1e422000000000100804824cabecc4b38945f64009400050028925aaa000000c600000000000000feff2c707f8f00ff000000000000000000", 0x58}], 0x1) 06:13:42 executing program 1: r0 = perf_event_open(&(0x7f0000000280)={0x2, 0x70, 0x13, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext={0xffffffffffffff80}, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) chdir(&(0x7f0000000240)='./file0\x00') syz_open_dev$ttys(0xc, 0x2, 0x1) ioctl$TCSETX(0xffffffffffffffff, 0x5433, &(0x7f0000000400)={0x5, 0x4501, [0x6, 0x0, 0x8, 0x2002, 0x3], 0x40}) mkdir(0x0, 0x2) r1 = open(&(0x7f0000001680)='./file0\x00', 0x0, 0xc4) r2 = openat$cgroup_procs(r1, &(0x7f0000000240)='cgroup.procs\x00', 0x2, 0x0) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) eventfd2(0x201, 0x80001) fcntl$F_SET_RW_HINT(r3, 0x40c, &(0x7f0000000000)=0x9ccf77335bdd34ca) openat$fuse(0xffffff9c, &(0x7f0000000180)='/dev/fuse\x00', 0x2, 0x0) r4 = signalfd(r0, &(0x7f00000001c0)={[0x8001]}, 0x8) r5 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r5, 0x1, 0x11, &(0x7f0000000300)={0x0, 0x0}, &(0x7f0000000340)=0xc) keyctl$get_persistent(0x3, r6, 0x0) mount$fuse(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000140)='fuse\x00', 0x2041080, &(0x7f0000000440)=ANY=[@ANYRESDEC=r4]) sendfile(r3, r2, &(0x7f0000000100)=0x19f2, 0x1bc1) rmdir(&(0x7f0000000000)='./file0\x00') 06:13:42 executing program 1: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f00000007c0)=@filter={'filter\x00', 0xe, 0x4, 0x2e4, 0x94, 0x94, 0x0, 0x250, 0x0, 0x268, 0x250, 0x250, 0x250, 0x268, 0x4, 0x0, {[{{@ip={@multicast1, @multicast2, 0x0, 0x0, 'veth1_to_bond\x00', 'gre0\x00'}, 0x0, 0x70, 0x94}, @REJECT={0x24, 'REJECT\x00'}}, {{@uncond, 0x0, 0xc8, 0xec, 0x0, {}, [@common=@addrtype={{0x2c, 'addrtype\x00'}}, @common=@unspec=@connmark={{0x2c, 'connmark\x00'}}]}, @REJECT={0x24, 'REJECT\x00'}}, {{@uncond, 0x0, 0x70, 0xd0}, @common=@SET={0x60, 'SET\x00'}}], {{[], 0x0, 0x70, 0x94}, {0x24}}}}, 0x340) add_key$user(0x0, 0x0, &(0x7f00000000c0)="957a988ef8096e0f97dbbbdb21c16b14b55b87faa69aa23d960d43dc051641227feff29412edfe858a76787c46db4dd511af986ade2d1fa294efc26ea80882f6d3de46abb3c2a667cd29acc09b76a86bb7bd5884e13baa6d1dd2e62f44a710004a69553838198dd7b0ca14c4b552bc4161e14df82e42180882b9ad1cb07427432ec3e7fecd059e46fc3d7c0a0582d9", 0x8f, 0xffffffffffffffff) pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = socket$inet_udp(0x2, 0x2, 0x0) close(r3) write$binfmt_misc(r2, &(0x7f0000000140)=ANY=[], 0x4240a2a0) socket$inet(0x2, 0x200000003, 0x84) bind$inet(r3, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10) connect$inet(r3, &(0x7f0000001280)={0x2, 0x0, @multicast1}, 0x10) splice(r1, 0x0, r3, 0x0, 0x19401, 0x0) 06:13:42 executing program 2: prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setattr(r0, 0x0, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x9}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sched_setattr(0x0, &(0x7f0000000180)={0x38, 0x1, 0x0, 0x0, 0x3}, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000000200)="eb3c906d6b66732e666174000204010002", 0x11}], 0x0, 0x0) r2 = open(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) fchdir(r2) r3 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ftruncate(r3, 0x800) lseek(r3, 0x0, 0x2) r4 = open(&(0x7f0000001840)='./bus\x00', 0x80, 0x0) sendfile(r3, r4, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0xa0) [ 767.920108][T19732] FAT-fs (loop2): invalid media value (0x00) [ 767.926288][T19732] FAT-fs (loop2): Can't find a valid FAT filesystem [ 767.942667][ T28] audit: type=1804 audit(1590300822.939:270): pid=19732 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir182037091/syzkaller.fFo22x/407/file0/bus" dev="sda1" ino=16181 res=1 [ 768.022037][ T28] audit: type=1804 audit(1590300823.019:271): pid=19736 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir182037091/syzkaller.fFo22x/407/file0/bus" dev="sda1" ino=16181 res=1 06:13:43 executing program 1: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000140)='bridge0\x00', 0xf6) setsockopt$sock_int(r0, 0x1, 0xf, &(0x7f0000000680)=0xde, 0x4) connect$inet(r0, &(0x7f0000000180)={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) 06:13:43 executing program 1: syz_emit_ethernet(0x3a, &(0x7f0000000040)={@broadcast, @local, @val={@void}, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x6, 0x0, @rand_addr, @multicast1}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}, 0x0) 06:13:44 executing program 5: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r2, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}], 0x2, 0x0, 0x0, 0x0) tkill(r2, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @ext={0x2a, &(0x7f00000193c0)="f7f258480aa42220e779e70076cc036a2a160500000032a56f7259e480249950f34c6aa172903acab906"}}], 0x1c) ptrace$setregs(0xd, r2, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r2, 0x0, 0x0) 06:13:44 executing program 1: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f0000000240)=0x1, 0xed) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000000)='veth1\x00', 0x10) connect$inet(r0, &(0x7f0000000140)={0x2, 0x0, @initdev}, 0x10) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000dc0)=@filter={'filter\x00', 0xe, 0x4, 0x408, 0x0, 0x0, 0x0, 0x0, 0x2e4, 0x378, 0x374, 0x374, 0x374, 0x378, 0x4, 0x0, {[{{@uncond, 0x0, 0x1f0, 0x24c, 0x0, {}, [@common=@inet=@length={{0x28, 'length\x00'}}, @common=@inet=@hashlimit3={{0x158, 'hashlimit\x00'}, {'syzkaller0\x00', {0xc0, 0x0, 0x40, 0x0, 0x0, 0x28000000, 0x8, 0x100}}}]}, @common=@inet=@HMARK={0x5c, 'HMARK\x00', 0x0, {@ipv6=@ipv4, [], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}}}, {{@ip={@multicast1, @dev, 0x0, 0x0, 'veth1_to_bond\x00', 'sit0\x00'}, 0x0, 0x70, 0x94}, @REJECT={0x24, 'REJECT\x00'}}, {{@uncond, 0x0, 0x70, 0x94}, @REJECT={0x24, 'REJECT\x00'}}], {{[], 0x0, 0x70, 0x94}, {0x24}}}}, 0x464) setsockopt$inet_tcp_int(r0, 0x6, 0x4000000000013, &(0x7f0000000100), 0x1042b) 06:13:44 executing program 2: prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setattr(r0, 0x0, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x9}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sched_setattr(0x0, &(0x7f0000000180)={0x38, 0x1, 0x0, 0x0, 0x3}, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000000200)="eb3c906d6b66732e666174000204010002", 0x11}], 0x0, 0x0) r2 = open(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) fchdir(r2) r3 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ftruncate(r3, 0x800) lseek(r3, 0x0, 0x2) r4 = open(&(0x7f0000001840)='./bus\x00', 0x80, 0x0) sendfile(r3, r4, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0xa0) [ 769.940998][T19758] FAT-fs (loop2): invalid media value (0x00) [ 769.947038][T19758] FAT-fs (loop2): Can't find a valid FAT filesystem [ 770.028378][ T28] audit: type=1804 audit(1590300825.020:272): pid=19758 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir182037091/syzkaller.fFo22x/408/file0/bus" dev="sda1" ino=15923 res=1 [ 770.113573][ T28] audit: type=1804 audit(1590300825.110:273): pid=19765 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir182037091/syzkaller.fFo22x/408/file0/bus" dev="sda1" ino=15923 res=1 06:13:45 executing program 0: sendmmsg$inet(0xffffffffffffffff, &(0x7f0000000080)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0, 0xfffffd6b, &(0x7f0000000380)}}], 0x2, 0x0) r0 = gettid() prctl$PR_SET_PTRACER(0x59616d61, r0) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000740)="0f34", 0x2}], 0x1, 0x0) ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f00000000c0)={@mcast2, 0xe}) ptrace$setopts(0x4206, r1, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {0x0}], 0x3, 0x0, 0x0, 0x0) tkill(r1, 0x3c) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r1, 0x0, 0x0) 06:13:45 executing program 1: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = memfd_create(&(0x7f0000000080)='#}\x04\xe4\xfc\x1e\xff~\xb1\xe0\xa5\x9d\xc8\xca3\'\x12xY!\xa4\x9c\x97\xf1\xfc\xb0\xe8~\x91\xd5\x04i}\x03\x00@\x0e\xe6\x995b\x00\x00\x00\x00\x00\x00\x00\x8e\x96\xb7=\xb9OmILO\x8d\x00\x00\x00\x00\x00\xfe\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x0) ftruncate(r1, 0x40001) connect$inet(r0, &(0x7f0000000040)={0x2, 0x0, @remote}, 0x10) sendfile(r0, r1, 0x0, 0xffe4) 06:13:45 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102385, 0x18ff1}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0xfd, &(0x7f00000193c0)="f7f258480aa4ce20d179e70076cc036a2a1605000000320800000000000000a172903acab90671ffbb70cef20d945aa586d65a3d7f02224c14f1bdd7d464089414700000000000d384d29308f038cb863cce9acc92b74162953f799a801e4f0a49bd983a793d0f756d427b702ca97d7ba31392f173f30271fa144340a90d74208ee26834d00e37642d03645ffbe9e50affba1233832cbf4882a813cb286fcf95f9db2dd885905284f167992356c7667b5f2e5dddb33f7b43e9988f2c5ebe21e47dc96e22e3d9b9a00a153f2534b2302c88a1d58ac9defdb908981b674ae9470a1a00c47bcc6f9b2d875f101167322be2bfef76a9d17317abc90ab10880"}}], 0x1c) ptrace$setregs(0xffffffffffffffff, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 06:13:45 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102385, 0x18ff1}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0), 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 06:13:45 executing program 1: 06:13:45 executing program 1: perf_event_open(&(0x7f0000000000)={0x1000000002, 0x70, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_open_dev$evdev(&(0x7f00000000c0)='/dev/input/event#\x00', 0x7528, 0x20080) 06:13:45 executing program 1: mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x0, &(0x7f0000130000/0x800000)=nil) perf_event_open(&(0x7f0000000000)={0x1000000002, 0x70, 0x800000000000013, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) get_mempolicy(0x0, 0x0, 0x0, &(0x7f00007e7000/0x4000)=nil, 0x3) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0) keyctl$get_persistent(0x3, 0x0, 0x0) semctl$GETPID(0x0, 0x0, 0xb, &(0x7f00000001c0)=""/43) 06:13:45 executing program 1: r0 = getpgrp(0x0) perf_event_open(&(0x7f0000c86f88)={0x2, 0x70, 0xfffffffffffffffa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, r0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000000)={0x1000000002, 0x70, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) prctl$PR_TASK_PERF_EVENTS_DISABLE(0x1f) open(&(0x7f0000000080)='./file0\x00', 0x0, 0x20) 06:13:45 executing program 2: prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setattr(r0, 0x0, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x9}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sched_setattr(0x0, &(0x7f0000000180)={0x38, 0x1, 0x0, 0x0, 0x3}, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000000200)="eb3c906d6b66732e666174000204010002000270", 0x14}], 0x0, 0x0) r2 = open(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) fchdir(r2) r3 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ftruncate(r3, 0x800) lseek(r3, 0x0, 0x2) r4 = open(&(0x7f0000001840)='./bus\x00', 0x80, 0x0) sendfile(r3, r4, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0xa0) [ 770.808357][T19799] FAT-fs (loop2): invalid media value (0x00) [ 770.817321][T19799] FAT-fs (loop2): Can't find a valid FAT filesystem [ 770.882143][ T28] audit: type=1804 audit(1590300825.880:274): pid=19799 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir182037091/syzkaller.fFo22x/409/file0/bus" dev="sda1" ino=15923 res=1 [ 770.938391][ T28] audit: type=1804 audit(1590300825.930:275): pid=19805 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir182037091/syzkaller.fFo22x/409/file0/bus" dev="sda1" ino=15923 res=1 06:13:47 executing program 1: open(&(0x7f0000000080)='./file0\x00', 0x8040, 0x0) perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3de32420c3954336, @perf_bp={0x0}, 0x20006503d, 0x4007f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000140)={0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x218, 0x0, 0x0}, 0x40) mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000200)='nfs\x00', 0x0, &(0x7f0000000000)) 06:13:47 executing program 5: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r2, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {0x0}], 0x3, 0x0, 0x0, 0x0) tkill(r2, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @ext={0x2a, &(0x7f00000193c0)="f7f258480aa42220e779e70076cc036a2a160500000032a56f7259e480249950f34c6aa172903acab906"}}], 0x1c) ptrace$setregs(0xd, r2, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r2, 0x0, 0x0) 06:13:47 executing program 2: prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setattr(r0, 0x0, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x9}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sched_setattr(0x0, &(0x7f0000000180)={0x38, 0x1, 0x0, 0x0, 0x3}, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000000200)="eb3c906d6b66732e666174000204010002000270", 0x14}], 0x0, 0x0) r2 = open(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) fchdir(r2) r3 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ftruncate(r3, 0x800) lseek(r3, 0x0, 0x2) r4 = open(&(0x7f0000001840)='./bus\x00', 0x80, 0x0) sendfile(r3, r4, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0xa0) [ 772.921549][T19815] NFS: Device name not specified [ 772.930536][T19815] NFS: Device name not specified [ 772.981986][T19818] FAT-fs (loop2): invalid media value (0x00) [ 772.988120][T19818] FAT-fs (loop2): Can't find a valid FAT filesystem [ 773.005169][ T28] audit: type=1804 audit(1590300828.000:276): pid=19818 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir182037091/syzkaller.fFo22x/410/file0/bus" dev="sda1" ino=16226 res=1 [ 773.112178][ T28] audit: type=1804 audit(1590300828.070:277): pid=19824 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir182037091/syzkaller.fFo22x/410/file0/bus" dev="sda1" ino=16226 res=1 06:13:48 executing program 0: sendmmsg$inet(0xffffffffffffffff, &(0x7f0000000080)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0, 0xfffffd6b, &(0x7f0000000380)}}], 0x2, 0x0) r0 = gettid() prctl$PR_SET_PTRACER(0x59616d61, r0) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000740)="0f34", 0x2}], 0x1, 0x0) ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f00000000c0)={@mcast2, 0xe}) ptrace$setopts(0x4206, r1, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {0x0}], 0x3, 0x0, 0x0, 0x0) tkill(r1, 0x3c) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r1, 0x0, 0x0) 06:13:48 executing program 1: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f00000007c0)=@filter={'filter\x00', 0xe, 0x4, 0x2e4, 0x94, 0x94, 0x0, 0x250, 0x0, 0x268, 0x250, 0x250, 0x250, 0x268, 0x4, 0x0, {[{{@ip={@multicast1, @multicast2, 0x0, 0x0, 'veth1_to_bond\x00', 'gre0\x00'}, 0x0, 0x70, 0x94}, @REJECT={0x24, 'REJECT\x00'}}, {{@uncond, 0x0, 0xc8, 0xec, 0x0, {}, [@common=@addrtype={{0x2c, 'addrtype\x00'}}, @common=@unspec=@connmark={{0x2c, 'connmark\x00'}}]}, @REJECT={0x24, 'REJECT\x00'}}, {{@uncond, 0x0, 0x70, 0xd0}, @common=@SET={0x60, 'SET\x00'}}], {{[], 0x0, 0x70, 0x94}, {0x24}}}}, 0x340) add_key$user(0x0, 0x0, &(0x7f00000000c0)="957a988ef8096e0f97dbbbdb21c16b14b55b87faa69aa23d960d43dc051641227feff29412edfe858a76787c46db4dd511af986ade2d1fa294efc26ea80882f6d3de46abb3c2a667cd29acc09b76a86bb7bd5884e13baa6d1dd2e62f44a710004a69553838198dd7b0ca14c4b552bc4161e14df82e42180882b9ad1cb07427432ec3e7fecd059e46fc3d7c0a0582d9", 0x8f, 0xffffffffffffffff) add_key$keyring(0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe) pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = socket$inet_udp(0x2, 0x2, 0x0) close(r3) write$binfmt_misc(r2, &(0x7f0000000140)=ANY=[], 0x4240a2a0) socket$inet(0x2, 0x200000003, 0x84) bind$inet(r3, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10) connect$inet(r3, &(0x7f0000001280)={0x2, 0x0, @multicast1}, 0x10) splice(r1, 0x0, r3, 0x0, 0x19401, 0x0) 06:13:48 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102385, 0x18ff1}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0xfd, &(0x7f00000193c0)="f7f258480aa4ce20d179e70076cc036a2a1605000000320800000000000000a172903acab90671ffbb70cef20d945aa586d65a3d7f02224c14f1bdd7d464089414700000000000d384d29308f038cb863cce9acc92b74162953f799a801e4f0a49bd983a793d0f756d427b702ca97d7ba31392f173f30271fa144340a90d74208ee26834d00e37642d03645ffbe9e50affba1233832cbf4882a813cb286fcf95f9db2dd885905284f167992356c7667b5f2e5dddb33f7b43e9988f2c5ebe21e47dc96e22e3d9b9a00a153f2534b2302c88a1d58ac9defdb908981b674ae9470a1a00c47bcc6f9b2d875f101167322be2bfef76a9d17317abc90ab10880"}}], 0x1c) ptrace$setregs(0xffffffffffffffff, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 06:13:48 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102385, 0x18ff1}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0), 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 06:13:48 executing program 2: prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setattr(r0, 0x0, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x9}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sched_setattr(0x0, &(0x7f0000000180)={0x38, 0x1, 0x0, 0x0, 0x3}, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000000200)="eb3c906d6b66732e666174000204010002000270", 0x14}], 0x0, 0x0) r2 = open(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) fchdir(r2) r3 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ftruncate(r3, 0x800) lseek(r3, 0x0, 0x2) r4 = open(&(0x7f0000001840)='./bus\x00', 0x80, 0x0) sendfile(r3, r4, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0xa0) [ 774.036462][T19849] FAT-fs (loop2): invalid media value (0x00) [ 774.050689][T19849] FAT-fs (loop2): Can't find a valid FAT filesystem [ 774.066609][ T28] audit: type=1804 audit(1590300829.060:278): pid=19849 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir182037091/syzkaller.fFo22x/411/file0/bus" dev="sda1" ino=16231 res=1 [ 774.141708][ T28] audit: type=1804 audit(1590300829.140:279): pid=19853 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir182037091/syzkaller.fFo22x/411/file0/bus" dev="sda1" ino=16231 res=1 06:13:49 executing program 1: 06:13:49 executing program 1: 06:13:49 executing program 1: 06:13:49 executing program 1: 06:13:49 executing program 1: 06:13:50 executing program 5: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r2, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {0x0}], 0x3, 0x0, 0x0, 0x0) tkill(r2, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @ext={0x2a, &(0x7f00000193c0)="f7f258480aa42220e779e70076cc036a2a160500000032a56f7259e480249950f34c6aa172903acab906"}}], 0x1c) ptrace$setregs(0xd, r2, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r2, 0x0, 0x0) 06:13:50 executing program 1: 06:13:51 executing program 0: sendmmsg$inet(0xffffffffffffffff, &(0x7f0000000080)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0, 0xfffffd6b, &(0x7f0000000380)}}], 0x2, 0x0) r0 = gettid() prctl$PR_SET_PTRACER(0x59616d61, r0) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000740)="0f34", 0x2}], 0x1, 0x0) ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f00000000c0)={@mcast2, 0xe}) ptrace$setopts(0x4206, r1, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {0x0}], 0x3, 0x0, 0x0, 0x0) tkill(r1, 0x3c) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r1, 0x0, 0x0) 06:13:51 executing program 2: prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setattr(r0, 0x0, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x9}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sched_setattr(0x0, &(0x7f0000000180)={0x38, 0x1, 0x0, 0x0, 0x3}, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000000200)="eb3c906d6b66732e666174000204010002000270ff", 0x15}], 0x0, 0x0) r2 = open(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) fchdir(r2) r3 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ftruncate(r3, 0x800) lseek(r3, 0x0, 0x2) r4 = open(&(0x7f0000001840)='./bus\x00', 0x80, 0x0) sendfile(r3, r4, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0xa0) 06:13:51 executing program 1: 06:13:51 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102385, 0x18ff1}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x0, 0x0}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 06:13:51 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102385, 0x18ff1}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0xfd, &(0x7f00000193c0)="f7f258480aa4ce20d179e70076cc036a2a1605000000320800000000000000a172903acab90671ffbb70cef20d945aa586d65a3d7f02224c14f1bdd7d464089414700000000000d384d29308f038cb863cce9acc92b74162953f799a801e4f0a49bd983a793d0f756d427b702ca97d7ba31392f173f30271fa144340a90d74208ee26834d00e37642d03645ffbe9e50affba1233832cbf4882a813cb286fcf95f9db2dd885905284f167992356c7667b5f2e5dddb33f7b43e9988f2c5ebe21e47dc96e22e3d9b9a00a153f2534b2302c88a1d58ac9defdb908981b674ae9470a1a00c47bcc6f9b2d875f101167322be2bfef76a9d17317abc90ab10880"}}], 0x1c) ptrace$setregs(0xffffffffffffffff, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 06:13:51 executing program 1: [ 776.516086][T19888] FAT-fs (loop2): invalid media value (0x00) [ 776.530150][T19888] FAT-fs (loop2): Can't find a valid FAT filesystem 06:13:51 executing program 1: [ 776.609848][ T28] audit: type=1804 audit(1590300831.600:280): pid=19894 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir182037091/syzkaller.fFo22x/412/file0/bus" dev="sda1" ino=16082 res=1 06:13:51 executing program 1: [ 776.682942][ T28] audit: type=1804 audit(1590300831.680:281): pid=19888 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir182037091/syzkaller.fFo22x/412/file0/bus" dev="sda1" ino=16082 res=1 06:13:51 executing program 1: 06:13:51 executing program 1: 06:13:53 executing program 5: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r2, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {0x0}], 0x3, 0x0, 0x0, 0x0) tkill(r2, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @ext={0x2a, &(0x7f00000193c0)="f7f258480aa42220e779e70076cc036a2a160500000032a56f7259e480249950f34c6aa172903acab906"}}], 0x1c) ptrace$setregs(0xd, r2, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r2, 0x0, 0x0) 06:13:53 executing program 1: 06:13:54 executing program 0: sendmmsg$inet(0xffffffffffffffff, &(0x7f0000000080)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0, 0xfffffd6b, &(0x7f0000000380)}}], 0x2, 0x0) r0 = gettid() prctl$PR_SET_PTRACER(0x59616d61, r0) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000740)="0f34", 0x2}], 0x1, 0x0) ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f00000000c0)={@mcast2, 0xe}) ptrace$setopts(0x4206, r1, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {&(0x7f0000000140)=""/71, 0x47}], 0x2, 0x0, 0x0, 0x0) tkill(r1, 0x3c) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r1, 0x0, 0x0) 06:13:54 executing program 2: prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setattr(r0, 0x0, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x9}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sched_setattr(0x0, &(0x7f0000000180)={0x38, 0x1, 0x0, 0x0, 0x3}, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000000200)="eb3c906d6b66732e666174000204010002000270ff", 0x15}], 0x0, 0x0) r2 = open(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) fchdir(r2) r3 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ftruncate(r3, 0x800) lseek(r3, 0x0, 0x2) r4 = open(&(0x7f0000001840)='./bus\x00', 0x80, 0x0) sendfile(r3, r4, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0xa0) 06:13:54 executing program 1: 06:13:54 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102385, 0x18ff1}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0xfd, &(0x7f00000193c0)="f7f258480aa4ce20d179e70076cc036a2a1605000000320800000000000000a172903acab90671ffbb70cef20d945aa586d65a3d7f02224c14f1bdd7d464089414700000000000d384d29308f038cb863cce9acc92b74162953f799a801e4f0a49bd983a793d0f756d427b702ca97d7ba31392f173f30271fa144340a90d74208ee26834d00e37642d03645ffbe9e50affba1233832cbf4882a813cb286fcf95f9db2dd885905284f167992356c7667b5f2e5dddb33f7b43e9988f2c5ebe21e47dc96e22e3d9b9a00a153f2534b2302c88a1d58ac9defdb908981b674ae9470a1a00c47bcc6f9b2d875f101167322be2bfef76a9d17317abc90ab10880"}}], 0x1c) ptrace$setregs(0xd, 0x0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 06:13:54 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102385, 0x18ff1}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x0, 0x0}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 06:13:54 executing program 1: [ 779.590646][T19927] FAT-fs (loop2): invalid media value (0x00) [ 779.600500][T19927] FAT-fs (loop2): Can't find a valid FAT filesystem [ 779.619778][ T28] audit: type=1804 audit(1590300834.610:282): pid=19927 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir182037091/syzkaller.fFo22x/413/file0/bus" dev="sda1" ino=16235 res=1 06:13:54 executing program 1: [ 779.718772][ T28] audit: type=1804 audit(1590300834.710:283): pid=19936 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir182037091/syzkaller.fFo22x/413/file0/bus" dev="sda1" ino=16235 res=1 06:13:54 executing program 1: 06:13:54 executing program 1: 06:13:55 executing program 1: 06:13:57 executing program 5: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r2, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {&(0x7f00000003c0)=""/102385, 0x18ff1}], 0x2, 0x0, 0x0, 0x0) tkill(r2, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @ext={0x2a, &(0x7f00000193c0)="f7f258480aa42220e779e70076cc036a2a160500000032a56f7259e480249950f34c6aa172903acab906"}}], 0x1c) ptrace$setregs(0xd, r2, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r2, 0x0, 0x0) 06:13:57 executing program 1: 06:13:57 executing program 0: sendmmsg$inet(0xffffffffffffffff, &(0x7f0000000080)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0, 0xfffffd6b, &(0x7f0000000380)}}], 0x2, 0x0) r0 = gettid() prctl$PR_SET_PTRACER(0x59616d61, r0) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000740)="0f34", 0x2}], 0x1, 0x0) ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f00000000c0)={@mcast2, 0xe}) ptrace$setopts(0x4206, r1, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {&(0x7f0000000140)=""/71, 0x47}], 0x2, 0x0, 0x0, 0x0) tkill(r1, 0x3c) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r1, 0x0, 0x0) 06:13:57 executing program 2: prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setattr(r0, 0x0, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x9}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sched_setattr(0x0, &(0x7f0000000180)={0x38, 0x1, 0x0, 0x0, 0x3}, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000000200)="eb3c906d6b66732e666174000204010002000270ff", 0x15}], 0x0, 0x0) r2 = open(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) fchdir(r2) r3 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ftruncate(r3, 0x800) lseek(r3, 0x0, 0x2) r4 = open(&(0x7f0000001840)='./bus\x00', 0x80, 0x0) sendfile(r3, r4, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0xa0) 06:13:57 executing program 1: 06:13:57 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102385, 0x18ff1}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x0, 0x0}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 06:13:57 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102385, 0x18ff1}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0xfd, &(0x7f00000193c0)="f7f258480aa4ce20d179e70076cc036a2a1605000000320800000000000000a172903acab90671ffbb70cef20d945aa586d65a3d7f02224c14f1bdd7d464089414700000000000d384d29308f038cb863cce9acc92b74162953f799a801e4f0a49bd983a793d0f756d427b702ca97d7ba31392f173f30271fa144340a90d74208ee26834d00e37642d03645ffbe9e50affba1233832cbf4882a813cb286fcf95f9db2dd885905284f167992356c7667b5f2e5dddb33f7b43e9988f2c5ebe21e47dc96e22e3d9b9a00a153f2534b2302c88a1d58ac9defdb908981b674ae9470a1a00c47bcc6f9b2d875f101167322be2bfef76a9d17317abc90ab10880"}}], 0x1c) ptrace$setregs(0xd, 0x0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 06:13:57 executing program 1: 06:13:57 executing program 1: [ 782.669461][T19972] FAT-fs (loop2): invalid media value (0x00) [ 782.681420][T19972] FAT-fs (loop2): Can't find a valid FAT filesystem 06:13:57 executing program 1: [ 782.781937][ T28] audit: type=1804 audit(1590300837.780:284): pid=19972 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir182037091/syzkaller.fFo22x/414/file0/bus" dev="sda1" ino=16258 res=1 06:13:57 executing program 1: [ 782.864211][ T28] audit: type=1804 audit(1590300837.860:285): pid=19983 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir182037091/syzkaller.fFo22x/414/file0/bus" dev="sda1" ino=16258 res=1 06:13:57 executing program 1: 06:14:00 executing program 5: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r2, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {&(0x7f00000003c0)=""/102385, 0x18ff1}], 0x2, 0x0, 0x0, 0x0) tkill(r2, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @ext={0x2a, &(0x7f00000193c0)="f7f258480aa42220e779e70076cc036a2a160500000032a56f7259e480249950f34c6aa172903acab906"}}], 0x1c) ptrace$setregs(0xd, r2, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r2, 0x0, 0x0) 06:14:00 executing program 1: 06:14:00 executing program 0: sendmmsg$inet(0xffffffffffffffff, &(0x7f0000000080)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0, 0xfffffd6b, &(0x7f0000000380)}}], 0x2, 0x0) r0 = gettid() prctl$PR_SET_PTRACER(0x59616d61, r0) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000740)="0f34", 0x2}], 0x1, 0x0) ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f00000000c0)={@mcast2, 0xe}) ptrace$setopts(0x4206, r1, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {&(0x7f0000000140)=""/71, 0x47}], 0x2, 0x0, 0x0, 0x0) tkill(r1, 0x3c) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r1, 0x0, 0x0) 06:14:00 executing program 2: prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setattr(r0, 0x0, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x9}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sched_setattr(0x0, &(0x7f0000000180)={0x38, 0x1, 0x0, 0x0, 0x3}, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000000200)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r2 = open(0x0, 0x0, 0x0) fchdir(r2) r3 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ftruncate(r3, 0x800) lseek(r3, 0x0, 0x2) r4 = open(&(0x7f0000001840)='./bus\x00', 0x80, 0x0) sendfile(r3, r4, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0xa0) 06:14:00 executing program 1: 06:14:00 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102385, 0x18ff1}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0xfd, &(0x7f00000193c0)="f7f258480aa4ce20d179e70076cc036a2a1605000000320800000000000000a172903acab90671ffbb70cef20d945aa586d65a3d7f02224c14f1bdd7d464089414700000000000d384d29308f038cb863cce9acc92b74162953f799a801e4f0a49bd983a793d0f756d427b702ca97d7ba31392f173f30271fa144340a90d74208ee26834d00e37642d03645ffbe9e50affba1233832cbf4882a813cb286fcf95f9db2dd885905284f167992356c7667b5f2e5dddb33f7b43e9988f2c5ebe21e47dc96e22e3d9b9a00a153f2534b2302c88a1d58ac9defdb908981b674ae9470a1a00c47bcc6f9b2d875f101167322be2bfef76a9d17317abc90ab10880"}}], 0x1c) ptrace$setregs(0xd, 0x0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 06:14:00 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102385, 0x18ff1}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x0, &(0x7f00000193c0)}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 06:14:00 executing program 1: [ 785.777812][ T28] audit: type=1804 audit(1590300840.771:286): pid=20016 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir182037091/syzkaller.fFo22x/415/bus" dev="sda1" ino=16266 res=1 06:14:00 executing program 1: [ 785.832627][ T28] audit: type=1804 audit(1590300840.831:287): pid=20020 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir182037091/syzkaller.fFo22x/415/bus" dev="sda1" ino=16266 res=1 06:14:00 executing program 1: 06:14:01 executing program 1: 06:14:01 executing program 1: 06:14:03 executing program 1: 06:14:03 executing program 5: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r2, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {&(0x7f00000003c0)=""/102385, 0x18ff1}], 0x2, 0x0, 0x0, 0x0) tkill(r2, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @ext={0x2a, &(0x7f00000193c0)="f7f258480aa42220e779e70076cc036a2a160500000032a56f7259e480249950f34c6aa172903acab906"}}], 0x1c) ptrace$setregs(0xd, r2, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r2, 0x0, 0x0) 06:14:03 executing program 2: prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setattr(r0, 0x0, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x9}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sched_setattr(0x0, &(0x7f0000000180)={0x38, 0x1, 0x0, 0x0, 0x3}, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000000200)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r2 = open(0x0, 0x0, 0x0) fchdir(r2) r3 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ftruncate(r3, 0x800) lseek(r3, 0x0, 0x2) r4 = open(&(0x7f0000001840)='./bus\x00', 0x80, 0x0) sendfile(r3, r4, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0xa0) 06:14:03 executing program 0: sendmmsg$inet(0xffffffffffffffff, &(0x7f0000000080)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0, 0xfffffd6b, &(0x7f0000000380)}}], 0x2, 0x0) r0 = gettid() prctl$PR_SET_PTRACER(0x59616d61, r0) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000740)="0f34", 0x2}], 0x1, 0x0) ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f00000000c0)={@mcast2, 0xe}) ptrace$setopts(0x4206, r1, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {&(0x7f0000000140)=""/71, 0x47}], 0x2, 0x0, 0x0, 0x0) tkill(r1, 0x3c) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r1, 0x0, 0x0) 06:14:03 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102385, 0x18ff1}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0xfd, &(0x7f00000193c0)="f7f258480aa4ce20d179e70076cc036a2a1605000000320800000000000000a172903acab90671ffbb70cef20d945aa586d65a3d7f02224c14f1bdd7d464089414700000000000d384d29308f038cb863cce9acc92b74162953f799a801e4f0a49bd983a793d0f756d427b702ca97d7ba31392f173f30271fa144340a90d74208ee26834d00e37642d03645ffbe9e50affba1233832cbf4882a813cb286fcf95f9db2dd885905284f167992356c7667b5f2e5dddb33f7b43e9988f2c5ebe21e47dc96e22e3d9b9a00a153f2534b2302c88a1d58ac9defdb908981b674ae9470a1a00c47bcc6f9b2d875f101167322be2bfef76a9d17317abc90ab10880"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, 0x0) ptrace$cont(0x7, r0, 0x0, 0x0) 06:14:03 executing program 1: 06:14:03 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102385, 0x18ff1}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x0, &(0x7f00000193c0)}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 06:14:03 executing program 1: 06:14:03 executing program 1: [ 788.885540][ T28] audit: type=1804 audit(1590300843.881:288): pid=20056 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir182037091/syzkaller.fFo22x/416/bus" dev="sda1" ino=16260 res=1 [ 788.965028][ T28] audit: type=1804 audit(1590300843.961:289): pid=20064 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir182037091/syzkaller.fFo22x/416/bus" dev="sda1" ino=16260 res=1 06:14:04 executing program 1: 06:14:04 executing program 1: 06:14:04 executing program 1: 06:14:04 executing program 1: 06:14:06 executing program 5: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r2, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {&(0x7f00000003c0)=""/102385, 0x18ff1}], 0x2, 0x0, 0x0, 0x0) tkill(r2, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @ext={0x2a, &(0x7f00000193c0)="f7f258480aa42220e779e70076cc036a2a160500000032a56f7259e480249950f34c6aa172903acab906"}}], 0x1c) ptrace$setregs(0xd, r2, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r2, 0x0, 0x0) 06:14:06 executing program 1: 06:14:06 executing program 0: sendmmsg$inet(0xffffffffffffffff, &(0x7f0000000080)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0, 0xfffffd6b, &(0x7f0000000380)}}], 0x2, 0x0) r0 = gettid() prctl$PR_SET_PTRACER(0x59616d61, r0) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000740)="0f34", 0x2}], 0x1, 0x0) ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f00000000c0)={@mcast2, 0xe}) ptrace$setopts(0x4206, r1, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {&(0x7f0000000140)=""/71, 0x47}], 0x2, 0x0, 0x0, 0x0) tkill(r1, 0x3c) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r1, 0x0, 0x0) 06:14:06 executing program 2: prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setattr(r0, 0x0, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x9}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sched_setattr(0x0, &(0x7f0000000180)={0x38, 0x1, 0x0, 0x0, 0x3}, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000000200)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r2 = open(0x0, 0x0, 0x0) fchdir(r2) r3 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ftruncate(r3, 0x800) lseek(r3, 0x0, 0x2) r4 = open(&(0x7f0000001840)='./bus\x00', 0x80, 0x0) sendfile(r3, r4, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0xa0) 06:14:06 executing program 1: 06:14:06 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102385, 0x18ff1}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x0, &(0x7f00000193c0)}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 06:14:06 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102385, 