(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={&(0x7f0000000000), 0xc, &(0x7f0000000540)={&(0x7f00000003c0)=@newlink={0x28, 0x10, 0x705, 0x300, 0x0, {}, [@IFLA_OPERSTATE={0x8}]}, 0x28}}, 0x0) 14:31:46 executing program 2: write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000180)={0x20, 0xffffffffffffffda}, 0x20) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f00000000c0)={'\x00', 0x400}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000200)={0x94, &(0x7f0000000140)}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={"76657400000000000000000400", 0x43732e5398416f1a}) 14:31:46 executing program 3: r0 = socket$inet6(0xa, 0x3, 0x6) connect$inet6(r0, &(0x7f0000000180)={0xa, 0x0, 0x0, @loopback}, 0x1c) openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x200000, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000040)='net/raw6\x00') sendfile(r0, r1, &(0x7f00000000c0)=0xfc, 0x401) 14:31:46 executing program 1: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f00000000c0)={'\x00', 0x400}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000200)={0x94, &(0x7f0000000140)}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000140)=@assoc_value, &(0x7f0000000180)=0x8) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={"76657400000000000000000400", 0x43732e5398416f1a}) 14:31:47 executing program 5: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) prctl$seccomp(0x16, 0x1, &(0x7f0000000040)={0x5000000}) 14:31:47 executing program 0: r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1, 0x0) write$P9_RLOCK(r1, &(0x7f00000000c0)={0x8}, 0x8) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000740)=ANY=[@ANYBLOB="00be000000000000060000000080"]) 14:31:47 executing program 3: r0 = socket$inet6(0xa, 0x3, 0x6) pwrite64(r0, &(0x7f0000000080)="584707b336d9d6ed6ed617974cf4208c89fa620f1da16b7aad", 0x19, 0x0) connect$inet6(r0, &(0x7f0000000180)={0xa, 0x0, 0x0, @loopback}, 0x1c) fcntl$setstatus(r0, 0x4, 0x800) accept4(r0, &(0x7f0000000100)=@nfc_llcp, &(0x7f0000000000)=0x80, 0x800) r1 = syz_open_procfs(0x0, &(0x7f0000000040)='net/raw6\x00') ioctl$EXT4_IOC_MIGRATE(r1, 0x6609) sendfile(r0, r1, &(0x7f00000000c0)=0xfc, 0x401) getpeername$inet(r1, &(0x7f00000001c0)={0x2, 0x0, @multicast2}, &(0x7f0000000200)=0x10) 14:31:47 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={&(0x7f0000000000), 0xc, &(0x7f0000000540)={&(0x7f00000003c0)=@newlink={0x28, 0x10, 0x705, 0xfffffff0, 0x0, {}, [@IFLA_OPERSTATE={0x8}]}, 0x28}}, 0x0) 14:31:47 executing program 2: write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000180)={0x20, 0xffffffffffffffda}, 0x20) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f00000000c0)={'\x00', 0x400}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000200)={0x94, &(0x7f0000000140)}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={"76657400000000000000000400", 0x43732e5398416f1a}) 14:31:47 executing program 1: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f00000000c0)={'\x00', 0x400}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000200)={0x94, &(0x7f0000000140)}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000140)=@assoc_value, &(0x7f0000000180)=0x8) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={"76657400000000000000000400", 0x43732e5398416f1a}) 14:31:47 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={&(0x7f0000000000), 0xc, &(0x7f0000000540)={&(0x7f00000003c0)=@newlink={0x28, 0x10, 0x705, 0xf000, 0x0, {}, [@IFLA_OPERSTATE={0x8}]}, 0x28}}, 0x0) [ 948.854575] audit: type=1326 audit(1539268307.434:171): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=6587 comm="syz-executor5" exe="/root/syz-executor5" sig=9 arch=c000003e syscall=228 compat=0 ip=0x45a37a code=0x0 14:31:47 executing program 3: r0 = socket$inet6(0xa, 0x3, 0x6) getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffff9c, 0x0, 0x11, &(0x7f0000003580)={{{@in=@local, @in=@broadcast, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@mcast1}, 0x0, @in6=@local}}, &(0x7f0000003680)=0xe8) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000036c0)={'vlan0\x00', r1}) getsockopt(r0, 0x3, 0xfffffffffffffbff, &(0x7f00000001c0)=""/154, &(0x7f0000000080)=0x9a) connect$inet6(r0, &(0x7f0000000180)={0xa, 0x0, 0x0, @loopback}, 0x1c) r2 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vga_arbiter\x00', 0x10201, 0x0) write$P9_RRENAMEAT(r2, &(0x7f0000000140)={0x7, 0x4b, 0x1}, 0x7) r3 = syz_open_procfs(0x0, &(0x7f0000000040)='net/raw6\x00') sendfile(r0, r3, &(0x7f00000000c0)=0xfc, 0x401) ioctl$sock_inet6_tcp_SIOCATMARK(r3, 0x8905, &(0x7f0000000000)) 14:31:47 executing program 0: r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1, 0x0) write$P9_RLOCK(r1, &(0x7f00000000c0)={0x8}, 0x8) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000740)=ANY=[@ANYBLOB="0000000044000000060000000080"]) [ 948.900872] validate_nla: 18 callbacks suppressed [ 948.900881] netlink: 'syz-executor4': attribute type 16 has an invalid length. 14:31:47 executing program 2: write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000180)={0x20, 0xffffffffffffffda}, 0x20) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f00000000c0)={'\x00', 0x400}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000200)={0x94, &(0x7f0000000140)}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={"76657400000000000000000400", 0x43732e5398416f1a}) 14:31:47 executing program 1: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f00000000c0)={'\x00', 0x400}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000200)={0x94, &(0x7f0000000140)}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000140)=@assoc_value, &(0x7f0000000180)=0x8) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={"76657400000000000000000400", 0x43732e5398416f1a}) 14:31:47 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={&(0x7f0000000000), 0xc, &(0x7f0000000540)={&(0x7f00000003c0)=@newlink={0x28, 0x10, 0x705, 0x7400000000000000, 0x0, {}, [@IFLA_OPERSTATE={0x8}]}, 0x28}}, 0x0) [ 948.979515] netlink: 'syz-executor4': attribute type 16 has an invalid length. [ 949.066538] netlink: 'syz-executor4': attribute type 16 has an invalid length. [ 949.087381] netlink: 'syz-executor4': attribute type 16 has an invalid length. 14:31:48 executing program 5: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) prctl$seccomp(0x16, 0x1, &(0x7f0000000040)={0x68000000}) 14:31:48 executing program 1: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f00000000c0)={'\x00', 0x400}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000200)={0x94, &(0x7f0000000140)}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000140)=@assoc_value, &(0x7f0000000180)=0x8) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={"76657400000000000000000400", 0x43732e5398416f1a}) 14:31:48 executing program 0: r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1, 0x0) write$P9_RLOCK(r1, &(0x7f00000000c0)={0x8}, 0x8) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000740)=ANY=[@ANYBLOB="000000001d000000060000000080"]) 14:31:48 executing program 3: socketpair$inet_tcp(0x2, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) write$binfmt_elf64(r0, &(0x7f00000001c0)={{0x7f, 0x45, 0x4c, 0x46, 0x1, 0x8, 0x11, 0x7, 0x3, 0x3, 0x3e, 0x0, 0xc0, 0x40, 0x208, 0x14e, 0x5, 0x38, 0x2, 0x139f80000, 0x6, 0x40}, [{0x0, 0x7, 0x3f, 0x4, 0x80000001, 0x0, 0x2, 0x100000000}, {0x6474e551, 0x7, 0x1e, 0x0, 0x3d, 0x3, 0x101, 0x8000}], "8e4547c8734f9def4f942b1f89147ed888f6401d6007a7780d1c5e18b2358081d62b0a4493699da76db43ed23ae2b93cfde687e7ffabd67c31d08b7bded01d5ba4fe2056ea1b1b8b21291fcaacf7ec6006c2cabc86159b82355badc8968a0ff322aeeb205fa9633be0f41dd78a537ab6f7ad77a4d0098cb6ee3570fe7ff5d4c28e15f482d027e7939077f2f938114116ecd0a180142d7dc5b908ab4f3cf9f7a50490f74c03d5dc3d3efca60830d1157dbf3687745624cbe5b2d9", [[], [], []]}, 0x46a) r1 = socket$inet6(0xa, 0x3, 0x80000001) connect$inet6(r1, &(0x7f0000000180)={0xa, 0x0, 0x0, @loopback}, 0x1c) r2 = syz_open_procfs(0x0, &(0x7f0000000100)="6e65742f773600baccde981b88173390ae0336355aa541e674ec00c1c018c31862265507f1c789b8fb6c45bb00") sendfile(r1, r2, &(0x7f00000000c0)=0xfc, 0x401) 14:31:48 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={&(0x7f0000000000), 0xc, &(0x7f0000000540)={&(0x7f00000003c0)=@newlink={0x28, 0x10, 0x705, 0x3617000000000000, 0x0, {}, [@IFLA_OPERSTATE={0x8}]}, 0x28}}, 0x0) 14:31:48 executing program 2: write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000180)={0x20, 0xffffffffffffffda}, 0x20) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f00000000c0)={'\x00', 0x400}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000200)={0x94, &(0x7f0000000140)}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={"76657400000000000000000400", 0x43732e5398416f1a}) [ 949.662800] audit: type=1326 audit(1539268308.244:172): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=6628 comm="syz-executor5" exe="/root/syz-executor5" sig=9 arch=c000003e syscall=228 compat=0 ip=0x45a37a code=0x0 [ 949.702233] netlink: 'syz-executor4': attribute type 16 has an invalid length. 14:31:48 executing program 0: r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1, 0x0) write$P9_RLOCK(r1, &(0x7f00000000c0)={0x8}, 0x8) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000740)=ANY=[@ANYBLOB="0004924924000000060000000080"]) 14:31:48 executing program 3: r0 = socket$inet6(0xa, 0x3, 0x6) connect$inet6(r0, &(0x7f0000000180)={0xa, 0x0, 0x0, @loopback}, 0x1c) r1 = syz_open_procfs(0x0, &(0x7f0000000040)='net/raw6\x00') sendmsg$nfc_llcp(r1, &(0x7f0000000080)={&(0x7f0000000100)={0x27, 0x0, 0x2, 0x7, 0x1, 0xfffffffffffffff7, "2741b23aca584c2efe3c8825103d8d28c5b3ba356da310e362a72c61e4c4eb622078fbf0b2c086913f4cc4309c920cb75a2bbce2ccd7a69f299db5febd9ed5", 0x23}, 0x60, &(0x7f0000000000)=[{&(0x7f00000001c0)="2a5534dfea638d06c0515786feba78adaf0db1e62b31bcc5450a5c65bf391a037d41e0291ae65464f258a6c112b5c293a80acb4cd6c8493519bfe3be5399e68168e3e174d883725fdf7cd91327e960f4604eaa04e5e085b55a7636743bb13c0b8d02bd342c5268", 0x67}, {&(0x7f0000000240)="751bc183a617a32ff9c59950eb634096f51253892b71aa92ecaa14e7935a426f2c602b009813a7752ff338cd88cc22d8dc74616e5ee992515fa2b9565178d5d702a4a7bfc956b78556b4a5c7af9332f127f3d0878232c29453d789bf9865da55564091760c3a9f8d8cfbe162dffb40b427d27fcfb18ae8c3dc4c73199d46210538d4026d7965a847efe6a5db0c4424b9971456f4f3fd053b3a242afc99a371ffa7a28cb5d30f831e287fc90f9cfc39e82eb97d8064442564a42acea45d2080d44fa32e3288b7f2cdd60c48a4fbd33d7a4fe7df73bc6a0bb6262a6589fdcab6f0ebed02e602", 0xe5}], 0x2, &(0x7f0000000340)={0xf0, 0x113, 0x3, "6360fb27953770911f367fc4b1a210fe7557cb25cc5897ae2cdcffd8495446c6a73fd74799429ad98ba68e30dafb566245e033b2338ead8a870a829f3b0e10391da305fc0925c995aba0f1b7c35c8eb0eed1f73196457c23c9529cf268928fc1a8a424bbec461b708e0104e1c0a63836811e3fd45c5f6f0091f9dfb991aee3998bddb4e79bd81f526757fd5eb05da1db69dbe629e8f600ae770c5fe672c02a89a7313f86d05f0eee7d02fb612191370e4faf423322b00efd8971d7513e4bdd3b58f3d08bf25c35945cb6a88fc25632a68c3f9ddf2790a60a298f8def1c"}, 0xf0, 0x40}, 0x20000000) sendfile(r0, r1, &(0x7f00000000c0)=0xfc, 0x401) [ 949.718300] netlink: 'syz-executor4': attribute type 16 has an invalid length. 14:31:48 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={&(0x7f0000000000), 0xc, &(0x7f0000000540)={&(0x7f00000003c0)=@newlink={0x28, 0x10, 0x705, 0x9effffff, 0x0, {}, [@IFLA_OPERSTATE={0x8}]}, 0x28}}, 0x0) 14:31:48 executing program 2: write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000180)={0x20, 0xffffffffffffffda}, 0x20) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f00000000c0)={'\x00', 0x400}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000200)={0x94, &(0x7f0000000140)}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={"76657400000000000000000400", 0x43732e5398416f1a}) 14:31:48 executing program 0: r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1, 0x0) write$P9_RLOCK(r1, &(0x7f00000000c0)={0x8}, 0x8) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000740)=ANY=[@ANYBLOB="0000540000000000060000000080"]) 14:31:48 executing program 1: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f00000000c0)={'\x00', 0x400}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000200)={0x94, &(0x7f0000000140)}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000140)=@assoc_value, &(0x7f0000000180)=0x8) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={"76657400000000000000000400", 0x43732e5398416f1a}) [ 949.847076] netlink: 'syz-executor4': attribute type 16 has an invalid length. [ 949.880193] netlink: 'syz-executor4': attribute type 16 has an invalid length. 14:31:49 executing program 5: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) prctl$seccomp(0x16, 0x1, &(0x7f0000000040)={0x7f010000}) 14:31:49 executing program 3: r0 = socket$inet6(0xa, 0x3, 0x6) connect$inet6(r0, &(0x7f0000000180)={0xa, 0x0, 0x0, @loopback}, 0x1c) r1 = syz_open_procfs(0x0, &(0x7f0000000100)="251cbe450a1be901c0") sendfile(r0, r1, &(0x7f00000000c0)=0xfc, 0x401) bpf$OBJ_PIN_MAP(0x6, &(0x7f0000000080)={&(0x7f0000000000)='./file0\x00', r1}, 0x10) 14:31:49 executing program 0: r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1, 0x0) write$P9_RLOCK(r1, &(0x7f00000000c0)={0x8}, 0x8) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000740)=ANY=[@ANYBLOB="0001f00000000000060000000080"]) 14:31:49 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={&(0x7f0000000000), 0xc, &(0x7f0000000540)={&(0x7f00000003c0)=@newlink={0x28, 0x10, 0x705, 0x7400, 0x0, {}, [@IFLA_OPERSTATE={0x8}]}, 0x28}}, 0x0) 14:31:49 executing program 2: write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000180)={0x20, 0xffffffffffffffda}, 0x20) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f00000000c0)={'\x00', 0x400}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000200)={0x94, &(0x7f0000000140)}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={"76657400000000000000000400", 0x43732e5398416f1a}) 14:31:49 executing program 1: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f00000000c0)={'\x00', 0x400}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000200)={0x94, &(0x7f0000000140)}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000140)=@assoc_value, &(0x7f0000000180)=0x8) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={"76657400000000000000000400", 0x43732e5398416f1a}) 14:31:49 executing program 3: r0 = socket$inet6(0xa, 0x3, 0x6) connect$inet6(r0, &(0x7f0000000180)={0xa, 0x0, 0x0, @loopback}, 0x1c) r1 = syz_open_procfs(0x0, &(0x7f0000000040)='net/raw6\x00') fallocate(r1, 0x48, 0x6, 0x1) sendfile(r0, r1, &(0x7f00000000c0)=0xfc, 0x401) [ 950.496497] audit: type=1326 audit(1539268309.074:173): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=6675 comm="syz-executor5" exe="/root/syz-executor5" sig=9 arch=c000003e syscall=228 compat=0 ip=0x45a37a code=0x0 [ 950.503795] netlink: 'syz-executor4': attribute type 16 has an invalid length. 14:31:49 executing program 0: r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1, 0x0) write$P9_RLOCK(r1, &(0x7f00000000c0)={0x8}, 0x8) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000740)=ANY=[@ANYBLOB="0001a90000000000060000000080"]) 14:31:49 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={&(0x7f0000000000), 0xc, &(0x7f0000000540)={&(0x7f00000003c0)=@newlink={0x28, 0x10, 0x705, 0x4800, 0x0, {}, [@IFLA_OPERSTATE={0x8}]}, 0x28}}, 0x0) [ 950.565185] netlink: 'syz-executor4': attribute type 16 has an invalid length. 14:31:49 executing program 3: r0 = socket$inet6(0xa, 0x3, 0x6) connect$inet6(r0, &(0x7f0000000180)={0xa, 0x0, 0x0, @loopback}, 0x1c) r1 = syz_open_procfs(0x0, &(0x7f0000000040)='net/raw6\x00') sendfile(r0, r1, &(0x7f00000000c0)=0xfc, 0x401) sendmsg$nl_netfilter(r1, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x20111000}, 0xc, &(0x7f0000000080)={&(0x7f00000001c0)={0x8c, 0x0, 0x1, 0x700, 0xffff, 0x25dfdbfc, {0x7, 0x0, 0x8}, [@generic="15362852ef45013d2e49d5a86a4507f15caba6e07313d41d0ffab6de4dfa424e4e459f25852ad2357e50ca4944137b4860503062b05e47982c2d4ff108dd88e565a223c9aaf553825f012037c565e44561d4123170b718a0337ce96addc591eac2903d18878b030a59790c0e4f6a105482569ca92b"]}, 0x8c}, 0x1, 0x0, 0x0, 0x10}, 0x20004000) 14:31:49 executing program 2: write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000180)={0x20, 0xffffffffffffffda}, 0x20) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f00000000c0)={'\x00', 0x400}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000200)={0x94, &(0x7f0000000140)}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={"76657400000000000000000400", 0x43732e5398416f1a}) 14:31:49 executing program 0: r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1, 0x0) write$P9_RLOCK(r1, &(0x7f00000000c0)={0x8}, 0x8) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000740)=ANY=[@ANYBLOB="0000960000000000060000000080"]) 14:31:49 executing program 5: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) prctl$seccomp(0x16, 0x1, &(0x7f0000000040)={0xffffffff00000000}) 14:31:49 executing program 1: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f00000000c0)={'\x00', 0x400}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000200)={0x94, &(0x7f0000000140)}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000140)=@assoc_value, &(0x7f0000000180)=0x8) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={"76657400000000000000000400", 0x43732e5398416f1a}) 14:31:49 executing program 3: r0 = socket$inet6(0xa, 0x3, 0x6) connect$inet6(r0, &(0x7f0000000180)={0xa, 0x4e24, 0x4, @loopback, 0x100000003}, 0x1c) socketpair$packet(0x11, 0x2, 0x300, &(0x7f0000000000)) r1 = syz_open_procfs(0x0, &(0x7f0000000040)='net/raw6\x00') sendfile(r0, r1, &(0x7f00000000c0)=0xfc, 0x401) 14:31:49 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={&(0x7f0000000000), 0xc, &(0x7f0000000540)={&(0x7f00000003c0)=@newlink={0x28, 0x10, 0x705, 0x4c00, 0x0, {}, [@IFLA_OPERSTATE={0x8}]}, 0x28}}, 0x0) 14:31:49 executing program 0: r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1, 0x0) write$P9_RLOCK(r1, &(0x7f00000000c0)={0x8}, 0x8) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000740)=ANY=[@ANYBLOB="001b000000000000060000000080"]) 14:31:49 executing program 2: write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000180)={0x20, 0xffffffffffffffda}, 0x20) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f00000000c0)={'\x00', 0x400}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000200)={0x94, &(0x7f0000000140)}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={"76657400000000000000000400", 0x43732e5398416f1a}) 14:31:49 executing program 0: r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1, 0x0) write$P9_RLOCK(r1, &(0x7f00000000c0)={0x8}, 0x8) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000740)=ANY=[@ANYBLOB="00000000fc000000060000000080"]) 14:31:49 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={&(0x7f0000000000), 0xc, &(0x7f0000000540)={&(0x7f00000003c0)=@newlink={0x28, 0x10, 0x705, 0x68, 0x0, {}, [@IFLA_OPERSTATE={0x8}]}, 0x28}}, 0x0) [ 951.340733] audit: type=1326 audit(1539268309.924:174): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=6718 comm="syz-executor5" exe="/root/syz-executor5" sig=9 arch=c000003e syscall=228 compat=0 ip=0x45a37a code=0x0 14:31:50 executing program 0: r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1, 0x0) write$P9_RLOCK(r1, &(0x7f00000000c0)={0x8}, 0x8) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000740)=ANY=[@ANYBLOB="00000001dd000000060000000080"]) 14:31:50 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={&(0x7f0000000000), 0xc, &(0x7f0000000540)={&(0x7f00000003c0)=@newlink={0x28, 0x10, 0x705, 0x400000000000000, 0x0, {}, [@IFLA_OPERSTATE={0x8}]}, 0x28}}, 0x0) 14:31:50 executing program 2: write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000180)={0x20, 0xffffffffffffffda}, 0x20) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f00000000c0)={'\x00', 0x400}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000200)={0x94, &(0x7f0000000140)}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={"76657400000000000000000400", 0x43732e5398416f1a}) 14:31:50 executing program 3: r0 = socket$inet6(0xa, 0x3, 0x6) connect$inet6(r0, &(0x7f0000000180)={0xa, 0x0, 0x0, @loopback}, 0x1c) socket$vsock_stream(0x28, 0x1, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000040)='net/raw6\x00') sendfile(r0, r1, &(0x7f00000000c0)=0xfc, 0x401) 14:31:50 executing program 5: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) prctl$seccomp(0x16, 0x1, &(0x7f0000000040)={0x3f000000}) 14:31:50 executing program 1: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f00000000c0)={'\x00', 0x400}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000200)={0x94, &(0x7f0000000140)}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000140)=@assoc_value, &(0x7f0000000180)=0x8) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={"76657400000000000000000400", 0x43732e5398416f1a}) 14:31:50 executing program 0: r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1, 0x0) write$P9_RLOCK(r1, &(0x7f00000000c0)={0x8}, 0x8) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000740)=ANY=[@ANYBLOB="0001770000000000060000000080"]) 14:31:50 executing program 3: r0 = syz_open_dev$adsp(&(0x7f00000004c0)='/dev/adsp#\x00', 0x4, 0x200000) getsockopt$inet_sctp_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, &(0x7f0000000500)={0x4, 0x8, 0x5, 0x1, 0x0}, &(0x7f0000000540)=0x10) setsockopt$inet_sctp_SCTP_DELAYED_SACK(r0, 0x84, 0x10, &(0x7f0000000580)=@sack_info={r1, 0x5, 0x5}, 0xc) r2 = socket$inet6(0xa, 0x3, 0x6) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r2, 0x84, 0x64, &(0x7f0000000080)=[@in={0x2, 0x4e21, @broadcast}], 0x10) setxattr$trusted_overlay_redirect(&(0x7f00000005c0)='./file0\x00', &(0x7f0000000600)='trusted.overlay.redirect\x00', &(0x7f0000000640)='./file0\x00', 0x8, 0x1) getsockopt$inet_sctp6_SCTP_STATUS(r2, 0x84, 0xe, &(0x7f0000000280)={0x0, 0x3, 0x80000000, 0x400, 0x81, 0x100000001, 0x4, 0x2, {0x0, @in6={{0xa, 0x4e23, 0x13e, @mcast2, 0x7}}, 0x9, 0x1, 0xc597, 0x4, 0x5}}, &(0x7f0000000140)=0xb0) getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(r2, 0x84, 0x6, &(0x7f0000000340)={r3, @in={{0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0xa}}}}, &(0x7f0000000400)=0x84) connect$inet6(r2, &(0x7f0000000180)={0xa, 0x0, 0x0, @loopback}, 0x1c) r4 = fcntl$getown(r2, 0x9) pipe(&(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$inet_mreqsrc(r5, 0x0, 0x25, &(0x7f0000000480)={@remote, @multicast1, @rand_addr=0xfc59}, 0xc) r6 = syz_open_procfs(r4, &(0x7f00000006c0)='net/igmp\x00') connect$bt_l2cap(r6, &(0x7f0000000000)={0x1f, 0x8, {0x6, 0x100000000, 0x9, 0x4, 0x1, 0x7}, 0x4, 0x1}, 0xe) sendfile(r2, r6, &(0x7f00000000c0)=0xfc, 0x100) getsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r6, 0x84, 0x9, &(0x7f00000001c0)={0x0, @in6={{0xa, 0x4e21, 0x800, @loopback, 0x2}}, 0xfffffffffffffff9, 0x9, 0x100, 0x401, 0x98}, &(0x7f0000000100)=0x98) 14:31:50 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={&(0x7f0000000000), 0xc, &(0x7f0000000540)={&(0x7f00000003c0)=@newlink={0x28, 0x10, 0x705, 0x36170000, 0x0, {}, [@IFLA_OPERSTATE={0x8}]}, 0x28}}, 0x0) 14:31:50 executing program 2: write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000180)={0x20, 0xffffffffffffffda}, 0x20) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f00000000c0)={'\x00', 0x400}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000200)={0x94, &(0x7f0000000140)}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={"76657400000000000000000400", 0x43732e5398416f1a}) [ 952.163005] audit: type=1326 audit(1539268310.744:175): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=6764 comm="syz-executor5" exe="/root/syz-executor5" sig=9 arch=c000003e syscall=228 compat=0 ip=0x45a37a code=0x0 14:31:50 executing program 3: r0 = socket$inet6(0xa, 0x3, 0x6) connect$inet6(r0, &(0x7f0000000180)={0xa, 0x0, 0x0, @loopback}, 0x3f7) r1 = syz_open_procfs(0x0, &(0x7f0000000040)='net/raw6\x00') sendfile(r0, r1, &(0x7f00000000c0)=0xfc, 0x401) 14:31:50 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={&(0x7f0000000000), 0xc, &(0x7f0000000540)={&(0x7f00000003c0)=@newlink={0x28, 0x10, 0x705, 0x6c00000000000000, 0x0, {}, [@IFLA_OPERSTATE={0x8}]}, 0x28}}, 0x0) 14:31:50 executing program 0: r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1, 0x0) write$P9_RLOCK(r1, &(0x7f00000000c0)={0x8}, 0x8) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000740)=ANY=[@ANYBLOB="0000c10000000000060000000080"]) 14:31:50 executing program 2: write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000180)={0x20, 0xffffffffffffffda}, 0x20) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f00000000c0)={'\x00', 0x400}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000200)={0x94, &(0x7f0000000140)}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={"76657400000000000000000400", 0x43732e5398416f1a}) 14:31:50 executing program 3: r0 = socket$inet6(0xa, 0x3, 0x6) connect$inet6(r0, &(0x7f0000000180)={0xa, 0x0, 0x0, @loopback}, 0x1c) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={0x0, 0xffffffffffffff9c, 0x0, 0x21, &(0x7f0000000000)='+*system!ppp1,^-vboxnet1cgroup-%\x00', 0xffffffffffffffff}, 0x30) r2 = getpgid(0xffffffffffffffff) r3 = syz_open_procfs(r2, &(0x7f0000000100)='net/ip_mr_cache\x00') sendfile(r0, r3, &(0x7f00000000c0)=0xfc, 0x401) sendfile(r1, r0, &(0x7f0000000040)=0xc47, 0x2) 14:31:50 executing program 1: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f00000000c0)={'\x00', 0x400}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000200)={0x94, &(0x7f0000000140)}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000140)=@assoc_value, &(0x7f0000000180)=0x8) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={"76657400000000000000000400", 0x43732e5398416f1a}) 14:31:51 executing program 5: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) prctl$seccomp(0x16, 0x1, &(0x7f0000000040)={0x2000000}) 14:31:51 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={&(0x7f0000000000), 0xc, &(0x7f0000000540)={&(0x7f00000003c0)=@newlink={0x28, 0x10, 0x705, 0x40030000000000, 0x0, {}, [@IFLA_OPERSTATE={0x8}]}, 0x28}}, 0x0) 14:31:51 executing program 0: r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1, 0x0) write$P9_RLOCK(r1, &(0x7f00000000c0)={0x8}, 0x8) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000740)=ANY=[@ANYBLOB="0077000000000000060000000080"]) 14:31:51 executing program 2: write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000180)={0x20, 0xffffffffffffffda}, 0x20) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f00000000c0)={'\x00', 0x400}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000200)={0x94, &(0x7f0000000140)}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={"76657400000000000000000400", 0x43732e5398416f1a}) 14:31:51 executing program 3: socket$vsock_dgram(0x28, 0x2, 0x0) r0 = socket$inet6(0xa, 0x3, 0x6) eventfd(0xfffffffffffffffe) connect$inet6(r0, &(0x7f0000000180)={0xa, 0x0, 0x0, @loopback}, 0x1c) r1 = syz_open_procfs(0x0, &(0x7f0000000040)='net/raw6\x00') sendfile(r0, r1, &(0x7f00000000c0), 0x401) 14:31:51 executing program 1: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f00000000c0)={'\x00', 0x400}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000200)={0x94, &(0x7f0000000140)}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000140)=@assoc_value, &(0x7f0000000180)=0x8) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={"76657400000000000000000400", 0x43732e5398416f1a}) 14:31:51 executing program 3: r0 = socket$inet6(0xa, 0x3, 0x6) r1 = syz_open_procfs(0x0, &(0x7f0000000040)='net/raw6\x00') sendfile(r0, r1, &(0x7f00000000c0)=0xfc, 0x401) [ 952.995898] audit: type=1326 audit(1539268311.574:176): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=6818 comm="syz-executor5" exe="/root/syz-executor5" sig=9 arch=c000003e syscall=228 compat=0 ip=0x45a37a code=0x0 14:31:51 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={&(0x7f0000000000), 0xc, &(0x7f0000000540)={&(0x7f00000003c0)=@newlink={0x28, 0x10, 0x705, 0x200000000000000, 0x0, {}, [@IFLA_OPERSTATE={0x8}]}, 0x28}}, 0x0) 14:31:51 executing program 0: r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1, 0x0) write$P9_RLOCK(r1, &(0x7f00000000c0)={0x8}, 0x8) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000740)=ANY=[@ANYBLOB="003e010000000000060000000080"]) 14:31:51 executing program 3: r0 = socket$inet6(0xa, 0x3, 0x6) connect$inet6(r0, &(0x7f0000000180)={0xa, 0x0, 0x0, @loopback}, 0x1c) write$binfmt_elf64(r0, &(0x7f00000001c0)={{0x7f, 0x45, 0x4c, 0x46, 0xb183, 0x28, 0xa3, 0x3, 0x8, 0x3, 0x6, 0x4, 0x67, 0x40, 0x331, 0x5, 0x8abf, 0x38, 0x2, 0x400, 0xe41, 0x3}, [{0x70000000, 0x120000, 0xf6, 0x7, 0x3, 0x3, 0x2, 0xc2a}], "b5230d348fe6f17acdb3a826048eea0288680926649f9e482af59254c96678ac1a059b311fb673caf1d8c52f84fc3cf5d33fe244abf3d7f6232653944211c92cf63d2bea1890630dae0bebf63e4b460ebf244c3c5b2487f2062a356e515868aeacd6110062f3d603dc6b8a4abe602ccae488c556f6e2bfcb8e2da07b456c12bc2e5c7f03baf9e073522855b56fe9e9c1841f6828f591b20627bd732df5e71f7911afbd678ee0088fb61000f79e123a2ad6c9918892100e2dacfdc68bcdf37662ffa208a8d6ed1cae63c2536e576340b96202c50366f684b7fae890c422f21163614a68c60dc5f4a090cdadfd3326cd773c3dc489eb9847350e726834117526626e61e72d6077d3a0755804d9a1da10c3f5fcdc42d6aa43245f4cb8895b2ad0dc73fe50526d9a28ed365e6dc47f4c8c2ef1acfb80012c51cb4c4e4b6d271e27565bb59b5066b25f2173db6b4aa837e4d627525caafb313d14f5d8ae9cd414bf9be0cfc31aa45650813e9a4e3ac3a2a207a32570b91eb5e0b52d22a5c67ca3d567daaf588222ce96a8be512ab25f0adea56fc52c4bab52cb6655560a31bd593b5dbf528283758cd08d0c73bc1dc8fb1c3b6386de95b27721e6beb169a3e301143e7a4fac1d6834d8504fab965e26f0fb86374783577e1d38378e3ef8eecb138e8c9228ccbaf74b776ba60b54e12724983e8ff0e4268a656ff645072b59930b165e973a6025d2138fc6544c6ddf7070a3ff740fdfe24e1c20a30d39b64b3bec7805585caa3c7d0316cfe14949ff602374e8b3bbcfee6776ef4bee51a216c6af8497c889597f009b1f180442e11e4b16febd2e8c24ac42a4a32c31f610f75fcf399af93487ec90ecab0ac89dffb22abe164804e9f627b9429e7a77d0ee17a03c4ebc0c3e568f6f9280d18ef2512ac3b899a9a7bcf30476fac4b9cf12e56cc32837d5e39aaf45db0f607a72404c487c0468fa820c8fdea7fd7fd7b741e20d7530a9c81175874189887bfe5248fc27040fcbf9c740a5a3002700677eef26dbcb39ad29e2b74a3d505e918a60e4f368d7b4d512acfa50c24caa519e2919384ac9469eaaed4d57720693f4260745ffc96bcd35ec2729c3f336e0413cc31bd73bd2e7d2a3a27db7b5cf6acb836660a80eaf7ba6db081d5f113201ba10b7720d6cf17186d5331c82dcb35c1680199b4ed63c9426c1d58c12441847d12d8a6c77f39472786c1e15ba85231644188436d0b1d270922e96d6775d96d4110b5681275addfb9b8947543c63c2e130d5d9e4956d642c6b406807be57bcc15dcc20da607949eb0ef45e420d59b6d61b37953b5c8da3a8fe5e273f44ab761824555220dd205d3ca048ca45263334f87ebd71067ba5b017374ced822fa6f7693ea820f80f78cbda77a5a820c2c87196d0bfb8a8a286e6a9de1cef0f02f68f1bc5e6e06a16b1c2131294642e7dc64e1c375e11e5370145e5820231cce209ea287ab2d870e9e2ca800cb03cd4462b270e3190e75979fd2bce6d09ea25d436d308a25ac25e4e73213d073803d4d7575caa6d601c0c5334918ab016c617420c4123535c8844f4e2e152f2befc35b2e558a70e267af74be8633771ec7cfef808a243ba51523b820b9d4b75eb8a4112f461ada3f2549f80877d51e34f451642a4d9b12d1e277bfa5b1de8c434c9c287bff3dcd9610e02f8ab8f47a93d8083ee50fd5a024d2ea532bc5cdd42f893ae2cd5982222ecf252d307df7485a432c06ddf76d373f58e601e1ce2fed3448b43119f38773bcd9b7222d33064831f629b2439c3364f9fd19d1565ae1d7ec2b69f54de06ef9637262db392b62a0d94a0f30c25c3cdf4ef9ff3f3ac31efae9478b90e6b926626ccfbd498edf19679d3f0e27747522875b0800e354436d9f850c1356224946492023eb5c72528f650b33254972301ae48967a55561c7b2f359e631d8949a0364a5aa1870d60af173f19e7bf28e8c69ae3d24251331ecf35da146a34b3c7736ec720b1fa49318643267d08ea5245f61bbd5b64620c72f80427166bc7f3f600f03146b9755237f043a999c0db079f07c50a64cd86f58c1d08b3c8523b09126642738783ff56052cef0bd8ce0b0cc3aaa92d796d19acb0027afeccf96f232fc1a6a94cda23ce82494d3e3c4c4a9bcd6096435ca7fbeb6cbe3e59e2616ff5db0fdf6ee5db2d2ab90dad7ca602fb4acbf62a44e858034e10cf5672d7dac627411d428b65f51b99a3c4693b9c16a75f05d5d00e47c40a4c63c7693c22f3b2abe9dd23e72d5922941bee15f5e75fc42bf1405a4b736d546689383b8bb4e2af1ae540380d5a7cb1569b02fd32666b452774711ae822cb8a69d8e1bcc77bed2eea50f7f72aca2cbc4f5fec3d3fc4393e6a87cf15c8897f006e6b6f8e7c2a52e041afef647bd968b7969dfda81aed2dadd43519534cba8bae573489e202a6ce73c15f4616eb845c196e58c48ff530c64a43ac552094c5c3050af450a1da951ae1006d704e9b8219eea02a02e6c943e33c13fde1efc5d0c7d57eeb6b0d8108fed30a8fa939f8525fa0a77bb3677bda6550bff335122d9c8a0eea87964fa510552ed1e3ed1916363b2b0b2d8554fba59847a69d14903819c614387ca298aec7e02746987d119ea9bae7dd7dc84b889ebd18ec6e1f2dc2b8cb6e8742396dd7ac87b4a231e0d69271a020e71db346d02ba8eed5deb33428ad4e705e878bb091aa1f79b1b9da98e6e3f763785b6e5a8fb85d65753d786ca7aad961018638e48d00f99c62ffeb6218063f46259762bf41ae7ee904425e38fbf62ebed412cd32467e0bb7f7746b63aeee41990e074cc9fce965f75b87f929e82dd68f373e8d9ea45f647912b61a1d4045c00c379138771fe27f6c27f7892ea900e42560992f2afd350bd63314ed13367e451a0c6e2f14a642e305721154b39dc6d8552cc584672fce156f622635a899b09be1131676a128741b61f17b8c1b928450e7dc0ea88321f414bb776844bedc123c949681c9e0d4fa117cf5a72ec06e45a5a6539cbc212dea0eb3f3fb4e8d129ee6f52895f0b514daa7d17f995b25bfeb75ee31b773261eaaf2cf30f2203e9a1ec8e81322f1c64da7527f7f878ae9e0abee44c63fc4aa7d836b084e53605f9a00cc6e7def9c2dccedc4258ea25936d5855ba5cf5ed2ed73245e99cf457b6b9377a8845ad610ff98b2c3322c688f53867978aa71efc31444ea185047537e24f414e926ee237bcd63dd9dce01e2cce2a6bf462e78a620b4a171c3c01c165b050711b87bc35d4249182be2df0c4c673acdc12d9d4e965131bb75b5a465b9273f38f9df47adf0557997f519591bb846c96e5cb6a6d563b7503742551ccf62c9289dab73f012def572c6043128b85857098ea4e8bb80018f4be9d3cd1c0b9fe02713cde54c21070338fc933bcea6290d7b2a9dacd07cbfe495c6690878b56db2725bfa17811cb60b6ecbb6f2996d4582595861320164b6ba9f8e2dcf9817fc9828929a93cbc18f8b4d493a9b57776e802318656f54b1b65d74d953a167566e78eca876a542c282a5a3191c123378827aa318e2e8060ce587a1a9b82b75ec070176377dddf105e04a53cca24f8d8ec0bf26cece76eaac260809cd5d7affcdec45e4e9e5056cc5da656162205bc8037a4f56fb36d08c8d909089c723e3d95477b016280e5b3ba59a5f4d1b206c112c5fe3106d0e8917853b8ff9d9fb6f2c0f35d6870f2e69ee380ddad633b7af7c135890732881d1d38a4108f2a7d2db643ca66c8d88d4bef42aaf16358eccd9402d5f537eedec221211a66e320612029df4dbd2a72cc67ebfe6f2610c09e2cafaf4418845f7ace2f390c5392c63e0726902b2035f6b94f5c9822e978f99a0aac53f46bd076e3840e7677db0b83758ee8f53c6fb93c2ff5b98e9a16c714e81252100b29437d81e65d7fa36a8c44e0cec432699c115c1e1cafb28feacd449fb37aafc76f0e12125c1a431ca8bc7d737ab9de0ef205a279b3cf3da4954d4f6928208a227231a69448bd5ca98c7d985c1ba2a0d7ee6e3cea3bb2b629d8f283b8b560f42e3cb3690a1b9cd2b69aea4383371b364aa83d8255734773b0008f3d676c9700fdb177c46555de19458c17c48f778cc936f5d9885e0fc9431cc8b201e8ab1e7b1a4e0394fb5720c8b7ce1d1ab44713ff9559f8b78cd33d003661f0528206b1e563ba54004e36c54239e43984f5ffe995dbe6925f06a9cf4d18537003194082bc25abc9103535076cb1279806366bcb564206dd0d5538462ee6bb6ad4c722694b8604126306ecfd757ce3632da57fada8eb324ef32ef9f818e05a5747a40a65988a9f21976f4e22eb2e39d3b0219944ea6959e837cb5f18333bc17d502728e230b611238c097efedaa37bd2d2797fad9761b13cc910f874e57703be1f598f433ad8821ffc5b6a9c811e93f39e166014217445903b46d92bfad76bc7a4787c1ff7324d052a69b42e19e4309d6515176965d54c000624cc123bbfaba249da3bf7b47e3c659cf566d8924c15553440164065f61ba0948aaf117a7eacafcf217569d9edc650d9a01e4b80c9260f800984d7b532cc2b46f6dd1a562fe757650ffdc12f2ed3192a7c23d2635da78dfd30cf944d22ee74566c2487b25e248084d3da6ea15b89f5abcf86596085c9ebdbf4e101a6f8b086eecaf2eb6cab8db4014a551ee1b16f81b9c14e22f46c8320855edaaa80c8b085eae6cbd655c497236dbacded495639d0dbbbd9c5900e4744f2df002e1e907f4d5371b2fd98e16a90cae4cb8fa8c0b52eceaf6e68185003489ede1dc1bcc6e9de3e08fb2d2c6bdbe88351811feb807267b287512c489393e94b2f225a2ee937ff8ede28f1c2bf2170069d45919bd806e2945ee218cbc83d340e557cdcdf92dc794fc8a81cf27b4ea90df9a11a7ea2b984bab02771d80568f022f63cbbb4822b48a64cf781fb91586376fca085c576ba9090acd4f66fd247abd6ec8cb70814f86b772a3566ff3c0fb966984f4aae9b26837fbd8cfd3f706b4f34cbe7ca03fb5431727f0c969fd2862c6dd2b6d675515cc0c51580451550e512aa0133faeac853ce9853808b4b57ec9639d5d196d02c81d0cb2ffe28977d6c9d59d976243f502347260401f8ac4b791c0c25385bb422b2d254307f387a7c5498463a92647aeb1fb84db8a7775872a75afca943b64c4bf8813d7c3be64b563f8c0a2ca67b794578ba23019f94580a10e41064015300301cc3f8fddd03954e8203f9763add034d14d0039cc3d79fcf864c9d9da8a7a551b2c8d4ba65292b966eeccf6e0dc28ec432e4cb83dc125943dd1d689f0623fdf19745a26a6b11763c3ebd788e66066b0176c0c55ccf00b60b74818612d44125448a8550de02d7b3148143f97ce8b530ba3bcb1e1edf076bec103a60aa25c1b7ca4c2de180ca9d5fc5d21635f2aa6c09318ca3b7a23fe6650ca85a22a7c25319cde17e3abc35f3d8e2d5d9c7096a2eb9cea0d84cffa7a086bbfde1612448177fb945df16bc6d628e66274510fd36ef5464b9919d572bebe3f83055e29b497425ea6cd9798bebabe3db933ca9d753c47f0cc1d367f95291aad289ad46c809ffc1b3164475fcc73fa29f5f03b320922ff38f8d6045bbeb75e50fef4ce8b505e3adb87bd37f6204ec27a318252abb5f557e9f2ff0d1dfe79195078ef24e408df953012bf57c2ca014b5ed2d283c9ae9251d35f11623db5c3dc097ac354abe1ff1ee61f41b1fa7758ad8f34f82d702efa3e3f1bdda5df8faf54301cd8f3daa975757ea4ee67b3590b71cd4dc4320ad6", [[], [], [], []]}, 0x1478) r1 = syz_open_procfs(0x0, &(0x7f0000000040)='net/raw6\x00') sendfile(r0, r1, &(0x7f00000000c0)=0xfc, 0x401) 14:31:51 executing program 1: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f00000000c0)={'\x00', 0x400}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000200)={0x94, &(0x7f0000000140)}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000140)=@assoc_value, &(0x7f0000000180)=0x8) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={"76657400000000000000000400", 0x43732e5398416f1a}) 14:31:51 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={&(0x7f0000000000), 0xc, &(0x7f0000000540)={&(0x7f00000003c0)=@newlink={0x28, 0x10, 0x705, 0x4c00000000000000, 0x0, {}, [@IFLA_OPERSTATE={0x8}]}, 0x28}}, 0x0) 14:31:52 executing program 5: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) prctl$seccomp(0x16, 0x1, &(0x7f0000000040)={0x80040000}) 14:31:52 executing program 0: r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1, 0x0) write$P9_RLOCK(r1, &(0x7f00000000c0)={0x8}, 0x8) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000740)=ANY=[@ANYBLOB="0026010000000000060000000080"]) 14:31:52 executing program 2: write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000180)={0x20, 0xffffffffffffffda}, 0x20) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f00000000c0)={'\x00', 0x400}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000200)={0x94, &(0x7f0000000140)}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={"76657400000000000000000400", 0x43732e5398416f1a}) 14:31:52 executing program 3: r0 = socket$inet6(0xa, 0x3, 0x6) connect$inet6(r0, &(0x7f0000000180)={0xa, 0x0, 0x0, @loopback}, 0x1c) r1 = syz_open_procfs(0x0, &(0x7f0000000140)="6e65742f72ffb41fb9") sendfile(r0, r1, &(0x7f00000000c0)=0xfc, 0x401) r2 = accept4$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000080)=0x14, 0x0) ioctl$EVIOCGABS20(r1, 0x80184560, &(0x7f00000001c0)=""/254) fstat(r0, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0}) getsockopt$inet6_IPV6_IPSEC_POLICY(r0, 0x29, 0x22, &(0x7f0000000340)={{{@in=@remote, @in6=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@dev}, 0x0, @in6}}, &(0x7f0000000100)=0xe8) fstat(r0, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0}) getresuid(&(0x7f00000004c0), &(0x7f0000000500)=0x0, &(0x7f0000000540)) getsockopt$inet6_IPV6_IPSEC_POLICY(r0, 0x29, 0x22, &(0x7f0000000580)={{{@in=@local, @in6=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@ipv4={[], [], @loopback}}, 0x0, @in=@local}}, &(0x7f0000000680)=0xe8) getresuid(&(0x7f00000006c0)=0x0, &(0x7f0000000700), &(0x7f0000000740)) stat(&(0x7f0000000780)='./file0\x00', &(0x7f00000007c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000000840)={0x0, 0x0, 0x0}, &(0x7f0000000880)=0xc) getgroups(0x9, &(0x7f00000008c0)=[0xffffffffffffffff, 0xee01, 0xee01, 0xee01, 0xee00, 0xffffffffffffffff, 0xffffffffffffffff, 0xee01, 0x0]) getresgid(&(0x7f0000000900), &(0x7f0000000940), &(0x7f0000000980)=0x0) r13 = getgid() fstat(r0, &(0x7f00000009c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r15 = getgid() r16 = getegid() fsetxattr$system_posix_acl(r2, &(0x7f0000000040)='system.posix_acl_access\x00', &(0x7f0000000a40)={{}, {}, [{0x2, 0x5, r3}, {0x2, 0x4, r4}, {0x2, 0x2, r5}, {0x2, 0x7, r6}, {0x2, 0x2, r7}, {0x2, 0x2, r8}], {0x4, 0x1}, [{0x8, 0x6, r9}, {0x8, 0x1, r10}, {0x8, 0x4, r11}, {0x8, 0x4, r12}, {0x8, 0x1, r13}, {0x8, 0x2, r14}, {0x8, 0x4, r15}, {0x8, 0x0, r16}], {0x10, 0x4}}, 0x94, 0x3) 14:31:52 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={&(0x7f0000000000), 0xc, &(0x7f0000000540)={&(0x7f00000003c0)=@newlink={0x28, 0x10, 0x705, 0x2000, 0x0, {}, [@IFLA_OPERSTATE={0x8}]}, 0x28}}, 0x0) 14:31:52 executing program 1: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f00000000c0)={'\x00', 0x400}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000200)={0x94, &(0x7f0000000140)}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000140)=@assoc_value, &(0x7f0000000180)=0x8) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={"76657400000000000000000400", 0x43732e5398416f1a}) 14:31:52 executing program 0: r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1, 0x0) write$P9_RLOCK(r1, &(0x7f00000000c0)={0x8}, 0x8) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000740)=ANY=[@ANYBLOB="0090000000000000060000000080"]) [ 953.829173] audit: type=1326 audit(1539268312.414:177): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=6860 comm="syz-executor5" exe="/root/syz-executor5" sig=9 arch=c000003e syscall=228 compat=0 ip=0x45a37a code=0x0 14:31:52 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={&(0x7f0000000000), 0xc, &(0x7f0000000540)={&(0x7f00000003c0)=@newlink={0x28, 0x10, 0x705, 0x74, 0x0, {}, [@IFLA_OPERSTATE={0x8}]}, 0x28}}, 0x0) 14:31:52 executing program 3: r0 = socket$inet6(0xa, 0x3, 0x6) connect$inet6(r0, &(0x7f0000000180)={0xa, 0x0, 0x0, @loopback}, 0x1c) ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f0000000000)=0x5) r1 = syz_open_procfs(0x0, &(0x7f0000000040)='net/raw6\x00') sendfile(r0, r1, &(0x7f00000000c0)=0xfc, 0x401) 14:31:52 executing program 2: write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000180)={0x20, 0xffffffffffffffda}, 0x20) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f00000000c0)={'\x00', 0x400}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000200)={0x94, &(0x7f0000000140)}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={"76657400000000000000000400", 0x43732e5398416f1a}) 14:31:52 executing program 0: r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1, 0x0) write$P9_RLOCK(r1, &(0x7f00000000c0)={0x8}, 0x8) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000740)=ANY=[@ANYBLOB="000000017e000000060000000080"]) [ 953.936620] validate_nla: 20 callbacks suppressed [ 953.936631] netlink: 'syz-executor4': attribute type 16 has an invalid length. 14:31:52 executing program 3: r0 = socket$inet6(0xa, 0x5, 0x6) fcntl$addseals(r0, 0x409, 0x0) r1 = openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/enforce\x00', 0x100, 0x0) ioctl$UI_ABS_SETUP(r1, 0x401c5504, &(0x7f0000000080)={0x7, {0x0, 0xfc5, 0x7, 0xf1, 0x6, 0xfffffffffffffff9}}) r2 = syz_open_procfs(0x0, &(0x7f0000000040)='net/raw6\x00') ioctl$EXT4_IOC_ALLOC_DA_BLKS(r1, 0x660c) sendfile(r0, r2, &(0x7f00000000c0)=0xfc, 0x401) [ 954.002113] netlink: 'syz-executor4': attribute type 16 has an invalid length. 14:31:53 executing program 5: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) prctl$seccomp(0x16, 0x1, &(0x7f0000000040)={0x700}) 14:31:53 executing program 1: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f00000000c0)={'\x00', 0x400}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000200)={0x94, &(0x7f0000000140)}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000140)=@assoc_value, &(0x7f0000000180)=0x8) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={"76657400000000000000000400", 0x43732e5398416f1a}) 14:31:53 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={&(0x7f0000000000), 0xc, &(0x7f0000000540)={&(0x7f00000003c0)=@newlink={0x28, 0x10, 0x705, 0x6c000000, 0x0, {}, [@IFLA_OPERSTATE={0x8}]}, 0x28}}, 0x0) 14:31:53 executing program 0: r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1, 0x0) write$P9_RLOCK(r1, &(0x7f00000000c0)={0x8}, 0x8) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000740)=ANY=[@ANYBLOB="0001490000000000060000000080"]) 14:31:53 executing program 2: write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000180)={0x20, 0xffffffffffffffda}, 0x20) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f00000000c0)={'\x00', 0x400}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000200)={0x94, &(0x7f0000000140)}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={"76657400000000000000000400", 0x43732e5398416f1a}) 14:31:53 executing program 3: r0 = socket$inet6(0xa, 0x7ff, 0x6) connect$inet6(r0, &(0x7f0000000180)={0xa, 0x0, 0x0, @loopback}, 0x1c) r1 = syz_open_procfs(0x0, &(0x7f0000000040)='net/raw6\x00') sendfile(r1, r1, &(0x7f0000000140), 0x401) openat$mixer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/mixer\x00', 0x400000, 0x0) fsetxattr$trusted_overlay_opaque(r1, &(0x7f0000000080)='trusted.overlay.opaque\x00', &(0x7f0000000100)='y\x00', 0x2, 0x2) 14:31:53 executing program 3: r0 = socket$inet6(0xa, 0x3, 0x6) connect$inet6(r0, &(0x7f0000000180)={0xa, 0x0, 0x0, @loopback}, 0x1c) r1 = syz_open_procfs(0x0, &(0x7f0000000040)='net/raw6\x00') ioctl$KDADDIO(r1, 0x4b34, 0x5) setsockopt$inet_mreqsrc(r1, 0x0, 0x2e, &(0x7f0000000000)={@multicast1, @multicast2, @multicast1}, 0xc) setsockopt$inet_sctp6_SCTP_ADAPTATION_LAYER(r1, 0x84, 0x7, &(0x7f0000000080)={0x80000000}, 0x4) sendfile(r0, r1, &(0x7f00000000c0)=0xfc, 0x401) [ 954.651829] audit: type=1326 audit(1539268313.234:178): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=6907 comm="syz-executor5" exe="/root/syz-executor5" sig=9 arch=c000003e syscall=228 compat=0 ip=0x45a37a code=0x0 [ 954.686705] netlink: 'syz-executor4': attribute type 16 has an invalid length. 14:31:53 executing program 0: r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1, 0x0) write$P9_RLOCK(r1, &(0x7f00000000c0)={0x8}, 0x8) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000740)=ANY=[@ANYBLOB="0006010000000000060000000080"]) 14:31:53 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={&(0x7f0000000000), 0xc, &(0x7f0000000540)={&(0x7f00000003c0)=@newlink={0x28, 0x10, 0x705, 0x6800, 0x0, {}, [@IFLA_OPERSTATE={0x8}]}, 0x28}}, 0x0) [ 954.710411] netlink: 'syz-executor4': attribute type 16 has an invalid length. 14:31:53 executing program 3: r0 = socket$inet6(0xa, 0x2, 0x6) r1 = syz_open_dev$admmidi(&(0x7f0000000140)='/dev/admmidi#\x00', 0x5, 0x400000) ioctl$TIOCSLCKTRMIOS(r1, 0x5457, &(0x7f00000001c0)) connect$inet6(r0, &(0x7f0000000180)={0xa, 0x0, 0x0, @loopback}, 0x1c) ioctl$FITRIM(r0, 0xc0185879, &(0x7f0000000000)={0x75, 0x8}) r2 = gettid() ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f0000000040)=0x20) r3 = syz_open_procfs(r2, &(0x7f0000000080)='net/raw6\x00') openat$null(0xffffffffffffff9c, &(0x7f0000000100)='/dev/null\x00', 0x8000, 0x0) sendfile(r0, r3, &(0x7f00000000c0)=0xfc, 0x401) syz_open_dev$sndpcmc(&(0x7f0000000200)='/dev/snd/pcmC#D#c\x00', 0x265c, 0x40000) 14:31:53 executing program 0: r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1, 0x0) write$P9_RLOCK(r1, &(0x7f00000000c0)={0x8}, 0x8) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000740)=ANY=[@ANYBLOB="00c8000000000000060000000080"]) 14:31:53 executing program 2: write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000180)={0x20, 0xffffffffffffffda}, 0x20) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f00000000c0)={'\x00', 0x400}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000200)={0x94, &(0x7f0000000140)}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={"76657400000000000000000400", 0x43732e5398416f1a}) [ 954.814046] netlink: 'syz-executor4': attribute type 16 has an invalid length. [ 954.831831] netlink: 'syz-executor4': attribute type 16 has an invalid length. 