0x18ff1}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0xfd, &(0x7f00000193c0)="f7f258480aa4ce20d179e70076cc036a2a1605000000320800000000000000a172903acab90671ffbb70cef20d945aa586d65a3d7f02224c14f1bdd7d464089414700000000000d384d29308f038cb863cce9acc92b74162953f799a801e4f0a49bd983a793d0f756d427b702ca97d7ba31392f173f30271fa144340a90d74208ee26834d00e37642d03645ffbe9e50affba1233832cbf4882a813cb286fcf95f9db2dd885905284f167992356c7667b5f2e5dddb33f7b43e9988f2c5ebe21e47dc96e22e3d9b9a00a153f2534b2302c88a1d58ac9defdb908981b674ae9470a1a00c47bcc6f9b2d875f101167322be2bfef76a9d17317abc90ab10880"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, 0x0) ptrace$cont(0x7, r0, 0x0, 0x0) 06:14:06 executing program 1: 06:14:07 executing program 1: [ 791.954181][ T28] audit: type=1804 audit(1590300846.951:290): pid=20101 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir182037091/syzkaller.fFo22x/417/bus" dev="sda1" ino=16285 res=1 [ 792.048181][ T28] audit: type=1804 audit(1590300847.041:291): pid=20107 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir182037091/syzkaller.fFo22x/417/bus" dev="sda1" ino=16285 res=1 06:14:07 executing program 1: 06:14:07 executing program 1: 06:14:07 executing program 1: 06:14:09 executing program 5: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r2, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {&(0x7f00000003c0)=""/102385, 0x18ff1}], 0x2, 0x0, 0x0, 0x0) tkill(r2, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @ext={0x2a, &(0x7f00000193c0)="f7f258480aa42220e779e70076cc036a2a160500000032a56f7259e480249950f34c6aa172903acab906"}}], 0x1c) ptrace$setregs(0xd, r2, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r2, 0x0, 0x0) 06:14:09 executing program 1: 06:14:09 executing program 0: sendmmsg$inet(0xffffffffffffffff, &(0x7f0000000080)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0, 0xfffffd6b, &(0x7f0000000380)}}], 0x2, 0x0) r0 = gettid() prctl$PR_SET_PTRACER(0x59616d61, r0) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000740)="0f34", 0x2}], 0x1, 0x0) ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f00000000c0)={@mcast2, 0xe}) ptrace$setopts(0x4206, r1, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {&(0x7f0000000140)=""/71, 0x47}], 0x2, 0x0, 0x0, 0x0) tkill(r1, 0x3c) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r1, 0x0, 0x0) 06:14:09 executing program 2: prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setattr(r0, 0x0, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x9}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sched_setattr(0x0, &(0x7f0000000180)={0x38, 0x1, 0x0, 0x0, 0x3}, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000000200)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) open(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) fchdir(0xffffffffffffffff) r2 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ftruncate(r2, 0x800) lseek(r2, 0x0, 0x2) r3 = open(&(0x7f0000001840)='./bus\x00', 0x80, 0x0) sendfile(r2, r3, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0xa0) 06:14:09 executing program 1: 06:14:09 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102385, 0x18ff1}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0xfd, &(0x7f00000193c0)="f7f258480aa4ce20d179e70076cc036a2a1605000000320800000000000000a172903acab90671ffbb70cef20d945aa586d65a3d7f02224c14f1bdd7d464089414700000000000d384d29308f038cb863cce9acc92b74162953f799a801e4f0a49bd983a793d0f756d427b702ca97d7ba31392f173f30271fa144340a90d74208ee26834d00e37642d03645ffbe9e50affba1233832cbf4882a813cb286fcf95f9db2dd885905284f167992356c7667b5f2e5dddb33f7b43e9988f2c5ebe21e47dc96e22e3d9b9a00a153f2534b2302c88a1d58ac9defdb908981b674ae9470a1a00c47bcc6f9b2d875f101167322be2bfef76a9d17317abc90ab10880"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, 0x0) ptrace$cont(0x7, r0, 0x0, 0x0) 06:14:09 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102385, 0x18ff1}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x94, &(0x7f00000193c0)="f7f258480aa4ce20d179e70076cc036a2a1605000000320800000000000000a172903acab90671ffbb70cef20d945aa586d65a3d7f02224c14f1bdd7d464089414700000000000d384d29308f038cb863cce9acc92b74162953f799a801e4f0a49bd983a793d0f756d427b702ca97d7ba31392f173f30271fa144340a90d74208ee26834d00e37642d03645ffbe9e50affba1233"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 06:14:09 executing program 1: 06:14:10 executing program 1: [ 795.034816][ T28] audit: type=1804 audit(1590300850.031:292): pid=20137 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir182037091/syzkaller.fFo22x/418/bus" dev="sda1" ino=16297 res=1 [ 795.084004][ T28] audit: type=1804 audit(1590300850.081:293): pid=20147 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir182037091/syzkaller.fFo22x/418/bus" dev="sda1" ino=16297 res=1 06:14:10 executing program 1: 06:14:10 executing program 1: 06:14:10 executing program 1: 06:14:12 executing program 5: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r2, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {&(0x7f00000003c0)=""/102385, 0x18ff1}], 0x2, 0x0, 0x0, 0x0) tkill(r2, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @ext={0x2a, &(0x7f00000193c0)="f7f258480aa42220e779e70076cc036a2a160500000032a56f7259e480249950f34c6aa172903acab906"}}], 0x1c) ptrace$setregs(0xd, r2, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r2, 0x0, 0x0) 06:14:12 executing program 1: 06:14:12 executing program 2: prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setattr(r0, 0x0, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x9}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sched_setattr(0x0, &(0x7f0000000180)={0x38, 0x1, 0x0, 0x0, 0x3}, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000000200)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) open(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) fchdir(0xffffffffffffffff) r2 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ftruncate(r2, 0x800) lseek(r2, 0x0, 0x2) r3 = open(&(0x7f0000001840)='./bus\x00', 0x80, 0x0) sendfile(r2, r3, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0xa0) 06:14:12 executing program 0: sendmmsg$inet(0xffffffffffffffff, &(0x7f0000000080)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0, 0xfffffd6b, &(0x7f0000000380)}}], 0x2, 0x0) r0 = gettid() prctl$PR_SET_PTRACER(0x59616d61, r0) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000740)="0f34", 0x2}], 0x1, 0x0) ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f00000000c0)={@mcast2, 0xe}) ptrace$setopts(0x4206, r1, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000140)=""/71, 0x47}], 0x3, 0x0, 0x0, 0x0) tkill(0x0, 0x3c) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r1, 0x0, 0x0) 06:14:12 executing program 1: 06:14:13 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102385, 0x18ff1}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0xfd, &(0x7f00000193c0)="f7f258480aa4ce20d179e70076cc036a2a1605000000320800000000000000a172903acab90671ffbb70cef20d945aa586d65a3d7f02224c14f1bdd7d464089414700000000000d384d29308f038cb863cce9acc92b74162953f799a801e4f0a49bd983a793d0f756d427b702ca97d7ba31392f173f30271fa144340a90d74208ee26834d00e37642d03645ffbe9e50affba1233832cbf4882a813cb286fcf95f9db2dd885905284f167992356c7667b5f2e5dddb33f7b43e9988f2c5ebe21e47dc96e22e3d9b9a00a153f2534b2302c88a1d58ac9defdb908981b674ae9470a1a00c47bcc6f9b2d875f101167322be2bfef76a9d17317abc90ab10880"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0xffffffffffffffff, r0, 0x0, 0x0) 06:14:13 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102385, 0x18ff1}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x94, &(0x7f00000193c0)="f7f258480aa4ce20d179e70076cc036a2a1605000000320800000000000000a172903acab90671ffbb70cef20d945aa586d65a3d7f02224c14f1bdd7d464089414700000000000d384d29308f038cb863cce9acc92b74162953f799a801e4f0a49bd983a793d0f756d427b702ca97d7ba31392f173f30271fa144340a90d74208ee26834d00e37642d03645ffbe9e50affba1233"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 06:14:13 executing program 1: 06:14:13 executing program 1: [ 798.111920][ T28] audit: type=1804 audit(1590300853.111:294): pid=20180 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir182037091/syzkaller.fFo22x/419/bus" dev="sda1" ino=16307 res=1 06:14:13 executing program 1: [ 798.192445][ T28] audit: type=1804 audit(1590300853.191:295): pid=20190 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir182037091/syzkaller.fFo22x/419/bus" dev="sda1" ino=16307 res=1 06:14:13 executing program 1: 06:14:13 executing program 1: 06:14:15 executing program 5: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r2, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102385, 0x18ff1}], 0x3, 0x0, 0x0, 0x0) tkill(0x0, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @ext={0x2a, &(0x7f00000193c0)="f7f258480aa42220e779e70076cc036a2a160500000032a56f7259e480249950f34c6aa172903acab906"}}], 0x1c) ptrace$setregs(0xd, r2, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r2, 0x0, 0x0) 06:14:15 executing program 1: 06:14:15 executing program 2: prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setattr(r0, 0x0, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x9}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sched_setattr(0x0, &(0x7f0000000180)={0x38, 0x1, 0x0, 0x0, 0x3}, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000000200)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) open(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) fchdir(0xffffffffffffffff) r2 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ftruncate(r2, 0x800) lseek(r2, 0x0, 0x2) r3 = open(&(0x7f0000001840)='./bus\x00', 0x80, 0x0) sendfile(r2, r3, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0xa0) [ 800.408474][ T28] audit: type=1804 audit(1590300855.401:296): pid=20212 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir182037091/syzkaller.fFo22x/420/bus" dev="sda1" ino=16308 res=1 [ 800.472815][ T28] audit: type=1804 audit(1590300855.461:297): pid=20215 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir182037091/syzkaller.fFo22x/420/bus" dev="sda1" ino=16308 res=1 06:14:16 executing program 0: sendmmsg$inet(0xffffffffffffffff, &(0x7f0000000080)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0, 0xfffffd6b, &(0x7f0000000380)}}], 0x2, 0x0) r0 = gettid() prctl$PR_SET_PTRACER(0x59616d61, r0) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000740)="0f34", 0x2}], 0x1, 0x0) ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f00000000c0)={@mcast2, 0xe}) ptrace$setopts(0x4206, r1, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000140)=""/71, 0x47}], 0x3, 0x0, 0x0, 0x0) tkill(0x0, 0x3c) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r1, 0x0, 0x0) 06:14:16 executing program 1: 06:14:16 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102385, 0x18ff1}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0xfd, &(0x7f00000193c0)="f7f258480aa4ce20d179e70076cc036a2a1605000000320800000000000000a172903acab90671ffbb70cef20d945aa586d65a3d7f02224c14f1bdd7d464089414700000000000d384d29308f038cb863cce9acc92b74162953f799a801e4f0a49bd983a793d0f756d427b702ca97d7ba31392f173f30271fa144340a90d74208ee26834d00e37642d03645ffbe9e50affba1233832cbf4882a813cb286fcf95f9db2dd885905284f167992356c7667b5f2e5dddb33f7b43e9988f2c5ebe21e47dc96e22e3d9b9a00a153f2534b2302c88a1d58ac9defdb908981b674ae9470a1a00c47bcc6f9b2d875f101167322be2bfef76a9d17317abc90ab10880"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0xffffffffffffffff, r0, 0x0, 0x0) 06:14:16 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102385, 0x18ff1}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x94, &(0x7f00000193c0)="f7f258480aa4ce20d179e70076cc036a2a1605000000320800000000000000a172903acab90671ffbb70cef20d945aa586d65a3d7f02224c14f1bdd7d464089414700000000000d384d29308f038cb863cce9acc92b74162953f799a801e4f0a49bd983a793d0f756d427b702ca97d7ba31392f173f30271fa144340a90d74208ee26834d00e37642d03645ffbe9e50affba1233"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 06:14:16 executing program 1: 06:14:16 executing program 1: 06:14:16 executing program 2: prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setattr(r0, 0x0, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x9}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sched_setattr(0x0, &(0x7f0000000180)={0x38, 0x1, 0x0, 0x0, 0x3}, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000000200)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r2 = open(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) fchdir(r2) r3 = creat(0x0, 0x0) ftruncate(r3, 0x800) lseek(r3, 0x0, 0x2) r4 = open(&(0x7f0000001840)='./bus\x00', 0x80, 0x0) sendfile(r3, r4, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0xa0) 06:14:16 executing program 1: 06:14:16 executing program 1: 06:14:18 executing program 5: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r2, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102385, 0x18ff1}], 0x3, 0x0, 0x0, 0x0) tkill(0x0, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @ext={0x2a, &(0x7f00000193c0)="f7f258480aa42220e779e70076cc036a2a160500000032a56f7259e480249950f34c6aa172903acab906"}}], 0x1c) ptrace$setregs(0xd, r2, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r2, 0x0, 0x0) 06:14:18 executing program 1: 06:14:18 executing program 2: prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setattr(r0, 0x0, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x9}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sched_setattr(0x0, &(0x7f0000000180)={0x38, 0x1, 0x0, 0x0, 0x3}, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000000200)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r2 = open(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) fchdir(r2) r3 = creat(0x0, 0x0) ftruncate(r3, 0x800) lseek(r3, 0x0, 0x2) r4 = open(&(0x7f0000001840)='./bus\x00', 0x80, 0x0) sendfile(r3, r4, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0xa0) 06:14:19 executing program 0: sendmmsg$inet(0xffffffffffffffff, &(0x7f0000000080)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0, 0xfffffd6b, &(0x7f0000000380)}}], 0x2, 0x0) r0 = gettid() prctl$PR_SET_PTRACER(0x59616d61, r0) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000740)="0f34", 0x2}], 0x1, 0x0) ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f00000000c0)={@mcast2, 0xe}) ptrace$setopts(0x4206, r1, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000140)=""/71, 0x47}], 0x3, 0x0, 0x0, 0x0) tkill(0x0, 0x3c) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r1, 0x0, 0x0) 06:14:19 executing program 1: 06:14:19 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102385, 0x18ff1}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0xfd, &(0x7f00000193c0)="f7f258480aa4ce20d179e70076cc036a2a1605000000320800000000000000a172903acab90671ffbb70cef20d945aa586d65a3d7f02224c14f1bdd7d464089414700000000000d384d29308f038cb863cce9acc92b74162953f799a801e4f0a49bd983a793d0f756d427b702ca97d7ba31392f173f30271fa144340a90d74208ee26834d00e37642d03645ffbe9e50affba1233832cbf4882a813cb286fcf95f9db2dd885905284f167992356c7667b5f2e5dddb33f7b43e9988f2c5ebe21e47dc96e22e3d9b9a00a153f2534b2302c88a1d58ac9defdb908981b674ae9470a1a00c47bcc6f9b2d875f101167322be2bfef76a9d17317abc90ab10880"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0xffffffffffffffff, r0, 0x0, 0x0) 06:14:19 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102385, 0x18ff1}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0xde, &(0x7f00000193c0)="f7f258480aa4ce20d179e70076cc036a2a1605000000320800000000000000a172903acab90671ffbb70cef20d945aa586d65a3d7f02224c14f1bdd7d464089414700000000000d384d29308f038cb863cce9acc92b74162953f799a801e4f0a49bd983a793d0f756d427b702ca97d7ba31392f173f30271fa144340a90d74208ee26834d00e37642d03645ffbe9e50affba1233832cbf4882a813cb286fcf95f9db2dd885905284f167992356c7667b5f2e5dddb33f7b43e9988f2c5ebe21e47dc96e22e3d9b9a00a153f2534b2302c88a1d58ac9defdb908981b674ae9"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 06:14:19 executing program 1: 06:14:19 executing program 2: prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setattr(r0, 0x0, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x9}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sched_setattr(0x0, &(0x7f0000000180)={0x38, 0x1, 0x0, 0x0, 0x3}, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000000200)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r2 = open(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) fchdir(r2) r3 = creat(0x0, 0x0) ftruncate(r3, 0x800) lseek(r3, 0x0, 0x2) r4 = open(&(0x7f0000001840)='./bus\x00', 0x80, 0x0) sendfile(r3, r4, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0xa0) 06:14:19 executing program 1: 06:14:19 executing program 1: 06:14:19 executing program 1: 06:14:21 executing program 5: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r2, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102385, 0x18ff1}], 0x3, 0x0, 0x0, 0x0) tkill(0x0, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @ext={0x2a, &(0x7f00000193c0)="f7f258480aa42220e779e70076cc036a2a160500000032a56f7259e480249950f34c6aa172903acab906"}}], 0x1c) ptrace$setregs(0xd, r2, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r2, 0x0, 0x0) 06:14:21 executing program 1: 06:14:21 executing program 2: prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setattr(r0, 0x0, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x9}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sched_setattr(0x0, &(0x7f0000000180)={0x38, 0x1, 0x0, 0x0, 0x3}, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000000200)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r2 = open(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) fchdir(r2) r3 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ftruncate(0xffffffffffffffff, 0x800) lseek(r3, 0x0, 0x2) r4 = open(&(0x7f0000001840)='./bus\x00', 0x80, 0x0) sendfile(r3, r4, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0xa0) [ 806.533354][ T28] audit: type=1804 audit(1590300861.532:298): pid=20306 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir182037091/syzkaller.fFo22x/424/file0/bus" dev="loop2" ino=138 res=1 [ 806.566740][ T28] audit: type=1804 audit(1590300861.562:299): pid=20306 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir182037091/syzkaller.fFo22x/424/file0/bus" dev="loop2" ino=138 res=1 06:14:22 executing program 0: sendmmsg$inet(0xffffffffffffffff, &(0x7f0000000080)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0, 0xfffffd6b, &(0x7f0000000380)}}], 0x2, 0x0) r0 = gettid() prctl$PR_SET_PTRACER(0x59616d61, r0) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000740)="0f34", 0x2}], 0x1, 0x0) ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f00000000c0)={@mcast2, 0xe}) ptrace$setopts(0x4206, r1, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000140)=""/71, 0x47}], 0x3, 0x0, 0x0, 0x0) tkill(r1, 0x0) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r1, 0x0, 0x0) 06:14:22 executing program 1: 06:14:22 executing program 1: 06:14:22 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102385, 0x18ff1}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0xde, &(0x7f00000193c0)="f7f258480aa4ce20d179e70076cc036a2a1605000000320800000000000000a172903acab90671ffbb70cef20d945aa586d65a3d7f02224c14f1bdd7d464089414700000000000d384d29308f038cb863cce9acc92b74162953f799a801e4f0a49bd983a793d0f756d427b702ca97d7ba31392f173f30271fa144340a90d74208ee26834d00e37642d03645ffbe9e50affba1233832cbf4882a813cb286fcf95f9db2dd885905284f167992356c7667b5f2e5dddb33f7b43e9988f2c5ebe21e47dc96e22e3d9b9a00a153f2534b2302c88a1d58ac9defdb908981b674ae9"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 06:14:22 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102385, 0x18ff1}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0xfd, &(0x7f00000193c0)="f7f258480aa4ce20d179e70076cc036a2a1605000000320800000000000000a172903acab90671ffbb70cef20d945aa586d65a3d7f02224c14f1bdd7d464089414700000000000d384d29308f038cb863cce9acc92b74162953f799a801e4f0a49bd983a793d0f756d427b702ca97d7ba31392f173f30271fa144340a90d74208ee26834d00e37642d03645ffbe9e50affba1233832cbf4882a813cb286fcf95f9db2dd885905284f167992356c7667b5f2e5dddb33f7b43e9988f2c5ebe21e47dc96e22e3d9b9a00a153f2534b2302c88a1d58ac9defdb908981b674ae9470a1a00c47bcc6f9b2d875f101167322be2bfef76a9d17317abc90ab10880"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, 0x0, 0x0, 0x0) 06:14:22 executing program 2: prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setattr(r0, 0x0, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x9}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sched_setattr(0x0, &(0x7f0000000180)={0x38, 0x1, 0x0, 0x0, 0x3}, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000000200)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r2 = open(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) fchdir(r2) r3 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ftruncate(0xffffffffffffffff, 0x800) lseek(r3, 0x0, 0x2) r4 = open(&(0x7f0000001840)='./bus\x00', 0x80, 0x0) sendfile(r3, r4, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0xa0) 06:14:22 executing program 1: 06:14:22 executing program 1: [ 807.535131][ T28] audit: type=1804 audit(1590300862.532:300): pid=20335 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir182037091/syzkaller.fFo22x/425/file0/bus" dev="loop2" ino=139 res=1 06:14:22 executing program 1: [ 807.600604][ T28] audit: type=1804 audit(1590300862.562:301): pid=20335 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir182037091/syzkaller.fFo22x/425/file0/bus" dev="loop2" ino=139 res=1 06:14:24 executing program 5: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r2, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102385, 0x18ff1}], 0x3, 0x0, 0x0, 0x0) tkill(r2, 0x0) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @ext={0x2a, &(0x7f00000193c0)="f7f258480aa42220e779e70076cc036a2a160500000032a56f7259e480249950f34c6aa172903acab906"}}], 0x1c) ptrace$setregs(0xd, r2, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r2, 0x0, 0x0) 06:14:24 executing program 1: 06:14:24 executing program 2: prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setattr(r0, 0x0, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x9}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sched_setattr(0x0, &(0x7f0000000180)={0x38, 0x1, 0x0, 0x0, 0x3}, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000000200)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r2 = open(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) fchdir(r2) r3 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ftruncate(0xffffffffffffffff, 0x800) lseek(r3, 0x0, 0x2) r4 = open(&(0x7f0000001840)='./bus\x00', 0x80, 0x0) sendfile(r3, r4, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0xa0) [ 809.592208][ T28] audit: type=1804 audit(1590300864.592:302): pid=20351 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir182037091/syzkaller.fFo22x/426/file0/bus" dev="loop2" ino=140 res=1 [ 809.620904][ T28] audit: type=1804 audit(1590300864.592:303): pid=20351 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir182037091/syzkaller.fFo22x/426/file0/bus" dev="loop2" ino=140 res=1 06:14:25 executing program 0: sendmmsg$inet(0xffffffffffffffff, &(0x7f0000000080)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0, 0xfffffd6b, &(0x7f0000000380)}}], 0x2, 0x0) r0 = gettid() prctl$PR_SET_PTRACER(0x59616d61, r0) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000740)="0f34", 0x2}], 0x1, 0x0) ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f00000000c0)={@mcast2, 0xe}) ptrace$setopts(0x4206, r1, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000140)=""/71, 0x47}], 0x3, 0x0, 0x0, 0x0) tkill(r1, 0x0) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r1, 0x0, 0x0) 06:14:25 executing program 1: 06:14:25 executing program 5: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r2, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102385, 0x18ff1}], 0x3, 0x0, 0x0, 0x0) tkill(r2, 0x0) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @ext={0x2a, &(0x7f00000193c0)="f7f258480aa42220e779e70076cc036a2a160500000032a56f7259e480249950f34c6aa172903acab906"}}], 0x1c) ptrace$setregs(0xd, r2, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r2, 0x0, 0x0) 06:14:25 executing program 1: 06:14:25 executing program 2: prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setattr(r0, 0x0, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x9}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sched_setattr(0x0, &(0x7f0000000180)={0x38, 0x1, 0x0, 0x0, 0x3}, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000000200)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r2 = open(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) fchdir(r2) r3 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ftruncate(r3, 0x0) lseek(r3, 0x0, 0x2) r4 = open(&(0x7f0000001840)='./bus\x00', 0x80, 0x0) sendfile(r3, r4, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0xa0) 06:14:25 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102385, 0x18ff1}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0xde, &(0x7f00000193c0)="f7f258480aa4ce20d179e70076cc036a2a1605000000320800000000000000a172903acab90671ffbb70cef20d945aa586d65a3d7f02224c14f1bdd7d464089414700000000000d384d29308f038cb863cce9acc92b74162953f799a801e4f0a49bd983a793d0f756d427b702ca97d7ba31392f173f30271fa144340a90d74208ee26834d00e37642d03645ffbe9e50affba1233832cbf4882a813cb286fcf95f9db2dd885905284f167992356c7667b5f2e5dddb33f7b43e9988f2c5ebe21e47dc96e22e3d9b9a00a153f2534b2302c88a1d58ac9defdb908981b674ae9"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 06:14:25 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102385, 0x18ff1}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0xfd, &(0x7f00000193c0)="f7f258480aa4ce20d179e70076cc036a2a1605000000320800000000000000a172903acab90671ffbb70cef20d945aa586d65a3d7f02224c14f1bdd7d464089414700000000000d384d29308f038cb863cce9acc92b74162953f799a801e4f0a49bd983a793d0f756d427b702ca97d7ba31392f173f30271fa144340a90d74208ee26834d00e37642d03645ffbe9e50affba1233832cbf4882a813cb286fcf95f9db2dd885905284f167992356c7667b5f2e5dddb33f7b43e9988f2c5ebe21e47dc96e22e3d9b9a00a153f2534b2302c88a1d58ac9defdb908981b674ae9470a1a00c47bcc6f9b2d875f101167322be2bfef76a9d17317abc90ab10880"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, 0x0, 0x0, 0x0) 06:14:25 executing program 1: 06:14:25 executing program 1: [ 810.610500][ T28] audit: type=1804 audit(1590300865.612:304): pid=20380 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir182037091/syzkaller.fFo22x/427/file0/bus" dev="loop2" ino=141 res=1 [ 810.714588][ T28] audit: type=1804 audit(1590300865.612:305): pid=20380 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir182037091/syzkaller.fFo22x/427/file0/bus" dev="loop2" ino=141 res=1 06:14:25 executing program 1: 06:14:25 executing program 1: 06:14:25 executing program 1: 06:14:28 executing program 1: 06:14:28 executing program 2: prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setattr(r0, 0x0, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x9}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sched_setattr(0x0, &(0x7f0000000180)={0x38, 0x1, 0x0, 0x0, 0x3}, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000000200)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r2 = open(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) fchdir(r2) r3 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ftruncate(r3, 0x0) lseek(r3, 0x0, 0x2) r4 = open(&(0x7f0000001840)='./bus\x00', 0x80, 0x0) sendfile(r3, r4, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0xa0) 06:14:28 executing program 5: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r2, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102385, 0x18ff1}], 0x3, 0x0, 0x0, 0x0) tkill(r2, 0x0) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @ext={0x2a, &(0x7f00000193c0)="f7f258480aa42220e779e70076cc036a2a160500000032a56f7259e480249950f34c6aa172903acab906"}}], 0x1c) ptrace$setregs(0xd, r2, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r2, 0x0, 0x0) 06:14:28 executing program 0: sendmmsg$inet(0xffffffffffffffff, &(0x7f0000000080)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0, 0xfffffd6b, &(0x7f0000000380)}}], 0x2, 0x0) r0 = gettid() prctl$PR_SET_PTRACER(0x59616d61, r0) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000740)="0f34", 0x2}], 0x1, 0x0) ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f00000000c0)={@mcast2, 0xe}) ptrace$setopts(0x4206, r1, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000140)=""/71, 0x47}], 0x3, 0x0, 0x0, 0x0) tkill(r1, 0x0) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r1, 0x0, 0x0) 06:14:28 executing program 1: [ 813.422095][ T28] audit: type=1804 audit(1590300868.412:306): pid=20407 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir182037091/syzkaller.fFo22x/428/file0/bus" dev="loop2" ino=142 res=1 [ 813.465023][ T28] audit: type=1804 audit(1590300868.412:307): pid=20407 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir182037091/syzkaller.fFo22x/428/file0/bus" dev="loop2" ino=142 res=1 06:14:28 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102385, 0x18ff1}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x103, &(0x7f00000193c0)="f7f258480aa4ce20d179e70076cc036a2a1605000000320800000000000000a172903acab90671ffbb70cef20d945aa586d65a3d7f02224c14f1bdd7d464089414700000000000d384d29308f038cb863cce9acc92b74162953f799a801e4f0a49bd983a793d0f756d427b702ca97d7ba31392f173f30271fa144340a90d74208ee26834d00e37642d03645ffbe9e50affba1233832cbf4882a813cb286fcf95f9db2dd885905284f167992356c7667b5f2e5dddb33f7b43e9988f2c5ebe21e47dc96e22e3d9b9a00a153f2534b2302c88a1d58ac9defdb908981b674ae9470a1a00c47bcc6f9b2d875f101167322be2bfef76a9d17317abc90ab10880ef5ae8830538"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 06:14:28 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102385, 0x18ff1}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0xfd, &(0x7f00000193c0)="f7f258480aa4ce20d179e70076cc036a2a1605000000320800000000000000a172903acab90671ffbb70cef20d945aa586d65a3d7f02224c14f1bdd7d464089414700000000000d384d29308f038cb863cce9acc92b74162953f799a801e4f0a49bd983a793d0f756d427b702ca97d7ba31392f173f30271fa144340a90d74208ee26834d00e37642d03645ffbe9e50affba1233832cbf4882a813cb286fcf95f9db2dd885905284f167992356c7667b5f2e5dddb33f7b43e9988f2c5ebe21e47dc96e22e3d9b9a00a153f2534b2302c88a1d58ac9defdb908981b674ae9470a1a00c47bcc6f9b2d875f101167322be2bfef76a9d17317abc90ab10880"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, 0x0, 0x0, 0x0) 06:14:28 executing program 1: perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) setfsgid(0x0) setsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, 0x0, 0x0) r0 = socket$inet(0x10, 0x2, 0xc) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f00000000c0)="24000000040607031dfffd944da2830020200a0009000100061d85680c1baba20462ff7e", 0x24}], 0x1}, 0x0) [ 813.599925][T20418] netlink: 'syz-executor.1': attribute type 1 has an invalid length. [ 813.608108][T20418] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. [ 813.684053][T20418] netlink: 'syz-executor.1': attribute type 1 has an invalid length. [ 813.694484][T20418] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. 06:14:28 executing program 1: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000280)={0x2, 0x4e23, @broadcast}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0xeb}]}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) sendto$inet(r0, &(0x7f00000012c0)="0c268a927f1f6588b967481241ba7860ac5cf65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95425a3a07e758044ab4ea6f7ae55d88fecf93a1a7511bf746bec66ba", 0xfe6a, 0x20c49a, 0x0, 0x27) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) connect(r0, &(0x7f0000000140)=@generic={0x0, "0aac3780e80106026f0f72953bd55097c98633a67eba5bfe0fe905dc54d7a8952cd73c363b90aaf3d36fd153833013c8a6b3943b14e98506b1090e82258a73ef23b3939a5280c1bdab5a62b0c03b8cc03e6e0075100cadc4a114c3826a31abf8f952f25e0e0cac57a8498ce302229d1ca082b713cbc0e128ab405f4a0564"}, 0x80) 06:14:28 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=ANY=[@ANYBLOB="600000000206050000000007100000000000000013000300686173683a6e65742c6966616365000005000400000000000900020073797a300000000005000500020000000500010006000000140007800800064000000000080008"], 0x60}}, 0x0) 06:14:29 executing program 1: r0 = socket$inet(0x2, 0x2, 0x0) ioctl$sock_SIOCDELRT(r0, 0x890c, &(0x7f0000000100)={0x0, @l2tp={0x2, 0x0, @multicast1}, @in={0x2, 0x0, @loopback}, @l2={0x1f, 0x0, @none}, 0x6, 0x0, 0x0, 0x0, 0x78}) 06:14:29 executing program 1: syz_emit_ethernet(0x4e, &(0x7f0000000240)=ANY=[@ANYBLOB="bbbbbbbbbbbbaaaaaaaaaabb8100000086dd"], 0x0) 06:14:29 executing program 2: prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setattr(r0, 0x0, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x9}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sched_setattr(0x0, &(0x7f0000000180)={0x38, 0x1, 0x0, 0x0, 0x3}, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000000200)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r2 = open(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) fchdir(r2) r3 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ftruncate(r3, 0x0) lseek(r3, 0x0, 0x2) r4 = open(&(0x7f0000001840)='./bus\x00', 0x80, 0x0) sendfile(r3, r4, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0xa0) 06:14:29 executing program 1: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup/syz0\x00', 0x200002, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./bus\x00', 0x0) r2 = open(&(0x7f0000000440)='./bus\x00', 0x6500, 0x0) r3 = creat(&(0x7f0000000000)='./bus\x00', 0x0) write$cgroup_type(r3, &(0x7f00000009c0)='threaded\x00', 0xd4ba0ff) dup3(r2, r1, 0x0) io_setup(0x40000000008, &(0x7f0000000240)=0x0) creat(&(0x7f0000000040)='./bus\x00', 0x0) io_submit(r4, 0x8, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, r1, &(0x7f0000000000), 0x200a00}]) [ 814.262400][ T28] audit: type=1804 audit(1590300869.252:308): pid=20447 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir823060754/syzkaller.BH26Mm/483/bus" dev="sda1" ino=16335 res=1 [ 814.309661][ T28] audit: type=1800 audit(1590300869.252:309): pid=20447 uid=0 auid=0 ses=4 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="bus" dev="sda1" ino=16335 res=0 [ 814.438465][ T28] audit: type=1804 audit(1590300869.252:310): pid=20447 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir823060754/syzkaller.BH26Mm/483/bus" dev="sda1" ino=16335 res=1 [ 814.551495][ T28] audit: type=1804 audit(1590300869.392:311): pid=20449 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir182037091/syzkaller.fFo22x/429/file0/bus" dev="loop2" ino=143 res=1 [ 814.579465][ T28] audit: type=1804 audit(1590300869.392:312): pid=20449 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir182037091/syzkaller.fFo22x/429/file0/bus" dev="loop2" ino=143 res=1 [ 814.676955][ T28] audit: type=1804 audit(1590300869.662:313): pid=20455 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir823060754/syzkaller.BH26Mm/483/bus" dev="sda1" ino=16335 res=1 [ 814.746319][ T28] audit: type=1804 audit(1590300869.732:314): pid=20447 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir823060754/syzkaller.BH26Mm/483/bus" dev="sda1" ino=16335 res=1 [ 814.773846][ T28] audit: type=1800 audit(1590300869.732:315): pid=20447 uid=0 auid=0 ses=4 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="bus" dev="sda1" ino=16335 res=0 06:14:31 executing program 0: sendmmsg$inet(0xffffffffffffffff, &(0x7f0000000080)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0, 0xfffffd6b, &(0x7f0000000380)}}], 0x2, 0x0) r0 = gettid() prctl$PR_SET_PTRACER(0x59616d61, r0) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000740)="0f34", 0x2}], 0x1, 0x0) ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f00000000c0)={@mcast2, 0xe}) ptrace$setopts(0x4206, r1, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000140)=""/71, 0x47}], 0x3, 0x0, 0x0, 0x0) tkill(r1, 0x3c) ptrace$setregs(0xffffffffffffffff, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r1, 0x0, 0x0) 06:14:31 executing program 1: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup/syz0\x00', 0x200002, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./bus\x00', 0x0) r2 = open(&(0x7f0000000440)='./bus\x00', 0x6500, 0x0) r3 = creat(&(0x7f0000000000)='./bus\x00', 0x0) write$cgroup_type(r3, &(0x7f00000009c0)='threaded\x00', 0xd4ba0ff) dup3(r2, r1, 0x0) io_setup(0x40000000008, &(0x7f0000000240)=0x0) creat(&(0x7f0000000040)='./bus\x00', 0x0) io_submit(r4, 0x8, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, r1, &(0x7f0000000000), 0x200a00}]) 06:14:31 executing program 2: prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setattr(r0, 0x0, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x9}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sched_setattr(0x0, &(0x7f0000000180)={0x38, 0x1, 0x0, 0x0, 0x3}, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000000200)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r2 = open(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) fchdir(r2) r3 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ftruncate(r3, 0x800) lseek(0xffffffffffffffff, 0x0, 0x2) r4 = open(&(0x7f0000001840)='./bus\x00', 0x80, 0x0) sendfile(r3, r4, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0xa0) 06:14:31 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102385, 0x18ff1}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x103, &(0x7f00000193c0)="f7f258480aa4ce20d179e70076cc036a2a1605000000320800000000000000a172903acab90671ffbb70cef20d945aa586d65a3d7f02224c14f1bdd7d464089414700000000000d384d29308f038cb863cce9acc92b74162953f799a801e4f0a49bd983a793d0f756d427b702ca97d7ba31392f173f30271fa144340a90d74208ee26834d00e37642d03645ffbe9e50affba1233832cbf4882a813cb286fcf95f9db2dd885905284f167992356c7667b5f2e5dddb33f7b43e9988f2c5ebe21e47dc96e22e3d9b9a00a153f2534b2302c88a1d58ac9defdb908981b674ae9470a1a00c47bcc6f9b2d875f101167322be2bfef76a9d17317abc90ab10880ef5ae8830538"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 06:14:31 executing program 5: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r2, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102385, 0x18ff1}], 0x3, 0x0, 0x0, 0x0) tkill(r2, 0x40) write$sndseq(0xffffffffffffffff, 0x0, 0x0) ptrace$setregs(0xd, r2, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r2, 0x0, 0x0) 06:14:31 executing program 3: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz0\x00', 0x1ff) mount$fuse(0x20000000, &(0x7f0000000040)='./file0\x00', 0x0, 0x7a00, 0x0) chdir(&(0x7f0000000440)='./file0\x00') r0 = creat(&(0x7f0000000100)='./bus\x00', 0x0) r1 = creat(&(0x7f00000000c0)='./bus\x00', 0x0) ftruncate(r1, 0x2081fc) r2 = open(&(0x7f0000000440)='./bus\x00', 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) dup3(r2, r0, 0x0) io_setup(0x40000000008, &(0x7f0000000240)=0x0) io_submit(r5, 0x8, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, r0, &(0x7f0000000000), 0x200a00}]) 06:14:31 executing program 3: r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ppp\x00', 0x0, 0x0) ioctl$EVIOCGPROP(r0, 0xc004743e, &(0x7f0000000440)=""/246) 06:14:32 executing program 3: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz0\x00', 0x1ff) mount$fuse(0x20000000, &(0x7f0000000040)='./file0\x00', 0x0, 0x7a00, 0x0) chdir(&(0x7f0000000440)='./file0\x00') r0 = creat(&(0x7f0000000100)='./bus\x00', 0x0) r1 = creat(&(0x7f00000000c0)='./bus\x00', 0x0) ftruncate(r1, 0x2081fc) r2 = open(&(0x7f0000000440)='./bus\x00', 0x4d00, 0x0) r3 = open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0) truncate(&(0x7f0000000140)='./bus\x00', 0x904) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = dup(r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x800002, 0x11, r3, 0x0) dup3(r2, r0, 0x0) io_setup(0x40000000008, &(0x7f0000000240)=0x0) io_submit(r6, 0x8, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, r0, &(0x7f0000000000), 0x200a00}]) 06:14:32 executing program 1: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup/syz0\x00', 0x200002, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./bus\x00', 0x0) r2 = open(&(0x7f0000000440)='./bus\x00', 0x6500, 0x0) r3 = creat(&(0x7f0000000000)='./bus\x00', 0x0) write$cgroup_type(r3, &(0x7f00000009c0)='threaded\x00', 0xd4ba0ff) dup3(r2, r1, 0x0) io_setup(0x40000000008, &(0x7f0000000240)=0x0) creat(&(0x7f0000000040)='./bus\x00', 0x0) io_submit(r4, 0x8, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, r1, &(0x7f0000000000), 0x200a00}]) 06:14:32 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) sendmsg$AUDIT_SET(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x34, 0x3e9, 0x0, 0x0, 0x0, {0x60}}, 0x34}}, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)}, {&(0x7f0000000000)="0832f497d38350418e4bb321019511dc5df26e9a0b90cb6974f527cc14538d1efb1ffe03284f6d33265be9c604c893f20e96beeb2aa4c457ac37a3a3f1ce8682500fcecd80", 0x45}], 0x2, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x33) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 06:14:32 executing program 2: prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setattr(r0, 0x0, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x9}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sched_setattr(0x0, &(0x7f0000000180)={0x38, 0x1, 0x0, 0x0, 0x3}, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000000200)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r2 = open(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) fchdir(r2) r3 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ftruncate(r3, 0x800) lseek(0xffffffffffffffff, 0x0, 0x2) r4 = open(&(0x7f0000001840)='./bus\x00', 0x80, 0x0) sendfile(r3, r4, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0xa0) 06:14:32 executing program 1: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup/syz0\x00', 0x200002, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./bus\x00', 0x0) r2 = open(&(0x7f0000000440)='./bus\x00', 0x6500, 0x0) r3 = creat(&(0x7f0000000000)='./bus\x00', 0x0) write$cgroup_type(r3, &(0x7f00000009c0)='threaded\x00', 0xd4ba0ff) dup3(r2, r1, 0x0) io_setup(0x40000000008, &(0x7f0000000240)=0x0) creat(&(0x7f0000000040)='./bus\x00', 0x0) io_submit(r4, 0x8, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, r1, &(0x7f0000000000), 0x200a00}]) 06:14:34 executing program 0: sendmmsg$inet(0xffffffffffffffff, &(0x7f0000000080)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0, 0xfffffd6b, &(0x7f0000000380)}}], 0x2, 0x0) r0 = gettid() prctl$PR_SET_PTRACER(0x59616d61, r0) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000740)="0f34", 0x2}], 0x1, 0x0) ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f00000000c0)={@mcast2, 0xe}) ptrace$setopts(0x4206, r1, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000140)=""/71, 0x47}], 0x3, 0x0, 0x0, 0x0) tkill(r1, 0x3c) ptrace$setregs(0xffffffffffffffff, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r1, 0x0, 0x0) 06:14:34 executing program 2: prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setattr(r0, 0x0, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x9}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sched_setattr(0x0, &(0x7f0000000180)={0x38, 0x1, 0x0, 0x0, 0x3}, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000000200)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r2 = open(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) fchdir(r2) r3 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ftruncate(r3, 0x800) lseek(0xffffffffffffffff, 0x0, 0x2) r4 = open(&(0x7f0000001840)='./bus\x00', 0x80, 0x0) sendfile(r3, r4, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0xa0) 06:14:34 executing program 1: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup/syz0\x00', 0x200002, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./bus\x00', 0x0) r2 = open(&(0x7f0000000440)='./bus\x00', 0x6500, 0x0) r3 = creat(&(0x7f0000000000)='./bus\x00', 0x0) write$cgroup_type(r3, &(0x7f00000009c0)='threaded\x00', 0xd4ba0ff) dup3(r2, r1, 0x0) io_setup(0x40000000008, &(0x7f0000000240)) creat(&(0x7f0000000040)='./bus\x00', 0x0) [ 819.509067][ T28] kauditd_printk_skb: 16 callbacks suppressed [ 819.509087][ T28] audit: type=1804 audit(1590300874.502:332): pid=20540 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir823060754/syzkaller.BH26Mm/487/bus" dev="sda1" ino=16383 res=1 [ 819.587139][ T28] audit: type=1800 audit(1590300874.532:333): pid=20540 uid=0 auid=0 ses=4 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="bus" dev="sda1" ino=16383 res=0 [ 819.626609][ T28] audit: type=1804 audit(1590300874.532:334): pid=20540 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir823060754/syzkaller.BH26Mm/487/bus" dev="sda1" ino=16383 res=1 [ 819.684367][ T28] audit: type=1804 audit(1590300874.672:335): pid=20545 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir182037091/syzkaller.fFo22x/432/file0/bus" dev="loop2" ino=146 res=1 [ 819.741849][ T28] audit: type=1804 audit(1590300874.672:336): pid=20545 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir182037091/syzkaller.fFo22x/432/file0/bus" dev="loop2" ino=146 res=1 06:14:34 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102385, 0x18ff1}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x103, &(0x7f00000193c0)="f7f258480aa4ce20d179e70076cc036a2a1605000000320800000000000000a172903acab90671ffbb70cef20d945aa586d65a3d7f02224c14f1bdd7d464089414700000000000d384d29308f038cb863cce9acc92b74162953f799a801e4f0a49bd983a793d0f756d427b702ca97d7ba31392f173f30271fa144340a90d74208ee26834d00e37642d03645ffbe9e50affba1233832cbf4882a813cb286fcf95f9db2dd885905284f167992356c7667b5f2e5dddb33f7b43e9988f2c5ebe21e47dc96e22e3d9b9a00a153f2534b2302c88a1d58ac9defdb908981b674ae9470a1a00c47bcc6f9b2d875f101167322be2bfef76a9d17317abc90ab10880ef5ae8830538"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 06:14:34 executing program 5: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r2, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102385, 0x18ff1}], 0x3, 0x0, 0x0, 0x0) tkill(r2, 0x40) write$sndseq(0xffffffffffffffff, 0x0, 0x0) ptrace$setregs(0xd, r2, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r2, 0x0, 0x0) [ 819.930901][ T28] audit: type=1804 audit(1590300874.922:337): pid=20549 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir823060754/syzkaller.BH26Mm/487/bus" dev="sda1" ino=16383 res=1 06:14:35 executing program 1: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup/syz0\x00', 0x200002, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./bus\x00', 0x0) r2 = open(&(0x7f0000000440)='./bus\x00', 0x6500, 0x0) r3 = creat(&(0x7f0000000000)='./bus\x00', 0x0) write$cgroup_type(r3, &(0x7f00000009c0)='threaded\x00', 0xd4ba0ff) dup3(r2, r1, 0x0) io_setup(0x40000000008, &(0x7f0000000240)) creat(&(0x7f0000000040)='./bus\x00', 0x0) [ 820.167808][ T28] audit: type=1804 audit(1590300875.152:338): pid=20563 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir823060754/syzkaller.BH26Mm/488/bus" dev="sda1" ino=16383 res=1 [ 820.217835][ T28] audit: type=1800 audit(1590300875.152:339): pid=20563 uid=0 auid=0 ses=4 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="bus" dev="sda1" ino=16383 res=0 [ 820.266312][ T28] audit: type=1804 audit(1590300875.162:340): pid=20563 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir823060754/syzkaller.BH26Mm/488/bus" dev="sda1" ino=16383 res=1 06:14:35 executing program 2: prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setattr(r0, 0x0, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x9}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sched_setattr(0x0, &(0x7f0000000180)={0x38, 0x1, 0x0, 0x0, 0x3}, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000000200)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r2 = open(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) fchdir(r2) r3 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ftruncate(r3, 0x800) lseek(r3, 0x0, 0x0) r4 = open(&(0x7f0000001840)='./bus\x00', 0x80, 0x0) sendfile(r3, r4, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0xa0) 06:14:35 executing program 3: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup/syz0\x00', 0x200002, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./bus\x00', 0x0) r2 = open(&(0x7f0000000440)='./bus\x00', 0x6500, 0x0) r3 = creat(&(0x7f0000000000)='./bus\x00', 0x0) write$cgroup_type(r3, &(0x7f00000009c0)='threaded\x00', 0xd4ba0ff) write$P9_RFSYNC(r1, 0x0, 0x41) dup3(r2, r1, 0x0) io_setup(0x40000000008, &(0x7f0000000240)=0x0) creat(&(0x7f0000000040)='./bus\x00', 0x1) io_submit(r4, 0x8, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, r1, &(0x7f0000000000), 0x200a00}]) [ 820.468202][ T28] audit: type=1804 audit(1590300875.452:341): pid=20565 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir823060754/syzkaller.BH26Mm/488/bus" dev="sda1" ino=16383 res=1 06:14:35 executing program 3: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000300)={'macvlan0\x00', 0x0}) sendmsg$nl_route(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newlink={0x20, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, r2, 0x20011}}, 0x20}}, 0x0) 06:14:35 executing program 1: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup/syz0\x00', 0x200002, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./bus\x00', 0x0) r2 = open(&(0x7f0000000440)='./bus\x00', 0x6500, 0x0) r3 = creat(&(0x7f0000000000)='./bus\x00', 0x0) write$cgroup_type(r3, &(0x7f00000009c0)='threaded\x00', 0xd4ba0ff) dup3(r2, r1, 0x0) io_setup(0x40000000008, &(0x7f0000000240)) creat(&(0x7f0000000040)='./bus\x00', 0x0) 06:14:35 executing program 3: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000100)={0xffffffffffffffff}) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$key(0xf, 0x3, 0x2) sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={0x0}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)=ANY=[@ANYBLOB="0207000702"], 0x10}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB="020a000007000000b6f1ffff0000854105001a000000000000d74619edc700000000000000000000000000000000000000000000000002"], 0x38}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f0000000280)=ANY=[@ANYBLOB="020100090e"], 0x70}}, 0x0) sendmmsg(r2, &(0x7f0000000180), 0x3ef, 0x0) 06:14:36 executing program 1: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup/syz0\x00', 0x200002, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./bus\x00', 0x0) r2 = open(&(0x7f0000000440)='./bus\x00', 0x6500, 0x0) r3 = creat(&(0x7f0000000000)='./bus\x00', 0x0) write$cgroup_type(r3, &(0x7f00000009c0)='threaded\x00', 0xd4ba0ff) dup3(r2, r1, 0x0) creat(&(0x7f0000000040)='./bus\x00', 0x0) io_submit(0x0, 0x8, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, r1, &(0x7f0000000000), 0x200a00}]) 06:14:37 executing program 0: sendmmsg$inet(0xffffffffffffffff, &(0x7f0000000080)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0, 0xfffffd6b, &(0x7f0000000380)}}], 0x2, 0x0) r0 = gettid() prctl$PR_SET_PTRACER(0x59616d61, r0) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000740)="0f34", 0x2}], 0x1, 0x0) ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f00000000c0)={@mcast2, 0xe}) ptrace$setopts(0x4206, r1, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000140)=""/71, 0x47}], 0x3, 0x0, 0x0, 0x0) tkill(r1, 0x3c) ptrace$setregs(0xffffffffffffffff, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r1, 0x0, 0x0) 06:14:37 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000400)="6653070000053c27bc3376003639405cb4aed12f0000001500ae47a825d86800278dcff47d010000805acf4f8f36460234432479aed75d492b415bcee00a06dc9d8e99adaf81dcfc6afd983f79e65199615607676f8f9fc0ebf8b0b16d6f2c59957ab364884b3c5d05692e664ebf68e6faa53367f05f4ad6142134b62f11e931e7d62ead037cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f480800b100000000050000be5d2dd15b6210d53eed19bca008388e73", 0xdd}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000080)={0x78}, 0x78) tkill(r0, 0x3a) ptrace$cont(0x18, r0, 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) 06:14:37 executing program 2: prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setattr(r0, 0x0, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x9}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sched_setattr(0x0, &(0x7f0000000180)={0x38, 0x1, 0x0, 0x0, 0x3}, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000000200)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r2 = open(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) fchdir(r2) r3 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ftruncate(r3, 0x800) lseek(r3, 0x0, 0x0) r4 = open(&(0x7f0000001840)='./bus\x00', 0x80, 0x0) sendfile(r3, r4, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0xa0) 06:14:37 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102385, 0x18ff1}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x116, &(0x7f00000193c0)="f7f258480aa4ce20d179e70076cc036a2a1605000000320800000000000000a172903acab90671ffbb70cef20d945aa586d65a3d7f02224c14f1bdd7d464089414700000000000d384d29308f038cb863cce9acc92b74162953f799a801e4f0a49bd983a793d0f756d427b702ca97d7ba31392f173f30271fa144340a90d74208ee26834d00e37642d03645ffbe9e50affba1233832cbf4882a813cb286fcf95f9db2dd885905284f167992356c7667b5f2e5dddb33f7b43e9988f2c5ebe21e47dc96e22e3d9b9a00a153f2534b2302c88a1d58ac9defdb908981b674ae9470a1a00c47bcc6f9b2d875f101167322be2bfef76a9d17317abc90ab10880ef5ae883053823dc9c2a67c1b51cbcc45af13b649a7d860df4"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 06:14:37 executing program 1: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup/syz0\x00', 0x200002, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./bus\x00', 0x0) r2 = open(&(0x7f0000000440)='./bus\x00', 0x6500, 0x0) r3 = creat(&(0x7f0000000000)='./bus\x00', 0x0) write$cgroup_type(r3, &(0x7f00000009c0)='threaded\x00', 0xd4ba0ff) dup3(r2, r1, 0x0) creat(&(0x7f0000000040)='./bus\x00', 0x0) io_submit(0x0, 0x8, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, r1, &(0x7f0000000000), 0x200a00}]) 06:14:37 executing program 3: clone(0x13122001ffa, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) socket(0x0, 0x0, 0x0) poll(0x0, 0x0, 0x8000000000000200) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x420000015001}) socket(0x0, 0x0, 0x0) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) getsockname$packet(0xffffffffffffffff, 0x0, 0x0) close(r0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) 06:14:37 executing program 5: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r2, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102385, 0x18ff1}], 0x3, 0x0, 0x0, 0x0) tkill(r2, 0x40) write$sndseq(0xffffffffffffffff, 0x0, 0x0) ptrace$setregs(0xd, r2, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r2, 0x0, 0x0) 06:14:38 executing program 1: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup/syz0\x00', 0x200002, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./bus\x00', 0x0) r2 = open(&(0x7f0000000440)='./bus\x00', 0x6500, 0x0) r3 = creat(&(0x7f0000000000)='./bus\x00', 0x0) write$cgroup_type(r3, &(0x7f00000009c0)='threaded\x00', 0xd4ba0ff) dup3(r2, r1, 0x0) creat(&(0x7f0000000040)='./bus\x00', 0x0) io_submit(0x0, 0x8, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, r1, &(0x7f0000000000), 0x200a00}]) 06:14:38 executing program 2: prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setattr(r0, 0x0, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x9}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sched_setattr(0x0, &(0x7f0000000180)={0x38, 0x1, 0x0, 0x0, 0x3}, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000000200)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r2 = open(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) fchdir(r2) r3 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ftruncate(r3, 0x800) lseek(r3, 0x0, 0x0) r4 = open(&(0x7f0000001840)='./bus\x00', 0x80, 0x0) sendfile(r3, r4, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0xa0) 06:14:38 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) write$FUSE_LK(0xffffffffffffffff, &(0x7f00000000c0)={0x28, 0x0, 0x0, {{0x103}}}, 0x28) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102400, 0x19000}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x33) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 06:14:38 executing program 1: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup/syz0\x00', 0x200002, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./bus\x00', 0x0) open(&(0x7f0000000440)='./bus\x00', 0x6500, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) write$cgroup_type(r2, &(0x7f00000009c0)='threaded\x00', 0xd4ba0ff) io_setup(0x40000000008, &(0x7f0000000240)=0x0) creat(&(0x7f0000000040)='./bus\x00', 0x0) io_submit(r3, 0x8, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, r1, &(0x7f0000000000), 0x200a00}]) 06:14:39 executing program 1: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup/syz0\x00', 0x200002, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./bus\x00', 0x0) open(&(0x7f0000000440)='./bus\x00', 0x6500, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) write$cgroup_type(r2, &(0x7f00000009c0)='threaded\x00', 0xd4ba0ff) io_setup(0x40000000008, &(0x7f0000000240)=0x0) creat(&(0x7f0000000040)='./bus\x00', 0x0) io_submit(r3, 0x8, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, r1, &(0x7f0000000000), 0x200a00}]) [ 824.601404][ T28] kauditd_printk_skb: 29 callbacks suppressed [ 824.601422][ T28] audit: type=1804 audit(1590300879.593:371): pid=20740 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir823060754/syzkaller.BH26Mm/494/bus" dev="sda1" ino=16381 res=1 06:14:40 executing program 2: prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setattr(r0, 0x0, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x9}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sched_setattr(0x0, &(0x7f0000000180)={0x38, 0x1, 0x0, 0x0, 0x3}, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000000200)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r2 = open(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) fchdir(r2) r3 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ftruncate(r3, 0x800) lseek(r3, 0x0, 0x2) r4 = open(0x0, 0x80, 0x0) sendfile(r3, r4, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0xa0) 06:14:40 executing program 0: sendmmsg$inet(0xffffffffffffffff, &(0x7f0000000080)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0, 0xfffffd6b, &(0x7f0000000380)}}], 0x2, 0x0) r0 = gettid() prctl$PR_SET_PTRACER(0x59616d61, r0) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000740)="0f34", 0x2}], 0x1, 0x0) ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f00000000c0)={@mcast2, 0xe}) ptrace$setopts(0x4206, r1, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000140)=""/71, 0x47}], 0x3, 0x0, 0x0, 0x0) tkill(r1, 0x3c) ptrace$setregs(0xd, 0x0, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r1, 0x0, 0x0) 06:14:40 executing program 1: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup/syz0\x00', 0x200002, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./bus\x00', 0x0) open(&(0x7f0000000440)='./bus\x00', 0x6500, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) write$cgroup_type(r2, &(0x7f00000009c0)='threaded\x00', 0xd4ba0ff) io_setup(0x40000000008, &(0x7f0000000240)=0x0) creat(&(0x7f0000000040)='./bus\x00', 0x0) io_submit(r3, 0x8, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, r1, &(0x7f0000000000), 0x200a00}]) [ 825.620621][ T28] audit: type=1804 audit(1590300880.613:372): pid=20751 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir823060754/syzkaller.BH26Mm/495/bus" dev="sda1" ino=16383 res=1 [ 825.699360][ T28] audit: type=1800 audit(1590300880.633:373): pid=20751 uid=0 auid=0 ses=4 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="bus" dev="sda1" ino=16383 res=0 [ 825.768301][ T28] audit: type=1804 audit(1590300880.643:374): pid=20751 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir823060754/syzkaller.BH26Mm/495/bus" dev="sda1" ino=16383 res=1 06:14:40 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102385, 0x18ff1}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x116, &(0x7f00000193c0)="f7f258480aa4ce20d179e70076cc036a2a1605000000320800000000000000a172903acab90671ffbb70cef20d945aa586d65a3d7f02224c14f1bdd7d464089414700000000000d384d29308f038cb863cce9acc92b74162953f799a801e4f0a49bd983a793d0f756d427b702ca97d7ba31392f173f30271fa144340a90d74208ee26834d00e37642d03645ffbe9e50affba1233832cbf4882a813cb286fcf95f9db2dd885905284f167992356c7667b5f2e5dddb33f7b43e9988f2c5ebe21e47dc96e22e3d9b9a00a153f2534b2302c88a1d58ac9defdb908981b674ae9470a1a00c47bcc6f9b2d875f101167322be2bfef76a9d17317abc90ab10880ef5ae883053823dc9c2a67c1b51cbcc45af13b649a7d860df4"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 06:14:40 executing program 5: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r2, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102385, 0x18ff1}], 0x3, 0x0, 0x0, 0x0) tkill(r2, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0), 0x0) ptrace$setregs(0xd, r2, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r2, 0x0, 0x0) [ 826.107810][ T28] audit: type=1804 audit(1590300881.093:375): pid=20759 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir823060754/syzkaller.BH26Mm/495/bus" dev="sda1" ino=16383 res=1 06:14:41 executing program 1: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup/syz0\x00', 0x200002, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./bus\x00', 0x0) r2 = open(&(0x7f0000000440)='./bus\x00', 0x6500, 0x0) creat(&(0x7f0000000000)='./bus\x00', 0x0) dup3(r2, r1, 0x0) io_setup(0x40000000008, &(0x7f0000000240)=0x0) creat(&(0x7f0000000040)='./bus\x00', 0x0) io_submit(r3, 0x8, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, r1, &(0x7f0000000000), 0x200a00}]) [ 826.337348][ T28] audit: type=1804 audit(1590300881.323:376): pid=20775 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir823060754/syzkaller.BH26Mm/496/bus" dev="sda1" ino=16384 res=1 [ 826.364286][ T28] audit: type=1800 audit(1590300881.323:377): pid=20775 uid=0 auid=0 ses=4 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="bus" dev="sda1" ino=16384 res=0 [ 826.388200][ T28] audit: type=1804 audit(1590300881.333:378): pid=20775 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir823060754/syzkaller.BH26Mm/496/bus" dev="sda1" ino=16384 res=1 [ 826.416895][ T28] audit: type=1804 audit(1590300881.333:379): pid=20775 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir823060754/syzkaller.BH26Mm/496/bus" dev="sda1" ino=16384 res=1 06:14:41 executing program 2: prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setattr(r0, 0x0, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x9}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sched_setattr(0x0, &(0x7f0000000180)={0x38, 0x1, 0x0, 0x0, 0x3}, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000000200)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r2 = open(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) fchdir(r2) r3 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ftruncate(r3, 0x800) lseek(r3, 0x0, 0x2) r4 = open(0x0, 0x80, 0x0) sendfile(r3, r4, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0xa0) 06:14:41 executing program 1: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup/syz0\x00', 0x200002, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./bus\x00', 0x0) r2 = open(&(0x7f0000000440)='./bus\x00', 0x6500, 0x0) creat(&(0x7f0000000000)='./bus\x00', 0x0) dup3(r2, r1, 0x0) io_setup(0x40000000008, &(0x7f0000000240)=0x0) creat(&(0x7f0000000040)='./bus\x00', 0x0) io_submit(r3, 0x8, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, r1, &(0x7f0000000000), 0x200a00}]) [ 826.604798][ T28] audit: type=1804 audit(1590300881.593:380): pid=20782 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir823060754/syzkaller.BH26Mm/497/bus" dev="sda1" ino=16383 res=1 06:14:41 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) writev(r0, &(0x7f0000000040)=[{&(0x7f0000000000)="290000005200190f00003fffffffda060200000000e80001040000040d000a00ea1100000005000000", 0x29}], 0x1) r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000540)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32, @ANYBLOB="0000000000000000280012000c00010076657468"], 0x48}}, 0x0) recvmmsg(r0, &(0x7f0000005b00), 0x40000000000017b, 0x10022, 0x0) 06:14:41 executing program 1: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup/syz0\x00', 0x200002, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./bus\x00', 0x0) r2 = open(&(0x7f0000000440)='./bus\x00', 0x6500, 0x0) creat(&(0x7f0000000000)='./bus\x00', 0x0) dup3(r2, r1, 0x0) io_setup(0x40000000008, &(0x7f0000000240)=0x0) creat(&(0x7f0000000040)='./bus\x00', 0x0) io_submit(r3, 0x8, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, r1, &(0x7f0000000000), 0x200a00}]) [ 826.712702][T20789] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.3'. [ 826.739120][T20789] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.3'. 06:14:41 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000500)={0xffffffffffffffff}) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) sendmsg(r0, &(0x7f0000002fc8)={0x0, 0x0, &(0x7f0000002000)=[{&(0x7f0000000080)="5500000018007f5f00fe01b2a4a280930206000100000001000000003900090035004060060000001900154002000000000022dc1338d54400009b84136ef75afb83de4411001600c43ab8220000060cec4fab91d4", 0x55}], 0x1}, 0x0) 06:14:41 executing program 3: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000280)={0xffffffffffffffff}) close(r0) r1 = socket$inet(0x2, 0x2, 0x0) bind$inet(r1, &(0x7f0000000240)={0x2, 0x4e20}, 0x10) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x6, &(0x7f0000000040)=0xf1, 0x4) perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0x69, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000a00)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x6}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x4, 0xffffffffffffffff, 0x1) ftruncate(0xffffffffffffffff, 0x1000000) bind$inet(0xffffffffffffffff, 0x0, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r2, &(0x7f0000000040)={0xa, 0x0, 0x0, @dev, 0x4}, 0x1c) r3 = syz_open_procfs(0x0, &(0x7f0000000180)='net/fib_trie\x00') sendfile(r2, r3, 0x0, 0xedc0) sendto$inet(r1, &(0x7f00000002c0)="f6c51e76637c84aa63277a25009cf612526dd03721821c3215dd77b27446fef9659c6c174ca3f32a29a94b64a2ad465427439946c2aff3ee0bc2a2d6cf75a64d76b2f29b", 0x44, 0x0, 0x0, 0x0) [ 826.877980][T20804] netlink: 13 bytes leftover after parsing attributes in process `syz-executor.3'. [ 826.890544][T20805] netlink: 13 bytes leftover after parsing attributes in process `syz-executor.3'. 06:14:41 executing program 1: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup/syz0\x00', 0x200002, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./bus\x00', 0x0) r2 = open(&(0x7f0000000440)='./bus\x00', 0x6500, 0x0) write$cgroup_type(0xffffffffffffffff, &(0x7f00000009c0)='threaded\x00', 0xd4ba0ff) dup3(r2, r1, 0x0) io_setup(0x40000000008, &(0x7f0000000240)=0x0) creat(&(0x7f0000000040)='./bus\x00', 0x0) io_submit(r3, 0x8, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, r1, &(0x7f0000000000), 0x200a00}]) 06:14:43 executing program 0: sendmmsg$inet(0xffffffffffffffff, &(0x7f0000000080)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0, 0xfffffd6b, &(0x7f0000000380)}}], 0x2, 0x0) r0 = gettid() prctl$PR_SET_PTRACER(0x59616d61, r0) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000740)="0f34", 0x2}], 0x1, 0x0) ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f00000000c0)={@mcast2, 0xe}) ptrace$setopts(0x4206, r1, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000140)=""/71, 0x47}], 0x3, 0x0, 0x0, 0x0) tkill(r1, 0x3c) ptrace$setregs(0xd, 0x0, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r1, 0x0, 0x0) 06:14:43 executing program 1: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup/syz0\x00', 0x200002, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./bus\x00', 0x0) r2 = open(&(0x7f0000000440)='./bus\x00', 0x6500, 0x0) write$cgroup_type(0xffffffffffffffff, &(0x7f00000009c0)='threaded\x00', 0xd4ba0ff) dup3(r2, r1, 0x0) io_setup(0x40000000008, &(0x7f0000000240)=0x0) creat(&(0x7f0000000040)='./bus\x00', 0x0) io_submit(r3, 0x8, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, r1, &(0x7f0000000000), 0x200a00}]) 06:14:43 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102385, 0x18ff1}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x116, &(0x7f00000193c0)="f7f258480aa4ce20d179e70076cc036a2a1605000000320800000000000000a172903acab90671ffbb70cef20d945aa586d65a3d7f02224c14f1bdd7d464089414700000000000d384d29308f038cb863cce9acc92b74162953f799a801e4f0a49bd983a793d0f756d427b702ca97d7ba31392f173f30271fa144340a90d74208ee26834d00e37642d03645ffbe9e50affba1233832cbf4882a813cb286fcf95f9db2dd885905284f167992356c7667b5f2e5dddb33f7b43e9988f2c5ebe21e47dc96e22e3d9b9a00a153f2534b2302c88a1d58ac9defdb908981b674ae9470a1a00c47bcc6f9b2d875f101167322be2bfef76a9d17317abc90ab10880ef5ae883053823dc9c2a67c1b51cbcc45af13b649a7d860df4"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 06:14:44 executing program 5: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r2, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102385, 0x18ff1}], 0x3, 0x0, 0x0, 0x0) tkill(r2, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0), 0x0) ptrace$setregs(0xd, r2, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r2, 0x0, 0x0) 06:14:44 executing program 3: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000280)={0xffffffffffffffff}) close(r0) r1 = socket$inet(0x2, 0x2, 0x0) bind$inet(r1, &(0x7f0000000240)={0x2, 0x4e20}, 0x10) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x6, &(0x7f0000000040)=0xf1, 0x4) perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0x69, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000a00)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x6}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x4, 0xffffffffffffffff, 0x1) ftruncate(0xffffffffffffffff, 0x1000000) bind$inet(0xffffffffffffffff, 0x0, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r2, &(0x7f0000000040)={0xa, 0x0, 0x0, @dev, 0x4}, 0x1c) r3 = syz_open_procfs(0x0, &(0x7f0000000180)='net/fib_trie\x00') sendfile(r2, r3, 0x0, 0xedc0) sendto$inet(r1, &(0x7f00000002c0)="f6c51e76637c84aa63277a25009cf612526dd03721821c3215dd77b27446fef9659c6c174ca3f32a29a94b64a2ad465427439946c2aff3ee0bc2a2d6cf75a64d76b2f29b", 0x44, 0x0, 0x0, 0x0) 06:14:44 executing program 2: prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setattr(r0, 0x0, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x9}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sched_setattr(0x0, &(0x7f0000000180)={0x38, 0x1, 0x0, 0x0, 0x3}, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000000200)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r2 = open(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) fchdir(r2) r3 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ftruncate(r3, 0x800) lseek(r3, 0x0, 0x2) r4 = open(0x0, 0x80, 0x0) sendfile(r3, r4, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0xa0) 06:14:44 executing program 1: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup/syz0\x00', 0x200002, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./bus\x00', 0x0) r2 = open(&(0x7f0000000440)='./bus\x00', 0x6500, 0x0) write$cgroup_type(0xffffffffffffffff, &(0x7f00000009c0)='threaded\x00', 0xd4ba0ff) dup3(r2, r1, 0x0) io_setup(0x40000000008, &(0x7f0000000240)=0x0) creat(&(0x7f0000000040)='./bus\x00', 0x0) io_submit(r3, 0x8, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, r1, &(0x7f0000000000), 0x200a00}]) 06:14:44 executing program 1: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup/syz0\x00', 0x200002, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./bus\x00', 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) write$cgroup_type(r2, &(0x7f00000009c0)='threaded\x00', 0xd4ba0ff) dup3(0xffffffffffffffff, r1, 0x0) io_setup(0x40000000008, &(0x7f0000000240)=0x0) creat(&(0x7f0000000040)='./bus\x00', 0x0) io_submit(r3, 0x8, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, r1, &(0x7f0000000000), 0x200a00}]) 06:14:44 executing program 3: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000280)={0xffffffffffffffff}) close(r0) r1 = socket$inet(0x2, 0x2, 0x0) bind$inet(r1, &(0x7f0000000240)={0x2, 0x4e20}, 0x10) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x6, &(0x7f0000000040)=0xf1, 0x4) perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0x69, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000a00)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x6}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x4, 0xffffffffffffffff, 0x1) ftruncate(0xffffffffffffffff, 0x1000000) bind$inet(0xffffffffffffffff, 0x0, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r2, &(0x7f0000000040)={0xa, 0x0, 0x0, @dev, 0x4}, 0x1c) r3 = syz_open_procfs(0x0, &(0x7f0000000180)='net/fib_trie\x00') sendfile(r2, r3, 0x0, 0xedc0) sendto$inet(r1, &(0x7f00000002c0)="f6c51e76637c84aa63277a25009cf612526dd03721821c3215dd77b27446fef9659c6c174ca3f32a29a94b64a2ad465427439946c2aff3ee0bc2a2d6cf75a64d76b2f29b", 0x44, 0x0, 0x0, 0x0) 06:14:44 executing program 3: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000280)={0xffffffffffffffff}) close(r0) r1 = socket$inet(0x2, 0x2, 0x0) bind$inet(r1, &(0x7f0000000240)={0x2, 0x4e20}, 0x10) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x6, &(0x7f0000000040)=0xf1, 0x4) perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0x69, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000a00)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x6}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x4, 0xffffffffffffffff, 0x1) ftruncate(0xffffffffffffffff, 0x1000000) bind$inet(0xffffffffffffffff, 0x0, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r2, &(0x7f0000000040)={0xa, 0x0, 0x0, @dev, 0x4}, 0x1c) r3 = syz_open_procfs(0x0, &(0x7f0000000180)='net/fib_trie\x00') sendfile(r2, r3, 0x0, 0xedc0) sendto$inet(r1, &(0x7f00000002c0)="f6c51e76637c84aa63277a25009cf612526dd03721821c3215dd77b27446fef9659c6c174ca3f32a29a94b64a2ad465427439946c2aff3ee0bc2a2d6cf75a64d76b2f29b", 0x44, 0x0, 0x0, 0x0) 06:14:44 executing program 2: prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setattr(r0, 0x0, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x9}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sched_setattr(0x0, &(0x7f0000000180)={0x38, 0x1, 0x0, 0x0, 0x3}, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000000200)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r2 = open(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) fchdir(r2) r3 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ftruncate(r3, 0x800) lseek(r3, 0x0, 0x2) r4 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0) sendfile(r3, r4, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0xa0) 06:14:45 executing program 1: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup/syz0\x00', 