14:31:54 executing program 5: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) prctl$seccomp(0x16, 0x1, &(0x7f0000000040)={0x100000000000000}) 14:31:54 executing program 1: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f00000000c0)={'\x00', 0x400}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000200)={0x94, &(0x7f0000000140)}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000140)=@assoc_value, &(0x7f0000000180)=0x8) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={"76657400000000000000000400", 0x43732e5398416f1a}) 14:31:54 executing program 0: r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1, 0x0) write$P9_RLOCK(r1, &(0x7f00000000c0)={0x8}, 0x8) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000740)=ANY=[@ANYBLOB="0000000096000000060000000080"]) 14:31:54 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={&(0x7f0000000000), 0xc, &(0x7f0000000540)={&(0x7f00000003c0)=@newlink={0x28, 0x10, 0x705, 0xf00000000000000, 0x0, {}, [@IFLA_OPERSTATE={0x8}]}, 0x28}}, 0x0) 14:31:54 executing program 3: r0 = socket$inet6(0xa, 0x3, 0x6) connect$inet6(r0, &(0x7f0000000180)={0xa, 0x0, 0x0, @loopback}, 0x1c) setsockopt$inet6_mtu(r0, 0x29, 0x17, &(0x7f0000000000)=0x7, 0x4) r1 = getpgrp(0x0) r2 = syz_open_procfs(r1, &(0x7f0000000040)='net/raw6\x00') sendfile(r0, r2, &(0x7f00000000c0)=0xfc, 0x401) 14:31:54 executing program 2: write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000180)={0x20, 0xffffffffffffffda}, 0x20) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f00000000c0)={'\x00', 0x400}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000200)={0x94, &(0x7f0000000140)}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={"76657400000000000000000400", 0x43732e5398416f1a}) 14:31:54 executing program 3: r0 = socket$inet6(0xa, 0x3, 0x6) syz_open_dev$mouse(&(0x7f0000000000)='/dev/input/mouse#\x00', 0x8, 0x200000) r1 = socket$inet6(0xa, 0x3, 0x800000000000004) ioctl(r1, 0x8912, &(0x7f0000000000)="153f6234488dd25d766070") r2 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r2, &(0x7f0000cd0fc8)={0x0, 0x0, &(0x7f0000ca6000)={&(0x7f0000e05000)={0x2, 0xd, 0x0, 0x0, 0x18, 0x0, 0x0, 0x0, [@sadb_lifetime={0x4, 0x4, 0xffffff80}, @sadb_x_policy={0x8, 0x12, 0x0, 0x3, 0x0, 0x0, 0x0, {0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @in=@rand_addr, @in6=@mcast2}}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @ipv4={[], [], @dev}}}, @sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xffffffffffffffff}}}]}, 0xc0}}, 0x0) connect$inet6(r0, &(0x7f0000000180)={0xa, 0x0, 0x0, @loopback}, 0x1c) r3 = syz_open_procfs(0x0, &(0x7f0000000040)='net/raw6\x00') sendfile(r0, r3, &(0x7f00000000c0)=0xfc, 0x401) 14:31:54 executing program 0: r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1, 0x0) write$P9_RLOCK(r1, &(0x7f00000000c0)={0x8}, 0x8) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000740)=ANY=[@ANYBLOB="0000780000000000060000000080"]) [ 955.491769] netlink: 'syz-executor4': attribute type 16 has an invalid length. [ 955.492872] audit: type=1326 audit(1539268314.074:179): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=6965 comm="syz-executor5" exe="/root/syz-executor5" sig=9 arch=c000003e syscall=228 compat=0 ip=0x45a37a code=0x0 [ 955.518591] netlink: 'syz-executor4': attribute type 16 has an invalid length. 14:31:54 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={&(0x7f0000000000), 0xc, &(0x7f0000000540)={&(0x7f00000003c0)=@newlink={0x28, 0x10, 0x705, 0x7a, 0x0, {}, [@IFLA_OPERSTATE={0x8}]}, 0x28}}, 0x0) 14:31:54 executing program 0: r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1, 0x0) write$P9_RLOCK(r1, &(0x7f00000000c0)={0x8}, 0x8) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000740)=ANY=[@ANYBLOB="0001410000000000060000000080"]) 14:31:54 executing program 2: write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000180)={0x20, 0xffffffffffffffda}, 0x20) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f00000000c0)={'\x00', 0x400}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000200)={0x94, &(0x7f0000000140)}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={"76657400000000000000000400", 0x43732e5398416f1a}) 14:31:54 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={&(0x7f0000000000), 0xc, &(0x7f0000000540)={&(0x7f00000003c0)=@newlink={0x28, 0x10, 0x705, 0xfffff000, 0x0, {}, [@IFLA_OPERSTATE={0x8}]}, 0x28}}, 0x0) [ 955.596533] netlink: 'syz-executor4': attribute type 16 has an invalid length. [ 955.609022] netlink: 'syz-executor4': attribute type 16 has an invalid length. 14:31:54 executing program 5: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) prctl$seccomp(0x16, 0x1, &(0x7f0000000040)={0xe400000000000000}) 14:31:54 executing program 1: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f00000000c0)={'\x00', 0x400}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000200)={0x94, &(0x7f0000000140)}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000140)=@assoc_value, &(0x7f0000000180)=0x8) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={"76657400000000000000000400", 0x43732e5398416f1a}) 14:31:54 executing program 3: r0 = socket$inet6(0xa, 0x3, 0x6) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x1c) r1 = syz_open_procfs(0x0, &(0x7f0000000040)='net/raw6\x00') sendfile(r0, r1, &(0x7f00000000c0)=0xfc, 0x401) ioctl$KDGKBDIACR(r1, 0x4b4a, &(0x7f0000000100)=""/228) 14:31:54 executing program 0: r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1, 0x0) write$P9_RLOCK(r1, &(0x7f00000000c0)={0x8}, 0x8) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000740)=ANY=[@ANYBLOB="0000310000000000060000000080"]) 14:31:54 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={&(0x7f0000000000), 0xc, &(0x7f0000000540)={&(0x7f00000003c0)=@newlink={0x28, 0x10, 0x705, 0x40000000, 0x0, {}, [@IFLA_OPERSTATE={0x8}]}, 0x28}}, 0x0) 14:31:54 executing program 2: write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000180)={0x20, 0xffffffffffffffda}, 0x20) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f00000000c0)={'\x00', 0x400}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000200)={0x94, &(0x7f0000000140)}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={"76657400000000000000000400", 0x43732e5398416f1a}) 14:31:54 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={&(0x7f0000000000), 0xc, &(0x7f0000000540)={&(0x7f00000003c0)=@newlink={0x28, 0x10, 0x705, 0x3f00, 0x0, {}, [@IFLA_OPERSTATE={0x8}]}, 0x28}}, 0x0) 14:31:54 executing program 3: r0 = socket$inet6(0xa, 0x3, 0x6) connect$inet6(r0, &(0x7f0000000180)={0xa, 0x0, 0x0, @loopback}, 0x1c) r1 = syz_open_procfs(0x0, &(0x7f0000000040)='net/raw6\x00') sendfile(r0, r1, &(0x7f00000000c0)=0xfc, 0x401) getsockopt$inet_sctp6_SCTP_DISABLE_FRAGMENTS(r1, 0x84, 0x8, &(0x7f0000000000), &(0x7f0000000080)=0x4) [ 956.342078] audit: type=1326 audit(1539268314.924:180): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=7013 comm="syz-executor5" exe="/root/syz-executor5" sig=9 arch=c000003e syscall=228 compat=0 ip=0x45a37a code=0x0 14:31:54 executing program 0: r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1, 0x0) write$P9_RLOCK(r1, &(0x7f00000000c0)={0x8}, 0x8) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000740)=ANY=[@ANYBLOB="0001d80000000000060000000080"]) 14:31:55 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={&(0x7f0000000000), 0xc, &(0x7f0000000540)={&(0x7f00000003c0)=@newlink={0x28, 0x10, 0x705, 0x3617, 0x0, {}, [@IFLA_OPERSTATE={0x8}]}, 0x28}}, 0x0) 14:31:55 executing program 0: r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1, 0x0) write$P9_RLOCK(r1, &(0x7f00000000c0)={0x8}, 0x8) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000740)=ANY=[@ANYBLOB="0000ed0000000000060000000080"]) 14:31:55 executing program 3: r0 = socket$inet6(0xa, 0x3, 0x6) connect$inet6(r0, &(0x7f0000000180)={0xa, 0x0, 0x0, @loopback}, 0x1c) r1 = syz_open_procfs(0x0, &(0x7f0000000040)='net/raw6\x00') setsockopt$sock_linger(r0, 0x1, 0xd, &(0x7f0000000000)={0x0, 0x5}, 0x8) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(r0, 0x84, 0x6b, &(0x7f00000001c0)=[@in={0x2, 0x4e22, @local}, @in6={0xa, 0x4e21, 0x1, @dev={0xfe, 0x80, [], 0x21}, 0x4}, @in6={0xa, 0x4e24, 0x2, @remote, 0x8}, @in={0x2, 0x4e24, @loopback}, @in={0x2, 0x4e24, @loopback}, @in={0x2, 0x4e23, @remote}, @in={0x2, 0x4e20, @local}], 0x88) sendfile(r0, r1, &(0x7f00000000c0)=0xfc, 0x401) 14:31:55 executing program 5: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) prctl$seccomp(0x16, 0x1, &(0x7f0000000040)={0xff03}) 14:31:55 executing program 2: write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000180)={0x20, 0xffffffffffffffda}, 0x20) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f00000000c0)={'\x00', 0x400}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000200)={0x94, &(0x7f0000000140)}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={"76657400000000000000000400", 0x43732e5398416f1a}) 14:31:55 executing program 1: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f00000000c0)={'\x00', 0x400}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000200)={0x94, &(0x7f0000000140)}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000140)=@assoc_value, &(0x7f0000000180)=0x8) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={"76657400000000000000000400", 0x43732e5398416f1a}) 14:31:55 executing program 0: r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1, 0x0) write$P9_RLOCK(r1, &(0x7f00000000c0)={0x8}, 0x8) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000740)=ANY=[@ANYBLOB="0000000000fffffffe0000000080"]) 14:31:55 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={&(0x7f0000000000), 0xc, &(0x7f0000000540)={&(0x7f00000003c0)=@newlink={0x28, 0x10, 0x705, 0x34000, 0x0, {}, [@IFLA_OPERSTATE={0x8}]}, 0x28}}, 0x0) 14:31:55 executing program 3: r0 = socket$inet6(0xa, 0x3, 0x6) connect$inet6(r0, &(0x7f0000000180)={0xa, 0x0, 0x40000000000, @loopback}, 0x1c) r1 = syz_open_procfs(0x0, &(0x7f0000000040)='net/raw6\x00') sendfile(r0, r1, &(0x7f00000000c0)=0xfc, 0x401) 14:31:55 executing program 3: r0 = socket$inet6(0xa, 0x3, 0x5) connect$inet6(r0, &(0x7f0000000180)={0xa, 0x0, 0x0, @loopback}, 0x1c) r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000)='/dev/hwrng\x00', 0x10000, 0x0) ioctl$PERF_EVENT_IOC_QUERY_BPF(r1, 0xc008240a, &(0x7f0000000080)={0x5, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0]}) getsockopt$inet_sctp_SCTP_AUTH_ACTIVE_KEY(r1, 0x84, 0x18, &(0x7f0000000100)={0x0}, &(0x7f0000000140)=0x8) setsockopt$inet_sctp_SCTP_ENABLE_STREAM_RESET(r0, 0x84, 0x76, &(0x7f00000001c0)={r2, 0x7}, 0x8) r3 = syz_open_procfs(0x0, &(0x7f0000000040)='net/raw6\x00') sendfile(r0, r3, &(0x7f00000000c0)=0xfc, 0x401) [ 957.180017] audit: type=1326 audit(1539268315.764:181): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=7057 comm="syz-executor5" exe="/root/syz-executor5" sig=9 arch=c000003e syscall=228 compat=0 ip=0x45a37a code=0x0 14:31:55 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={&(0x7f0000000000), 0xc, &(0x7f0000000540)={&(0x7f00000003c0)=@newlink={0x28, 0x10, 0x705, 0x4800000000000000, 0x0, {}, [@IFLA_OPERSTATE={0x8}]}, 0x28}}, 0x0) 14:31:55 executing program 0: r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1, 0x0) write$P9_RLOCK(r1, &(0x7f00000000c0)={0x8}, 0x8) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000740)=ANY=[@ANYBLOB="00eb000000000000060000000080"]) 14:31:55 executing program 2: write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000180)={0x20, 0xffffffffffffffda}, 0x20) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f00000000c0)={'\x00', 0x400}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000200)={0x94, &(0x7f0000000140)}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={"76657400000000000000000400", 0x43732e5398416f1a}) 14:31:55 executing program 1: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f00000000c0)={'\x00', 0x400}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000200)={0x94, &(0x7f0000000140)}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000140)=@assoc_value, &(0x7f0000000180)=0x8) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={"76657400000000000000000400", 0x43732e5398416f1a}) 14:31:55 executing program 3: r0 = socket$inet6(0xa, 0x3, 0x6) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = add_key$keyring(&(0x7f0000000000)='keyring\x00', &(0x7f00000000c0)={'syz'}, 0x0, 0x0, 0xfffffffffffffffc) r2 = openat$rtc(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/rtc0\x00', 0x420200, 0x0) ioctl$SG_SET_COMMAND_Q(r2, 0x2271, &(0x7f0000000100)=0x1) keyctl$link(0x4, r1, r1) connect$inet6(r0, &(0x7f0000000180)={0xa, 0x0, 0x0, @loopback}, 0x1c) r3 = syz_open_procfs(0x0, &(0x7f0000000040)='net/raw6\x00') sendfile(r0, r3, &(0x7f00000000c0)=0xfc, 0x401) 14:31:56 executing program 5: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) prctl$seccomp(0x16, 0x1, &(0x7f0000000040)={0xe400}) 14:31:56 executing program 0: r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1, 0x0) write$P9_RLOCK(r1, &(0x7f00000000c0)={0x8}, 0x8) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000740)=ANY=[@ANYBLOB="0033010000000000060000000080"]) 14:31:56 executing program 2: write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000180)={0x20, 0xffffffffffffffda}, 0x20) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f00000000c0)={'\x00', 0x400}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000200)={0x94, &(0x7f0000000140)}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={"76657400000000000000000400", 0x43732e5398416f1a}) 14:31:56 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={&(0x7f0000000000), 0xc, &(0x7f0000000540)={&(0x7f00000003c0)=@newlink={0x28, 0x10, 0x705, 0x7a00, 0x0, {}, [@IFLA_OPERSTATE={0x8}]}, 0x28}}, 0x0) 14:31:56 executing program 3: r0 = socket$inet6(0xa, 0x3, 0x6) connect$inet6(r0, &(0x7f0000000180)={0xa, 0x0, 0x0, @loopback}, 0x1c) r1 = syz_open_procfs(0x0, &(0x7f0000000080)='net/unix\x00') sendfile(r0, r1, &(0x7f00000000c0)=0xfc, 0x401) 14:31:56 executing program 1: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f00000000c0)={'\x00', 0x400}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000200)={0x94, &(0x7f0000000140)}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000140)=@assoc_value, &(0x7f0000000180)=0x8) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={"76657400000000000000000400", 0x43732e5398416f1a}) 14:31:56 executing program 3: r0 = socket$inet6(0xa, 0x3, 0x6) connect$inet6(r0, &(0x7f0000000180)={0xa, 0x0, 0x0, @loopback}, 0x1c) r1 = syz_open_procfs(0x0, &(0x7f0000000040)='net/raw6\x00') ioctl$RTC_WKALM_RD(r1, 0x80287010, &(0x7f0000000000)) sendfile(r0, r1, &(0x7f00000000c0)=0xfc, 0x401) [ 958.022855] audit: type=1326 audit(1539268316.604:182): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=7107 comm="syz-executor5" exe="/root/syz-executor5" sig=9 arch=c000003e syscall=228 compat=0 ip=0x45a37a code=0x0 14:31:56 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={&(0x7f0000000000), 0xc, &(0x7f0000000540)={&(0x7f00000003c0)=@newlink={0x28, 0x10, 0x705, 0x100000000000000, 0x0, {}, [@IFLA_OPERSTATE={0x8}]}, 0x28}}, 0x0) 14:31:56 executing program 0: r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1, 0x0) write$P9_RLOCK(r1, &(0x7f00000000c0)={0x8}, 0x8) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000740)=ANY=[@ANYBLOB="00f7000000000000060000000080"]) 14:31:56 executing program 3: r0 = socket$inet6(0xa, 0x3, 0x6) connect$inet6(r0, &(0x7f0000000180)={0xa, 0x0, 0x0, @loopback}, 0x1c) r1 = syz_open_procfs(0x0, &(0x7f0000000040)='net/raw6\x00') ioctl$PIO_UNIMAPCLR(r1, 0x4b68, &(0x7f0000000000)={0x7fffffff, 0x5, 0x4}) sendfile(r0, r1, &(0x7f00000000c0)=0xfc, 0x401) 14:31:56 executing program 2: write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000180)={0x20, 0xffffffffffffffda}, 0x20) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f00000000c0)={'\x00', 0x400}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000200)={0x94, &(0x7f0000000140)}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={"76657400000000000000000400", 0x43732e5398416f1a}) 14:31:56 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={&(0x7f0000000000), 0xc, &(0x7f0000000540)={&(0x7f00000003c0)=@newlink={0x28, 0x10, 0x705, 0x1736, 0x0, {}, [@IFLA_OPERSTATE={0x8}]}, 0x28}}, 0x0) 14:31:57 executing program 0: r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1, 0x0) write$P9_RLOCK(r1, &(0x7f00000000c0)={0x8}, 0x8) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000740)=ANY=[@ANYBLOB="000000012c000000060000000080"]) 14:31:57 executing program 1: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f00000000c0)={'\x00', 0x400}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000200)={0x94, &(0x7f0000000140)}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000140)=@assoc_value, &(0x7f0000000180)=0x8) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={"76657400000000000000000400", 0x43732e5398416f1a}) 14:31:57 executing program 3: r0 = socket$inet6(0xa, 0x3, 0x6) connect$inet6(r0, &(0x7f0000000180)={0xa, 0x0, 0x0, @loopback}, 0x1c) r1 = syz_open_procfs(0x0, &(0x7f0000000040)='net/raw6\x00') sendfile(r0, r1, &(0x7f0000000000)=0xff, 0x3ff) ioctl$FS_IOC_GETFSMAP(r1, 0xc0c0583b, &(0x7f00000001c0)={0x0, 0x0, 0x3, 0x0, [], [{0x9, 0x0, 0x1000, 0x9, 0x0, 0xfffffffffffffc00}, {0x20, 0x69c1, 0x3, 0x80, 0x2, 0x6}], [[], [], []]}) 14:31:57 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={&(0x7f0000000000), 0xc, &(0x7f0000000540)={&(0x7f00000003c0)=@newlink={0x28, 0x10, 0x705, 0x3, 0x0, {}, [@IFLA_OPERSTATE={0x8}]}, 0x28}}, 0x0) 14:31:57 executing program 5: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) prctl$seccomp(0x16, 0x1, &(0x7f0000000040)={0x5}) 14:31:57 executing program 2: write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000180)={0x20, 0xffffffffffffffda}, 0x20) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f00000000c0)={'\x00', 0x400}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000200)={0x94, &(0x7f0000000140)}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={"76657400000000000000000400", 0x43732e5398416f1a}) 14:31:57 executing program 3: r0 = socket$inet6(0xa, 0x3, 0x6) connect$inet6(r0, &(0x7f0000000180)={0xa, 0x0, 0x0, @loopback}, 0x1c) r1 = syz_open_procfs(0x0, &(0x7f0000000040)='d\x00') sendfile(r0, r1, &(0x7f00000000c0)=0xfc, 0x401) 14:31:57 executing program 0: r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1, 0x0) write$P9_RLOCK(r1, &(0x7f00000000c0)={0x8}, 0x8) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000740)=ANY=[@ANYBLOB="00000000c9000000060000000080"]) 14:31:57 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={&(0x7f0000000000), 0xc, &(0x7f0000000540)={&(0x7f00000003c0)=@newlink={0x28, 0x10, 0x705, 0x700000000000000, 0x0, {}, [@IFLA_OPERSTATE={0x8}]}, 0x28}}, 0x0) [ 958.847174] audit: type=1326 audit(1539268317.424:183): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=7149 comm="syz-executor5" exe="/root/syz-executor5" sig=9 arch=c000003e syscall=228 compat=0 ip=0x45a37a code=0x0 14:31:57 executing program 3: r0 = socket$inet6(0xa, 0x3, 0x6) connect$inet6(r0, &(0x7f0000000180)={0xa, 0x0, 0x0, @loopback}, 0x1c) syz_open_procfs(0x0, &(0x7f0000000040)='net/raw6\x00') sendfile(r0, r0, &(0x7f00000000c0)=0xfc, 0x401) 14:31:57 executing program 2: write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000180)={0x20, 0xffffffffffffffda}, 0x20) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f00000000c0)={'\x00', 0x400}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000200)={0x94, &(0x7f0000000140)}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={"76657400000000000000000400", 0x43732e5398416f1a}) 14:31:57 executing program 0: r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1, 0x0) write$P9_RLOCK(r1, &(0x7f00000000c0)={0x8}, 0x8) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000740)=ANY=[@ANYBLOB="00000001a7000000060000000080"]) 14:31:57 executing program 1: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f00000000c0)={'\x00', 0x400}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000200)={0x94, &(0x7f0000000140)}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000140)=@assoc_value, &(0x7f0000000180)=0x8) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={"76657400000000000000000400", 0x43732e5398416f1a}) 14:31:57 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={&(0x7f0000000000), 0xc, &(0x7f0000000540)={&(0x7f00000003c0)=@newlink={0x28, 0x10, 0x705, 0x7000000, 0x0, {}, [@IFLA_OPERSTATE={0x8}]}, 0x28}}, 0x0) 14:31:57 executing program 3: r0 = socket$inet6(0xa, 0x3, 0x6) connect$inet6(r0, &(0x7f0000000180)={0xa, 0x0, 0x0, @loopback}, 0x1c) r1 = syz_open_procfs(0x0, &(0x7f0000000040)='net/raw6\x00') sendfile(r0, r1, &(0x7f00000000c0)=0xfc, 0x401) socketpair$inet_sctp(0x2, 0x5, 0x84, &(0x7f0000000000)) 14:31:57 executing program 0: r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1, 0x0) write$P9_RLOCK(r1, &(0x7f00000000c0)={0x8}, 0x8) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000740)=ANY=[@ANYBLOB="005b000000000000060000000080"]) [ 958.988877] validate_nla: 22 callbacks suppressed [ 958.988882] netlink: 'syz-executor4': attribute type 16 has an invalid length. [ 959.016149] netlink: 'syz-executor4': attribute type 16 has an invalid length. 14:31:58 executing program 5: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) prctl$seccomp(0x16, 0x1, &(0x7f0000000040)={0x3}) 14:31:58 executing program 3: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) ioctl$TUNSETSNDBUF(r0, 0x801054db, &(0x7f0000000180)) 14:31:58 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={&(0x7f0000000000), 0xc, &(0x7f0000000540)={&(0x7f00000003c0)=@newlink={0x28, 0x10, 0x705, 0x4c000000, 0x0, {}, [@IFLA_OPERSTATE={0x8}]}, 0x28}}, 0x0) 14:31:58 executing program 0: r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1, 0x0) write$P9_RLOCK(r1, &(0x7f00000000c0)={0x8}, 0x8) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000740)=ANY=[@ANYBLOB="00fd010000000000060000000080"]) 14:31:58 executing program 2: write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000180)={0x20, 0xffffffffffffffda}, 0x20) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f00000000c0)={'\x00', 0x400}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000200)={0x94, &(0x7f0000000140)}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={"76657400000000000000000400", 0x43732e5398416f1a}) 14:31:58 executing program 1: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f00000000c0)={'\x00', 0x400}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000200)={0x94, &(0x7f0000000140)}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000140)=@assoc_value, &(0x7f0000000180)=0x8) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={"76657400000000000000000400", 0x43732e5398416f1a}) 14:31:58 executing program 0: r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1, 0x0) write$P9_RLOCK(r1, &(0x7f00000000c0)={0x8}, 0x8) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000740)=ANY=[@ANYBLOB="00df000000000000060000000080"]) 14:31:58 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={&(0x7f0000000000), 0xc, &(0x7f0000000540)={&(0x7f00000003c0)=@newlink={0x28, 0x10, 0x705, 0x74000000, 0x0, {}, [@IFLA_OPERSTATE={0x8}]}, 0x28}}, 0x0) 14:31:58 executing program 3: r0 = perf_event_open(&(0x7f000025c000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000280)}, 0xfffffffffffffffd}, 0x0, 0x0, 0xffffffffffffffff, 0x0) fcntl$setstatus(r0, 0x4, 0x2000) add_key$keyring(&(0x7f0000000000)='keyring\x00', &(0x7f0000000040), 0x0, 0x0, 0xfffffffffffffffa) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = getpid() sched_setscheduler(r1, 0x5, &(0x7f0000000200)) r2 = open(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) ioctl$KDSKBLED(r2, 0x4b65, 0x8) ioctl(0xffffffffffffffff, 0x0, &(0x7f0000000100)="295ee131") preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000180)=""/148, 0x94}], 0x1, 0x0) ioctl$TCSETS(0xffffffffffffffff, 0x40045431, &(0x7f0000000180)) syz_open_pts(r2, 0xfffffffffffffffd) ioctl$TCSETAW(0xffffffffffffffff, 0x5407, &(0x7f0000000000)) syz_open_pts(0xffffffffffffffff, 0x10800) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000080)='cpuacct.usage_percpu\x00', 0x0, 0x0) r3 = dup3(r0, r0, 0x0) ioctl$KVM_X86_SET_MCE(r3, 0x4040ae9e, &(0x7f0000000000)={0xdfdb3855c2f1b4e3, 0x5000, 0x100, 0x3, 0xd}) r4 = memfd_create(&(0x7f0000000400)="2b8b8a16114fdddf6b28c6ce6a1b803e6f4a02759b9461ac", 0x0) write$binfmt_misc(r4, &(0x7f0000000540)=ANY=[@ANYRES32], 0xfffffda2) r5 = getpgrp(r1) r6 = perf_event_open(&(0x7f0000c86f88)={0x2, 0x70, 0x0, 0x3}, r5, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_DISABLE(r6, 0x2401, 0x0) [ 959.676391] audit: type=1326 audit(1539268318.254:184): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=7207 comm="syz-executor5" exe="/root/syz-executor5" sig=9 arch=c000003e syscall=228 compat=0 ip=0x45a37a code=0x0 [ 959.702316] netlink: 'syz-executor4': attribute type 16 has an invalid length. [ 959.716471] netlink: 'syz-executor4': attribute type 16 has an invalid length. 14:31:58 executing program 0: r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1, 0x0) write$P9_RLOCK(r1, &(0x7f00000000c0)={0x8}, 0x8) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000740)=ANY=[@ANYBLOB="007b000000000000060000000080"]) 14:31:58 executing program 2: write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000180)={0x20, 0xffffffffffffffda}, 0x20) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f00000000c0)={'\x00', 0x400}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000200)={0x94, &(0x7f0000000140)}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={"76657400000000000000000400", 0x43732e5398416f1a}) 14:31:58 executing program 1: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f00000000c0)={'\x00', 0x400}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000200)={0x94, &(0x7f0000000140)}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000140)=@assoc_value, &(0x7f0000000180)=0x8) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={"76657400000000000000000400", 0x43732e5398416f1a}) [ 959.759533] netlink: 'syz-executor4': attribute type 16 has an invalid length. [ 959.777552] netlink: 'syz-executor4': attribute type 16 has an invalid length. 14:31:59 executing program 5: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) prctl$seccomp(0x16, 0x1, &(0x7f0000000040)={0x68}) 14:31:59 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={&(0x7f0000000000), 0xc, &(0x7f0000000540)={&(0x7f00000003c0)=@newlink={0x28, 0x10, 0x705, 0xf00, 0x0, {}, [@IFLA_OPERSTATE={0x8}]}, 0x28}}, 0x0) 14:31:59 executing program 0: r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1, 0x0) write$P9_RLOCK(r1, &(0x7f00000000c0)={0x8}, 0x8) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000740)=ANY=[@ANYBLOB="000000014a000000060000000080"]) 14:31:59 executing program 2: write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000180)={0x20, 0xffffffffffffffda}, 0x20) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f00000000c0)={'\x00', 0x400}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000200)={0x94, &(0x7f0000000140)}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={"76657400000000000000000400", 0x43732e5398416f1a}) 14:31:59 executing program 1: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f00000000c0)={'\x00', 0x400}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000200)={0x94, &(0x7f0000000140)}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000140)=@assoc_value, &(0x7f0000000180)=0x8) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={"76657400000000000000000400", 0x43732e5398416f1a}) 14:31:59 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$inet6_tcp(0xa, 0x1, 0x0, &(0x7f0000000000)) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@text32={0x20, &(0x7f0000000080)="f20f35b9ac080000b8879cafe8ba000000000f3036f20f7c00670f09dfc20f019b945400000f01c966b820008ed00f22a2b805000000b90e0000000f01c1"}], 0x28f, 0x0, &(0x7f0000000100)=[@flags], 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 960.485782] netlink: 'syz-executor4': attribute type 16 has an invalid length. [ 960.504753] audit: type=1326 audit(1539268319.084:185): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=7261 comm="syz-executor5" exe="/root/syz-executor5" sig=9 arch=c000003e syscall=228 compat=0 ip=0x45a37a code=0x0 [ 960.504886] netlink: 'syz-executor4': attribute type 16 has an invalid length. 14:31:59 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={&(0x7f0000000000), 0xc, &(0x7f0000000540)={&(0x7f00000003c0)=@newlink={0x28, 0x10, 0x705, 0x6, 0x0, {}, [@IFLA_OPERSTATE={0x8}]}, 0x28}}, 0x0) 14:31:59 executing program 0: r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1, 0x0) write$P9_RLOCK(r1, &(0x7f00000000c0)={0x8}, 0x8) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000740)=ANY=[@ANYBLOB="0000000127000000060000000080"]) 14:31:59 executing program 2: write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000180)={0x20, 0xffffffffffffffda}, 0x20) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f00000000c0)={'\x00', 0x400}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000200)={0x94, &(0x7f0000000140)}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={"76657400000000000000000400", 0x43732e5398416f1a}) 14:31:59 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={&(0x7f0000000000), 0xc, &(0x7f0000000540)={&(0x7f00000003c0)=@newlink={0x28, 0x10, 0x705, 0x6800000000000000, 0x0, {}, [@IFLA_OPERSTATE={0x8}]}, 0x28}}, 0x0) [ 960.562963] netlink: 'syz-executor4': attribute type 16 has an invalid length. [ 960.572751] netlink: 'syz-executor4': attribute type 16 has an invalid length. 14:31:59 executing program 0: r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1, 0x0) write$P9_RLOCK(r1, &(0x7f00000000c0)={0x8}, 0x8) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000740)=ANY=[@ANYBLOB="0000000000ffffffff0000000080"]) 14:31:59 executing program 3: clone(0x2102001fff, 0x0, 0xfffffffffffffffe, &(0x7f0000000200), 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000000), 0x0, &(0x7f0000000180)={0x0, 0x1c9c380}, 0x8) r0 = getpid() rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f0000000040)) ptrace(0x10, r0) ptrace(0x4200, r0) 14:31:59 executing program 5: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) prctl$seccomp(0x16, 0x1, &(0x7f0000000040)={0x7}) 14:31:59 executing program 1: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f00000000c0)={'\x00', 0x400}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000200)={0x94, &(0x7f0000000140)}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000140)=@assoc_value, &(0x7f0000000180)=0x8) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={"76657400000000000000000400", 0x43732e5398416f1a}) 14:31:59 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={&(0x7f0000000000), 0xc, &(0x7f0000000540)={&(0x7f00000003c0)=@newlink={0x28, 0x10, 0x705, 0x600000000000000, 0x0, {}, [@IFLA_OPERSTATE={0x8}]}, 0x28}}, 0x0) 14:31:59 executing program 0: r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1, 0x0) write$P9_RLOCK(r1, &(0x7f00000000c0)={0x8}, 0x8) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000740)=ANY=[@ANYBLOB="00b9010000000000060000000080"]) 14:31:59 executing program 3: perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x0, 0x80000001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000008c0)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg(r0, &(0x7f0000000340)={&(0x7f00000001c0)=@un=@abs, 0x80, &(0x7f0000000880), 0x0, &(0x7f0000000080)}, 0x0) r2 = dup3(r0, r1, 0x0) write$cgroup_type(r2, &(0x7f0000000140)='threaded\x00', 0x9) 14:31:59 executing program 2: write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000180)={0x20, 0xffffffffffffffda}, 0x20) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f00000000c0)={'\x00', 0x400}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000200)={0x94, &(0x7f0000000140)}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={"76657400000000000000000400", 0x43732e5398416f1a}) 14:31:59 executing program 0: r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1, 0x0) write$P9_RLOCK(r1, &(0x7f00000000c0)={0x8}, 0x8) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000740)=ANY=[@ANYBLOB="000000002e000000060000000080"]) 14:31:59 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000380)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCXONC(r0, 0x540a, 0x0) pipe(&(0x7f0000000080)) pselect6(0x40, &(0x7f00000000c0), &(0x7f00000004c0), &(0x7f0000000140)={0x8}, &(0x7f0000000200), &(0x7f0000000300)={&(0x7f00000002c0), 0x8}) 14:31:59 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={&(0x7f0000000000), 0xc, &(0x7f0000000540)={&(0x7f00000003c0)=@newlink={0x28, 0x10, 0x705, 0xf0ffffffffffff, 0x0, {}, [@IFLA_OPERSTATE={0x8}]}, 0x28}}, 0x0) 14:32:00 executing program 2: write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000180)={0x20, 0xffffffffffffffda}, 0x20) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f00000000c0)={'\x00', 0x400}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000200)={0x94, &(0x7f0000000140)}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={"76657400000000000000000400", 0x43732e5398416f1a}) [ 961.383358] audit: type=1326 audit(1539268319.964:186): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=7308 comm="syz-executor5" exe="/root/syz-executor5" sig=9 arch=c000003e syscall=228 compat=0 ip=0x45a37a code=0x0 14:32:00 executing program 0: r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1, 0x0) write$P9_RLOCK(r1, &(0x7f00000000c0)={0x8}, 0x8) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000740)=ANY=[@ANYBLOB="00000001b5000000060000000080"]) 14:32:00 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={&(0x7f0000000000), 0xc, &(0x7f0000000540)={&(0x7f00000003c0)=@newlink={0x28, 0x10, 0x705, 0x3f00000000000000, 0x0, {}, [@IFLA_OPERSTATE={0x8}]}, 0x28}}, 0x0) 14:32:00 executing program 5: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) prctl$seccomp(0x16, 0x1, &(0x7f0000000040)={0x6}) 14:32:00 executing program 1: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f00000000c0)={'\x00', 0x400}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000200)={0x94, &(0x7f0000000140)}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000140)=@assoc_value, &(0x7f0000000180)=0x8) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={"76657400000000000000000400", 0x43732e5398416f1a}) 14:32:00 executing program 3: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f00000000c0)={'\x00', 0x400}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000200)={0x94, &(0x7f0000000140)}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000140)=@assoc_value, &(0x7f0000000180)=0x8) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={"76657400000000000000000400", 0x43732e5398416f1a}) 14:32:00 executing program 0: r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1, 0x0) write$P9_RLOCK(r1, &(0x7f00000000c0)={0x8}, 0x8) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000740)=ANY=[@ANYBLOB="0000000176000000060000000080"]) 14:32:00 executing program 2: write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000180)={0x20, 0xffffffffffffffda}, 0x20) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f00000000c0)={'\x00', 0x400}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000200)={0x94, &(0x7f0000000140)}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={"76657400000000000000000400", 0x43732e5398416f1a}) 14:32:00 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={&(0x7f0000000000), 0xc, &(0x7f0000000540)={&(0x7f00000003c0)=@newlink={0x28, 0x10, 0x705, 0x20000000, 0x0, {}, [@IFLA_OPERSTATE={0x8}]}, 0x28}}, 0x0) 14:32:00 executing program 0: r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1, 0x0) write$P9_RLOCK(r1, &(0x7f00000000c0)={0x8}, 0x8) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000740)=ANY=[@ANYBLOB="000000009b000000060000000080"]) [ 962.186694] audit: type=1326 audit(1539268320.764:187): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=7353 comm="syz-executor5" exe="/root/syz-executor5" sig=9 arch=c000003e syscall=228 compat=0 ip=0x45a37a code=0x0 14:32:00 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={&(0x7f0000000000), 0xc, &(0x7f0000000540)={&(0x7f00000003c0)=@newlink={0x28, 0x10, 0x705, 0x7a000000, 0x0, {}, [@IFLA_OPERSTATE={0x8}]}, 0x28}}, 0x0) 14:32:00 executing program 0: r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1, 0x0) write$P9_RLOCK(r1, &(0x7f00000000c0)={0x8}, 0x8) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000740)=ANY=[@ANYBLOB="0000000149000000060000000080"]) 14:32:00 executing program 3: r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1, 0x0) write$P9_RLOCK(r1, &(0x7f00000000c0)={0x8}, 0x8) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000740)=ANY=[@ANYBLOB="0001720000000000060000000080"]) 14:32:00 executing program 1: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f00000000c0)={'\x00', 0x400}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000200)={0x94, &(0x7f0000000140)}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000140)=@assoc_value, &(0x7f0000000180)=0x8) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={"76657400000000000000000400", 0x43732e5398416f1a}) 14:32:00 executing program 2: write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000180)={0x20, 0xffffffffffffffda}, 0x20) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f00000000c0)={'\x00', 0x400}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000200)={0x94, &(0x7f0000000140)}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={"76657400000000000000000400", 0x43732e5398416f1a}) 14:32:01 executing program 5: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) prctl$seccomp(0x16, 0x1, &(0x7f0000000040)={0x6000000}) 14:32:01 executing program 0: r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1, 0x0) write$P9_RLOCK(r1, &(0x7f00000000c0)={0x8}, 0x8) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000740)=ANY=[@ANYBLOB="0047000000000000060000000080"]) 14:32:01 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={&(0x7f0000000000), 0xc, &(0x7f0000000540)={&(0x7f00000003c0)=@newlink={0x28, 0x10, 0x705, 0x700, 0x0, {}, [@IFLA_OPERSTATE={0x8}]}, 0x28}}, 0x0) 14:32:01 executing program 3: r0 = socket$inet6(0xa, 0xffffffffffffffff, 0x3) socketpair(0x10, 0x0, 0x100000000, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = getuid() getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f00000001c0)={0x0, 0x0, 0x0}, &(0x7f0000000200)=0xc) write$FUSE_ATTR(r1, &(0x7f0000000240)={0x78, 0x0, 0x4, {0x0, 0x1000, 0x0, {0x5, 0x70f5, 0x5, 0x6, 0xffffffff, 0x9, 0x1e, 0x1, 0x5, 0x1, 0x5, r2, r3, 0x8, 0x3f}}}, 0x78) connect$inet6(r0, &(0x7f0000000180)={0xa, 0x0, 0x0, @loopback}, 0x1c) r4 = syz_open_procfs(0x0, &(0x7f0000000040)='net/raw6\x00') sendfile(r0, r4, &(0x7f00000000c0)=0xfc, 0x401) r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0) r8 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r9 = socket$xdp(0x2c, 0x3, 0x0) mmap(&(0x7f0000ff3000/0xd000)=nil, 0xd000, 0x2, 0x10, r8, 0x0) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x0, 0x40031, 0xffffffffffffffff, 0x0) mmap(&(0x7f00000be000/0x3000)=nil, 0x3000, 0x2, 0x10000000100132, 0xffffffffffffffff, 0x0) select(0x40, &(0x7f0000000040), &(0x7f0000002300), &(0x7f0000001280), &(0x7f00000001c0)={0x0, 0x2710}) setsockopt$XDP_UMEM_REG(r9, 0x11b, 0x4, &(0x7f0000000040)={&(0x7f0000000000)=""/21, 0x4d0d6200, 0x800}, 0x18) r10 = syz_open_procfs(0x0, &(0x7f0000000000)='net/igmp\x00') ioctl$KDGKBTYPE(r10, 0x4b33, &(0x7f0000000040)) ioctl$KVM_RUN(r7, 0x4b49, 0x0) clock_gettime(0x4, &(0x7f0000000000)) openat$uhid(0xffffffffffffff9c, &(0x7f0000000100)='/dev/uhid\x00', 0x802, 0x0) openat$pfkey(0xffffffffffffff9c, &(0x7f0000000080)='/proc/self/net/pfkey\x00', 0x2201, 0x0) 14:32:01 executing program 1: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f00000000c0)={'\x00', 0x400}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000200)={0x94, &(0x7f0000000140)}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000140)=@assoc_value, &(0x7f0000000180)=0x8) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={"76657400000000000000000400", 0x43732e5398416f1a}) 14:32:01 executing program 2: write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000180)={0x20, 0xffffffffffffffda}, 0x20) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f00000000c0)={'\x00', 0x400}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000200)={0x94, &(0x7f0000000140)}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={"76657400000000000000000400", 0x43732e5398416f1a}) [ 962.997842] audit: type=1326 audit(1539268321.574:188): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=7392 comm="syz-executor5" exe="/root/syz-executor5" sig=9 arch=c000003e syscall=228 compat=0 ip=0x45a37a code=0x0 14:32:01 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={&(0x7f0000000000), 0xc, &(0x7f0000000540)={&(0x7f00000003c0)=@newlink={0x28, 0x10, 0x705, 0x48, 0x0, {}, [@IFLA_OPERSTATE={0x8}]}, 0x28}}, 0x0) 14:32:01 executing program 2: write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000180)={0x20, 0xffffffffffffffda}, 0x20) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f00000000c0)={'\x00', 0x400}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000200)={0x94, &(0x7f0000000140)}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={"76657400000000000000000400", 0x43732e5398416f1a}) 14:32:01 executing program 0: r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1, 0x0) write$P9_RLOCK(r1, &(0x7f00000000c0)={0x8}, 0x8) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000740)=ANY=[@ANYBLOB="0071000000000000060000000080"]) 14:32:01 executing program 1: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f00000000c0)={'\x00', 0x400}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000200)={0x94, &(0x7f0000000140)}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000140)=@assoc_value, &(0x7f0000000180)=0x8) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={"76657400000000000000000400", 0x43732e5398416f1a}) 14:32:01 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={&(0x7f0000000000), 0xc, &(0x7f0000000540)={&(0x7f00000003c0)=@newlink={0x28, 0x10, 0x705, 0x1000000, 0x0, {}, [@IFLA_OPERSTATE={0x8}]}, 0x28}}, 0x0) 14:32:01 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={&(0x7f0000000000), 0xc, &(0x7f0000000540)={&(0x7f00000003c0)=@newlink={0x28, 0x10, 0x705, 0x4000000, 0x0, {}, [@IFLA_OPERSTATE={0x8}]}, 0x28}}, 0x0) 14:32:02 executing program 5: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) prctl$seccomp(0x16, 0x1, &(0x7f0000000040)={0x3000000}) 14:32:02 executing program 3: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={&(0x7f0000000000), 0xc, &(0x7f0000000540)={&(0x7f00000003c0)=@newlink={0x28, 0x52, 0x705, 0x0, 0x0, {}, [@IFLA_OPERSTATE={0x8}]}, 0x28}}, 0x0) 14:32:02 executing program 0: r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1, 0x0) write$P9_RLOCK(r1, &(0x7f00000000c0)={0x8}, 0x8) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000740)=ANY=[@ANYBLOB="0033000000000000060000000080"]) 14:32:02 executing program 1: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f00000000c0)={'\x00', 0x400}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000200)={0x94, &(0x7f0000000140)}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000140)=@assoc_value, &(0x7f0000000180)=0x8) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={"76657400000000000000000400", 0x43732e5398416f1a}) 14:32:02 executing program 2: write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000180)={0x20, 0xffffffffffffffda}, 0x20) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f00000000c0)={'\x00', 0x400}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000200)={0x94, &(0x7f0000000140)}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={"76657400000000000000000400", 0x43732e5398416f1a}) 14:32:02 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={&(0x7f0000000000), 0xc, &(0x7f0000000540)={&(0x7f00000003c0)=@newlink={0x28, 0x10, 0x705, 0x6c00, 0x0, {}, [@IFLA_OPERSTATE={0x8}]}, 0x28}}, 0x0) 14:32:02 executing program 0: r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1, 0x0) write$P9_RLOCK(r1, &(0x7f00000000c0)={0x8}, 0x8) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000740)=ANY=[@ANYBLOB="00000000db000000060000000080"]) [ 963.840002] audit: type=1326 audit(1539268322.424:189): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=7447 comm="syz-executor5" exe="/root/syz-executor5" sig=9 arch=c000003e syscall=228 compat=0 ip=0x45a37a code=0x0 14:32:02 executing program 3: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={&(0x7f0000000000), 0xc, &(0x7f0000000540)={&(0x7f00000003c0)=@newlink={0x28, 0x52, 0x705, 0x0, 0x0, {}, [@IFLA_OPERSTATE={0x8}]}, 0x28}}, 0x0) 14:32:02 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={&(0x7f0000000000), 0xc, &(0x7f0000000540)={&(0x7f00000003c0)=@newlink={0x28, 0x10, 0x705, 0x6000, 0x0, {}, [@IFLA_OPERSTATE={0x8}]}, 0x28}}, 0x0) 14:32:02 executing program 1: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f00000000c0)={'\x00', 0x400}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000200)={0x94, &(0x7f0000000140)}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000140)=@assoc_value, &(0x7f0000000180)=0x8) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={"76657400000000000000000400", 0x43732e5398416f1a}) 14:32:02 executing program 2: write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000180)={0x20, 0xffffffffffffffda}, 0x20) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f00000000c0)={'\x00', 0x400}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000200)={0x94, &(0x7f0000000140)}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={"76657400000000000000000400", 0x43732e5398416f1a}) 14:32:02 executing program 3: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={&(0x7f0000000000), 0xc, &(0x7f0000000540)={&(0x7f00000003c0)=@newlink={0x28, 0x52, 0x705, 0x0, 0x0, {}, [@IFLA_OPERSTATE={0x8}]}, 0x28}}, 0x0) 14:32:03 executing program 5: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) prctl$seccomp(0x16, 0x1, &(0x7f0000000040)={0xa000000}) 14:32:03 executing program 0: r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1, 0x0) write$P9_RLOCK(r1, &(0x7f00000000c0)={0x8}, 0x8) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000740)=ANY=[@ANYBLOB="000000002f000000060000000080"]) 14:32:03 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={&(0x7f0000000000), 0xc, &(0x7f0000000540)={&(0x7f00000003c0)=@newlink={0x28, 0x10, 0x705, 0x2000000000000000, 0x0, {}, [@IFLA_OPERSTATE={0x8}]}, 0x28}}, 0x0) 14:32:03 executing program 3: r0 = socket$inet6(0xa, 0x3, 0x6) connect$inet6(r0, &(0x7f0000000180)={0xa, 0x0, 0x0, @loopback}, 0x1c) r1 = syz_open_procfs(0x0, &(0x7f0000000040)='net/raw6\x00') sendfile(r0, r1, &(0x7f00000000c0)=0x14b, 0x401) 14:32:03 executing program 1: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f00000000c0)={'\x00', 0x400}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000200)={0x94, &(0x7f0000000140)}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000140)=@assoc_value, &(0x7f0000000180)=0x8) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={"76657400000000000000000400", 0x43732e5398416f1a}) 14:32:03 executing program 2: write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000180)={0x20, 0xffffffffffffffda}, 0x20) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f00000000c0)={'\x00', 0x400}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000200)={0x94, &(0x7f0000000140)}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={"76657400000000000000000400", 0x43732e5398416f1a}) 14:32:03 executing program 3: r0 = socket$inet6(0xa, 0x3, 0x6) connect$inet6(r0, &(0x7f0000000180)={0xa, 0x0, 0x0, @loopback}, 0x1c) r1 = syz_open_procfs(0x0, &(0x7f0000000040)='net/raw6\x00') sendfile(r0, r1, &(0x7f00000000c0)=0x14b, 0x401) [ 964.687256] audit: type=1326 audit(1539268323.264:190): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=7483 comm="syz-executor5" exe="/root/syz-executor5" sig=9 arch=c000003e syscall=228 compat=0 ip=0x45a37a code=0x0 14:32:03 executing program 0: r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1, 0x0) write$P9_RLOCK(r1, &(0x7f00000000c0)={0x8}, 0x8) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000740)=ANY=[@ANYBLOB="0000000097000000060000000080"]) 14:32:03 executing program 3: r0 = socket$inet6(0xa, 0x3, 0x6) connect$inet6(r0, &(0x7f0000000180)={0xa, 0x0, 0x0, @loopback}, 0x1c) r1 = syz_open_procfs(0x0, &(0x7f0000000040)='net/raw6\x00') sendfile(r0, r1, &(0x7f00000000c0)=0x14b, 0x401) 14:32:03 executing program 0: r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1, 0x0) write$P9_RLOCK(r1, &(0x7f00000000c0)={0x8}, 0x8) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000740)=ANY=[@ANYBLOB="0000000200000000060000000080"]) [ 964.733894] validate_nla: 24 callbacks suppressed [ 964.733905] netlink: 'syz-executor4': attribute type 16 has an invalid length. [ 964.752847] netlink: 'syz-executor4': attribute type 16 has an invalid length. 