0x200002, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./bus\x00', 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) write$cgroup_type(r2, &(0x7f00000009c0)='threaded\x00', 0xd4ba0ff) dup3(0xffffffffffffffff, r1, 0x0) io_setup(0x40000000008, &(0x7f0000000240)=0x0) creat(&(0x7f0000000040)='./bus\x00', 0x0) io_submit(r3, 0x8, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, r1, &(0x7f0000000000), 0x200a00}]) [ 830.106974][ T28] kauditd_printk_skb: 16 callbacks suppressed [ 830.107051][ T28] audit: type=1804 audit(1590300885.093:397): pid=20869 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir182037091/syzkaller.fFo22x/439/file0/bus" dev="loop2" ino=153 res=1 [ 830.277170][ T28] audit: type=1804 audit(1590300885.193:398): pid=20876 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir182037091/syzkaller.fFo22x/439/file0/bus" dev="loop2" ino=153 res=1 06:14:46 executing program 0: sendmmsg$inet(0xffffffffffffffff, &(0x7f0000000080)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0, 0xfffffd6b, &(0x7f0000000380)}}], 0x2, 0x0) r0 = gettid() prctl$PR_SET_PTRACER(0x59616d61, r0) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000740)="0f34", 0x2}], 0x1, 0x0) ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f00000000c0)={@mcast2, 0xe}) ptrace$setopts(0x4206, r1, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000140)=""/71, 0x47}], 0x3, 0x0, 0x0, 0x0) tkill(r1, 0x3c) ptrace$setregs(0xd, 0x0, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r1, 0x0, 0x0) 06:14:46 executing program 3: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000280)={0xffffffffffffffff}) close(r0) r1 = socket$inet(0x2, 0x2, 0x0) bind$inet(r1, &(0x7f0000000240)={0x2, 0x4e20}, 0x10) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x6, &(0x7f0000000040)=0xf1, 0x4) perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0x69, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000a00)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x6}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x4, 0xffffffffffffffff, 0x1) ftruncate(0xffffffffffffffff, 0x1000000) bind$inet(0xffffffffffffffff, 0x0, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r2, &(0x7f0000000040)={0xa, 0x0, 0x0, @dev, 0x4}, 0x1c) r3 = syz_open_procfs(0x0, &(0x7f0000000180)='net/fib_trie\x00') sendfile(r2, r3, 0x0, 0xedc0) 06:14:47 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102385, 0x18ff1}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x11f, &(0x7f00000193c0)="f7f258480aa4ce20d179e70076cc036a2a1605000000320800000000000000a172903acab90671ffbb70cef20d945aa586d65a3d7f02224c14f1bdd7d464089414700000000000d384d29308f038cb863cce9acc92b74162953f799a801e4f0a49bd983a793d0f756d427b702ca97d7ba31392f173f30271fa144340a90d74208ee26834d00e37642d03645ffbe9e50affba1233832cbf4882a813cb286fcf95f9db2dd885905284f167992356c7667b5f2e5dddb33f7b43e9988f2c5ebe21e47dc96e22e3d9b9a00a153f2534b2302c88a1d58ac9defdb908981b674ae9470a1a00c47bcc6f9b2d875f101167322be2bfef76a9d17317abc90ab10880ef5ae883053823dc9c2a67c1b51cbcc45af13b649a7d860df49873b7d80b1caaae54"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 06:14:47 executing program 5: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r2, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102385, 0x18ff1}], 0x3, 0x0, 0x0, 0x0) tkill(r2, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0), 0x0) ptrace$setregs(0xd, r2, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r2, 0x0, 0x0) 06:14:47 executing program 1: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup/syz0\x00', 0x200002, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./bus\x00', 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) write$cgroup_type(r2, &(0x7f00000009c0)='threaded\x00', 0xd4ba0ff) dup3(0xffffffffffffffff, r1, 0x0) io_setup(0x40000000008, &(0x7f0000000240)=0x0) creat(&(0x7f0000000040)='./bus\x00', 0x0) io_submit(r3, 0x8, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, r1, &(0x7f0000000000), 0x200a00}]) 06:14:47 executing program 2: prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setattr(r0, 0x0, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x9}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sched_setattr(0x0, &(0x7f0000000180)={0x38, 0x1, 0x0, 0x0, 0x3}, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000000200)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r2 = open(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) fchdir(r2) r3 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ftruncate(r3, 0x800) lseek(r3, 0x0, 0x2) r4 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0) sendfile(r3, r4, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0xa0) 06:14:47 executing program 3: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000280)={0xffffffffffffffff}) close(r0) r1 = socket$inet(0x2, 0x2, 0x0) bind$inet(r1, &(0x7f0000000240)={0x2, 0x4e20}, 0x10) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x6, &(0x7f0000000040)=0xf1, 0x4) perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0x69, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000a00)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x6}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x4, 0xffffffffffffffff, 0x1) ftruncate(0xffffffffffffffff, 0x1000000) bind$inet(0xffffffffffffffff, 0x0, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r2, &(0x7f0000000040)={0xa, 0x0, 0x0, @dev, 0x4}, 0x1c) sendfile(r2, 0xffffffffffffffff, 0x0, 0xedc0) 06:14:47 executing program 3: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000280)={0xffffffffffffffff}) close(r0) r1 = socket$inet(0x2, 0x2, 0x0) bind$inet(r1, &(0x7f0000000240)={0x2, 0x4e20}, 0x10) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x6, &(0x7f0000000040)=0xf1, 0x4) perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0x69, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000a00)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x6}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x4, 0xffffffffffffffff, 0x1) ftruncate(0xffffffffffffffff, 0x1000000) bind$inet(0xffffffffffffffff, 0x0, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r2, &(0x7f0000000040)={0xa, 0x0, 0x0, @dev, 0x4}, 0x1c) sendfile(r2, 0xffffffffffffffff, 0x0, 0xedc0) [ 832.244733][ T28] audit: type=1804 audit(1590300887.233:399): pid=20908 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir182037091/syzkaller.fFo22x/440/file0/bus" dev="loop2" ino=154 res=1 [ 832.356530][ T28] audit: type=1804 audit(1590300887.323:400): pid=20912 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir182037091/syzkaller.fFo22x/440/file0/bus" dev="loop2" ino=154 res=1 06:14:47 executing program 3: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000280)={0xffffffffffffffff}) close(r0) r1 = socket$inet(0x2, 0x2, 0x0) bind$inet(r1, &(0x7f0000000240)={0x2, 0x4e20}, 0x10) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x6, &(0x7f0000000040)=0xf1, 0x4) perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0x69, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000a00)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x6}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x4, 0xffffffffffffffff, 0x1) ftruncate(0xffffffffffffffff, 0x1000000) bind$inet(0xffffffffffffffff, 0x0, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r2, &(0x7f0000000040)={0xa, 0x0, 0x0, @dev, 0x4}, 0x1c) sendfile(r2, 0xffffffffffffffff, 0x0, 0xedc0) 06:14:47 executing program 3: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000280)={0xffffffffffffffff}) close(r0) r1 = socket$inet(0x2, 0x2, 0x0) bind$inet(r1, &(0x7f0000000240)={0x2, 0x4e20}, 0x10) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x6, &(0x7f0000000040)=0xf1, 0x4) perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0x69, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000a00)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x6}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x4, 0xffffffffffffffff, 0x1) ftruncate(0xffffffffffffffff, 0x1000000) bind$inet(0xffffffffffffffff, 0x0, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) r3 = syz_open_procfs(0x0, &(0x7f0000000180)='net/fib_trie\x00') sendfile(r2, r3, 0x0, 0xedc0) 06:14:47 executing program 1: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup/syz0\x00', 0x200002, 0x0) fchdir(r0) r1 = open(&(0x7f0000000440)='./bus\x00', 0x6500, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) write$cgroup_type(r2, &(0x7f00000009c0)='threaded\x00', 0xd4ba0ff) dup3(r1, 0xffffffffffffffff, 0x0) io_setup(0x40000000008, &(0x7f0000000240)=0x0) creat(&(0x7f0000000040)='./bus\x00', 0x0) io_submit(r3, 0x8, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000000), 0x200a00}]) 06:14:47 executing program 3: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000280)={0xffffffffffffffff}) close(r0) r1 = socket$inet(0x2, 0x2, 0x0) bind$inet(r1, &(0x7f0000000240)={0x2, 0x4e20}, 0x10) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x6, &(0x7f0000000040)=0xf1, 0x4) perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0x69, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000a00)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x6}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x4, 0xffffffffffffffff, 0x1) ftruncate(0xffffffffffffffff, 0x1000000) bind$inet(0xffffffffffffffff, 0x0, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) r3 = syz_open_procfs(0x0, &(0x7f0000000180)='net/fib_trie\x00') sendfile(r2, r3, 0x0, 0xedc0) 06:14:49 executing program 0: sendmmsg$inet(0xffffffffffffffff, &(0x7f0000000080)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0, 0xfffffd6b, &(0x7f0000000380)}}], 0x2, 0x0) r0 = gettid() prctl$PR_SET_PTRACER(0x59616d61, r0) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000740)="0f34", 0x2}], 0x1, 0x0) ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f00000000c0)={@mcast2, 0xe}) ptrace$setopts(0x4206, r1, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000140)=""/71, 0x47}], 0x3, 0x0, 0x0, 0x0) tkill(r1, 0x3c) ptrace$setregs(0xd, r1, 0x0, 0x0) ptrace$cont(0x9, r1, 0x0, 0x0) 06:14:49 executing program 3: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000280)={0xffffffffffffffff}) close(r0) r1 = socket$inet(0x2, 0x2, 0x0) bind$inet(r1, &(0x7f0000000240)={0x2, 0x4e20}, 0x10) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x6, &(0x7f0000000040)=0xf1, 0x4) perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0x69, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000a00)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x6}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x4, 0xffffffffffffffff, 0x1) ftruncate(0xffffffffffffffff, 0x1000000) bind$inet(0xffffffffffffffff, 0x0, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) r3 = syz_open_procfs(0x0, &(0x7f0000000180)='net/fib_trie\x00') sendfile(r2, r3, 0x0, 0xedc0) 06:14:50 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102385, 0x18ff1}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x11f, &(0x7f00000193c0)="f7f258480aa4ce20d179e70076cc036a2a1605000000320800000000000000a172903acab90671ffbb70cef20d945aa586d65a3d7f02224c14f1bdd7d464089414700000000000d384d29308f038cb863cce9acc92b74162953f799a801e4f0a49bd983a793d0f756d427b702ca97d7ba31392f173f30271fa144340a90d74208ee26834d00e37642d03645ffbe9e50affba1233832cbf4882a813cb286fcf95f9db2dd885905284f167992356c7667b5f2e5dddb33f7b43e9988f2c5ebe21e47dc96e22e3d9b9a00a153f2534b2302c88a1d58ac9defdb908981b674ae9470a1a00c47bcc6f9b2d875f101167322be2bfef76a9d17317abc90ab10880ef5ae883053823dc9c2a67c1b51cbcc45af13b649a7d860df49873b7d80b1caaae54"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 06:14:50 executing program 5: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r2, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102385, 0x18ff1}], 0x3, 0x0, 0x0, 0x0) tkill(r2, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @ext={0x0, 0x0}}], 0x1c) ptrace$setregs(0xd, r2, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r2, 0x0, 0x0) 06:14:50 executing program 2: prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setattr(r0, 0x0, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x9}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sched_setattr(0x0, &(0x7f0000000180)={0x38, 0x1, 0x0, 0x0, 0x3}, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000000200)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r2 = open(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) fchdir(r2) r3 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ftruncate(r3, 0x800) lseek(r3, 0x0, 0x2) r4 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0) sendfile(r3, r4, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0xa0) 06:14:50 executing program 1: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup/syz0\x00', 0x200002, 0x0) fchdir(r0) r1 = open(&(0x7f0000000440)='./bus\x00', 0x6500, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) write$cgroup_type(r2, &(0x7f00000009c0)='threaded\x00', 0xd4ba0ff) dup3(r1, 0xffffffffffffffff, 0x0) io_setup(0x40000000008, &(0x7f0000000240)=0x0) creat(&(0x7f0000000040)='./bus\x00', 0x0) io_submit(r3, 0x8, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000000), 0x200a00}]) 06:14:50 executing program 3: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000280)={0xffffffffffffffff}) close(r0) r1 = socket$inet(0x2, 0x2, 0x0) bind$inet(r1, &(0x7f0000000240)={0x2, 0x4e20}, 0x10) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x6, &(0x7f0000000040)=0xf1, 0x4) perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0x69, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000a00)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x6}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x4, 0xffffffffffffffff, 0x1) ftruncate(0xffffffffffffffff, 0x1000000) bind$inet(0xffffffffffffffff, 0x0, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000000040)={0xa, 0x0, 0x0, @dev, 0x4}, 0x1c) r2 = syz_open_procfs(0x0, &(0x7f0000000180)='net/fib_trie\x00') sendfile(0xffffffffffffffff, r2, 0x0, 0xedc0) 06:14:50 executing program 3: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000280)={0xffffffffffffffff}) close(r0) r1 = socket$inet(0x2, 0x2, 0x0) bind$inet(r1, &(0x7f0000000240)={0x2, 0x4e20}, 0x10) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x6, &(0x7f0000000040)=0xf1, 0x4) perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0x69, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000a00)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x6}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x4, 0xffffffffffffffff, 0x1) ftruncate(0xffffffffffffffff, 0x1000000) bind$inet(0xffffffffffffffff, 0x0, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000000040)={0xa, 0x0, 0x0, @dev, 0x4}, 0x1c) r2 = syz_open_procfs(0x0, &(0x7f0000000180)='net/fib_trie\x00') sendfile(0xffffffffffffffff, r2, 0x0, 0xedc0) [ 835.305601][ T28] audit: type=1804 audit(1590300890.293:401): pid=20962 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir182037091/syzkaller.fFo22x/441/file0/bus" dev="loop2" ino=155 res=1 [ 835.447781][ T28] audit: type=1804 audit(1590300890.393:402): pid=20971 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir182037091/syzkaller.fFo22x/441/file0/bus" dev="loop2" ino=155 res=1 06:14:50 executing program 3: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000280)={0xffffffffffffffff}) close(r0) r1 = socket$inet(0x2, 0x2, 0x0) bind$inet(r1, &(0x7f0000000240)={0x2, 0x4e20}, 0x10) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x6, &(0x7f0000000040)=0xf1, 0x4) perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0x69, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000a00)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x6}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x4, 0xffffffffffffffff, 0x1) ftruncate(0xffffffffffffffff, 0x1000000) bind$inet(0xffffffffffffffff, 0x0, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000000040)={0xa, 0x0, 0x0, @dev, 0x4}, 0x1c) r2 = syz_open_procfs(0x0, &(0x7f0000000180)='net/fib_trie\x00') sendfile(0xffffffffffffffff, r2, 0x0, 0xedc0) 06:14:50 executing program 3: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000280)={0xffffffffffffffff}) close(r0) r1 = socket$inet(0x2, 0x2, 0x0) bind$inet(r1, &(0x7f0000000240)={0x2, 0x4e20}, 0x10) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x6, &(0x7f0000000040)=0xf1, 0x4) perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0x69, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000a00)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x6}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x4, 0xffffffffffffffff, 0x1) ftruncate(0xffffffffffffffff, 0x1000000) r2 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r2, &(0x7f0000000040)={0xa, 0x0, 0x0, @dev, 0x4}, 0x1c) r3 = syz_open_procfs(0x0, &(0x7f0000000180)='net/fib_trie\x00') sendfile(r2, r3, 0x0, 0xedc0) 06:14:50 executing program 1: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup/syz0\x00', 0x200002, 0x0) fchdir(r0) r1 = open(&(0x7f0000000440)='./bus\x00', 0x6500, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) write$cgroup_type(r2, &(0x7f00000009c0)='threaded\x00', 0xd4ba0ff) dup3(r1, 0xffffffffffffffff, 0x0) io_setup(0x40000000008, &(0x7f0000000240)=0x0) creat(&(0x7f0000000040)='./bus\x00', 0x0) io_submit(r3, 0x8, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000000), 0x200a00}]) 06:14:51 executing program 2: prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setattr(r0, 0x0, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x9}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sched_setattr(0x0, &(0x7f0000000180)={0x38, 0x1, 0x0, 0x0, 0x3}, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000000200)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r2 = open(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) fchdir(r2) r3 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ftruncate(r3, 0x800) lseek(r3, 0x0, 0x2) r4 = open(&(0x7f0000001840)='./bus\x00', 0x80, 0x0) sendfile(0xffffffffffffffff, r4, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0xa0) [ 836.268303][ T28] audit: type=1804 audit(1590300891.263:403): pid=20991 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir182037091/syzkaller.fFo22x/442/file0/bus" dev="loop2" ino=156 res=1 [ 836.324562][ T28] audit: type=1804 audit(1590300891.263:404): pid=20991 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir182037091/syzkaller.fFo22x/442/file0/bus" dev="loop2" ino=156 res=1 06:14:52 executing program 3: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000280)={0xffffffffffffffff}) close(r0) r1 = socket$inet(0x2, 0x2, 0x0) bind$inet(r1, &(0x7f0000000240)={0x2, 0x4e20}, 0x10) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x6, &(0x7f0000000040)=0xf1, 0x4) perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0x69, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000a00)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x6}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x4, 0xffffffffffffffff, 0x1) r2 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r2, &(0x7f0000000040)={0xa, 0x0, 0x0, @dev, 0x4}, 0x1c) r3 = syz_open_procfs(0x0, &(0x7f0000000180)='net/fib_trie\x00') sendfile(r2, r3, 0x0, 0xedc0) 06:14:52 executing program 0: sendmmsg$inet(0xffffffffffffffff, &(0x7f0000000080)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0, 0xfffffd6b, &(0x7f0000000380)}}], 0x2, 0x0) r0 = gettid() prctl$PR_SET_PTRACER(0x59616d61, r0) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000740)="0f34", 0x2}], 0x1, 0x0) ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f00000000c0)={@mcast2, 0xe}) ptrace$setopts(0x4206, r1, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000140)=""/71, 0x47}], 0x3, 0x0, 0x0, 0x0) tkill(r1, 0x3c) ptrace$setregs(0xd, r1, 0x0, 0x0) ptrace$cont(0x9, r1, 0x0, 0x0) 06:14:53 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102385, 0x18ff1}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x11f, &(0x7f00000193c0)="f7f258480aa4ce20d179e70076cc036a2a1605000000320800000000000000a172903acab90671ffbb70cef20d945aa586d65a3d7f02224c14f1bdd7d464089414700000000000d384d29308f038cb863cce9acc92b74162953f799a801e4f0a49bd983a793d0f756d427b702ca97d7ba31392f173f30271fa144340a90d74208ee26834d00e37642d03645ffbe9e50affba1233832cbf4882a813cb286fcf95f9db2dd885905284f167992356c7667b5f2e5dddb33f7b43e9988f2c5ebe21e47dc96e22e3d9b9a00a153f2534b2302c88a1d58ac9defdb908981b674ae9470a1a00c47bcc6f9b2d875f101167322be2bfef76a9d17317abc90ab10880ef5ae883053823dc9c2a67c1b51cbcc45af13b649a7d860df49873b7d80b1caaae54"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 06:14:53 executing program 5: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r2, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102385, 0x18ff1}], 0x3, 0x0, 0x0, 0x0) tkill(r2, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @ext={0x0, 0x0}}], 0x1c) ptrace$setregs(0xd, r2, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r2, 0x0, 0x0) 06:14:53 executing program 1: openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup/syz0\x00', 0x200002, 0x0) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x0) r1 = open(&(0x7f0000000440)='./bus\x00', 0x6500, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) write$cgroup_type(r2, &(0x7f00000009c0)='threaded\x00', 0xd4ba0ff) dup3(r1, r0, 0x0) io_setup(0x40000000008, &(0x7f0000000240)=0x0) creat(&(0x7f0000000040)='./bus\x00', 0x0) io_submit(r3, 0x8, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, r0, &(0x7f0000000000), 0x200a00}]) 06:14:53 executing program 2: prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setattr(r0, 0x0, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x9}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sched_setattr(0x0, &(0x7f0000000180)={0x38, 0x1, 0x0, 0x0, 0x3}, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000000200)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r2 = open(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) fchdir(r2) r3 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ftruncate(r3, 0x800) lseek(r3, 0x0, 0x2) r4 = open(&(0x7f0000001840)='./bus\x00', 0x80, 0x0) sendfile(0xffffffffffffffff, r4, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0xa0) 06:14:53 executing program 3: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000280)={0xffffffffffffffff}) close(r0) r1 = socket$inet(0x2, 0x2, 0x0) bind$inet(r1, &(0x7f0000000240)={0x2, 0x4e20}, 0x10) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x6, &(0x7f0000000040)=0xf1, 0x4) perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0x69, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000a00)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x6}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r2, &(0x7f0000000040)={0xa, 0x0, 0x0, @dev, 0x4}, 0x1c) r3 = syz_open_procfs(0x0, &(0x7f0000000180)='net/fib_trie\x00') sendfile(r2, r3, 0x0, 0xedc0) [ 838.250382][ T28] audit: type=1804 audit(1590300893.243:405): pid=21018 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir823060754/syzkaller.BH26Mm/508/bus" dev="sda1" ino=16193 res=1 [ 838.347490][ T28] audit: type=1800 audit(1590300893.243:406): pid=21018 uid=0 auid=0 ses=4 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="bus" dev="sda1" ino=16193 res=0 [ 838.430728][ T28] audit: type=1804 audit(1590300893.263:407): pid=21018 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir823060754/syzkaller.BH26Mm/508/bus" dev="sda1" ino=16193 res=1 06:14:53 executing program 3: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000280)={0xffffffffffffffff}) close(r0) r1 = socket$inet(0x2, 0x2, 0x0) bind$inet(r1, &(0x7f0000000240)={0x2, 0x4e20}, 0x10) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x6, &(0x7f0000000040)=0xf1, 0x4) perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0x69, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r2, &(0x7f0000000040)={0xa, 0x0, 0x0, @dev, 0x4}, 0x1c) r3 = syz_open_procfs(0x0, &(0x7f0000000180)='net/fib_trie\x00') sendfile(r2, r3, 0x0, 0xedc0) [ 838.470188][ T28] audit: type=1804 audit(1590300893.373:408): pid=21022 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir182037091/syzkaller.fFo22x/443/file0/bus" dev="loop2" ino=157 res=1 [ 838.548802][ T28] audit: type=1804 audit(1590300893.383:409): pid=21022 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir182037091/syzkaller.fFo22x/443/file0/bus" dev="loop2" ino=157 res=1 [ 838.696564][ T28] audit: type=1804 audit(1590300893.683:410): pid=21028 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir823060754/syzkaller.BH26Mm/508/bus" dev="sda1" ino=16193 res=1 06:14:53 executing program 3: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000280)={0xffffffffffffffff}) close(r0) r1 = socket$inet(0x2, 0x2, 0x0) bind$inet(r1, &(0x7f0000000240)={0x2, 0x4e20}, 0x10) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x6, &(0x7f0000000040)=0xf1, 0x4) r2 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r2, &(0x7f0000000040)={0xa, 0x0, 0x0, @dev, 0x4}, 0x1c) r3 = syz_open_procfs(0x0, &(0x7f0000000180)='net/fib_trie\x00') sendfile(r2, r3, 0x0, 0xedc0) 06:14:53 executing program 3: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000280)={0xffffffffffffffff}) close(r0) r1 = socket$inet(0x2, 0x2, 0x0) bind$inet(r1, &(0x7f0000000240)={0x2, 0x4e20}, 0x10) r2 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r2, &(0x7f0000000040)={0xa, 0x0, 0x0, @dev, 0x4}, 0x1c) r3 = syz_open_procfs(0x0, &(0x7f0000000180)='net/fib_trie\x00') sendfile(r2, r3, 0x0, 0xedc0) 06:14:53 executing program 3: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000280)={0xffffffffffffffff}) close(r0) socket$inet(0x2, 0x2, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r1, &(0x7f0000000040)={0xa, 0x0, 0x0, @dev, 0x4}, 0x1c) r2 = syz_open_procfs(0x0, &(0x7f0000000180)='net/fib_trie\x00') sendfile(r1, r2, 0x0, 0xedc0) 06:14:53 executing program 3: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000280)={0xffffffffffffffff}) close(r0) r1 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r1, &(0x7f0000000040)={0xa, 0x0, 0x0, @dev, 0x4}, 0x1c) r2 = syz_open_procfs(0x0, &(0x7f0000000180)='net/fib_trie\x00') sendfile(r1, r2, 0x0, 0xedc0) 06:14:54 executing program 1: r0 = creat(&(0x7f0000000100)='./bus\x00', 0x0) r1 = open(&(0x7f0000000440)='./bus\x00', 0x6500, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) write$cgroup_type(r2, &(0x7f00000009c0)='threaded\x00', 0xd4ba0ff) dup3(r1, r0, 0x0) io_setup(0x40000000008, &(0x7f0000000240)=0x0) creat(&(0x7f0000000040)='./bus\x00', 0x0) io_submit(r3, 0x8, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, r0, &(0x7f0000000000), 0x200a00}]) 06:14:55 executing program 0: sendmmsg$inet(0xffffffffffffffff, &(0x7f0000000080)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0, 0xfffffd6b, &(0x7f0000000380)}}], 0x2, 0x0) r0 = gettid() prctl$PR_SET_PTRACER(0x59616d61, r0) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000740)="0f34", 0x2}], 0x1, 0x0) ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f00000000c0)={@mcast2, 0xe}) ptrace$setopts(0x4206, r1, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000140)=""/71, 0x47}], 0x3, 0x0, 0x0, 0x0) tkill(r1, 0x3c) ptrace$setregs(0xd, r1, 0x0, 0x0) ptrace$cont(0x9, r1, 0x0, 0x0) 06:14:56 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102385, 0x18ff1}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x124, &(0x7f00000193c0)="f7f258480aa4ce20d179e70076cc036a2a1605000000320800000000000000a172903acab90671ffbb70cef20d945aa586d65a3d7f02224c14f1bdd7d464089414700000000000d384d29308f038cb863cce9acc92b74162953f799a801e4f0a49bd983a793d0f756d427b702ca97d7ba31392f173f30271fa144340a90d74208ee26834d00e37642d03645ffbe9e50affba1233832cbf4882a813cb286fcf95f9db2dd885905284f167992356c7667b5f2e5dddb33f7b43e9988f2c5ebe21e47dc96e22e3d9b9a00a153f2534b2302c88a1d58ac9defdb908981b674ae9470a1a00c47bcc6f9b2d875f101167322be2bfef76a9d17317abc90ab10880ef5ae883053823dc9c2a67c1b51cbcc45af13b649a7d860df49873b7d80b1caaae549e581dd3c8"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 06:14:56 executing program 5: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r2, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102385, 0x18ff1}], 0x3, 0x0, 0x0, 0x0) tkill(r2, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @ext={0x0, 0x0}}], 0x1c) ptrace$setregs(0xd, r2, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r2, 0x0, 0x0) 06:14:56 executing program 3: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000280)) r0 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @dev, 0x4}, 0x1c) r1 = syz_open_procfs(0x0, &(0x7f0000000180)='net/fib_trie\x00') sendfile(r0, r1, 0x0, 0xedc0) 06:14:56 executing program 2: prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setattr(r0, 0x0, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x9}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sched_setattr(0x0, &(0x7f0000000180)={0x38, 0x1, 0x0, 0x0, 0x3}, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000000200)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r2 = open(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) fchdir(r2) r3 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ftruncate(r3, 0x800) lseek(r3, 0x0, 0x2) r4 = open(&(0x7f0000001840)='./bus\x00', 0x80, 0x0) sendfile(0xffffffffffffffff, r4, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0xa0) 06:14:56 executing program 1: r0 = creat(0x0, 0x0) r1 = open(&(0x7f0000000440)='./bus\x00', 0x6500, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) write$cgroup_type(r2, &(0x7f00000009c0)='threaded\x00', 0xd4ba0ff) dup3(r1, r0, 0x0) io_setup(0x40000000008, &(0x7f0000000240)=0x0) creat(&(0x7f0000000040)='./bus\x00', 0x0) io_submit(r3, 0x8, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, r0, &(0x7f0000000000), 0x200a00}]) 06:14:56 executing program 3: r0 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @dev, 0x4}, 0x1c) r1 = syz_open_procfs(0x0, &(0x7f0000000180)='net/fib_trie\x00') sendfile(r0, r1, 0x0, 0xedc0) [ 841.440856][ T28] kauditd_printk_skb: 4 callbacks suppressed [ 841.440876][ T28] audit: type=1804 audit(1590300896.434:415): pid=21075 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir182037091/syzkaller.fFo22x/444/file0/bus" dev="loop2" ino=158 res=1 [ 841.522128][ T28] audit: type=1804 audit(1590300896.464:416): pid=21075 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir182037091/syzkaller.fFo22x/444/file0/bus" dev="loop2" ino=158 res=1 06:14:56 executing program 3: r0 = socket$inet6(0xa, 0x0, 0x0) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @dev, 0x4}, 0x1c) r1 = syz_open_procfs(0x0, &(0x7f0000000180)='net/fib_trie\x00') sendfile(r0, r1, 0x0, 0xedc0) 06:14:56 executing program 3: r0 = socket$inet6(0xa, 0x0, 0x0) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @dev, 0x4}, 0x1c) r1 = syz_open_procfs(0x0, &(0x7f0000000180)='net/fib_trie\x00') sendfile(r0, r1, 0x0, 0xedc0) 06:14:56 executing program 1: r0 = creat(0x0, 0x0) r1 = open(&(0x7f0000000440)='./bus\x00', 0x6500, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) write$cgroup_type(r2, &(0x7f00000009c0)='threaded\x00', 0xd4ba0ff) dup3(r1, r0, 0x0) io_setup(0x40000000008, &(0x7f0000000240)=0x0) creat(&(0x7f0000000040)='./bus\x00', 0x0) io_submit(r3, 0x8, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, r0, &(0x7f0000000000), 0x200a00}]) 06:14:56 executing program 3: r0 = socket$inet6(0xa, 0x0, 0x0) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @dev, 0x4}, 0x1c) r1 = syz_open_procfs(0x0, &(0x7f0000000180)='net/fib_trie\x00') sendfile(r0, r1, 0x0, 0xedc0) 06:14:57 executing program 3: r0 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000000040)={0xa, 0x0, 0x0, @dev, 0x4}, 0x1c) r1 = syz_open_procfs(0x0, &(0x7f0000000180)='net/fib_trie\x00') sendfile(r0, r1, 0x0, 0xedc0) 06:14:58 executing program 0: sendmmsg$inet(0xffffffffffffffff, &(0x7f0000000080)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0, 0xfffffd6b, &(0x7f0000000380)}}], 0x2, 0x0) r0 = gettid() prctl$PR_SET_PTRACER(0x59616d61, r0) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000740)="0f34", 0x2}], 0x1, 0x0) ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f00000000c0)={@mcast2, 0xe}) ptrace$setopts(0x4206, r1, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000140)=""/71, 0x47}], 0x3, 0x0, 0x0, 0x0) tkill(r1, 0x3c) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0xffffffffffffffff, r1, 0x0, 0x0) 06:14:59 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102385, 0x18ff1}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x124, &(0x7f00000193c0)="f7f258480aa4ce20d179e70076cc036a2a1605000000320800000000000000a172903acab90671ffbb70cef20d945aa586d65a3d7f02224c14f1bdd7d464089414700000000000d384d29308f038cb863cce9acc92b74162953f799a801e4f0a49bd983a793d0f756d427b702ca97d7ba31392f173f30271fa144340a90d74208ee26834d00e37642d03645ffbe9e50affba1233832cbf4882a813cb286fcf95f9db2dd885905284f167992356c7667b5f2e5dddb33f7b43e9988f2c5ebe21e47dc96e22e3d9b9a00a153f2534b2302c88a1d58ac9defdb908981b674ae9470a1a00c47bcc6f9b2d875f101167322be2bfef76a9d17317abc90ab10880ef5ae883053823dc9c2a67c1b51cbcc45af13b649a7d860df49873b7d80b1caaae549e581dd3c8"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 06:14:59 executing program 2: prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setattr(r0, 0x0, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x9}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sched_setattr(0x0, &(0x7f0000000180)={0x38, 0x1, 0x0, 0x0, 0x3}, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000000200)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r2 = open(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) fchdir(r2) r3 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ftruncate(r3, 0x800) lseek(r3, 0x0, 0x2) open(&(0x7f0000001840)='./bus\x00', 0x80, 0x0) sendfile(r3, 0xffffffffffffffff, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0xa0) 06:14:59 executing program 3: r0 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000000040)={0xa, 0x0, 0x0, @dev, 0x4}, 0x1c) r1 = syz_open_procfs(0x0, &(0x7f0000000180)='net/fib_trie\x00') sendfile(r0, r1, 0x0, 0xedc0) 06:14:59 executing program 1: r0 = creat(0x0, 0x0) r1 = open(&(0x7f0000000440)='./bus\x00', 0x6500, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) write$cgroup_type(r2, &(0x7f00000009c0)='threaded\x00', 0xd4ba0ff) dup3(r1, r0, 0x0) io_setup(0x40000000008, &(0x7f0000000240)=0x0) creat(&(0x7f0000000040)='./bus\x00', 0x0) io_submit(r3, 0x8, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, r0, &(0x7f0000000000), 0x200a00}]) 06:14:59 executing program 5: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r2, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102385, 0x18ff1}], 0x3, 0x0, 0x0, 0x0) tkill(r2, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @ext={0x0, &(0x7f00000193c0)}}], 0x1c) ptrace$setregs(0xd, r2, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r2, 0x0, 0x0) 06:14:59 executing program 0: sendmmsg$inet(0xffffffffffffffff, &(0x7f0000000080)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0, 0xfffffd6b, &(0x7f0000000380)}}], 0x2, 0x0) r0 = gettid() prctl$PR_SET_PTRACER(0x59616d61, r0) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000740)="0f34", 0x2}], 0x1, 0x0) ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f00000000c0)={@mcast2, 0xe}) ptrace$setopts(0x4206, r1, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000140)=""/71, 0x47}], 0x3, 0x0, 0x0, 0x0) tkill(r1, 0x3c) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0xffffffffffffffff, r1, 0x0, 0x0) 06:14:59 executing program 3: r0 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000000040)={0xa, 0x0, 0x0, @dev, 0x4}, 0x1c) r1 = syz_open_procfs(0x0, &(0x7f0000000180)='net/fib_trie\x00') sendfile(r0, r1, 0x0, 0xedc0) [ 844.558851][ T28] audit: type=1804 audit(1590300899.554:417): pid=21139 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir182037091/syzkaller.fFo22x/445/file0/bus" dev="loop2" ino=159 res=1 [ 844.603895][ T28] audit: type=1804 audit(1590300899.554:418): pid=21139 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir182037091/syzkaller.fFo22x/445/file0/bus" dev="loop2" ino=159 res=1 06:14:59 executing program 3: r0 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r0, 0x0, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000180)='net/fib_trie\x00') sendfile(r0, r1, 0x0, 0xedc0) 06:14:59 executing program 3: r0 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r0, 0x0, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000180)='net/fib_trie\x00') sendfile(r0, r1, 0x0, 0xedc0) 06:14:59 executing program 3: r0 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r0, 0x0, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000180)='net/fib_trie\x00') sendfile(r0, r1, 0x0, 0xedc0) 06:15:00 executing program 3: r0 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @dev}, 0x1c) r1 = syz_open_procfs(0x0, &(0x7f0000000180)='net/fib_trie\x00') sendfile(r0, r1, 0x0, 0xedc0) 06:15:00 executing program 1: r0 = creat(&(0x7f0000000100)='./bus\x00', 0x0) r1 = open(0x0, 0x6500, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) write$cgroup_type(r2, &(0x7f00000009c0)='threaded\x00', 0xd4ba0ff) dup3(r1, r0, 0x0) io_setup(0x40000000008, &(0x7f0000000240)=0x0) creat(&(0x7f0000000040)='./bus\x00', 0x0) io_submit(r3, 0x8, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, r0, &(0x7f0000000000), 0x200a00}]) 06:15:02 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102385, 0x18ff1}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x124, &(0x7f00000193c0)="f7f258480aa4ce20d179e70076cc036a2a1605000000320800000000000000a172903acab90671ffbb70cef20d945aa586d65a3d7f02224c14f1bdd7d464089414700000000000d384d29308f038cb863cce9acc92b74162953f799a801e4f0a49bd983a793d0f756d427b702ca97d7ba31392f173f30271fa144340a90d74208ee26834d00e37642d03645ffbe9e50affba1233832cbf4882a813cb286fcf95f9db2dd885905284f167992356c7667b5f2e5dddb33f7b43e9988f2c5ebe21e47dc96e22e3d9b9a00a153f2534b2302c88a1d58ac9defdb908981b674ae9470a1a00c47bcc6f9b2d875f101167322be2bfef76a9d17317abc90ab10880ef5ae883053823dc9c2a67c1b51cbcc45af13b649a7d860df49873b7d80b1caaae549e581dd3c8"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 06:15:02 executing program 3: r0 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @dev}, 0x1c) r1 = syz_open_procfs(0x0, &(0x7f0000000180)='net/fib_trie\x00') sendfile(r0, r1, 0x0, 0xedc0) 06:15:02 executing program 2: prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setattr(r0, 0x0, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x9}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sched_setattr(0x0, &(0x7f0000000180)={0x38, 0x1, 0x0, 0x0, 0x3}, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000000200)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r2 = open(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) fchdir(r2) r3 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ftruncate(r3, 0x800) lseek(r3, 0x0, 0x2) open(&(0x7f0000001840)='./bus\x00', 0x80, 0x0) sendfile(r3, 0xffffffffffffffff, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0xa0) 06:15:02 executing program 1: r0 = creat(&(0x7f0000000100)='./bus\x00', 0x0) r1 = open(0x0, 0x6500, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) write$cgroup_type(r2, &(0x7f00000009c0)='threaded\x00', 0xd4ba0ff) dup3(r1, r0, 0x0) io_setup(0x40000000008, &(0x7f0000000240)=0x0) creat(&(0x7f0000000040)='./bus\x00', 0x0) io_submit(r3, 0x8, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, r0, &(0x7f0000000000), 0x200a00}]) [ 847.322395][ T28] audit: type=1804 audit(1590300902.314:419): pid=21182 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir182037091/syzkaller.fFo22x/446/file0/bus" dev="loop2" ino=160 res=1 [ 847.406533][ T28] audit: type=1804 audit(1590300902.324:420): pid=21182 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir182037091/syzkaller.fFo22x/446/file0/bus" dev="loop2" ino=160 res=1 06:15:02 executing program 5: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r2, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102385, 0x18ff1}], 0x3, 0x0, 0x0, 0x0) tkill(r2, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @ext={0x0, &(0x7f00000193c0)}}], 0x1c) ptrace$setregs(0xd, r2, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r2, 0x0, 0x0) 06:15:02 executing program 3: r0 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @dev}, 0x1c) r1 = syz_open_procfs(0x0, &(0x7f0000000180)='net/fib_trie\x00') sendfile(r0, r1, 0x0, 0xedc0) 06:15:02 executing program 0: sendmmsg$inet(0xffffffffffffffff, &(0x7f0000000080)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0, 0xfffffd6b, &(0x7f0000000380)}}], 0x2, 0x0) r0 = gettid() prctl$PR_SET_PTRACER(0x59616d61, r0) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000740)="0f34", 0x2}], 0x1, 0x0) ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f00000000c0)={@mcast2, 0xe}) ptrace$setopts(0x4206, r1, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000140)=""/71, 0x47}], 0x3, 0x0, 0x0, 0x0) tkill(r1, 0x3c) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0xffffffffffffffff, r1, 0x0, 0x0) 06:15:02 executing program 3: r0 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @dev, 0x4}, 0x1c) r1 = syz_open_procfs(0x0, 0x0) sendfile(r0, r1, 0x0, 0xedc0) 06:15:02 executing program 3: r0 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @dev, 0x4}, 0x1c) r1 = syz_open_procfs(0x0, 0x0) sendfile(r0, r1, 0x0, 0xedc0) 06:15:02 executing program 3: r0 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @dev, 0x4}, 0x1c) r1 = syz_open_procfs(0x0, 0x0) sendfile(r0, r1, 0x0, 0xedc0) 06:15:02 executing program 3: r0 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @dev, 0x4}, 0x1c) r1 = syz_open_procfs(0x0, &(0x7f0000000180)='net/fib_trie\x00') sendfile(0xffffffffffffffff, r1, 0x0, 0xedc0) 06:15:02 executing program 1: r0 = creat(&(0x7f0000000100)='./bus\x00', 0x0) r1 = open(0x0, 0x6500, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) write$cgroup_type(r2, &(0x7f00000009c0)='threaded\x00', 0xd4ba0ff) dup3(r1, r0, 0x0) io_setup(0x40000000008, &(0x7f0000000240)=0x0) creat(&(0x7f0000000040)='./bus\x00', 0x0) io_submit(r3, 0x8, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, r0, &(0x7f0000000000), 0x200a00}]) 06:15:05 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102385, 0x18ff1}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x126, &(0x7f00000193c0)="f7f258480aa4ce20d179e70076cc036a2a1605000000320800000000000000a172903acab90671ffbb70cef20d945aa586d65a3d7f02224c14f1bdd7d464089414700000000000d384d29308f038cb863cce9acc92b74162953f799a801e4f0a49bd983a793d0f756d427b702ca97d7ba31392f173f30271fa144340a90d74208ee26834d00e37642d03645ffbe9e50affba1233832cbf4882a813cb286fcf95f9db2dd885905284f167992356c7667b5f2e5dddb33f7b43e9988f2c5ebe21e47dc96e22e3d9b9a00a153f2534b2302c88a1d58ac9defdb908981b674ae9470a1a00c47bcc6f9b2d875f101167322be2bfef76a9d17317abc90ab10880ef5ae883053823dc9c2a67c1b51cbcc45af13b649a7d860df49873b7d80b1caaae549e581dd3c8d960"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 06:15:05 executing program 3: r0 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @dev, 0x4}, 0x1c) r1 = syz_open_procfs(0x0, &(0x7f0000000180)='net/fib_trie\x00') sendfile(0xffffffffffffffff, r1, 0x0, 0xedc0) 06:15:05 executing program 2: prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setattr(r0, 0x0, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x9}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sched_setattr(0x0, &(0x7f0000000180)={0x38, 0x1, 0x0, 0x0, 0x3}, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000000200)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r2 = open(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) fchdir(r2) r3 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ftruncate(r3, 0x800) lseek(r3, 0x0, 0x2) open(&(0x7f0000001840)='./bus\x00', 0x80, 0x0) sendfile(r3, 0xffffffffffffffff, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0xa0) 06:15:05 executing program 1: r0 = creat(&(0x7f0000000100)='./bus\x00', 0x0) r1 = open(&(0x7f0000000440)='./bus\x00', 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) write$cgroup_type(r2, &(0x7f00000009c0)='threaded\x00', 0xd4ba0ff) dup3(r1, r0, 0x0) io_setup(0x40000000008, &(0x7f0000000240)=0x0) creat(&(0x7f0000000040)='./bus\x00', 0x0) io_submit(r3, 0x8, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, r0, &(0x7f0000000000), 0x200a00}]) [ 850.300088][ T28] audit: type=1804 audit(1590300905.294:421): pid=21224 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir823060754/syzkaller.BH26Mm/516/bus" dev="sda1" ino=16360 res=1 [ 850.368055][ T28] audit: type=1804 audit(1590300905.304:422): pid=21224 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir823060754/syzkaller.BH26Mm/516/bus" dev="sda1" ino=16360 res=1 [ 850.450993][ T28] audit: type=1804 audit(1590300905.374:423): pid=21226 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir182037091/syzkaller.fFo22x/447/file0/bus" dev="loop2" ino=161 res=1 [ 850.552551][ T28] audit: type=1804 audit(1590300905.384:424): pid=21226 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir182037091/syzkaller.fFo22x/447/file0/bus" dev="loop2" ino=161 res=1 06:15:05 executing program 5: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r2, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102385, 0x18ff1}], 0x3, 0x0, 0x0, 0x0) tkill(r2, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @ext={0x0, &(0x7f00000193c0)}}], 0x1c) ptrace$setregs(0xd, r2, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r2, 0x0, 0x0) 06:15:05 executing program 3: r0 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @dev, 0x4}, 0x1c) r1 = syz_open_procfs(0x0, &(0x7f0000000180)='net/fib_trie\x00') sendfile(0xffffffffffffffff, r1, 0x0, 0xedc0) 06:15:05 executing program 0: sendmmsg$inet(0xffffffffffffffff, &(0x7f0000000080)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0, 0xfffffd6b, &(0x7f0000000380)}}], 0x2, 0x0) r0 = gettid() prctl$PR_SET_PTRACER(0x59616d61, r0) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000740)="0f34", 0x2}], 0x1, 0x0) ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f00000000c0)={@mcast2, 0xe}) ptrace$setopts(0x4206, r1, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000140)=""/71, 0x47}], 0x3, 0x0, 0x0, 0x0) tkill(r1, 0x3c) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, 0x0, 0x0, 0x0) 06:15:05 executing program 3: r0 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @dev, 0x4}, 0x1c) syz_open_procfs(0x0, &(0x7f0000000180)='net/fib_trie\x00') sendfile(r0, 0xffffffffffffffff, 0x0, 0xedc0) [ 850.772940][ T28] audit: type=1804 audit(1590300905.764:425): pid=21232 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir823060754/syzkaller.BH26Mm/516/bus" dev="sda1" ino=16360 res=1 06:15:05 executing program 3: r0 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @dev, 0x4}, 0x1c) syz_open_procfs(0x0, &(0x7f0000000180)='net/fib_trie\x00') sendfile(r0, 0xffffffffffffffff, 0x0, 0xedc0) 06:15:05 executing program 3: r0 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @dev, 0x4}, 0x1c) syz_open_procfs(0x0, &(0x7f0000000180)='net/fib_trie\x00') sendfile(r0, 0xffffffffffffffff, 0x0, 0xedc0) 06:15:06 executing program 3: r0 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @dev, 0x4}, 0x1c) r1 = syz_open_procfs(0x0, &(0x7f0000000180)='net/fib_trie\x00') sendfile(r0, r1, 0x0, 0x0) 06:15:06 executing program 1: r0 = creat(&(0x7f0000000100)='./bus\x00', 0x0) r1 = open(&(0x7f0000000440)='./bus\x00', 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) write$cgroup_type(r2, &(0x7f00000009c0)='threaded\x00', 0xd4ba0ff) dup3(r1, r0, 0x0) io_setup(0x40000000008, &(0x7f0000000240)=0x0) creat(&(0x7f0000000040)='./bus\x00', 0x0) io_submit(r3, 0x8, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, r0, &(0x7f0000000000), 0x200a00}]) [ 851.191407][ T28] audit: type=1804 audit(1590300906.184:426): pid=21258 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir823060754/syzkaller.BH26Mm/517/bus" dev="sda1" ino=16362 res=1 [ 851.254918][ T28] audit: type=1804 audit(1590300906.184:427): pid=21258 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir823060754/syzkaller.BH26Mm/517/bus" dev="sda1" ino=16362 res=1 [ 851.506455][ T28] audit: type=1804 audit(1590300906.494:428): pid=21261 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir823060754/syzkaller.BH26Mm/517/bus" dev="sda1" ino=16362 res=1 06:15:08 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102385, 0x18ff1}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x126, &(0x7f00000193c0)="f7f258480aa4ce20d179e70076cc036a2a1605000000320800000000000000a172903acab90671ffbb70cef20d945aa586d65a3d7f02224c14f1bdd7d464089414700000000000d384d29308f038cb863cce9acc92b74162953f799a801e4f0a49bd983a793d0f756d427b702ca97d7ba31392f173f30271fa144340a90d74208ee26834d00e37642d03645ffbe9e50affba1233832cbf4882a813cb286fcf95f9db2dd885905284f167992356c7667b5f2e5dddb33f7b43e9988f2c5ebe21e47dc96e22e3d9b9a00a153f2534b2302c88a1d58ac9defdb908981b674ae9470a1a00c47bcc6f9b2d875f101167322be2bfef76a9d17317abc90ab10880ef5ae883053823dc9c2a67c1b51cbcc45af13b649a7d860df49873b7d80b1caaae549e581dd3c8d960"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 06:15:08 executing program 3: r0 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @dev, 0x4}, 0x1c) r1 = syz_open_procfs(0x0, &(0x7f0000000180)='net/fib_trie\x00') sendfile(r0, r1, 0x0, 0x0) 06:15:08 executing program 2: prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setattr(r0, 0x0, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x9}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sched_setattr(0x0, &(0x7f0000000180)={0x38, 0x1, 0x0, 0x0, 0x3}, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000000200)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r2 = open(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) fchdir(r2) r3 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ftruncate(r3, 0x800) lseek(r3, 0x0, 0x2) r4 = open(&(0x7f0000001840)='./bus\x00', 0x80, 0x0) sendfile(r3, r4, 0x0, 0x0) creat(&(0x7f0000000100)='./bus\x00', 0xa0) 06:15:08 executing program 1: r0 = creat(&(0x7f0000000100)='./bus\x00', 0x0) r1 = open(&(0x7f0000000440)='./bus\x00', 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) write$cgroup_type(r2, &(0x7f00000009c0)='threaded\x00', 0xd4ba0ff) dup3(r1, r0, 0x0) io_setup(0x40000000008, &(0x7f0000000240)=0x0) creat(&(0x7f0000000040)='./bus\x00', 0x0) io_submit(r3, 0x8, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, r0, &(0x7f0000000000), 0x200a00}]) [ 853.393119][ T28] audit: type=1804 audit(1590300908.384:429): pid=21272 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir823060754/syzkaller.BH26Mm/518/bus" dev="sda1" ino=16367 res=1 [ 853.443667][ T28] audit: type=1804 audit(1590300908.384:430): pid=21272 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir823060754/syzkaller.BH26Mm/518/bus" dev="sda1" ino=16367 res=1 [ 853.533566][ T28] audit: type=1804 audit(1590300908.524:431): pid=21276 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir182037091/syzkaller.fFo22x/448/file0/bus" dev="loop2" ino=162 res=1 [ 853.599295][ T28] audit: type=1804 audit(1590300908.524:432): pid=21276 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir182037091/syzkaller.fFo22x/448/file0/bus" dev="loop2" ino=162 res=1 06:15:08 executing program 5: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r2, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102385, 0x18ff1}], 0x3, 0x0, 0x0, 0x0) tkill(r2, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @ext={0x15, &(0x7f00000193c0)="f7f258480aa42220e779e70076cc036a2a16050000"}}], 0x1c) ptrace$setregs(0xd, r2, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r2, 0x0, 0x0) 06:15:08 executing program 3: r0 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @dev, 0x4}, 0x1c) r1 = syz_open_procfs(0x0, &(0x7f0000000180)='net/fib_trie\x00') sendfile(r0, r1, 0x0, 0x0) 06:15:08 executing program 0: sendmmsg$inet(0xffffffffffffffff, &(0x7f0000000080)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0, 0xfffffd6b, &(0x7f0000000380)}}], 0x2, 0x0) r0 = gettid() prctl$PR_SET_PTRACER(0x59616d61, r0) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000740)="0f34", 0x2}], 0x1, 0x0) ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f00000000c0)={@mcast2, 0xe}) ptrace$setopts(0x4206, r1, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000140)=""/71, 0x47}], 0x3, 0x0, 0x0, 0x0) tkill(r1, 0x3c) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, 0x0, 0x0, 0x0) 06:15:08 executing program 3: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000280)={0xffffffffffffffff}) close(r0) r1 = socket$inet(0x2, 0x2, 0x0) bind$inet(r1, 0x0, 0x0) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x6, &(0x7f0000000040)=0xf1, 0x4) perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0x69, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000a00)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x28000000, 0x6}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000080)={0x0, 0x70, 0x0, 0x1, 0x0, 0x5, 0x0, 0x733956a5, 0xa2244, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x2, @perf_bp={0x0, 0x8}, 0x0, 0x8, 0x3, 0x0, 0x3ff}, 0xffffffffffffffff, 0x4, 0xffffffffffffffff, 0x1) ftruncate(0xffffffffffffffff, 0x1000000) bind$inet(0xffffffffffffffff, 0x0, 0x0) semget(0x3, 0x0, 0x48) r2 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r2, &(0x7f0000000040)={0xa, 0x0, 0x0, @dev, 0x4}, 0x1c) r3 = syz_open_procfs(0x0, &(0x7f0000000180)='net/fib_trie\x00') sendfile(r2, r3, 0x0, 0xedc0) sendto$inet(r1, 0x0, 0x0, 0x8084, &(0x7f0000319ff0)={0x2, 0x4e20}, 0x10) [ 853.956373][ T28] audit: type=1804 audit(1590300908.944:433): pid=21275 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir823060754/syzkaller.BH26Mm/518/bus" dev="sda1" ino=16367 res=1 06:15:09 executing program 3: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000140)=ANY=[@ANYBLOB="66696c74657200000000000000000000000000000000000000000000000000000e000000040000008003000092110b1fead921ca62da4e6073a70801000000000000d8010000d8010000d8010000b0020000b0020000b0020000b0020000b00200000400000000000000000000000000000000000000000000000000000000000000000000000000000000edffffffffffffff00000000000000000000000000000000000000000000000000000000000000020000020000000000000000000000000000000000000000000000000000000000000000000000000000001400000000000800000000000000000000000000000000000000000000a8000801000000ecffffff00000000000000000000000000000000006000484d41524b00000000000000000000000000000000000000000000000000ff0100000000000000000000000600010000000000000000000000000000000000000000000000000000000000000000008e7ea9570000000000000000000000fe92ec64ab0303f14600000000000001fe8800000001010000000000000000010000000000af0003000000000000d964277672af37f20000000000010000000072f93f0000000000000000000000003c6e657464657673696d300000000000000000000000231b00000000000000000000000000000000000000000000000000000000000000000000000000a800d000000000000000000000000000000000008000100000000000280052454a454354000000000000000000000000000004000000000000000000ef00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d000000000000000000000000000000000000000000000000000000000009000002000000009a94000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000004442a800d800000000010000000000000000000000000000000000000000300053455400000000000000020000000000000000b041d2c600000000000002000006000000060600000000000882000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a800d00000c70700000000000000000000000000000000000000000028000000000000000000cd00"/988], 0x1) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x0, 0x1, &(0x7f0000000040)=ANY=[@ANYBLOB="b4050000000057e3"], 0x0, 0x0, 0xfffffffffffffe1a, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r1, 0x1, 0x14, &(0x7f0000000040), 0x50) accept(r1, 0x0, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) 06:15:09 executing program 1: r0 = creat(&(0x7f0000000100)='./bus\x00', 0x0) r1 = open(&(0x7f0000000440)='./bus\x00', 0x6500, 0x0) r2 = creat(0x0, 0x0) write$cgroup_type(r2, &(0x7f00000009c0)='threaded\x00', 0xd4ba0ff) dup3(r1, r0, 0x0) io_setup(0x40000000008, &(0x7f0000000240)=0x0) creat(&(0x7f0000000040)='./bus\x00', 0x0) io_submit(r3, 0x8, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, r0, &(0x7f0000000000), 0x200a00}]) [ 854.160891][T21299] sock: sock_set_timeout: `syz-executor.3' (pid 21299) tries to set negative timeout [ 854.192680][T21300] sock: sock_set_timeout: `syz-executor.3' (pid 21300) tries to set negative timeout 06:15:09 executing program 2: prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setattr(r0, 0x0, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x9}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sched_setattr(0x0, &(0x7f0000000180)={0x38, 0x1, 0x0, 0x0, 0x3}, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000000200)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r2 = open(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) fchdir(r2) r3 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ftruncate(r3, 0x800) lseek(r3, 0x0, 0x2) r4 = open(&(0x7f0000001840)='./bus\x00', 0x80, 0x0) sendfile(r3, r4, 0x0, 0x0) creat(&(0x7f0000000100)='./bus\x00', 0xa0) 06:15:09 executing program 3: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000080)='./cgroup/syz0\x00', 0x200002, 0x0) fchdir(r0) r1 = open(&(0x7f0000000280)='.\x00', 0x0, 0x0) r2 = inotify_init() inotify_add_watch(r2, &(0x7f0000000080)='.\x00', 0xfe) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) fchmodat(r1, &(0x7f00000000c0)='./file0\x00', 0x0) [ 854.297164][ T28] audit: type=1804 audit(1590300909.294:434): pid=21303 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir823060754/syzkaller.BH26Mm/519/bus" dev="sda1" ino=16381 res=1 [ 854.322816][ T28] audit: type=1800 audit(1590300909.294:435): pid=21303 uid=0 auid=0 ses=4 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="bus" dev="sda1" ino=16381 res=0 [ 854.345457][ T28] audit: type=1804 audit(1590300909.294:436): pid=21303 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir823060754/syzkaller.BH26Mm/519/bus" dev="sda1" ino=16381 res=1 [ 854.503348][ T28] audit: type=1804 audit(1590300909.494:437): pid=21313 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir182037091/syzkaller.fFo22x/449/file0/bus" dev="loop2" ino=163 res=1 [ 854.534494][ T28] audit: type=1804 audit(1590300909.494:438): pid=21313 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir182037091/syzkaller.fFo22x/449/file0/bus" dev="loop2" ino=163 res=1 06:15:11 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102385, 0x18ff1}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x126, &(0x7f00000193c0)="f7f258480aa4ce20d179e70076cc036a2a1605000000320800000000000000a172903acab90671ffbb70cef20d945aa586d65a3d7f02224c14f1bdd7d464089414700000000000d384d29308f038cb863cce9acc92b74162953f799a801e4f0a49bd983a793d0f756d427b702ca97d7ba31392f173f30271fa144340a90d74208ee26834d00e37642d03645ffbe9e50affba1233832cbf4882a813cb286fcf95f9db2dd885905284f167992356c7667b5f2e5dddb33f7b43e9988f2c5ebe21e47dc96e22e3d9b9a00a153f2534b2302c88a1d58ac9defdb908981b674ae9470a1a00c47bcc6f9b2d875f101167322be2bfef76a9d17317abc90ab10880ef5ae883053823dc9c2a67c1b51cbcc45af13b649a7d860df49873b7d80b1caaae549e581dd3c8d960"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 06:15:11 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) write$FUSE_LK(0xffffffffffffffff, &(0x7f00000000c0)={0x28, 0x0, 0x0, {{0x1}}}, 0x28) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102400, 0x19000}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x33) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 06:15:11 executing program 1: r0 = creat(&(0x7f0000000100)='./bus\x00', 0x0) r1 = open(&(0x7f0000000440)='./bus\x00', 0x6500, 0x0) r2 = creat(0x0, 0x0) write$cgroup_type(r2, &(0x7f00000009c0)='threaded\x00', 0xd4ba0ff) dup3(r1, r0, 0x0) io_setup(0x40000000008, &(0x7f0000000240)=0x0) creat(&(0x7f0000000040)='./bus\x00', 0x0) io_submit(r3, 0x8, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, r0, &(0x7f0000000000), 0x200a00}]) 06:15:11 executing program 2: prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setattr(r0, 0x0, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x9}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sched_setattr(0x0, &(0x7f0000000180)={0x38, 0x1, 0x0, 0x0, 0x3}, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000000200)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r2 = open(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) fchdir(r2) r3 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ftruncate(r3, 0x800) lseek(r3, 0x0, 0x2) r4 = open(&(0x7f0000001840)='./bus\x00', 0x80, 0x0) sendfile(r3, r4, 0x0, 0x0) creat(&(0x7f0000000100)='./bus\x00', 0xa0) 06:15:11 executing program 5: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r2, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102385, 0x18ff1}], 0x3, 0x0, 0x0, 0x0) tkill(r2, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @ext={0x15, &(0x7f00000193c0)="f7f258480aa42220e779e70076cc036a2a16050000"}}], 0x1c) ptrace$setregs(0xd, r2, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r2, 0x0, 0x0) 06:15:11 executing program 1: r0 = creat(&(0x7f0000000100)='./bus\x00', 0x0) r1 = open(&(0x7f0000000440)='./bus\x00', 0x6500, 0x0) r2 = creat(0x0, 0x0) write$cgroup_type(r2, &(0x7f00000009c0)='threaded\x00', 0xd4ba0ff) dup3(r1, r0, 0x0) io_setup(0x40000000008, &(0x7f0000000240)=0x0) creat(&(0x7f0000000040)='./bus\x00', 0x0) io_submit(r3, 0x8, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, r0, &(0x7f0000000000), 0x200a00}]) 06:15:11 executing program 0: sendmmsg$inet(0xffffffffffffffff, &(0x7f0000000080)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0, 0xfffffd6b, &(0x7f0000000380)}}], 0x2, 0x0) r0 = gettid() prctl$PR_SET_PTRACER(0x59616d61, r0) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000740)="0f34", 0x2}], 0x1, 0x0) ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f00000000c0)={@mcast2, 0xe}) ptrace$setopts(0x4206, r1, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000140)=""/71, 0x47}], 0x3, 0x0, 0x0, 0x0) tkill(r1, 0x3c) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, 0x0, 0x0, 0x0) 06:15:11 executing program 5: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r2, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102385, 0x18ff1}], 0x3, 0x0, 0x0, 0x0) tkill(r2, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @ext={0x15, &(0x7f00000193c0)="f7f258480aa42220e779e70076cc036a2a16050000"}}], 0x1c) ptrace$setregs(0xd, r2, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r2, 0x0, 0x0) 06:15:11 executing program 1: r0 = creat(&(0x7f0000000100)='./bus\x00', 0x0) r1 = open(&(0x7f0000000440)='./bus\x00', 0x6500, 0x0) creat(&(0x7f0000000000)='./bus\x00', 0x0) write$cgroup_type(0xffffffffffffffff, &(0x7f00000009c0)='threaded\x00', 0xd4ba0ff) dup3(r1, r0, 0x0) io_setup(0x40000000008, &(0x7f0000000240)=0x0) creat(&(0x7f0000000040)='./bus\x00', 0x0) io_submit(r2, 0x8, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, r0, &(0x7f0000000000), 0x200a00}]) 06:15:12 executing program 1: r0 = creat(&(0x7f0000000100)='./bus\x00', 0x0) r1 = open(&(0x7f0000000440)='./bus\x00', 0x6500, 0x0) creat(&(0x7f0000000000)='./bus\x00', 0x0) write$cgroup_type(0xffffffffffffffff, &(0x7f00000009c0)='threaded\x00', 0xd4ba0ff) dup3(r1, r0, 0x0) io_setup(0x40000000008, &(0x7f0000000240)=0x0) creat(&(0x7f0000000040)='./bus\x00', 0x0) io_submit(r2, 0x8, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, r0, &(0x7f0000000000), 0x200a00}]) 06:15:12 executing program 2: prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setattr(r0, 0x0, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x9}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sched_setattr(0x0, &(0x7f0000000180)={0x38, 0x1, 0x0, 0x0, 0x3}, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000000200)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r2 = open(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) fchdir(r2) r3 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ftruncate(r3, 0x800) lseek(r3, 0x0, 0x2) r4 = open(&(0x7f0000001840)='./bus\x00', 0x80, 0x0) sendfile(r3, r4, 0x0, 0x8400fffffffa) creat(0x0, 0xa0) 06:15:12 executing program 1: r0 = creat(&(0x7f0000000100)='./bus\x00', 0x0) r1 = open(&(0x7f0000000440)='./bus\x00', 0x6500, 0x0) creat(&(0x7f0000000000)='./bus\x00', 0x0) write$cgroup_type(0xffffffffffffffff, &(0x7f00000009c0)='threaded\x00', 0xd4ba0ff) dup3(r1, r0, 0x0) io_setup(0x40000000008, &(0x7f0000000240)=0x0) creat(&(0x7f0000000040)='./bus\x00', 0x0) io_submit(r2, 0x8, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, r0, &(0x7f0000000000), 0x200a00}]) [ 858.158587][ T7] attempt to access beyond end of device [ 858.164299][ T7] loop2: rw=1, want=78, limit=63 [ 858.169874][ T7] buffer_io_error: 14 callbacks suppressed [ 858.169882][ T7] Buffer I/O error on dev loop2, logical block 77, lost async page write [ 858.184900][ T7] attempt to access beyond end of device [ 858.190804][ T7] loop2: rw=1, want=79, limit=63 [ 858.195733][ T7] Buffer I/O error on dev loop2, logical block 78, lost async page write [ 858.205041][ T7] attempt to access beyond end of device [ 858.211947][ T7] loop2: rw=1, want=80, limit=63 [ 858.219635][ T7] Buffer I/O error on dev loop2, logical block 79, lost async page write [ 858.228587][ T7] attempt to access beyond end of device [ 858.234223][ T7] loop2: rw=1, want=81, limit=63 [ 858.240058][ T7] Buffer I/O error on dev loop2, logical block 80, lost async page write [ 858.249176][ T7] attempt to access beyond end of device [ 858.254798][ T7] loop2: rw=1, want=130, limit=63 [ 858.260358][ T7] Buffer I/O error on dev loop2, logical block 129, lost async page write [ 858.269513][ T7] attempt to access beyond end of device [ 858.275162][ T7] loop2: rw=1, want=131, limit=63 [ 858.280630][ T7] Buffer I/O error on dev loop2, logical block 130, lost async page write [ 858.289781][ T7] attempt to access beyond end of device [ 858.295408][ T7] loop2: rw=1, want=132, limit=63 [ 858.301026][ T7] Buffer I/O error on dev loop2, logical block 131, lost async page write [ 858.310090][ T7] attempt to access beyond end of device [ 858.315758][ T7] loop2: rw=1, want=133, limit=63 [ 858.321461][ T7] Buffer I/O error on dev loop2, logical block 132, lost async page write [ 858.331370][ T7] attempt to access beyond end of device [ 858.337399][ T7] loop2: rw=1, want=142, limit=63 [ 858.342443][ T7] Buffer I/O error on dev loop2, logical block 141, lost async page write [ 858.351501][ T7] attempt to access beyond end of device [ 858.357542][ T7] loop2: rw=1, want=143, limit=63 [ 858.362610][ T7] Buffer I/O error on dev loop2, logical block 142, lost async page write [ 858.371766][ T7] attempt to access beyond end of device [ 858.377814][ T7] loop2: rw=1, want=144, limit=63 [ 858.382853][ T7] attempt to access beyond end of device [ 858.389064][ T7] loop2: rw=1, want=145, limit=63 [ 858.397386][ T7] attempt to access beyond end of device [ 858.403004][ T7] loop2: rw=1, want=2201, limit=63 [ 858.412759][ T7] attempt to access beyond end of device [ 858.418915][ T7] loop2: rw=1, want=4249, limit=63 [ 858.429096][ T7] attempt to access beyond end of device [ 858.434747][ T7] loop2: rw=1, want=6297, limit=63 [ 858.445046][ T7] attempt to access beyond end of device [ 858.451069][ T7] loop2: rw=1, want=8345, limit=63 [ 858.460625][ T7] attempt to access beyond end of device [ 858.466752][ T7] loop2: rw=1, want=10393, limit=63 [ 858.476775][ T7] attempt to access beyond end of device [ 858.482412][ T7] loop2: rw=1, want=12441, limit=63 [ 858.492674][ T7] attempt to access beyond end of device [ 858.498650][ T7] loop2: rw=1, want=14489, limit=63 [ 858.510477][ T7] attempt to access beyond end of device [ 858.516620][ T7] loop2: rw=1, want=17961, limit=63 [ 858.530595][ T7] attempt to access beyond end of device [ 858.536310][ T7] loop2: rw=1, want=22057, limit=63 [ 858.550429][ T7] attempt to access beyond end of device [ 858.556648][ T7] loop2: rw=1, want=26153, limit=63 [ 858.569194][ T7] attempt to access beyond end of device [ 858.574843][ T7] loop2: rw=1, want=28965, limit=63 06:15:14 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102385, 0x18ff1}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x127, &(0x7f00000193c0)="f7f258480aa4ce20d179e70076cc036a2a1605000000320800000000000000a172903acab90671ffbb70cef20d945aa586d65a3d7f02224c14f1bdd7d464089414700000000000d384d29308f038cb863cce9acc92b74162953f799a801e4f0a49bd983a793d0f756d427b702ca97d7ba31392f173f30271fa144340a90d74208ee26834d00e37642d03645ffbe9e50affba1233832cbf4882a813cb286fcf95f9db2dd885905284f167992356c7667b5f2e5dddb33f7b43e9988f2c5ebe21e47dc96e22e3d9b9a00a153f2534b2302c88a1d58ac9defdb908981b674ae9470a1a00c47bcc6f9b2d875f101167322be2bfef76a9d17317abc90ab10880ef5ae883053823dc9c2a67c1b51cbcc45af13b649a7d860df49873b7d80b1caaae549e581dd3c8d96032"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 06:15:14 executing program 1: r0 = creat(&(0x7f0000000100)='./bus\x00', 0x0) r1 = open(&(0x7f0000000440)='./bus\x00', 0x6500, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) write$cgroup_type(r2, 0x0, 0x0) dup3(r1, r0, 0x0) io_setup(0x40000000008, &(0x7f0000000240)=0x0) creat(&(0x7f0000000040)='./bus\x00', 0x0) io_submit(r3, 0x8, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, r0, &(0x7f0000000000), 0x200a00}]) 06:15:14 executing program 2: prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setattr(r0, 0x0, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x9}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sched_setattr(0x0, &(0x7f0000000180)={0x38, 0x1, 0x0, 0x0, 0x3}, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000000200)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r2 = open(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) fchdir(r2) r3 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ftruncate(r3, 0x800) lseek(r3, 0x0, 0x2) r4 = open(&(0x7f0000001840)='./bus\x00', 0x80, 0x0) sendfile(r3, r4, 0x0, 0x8400fffffffa) creat(0x0, 0xa0) 06:15:14 executing program 3: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_LIST(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=ANY=[@ANYBLOB="1c000000070601010000000000000000000000000600010006"], 0x1c}}, 0x0) [ 859.484713][T21385] netlink: 'syz-executor.3': attribute type 1 has an invalid length. [ 859.498742][ T28] kauditd_printk_skb: 21 callbacks suppressed [ 859.498762][ T28] audit: type=1804 audit(1590300914.494:460): pid=21388 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir823060754/syzkaller.BH26Mm/525/bus" dev="sda1" ino=16362 res=1 [ 859.537195][T21385] netlink: 'syz-executor.3': attribute type 1 has an invalid length. [ 859.555771][ T28] audit: type=1800 audit(1590300914.494:461): pid=21388 uid=0 auid=0 ses=4 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="bus" dev="sda1" ino=16362 res=0 06:15:14 executing program 3: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff}) timer_create(0x0, &(0x7f0000000300)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000080)) timer_settime(0x0, 0x0, &(0x7f0000000100)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) timer_create(0x0, &(0x7f00000000c0)={0x0, 0x14}, &(0x7f0000000200)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) clone(0x13102001ffa, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) socket(0x0, 0x0, 0x0) poll(0x0, 0x0, 0x204) nanosleep(&(0x7f0000000000)={0x77359400}, &(0x7f0000000040)) r2 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) [ 859.593480][ T28] audit: type=1804 audit(1590300914.494:462): pid=21388 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir823060754/syzkaller.BH26Mm/525/bus" dev="sda1" ino=16362 res=1 06:15:14 executing program 1: r0 = creat(&(0x7f0000000100)='./bus\x00', 0x0) r1 = open(&(0x7f0000000440)='./bus\x00', 0x6500, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) write$cgroup_type(r2, 0x0, 0x0) dup3(r1, r0, 0x0) io_setup(0x40000000008, &(0x7f0000000240)=0x0) creat(&(0x7f0000000040)='./bus\x00', 0x0) io_submit(r3, 0x8, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, r0, &(0x7f0000000000), 0x200a00}]) [ 859.701645][ T28] audit: type=1804 audit(1590300914.494:463): pid=21388 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir823060754/syzkaller.BH26Mm/525/bus" dev="sda1" ino=16362 res=1 [ 859.793963][ T28] audit: type=1804 audit(1590300914.604:464): pid=21391 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir182037091/syzkaller.fFo22x/452/file0/bus" dev="loop2" ino=166 res=1 06:15:14 executing program 0: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x69, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = creat(&(0x7f0000000280)='./bus\x00', 0x0) setxattr$trusted_overlay_upper(&(0x7f0000000100)='./bus\x00', &(0x7f0000000140)='trusted.overlay.upper\x00', &(0x7f0000000440)={0x0, 0xfb, 0x39, 0x0, 0x0, "6bd89d96b6b44a7ed9dae77573aabbbf", "710f5494a9f4c0d8ba5e87d1ec94219fc88fe127cbd26a5a21a2ab98c2e2a5d81985f96a"}, 0x39, 0x0) ftruncate(r0, 0x0) [ 859.869768][ T28] audit: type=1804 audit(1590300914.795:465): pid=21404 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir823060754/syzkaller.BH26Mm/526/bus" dev="sda1" ino=16383 res=1 06:15:14 executing program 5: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r2, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102385, 0x18ff1}], 0x3, 0x0, 0x0, 0x0) tkill(r2, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @ext={0x20, &(0x7f00000193c0)="f7f258480aa42220e779e70076cc036a2a160500000032a56f7259e480249950"}}], 0x1c) ptrace$setregs(0xd, r2, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r2, 0x0, 0x0) 06:15:14 executing program 1: r0 = creat(&(0x7f0000000100)='./bus\x00', 0x0) r1 = open(&(0x7f0000000440)='./bus\x00', 0x6500, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) write$cgroup_type(r2, 0x0, 0x0) dup3(r1, r0, 0x0) io_setup(0x40000000008, &(0x7f0000000240)=0x0) creat(&(0x7f0000000040)='./bus\x00', 0x0) io_submit(r3, 0x8, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, r0, &(0x7f0000000000), 0x200a00}]) [ 859.991309][ T28] audit: type=1800 audit(1590300914.795:466): pid=21404 uid=0 auid=0 ses=4 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="bus" dev="sda1" ino=16383 res=0 [ 860.057955][ T28] audit: type=1804 audit(1590300914.795:467): pid=21404 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir823060754/syzkaller.BH26Mm/526/bus" dev="sda1" ino=16383 res=1 06:15:15 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @ext={0x2b, &(0x7f00000002c0)="94a4b04e04000000000000002b615ac5ee9a8f8cbeaf99cfc4dedd20494d4b895b5804ef58d7cee1761cd1"}}], 