14:32:03 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={&(0x7f0000000000), 0xc, &(0x7f0000000540)={&(0x7f00000003c0)=@newlink={0x28, 0x10, 0x705, 0x60, 0x0, {}, [@IFLA_OPERSTATE={0x8}]}, 0x28}}, 0x0) 14:32:03 executing program 2: write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000180)={0x20, 0xffffffffffffffda}, 0x20) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f00000000c0)={'\x00', 0x400}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000200)={0x94, &(0x7f0000000140)}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={"76657400000000000000000400", 0x43732e5398416f1a}) [ 964.854240] netlink: 'syz-executor4': attribute type 16 has an invalid length. [ 964.890826] netlink: 'syz-executor4': attribute type 16 has an invalid length. 14:32:04 executing program 5: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) prctl$seccomp(0x16, 0x1, &(0x7f0000000040)={0x6800}) 14:32:04 executing program 1: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f00000000c0)={'\x00', 0x400}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000200)={0x94, &(0x7f0000000140)}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000140)=@assoc_value, &(0x7f0000000180)=0x8) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={"76657400000000000000000400", 0x43732e5398416f1a}) 14:32:04 executing program 3: r0 = socket$inet6(0xa, 0x3, 0x6) connect$inet6(r0, &(0x7f0000000180)={0xa, 0x0, 0x0, @loopback}, 0x1c) sendfile(r0, 0xffffffffffffffff, &(0x7f00000000c0)=0x14b, 0x401) 14:32:04 executing program 0: r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1, 0x0) write$P9_RLOCK(r1, &(0x7f00000000c0)={0x8}, 0x8) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000740)=ANY=[@ANYBLOB="0024010000000000060000000080"]) 14:32:04 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={&(0x7f0000000000), 0xc, &(0x7f0000000540)={&(0x7f00000003c0)=@newlink={0x28, 0x10, 0x705, 0xf0ffffff00000000, 0x0, {}, [@IFLA_OPERSTATE={0x8}]}, 0x28}}, 0x0) 14:32:04 executing program 2: write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000180)={0x20, 0xffffffffffffffda}, 0x20) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f00000000c0)={'\x00', 0x400}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000200)={0x94, &(0x7f0000000140)}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={"76657400000000000000000400", 0x43732e5398416f1a}) 14:32:04 executing program 3: r0 = socket$inet6(0xa, 0x3, 0x6) r1 = syz_open_procfs(0x0, &(0x7f0000000040)='net/raw6\x00') sendfile(r0, r1, &(0x7f00000000c0)=0x14b, 0x401) 14:32:04 executing program 0: r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1, 0x0) write$P9_RLOCK(r1, &(0x7f00000000c0)={0x8}, 0x8) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000740)=ANY=[@ANYBLOB="0013000000000000060000000080"]) [ 965.519919] netlink: 'syz-executor4': attribute type 16 has an invalid length. [ 965.531662] audit: type=1326 audit(1539268324.114:191): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=7528 comm="syz-executor5" exe="/root/syz-executor5" sig=9 arch=c000003e syscall=228 compat=0 ip=0x45a37a code=0x0 14:32:04 executing program 3: r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/raw6\x00') sendfile(0xffffffffffffffff, r0, &(0x7f00000000c0)=0x14b, 0x401) 14:32:04 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={&(0x7f0000000000), 0xc, &(0x7f0000000540)={&(0x7f00000003c0)=@newlink={0x28, 0x10, 0x705, 0x6000000000000000, 0x0, {}, [@IFLA_OPERSTATE={0x8}]}, 0x28}}, 0x0) [ 965.599291] netlink: 'syz-executor4': attribute type 16 has an invalid length. 14:32:04 executing program 3: r0 = socket$inet6(0xa, 0x0, 0x6) r1 = syz_open_procfs(0x0, &(0x7f0000000040)='net/raw6\x00') sendfile(r0, r1, &(0x7f00000000c0)=0x14b, 0x401) 14:32:04 executing program 2: write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000180)={0x20, 0xffffffffffffffda}, 0x20) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f00000000c0)={'\x00', 0x400}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000200)={0x94, &(0x7f0000000140)}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={"76657400000000000000000400", 0x43732e5398416f1a}) [ 965.680320] netlink: 'syz-executor4': attribute type 16 has an invalid length. [ 965.709456] netlink: 'syz-executor4': attribute type 16 has an invalid length. 14:32:04 executing program 5: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) prctl$seccomp(0x16, 0x1, &(0x7f0000000040)={0x74}) 14:32:04 executing program 0: r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1, 0x0) write$P9_RLOCK(r1, &(0x7f00000000c0)={0x8}, 0x8) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000740)=ANY=[@ANYBLOB="0005010000000000060000000080"]) 14:32:04 executing program 1: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f00000000c0)={'\x00', 0x400}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000200)={0x94, &(0x7f0000000140)}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000140)=@assoc_value, &(0x7f0000000180)=0x8) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={"76657400000000000000000400", 0x43732e5398416f1a}) 14:32:04 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={&(0x7f0000000000), 0xc, &(0x7f0000000540)={&(0x7f00000003c0)=@newlink={0x28, 0x10, 0x705, 0x4000000000000000, 0x0, {}, [@IFLA_OPERSTATE={0x8}]}, 0x28}}, 0x0) 14:32:04 executing program 3: r0 = socket$inet6(0xa, 0x3, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000040)='net/raw6\x00') sendfile(r0, r1, &(0x7f00000000c0)=0x14b, 0x401) 14:32:04 executing program 2: r0 = dup2(0xffffffffffffffff, 0xffffffffffffffff) getsockname$netlink(r0, &(0x7f0000000140), &(0x7f00000001c0)=0xc) write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000180)={0x20, 0xffffffffffffffda}, 0x20) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) ioctl$TUNSETQUEUE(r1, 0x400454d9, &(0x7f00000000c0)={'\x00', 0x400}) ioctl$TUNATTACHFILTER(r1, 0x401054d5, &(0x7f0000000200)={0x94, &(0x7f0000000140)}) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) ioctl$sock_FIOGETOWN(r0, 0x8903, &(0x7f0000000240)=0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000002c0)={0x0, r0, 0x0, 0xd, &(0x7f0000000280)="76657400000000000000000400"}, 0x30) kcmp(r3, r4, 0x4, r1, r1) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000000)={"76657400000000000000000400", 0x43732e5398416f1a}) [ 966.350372] netlink: 'syz-executor4': attribute type 16 has an invalid length. [ 966.351008] audit: type=1326 audit(1539268324.934:192): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=7572 comm="syz-executor5" exe="/root/syz-executor5" sig=9 arch=c000003e syscall=228 compat=0 ip=0x45a37a code=0x0 [ 966.367436] netlink: 'syz-executor4': attribute type 16 has an invalid length. 14:32:05 executing program 3: socket$inet6(0xa, 0x3, 0x6) r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/raw6\x00') sendfile(0xffffffffffffffff, r0, &(0x7f00000000c0)=0x14b, 0x401) 14:32:05 executing program 0: r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1, 0x0) write$P9_RLOCK(r1, &(0x7f00000000c0)={0x8}, 0x8) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000740)=ANY=[@ANYBLOB="0000000059000000060000000080"]) 14:32:05 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={&(0x7f0000000000), 0xc, &(0x7f0000000540)={&(0x7f00000003c0)=@newlink={0x28, 0x10, 0x705, 0x2000000, 0x0, {}, [@IFLA_OPERSTATE={0x8}]}, 0x28}}, 0x0) 14:32:05 executing program 1: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f00000000c0)={'\x00', 0x400}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000200)={0x94, &(0x7f0000000140)}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000140)=@assoc_value, &(0x7f0000000180)=0x8) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={"76657400000000000000000400", 0x43732e5398416f1a}) 14:32:05 executing program 0: r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1, 0x0) write$P9_RLOCK(r1, &(0x7f00000000c0)={0x8}, 0x8) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000740)=ANY=[@ANYBLOB="0000820000000000060000000080"]) 14:32:05 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={&(0x7f0000000000), 0xc, &(0x7f0000000540)={&(0x7f00000003c0)=@newlink={0x28, 0x10, 0x705, 0x5, 0x0, {}, [@IFLA_OPERSTATE={0x8}]}, 0x28}}, 0x0) 14:32:05 executing program 5: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) prctl$seccomp(0x16, 0x1, &(0x7f0000000040)={0x6c}) 14:32:05 executing program 2: write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000180)={0x20, 0xffffffffffffffda}, 0x20) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f00000000c0)={'\x00', 0x400}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000200)={0x94, &(0x7f0000000140)}) fsetxattr$trusted_overlay_opaque(r0, &(0x7f0000000140)='trusted.overlay.opaque\x00', &(0x7f00000001c0)='y\x00', 0x2, 0x3) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={"76657400000000000000000400", 0x43732e5398416f1a}) 14:32:05 executing program 3: r0 = socket$inet6(0xa, 0x3, 0x6) syz_open_procfs(0x0, &(0x7f0000000040)='net/raw6\x00') sendfile(r0, 0xffffffffffffffff, &(0x7f00000000c0)=0x14b, 0x401) 14:32:05 executing program 0: r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1, 0x0) write$P9_RLOCK(r1, &(0x7f00000000c0)={0x8}, 0x8) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000740)=ANY=[@ANYBLOB="0001c60000000000060000000080"]) 14:32:05 executing program 1: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f00000000c0)={'\x00', 0x400}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000200)={0x94, &(0x7f0000000140)}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000140)=@assoc_value, &(0x7f0000000180)=0x8) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={"76657400000000000000000400", 0x43732e5398416f1a}) 14:32:05 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={&(0x7f0000000000), 0xc, &(0x7f0000000540)={&(0x7f00000003c0)=@newlink={0x28, 0x10, 0x705, 0xffffff9e, 0x0, {}, [@IFLA_OPERSTATE={0x8}]}, 0x28}}, 0x0) 14:32:05 executing program 3: r0 = socket$inet6(0xa, 0x3, 0x6) r1 = syz_open_procfs(0x0, &(0x7f0000000040)='net/raw6\x00') sendfile(r0, r1, &(0x7f00000000c0), 0x401) [ 967.183919] audit: type=1326 audit(1539268325.764:193): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=7622 comm="syz-executor5" exe="/root/syz-executor5" sig=9 arch=c000003e syscall=228 compat=0 ip=0x45a37a code=0x0 14:32:05 executing program 0: r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1, 0x0) write$P9_RLOCK(r1, &(0x7f00000000c0)={0x8}, 0x8) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000740)=ANY=[@ANYBLOB="00004d0000000000060000000080"]) 14:32:05 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={&(0x7f0000000000), 0xc, &(0x7f0000000540)={&(0x7f00000003c0)=@newlink={0x28, 0x10, 0x705, 0x4c, 0x0, {}, [@IFLA_OPERSTATE={0x8}]}, 0x28}}, 0x0) 14:32:05 executing program 3: r0 = socket$inet6(0xa, 0x3, 0x6) r1 = syz_open_procfs(0x0, &(0x7f0000000040)='net/raw6\x00') sendfile(r0, r1, &(0x7f00000000c0)=0x14b, 0x0) 14:32:05 executing program 1: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f00000000c0)={'\x00', 0x400}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000200)={0x94, &(0x7f0000000140)}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000140)=@assoc_value, &(0x7f0000000180)=0x8) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={"76657400000000000000000400", 0x43732e5398416f1a}) 14:32:05 executing program 3: r0 = socket$inet6(0xa, 0x3, 0x6) r1 = syz_open_procfs(0x0, &(0x7f0000000040)='net/raw6\x00') sendfile(r0, r1, &(0x7f00000000c0)=0x14b, 0x0) 14:32:06 executing program 5: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) prctl$seccomp(0x16, 0x1, &(0x7f0000000040)={0xa}) 14:32:06 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={&(0x7f0000000000), 0xc, &(0x7f0000000540)={&(0x7f00000003c0)=@newlink={0x28, 0x10, 0x705, 0x9effffff00000000, 0x0, {}, [@IFLA_OPERSTATE={0x8}]}, 0x28}}, 0x0) 14:32:06 executing program 0: r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1, 0x0) write$P9_RLOCK(r1, &(0x7f00000000c0)={0x8}, 0x8) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000740)=ANY=[@ANYBLOB="000a010000000000060000000080"]) 14:32:06 executing program 2: write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000180)={0x20, 0xffffffffffffffda}, 0x20) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f00000000c0)={'\x00', 0x400}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000200)={0x94, &(0x7f0000000140)}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x80000000000000, 0x0) getsockopt$sock_cred(0xffffffffffffff9c, 0x1, 0x11, &(0x7f00000001c0)={0x0, 0x0}, &(0x7f0000000240)=0xc) fstat(r1, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r4 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vcs\x00', 0x101000, 0x0) r5 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000380)='IPVS\x00') sendmsg$IPVS_CMD_DEL_SERVICE(r4, &(0x7f0000000500)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x84000004}, 0xc, &(0x7f00000004c0)={&(0x7f00000003c0)={0xec, r5, 0x300, 0x70bd2b, 0x25dfdbff, {}, [@IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x7}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x2}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0xce25}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x400}, @IPVS_CMD_ATTR_DAEMON={0x64, 0x3, [@IPVS_DAEMON_ATTR_MCAST_TTL={0x8, 0x8, 0x4}, @IPVS_DAEMON_ATTR_MCAST_GROUP6={0x14, 0x6, @mcast2}, @IPVS_DAEMON_ATTR_MCAST_PORT={0x8, 0x7, 0x4e22}, @IPVS_DAEMON_ATTR_MCAST_GROUP={0x8, 0x5, @dev={0xac, 0x14, 0x14, 0xc}}, @IPVS_DAEMON_ATTR_MCAST_TTL={0x8, 0x8, 0x7a2b}, @IPVS_DAEMON_ATTR_SYNC_ID={0x8, 0x3, 0x4}, @IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'bridge_slave_1\x00'}, @IPVS_DAEMON_ATTR_MCAST_PORT={0x8, 0x7, 0x4e22}, @IPVS_DAEMON_ATTR_SYNC_MAXLEN={0x8, 0x4, 0x2}]}, @IPVS_CMD_ATTR_DAEMON={0x44, 0x3, [@IPVS_DAEMON_ATTR_MCAST_PORT={0x8, 0x7, 0x4e23}, @IPVS_DAEMON_ATTR_MCAST_GROUP={0x8, 0x5, @broadcast}, @IPVS_DAEMON_ATTR_SYNC_MAXLEN={0x8, 0x4, 0x400}, @IPVS_DAEMON_ATTR_SYNC_ID={0x8, 0x3, 0x4}, @IPVS_DAEMON_ATTR_STATE={0x8, 0x1, 0x1}, @IPVS_DAEMON_ATTR_MCAST_GROUP={0x8}, @IPVS_DAEMON_ATTR_MCAST_GROUP={0x8, 0x5, @loopback}, @IPVS_DAEMON_ATTR_MCAST_TTL={0x8, 0x8, 0x20}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x4729}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x7}]}, 0xec}, 0x1, 0x0, 0x0, 0x4000}, 0x41) lchown(&(0x7f0000000140)='./file0\x00', r2, r3) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={"76657400000000000000000400", 0x43732e5398416f1a}) 14:32:06 executing program 3: r0 = socket$inet6(0xa, 0x3, 0x6) r1 = syz_open_procfs(0x0, &(0x7f0000000040)='net/raw6\x00') sendfile(r0, r1, &(0x7f00000000c0)=0x14b, 0x0) 14:32:06 executing program 1: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f00000000c0)={'\x00', 0x400}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000200)={0x94, &(0x7f0000000140)}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000140)=@assoc_value, &(0x7f0000000180)=0x8) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={"76657400000000000000000400", 0x43732e5398416f1a}) 14:32:06 executing program 0: r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1, 0x0) write$P9_RLOCK(r1, &(0x7f00000000c0)={0x8}, 0x8) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000740)=ANY=[@ANYBLOB="000000012e000000060000000080"]) 14:32:06 executing program 3 (fault-call:2 fault-nth:0): r0 = socket$inet6(0xa, 0x3, 0x6) r1 = syz_open_procfs(0x0, &(0x7f0000000040)='net/raw6\x00') sendfile(r0, r1, &(0x7f00000000c0)=0x14b, 0x401) [ 968.038708] audit: type=1326 audit(1539268326.624:194): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=7664 comm="syz-executor5" exe="/root/syz-executor5" sig=9 arch=c000003e syscall=228 compat=0 ip=0x45a37a code=0x0 14:32:06 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={&(0x7f0000000000), 0xc, &(0x7f0000000540)={&(0x7f00000003c0)=@newlink={0x28, 0x10, 0x705, 0x7a00000000000000, 0x0, {}, [@IFLA_OPERSTATE={0x8}]}, 0x28}}, 0x0) [ 968.098301] FAULT_INJECTION: forcing a failure. [ 968.098301] name failslab, interval 1, probability 0, space 0, times 0 [ 968.111857] CPU: 0 PID: 7680 Comm: syz-executor3 Not tainted 4.19.0-rc7+ #57 [ 968.119066] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 968.119073] Call Trace: [ 968.119099] dump_stack+0x1c4/0x2b4 [ 968.119122] ? dump_stack_print_info.cold.2+0x52/0x52 [ 968.119153] should_fail.cold.4+0xa/0x17 [ 968.119175] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 968.119199] ? perf_trace_lock+0x14d/0x7a0 [ 968.119219] ? avc_has_perm+0x469/0x7e0 [ 968.119237] ? lock_downgrade+0x900/0x900 [ 968.119271] ? rcu_read_unlock_special.part.39+0x11f0/0x11f0 [ 968.134816] ? zap_class+0x640/0x640 [ 968.144055] ? fs_reclaim_acquire+0x20/0x20 [ 968.144078] ? lock_downgrade+0x900/0x900 [ 968.153409] ? ___might_sleep+0x1ed/0x300 [ 968.153430] ? arch_local_save_flags+0x40/0x40 [ 968.161538] ? refcount_inc_not_zero_checked+0x1e5/0x2f0 [ 968.161559] __should_failslab+0x124/0x180 [ 968.161575] should_failslab+0x9/0x14 [ 968.161596] kmem_cache_alloc_trace+0x2d7/0x750 [ 968.179540] alloc_pipe_info+0x16b/0x590 [ 968.179558] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 968.179577] ? pipe_read+0x940/0x940 [ 968.188299] ? inode_has_perm.isra.58+0x17a/0x210 [ 968.188320] ? file_has_perm+0x2c0/0x3d0 [ 968.188339] ? selinux_file_open+0x5c0/0x5c0 [ 968.188360] splice_direct_to_actor+0x6fc/0x8f0 [ 968.198025] ? pipe_to_sendpage+0x400/0x400 [ 968.198044] ? selinux_file_permission+0x90/0x540 [ 968.198061] ? do_splice_to+0x190/0x190 [ 968.198082] ? security_file_permission+0x1c2/0x230 [ 968.255712] ? rw_verify_area+0x118/0x360 [ 968.259850] do_splice_direct+0x2d4/0x420 [ 968.264007] ? splice_direct_to_actor+0x8f0/0x8f0 [ 968.268852] ? rw_verify_area+0x118/0x360 [ 968.272990] do_sendfile+0x62a/0xe20 [ 968.276696] ? do_compat_pwritev64+0x1c0/0x1c0 [ 968.281283] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 968.286824] ? _copy_from_user+0xdf/0x150 [ 968.290975] __x64_sys_sendfile64+0x15d/0x250 [ 968.295488] ? __ia32_sys_sendfile+0x2a0/0x2a0 [ 968.300077] do_syscall_64+0x1b9/0x820 [ 968.303966] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 968.309326] ? syscall_return_slowpath+0x5e0/0x5e0 [ 968.314245] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 968.319087] ? trace_hardirqs_on_caller+0x310/0x310 [ 968.324105] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 968.329106] ? prepare_exit_to_usermode+0x291/0x3b0 [ 968.334111] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 968.338979] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 968.344161] RIP: 0033:0x457519 [ 968.347341] Code: 1d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 968.366232] RSP: 002b:00007f64b1a02c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 968.373927] RAX: ffffffffffffffda RBX: 00007f64b1a02c90 RCX: 0000000000457519 [ 968.381189] RDX: 00000000200000c0 RSI: 0000000000000004 RDI: 0000000000000003 [ 968.388445] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 14:32:07 executing program 1: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f00000000c0)={'\x00', 0x400}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000200)={0x94, &(0x7f0000000140)}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000140)=@assoc_value, &(0x7f0000000180)=0x8) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={"76657400000000000000000400", 0x43732e5398416f1a}) [ 968.395708] R10: 0000000000000401 R11: 0000000000000246 R12: 00007f64b1a036d4 [ 968.402986] R13: 00000000004c3483 R14: 00000000004d5238 R15: 0000000000000005 14:32:07 executing program 3 (fault-call:2 fault-nth:1): r0 = socket$inet6(0xa, 0x3, 0x6) r1 = syz_open_procfs(0x0, &(0x7f0000000040)='net/raw6\x00') sendfile(r0, r1, &(0x7f00000000c0)=0x14b, 0x401) 14:32:07 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={&(0x7f0000000000), 0xc, &(0x7f0000000540)={&(0x7f00000003c0)=@newlink={0x28, 0x10, 0x705, 0x48000000, 0x0, {}, [@IFLA_OPERSTATE={0x8}]}, 0x28}}, 0x0) [ 968.514502] FAULT_INJECTION: forcing a failure. [ 968.514502] name failslab, interval 1, probability 0, space 0, times 0 [ 968.526406] CPU: 0 PID: 7701 Comm: syz-executor3 Not tainted 4.19.0-rc7+ #57 [ 968.533616] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 968.542991] Call Trace: [ 968.543021] dump_stack+0x1c4/0x2b4 [ 968.543046] ? dump_stack_print_info.cold.2+0x52/0x52 [ 968.549255] should_fail.cold.4+0xa/0x17 [ 968.549275] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 968.549293] ? save_stack+0xa9/0xd0 [ 968.549309] ? save_stack+0x43/0xd0 [ 968.558555] ? kasan_kmalloc+0xc7/0xe0 [ 968.558571] ? kmem_cache_alloc_trace+0x152/0x750 [ 968.558586] ? alloc_pipe_info+0x16b/0x590 [ 968.558601] ? splice_direct_to_actor+0x6fc/0x8f0 [ 968.558620] ? do_sendfile+0x62a/0xe20 [ 968.567334] ? __x64_sys_sendfile64+0x15d/0x250 [ 968.567350] ? do_syscall_64+0x1b9/0x820 [ 968.567369] ? avc_has_perm+0x469/0x7e0 [ 968.605268] ? lock_downgrade+0x900/0x900 [ 968.609421] ? rcu_read_unlock_special.part.39+0x11f0/0x11f0 [ 968.615221] ? zap_class+0x640/0x640 [ 968.618942] ? fs_reclaim_acquire+0x20/0x20 [ 968.623288] ? lock_downgrade+0x900/0x900 [ 968.627438] ? lock_downgrade+0x900/0x900 [ 968.631596] ? ___might_sleep+0x1ed/0x300 [ 968.635750] ? ___might_sleep+0x1ed/0x300 [ 968.639902] ? arch_local_save_flags+0x40/0x40 [ 968.644488] ? trace_hardirqs_on+0xbd/0x310 [ 968.648823] __should_failslab+0x124/0x180 [ 968.653095] should_failslab+0x9/0x14 [ 968.656917] __kmalloc+0x2d4/0x760 [ 968.660465] ? kmem_cache_alloc_trace+0x31f/0x750 [ 968.665316] ? alloc_pipe_info+0x29e/0x590 [ 968.669560] alloc_pipe_info+0x29e/0x590 [ 968.673711] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 968.679267] ? pipe_read+0x940/0x940 [ 968.682998] ? inode_has_perm.isra.58+0x17a/0x210 [ 968.687846] ? file_has_perm+0x2c0/0x3d0 [ 968.691923] ? selinux_file_open+0x5c0/0x5c0 [ 968.696351] splice_direct_to_actor+0x6fc/0x8f0 [ 968.701027] ? pipe_to_sendpage+0x400/0x400 [ 968.705351] ? selinux_file_permission+0x90/0x540 [ 968.710196] ? do_splice_to+0x190/0x190 [ 968.714176] ? security_file_permission+0x1c2/0x230 [ 968.719201] ? rw_verify_area+0x118/0x360 [ 968.723357] do_splice_direct+0x2d4/0x420 [ 968.727511] ? splice_direct_to_actor+0x8f0/0x8f0 [ 968.732361] ? rw_verify_area+0x118/0x360 [ 968.736520] do_sendfile+0x62a/0xe20 [ 968.740251] ? do_compat_pwritev64+0x1c0/0x1c0 [ 968.744845] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 968.750390] ? _copy_from_user+0xdf/0x150 [ 968.754548] __x64_sys_sendfile64+0x15d/0x250 [ 968.759049] ? __ia32_sys_sendfile+0x2a0/0x2a0 [ 968.763651] do_syscall_64+0x1b9/0x820 [ 968.767544] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 968.772937] ? syscall_return_slowpath+0x5e0/0x5e0 [ 968.777884] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 968.783972] ? trace_hardirqs_on_caller+0x310/0x310 [ 968.789003] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 968.794028] ? prepare_exit_to_usermode+0x291/0x3b0 [ 968.799055] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 968.803908] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 968.809102] RIP: 0033:0x457519 [ 968.812304] Code: 1d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 968.831211] RSP: 002b:00007f64b1a02c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 968.838930] RAX: ffffffffffffffda RBX: 00007f64b1a02c90 RCX: 0000000000457519 [ 968.846216] RDX: 00000000200000c0 RSI: 0000000000000004 RDI: 0000000000000003 [ 968.853488] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 14:32:07 executing program 5: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) prctl$seccomp(0x16, 0x1, &(0x7f0000000040)={0x6c00000000000000}) 14:32:07 executing program 0: r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1, 0x0) write$P9_RLOCK(r1, &(0x7f00000000c0)={0x8}, 0x8) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000740)=ANY=[@ANYBLOB="0000000063000000060000000080"]) 14:32:07 executing program 2: write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000180)={0x20, 0xffffffffffffffda}, 0x20) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000140)='/dev/zero\x00', 0x111000, 0x0) write$FUSE_WRITE(r1, &(0x7f0000000240)={0x18, 0xffffffffffffffda, 0x3, {0x7}}, 0x18) ioctl$KVM_S390_INTERRUPT_CPU(r1, 0x4010ae94, &(0x7f00000001c0)={0xed65, 0x3ff, 0x1}) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f00000000c0)={'\x00', 0x400}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000200)={0x94, &(0x7f0000000140)}) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000000)={"76657400000000000000000400", 0x43732e5398416f1a}) 14:32:07 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={&(0x7f0000000000), 0xc, &(0x7f0000000540)={&(0x7f00000003c0)=@newlink={0x28, 0x10, 0x705, 0xf0ffff, 0x0, {}, [@IFLA_OPERSTATE={0x8}]}, 0x28}}, 0x0) 14:32:07 executing program 3 (fault-call:2 fault-nth:2): r0 = socket$inet6(0xa, 0x3, 0x6) r1 = syz_open_procfs(0x0, &(0x7f0000000040)='net/raw6\x00') sendfile(r0, r1, &(0x7f00000000c0)=0x14b, 0x401) [ 968.860784] R10: 0000000000000401 R11: 0000000000000246 R12: 00007f64b1a036d4 [ 968.868050] R13: 00000000004c3483 R14: 00000000004d5238 R15: 0000000000000005 14:32:07 executing program 1: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f00000000c0)={'\x00', 0x400}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000200)={0x94, &(0x7f0000000140)}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000140)=@assoc_value, &(0x7f0000000180)=0x8) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={"76657400000000000000000400", 0x43732e5398416f1a}) 14:32:07 executing program 0: r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1, 0x0) write$P9_RLOCK(r1, &(0x7f00000000c0)={0x8}, 0x8) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000740)=ANY=[@ANYBLOB="00000001e1000000060000000080"]) [ 968.974947] audit: type=1326 audit(1539268327.554:195): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=7709 comm="syz-executor5" exe="/root/syz-executor5" sig=9 arch=c000003e syscall=228 compat=0 ip=0x45a37a code=0x0 [ 969.015048] FAULT_INJECTION: forcing a failure. [ 969.015048] name failslab, interval 1, probability 0, space 0, times 0 [ 969.041412] CPU: 1 PID: 7715 Comm: syz-executor3 Not tainted 4.19.0-rc7+ #57 [ 969.048654] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 969.048661] Call Trace: [ 969.048689] dump_stack+0x1c4/0x2b4 [ 969.048713] ? dump_stack_print_info.cold.2+0x52/0x52 [ 969.048743] should_fail.cold.4+0xa/0x17 [ 969.048767] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 969.069503] ? debug_smp_processor_id+0x1c/0x20 [ 969.069522] ? zap_class+0x640/0x640 [ 969.069541] ? mark_held_locks+0x130/0x130 [ 969.069554] ? mark_held_locks+0x130/0x130 [ 969.069577] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 969.069598] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 969.083413] ? zap_class+0x640/0x640 [ 969.083431] ? fs_reclaim_acquire+0x20/0x20 [ 969.083447] ? lock_downgrade+0x900/0x900 [ 969.083475] ? ___might_sleep+0x1ed/0x300 [ 969.095620] ? zap_class+0x640/0x640 [ 969.095641] ? arch_local_save_flags+0x40/0x40 [ 969.095656] ? mark_held_locks+0x130/0x130 [ 969.095682] __should_failslab+0x124/0x180 [ 969.106316] should_failslab+0x9/0x14 [ 969.106336] kmem_cache_alloc_node_trace+0x270/0x740 [ 969.106361] __kmalloc_node+0x33/0x70 [ 969.106382] kvmalloc_node+0x65/0xf0 [ 969.114407] iov_iter_get_pages_alloc+0x7d0/0x1530 [ 969.114431] ? rcu_read_unlock_special.part.39+0x11f0/0x11f0 [ 969.114451] ? iov_iter_revert+0xaa0/0xaa0 [ 969.114477] ? rcu_bh_qs+0xc0/0xc0 [ 969.174281] ? unwind_dump+0x190/0x190 [ 969.178186] ? is_bpf_text_address+0xd3/0x170 [ 969.182689] ? kernel_text_address+0x79/0xf0 [ 969.187100] ? __kernel_text_address+0xd/0x40 [ 969.191599] ? unwind_get_return_address+0x61/0xa0 [ 969.196539] ? __save_stack_trace+0x8d/0xf0 [ 969.200873] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 969.205899] ? iov_iter_pipe+0xbf/0x2f0 [ 969.209882] default_file_splice_read+0x1de/0xb20 [ 969.214730] ? alloc_pipe_info+0x29e/0x590 [ 969.218984] ? splice_direct_to_actor+0x6fc/0x8f0 [ 969.223830] ? do_splice_direct+0x2d4/0x420 [ 969.228159] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 969.233533] ? lock_downgrade+0x900/0x900 [ 969.237690] ? iter_file_splice_write+0x1050/0x1050 [ 969.242815] ? rcu_read_unlock_special.part.39+0x11f0/0x11f0 [ 969.248622] ? zap_class+0x640/0x640 [ 969.252343] ? fs_reclaim_acquire+0x20/0x20 [ 969.256673] ? lock_downgrade+0x900/0x900 [ 969.260841] ? __lockdep_init_map+0x105/0x590 [ 969.265367] ? __mutex_init+0x1f7/0x290 [ 969.269362] ? __ia32_sys_membarrier+0x150/0x150 [ 969.274133] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 969.279679] ? fsnotify+0xaae/0x12f0 [ 969.283402] ? arch_local_save_flags+0x40/0x40 [ 969.288005] ? fsnotify_first_mark+0x350/0x350 [ 969.292594] ? __might_sleep+0x95/0x190 [ 969.296574] ? fsnotify+0x12f0/0x12f0 [ 969.300381] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 969.305923] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 969.310966] ? security_file_permission+0x1c2/0x230 [ 969.315996] ? iter_file_splice_write+0x1050/0x1050 [ 969.321018] do_splice_to+0x12e/0x190 [ 969.324830] splice_direct_to_actor+0x270/0x8f0 [ 969.329513] ? pipe_to_sendpage+0x400/0x400 [ 969.333846] ? do_splice_to+0x190/0x190 [ 969.337823] ? security_file_permission+0x1c2/0x230 [ 969.342850] ? rw_verify_area+0x118/0x360 [ 969.347012] do_splice_direct+0x2d4/0x420 [ 969.351174] ? splice_direct_to_actor+0x8f0/0x8f0 [ 969.356028] ? rw_verify_area+0x118/0x360 [ 969.360187] do_sendfile+0x62a/0xe20 [ 969.363926] ? do_compat_pwritev64+0x1c0/0x1c0 [ 969.368528] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 969.374073] ? _copy_from_user+0xdf/0x150 [ 969.378232] __x64_sys_sendfile64+0x15d/0x250 [ 969.382733] ? __ia32_sys_sendfile+0x2a0/0x2a0 [ 969.387329] do_syscall_64+0x1b9/0x820 [ 969.391233] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 969.396605] ? syscall_return_slowpath+0x5e0/0x5e0 [ 969.401539] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 969.406387] ? trace_hardirqs_on_caller+0x310/0x310 [ 969.411411] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 969.416433] ? prepare_exit_to_usermode+0x291/0x3b0 [ 969.421459] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 969.426318] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 969.431505] RIP: 0033:0x457519 [ 969.434702] Code: 1d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 969.453614] RSP: 002b:00007f64b1a02c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 969.461328] RAX: ffffffffffffffda RBX: 00007f64b1a02c90 RCX: 0000000000457519 [ 969.468599] RDX: 00000000200000c0 RSI: 0000000000000004 RDI: 0000000000000003 14:32:07 executing program 2: write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000180)={0x20, 0xffffffffffffffda}, 0x20) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f00000000c0)={'\x00', 0x400}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000200)={0x94, &(0x7f0000000140)}) openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) 14:32:08 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={&(0x7f0000000000), 0xc, &(0x7f0000000540)={&(0x7f00000003c0)=@newlink={0x28, 0x10, 0x705, 0x4000, 0x0, {}, [@IFLA_OPERSTATE={0x8}]}, 0x28}}, 0x0) [ 969.475870] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 969.483425] R10: 0000000000000401 R11: 0000000000000246 R12: 00007f64b1a036d4 [ 969.490698] R13: 00000000004c3483 R14: 00000000004d5238 R15: 0000000000000005 14:32:08 executing program 0: r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1, 0x0) write$P9_RLOCK(r1, &(0x7f00000000c0)={0x8}, 0x8) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000740)=ANY=[@ANYBLOB="00000001a2000000060000000080"]) 14:32:08 executing program 1: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f00000000c0)={'\x00', 0x400}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000200)={0x94, &(0x7f0000000140)}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000140)=@assoc_value, &(0x7f0000000180)=0x8) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={"76657400000000000000000400", 0x43732e5398416f1a}) 14:32:08 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={&(0x7f0000000000), 0xc, &(0x7f0000000540)={&(0x7f00000003c0)=@newlink={0x28, 0x10, 0x705, 0x4, 0x0, {}, [@IFLA_OPERSTATE={0x8}]}, 0x28}}, 0x0) 14:32:08 executing program 5: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) prctl$seccomp(0x16, 0x1, &(0x7f0000000040)={0x4000000}) 14:32:08 executing program 0: r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1, 0x0) write$P9_RLOCK(r1, &(0x7f00000000c0)={0x8}, 0x8) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000740)=ANY=[@ANYBLOB="000000000a000000060000000080"]) 14:32:08 executing program 3 (fault-call:2 fault-nth:3): r0 = socket$inet6(0xa, 0x3, 0x6) r1 = syz_open_procfs(0x0, &(0x7f0000000040)='net/raw6\x00') sendfile(r0, r1, &(0x7f00000000c0)=0x14b, 0x401) 14:32:08 executing program 2: write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000180)={0x20, 0xffffffffffffffda}, 0x20) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f00000000c0)={'\x00', 0x400}) munlockall() r1 = syz_open_dev$dmmidi(&(0x7f0000000140)='/dev/dmmidi#\x00', 0x0, 0x2400) openat(r1, &(0x7f00000001c0)='./file0\x00', 0x80, 0x62) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000200)={0x94, &(0x7f0000000140)}) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) fsetxattr$trusted_overlay_opaque(r2, &(0x7f0000000240)='trusted.overlay.opaque\x00', &(0x7f0000000280)='y\x00', 0x2, 0x3) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000000)={"76657400000000000000000400", 0x43732e5398416f1a}) 14:32:08 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={&(0x7f0000000000), 0xc, &(0x7f0000000540)={&(0x7f00000003c0)=@newlink={0x28, 0x10, 0x705, 0x81000000, 0x0, {}, [@IFLA_OPERSTATE={0x8}]}, 0x28}}, 0x0) 14:32:08 executing program 1: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f00000000c0)={'\x00', 0x400}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000200)={0x94, &(0x7f0000000140)}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000140)=@assoc_value, &(0x7f0000000180)=0x8) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={"76657400000000000000000400", 0x43732e5398416f1a}) [ 969.785237] FAULT_INJECTION: forcing a failure. [ 969.785237] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 969.799601] validate_nla: 20 callbacks suppressed [ 969.799609] netlink: 'syz-executor4': attribute type 16 has an invalid length. [ 969.802103] audit: type=1326 audit(1539268328.384:196): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=7759 comm="syz-executor5" exe="/root/syz-executor5" sig=9 arch=c000003e syscall=228 compat=0 ip=0x45a37a code=0x0 [ 969.815778] netlink: 'syz-executor4': attribute type 16 has an invalid length. [ 969.840460] CPU: 0 PID: 7761 Comm: syz-executor3 Not tainted 4.19.0-rc7+ #57 [ 969.850501] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 969.859865] Call Trace: [ 969.862463] dump_stack+0x1c4/0x2b4 [ 969.866101] ? dump_stack_print_info.cold.2+0x52/0x52 [ 969.871299] ? perf_trace_lock+0x14d/0x7a0 [ 969.875551] should_fail.cold.4+0xa/0x17 [ 969.879631] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 969.879647] ? is_bpf_text_address+0xac/0x170 [ 969.879662] ? lock_downgrade+0x900/0x900 [ 969.879689] ? rcu_read_unlock_special.part.39+0x11f0/0x11f0 [ 969.889278] ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160 [ 969.889294] ? rcu_bh_qs+0xc0/0xc0 [ 969.889314] ? zap_class+0x640/0x640 [ 969.899235] ? fs_reclaim_acquire+0x20/0x20 [ 969.899252] ? lock_downgrade+0x900/0x900 [ 969.899273] ? ___might_sleep+0x1ed/0x300 [ 969.908066] ? lock_release+0x970/0x970 [ 969.908083] ? arch_local_save_flags+0x40/0x40 [ 969.908105] ? __might_sleep+0x95/0x190 [ 969.916117] __alloc_pages_nodemask+0x34b/0xde0 [ 969.924387] ? default_file_splice_read+0x1de/0xb20 [ 969.932915] ? do_splice_to+0x12e/0x190 [ 969.941518] ? splice_direct_to_actor+0x270/0x8f0 [ 969.941539] ? __alloc_pages_slowpath+0x2d80/0x2d80 [ 969.941557] ? fs_reclaim_acquire+0x20/0x20 [ 969.950522] ? lock_downgrade+0x900/0x900 [ 969.950549] ? ___might_sleep+0x1ed/0x300 [ 969.960383] ? zap_class+0x640/0x640 [ 969.968837] ? __kmalloc_node+0x33/0x70 [ 969.968853] ? kasan_unpoison_shadow+0x35/0x50 [ 969.968867] ? kasan_kmalloc+0xc7/0xe0 [ 969.968888] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 969.976731] alloc_pages_current+0x10c/0x210 [ 969.985268] push_pipe+0x3ff/0x7a0 [ 969.994666] ? __kmalloc_node+0x47/0x70 [ 970.002593] iov_iter_get_pages_alloc+0x85c/0x1530 [ 970.011472] ? iov_iter_revert+0xaa0/0xaa0 [ 970.011488] ? unwind_dump+0x190/0x190 [ 970.011515] ? is_bpf_text_address+0xd3/0x170 [ 970.019609] ? kernel_text_address+0x79/0xf0 [ 970.019625] ? __kernel_text_address+0xd/0x40 [ 970.019645] ? unwind_get_return_address+0x61/0xa0 [ 970.028533] ? __save_stack_trace+0x8d/0xf0 [ 970.028559] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 970.037968] ? iov_iter_pipe+0xbf/0x2f0 [ 970.037990] default_file_splice_read+0x1de/0xb20 [ 970.047305] ? alloc_pipe_info+0x29e/0x590 [ 970.056105] ? splice_direct_to_actor+0x6fc/0x8f0 [ 970.065167] ? do_splice_direct+0x2d4/0x420 [ 970.069494] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 970.074849] ? lock_downgrade+0x900/0x900 [ 970.078990] ? iter_file_splice_write+0x1050/0x1050 [ 970.084112] ? rcu_read_unlock_special.part.39+0x11f0/0x11f0 [ 970.089900] ? zap_class+0x640/0x640 [ 970.093604] ? fs_reclaim_acquire+0x20/0x20 [ 970.097915] ? lock_downgrade+0x900/0x900 [ 970.102049] ? __lockdep_init_map+0x105/0x590 [ 970.106574] ? __mutex_init+0x1f7/0x290 [ 970.110538] ? __ia32_sys_membarrier+0x150/0x150 [ 970.115308] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 970.120838] ? fsnotify+0xaae/0x12f0 [ 970.124541] ? arch_local_save_flags+0x40/0x40 [ 970.129113] ? fsnotify_first_mark+0x350/0x350 [ 970.133682] ? __might_sleep+0x95/0x190 [ 970.137639] ? fsnotify+0x12f0/0x12f0 [ 970.141425] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 970.146957] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 970.151985] ? security_file_permission+0x1c2/0x230 [ 970.157003] ? iter_file_splice_write+0x1050/0x1050 [ 970.162024] do_splice_to+0x12e/0x190 [ 970.165811] splice_direct_to_actor+0x270/0x8f0 [ 970.170465] ? pipe_to_sendpage+0x400/0x400 [ 970.174777] ? do_splice_to+0x190/0x190 [ 970.178742] ? security_file_permission+0x1c2/0x230 [ 970.183753] ? rw_verify_area+0x118/0x360 [ 970.187894] do_splice_direct+0x2d4/0x420 [ 970.192038] ? splice_direct_to_actor+0x8f0/0x8f0 [ 970.196898] ? rw_verify_area+0x118/0x360 [ 970.201046] do_sendfile+0x62a/0xe20 [ 970.204763] ? do_compat_pwritev64+0x1c0/0x1c0 [ 970.209341] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 970.214867] ? _copy_from_user+0xdf/0x150 [ 970.219002] __x64_sys_sendfile64+0x15d/0x250 [ 970.223484] ? __ia32_sys_sendfile+0x2a0/0x2a0 [ 970.228060] do_syscall_64+0x1b9/0x820 [ 970.231948] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 970.237324] ? syscall_return_slowpath+0x5e0/0x5e0 [ 970.242261] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 970.247093] ? trace_hardirqs_on_caller+0x310/0x310 [ 970.252097] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 970.257108] ? prepare_exit_to_usermode+0x291/0x3b0 [ 970.262131] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 970.266979] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 970.272156] RIP: 0033:0x457519 [ 970.275335] Code: 1d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 970.294251] RSP: 002b:00007f64b1a02c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 970.301972] RAX: ffffffffffffffda RBX: 00007f64b1a02c90 RCX: 0000000000457519 [ 970.309248] RDX: 00000000200000c0 RSI: 0000000000000004 RDI: 0000000000000003 [ 970.316502] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 970.323754] R10: 0000000000000401 R11: 0000000000000246 R12: 00007f64b1a036d4 14:32:08 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={&(0x7f0000000000), 0xc, &(0x7f0000000540)={&(0x7f00000003c0)=@newlink={0x28, 0x10, 0x705, 0x3f000000, 0x0, {}, [@IFLA_OPERSTATE={0x8}]}, 0x28}}, 0x0) 14:32:08 executing program 0: r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1, 0x0) write$P9_RLOCK(r1, &(0x7f00000000c0)={0x8}, 0x8) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000740)=ANY=[@ANYBLOB="009e000000000000060000000080"]) [ 970.331009] R13: 00000000004c3483 R14: 00000000004d5238 R15: 0000000000000005 14:32:08 executing program 3 (fault-call:2 fault-nth:4): r0 = socket$inet6(0xa, 0x3, 0x6) r1 = syz_open_procfs(0x0, &(0x7f0000000040)='net/raw6\x00') sendfile(r0, r1, &(0x7f00000000c0)=0x14b, 0x401) 14:32:09 executing program 0: r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1, 0x0) write$P9_RLOCK(r1, &(0x7f00000000c0)={0x8}, 0x8) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000740)=ANY=[@ANYBLOB="0000000164000000060000000080"]) [ 970.374071] netlink: 'syz-executor4': attribute type 16 has an invalid length. [ 970.385231] netlink: 'syz-executor4': attribute type 16 has an invalid length. 14:32:09 executing program 1: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f00000000c0)={'\x00', 0x400}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000200)={0x94, &(0x7f0000000140)}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000140)=@assoc_value, &(0x7f0000000180)=0x8) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={"76657400000000000000000400", 0x43732e5398416f1a}) [ 970.432799] FAULT_INJECTION: forcing a failure. [ 970.432799] name failslab, interval 1, probability 0, space 0, times 0 [ 970.449349] CPU: 0 PID: 7788 Comm: syz-executor3 Not tainted 4.19.0-rc7+ #57 [ 970.456563] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 970.465923] Call Trace: [ 970.468545] dump_stack+0x1c4/0x2b4 [ 970.472188] ? dump_stack_print_info.cold.2+0x52/0x52 [ 970.477399] should_fail.cold.4+0xa/0x17 [ 970.481479] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 970.486603] ? __mutex_lock+0x85e/0x1700 [ 970.486623] ? seq_read+0x71/0x1150 [ 970.494304] ? mutex_trylock+0x2b0/0x2b0 [ 970.494326] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 970.503463] ? is_bpf_text_address+0xac/0x170 [ 970.503488] ? zap_class+0x640/0x640 [ 970.511688] ? fs_reclaim_acquire+0x20/0x20 [ 970.511709] ? lock_downgrade+0x900/0x900 [ 970.520155] ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160 [ 970.520175] ? ___might_sleep+0x1ed/0x300 [ 970.520195] ? arch_local_save_flags+0x40/0x40 [ 970.529604] __should_failslab+0x124/0x180 [ 970.529621] should_failslab+0x9/0x14 [ 970.529639] kmem_cache_alloc_node_trace+0x270/0x740 [ 970.529659] ? arch_local_save_flags+0x40/0x40 [ 970.538463] __kmalloc_node+0x33/0x70 [ 970.538483] kvmalloc_node+0x65/0xf0 [ 970.538499] traverse+0x430/0x7b0 [ 970.538520] seq_read+0xc76/0x1150 [ 970.547400] ? arch_local_save_flags+0x40/0x40 [ 970.547426] ? fsnotify_first_mark+0x350/0x350 [ 970.555787] ? seq_dentry+0x2e0/0x2e0 [ 970.555807] proc_reg_read+0x2a3/0x3d0 [ 970.555827] ? proc_reg_unlocked_ioctl+0x3c0/0x3c0 [ 970.562990] ? security_file_permission+0x1c2/0x230 [ 970.563011] ? rw_verify_area+0x118/0x360 [ 970.571116] do_iter_read+0x4a3/0x650 [ 970.571164] vfs_readv+0x175/0x1c0 [ 970.571190] ? compat_rw_copy_check_uvector+0x440/0x440 [ 970.579559] ? kernel_text_address+0x79/0xf0 [ 970.579574] ? __kernel_text_address+0xd/0x40 [ 970.579599] ? __save_stack_trace+0x8d/0xf0 [ 970.623310] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 970.628344] ? iov_iter_pipe+0xbf/0x2f0 [ 970.632322] default_file_splice_read+0x53c/0xb20 [ 970.637155] ? alloc_pipe_info+0x29e/0x590 [ 970.641385] ? splice_direct_to_actor+0x6fc/0x8f0 [ 970.646253] ? do_splice_direct+0x2d4/0x420 [ 970.650570] ? iter_file_splice_write+0x1050/0x1050 [ 970.655577] ? rcu_read_unlock_special.part.39+0x11f0/0x11f0 [ 970.661363] ? zap_class+0x640/0x640 [ 970.665064] ? fs_reclaim_acquire+0x20/0x20 [ 970.669373] ? __lockdep_init_map+0x105/0x590 [ 970.673858] ? __mutex_init+0x1f7/0x290 [ 970.677833] ? __ia32_sys_membarrier+0x150/0x150 [ 970.682582] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 970.688105] ? fsnotify+0xaae/0x12f0 [ 970.691807] ? arch_local_save_flags+0x40/0x40 [ 970.696405] ? fsnotify_first_mark+0x350/0x350 [ 970.700990] ? __might_sleep+0x95/0x190 [ 970.704958] ? fsnotify+0x12f0/0x12f0 [ 970.708755] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 970.714280] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 970.719287] ? security_file_permission+0x1c2/0x230 [ 970.724291] ? iter_file_splice_write+0x1050/0x1050 [ 970.729343] do_splice_to+0x12e/0x190 [ 970.733136] splice_direct_to_actor+0x270/0x8f0 [ 970.737802] ? pipe_to_sendpage+0x400/0x400 [ 970.742115] ? do_splice_to+0x190/0x190 [ 970.746079] ? security_file_permission+0x1c2/0x230 [ 970.751092] ? rw_verify_area+0x118/0x360 [ 970.755231] do_splice_direct+0x2d4/0x420 [ 970.759380] ? splice_direct_to_actor+0x8f0/0x8f0 [ 970.764241] ? rw_verify_area+0x118/0x360 [ 970.768380] do_sendfile+0x62a/0xe20 [ 970.772089] ? do_compat_pwritev64+0x1c0/0x1c0 [ 970.776663] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 970.782189] ? _copy_from_user+0xdf/0x150 [ 970.786349] __x64_sys_sendfile64+0x15d/0x250 [ 970.790833] ? __ia32_sys_sendfile+0x2a0/0x2a0 [ 970.795410] do_syscall_64+0x1b9/0x820 [ 970.799287] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 970.804641] ? syscall_return_slowpath+0x5e0/0x5e0 [ 970.809558] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 970.814391] ? trace_hardirqs_on_caller+0x310/0x310 [ 970.819396] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 970.824401] ? prepare_exit_to_usermode+0x291/0x3b0 [ 970.829406] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 970.834257] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 970.839464] RIP: 0033:0x457519 [ 970.842648] Code: 1d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 970.861563] RSP: 002b:00007f64b1a02c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 970.869272] RAX: ffffffffffffffda RBX: 00007f64b1a02c90 RCX: 0000000000457519 [ 970.876530] RDX: 00000000200000c0 RSI: 0000000000000004 RDI: 0000000000000003 14:32:09 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={&(0x7f0000000000), 0xc, &(0x7f0000000540)={&(0x7f00000003c0)=@newlink={0x28, 0x10, 0x705, 0x400300, 0x0, {}, [@IFLA_OPERSTATE={0x8}]}, 0x28}}, 0x0) 14:32:09 executing program 5: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) prctl$seccomp(0x16, 0x1, &(0x7f0000000040)={0x1000000}) 14:32:09 executing program 2: write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000180)={0x20, 0xffffffffffffffda}, 0x20) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) socket$alg(0x26, 0x5, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f00000000c0)={'\x00', 0x400}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000200)={0x94, &(0x7f0000000140)}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={"76657400000000000000000400", 0x43732e5398416f1a}) [ 970.883789] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 970.891052] R10: 0000000000000401 R11: 0000000000000246 R12: 00007f64b1a036d4 [ 970.898310] R13: 00000000004c3483 R14: 00000000004d5238 R15: 0000000000000005 14:32:09 executing program 0: r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1, 0x0) write$P9_RLOCK(r1, &(0x7f00000000c0)={0x8}, 0x8) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000740)=ANY=[@ANYBLOB="000000007f000000060000000080"]) 14:32:09 executing program 3 (fault-call:2 fault-nth:5): r0 = socket$inet6(0xa, 0x3, 0x6) r1 = syz_open_procfs(0x0, &(0x7f0000000040)='net/raw6\x00') sendfile(r0, r1, &(0x7f00000000c0)=0x14b, 0x401) 14:32:09 executing program 1: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f00000000c0)={'\x00', 0x400}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000200)={0x94, &(0x7f0000000140)}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000140)=@assoc_value, &(0x7f0000000180)=0x8) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={"76657400000000000000000400", 0x43732e5398416f1a}) [ 970.981493] audit: type=1326 audit(1539268329.564:197): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=7802 comm="syz-executor5" exe="/root/syz-executor5" sig=9 arch=c000003e syscall=228 compat=0 ip=0x45a37a code=0x0 [ 971.009771] netlink: 'syz-executor4': attribute type 16 has an invalid length. [ 971.020203] netlink: 'syz-executor4': attribute type 16 has an invalid length. [ 971.071678] FAULT_INJECTION: forcing a failure. [ 971.071678] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 971.083541] CPU: 1 PID: 7814 Comm: syz-executor3 Not tainted 4.19.0-rc7+ #57 [ 971.090740] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 971.099004] netlink: 