0x1c) wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)}, {&(0x7f0000000000)="0832f497d38350418e4bb321019511dc5df26e9a0b90cb6974f527cc14538d1efb1ffe03284f6d33265be9c604c893f20e96beeb2aa4c457ac37a3a3f1ce8682500fcecd80", 0x45}], 0x2, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0xf) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = fcntl$dupfd(r2, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ptrace$cont(0x7, r0, 0x0, 0x0) [ 860.122082][ T28] audit: type=1804 audit(1590300914.805:468): pid=21404 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir823060754/syzkaller.BH26Mm/526/bus" dev="sda1" ino=16383 res=1 [ 860.207898][ T28] audit: type=1804 audit(1590300915.075:469): pid=21415 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir823060754/syzkaller.BH26Mm/527/bus" dev="sda1" ino=16380 res=1 06:15:15 executing program 1: r0 = creat(&(0x7f0000000100)='./bus\x00', 0x0) open(&(0x7f0000000440)='./bus\x00', 0x6500, 0x0) r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0xd4ba0ff) dup3(0xffffffffffffffff, r0, 0x0) io_setup(0x40000000008, &(0x7f0000000240)=0x0) creat(&(0x7f0000000040)='./bus\x00', 0x0) io_submit(r2, 0x8, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, r0, &(0x7f0000000000), 0x200a00}]) 06:15:15 executing program 2: prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setattr(r0, 0x0, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x9}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sched_setattr(0x0, &(0x7f0000000180)={0x38, 0x1, 0x0, 0x0, 0x3}, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000000200)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r2 = open(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) fchdir(r2) r3 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ftruncate(r3, 0x800) lseek(r3, 0x0, 0x2) r4 = open(&(0x7f0000001840)='./bus\x00', 0x80, 0x0) sendfile(r3, r4, 0x0, 0x8400fffffffa) creat(0x0, 0xa0) [ 860.346797][ T7] attempt to access beyond end of device [ 860.352451][ T7] loop2: rw=1, want=78, limit=63 [ 860.386017][ T7] attempt to access beyond end of device [ 860.391657][ T7] loop2: rw=1, want=79, limit=63 [ 860.405957][ T7] attempt to access beyond end of device [ 860.411622][ T7] loop2: rw=1, want=80, limit=63 [ 860.438025][ T7] attempt to access beyond end of device [ 860.443679][ T7] loop2: rw=1, want=81, limit=63 [ 860.458986][ T7] attempt to access beyond end of device [ 860.464633][ T7] loop2: rw=1, want=130, limit=63 [ 860.483043][ T7] attempt to access beyond end of device [ 860.488825][ T7] loop2: rw=1, want=131, limit=63 [ 860.493858][ T7] attempt to access beyond end of device [ 860.507255][ T7] loop2: rw=1, want=132, limit=63 [ 860.518506][ T7] attempt to access beyond end of device [ 860.524254][ T7] loop2: rw=1, want=133, limit=63 [ 860.545979][ T7] attempt to access beyond end of device [ 860.551661][ T7] loop2: rw=1, want=142, limit=63 [ 860.576129][ T7] attempt to access beyond end of device [ 860.581830][ T7] loop2: rw=1, want=143, limit=63 [ 860.606006][ T7] attempt to access beyond end of device [ 860.611737][ T7] loop2: rw=1, want=144, limit=63 [ 860.635979][ T7] attempt to access beyond end of device [ 860.641839][ T7] loop2: rw=1, want=145, limit=63 [ 860.663373][ T7] attempt to access beyond end of device [ 860.669910][ T7] loop2: rw=1, want=2289, limit=63 [ 860.684945][ T7] attempt to access beyond end of device [ 860.690983][ T7] loop2: rw=1, want=4337, limit=63 [ 860.703428][ T7] attempt to access beyond end of device [ 860.709883][ T7] loop2: rw=1, want=6385, limit=63 [ 860.718167][ T7] attempt to access beyond end of device [ 860.723931][ T7] loop2: rw=1, want=6525, limit=63 [ 861.733010][ T7] attempt to access beyond end of device [ 861.741017][ T7] loop2: rw=1, want=78, limit=63 [ 861.746925][ T7] attempt to access beyond end of device [ 861.752548][ T7] loop2: rw=1, want=79, limit=63 [ 861.758077][ T7] attempt to access beyond end of device [ 861.763721][ T7] loop2: rw=1, want=80, limit=63 [ 861.769316][ T7] attempt to access beyond end of device [ 861.774989][ T7] loop2: rw=1, want=81, limit=63 [ 861.780798][ T7] attempt to access beyond end of device [ 861.786753][ T7] loop2: rw=1, want=130, limit=63 [ 861.791785][ T7] attempt to access beyond end of device [ 861.798218][ T7] loop2: rw=1, want=131, limit=63 [ 861.803452][ T7] attempt to access beyond end of device [ 861.809620][ T7] loop2: rw=1, want=132, limit=63 [ 861.814786][ T7] attempt to access beyond end of device [ 861.820514][ T7] loop2: rw=1, want=133, limit=63 [ 861.825578][ T7] attempt to access beyond end of device [ 861.831968][ T7] loop2: rw=1, want=142, limit=63 [ 861.837154][ T7] attempt to access beyond end of device [ 861.842843][ T7] loop2: rw=1, want=143, limit=63 [ 861.847947][ T7] attempt to access beyond end of device [ 861.853640][ T7] loop2: rw=1, want=144, limit=63 [ 861.858737][ T7] attempt to access beyond end of device [ 861.864405][ T7] loop2: rw=1, want=145, limit=63 [ 861.872807][ T7] attempt to access beyond end of device [ 861.879282][ T7] loop2: rw=1, want=2265, limit=63 [ 861.889281][ T7] attempt to access beyond end of device [ 861.894908][ T7] loop2: rw=1, want=4321, limit=63 [ 861.904066][ T7] attempt to access beyond end of device [ 861.909765][ T7] loop2: rw=1, want=6369, limit=63 [ 861.918926][ T7] attempt to access beyond end of device [ 861.924542][ T7] loop2: rw=1, want=8417, limit=63 [ 861.933657][ T7] attempt to access beyond end of device [ 861.939323][ T7] loop2: rw=1, want=10465, limit=63 [ 861.949297][ T7] attempt to access beyond end of device [ 861.954922][ T7] loop2: rw=1, want=12513, limit=63 [ 861.964166][ T7] attempt to access beyond end of device [ 861.969872][ T7] loop2: rw=1, want=14561, limit=63 [ 861.981088][ T7] attempt to access beyond end of device [ 861.987605][ T7] loop2: rw=1, want=18377, limit=63 [ 862.000680][ T7] attempt to access beyond end of device [ 862.006337][ T7] loop2: rw=1, want=22473, limit=63 [ 862.019663][ T7] attempt to access beyond end of device [ 862.025371][ T7] loop2: rw=1, want=26569, limit=63 [ 862.039345][ T7] attempt to access beyond end of device [ 862.045097][ T7] loop2: rw=1, want=30245, limit=63 06:15:17 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102385, 0x18ff1}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x127, &(0x7f00000193c0)="f7f258480aa4ce20d179e70076cc036a2a1605000000320800000000000000a172903acab90671ffbb70cef20d945aa586d65a3d7f02224c14f1bdd7d464089414700000000000d384d29308f038cb863cce9acc92b74162953f799a801e4f0a49bd983a793d0f756d427b702ca97d7ba31392f173f30271fa144340a90d74208ee26834d00e37642d03645ffbe9e50affba1233832cbf4882a813cb286fcf95f9db2dd885905284f167992356c7667b5f2e5dddb33f7b43e9988f2c5ebe21e47dc96e22e3d9b9a00a153f2534b2302c88a1d58ac9defdb908981b674ae9470a1a00c47bcc6f9b2d875f101167322be2bfef76a9d17317abc90ab10880ef5ae883053823dc9c2a67c1b51cbcc45af13b649a7d860df49873b7d80b1caaae549e581dd3c8d96032"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 06:15:17 executing program 3: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) prctl$PR_SET_TSC(0x1a, 0x2) 06:15:17 executing program 1: r0 = creat(&(0x7f0000000100)='./bus\x00', 0x0) open(&(0x7f0000000440)='./bus\x00', 0x6500, 0x0) r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0xd4ba0ff) dup3(0xffffffffffffffff, r0, 0x0) io_setup(0x40000000008, &(0x7f0000000240)=0x0) creat(&(0x7f0000000040)='./bus\x00', 0x0) io_submit(r2, 0x8, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, r0, &(0x7f0000000000), 0x200a00}]) 06:15:17 executing program 2: prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setattr(r0, 0x0, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x9}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sched_setattr(0x0, &(0x7f0000000180)={0x38, 0x1, 0x0, 0x0, 0x3}, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000000200)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r2 = open(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) fchdir(r2) r3 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ftruncate(r3, 0x800) lseek(r3, 0x0, 0x2) r4 = open(&(0x7f0000001840)='./bus\x00', 0x80, 0x0) sendfile(r3, r4, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0x0) 06:15:17 executing program 3: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000280)={0xffffffffffffffff}) close(r0) r1 = socket$inet(0x2, 0x2, 0x0) bind$inet(r1, &(0x7f0000000240)={0x2, 0x4e20}, 0x10) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x6, &(0x7f0000000040)=0xf1, 0x4) perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0x69, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000a00)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x6}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000080)={0x0, 0x70, 0x0, 0x1, 0x0, 0x5, 0x0, 0x733956a5, 0xa2244, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x3, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x2, @perf_bp={&(0x7f0000000000), 0x8}, 0x81044, 0x8, 0x3, 0x0, 0x3ff, 0x15, 0x6}, 0xffffffffffffffff, 0x4, 0xffffffffffffffff, 0x1) ftruncate(0xffffffffffffffff, 0x1000000) bind$inet(0xffffffffffffffff, 0x0, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r2, &(0x7f0000000040)={0xa, 0x0, 0x0, @dev, 0x4}, 0x1c) r3 = syz_open_procfs(0x0, &(0x7f0000000180)='net/fib_trie\x00') sendfile(r2, r3, 0x0, 0xedc0) sendto$inet(r1, &(0x7f00000002c0)="f6c51e76637c84aa63277a25009cf612526dd03721821c3215dd77b27446fef9659c6c174ca3f32a29a94b64a2ad465427439946c2aff3ee0bc2a2d6cf75a64d76b2f29b49", 0x45, 0x0, 0x0, 0x0) 06:15:18 executing program 3: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000280)={0xffffffffffffffff}) close(r0) r1 = socket$inet(0x2, 0x2, 0x0) bind$inet(r1, &(0x7f0000000240)={0x2, 0x4e20}, 0x10) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x6, &(0x7f0000000040)=0xf1, 0x4) perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0x69, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000a00)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x28000000, 0x6}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ftruncate(0xffffffffffffffff, 0x1000000) bind$inet(0xffffffffffffffff, 0x0, 0x0) semget(0x3, 0x0, 0x48) r2 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r2, &(0x7f0000000040)={0xa, 0x0, 0x0, @dev, 0x4}, 0x1c) r3 = syz_open_procfs(0x0, &(0x7f0000000180)='net/fib_trie\x00') sendfile(r2, r3, 0x0, 0xedc0) sendto$inet(r1, 0x0, 0x0, 0x8084, &(0x7f0000319ff0)={0x2, 0x4e20}, 0x10) 06:15:18 executing program 5: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r2, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102385, 0x18ff1}], 0x3, 0x0, 0x0, 0x0) tkill(r2, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @ext={0x20, &(0x7f00000193c0)="f7f258480aa42220e779e70076cc036a2a160500000032a56f7259e480249950"}}], 0x1c) ptrace$setregs(0xd, r2, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r2, 0x0, 0x0) 06:15:18 executing program 1: r0 = creat(&(0x7f0000000100)='./bus\x00', 0x0) open(&(0x7f0000000440)='./bus\x00', 0x6500, 0x0) r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0xd4ba0ff) dup3(0xffffffffffffffff, r0, 0x0) io_setup(0x40000000008, &(0x7f0000000240)=0x0) creat(&(0x7f0000000040)='./bus\x00', 0x0) io_submit(r2, 0x8, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, r0, &(0x7f0000000000), 0x200a00}]) 06:15:18 executing program 0: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000280)={0xffffffffffffffff}) close(r0) r1 = socket$inet(0x2, 0x2, 0x0) bind$inet(r1, &(0x7f0000000240)={0x2, 0x4e20}, 0x10) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x6, &(0x7f0000000040)=0xf1, 0x4) perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0x69, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000a00)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x28000000, 0x6}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ftruncate(0xffffffffffffffff, 0x1000000) semget(0x3, 0x0, 0x48) r2 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r2, &(0x7f0000000040)={0xa, 0x0, 0x0, @dev, 0x4}, 0x1c) r3 = syz_open_procfs(0x0, &(0x7f0000000180)='net/fib_trie\x00') sendfile(r2, r3, 0x0, 0xedc0) sendto$inet(r1, 0x0, 0x0, 0x8084, 0x0, 0x0) 06:15:18 executing program 3: sendmsg$unix(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000200)=ANY=[], 0x14}, 0x0) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0xfffffffffffffd4e}], 0x1000000000000125, 0x0) ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f00000000c0)={@initdev={0xfe, 0x88, [], 0x0, 0x0}, 0x30}) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x1b) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r0, 0x0, 0x0) 06:15:18 executing program 2: prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setattr(r0, 0x0, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x9}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sched_setattr(0x0, &(0x7f0000000180)={0x38, 0x1, 0x0, 0x0, 0x3}, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000000200)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r2 = open(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) fchdir(r2) r3 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ftruncate(r3, 0x800) lseek(r3, 0x0, 0x2) r4 = open(&(0x7f0000001840)='./bus\x00', 0x80, 0x0) sendfile(r3, r4, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0x0) 06:15:18 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000080)=@pppol2tpv3={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @local}}}, 0xffffff88, 0x0, 0x26}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/route\x00') preadv(r0, &(0x7f00000017c0), 0x315, 0x0) 06:15:20 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102385, 0x18ff1}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x127, &(0x7f00000193c0)="f7f258480aa4ce20d179e70076cc036a2a1605000000320800000000000000a172903acab90671ffbb70cef20d945aa586d65a3d7f02224c14f1bdd7d464089414700000000000d384d29308f038cb863cce9acc92b74162953f799a801e4f0a49bd983a793d0f756d427b702ca97d7ba31392f173f30271fa144340a90d74208ee26834d00e37642d03645ffbe9e50affba1233832cbf4882a813cb286fcf95f9db2dd885905284f167992356c7667b5f2e5dddb33f7b43e9988f2c5ebe21e47dc96e22e3d9b9a00a153f2534b2302c88a1d58ac9defdb908981b674ae9470a1a00c47bcc6f9b2d875f101167322be2bfef76a9d17317abc90ab10880ef5ae883053823dc9c2a67c1b51cbcc45af13b649a7d860df49873b7d80b1caaae549e581dd3c8d96032"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 06:15:20 executing program 0: perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0x69, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = add_key$keyring(&(0x7f00000004c0)='keyring\x00', &(0x7f0000000180)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffe) keyctl$describe(0x6, r0, 0x0, 0x0) 06:15:20 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000080)=@pppol2tpv3={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @local}}}, 0xffffff88, 0x0, 0x26}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/route\x00') preadv(r0, &(0x7f00000017c0), 0x315, 0x0) 06:15:20 executing program 1: r0 = creat(&(0x7f0000000100)='./bus\x00', 0x0) r1 = open(&(0x7f0000000440)='./bus\x00', 0x6500, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) write$cgroup_type(r2, &(0x7f00000009c0)='threaded\x00', 0xd4ba0ff) dup3(r1, 0xffffffffffffffff, 0x0) io_setup(0x40000000008, &(0x7f0000000240)=0x0) creat(&(0x7f0000000040)='./bus\x00', 0x0) io_submit(r3, 0x8, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, r0, &(0x7f0000000000), 0x200a00}]) 06:15:20 executing program 2: prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setattr(r0, 0x0, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x9}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sched_setattr(0x0, &(0x7f0000000180)={0x38, 0x1, 0x0, 0x0, 0x3}, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000000200)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r2 = open(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) fchdir(r2) r3 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ftruncate(r3, 0x800) lseek(r3, 0x0, 0x2) r4 = open(&(0x7f0000001840)='./bus\x00', 0x80, 0x0) sendfile(r3, r4, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0x0) [ 865.636772][ T28] kauditd_printk_skb: 20 callbacks suppressed [ 865.636819][ T28] audit: type=1804 audit(1590300920.635:490): pid=21525 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir823060754/syzkaller.BH26Mm/531/bus" dev="sda1" ino=15939 res=1 [ 865.717246][ T28] audit: type=1800 audit(1590300920.665:491): pid=21525 uid=0 auid=0 ses=4 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="bus" dev="sda1" ino=15939 res=0 [ 865.811643][ T28] audit: type=1804 audit(1590300920.665:492): pid=21525 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir823060754/syzkaller.BH26Mm/531/bus" dev="sda1" ino=15939 res=1 06:15:20 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0x69, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) getsockname$netlink(0xffffffffffffffff, 0x0, &(0x7f00000000c0)) io_submit(0x0, 0x0, 0x0) dup(0xffffffffffffffff) sendmsg$ETHTOOL_MSG_STRSET_GET(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000000), 0xc, &(0x7f00000000c0)={0x0}, 0x1, 0x0, 0x0, 0x24008001}, 0x0) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)}, {&(0x7f0000000000)="0832f497d38350418e4bb321019511dc5df26e9a0b90cb6974f527cc14538d1efb1ffe03284f6d33265be9c604c893f20e96beeb2aa4c457ac37a3a3f1ce8682500fcecd80", 0x45}], 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x33) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) [ 865.964180][ T28] audit: type=1804 audit(1590300920.775:493): pid=21534 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir182037091/syzkaller.fFo22x/456/file0/bus" dev="loop2" ino=170 res=1 [ 866.067273][ T28] audit: type=1804 audit(1590300920.855:494): pid=21538 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir182037091/syzkaller.fFo22x/456/file0/bus" dev="loop2" ino=170 res=1 06:15:21 executing program 5: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r2, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102385, 0x18ff1}], 0x3, 0x0, 0x0, 0x0) tkill(r2, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @ext={0x20, &(0x7f00000193c0)="f7f258480aa42220e779e70076cc036a2a160500000032a56f7259e480249950"}}], 0x1c) ptrace$setregs(0xd, r2, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r2, 0x0, 0x0) 06:15:21 executing program 0: perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0x69, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) pipe2$9p(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) vmsplice(r0, &(0x7f0000000000)=[{0x0}], 0x1, 0x0) 06:15:21 executing program 3: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r2, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102385, 0x18ff1}], 0x3, 0x0, 0x0, 0x0) tkill(r2, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @ext={0x8a, &(0x7f00000193c0)="f7f258480aa42220e779e70076cc036a2a160500000032a56f7259e480249950f34c6aa172903acab906712ebb70cef20d94de765aa586d65a3d7f022e4c14f1bdd7d464e9ee1470000000002f997905d398eef68310ec46b654cd8f9c032f1078c135c760ca5232f285d288f2fb01819502f5fa6fa2e945e156919190b1df395f3249121933b0588401"}}], 0x1c) ptrace$setregs(0xd, r2, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r2, 0x0, 0x0) 06:15:21 executing program 3: sendmsg$unix(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000200)=ANY=[], 0x14}, 0x0) r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ioctl$DRM_IOCTL_GEM_FLINK(0xffffffffffffffff, 0xc008640a, 0x0) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0xfffffffffffffd4e}], 0x1000000000000125, 0x0) ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f00000000c0)={@initdev={0xfe, 0x88, [], 0x0, 0x0}, 0x30}) ptrace$setopts(0x4206, r2, 0x0, 0x0) tkill(r2, 0x1b) ptrace$setregs(0xd, r2, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r2, 0x0, 0x0) 06:15:21 executing program 0: socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000280)) close(0xffffffffffffffff) socket$inet(0x2, 0x2, 0x0) bind$inet(0xffffffffffffffff, &(0x7f0000000240)={0x2, 0x4e20}, 0x10) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, &(0x7f0000000040)=0xf1, 0x4) perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0x69, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000a00)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x28000000, 0x6}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ftruncate(0xffffffffffffffff, 0x1000000) semget(0x3, 0x0, 0x48) r0 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @dev, 0x4}, 0x1c) r1 = syz_open_procfs(0x0, &(0x7f0000000180)='net/fib_trie\x00') sendfile(r0, r1, 0x0, 0xedc0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x8084, &(0x7f0000319ff0)={0x2, 0x4e20}, 0x10) [ 866.449665][ T28] audit: type=1804 audit(1590300921.445:495): pid=21533 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir823060754/syzkaller.BH26Mm/531/bus" dev="sda1" ino=15939 res=1 06:15:21 executing program 2: socket$inet6(0xa, 0x2, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000000040)={0xa, 0x0, 0x0, @dev, 0x4}, 0x1c) syz_open_procfs(0x0, &(0x7f0000000100)='net/dev\x00') pipe2$9p(&(0x7f0000000340), 0x0) r0 = openat$full(0xffffffffffffff9c, &(0x7f0000000080)='/dev/full\x00', 0x0, 0x0) mlockall(0x7) socket$netlink(0x10, 0x3, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000080)=@pppol2tpv3={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @local}}}, 0xffffff88, 0x0, 0x26}}], 0x1, 0x0, 0x0) request_key(&(0x7f0000000000)='user\x00', &(0x7f0000000040)={'syz'}, 0x0, 0xfffffffffffffffd) r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/route\x00') preadv(r1, &(0x7f00000017c0), 0x315, 0x800000) splice(r0, 0x0, 0xffffffffffffffff, 0x0, 0x4ffe1, 0x0) splice(r0, 0x0, 0xffffffffffffffff, 0x0, 0x4ffe2, 0x0) getsockopt$SO_COOKIE(r0, 0x1, 0x39, &(0x7f00000000c0), &(0x7f0000000140)=0x8) pipe2$9p(&(0x7f0000000340), 0x0) [ 866.569739][ T169] attempt to access beyond end of device [ 866.575442][ T169] loop2: rw=1, want=5173, limit=63 [ 866.628608][ T169] attempt to access beyond end of device [ 866.641060][ T169] loop2: rw=1, want=7221, limit=63 [ 866.668932][ T169] attempt to access beyond end of device [ 866.683689][ T169] loop2: rw=1, want=10541, limit=63 [ 866.721384][ T169] attempt to access beyond end of device [ 866.728817][ T169] loop2: rw=1, want=14397, limit=63 [ 866.741423][ T169] attempt to access beyond end of device [ 866.752882][ T169] loop2: rw=1, want=14837, limit=63 06:15:23 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102385, 0x18ff1}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x128, &(0x7f00000193c0)="f7f258480aa4ce20d179e70076cc036a2a1605000000320800000000000000a172903acab90671ffbb70cef20d945aa586d65a3d7f02224c14f1bdd7d464089414700000000000d384d29308f038cb863cce9acc92b74162953f799a801e4f0a49bd983a793d0f756d427b702ca97d7ba31392f173f30271fa144340a90d74208ee26834d00e37642d03645ffbe9e50affba1233832cbf4882a813cb286fcf95f9db2dd885905284f167992356c7667b5f2e5dddb33f7b43e9988f2c5ebe21e47dc96e22e3d9b9a00a153f2534b2302c88a1d58ac9defdb908981b674ae9470a1a00c47bcc6f9b2d875f101167322be2bfef76a9d17317abc90ab10880ef5ae883053823dc9c2a67c1b51cbcc45af13b649a7d860df49873b7d80b1caaae549e581dd3c8d960320a"}}], 0x1c) ptrace$setregs(0xffffffffffffffff, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 06:15:23 executing program 1: r0 = creat(&(0x7f0000000100)='./bus\x00', 0x0) r1 = open(&(0x7f0000000440)='./bus\x00', 0x6500, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) write$cgroup_type(r2, &(0x7f00000009c0)='threaded\x00', 0xd4ba0ff) dup3(r1, 0xffffffffffffffff, 0x0) io_setup(0x40000000008, &(0x7f0000000240)=0x0) creat(&(0x7f0000000040)='./bus\x00', 0x0) io_submit(r3, 0x8, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, r0, &(0x7f0000000000), 0x200a00}]) 06:15:23 executing program 0: r0 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @dev, 0x4}, 0x1c) r1 = syz_open_procfs(0x0, &(0x7f0000000140)='cmdline\x00') sendfile(r0, r1, 0x0, 0xedc0) 06:15:23 executing program 2: socket$inet6(0xa, 0x2, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000000040)={0xa, 0x0, 0x0, @dev, 0x4}, 0x1c) syz_open_procfs(0x0, &(0x7f0000000100)='net/dev\x00') pipe2$9p(&(0x7f0000000340), 0x0) r0 = openat$full(0xffffffffffffff9c, &(0x7f0000000080)='/dev/full\x00', 0x0, 0x0) mlockall(0x7) socket$netlink(0x10, 0x3, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000080)=@pppol2tpv3={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @local}}}, 0xffffff88, 0x0, 0x26}}], 0x1, 0x0, 0x0) request_key(&(0x7f0000000000)='user\x00', &(0x7f0000000040)={'syz'}, 0x0, 0xfffffffffffffffd) r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/route\x00') preadv(r1, &(0x7f00000017c0), 0x315, 0x800000) splice(r0, 0x0, 0xffffffffffffffff, 0x0, 0x4ffe1, 0x0) splice(r0, 0x0, 0xffffffffffffffff, 0x0, 0x4ffe2, 0x0) getsockopt$SO_COOKIE(r0, 0x1, 0x39, &(0x7f00000000c0), &(0x7f0000000140)=0x8) pipe2$9p(&(0x7f0000000340), 0x0) [ 868.754322][ T28] audit: type=1804 audit(1590300923.745:496): pid=21587 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir823060754/syzkaller.BH26Mm/532/bus" dev="sda1" ino=16290 res=1 06:15:23 executing program 0: r0 = openat$full(0xffffffffffffff9c, &(0x7f0000000080)='/dev/full\x00', 0x0, 0x0) fchown(r0, 0x0, 0x0) [ 868.822702][ T28] audit: type=1800 audit(1590300923.745:497): pid=21587 uid=0 auid=0 ses=4 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="bus" dev="sda1" ino=16290 res=0 [ 868.891247][ T28] audit: type=1804 audit(1590300923.745:498): pid=21587 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir823060754/syzkaller.BH26Mm/532/bus" dev="sda1" ino=16290 res=1 06:15:24 executing program 0: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) writev(r0, &(0x7f00000005c0)=[{&(0x7f0000001340)="4b769443c8b59070891cdd618f64c69da7a1ce74443ca65039dfa6820238ee4385ce9950d6a890945e9fdbea8900098a69bb009d71c479f1d7109ef3ea7efa76b1740622404ad09ce45066b64882c20842d216ef586fd7fddc793836073673b8c6f2da4ccc3097884bbe726aefc42300d39ba896a63471b1b64859bc3a0b", 0x7e}], 0x1) 06:15:24 executing program 5: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r2, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102385, 0x18ff1}], 0x3, 0x0, 0x0, 0x0) tkill(r2, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @ext={0x25, &(0x7f00000193c0)="f7f258480aa42220e779e70076cc036a2a160500000032a56f7259e480249950f34c6aa172"}}], 0x1c) ptrace$setregs(0xd, r2, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r2, 0x0, 0x0) 06:15:24 executing program 0: perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0x69, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$KDSKBSENT(r0, 0x4b49, &(0x7f0000000240)={0x0, "320360a0cf0a30470d6c7cce5ff1db7e3b0a7700b9b6b51da6454e82bad3e576c46be3bdbb07095183ba336befd80663f7dd8870841a13f6be65ba52979698e2f9479cb081a2c091e6709681e8605f08de02970510aa6fd913e0e05eb04f233f5dd00f8cc0e351b17b28e178c27dcb5d74cd7eda04d227edd6b5384714f7daf23e57437028248bc5fe6257a60834f762b84da3b77a7d08e75defa476ee272ba44fc44283bf7ef0ddb8edeeeed89e6c595b22e624bbef469d5e122d839093da9e2f8b3b333e45b6809ee337d8465267ae7af47c0f6fe7aa32c4f9b9b159f6d339663d73fe8f9acf9982c815d25a26f80d6181325905dfebbc710f8faedb8ba684ee20e7d61248e15f6173ada41d6bd41369050ab049e92bc3c775893c0c0767fd2be1d67d21cf5765451666df9c14bf88f1a14dc13bd9ac850e62dfc8567f70140a9f7499ff2acd543ecc8fe9eccb1276e0062e46c54409f49bfd6cdf4a5723cc2271ede9658231b0ca7aae3985c3c0d2288ebfb68f224dfa973c1d78d636c087bc31c993e8132bd185ebf02f7193db4ebb395833f1038df1dbf3bb660dd9c1a76822c6f8cf06bca14f3c09a313442b977f0b3c8edc1595b6564904ac626b979225b04b90b39cd777de38414349c0c8d119723da5db17134cff0d3fab5f49a744c158c98098dc65667807b3646d69bad3b04e2a334d28d2296ad211c1fe869ea8"}) 06:15:24 executing program 2: r0 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_inet_SIOCADDRT(r0, 0x890b, &(0x7f0000000080)={0x750, {0x2, 0x0, @multicast1}, {0x2, 0x0, @empty}, {0x2, 0x0, @local}, 0xac, 0x0, 0x2, 0x46a}) [ 869.298264][ T28] audit: type=1804 audit(1590300924.295:499): pid=21590 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir823060754/syzkaller.BH26Mm/532/bus" dev="sda1" ino=16290 res=1 06:15:24 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f00000000c0)={0x0, 0x0}, &(0x7f0000000040)=0x12) ioprio_set$uid(0x3, r1, 0x0) 06:15:24 executing program 2: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000280)={0xffffffffffffffff}) close(r0) r1 = socket$inet(0x2, 0x2, 0x0) bind$inet(r1, &(0x7f0000000240)={0x2, 0x4e20}, 0x10) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x6, &(0x7f0000000040)=0xf1, 0x4) perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0x69, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000a00)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x6}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x4, 0xffffffffffffffff, 0x1) ftruncate(0xffffffffffffffff, 0x1000000) bind$inet(0xffffffffffffffff, 0x0, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r2, &(0x7f0000000040)={0xa, 0x0, 0x0, @dev, 0x4}, 0x1c) r3 = syz_open_procfs(0x0, &(0x7f0000000180)='net/fib_trie\x00') sendfile(r2, r3, 0x0, 0xedc0) sendto$inet(r1, &(0x7f00000002c0)="f6c51e76637c84aa63277a25009cf612526dd03721821c3215dd77b27446fef9659c6c174ca3f32a29a94b64a2ad465427439946c2aff3ee0bc2a2d6cf75a64d76b2f29b49", 0x45, 0x0, 0x0, 0x0) 06:15:24 executing program 3: r0 = openat$random(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/urandom\x00', 0x0, 0x0) ioctl$RNDADDENTROPY(r0, 0x40085203, &(0x7f0000000000)={0x2}) 06:15:26 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102385, 0x18ff1}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x128, &(0x7f00000193c0)="f7f258480aa4ce20d179e70076cc036a2a1605000000320800000000000000a172903acab90671ffbb70cef20d945aa586d65a3d7f02224c14f1bdd7d464089414700000000000d384d29308f038cb863cce9acc92b74162953f799a801e4f0a49bd983a793d0f756d427b702ca97d7ba31392f173f30271fa144340a90d74208ee26834d00e37642d03645ffbe9e50affba1233832cbf4882a813cb286fcf95f9db2dd885905284f167992356c7667b5f2e5dddb33f7b43e9988f2c5ebe21e47dc96e22e3d9b9a00a153f2534b2302c88a1d58ac9defdb908981b674ae9470a1a00c47bcc6f9b2d875f101167322be2bfef76a9d17317abc90ab10880ef5ae883053823dc9c2a67c1b51cbcc45af13b649a7d860df49873b7d80b1caaae549e581dd3c8d960320a"}}], 0x1c) ptrace$setregs(0xffffffffffffffff, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 06:15:26 executing program 0: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r2, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102385, 0x18ff1}], 0x3, 0x0, 0x0, 0x0) tkill(r2, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @ext={0xa1, &(0x7f00000193c0)="f7f258480aa42220e779e70076cc036a2a160500000032a56f7259e480249950f34c6aa172903acab906712ebb70cef20d94de765aa586d65a3d7f022e4c14f1bdd7d464e9ee1470000000002f997905d398eef68310ec46b654cd8f9c032f1078c135c760ca5232f285d288f2fb01819502f5fa6fa2e945e156919190b1df395f3249121933b05884012ce6e5f086822acb9432b49148227f1b4183b715c16514"}}], 0x1c) ptrace$setregs(0xd, r2, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r2, 0x0, 0x0) 06:15:26 executing program 1: r0 = creat(&(0x7f0000000100)='./bus\x00', 0x0) r1 = open(&(0x7f0000000440)='./bus\x00', 0x6500, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) write$cgroup_type(r2, &(0x7f00000009c0)='threaded\x00', 0xd4ba0ff) dup3(r1, 0xffffffffffffffff, 0x0) io_setup(0x40000000008, &(0x7f0000000240)=0x0) creat(&(0x7f0000000040)='./bus\x00', 0x0) io_submit(r3, 0x8, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, r0, &(0x7f0000000000), 0x200a00}]) 06:15:26 executing program 3: r0 = openat$random(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/urandom\x00', 0x0, 0x0) ioctl$RNDADDENTROPY(r0, 0x40085203, &(0x7f0000000000)={0x80000000}) 06:15:26 executing program 2: socket$inet6(0xa, 0x2, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000000040)={0xa, 0x0, 0x0, @dev, 0x4}, 0x1c) syz_open_procfs(0x0, &(0x7f0000000100)='net/dev\x00') pipe2$9p(&(0x7f0000000340), 0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x800001200006) r0 = openat$full(0xffffffffffffff9c, &(0x7f0000000080)='/dev/full\x00', 0x0, 0x0) socket$netlink(0x10, 0x3, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000080)=@pppol2tpv3={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @local}}}, 0xffffff88, 0x0, 0x26}}], 0x1, 0x0, 0x0) request_key(&(0x7f0000000000)='user\x00', &(0x7f0000000040)={'syz'}, 0x0, 0xfffffffffffffffd) r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/route\x00') preadv(r1, &(0x7f00000017c0), 0x315, 0x800000) splice(r0, 0x0, 0xffffffffffffffff, 0x0, 0x4ffe1, 0x0) splice(r0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) getsockopt$SO_COOKIE(r0, 0x1, 0x39, 0x0, &(0x7f0000000140)) pipe2$9p(&(0x7f0000000340), 0x0) [ 871.879373][ T28] audit: type=1804 audit(1590300926.875:500): pid=21642 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir823060754/syzkaller.BH26Mm/533/bus" dev="sda1" ino=16361 res=1 06:15:26 executing program 2: socket$inet6(0xa, 0x2, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000000040)={0xa, 0x0, 0x0, @dev, 0x4}, 0x1c) syz_open_procfs(0x0, &(0x7f0000000100)='net/dev\x00') pipe2$9p(&(0x7f0000000340), 0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x800001200006) r0 = openat$full(0xffffffffffffff9c, &(0x7f0000000080)='/dev/full\x00', 0x0, 0x0) socket$netlink(0x10, 0x3, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000080)=@pppol2tpv3={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @local}}}, 0xffffff88, 0x0, 0x26}}], 0x1, 0x0, 0x0) request_key(&(0x7f0000000000)='user\x00', &(0x7f0000000040)={'syz'}, 0x0, 0xfffffffffffffffd) r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/route\x00') preadv(r1, &(0x7f00000017c0), 0x315, 0x800000) splice(r0, 0x0, 0xffffffffffffffff, 0x0, 0x4ffe1, 0x0) splice(r0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) getsockopt$SO_COOKIE(r0, 0x1, 0x39, 0x0, &(0x7f0000000140)) pipe2$9p(&(0x7f0000000340), 0x0) [ 871.988209][ T28] audit: type=1800 audit(1590300926.875:501): pid=21642 uid=0 auid=0 ses=4 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="bus" dev="sda1" ino=16361 res=0 [ 872.008739][ T28] audit: type=1804 audit(1590300926.905:502): pid=21642 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir823060754/syzkaller.BH26Mm/533/bus" dev="sda1" ino=16361 res=1 [ 872.265361][ T28] audit: type=1804 audit(1590300927.255:503): pid=21647 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir823060754/syzkaller.BH26Mm/533/bus" dev="sda1" ino=16361 res=1 06:15:27 executing program 5: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r2, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102385, 0x18ff1}], 0x3, 0x0, 0x0, 0x0) tkill(r2, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @ext={0x25, &(0x7f00000193c0)="f7f258480aa42220e779e70076cc036a2a160500000032a56f7259e480249950f34c6aa172"}}], 0x1c) ptrace$setregs(0xd, r2, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r2, 0x0, 0x0) 06:15:27 executing program 3: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) syz_mount_image$vfat(&(0x7f00000001c0)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r2 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r2) open(&(0x7f0000000080)='./file0\x00', 0x40c5, 0x0) r3 = creat(&(0x7f0000000280)='./bus\x00', 0x0) fcntl$setstatus(r3, 0x4, 0x6100) ftruncate(r3, 0x8200) write$cgroup_type(r3, &(0x7f0000000200)='threaded\x00', 0x175d900f) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) 06:15:27 executing program 2: socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000280)) close(0xffffffffffffffff) r0 = socket$inet(0x2, 0x2, 0x0) bind$inet(0xffffffffffffffff, &(0x7f0000000240)={0x2, 0x4e20}, 0x10) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x6, &(0x7f0000000040)=0xf1, 0x4) perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0x69, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000a00)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x28000000, 0x6}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000080)={0x0, 0x70, 0x0, 0x1, 0x0, 0x5, 0x0, 0x0, 0xa2244, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x3, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x2, @perf_bp={&(0x7f0000000000), 0x8}, 0x81044, 0x8, 0x3, 0x0, 0x3ff, 0x15, 0x6}, 0xffffffffffffffff, 0x4, 0xffffffffffffffff, 0x1) ftruncate(0xffffffffffffffff, 0x1000000) bind$inet(0xffffffffffffffff, 0x0, 0x0) semget(0x3, 0x0, 0x48) r1 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r1, &(0x7f0000000040)={0xa, 0x0, 0x0, @dev, 0x4}, 0x1c) r2 = syz_open_procfs(0x0, &(0x7f0000000180)='net/fib_trie\x00') sendfile(r1, r2, 0x0, 0xedc0) sendto$inet(r0, 0x0, 0x0, 0x8084, &(0x7f0000319ff0)={0x2, 0x4e20}, 0x10) 06:15:27 executing program 1: r0 = creat(&(0x7f0000000100)='./bus\x00', 0x0) r1 = open(&(0x7f0000000440)='./bus\x00', 0x6500, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) write$cgroup_type(r2, &(0x7f00000009c0)='threaded\x00', 0xd4ba0ff) dup3(r1, r0, 0x0) io_setup(0x0, &(0x7f0000000240)=0x0) creat(&(0x7f0000000040)='./bus\x00', 0x0) io_submit(r3, 0x8, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, r0, &(0x7f0000000000), 0x200a00}]) [ 872.642186][ T28] audit: type=1804 audit(1590300927.635:504): pid=21670 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir823060754/syzkaller.BH26Mm/534/bus" dev="sda1" ino=16353 res=1 [ 872.741244][ T28] audit: type=1800 