'syz-executor4': attribute type 16 has an invalid length. [ 971.100106] Call Trace: [ 971.100136] dump_stack+0x1c4/0x2b4 [ 971.100159] ? dump_stack_print_info.cold.2+0x52/0x52 14:32:09 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={&(0x7f0000000000), 0xc, &(0x7f0000000540)={&(0x7f00000003c0)=@newlink={0x28, 0x10, 0x705, 0x0, 0x60, {}, [@IFLA_OPERSTATE={0x8}]}, 0x28}}, 0x0) 14:32:09 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={&(0x7f0000000000), 0xc, &(0x7f0000000540)={&(0x7f00000003c0)=@newlink={0x28, 0x10, 0x705, 0x0, 0xf00000000000000, {}, [@IFLA_OPERSTATE={0x8}]}, 0x28}}, 0x0) [ 971.100188] should_fail.cold.4+0xa/0x17 [ 971.110626] netlink: 'syz-executor4': attribute type 16 has an invalid length. [ 971.113779] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 971.113800] ? rcu_read_unlock_special.part.39+0x11f0/0x11f0 [ 971.113821] ? mark_held_locks+0x130/0x130 [ 971.145563] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 971.151122] ? check_preemption_disabled+0x48/0x200 [ 971.156161] ? mark_held_locks+0x130/0x130 [ 971.160417] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 14:32:09 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={&(0x7f0000000000), 0xc, &(0x7f0000000540)={&(0x7f00000003c0)=@newlink={0x28, 0x10, 0x705, 0x0, 0x9effffff00000000, {}, [@IFLA_OPERSTATE={0x8}]}, 0x28}}, 0x0) [ 971.161406] netlink: 'syz-executor4': attribute type 16 has an invalid length. [ 971.165983] ? check_preemption_disabled+0x48/0x200 [ 971.166007] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 971.166024] ? check_preemption_disabled+0x48/0x200 [ 971.166039] ? lock_acquire+0x1ed/0x520 [ 971.166062] ? debug_smp_processor_id+0x1c/0x20 [ 971.177089] netlink: 'syz-executor4': attribute type 16 has an invalid length. [ 971.178452] ? perf_trace_lock+0x14d/0x7a0 [ 971.178486] ? lock_release+0x970/0x970 [ 971.178503] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 971.178519] ? should_fail+0x22d/0xd01 [ 971.178538] ? zap_class+0x640/0x640 [ 971.213260] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 971.222780] __alloc_pages_nodemask+0x34b/0xde0 [ 971.231591] ? __mutex_lock+0x85e/0x1700 [ 971.231612] ? __alloc_pages_slowpath+0x2d80/0x2d80 [ 971.231629] ? mutex_trylock+0x2b0/0x2b0 [ 971.231646] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 971.231662] ? is_bpf_text_address+0xac/0x170 [ 971.231683] ? fs_reclaim_acquire+0x20/0x20 [ 971.231702] ? lock_downgrade+0x900/0x900 [ 971.240421] ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160 [ 971.240441] ? ___might_sleep+0x1ed/0x300 [ 971.240460] ? trace_hardirqs_off+0xb8/0x310 [ 971.240488] cache_grow_begin+0x91/0x8c0 [ 971.240505] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 971.240527] ? check_preemption_disabled+0x48/0x200 [ 971.249604] kmem_cache_alloc_node_trace+0x670/0x740 [ 971.249622] ? arch_local_save_flags+0x40/0x40 [ 971.249646] __kmalloc_node+0x33/0x70 [ 971.249664] kvmalloc_node+0x65/0xf0 [ 971.249679] traverse+0x430/0x7b0 [ 971.249699] seq_read+0xc76/0x1150 [ 971.249714] ? arch_local_save_flags+0x40/0x40 [ 971.249734] ? fsnotify_first_mark+0x350/0x350 [ 971.249745] ? seq_dentry+0x2e0/0x2e0 [ 971.249762] proc_reg_read+0x2a3/0x3d0 [ 971.249780] ? proc_reg_unlocked_ioctl+0x3c0/0x3c0 [ 971.249800] ? security_file_permission+0x1c2/0x230 [ 971.249818] ? rw_verify_area+0x118/0x360 [ 971.249835] do_iter_read+0x4a3/0x650 [ 971.249856] vfs_readv+0x175/0x1c0 [ 971.249874] ? compat_rw_copy_check_uvector+0x440/0x440 [ 971.249897] ? kernel_text_address+0x79/0xf0 [ 971.259512] ? __kernel_text_address+0xd/0x40 [ 971.259533] ? __save_stack_trace+0x8d/0xf0 [ 971.259555] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 971.268021] ? iov_iter_pipe+0xbf/0x2f0 [ 971.268043] default_file_splice_read+0x53c/0xb20 [ 971.268059] ? alloc_pipe_info+0x29e/0x590 [ 971.268071] ? splice_direct_to_actor+0x6fc/0x8f0 [ 971.268082] ? do_splice_direct+0x2d4/0x420 [ 971.268104] ? iter_file_splice_write+0x1050/0x1050 [ 971.268133] ? rcu_read_unlock_special.part.39+0x11f0/0x11f0 [ 971.277535] ? zap_class+0x640/0x640 14:32:10 executing program 3 (fault-call:2 fault-nth:6): r0 = socket$inet6(0xa, 0x3, 0x6) r1 = syz_open_procfs(0x0, &(0x7f0000000040)='net/raw6\x00') sendfile(r0, r1, &(0x7f00000000c0)=0x14b, 0x401) 14:32:10 executing program 0: r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1, 0x0) write$P9_RLOCK(r1, &(0x7f00000000c0)={0x8}, 0x8) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000740)=ANY=[@ANYBLOB="0002080000000000060000000080"]) [ 971.277554] ? fs_reclaim_acquire+0x20/0x20 [ 971.277570] ? __lockdep_init_map+0x105/0x590 [ 971.277590] ? __mutex_init+0x1f7/0x290 [ 971.286061] ? __ia32_sys_membarrier+0x150/0x150 [ 971.286080] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 971.286097] ? fsnotify+0xaae/0x12f0 [ 971.286118] ? arch_local_save_flags+0x40/0x40 [ 971.296670] ? fsnotify_first_mark+0x350/0x350 [ 971.296687] ? __might_sleep+0x95/0x190 [ 971.296706] ? fsnotify+0x12f0/0x12f0 [ 971.306384] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 971.306403] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 971.306432] ? security_file_permission+0x1c2/0x230 [ 971.313966] ? iter_file_splice_write+0x1050/0x1050 [ 971.313984] do_splice_to+0x12e/0x190 [ 971.314003] splice_direct_to_actor+0x270/0x8f0 [ 971.314021] ? pipe_to_sendpage+0x400/0x400 [ 971.321009] ? do_splice_to+0x190/0x190 [ 971.330153] ? security_file_permission+0x1c2/0x230 [ 971.330172] ? rw_verify_area+0x118/0x360 [ 971.330189] do_splice_direct+0x2d4/0x420 [ 971.330206] ? splice_direct_to_actor+0x8f0/0x8f0 14:32:10 executing program 3: r0 = socket$inet6(0xa, 0x3, 0x6) r1 = syz_open_procfs(0x0, &(0x7f0000000040)='net/raw6\x00') sendfile(r0, r1, &(0x7f00000000c0)=0x14b, 0x401) [ 971.330229] ? rw_verify_area+0x118/0x360 [ 971.337906] do_sendfile+0x62a/0xe20 [ 971.337931] ? do_compat_pwritev64+0x1c0/0x1c0 [ 971.337965] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 971.337983] ? _copy_from_user+0xdf/0x150 [ 971.338002] __x64_sys_sendfile64+0x15d/0x250 [ 971.347932] ? __ia32_sys_sendfile+0x2a0/0x2a0 [ 971.347966] do_syscall_64+0x1b9/0x820 [ 971.347982] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 971.347999] ? syscall_return_slowpath+0x5e0/0x5e0 [ 971.348018] ? trace_hardirqs_off_thunk+0x1a/0x1c 14:32:10 executing program 0: r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1, 0x0) write$P9_RLOCK(r1, &(0x7f00000000c0)={0x8}, 0x8) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000740)=ANY=[@ANYBLOB="0001290000000000060000000080"]) [ 971.364852] ? trace_hardirqs_on_caller+0x310/0x310 [ 971.364870] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 971.364890] ? prepare_exit_to_usermode+0x291/0x3b0 [ 971.373790] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 971.373813] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 971.373830] RIP: 0033:0x457519 [ 971.383151] Code: 1d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 971.383161] RSP: 002b:00007f64b1a02c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 971.383177] RAX: ffffffffffffffda RBX: 00007f64b1a02c90 RCX: 0000000000457519 [ 971.383185] RDX: 00000000200000c0 RSI: 0000000000000004 RDI: 0000000000000003 [ 971.383200] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 971.391996] R10: 0000000000000401 R11: 0000000000000246 R12: 00007f64b1a036d4 [ 971.392005] R13: 00000000004c3483 R14: 00000000004d5238 R15: 0000000000000005 14:32:10 executing program 5: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) prctl$seccomp(0x16, 0x1, &(0x7f0000000040)={0x48000000}) 14:32:10 executing program 3: r0 = socket$inet6(0xa, 0x3, 0x6) r1 = syz_open_procfs(0x0, &(0x7f0000000040)='net/raw6\x00') sendfile(r0, r1, &(0x7f00000000c0)=0x169, 0x401) 14:32:10 executing program 0: r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1, 0x0) write$P9_RLOCK(r1, &(0x7f00000000c0)={0x8}, 0x8) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000740)=ANY=[@ANYBLOB="0001370000000000060000000080"]) 14:32:10 executing program 2: shmget$private(0x0, 0x4000, 0x80, &(0x7f0000ffa000/0x4000)=nil) write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000180)={0x20, 0xffffffffffffffda}, 0x20) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) r1 = syz_open_dev$midi(&(0x7f0000000140)='/dev/midi#\x00', 0xfffffffffffffffd, 0x40) ioctl$SG_NEXT_CMD_LEN(r1, 0x2283, &(0x7f00000001c0)=0xd2) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f00000000c0)={'\x00', 0x400}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000200)={0x94, &(0x7f0000000140)}) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000000)={"76657400000000000000000400", 0x43732e5398416f1a}) 14:32:10 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={&(0x7f0000000000), 0xc, &(0x7f0000000540)={&(0x7f00000003c0)=@newlink={0x28, 0x10, 0x705, 0x0, 0x3000000, {}, [@IFLA_OPERSTATE={0x8}]}, 0x28}}, 0x0) 14:32:10 executing program 1: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f00000000c0)={'\x00', 0x400}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000200)={0x94, &(0x7f0000000140)}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000140)=@assoc_value, &(0x7f0000000180)=0x8) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={"76657400000000000000000400", 0x43732e5398416f1a}) 14:32:10 executing program 3: r0 = socket$inet6(0xa, 0x3, 0x6) r1 = syz_open_procfs(0x0, &(0x7f0000000040)='net/raw6\x00') sendfile(r0, r1, &(0x7f00000000c0)=0x172, 0x401) [ 971.819350] audit: type=1326 audit(1539268330.404:198): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=7854 comm="syz-executor5" exe="/root/syz-executor5" sig=9 arch=c000003e syscall=228 compat=0 ip=0x45a37a code=0x0 14:32:10 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={&(0x7f0000000000), 0xc, &(0x7f0000000540)={&(0x7f00000003c0)=@newlink={0x28, 0x10, 0x705, 0x0, 0x1736, {}, [@IFLA_OPERSTATE={0x8}]}, 0x28}}, 0x0) 14:32:10 executing program 0: r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1, 0x0) write$P9_RLOCK(r1, &(0x7f00000000c0)={0x8}, 0x8) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000740)=ANY=[@ANYBLOB="005f000000000000060000000080"]) 14:32:10 executing program 1: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f00000000c0)={'\x00', 0x400}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000200)={0x94, &(0x7f0000000140)}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000140)=@assoc_value, &(0x7f0000000180)=0x8) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={"76657400000000000000000400", 0x43732e5398416f1a}) 14:32:10 executing program 3: r0 = socket$inet6(0xa, 0x3, 0x6) r1 = syz_open_procfs(0x0, &(0x7f0000000040)='net/raw6\x00') sendfile(r0, r1, &(0x7f00000000c0)=0x14f, 0x401) 14:32:10 executing program 2: write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000180)={0x20, 0xffffffffffffffda}, 0x20) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f00000000c0)={'\x00', 0x400}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000200)={0xe, &(0x7f0000000140)}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x6, 0x2000) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={"76657400000000000000000400", 0x43732e5398416f1a}) 14:32:11 executing program 5: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) prctl$seccomp(0x16, 0x1, &(0x7f0000000040)={0x500}) 14:32:11 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={&(0x7f0000000000), 0xc, &(0x7f0000000540)={&(0x7f00000003c0)=@newlink={0x28, 0x10, 0x705, 0x0, 0x4c, {}, [@IFLA_OPERSTATE={0x8}]}, 0x28}}, 0x0) 14:32:11 executing program 0: r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1, 0x0) write$P9_RLOCK(r1, &(0x7f00000000c0)={0x8}, 0x8) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000740)=ANY=[@ANYBLOB="0000000170000000060000000080"]) 14:32:11 executing program 3: r0 = socket$inet6(0xa, 0x3, 0x6) r1 = syz_open_procfs(0x0, &(0x7f0000000040)='net/raw6\x00') sendfile(r0, r1, &(0x7f00000000c0)=0x168, 0x401) 14:32:11 executing program 1: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f00000000c0)={'\x00', 0x400}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000200)={0x94, &(0x7f0000000140)}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000140)=@assoc_value, &(0x7f0000000180)=0x8) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={"76657400000000000000000400", 0x43732e5398416f1a}) 14:32:11 executing program 2: r0 = accept4$bt_l2cap(0xffffffffffffffff, &(0x7f0000000140), &(0x7f0000000240)=0xe, 0x80000) getsockopt$bt_BT_RCVMTU(r0, 0x112, 0xd, &(0x7f0000000280)=0xffffffffffff81e7, &(0x7f00000002c0)=0x2) write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000180)={0x20, 0xffffffffffffffda}, 0x20) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) ioctl$TUNSETQUEUE(r1, 0x400454d9, &(0x7f00000000c0)={'\x00', 0x400}) ioctl$TUNATTACHFILTER(r1, 0x401054d5, &(0x7f0000000200)={0x7, &(0x7f00000001c0)=[{0x1, 0x0, 0x4, 0x2}, {0x8, 0x9, 0x2, 0x6}, {0x1, 0x0, 0x3f, 0x6}, {0xffffffffffffff9e, 0x4, 0x40000000000000, 0x400}, {0x3ff, 0x0, 0x20, 0x9}, {0x1, 0xff, 0x0, 0x3d1}, {0x9, 0x0, 0x6}]}) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000000)={"76650500", 0x8801}) 14:32:11 executing program 3: r0 = socket$inet6(0xa, 0x3, 0x6) r1 = syz_open_procfs(0x0, &(0x7f0000000040)='net/raw6\x00') sendfile(r0, r1, &(0x7f00000000c0)=0xa3, 0x401) [ 972.653813] audit: type=1326 audit(1539268331.234:199): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=7898 comm="syz-executor5" exe="/root/syz-executor5" sig=9 arch=c000003e syscall=228 compat=0 ip=0x45a37a code=0x0 14:32:11 executing program 0: r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1, 0x0) write$P9_RLOCK(r1, &(0x7f00000000c0)={0x8}, 0x8) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000740)=ANY=[@ANYBLOB="00000000cf000000060000000080"]) 14:32:11 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={&(0x7f0000000000), 0xc, &(0x7f0000000540)={&(0x7f00000003c0)=@newlink={0x28, 0x10, 0x705, 0x0, 0x2, {}, [@IFLA_OPERSTATE={0x8}]}, 0x28}}, 0x0) 14:32:11 executing program 0: r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1, 0x0) write$P9_RLOCK(r1, &(0x7f00000000c0)={0x8}, 0x8) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000740)=ANY=[@ANYBLOB="00000000bf000000060000000080"]) 14:32:11 executing program 3: r0 = socket$inet6(0xa, 0x3, 0x6) r1 = syz_open_procfs(0x0, &(0x7f0000000040)='net/raw6\x00') sendfile(r0, r1, &(0x7f00000000c0)=0x167, 0x401) 14:32:11 executing program 1: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f00000000c0)={'\x00', 0x400}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000200)={0x94, &(0x7f0000000140)}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000140)=@assoc_value, &(0x7f0000000180)=0x8) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={"76657400000000000000000400", 0x43732e5398416f1a}) 14:32:12 executing program 5: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) prctl$seccomp(0x16, 0x1, &(0x7f0000000040)={0x2}) 14:32:12 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={&(0x7f0000000000), 0xc, &(0x7f0000000540)={&(0x7f00000003c0)=@newlink={0x28, 0x10, 0x705, 0x0, 0xfffffff0, {}, [@IFLA_OPERSTATE={0x8}]}, 0x28}}, 0x0) 14:32:12 executing program 2: write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000180)={0x20, 0xffffffffffffffda}, 0x20) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f00000000c0)={'\x00', 0x400}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000200)={0x94, &(0x7f0000000140)}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) ioctl$FITRIM(r0, 0xc0185879, &(0x7f0000000140)={0x4, 0x3, 0x18}) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={"76657400000000000000000400", 0x43732e5398416f1a}) 14:32:12 executing program 0: r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1, 0x0) write$P9_RLOCK(r1, &(0x7f00000000c0)={0x8}, 0x8) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000740)=ANY=[@ANYBLOB="0001470000000000060000000080"]) 14:32:12 executing program 3: r0 = socket$inet6(0xa, 0x3, 0x6) r1 = syz_open_procfs(0x0, &(0x7f0000000040)='net/raw6\x00') sendfile(r0, r1, &(0x7f00000000c0)=0x145, 0x401) 14:32:12 executing program 1: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f00000000c0)={'\x00', 0x400}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000200)={0x94, &(0x7f0000000140)}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000140)=@assoc_value, &(0x7f0000000180)=0x8) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={"76657400000000000000000400", 0x43732e5398416f1a}) 14:32:12 executing program 3: r0 = socket$inet6(0xa, 0x3, 0x6) r1 = syz_open_procfs(0x0, &(0x7f0000000040)='net/raw6\x00') sendfile(r0, r1, &(0x7f00000000c0)=0x14d, 0x401) [ 973.491568] audit: type=1326 audit(1539268332.074:200): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=7942 comm="syz-executor5" exe="/root/syz-executor5" sig=9 arch=c000003e syscall=228 compat=0 ip=0x45a37a code=0x0 14:32:12 executing program 0: r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1, 0x0) write$P9_RLOCK(r1, &(0x7f00000000c0)={0x8}, 0x8) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000740)=ANY=[@ANYBLOB="0000ab0000000000060000000080"]) 14:32:12 executing program 3: r0 = socket$inet6(0xa, 0x3, 0x6) r1 = syz_open_procfs(0x0, &(0x7f0000000040)='net/raw6\x00') sendfile(r0, r1, &(0x7f00000000c0)=0x162, 0x401) 14:32:12 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={&(0x7f0000000000), 0xc, &(0x7f0000000540)={&(0x7f00000003c0)=@newlink={0x28, 0x10, 0x705, 0x0, 0xf000000, {}, [@IFLA_OPERSTATE={0x8}]}, 0x28}}, 0x0) 14:32:12 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={&(0x7f0000000000), 0xc, &(0x7f0000000540)={&(0x7f00000003c0)=@newlink={0x28, 0x10, 0x705, 0x0, 0x81000000, {}, [@IFLA_OPERSTATE={0x8}]}, 0x28}}, 0x0) 14:32:12 executing program 1: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f00000000c0)={'\x00', 0x400}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000200)={0x94, &(0x7f0000000140)}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000140)=@assoc_value, &(0x7f0000000180)=0x8) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={"76657400000000000000000400", 0x43732e5398416f1a}) 14:32:12 executing program 5: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) prctl$seccomp(0x16, 0x1, &(0x7f0000000040)={0xff03000000000000}) 14:32:12 executing program 0: r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1, 0x0) write$P9_RLOCK(r1, &(0x7f00000000c0)={0x8}, 0x8) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000740)=ANY=[@ANYBLOB="00e4010000000000060000000080"]) 14:32:12 executing program 2: write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000180)={0x20, 0xffffffffffffffda}, 0x20) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f00000000c0)={'\x00', 0x400}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000200)={0x94, &(0x7f0000000140)}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) r2 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000140)='/dev/vsock\x00', 0x800, 0x0) ioctl$KVM_GET_PIT(r2, 0xc048ae65, &(0x7f0000000240)) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={"76657400000000000000000400", 0x43732e5398416f1a}) 14:32:12 executing program 3: r0 = socket$inet6(0xa, 0x3, 0x6) r1 = syz_open_procfs(0x0, &(0x7f0000000040)='net/raw6\x00') sendfile(r0, r1, &(0x7f00000000c0)=0x16d, 0x401) 14:32:12 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={&(0x7f0000000000), 0xc, &(0x7f0000000540)={&(0x7f00000003c0)=@newlink={0x28, 0x10, 0x705, 0x0, 0x6800, {}, [@IFLA_OPERSTATE={0x8}]}, 0x28}}, 0x0) 14:32:12 executing program 1: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f00000000c0)={'\x00', 0x400}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000200)={0x94, &(0x7f0000000140)}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000140)=@assoc_value, &(0x7f0000000180)=0x8) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={"76657400000000000000000400", 0x43732e5398416f1a}) 14:32:12 executing program 3: r0 = socket$inet6(0xa, 0x3, 0x6) r1 = syz_open_procfs(0x0, &(0x7f0000000040)='net/raw6\x00') sendfile(r0, r1, &(0x7f00000000c0)=0x142, 0x401) [ 974.339814] audit: type=1326 audit(1539268332.924:201): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=7993 comm="syz-executor5" exe="/root/syz-executor5" sig=9 arch=c000003e syscall=228 compat=0 ip=0x45a37a code=0x0 14:32:13 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={&(0x7f0000000000), 0xc, &(0x7f0000000540)={&(0x7f00000003c0)=@newlink={0x28, 0x10, 0x705, 0x0, 0x4000, {}, [@IFLA_OPERSTATE={0x8}]}, 0x28}}, 0x0) 14:32:13 executing program 0: r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1, 0x0) write$P9_RLOCK(r1, &(0x7f00000000c0)={0x8}, 0x8) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000740)=ANY=[@ANYBLOB="00c4000000000000060000000080"]) [ 974.402597] Unknown ioctl -1068978587 14:32:13 executing program 1: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f00000000c0)={'\x00', 0x400}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000200)={0x94, &(0x7f0000000140)}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000140)=@assoc_value, &(0x7f0000000180)=0x8) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={"76657400000000000000000400", 0x43732e5398416f1a}) [ 974.448404] Unknown ioctl -1068978587 14:32:13 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={&(0x7f0000000000), 0xc, &(0x7f0000000540)={&(0x7f00000003c0)=@newlink={0x28, 0x10, 0x705, 0x0, 0x6000, {}, [@IFLA_OPERSTATE={0x8}]}, 0x28}}, 0x0) 14:32:13 executing program 3: r0 = socket$inet6(0xa, 0x3, 0x6) r1 = syz_open_procfs(0x0, &(0x7f0000000040)='net/raw6\x00') sendfile(r0, r1, &(0x7f00000000c0)=0x166, 0x401) 14:32:13 executing program 5: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) prctl$seccomp(0x16, 0x1, &(0x7f0000000040)={0xfeffffff00000000}) 14:32:13 executing program 2: r0 = openat$selinux_checkreqprot(0xffffffffffffff9c, &(0x7f00000001c0)='/selinux/checkreqprot\x00', 0x0, 0x0) write$FUSE_OPEN(r0, &(0x7f0000000240)={0x20, 0xffffffffffffffda, 0x8}, 0xfffffd31) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280)='/dev/net/tun\x00', 0xb26224830f5a71d5, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) ioctl$TUNSETQUEUE(r1, 0x400454d9, &(0x7f00000000c0)={'\x00', 0x400}) setsockopt$inet_sctp6_SCTP_ADAPTATION_LAYER(r0, 0x84, 0x7, &(0x7f00000065c0)={0x11774ec4}, 0x4) ioctl$KVM_IOEVENTFD(r0, 0x4040ae79, &(0x7f0000000180)={0x5000, &(0x7f0000000140), 0x2, r0, 0x2}) ioctl$TUNATTACHFILTER(r1, 0x401054d5, &(0x7f0000000200)={0x94, &(0x7f0000000140)}) getpeername$packet(r0, &(0x7f0000005800)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000005840)=0x14) sendmmsg(r0, &(0x7f0000006340)=[{{&(0x7f00000002c0)=@nl=@kern={0x10, 0x0, 0x0, 0x2008}, 0x80, &(0x7f0000000540)=[{&(0x7f0000000340)="aff2cdc449f4d5b2c5fa4f7b3225c8b805d303e6f8288c4134a3e46089e3d3aa42e837ebd3548224fcd235909ddd29dd99d63b9cd10aef26c356efe98a88f58a26ae1c751001e8fc0104cd2d0a88d2bb9f2ff251155a44140a10ef51946ff37993607e1b5d2a776d808d2a2c8f9f334f70d2eac4b7941e9529b915406012a88b14152c6df677c0181eae9b14494a9d2ac08914a1fb19b93ccc5bdc3e27659161afa4a6203f78ef51654bb9cdf9a969f24a6c10c0c97a4962ebaf27975d9a27bdfa0e7b9290d571676594c56f", 0xcc}, {&(0x7f0000000100)="00da185839cfcaa1a0f06281426416ada4fe77c8368889e65cfce9245babf1", 0x1f}, {&(0x7f0000000440)="9d06e7915800d40fdb49d122a5bc55b862b59a79d012f40c40e1d3fc85f55860d2da994a90e2bcd6bdb05e266d8adfce97f0a282d29444692bf4f5f822d47db7c3825405780f01426bf9000b643b4736d48bb98fa2", 0x55}, {&(0x7f00000004c0)="841049b505052adcc98e71ff863e4b65ed40fbf5a4503a195188571efb2dd66b7cc12d09c22db33bc73ac612e5ba175c5365f57d8697df46284fbdbb53febbcb15b3be8119d0af4b80814d9565493f1533aae0cc98d7fb2b8fcae434944a82de", 0x60}], 0x4, &(0x7f0000000580)=[{0x1010, 0xff, 0x8001, "6ee960597f949aba126baa770733d04e458e1364aafa5340d1be207d798e312bfb91fea7360dae0b5c5afc24ed6ba88a98d5b203d4dcf8f638b1b4e608bf6e7a552cd9314068c70dbd16381977b799c7e633b6ad0b3b3e70bd5ea333c28d1cc9948ac66207f11011c6ca1901867e9b1fbee702ba0d1e839aed3c8dfb57ee50e6cde92ab5c5846a19e0e8bf1024a88e9ffaa219fbb2d3eff7a50b9396d481234787cfc7ed3f7400d2b51caa8ed765d5390446b4697320bd5d550d1d37817fab3d617a50dd4b10dd6d709c73b20e1b950ab6e992e403d2a76331b681c521c7ab7ac112bbfe3e4677a4f65d67f5924f7d614a44e260b4689e53762b1ee1e03f78a95492ce5bf3dae5bbe952271d794960b9f4fc148de81ec8ea2ae5566e2e9b526578fea354c4bda2df55e6ea8e74f04f4949aa2d12f080aad8cce66e9d1f0725e556f3b1f02a3a6d59a6dd57d42581afbfe0a1e5a62aead2b9582a26f9e2f101fcb2965b4d0aa563fb6bccd935c497fe832e285035df2f1011ebdf2353d150203b102068441f24cb27996404c483e0d4ade3b60e8560b78a0d6f7eeea7a27da863aed5ebea1d588f45b007c12d0fa5931853c7b09ae9c469593387f643d968479210c1f6128fe0ab9c2cedfebfba5414efa78d6e45d66ee55a24331fc7b8862b964c22e292ef680def9a05413b54c3a1cbda452204b3434ca180c0ecd8f5198dc9c73884dd5659b8d96dc8b47500dc6c4f14d154fc65b50799f7b18ded305e0377164862090b6fb5a8305234132a829a0d318db261d5de8e512ad5683823da3a8e5f7c540dde8857a6045cb053d1b451a7c360521ce36c915f02a7f876bd71f51ea940fa653bc5a4e42402a22d2cb340478ac6fb06475ee634ba8b4a52c4f5c3fa142ccf86428d3b6d6be70410be79dbb811c2233d21181b04d94d4a0c84f25b2ad9bce84eee27c44723a897655f3c448f976483f7265bc84da3533b83ba2c6e28a21a29b88bfad530244c897dc27587057a127c0431127b98d8bae855ad0a3be1d8d14234ca4187c643e444447047252538651d9566df5fb3fa2e9c16bd780b289aa1326179b41601bd2a4ec43dcb5291107ba1f7fe13b70ee68a0035f5ab19ceca64afa00d432377366a649c08c568ba61a82d65dbb2d3e75eb21756dbd6fc5c1fed8cf0a84c8284af91cbfa87a03c84d241dd09767ddcced1223d9092495da63a92bc45f7c9287bb229c571bf1e2bea1abdcee38303afcec97b71d0c97e18b8462d1abfc4e93d3c1ba519be43133f0ca4423ec006ed650853d9842417e45e31acc3b34e778e71c1e13022708d34b13bcbbf631339c0e11d7249a17a576139f725f2b28e9d8957331a7d89ff1ab9af9c50f24f09e89c0bc010479f5bcde2b19726e2579c29fc3a15fcdd7f6c3682b71e98e757a3eb544ef744328be7c119aad4fb24503aeef6250fbabc5bacbb50915eef4b3b1c25e20e4989b46e272c855d6352078e30d8a9b0e3fbe549ba8a099ac15c39a9850ef29e47ab55321d22335bb5dc443b1ccde9a26eeca0ed6c1a7ca1d6a141f24034f4ee03459b69c013156a03bc571f33622e56499685983d6cff9971778f8e22fbff621f2c4017f5cfc39642337cc6d95239abdf21fe8e9b53638b4a46f88ff09e523b671284dd3c997da29e89f84f1d485e946a64042d55d8688c2292ffe096bb08ee7469d9a7dfe283525a7cc6249ed8dda5051f1477cd2d98a8c3bd20f9f9ec83bd11bf64cf4ef4ddb3c4c820789296230a76a714575ed4a89bc25a492078b44400136347ea035e91ad91db813646cbb09c719fdc98ea2306a841387f1c7696b643c863f53f16d8297833791903c716fb1332951232319cb38ad775cf0bbf435441899de43af7c5c5eb73929f6e74c696b8e12bf09aa2654859941af9d9a1fc2d9c9d9c88b6aae525a53c78d4a36bf54af6ab2d935fa78c66a67a7e5d4f1d471a3d3dd397bb8de986ce64d5262f9b651e77988a91dc20ba387df7ea60e1a28c25200a9239546a724fbfab38d2e9373d20d7eaf8dd7e65ddd50275df6702c69b242d658ca295bf9f350ec6b44f44d75fe384a09e2e4b66fe0e6d6c174aa9a7a288ac6e8190e5404b4551eff1d8e0bde329c0d8b7d923136133ea580607e07f7ffc2c5d502b396e4333da48850d9897072606e24485b878380fcd78503e946f06acce0fbb4056f04b5cfdcd34ea0db9ffedea5e46edf45acf87c5c926c823eb6422bb2379356d00134d4bb1bacd6b35bb7e693e671c50707a7de4835aea425ac8148dfc13b7d75bbb0f1c55b96b33c797213c5759f73571fb76849488b4f1c94e039380609cbb8b2ce9caf9810d8e27c7f8fe39221d52469683472a9d7fac3d8d036623eebcaeff5416ed593b267daf8c2e930caa80a66fe6132661ed2a131e2c2b231c86629e927a47d8bfccff9b65f5f16dc4eb24e002bf39a78655437140d7c202b0e1b5231b2a9450a0e8de24fce14d68ce6c0f2c38a4d79097e880c87e0f1e91d25d9515bc9103d17451562429de146690627d8111d6cf566d4765a453a0f59a6fbceb659bfb8a6a4a3e74dd6d4cabb1ed23320e8388f420baee2ee4fa3dbdffaac2163be937834b8eea9f5aba0f6e986338d09442a9af10a5fada451f7abc92cc855120af02270ec00590300d0b65862cd9aba1fb61645155d4d5e1ca7edbea9f4d980d0d9b74aafdae8c7c08c46235299293cd583fb7c140c88dccd27c08819b1d5d14170b81f7daca0cf372d346e59213895f1347aeab085315c779dd29cc2f95602a8b948b509f369096086823d751b0e6092af921c1571d1b1ce27f322f405ba7b2c9888e9d7cad85ded75f4e5b8c42bdd5de53a78c3b01ca81b0210158fa07c1799e886383c86ad1b8069fe6098aafdcfaf3919379b1db531cbf4d0c7af333f73d2047e5960bbc8b3d03362596389d075263a969f78295e81c7ff5f91a327e08725ac9d9e31192ceebc724fd96b683e5299d1c22dc5296cb1fdab63bcce98f713ed77683f795b392724d45809ed6523eca58bfcfa05eff99ff36b9d974416d2f9ced575e318640e28ee1b76839308d41f2dd94603ed0c5d178e02a7f85ae5f0093e1a68a687b0d34c28850e547e8b86ecd8f94f00551c40d66bc876143f849eae41b236403647387dc5f9b19802527cad226011820d8532859e50bfca338ed6b713614c31a4364ab43e3da7d6b525daded484dd0b93bfc59c26cdac5714a49f0bd2af44101c7617e7a0ddeb50e037aad3060b1afc570f37defe432c3038fed4e6e743a695245b077b811b1bbd0651813f9fd59ee6bec4e2ecc14c639d577edc1227cf7f90ae060b9e4fdcd5dc78642aa4116315971cb925b4dfbe6b5cff34b99a1baa0ee972da9baf4feee1dcc2e67108315a6cdf13efb57e61342dff05ac1b7d9c5e32919dfd3dc064ce26bc697737bb224e1781920b425dccc9eb713fb46c82a2a61e0ef2970208b874fc3e3be7ff3433c90b630625653533c45e2b2cd3ad91ecfb7a3b00ae1f41a71210d8e1ca4ebe6467f75b9d83a54515a3a86b9cdbe35d86d9bac16cf64d0301d47412536cbbbc4b1edd503e3d0317ebfec5c1989af72c5f9ca44aa8347efcc96b2bf5885d3a90404d8a04955dc28f85736aae5a463a539c5ec024efb01898658070a14b375f6786895fcc16f61cd5a3844e1fc2c0ccadd818bf66b18712c052b6321c61835c39f762483340babe16906fe2657cf48bc49c97ab422db9d4a62ece2ef407fcf468c324e1a9f7381c57a420a68110025a430cbfb3dd8adca395a1c38d8188e62141a822fdbabafc7ef5cfb46fd9e45a0e6d57cfdc48aaceea0ed00c9356e96e17065474d3d3385f48ffa42c31cac722fbecababf874ce3f5c8a098bde3b9040b0432dd9e5701b0a4e12bd44a964ffb4b40d93ea5b1fcfabac93508c374b6460fb1136dceda7cdca1dcb05a9dccef84365e9c6a3c5551111892bacfa43445d2f87d0259e9d0956f90adac54f8f5b8a270b7c42769db04bcdcb9889371b7d00c6f36cc3bde0ddaa1235a6f9254aa42021fe72d8c2cb03f261ba4b134b6b0335adafa132a52443267723499e0f1d56b0f08f2ee94b7254b968926ef48bb0d29d27d781dfa793f2516598d2e94b0e57f2dcd3ebac79ca05f50ea3ad72cfedace29131ea28ab9662926db964d20560e50064f8490117c39bb0c68aced2a590d83e1efe2fd07d66f901c073c9cd3b59928ba2f822b0635e46bdc40e98de960904a1383b3d37187b1c6483adcdbe278ad3e7bbbe5ca1607b837d48daa2e0e40102ec277fe65bab6bfd1b11f9695d4c0d670fd0e3adc744dbe03edfc2d64001e818b6e787a9a2c216cb8a7646bcfffb157017fac164cb9fc9ada7763ab1ece6286115d8e56fe449d23b43e112d14c3192b848e4247a467e7f4dc3e725478b6d37ae10ebde3991a6230940f5799639e91cf39e3cd9ff3de6efdc879573ecb4ba0495a3eb80df7c634017a28bf817d25f2a1b18d77b63d09fdc73b26a0dfe5369fc499f52445a74fc45d10c11e44731b0dfa07dbf4f1a02e81257f9a53e1c1b0421c2686caeffbb495b14467eed1b2eb50b0ddcc9e38ac78bcf84a2d6769287fc3f618f800bcb57920d557eda1bb2c9751719070b8b37ecfae5f5e908195f814bb913ba08fd668f9f1b267ffc4e9a6740bdf55cfa94d7a637f406bc0510c975e092e6d516e748129b28043f87cf66f271ccaf3ba2c42345ab46e50ae7005048ce36b5c0d83def3eb11fe4b7e598f806864b1825d9e6794a4f5991d6f084636d837d071944055b4724164d07d1b22ae1683c3ff186d5a4ed56fb341aca2116808d2d6a23260cff9ddae046c59260492c34158eccbf67d3461a239bd57e14715efddc3ae20c343f11b16d7695f810f723ae1e2c7b8dd51d2d30003842b65cf7929cc4155e1d5081bf373b38df1ceecc1b386ad2b2f79b884b3dae148ce8ddd196ef979825a44bb3325b7e10ea4ba95fed8654323e536ba8451198025412779e82a721f9ba48f5b3e3735d7863a27cfb64f220c978b2520e8e532adbfd0abb113ff828fc145b1a65450d20f5d72fceee04df732e89dd4997ab70e1e5d84e20adfd0b867de766d00b4bb0b7bb78a8a4ce77d3922e718f24ef5faa448d3d829889dc1799374f95b03214b63c74a3d069d1bf6afa8ce80ce1cca02304551ccaa7f23cc970e32779207867042285ba61771111a60d3564e48ad89f678887bd00445d2f54953b67a21f5c1d2845678ce84f60a2e1a6252f06767aad910f216dbb3fac545b4c2f0859c766b34049413dbc5c96d0af906252280c8e68af03b2ce530993861fce0ece43c717eb9b4550907500a030c0faa06fa1082c430ecf308af84a0cc9e9dfe38472add0a48af294144869a95f5257afa8f953089bf5db572da1ce980f86b4893617b21d57d967714ada15d9d64b05f5b5f7e5d1f11491d3dc4dc256da4430f2ae85a89129a8c650bff400ea1314148d7962aeccf631b6a0c38208360a30e75c376ee5a47e6ad0c4797c1d0fca8a1cf621d46d566a18cce879b4a9dfc25251cfa3cf450467c83743dcdc31aa740978bc95ebac7623bde92d6cbab1cfdf486bce1d92c3c989af4c307d55f85ae37a6cbb054e1b699b66ba2c58015bbce42fe8cf692451bdaec3de07031fe61104808b4da5ddfea4bdbe74641b6ed2dd23fe19b3886f17aa6948e5c9453e9c35c79bae9ace26171d220f272aceb4e65fae0d0bdcbc93d029edb08555289bef6daad8065b71598fdb10a4c3355a6"}, {0xb8, 0x1be, 0x6, "41c6dd9c06a697780c1affd4af5ede46a18abbcb96dd33baa01bb282d7f258c1f75adbfed3e766f561a2dedb2c1bb2a7337828391451dded67f16824053aa2a53307d6d282b0a601e997d73f7a946cdcf249d5cf7f38621513c49b2638b0e941838a2aeaf4570dbaced56f08549be0f920d7a3ea5fa77501375f6e826eb7951c6117939937166dd5d42822373ce2c89b315dfd4628ca1ac50b570302fd7db5dfcb1d30b27deb"}, {0x38, 0x13f, 0x2, "2ea8573a2b6c65665b8d0443ed5927ff48321337e980337b701f1d0a2d9998bcb8"}], 0x1100, 0x800}, 0x8}, {{&(0x7f0000001680)=@pppol2tpv3in6={0x18, 0x1, {0x0, r0, 0x0, 0x1, 0x1, 0x3, {0xa, 0x4e22, 0xfa8a, @loopback, 0x100000001}}}, 0x80, &(0x7f0000002880)=[{&(0x7f0000001700)="b47e98b8890568e696ac8dc8db41e32dca22e0e36fcafb07459826799bd11fad1f3fad268b565cf62dce0d1e5e8e4c6d83977b2881baad7cc11d87ce3dcb43087c0a6c54d6f2a8197d50e6397fdf93c29471e3ac6f55eeae1da9f8cf2d0482f51458e80a95baa7df392e79d52ca87f0c2c232fd19ed9c3ce3ce477", 0x7b}, {&(0x7f0000001780)="d9e3c32e6f08e4482a5f5d015aa5e8f82c380be1bea48ecb045129681a55d79ae5090116f58ca17f6f5c71355861c6342099e533c8a2391fda0e987524f3ceeff51116bdcb1564e225df8c1e47f35e727dc4448471d9aef93ceb56edb09c92a039b5f34e0bd5198f3e4f2f6795cc444349ceca3ed7e019fce116fd4842c1eb589fe38e563f12c971ccf3b9993779f9829274dd2650b9abfbb25335fca66e98980cad6bcdc1bbebc51c85c53b72", 0xad}, {&(0x7f0000001840)="89", 0x1}, {&(0x7f0000001880)="f1b873beab030a2d926e56d9ea1c0534bb779b6c61ee439eb98d75d54350227bdf1cb3b5384aa4391c7d17b39933de46f3ba9fc817e609f9a7cbb694f9e398f23314254762da5761688e260996e6fe9547350c407ef7d613b6fae84eaec27a9a6ee99c51241ca933d1d9dd4b0d40fda608f655780d88db54530eade454b4de711e4928817890341520b8093c3657f954b63659cf3c3b252c0f5c0a3bc4c93938f408f72c7e563d89656fbd7937891c48866e5663d80809879f2d875fadfe63036c1607a73d5a0051963d247f6eb634309965e45ce93a3dfc9075d4224120160ac65f2fd49e658b7551de4669e6604c006aa730163ce4358f90bbb0bb463edf54a96f8909f62209497701436becddc14b4ea758d4cec6738b374fd5b376c6b5836fcfae3b3c38c942dd53740751f8ceba3368211c9bcff63102f7befbe06455be2963859acf5c7e3073439dd64218224619be6a823e8fa86580c71d7376197e7abdc8f0b9bc3f145de2f4c52b562acde7ef45db456aa26d8f6d51b9710da2b1e153784c43272b31d32481122fda680cc67bb403cf60b2bfaeea4c608849627a282554101c9e79209d64b809e31f88f8a841d951228cdc58972f4e67eab1436bdaec153a5bb4027123dd76c76d68af1559900d957704af9059b35d71441854eafcd3d385bf6a82b062f05f64ca3358dde21f2b4255b42b84d369b050c42e2be5bed918a06d0193d1e52b235ce970398dea29c2ffc85926899e16bc448c3ab61b992c68a439eacb0eb64c22a77597051df59539407b2ef6d201bcd7d6077c2e1e1f73df64d46fd0cb9da09a90caa84c3116791428a21f9598f0036d44260b893513fe8d7d158548bd3bd3d6a0078f7b4d3af1593452a8ffdeceeb57c9097c78a5ac03a3fb148f0edc8a0c840452a4ebe8a59cf24064293024d99fda150b12735a40dba1fc65aab814273c1156f66f48f7c25e32958e13748cd7974c06b7a69a236792de2a763f350f29710d99752aafea73d1418d47e49057c4318a5b1b21472033a2b88e0e0738c4b011bc99a79c12a8a1332ca3c2fb90afbfbefa9b28936d91d2ea1758c0abf1b5ea422729874d4b736c2d307c79750b1a7113b38309e8d43df90031693d225a7720db3a3bb3436ee7b5ff10c48e7328c89f2b2144e995ad0fe454c50ddfe0ba6b24df0241bc68c92e89c7a4f5a1b9a55f5c585055d60987a0db86031e1fc428df10f247d93004cdd484bb56614cdbf9d4f48aa98a17ce45ffbd0aa094718a7142bc21605e1a014b33d91525bf96e38640de81cb7fe4b6faaa1108218d0fc1a760981c3cb1572435b974ff45233af5531d94ee5a84cc10eec2b58a4eec51ce27d26fcc5d785de1738112ac6e239518acc57d7a2a7fa717dc903deb1e84b47216647b4644ba36842e0e9be7a688efc1c6e6affd7245e30a173bcef54348413b1c2d1377c7debab18b15d2ab3b39e59d0488e538aa11dbcbb8255f81688b317be72ff7e8da21ebb9fd2dcd0796a86eecb2b32b7d4d7f54082d6bba8984d02f10248ab8ff90eb784173902e10961ac10a658dd4d430c76fe74d8707a26811f7348a8a8b7fb43ac50f9672c99d86cc77454ec6f6cd37d413e71f6600ec5f904b18eaaf2016321f211dec3a94f74a1bc3675c73fe93f768da49206ba7b879fa2f67af23e07911952831e811232631c4aca5599864056063bde05a49b8017d5aa883b28ef06b8f6114485d29b30fbfa09451acf5bec69666f4d6872085b6a782b3a3f536d2027e7c239200812c2f2c82aee597ef03565b4fcda9de6ee93ce30b32a7d5ed23c05369b52b02d999018bd15cb5c8f3c55f7e7f8455d4f3a8b1d5b1781bad2df9f3d1203c8ab52cf6a00faf70c2d3ac618243f64333d931cf8696a4afa6b163c5e817f51b67b0ce9ee72c47ccc0bfe349b29ab87fe5d3457a466857c6b3bf4fd0fbfdb814ba5bbab4371ee187024efc9e3f02be239a4d9073fa07c3eed2bd6fa23009eb1782cfd56511b1ed0473e089db415b1bb5cf2cd08f5a052afc7dd3805201d4b4d0a377aa324bae1ab3d4c70b7c31cee89fb0d1c49827445089d5846a8babdf91678ab5de050e62c936a258a6189af5a73059471b3353a3312b069369171e25b16840096135aa763e6639e4d3b89d8263331e3d11894ebd3b4355452f0c4008b3730362526e2e5f1e0185c46adc7e452079a4edb763e8eddd9f848837bf22d7dc61f8d6e79f16d46aca25e02aa823727837181af2181525c32286264ff2a53d797a71417519750e8566768d6061382efaff32a27fc4e12f6e82e8edd35b119155690bfba5f0b67f4ef5ca3ba4887a0dd983cde0ba3b1dc3505d6f3246e47960ee7721c71a9709a375b0a185e8ecf0b05ef345ed895eeae2e0fe28fe99886b2dd35d285f5be02675c734610ba75483c8449c1e2b7f4c9a5da54e3e5f538b306c94f835239b611ef3bc96d79c7a38c27ff37987f1b6ca649fade1205278bd4ab916c41c94dc127e6f6698877992fc0f87fffa89abb11aafa4a5a6165dc54dca33aa941c2f6138bb1269e19deeaa356da3c594cd4c1a54eb8908a2b414b5d56ce05a69d7cda1c62389822e4c7a46fe5589ccb2e9185c9d4799880ebf5bb32c26a0950b379a47224497d3a8ba7629a64ef40a2259e02bb1fd81412d3b64b121b4a1e325010b3b8150b38c244bdcb332da9015aa3efea356c668f869a2f83598599b4a6338fad75b4acc3412301b93c9276fa321515396a12eae531c61044bd004e5ccc5a4138b708b31aea0be0c474b2324acb8306ed9a1497d3b7af4b1dba3523bddfff7d8e0b76a7ce5a89d3afd928def902f45c6969669e2e28e53473eab41ae9775485d57c77c52a321c2aa2dba18666ee5f1ec243617a86be46b08cc93d1c357a37233defdc8ca587a6e21d9f71bb2d25b66e0c8887c0b9b3f6507795514ff0b504aac5129b6b4c0aafa5a2c50cb1410b4b0f200f56a54b488c2b591642306f20dbc4a4e06138600c2f3931451ae8ad3b448492496df80db29eee98269ae01680d85ac4e59111c82c6f2a5402f67d51b8813b96f246e2d5310ac839bd60ab6f10e81259dba2b30321d4acda0590ad2d3627e2a12ec810eefbb38800d3806a1ea1563c66d0cafb414c9aac16583fefee5fe6724d86da0fab4978e916759dc788eb7b3d65f9021977206b5993956b12cbfaadfb214fd7bbbd954dae41e76f37b67b1f6605e9f39de9283143c342f5b9fa1dc63d2bc41a95c51cb205b3399e7ebc397454dcd4aacdeddccef135d4f5c165f76cff27f795a6e1896d9c1ac0a64b0aa087e0142e67b38a173dbe03f3cd5087893410077b6c86496e1fc7318770ae2d82d488c057e64d1ec3c0254b2a0ec23017cb86e65fdabb82d161fb8e0de84591ff0e3a981dfa849617817981ff00d7396365aa00039e31abf36daa87bad0fc13ef256b58092adf15ba08af281f160d669db26ddc2e554b43ef279fdfac7f9a0dd0bfdc64d568454b7a93162265c2d10c443f58f786a8ef0e1502d5be31a25e224e60aa3a528202d1eff7342c441e9f222ccb5572d25f8190015ffeb3192f1fb8ff7a5b70e5ecaafcd0a706ead46e6969db9058d018c4e8cfaf3885f0c3814286445efee42477258fd0fd767a756bd93a4f4051eef16c8e758d17ecab7b08b3916574fb0a9eaf54016b6d0d7533af9f4dff0ce1497abc95ec6f4ba1a8b81ea6c7dc0f098c7f3096c86588b2a2d30de78c7ca196dc31c27d0b65845cee8846344c773b0976b2ec703329b38f8b0fc9157b585d0ac32feea4388c68091ee34ef19c4e0e3accab7eea3c5b99107f846c12075eee557abebe762791d551c57a4f853e4252575e4d66c557631868d4ea952cd542654215c2cd75f7da593b4cbd45d961e49f044e88a8711b7d3f66e8b4af0406b37a07ac71355743dcb830f18cef7db00a3f1531258552a364ae29f443b65c45e0e22b7a38f6cb96a068a7da6b3e7d1ab017f7299b1406356a4b5eee30b36f927cc69c85ce34227f08ca13fc184ce4c4b58ca64ae10ad3bee0e6bb72168dc4be4f60963ad25a6ce95f19aef4e46b661a6d6502cb4d18a5be1da30ee49e7208c48e193acd971505a38a6b3bec3141ca2100c17e7b76ffa049ca56ca21e449ac3ba96653011c69ce09a0c5ce50314ad3c5f33871392ae378cb764a6c0cec43c67ac05e15a62921b8484c22ca97f03289a4dbe7bead50fbdd49e7c7208bc43c7f9cf9c938b728f8e996c96ea676cd30271bd38cfd600047638d7953eb2a4d948f4cd78eaf17dcca54647927c711c9b0b2e33c1ed200d7504b114c8be040179a560b62781b439660d941daf48dd673ddb43cf5bd5700e28e324639c68b1d9d4c4ac15a190f8dd27a122b38300990908ee5ae0316f0ef07d10602764ce6580ab76f01800aff78aa62aae50edf99c4a12636c4389ad18c278d573d9055f483635dd541aac6351b8035e854f6a3a3d265e0f85d138d0d6f44cca4e69100e5a1581a8c096162b06fd7f5753d51b702353aa7db01a0a460f1b0606b3976be4b020fd098d2c2d481fbe5b0cfd81717e3241b830ba289c9ea84e6cffa2dc10ec59da5e7bf064672b3f07fde0732de34a5a8c20878e6c8034ffb93a93c134a48f9b64fd2ab7f78ee402d5eb48feff58272de694f20cd5b025b4a86c6f6affd99975b8ddbb811d1818980bf4d77ecf6ae415a9f9cc8986dc9d658aa5bb84c6a33d9686b90a3069247d319ce58761caf6513485376be3f505e57982643859f6a9f28be3f948599280ac372246f14e2baa74e734788677940a54c150dfd161f9338d3ed8afd7c17b664151a72f323f79638306fc1e0689569a1efd02f966b42a05591d495d5836513b012cb93674bada0a4fcfdee3cdf418617bda16abba466240d2918b2ff662a6246ef434c1d59ba5325b32f7d65eb0637c5afcf148b7eed8b260c81a6245799bbb49781a9ec6374890cfb06ef6008cfd7b4ee2ae01017d189986699e27e34225d2b045c5561a2ece908a92b011398aeb7ea177b00c780062a518f5f123fb9f12b60b8847c4f1f42c2c831978e077083f9803eea8c8c975fa4173a15970f39c261a680ff5193e281ab10ba969892bc86839fa7d36121d5ff708a9f60dce2c385cdff6634627ab80eb721a0e26ef287c1b7fa1b9ac27f70617eaaf7560d9d93d9f15be8d285e74ee104110f57cb4f2a61d50d64f798b5395dce1145ddbc1ca1b2ae692fb25a41b19382a9e622537b73868c04af1a9ca969b1fa970d07a55d4e6f4c8590581415a0b345bdd1ca4ef9c39eb543c306c0934aea1047a9168d42b795cc7ce13ff4fcd065812f0872629e716b26b913dc4e5ec2f4756ebe43217b797a229814c620655d69889bcd9141cd8fe4d6ce1cc4ccc0ab199b341aa8fb99f66b8339e5fd2bc09f972e1d859ae22dd243cb05f59f44666ce0419865e77f3d1dc6f6ad80aeb883cf659459bffc1e1ff601c5b19224a89db73ccaa4c6fa6944122564d3bcf697f111cb71f36908a00db01e981939ecfb692ab5a85e7d3ece27045953418acae83a6c670fcff586f2c63601a3c7b4932e4e23a924ed797af86e45bcb9a81733500ed1d8c2e159a9546a4c0210f6015605efd11c32ab6825c6e9149b915f76c389b19c2459390a44801cd69f1498aaae452a2533fc29ab5cc7bb1179f2ca5e4609e49ae12240b76b06e5d81137bc4d00c6503f70bb13039e47f603852b3974b7338a0c73a9725c9c8ff0bcff91d0398f81d4cb7176a1a48090a7e7f23bb60168d21", 0x1000}], 0x4, &(0x7f00000028c0)=[{0xa0, 0x10f, 0xffff, "a88aaae2acd2a9f2bcf39c79df85287af7ba7eae5ed4caf5547880cf57be4d860cec05548fdfaf3a27a5242532cda0df7964b7a903573cfc80e01e2ca1f7c4ebdbe27f74c2cf1528b3869fedb8f409da63c0aabfd7de9f5fb464eab0de9822c07577f9a107e49d59c962c88a7a834c7062710cfceb9df74120da4e4d95c618b786525fe52636252369c17f00a01773"}, {0xf0, 0x10d, 0x2, "7184ebacc95acea4942fa230acf409f07e223f6c7eafd6b3085941b2954fb7166abe22ce67757c1e6fb43426902782e6387a8a8867a677ea75287f3c22aa1356719cb7c9f89ca541160ad4bf70aa679f1f9de60098522284d953288013f587be37a5436ad360eccc1fc2d009b55e864e0cac67c7cab1252fde769002f49c59d01ca30a4ee471c3ed5fe4eac60549b8fc0c0b0f22f8d90ab08d61c39ddd4bb9c45600a471911499edab8316505c4502ccb62046d65f405796a8e5dbf1559b29c44b91aadc9d174dfe21c98fafd85e3c165385405a1bb6a30e49b16d52e7"}, {0xa8, 0x10f, 0x7, "f93de4d9a7380c9dd561fda59ad0968237976f17045dc6b02344c3688234b6425cceb6396f6bb125bfe2c980e0e1077c273bf6132dac4d781ce18259a9faf80997ea94d4006de7669d4e1aed69e8e8b11f5dd2c055a6c1172ddc3aab97c8bbd748733a4267d92c6fc402e671def009dddd2fcd1a52004eb0a0ec06d74922fd07d77ba66743adaa533ae9bce39779444c6b6971e32ec0"}, {0x48, 0x1, 0xffffffffffffffff, "95e26d9cb425d53e4f7ddb5c027cbd3726ffab255d2a1381fc18db0840fc7103cdda19db08f893c2ced57fc72cf12a270e13"}, {0x68, 0x11f, 0xffffffffffffff81, "c787c4fe8de5b7e70a8a61c69145b89f78ed83a353918ed3559818683db0fa4f06fc3296dd0b055fedf5b286741efbb0e7e831e4348d7ef38e9f9c5ebc7264b60b32e619857a37c3317b5d8c0f1903078d8e"}, {0x1010, 0x88, 0x3f, "7df421dcfef7cb0616dae56cfdddf66a5b7aa4e78071f8ae0741ec9cb0b381a06e047f42f8f77ac92ad9addddbc20b6ef8e3275dbe20a0b69ef4afafafcbad949d0d80607a0e5bf0cdd2df59858620d60660192e3cb7fac414125cb823581498b4019f8f010ab0a70db047f29521b979f75b151f9047c87b46da0746d4f9a7bed341fabe1bd0c4ca321ee219735b62814b56f65b2cd08fb7cb671240532718be4ae9df1de958cb90893022e7eeda0ebfae75b155bc231ecfa988c236eefc25b3f129a3657d373c9f609c9ef64d712319ca11beede448ec5b340ba9d07f094b731fa21101432d33b0eaadc4c9eddff3f564573fa860cd10ddd10ce1a0cf93aa8a30e392b666ec54251debca04ad5ebc11eb2f6174c3a1db2a41de9dca5192828d63985e7e8fb87e9684693f9136804904d70674964656bd2bed6f9d15600f794dcbc69a61cc29d2c57680bd309091d32abcd904938d275cd40daf5539037f7f296ef0f4ed2fa99f6161632d49210b41c5b711d360e4a7ccc8d5eaebf28a5edd91c16a9557866973383f49c07825c402849b030f14111b1f746a1f24b96396586a59c6fd5e9eda7be3f1b423f5d7cc6b652ab35ac24ba92d014df45d9d2a7d5c415491e34e0ae1f95c1e26641f386bb95cd9f0d5c8c3a74abd9b7978a6364ae326e6a52b99f5dcdcae29098b70fd7034728233d60b4786aab66b0bd1eeb27daff216b71fc76c5f5bf595b9166c029525f043d05b803a093fe5b4f140621d169c6c0c3b355ea65a7fe630a0cc937cd806a188148047af73ed0c1478f7de2d953dbb688d11a77c60dc3862b1a01873ec1e9351d2542879dbf3374f201365499334501eddb5028a582d72aff31b5317f9e9dba412d8755e2758a6a24dffddfda3acb0ca3753cc575f71f7a182c8c6b595ccd575e9c753782720122ceff87043d259a0921c638a236d0cec474a79aa40836c5ecb72f53916989e8ff54d6c474eeb641f66c9425bcdfb503bb294e6f3bfe4f7539c69b17395d25c4037256d3818df298d9ed3aff09887717ddb7e92eb0298cc2e7cdd00576a8594a7163b4ade98152f7e5c6250bf64121734e78df3bfc8c13d5e68c80ddceb8a2e057e58ef056927481619e636d9b776a9a08253e78ed34030677eca281aa793b5b3f2d9714b9dc74b26439a16c474e223d8bad942e5be218aa213a83572748d3ead44445170ac1d774e76e489bb14ce0011221924c1c406a5207f805179a465836f514cbd6de699874d740391672dddbddd0fe2de365e46a783b63ecd9a22158a5e663e9828d52ee3989c0f4b947c4bed9693e91f890116fd157996aff0b17f411a9b9d847c29c0addb4fc05f24e3b5fafff323978e538fb11c31392a270399c325259e8671519c75b8be32c137dd090a9c89f79d93fd1b64c590aee8c10cb7fcdc9d0037f5825a0325f5793b9e31e568855c3a3121ab037b5932b6249b6991146529442a1d3d240291f04b1617bee4e74d2ce277277122832206efaff98002344519faf91dd8b766160ca9641df78341dfbd7d4a6ebcd13ace591aa55d4a1f998ee38bc7f4626e13a059326fa2d2d082d3665bb05306d10dba1fd264c3c554b4b502637b41d86173b15bb5def8d4244cb3101de03945ed3b0f62f44a40db1ae9d25507c00ccb9b010f11c8e54afafe4ded1007570b15f4c1346af137c46f70823cb6a74f691c36671bf32f993a49dff1f00db6f09b76139b52ee2835bd4c3c5b9c4df2009431ff407b5384058287749065a8ee653b071e72eaa286853a5efd1c368c8267e16657bbf7e1f3380b2e18a4442716aa7779efb9ce97ebb35236cf755ed3c9817f0d0f23e2237412f197bacdc7fa0f38ea0134789ffba1bface91b241e73991b90079ab022f6b6df4880f2800fc3abe6fbb6a4e6e3f40c01cea38b2b581b075be284eb509730aada0a706254801bd64b8fb59fcc7b69660f5b2c01d5012c56601a7b4fe727a155ab1c3a6ef43708eaf14f8208c8f17c83cf868b8ad73e8d81697d0191137fa979b8bf23fef2a3ab98ec7f2d553d15b8473b5ad738ac9231627703288c423718f3ac4c937082a556db68146fc256e69b44a83da0cc4f423dcb23d635fd610f557f90629b0a196b7f2c295fdbd982f6ba201e289711d3f6a340173b6aeab60efaed1a02854b93af20ac0b69f8636d358d91e4ea8b70333fe1ab92d43827ca098ef60f960730cf68826b58d40ebf2c541c4e9c168b5be0f2658081898777ed36d1bdd99cb6f3b7ae16102c19ab6c6040d0de77eb007dcf1d10faa16856bacadc5c2faa32b40c1188924c2906e60045824e5545439b85c77dc546f388b4b831bcc77f7ecd40134e01e4a37ed13cff71ee16504e2c1e6eb40e310208ca07e81fd59be1a1c609cd6995bcd7f0264e3c5f6d994fd602debd8dd52f738c4fed41f6974827e90d2a5a0c13ede2b57ed53646620a7db771a148258508d21d4175e274b19b7a3d7c61ec805f601e0569c3700dc303a0c06b7d84dc6f723f38f4fadde993bf9f6b1927e5fee3fdfb4b2c2f2b1e21ff31b28973088849566f15289f5f7e606426cb2dca7d6141f6d24709e7d379b831c3b45cd263cd1c5b82ff89d34e3a7fd922d0238a1bc088e1cbbc88a8f9628fbc57f83799d22a44307df292706663413408eaa604a4c2f633ba721b58108861c71082e102296be45114cb37160ae268f76046ddfd694cc18dfe31f5bd2c572d5e862c67e86432c19b0033856cec2167a4f699cf1f9f7e77b917febf6fedcc13e19db044523525849d17b975129ed38f1773594765333ea8ac7a0242efb9bd5ffe5783160f005b38694efc31cdbd5ee8b7b599f2e0957f2e6ffa219f493ed4f1346b00c906392b0de1ca9b07fad7efb73cbc5fe3696f2888075ebf664938f2a1dbfafa4252d378304575fe74b972633715ab7e46f9f5adde25bf8485eaf5451aa50c646bfa19c09f0c1aa97d0648e3cf38c1254f66ebcf4c4884e2da635645f5a0f84a68355e1164c8f80627725e075c7dd6597e832d814af03be7eaf6de9cf1d218f3751738e4a3a2c68eaa4222191657d6a68912d191ed4fa9e9d9f6425ffeb69377d138dd5bb2420e87b86caa6229eb3723e25ba01348d2c819dff2cc2df1461ce29a4ceebd8e725b80547939c928438cd0645163bdb8d0c61ea075572021e55db7f5cc2cb003efa003b7fb207684df7c25c32a5e0140dce72039303fab753905e2b86094a3b03077c4298869136fd2d6320a966fcee7e4d2f0ea435a45890613be3ea0f74557fb93aeaca740cf3ac9c408249d5ee76612fbf3d4ab00d46eb4cd1d1f8e1f7ab6b04200fa675ea7e194e389c5587a7920bd11836ded140ce76ff82da2d4425a428c8078dcb74cea04950b12714d34420f5f132535529180068e2f60cc860b77d7ba06648749743e00179e46bdf27879da76ead0767ebcdb4ad90b3379ede0eeed704f33bc2831c2382087b702edf8653d7dff9730b1ce3a1f80e36fbcb486e443c6c45b8a46550e61fa30c2e73f0ee5f149e576d865019a9039c56ed28dbc480ecd9bfe35aa58c018822b3ab45e19ee3d012095c0e3524ed50b0be40d285c1f9c40106d8d2652a6506bd2d40157df0c5dc82e373416547df50d831b843fbcf46cff9e48038817ea5dfd605a2471de9ff2d2fed69d6664a0ce924cda1725f99750b40f2dc19109e88b234ebffeb50d4de9b0d2e24a383c4fdc4d95ac8fff83885beb59187e45ddcb49a3cfdb9712fccb62a14be7c215a9edc5ff8f4e6445c66587855d88dea7b6c995b20c765ac234ea9c963e8b4e7d8f8ee40c7b0940d7b21885f42067d7be628c130cff5b9964bc2d3671522a96136e2662316befed60ff5c2e358426098fb82ab7f6da62f2e935d0d57faeaf5168e246e179eea6da1f23b288b7d790b8fb7e17f267df4f81a41fa998b8b675f477095677abfafd7392bacc314c89d8026a467c3a0c2eee3fae3ba4f26459ef5f5a5343ed6d4e6d21f0146e7fb84983b06ddf7dc082dde76ce7fc75c4331e3ebd5aa939cfbab456275021e28f92d6b5d1bddde97f4ab70f057526397337d5485d003d7e21910606209359be7e6175fb6ab34cac22b27f9f42ffce6b6d2edc435cd88a66d25c620d7c8e5854c7f64ff88e02e5e4b78a08b4ecc22c2c7783783233de7c247e62d02c04793cea9bdf9739f3ad247123c7964161bb51d3d697788d55ebcb49fb0b3aa22fdcbffebab7ea2fe1e3fd73bb6e43dd3d21a20ebb425bb9799b0fbfb8e756a6e8fe600d8bdbe335f9c5a7e25e80c0ac995298fd2972874d0e75d7c9f1fe9a583c62920c19e7eb739d263a4277fe63fcea6bf8f74a30e3b989d0a565fc1d7ceaa2c6937f6bb7bfe435b569b43e1d3035ac30d605b7642e21e8b10870b686f1af7528300b42603153e8161bc2bcfbf569b4413f5fe4b0289699240cb2f48b2ec5376195c37983a4626eafa68deaf466075effa0b787ac99a912bf3041b9a6cd03defff43a6b0b76dfcb74c3e76332b7867f5b2e4a27c5ccec5ef3a3b376036520d9e5597ce087b039c33cc70748cc22cee112c6269b6ec1e1712ffd01beb8732640e544adbe2fb0f6d232b614edcbe7d1b52ca7229f069eac448bd1c3724bbda72203862a9319ca39613064a572c55db0691de9fda4c96732b388548cefda8901834c6b1ef249da5f0c7101ead5f15933bdf98fc97d6b1282860b4d9c73e2ee505de9c8262dce57ec4942fb5c5bd67f6fd4d89668fe1966114d18fc4a2e2cc30a55cfe35ebd8ff4e71d66c9fad796d5725495d1c8c3f8d526cbf26d936db6f968fb6f0d70ab6e882a01dfa046bf22796e7373068828d37204bcc2f393fb386188f8726d1f6fd0304917f23cf1c4968d39ebdb74b86d894a343975ae92a21888dfd7a13ebddcfd7b9eaa3bdc23fe2d136a96ff1ecdb4b6cf0e3900bbe8994ed242623bd04588116a2c95bedb20b33d57b6250e51b1db9a720dcf5d9988714fd964600d816e18effe2daf2a70884d7bffa96a4f2ffeae0c4cfd18dd55e20842f16229a50884dc3b035ae0d8fa7753851bebbdd51f41b66ad72f4ad7bbfdf6109488107df84a80679af366847f090bb6bf2b72fff884698888d1885801b444b17d686d35e52144e24e5fd6f4fa5acaeed95d5deecd0cd145dd035cf430bbf972ee12d4e7a1ebb0af6c734c0534e491d1b2e3d4f46758a18e2812faa6449d643b0d1c3407f2713fe7b7a8b9257632b12b6e0db8ce7825839ef218fb2062f377b54603611be6b6189edd334a55376a8d98813d211600226d049414c3b6eed0ae2cf34bcb2cc3975059193ebee08ea5ddff56304202f258f121bb7cebc6ff94c6814136b51949bdbd51793e819245fdbb29d658bf8e57a834e4db5d2052dee68cb29bd88ec4cc10855e460f3adfe59dae2a11d374f0cba3f29d1d7489ddd9b830c7ab5cd10182de706660aa6201eca8c8dee149b5b79f98501f14df7f3847f154c95ee22ff92a8c9e33c2ea01edfd7379a262e685563289ebab1502e82b80ea3554ef5ca9c80cc056aca4e9745edf06ad52a6ac0c64b01f56c232f37f99a2a7c780210fcd9c1a9526f87b7154f503a074e4aae1f4cb70f18ba6f804c0b570a55f7535c3dc9c2c36b477860f7fc51b3a894d279a9833e3a9afeec4a825b7e8a52086017dad2f87ac90f62e95f364fdadf2289b67bed2b4eb6ac35dd600b27489de3e874ea3b0216128226ad36e28b7c42a54bb2d1129d2b6470785b3b42f24e7154408adf9fe4c33a6af838599fc75dc14"}, {0x20, 0x10f, 0xfffffffffffffff8, "f5c87eec816c740e453553b55cc9b3"}, {0xc8, 0x1, 0x4, "5d79e2732f07fb895df8a14242563626b7874f4cc40aefc0956d5372c8325ef7d898ea31dac757cf06b66b048c8c8ddb0fc5ef05f5dae2a2d470503fac32c809c32a2ddbefc1305bd61641dbb62a04af3087f1b69877fea2ae5e87ab940fc621831dafc903ca56aa4752f24c1817d9edb4d4da06cff8bb103b9338d293b1aaa9fe7c917be304b08114ad7860fc813a1e94591c6111ae5a9c7a77d36ad5711487283ab908293c380161e9ff44d06eb144f4d2"}, {0x50, 0x0, 0x8001, "1c1cd5a5001a3b66f3d11b2f7970571d48f7e0eb55243ad009eb99b28097822ac4fa20b9383ac4463c87cd240907eae85d9b44e1dae0932b609d9ba57e43b2ae"}, {0xc0, 0x13f, 0x7ff, "f320f5c24cf94587cffa02d0aede5b9c62ac6d16e8d64d48082c018cfe6f7d37dff96bbaadf57e30c73e797c5731cdace3638fd2b39bd29c1cac11aeb4a77a298bd73ef0aed923b4f88b906ec99d004f9bd135d1bff0f777bd69db8d3952bfb7e099cbf0c7c923e9b4d8d26f4a63d960e9dceffa79a5469083957b5bbe6affaa207bef41e4b62e6653256c61315975568b0fe1ab500263fa99e338728caaae20b62a5d1f3fd9754594e1399bdea3cf"}], 0x14f0, 0x800}, 0x7}, {{&(0x7f0000003dc0)=@nfc={0x27, 0x0, 0x2, 0x7}, 0x80, &(0x7f0000004040)=[{&(0x7f0000003e40)="cd6088f191ba39811430594ba6b1b067d0b7aa3935c04da46e", 0x19}, {&(0x7f0000003e80)="86aea437b693ddd52779e40592555f9862c6", 0x12}, {&(0x7f0000003ec0)="47dd31f62318c965cf5dbe6a267735a7d425e6340e8a907df3001ce2840b1fe8456a8cc4eaec653a05ae1e7f36d2a45f0961832ce1009d3b4cbfb2abe62a769696f4d0", 0x43}, {&(0x7f0000003f40)="19ed17336012205c9dbbdf3a7a0bd2c5f63ae1c69581254f9c60db2592555d4ae9869b398512eba9e8bb6122c0ce7f8eee4064604a5929c866deb6d29d4e1596d030c7446581952d860f3d209cbacc70420a4f711162e0660c24", 0x5a}, {&(0x7f0000003fc0)="ff60eba62df2ff9310c75deab9f4b3c9872b6792acf812899277a9a29b1fe7dda8b07c6e7dc1d38547cf1b98692e6aac23b91edd9e8c2a6fc0faad3b2b7bba246c098da4568644e074e06ab9900c", 0x4e}], 0x5, &(0x7f00000040c0)=[{0x20, 0xd5a99574a63af698, 0x9, "4db20ac2fbdbc62f45af72343d62e084"}, {0x1010, 0x10f, 0x3a4, "b106b0c0bf99b4a50cba42ee21d61abfcf6524cd37b1cef1d74d98a0f2ff591665cfbfa7fc29aa25b24cb24c5cda2057032b0fc9ed944fca184dd9cb13d0c2137d927d2b33bf93a1bff80a8fa5f01d88fc0976c3fbdf9d6577eb139aa80249caa354760e173ffe47cd67bdbc9118050c2cf5b1696d70ea3143e1de7cebdfaa2104c400ebf9c06ec4fbd278180f11b27c3842f546cf45761e5481bb2c5152c7a7f6b6aabc7ded71e040651c437662f260859196988d23383312ead87f3e84f1ef9788aa1221db890d434a00be84e41786bc1cd6ccbc8866a270dcc812ef8e95979516b04cc921e0b3a1cb10bbfdcea225f63c1a1f260697c6d65821f8c5be5ae80a3f7146269edd119f6037da68ce84d918118ea25279d235ba3c138e94d387818f87105d02f7fe72608008aa27a1a490ccf8ad95ce760dafb707ab4aaf2223009b4b0841c011ac182fe8aa98363a47f8ba52b764604249231fb3f927712afb3c7042730388e5cb02a07c993119dfd5ed29acb5f93af93f9b821926706878437ca2c3e981aaffca041f5b143f8f0c3c48dde4ff7af7cb8664ffdd990e9934614edc1367879b2c8f60a4f0bb403e3dfbb06258d86b8afc7b5f21a5c5679c9f2b583f3c6433e7a2ba0964d92e3e01d3b277ffd4a847cced4bcb1792bb1120644b24aa43fc24cb1d730dcf63db5b22b6ec7f5089c979d4f58973609ade994d747744c11624f7c8d6820543972ba64094daf35239aa1e69dfbcbbaf2c8ba79b627cbf0494ccb20e5b07768c4081f302753e40129c77bcf821b790e73dda07b08172b5de7e036f90aa3d3df4667adf881103a846d36502a130a51cffddafe842f585f9fe6b1377fd14e856dd61a11afe8ce9caa2950faab456d7a350381d8c3173f53abde953b223e41ef1e73466834a89cf46a7b28cd716f9c9e351f92728105120bada5b0f333a8a6d455d0a6d3ffeb7bc5e5853d762673992074bb78a644388079e05d866f0aa894348c6df62567fa2ac574ef0a6d1a4d1d4feea42561a1eabf5b63c00bfa2083ab2469e90abcb23d3e18366a08acc69423bc88f8a902dadea5ee336fb46476645d5cad87cdd54fb40d5fdd657aeb11b000a94ef1c17692b3284727bfd4bcbf9f3ed0005afea0f8bb2e938dcda61883b75fd785354527082970cd356c2e840ded9d4595cf7f8d7d553a668f2f99e297528701395165f3f9ee3fa0de8b8198ba07f41457d37b817b7c6ce9e0b8c0d65f0cf4aa293f0ef36ee850e7952b2f212a2b3c9382358e2442dd604c1336a7e22293194d6f9927f15a66e896b92b0f34ce8c212f9cbfb915d625749db0c92bf6f7583ad8cf95631df69faf42da0cb566048333b3283e5e8a4431875314bbad2a1e9ea24c662ed4fcbcfc31e4f1a387250d16ed5f45aff82e5275bf4d29b3c7ab66d8e9fb124389e45ff8422bd97ce2825f9f9a2dfb94acbce6aa99bc13b0e67d043e2a5f6709de37af42699153a3a8b9654d50a6e6e1e5b183dddaa8346234418b944bf0492c1c10b74d7d6947cd9ff2da5af82cddc2eb075276e175d5d203cbd36674c34f43a90464c4d97677e16f066fff72db4aac1bd9fd379d64c4792d6826a5d3af17109de537a3385d332d73f1cc1f846d6e314e3f2ac2cc52115c96feb345a44b075fd5f93c59f8be24036d90fcd666e883d73720727a917d03ef7b2957c8ddf12d77ae4d353e8504746200abd845eda8aed9b71306b53c596c2b0760bb620d68b6aa07119173853321a9f6df68508db0cfbc9709a549f0ac501a70f884a9b5226ee812792364715ce2eaa6fb440dbd4fdbb91779dfcbce27a116f308f5f8b00ee9643af0e577248a09aa1ff115a872b6bd6d2f4631ca07ee705e00c2f6728d4f4b1c53979c33294e68305c54c536b8b5d953e8ce4de565b3d3406a5686fe17712586c5c5e6085514d59a367a2030b3225b1d28e8c86224a6dbf2dc70c67098c1dd1c12be9d157eb5149925ecf75575e40a05b186a06636c62ae93607b91bf71992a36856589b9ff1ce3fe0a4dc408b4a0a86dd535e66c087edbde604e383d79049f9cb311ea21b7ff8858825315bed25d498f919b9921865bd45486fb8dce006d7addd15fb57acc1749b5c219bf7f58f9e44de59eef1bfa879c99c1962719dfd59f7bde1609de0a9c76f5f4f74b5c941d227fdf8ae980222261ed1ae438ee67cd54ed70e098f0e9834668cf79c29abe84d37fe8f227cca3945b6d42e8fc7e4e8d59269dc3263aef991f7830dd9d3d1d2ef333aa60d4b8052f22febc33dbf31caf9534838c690013f20b5d2c9e6212c0305d243bc608fc478c5cc074ab84a802a2c3944c83b31f3784a84ac41be27178fb3c2cd968c77bdb31758eab1714345cf10162668d41ddf7e83badc0062a148c4dc8dbabacd3a1165d3d1fbb40b5113da8da39b321827dd48794cc445f4666f224c55c3c868bc16efe925fdaedb14faf446628e20bcf1ff5b833137047f3d3a4e4825ecf7e8c7b9be1e0b8a0f6740330cdf644e0ab3d7bfe3bbe76a98efd95a21c49128305c020ae4994288a70852b6f6c98075232723ac869426bab9e4312785568c61ddc345d87ab33bd738599982629244499002b7affbe33c863c8f1d88b4a57c9c0f2623100f1402e017b78f0640bb01bc5e1a7ea8733da92b3fc0eaff0d8400cd180484c7b24623ced8b2a620057740c329239509ce12e5bd2ce33b014d875b7f8682332073c65b4792b44b66529c075a59d9b5b625f373bdbfe839f92f22f8e4645e39d1a2ceee11630e7a226e5ba24390c3225ef7001a5c2be4ce736ef7a69c53a43cceb93b55cd8ab69d383c3e5f0460edd7612b891f02e50450f90509f7f92e86e3c82a34c938e0106646dcf1a07c459378b987edfeb0565ff28a4d83bcc79c71746f9da1a1ec4e1cc769942b8fc236d27781f37a1167b9f2f5888b8fb29a3ec54f8969cbdc866396d4480f3323a25d2560075d160f5d63305f2920b760ae2891c26019c58f55f8ae2d0ad2ac535e0c9d06dcd76e734264cd70d0d868a8fa5af61ca0ce821f577ebea767c44c5b1ed697131cfc18c31b5b026e9e6d3d75dff5a5fdce5f84e7044ce4d813e6dff137b1fa213cb27b59591176862e5595c6bd57a55a08b855df36eb6f1a04f2826b31ab046f79025891b807842a8d38309f5eb420879b14b30765047664e8af983c7ec795a7b5193dd7977bb1de1cfc0f0bf590d8ab9a887463c084385a20091b2060cd4c56624bd500d99b91593b235aac6b498fa4de9d59e9b2cba763dd17f11efeefb45eccd8ea65e7e0a47bf9a5f9ff582ae2f9676b1967c042cefde9ceee1dd35720b49b1caaf2e105a0d1128025102b8b14ef1e1568900ec4b3736bf894f57b520041a61bf1201845c1f85ecf63d483ba1ea7eb7629e71a5ab774679a58eddc117ea2a334f54cd94bafe63cbe50ae28d21c7f9dc027f00b64f494c130b17705d2bd45e9a18c0b13935a6d9cb9537bf06de50a3050b56b6100a07cd6d9574224c7d64dcd4661710f07d66e2789035f83462fcc11cf26277a6aadb420048903c882493a55bdfa7024484f77b2700b07c2f10ab61b8b64757a4bc71820a8f35965df569ed18dfc3213b8be318942f20f94bf071e092139f663d815b3c796c5ae4d2e7bde9beea7b605978a2ac2c4ce8d72932c8307f82ea7f0ae7decb838050e5036025414e08a2c5cc493c7f2f3b6d74c6a4ae8decfe5e3e2f17bf7ae0420a155bef3de670c1418f66eb73db0ffb55c81ecd66fef47bded6e350d3b9c7a5f360b6631909b658781a11d40300ff74cf31ca161081c6f118bb0601fe7f56fe1f30b5e4213cca3cf85633bc41db588a15faf97951d6faf20d203b1b05530390cb1789d64b1e19ec407c03e8181554f8241ad2ae4771c5f55b8efcdbf4e2263e422261a594cb83a9231827cc94c215d7a58f96e701789daa50ebd0920535e826142c9bd22476896d4cd96e0d1e56dc67fa0b10b295f47276d332d82d2b3240bae33ba992e801061c2e1fdf802a2ec082624526db616f35ee60cca7c0c72da5b013d55084ad19c45dfc623a28c9ad8b7340aaf28d19cdc99445aa0852eb3c11e1427a498c0ad34b3d0bf7f745ab71af8b08bead553d27bc0f5c6d4adc28455a21ea43c464b9348c9bda5ce12b106e19669b760fe5f98fbb4cd47c4701b3a0eee15205a3d65fc14b761f291613122681a800d7e204d60392543de4a16bf20164a7e1cb1afe93b3960df4917c5ba0f24a40d907b873550280b85ee5287b2f91bbe2d6e631bdd87bc11ac2ef49fb3ebfc83121cf44299f70ce02a9d9677019a7cd2d4802bb6b469c905e5b8a21766bd1ca20e61a0aec752982df235de376da8beb508a4788758f6a5b8a87c3af3e0fa4c375b3179da55304f46893d5cabac22a7651beea6ab980bc4fdcf0a5509f3cee2d562c42e6fce665d00bb4a11eacaad43cc1099d9f5b7a32ad8cb68136eb6a7f6c32db8e6bba6c9de7eba34979538224de0970daa56b3ffb113770b6e5ed89549143f814768c9438b7761ae543bff793ef6a4b9ed6352647985d11a1c68381e3dc5c5519aa52634cc0a9b44f40d58df3698cbd5bc720ea47c5d4e4a3cf154601fdba70009881fd882f74e3d8e2501567983ea18f6ad17d0b5bf9d370ba2c7b2e068b13a0fc423e9e6cdad5c8f0477a95bee762d7b4666569adc658dd96a94c7131e327427c0c41408f9d7e97a527ca6f6295376ff1560a8e16c25b2646fc8c2e84106b5df5d0e7555fb619839fa32136e2059814bd3271d7ad1780bba15e7cd8021ce155d26b311e669fc7c13856d424154283c8150a726fd21de523ae3c02873c37cd1a503550eda881be8fae611eaa3a4f6d842053bc72b9160a82caa38142a7414f97b606da74e971031777ad1a2e04a418499923a65895b3d9550d0d6d83072f143e2cf003f0dcdd081af3b1c093c51ed69ea5b426af89cca1ac95eb473d7f714a6bb10547a65622412e80f85aa122e8fe346451b5892309d0c504f2be2fce33b4b174646138572f761a716ecc69105990b6765c0489158b03ecdc036efc3dbfbf44db8a6af8beebaafa4889aab01913af414110bfd84d842ffbf3461915b03b9cf0e346598b4674a883a1758e47105af69c1acd4ba86f22a6627fdd63e96804d5dc3e5ca23fd957f1e72bbb064a054a1f9cc01808c27cc229e838a3279f45fc5d8db48a33f54ef67ac99989c8eed8c67f5590e09fab782f456ecebe06e120ed660b2a7457b0db4debd53c8ccef893662cba5036c32950da1753b6b39b488531e7fe457f8877644a54f701b8e1aa4510cdb399a723b17d935e3e065e312cc5a0ac425912520d9b2d151aff17102647ef4cf0d6f00058ddc6d9271b094debe41bfc74c1f98a6d003eef1485fb86ad9919d18be69bacfa9569d13c9ef351a8c665733b09daa8c433c9db43c169f7d788fb1a8765c5d22fcca28e7a0f8f8ba76a891347c33e98ee4d315c114b09aeb15352cb07c26051b4841ae463af1da494d324fbf3df586cb78245eb97aaf97222d1cadb8942a4c6500632358790772c372e2c8d9ba802599760fb5acf0f03138a347c6c4ee4bf194ab7aa1dc0c525b84dff432374257735ff6291b3e412eff4e9e7b802243d9b4b04c85b088d34b965d01575bbfe2582552ac9189c4fa98bd8b18a08f9fc09b8ee5b94496d0334043f1de1122b1de8ea95cc323b230da024096c7c3324cd9516850b23a6afdfbe815ab767978602f7b164eacae1de50d436385290fd64959767522020d9"}, {0x90, 0x117, 0xff, "ea8c89d79e83c5ed5f8616c69d0418ef2f8a3190d476702f09a77649d366cb8cac6c28510ed10f726930ae8f69be789979c8bcf81ef760040a387ce50804406b2498a9e4fa3456d17b86b4ee63da724fe3e281438531c79a18f5b0e1910fb614ac9c843bb02c7e103b28454add6eceab68daa71b8ff74e152919c4c6"}, {0xe0, 0x117, 0x80000000, "a8f6e03d427120a42109f432c276d95cedbc944180e0db255cb94333483a036b1b34117b172d45d2ecf300d5f3d12a1daee796ae873dad3d510e13078dfdf218e46167bbfd88960dfc77aaf1cba606295ae33e4f41ecc760580e7bec6c8c7aee1d9351d739badab4c5e2349504707ebe8377fcaa151fdeb66a74d194b5049cc49eaa61f1a69f9b091d36dc8a231f8b4cb773df5e2b423c255ea6ef76873f2fef6695c33dbb8c054aee2b36ed18c05514c98cdd7f7223e6c8fae7337c5c8ab7d195b693ebdb171e2e13"}, {0x108, 0x1ff, 0x1ff, "3191f07eabfb18747ce6db6927ca2b3c0d9be393cf5e24310c445728d977a14358c3db6c1691d930b0e6f2cf7aa3c3dddcdae840eda3e9bf96af28a3ea0da09f2c3498ab27c846d6e54730e1589141d4ab75723198a8d0b97e71c5a5ce47c210d8075c5f9a1a357a6ea08765e76ecfd82d464af25b08d58d333387f99faf5bbce1c090eee25d077beb8df18fbc609cb0a6d25d9063d892775a8fe4a3cc6231de20dd2208c77d730562037b7300d8780598f5227ed6c9c84adc3b6bcd4540437caf2c8b087fdc407474b14d5fcb0e86aef8e2f69786ec98baee2077d02bcd7c0a235112e5122e2274e7c44306a28de5556fdb17"}, {0xe0, 0x13f, 0x952, "3aeaea1e7a8f13d72938eac28ef8fdd908395112c7a421e90f2d77f8d99ea53d4a73fc8ed7bdaad4004f46d0d8a54d9040c0751ad14455488fd6caaff99559638fd7a4c81538a278316b291cd53ab722e5793c367f5a8381cb6b92840f5110d4bbbd0f06767b225918e034c596d839f1cb22300869cab8b90045c5152e062b9a10f2e83b4618ff53d8a80293e21d33bb1c7daa769e885cc6b24d49ff94e4eaa93d78c47454a9a59f61d197cd3725b04afbd0f05d2cfa421040cc8213df05028b0d06df3e84c6d272486845f0320e23b5"}], 0x1388, 0x4000005}, 0x100000000}, {{&(0x7f0000005480)=@sco={0x1f, {0x6, 0x1, 0x1, 0x9, 0x1c9, 0x7}}, 0x80, &(0x7f00000055c0)=[{&(0x7f0000005500)="9fb63fe1df5baf7071be2ca9", 0xc}, {&(0x7f0000005540)="be1df15ec97da6d150fc87deda3815382cc86ecf155083312734fe59ade5f15efb521300d90d49e1919dfa37794d35300462d6770805ad5c7377a38c018243b87eb0a9", 0x43}], 0x2, &(0x7f0000005600)=[{0x10, 0x0, 0x1}, {0x108, 0x114, 0x7ca, "35bec01cedf3688b1b333883bf7981f158d608ee9c155ee2b4093919b0aa887be989f30ae014dbfe96d1fadcc727f6c2b6a2330f52cb664446f04d83cf8ca80adf8ad4405a5cdbd521942ed31a6a442f1959de0f2c0ca996ea25d89a9bc975283b51ec0d4b4d7d690fb5ccb7f9596be818a1ac14cfb3a43843f23a160f52cbce070af7a1c5980333ecbd4e1f61596da19fe53e825e9daad613d0133b3b0f397b86f379bb907b8a767f072bbb971b3eb6fe7025d0cbcfc69dcd9e3df1571fb0c895658931f72fc44e5b68d03ea3a8f860cbd5b8084270e06542234ef50d25973f881ccebc104899e2c32c19db15fd6a443a08"}, {0xe8, 0x111, 0x7, "c0395983793f18eb0ce0d4e1f1a33cf8cde5508c62eb0f5c665a38666419f3f1e357bfc9c7c2317c567fdcd5d3fd854e8e624081532ae31e4d6e6feb80c7ac0a9d55f9931fde8bddea313845a27ac64bd0059bf83a8feedce4141519eadb9810502c334b79f5af321701f82fda9e54ef91539c0f3b3e695717a85c4065a455cecb0bd1026e7cfabfe0d0eb314eaee27b96ddc2a015ce9cefe24b0211c8a84166f3bec32b046fd60aefcd596e9a343fcb564c7cdbbb8f66f97c479d826ab404cdfd2ddf8384a6317f498621b5b25cf9219e2d"}], 0x200, 0x1}, 0x1}, {{&(0x7f0000005880)=@xdp={0x2c, 0x3, r2, 0x2c}, 0x80, &(0x7f0000005f00)=[{&(0x7f0000005900)="a288c84b86bb97ed5ba6697432e4c7644559a31136e16254772e2439a942b007f3c029f41a4ee60fd001bb61ad4b673e263cd374f5ba00400f66ac5be1b24cdc0233ab02dae30e54ad26d6cb1f1924c3740e3ae8e4751e12ee92aa92d1c9baf726c28d30f08e2ef9500bcad77da0351e141bd0caad24a350fd9dcf2d5fdae3e4d76ea03bdc17f8c43174382c835ad6379f3196f30194b811af0a12ab3630783ffc664a2385cd7f9fa2dc4a3f27d7325dd614815d03f2445e4de537fb77ef59bf0cda66", 0xc3}, {&(0x7f0000005a00)="170d7b7345cac406912081bcc65799c89c2553464efc2a59f9a5960f30f0f937cd2907321d5da8fc30ac743f9c9f74198490ffb0b4d153281a0e875796f2f50559072d6547a354277edfee5e1fe48a3dba07132b71393bd0b265a137b1c3c1ff76c7dda92653fdf79e18d73264d1ed7a1abbc8d9432c42128e8a8d1c4af80c35421d0fcc77f5f4c37679f5de48a86c1f1d1679633bc934b9e1d7963548946b5db436fdfb73", 0xa5}, {&(0x7f0000005ac0)="6cf7eff3a8ddbd52793d55b766023ee2b92810f773909374e7d5cc531cab0232d7693366d1e1bd2f41dbe27fe2a817032183413d878f87217344ee9a3b4af0d9aa3e8acd6be61bc05c6e7b87f15f5911b3ca6d2740b5a87de7f49064e62f2a528eadaf9e2e022ffde38165931ba10a2aabe6ee4cc79859084497e534163a2e7808db202cecf3910e056919e97d1f6e70a4711367fd5fca79885a9aee7e0d40ee5c5ad9dda313ceb094bf01a9ace525bedb82adec8bff680ee4ec875db293efed2cab87", 0xc3}, {&(0x7f0000005bc0)="88e00f071fa24dee96ec1dbe531c3adcb7983a4710fb8396337f", 0x1a}, {&(0x7f0000005c00)="6fd7d3cb20e8ecd4379528f4cd871901be29cf64030d79bde3d76eaefb1d27313a467f75cdb22c6522351cc124ca60b718e8c22ca3624a3e1118144da520e065e36c684a93b5f63b79aefe5e4e0fda9cde68acc4cb83ef02b94a01c13bc795927c256b05a53362d7992c0c13aad0d10117fd5c7449b9ad7a455f6e008e30c8e53ef1edda4ccde5915f9146090e36661c50da0a1a28c214f59dbf9ffbe1624b188440c92c1219f3a1f7df4d6aa6b804416b5072c011aea8456328a4f7a0cd7b8695c501510fd7d540d2e9f5fd99ad693440fd65b8e5be1032467371ecb6de5d3f734325c704", 0xe5}, {&(0x7f0000005d00)="d55adcece893c2bab7305f52550a173a3cfff5eac69991fdefbcaff63c2839f8c5cdd7be4d8e0d007b62cdd8252715521cdb", 0x32}, {&(0x7f0000005d40)="ad757721a2b30d1f0b21a52f1c133e6061bf5ee2fd087eec9490d68b753214603da1921bead53c465e2b23823d5a26dc30aefcafdb789d8cb1c4c3b36ea3c2d5c804b8e587d4cbe2e2fd523e837ebba3135ecada1091c9badc315d4a18a1d080a2c0c4a9f5baafed870f64e1479d50bab740", 0x72}, {&(0x7f0000005dc0)="8462c1219a39ae0b9478e1776accee31973a5c04a593d846d7a31c64a3889f13c7eaa056088ddc42d02615e442d1ad516b331d7f292f37c381b6aa6a3ba2c74a6e7f3903673a270114478c475d0762432c629b6623a44ee77e9c989dcda9060b9c2d0b9b196c49108855f4c4b3efa7abc16d58bf2301b75b6d668f38acf9fb4e87287f96c32876d30dc51ba768eaa38f307d6de428bffe0200a82bf45a6203200bc2f20c927e57c20b016a0be8ffc3fc86e88ef4b332237a0b1f311e91beccf8a26e778e6f26a61871daac85151e", 0xce}, {&(0x7f0000005ec0)}], 0x9, &(0x7f0000005fc0)=[{0xe0, 0x1, 0x9, "c2e2b4ecd8d85c9fe12aac317ad9ca4498115a865e7be641539267dac69ae15ad9ad6c225d1237c5217df59543719b1c242bc2181817b85d13e8ad69e388bb1448349af663bd4b075ededa08126ab2f620ad0a186d1e022ea1bae9567bf7e6e65acf09c5b5edcafa6f8ea5c310e672507993b524bb4c1e95c7cc6d0b237ef363aee16d5e5424b05cc163ede35ffee3b551ead038af47ff3c104c967a2e0df9051f3f1a6bd21c0004872a5c530e330abf41bffca096ff55d795126cd1a77384dca9e70847163c7d176f"}, {0xb8, 0xff, 0x3, "28e810f62a3f68d834aff4942dc6a02f224edcf2a62ef0321965d2b8c31b807a7ceede96b18734f47dd6be69ba869180a15cccc09ccba2d7422bd51ebf65eb6596c20be3f901cffd3deb91db9829269619d972f30bbdcdc9c57b3a033c7375c482a969bb3d5b475ed81c71741f97ccffa45fa5c9dc7b11828b6f3eab8c74facf0966d946bb9d45e25d95ab26c97dd1313ed3d249506078b95bb9d71db8ab905089b9b33cfc"}, {0x58, 0x88, 0x8000, "1817e5dde65844d361e6ec9be8bf51df79a7ba59ca4434073b9000c3a26b5464b1bbd8064f8d19531cbd8f1350cbb370ab4d885245303b4aac12fe786fac868b2d7bd99a6790ff"}, {0x100, 0x84, 0x3, "146be27c5f216656b10c875554323ada4256f4ac0f978878608aa3b8481d6d4bf190a79b16a7e54ba080f40a65bd16cf01a46d755ad9fe070242f166d1a42a20b01fc9b1e85bcaa4d8ea56ca7921690c7158b41876785991093e569dc497ed231c026766a73ee147d4e5ad5894fb406d66f020f72a640160d0b3c8f7893d6c4fa73de61f4fd8d3ede5fdb92d754f56afbce13e35e59cc7f214d76f766a628e2bb79d4fb98aa3f2e0932154b8779158fc72e7cbeb011dacd04c706819e44b5e6b60302f9d3bfa40f13d446ea8b031f4ecd6dc65056029220f0f4dfbb3bac2195f7c1ed9db34f04702a997b576"}, {0x60, 0x115, 0x9, "b4bfe10ebcf971c9e8403bafe9c8f82f2e5d6ca24a3251527f6dac4b699092d92085533a100b6a0aa51c0b12f19df3e91fe41ef38f979dbe675d88b6c4aca79f9dd1419faeb4ffc9a67c136f"}], 0x350, 0x20040000}, 0xfffffffffffffffe}], 0x5, 0x40) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) getsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000006480)={0x0, @in={{0x2, 0x4e21}}, 0x4, 0x8, 0x0, 0x6}, &(0x7f0000005ec0)=0x98) ioctl$sock_inet6_udp_SIOCINQ(r3, 0x541b, &(0x7f0000006580)) setsockopt$inet_sctp_SCTP_AUTH_DEACTIVATE_KEY(r0, 0x84, 0x23, &(0x7f0000006540)={r4, 0xdba}, 0x8) ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000000)={"76657400000000000000000400", 0x43732e5398416f1a}) 14:32:13 executing program 0: r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1, 0x0) write$P9_RLOCK(r1, &(0x7f00000000c0)={0x8}, 0x8) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000740)=ANY=[@ANYBLOB="000000000b000000060000000080"]) 14:32:13 executing program 3: r0 = socket$inet6(0xa, 0x3, 0x6) r1 = syz_open_procfs(0x0, &(0x7f0000000040)='net/raw6\x00') sendfile(r0, r1, &(0x7f00000000c0)=0x155, 0x401) 14:32:13 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={&(0x7f0000000000), 0xc, &(0x7f0000000540)={&(0x7f00000003c0)=@newlink={0x28, 0x10, 0x705, 0x0, 0xf00, {}, [@IFLA_OPERSTATE={0x8}]}, 0x28}}, 0x0) 14:32:13 executing program 1: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f00000000c0)={'\x00', 0x400}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000200)={0x94, &(0x7f0000000140)}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000140)=@assoc_value, &(0x7f0000000180)=0x8) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={"76657400000000000000000400", 0x43732e5398416f1a}) [ 975.172609] validate_nla: 22 callbacks suppressed [ 975.172618] netlink: 'syz-executor4': attribute type 16 has an invalid length. [ 975.183744] audit: type=1326 audit(1539268333.764:202): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=8036 comm="syz-executor5" exe="/root/syz-executor5" sig=9 arch=c000003e syscall=228 compat=0 ip=0x45a37a code=0x0 [ 975.215595] netlink: 'syz-executor4': attribute type 16 has an invalid length. 14:32:13 executing program 3: r0 = socket$inet6(0xa, 0x3, 0x6) r1 = syz_open_procfs(0x0, &(0x7f0000000040)='net/raw6\x00') sendfile(r0, r1, &(0x7f00000000c0)=0x144, 0x401) 14:32:13 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={&(0x7f0000000000), 0xc, &(0x7f0000000540)={&(0x7f00000003c0)=@newlink={0x28, 0x10, 0x705, 0x0, 0x6, {}, [@IFLA_OPERSTATE={0x8}]}, 0x28}}, 0x0) 14:32:13 executing program 0: r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1, 0x0) write$P9_RLOCK(r1, &(0x7f00000000c0)={0x8}, 0x8) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000740)=ANY=[@ANYBLOB="0000000011000000060000000080"]) 14:32:13 executing program 3: r0 = socket$inet6(0xa, 0x3, 0x6) r1 = syz_open_procfs(0x0, &(0x7f0000000040)='net/raw6\x00') sendfile(r0, r1, &(0x7f00000000c0)=0x152, 0x401) 14:32:13 executing program 1: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f00000000c0)={'\x00', 0x400}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000200)={0x94, &(0x7f0000000140)}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000140)=@assoc_value, &(0x7f0000000180)=0x8) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={"76657400000000000000000400", 0x43732e5398416f1a}) 14:32:13 executing program 2: write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000180)={0x20}, 0x20) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) ioctl$FICLONE(r0, 0x40049409, r0) r1 = dup3(r0, r0, 0x80000) ioctl$KVM_UNREGISTER_COALESCED_MMIO(r1, 0x4010ae68, &(0x7f0000000140)={0x10d000, 0x10d000}) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f00000000c0)={"f5ffffff00"}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000200)={0x94, &(0x7f0000000140)}) mkdirat$cgroup(r1, &(0x7f00000001c0)='syz0\x00', 0x1ff) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000000)={"76657400000000000000000400", 0x43732e5398416f1a}) [ 975.340438] netlink: 'syz-executor4': attribute type 16 has an invalid length. [ 975.379559] netlink: 'syz-executor4': attribute type 16 has an invalid length. 14:32:14 executing program 5: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) prctl$seccomp(0x16, 0x1, &(0x7f0000000040)={0x6800000000000000}) 14:32:14 executing program 0: r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1, 0x0) write$P9_RLOCK(r1, &(0x7f00000000c0)={0x8}, 0x8) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000740)=ANY=[@ANYBLOB="00000001e2000000060000000080"]) 14:32:14 executing program 3: r0 = socket$inet6(0xa, 0x3, 0x6) r1 = syz_open_procfs(0x0, &(0x7f0000000040)='net/raw6\x00') sendfile(r0, r1, &(0x7f00000000c0)=0x153, 0x401) 14:32:14 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={&(0x7f0000000000), 0xc, &(0x7f0000000540)={&(0x7f00000003c0)=@newlink={0x28, 0x10, 0x705, 0x0, 0x400000000000000, {}, [@IFLA_OPERSTATE={0x8}]}, 0x28}}, 0x0) 14:32:14 executing program 1: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f00000000c0)={'\x00', 0x400}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000200)={0x94, &(0x7f0000000140)}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000140)=@assoc_value, &(0x7f0000000180)=0x8) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={"76657400000000000000000400", 0x43732e5398416f1a}) 14:32:14 executing program 2: write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000180)={0x20, 0xffffffffffffffda}, 0x20) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f00000000c0)={'\x00', 0x400}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000200)={0x94, &(0x7f0000000140)}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/net/tun\x00', 0x80000, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={"76657400000000000000000400", 0x43732e5398416f1a}) r2 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vhci\x00', 0x0, 0x0) clock_gettime(0x7, &(0x7f0000000240)={0x0, 0x0}) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r2, 0x4040534e, &(0x7f0000000280)={0x94, @time={r3, r4+30000000}, 0x97e, {0x3, 0x3}, 0x0, 0x3, 0x100000000}) signalfd(r0, &(0x7f0000000140)={0x1}, 0x8) getsockopt$inet_sctp_SCTP_PARTIAL_DELIVERY_POINT(r2, 0x84, 0x13, &(0x7f0000000300)={0x0, 0x3ff}, &(0x7f0000000340)=0x8) setsockopt$inet_sctp_SCTP_AUTH_KEY(r2, 0x84, 0x17, &(0x7f0000000380)={r5, 0x9, 0x38, "99579f419d0926ba8c6c5bbccbc7d3cd6c48a94c37b5b56dc51d00f240b22548e4ec3962c919a9644b7259bddf91e509bd6a981f571431de"}, 0x40) 14:32:14 executing program 3: r0 = socket$inet6(0xa, 0x3, 0x6) r1 = syz_open_procfs(0x0, &(0x7f0000000040)='net/raw6\x00') sendfile(r0, r1, &(0x7f00000000c0)=0x14e, 0x401) 14:32:14 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={&(0x7f0000000000), 0xc, &(0x7f0000000540)={&(0x7f00000003c0)=@newlink={0x28, 0x10, 0x705, 0x0, 0x4c000000, {}, [@IFLA_OPERSTATE={0x8}]}, 0x28}}, 0x0) [ 975.999175] netlink: 'syz-executor4': attribute type 16 has an invalid length. [ 976.012894] netlink: 'syz-executor4': attribute type 16 has an invalid length. [ 976.020683] audit: type=1326 audit(1539268334.604:203): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=8086 comm="syz-executor5" exe="/root/syz-executor5" sig=9 arch=c000003e syscall=228 compat=0 ip=0x45a37a code=0x0 14:32:14 executing program 3: r0 = socket$inet6(0xa, 0x3, 0x6) r1 = syz_open_procfs(0x0, &(0x7f0000000040)='net/raw6\x00') sendfile(r0, r1, &(0x7f00000000c0)=0x146, 0x401) 14:32:14 executing program 0: r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1, 0x0) write$P9_RLOCK(r1, &(0x7f00000000c0)={0x8}, 0x8) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000740)=ANY=[@ANYBLOB="0001620000000000060000000080"]) 14:32:14 executing program 3: r0 = socket$inet6(0xa, 0x3, 0x6) r1 = syz_open_procfs(0x0, &(0x7f0000000040)='net/raw6\x00') sendfile(r0, r1, &(0x7f00000000c0)=0x147, 0x401) 14:32:14 executing program 2: r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000240)='/dev/vcs\x00', 0x2, 0x0) write$FUSE_OPEN(r0, &(0x7f0000000180)={0x20, 0xffffffffffffffd7, 0x0, {0x0, 0x4}}, 0x20) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) ioctl$TUNSETQUEUE(r1, 0x400454d9, &(0x7f00000000c0)={'\x00', 0x400}) openat$selinux_status(0xffffffffffffff9c, &(0x7f0000000280)='/selinux/status\x00', 0x0, 0x0) r2 = openat$null(0xffffffffffffff9c, &(0x7f0000000140)='/dev/null\x00', 0x2, 0x0) ioctl$PIO_CMAP(r2, 0x4b71, &(0x7f00000001c0)={0x0, 0x80000000, 0x2, 0x80000000, 0x9, 0x1}) ioctl$TUNATTACHFILTER(r1, 0x401054d5, &(0x7f0000000200)={0x94, &(0x7f0000000140)}) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) r4 = socket$inet6(0xa, 0x2000000000000001, 0x8010000000000084) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) getsockopt$inet_sctp6_SCTP_ASSOCINFO(r4, 0x84, 0x7, &(0x7f0000000080), &(0x7f00000000c0)=0x14) ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000000)={"76657400000000000000000400", 0x43732e5398416f1a}) [ 976.163462] netlink: 'syz-executor4': attribute type 16 has an invalid length. [ 976.216849] netlink: 'syz-executor4': attribute type 16 has an invalid length. 14:32:15 executing program 5: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) prctl$seccomp(0x16, 0x1, &(0x7f0000000040)={0x3f00}) 14:32:15 executing program 1: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f00000000c0)={'\x00', 0x400}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000200)={0x94, &(0x7f0000000140)}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000140)=@assoc_value, &(0x7f0000000180)=0x8) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={"76657400000000000000000400", 0x43732e5398416f1a}) 14:32:15 executing program 0: r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1, 0x0) write$P9_RLOCK(r1, &(0x7f00000000c0)={0x8}, 0x8) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000740)=ANY=[@ANYBLOB="0060010000000000060000000080"]) 14:32:15 executing program 3: r0 = socket$inet6(0xa, 0x3, 0x6) r1 = syz_open_procfs(0x0, &(0x7f0000000040)='net/raw6\x00') sendfile(r0, r1, &(0x7f00000000c0)=0x156, 0x401) 14:32:15 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={&(0x7f0000000000), 0xc, &(0x7f0000000540)={&(0x7f00000003c0)=@newlink={0x28, 0x10, 0x705, 0x0, 0x7a000000, {}, [@IFLA_OPERSTATE={0x8}]}, 0x28}}, 0x0) 14:32:15 executing program 2: write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000180)={0x20, 0xffffffffffffffda}, 0x20) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f00000000c0)={'\x00', 0x400}) ioctl$SIOCGIFHWADDR(r0, 0x8927, &(0x7f0000000140)) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000200)={0x94, &(0x7f0000000140)}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={"76657400000000000000000400", 0x43732e5398416f1a}) 14:32:15 executing program 3: r0 = socket$inet6(0xa, 0x3, 0x6) r1 = syz_open_procfs(0x0, &(0x7f0000000040)='net/raw6\x00') sendfile(r0, r1, &(0x7f00000000c0)=0x161, 0x401) [ 976.853478] netlink: 'syz-executor4': attribute type 16 has an invalid length. [ 976.861042] audit: type=1326 audit(1539268335.434:204): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=8130 comm="syz-executor5" exe="/root/syz-executor5" sig=9 arch=c000003e syscall=228 compat=0 ip=0x45a37a code=0x0 [ 976.894941] netlink: 'syz-executor4': attribute type 16 has an invalid length. 14:32:15 executing program 0: r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1, 0x0) write$P9_RLOCK(r1, &(0x7f00000000c0)={0x8}, 0x8) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000740)=ANY=[@ANYBLOB="0000880000000000060000000080"]) 14:32:15 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={&(0x7f0000000000), 0xc, &(0x7f0000000540)={&(0x7f00000003c0)=@newlink={0x28, 0x10, 0x705, 0x0, 0x600, {}, [@IFLA_OPERSTATE={0x8}]}, 0x28}}, 0x0) 14:32:15 executing program 3: r0 = socket$inet6(0xa, 0x3, 0x6) r1 = syz_open_procfs(0x0, &(0x7f0000000040)='net/raw6\x00') sendfile(r0, r1, &(0x7f00000000c0)=0x164, 0x401) 14:32:15 executing program 1: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f00000000c0)={'\x00', 0x400}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000200)={0x94, &(0x7f0000000140)}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000140)=@assoc_value, &(0x7f0000000180)=0x8) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={"76657400000000000000000400", 0x43732e5398416f1a}) 14:32:15 executing program 0: r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1, 0x0) write$P9_RLOCK(r1, &(0x7f00000000c0)={0x8}, 0x8) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000740)=ANY=[@ANYBLOB="0001e70000000000060000000080"]) 14:32:16 executing program 5: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) prctl$seccomp(0x16, 0x1, &(0x7f0000000040)={0x7a000000}) 14:32:16 executing program 3: r0 = socket$inet6(0xa, 0x3, 0x6) r1 = syz_open_procfs(0x0, &(0x7f0000000040)='net/raw6\x00') sendfile(r0, r1, &(0x7f00000000c0)=0x173, 0x401) 14:32:16 executing program 2: write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000180)={0x20, 0xffffffffffffffda}, 0x20) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f00000000c0)={'\x00', 0x400}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000200)={0x94, &(0x7f0000000140)}) r1 = openat$full(0xffffffffffffff9c, &(0x7f0000000280)='/dev/full\x00', 0x2a6000, 0x0) getsockname$netlink(r1, &(0x7f00000002c0), &(0x7f0000000300)=0xc) r2 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000140)='/dev/vga_arbiter\x00', 0x280880, 0x0) ioctl$DRM_IOCTL_AGP_ALLOC(0xffffffffffffff9c, 0xc0206434, &(0x7f00000001c0)={0x9, 0x0, 0x1, 0x7}) ioctl$DRM_IOCTL_AGP_UNBIND(r2, 0x40106437, &(0x7f0000000240)={r3, 0x100000000}) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000000)={"76657400000000000000000400", 0x43732e5398416f1a}) 14:32:16 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={&(0x7f0000000000), 0xc, &(0x7f0000000540)={&(0x7f00000003c0)=@newlink={0x28, 0x10, 0x705, 0x0, 0x74, {}, [@IFLA_OPERSTATE={0x8}]}, 0x28}}, 0x0) 14:32:16 executing program 0: r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1, 0x0) write$P9_RLOCK(r1, &(0x7f00000000c0)={0x8}, 0x8) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000740)=ANY=[@ANYBLOB="0000eb0000000000060000000080"]) 14:32:16 executing program 1: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f00000000c0)={'\x00', 0x400}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000200)={0x94, &(0x7f0000000140)}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000140)=@assoc_value, &(0x7f0000000180)=0x8) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={"76657400000000000000000400", 0x43732e5398416f1a}) 14:32:16 executing program 0: r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1, 0x0) write$P9_RLOCK(r1, &(0x7f00000000c0)={0x8}, 0x8) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000740)=ANY=[@ANYBLOB="00db010000000000060000000080"]) 14:32:16 executing program 3: r0 = socket$inet6(0xa, 0x3, 0x6) r1 = syz_open_procfs(0x0, &(0x7f0000000040)='net/raw6\x00') sendfile(r0, r1, &(0x7f00000000c0)=0x178, 0x401) [ 977.709043] audit: type=1326 audit(1539268336.294:205): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=8175 comm="syz-executor5" exe="/root/syz-executor5" sig=9 arch=c000003e syscall=228 compat=0 ip=0x45a37a code=0x0 14:32:16 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={&(0x7f0000000000), 0xc, &(0x7f0000000540)={&(0x7f00000003c0)=@newlink={0x28, 0x10, 0x705, 0x0, 0x8100000000000000, {}, [@IFLA_OPERSTATE={0x8}]}, 0x28}}, 0x0) 14:32:16 executing program 0: r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1, 0x0) write$P9_RLOCK(r1, &(0x7f00000000c0)={0x8}, 0x8) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000740)=ANY=[@ANYBLOB="00000000ef000000060000000080"]) 14:32:16 executing program 1: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f00000000c0)={'\x00', 0x400}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000200)={0x94, &(0x7f0000000140)}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000140)=@assoc_value, &(0x7f0000000180)=0x8) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={"76657400000000000000000400", 0x43732e5398416f1a}) 14:32:16 executing program 3: r0 = socket$inet6(0xa, 0x3, 0x6) r1 = syz_open_procfs(0x0, &(0x7f0000000040)='net/raw6\x00') sendfile(r0, r1, &(0x7f00000000c0)=0x143, 0x401) 14:32:17 executing program 5: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) prctl$seccomp(0x16, 0x1, &(0x7f0000000040)={0xfffffffe}) 14:32:17 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={&(0x7f0000000000), 0xc, &(0x7f0000000540)={&(0x7f00000003c0)=@newlink={0x28, 0x10, 0x705, 0x0, 0x3f000000, {}, [@IFLA_OPERSTATE={0x8}]}, 0x28}}, 0x0) 14:32:17 executing program 2: write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000180)={0x20, 0xffffffffffffffda}, 0x20) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f00000000c0)={'\x00', 0x400}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000200)={0x2000000000000043, &(0x7f0000000140)}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/net/tun\x00', 0x81, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={"76657400000000000000000400", 0x43732e5398416f1a}) 14:32:17 executing program 3: r0 = socket$inet6(0xa, 0x3, 0x6) r1 = syz_open_procfs(0x0, &(0x7f0000000040)='net/raw6\x00') sendfile(r0, r1, &(0x7f00000000c0)=0x149, 0x401) 14:32:17 executing program 0: r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1, 0x0) write$P9_RLOCK(r1, &(0x7f00000000c0)={0x8}, 0x8) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000740)=ANY=[@ANYBLOB="00000001a5000000060000000080"]) 14:32:17 executing program 1: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f00000000c0)={'\x00', 0x400}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000200)={0x94, &(0x7f0000000140)}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000140)=@assoc_value, &(0x7f0000000180)=0x8) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={"76657400000000000000000400", 0x43732e5398416f1a}) 14:32:17 executing program 3: r0 = socket$inet6(0xa, 0x3, 0x6) r1 = syz_open_procfs(0x0, &(0x7f0000000040)='net/raw6\x00') sendfile(r0, r1, &(0x7f00000000c0)=0x14b, 0x7ffff000) [ 978.556428] audit: type=1326 audit(1539268337.134:206): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=8223 comm="syz-executor5" exe="/root/syz-executor5" sig=9 arch=c000003e syscall=228 compat=0 ip=0x45a37a code=0x0 14:32:17 executing program 0: r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1, 0x0) write$P9_RLOCK(r1, &(0x7f00000000c0)={0x8}, 0x8) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000740)=ANY=[@ANYBLOB="00000000fd000000060000000080"]) 14:32:17 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={&(0x7f0000000000), 0xc, &(0x7f0000000540)={&(0x7f00000003c0)=@newlink={0x28, 0x10, 0x705, 0x0, 0x6c000000, {}, [@IFLA_OPERSTATE={0x8}]}, 0x28}}, 0x0) 14:32:17 executing program 2: write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000180)={0x20, 0xffffffffffffffda}, 0x20) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f0000000140)={'ip6gre0\x00', 0x400}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000200)={0x94, &(0x7f0000000140)}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0xfffffffffffffffb, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={"76657400000000000000000400", 0x43732e5398416f1a}) 14:32:17 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={&(0x7f0000000000), 0xc, &(0x7f0000000540)={&(0x7f00000003c0)=@newlink={0x28, 0x10, 0x705, 0x0, 0x500, {}, [@IFLA_OPERSTATE={0x8}]}, 0x28}}, 0x0) 14:32:17 executing program 3: r0 = socket$inet6(0xa, 0x3, 0x6) r1 = syz_open_procfs(0x0, &(0x7f0000000040)='net/raw6\x00') sendfile(r0, r1, &(0x7f00000000c0)=0x14b, 0xffff8801c6f7a54c) 14:32:17 executing program 5: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) prctl$seccomp(0x16, 0x1, &(0x7f0000000040)={0x700000000000000}) 14:32:17 executing program 0: r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1, 0x0) write$P9_RLOCK(r1, &(0x7f00000000c0)={0x8}, 0x8) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000740)=ANY=[@ANYBLOB="0001420000000000060000000080"]) 14:32:17 executing program 1: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f00000000c0)={'\x00', 0x400}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000200)={0x94, &(0x7f0000000140)}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000140)=@assoc_value, &(0x7f0000000180)=0x8) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={"76657400000000000000000400", 0x43732e5398416f1a}) 14:32:17 executing program 3: r0 = socket$inet6(0xa, 0x3, 0x6) r1 = syz_open_procfs(0x0, &(0x7f0000000040)='net/raw6\x00') sendfile(r0, r1, &(0x7f00000000c0)=0x14b, 0x405) 14:32:17 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={&(0x7f0000000000), 0xc, &(0x7f0000000540)={&(0x7f00000003c0)=@newlink={0x28, 0x10, 0x705, 0x0, 0x48, {}, [@IFLA_OPERSTATE={0x8}]}, 0x28}}, 0x0) 14:32:17 executing program 2: write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000180)={0x20, 0xffffffffffffffda}, 0x20) openat$audio(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/audio\x00', 0x200000, 0x0) r0 = semget$private(0x0, 0x3, 0x428) semctl$SETVAL(r0, 0x0, 0x10, &(0x7f0000000140)=0x5) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) ioctl$TUNSETQUEUE(r1, 0x400454d9, &(0x7f00000000c0)={'\x00', 0x400}) ioctl$TUNATTACHFILTER(r1, 0x401054d5, &(0x7f0000000200)={0x94, &(0x7f0000000140)}) ioctl$TUNSETPERSIST(r1, 0x400454cb, 0x1) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000000)={"76657400000000000000000400", 0x43732e5398416f1a}) 14:32:18 executing program 0: r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1, 0x0) write$P9_RLOCK(r1, &(0x7f00000000c0)={0x8}, 0x8) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000740)=ANY=[@ANYBLOB="0001630000000000060000000080"]) [ 979.400089] audit: type=1326 audit(1539268337.984:207): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=8266 comm="syz-executor5" exe="/root/syz-executor5" sig=9 arch=c000003e syscall=228 compat=0 ip=0x45a37a code=0x0 14:32:18 executing program 3: r0 = socket$inet6(0xa, 0x3, 0x6) r1 = syz_open_procfs(0x0, &(0x7f0000000040)='net/raw6\x00') sendfile(r0, r1, &(0x7f00000000c0)=0x14b, 0x410) 14:32:18 executing program 2: write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000180)={0x20, 0xffffffffffffffda}, 0x20) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140)='/dev/net/tun\x00', 0xffffffffffffffff, 0x0) r1 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000100)='/dev/autofs\x00', 0x101800, 0x0) recvfrom$inet6(r1, &(0x7f0000000240)=""/4096, 0x1000, 0x2020, &(0x7f00000001c0)={0xa, 0x4e21, 0xfce, @loopback, 0x5}, 0x1c) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000001280)={0x0, r1, 0x0, 0x1, &(0x7f0000001240)='\x00', 0xffffffffffffffff}, 0x30) ioctl$sock_SIOCGPGRP(r1, 0x8904, &(0x7f00000012c0)=0x0) tgkill(r2, r3, 0x2b) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f00000000c0)={'\x00', 0x400}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000200)={0x94, &(0x7f0000000140)}) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000000)={"76657400000000000000000400", 0x43732e5398416f1a}) 14:32:18 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={&(0x7f0000000000), 0xc, &(0x7f0000000540)={&(0x7f00000003c0)=@newlink={0x28, 0x10, 0x705, 0x0, 0x500000000000000, {}, [@IFLA_OPERSTATE={0x8}]}, 0x28}}, 0x0) 14:32:18 executing program 1: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f00000000c0)={'\x00', 0x400}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000200)={0x94, &(0x7f0000000140)}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000140)=@assoc_value, &(0x7f0000000180)=0x8) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={"76657400000000000000000400", 0x43732e5398416f1a}) 14:32:18 executing program 0: r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1, 0x0) write$P9_RLOCK(r1, &(0x7f00000000c0)={0x8}, 0x8) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000740)=ANY=[@ANYBLOB="0000070000000000060000000080"]) 14:32:18 executing program 5: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) prctl$seccomp(0x16, 0x1, &(0x7f0000000040)={0x7a00000000000000}) 14:32:18 executing program 3: r0 = socket$inet6(0xa, 0x3, 0x6) r1 = syz_open_procfs(0x0, &(0x7f0000000040)='net/raw6\x00') sendfile(r0, r1, &(0x7f00000000c0)=0x14b, 0x408) 14:32:18 executing program 2: write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000180)={0x20, 0xffffffffffffffda}, 0x20) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f00000000c0)={'\x00', 0x400}) bpf$BPF_MAP_GET_NEXT_ID(0xc, &(0x7f0000000080)=0x3, 0x4) sysfs$1(0x1, &(0x7f0000000140)='\x00') ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000200)={0x94, &(0x7f0000000140)}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={"76657400000000000000000400", 0x43732e5398416f1a}) 14:32:18 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={&(0x7f0000000000), 0xc, &(0x7f0000000540)={&(0x7f00000003c0)=@newlink={0x28, 0x10, 0x705, 0x0, 0x4000000000000000, {}, [@IFLA_OPERSTATE={0x8}]}, 0x28}}, 0x0) 14:32:18 executing program 0: r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1, 0x0) write$P9_RLOCK(r1, &(0x7f00000000c0)={0x8}, 0x8) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000740)=ANY=[@ANYBLOB="00b8000000000000060000000080"]) 14:32:18 executing program 1: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f00000000c0)={'\x00', 0x400}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000200)={0x94, &(0x7f0000000140)}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000140)=@assoc_value, &(0x7f0000000180)=0x8) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={"76657400000000000000000400", 0x43732e5398416f1a}) [ 980.226238] audit: type=1326 audit(1539268338.804:208): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=8308 comm="syz-executor5" exe="/root/syz-executor5" sig=9 arch=c000003e syscall=228 compat=0 ip=0x45a37a code=0x0 [ 980.236140] validate_nla: 16 callbacks suppressed [ 980.236150] netlink: 'syz-executor4': attribute type 16 has an invalid length. 14:32:18 executing program 3: r0 = socket$inet6(0xa, 0x3, 0x6) r1 = syz_open_procfs(0x0, &(0x7f0000000040)='net/raw6\x00') sendfile(r0, r1, &(0x7f00000000c0)=0x14b, 0x403) 14:32:18 executing program 2: write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000180)={0x20, 0xffffffffffffffda}, 0x20) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f00000000c0)={'\x00', 0x400}) ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f0000000240)={0x2fa, 0x101, 0xa, 0x0, 0x0, [{r0, 0x0, 0x7fff}, {r0}, {r0, 0x0, 0x3f4}, {r0, 0x0, 0x7f}, {r0, 0x0, 0x9}, {r0, 0x0, 0x1000}, {r0, 0x0, 0x3}, {r0, 0x0, 0x40}, {r0, 0x0, 0x40}, {r0, 0x0, 0x80000001}]}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000200)={0x94, &(0x7f0000000140)}) r1 = openat$selinux_avc_hash_stats(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/avc/hash_stats\x00', 0x0, 0x0) inotify_add_watch(r1, &(0x7f0000000080)='./file0\x00', 0x40000009) ioctl$KDSIGACCEPT(r1, 0x4b4e, 0x12) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000140)={"76657400000000000000000400", 0x43732e5398416f1a}) 14:32:18 executing program 0: r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1, 0x0) write$P9_RLOCK(r1, &(0x7f00000000c0)={0x8}, 0x8) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000740)=ANY=[@ANYBLOB="0063000000000000060000000080"]) [ 980.299310] netlink: 'syz-executor4': attribute type 16 has an invalid length. 14:32:18 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={&(0x7f0000000000), 0xc, &(0x7f0000000540)={&(0x7f00000003c0)=@newlink={0x28, 0x10, 0x705, 0x0, 0x1000000, {}, [@IFLA_OPERSTATE={0x8}]}, 0x28}}, 0x0) 14:32:18 executing program 1: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f00000000c0)={'\x00', 0x400}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000200)={0x94, &(0x7f0000000140)}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000140)=@assoc_value, &(0x7f0000000180)=0x8) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={"76657400000000000000000400", 0x43732e5398416f1a}) 14:32:19 executing program 3: r0 = socket$inet6(0xa, 0x3, 0x6) r1 = syz_open_procfs(0x0, &(0x7f0000000040)='net/raw6\x00') sendfile(r0, r1, &(0x7f00000000c0)=0x14b, 0x402) [ 980.429573] netlink: 'syz-executor4': attribute type 16 has an invalid length. [ 980.462122] netlink: 'syz-executor4': attribute type 16 has an invalid length. 