audit(1590300927.665:505): pid=21670 uid=0 auid=0 ses=4 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="bus" dev="sda1" ino=16353 res=0 06:15:27 executing program 2: socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000280)) close(0xffffffffffffffff) r0 = socket$inet(0x2, 0x2, 0x0) bind$inet(0xffffffffffffffff, &(0x7f0000000240)={0x2, 0x4e20}, 0x10) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x6, &(0x7f0000000040)=0xf1, 0x4) perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0x69, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000a00)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x28000000, 0x6}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000080)={0x0, 0x70, 0x0, 0x1, 0x0, 0x5, 0x0, 0x0, 0xa2244, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x3, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x2, @perf_bp={&(0x7f0000000000), 0x8}, 0x81044, 0x8, 0x3, 0x0, 0x3ff, 0x15, 0x6}, 0xffffffffffffffff, 0x4, 0xffffffffffffffff, 0x1) ftruncate(0xffffffffffffffff, 0x1000000) bind$inet(0xffffffffffffffff, 0x0, 0x0) semget(0x3, 0x0, 0x48) r1 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r1, &(0x7f0000000040)={0xa, 0x0, 0x0, @dev, 0x4}, 0x1c) r2 = syz_open_procfs(0x0, &(0x7f0000000180)='net/fib_trie\x00') sendfile(r1, r2, 0x0, 0xedc0) sendto$inet(r0, 0x0, 0x0, 0x8084, &(0x7f0000319ff0)={0x2, 0x4e20}, 0x10) [ 872.831766][ T28] audit: type=1804 audit(1590300927.695:506): pid=21672 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir823060754/syzkaller.BH26Mm/534/bus" dev="sda1" ino=16353 res=1 06:15:28 executing program 2: r0 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @dev, 0x4}, 0x1c) syz_open_procfs(0x0, &(0x7f0000000100)='net/dev\x00') pipe2$9p(&(0x7f0000000340), 0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) r1 = openat$full(0xffffffffffffff9c, &(0x7f0000000080)='/dev/full\x00', 0x0, 0x0) mlockall(0x7) socket$netlink(0x10, 0x3, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000080)=@pppol2tpv3={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @local}}}, 0xffffff88, 0x0, 0x26}}], 0x1, 0x0, 0x0) request_key(&(0x7f0000000000)='user\x00', &(0x7f0000000040)={'syz'}, 0x0, 0xfffffffffffffffd) r2 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/route\x00') preadv(r2, &(0x7f00000017c0), 0x315, 0x800000) splice(r1, 0x0, 0xffffffffffffffff, 0x0, 0x4ffe1, 0x0) splice(r1, 0x0, 0xffffffffffffffff, 0x0, 0x4ffe2, 0x0) getsockopt$SO_COOKIE(r1, 0x1, 0x39, 0x0, &(0x7f0000000140)) pipe2$9p(&(0x7f0000000340), 0x0) [ 873.385296][ T28] audit: type=1804 audit(1590300928.375:507): pid=21672 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir823060754/syzkaller.BH26Mm/534/bus" dev="sda1" ino=16353 res=1 06:15:29 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102385, 0x18ff1}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x128, &(0x7f00000193c0)="f7f258480aa4ce20d179e70076cc036a2a1605000000320800000000000000a172903acab90671ffbb70cef20d945aa586d65a3d7f02224c14f1bdd7d464089414700000000000d384d29308f038cb863cce9acc92b74162953f799a801e4f0a49bd983a793d0f756d427b702ca97d7ba31392f173f30271fa144340a90d74208ee26834d00e37642d03645ffbe9e50affba1233832cbf4882a813cb286fcf95f9db2dd885905284f167992356c7667b5f2e5dddb33f7b43e9988f2c5ebe21e47dc96e22e3d9b9a00a153f2534b2302c88a1d58ac9defdb908981b674ae9470a1a00c47bcc6f9b2d875f101167322be2bfef76a9d17317abc90ab10880ef5ae883053823dc9c2a67c1b51cbcc45af13b649a7d860df49873b7d80b1caaae549e581dd3c8d960320a"}}], 0x1c) ptrace$setregs(0xffffffffffffffff, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 06:15:29 executing program 1: r0 = creat(&(0x7f0000000100)='./bus\x00', 0x0) r1 = open(&(0x7f0000000440)='./bus\x00', 0x6500, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) write$cgroup_type(r2, &(0x7f00000009c0)='threaded\x00', 0xd4ba0ff) dup3(r1, r0, 0x0) io_setup(0x0, &(0x7f0000000240)=0x0) creat(&(0x7f0000000040)='./bus\x00', 0x0) io_submit(r3, 0x8, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, r0, &(0x7f0000000000), 0x200a00}]) 06:15:29 executing program 3: r0 = socket$packet(0x11, 0x2, 0x300) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) keyctl$set_reqkey_keyring(0xe, 0xffffffffffffffff) 06:15:29 executing program 2: r0 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @dev, 0x4}, 0x1c) syz_open_procfs(0x0, &(0x7f0000000100)='net/dev\x00') pipe2$9p(&(0x7f0000000340), 0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) r1 = openat$full(0xffffffffffffff9c, &(0x7f0000000080)='/dev/full\x00', 0x0, 0x0) mlockall(0x7) socket$netlink(0x10, 0x3, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000080)=@pppol2tpv3={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @local}}}, 0xffffff88, 0x0, 0x26}}], 0x1, 0x0, 0x0) request_key(&(0x7f0000000000)='user\x00', &(0x7f0000000040)={'syz'}, 0x0, 0xfffffffffffffffd) r2 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/route\x00') preadv(r2, &(0x7f00000017c0), 0x315, 0x800000) splice(r1, 0x0, 0xffffffffffffffff, 0x0, 0x4ffe1, 0x0) splice(r1, 0x0, 0xffffffffffffffff, 0x0, 0x4ffe2, 0x0) getsockopt$SO_COOKIE(r1, 0x1, 0x39, 0x0, &(0x7f0000000140)) pipe2$9p(&(0x7f0000000340), 0x0) 06:15:29 executing program 0: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r2, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102385, 0x18ff1}], 0x3, 0x0, 0x0, 0x0) tkill(r2, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @ext={0xab, &(0x7f00000193c0)="f7f258480aa42220e779e70076cc036a2a160500000032a56f7259e480249950f34c6aa172903acab906712ebb70cef20d94de765aa586d65a3d7f022e4c14f1bdd7d464e9ee1470000000002f997905d398eef68310ec46b654cd8f9c032f1078c135c760ca5232f285d288f2fb01819502f5fa6fa2e945e156919190b1df395f3249121933b05884012ce6e5f086822acb9432b49148227f1b4183b715c16514427cd20c8c07c838df0c"}}], 0x1c) ptrace$setregs(0xd, r2, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r2, 0x0, 0x0) [ 874.961282][ T28] audit: type=1804 audit(1590300929.955:508): pid=21705 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir823060754/syzkaller.BH26Mm/535/bus" dev="sda1" ino=16353 res=1 [ 874.990186][ T28] audit: type=1800 audit(1590300929.955:509): pid=21705 uid=0 auid=0 ses=4 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="bus" dev="sda1" ino=16353 res=0 06:15:30 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) waitid(0x1, 0x0, 0x0, 0x8, 0x0) 06:15:30 executing program 5: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r2, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102385, 0x18ff1}], 0x3, 0x0, 0x0, 0x0) tkill(r2, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @ext={0x25, &(0x7f00000193c0)="f7f258480aa42220e779e70076cc036a2a160500000032a56f7259e480249950f34c6aa172"}}], 0x1c) ptrace$setregs(0xd, r2, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r2, 0x0, 0x0) 06:15:30 executing program 3: r0 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @dev, 0x4}, 0x1c) r1 = syz_open_procfs(0x0, &(0x7f0000000100)='net/dev\x00') sendfile(r0, r1, 0x0, 0xedc0) 06:15:30 executing program 2: perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0x69, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) prctl$PR_SET_MM(0x23, 0x7, &(0x7f0000000000/0x2000)=nil) 06:15:30 executing program 1: r0 = creat(&(0x7f0000000100)='./bus\x00', 0x0) r1 = open(&(0x7f0000000440)='./bus\x00', 0x6500, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) write$cgroup_type(r2, &(0x7f00000009c0)='threaded\x00', 0xd4ba0ff) dup3(r1, r0, 0x0) io_setup(0x0, &(0x7f0000000240)=0x0) creat(&(0x7f0000000040)='./bus\x00', 0x0) io_submit(r3, 0x8, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, r0, &(0x7f0000000000), 0x200a00}]) 06:15:30 executing program 3: perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0x69, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) semctl$SETALL(0x0, 0x0, 0x11, &(0x7f0000000080)) 06:15:30 executing program 2: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000000)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000440)='./file0\x00', 0x0, 0x0) fchdir(r0) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = fcntl$dupfd(r2, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = open(&(0x7f0000000140)='./bus\x00', 0x141042, 0x0) write$UHID_INPUT(r4, &(0x7f0000001440), 0xfffffc41) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r7 = fcntl$dupfd(r6, 0x0, r5) ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x400200) setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r7, 0x6, 0x14, &(0x7f0000000040), 0x4) fadvise64(r4, 0x0, 0x0, 0x4) lsetxattr$security_capability(&(0x7f0000000080)='./bus\x00', &(0x7f00000000c0)='security.capability\x00', &(0x7f0000000100)=@v2={0x2000000, [{0x8, 0xfffffffe}, {0x0, 0xfff}]}, 0x14, 0x1) [ 875.928495][T21744] attempt to access beyond end of device [ 875.973275][T21744] loop2: rw=1, want=78, limit=63 [ 876.003281][T21744] buffer_io_error: 26 callbacks suppressed [ 876.003294][T21744] Buffer I/O error on dev loop2, logical block 77, lost async page write [ 876.067337][T21744] attempt to access beyond end of device [ 876.091916][T21744] loop2: rw=1, want=79, limit=63 [ 876.110992][T21744] Buffer I/O error on dev loop2, logical block 78, lost async page write [ 876.133263][T21744] attempt to access beyond end of device [ 876.151058][T21744] loop2: rw=1, want=80, limit=63 [ 876.165001][T21744] Buffer I/O error on dev loop2, logical block 79, lost async page write [ 876.183703][T21744] attempt to access beyond end of device [ 876.194437][T21744] loop2: rw=1, want=81, limit=63 [ 876.210515][T21744] Buffer I/O error on dev loop2, logical block 80, lost async page write [ 876.227957][T21744] attempt to access beyond end of device [ 876.233801][T21744] loop2: rw=1, want=130, limit=63 [ 876.239813][T21744] Buffer I/O error on dev loop2, logical block 129, lost async page write [ 876.251356][T21744] attempt to access beyond end of device [ 876.257557][T21744] loop2: rw=1, want=131, limit=63 [ 876.262692][T21744] Buffer I/O error on dev loop2, logical block 130, lost async page write [ 876.274851][T21744] attempt to access beyond end of device [ 876.280895][T21744] loop2: rw=1, want=132, limit=63 [ 876.289488][T21744] Buffer I/O error on dev loop2, logical block 131, lost async page write [ 876.298449][T21744] attempt to access beyond end of device [ 876.304197][T21744] loop2: rw=1, want=133, limit=63 [ 876.312519][T21744] Buffer I/O error on dev loop2, logical block 132, lost async page write [ 876.321624][T21744] attempt to access beyond end of device [ 876.330244][T21744] loop2: rw=1, want=142, limit=63 [ 876.335741][T21744] Buffer I/O error on dev loop2, logical block 141, lost async page write [ 876.344411][T21744] attempt to access beyond end of device [ 876.353343][T21744] loop2: rw=1, want=143, limit=63 [ 876.358743][T21744] Buffer I/O error on dev loop2, logical block 142, lost async page write [ 876.370592][T21744] attempt to access beyond end of device [ 876.377172][T21744] loop2: rw=1, want=144, limit=63 [ 876.382313][T21744] attempt to access beyond end of device [ 876.391253][T21744] loop2: rw=1, want=145, limit=63 [ 876.410401][T21744] attempt to access beyond end of device [ 876.416479][T21744] loop2: rw=1, want=2673, limit=63 [ 876.431243][T21744] attempt to access beyond end of device [ 876.437068][T21744] loop2: rw=1, want=4721, limit=63 [ 876.452396][T21744] attempt to access beyond end of device [ 876.463222][T21744] loop2: rw=1, want=6769, limit=63 [ 876.478877][T21744] attempt to access beyond end of device [ 876.484609][T21744] loop2: rw=1, want=8817, limit=63 [ 876.499828][T21744] attempt to access beyond end of device [ 876.508390][T21744] loop2: rw=1, want=10865, limit=63 [ 876.520802][T21744] attempt to access beyond end of device [ 876.526803][T21744] loop2: rw=1, want=12913, limit=63 [ 876.538707][T21744] attempt to access beyond end of device [ 876.544458][T21744] loop2: rw=1, want=14977, limit=63 [ 876.558413][T21744] attempt to access beyond end of device [ 876.564153][T21744] loop2: rw=1, want=17849, limit=63 [ 876.685020][T21741] attempt to access beyond end of device [ 876.693627][T21741] loop2: rw=2049, want=20593, limit=63 [ 876.710573][T21741] attempt to access beyond end of device [ 876.716836][T21741] loop2: rw=2049, want=22641, limit=63 [ 876.730582][T21741] attempt to access beyond end of device [ 876.737037][T21741] loop2: rw=2049, want=23809, limit=63 06:15:32 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102385, 0x18ff1}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x128, &(0x7f00000193c0)="f7f258480aa4ce20d179e70076cc036a2a1605000000320800000000000000a172903acab90671ffbb70cef20d945aa586d65a3d7f02224c14f1bdd7d464089414700000000000d384d29308f038cb863cce9acc92b74162953f799a801e4f0a49bd983a793d0f756d427b702ca97d7ba31392f173f30271fa144340a90d74208ee26834d00e37642d03645ffbe9e50affba1233832cbf4882a813cb286fcf95f9db2dd885905284f167992356c7667b5f2e5dddb33f7b43e9988f2c5ebe21e47dc96e22e3d9b9a00a153f2534b2302c88a1d58ac9defdb908981b674ae9470a1a00c47bcc6f9b2d875f101167322be2bfef76a9d17317abc90ab10880ef5ae883053823dc9c2a67c1b51cbcc45af13b649a7d860df49873b7d80b1caaae549e581dd3c8d960320a"}}], 0x1c) ptrace$setregs(0xd, 0x0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 06:15:32 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_MD5SIG(r2, 0x6, 0xe, &(0x7f0000000140)={@in6={{0xa, 0x0, 0x0, @private0}}, 0x0, 0x0, 0x3d, 0x0, "8a161f071d0e415f73de0ff03826452d82fd45cca24454dd36d388891f10c9194f51b1d328b31a5cb44d14d3628b8578148e4a81dcc137c9a1b84f8ca7d07ebff2c43d40345410cb94a5d91f3e4efda2"}, 0xd8) 06:15:32 executing program 1: r0 = creat(&(0x7f0000000100)='./bus\x00', 0x0) r1 = open(&(0x7f0000000440)='./bus\x00', 0x6500, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) write$cgroup_type(r2, &(0x7f00000009c0)='threaded\x00', 0xd4ba0ff) dup3(r1, r0, 0x0) io_setup(0x40000000008, 0x0) creat(&(0x7f0000000040)='./bus\x00', 0x0) io_submit(0x0, 0x8, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, r0, &(0x7f0000000000), 0x200a00}]) 06:15:32 executing program 2: r0 = openat$random(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/urandom\x00', 0x0, 0x0) ioctl$RNDADDENTROPY(r0, 0x40085203, &(0x7f0000000140)={0x3, 0xa4, "5f9e8c1868978e65745c86f4b80ee6f5d00dc27075206db57f4ef44d0d82398f270c141abb0a0c6be4f7282f581c0d52d9762f948b144426ebff4d8682624595b5faa0af2334772a7d020c183747021ed6ac2bc245e516921dc7256bf96b03d02209d545a20032b5e7e576f36641fb3da5d29b41fb964d153088077ff51b0ab774cff4d056cd90063019b6f67f8255c691db96d8e766a75fc8d730b5016f0fbe706cbaa4"}) 06:15:32 executing program 0: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7ffd, 0x1, &(0x7f0000000000)=[{&(0x7f0000000040)="eb3c906d6b66732e666174000204010002000270fff8c2", 0x17}], 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) [ 878.013658][T21762] FAT-fs (loop0): Directory bread(block 389) failed [ 878.020448][ T28] kauditd_printk_skb: 6 callbacks suppressed [ 878.020498][ T28] audit: type=1804 audit(1590300933.005:516): pid=21764 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir823060754/syzkaller.BH26Mm/537/bus" dev="sda1" ino=16361 res=1 [ 878.057183][T21762] FAT-fs (loop0): Directory bread(block 390) failed [ 878.064099][T21762] FAT-fs (loop0): Directory bread(block 391) failed [ 878.071354][T21762] FAT-fs (loop0): Directory bread(block 392) failed [ 878.079000][ T28] audit: type=1800 audit(1590300933.005:517): pid=21764 uid=0 auid=0 ses=4 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="bus" dev="sda1" ino=16361 res=0 [ 878.098446][T21762] FAT-fs (loop0): Directory bread(block 393) failed [ 878.105546][T21762] FAT-fs (loop0): Directory bread(block 394) failed 06:15:33 executing program 3: r0 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @dev, 0x4}, 0x1c) r1 = syz_open_procfs(0x0, &(0x7f0000000140)='net/wireless\x00') sendfile(r0, r1, 0x0, 0xedc0) [ 878.112667][T21762] FAT-fs (loop0): Directory bread(block 395) failed [ 878.126815][T21762] FAT-fs (loop0): Directory bread(block 396) failed [ 878.141548][T21762] FAT-fs (loop0): Directory bread(block 397) failed [ 878.152948][ T28] audit: type=1804 audit(1590300933.025:518): pid=21764 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir823060754/syzkaller.BH26Mm/537/bus" dev="sda1" ino=16361 res=1 [ 878.177226][T21762] FAT-fs (loop0): Directory bread(block 398) failed [ 878.506236][ T28] audit: type=1804 audit(1590300933.505:519): pid=21776 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir823060754/syzkaller.BH26Mm/537/bus" dev="sda1" ino=16361 res=1 06:15:33 executing program 5: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r2, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102385, 0x18ff1}], 0x3, 0x0, 0x0, 0x0) tkill(r2, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @ext={0x28, &(0x7f00000193c0)="f7f258480aa42220e779e70076cc036a2a160500000032a56f7259e480249950f34c6aa172903aca"}}], 0x1c) ptrace$setregs(0xd, r2, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r2, 0x0, 0x0) 06:15:33 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r2, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102385, 0x18ff1}], 0x3, 0x0, 0x0, 0x0) tkill(r2, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @ext={0x97, &(0x7f00000193c0)="f7f258480aa42220e779e70076cc036a2a160500000032a56f7259e480249950f34c6aa172903acab906712ebb70cef20d94de765aa586d65a3d7f022e4c14f1bdd7d464e9ee1470000000002f997905d398eef68310ec46b654cd8f9c032f1078c135c760ca5232f285d288f2fb01819502f5fa6fa2e945e156919190b1df395f3249121933b05884012ce6e5f086822acb9432b49148"}}], 0x1c) ptrace$setregs(0xd, r2, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r2, 0x0, 0x0) 06:15:33 executing program 0: 06:15:33 executing program 3: 06:15:33 executing program 3: 06:15:33 executing program 1: r0 = creat(&(0x7f0000000100)='./bus\x00', 0x0) r1 = open(&(0x7f0000000440)='./bus\x00', 0x6500, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) write$cgroup_type(r2, &(0x7f00000009c0)='threaded\x00', 0xd4ba0ff) dup3(r1, r0, 0x0) io_setup(0x40000000008, 0x0) creat(&(0x7f0000000040)='./bus\x00', 0x0) io_submit(0x0, 0x8, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, r0, &(0x7f0000000000), 0x200a00}]) [ 878.827951][ T28] audit: type=1804 audit(1590300933.826:520): pid=21800 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir823060754/syzkaller.BH26Mm/538/bus" dev="sda1" ino=16361 res=1 [ 878.883334][ T28] audit: type=1800 audit(1590300933.856:521): pid=21800 uid=0 auid=0 ses=4 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="bus" dev="sda1" ino=16361 res=0 [ 878.965030][ T28] audit: type=1804 audit(1590300933.856:522): pid=21800 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir823060754/syzkaller.BH26Mm/538/bus" dev="sda1" ino=16361 res=1 [ 879.208736][ T28] audit: type=1804 audit(1590300934.206:523): pid=21803 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir823060754/syzkaller.BH26Mm/538/bus" dev="sda1" ino=16361 res=1 06:15:36 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102385, 0x18ff1}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x128, &(0x7f00000193c0)="f7f258480aa4ce20d179e70076cc036a2a1605000000320800000000000000a172903acab90671ffbb70cef20d945aa586d65a3d7f02224c14f1bdd7d464089414700000000000d384d29308f038cb863cce9acc92b74162953f799a801e4f0a49bd983a793d0f756d427b702ca97d7ba31392f173f30271fa144340a90d74208ee26834d00e37642d03645ffbe9e50affba1233832cbf4882a813cb286fcf95f9db2dd885905284f167992356c7667b5f2e5dddb33f7b43e9988f2c5ebe21e47dc96e22e3d9b9a00a153f2534b2302c88a1d58ac9defdb908981b674ae9470a1a00c47bcc6f9b2d875f101167322be2bfef76a9d17317abc90ab10880ef5ae883053823dc9c2a67c1b51cbcc45af13b649a7d860df49873b7d80b1caaae549e581dd3c8d960320a"}}], 0x1c) ptrace$setregs(0xd, 0x0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 06:15:36 executing program 3: 06:15:36 executing program 0: 06:15:36 executing program 1: r0 = creat(&(0x7f0000000100)='./bus\x00', 0x0) r1 = open(&(0x7f0000000440)='./bus\x00', 0x6500, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) write$cgroup_type(r2, &(0x7f00000009c0)='threaded\x00', 0xd4ba0ff) dup3(r1, r0, 0x0) io_setup(0x40000000008, 0x0) creat(&(0x7f0000000040)='./bus\x00', 0x0) io_submit(0x0, 0x8, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, r0, &(0x7f0000000000), 0x200a00}]) 06:15:36 executing program 0: setreuid(0xee00, 0x0) r0 = getuid() setreuid(0xee00, r0) socketpair(0x0, 0x3, 0x0, 0x0) [ 881.083426][ T28] audit: type=1804 audit(1590300936.076:524): pid=21812 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir823060754/syzkaller.BH26Mm/539/bus" dev="sda1" ino=16361 res=1 06:15:36 executing program 3: [ 881.125906][ T28] audit: type=1800 audit(1590300936.076:525): pid=21812 uid=0 auid=0 ses=4 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="bus" dev="sda1" ino=16361 res=0 06:15:36 executing program 5: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r2, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102385, 0x18ff1}], 0x3, 0x0, 0x0, 0x0) tkill(r2, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @ext={0x28, &(0x7f00000193c0)="f7f258480aa42220e779e70076cc036a2a160500000032a56f7259e480249950f34c6aa172903aca"}}], 0x1c) ptrace$setregs(0xd, r2, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r2, 0x0, 0x0) 06:15:36 executing program 3: 06:15:36 executing program 0: 06:15:36 executing program 1: r0 = creat(&(0x7f0000000100)='./bus\x00', 0x0) r1 = open(&(0x7f0000000440)='./bus\x00', 0x6500, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) write$cgroup_type(r2, &(0x7f00000009c0)='threaded\x00', 0xd4ba0ff) dup3(r1, r0, 0x0) io_setup(0x40000000008, &(0x7f0000000240)=0x0) creat(0x0, 0x0) io_submit(r3, 0x8, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, r0, &(0x7f0000000000), 0x200a00}]) 06:15:36 executing program 2: 06:15:36 executing program 0: 06:15:39 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102385, 0x18ff1}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x128, &(0x7f00000193c0)="f7f258480aa4ce20d179e70076cc036a2a1605000000320800000000000000a172903acab90671ffbb70cef20d945aa586d65a3d7f02224c14f1bdd7d464089414700000000000d384d29308f038cb863cce9acc92b74162953f799a801e4f0a49bd983a793d0f756d427b702ca97d7ba31392f173f30271fa144340a90d74208ee26834d00e37642d03645ffbe9e50affba1233832cbf4882a813cb286fcf95f9db2dd885905284f167992356c7667b5f2e5dddb33f7b43e9988f2c5ebe21e47dc96e22e3d9b9a00a153f2534b2302c88a1d58ac9defdb908981b674ae9470a1a00c47bcc6f9b2d875f101167322be2bfef76a9d17317abc90ab10880ef5ae883053823dc9c2a67c1b51cbcc45af13b649a7d860df49873b7d80b1caaae549e581dd3c8d960320a"}}], 0x1c) ptrace$setregs(0xd, 0x0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 06:15:39 executing program 2: 06:15:39 executing program 3: 06:15:39 executing program 0: 06:15:39 executing program 1: r0 = creat(&(0x7f0000000100)='./bus\x00', 0x0) r1 = open(&(0x7f0000000440)='./bus\x00', 0x6500, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) write$cgroup_type(r2, &(0x7f00000009c0)='threaded\x00', 0xd4ba0ff) dup3(r1, r0, 0x0) io_setup(0x40000000008, &(0x7f0000000240)=0x0) creat(0x0, 0x0) io_submit(r3, 0x8, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, r0, &(0x7f0000000000), 0x200a00}]) 06:15:39 executing program 2: [ 884.144709][ T28] kauditd_printk_skb: 5 callbacks suppressed [ 884.144727][ T28] audit: type=1804 audit(1590300939.136:531): pid=21854 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir823060754/syzkaller.BH26Mm/541/bus" dev="sda1" ino=16361 res=1 [ 884.212838][ T28] audit: type=1800 audit(1590300939.176:532): pid=21854 uid=0 auid=0 ses=4 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="bus" dev="sda1" ino=16361 res=0 [ 884.297875][ T28] audit: type=1804 audit(1590300939.176:533): pid=21854 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir823060754/syzkaller.BH26Mm/541/bus" dev="sda1" ino=16361 res=1 06:15:39 executing program 5: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r2, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102385, 0x18ff1}], 0x3, 0x0, 0x0, 0x0) tkill(r2, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @ext={0x28, &(0x7f00000193c0)="f7f258480aa42220e779e70076cc036a2a160500000032a56f7259e480249950f34c6aa172903aca"}}], 0x1c) ptrace$setregs(0xd, r2, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r2, 0x0, 0x0) 06:15:39 executing program 3: 06:15:39 executing program 0: 06:15:39 executing program 2: 06:15:39 executing program 1: r0 = creat(&(0x7f0000000100)='./bus\x00', 0x0) r1 = open(&(0x7f0000000440)='./bus\x00', 0x6500, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) write$cgroup_type(r2, &(0x7f00000009c0)='threaded\x00', 0xd4ba0ff) dup3(r1, r0, 0x0) io_setup(0x40000000008, &(0x7f0000000240)=0x0) creat(0x0, 0x0) io_submit(r3, 0x8, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, r0, &(0x7f0000000000), 0x200a00}]) [ 884.840514][ T28] audit: type=1804 audit(1590300939.836:534): pid=21873 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir823060754/syzkaller.BH26Mm/542/bus" dev="sda1" ino=16383 res=1 06:15:39 executing program 0: [ 884.932007][ T28] audit: type=1800 audit(1590300939.866:535): pid=21873 uid=0 auid=0 ses=4 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="bus" dev="sda1" ino=16383 res=0 [ 884.979730][ T28] audit: type=1804 audit(1590300939.866:536): pid=21873 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir823060754/syzkaller.BH26Mm/542/bus" dev="sda1" ino=16383 res=1 06:15:42 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102385, 0x18ff1}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x128, &(0x7f00000193c0)="f7f258480aa4ce20d179e70076cc036a2a1605000000320800000000000000a172903acab90671ffbb70cef20d945aa586d65a3d7f02224c14f1bdd7d464089414700000000000d384d29308f038cb863cce9acc92b74162953f799a801e4f0a49bd983a793d0f756d427b702ca97d7ba31392f173f30271fa144340a90d74208ee26834d00e37642d03645ffbe9e50affba1233832cbf4882a813cb286fcf95f9db2dd885905284f167992356c7667b5f2e5dddb33f7b43e9988f2c5ebe21e47dc96e22e3d9b9a00a153f2534b2302c88a1d58ac9defdb908981b674ae9470a1a00c47bcc6f9b2d875f101167322be2bfef76a9d17317abc90ab10880ef5ae883053823dc9c2a67c1b51cbcc45af13b649a7d860df49873b7d80b1caaae549e581dd3c8d960320a"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, 0x0) ptrace$cont(0x7, r0, 0x0, 0x0) 06:15:42 executing program 2: 06:15:42 executing program 3: 06:15:42 executing program 0: 06:15:42 executing program 1: r0 = creat(&(0x7f0000000100)='./bus\x00', 0x0) r1 = open(&(0x7f0000000440)='./bus\x00', 0x6500, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) write$cgroup_type(r2, &(0x7f00000009c0)='threaded\x00', 0xd4ba0ff) dup3(r1, r0, 0x0) io_setup(0x40000000008, &(0x7f0000000240)) creat(&(0x7f0000000040)='./bus\x00', 0x0) io_submit(0x0, 0x8, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, r0, &(0x7f0000000000), 0x200a00}]) 06:15:42 executing program 3: [ 887.268810][ T28] audit: type=1804 audit(1590300942.266:537): pid=21891 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir823060754/syzkaller.BH26Mm/543/bus" dev="sda1" ino=16363 res=1 [ 887.356158][ T28] audit: type=1800 audit(1590300942.296:538): pid=21891 uid=0 auid=0 ses=4 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="bus" dev="sda1" ino=16363 res=0 [ 887.460801][ T28] audit: type=1804 audit(1590300942.296:539): pid=21891 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir823060754/syzkaller.BH26Mm/543/bus" dev="sda1" ino=16363 res=1 [ 887.624571][ T28] audit: type=1804 audit(1590300942.616:540): pid=21899 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir823060754/syzkaller.BH26Mm/543/bus" dev="sda1" ino=16363 res=1 06:15:42 executing program 5: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r2, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102385, 0x18ff1}], 0x3, 0x0, 0x0, 0x0) tkill(r2, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @ext={0x29, &(0x7f00000193c0)="f7f258480aa42220e779e70076cc036a2a160500000032a56f7259e480249950f34c6aa172903acab9"}}], 0x1c) ptrace$setregs(0xd, r2, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r2, 0x0, 0x0) 06:15:42 executing program 0: 06:15:42 executing program 2: 06:15:42 executing program 3: 06:15:42 executing program 1: r0 = creat(&(0x7f0000000100)='./bus\x00', 0x0) r1 = open(&(0x7f0000000440)='./bus\x00', 0x6500, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) write$cgroup_type(r2, &(0x7f00000009c0)='threaded\x00', 0xd4ba0ff) dup3(r1, r0, 0x0) io_setup(0x40000000008, &(0x7f0000000240)) creat(&(0x7f0000000040)='./bus\x00', 0x0) io_submit(0x0, 0x8, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, r0, &(0x7f0000000000), 0x200a00}]) 06:15:42 executing program 0: 06:15:45 executing program 2: 06:15:45 executing program 3: 06:15:45 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102385, 0x18ff1}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x128, &(0x7f00000193c0)="f7f258480aa4ce20d179e70076cc036a2a1605000000320800000000000000a172903acab90671ffbb70cef20d945aa586d65a3d7f02224c14f1bdd7d464089414700000000000d384d29308f038cb863cce9acc92b74162953f799a801e4f0a49bd983a793d0f756d427b702ca97d7ba31392f173f30271fa144340a90d74208ee26834d00e37642d03645ffbe9e50affba1233832cbf4882a813cb286fcf95f9db2dd885905284f167992356c7667b5f2e5dddb33f7b43e9988f2c5ebe21e47dc96e22e3d9b9a00a153f2534b2302c88a1d58ac9defdb908981b674ae9470a1a00c47bcc6f9b2d875f101167322be2bfef76a9d17317abc90ab10880ef5ae883053823dc9c2a67c1b51cbcc45af13b649a7d860df49873b7d80b1caaae549e581dd3c8d960320a"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, 0x0) ptrace$cont(0x7, r0, 0x0, 0x0) 06:15:45 executing program 0: 06:15:45 executing program 1: r0 = creat(&(0x7f0000000100)='./bus\x00', 0x0) r1 = open(&(0x7f0000000440)='./bus\x00', 0x6500, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) write$cgroup_type(r2, &(0x7f00000009c0)='threaded\x00', 0xd4ba0ff) dup3(r1, r0, 0x0) io_setup(0x40000000008, &(0x7f0000000240)) creat(&(0x7f0000000040)='./bus\x00', 0x0) io_submit(0x0, 0x8, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, r0, &(0x7f0000000000), 0x200a00}]) 06:15:45 executing program 2: [ 890.350675][ T28] kauditd_printk_skb: 4 callbacks suppressed [ 890.350750][ T28] audit: type=1804 audit(1590300945.346:545): pid=21930 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir823060754/syzkaller.BH26Mm/545/bus" dev="sda1" ino=16352 res=1 [ 890.452629][ T28] audit: type=1800 audit(1590300945.386:546): pid=21930 uid=0 auid=0 ses=4 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="bus" dev="sda1" ino=16352 res=0 [ 890.542662][ T28] audit: type=1804 audit(1590300945.386:547): pid=21930 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir823060754/syzkaller.BH26Mm/545/bus" dev="sda1" ino=16352 res=1 [ 890.784395][ T28] audit: type=1804 audit(1590300945.776:548): pid=21936 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir823060754/syzkaller.BH26Mm/545/bus" dev="sda1" ino=16352 res=1 06:15:45 executing program 5: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r2, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102385, 0x18ff1}], 0x3, 0x0, 0x0, 0x0) tkill(r2, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @ext={0x29, &(0x7f00000193c0)="f7f258480aa42220e779e70076cc036a2a160500000032a56f7259e480249950f34c6aa172903acab9"}}], 0x1c) ptrace$setregs(0xd, r2, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r2, 0x0, 0x0) 06:15:45 executing program 3: 06:15:45 executing program 0: 06:15:45 executing program 2: 06:15:45 executing program 2: 06:15:46 executing program 0: 06:15:46 executing program 1: r0 = creat(&(0x7f0000000100)='./bus\x00', 0x0) r1 = open(&(0x7f0000000440)='./bus\x00', 0x6500, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) write$cgroup_type(r2, &(0x7f00000009c0)='threaded\x00', 0xd4ba0ff) dup3(r1, r0, 0x0) io_setup(0x40000000008, &(0x7f0000000240)=0x0) creat(&(0x7f0000000040)='./bus\x00', 0x0) io_submit(r3, 0x0, 0x0) 06:15:46 executing program 0: [ 891.117096][ T28] audit: type=1804 audit(1590300946.116:549): pid=21954 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir823060754/syzkaller.BH26Mm/546/bus" dev="sda1" ino=16374 res=1 [ 891.168409][ T28] audit: type=1800 audit(1590300946.116:550): pid=21954 uid=0 auid=0 ses=4 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="bus" dev="sda1" ino=16374 res=0 [ 891.229853][ T28] audit: type=1804 audit(1590300946.116:551): pid=21954 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir823060754/syzkaller.BH26Mm/546/bus" dev="sda1" ino=16374 res=1 [ 891.454378][ T28] audit: type=1804 audit(1590300946.436:552): pid=21958 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir823060754/syzkaller.BH26Mm/546/bus" dev="sda1" ino=16374 res=1 06:15:48 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102385, 0x18ff1}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x128, &(0x7f00000193c0)="f7f258480aa4ce20d179e70076cc036a2a1605000000320800000000000000a172903acab90671ffbb70cef20d945aa586d65a3d7f02224c14f1bdd7d464089414700000000000d384d29308f038cb863cce9acc92b74162953f799a801e4f0a49bd983a793d0f756d427b702ca97d7ba31392f173f30271fa144340a90d74208ee26834d00e37642d03645ffbe9e50affba1233832cbf4882a813cb286fcf95f9db2dd885905284f167992356c7667b5f2e5dddb33f7b43e9988f2c5ebe21e47dc96e22e3d9b9a00a153f2534b2302c88a1d58ac9defdb908981b674ae9470a1a00c47bcc6f9b2d875f101167322be2bfef76a9d17317abc90ab10880ef5ae883053823dc9c2a67c1b51cbcc45af13b649a7d860df49873b7d80b1caaae549e581dd3c8d960320a"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, 0x0) ptrace$cont(0x7, r0, 0x0, 0x0) 06:15:48 executing program 3: 06:15:48 executing program 2: 06:15:48 executing program 0: 06:15:48 executing program 5: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r2, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102385, 0x18ff1}], 0x3, 0x0, 0x0, 0x0) tkill(r2, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @ext={0x29, &(0x7f00000193c0)="f7f258480aa42220e779e70076cc036a2a160500000032a56f7259e480249950f34c6aa172903acab9"}}], 0x1c) ptrace$setregs(0xd, r2, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r2, 0x0, 0x0) 06:15:48 executing program 1: r0 = creat(&(0x7f0000000100)='./bus\x00', 0x0) r1 = open(&(0x7f0000000440)='./bus\x00', 0x6500, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) write$cgroup_type(r2, &(0x7f00000009c0)='threaded\x00', 0xd4ba0ff) dup3(r1, r0, 0x0) io_setup(0x40000000008, &(0x7f0000000240)=0x0) creat(&(0x7f0000000040)='./bus\x00', 0x0) io_submit(r3, 0x0, 0x0) 06:15:48 executing program 3: 06:15:48 executing program 2: 06:15:48 executing program 0: 06:15:49 executing program 0: 06:15:49 executing program 3: 06:15:49 executing program 2: [ 894.105459][ T28] audit: type=1804 audit(1590300949.106:553): pid=21985 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir823060754/syzkaller.BH26Mm/547/bus" dev="sda1" ino=16341 res=1 [ 894.173857][ T28] audit: type=1800 audit(1590300949.106:554): pid=21985 uid=0 auid=0 ses=4 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="bus" dev="sda1" ino=16341 res=0 06:15:51 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102385, 0x18ff1}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x128, &(0x7f00000193c0)="f7f258480aa4ce20d179e70076cc036a2a1605000000320800000000000000a172903acab90671ffbb70cef20d945aa586d65a3d7f02224c14f1bdd7d464089414700000000000d384d29308f038cb863cce9acc92b74162953f799a801e4f0a49bd983a793d0f756d427b702ca97d7ba31392f173f30271fa144340a90d74208ee26834d00e37642d03645ffbe9e50affba1233832cbf4882a813cb286fcf95f9db2dd885905284f167992356c7667b5f2e5dddb33f7b43e9988f2c5ebe21e47dc96e22e3d9b9a00a153f2534b2302c88a1d58ac9defdb908981b674ae9470a1a00c47bcc6f9b2d875f101167322be2bfef76a9d17317abc90ab10880ef5ae883053823dc9c2a67c1b51cbcc45af13b649a7d860df49873b7d80b1caaae549e581dd3c8d960320a"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0xffffffffffffffff, r0, 0x0, 0x0) 06:15:51 executing program 3: 06:15:51 executing program 0: 06:15:51 executing program 2: 06:15:52 executing program 5: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r2, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102385, 0x18ff1}], 0x3, 0x0, 0x0, 0x0) tkill(r2, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @ext={0x2a, &(0x7f00000193c0)="f7f258480aa42220e779e70076cc036a2a160500000032a56f7259e480249950f34c6aa172903acab906"}}], 0x1c) ptrace$setregs(0xffffffffffffffff, r2, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r2, 0x0, 0x0) 06:15:52 executing program 1: r0 = creat(&(0x7f0000000100)='./bus\x00', 0x0) r1 = open(&(0x7f0000000440)='./bus\x00', 0x6500, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) write$cgroup_type(r2, &(0x7f00000009c0)='threaded\x00', 0xd4ba0ff) dup3(r1, r0, 0x0) io_setup(0x40000000008, &(0x7f0000000240)=0x0) creat(&(0x7f0000000040)='./bus\x00', 0x0) io_submit(r3, 0x0, 0x0) 06:15:52 executing program 3: 06:15:52 executing program 0: 06:15:52 executing program 2: 06:15:52 executing program 3: [ 897.131360][ T28] kauditd_printk_skb: 2 callbacks suppressed [ 897.131379][ T28] audit: type=1804 audit(1590300952.126:557): pid=22020 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir823060754/syzkaller.BH26Mm/548/bus" dev="sda1" ino=16367 res=1 06:15:52 executing program 2: 06:15:52 executing program 0: [ 897.199384][ T28] audit: type=1800 audit(1590300952.166:558): pid=22020 uid=0 auid=0 ses=4 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="bus" dev="sda1" ino=16367 res=0 [ 897.304148][ T28] audit: type=1804 audit(1590300952.166:559): pid=22020 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir823060754/syzkaller.BH26Mm/548/bus" dev="sda1" ino=16367 