14:32:19 executing program 5: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) prctl$seccomp(0x16, 0x1, &(0x7f0000000040)={0x200000000000000}) 14:32:19 executing program 2: write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000180)={0x20, 0xffffffffffffffda}, 0x20) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f00000000c0)={'\x00', 0x400}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000200)={0x0, &(0x7f00000001c0)}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={"76657400000000000000000400", 0x43732e5398416f1a}) 14:32:19 executing program 0: r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1, 0x0) write$P9_RLOCK(r1, &(0x7f00000000c0)={0x8}, 0x8) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000740)=ANY=[@ANYBLOB="002d010000000000060000000080"]) 14:32:19 executing program 3: r0 = socket$inet6(0xa, 0x3, 0x6) r1 = syz_open_procfs(0x0, &(0x7f0000000040)='net/snmp\x00') getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r1, 0x84, 0x1d, &(0x7f0000000280)=ANY=[@ANYBLOB="01000000f0fe41606fa56d1a053bdf353805fed8efb92e4e086c49320e882b19b3c3316573951581722c4c57d9a0db91e59aeac4ec6ef1a96d962d2dbe9e6d64b8241e1d1c50faa6", @ANYRES32=0x0], &(0x7f0000000080)=0x8) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f00000001c0)={r2, 0xb0, &(0x7f0000000100)=[@in={0x2, 0x4e20, @multicast2}, @in={0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x13}}, @in={0x2, 0x4e20, @broadcast}, @in6={0xa, 0x4e24, 0x200, @loopback, 0x1f}, @in6={0xa, 0x4e21, 0x48, @mcast1, 0x6424}, @in={0x2, 0x4e22}, @in6={0xa, 0x4e20, 0x2c, @local, 0x3}, @in6={0xa, 0x4e21, 0x3, @ipv4={[], [], @loopback}, 0x78}]}, &(0x7f0000000200)=0x10) ioctl$KVM_S390_VCPU_FAULT(r1, 0x4008ae52, &(0x7f0000000240)=0x8) ioctl$KVM_GET_DEVICE_ATTR(r1, 0x4018aee2, &(0x7f0000000300)={0x0, 0x40, 0x0, &(0x7f0000000000)=0x7}) sendfile(r0, r1, &(0x7f00000000c0)=0x14b, 0x401) 14:32:19 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={&(0x7f0000000000), 0xc, &(0x7f0000000540)={&(0x7f00000003c0)=@newlink={0x28, 0x10, 0x705, 0x0, 0x40000000, {}, [@IFLA_OPERSTATE={0x8}]}, 0x28}}, 0x0) 14:32:19 executing program 1: socketpair$inet6(0xa, 0xa, 0x9, &(0x7f0000000380)) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f00000000c0)={'\x00', 0x400}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000200)={0x94, &(0x7f0000000140)}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) r2 = openat$selinux_status(0xffffffffffffff9c, &(0x7f00000001c0)='/selinux/status\x00', 0x0, 0x0) getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000000180)={0x0}, &(0x7f0000000240)=0xc) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000300)={0xffffffffffffffff, r2, 0x0, 0xf, &(0x7f00000002c0)="766574000000000000000000bd6800"}, 0x30) kcmp$KCMP_EPOLL_TFD(r3, r4, 0x7, r1, &(0x7f0000000340)={r2, r1, 0x401}) getsockopt$inet_sctp_SCTP_MAX_BURST(r2, 0x84, 0x14, &(0x7f0000000280)=@assoc_value, &(0x7f0000000140)=0x7c) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={"76657400000000000000000400", 0x43732e5398416f1a}) [ 981.088568] netlink: 'syz-executor4': attribute type 16 has an invalid length. [ 981.107868] audit: type=1326 audit(1539268339.684:209): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=8362 comm="syz-executor5" exe="/root/syz-executor5" sig=9 arch=c000003e syscall=228 compat=0 ip=0x45a37a code=0x0 14:32:19 executing program 3: r0 = socket$inet6(0xa, 0x3, 0x6) r1 = syz_open_dev$admmidi(&(0x7f0000000000)='/dev/admmidi#\x00', 0x8, 0x40000) r2 = syz_open_procfs(0x0, &(0x7f0000000040)='net/raw6\x00') bind$llc(r1, &(0x7f0000000080)={0x1a, 0x1b, 0x1, 0x5, 0x40, 0xfffffffffffffff8, @local}, 0x10) sendfile(r0, r2, &(0x7f00000000c0)=0x14b, 0x401) 14:32:19 executing program 0: r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1, 0x0) write$P9_RLOCK(r1, &(0x7f00000000c0)={0x8}, 0x8) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000740)=ANY=[@ANYBLOB="00000000e4000000060000000080"]) [ 981.129476] netlink: 'syz-executor4': attribute type 16 has an invalid length. 14:32:19 executing program 2: write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000180)={0x20, 0xffffffffffffffda}, 0x20) r0 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000140)='/dev/vsock\x00', 0x200, 0x0) bpf$BPF_PROG_DETACH(0x9, &(0x7f00000001c0)={0x0, r0, 0x5, 0x3}, 0x14) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) ioctl$TUNSETQUEUE(r1, 0x400454d9, &(0x7f00000000c0)={'\x00', 0x400}) ioctl$TUNATTACHFILTER(r1, 0x401054d5, &(0x7f0000000200)={0x94, &(0x7f0000000140)}) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000000)={"76657400000000000000000400", 0x43732e5398416f1a}) r3 = socket$inet_sctp(0x2, 0x5, 0x84) fadvise64(r1, 0x0, 0xb9, 0x3) setsockopt$ARPT_SO_SET_ADD_COUNTERS(r3, 0x0, 0x61, &(0x7f0000000240)={'filter\x00', 0x4}, 0x68) connect$nfc_llcp(r0, &(0x7f00000002c0)={0x27, 0x0, 0x0, 0x5, 0x2, 0xffff, "fc4a42b0a58b8f81293665c06ece752ffb2d13748d70a77a2b73fa3ed45f3710a1c8118490cc05073adaa80c71a11c09256390893ee6aeed87d773daf4f7d0", 0x4}, 0x60) 14:32:19 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={&(0x7f0000000000), 0xc, &(0x7f0000000540)={&(0x7f00000003c0)=@newlink={0x28, 0x10, 0x705, 0x0, 0xf0ffff, {}, [@IFLA_OPERSTATE={0x8}]}, 0x28}}, 0x0) 14:32:19 executing program 3: r0 = socket$inet6(0xa, 0x3, 0x6) r1 = syz_open_procfs(0x0, &(0x7f0000000040)='net/raw6\x00') sendfile(r0, r1, &(0x7f00000000c0)=0x14b, 0x401) r2 = gettid() ioprio_set$pid(0x0, r2, 0x100000001) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000000)={0x0}, &(0x7f0000000080)=0xc) ptrace$getsig(0x4202, r3, 0x1, &(0x7f0000000100)) 14:32:19 executing program 0: r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1, 0x0) write$P9_RLOCK(r1, &(0x7f00000000c0)={0x8}, 0x8) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000740)=ANY=[@ANYBLOB="0000000091000000060000000080"]) [ 981.285099] netlink: 'syz-executor4': attribute type 16 has an invalid length. [ 981.327680] netlink: 'syz-executor4': attribute type 16 has an invalid length. 14:32:20 executing program 5: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) prctl$seccomp(0x16, 0x1, &(0x7f0000000040)={0x7a00}) 14:32:20 executing program 3: r0 = socket$inet6(0xa, 0x3, 0x6) r1 = syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x1, 0x181400) ioctl$SNDRV_SEQ_IOCTL_UNSUBSCRIBE_PORT(r1, 0x40505331, &(0x7f0000000100)={{0x6, 0x10}, {0x800, 0x6}, 0x3, 0x6, 0x1}) r2 = syz_open_procfs(0x0, &(0x7f0000000040)='net/raw6\x00') sendfile(r0, r2, &(0x7f00000000c0)=0x14b, 0x401) ioctl$KVM_SET_FPU(r1, 0x41a0ae8d, &(0x7f0000000180)={[], 0xffffffff00000001, 0xffffffffffffff22, 0x8, 0x0, 0x1400000000000, 0x2000, 0x12000, [], 0x7fff}) syslog(0x0, &(0x7f0000000080), 0x0) 14:32:20 executing program 0: r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1, 0x0) write$P9_RLOCK(r1, &(0x7f00000000c0)={0x8}, 0x8) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000740)=ANY=[@ANYBLOB="0000950000000000060000000080"]) 14:32:20 executing program 1: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f00000000c0)={'\x00', 0x400}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000200)={0x5, &(0x7f00000001c0)=[{0x8b22, 0x8, 0x7, 0x7}, {0x6, 0x5, 0x8, 0x6}, {0x6e, 0x5, 0x2, 0x7}, {0xffff, 0x9, 0x10001, 0x77d5}, {0x100, 0x71, 0x8, 0xfffffffffffff000}]}) r1 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000240)='/dev/qat_adf_ctl\x00', 0x0, 0x0) ioctl$NBD_DISCONNECT(r1, 0xab08) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000140)=@assoc_value, &(0x7f0000000180)=0x8) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000000)={"76657400000000000000000400", 0x43732e5398416f1a}) 14:32:20 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={&(0x7f0000000000), 0xc, &(0x7f0000000540)={&(0x7f00000003c0)=@newlink={0x28, 0x10, 0x705, 0x0, 0x7400, {}, [@IFLA_OPERSTATE={0x8}]}, 0x28}}, 0x0) 14:32:20 executing program 2: write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000180)={0x20, 0xffffffffffffffda}, 0x20) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) r1 = socket$netlink(0x10, 0x3, 0x10) sendmsg$nl_generic(r1, &(0x7f0000000480)={&(0x7f0000000000), 0xc, &(0x7f0000000080)={&(0x7f00000009c0)={0x20, 0x2a, 0x5, 0x0, 0x0, {0x2}, [@typed={0xc, 0x1, @u64=0x9effffff}]}, 0x20}}, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f00000000c0)={'\x00', 0x400}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000200)={0x94, &(0x7f0000000140)}) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000140)={"76657400000000000000000400", 0x400}) [ 981.924265] audit: type=1400 audit(1539268340.504:210): avc: denied { syslog } for pid=8402 comm="syz-executor3" capability=34 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=capability2 permissive=1 [ 981.950771] audit: type=1326 audit(1539268340.534:211): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=8409 comm="syz-executor5" exe="/root/syz-executor5" sig=9 arch=c000003e syscall=228 compat=0 ip=0x45a37a code=0x0 14:32:20 executing program 0: r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1, 0x0) write$P9_RLOCK(r1, &(0x7f00000000c0)={0x8}, 0x8) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000740)=ANY=[@ANYBLOB="006a010000000000060000000080"]) 14:32:20 executing program 3: socket$inet6(0xa, 0x3, 0x6) r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/raw6\x00') r1 = openat$selinux_checkreqprot(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/checkreqprot\x00', 0x0, 0x0) sendfile(r0, r0, &(0x7f0000000080)=0x2, 0x4000009) getsockopt$inet_sctp_SCTP_RECVNXTINFO(r1, 0x84, 0x21, &(0x7f00000000c0), &(0x7f0000000100)=0x4) [ 981.979032] netlink: 'syz-executor4': attribute type 16 has an invalid length. [ 981.997042] QAT: Invalid ioctl 14:32:20 executing program 2: write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000180)={0x20, 0xffffffffffffffda}, 0x20) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f00000000c0)={'\x00', 0x400}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000200)={0x94, &(0x7f0000000140)}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={"76657400000000000000000400", 0x43732e5398416f1a}) write$FUSE_OPEN(r1, &(0x7f0000000140)={0x20, 0x0, 0x5, {0x0, 0x6}}, 0x20) [ 982.025324] QAT: Invalid ioctl 14:32:20 executing program 0: r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1, 0x0) write$P9_RLOCK(r1, &(0x7f00000000c0)={0x8}, 0x8) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000740)=ANY=[@ANYBLOB="000000006d000000060000000080"]) 14:32:20 executing program 1: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) r1 = syz_open_dev$usbmon(&(0x7f00000001c0)='/dev/usbmon#\x00', 0x169, 0x80000) ioctl$SNDRV_CTL_IOCTL_POWER_STATE(r1, 0x800455d1, &(0x7f0000000240)) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f00000000c0)={'\x00', 0x400}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000200)={0x94, &(0x7f0000000140)}) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000140)=@assoc_value, &(0x7f0000000180)=0x8) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000000)={"76657400000000000000000400", 0x43732e5398416f1a}) 14:32:20 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={&(0x7f0000000000), 0xc, &(0x7f0000000540)={&(0x7f00000003c0)=@newlink={0x28, 0x10, 0x705, 0x0, 0x4c00, {}, [@IFLA_OPERSTATE={0x8}]}, 0x28}}, 0x0) [ 982.051624] netlink: 'syz-executor4': attribute type 16 has an invalid length. 14:32:21 executing program 5: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) prctl$seccomp(0x16, 0x1, &(0x7f0000000040)={0x7f01000000000000}) 14:32:21 executing program 3: r0 = openat$smack_thread_current(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/attr/current\x00', 0x2, 0x0) write$binfmt_misc(r0, &(0x7f0000000140)=ANY=[@ANYBLOB="cf793a31e077bcf807d4ab83aa92d207648438ad86e862ec58c47d4fbc806ca69f9f84387cb5fa8cff1f0d8ff048a1143e6a16d1cdada5af72d9f0ddbb0918bfcfea78cd38b7df3f25532ab687478be0a35ed32826d25ec05a233cb0fd0dcad1f2f1cde56a6c1477b171f7c0a0f838b81cefc46a6fd6"], 0x4) r1 = syz_open_dev$usbmon(&(0x7f0000000080)='/dev/usbmon#\x00', 0x9, 0x20000) ioctl$SNDRV_CTL_IOCTL_ELEM_WRITE(r1, 0xc4c85513, &(0x7f00000001c0)={{0xa, 0x0, 0x5, 0x40}, 0x0, [0x2, 0x4, 0xfffffffffffffff9, 0x1, 0xbd3, 0xfff, 0x401, 0x7e7, 0x6, 0x9, 0x800, 0xfffffffffffffff7, 0x3, 0xfffffffffffffffc, 0x1, 0x1, 0x6, 0x20, 0x5, 0x7, 0x1, 0x1, 0x9, 0x403, 0x8001, 0x21ca, 0x5, 0x401, 0x1, 0x4, 0xffff, 0x3, 0x7, 0xfffffffffffffffd, 0x6, 0x200, 0x81, 0x6, 0x8fa, 0x1, 0xcd9, 0xfff, 0xfffe00000000000, 0xaa4, 0x200, 0x9, 0x80, 0xdf0b, 0xe372, 0x80000000, 0x8, 0x4, 0x80000000, 0x304, 0x6, 0x401, 0x8001, 0x3f, 0x4, 0x1ff, 0x8a5, 0x2, 0x73e9, 0x1, 0x1, 0x8, 0x2000000, 0x0, 0x3, 0x23af, 0x100, 0x9, 0x0, 0x3f, 0x5a4, 0x2, 0x1, 0x2, 0x0, 0x4, 0x10001, 0x20, 0x3, 0x9, 0x0, 0x5, 0x3, 0x0, 0x5, 0xfff, 0x1, 0x9, 0x5, 0x9dc, 0x3, 0x2, 0x9, 0x7ff, 0x5, 0x4, 0x28375618, 0x6, 0x4, 0xfff, 0x81, 0x7, 0x3ff, 0x80, 0x7, 0x3, 0x7, 0x1, 0xc42, 0x10000, 0x1, 0x4, 0x3, 0x100000000, 0x0, 0xfffffffffffffffe, 0x3, 0x8, 0x5, 0x2, 0x3, 0x3, 0x8, 0xee6c], {0x77359400}}) ioctl$KVM_S390_UCAS_UNMAP(r1, 0x4018ae51, &(0x7f0000000100)={0xffffffffffffffbe, 0x7, 0x3}) r2 = socket$inet6(0xa, 0x3, 0x6) r3 = syz_open_procfs(0x0, &(0x7f0000000040)='net/raw6\x00') sendfile(r2, r3, &(0x7f00000000c0)=0x14b, 0x401) 14:32:21 executing program 0: r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1, 0x0) write$P9_RLOCK(r1, &(0x7f00000000c0)={0x8}, 0x8) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000740)=ANY=[@ANYBLOB="0000000114000000060000000080"]) 14:32:21 executing program 2: write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000180)={0x20, 0xffffffffffffffda}, 0x20) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) preadv(r0, &(0x7f00000026c0)=[{&(0x7f0000000440)=""/45, 0x2d}, {&(0x7f0000000480)}, {&(0x7f00000004c0)=""/4096, 0x1000}, {&(0x7f00000014c0)=""/23, 0x17}, {&(0x7f0000001500)=""/7, 0x7}, {&(0x7f0000001540)=""/77, 0x4d}, {&(0x7f00000015c0)=""/254, 0xfe}, {&(0x7f00000016c0)=""/4096, 0x1000}], 0x8, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f00000000c0)={'\x00', 0x400}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000200)={0x94, &(0x7f0000000140)}) getsockopt$inet_sctp_SCTP_GET_PEER_ADDR_INFO(0xffffffffffffff9c, 0x84, 0xf, &(0x7f0000000300)={0x0, @in6={{0xa, 0x4e23, 0x4d899a30, @mcast2, 0x1}}, 0xffffffffffff07ff, 0x1, 0x1, 0x5, 0xffffffffffffff82}, &(0x7f00000001c0)=0x98) setsockopt$inet_sctp6_SCTP_AUTH_KEY(r0, 0x84, 0x17, &(0x7f00000003c0)={r1, 0xffffffffffffffaa, 0x2a, "f5613e00481f1e632f3463a9df9bbb9509b311867549f3a987174af6e156a2b40f9ee6cd73b3850f1a5d"}, 0x32) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) r3 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000140)='/dev/dsp\x00', 0x100, 0x0) ioctl$LOOP_SET_STATUS(r3, 0x4c02, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x6, 0x2, 0x16, 0x8, "3d4bc493146a696a3a29337fbf24c506fa1f8d223d19860d55587283095f32ef8dd87fd7b1125d009934ca9ae5e4bb6c55c04fdce4c5a9f5a5cb9df1176287be", "4bc57a6931559f2604954f29f03c36ab6be458f940dda72a70b46e2f03f6f4ff", [0x0, 0x6]}) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000000)={"76657400000000000000000400", 0x43732e5398416f1a}) ioctl$DRM_IOCTL_GET_CAP(r3, 0xc010640c, &(0x7f0000000400)={0x4}) 14:32:21 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={&(0x7f0000000000), 0xc, &(0x7f0000000540)={&(0x7f00000003c0)=@newlink={0x28, 0x10, 0x705, 0x0, 0xf, {}, [@IFLA_OPERSTATE={0x8}]}, 0x28}}, 0x0) 14:32:21 executing program 1: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f00000000c0)={'\x00', 0x400}) r1 = semget(0x1, 0x90b0261270f184db, 0x448) semctl$GETZCNT(r1, 0x3, 0xf, &(0x7f00000012c0)=""/87) r2 = getpgrp(0x0) ptrace$getregs(0xe, r2, 0x80, &(0x7f0000000240)=""/4096) r3 = openat$ppp(0xffffffffffffff9c, &(0x7f0000001340)='/dev/ppp\x00', 0x2000, 0x0) ioctl$BLKRRPART(r3, 0x125f, 0x0) ioctl$BLKRRPART(r3, 0x125f, 0x0) ioctl$IOC_PR_PREEMPT(r3, 0x401870cb, &(0x7f0000001400)={0x3ff, 0x80, 0xc966, 0x9}) ioctl$TUNGETFEATURES(r0, 0x800454cf, &(0x7f00000001c0)) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000200)={0x94, &(0x7f0000000140)}) write$binfmt_script(r3, &(0x7f0000001380)={'#! ', './file0', [{0x20, '/dev/full\x00'}, {0x20, '&-\''}]}, 0x1a) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000140)=@assoc_value, &(0x7f0000000180)=0x8) ioctl$SG_GET_COMMAND_Q(r3, 0x2270, &(0x7f00000013c0)) eventfd2(0x6, 0x80000) r5 = openat$full(0xffffffffffffff9c, &(0x7f0000001240)='/dev/full\x00', 0x800, 0x0) ioctl$TCFLSH(r5, 0x540b, 0x1) write$FUSE_LK(r5, &(0x7f0000001280)={0x28, 0x0, 0x4, {{0x7d, 0x0, 0x0, r2}}}, 0x28) ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000000)={"76657400000000000000000400", 0x43732e5398416f1a}) 14:32:21 executing program 3: r0 = socket$inet6(0xa, 0x3, 0x800006) sendfile(r0, r0, &(0x7f0000000000), 0xfffffffffffffff9) r1 = syz_open_procfs(0x0, &(0x7f0000000040)='net/raw6\x00') sendfile(r0, r1, &(0x7f00000000c0)=0x14b, 0x401) 14:32:21 executing program 0: r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1, 0x0) write$P9_RLOCK(r1, &(0x7f00000000c0)={0x8}, 0x8) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000740)=ANY=[@ANYBLOB="0001ed0000000000060000000080"]) [ 982.765051] audit: type=1326 audit(1539268341.344:212): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=8450 comm="syz-executor5" exe="/root/syz-executor5" sig=9 arch=c000003e syscall=228 compat=0 ip=0x45a37a code=0x0 14:32:21 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={&(0x7f0000000000), 0xc, &(0x7f0000000540)={&(0x7f00000003c0)=@newlink={0x28, 0x10, 0x705, 0x0, 0x4c00000000000000, {}, [@IFLA_OPERSTATE={0x8}]}, 0x28}}, 0x0) 14:32:21 executing program 1: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000240)={'yam0\x00', 0x43732e5398416b1a}) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f00000000c0)={'\x00', 0x400}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000200)={0x94, &(0x7f0000000140)}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000140)=@assoc_value, &(0x7f0000000180)=0x8) read(r1, &(0x7f0000000040)=""/34, 0x22) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={"76657400000000000000000400", 0x43732e5398416f1a}) 14:32:21 executing program 2: write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000180)={0x20, 0xffffffffffffffda}, 0x20) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f00000000c0)={'\x00', 0x400}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000200)={0x94, &(0x7f0000000140)}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={"76657400000000000000000400", 0x43732e5398416f1a}) 14:32:21 executing program 0: r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1, 0x0) write$P9_RLOCK(r1, &(0x7f00000000c0)={0x8}, 0x8) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000740)=ANY=[@ANYBLOB="00000001e3000000060000000080"]) 14:32:22 executing program 5: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) prctl$seccomp(0x16, 0x1, &(0x7f0000000040)={0x40000}) 14:32:22 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={&(0x7f0000000000), 0xc, &(0x7f0000000540)={&(0x7f00000003c0)=@newlink={0x28, 0x10, 0x705, 0x0, 0xf0ffffffffffff, {}, [@IFLA_OPERSTATE={0x8}]}, 0x28}}, 0x0) 14:32:22 executing program 3: r0 = socket$inet6(0xa, 0x3, 0x6) r1 = syz_open_procfs(0x0, &(0x7f0000000040)='net/raw6\x00') getsockopt$inet_IP_IPSEC_POLICY(r1, 0x0, 0x10, &(0x7f0000000100)={{{@in=@remote, @in6=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@dev}, 0x0, @in6=@local}}, &(0x7f0000000000)=0xe8) setsockopt$inet6_IPV6_PKTINFO(r0, 0x29, 0x32, &(0x7f0000000080)={@loopback, r2}, 0x14) sendfile(r0, r1, &(0x7f00000000c0)=0x14b, 0x401) 14:32:22 executing program 2: write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000180)={0x20, 0xffffffffffffffda}, 0x20) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f00000000c0)={'\x00', 0x400}) socketpair$inet_udp(0x2, 0x2, 0x0, &(0x7f0000000140)) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000200)={0x94, &(0x7f0000000140)}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={"76657400000000000000000400", 0x43732e5398416f1a}) 14:32:22 executing program 0: r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1, 0x0) write$P9_RLOCK(r1, &(0x7f00000000c0)={0x8}, 0x8) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000740)=ANY=[@ANYBLOB="0001310000000000060000000080"]) 14:32:22 executing program 1: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f00000000c0)={'\x00', 0x400}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000200)={0x94, &(0x7f0000000140)}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000140)=@assoc_value, &(0x7f0000000180)=0x8) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={"76657400000000000000000400", 0x8000}) 14:32:22 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={&(0x7f0000000000), 0xc, &(0x7f0000000540)={&(0x7f00000003c0)=@newlink={0x28, 0x10, 0x705, 0x0, 0x4800, {}, [@IFLA_OPERSTATE={0x8}]}, 0x28}}, 0x0) 14:32:22 executing program 0: r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1, 0x0) write$P9_RLOCK(r1, &(0x7f00000000c0)={0x8}, 0x8) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000740)=ANY=[@ANYBLOB="00dd010000000000060000000080"]) [ 983.610039] audit: type=1326 audit(1539268342.194:213): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=8497 comm="syz-executor5" exe="/root/syz-executor5" sig=9 arch=c000003e syscall=228 compat=0 ip=0x45a37a code=0x0 14:32:22 executing program 3: r0 = socket$inet6(0xa, 0x3, 0x5) r1 = syz_open_procfs(0x0, &(0x7f0000000040)='net/raw6\x00') sendfile(r0, r1, &(0x7f00000000c0)=0x14b, 0x401) 14:32:22 executing program 2: write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000180)={0x20, 0xffffffffffffffda}, 0x20) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f00000000c0)={'\x00', 0x400}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000200)={0x5, &(0x7f00000001c0)=[{0x4, 0xfffffffffffffffb, 0x62460167}, {0x4, 0x7, 0xfdb, 0xffffffff7fffffff}, {0x64f, 0x4, 0x6, 0x80000000}, {0x3, 0x1, 0x74, 0x53}, {0x7, 0x1f, 0x7, 0x8}]}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) socketpair(0x3, 0x6, 0x5, &(0x7f0000000140)) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={"76657400000000000000000400", 0x43732e5398416f1a}) 14:32:22 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={&(0x7f0000000000), 0xc, &(0x7f0000000540)={&(0x7f00000003c0)=@newlink={0x28, 0x10, 0x705, 0x0, 0x300, {}, [@IFLA_OPERSTATE={0x8}]}, 0x28}}, 0x0) 14:32:22 executing program 0: r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1, 0x0) write$P9_RLOCK(r1, &(0x7f00000000c0)={0x8}, 0x8) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000740)=ANY=[@ANYBLOB="00ce000000000000060000000080"]) 14:32:23 executing program 5: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) prctl$seccomp(0x16, 0x1, &(0x7f0000000040)={0x7400}) 14:32:23 executing program 1: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f00000000c0)={'\x00', 0x400}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000200)={0x94, &(0x7f0000000140)}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000140)=@assoc_value, &(0x7f0000000180)=0x8) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={"76657400000000000000000400", 0x43732e5398416f1a}) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f00000001c0)='bond_slave_0\x00', 0x10) 14:32:23 executing program 3: r0 = socket$inet6(0xa, 0x3, 0x6) r1 = syz_open_procfs(0x0, &(0x7f0000000040)='net/raw6\x00') sendfile(r0, r1, &(0x7f00000000c0)=0x14b, 0x401) ioctl$SNDRV_CTL_IOCTL_TLV_WRITE(r1, 0xc008551b, &(0x7f0000000000)={0x80, 0x1c, [0x3, 0x92be, 0x0, 0x9, 0x6, 0x1000, 0x1ff]}) 14:32:23 executing program 0: r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1, 0x0) write$P9_RLOCK(r1, &(0x7f00000000c0)={0x8}, 0x8) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000740)=ANY=[@ANYBLOB="00dc010000000000060000000080"]) 14:32:23 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={&(0x7f0000000000), 0xc, &(0x7f0000000540)={&(0x7f00000003c0)=@newlink={0x28, 0x10, 0x705, 0x0, 0x7a00, {}, [@IFLA_OPERSTATE={0x8}]}, 0x28}}, 0x0) 14:32:23 executing program 2: write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000180)={0x20, 0xffffffffffffffda}, 0x20) r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000140)='/dev/ppp\x00', 0x101, 0x0) setsockopt$IP6T_SO_SET_ADD_COUNTERS(r0, 0x29, 0x41, &(0x7f0000000240)={'raw\x00', 0x3, [{}, {}, {}]}, 0x58) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) ioctl$TUNSETQUEUE(r1, 0x400454d9, &(0x7f00000000c0)={'\x00', 0x400}) ioctl$TUNATTACHFILTER(r1, 0x401054d5, &(0x7f0000000200)={0x94, &(0x7f0000000140)}) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000000)={"76657400000000000000000400", 0x43732e5398416f1a}) 14:32:23 executing program 2: write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000180)={0x20, 0xffffffffffffffda}, 0x20) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f00000000c0)={'veth1_to_bond\x00', 0x400}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000200)={0x94, &(0x7f0000000140)}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={"76657400000000000000000400", 0x43732e5398416f1a}) 14:32:23 executing program 0: r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1, 0x0) write$P9_RLOCK(r1, &(0x7f00000000c0)={0x8}, 0x8) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000740)=ANY=[@ANYBLOB="00000000a2000000060000000080"]) 14:32:23 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={&(0x7f0000000000), 0xc, &(0x7f0000000540)={&(0x7f00000003c0)=@newlink={0x28, 0x10, 0x705, 0x0, 0xffffff7f00000000, {}, [@IFLA_OPERSTATE={0x8}]}, 0x28}}, 0x0) [ 984.451058] audit: type=1326 audit(1539268343.034:214): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=8551 comm="syz-executor5" exe="/root/syz-executor5" sig=9 arch=c000003e syscall=228 compat=0 ip=0x45a37a code=0x0 14:32:23 executing program 3: r0 = socket$inet6(0xa, 0x3, 0x6) gettid() r1 = getpgid(0xffffffffffffffff) r2 = syz_open_procfs(r1, &(0x7f0000000140)="6e65040000000000000069bf6f6c73001b6aff9cadc5008fd7c24060a05df9a7e850c127c6e560105210fa627ff51eecd551e1811dd5ca5efcdc4cf6f84c2896d0f03e4db99268897a74154f8702fbf8c070dd7ad4fab4005065280cb899ddf03244734feaf40dda341b0bc2378dcb5c100a614263fb87") sendfile(r0, r2, &(0x7f00000000c0)=0x14b, 0x401) ioctl$TIOCCBRK(r2, 0x5428) 14:32:23 executing program 1: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) ioctl$RTC_PIE_ON(r0, 0x7005) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f00000001c0)={'gre0\x00', 0x200}) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f00000000c0)={'\x00', 0x400}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000200)={0x94, &(0x7f0000000140)}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000140)=@assoc_value, &(0x7f0000000180)=0x8) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={"76657400000000000000000400", 0x43732e5398416f1a}) 14:32:23 executing program 3: r0 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vga_arbiter\x00', 0x40202, 0x0) ioctl$KVM_ENABLE_CAP(r0, 0x4068aea3, &(0x7f00000002c0)={0x79, 0x0, [0x8000, 0x200, 0x252, 0x513c]}) getsockopt$inet_sctp_SCTP_MAXSEG(0xffffffffffffff9c, 0x84, 0xd, &(0x7f0000000140)=@assoc_value={0x0, 0x3ff}, &(0x7f0000000080)=0x8) getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(r0, 0x84, 0x7c, &(0x7f00000001c0)={r1, 0x401, 0x101}, &(0x7f0000000200)=0xffe9) r2 = syz_genetlink_get_family_id$team(&(0x7f0000000180)='team\x00') getsockopt$inet_IP_IPSEC_POLICY(r0, 0x0, 0x10, &(0x7f0000000340)={{{@in=@loopback, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@remote}, 0x0, @in=@multicast2}}, &(0x7f0000000440)=0xe8) getsockname$packet(r0, &(0x7f0000000480)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @random}, &(0x7f00000004c0)=0x14) getsockopt$inet_IP_IPSEC_POLICY(r0, 0x0, 0x10, &(0x7f0000001900)={{{@in=@loopback, @in=@multicast1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@mcast1}, 0x0, @in=@rand_addr}}, &(0x7f0000001a00)=0xe8) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000001a40)={'bcsf0\x00', 0x0}) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000001a80)={'veth0\x00', 0x0}) accept$packet(r0, &(0x7f0000001ac0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @random}, &(0x7f0000001b00)=0x14) getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000001d80)={0x0, @broadcast, @rand_addr}, &(0x7f0000001dc0)=0xc) getsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x11, &(0x7f0000001e00)={{{@in6=@mcast1, @in6=@mcast2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@multicast1}, 0x0, @in6=@mcast1}}, &(0x7f0000001f00)=0xe8) getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000002500)={0x0, @rand_addr, @dev}, &(0x7f0000002540)=0xc) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000002640)={'eql\x00', 0x0}) getsockname$packet(r0, &(0x7f000000c340)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, &(0x7f000000c380)=0x14) sendmsg$TEAM_CMD_OPTIONS_GET(r0, &(0x7f000000c800)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x82000020}, 0xc, &(0x7f000000c7c0)={&(0x7f000000c3c0)={0x3f0, r2, 0x0, 0x70bd2a, 0x25dfdbfe, {}, [{{0x8, 0x1, r3}, {0x40, 0x2, [{0x3c, 0x1, @user_linkup={{{0x24, 0x1, 'user_linkup\x00'}, {0x8}, {0x4}}, {0x8, 0x6, r4}}}]}}, {{0x8, 0x1, r5}, {0x44, 0x2, [{0x40, 0x1, @lb_hash_stats={{{0x24, 0x1, 'lb_hash_stats\x00'}, {0x8}, {0x8, 0x4, 0x466b}}, {0x8}}}]}}, {{0x8, 0x1, r6}, {0x178, 0x2, [{0x4c, 0x1, @lb_tx_method={{0x24, 0x1, 'lb_tx_method\x00'}, {0x8}, {0x1c, 0x4, 'hash_to_port_mapping\x00'}}}, {0x38, 0x1, @notify_peers_count={{0x24, 0x1, 'notify_peers_count\x00'}, {0x8}, {0x8, 0x4, 0xfff}}}, {0x3c, 0x1, @lb_tx_method={{0x24, 0x1, 'lb_tx_method\x00'}, {0x8}, {0xc, 0x4, 'hash\x00'}}}, {0x40, 0x1, @lb_port_stats={{{0x24, 0x1, 'lb_port_stats\x00'}, {0x8}, {0x8, 0x4, 0xdae}}, {0x8, 0x6, r7}}}, {0x38, 0x1, @notify_peers_interval={{0x24, 0x1, 'notify_peers_interval\x00'}, {0x8}, {0x8, 0x4, 0x100000000}}}, {0x3c, 0x1, @user_linkup={{{0x24, 0x1, 'user_linkup\x00'}, {0x8}, {0x4}}, {0x8, 0x6, r8}}}]}}, {{0x8, 0x1, r9}, {0xb4, 0x2, [{0x3c, 0x1, @lb_tx_method={{0x24, 0x1, 'lb_tx_method\x00'}, {0x8}, {0xc, 0x4, 'hash\x00'}}}, {0x38, 0x1, @mcast_rejoin_interval={{0x24, 0x1, 'mcast_rejoin_interval\x00'}, {0x8}, {0x8, 0x4, 0x996c}}}, {0x3c, 0x1, @enabled={{{0x24, 0x1, 'enabled\x00'}, {0x8}, {0x4}}, {0x8, 0x6, r10}}}]}}, {{0x8, 0x1, r11}, {0x104, 0x2, [{0x38, 0x1, @notify_peers_interval={{0x24, 0x1, 'notify_peers_interval\x00'}, {0x8}, {0x8, 0x4, 0x4}}}, {0x4c, 0x1, @lb_tx_method={{0x24, 0x1, 'lb_tx_method\x00'}, {0x8}, {0x1c, 0x4, 'hash_to_port_mapping\x00'}}}, {0x3c, 0x1, @enabled={{{0x24, 0x1, 'enabled\x00'}, {0x8}, {0x4}}, {0x8, 0x6, r12}}}, {0x40, 0x1, @lb_tx_hash_to_port_mapping={{{0x24, 0x1, 'lb_tx_hash_to_port_mapping\x00'}, {0x8}, {0x8, 0x4, r13}}, {0x8}}}]}}]}, 0x3f0}}, 0x4000000) r14 = socket$inet6(0xa, 0x3, 0x6) ioctl$SNDRV_CTL_IOCTL_RAWMIDI_NEXT_DEVICE(r0, 0xc0045540, &(0x7f0000000000)=0x5) r15 = syz_open_procfs(0x0, &(0x7f0000000240)="6e65742f72617736003e887a04d34f023496981bee8ac70a6e148f3dfa4b299e4d748c9c566fcde777a799618c333f4b2895b9bdea46e979dff8abef4da0c7fe5c7641f7d44424e40b7f1d") sendfile(r14, r15, &(0x7f00000000c0)=0x14b, 0x401) dup2(r0, r15) 14:32:23 executing program 5: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) prctl$seccomp(0x16, 0x1, &(0x7f0000000040)={0x600}) 14:32:23 executing program 2: write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000180)={0x20, 0xffffffffffffffda}, 0x20) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f00000000c0)={'\x00', 0x400}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000200)={0x94, &(0x7f0000000140)}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) r2 = openat$null(0xffffffffffffff9c, &(0x7f0000000140)='/dev/null\x00', 0x200, 0x0) setsockopt$inet_MCAST_LEAVE_GROUP(r2, 0x0, 0x2d, &(0x7f0000000240)={0x2531f8fc, {{0x2, 0x4e22}}}, 0x88) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={"76657400000000000000000400", 0x43732e5398416f1a}) 14:32:23 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={&(0x7f0000000000), 0xc, &(0x7f0000000540)={&(0x7f00000003c0)=@newlink={0x28, 0x10, 0x705, 0x0, 0x6800000000000000, {}, [@IFLA_OPERSTATE={0x8}]}, 0x28}}, 0x0) 14:32:23 executing program 0: r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1, 0x0) write$P9_RLOCK(r1, &(0x7f00000000c0)={0x8}, 0x8) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000740)=ANY=[@ANYBLOB="000000013a000000060000000080"]) 14:32:23 executing program 3: r0 = socket$inet6(0xa, 0x3, 0x6) mmap(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x2000007, 0x150010, r0, 0x0) r1 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000140)='/dev/dsp\x00', 0x410080, 0x0) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x8000, &(0x7f0000000300)=ANY=[@ANYBLOB="6f3d8c3b345e9ab06a9262a11959601a03706bfbe1ed0c0181c5c0643cf10f5beec2f19015a03cb85dbe3176571715b8fa499e66bc8ee4326f762c4b6c655c174f4f9ef22dabc8922496cd0f5abe904eca22928892de4a2d8861853143e5ef1c37a901b43a0af5e0228c949a49b26e28f204b4cdd558e5", @ANYRESHEX=r1, @ANYBLOB=',wfdno=', @ANYRESHEX=r0, @ANYBLOB=',msize=0x0000000000000000,cachetag=,@,access=any,access=user,version=9p2000.u,loose,version=9p2000.L,smackfsroot=em1{,\x00']) ioctl$TIOCGSID(r1, 0x5429, &(0x7f0000000240)) r2 = getpid() r3 = syz_open_procfs(r2, &(0x7f00000002c0)='net/ip_tables_matches\x00') sendfile(r0, r3, &(0x7f00000000c0)=0x14b, 0x401) signalfd(r0, &(0x7f0000000000)={0x2f6}, 0x8) 14:32:23 executing program 1: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f00000000c0)={'\x00', 0x200}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000200)={0x94, &(0x7f0000000140)}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000140)=@assoc_value, &(0x7f00000001c0)=0x8) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={"76657400000000000000000400", 0x43732e5398416f1a}) [ 985.281511] validate_nla: 16 callbacks suppressed [ 985.281522] netlink: 'syz-executor4': attribute type 16 has an invalid length. [ 985.305737] audit: type=1326 audit(1539268343.884:215): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=8602 comm="syz-executor5" exe="/root/syz-executor5" sig=9 arch=c000003e syscall=228 compat=0 ip=0x45a37a code=0x0 14:32:23 executing program 3: r0 = socket$inet6(0xa, 0x3, 0x6) r1 = syz_open_procfs(0x0, &(0x7f0000000040)='net/raw6\x00') accept4(r0, &(0x7f0000000100)=@un=@abs, &(0x7f0000000000)=0x80, 0x80800) sendfile(r0, r1, &(0x7f00000000c0)=0x14b, 0x401) 14:32:23 executing program 0: r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1, 0x0) write$P9_RLOCK(r1, &(0x7f00000000c0)={0x8}, 0x8) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000740)=ANY=[@ANYBLOB="0000000093000000060000000080"]) 14:32:23 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={&(0x7f0000000000), 0xc, &(0x7f0000000540)={&(0x7f00000003c0)=@newlink={0x28, 0x10, 0x705, 0x0, 0x3617000000000000, {}, [@IFLA_OPERSTATE={0x8}]}, 0x28}}, 0x0) [ 985.307735] netlink: 'syz-executor4': attribute type 16 has an invalid length. 14:32:24 executing program 1: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f00000000c0)={'\x00', 0x400}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000200)={0x94, &(0x7f0000000140)}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) fstat(r0, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0}) getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f00000002c0)={{{@in, @in=@broadcast, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{}, 0x0, @in6=@remote}}, &(0x7f00000003c0)=0xe8) getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffff9c, 0x0, 0x10, &(0x7f0000000400)={{{@in=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@multicast1}, 0x0, @in=@multicast2}}, &(0x7f0000000500)=0xe8) getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffff9c, 0x29, 0x23, &(0x7f0000000540)={{{@in=@multicast1, @in6=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@loopback}, 0x0, @in6=@remote}}, &(0x7f0000000640)=0xe8) getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, &(0x7f0000000680)={{{@in=@dev, @in6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@rand_addr}, 0x0, @in=@remote}}, &(0x7f0000000780)=0xe8) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f00000007c0)={0x0, 0x0}, &(0x7f0000000800)=0xc) fsetxattr$system_posix_acl(r1, &(0x7f00000001c0)='system.posix_acl_access\x00', &(0x7f0000000840)={{}, {0x1, 0x2}, [{0x2, 0x4, r2}, {0x2, 0x4, r3}, {0x2, 0x0, r4}, {0x2, 0x5, r5}, {0x2, 0x7, r6}, {0x2, 0x0, r7}], {0x4, 0x1}, [], {0x10, 0x4}, {0x20, 0x3}}, 0x54, 0x1) getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000140)=@assoc_value, &(0x7f0000000180)=0x8) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={"76657400000000000000000400", 0x43732e5398416f1a}) 14:32:24 executing program 2: write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000180)={0x20, 0xffffffffffffffda}, 0x20) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f00000000c0)={'vcan0\x00', 0x400}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000200)={0x94, &(0x7f0000000140)}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={"76657400000000000000000400", 0x43732e5398416f1a}) 14:32:24 executing program 3: r0 = socket$inet6(0xa, 0x3, 0x6) ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x8914, &(0x7f0000000180)={"76650100000000000000000000008000", 0x8000}) r1 = syz_open_procfs(0x0, &(0x7f0000000040)='net/raw6\x00') bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e24, 0xffffffff, @dev={0xfe, 0x80, [], 0xc}, 0x565a}, 0x1c) sendfile(r0, r1, &(0x7f00000000c0)=0x14b, 0x401) lsetxattr$security_smack_transmute(&(0x7f0000000080)='./file0\x00', &(0x7f0000000100)='security.SMACK64TRANSMUTE\x00', &(0x7f0000000140)='TRUE', 0x4, 0x3) [ 985.458931] netlink: 'syz-executor4': attribute type 16 has an invalid length. [ 985.473818] netlink: 'syz-executor4': attribute type 16 has an invalid length. 14:32:24 executing program 5: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) prctl$seccomp(0x16, 0x1, &(0x7f0000000040)={0x7f01}) 14:32:24 executing program 0: r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1, 0x0) write$P9_RLOCK(r1, &(0x7f00000000c0)={0x8}, 0x8) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000740)=ANY=[@ANYBLOB="00004b0000000000060000000080"]) 14:32:24 executing program 2: write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000140)={0x20, 0xffffffffffffffda}, 0x20) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f00000000c0)={'\x00', 0x400}) syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000200)={0x94, &(0x7f0000000140)}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) r2 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000180)='/dev/vhci\x00', 0x200000, 0x0) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r0, &(0x7f00000001c0)={0xc0000000}) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={"76657400000000000000000400", 0x43732e5398416f1a}) 14:32:24 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={&(0x7f0000000000), 0xc, &(0x7f0000000540)={&(0x7f00000003c0)=@newlink={0x28, 0x10, 0x705, 0x0, 0x6000000, {}, [@IFLA_OPERSTATE={0x8}]}, 0x28}}, 0x0) 14:32:24 executing program 3: r0 = socket$inet6(0xa, 0x3, 0x6) getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r0, 0x84, 0x66, &(0x7f0000000000)={0x0, 0xffff}, &(0x7f0000000080)=0x8) setsockopt$inet_sctp6_SCTP_AUTH_ACTIVE_KEY(r0, 0x84, 0x18, &(0x7f0000000100)={r1, 0x1}, 0x8) r2 = syz_open_procfs(0x0, &(0x7f0000000040)='net/raw6\x00') sendfile(r0, r2, &(0x7f00000000c0)=0x14b, 0x401) 14:32:24 executing program 1: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) socketpair$inet_icmp_raw(0x2, 0x3, 0x1, &(0x7f00000001c0)={0xffffffffffffffff}) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f00000000c0)={'\x00', 0x400}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000200)={0x94, &(0x7f0000000140)}) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000140)=@assoc_value, &(0x7f0000000180)=0x8) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000000)={"76657400000000000000000400", 0x43732e5398416f1a}) connect(r1, &(0x7f0000000240)=@pppol2tpin6={0x18, 0x1, {0x0, r1, 0x3, 0x3, 0x1, 0x1, {0xa, 0x4e23, 0x7, @empty, 0x9}}}, 0x80) 14:32:24 executing program 3: r0 = socket$inet6(0xa, 0x3, 0x6) ioctl$sock_FIOGETOWN(r0, 0x8903, &(0x7f0000000180)) ioctl$TIOCGSID(0xffffffffffffff9c, 0x5429, &(0x7f00000001c0)=0x0) r2 = syz_open_procfs(r1, &(0x7f0000000200)='7\aet.2aw\x00') ioctl$BLKGETSIZE(r2, 0x1260, &(0x7f0000000040)) sendfile(r0, r2, &(0x7f0000000240)=0x14b, 0x3fe) setsockopt$inet6_MRT6_DEL_MFC(r2, 0x29, 0xcd, &(0x7f0000000100)={{0xa, 0x4e22, 0x20, @local, 0x14}, {0xa, 0x4e23, 0xab8, @local, 0x4}, 0x0, [0xb6ce, 0x7, 0x3, 0x9, 0x9, 0x1f, 0xa01, 0x6]}, 0x5c) connect$inet(r2, &(0x7f0000000000)={0x2, 0x4e20}, 0x10) setsockopt$bt_rfcomm_RFCOMM_LM(r2, 0x12, 0x3, &(0x7f0000000080)=0x32, 0x4) [ 986.126117] audit: type=1326 audit(1539268344.704:216): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=8643 comm="syz-executor5" exe="/root/syz-executor5" sig=9 arch=c000003e syscall=228 compat=0 ip=0x45a37a code=0x0 14:32:24 executing program 0: r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1, 0x0) write$P9_RLOCK(r1, &(0x7f00000000c0)={0x8}, 0x8) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000740)=ANY=[@ANYBLOB="0000000000000000010000000080"]) 14:32:24 executing program 2: write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000180)={0x20, 0xffffffffffffffda}, 0x20) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) bpf$OBJ_GET_MAP(0x7, &(0x7f00000001c0)={&(0x7f0000000140)='./file0\x00', 0x0, 0x10}, 0x10) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f00000000c0)={'\x00', 0x400}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000200)={0x94, &(0x7f0000000140)}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={"76657400000000000000000400", 0x43732e5398416f1a}) [ 986.190865] netlink: 'syz-executor4': attribute type 16 has an invalid length. 14:32:24 executing program 3: r0 = socket$inet6(0xa, 0x3, 0x6) r1 = syz_open_procfs(0x0, &(0x7f0000000040)='net/raw6\x00') sendfile(r0, r1, &(0x7f00000000c0)=0x14a, 0x401) 14:32:24 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={&(0x7f0000000000), 0xc, &(0x7f0000000540)={&(0x7f00000003c0)=@newlink={0x28, 0x10, 0x705, 0x0, 0x20000000, {}, [@IFLA_OPERSTATE={0x8}]}, 0x28}}, 0x0) [ 986.241101] netlink: 'syz-executor4': attribute type 16 has an invalid length. 14:32:24 executing program 0: r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1, 0x0) write$P9_RLOCK(r1, &(0x7f00000000c0)={0x8}, 0x8) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000740)=ANY=[@ANYBLOB="0061000000000000060000000080"]) [ 986.369152] netlink: 'syz-executor4': attribute type 16 has an invalid length. [ 986.383902] netlink: 'syz-executor4': attribute type 16 has an invalid length. 14:32:25 executing program 5: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) prctl$seccomp(0x16, 0x1, &(0x7f0000000040)={0xe4}) 14:32:25 executing program 3: r0 = socket$inet6(0xa, 0x3, 0x6) write$binfmt_elf64(r0, &(0x7f0000000100)={{0x7f, 0x45, 0x4c, 0x46, 0x9, 0x7, 0x2, 0x0, 0x2, 0x3, 0x3f, 0x2, 0x2fe, 0x40, 0x1f7, 0xbb, 0x4, 0x38, 0x2, 0x1, 0x6, 0x7814}, [{0x5, 0x9, 0x4, 0x9, 0x6, 0x2, 0x100000000, 0x3fc9797b}], "166eaaec45c8e13f226848d47a039b65cf9d1e", [[], [], [], [], []]}, 0x58b) r1 = syz_open_procfs(0x0, &(0x7f0000000040)='net/raw6\x00') sendfile(r0, r1, &(0x7f00000000c0)=0x14b, 0x401) 14:32:25 executing program 2: write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000180)={0x20, 0xffffffffffffffda}, 0x20) r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/net/tun\x00', 0x101403, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) r1 = openat$selinux_commit_pending_bools(0xffffffffffffff9c, &(0x7f0000000100)='/selinux/commit_pending_bools\x00', 0x1, 0x0) setsockopt$inet6_IPV6_ADDRFORM(r1, 0x29, 0x1, &(0x7f0000000240), 0x4) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f00000000c0)={'\x00', 0x400}) setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000280)='bbr\x00', 0x4) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000200)={0x94, &(0x7f0000000140)}) r2 = openat$vcs(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/vcs\x00', 0x100, 0x0) syz_open_pts(r2, 0x44000) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) sysfs$1(0x1, &(0x7f0000000140)='vboxnet1(&\x00') ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000000)={"76657400000000000000000400", 0x43732e5398416f1a}) 14:32:25 executing program 1: r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f00000000c0)={'\x00', 0x400}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000200)={0x0, &(0x7f0000000080)}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000340)='/dev/net/tun\x00', 0x44800, 0x0) r2 = socket(0x5, 0x80807, 0x40) getsockopt$inet_sctp_SCTP_MAX_BURST(r2, 0x84, 0x14, &(0x7f0000000140)=@assoc_value, &(0x7f0000000080)=0x8) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={"76657400000000000000000400", 0x43732e5398416f1a}) 14:32:25 executing program 0: r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1, 0x0) write$P9_RLOCK(r1, &(0x7f00000000c0)={0x8}, 0x8) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000740)=ANY=[@ANYBLOB="00000000c0000000060000000080"]) 14:32:25 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={&(0x7f0000000000), 0xc, &(0x7f0000000540)={&(0x7f00000003c0)=@newlink={0x28, 0x10, 0x705, 0x0, 0x48000000, {}, [@IFLA_OPERSTATE={0x8}]}, 0x28}}, 0x0) 14:32:25 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) r2 = socket$inet6(0xa, 0x80003, 0x3) ioctl(r2, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070") bind$netlink(r1, &(0x7f0000000080)={0x10, 0x0, 0x0, 0x1}, 0xc) setsockopt$netlink_NETLINK_NO_ENOBUFS(r1, 0x10e, 0x5, &(0x7f0000000000)=0x1, 0x4) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000000140)={{{@in=@rand_addr, @in6=@loopback, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in6, 0x0, 0x2b}, 0x0, @in6=@loopback, 0x0, 0x0, 0x0, 0x3}}, 0xe8) sendto$inet6(r0, &(0x7f00000001c0), 0x0, 0x0, &(0x7f0000000280)={0xa, 0x4e20, 0x0, @local}, 0x1c) r3 = socket$inet6(0xa, 0x3, 0x6) r4 = syz_open_procfs(0x0, &(0x7f0000000040)='net/raw6\x00') sendfile(r3, r4, &(0x7f00000000c0)=0x14b, 0x401) 14:32:25 executing program 2: write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000180)={0x20, 0xffffffffffffffda}, 0x20) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f00000000c0)={'\x00', 0x400}) fcntl$setstatus(r0, 0x4, 0x2000) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000200)={0x94, &(0x7f0000000140)}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={"76657400000000000000000400", 0x43732e5398416f1a}) [ 986.979800] audit: type=1326 audit(1539268345.554:217): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=8702 comm="syz-executor5" exe="/root/syz-executor5" sig=9 arch=c000003e syscall=228 compat=0 ip=0x45a37a code=0x0 [ 987.014281] netlink: 'syz-executor4': attribute type 16 has an invalid length. 14:32:25 executing program 0: r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1, 0x0) write$P9_RLOCK(r1, &(0x7f00000000c0)={0x8}, 0x8) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000740)=ANY=[@ANYBLOB="00000001d0000000060000000080"]) 14:32:25 executing program 3: r0 = socket$inet6(0xa, 0x3, 0x6) r1 = gettid() r2 = syz_open_dev$usb(&(0x7f0000000000)='/dev/bus/usb/00#/00#\x00', 0x8000, 0x4000) ioctl$EVIOCGSND(r2, 0x8040451a, &(0x7f0000000100)=""/4096) r3 = syz_open_procfs(r1, &(0x7f0000000080)="9efae65ac88e61fba58166dc3cb2bf213adaac707f7972640b7542090000000000000073be34b6a123d95e74d7b0136dc8be240c528e373cabf11d0000") sendfile(r0, r3, &(0x7f00000000c0)=0x14b, 0x401) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r2, 0x0, 0x98, 0xcf, &(0x7f0000001100)="3e455abccbf5eb420cea703c46d90ab631b08bba3714559ac3a80e95155d0587a1d184edd62495b7ff7e73a7c22d59a19aaad9736bc04700959089775f41de22ce55bd0293842071cd6704946dd34e916268f8a8788ccc548d3d6d1313dd079ea8b5bfd1894f553a6785fdcd1b599aaaaff49725618f53175d68b6705de886021772c53e935c20064df445fc6c9967033097309f22e0f8d5", &(0x7f00000011c0)=""/207}, 0x28) [ 987.051962] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 987.071459] netlink: 'syz-executor4': attribute type 16 has an invalid length. 14:32:25 executing program 0: r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1, 0x0) write$P9_RLOCK(r1, &(0x7f00000000c0)={0x8}, 0x8) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000740)=ANY=[@ANYBLOB="000000015e000000060000000080"]) 14:32:25 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={&(0x7f0000000000), 0xc, &(0x7f0000000540)={&(0x7f00000003c0)=@newlink={0x28, 0x10, 0x705, 0x0, 0x9effffff, {}, [@IFLA_OPERSTATE={0x8}]}, 0x28}}, 0x0) 14:32:26 executing program 5: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) prctl$seccomp(0x16, 0x1, &(0x7f0000000040)={0xa00000000000000}) 14:32:26 executing program 2: write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000180)={0x20, 0xffffffffffffffda}, 0x20) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f00000000c0)={'\x00', 0x400}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000200)={0x94, &(0x7f0000000140)}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) r2 = openat$selinux_status(0xffffffffffffff9c, &(0x7f0000000280)='/selinux/status\x00', 0x0, 0x0) syz_mount_image$nfs4(&(0x7f0000000300)='nfs4\x00', &(0x7f0000000340)='./file0\x00', 0x3, 0x3, &(0x7f0000000500)=[{&(0x7f0000000380)="246f7d6e8501a8cf7b50aeebc0f007807ec393d1920a79f19559aace7a61f4e5274af3e767ec4d3bbacabd9e314043cb39fdbc97272cb45a252419085eeeb7be6c154ea82141f948b2e8129a774b8f9e68f62551ff58068e774bbe35084fccfccd62892c150992af7eecad20307432c864a1131056167f37453b37494840f253ff43bf51cef2a83934a72c5d6c9733d0fbc5ce92c5bfcf4aa37a00d9fd4be7de816fb70fbaa90a3ec68822c540c7001002894e173cbfae487e035254ff11c18acc60498acf46348192", 0xc9, 0x8}, {&(0x7f0000000480)="4ab9e4392bcd5bf866666edeff3b9dc8c8ed55", 0x13, 0x13e}, {&(0x7f00000004c0)="e0a4239207545365e75df7a51db243ef27d9a645e929a244d69ace9294ed60448c0ed75dad9159398c3c", 0x2a, 0x4}], 0x0, &(0x7f0000000580)='\x00') ioctl$KVM_CREATE_DEVICE(r2, 0xc00caee0, &(0x7f00000002c0)={0x1, r0}) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={"76657400000000000000000400", 0x43732e5398416f1a}) r3 = openat$audio(0xffffffffffffff9c, &(0x7f0000000140)='/dev/audio\x00', 0xc0000, 0x0) bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000640)={r3, &(0x7f00000005c0)="c835da8aa168865b81b048237579a8dce35279e6178c2a4fe41d07", &(0x7f0000000600)=""/53}, 0x18) getsockopt$bt_rfcomm_RFCOMM_LM(r3, 0x12, 0x3, &(0x7f00000001c0), &(0x7f0000000240)=0x4) 14:32:26 executing program 3: r0 = socket$inet6(0xa, 0x3, 0x6) r1 = syz_open_procfs(0x0, &(0x7f0000000040)='net/raw6\x00') sendfile(r0, r1, &(0x7f00000000c0)=0x14b, 0x401) signalfd4(r0, &(0x7f0000000000)={0x100000000}, 0x8, 0x800) 14:32:26 executing program 1: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f00000000c0)={'\x00', 0x400}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000200)={0x94, &(0x7f0000000140)}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) r2 = syz_open_dev$sndpcmc(&(0x7f00000001c0)='/dev/snd/pcmC#D#c\x00', 0xffffffff, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000480)={&(0x7f00000002c0)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x34, 0x4c, 0xfff, {"bfae177489e8d0be7a51b595467fa45a89414fb0ce48f4d5efed89563f35809f2e29c3911c2a896c56056bb411212e2d41e0971b"}}, {0x0, "27817d254ada0afce7df87b2d765c212ac32249145252266d09010cd3019d75f418f037144c7e7fc1ff55259217ee1f9de495912490092e27f0624e0342fb1b7270e03a6ab9a7f799d6d51cc1973d999d995bf90c8c0e6fcb04e8a49afa232f3f643a04f356fa17cecd31bd4ac90131c3be0987805e902d05e4d20b805d505d3b1a32802fb1316abbb5e600b365059776bab06b0c724b81b6765588c0abaaf8cfb6d263344aad511762906c5128819f150e9f684af775461300cbc09611bcffd36ec5b130f01cd654cca303eb46b9587073c5a53699f2092"}}, &(0x7f0000000400)=""/123, 0x126, 0x7b}, 0x20) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r2, 0x84, 0x1d, &(0x7f0000000240)=ANY=[@ANYBLOB="02200000", @ANYRES32=0x0, @ANYRES32=0x0], &(0x7f0000000280)=0xc) getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000140)=@assoc_value, &(0x7f0000000180)=0x8) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={"76657400000000000000000400", 0x43732e5398416f1a}) 14:32:26 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={&(0x7f0000000000), 0xc, &(0x7f0000000540)={&(0x7f00000003c0)=@newlink={0x28, 0x10, 0x705, 0x0, 0x3f00, {}, [@IFLA_OPERSTATE={0x8}]}, 0x28}}, 0x0) 14:32:26 executing program 0: r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1, 0x0) write$P9_RLOCK(r1, &(0x7f00000000c0)={0x8}, 0x8) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000740)=ANY=[@ANYBLOB="00000001c4000000060000000080"]) 14:32:26 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={&(0x7f0000000000), 0xc, &(0x7f0000000540)={&(0x7f00000003c0)=@newlink={0x28, 0x10, 0x705, 0x0, 0xfffffffffffff000, {}, [@IFLA_OPERSTATE={0x8}]}, 0x28}}, 0x0) [ 987.817285] audit: type=1326 audit(1539268346.394:218): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=8742 comm="syz-executor5" exe="/root/syz-executor5" sig=9 arch=c000003e syscall=228 compat=0 ip=0x45a37a code=0x0 14:32:26 executing program 0: r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1, 0x0) write$P9_RLOCK(r1, &(0x7f00000000c0)={0x8}, 0x8) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000740)=ANY=[@ANYBLOB="0000000130000000060000000080"]) 14:32:26 executing program 3: r0 = socket$inet6(0xa, 0x3, 0x6) r1 = syz_open_procfs(0x0, &(0x7f0000000040)='net/raw6\x00') sendfile(r0, r1, &(0x7f00000000c0)=0x14b, 0x401) getsockopt$kcm_KCM_RECV_DISABLE(r1, 0x119, 0x1, &(0x7f0000000000), 0x4) socketpair$inet6_udplite(0xa, 0x2, 0x88, &(0x7f0000000080)) 14:32:26 executing program 1: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) r1 = openat$null(0xffffffffffffff9c, &(0x7f0000000280)='/dev/null\x00', 0x101000, 0x0) getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(0xffffffffffffffff, 0x84, 0x70, &(0x7f00000002c0)={0x0, @in={{0x2, 0x4e24, @multicast2}}, [0x100, 0x0, 0x8, 0x6, 0x2, 0x1, 0x2, 0x7f, 0x4, 0xffffffffffffffb4, 0xffffffffdf72d1bc, 0xfc0, 0x1ff, 0x1c60, 0x4]}, &(0x7f00000003c0)=0x100) getsockopt$inet_sctp_SCTP_GET_PEER_ADDR_INFO(r1, 0x84, 0xf, &(0x7f0000000400)={r2, @in6={{0xa, 0x4e24, 0xffffffffffffa50b, @remote, 0xfff}}, 0x8, 0x3, 0x4, 0xffffffffffffffcb, 0x7e2cd0b3}, &(0x7f00000004c0)=0x98) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) openat$autofs(0xffffffffffffff9c, &(0x7f0000000240)='/dev/autofs\x00', 0x800, 0x0) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f00000000c0)={'\x00', 0x400}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000200)={0x0, &(0x7f0000000280)}) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/net/tun\x00', 0x101000, 0x0) getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000140)=@assoc_value, &(0x7f0000000180)=0x8) ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000000)={"76657400000000000000000400", 0x43732e5398416f1a}) 14:32:26 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={&(0x7f0000000000), 0xc, &(0x7f0000000540)={&(0x7f00000003c0)=@newlink={0x28, 0x10, 0x705, 0x0, 0x200000000000000, {}, [@IFLA_OPERSTATE={0x8}]}, 0x28}}, 0x0) 14:32:26 executing program 0: r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1, 0x0) write$P9_RLOCK(r1, &(0x7f00000000c0)={0x8}, 0x8) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000740)=ANY=[@ANYBLOB="0000000081000000060000000080"]) 14:32:27 executing program 5: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) prctl$seccomp(0x16, 0x1, &(0x7f0000000040)={0x4c000000}) 14:32:27 executing program 2: write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000180)={0x20, 0xffffffffffffffda}, 0x20) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f00000000c0)={'\x00', 0x400}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000200)={0x94, &(0x7f0000000140)}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={"76657400000000000000000400", 0x43732e5398416f1a}) 14:32:27 executing program 3: r0 = socket$inet6(0xa, 0xffffffffffffffff, 0x6) r1 = getpid() fcntl$getownex(r0, 0x10, &(0x7f0000000140)) r2 = syz_open_procfs(r1, &(0x7f0000000100)='net/llc\x00') ioctl$VT_SETMODE(r2, 0x5602, &(0x7f0000000000)={0x320, 0xc97, 0x401}) ioctl$GIO_FONTX(r2, 0x4b6b, &(0x7f0000000080)=""/93) 14:32:27 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={&(0x7f0000000000), 0xc, &(0x7f0000000540)={&(0x7f00000003c0)=@newlink={0x28, 0x10, 0x705, 0x0, 0x3f00000000000000, {}, [@IFLA_OPERSTATE={0x8}]}, 0x28}}, 0x0) 14:32:27 executing program 0: r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1, 0x0) write$P9_RLOCK(r1, &(0x7f00000000c0)={0x8}, 0x8) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000740)=ANY=[@ANYBLOB="0002010000000000060000000080"]) 14:32:27 executing program 1: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000001c0)={'tunl0\x00', 0x43732e5398416f1a}) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f00000000c0)={'\x00', 0x400}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000200)={0x94, &(0x7f0000000140)}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) r2 = dup(r0) mq_timedreceive(r2, &(0x7f0000000040)=""/45, 0x2d, 0x8, &(0x7f0000000240)={0x77359400}) getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000140)=@assoc_value, &(0x7f0000000180)=0x8) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={"76657400000000000000000400", 0x43732e5398416f1a}) 14:32:27 executing program 2: write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000180)={0x20, 0xffffffffffffffda}, 0x20) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/net/pfkey\x00', 0x40000, 0x0) getsockopt$ARPT_SO_GET_REVISION_TARGET(r1, 0x0, 0x63, &(0x7f0000000540)={'icmp6\x00'}, &(0x7f0000000580)=0x1e) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f00000000c0)={'\x00', 0x400}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000200)={0x94, &(0x7f0000000140)}) ioctl$sock_FIOGETOWN(r1, 0x8903, &(0x7f0000000440)=0x0) ptrace$peekuser(0x3, r2, 0x7) r3 = fcntl$dupfd(r0, 0x0, r0) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000400)={r3, &(0x7f00000001c0)="6f02336b3f", &(0x7f0000000300)="0eb6040556deeb1638e3b7d427927ba373cee3ccc170784f4420494fda41484c4d9e7010f8dc57426a1a7cac1ad503868f96d7947dd1a9b3b2de5125045ef9995d6a4a8f7a45e46ce56f5fa53b2f71346dcb4dd896bc546a02468facb7ef9858b607ca1e8c6a496b8e12330500b3a57fcd2addee24ba5689b71e5e9aafe5ef28c288f683e4f56aac33709f016eafa8e12310735e45ee8429a3cdc8cac8cc9074e0ca714880aa251bdccedbce51e5ce58763e65226ef2a44d3dec687fc3052bf05ec716e98855ebdb9a2dfe5d7b121589", 0x3}, 0x20) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) fsetxattr$trusted_overlay_upper(r0, &(0x7f0000000140)='trusted.overlay.upper\x00', &(0x7f0000000240)={0x0, 0xfb, 0x95, 0x4, 0xb7, "b3dd8ef96998de499e0f6dd27b0bd84b", "5ab3217e006cfbea7369753c58b59d3c40b0ee7e37555601b60d1f9fa96720319665db6b0f78f2b7c61aa1b3c1361d118732a940d44ee1c07ac9bd85b8d1ae891d3ff41de27b9fa5097e9a998c1bcbf748326aa9525585ef15cb9b389dabc7720e1c1f2f73aba896e703d381af64245746a0cc7c2c6c71b60987c6825cf1b689"}, 0x95, 0x2) openat$tun(0xffffffffffffff9c, &(0x7f0000000480)='/dev/net/tun\x00', 0x200001, 0x0) ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000000)={"76657400000000000000000400", 0x43732e5398416f1a}) [ 988.651655] audit: type=1326 audit(1539268347.234:219): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=8793 comm="syz-executor5" exe="/root/syz-executor5" sig=9 arch=c000003e syscall=228 compat=0 ip=0x45a37a code=0x0 14:32:27 executing program 3: r0 = socket$inet6(0xa, 0x3, 0x6) r1 = syz_open_procfs(0x0, &(0x7f0000000040)='net/raw6\x00') sendfile(r0, r1, &(0x7f00000000c0)=0x14b, 0x401) ioctl$TIOCCBRK(r1, 0x5428) 14:32:27 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={&(0x7f0000000000), 0xc, &(0x7f0000000540)={&(0x7f00000003c0)=@newlink={0x28, 0x10, 0x705, 0x0, 0x40030000000000, {}, [@IFLA_OPERSTATE={0x8}]}, 0x28}}, 0x0) 14:32:27 executing program 0: r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1, 0x0) write$P9_RLOCK(r1, &(0x7f00000000c0)={0x8}, 0x8) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000740)=ANY=[@ANYBLOB="004d010000000000060000000080"]) 14:32:27 executing program 2: r0 = openat$selinux_avc_hash_stats(0xffffffffffffff9c, &(0x7f00000001c0)='/selinux/avc/hash_stats\x00', 0x0, 0x0) setsockopt$inet_sctp_SCTP_DISABLE_FRAGMENTS(r0, 0x84, 0x8, &(0x7f0000000c00), 0x4) write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000180)={0x20, 0xffffffffffffffda}, 0x20) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000c40)={'veth0\x00', 0x43732e5398416f1a}) ioctl$TUNSETQUEUE(r1, 0x400454d9, &(0x7f00000000c0)={'\x00', 0x200}) write$binfmt_elf32(r1, &(0x7f0000000340)={{0x7f, 0x45, 0x4c, 0x46, 0x2b7, 0x80000001, 0x2, 0x0, 0x7957, 0x3, 0x3e, 0xa16, 0x2ed, 0x38, 0x86, 0x1, 0x1, 0x20, 0x1, 0x8f27, 0x1, 0x7}, [{0x0, 0x10001, 0x3, 0x40, 0x81, 0x4e0e, 0x1017, 0x2000006}], "6af695c80f97e09eb4e64a75188daf6ca5bd3efc9bba3e01cc42fbe2bcd2c13bc4e8be346a4f743ae1853cb2fa8753f474d5541710b2985ed68a237a5a1bedd32d39856acbce93697a7a6cc80200883cba275755c815088114", [[], [], [], [], [], [], [], []]}, 0x8b1) fgetxattr(r1, &(0x7f0000000140)=@known='com.apple.system.Security\x00', &(0x7f0000000240)=""/201, 0xc9) ioctl$TUNATTACHFILTER(r1, 0x401054d5, &(0x7f0000000200)={0x94, &(0x7f0000000140)}) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000000)={"76657400000000000000000400", 0x43732e5398416f1a}) 14:32:27 executing program 1: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f00000000c0)={'\x00', 0x400}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000200)={0x94, &(0x7f0000000140)}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000140)=@assoc_value, &(0x7f0000000180)=0x8) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={"76657400000000000000000400", 0x43732e5398416f1a}) r2 = openat$audio(0xffffffffffffff9c, &(0x7f0000000340)='/dev/audio\x00', 0x400000, 0x0) r3 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000480)='IPVS\x00') sendmsg$IPVS_CMD_SET_SERVICE(r2, &(0x7f0000000540)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000500)={&(0x7f00000004c0)={0x28, r3, 0x700, 0x70bd28, 0x25dfdbfc, {}, [@IPVS_CMD_ATTR_DAEMON={0x14, 0x3, [@IPVS_DAEMON_ATTR_STATE={0x8}, @IPVS_DAEMON_ATTR_SYNC_ID={0x8, 0x3, 0x4}]}]}, 0x28}, 0x1, 0x0, 0x0, 0x4}, 0x20008805) r4 = syz_open_dev$vcsa(&(0x7f00000001c0)='/dev/vcsa#\x00', 0x2, 0x40000) socketpair$inet6(0xa, 0x2, 0x12, &(0x7f0000000400)) recvfrom$inet(r4, &(0x7f0000000240)=""/157, 0x9d, 0x40010100, &(0x7f0000000300)={0x2, 0x4e24}, 0x10) getsockopt$inet_tcp_TCP_REPAIR_WINDOW(r4, 0x6, 0x1d, &(0x7f0000000380), &(0x7f00000003c0)=0x14) 14:32:28 executing program 5: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) prctl$seccomp(0x16, 0x1, &(0x7f0000000040)={0x6c000000}) 14:32:28 executing program 0: r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1, 0x0) write$P9_RLOCK(r1, &(0x7f00000000c0)={0x8}, 0x8) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000740)=ANY=[@ANYBLOB="006d010000000000060000000080"]) 14:32:28 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={&(0x7f0000000000), 0xc, &(0x7f0000000540)={&(0x7f00000003c0)=@newlink={0x28, 0x10, 0x705, 0x0, 0x36170000, {}, [@IFLA_OPERSTATE={0x8}]}, 0x28}}, 0x0) 14:32:28 executing program 3: r0 = socket$inet6(0xa, 0x3, 0x6) r1 = syz_open_procfs(0x0, &(0x7f0000000040)='net/raw6\x00') openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/pfkey\x00', 0x1, 0x0) sendfile(r0, r1, &(0x7f00000000c0)=0x14b, 0x401) 14:32:28 executing program 2: write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000180)={0x20, 0xffffffffffffffda}, 0x20) openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000)='/dev/hwrng\x00', 0x10242, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f00000000c0)={'\x00', 0x400}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000200)={0x94, &(0x7f0000000140)}) openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000140)={'bridge_slave_0\x00', 0x1810}) ioctl$TUNGETIFF(r0, 0x800454d2, &(0x7f00000001c0)) 14:32:28 executing program 1: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) r1 = syz_open_dev$mouse(&(0x7f0000000300)='/dev/input/mouse#\x00', 0x7ff, 0x0) openat(0xffffffffffffffff, &(0x7f0000000440)='./file0\x00', 0x200100, 0x140) socketpair(0x5, 0x2, 0x2, &(0x7f0000000480)={0xffffffffffffffff}) ioctl$BLKROSET(r2, 0x125d, &(0x7f0000000400)=0x1) ioctl$TUNSETQUEUE(r1, 0x400454d9, &(0x7f0000000080)={'\x00', 0x400}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000200)={0x94, &(0x7f0000000140)}) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000340)='/dev/net/tun\x00', 0x0, 0x0) getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000140)=@assoc_value, &(0x7f0000000180)=0x8) ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000000)={"76657400000000000000000400", 0x43732e5398416f1a}) r4 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000001c0)='net/udplite\x00') getsockopt$XDP_MMAP_OFFSETS(r4, 0x11b, 0x1, &(0x7f0000000240), &(0x7f00000002c0)=0x60) [ 989.460419] audit: type=1326 audit(1539268348.044:220): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=8845 comm="syz-executor5" exe="/root/syz-executor5" sig=9 arch=c000003e syscall=228 compat=0 ip=0x45a37a code=0x0 14:32:28 executing program 3: r0 = socket$inet6(0xa, 0x3, 0x6) r1 = syz_open_procfs(0x0, &(0x7f0000000040)='net/raw6\x00') sendfile(r0, r0, &(0x7f00000000c0)=0x14b, 0x0) setsockopt$packet_fanout_data(r1, 0x107, 0x16, &(0x7f0000000100)={0x6, &(0x7f0000000080)=[{0x9, 0x40, 0x75, 0x8001}, {0x8000, 0x7fffffff, 0x0, 0x34000}, {0x9, 0x1, 0x100000000, 0xfffffffffffffffb}, {0x0, 0x1, 0x0, 0x6e}, {0x5, 0x1000, 0x1, 0xfffffffffffffe00}, {0xfffffffffffffffb, 0x55, 0xf590, 0xffffffffffff7fff}]}, 0x10) fsetxattr$trusted_overlay_upper(r1, &(0x7f0000000140)='trusted.overlay.upper\x00', &(0x7f0000000180)=ANY=[@ANYBLOB="00fb7104092e106573c3a30ccf2a6ea0aac74840fd1797e7d36b2b452f2504f1ec75e5c2ace7d11b72cf3bf162c7a99733481afef006020000000000003e8bedf319caa05fd944df7c1598693a563bb30fdc73d0d44e1a420780c98a160ed902b49cbd0e4ee8ccb4d08ba330dc0ebd"], 0x71, 0x3) getsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r0, 0x84, 0x1f, &(0x7f0000000200)={0x0, @in={{0x2, 0x4e20, @remote}}, 0xe, 0x3f}, &(0x7f00000002c0)=0x90) setsockopt$inet_sctp6_SCTP_SET_PEER_PRIMARY_ADDR(r0, 0x84, 0x5, &(0x7f0000000300)={r2, @in6={{0xa, 0x4e24, 0xfffffffffffffff8, @remote, 0x7fffffff}}}, 0x84) ioctl$EXT4_IOC_MIGRATE(r0, 0x6609) open(&(0x7f0000000000)='./file0\x00', 0x80000, 0x0) 14:32:28 executing program 0: r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1, 0x0) write$P9_RLOCK(r1, &(0x7f00000000c0)={0x8}, 0x8) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000740)=ANY=[@ANYBLOB="00fa010000000000060000000080"]) 14:32:28 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={&(0x7f0000000000), 0xc, &(0x7f0000000540)={&(0x7f00000003c0)=@newlink={0x28, 0x10, 0x705, 0x0, 0x8100, {}, [@IFLA_OPERSTATE={0x8}]}, 0x28}}, 0x0) 14:32:28 executing program 2: r0 = socket$inet6(0xa, 0x3, 0x7) clone(0x2102001fff, 0x0, 0xfffffffffffffffe, &(0x7f0000000180), 0xffffffffffffffff) r1 = getpid() sched_setscheduler(r1, 0x5, &(0x7f0000000200)) fcntl$addseals(r0, 0x26, 0x0) write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000180)={0x20, 0xffffffffffffffda}, 0x20) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000040)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) ioctl$TUNSETQUEUE(r2, 0x400454d9, &(0x7f0000000240)={'\x00', 0x400}) r3 = socket(0x10, 0x3, 0x3) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r3, 0x84, 0x64, &(0x7f0000000140)=[@in={0x2, 0x4e24, @multicast2}, @in6={0xa, 0x4e22, 0x4d, @ipv4={[], [], @local}}, @in={0x2, 0x4e24, @broadcast}], 0x3c) ioctl$TUNATTACHFILTER(r2, 0x401054d5, &(0x7f0000000200)={0x94, &(0x7f0000000140)}) getsockopt$inet_sctp6_SCTP_HMAC_IDENT(r0, 0x84, 0x16, &(0x7f00000000c0)={0x7, [0x10000, 0x9, 0xb6b, 0x2, 0xffffffffffff2af5, 0xaef, 0x3]}, &(0x7f00000001c0)=0x12) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000000)={"76657400000000000000000400", 0x43732e5398416f1a}) fsync(r4) 14:32:28 executing program 1: r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) openat$cgroup_int(r0, &(0x7f0000000100)='cpuset.mem_hardwall\x00', 0x2, 0x0) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f00000000c0)={'\x00', 0x400}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000200)={0x94, &(0x7f0000000140)}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000140)=@assoc_value, &(0x7f0000000180)=0x8) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={"76657400000000000000000400", 0x43732e5398416f1a}) 14:32:28 executing program 3: r0 = socket$inet6(0xa, 0x803, 0x5) r1 = syz_open_procfs(0x0, &(0x7f0000000040)='net/raw6\x00') sendfile(r0, r1, &(0x7f00000000c0)=0x14b, 0x401) 14:32:28 executing program 5: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) prctl$seccomp(0x16, 0x1, &(0x7f0000000040)={0x8004000000000000}) 14:32:28 executing program 0: r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1, 0x0) write$P9_RLOCK(r1, &(0x7f00000000c0)={0x8}, 0x8) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000740)=ANY=[@ANYBLOB="008d000000000000060000000080"]) 14:32:28 executing program 3: r0 = socket$inet6(0xa, 0x3, 0x6) r1 = syz_open_procfs(0x0, &(0x7f0000000040)='net/raw6\x00') sendfile(r0, r1, &(0x7f00000000c0)=0x14b, 0x100000000000401) ioctl$KVM_GET_VCPU_MMAP_SIZE(r1, 0xae04) 14:32:28 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={&(0x7f0000000000), 0xc, &(0x7f0000000540)={&(0x7f00000003c0)=@newlink={0x28, 0x10, 0x705, 0x0, 0x6c, {}, [@IFLA_OPERSTATE={0x8}]}, 0x28}}, 0x0) 14:32:28 executing program 2: syz_open_dev$sndmidi(&(0x7f0000000040)='/dev/snd/midiC#D#\x00', 0x6, 0x0) write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000180)={0x20, 0xffffffffffffffda}, 0x20) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000140)={'lo\x00', 0x43732e5398416f1e}) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f00000000c0)={'\x00', 0x400}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000200)={0x94, &(0x7f0000000140)}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={"76657400000000000000000400", 0x43732e5398416f1a}) 14:32:28 executing program 1: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={"766574000000000000380000bd6800", 0x43732e5398416f19}) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f00000000c0)={'bridge_slave_0\x00', 0x400}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000200)={0x94, &(0x7f0000000140)}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000140)=@assoc_value, &(0x7f0000000180)=0x8) r2 = syz_open_dev$dmmidi(&(0x7f00000001c0)='/dev/dmmidi#\x00', 0x81, 0x0) ioctl$GIO_FONT(r2, 0x4b60, &(0x7f0000000240)=""/96) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={"76657400000000000000000400", 0x43732e5398416f1a}) 14:32:28 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={&(0x7f0000000000), 0xc, &(0x7f0000000540)={&(0x7f00000003c0)=@newlink={0x28, 0x10, 0x705, 0x0, 0xffffff9e, {}, [@IFLA_OPERSTATE={0x8}]}, 0x28}}, 0x0) [ 990.298956] validate_nla: 16 callbacks suppressed [ 990.298966] netlink: 'syz-executor4': attribute type 16 has an invalid length. [ 990.303935] audit: type=1326 audit(1539268348.884:221): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=8901 comm="syz-executor5" exe="/root/syz-executor5" sig=9 arch=c000003e syscall=228 compat=0 ip=0x45a37a code=0x0 [ 990.317613] netlink: 'syz-executor4': attribute type 16 has an invalid length. 14:32:28 executing program 0: r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1, 0x0) write$P9_RLOCK(r1, &(0x7f00000000c0)={0x8}, 0x8) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000740)=ANY=[@ANYBLOB="000000002d000000060000000080"]) 14:32:28 executing program 2: write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000180)={0x20, 0xffffffffffffffda}, 0x20) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000100)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f00000000c0)={'\x00', 0x400}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000200)={0x94, &(0x7f0000000140)}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={"76657400000000000000000400", 0x43732e5398416f1a}) 14:32:29 executing program 3: r0 = socket$inet6(0xa, 0x3, 0x6) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000000)={0x0}, &(0x7f0000000080)=0xc) r2 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040)='/dev/rfkill\x00', 0x100, 0x0) ioctl$KDSKBSENT(r0, 0x4b49, &(0x7f0000000200)="40f64eec9bce7c05f81a985135441477781a4a5e497c1bc2395d764100a3eb12") setsockopt$inet_sctp_SCTP_INITMSG(r2, 0x84, 0x2, &(0x7f0000000140)={0x3, 0x1, 0xe3, 0x8001}, 0x8) fsetxattr$trusted_overlay_origin(r2, &(0x7f0000000180)='trusted.overlay.origin\x00', &(0x7f00000001c0)='y\x00', 0x2, 0x3) r3 = syz_open_procfs(r1, &(0x7f0000000240)=';\x00\x00 \x00\x00\x00\x00\x00') ioctl$UI_DEV_CREATE(r2, 0x5501) sendfile(r0, r3, &(0x7f00000000c0)=0x36, 0x401) [ 990.391944] netlink: 'syz-executor4': attribute type 16 has an invalid length. [ 990.409912] netlink: 'syz-executor4': attribute type 16 has an invalid length. 14:32:29 executing program 1: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f00000000c0)={'\x00', 0x400}) r1 = openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000000100)='/selinux/enforce\x00', 0x2302, 0x0) ioctl$DRM_IOCTL_GET_MAP(r1, 0xc0286404, &(0x7f00000001c0)={&(0x7f0000ffb000/0x3000)=nil, 0x299a, 0x6, 0x10, &(0x7f0000ffd000/0x3000)=nil, 0x4}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000200)={0x94, &(0x7f0000000140)}) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240)='/dev/net/tun\x00', 0x800, 0x0) getsockopt$inet_sctp_SCTP_STATUS(r1, 0x84, 0xe, &(0x7f0000000280)={0x0, 0x800, 0x1f, 0x2, 0x80, 0x8, 0x3, 0x4, {0x0, @in={{0x2, 0x4e23, @multicast2}}, 0x7, 0x100000000, 0x2, 0x1f, 0x3e}}, &(0x7f0000000340)=0xb0) semget(0x3, 0x1, 0x1) setsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r1, 0x84, 0x22, &(0x7f0000000380)={0x89a1, 0xd, 0x10001, 0x1c, r3}, 0x10) getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000140)=@assoc_value, &(0x7f0000000180)=0x8) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000000)={"76657400000000000000000400", 0x43732e5398416f1a}) 14:32:29 executing program 0: r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1, 0x0) write$P9_RLOCK(r1, &(0x7f00000000c0)={0x8}, 0x8) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000740)=ANY=[@ANYBLOB="0000000020000000060000000080"]) 14:32:29 executing program 5: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) prctl$seccomp(0x16, 0x1, &(0x7f0000000040)={0x4c00000000000000}) 14:32:29 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={&(0x7f0000000000), 0xc, &(0x7f0000000540)={&(0x7f00000003c0)=@newlink={0x28, 0x10, 0x705, 0x0, 0x300000000000000, {}, [@IFLA_OPERSTATE={0x8}]}, 0x28}}, 0x0) 14:32:29 executing program 2: write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000180)={0x20, 0xffffffffffffffda}, 0x20) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f00000000c0)={'\x00', 0x400}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000200)={0x94, &(0x7f0000000140)}) openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f0000000140)={'ifb0\x00', 0x600}) r1 = syz_open_dev$mice(&(0x7f0000000400)='/dev/input/mice\x00', 0x0, 0x400) ioctl$sock_inet_SIOCSIFNETMASK(r1, 0x891c, &(0x7f0000000440)={'syz_tun\x00', {0x2, 0x4e22, @dev={0xac, 0x14, 0x14, 0x19}}}) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000001c0)={"766574ffffff004b000000001200", 0x100}) 14:32:29 executing program 3: r0 = socket$inet6(0xa, 0x3, 0x6) fcntl$setsig(r0, 0xa, 0x2d) r1 = syz_open_procfs(0x0, &(0x7f0000000040)='net/raw6\x00') sendfile(r0, r1, &(0x7f00000000c0)=0x14b, 0x401) 14:32:29 executing program 0: r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1, 0x0) write$P9_RLOCK(r1, &(0x7f00000000c0)={0x8}, 0x8) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000740)=ANY=[@ANYBLOB="0001fc0000000000060000000080"]) 14:32:29 executing program 1: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f00000000c0)={'\x00', 0x400}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000200)={0x94, &(0x7f0000000140)}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TIOCGSID(0xffffffffffffff9c, 0x5429, &(0x7f00000002c0)=0x0) perf_event_open(&(0x7f0000000240)={0x5, 0x70, 0x5, 0x7fff, 0x5, 0x8, 0x0, 0x3, 0x208, 0x2, 0x2, 0x9, 0xbea3, 0xd662, 0xcdc6, 0x2, 0x7f, 0x1, 0x3d41debc, 0xff, 0x1, 0x3, 0xfffffffffffffffb, 0x1, 0xfffffffffffffff7, 0x9, 0x7fffffff, 0x2, 0x7, 0x9, 0x599, 0x3, 0xfffffffffffffffc, 0x8000, 0x5, 0x9, 0x4, 0x1800000000000, 0x0, 0x4, 0x6, @perf_bp={&(0x7f00000001c0), 0xc}, 0x20120, 0x100000000, 0xfffffffffffffffe, 0x5, 0x3, 0x7, 0x52}, r2, 0x8, 0xffffffffffffff9c, 0x0) getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000140)=@assoc_value, &(0x7f0000000180)=0x8) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={"76657400000000000000000400", 0x43732e5398416f1a}) 14:32:29 executing program 0: r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1, 0x0) write$P9_RLOCK(r1, &(0x7f00000000c0)={0x8}, 0x8) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000740)=ANY=[@ANYBLOB="0059010000000000060000000080"]) [ 991.134506] audit: type=1326 audit(1539268349.714:222): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=8946 comm="syz-executor5" exe="/root/syz-executor5" sig=9 arch=c000003e syscall=228 compat=0 ip=0x45a37a code=0x0 [ 991.164275] netlink: 'syz-executor4': attribute type 16 has an invalid length. 14:32:29 executing program 3: r0 = socket$inet6(0xa, 0x3, 0x6) r1 = syz_open_procfs(0x0, &(0x7f0000000040)='net/raw6\x00') sendfile(r0, r1, &(0x7f00000000c0)=0x14b, 0x401) r2 = semget$private(0x0, 0x1, 0x2) semctl$GETPID(r2, 0x0, 0xb, &(0x7f0000000100)=""/237) [ 991.188502] netlink: 'syz-executor4': attribute type 16 has an invalid length. 14:32:29 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={&(0x7f0000000000), 0xc, &(0x7f0000000540)={&(0x7f00000003c0)=@newlink={0x28, 0x10, 0x705, 0x0, 0x100000000000000, {}, [@IFLA_OPERSTATE={0x8}]}, 0x28}}, 0x0) 14:32:29 executing program 0: r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1, 0x0) write$P9_RLOCK(r1, &(0x7f00000000c0)={0x8}, 0x8) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000740)=ANY=[@ANYBLOB="005a010000000000060000000080"]) 14:32:29 executing program 3: r0 = socket$inet6(0xa, 0x3, 0x6) openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x400041, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000040)='net/raw6\x00') faccessat(r1, &(0x7f0000000080)='./file0\x00', 0x0, 0x500) sendfile(r0, r1, &(0x7f00000000c0)=0x14b, 0x401) 14:32:29 executing program 1: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f0000000300)={'\x00', 0x400}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000200)={0x94, &(0x7f0000000140)}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000140)=@assoc_value, &(0x7f0000000180)=0x8) r2 = syz_open_dev$audion(&(0x7f00000001c0)='/dev/audio#\x00', 0x3f, 0x400) sendto$unix(r2, &(0x7f0000000240)="edbb47d6d4d4d0c147d09cf1244b189652ffce43e3dd618204ceb636f3a5379dbb75494f3e28005c70470b29741d61995f592d9c211a3b5612a25abe2bf5", 0x3e, 0x80, &(0x7f0000000280)=@file={0x0, './file0\x00'}, 0x6e) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={"76657400000000000000000400", 0x43732e5398416f1a}) [ 991.325994] netlink: 'syz-executor4': attribute type 16 has an invalid length. [ 991.359000] netlink: 'syz-executor4': attribute type 16 has an invalid length. 14:32:30 executing program 5: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) prctl$seccomp(0x16, 0x1, &(0x7f0000000040)={0x300000000000000}) 14:32:30 executing program 2: write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000180)={0x20, 0xffffffffffffffda}, 0x20) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) r1 = openat$audio(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/audio\x00', 0x145982, 0x0) ioctl$RTC_WIE_OFF(r1, 0x7010) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f0000000140)={'\x00', 0x200}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000200)={0x94, &(0x7f0000000140)}) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000000)={"76657400000000000000000400", 0x43732e5398416f1a}) 14:32:30 executing program 0: r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1, 0x0) write$P9_RLOCK(r1, &(0x7f00000000c0)={0x8}, 0x8) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000740)=ANY=[@ANYBLOB="00ec010000000000060000000080"]) 14:32:30 executing program 3: socket$inet6(0xa, 0x3, 0x6) r0 = syz_open_procfs(0x0, &(0x7f0000000140)='mounts\x00') sendfile(r0, r0, &(0x7f0000001200)=0x114b, 0x7f) ioctl$SNDRV_CTL_IOCTL_HWDEP_NEXT_DEVICE(r0, 0xc0045520, &(0x7f0000000100)=0x6) setsockopt$inet_sctp6_SCTP_FRAGMENT_INTERLEAVE(0xffffffffffffffff, 0x84, 0x12, &(0x7f00000011c0)=0x2, 0x4) bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000080)={r0, 0x1, 0x1, 0xfffffffffffffffc, &(0x7f0000000000)=[0x0], 0x1}, 0x20) ioctl$sock_inet_SIOCSIFNETMASK(r0, 0x891c, &(0x7f0000001180)={'bridge_slave_0\x00', {0x2, 0x4e20, @rand_addr=0xd1e}}) sendto$inet6(r0, &(0x7f0000000180)="a0c2ebe45a9b0c52d77359c8befd4f69afcffa5b1620ccb892fa7d2cb79d20786ec81e552ca07f9c0f8660bd2939cda26aeb4128b4807afd98a212027e741b6323f5e947a2673cc991b906e0a6709261948500512b9f119b2f53ccfa9722479c298e4068f749c3e299cd07dae954f9ea8085bcd5913de10467d6306fbf3c0316357f3666fa42b03b695af525a6ce736a3d80babe2fc0a118ebd2eab7e37e401d8e5763077bf122e32255ddb3414fff898d9ec30e3273a5404e077435677e303979c82140f50f11db62090ce9af71e1b1957e5169e1d8fdf3e51ddfbb8ebf15c7aaaa938e91566023bc80564711c6f91d5ad21658ff02d3f04e33c734daba842c2b2c13f686a6ae0e3f9d89a0db1f70e50c9168ec1a5354a4f3705322fdfa0601959b06bb778722b97c758eb0918f32263ae00301f14f1c0ce630327cf122790a042276fab1cc84055544de917dc8f8565a9e7d479014d291807a464fe4ec240d97fdafaa3720a45a3ad8b3362e3e0370ba0b1d1895445058a4efdc083ff5d2532506c913f6d1332ff002a5ac74b8569c686ac34ade725cfa99b2d711e8df2ce9ab3e23a6d185cc1d9245f90ec56ca1b8ec8bfe93cbd3e689c417429fcc85257383408da6a77b61618035d29bcc2d5f2a8a4ca3e9cba6f6a262148cb92ba376ae4d4d611910df60c536c92f317819739447b437b6575c0788aa85a58bb5a2b3d8ed07b85922eb2e44979e98f83cc7cc5932a0df968681d608df2257c972ea78b53187e2e73230c922d4fd428a28e544ebba9bfb0e51e21266aec122adf90440cae099104b32753e4d6abcf60e7333d7e4e98861fcf9a8acd68eaffe98d7e1fb98194682d7e29d66a905d942044d3455d3dd9159c6cb04d83754b8056bd34eb67238d8614ab815e160df05ac06410c973c3e662e7e9471cfcbd1020523218f1b7a9251b265b21b3ceeb39f927e827a40c06eab8f4f45e220fb705e3f90300c08cb472df3f6dd8eb67f56cbf12bf4c66fa6f940151ee4887fc938b1a491d7d04494a9c1b39d2c7ce15ffd583a32889e0eb42e080c90dab2f74b98208013afb93601ebaabcb2a879402ade8838e7dbb42b4177b015ebcdc72c7c4c0bd3ff776c00452153e1d4a5975c3911eb0c073b539c0e3383f1c3bf3024af3fb3b8d04a3dadef954e2a8c65b105cee705093373f2229b9cf7f1104e06668c8031f0d1c8f8600310fd7ee8a3a7b6ec74184fd9b848c6082981329d2b3641591958fc3ffe5436eb6fe44cd04eedbd55ade26896fb0675f1533bd95299d521c79111829d28ba179c5fb560e04b18762410b09482ec19e676190f99437984acbc69f9ef776ba688d8be1d56c770ea3c5ad424946dcf347cc2d66545893a2de75a6e33d33121c61994acc2540cef17b870ccdd5e19492e6cacff6c0b920f88767a12d46a2212b488b9f252aedd15a7cf8990912e457f5171238de93e87858f0304412027056c0127af810457bd662f29adb21ea6a02cd7978b91c53dac7b9c3abf4d9ea537aab102e95c949c01a31ff55a786fe531e9bdd1f4a3cc0581e96c3aaf548c91bed527cb0fa2555013fc7c4bfd2a182a2d98955192a3f09405697ab0960ecce2c2c430fdf78f0c6865cef45916565ce32425433ff0876af29eb360546c17cf90629b3cd1568a64870cc8d8228c84871ff5d1ff9e0124c0b25989f7ef05d40e486c64e8b2ffbc9be77be0e02eb195acfe3dabc17a656917e422cb48219113d98f68bc86a7b59b37affe9e1c8ec6601a39153db90258fadb41e87dbee38a73d1007fa965a9fefeb2d2bead4c772a1aa553ec9d5274f66582a1f3bf36a340e8d0215f52881db95081df1b163c0e5ad0334c1bcbdba720ef97233b45e6f8615e56af7e70716b404c456269285cfc371888d02ed6b96630f1682477b39b6b8d7bf98295ea20bebc9f607faefb2a9718378d736c73016843bfb8401edb28f99709fe18a19999da73e684c4399dc5b4c2821ad31d16613f307b80d02895f2a499c90f2c2d61d232d43fb1f7574fb82f3b7221030455bdd76e4d7b75d6122e64a2bd7559e8ed3103affea3a855013fe4631e23e801b42af0dc81ef3912b22239470a91ecfd91e1ace949b6e8320f899ece747b708b6e3177fbf1748a49d4c0e41fd8e2b861d05555610d5bbc8c01f4e3f43a0754ed998fdcc20e97f64c425908e1240a1dbe93252a3214bc4911ddfc9177647c3df094ce4bf31e960a1a49fd967c8da4646de1e57054e344a31253fd56c43ebc70f9acdc1d6bac58d772f29fd70e0c82abe2e25e735883a0463a1e8325fc1fa93f02e75c434ca6dee7053dff2ed9395f92df6e9bb1e9471675a74d04d5abb5af9e457830246c3823313fd6d785016028527ecf184b9cc5178273488b4c1c09af4016ea32c7d6a14533e1c48a6883c703dfd92b20cc79c49e8f71525d2c8fbbe7a2f17d3fc4a79f92a812d0b2d6f22f00e6ac31b22280e8ea5507070c3890a4edb61141d0d233543b549b9364f6b69d04de0cc74087015f79805321f64d68a7f8d889616e567a22bfb44584f0f9b8028374b8d54c8f995ef513d62c700b9e8d2347c87f0d8a944af8de145aff8da451f4e4fa773c84e62ace95a937d7c4f797c7b9a227e43d6b2f242c21d13787ca963f3c195f55db1b1d7e1685be69c9f2b45f6f48355754d8da24940670c1c40dcd4009918a041594cd86f9fd414c59ff0c867b5ebb15bca1806a52ba8d46653302652d0eb6e47171b19b8d5a9cd20f9d8a3156283735493d05e98e360eb418c7158b442a37a9ef663620f32f0b5ba3a0113b7053da93638c3105bc6b994cf4358ed4893c8b58b2aa2b64cc45d78474580d031efc0e71e39d01b813eaf9aba5029fd11a17e374a512e54c93a453c29f68d7a10933c99eaed57dd44f928286990bdd00e1c6bb641e541dcb15b585685418dceb8429e2c62811889707c5f866b816307921d9aa2cf7d44a322aee9ef9ce011fc27f532bee37755bb517696a1bf79cda4f2889f77d464bc6ecb12d15b52bc2d2ea2cd5a93c17eab213cb58dfc74aeefcd11e026d608a699524367202013928890a319e60d5f7342ad7a143fbd8c8e7a371f45c442b699fe5247da6b8e40ba4f0725fdaebd34f1ec9890e7ff974e11b1f35143886aa8eccdd4b24adba34b13771548e2b867bf596441e25312e3934dcffa31adeee8b7daba3a6ac0a6f6ef8aae52c19026db0c4ebce5da4a21d5d86d5806081ed14590da8b5832c5b7646c8aeb1e0e7054aaa4a4657192d582ebc46666bb77a3453961773730d45a2f0ae1655f380f25f057f0bbee7c6dde5685b5b8418c298b6db054611fbdd9e0fd131f75c03e68a62a97d604c109fcdbe5294af6c06fece4693b3f097efdb08385fb7839e95b3d98af84df7680b7b31351e0f6d2e4546a3022139d575dfc5eaf7c8ea65d811449a9e0ff8f5d4627339907190a58a1d6d04a8dae4bc2202bf81d81bbfcf60ae5c141b41819799c411454fdd40aea2e42c8cbf2fc7ef6c9de00ecde9c366957b8f7d4a8fdb8369f17151946f7e417e787be618309c0fc31d3e1b667d883941637a02d6f4ab2cfd16f6613a51d5a2fa0f133bd0e6de2176875cb741752cfa1007d688b8225d96129144b93b108f0edd3af50b1faf3a1181664b4838b4d25c57a2dc0a54c8b72349783078dfeee4e3a4297cbc7db7b82a3723b40cb56adcb4698736bea627bea247c90ec898ba7733972d1efd6ed74f8f4698a3432180f1fc860d0f3198e442896e6b3e6e8abff9c2619f767994ef17a215342030b79d7227491aca6f86c94a4a5d0ce78be35e81009551321d45ca07cc40068c62d7893f92c54d9cc03097125a17d71928ecf3125caab0d7e50b9887cd5d85753f5a040903808c110236fb47b1a1806838ed9434b262679991ebab1944188d27e35496a8a6ca89aa1a46ee27d03a9bbe82163f466fdcb357d746015e4a1121949c1a1f5c7a936d6fed27a335fdebff96dbb1b556481a451c0f0f62b12a735eb6f1736fc1c78032c821929aa5d0569f8c7c7672e8af5cfbbcbaf9e04563c7f0243ae74de68fc9d0437e2a2d7ba4f995c8572912f0b235c90824d3ff356657cbf56a3ede8226e477152448192195e75fc5fb72ddc758683e8744852ffcb5fc7bb1e05e39d54eb5e291d57f14fbd58adb11069812f9f7400bb2804a8b0f5b463babf65d1455dd047bdc95c7c22a54dcdfd44ab46b39ac99c31be254e487a94af3e05288a377b1f15d8961de598fefd8d8b7ab5d6a723848c63013246fd0bc91676a6001d8fa0cc3a70237a1e4a1eea68cc6b755e43c33c3388d53f52bab4ad2f91c979dd60fa71d38c77218c899f70f2367e37a5bcdfe5ebffa2e1cef92a29acb0d63c5751becc3a9c3669feae61a1be5af4a60f1b0403ffc19e1522eaa68ed95bbf3fafeab2a12d7fe92afa40d4379bd525f8cbdf0e19edc0c1365094ff12b554d09cc560c00b90b51c147309648f89c85317bcded6060da8234d3822aa3fc32a7feb0453a1efa4448dc0c3c53452d2cf390cf431d7978329e0f8c383f32f93ee7c77075c7627e76ca58a8092d5725550343b0d447ec0b23794b6c165271ec8023f5cba668bfb9a8f5b4c7966df61588616b118266d85068d71e51f5fca524f8096e48d091bc521236b6dc6eba2ec978f24ebe82d9905ef6c44702a9b0e1f533ee9e419477028060f9beea0786c222ec22088ab032b957f51ed30b9f95f67d8462c2e8845e4e8b6fc2302964a134230303fbf8f9277e535c3aaf12b92ffea742c903e109987ac9ea165fd079ffe403ac17d132406d87dd69af44940def1f650e5a6c7ee837834f0ec934b79a063af1c131febe229f2746d51b6024f85b0aa6ae8df8a03c946d9329fc14cf7852814388af1d7099f4971ab7ff42bc51a01a365267dbdeb6d2e64abbb1c93c08dc38c8c19511d96127fc2b879b9d58dd7085231bbf422233fb2c632147c1648eab39d0b27c96d393ffd0fd40ec7ae4c44b6a71c669c0a4e7d01cbae23d57334ccb878036ffa28141c7d2c804938141ecca0069756f50621360dd0c3b8c8b0a2dfd8dc0c97ea3097a4010c69c434da372b1d0b5023eabac02622417e157fc2c9b8f6dcf342fc02c5bbca715bb82e69ff921329b8e6305d3f206eb265594dc93b3a7d68a6efa1ee81d3c5cb3573d0b8b7bc4d2dd1f43b5a841e78bc0a5dcc70d2d04fe42ccf2d4c84ce79543493ce623493da105fe25f674da0e62d00a3cba4b0a1276ef55f9eeea507cd469ac0a4e4379e04016fe7ba91c1cc3076f184aaee7ca941ad888b2f399ce9771c256ce16d28cfa088e15cb6268e661e0087d49e2ceee256921a84c3a0f0f945b06e6561a438f32a76b77b02cdb0eb1fa14461df9b73709799765563803c161484f59f1ca8f727fc4c568fd6f1848a44648925d3b8a6f44ef556db92025aaff6c018586f8a15c9ee90de4be4a49723afab8bb500ae31069c658176e502d13dbb38ceeffa8f12940b466d8a37890be170eba4b725f555a28ebab8edc2188ac8365e2ea9d968544949c0a790c3cb35f1fbcbcac162813113ee6be0028cd66dafa3f81de78e867a2248183a58edb58279a72050679654ac47e60a409fa1eef9c5962bf0bb94e737b09bab9b859dbf783cb46be800cdbc8425ee3ec2ed0ade98aa3a1701e5ddfbbd7e9fa2832f530dcd152e67f8c8a85b1d9c6ebcabf138a84070ea8b623de6dda29f9cb18afa1ec77a47c278402fa2592961075301b9521c5d0a5ccb21389d94b57513fcc", 0x1000, 0x40000, &(0x7f0000000040)={0xa, 0x4e23, 0x0, @mcast1, 0x3}, 0x1c) 14:32:30 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={&(0x7f0000000000), 0xc, &(0x7f0000000540)={&(0x7f00000003c0)=@newlink={0x28, 0x10, 0x705, 0x0, 0x4800000000000000, {}, [@IFLA_OPERSTATE={0x8}]}, 0x28}}, 0x0) 14:32:30 executing program 1: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) r1 = openat$selinux_checkreqprot(0xffffffffffffff9c, &(0x7f0000000280)='/selinux/checkreqprot\x00', 0x4000, 0x0) ioctl$DRM_IOCTL_MODE_GETCRTC(r1, 0xc06864a1, &(0x7f0000000300)={&(0x7f00000002c0)=[0x4, 0xbf18], 0x2, 0xffff, 0x8, 0x6, 0x100000000, 0xffffffff, {0x7f800, 0x3ff, 0x5, 0x515, 0x8, 0x8, 0x0, 0x0, 0x3, 0x5, 0x2, 0x6, 0x7, 0x3, "cf0bd69c19d9d951bcddf0975f461233f7d9b5013aff8e6112c30d79d0e94f50"}}) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f00000000c0)={'\x00', 0x400}) r2 = openat$ipvs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/sys/net/ipv4/vs/lblcr_expiration\x00', 0x2, 0x0) ioctl$TIOCLINUX5(r2, 0x541c, &(0x7f0000000240)={0x5, 0x100000001, 0xf9, 0x7ff, 0x468}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000200)={0x94, &(0x7f0000000140)}) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000140)=@assoc_value, &(0x7f0000000180)=0x8) ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000000)={"76657400000000000000000400", 0x43732e5398416f1a}) 14:32:30 executing program 0: r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1, 0x0) write$P9_RLOCK(r1, &(0x7f00000000c0)={0x8}, 0x8) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000740)=ANY=[@ANYBLOB="006d000000000000060000000080"]) 14:32:30 executing program 3: r0 = syz_open_dev$sndpcmp(&(0x7f0000000000)='/dev/snd/pcmC#D#p\x00', 0xff, 0x40) write$FUSE_POLL(r0, &(0x7f0000000080)={0x18, 0x0, 0x6}, 0x18) r1 = socket$inet6(0xa, 0x3, 0x6) r2 = syz_open_procfs(0x0, &(0x7f0000000040)='net/raw6\x00') ioctl$LOOP_SET_STATUS(r2, 0x4c02, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x13, 0x14, "9dfc8b97568c143b032fe378eed11563464de66a0dbfd52bc61a07bd7cc4669630bc72aecfee7acbeaf0b58865936adfb3f2dd2978ed9fe821119e8c3cf479e6", "3d9f72d62673abc4b13d89d714e5fcc171a3e0712ac87ef2db0386486a02d217", [0x0, 0x1]}) sendfile(r1, r2, &(0x7f00000000c0)=0x14b, 0x401) [ 991.974044] netlink: 'syz-executor4': attribute type 16 has an invalid length. [ 991.985215] audit: type=1326 audit(1539268350.564:223): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=8999 comm="syz-executor5" exe="/root/syz-executor5" sig=9 arch=c000003e syscall=228 compat=0 ip=0x45a37a code=0x0 [ 992.015722] netlink: 'syz-executor4': attribute type 16 has an invalid length. 