res=1 [ 897.544080][ T28] audit: type=1804 audit(1590300952.536:560): pid=22028 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir823060754/syzkaller.BH26Mm/548/bus" dev="sda1" ino=16367 res=1 06:15:54 executing program 3: 06:15:54 executing program 0: 06:15:54 executing program 2: 06:15:54 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102385, 0x18ff1}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x128, &(0x7f00000193c0)="f7f258480aa4ce20d179e70076cc036a2a1605000000320800000000000000a172903acab90671ffbb70cef20d945aa586d65a3d7f02224c14f1bdd7d464089414700000000000d384d29308f038cb863cce9acc92b74162953f799a801e4f0a49bd983a793d0f756d427b702ca97d7ba31392f173f30271fa144340a90d74208ee26834d00e37642d03645ffbe9e50affba1233832cbf4882a813cb286fcf95f9db2dd885905284f167992356c7667b5f2e5dddb33f7b43e9988f2c5ebe21e47dc96e22e3d9b9a00a153f2534b2302c88a1d58ac9defdb908981b674ae9470a1a00c47bcc6f9b2d875f101167322be2bfef76a9d17317abc90ab10880ef5ae883053823dc9c2a67c1b51cbcc45af13b649a7d860df49873b7d80b1caaae549e581dd3c8d960320a"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0xffffffffffffffff, r0, 0x0, 0x0) 06:15:55 executing program 5: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r2, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102385, 0x18ff1}], 0x3, 0x0, 0x0, 0x0) tkill(r2, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @ext={0x2a, &(0x7f00000193c0)="f7f258480aa42220e779e70076cc036a2a160500000032a56f7259e480249950f34c6aa172903acab906"}}], 0x1c) ptrace$setregs(0xffffffffffffffff, r2, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r2, 0x0, 0x0) 06:15:55 executing program 1: r0 = creat(&(0x7f0000000100)='./bus\x00', 0x0) r1 = open(&(0x7f0000000440)='./bus\x00', 0x6500, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) write$cgroup_type(r2, &(0x7f00000009c0)='threaded\x00', 0xd4ba0ff) dup3(r1, r0, 0x0) io_setup(0x40000000008, &(0x7f0000000240)=0x0) creat(&(0x7f0000000040)='./bus\x00', 0x0) io_submit(r3, 0x0, &(0x7f0000000540)) 06:15:55 executing program 0: 06:15:55 executing program 3: 06:15:55 executing program 2: 06:15:55 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102385, 0x18ff1}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x128, &(0x7f00000193c0)="f7f258480aa4ce20d179e70076cc036a2a1605000000320800000000000000a172903acab90671ffbb70cef20d945aa586d65a3d7f02224c14f1bdd7d464089414700000000000d384d29308f038cb863cce9acc92b74162953f799a801e4f0a49bd983a793d0f756d427b702ca97d7ba31392f173f30271fa144340a90d74208ee26834d00e37642d03645ffbe9e50affba1233832cbf4882a813cb286fcf95f9db2dd885905284f167992356c7667b5f2e5dddb33f7b43e9988f2c5ebe21e47dc96e22e3d9b9a00a153f2534b2302c88a1d58ac9defdb908981b674ae9470a1a00c47bcc6f9b2d875f101167322be2bfef76a9d17317abc90ab10880ef5ae883053823dc9c2a67c1b51cbcc45af13b649a7d860df49873b7d80b1caaae549e581dd3c8d960320a"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0xffffffffffffffff, r0, 0x0, 0x0) 06:15:55 executing program 3: [ 900.208116][ T28] audit: type=1804 audit(1590300955.207:561): pid=22059 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir823060754/syzkaller.BH26Mm/549/bus" dev="sda1" ino=16362 res=1 06:15:55 executing program 2: 06:15:55 executing program 0: 06:15:55 executing program 3: [ 900.317062][ T28] audit: type=1800 audit(1590300955.207:562): pid=22059 uid=0 auid=0 ses=4 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="bus" dev="sda1" ino=16362 res=0 [ 900.386778][ T28] audit: type=1804 audit(1590300955.207:563): pid=22059 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir823060754/syzkaller.BH26Mm/549/bus" dev="sda1" ino=16362 res=1 06:15:55 executing program 2: 06:15:55 executing program 0: [ 900.693900][ T28] audit: type=1804 audit(1590300955.687:564): pid=22064 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir823060754/syzkaller.BH26Mm/549/bus" dev="sda1" ino=16362 res=1 06:15:58 executing program 5: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r2, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102385, 0x18ff1}], 0x3, 0x0, 0x0, 0x0) tkill(r2, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @ext={0x2a, &(0x7f00000193c0)="f7f258480aa42220e779e70076cc036a2a160500000032a56f7259e480249950f34c6aa172903acab906"}}], 0x1c) ptrace$setregs(0xffffffffffffffff, r2, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r2, 0x0, 0x0) 06:15:58 executing program 3: 06:15:58 executing program 2: 06:15:58 executing program 0: 06:15:58 executing program 1: r0 = creat(&(0x7f0000000100)='./bus\x00', 0x0) r1 = open(&(0x7f0000000440)='./bus\x00', 0x6500, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) write$cgroup_type(r2, &(0x7f00000009c0)='threaded\x00', 0xd4ba0ff) dup3(r1, r0, 0x0) io_setup(0x40000000008, &(0x7f0000000240)=0x0) creat(&(0x7f0000000040)='./bus\x00', 0x0) io_submit(r3, 0x0, &(0x7f0000000540)) 06:15:58 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102385, 0x18ff1}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x128, &(0x7f00000193c0)="f7f258480aa4ce20d179e70076cc036a2a1605000000320800000000000000a172903acab90671ffbb70cef20d945aa586d65a3d7f02224c14f1bdd7d464089414700000000000d384d29308f038cb863cce9acc92b74162953f799a801e4f0a49bd983a793d0f756d427b702ca97d7ba31392f173f30271fa144340a90d74208ee26834d00e37642d03645ffbe9e50affba1233832cbf4882a813cb286fcf95f9db2dd885905284f167992356c7667b5f2e5dddb33f7b43e9988f2c5ebe21e47dc96e22e3d9b9a00a153f2534b2302c88a1d58ac9defdb908981b674ae9470a1a00c47bcc6f9b2d875f101167322be2bfef76a9d17317abc90ab10880ef5ae883053823dc9c2a67c1b51cbcc45af13b649a7d860df49873b7d80b1caaae549e581dd3c8d960320a"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, 0x0, 0x0, 0x0) 06:15:58 executing program 3: [ 903.346627][ T28] audit: type=1804 audit(1590300958.347:565): pid=22090 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir823060754/syzkaller.BH26Mm/550/bus" dev="sda1" ino=16147 res=1 06:15:58 executing program 0: 06:15:58 executing program 2: r0 = socket$unix(0x1, 0x2, 0x0) bind$unix(r0, &(0x7f0000003000)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0xc) r1 = socket$unix(0x1, 0x2, 0x0) setsockopt$sock_int(r1, 0x1, 0x10, &(0x7f0000000040)=0xffff, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) connect$unix(r1, &(0x7f0000000080)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) [ 903.440302][ T28] audit: type=1800 audit(1590300958.347:566): pid=22090 uid=0 auid=0 ses=4 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="bus" dev="sda1" ino=16147 res=0 06:15:58 executing program 3: perf_event_open(&(0x7f000025c000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff7fffffffffff, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r0, 0x0) r3 = socket$inet_udp(0x2, 0x2, 0x0) close(r3) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) r4 = socket$inet_udp(0x2, 0x2, 0x0) close(r4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000009, 0x8031, 0xffffffffffffffff, 0x0) [ 903.534844][ T28] audit: type=1804 audit(1590300958.347:567): pid=22090 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir823060754/syzkaller.BH26Mm/550/bus" dev="sda1" ino=16147 res=1 06:15:58 executing program 0: clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_udp(0xa, 0x2, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000700)=@raw={'raw\x00', 0x3c1, 0x3, 0x348, 0x108, 0x0, 0xd0, 0x108, 0xd0, 0x278, 0x228, 0x228, 0x278, 0x228, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0xa8, 0x108}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv6=@private1, [], 0x0, 0x0, 0x0, 0x0, 0xfffffff7, 0x5, 0x0, 0x2}}}, {{@uncond, 0x0, 0x138, 0x170, 0x0, {}, [@common=@srh1={{0x90, 'srh\x00'}, {0x0, 0x0, 0x0, 0x0, 0x0, @dev, @loopback, @dev}}]}, @common=@inet=@SET3={0x38, 'SET\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3a8) 06:15:58 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000100)=@ipv6_newrule={0x24, 0x20, 0x80d, 0x0, 0x0, {0x2}, [@FIB_RULE_POLICY=@FRA_TABLE={0x8}]}, 0x24}}, 0x0) [ 903.713306][T22107] xt_HMARK: proto mask must be zero with L3 mode [ 903.731265][T22109] xt_HMARK: proto mask must be zero with L3 mode [ 903.908212][ T28] audit: type=1804 audit(1590300958.907:568): pid=22097 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir823060754/syzkaller.BH26Mm/550/bus" dev="sda1" ino=16147 res=1 06:16:01 executing program 5: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r2, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102385, 0x18ff1}], 0x3, 0x0, 0x0, 0x0) tkill(r2, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @ext={0x2a, &(0x7f00000193c0)="f7f258480aa42220e779e70076cc036a2a160500000032a56f7259e480249950f34c6aa172903acab906"}}], 0x1c) ptrace$setregs(0xd, 0x0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r2, 0x0, 0x0) 06:16:01 executing program 0: syz_open_dev$evdev(&(0x7f0000000080)='/dev/input/event#\x00', 0x2, 0x4300) 06:16:01 executing program 2: r0 = socket(0x11, 0x800000003, 0x0) bind(r0, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) getsockname$packet(r0, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000000)=0x14) r2 = socket(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r2, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000100)=@newqdisc={0x78, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r1, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_sfq={{0x8, 0x1, 'sfq\x00'}, {0x4c, 0x2, {{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfd}}}]}, 0x78}}, 0x0) 06:16:01 executing program 3: perf_event_open(&(0x7f0000000000)={0x1000000002, 0x70, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) setxattr$security_capability(&(0x7f0000000080)='./file0\x00', &(0x7f0000000100)='security.capability\x00', &(0x7f0000000140)=@v3, 0x18, 0x0) 06:16:01 executing program 1: r0 = creat(&(0x7f0000000100)='./bus\x00', 0x0) r1 = open(&(0x7f0000000440)='./bus\x00', 0x6500, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) write$cgroup_type(r2, &(0x7f00000009c0)='threaded\x00', 0xd4ba0ff) dup3(r1, r0, 0x0) io_setup(0x40000000008, &(0x7f0000000240)=0x0) creat(&(0x7f0000000040)='./bus\x00', 0x0) io_submit(r3, 0x0, &(0x7f0000000540)) 06:16:01 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102385, 0x18ff1}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x128, &(0x7f00000193c0)="f7f258480aa4ce20d179e70076cc036a2a1605000000320800000000000000a172903acab90671ffbb70cef20d945aa586d65a3d7f02224c14f1bdd7d464089414700000000000d384d29308f038cb863cce9acc92b74162953f799a801e4f0a49bd983a793d0f756d427b702ca97d7ba31392f173f30271fa144340a90d74208ee26834d00e37642d03645ffbe9e50affba1233832cbf4882a813cb286fcf95f9db2dd885905284f167992356c7667b5f2e5dddb33f7b43e9988f2c5ebe21e47dc96e22e3d9b9a00a153f2534b2302c88a1d58ac9defdb908981b674ae9470a1a00c47bcc6f9b2d875f101167322be2bfef76a9d17317abc90ab10880ef5ae883053823dc9c2a67c1b51cbcc45af13b649a7d860df49873b7d80b1caaae549e581dd3c8d960320a"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, 0x0, 0x0, 0x0) 06:16:01 executing program 3: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000940)=ANY=[@ANYBLOB="66696c74657200000000000000000000000000000000000000000000000000000e00000004000000d802000000000000f0000000f000000000000000f0000000400200004002000040020000400200004002000004000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000c800f000000000000011596b0599e061800000000000000030006164647274797065000000000000000000000000000000000000000000000000000000000000000000000000000028006164647274797065000000000000000000000000000000000000000000010001000909000000280052454a454354000000000000000000000000000000000000000000000000000000000000c51546bb000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000faffffff00000000000000000000000e00000000000049000000000000000000000000000000000000700098000000000000000000000000000000000000000000280052454a4543540000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000b80000000000000000000000000000000000000000004800544545000000000000000000000000000000000000000000000000000001ac1414bb00000000000000000000000076657468305f746f5f627269646765000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000000feffffff"], 0x1) r1 = socket(0x2, 0x3, 0x2) sendto$unix(r1, 0x0, 0x0, 0x0, &(0x7f0000000d00)=@abs, 0x6e) [ 906.494501][ T28] audit: type=1804 audit(1590300961.497:569): pid=22135 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir823060754/syzkaller.BH26Mm/551/bus" dev="sda1" ino=16378 res=1 [ 906.553043][ T28] audit: type=1800 audit(1590300961.517:570): pid=22135 uid=0 auid=0 ses=4 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="bus" dev="sda1" ino=16378 res=0 [ 906.561444][T22141] x_tables: duplicate underflow at hook 2 [ 906.582751][T22141] raw_sendmsg: syz-executor.3 forgot to set AF_INET. Fix it! [ 906.591870][T22141] x_tables: duplicate underflow at hook 2 06:16:01 executing program 3: mprotect(&(0x7f0000005000/0x3000)=nil, 0x3000, 0x0) r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r0, &(0x7f0000000280)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) sendto$inet(r0, &(0x7f00000012c0)="0c268a927f1f6588b967481241ba7860f46ef65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95c25a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0xfe6a, 0x11, 0x0, 0x27) 06:16:01 executing program 2: perf_event_open(&(0x7f0000000000)={0x1000000002, 0x70, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000040)='./file0\x00', 0x0, 0x845284, 0x0) 06:16:01 executing program 0: sendmsg$unix(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)=ANY=[], 0xc}, 0x0) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() socketpair$unix(0x1, 0x0, 0x0, 0x0) wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f00000000c0)={@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0x18}) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x1b) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r0, 0x0, 0x0) [ 906.651252][ T28] audit: type=1804 audit(1590300961.517:571): pid=22135 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir823060754/syzkaller.BH26Mm/551/bus" dev="sda1" ino=16378 res=1 06:16:01 executing program 2: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x88002, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller1\x00', 0x420000015001}) r1 = socket$netlink(0x10, 0x3, 0x0) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$sock_inet_SIOCSIFADDR(r1, 0x8914, &(0x7f0000000140)={'syzkaller1\x00', {0x7, 0x0, @remote}}) write$tun(r0, &(0x7f0000000200)={@void, @val, @mpls={[], @ipv6=@icmpv6={0x0, 0x6, "9eef7b", 0x8, 0x3a, 0x0, @empty, @mcast2, {[], @echo_request}}}}, 0x3a) 06:16:01 executing program 0: r0 = socket(0x80000000000000a, 0x2, 0x0) sendmmsg$inet6(r0, &(0x7f0000001c80)=[{{&(0x7f0000000240)={0xa, 0x4e24, 0x0, @ipv4={[], [], @remote}}, 0x1c, 0x0}}, {{&(0x7f0000000080)={0xa, 0x4e21, 0x0, @private0}, 0x1c, 0x0, 0x0, &(0x7f00000000c0)=[@hopopts={{0x18, 0x29, 0x36, {0x0, 0x1ffffe26, [], [@hao={0xc9, 0x0, @remote}, @calipso={0x7, 0x0, {0x0, 0x0, 0x0, 0x0, [0x0, 0x0]}}]}}}, @hopopts_2292={{0x18}}, @tclass={{0x14}}], 0x48}}], 0x2, 0x0) [ 907.153574][ T28] audit: type=1804 audit(1590300962.137:572): pid=22144 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir823060754/syzkaller.BH26Mm/551/bus" dev="sda1" ino=16378 res=1 06:16:04 executing program 5: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r2, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102385, 0x18ff1}], 0x3, 0x0, 0x0, 0x0) tkill(r2, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @ext={0x2a, &(0x7f00000193c0)="f7f258480aa42220e779e70076cc036a2a160500000032a56f7259e480249950f34c6aa172903acab906"}}], 0x1c) ptrace$setregs(0xd, 0x0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r2, 0x0, 0x0) 06:16:04 executing program 3: sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000100)=@ipv6_newrule={0x1c, 0x20, 0x80d, 0x0, 0x0, {0x2, 0x0, 0x0, 0xfd}}, 0x1c}}, 0x0) r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket(0x10, 0x80002, 0x0) sendmmsg$alg(r2, &(0x7f00000000c0), 0x492492492492627, 0x0) 06:16:04 executing program 0: clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_MCAST_MSFILTER(0xffffffffffffffff, 0x29, 0x30, 0x0, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000700)=@raw={'raw\x00', 0x3c1, 0x3, 0x348, 0x108, 0x0, 0xd0, 0x108, 0xd0, 0x278, 0x228, 0x228, 0x278, 0x228, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0xa8, 0x108}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv6=@private1, [], 0x0, 0x0, 0x0, 0x0, 0xfffffff7, 0x5, 0x0, 0x2}}}, {{@uncond, 0x0, 0x138, 0x170, 0x0, {}, [@common=@srh1={{0x90, 'srh\x00'}, {0x0, 0x0, 0x0, 0x0, 0x0, @dev, @loopback, @dev}}]}, @common=@inet=@SET3={0x38, 'SET\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3a8) 06:16:04 executing program 2: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000400)="6653070000053c27bc3376003639405cb4aed12f0000001500ae47a825d86800278dcff47d010000805acf4f8f36460234432479aed75d492b415bcee00a06dc9d8e99adaf81dcfc6afd983f79e65199615607676f8f9fc0ebf8b0b16d6f2c59957ab364884b3c5d05692e664ebf68e6faa53367f05f4ad6142134b62f11e931e7d62ead037cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f480800b100000000050000be5d2dd15b6210d53eed19bca008388e736e518b98d91c22def1125d7b1e821039a95ad8b91ceaf3e0b5556a98593d", 0xfb}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000080)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0xffffffffffffffff}}}, 0x78) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) 06:16:04 executing program 1: r0 = creat(&(0x7f0000000100)='./bus\x00', 0x0) r1 = open(&(0x7f0000000440)='./bus\x00', 0x6500, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) write$cgroup_type(r2, &(0x7f00000009c0)='threaded\x00', 0xd4ba0ff) dup3(r1, r0, 0x0) io_setup(0x40000000008, &(0x7f0000000240)=0x0) creat(&(0x7f0000000040)='./bus\x00', 0x0) io_submit(r3, 0x1, &(0x7f0000000540)=[0x0]) 06:16:04 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102385, 0x18ff1}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x128, &(0x7f00000193c0)="f7f258480aa4ce20d179e70076cc036a2a1605000000320800000000000000a172903acab90671ffbb70cef20d945aa586d65a3d7f02224c14f1bdd7d464089414700000000000d384d29308f038cb863cce9acc92b74162953f799a801e4f0a49bd983a793d0f756d427b702ca97d7ba31392f173f30271fa144340a90d74208ee26834d00e37642d03645ffbe9e50affba1233832cbf4882a813cb286fcf95f9db2dd885905284f167992356c7667b5f2e5dddb33f7b43e9988f2c5ebe21e47dc96e22e3d9b9a00a153f2534b2302c88a1d58ac9defdb908981b674ae9470a1a00c47bcc6f9b2d875f101167322be2bfef76a9d17317abc90ab10880ef5ae883053823dc9c2a67c1b51cbcc45af13b649a7d860df49873b7d80b1caaae549e581dd3c8d960320a"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, 0x0, 0x0, 0x0) 06:16:04 executing program 0: r0 = syz_open_dev$loop(&(0x7f0000000080)='/dev/loop#\x00', 0x0, 0x105082) sendmmsg(0xffffffffffffffff, &(0x7f000000a980)=[{{0x0, 0x0, &(0x7f0000003c80)=[{&(0x7f0000001c00)="3b421ddaeab2b1410bff1488b8de5992f1b2a790fc651d29053e6634abc65aaa6dc36c5d35a8515d5ba5424105654cd02297f92084ecb8d29c7824cec6b3615949243fb60107b994083c17f3a3ccdfab39e2871a316f7b6d97c6d2e41477611ec631c8f9d9d62d6a099a86c16491a151160d8ebfd1584eb3abf0905edf44423d05443ed87b937ae6d25a87319a7e1ccf89b97474345d4e3d90b765a015243477c64f0af0a012776a412e0b33a0f404bcafa5f9dc941f83d35ea08a392b267192f52e0badb2db9ef197367bf3f2fbddc4b0773bfe69cefd733fa972e05c17107fdc0c1bc859c862eb64ba2f491b43c45c5d5f773a3051dbeeb2bd24fb547f590e0be337addbc78a683486bc11b0523763c4b40e5d75afaeae8af4d64fe9fb633607633406666d740129de3994b8a3c0b77d15ca0010a54bcf2b90f37aefc536cfeb9eb4937fcf7f8123b925c45c850c0366fb77f24a1efeeedad0f6012f913a51cae77bdaebacf49e8ee796eae667f98f1fbeaa0e7fbe176c85cc148418a4cd8ce5d4de67f52625d6632eeb3f9c811139bbe2e7648cc517e396939edc974f84e724a6057912f4d09265b0e4103b01d03478be9169ca05e62983ce15bb1d5424c497229b34e2fdb0001d74632def088a7577bdf31537fcb253e5a014747268395c558e85793e643dc6b1f96c1741849c1ec09d09889ff64668f109b9211138506b2fe708191118533a0073c859adacbd41ab2913a10f7cb9717806216b6b6b6fcd3f481c350f4a02f332e01a570b8c486c51869edf08b4cb426d8e3ed3e72eee1d9959f48c82a8a17c5a97644bcf4c5c75b5de8e1ff88ebea58e2aa2f722ef7b484683d561a4fb5f0aedee59aee089242b047277774008d6f9dcf41c42b0411167528b1bdfb6d11b7311c80d19ea6575ef23dff56353aef8c24e88fdb2f2feda5b5efb99e96c46591f1fae8641a876fbbdcaabc136e88e6168583895f8879d1f976540b76a3ff76ff0c40a907a4dbfa63ad226e26d8c31b05cf1add2427132468fbab6956fa8b2e384ae6dd1aef38f37c215c903b9d68ca2cd7e1699823c75fb636ecb8daa9a17608797fc3c5a1616f5ff1029c49c3995ebb2da8badf37f1f3fb36fb6d6c67dad6d50a7f4f91367492f1f447a4786040cbd429da4c1766f1c0b25796d4ef8a86b9f30fc9cd75916ac8b4b7d109324de5d96543a7f92b8cb285b6858ed8c69e682f7f22b4b3c534a59533ffc54e04b1053a9e9fec33d42aa43bf2b8f3879dde4b50affd81689d4e570f98f7d1c8c2c8501a047030542fddf2034608ed7727532d32f1c7b744c5a38fe024156d5eee4076b3433ef15afb6d3e3c8c6a44586ace3dd2cef4fee227b60812c3f56104e37295764f5bcd88fa91e1a4b8b0fb18dd893b207138adcec6fc4836b0272a11b2234bf957a174c4968fe77765b69", 0x401}], 0x1}}, {{0x0, 0x0, 0x0, 0x0, &(0x7f0000004100)=[{0x10}], 0x10}}, {{0x0, 0x0, 0x0, 0x0, &(0x7f0000005b40)=[{0xc0, 0x0, 0x0, "8e8a2895bb00d24170b1a46e1335442a579944cfe1f5ee2af6924853ce42a99c1c47e25ad9bb38f516fd9cc2ad5135e062f79b290e2d811b8de2d98e278ee4244dc7081ffb9eff15174c7e47347bab808f4a86c04a00875f14b0a012df987d81e1101f77573395050e40b9560b91bce8ac8d7d0f9325a50901b0e3daefc38f3a0b7817bf0cce58759afe8820c56f6197a496d634cb1eadb7da83a96401eb94de0e0d483d7cc84fdeed"}, {0xc0, 0x0, 0x0, "f14f9f8ad99c743ed0277c1257eb022bd384bb2a3140c028989f9ffffaaddf0463a950a6c634a3eeaa322c83419d4ed25c5ebb6616148c76e41af1142ce321b09ee6cead696bf5271e869fe4f35903e251f8df4c0d2a37ba07c312ff9a71a86ec9de4f4740d98d76206592d378c5e130240198f2987cd4f618021923a631778c18946139f09ebca0de6fe5d2be227af07dfd27f15dc0e87953e9a5ba2feaaffd89e559f0c9fed4bf12"}, {0x348, 0x0, 0x0, "a0719e4a88e409c3f06401f0c7c9ded6b0c8d105a81eb586a5adcedc25a8dd56ec5695fe33a36dcff42a818dfd1b6b6750dcee5956e58d3b944c8648620d717345df39ddf129cd5ba094c22444e059da415457911f6dfeb61bf7659d6c5be98015248b29226fca77563256824871309c6dd22716cfa1575cd4f393fb21b05626308cfd6db556eae0a0b763cc23c8c240375de635d89e608cbf873c8b0186766e3944579b4c79737125feaf27c448c5fce7150ce28233b59f4f443f7e71655459b1ba8bfbe91e425da6befcec265441a3ba314d417c08280cab7fb63a3894f9d931e3b9ab27c2d4d923f37cac9feb4a110e0ee978fb9f9b536c9d1b9e1a2098188ff46d61113b285a33e87ce4208eefcf1d792dd73f9ee1a5869eb636d129c179ffbff6522035018e15cd3cb200736fe675e7f594144bf0eb1729a62c0d8c66f2279bdd76b96a962d4e74e403ca441d90eb9d12cfe3006a86b1ab267e0df16dd6ead57afd9b201ee1910bbaf4d778d4004022f3e39fbd6d52971ca2b719ec0707d038f0d5ceaa2500c0d6df27da2fbe9e64ac554d4ba3f57ddb83e2896ecc3b7a5a6c6fbbdc944c51dc5f11152775c54796b657af874fa446f5e028e06784715e9c8614079062381949a0eb05b31554fe8cde3ecd9838f09fbb62251200b3cb26beac467a249db9c7f27a2c1fa52dbb175fd1c7ad042aa525d203408ad7d7a652d4210e84e9a30d6532bbe45b78a896b87e21c7e526f26c4c5bccdb1460f48507d1369dd308b72afa3ae7d7a6d48ec99fe9e591b5759a267e8c3dbf9972e9ecc2cf1aa1257ec34979d171196f2be24c796a9a82230ccb49b16788f857abb607bd028ae79ab3ecc35beab39ced48ebc81e9fbbda231b51a7c48f5fe7e09cb5cec057d52127870c8d627d19a9a0d3855458e4bf9246bb5be5ba4d471e42354ba2037e9d8a467619ff96129ea82769c8a67dcfb2fe8e29da4b674941fc7e7111f6da6c21e07a1e52c6fb794c6371529820de30c39de4a9e7be0c0ddc9b0cb5093b848b894cf423831991561e2f48dac3f40284a5e11e188429794e2f052ea61c9cf55cb76c1426789bcb23812a04d29dd48d67e10390b79f435daa713956c1cc0148730a1db1046950120b57b80269a2983f39"}], 0x4c8}}, {{0x0, 0x0, 0x0, 0x0, &(0x7f00000072c0)=[{0x10}], 0x10}}, {{0x0, 0x0, 0x0, 0x0, &(0x7f0000008680)=[{0x10}], 0x10}}], 0x5, 0x0) r1 = memfd_create(&(0x7f0000000100)='\xbb\x02\xb1\x91^\x00\x00\x01\x00\x00\x00\x00\x00\x00\xfa\xe3\xa0\xd42\x90YJ\x89]\xad\x01\xc3\\:;\x99\xbck\xf9=\xfa\xe8HB\xf7\x92\x16\xbc\x11\xc4\xff\xa1\xea\xf9l', 0x0) pwritev(r1, &(0x7f00000001c0)=[{&(0x7f0000000200)="c5", 0x1}], 0x1, 0x40ee1) ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) mmap(&(0x7f0000009000/0xf000)=nil, 0xf000, 0x0, 0x100812, r0, 0x0) write(r0, &(0x7f0000000000), 0x52698b21) [ 909.613536][T22188] xt_HMARK: proto mask must be zero with L3 mode [ 909.630644][T22192] xt_HMARK: proto mask must be zero with L3 mode [ 909.635133][ T28] audit: type=1804 audit(1590300964.627:573): pid=22191 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir823060754/syzkaller.BH26Mm/552/bus" dev="sda1" ino=16362 res=1 06:16:04 executing program 3: r0 = perf_event_open(&(0x7f0000000000)={0x1000000002, 0x70, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) fcntl$setstatus(r0, 0x4, 0x2400) [ 909.706529][ T28] audit: type=1800 audit(1590300964.647:574): pid=22191 uid=0 auid=0 ses=4 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="bus" dev="sda1" ino=16362 res=0 [ 909.762126][ T28] audit: type=1804 audit(1590300964.667:575): pid=22191 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir823060754/syzkaller.BH26Mm/552/bus" dev="sda1" ino=16362 res=1 06:16:04 executing program 3: perf_event_open(&(0x7f0000000000)={0x1000000002, 0x70, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000deaff6)='numa_maps\x00') readv(r0, 0x0, 0x0) 06:16:04 executing program 0: r0 = socket$unix(0x1, 0x5, 0x0) perf_event_open(&(0x7f0000000200)={0x1000000002, 0x70, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bind$unix(r0, &(0x7f0000003000)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0xc) r1 = socket$unix(0x1, 0x2, 0x0) connect$unix(r1, &(0x7f0000000080)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) 06:16:05 executing program 3: r0 = socket$unix(0x1, 0x2, 0x0) perf_event_open(&(0x7f0000000200)={0x1000000002, 0x70, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bind$unix(r0, &(0x7f0000003000)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0xc) r1 = socket$unix(0x1, 0x2, 0x0) setsockopt$sock_int(r1, 0x1, 0x10, &(0x7f0000000040)=0xffff, 0x4) connect$unix(r1, &(0x7f0000000080)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) 06:16:05 executing program 3: r0 = socket$unix(0x1, 0x2, 0x0) perf_event_open(&(0x7f0000000200)={0x1000000002, 0x70, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bind$unix(r0, &(0x7f0000003000)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0xc) r1 = socket$unix(0x1, 0x2, 0x0) setsockopt$sock_int(r1, 0x1, 0x10, &(0x7f0000000040)=0xffff, 0x4) connect$unix(r1, &(0x7f0000000080)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) [ 910.253468][ T28] audit: type=1804 audit(1590300965.247:576): pid=22210 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir823060754/syzkaller.BH26Mm/552/bus" dev="sda1" ino=16362 res=1 06:16:07 executing program 5: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r2, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102385, 0x18ff1}], 0x3, 0x0, 0x0, 0x0) tkill(r2, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @ext={0x2a, &(0x7f00000193c0)="f7f258480aa42220e779e70076cc036a2a160500000032a56f7259e480249950f34c6aa172903acab906"}}], 0x1c) ptrace$setregs(0xd, 0x0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r2, 0x0, 0x0) 06:16:07 executing program 0: pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) write(0xffffffffffffffff, &(0x7f0000000140)="fc0000001c00070cab0000000000f00007ab08000800000049860000210001c000000000000000000c00000000039815fa2c1ec28656aaa79bb94b46fe0000000a0002", 0xffffffffffffffa7) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0xff2b) socket$netlink(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) splice(r0, 0x0, r2, 0x0, 0x10005, 0x0) 06:16:07 executing program 3: r0 = socket$unix(0x1, 0x2, 0x0) perf_event_open(&(0x7f0000000200)={0x1000000002, 0x70, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bind$unix(r0, &(0x7f0000003000)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0xc) r1 = socket$unix(0x1, 0x2, 0x0) setsockopt$sock_int(r1, 0x1, 0x10, &(0x7f0000000040)=0xffff, 0x4) connect$unix(r1, &(0x7f0000000080)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) 06:16:07 executing program 1: r0 = creat(&(0x7f0000000100)='./bus\x00', 0x0) r1 = open(&(0x7f0000000440)='./bus\x00', 0x6500, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) write$cgroup_type(r2, &(0x7f00000009c0)='threaded\x00', 0xd4ba0ff) dup3(r1, r0, 0x0) io_setup(0x40000000008, &(0x7f0000000240)=0x0) creat(&(0x7f0000000040)='./bus\x00', 0x0) io_submit(r3, 0x1, &(0x7f0000000540)=[0x0]) 06:16:07 executing program 2: perf_event_open(&(0x7f0000000200)={0x1000000002, 0x70, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_PROTOCOL(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000000c0)={0x14, 0x1, 0x6, 0x301, 0x0, 0x0, {0x0, 0x0, 0x1}}, 0x14}}, 0x40080) 06:16:07 executing program 4: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = fcntl$dupfd(r2, 0x0, r2) setsockopt$IP6T_SO_SET_REPLACE(r3, 0x29, 0x40, &(0x7f0000000d80)=ANY=[@ANYBLOB="66696c74657200000000000000000000000000000000000000000000000000000e00002004000000b0030000d000000010020000d0000000d000000000000000e0020000e0020000e0020000e0020000e002000004000000000000000000000000000000000000000000ffff7f000001ff010000000000000000000000000001000000000000000000000000000000000000000000000000000000000000000076657468305f766c616e0000000000006e657464657673696d300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a800d000000000000000000000000000000000000000000000000000280052454a4543540000000000000000000000000000000000000000000000000000000000000000fe880000000000000000000000000001fe8800000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000726f73653000000000000000000000006e657464657673696d300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000140010000000000000000000000000000000000000000000000005800686173686c696d697400000000000000000000000000000000000000000176657468315f746f5f687372000000000000000000000000080000000000000000000000010000000100010000000000000000000000000040004552524f52000000000000000000000000000000000000000000000000007eedfcb3000000000000000041901a8d235bd39675399e5719d27a53274800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a800d000000000000000000000000000000000000000000000000000280052454a45435400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a800d0000000000000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000000feffffff"], 0x1) [ 912.686885][T22240] netlink: 176 bytes leftover after parsing attributes in process `syz-executor.0'. [ 912.704314][ T28] audit: type=1804 audit(1590300967.707:577): pid=22242 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir823060754/syzkaller.BH26Mm/553/bus" dev="sda1" ino=16360 res=1 [ 912.755517][T22243] x_tables: duplicate underflow at hook 2 06:16:07 executing program 2: r0 = socket$inet6(0xa, 0x3, 0x8) r1 = dup(r0) perf_event_open(&(0x7f0000000000)={0x1000000002, 0x70, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) connect$unix(r1, &(0x7f0000000400)=@file={0x0, './bus\x00'}, 0x6e) [ 912.791215][ T28] audit: type=1800 audit(1590300967.727:578): pid=22242 uid=0 auid=0 ses=4 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="bus" dev="sda1" ino=16360 res=0 06:16:07 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000700)=@ipv6_newrule={0x1c, 0x20, 0x80d, 0x0, 0x0, {0x2}}, 0x1c}}, 0x0) clock_gettime(0x0, &(0x7f0000004440)) recvmmsg(r2, &(0x7f0000004340)=[{{&(0x7f0000000440)=@ethernet={0x0, @broadcast}, 0x80, 0x0}}, {{0x0, 0x0, 0x0}}], 0x2, 0x0, 0x0) 06:16:07 executing program 0: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) clone(0x2000000002000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r2, 0x9003000000000000, 0x40, &(0x7f0000000180)=@raw={'raw\x00', 0x2, 0x3, 0x2c8, 0x178, 0x178, 0x178, 0x0, 0x178, 0x230, 0x230, 0x230, 0x230, 0x230, 0x3, 0x0, {[{{@uncond, 0x0, 0x158, 0x178, 0x0, {}, [@common=@unspec=@string={{0xc0, 'string\x00'}, {0x0, 0x0, 'kmp\x00', "f9d9e63590ab5471c46924e95540949f0cd7e2b0a94d71d9d944acb7f0a1297674a95b30cee19db4c1725572ba928385b1635c89b58ae9a0e1ea500b26f006da3fa8a134552f7980e92de5a784cd4f46e799e191835d7d5ea776f04bef524e22f0bb6ed4b00f44ceb936943e13fa1caa6b4b159c673db1efa9a08b1ddc74ce6c", 0x47, 0x2}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @unspec=@NOTRACK={0x20, 'NOTRACK\x00'}}, {{@uncond, 0x0, 0x98, 0xb8, 0x0, {}, [@inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @unspec=@NOTRACK={0x20, 'NOTRACK\x00'}}], {{[], 0x0, 0x70, 0x98}, {0x28, '\x00', 0x4}}}}, 0x328) 06:16:07 executing program 4: pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) write(r1, &(0x7f0000000000)="fc0000001d000724ab09254ec100070007ab08001b000000f0ffff002100057e0000000000000e000039000000039815fad151ba0101099cecb94b46fe0000000a00020025", 0xffffff0c) r4 = socket$inet_udp(0x2, 0x2, 0x0) pipe(&(0x7f00000004c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_misc(r6, &(0x7f0000000000)=ANY=[], 0xfffffecc) splice(r5, 0x0, r1, 0x0, 0xffffffffffff8001, 0x0) close(r4) socket$netlink(0x10, 0x3, 0x0) splice(r0, 0x0, r4, 0x0, 0x4ffdc, 0x0) [ 912.870487][ T28] audit: type=1804 audit(1590300967.737:579): pid=22242 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir823060754/syzkaller.BH26Mm/553/bus" dev="sda1" ino=16360 res=1 06:16:08 executing program 2: r0 = socket$inet6(0x10, 0x2, 0x0) sendmsg(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000680)="5500000018007f5300fe01b2a4a280930a600000ffa84308910000bb6f0039000900084002211b32c815636f6ab18d00010001e1200ce26f757284366a660006000000010000dc1338d54400009b04000000000000", 0x55}], 0x1}, 0x0) 06:16:08 executing program 0: pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000000)="fc0000001d000724ab09254ec100070007ab08001b000000f0ffff002100057e0000000000000e000039000000039815fad151ba0101099cecb94b46fe0000000a00020025", 0xffffff0c) r2 = socket$inet_udp(0x2, 0x2, 0x0) r3 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) close(r2) socket$netlink(0x10, 0x3, 0x0) splice(r0, 0x0, r2, 0x0, 0x4ffdc, 0x0) [ 913.018692][T22263] xt_CT: netfilter: NOTRACK target is deprecated, use CT instead or upgrade iptables [ 913.053787][T22263] x_tables: ip_tables: rpfilter match: used from hooks INPUT, but only valid from PREROUTING [ 913.135203][T22274] netlink: 57 bytes leftover after parsing attributes in process `syz-executor.2'. [ 913.168270][T22274] IPv6: NLM_F_REPLACE set, but no existing node found! [ 913.192506][T22276] netlink: 176 bytes leftover after parsing attributes in process `syz-executor.4'. [ 913.226955][T22277] netlink: 176 bytes leftover after parsing attributes in process `syz-executor.0'. [ 913.313289][ T28] audit: type=1804 audit(1590300968.307:580): pid=22254 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir823060754/syzkaller.BH26Mm/553/bus" dev="sda1" ino=16360 res=1 [ 913.797367][T22272] ================================================================== [ 913.805699][T22272] BUG: KCSAN: data-race in pipe_double_lock / put_pipe_info [ 913.812960][T22272] [ 913.815285][T22272] write to 0xffff8880a1a2e8a8 of 4 bytes by task 22256 on cpu 1: [ 913.822992][T22272] put_pipe_info+0x47/0xb0 [ 913.827389][T22272] pipe_release+0x150/0x1a0 [ 913.831890][T22272] __fput+0x1e9/0x500 [ 913.835858][T22272] ____fput+0x1b/0x30 [ 913.839904][T22272] task_work_run+0xba/0x120 [ 913.844402][T22272] exit_to_usermode_loop+0x2ae/0x2c0 [ 913.850755][T22272] do_syscall_64+0x38b/0x3b0 [ 913.855328][T22272] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 913.861203][T22272] [ 913.863526][T22272] read to 0xffff8880a1a2e8a8 of 4 bytes by task 22272 on cpu 0: [ 913.871154][T22272] pipe_double_lock+0x3b/0x120 [ 913.875896][T22272] do_splice+0x216/0xc30 [ 913.880566][T22272] __x64_sys_splice+0x1fd/0x210 [ 913.885401][T22272] do_syscall_64+0xc7/0x3b0 [ 913.890024][T22272] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 913.895887][T22272] [ 913.898198][T22272] Reported by Kernel Concurrency Sanitizer on: [ 913.904371][T22272] CPU: 0 PID: 22272 Comm: syz-executor.4 Not tainted 5.7.0-rc1-syzkaller #0 [ 913.913037][T22272] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 913.923260][T22272] ================================================================== [ 913.931315][T22272] Kernel panic - not syncing: panic_on_warn set ... [ 913.937893][T22272] CPU: 0 PID: 22272 Comm: syz-executor.4 Not tainted 5.7.0-rc1-syzkaller #0 [ 913.946545][T22272] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 913.956589][T22272] Call Trace: [ 913.959890][T22272] dump_stack+0x11d/0x187 [ 913.964225][T22272] panic+0x210/0x640 [ 913.968125][T22272] ? vprintk_func+0x89/0x13a [ 913.972734][T22272] kcsan_report.cold+0xc/0x1a [ 913.977434][T22272] kcsan_setup_watchpoint+0x3fb/0x440 [ 913.982824][T22272] pipe_double_lock+0x3b/0x120 [ 913.987593][T22272] do_splice+0x216/0xc30 [ 913.991844][T22272] __x64_sys_splice+0x1fd/0x210 [ 913.996710][T22272] do_syscall_64+0xc7/0x3b0 [ 914.001217][T22272] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 914.007097][T22272] RIP: 0033:0x45ca29 [ 914.011000][T22272] Code: 0d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 914.030601][T22272] RSP: 002b:00007f903a268c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000113 [ 914.039032][T22272] RAX: ffffffffffffffda RBX: 00000000005079c0 RCX: 000000000045ca29 [ 914.047000][T22272] RDX: 0000000000000004 RSI: 0000000000000000 RDI: 0000000000000008 [ 914.054971][T22272] RBP: 000000000078c040 R08: ffffffffffff8001 R09: 0000000000000000 [ 914.062943][T22272] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 914.070930][T22272] R13: 0000000000000bae R14: 00000000004ce9f7 R15: 00007f903a2696d4 [ 914.079824][T22272] Kernel Offset: disabled [ 914.084300][T22272] Rebooting in 86400 seconds..