14:32:30 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={&(0x7f0000000000), 0xc, &(0x7f0000000540)={&(0x7f00000003c0)=@newlink={0x28, 0x10, 0x705, 0x0, 0x74000000, {}, [@IFLA_OPERSTATE={0x8}]}, 0x28}}, 0x0) 14:32:30 executing program 2: write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000180)={0x20}, 0x20) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f00000000c0)={'\x00', 0x400}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000200)={0x94, &(0x7f0000000140)}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={"76657400000000000000000400", 0x43732e5398416f1a}) r2 = memfd_create(&(0x7f0000000140)='\'\x00', 0x3) ioctl$LOOP_CTL_GET_FREE(r2, 0x4c82) ioctl$sock_proto_private(r2, 0x89e9, &(0x7f0000000240)="d9ef6f9d47c4458cce6a7425e5fdf8c7f0691d89fd6ad9bae6ac9e659b988995d0fa2ba15e2750f554acd065f132225ada6ff0dccc1321d18ad7d53eda1a0373ca214caaa8feb8f6eb0c08b5b8b0ba31e868f64e114709d9a9d02e839777139fd8517fa292b57e4cf961c402ffc214b7b46facadcd1b5078288953f66078e5abd4187dba29386be008cb2dbea25914d9") 14:32:30 executing program 0: r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1, 0x0) write$P9_RLOCK(r1, &(0x7f00000000c0)={0x8}, 0x8) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000740)=ANY=[@ANYBLOB="00003b0000000000060000000080"]) 14:32:30 executing program 3: r0 = memfd_create(&(0x7f0000000000)='net/raw6\x00', 0x2) r1 = socket$inet6(0xa, 0x1, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000040)='net/raw6\x00') recvmsg$kcm(r2, &(0x7f00000013c0)={&(0x7f0000000100)=@ethernet={0x0, @random}, 0x80, &(0x7f0000001340)=[{&(0x7f0000000180)=""/4096, 0x1000}, {&(0x7f0000001180)=""/233, 0xe9}, {&(0x7f0000001280)=""/150, 0x96}], 0x3, &(0x7f0000001380)=""/52, 0x34, 0x1}, 0x10003) setsockopt$inet_sctp_SCTP_I_WANT_MAPPED_V4_ADDR(r0, 0x84, 0xc, &(0x7f0000001400)=0x769, 0x4) sendfile(r1, r2, &(0x7f00000000c0)=0x14b, 0x401) ioctl$sock_inet_SIOCGIFBRDADDR(r1, 0x8919, &(0x7f0000000080)={'bridge0\x00', {0x2, 0x4e23, @remote}}) fcntl$setsig(r0, 0xa, 0x22) 14:32:31 executing program 5: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) prctl$seccomp(0x16, 0x1, &(0x7f0000000040)={0x6c00}) 14:32:31 executing program 1: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) fcntl$setflags(r0, 0x2, 0x1) getsockname$unix(r0, &(0x7f0000000340)=@abs, &(0x7f00000001c0)=0x6e) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f00000000c0)={'\x00', 0x400}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000200)={0x94, &(0x7f0000000140)}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000140)=@assoc_value, &(0x7f00000003c0)=0x8) ioctl$TUNSETNOCSUM(r1, 0x400454c8, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={"76657400000000000000000400", 0x43732e5398416f1a}) ioctl$FS_IOC_GETFSLABEL(r0, 0x81009431, &(0x7f0000000240)) 14:32:31 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={&(0x7f0000000000), 0xc, &(0x7f0000000540)={&(0x7f00000003c0)=@newlink={0x28, 0x10, 0x705, 0x0, 0x7, {}, [@IFLA_OPERSTATE={0x8}]}, 0x28}}, 0x0) 14:32:31 executing program 0: r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1, 0x0) write$P9_RLOCK(r1, &(0x7f00000000c0)={0x8}, 0x8) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000740)=ANY=[@ANYBLOB="00006a0000000000060000000080"]) 14:32:31 executing program 3: r0 = socket$inet6(0xa, 0x3, 0x8006) r1 = syz_open_procfs(0x0, &(0x7f0000000040)='net/raw6\x00') sendfile(r0, r1, &(0x7f00000000c0)=0x14b, 0x401) fcntl$getown(r0, 0x9) 14:32:31 executing program 2: r0 = openat$selinux_avc_hash_stats(0xffffffffffffff9c, &(0x7f0000000280)='/selinux/avc/hash_stats\x00', 0x0, 0x0) write$FUSE_OPEN(r0, &(0x7f0000000180)={0x20, 0xffffffffffffffda}, 0x20) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) r2 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/vga_arbiter\x00', 0x400000, 0x0) socketpair(0x0, 0x1, 0x4, &(0x7f0000000240)={0xffffffffffffffff}) ioctl$FUSE_DEV_IOC_CLONE(r2, 0x8004e500, &(0x7f00000002c0)=r3) mbind(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x0, &(0x7f0000000140)=0xfff, 0x81, 0x2) ioctl$TUNSETQUEUE(r1, 0x400454d9, &(0x7f00000000c0)) ioctl$TUNATTACHFILTER(r1, 0x401054d5, &(0x7f0000000200)={0x94, &(0x7f0000000140)}) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000000)={"76657400000000000000000400", 0x43732e5398416f1a}) 14:32:31 executing program 0: r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1, 0x0) write$P9_RLOCK(r1, &(0x7f00000000c0)={0x8}, 0x8) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000740)=ANY=[@ANYBLOB="008f000000000000060000000080"]) 14:32:31 executing program 3: r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/raw6\x00') sendfile(0xffffffffffffffff, r0, &(0x7f00000000c0)=0x14b, 0x401) write$selinux_validatetrans(r0, &(0x7f0000000100)={'system_u:object_r:var_lock_t:s0', 0x20, 'system_u:object_r:public_content_rw_t:s0', 0x20, 0xa7, 0x20, 'unconfined\x00'}, 0x69) [ 992.823760] audit: type=1326 audit(1539268351.404:224): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=9043 comm="syz-executor5" exe="/root/syz-executor5" sig=9 arch=c000003e syscall=228 compat=0 ip=0x45a37a code=0x0 14:32:31 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={&(0x7f0000000000), 0xc, &(0x7f0000000540)={&(0x7f00000003c0)=@newlink={0x28, 0x10, 0x705, 0x0, 0x7a, {}, [@IFLA_OPERSTATE={0x8}]}, 0x28}}, 0x0) 14:32:31 executing program 1: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f00000000c0)={'\x00', 0x400}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000200)={0x94, &(0x7f0000000140)}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000380)=@assoc_value, &(0x7f00000003c0)=0xfffffffffffffec4) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={"76657400000000000000000400", 0x43732e5398416f1a}) 14:32:31 executing program 2: write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000180)={0x20, 0xffffffffffffffda}, 0x20) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f00000000c0)={'\x00', 0x400}) r1 = openat$selinux_avc_cache_threshold(0xffffffffffffff9c, &(0x7f0000000480)='/selinux/avc/cache_threshold\x00', 0x2, 0x0) ioctl$LOOP_SET_STATUS(r1, 0x4c02, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x1, 0x3, 0xf, 0x4, "0a08a974f60d6acfcce09f6c486be7cf8616ece24e0f41d7af0100fa7e914c1db03832e9676c4a4e478b3daa3d64d369e23d6bed8977b95178d8470b92d09349", "acf9d68eef01ee84c526877c4e326c3f5477bedd73ed0d939101ce34744d26f8", [0x64f, 0x9]}) ioctl$TUNGETVNETHDRSZ(r0, 0x800454d7, &(0x7f0000000200)) ioctl$FS_IOC_SETVERSION(r0, 0x40087602, &(0x7f0000000100)=0xfffffffffffffffb) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f0000000140)='/dev/net/tun\x00', 0x40, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000000)={"76657400000000000000000400", 0x43732e5398416f1a}) 14:32:31 executing program 3: r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/raw6\x00') sendmsg$nl_crypto(r0, &(0x7f0000000240)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000080)={&(0x7f0000000100)=@del={0x128, 0x11, 0x200, 0x70bd2b, 0x25dfdbfb, {{'authencesn(speck128-generic,ctr(camellia))\x00'}, [], [], 0x400, 0x2400}, [{0x8, 0x1, 0x2110}, {0x8, 0x1, 0x10001}, {0x8, 0x1, 0x20}, {0x8, 0x1, 0x2}, {0x8, 0x1, 0xfd3}, {0x8, 0x1, 0xdc}, {0x8, 0x1, 0x3}, {0x8, 0x1, 0x2}, {0x8, 0x1, 0x400}]}, 0x128}, 0x1, 0x0, 0x0, 0x8000}, 0x880) sendfile(0xffffffffffffffff, r0, &(0x7f00000000c0)=0x14b, 0x401) getsockopt$bt_BT_FLUSHABLE(r0, 0x112, 0x8, &(0x7f0000000280)=0x6, &(0x7f00000002c0)=0x4) 14:32:32 executing program 5: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) prctl$seccomp(0x16, 0x1, &(0x7f0000000040)={0x48}) 14:32:32 executing program 0: r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1, 0x0) write$P9_RLOCK(r1, &(0x7f00000000c0)={0x8}, 0x8) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000740)=ANY=[@ANYBLOB="004e000000000000060000000080"]) 14:32:32 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={&(0x7f0000000000), 0xc, &(0x7f0000000540)={&(0x7f00000003c0)=@newlink={0x28, 0x10, 0x705, 0x0, 0x68, {}, [@IFLA_OPERSTATE={0x8}]}, 0x28}}, 0x0) 14:32:32 executing program 3: r0 = socket$inet6(0xa, 0x3, 0x6) r1 = syz_open_procfs(0x0, &(0x7f0000000040)="6e65742f7261771700") sendfile(r0, r1, &(0x7f00000000c0)=0x14b, 0x401) write$FUSE_NOTIFY_STORE(r1, &(0x7f0000000100)=ANY=[@ANYBLOB="2e000000040000000000000000000000040000000000000000000100000000000600000000000000000000000000c8553361ce1ab7be870a5e800523fbd9e0fdacef63eb1ce4294aa67e10ff4a9b246cc164"], 0x2e) 14:32:32 executing program 2: write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000180)={0x20, 0xffffffffffffffda}, 0x20) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f00000000c0)={'\x00', 0x400}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000200)={0x94, &(0x7f0000000140)}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) r2 = shmget$private(0x0, 0x3000, 0x78000100, &(0x7f0000ffb000/0x3000)=nil) shmctl$SHM_UNLOCK(r2, 0xc) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={"76657400000000000000000400", 0x43732e5398416f1a}) r3 = syz_open_dev$adsp(&(0x7f0000000140)='/dev/adsp#\x00', 0x4, 0x4002c0) ioctl$sock_inet_tcp_SIOCINQ(r3, 0x541b, &(0x7f00000001c0)) 14:32:32 executing program 1: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f00000000c0)={'\x00', 0x400}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000200)={0x94, &(0x7f0000000140)}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) r2 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000280)='/dev/vcs\x00', 0x4200, 0x0) ioctl$SCSI_IOCTL_GET_PCI(r2, 0x5387, &(0x7f0000000300)) ioctl$TUNSETFILTEREBPF(r0, 0x800454e1, &(0x7f00000002c0)=r2) getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000140)=@assoc_value, &(0x7f0000000180)=0x8) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={"76657400000000000000000400", 0x43732e5398416f1a}) socket$l2tp(0x18, 0x1, 0x1) removexattr(&(0x7f00000001c0)='./file0\x00', &(0x7f0000000240)=@known='system.sockprotoname\x00') 14:32:32 executing program 0: r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1, 0x0) write$P9_RLOCK(r1, &(0x7f00000000c0)={0x8}, 0x8) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000740)=ANY=[@ANYBLOB="00000000c3000000060000000080"]) [ 993.664258] audit: type=1326 audit(1539268352.244:225): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=9098 comm="syz-executor5" exe="/root/syz-executor5" sig=9 arch=c000003e syscall=228 compat=0 ip=0x45a37a code=0x0 14:32:32 executing program 3: r0 = socket$inet6(0xa, 0x3, 0x6) r1 = syz_open_procfs(0x0, &(0x7f0000000040)='net/raw6\x00') ioctl$RTC_RD_TIME(r1, 0x80247009, &(0x7f0000000000)) sendfile(r0, r1, &(0x7f00000000c0)=0x14b, 0x401) 14:32:32 executing program 2: write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000180)={0x20, 0xffffffffffffffda}, 0x20) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f00000000c0)={'\x00', 0x400}) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000140)={'bcsh0\x00', 0x22}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000200)={0x94, &(0x7f0000000140)}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={"76657400000000000000000400", 0x43732e5398416f1a}) 14:32:32 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={&(0x7f0000000000), 0xc, &(0x7f0000000540)={&(0x7f00000003c0)=@newlink={0x28, 0x10, 0x705, 0x0, 0x7a00000000000000, {}, [@IFLA_OPERSTATE={0x8}]}, 0x28}}, 0x0) 14:32:32 executing program 3: r0 = openat$selinux_avc_hash_stats(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/avc/hash_stats\x00', 0x0, 0x0) syz_open_pts(r0, 0x200) r1 = socket$inet6(0xa, 0x3, 0x6) r2 = syz_open_procfs(0x0, &(0x7f0000000080)="6e65622e0400775af138bc487d3600") sendfile(r1, r2, &(0x7f00000000c0)=0x14b, 0x401) openat$dsp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp\x00', 0x20bc458276b1a84a, 0x0) 14:32:32 executing program 0: r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1, 0x0) write$P9_RLOCK(r1, &(0x7f00000000c0)={0x8}, 0x8) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000740)=ANY=[@ANYBLOB="0000f70000000000060000000080"]) 14:32:33 executing program 5: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) prctl$seccomp(0x16, 0x1, &(0x7f0000000040)={0x1000000000000000}) 14:32:33 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={&(0x7f0000000000), 0xc, &(0x7f0000000540)={&(0x7f00000003c0)=@newlink={0x28, 0x10, 0x705, 0x0, 0xf0ffffff00000000, {}, [@IFLA_OPERSTATE={0x8}]}, 0x28}}, 0x0) 14:32:33 executing program 2: write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000180)={0x20, 0xffffffffffffffda}, 0x20) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000200)={0x94, &(0x7f0000000140)}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000)='/dev/net/tun\x00', 0x1ffffffffffffffd, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000001c0)={"7665ff00000b0080040000000200", 0x43732e5398416f18}) r2 = getpgrp(0x0) ptrace$setsig(0x4203, r2, 0x3, &(0x7f0000000140)={0x9, 0x3a15, 0xad, 0x40000000000}) 14:32:33 executing program 1: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f00000000c0)={'\x00', 0x400}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000200)={0x94, &(0x7f0000000140)}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000140)=@assoc_value, &(0x7f0000000180)=0x8) remap_file_pages(&(0x7f0000ff9000/0x7000)=nil, 0x7000, 0x8, 0x2, 0x8000) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={"76657400000000000000000400", 0x43732e5398416f1a}) r2 = openat$selinux_mls(0xffffffffffffff9c, &(0x7f00000001c0)='/selinux/mls\x00', 0x0, 0x0) ioctl$EVIOCSKEYCODE_V2(r2, 0x40284504, &(0x7f0000000240)={0x6, 0xb, 0xdea2, 0x7, "21db56d16127d9eb19c617b809084f0b052931880ba6398447f5f947b576bae6"}) 14:32:33 executing program 3: r0 = socket$inet6(0xa, 0x3, 0x6) r1 = syz_open_procfs(0x0, &(0x7f0000000040)='net/raw6\x00') sendfile(r0, r1, &(0x7f00000000c0)=0x14b, 0x401) socket$inet6(0xa, 0x3, 0x100000000) 14:32:33 executing program 0: r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1, 0x0) write$P9_RLOCK(r1, &(0x7f00000000c0)={0x8}, 0x8) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000740)=ANY=[@ANYBLOB="0001590000000000060000000080"]) [ 994.497496] audit: type=1326 audit(1539268353.074:226): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=9139 comm="syz-executor5" exe="/root/syz-executor5" sig=9 arch=c000003e syscall=228 compat=0 ip=0x45a37a code=0x0 14:32:33 executing program 2: write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000180)={0x20, 0xffffffffffffffda}, 0x20) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f0000000280)={'\x00', 0x400}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000200)={0x94, &(0x7f0000000140)}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={"76657400000000000000000400", 0x43732e5398416f1a}) 14:32:33 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={&(0x7f0000000000), 0xc, &(0x7f0000000540)={&(0x7f00000003c0)=@newlink={0x28, 0x10, 0x705, 0x0, 0x600000000000000, {}, [@IFLA_OPERSTATE={0x8}]}, 0x28}}, 0x0) 14:32:33 executing program 0: r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1, 0x0) write$P9_RLOCK(r1, &(0x7f00000000c0)={0x8}, 0x8) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000740)=ANY=[@ANYBLOB="0001a00000000000060000000080"]) 14:32:33 executing program 3: r0 = socket$inet6(0xa, 0x3, 0x6) r1 = syz_open_procfs(0x0, &(0x7f0000000040)='net/raw6\x00') connect$netlink(r1, &(0x7f0000000000)=@unspec, 0xc) getpeername$packet(r1, &(0x7f0000000180)={0x11, 0x0, 0x0}, &(0x7f00000001c0)=0x14) setsockopt$RDS_GET_MR_FOR_DEST(r1, 0x114, 0x7, &(0x7f00000002c0)={@hci={0x1f, r2, 0x3}, {&(0x7f0000000200)=""/85, 0x55}, &(0x7f0000000280)}, 0xa0) sendfile(r0, r1, &(0x7f00000000c0)=0x14b, 0x401) 14:32:33 executing program 0: r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1, 0x0) write$P9_RLOCK(r1, &(0x7f00000000c0)={0x8}, 0x8) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000740)=ANY=[@ANYBLOB="0059000000000000060000000080"]) 14:32:33 executing program 3: r0 = socket$inet6(0xa, 0x3, 0x6) r1 = syz_open_procfs(0x0, &(0x7f00000002c0)='net/fib_trie\x00') getsockopt$inet6_IPV6_IPSEC_POLICY(r1, 0x29, 0x22, &(0x7f0000000100)={{{@in=@multicast1, @in=@local}}, {{@in6=@mcast2}, 0x0, @in6=@local}}, &(0x7f0000000000)=0xe8) sendfile(r0, r1, &(0x7f00000000c0)=0x14b, 0x401) 14:32:33 executing program 5: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) prctl$seccomp(0x16, 0x1, &(0x7f0000000040)={0x4800}) 14:32:33 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={&(0x7f0000000000), 0xc, &(0x7f0000000540)={&(0x7f00000003c0)=@newlink={0x28, 0x10, 0x705, 0x0, 0x700000000000000, {}, [@IFLA_OPERSTATE={0x8}]}, 0x28}}, 0x0) 14:32:33 executing program 2: write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000180)={0x20, 0xffffffffffffffda}, 0x20) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000040)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) ioctl$TUNSETQUEUE(0xffffffffffffffff, 0x400454d9, &(0x7f00000000c0)={'\x00', 0x400}) ioctl$TUNATTACHFILTER(0xffffffffffffffff, 0x401054d5, &(0x7f0000000200)={0x94, &(0x7f0000000140)}) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={"76657400000000000000000400", 0x43732e5398416f1a}) 14:32:33 executing program 1: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f00000000c0)={'\x00', 0x400}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000200)={0x94, &(0x7f0000000140)}) r1 = request_key(&(0x7f00000001c0)='.dead\x00', &(0x7f0000000240)={'syz', 0x0}, &(0x7f0000000280)='\x00', 0xfffffffffffffffd) keyctl$assume_authority(0x10, r1) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000140)=@assoc_value, &(0x7f0000000180)=0x8) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000000)={"76657400000000000000000400", 0x43732e5398416f1a}) 14:32:33 executing program 3: r0 = socket$inet6(0xa, 0x3, 0x6) syz_open_dev$sndpcmc(&(0x7f0000000000)='/dev/snd/pcmC#D#c\x00', 0xfffffffffffffffb, 0x14000) r1 = syz_open_procfs(0x0, &(0x7f0000000040)="6ee57405023604") sendfile(r0, r1, &(0x7f00000000c0)=0x14b, 0x401) 14:32:33 executing program 0: r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1, 0x0) write$P9_RLOCK(r1, &(0x7f00000000c0)={0x8}, 0x8) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000740)=ANY=[@ANYBLOB="004e010000000000060000000080"]) 14:32:33 executing program 3: r0 = socket$inet6(0xa, 0x3, 0x6) r1 = openat$selinux_mls(0xffffffffffffff9c, &(0x7f0000000080)='/selinux/mls\x00', 0x0, 0x0) statx(r1, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, &(0x7f0000000140)) r2 = syz_open_procfs(0x0, &(0x7f0000000040)='net/raw6\x00') ioctl$EVIOCGVERSION(r2, 0x80044501, &(0x7f0000000000)=""/4) ioctl$KDSETKEYCODE(r1, 0x4b4d, &(0x7f0000000240)={0x6, 0x10001}) sendfile(r0, r0, &(0x7f00000000c0)=0x148, 0x405) [ 995.323587] validate_nla: 14 callbacks suppressed [ 995.323599] netlink: 'syz-executor4': attribute type 16 has an invalid length. [ 995.338178] audit: type=1326 audit(1539268353.924:227): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=9187 comm="syz-executor5" exe="/root/syz-executor5" sig=9 arch=c000003e syscall=228 compat=0 ip=0x45a37a code=0x0 14:32:33 executing program 2: write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000180)={0x20, 0xffffffffffffffda}, 0x20) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000300)='/dev/net/tun\x00', 0x1, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f00000000c0)={'\x00', 0x400}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000200)={0x94, &(0x7f0000000140)}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) r2 = syz_open_dev$sndpcmc(&(0x7f0000000100)='/dev/snd/pcmC#D#c\x00', 0x9, 0x440) r3 = accept$inet6(r2, &(0x7f0000000140)={0xa, 0x0, 0x0, @mcast2}, &(0x7f00000001c0)=0x1c) getsockopt$inet6_dccp_int(r3, 0x21, 0xf, &(0x7f0000000240), &(0x7f0000000280)=0x4) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={"76657400000000000000000400", 0x43732e5398416f1a}) 14:32:34 executing program 1: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f00000000c0)={'\x00', 0x400}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000200)={0x94, &(0x7f0000000140)}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000140)=@assoc_value, &(0x7f0000000180)=0x8) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={"76657400000000000000000400", 0x43732e5398416f1a}) r2 = memfd_create(&(0x7f0000000340)='vmnet1\x00', 0x2) write$selinux_access(r2, &(0x7f0000000380)={'system_u:object_r:systemd_passwd_agent_exec_t:s0', 0x20, '/usr/sbin/ntpd', 0x20, 0x2}, 0x55) r3 = accept4(0xffffffffffffffff, &(0x7f0000000240)=@alg, &(0x7f00000001c0)=0x80, 0x800) setsockopt$IP_VS_SO_SET_DELDEST(r3, 0x0, 0x488, &(0x7f00000002c0)={{0x3e, @remote, 0x4e22, 0x4, 'ovf\x00', 0x2, 0x3ce, 0x41}, {@loopback, 0x4e22, 0x0, 0x3f, 0x3, 0x2}}, 0x44) 14:32:34 executing program 0: r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1, 0x0) write$P9_RLOCK(r1, &(0x7f00000000c0)={0x8}, 0x8) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000740)=ANY=[@ANYBLOB="0000000189000000060000000080"]) [ 995.382379] netlink: 'syz-executor4': attribute type 16 has an invalid length. 14:32:34 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={&(0x7f0000000000), 0xc, &(0x7f0000000540)={&(0x7f00000003c0)=@newlink={0x28, 0x10, 0x705, 0x0, 0x400300, {}, [@IFLA_OPERSTATE={0x8}]}, 0x28}}, 0x0) 14:32:34 executing program 3: r0 = socket$inet6(0xa, 0x4, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000040)='net/raw6\x00') fgetxattr(r0, &(0x7f00000000c0)=@known='com.apple.system.Security\x00', &(0x7f0000000240)=""/180, 0xb4) open(&(0x7f0000000000)='./file0\x00', 0x1, 0x40) bpf$OBJ_PIN_MAP(0x6, &(0x7f0000000140)={&(0x7f0000000080)='./file0\x00', r1}, 0x10) sendfile(r0, r1, &(0x7f0000000200), 0x401) unlink(&(0x7f0000000100)='./file0\x00') [ 995.530529] netlink: 'syz-executor4': attribute type 16 has an invalid length. [ 995.571219] netlink: 'syz-executor4': attribute type 16 has an invalid length. 14:32:34 executing program 5: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) prctl$seccomp(0x16, 0x1, &(0x7f0000000040)={0xe4000000}) 14:32:34 executing program 2: write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000180)={0x20, 0xffffffffffffffda}, 0x20) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f00000000c0)={'\x00', 0x400}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000200)={0x94, &(0x7f0000000140)}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={"76657400000000000000000400", 0x43732e5398416f1a}) r2 = syz_open_dev$sndpcmc(&(0x7f0000000140)='/dev/snd/pcmC#D#c\x00', 0xbefc, 0x2000) getsockopt$inet_sctp_SCTP_MAX_BURST(r1, 0x84, 0x14, &(0x7f00000001c0)=@assoc_value={0x0}, &(0x7f0000000240)=0x8) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r2, 0x84, 0x7c, &(0x7f0000000280)={r3, 0x7fffffff, 0xe3}, 0x8) 14:32:34 executing program 0: r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1, 0x0) write$P9_RLOCK(r1, &(0x7f00000000c0)={0x8}, 0x8) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000740)=ANY=[@ANYBLOB="0001ad0000000000060000000080"]) 14:32:34 executing program 1: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f0000000440)={'\x00', 0x604}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000200)={0x94, &(0x7f0000000140)}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) r2 = syz_open_dev$usb(&(0x7f00000001c0)='/dev/bus/usb/00#/00#\x00', 0x1f, 0x8000) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x18, 0xfa00, {0x2, &(0x7f0000000240)={0xffffffffffffffff}, 0x13f, 0xf}}, 0x20) write$RDMA_USER_CM_CMD_ACCEPT(r2, &(0x7f00000002c0)={0x8, 0x120, 0xfa00, {0x1, {0x3, 0x2, "c1988a7fd2afe316ec999710fadc5cf81fb1311aba4ffcba32c36690210a7e9befe7d514f0c1facb92fc70fa4477e59c23024b2924a6d3617f7bb4343e24e6980be383c3f59519418a9c4f793c32ba0d41123e14d32fced157e58a4fba8267f8936551b56c7573b5026dc4b91b956a77dbebff36c6f9bc3cfdd74f46698666802c3497d0d669681bb29448ed94d0c6ba196c4d1cf3a851edb717d221a0da2960a1103f8e558b2019313a1fbf4199df8cd0cc08950cc032e4d94c5b6df99bd818ee8d8e85a54458937edf1556dd13a4a0983060a5403dcee1efe5fa833fd6002b2b54f2a9e6f4c3f6734662be73290e16b0d798d29d34c4ea1c6269f635b28382", 0x10, 0x8, 0x5, 0x65, 0x7, 0x7, 0x20, 0x1}, r3}}, 0x128) getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000140)=@assoc_value, &(0x7f0000000180)=0x8) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={"76657400000000000000000400", 0x43732e5398416f1a}) 14:32:34 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={&(0x7f0000000000), 0xc, &(0x7f0000000540)={&(0x7f00000003c0)=@newlink={0x28, 0x10, 0x705, 0x0, 0xf0ffffff, {}, [@IFLA_OPERSTATE={0x8}]}, 0x28}}, 0x0) 14:32:34 executing program 3: r0 = socket$inet6(0xa, 0x3, 0x6) r1 = syz_open_procfs(0x0, &(0x7f0000000040)='net/raw6\x00') ioctl$TIOCSBRK(r1, 0x5427) sendfile(r0, r1, &(0x7f00000000c0)=0x14b, 0x401) 14:32:34 executing program 3: r0 = socket$inet6(0xa, 0x4, 0x301f) r1 = syz_open_procfs(0x0, &(0x7f0000000040)='net/raw6\x00') r2 = creat(&(0x7f0000000100)='./file0\x00', 0x2) ioctl$sock_inet6_tcp_SIOCINQ(r1, 0x541b, &(0x7f0000000080)) getsockname$packet(r2, &(0x7f0000000140)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000180)=0x14) connect$can_bcm(r2, &(0x7f00000001c0)={0x1d, r3}, 0x10) sendfile(r0, r1, &(0x7f00000000c0)=0x14b, 0x401) setsockopt$bt_BT_POWER(r1, 0x112, 0x9, &(0x7f0000000000)=0x8, 0x1) [ 996.160937] audit: type=1326 audit(1539268354.744:228): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=9237 comm="syz-executor5" exe="/root/syz-executor5" sig=9 arch=c000003e syscall=228 compat=0 ip=0x45a37a code=0x0 [ 996.196017] netlink: 'syz-executor4': attribute type 16 has an invalid length. 14:32:34 executing program 0: r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1, 0x0) write$P9_RLOCK(r1, &(0x7f00000000c0)={0x8}, 0x8) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000740)=ANY=[@ANYBLOB="0001360000000000060000000080"]) 14:32:34 executing program 2: r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000280)='/dev/snapshot\x00', 0x200, 0x0) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f00000002c0)={0x4, @time={0x0, 0x1c9c380}, 0xfffffffffffffffd, {0x340, 0xc37}, 0x4, 0x2, 0x9}) write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000180)={0x20, 0xffffffffffffffda}, 0x20) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) setxattr$security_ima(&(0x7f0000000140)='./file0\x00', &(0x7f00000001c0)='security.ima\x00', &(0x7f0000000240)=@sha1={0x1, "8d6ad4847481881a1e49d4fe82661a132de9e088"}, 0x15, 0x1) ioctl$TUNSETQUEUE(r1, 0x400454d9, &(0x7f00000000c0)={'\x00', 0x400}) ioctl$TUNATTACHFILTER(r1, 0x401054d5, &(0x7f0000000200)={0x94, &(0x7f0000000140)}) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000000)={"76657400000000000000000400", 0x43732e5398416f1a}) [ 996.223766] netlink: 'syz-executor4': attribute type 16 has an invalid length. 14:32:34 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={&(0x7f0000000000), 0xc, &(0x7f0000000540)={&(0x7f00000003c0)=@newlink={0x28, 0x10, 0x705, 0x0, 0x4000000, {}, [@IFLA_OPERSTATE={0x8}]}, 0x28}}, 0x0) 14:32:34 executing program 3: r0 = socket$inet6(0xa, 0x3, 0x6) r1 = syz_open_procfs(0x0, &(0x7f0000000040)='net/raw6\x00') sendfile(r0, r1, &(0x7f00000000c0)=0x14b, 0x401) 14:32:34 executing program 1: r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='net/fib_triestat\x00') setsockopt$inet_sctp_SCTP_NODELAY(r0, 0x84, 0x3, &(0x7f0000000140)=0x10001, 0x4) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) getsockopt(r0, 0x240000000000000, 0xe7ce, &(0x7f0000000240)=""/136, &(0x7f0000000180)=0x88) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) ioctl$TUNSETQUEUE(r1, 0x400454d9, &(0x7f00000000c0)={'\x00', 0x400}) ioctl$TUNATTACHFILTER(r1, 0x401054d5, &(0x7f0000000200)={0x94, &(0x7f0000000140)}) r2 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/net/tun\x00', 0x4, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000000)={"76657400000000000000000400", 0x43732e5398416f1a}) [ 996.348607] netlink: 'syz-executor4': attribute type 16 has an invalid length. [ 996.376930] netlink: 'syz-executor4': attribute type 16 has an invalid length. 14:32:35 executing program 5: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) prctl$seccomp(0x16, 0x1, &(0x7f0000000040)={0x4000}) 14:32:35 executing program 0: r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1, 0x0) write$P9_RLOCK(r1, &(0x7f00000000c0)={0x8}, 0x8) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000740)=ANY=[@ANYBLOB="0000510000000000060000000080"]) 14:32:35 executing program 3: r0 = socket$inet6(0xa, 0x3, 0x6) r1 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/policy\x00', 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f00000001c0)={'vcan0\x00', 0x0}) sendto$packet(r1, &(0x7f0000000080)="a819cd671c5b7c", 0x7, 0x800, &(0x7f0000000200)={0x11, 0xd, r2, 0x1, 0x9, 0x6, @remote}, 0x14) r3 = syz_open_procfs(0x0, &(0x7f0000000040)='net/raw6\x00') sendfile(r0, r3, &(0x7f00000000c0)=0x14b, 0x401) 14:32:35 executing program 2: write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000180)={0x20, 0xffffffffffffffda}, 0x20) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000140)={'tunl0\x00', 0x8000}) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f00000000c0)={'\x00', 0x400}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000200)={0x94, &(0x7f0000000140)}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={"76657400000000000000000400", 0x43732e5398416f1a}) 14:32:35 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={&(0x7f0000000000), 0xc, &(0x7f0000000540)={&(0x7f00000003c0)=@newlink={0x28, 0x10, 0x705, 0x0, 0x2000000000000000, {}, [@IFLA_OPERSTATE={0x8}]}, 0x28}}, 0x0) 14:32:35 executing program 1: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) openat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0, 0x2) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f00000000c0)={'\x00', 0x400}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000200)={0x94, &(0x7f0000000140)}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) r2 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000001c0)='cpuacct.usage_percpu_sys\x00', 0x0, 0x0) getsockopt$inet_sctp_SCTP_MAX_BURST(r2, 0x84, 0x14, &(0x7f0000000140)=@assoc_value, &(0x7f0000000240)=0x8) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={"76657400000000000000000400", 0x43732e5398416f1a}) [ 996.989822] audit: type=1326 audit(1539268355.574:229): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=9283 comm="syz-executor5" exe="/root/syz-executor5" sig=9 arch=c000003e syscall=228 compat=0 ip=0x45a37a code=0x0 [ 997.017483] netlink: 'syz-executor4': attribute type 16 has an invalid length. 14:32:35 executing program 2: write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000180)={0x20, 0xffffffffffffffda}, 0x20) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f00000000c0)={'\x00', 0x400}) r1 = memfd_create(&(0x7f0000000140)="766574000000000000000000bd6800", 0x4) getsockopt$inet_sctp_SCTP_RECONFIG_SUPPORTED(0xffffffffffffff9c, 0x84, 0x75, &(0x7f00000001c0)={0x0, 0x4}, &(0x7f0000000240)=0x8) getsockopt$inet_sctp_SCTP_RTOINFO(r1, 0x84, 0x0, &(0x7f0000000280)={r2, 0xdc, 0x4, 0x39f}, &(0x7f00000002c0)=0x10) r3 = msgget(0x1, 0x8) msgrcv(r3, &(0x7f0000000300)={0x0, ""/217}, 0xe1, 0x0, 0x2000) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000200)={0x94, &(0x7f0000000140)}) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000000)={"76657400000000000000000400", 0x43732e5398416f1a}) 14:32:35 executing program 0: r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1, 0x0) write$P9_RLOCK(r1, &(0x7f00000000c0)={0x8}, 0x8) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000740)=ANY=[@ANYBLOB="00ce010000000000060000000080"]) 14:32:35 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={&(0x7f0000000000), 0xc, &(0x7f0000000540)={&(0x7f00000003c0)=@newlink={0x28, 0x10, 0x705, 0x0, 0x5, {}, [@IFLA_OPERSTATE={0x8}]}, 0x28}}, 0x0) [ 997.041731] netlink: 'syz-executor4': attribute type 16 has an invalid length. 14:32:35 executing program 3: socket$inet6_tcp(0xa, 0x1, 0x0) r0 = socket$inet6(0xa, 0x3, 0x6) r1 = syz_open_procfs(0x0, &(0x7f0000000040)='net/raw6\x00') sendfile(r0, r1, &(0x7f00000000c0)=0x14b, 0x401) 14:32:35 executing program 1: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$KDGETKEYCODE(r1, 0x4b4c, &(0x7f0000000480)={0x6, 0x1}) setsockopt$inet_sctp_SCTP_I_WANT_MAPPED_V4_ADDR(r1, 0x84, 0xc, &(0x7f00000004c0)=0x8, 0x4) bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000500)={0x0, r1, 0xb}, 0x14) ioctl$TUNSETLINK(r0, 0x400454cd, 0x336) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f00000000c0)={'\x00', 0x400}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000200)={0x94, &(0x7f0000000140)}) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000140)=@assoc_value, &(0x7f0000000180)=0x8) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000000)={"76657400000000000000000400", 0x43732e5398416f1a}) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000240)={0x4b, 0xeed, 0x2, 0x6, 0x9, [{0x6, 0x5, 0x3, 0x0, 0x0, 0x288}, {0x7, 0x2, 0xdd, 0x0, 0x0, 0x1000}, {0xf526, 0x8, 0x6, 0x0, 0x0, 0x4}, {0x1, 0x3ff, 0x80, 0x0, 0x0, 0x102}, {0xe002, 0x10001, 0xfffffffffffffffe, 0x0, 0x0, 0x100}, {0x6, 0x3ff, 0x1, 0x0, 0x0, 0x80}, {0x80000001, 0xec, 0x6, 0x0, 0x0, 0x400}, {0x0, 0x9, 0xa77, 0x0, 0x0, 0x801}, {0x80000001, 0x5, 0x7, 0x0, 0x0, 0x1000}]}) ioctl$EXT4_IOC_ALLOC_DA_BLKS(r2, 0x660c) 14:32:35 executing program 0: r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1, 0x0) write$P9_RLOCK(r1, &(0x7f00000000c0)={0x8}, 0x8) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000740)=ANY=[@ANYBLOB="00000000b8000000060000000080"]) 14:32:36 executing program 5: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) prctl$seccomp(0x16, 0x1, &(0x7f0000000040)={0x8004}) 14:32:36 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={&(0x7f0000000000), 0xc, &(0x7f0000000540)={&(0x7f00000003c0)=@newlink={0x28, 0x10, 0x705, 0x0, 0x7400000000000000, {}, [@IFLA_OPERSTATE={0x8}]}, 0x28}}, 0x0) 14:32:36 executing program 3: r0 = socket$inet6(0xa, 0x3, 0x6) r1 = syz_open_procfs(0x0, &(0x7f0000000040)='net/raw6\x00') sendfile(r0, r0, &(0x7f00000000c0)=0x147, 0x7) poll(&(0x7f0000000000)=[{r1, 0x2}, {r0, 0x8000}, {r0, 0x1000}, {r0}, {r1, 0x108}, {r0}], 0x6, 0xfffffffffffffff7) getsockopt$IP_VS_SO_GET_TIMEOUT(r1, 0x0, 0x486, &(0x7f0000000080), &(0x7f0000000100)=0xc) 14:32:36 executing program 0: r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1, 0x0) write$P9_RLOCK(r1, &(0x7f00000000c0)={0x8}, 0x8) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000740)=ANY=[@ANYBLOB="0000000162000000060000000080"]) 14:32:36 executing program 1: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) openat$rfkill(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/rfkill\x00', 0x8000, 0x0) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f00000000c0)={'\x00', 0x400}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000200)={0x94, &(0x7f0000000140)}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000140)=@assoc_value, &(0x7f0000000180)=0x8) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000280)={"626f6e64300000f50c4bf54f00", 0x4000}) ioctl$TUNSETOFFLOAD(r0, 0x400454d0, 0x2) fcntl$getown(r1, 0x9) 14:32:36 executing program 0: r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1, 0x0) write$P9_RLOCK(r1, &(0x7f00000000c0)={0x8}, 0x8) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000740)=ANY=[@ANYBLOB="00000000cb000000060000000080"]) [ 997.843345] audit: type=1326 audit(1539268356.424:230): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=9334 comm="syz-executor5" exe="/root/syz-executor5" sig=9 arch=c000003e syscall=228 compat=0 ip=0x45a37a code=0x0 14:32:36 executing program 2: write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000180)={0x20, 0xffffffffffffffda}, 0x20) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) r1 = dup2(r0, r0) getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(r1, 0x6, 0x23, &(0x7f00000000c0)={&(0x7f0000ffe000/0x1000)=nil, 0x1000}, &(0x7f00000001c0)=0x10) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f0000000140)={'\x00', 0x400}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000200)={0x94, &(0x7f0000000140)}) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000000)={"76657400000000000000000400", 0x43732e5398416f1a}) 14:32:36 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={&(0x7f0000000000), 0xc, &(0x7f0000000540)={&(0x7f00000003c0)=@newlink={0x28, 0x10, 0x705, 0x0, 0x2000000, {}, [@IFLA_OPERSTATE={0x8}]}, 0x28}}, 0x0) 14:32:36 executing program 3: r0 = socket$inet6(0xa, 0x3, 0x6) r1 = gettid() r2 = syz_open_procfs(r1, &(0x7f0000000180)='task\x00') sendfile(r0, r2, &(0x7f00000000c0)=0x14b, 0x401) 14:32:36 executing program 1: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f00000000c0)={'\x00', 0x400}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000200)={0x94, &(0x7f0000000140)}) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000500)='/dev/rfkill\x00', 0x100, 0x0) connect$pppoe(r1, &(0x7f0000000540)={0x18, 0x0, {0x4, @random="6729e3fc781c", 'bcsf0\x00'}}, 0x1e) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240)='/dev/net/tun\x00', 0x2000000, 0x0) getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000140)=@assoc_value={0x0}, &(0x7f0000000180)=0x8) r4 = dup(r2) setsockopt$bt_hci_HCI_TIME_STAMP(r4, 0x0, 0x3, &(0x7f0000000080)=0x100000001, 0x4) setsockopt$inet_sctp6_SCTP_RTOINFO(r4, 0x84, 0x0, &(0x7f00000001c0)={r3, 0x75067910, 0x11f1, 0x6}, 0x10) write$tun(r0, &(0x7f0000000280)={@val={0x0, 0x88f5}, @void, @ipv6={0x6, 0x6, "f44761", 0x23f, 0xff, 0x6, @empty, @dev={0xfe, 0x80, [], 0x21}, {[@hopopts={0x62, 0x24, [], [@generic={0x3, 0xb8, "2c447527528687b2fc7b6176dd902dedc54215219db00704a89aa75bfd422dfed7e411e4215cb65fd38f0c82eac2c8d38ded26ace297a92254d71145dcdfec07b282c4b9cc151d7ab8c387eb8ccfd527d3477328a01e3f5688a42a60db66fe443265b22799ab3bfd505c1527fffe3436b86bda7ef1161976641a3d7dfe45bf88bbd55088b9ac51e3b4bce625be6df35ca9ab88b022e4da2e68e53a79f48d1005cc255b2679f1e7e232719dba6220facb8d2c475abccd61c1"}, @hao={0xc9, 0x10, @local}, @enc_lim={0x4, 0x1, 0x809d}, @jumbo={0xc2, 0x4, 0x2}, @jumbo={0xc2, 0x4, 0x100000000}, @calipso={0x7, 0x48, {0x1, 0x10, 0xfffffffffffffffb, 0xfffffffffffffffb, [0x4, 0x9, 0xffffffff, 0x40, 0x7, 0x7000000000, 0x5, 0x4be4]}}]}], @dccp={{0x4e22, 0x4e24, 0x4, 0x1, 0xffffffff, 0x0, 0x0, 0xa, 0x1, "de69df", 0x10001, "684c95"}, "0f36a14445fc0de669cfabec5b2723e9bfef9a2d63fa07da818f1c5375d0d76978371d665f67da42fc90bd2d4dcba04a1c628d4551fa652dddbddc2f77c23e42c17422b4b91cc4476395db94c555a69a6d179612e8f9acd83f8255768f56e98bbfa3a9f73e9579ca352637f7345eb78dd738106693bc328f2509c3c8c3ecfb01440209aeec93d3760a4487f63d4dabc55aceca51ca883637f7b5104fca460676c7d37cf637131b198f26ae4056d0477b27172937b416b6ef33c452356e9ad6e3b16aaf833abd0b63f8e84442dc771b08d94feec4b8e89f0846ee4124ae566b48a12566b8894b64fbcd7fd5e2365b223ba7d66bd7280edcdacb21a94f2e3938"}}}}, 0x26b) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000000)={"76657400000000000000000400", 0x43732e5398416f1a}) 14:32:36 executing program 0: r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1, 0x0) write$P9_RLOCK(r1, &(0x7f00000000c0)={0x8}, 0x8) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000740)=ANY=[@ANYBLOB="0001240000000000060000000080"]) 14:32:36 executing program 3: r0 = socket$inet6(0xa, 0x3, 0x6) r1 = syz_open_procfs(0x0, &(0x7f0000000040)='net/raw6\x00') openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz1\x00', 0x200002, 0x0) sendfile(r0, r1, &(0x7f00000000c0)=0x14b, 0x401) 14:32:37 executing program 5: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) prctl$seccomp(0x16, 0x1, &(0x7f0000000040)={0x10}) 14:32:37 executing program 0: r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1, 0x0) write$P9_RLOCK(r1, &(0x7f00000000c0)={0x8}, 0x8) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000740)=ANY=[@ANYBLOB="0000870000000000060000000080"]) 14:32:37 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={&(0x7f0000000000), 0xc, &(0x7f0000000540)={&(0x7f00000003c0)=@newlink={0x28, 0x10, 0x705, 0x0, 0x60000000, {}, [@IFLA_OPERSTATE={0x8}]}, 0x28}}, 0x0) 14:32:37 executing program 2: write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000180)={0x20, 0xffffffffffffffda}, 0x20) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) socket$netlink(0x10, 0x3, 0xc) exit_group(0x81) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f00000000c0)={'\x00', 0x400}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000200)={0x94, &(0x7f0000000140)}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={"76657400000000000000000400", 0x43732e5398416f1a}) 14:32:37 executing program 3: r0 = socket$inet6(0xa, 0x3, 0x6) r1 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000080)='/dev/autofs\x00', 0x2000, 0x0) r2 = syz_genetlink_get_family_id$nbd(&(0x7f0000000140)='nbd\x00') sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x38, r2, 0x800, 0x70bd27, 0x25dfdbfd, {}, [@NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x3}, @NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x7}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x28}]}, 0x38}, 0x1, 0x0, 0x0, 0x20000000}, 0x20000084) r3 = syz_open_procfs(0x0, &(0x7f0000000040)='net/raw6\x00') ioctl$IOC_PR_RESERVE(r3, 0x401070c9, &(0x7f0000000000)={0x3, 0x8001}) sendfile(r0, r3, &(0x7f00000000c0)=0x14b, 0x401) 14:32:37 executing program 1: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) r1 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000280)='/selinux/policy\x00', 0x0, 0x0) ioctl$KDGKBDIACR(r1, 0x4b4a, &(0x7f0000000480)=""/161) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f00000000c0)={'\x00', 0x400}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000200)={0x94, &(0x7f0000000140)}) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000140)=@assoc_value, &(0x7f0000000180)=0x8) getsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000380), 0x10) r3 = openat$vcs(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/vcs\x00', 0x400000, 0x0) ioctl$VHOST_GET_VRING_ENDIAN(r3, 0x4008af14, &(0x7f0000000240)={0x2, 0x800}) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000000)={"76657400000000000000000400", 0x43732e5398416f1d}) [ 998.660658] audit: type=1326 audit(1539268357.244:231): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=9374 comm="syz-executor5" exe="/root/syz-executor5" sig=9 arch=c000003e syscall=228 compat=0 ip=0x45a37a code=0x0 14:32:37 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={&(0x7f0000000000), 0xc, &(0x7f0000000540)={&(0x7f00000003c0)=@newlink={0x28, 0x10, 0x705, 0x0, 0x2000, {}, [@IFLA_OPERSTATE={0x8}]}, 0x28}}, 0x0) 14:32:37 executing program 2: write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000180)={0x20, 0xffffffffffffffda}, 0x20) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f00000000c0)={'\x00', 0x400}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000200)={0x94, &(0x7f0000000140)}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140)='/dev/net/tun\x00', 0x800000000, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={"76657400000000000000000400", 0x43732e5398416f1a}) 14:32:37 executing program 3: r0 = syz_open_dev$audion(&(0x7f0000000080)='/dev/audio#\x00', 0x9, 0x100) setsockopt$bt_hci_HCI_TIME_STAMP(r0, 0x0, 0x3, &(0x7f0000000100), 0x4) r1 = socket$inet6(0xa, 0x40000000000a, 0x8) r2 = syz_open_procfs(0x0, &(0x7f0000000040)='net/raw6\x00') setsockopt$inet_sctp_SCTP_RECVNXTINFO(r2, 0x84, 0x21, &(0x7f0000000000)=0x80000000, 0x4) sendfile(r1, r2, &(0x7f00000000c0)=0x14b, 0x401) 14:32:37 executing program 0: r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1, 0x0) write$P9_RLOCK(r1, &(0x7f00000000c0)={0x8}, 0x8) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000740)=ANY=[@ANYBLOB="0000170000000000060000000080"]) 14:32:37 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={&(0x7f0000000000), 0xc, &(0x7f0000000540)={&(0x7f00000003c0)=@newlink={0x28, 0x10, 0x705, 0x0, 0x700, {}, [@IFLA_OPERSTATE={0x8}]}, 0x28}}, 0x0) 14:32:37 executing program 1: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) r1 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000280)='/dev/dsp\x00', 0x0, 0x0) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f00000002c0)="88db6acc36ef047369237d287ee83600f4be8f947bcfc5d48b2ce34f92da90a8d715f6c3d229fdf6de7df7dcca9479d9c5b9078d50acbeab4a9c0fa5efdea55d924704954263dbd05373a2107a92cb40bfe7543ba741ceb28bf0aed9cd9ec57aac036f0d7789189caaf5e1a997aa32a5715d5cce7aea4882b46dad9c735597a4436ab843288832f7e4e87d40a6685e41510d210967ed62c6bfd9d54cd10009f5eea9c8cca4958732c2ad910518c5fbbd729ca5dd01f5f9bb37acd9470ce94c682b9c7244d9c9f5f27620a22c13df7c4651120cb1e9d6e45bf07e4cd75745aa3228c8b8fca7c2df57801961bc707ee8339aa852d1e11d2dad6e582f75914cb2e77f6b146ff8da55ba081bf4719a4e2a8165de51f9231f7bc417121bbbbdf7b36b262bb5c3f2325c9d0d9c92760bc56ab6b19adebab0cd2a42f9e72be4709e0a831d4caf44dbfc71187a15eed92e25159c12a297cedc48d9a2a3d069da2396ac5b666e27aa0ceebdf5c9b52862ef848ef93eff38dda74e6dca065a781b66a30d2b8db5a0394595f221d2a3316685135ddd93858e669993d0d31d4aa0078c0a632bc126ef586589290a9d2bb0fe5aaedbd51798f9f605dcf05be204ac82936399a4d72af3b88ca96679b8300fd9a8222e4c8788f794ac02acf26a920046b75f6cde7addaac19d973e7ac2eedec8585ccff43362218da671a65772ba8bb7f28c40cc702b138ecb8d1f384370690adb90a8a36d691dba7a2a60db2fd134cc13600f203ba1f7507406d9dcaa8f038523f38fbef7d507d6582c50e8b97712ab3161a235d90bb9bda59cc760bcb45bb34ef4889a03c6efe3ff28edf6fa03b5902b70089e787d6fcdbee0bc42c621f9e8c35996a019f602a279d1c34821ac04ba3d802c650e34c20b06a4444b47fe3742b0e07dd2e49543f1e503413dbee14921442b70f025971bd0c974642447bf5b1b9a574b23131562979a333bb4fb4b047d9c202888d886a571801e799b50c4ad432cc6090a0134f86da3d42b1be766cd822e3fc772b640cc1f1ddefa91dae8d2a7ae16a1beec9ce711af005efe53973ab0c96252be9efb2ec5222da4690504bfa47ced49b26815091484c54957e41db776f328f8d33fdfadf684701dd6fcd1fe47ab90a760324852e1265862ca5af7665bcacd25b886afd2af993883d1021a34822a19953ddd2bdc9bdad24a35b9ec2aec0000dc07051836e7bd55e2f512ef7550de56f26e7cca7693ed39a4d355e2ddb7e076c5bdccceb9f4d5d66ed0e5b4231080a837de00edee73d831e63e3373e2a7e0bb639a1f94d91eed571cbb52acbb77465ac78393bc66f719a21707f4b19a7fb246b2b2913bc06e855729056a23aef4022a19668711644dbfede87ff6c8df14e73af196c0a26d3e0396f6fdbe19cc53958c1d5af744a665b3eeb217dc7aef5fb2124262e5dcf44c9bd80afb290495955ea537695697f234a21388876db1865307169120dd5bce95beea3f0287f3f660982274805c37745af931628869fd18b5a7186e213edc09f07865d324b839c0beb79ac2591aa83d78213f8ff68b8ed2260f6ae60569f1b9a728fa0a8da622f7057da8a44a7123d2b0121e3011c646bb88b0ee762d0f741aeb99c6154f62596800aa7034bc92d4a5122126bf2848f860557223dd10e9b9aa930f9f92a3f38f27319c695567610e77d947da4e16be083de7e84ff83f00038a24d7d6e5de29ed995dd848e7cba894de3a3f49a04bb16eddec752e90289b4a1c6af204392f7e2d0b90f4640dd62b0393534245d3b5de073a117e067d42f1121570da1712fad7389689b7fd36567847738e80d78c05472e8232b5872d10f0fc0972521baed94b1bf5b31910219354d5c9716ae9052668547625a060942ac028579239f4c33c703ba4c6cc48d75bbe25eeb8f0d66326bbf2e98a210a596055496e5fa6c5a895fa4b324f14591d4e1b72063e6c7251efaa5d99eb2e757ce3291f1a57212ff52de3c58d6719574ea97562564143fb907047c9b433cdd029bb6c64843e4ba5f7c1427c7a8a6f0760bb3bc555856659d54c901d7c273279715b7f97f6342e29d0600534581c3ddabd750a7796775e7caa3ac106a47ad39e06b39a6288b310ae1985ffd57e5e94ac0c901689bdf59bd9426ca361d5ec4b58ff2d6a052281ab5e0025629a7f806b468a10ff57092f13f21f07ab71b748d069afc89138b5f9e5a9dcf628f623845ccfeeb4225549c85f3a9ba4a12b2fdced0aa7e135c214cc0760e7c33f35a80cb1bdba8c6f678e0a80eb0b9fb7609b56d90fabbc37b3728a90fbd28d2b5088482f5973aff8477d10722f4c1646819e3a65a67afaaae907c428ac74d8e3a0be310ea2f6d81a9e79138883b75e2afb7b358087798d867f53cea6161f48a908886ccd8f294364a9dda57edb9b835015a38af5550dcaadf56c7d7f71e77c6f8823f9d0d6c3e27f524808525f3b97a7c1bc080ab408cde924622f3d73cc0d9329064feb085a98883f74aadad0d6617d602bf08172bcf54ac11dcd952e7d36fbca927255a1bf613be1df695bfa75bf2da08167d064868a13897ce106f8d149f545ce9091b735575c6f72f54285f48e6506e298b3edf889fe3fbf3ccc986a19d2adbb2441fbe0d3e4c9165611da16c6cb794726132e00ab9e85d7692293e6e3d84dea525310652403aa41f2611d0019bcad833ed05c6964ac01b9cf2c200898313b35b84b8739ced0745a71ae2dd2dc2d59c55e91a2cdb6017130b2074bc0289acec2477d57e238b2753744a50a3dda3b9393a97626f07e8cd209836b277096cf8264b8e312a4283db333d9f0d06091da0873516f4cbaed0199a96a38478d1e5c3529d660595e7e2f3f65a62acee313d6485cd41f14c4c7fd0c7ec04fd29219def8eb9af8e22ef8bb9f4684266b7a0d5377f2c5ebc6fd3ef932160e932c5b7bf385bcbf428dd99001a901da5eb033924f9abfa22e976bd0b9e52283a35c0bf464e3647744c07d0e13bc345b150f050d7aa799067c41284bd9074ac2b5120079604afab26c9d3fff03a7b5ea5c429b91548f95babc03d8f65cb9a4279c3e14290fdf31df0ebe118bb9f5c9190ac7c5aac3611723c3f3686f91e54062d295f11112d566771b4c2e3d1d8f7cb19e13eb788835259b5629131aeb25ffc83f7798682bc4dbc202ead6e8c60ae27bb2b73db6186ebdca5e5d0d4e1244785c8564a94332983a81f46525d48c7aad32eef0a6b719d76aa95ddae6e4fd830e0cbc4a178c1c5eb52a6449572870dbb1fc9ceb56e22e8282e0ef05acdbee281dc6f50ee7e9967670c29bafa87c91423b696ecec4023db08ec6744a5ac3b464d93f4d2abdc7bc56e9aaab8930f30f2e8ffd547abd89558fd4e6ea01b6c7cf3089c989924500d80d19eea83ca2642cb970a6bc2ad22d19e1b2ca17f32753897f89bbe32e8b90d6231f2672f25a3465cfaee6ad91cd7930f277e5cd064710ca793196b275e197577e85591ea4c64d39a83c523de95bbd8b59fc79a61cf8cdc2f5f99f4584f6c4c5738879abbb4d17c52d1761e640915415ae02ab1f6c4f82e980da0f9cbb4f6ef24e270851982cdec26db6278a5841d79df8f6cc24c21b2646bd2cb57eae184086db1fe8014012985935c7b417fa25531faf082b5054c8e4fa795e1c230c812565933a66f3942ee98f21010d97559fc1f109c8df0f559da9163bac73b1fbec20376686ef1fd2c88a021a0a040d313e940f182b09be70502dff8deedecfe6939c81402accc819f9716616b5b03403a09877cad205b5a57b9c9643c704d217a5c5b3d5a1f458f08329fc8a5ae76b16c1db2a96c64dbddec2131a88535242b986315d956abca54a155accffd447a5b7835c3ef085029a46efa054836af1653d62bb08860c6916e51bfb7577df55e1e0154b535b2e447c84b1aad16955b4a0fa6aa033478e106930f80878b399e4d7616513cf0a71eafbb908bec303cf89bc7c6a53ad0370121853ff39b6c36ecac86a26a175ab777511155afdbd59fd062caf625017fb720a16273c8eeeddf511d460c39a94225d99c301e2412e087e87724199d2592b8bbc45342a2923c36d9a6457b206f8a110e4c905b6c60d1127c74e24be5af3c4428f521698c108b18a8aca26c9c21e042019d274f4e79983ddaabe1ced370fe88d6eb55d210cded1ac35d29719e276419b153eb2b3388dd6c9a81129dd7d31144171d6edd2d242a985a7cc0042dbc1327b54bd5b12e58b56c95edaebb85b6a58df2d3e3daa1c59c529271c376a7c9dba51235c3e38a47bfe32c3836d70ec6f7281a037d6b9177a7f5002456d749a92ab2c5b17b141c382aa4a4c59b9f8bc915563908ec2074166ff560c731839f6ada97d162e1020c22eb062b44fbf2eec14fd2422315f2c202ad5bae346bd0478ff1aa7917665aa260ec9ed91cd24cfb5e8bb2aaf32efdfa5aee52f08e0b31836ca50f7b07e605b71e65078ec497c9738e117891125db9e10fbd4c53ec17378de0afbf093e31afb933a67cead974b4b2e55596a14ad015d84099b9175ff5eddde40d7c89dc4520737478b455d30bfb75149fc30bbe7073db65298dad6d950beed955c1d00e1261bd1603188558e5f9dc41bebff436db7cc79fc4006fe627b842f263d5e94d2bad9415f21c9fc3fc1fc1e513faea914df68352fd5e59eda44489b8235c03f7ff9ead39fcdd193bccc9ed230fc67d2a62d0b0dc257f1f004dc1537ad1757fed77d635bc5d1f1bb4ad6d4427cb91294fc4a0b95390e054494640b81474242a1a7e30afd897f8a5adeb05d37c08e2a11c26e6e22d9a8adc4f332379ebf5aa525693bada3a97e6feb844a07c53a3b630f037e9a1234551b4156701e0de4588d9b2680d85c69f8dbf1ee24c48fd97c0507ba1fa9ea713079a30e5be6e051b3f32e1590438c8c872303b699303709cc930dd2ee7c2bfbb526a9b4e3c5b0f259e1fac19ecd4bc77a5f29fb97aab1b2d7eb70177ae82483eabc527b5821bcc93c04d1b7629e66fddaeac41a4fb29318b4ab14f2f4c6b8130b569c9458a47360ed54ed5cc817f60cf87df7c8b7c17aafc3a7972d51cc2c7d25759e93ffa75f04ab51242db91297648bb5ccdbbc3880908c44963b819abc21eff80df2b45272fccddc6fd235ef87946cd189b205517af4c8e3797760fb847dd982d0c7524bf0e3ece942c20331f0cc23f4077decefc9f422ea34e8707c14a3ff8ae204be41b46fb75191202440c8c297096a01855c330a097bbffb53a0033224dc22aef29cc3a9800e7c6d6446b7b35ec246c7dd10cf9b7b62251df536f171bb8f03b6cfcffb88017d126e2d60627b74a170264b1ca7c87c6b06d55fafc8208cb9209d7475b5aca36bcf8b120e228c5198539ec78677153350b2d315e6a8018e4fea22f82ef36be0516f66fa2c0e435869875c4baaee6f91a83cf5997e6a8ee7cf564786a557d7cdc489be49232c5e057b03fe31c3c34a04eebfdcfa320fd76a8918475fec5fbdef21175015c3f9deebec37cfefd3a3b1ab76f14f3b6a1e5c7a0babcefba1d3b0b408627362349b524f6c3f9c66257bed4abf906fcd11f448be13f9e493239ce04c21c1b24bcc42e595bad4b8d800bd6d824b4edc2bba7ad6c8dc9ecf0d06a4764daa22a205512983bd7fbad30c2a5c52d492d0ebdb8720606123b579ff7ccf2941a1cb60cb99df6fe0a7144ebe950936eb118090084095b897b5f8e0445800ff55189286aebc18c1fb7ea74461034f31b2aa25ef34fd7f5306f4a6ae84a7d82a0961654316a273", 0x1000) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000012c0)={'ip6tnl0\x00'}) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f00000000c0)={'\x00', 0x400}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000200)={0x94, &(0x7f0000000140)}) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000140)=@assoc_value, &(0x7f0000000180)=0x8) r3 = openat$dsp(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/dsp\x00', 0x40080, 0x0) ioctl$BLKPBSZGET(r3, 0x127b, &(0x7f0000000240)) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000000)={"76657400000000000000000400", 0x43732e5398416f1a}) 14:32:38 executing program 5: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) prctl$seccomp(0x16, 0x1, &(0x7f0000000040)={0x500000000000000}) 14:32:38 executing program 2: write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000180)={0x20, 0xffffffffffffffda}, 0x20) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f00000000c0)={'\x00', 0x400}) ioctl$SIOCSIFHWADDR(r0, 0x8924, &(0x7f0000000140)={'ip_vti0\x00', @random="720c3f9144ed"}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000200)={0x94, &(0x7f0000000140)}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={"76657400000000000000000400", 0x43732e5398416f1a}) 14:32:38 executing program 0: r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1, 0x0) write$P9_RLOCK(r1, &(0x7f00000000c0)={0x8}, 0x8) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000740)=ANY=[@ANYBLOB="0032010000000000060000000080"]) 14:32:38 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={&(0x7f0000000000), 0xc, &(0x7f0000000540)={&(0x7f00000003c0)=@newlink={0x28, 0x10, 0x705, 0x0, 0x3, {}, [@IFLA_OPERSTATE={0x8}]}, 0x28}}, 0x0) 14:32:38 executing program 3: r0 = socket$inet6(0xa, 0x3, 0x6) r1 = syz_open_procfs(0x0, &(0x7f0000000040)='net/raw6\x00') sendfile(r0, r1, &(0x7f00000000c0)=0x14b, 0x401) ioctl$DRM_IOCTL_GEM_FLINK(r1, 0xc008640a, &(0x7f0000000000)={0x0}) ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f0000000240)={r2, 0x80000, r1}) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000280)={0x0, 0x0}, &(0x7f00000002c0)=0xc) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000300)={0x0, 0x0, 0x0}, &(0x7f0000000340)=0xc) syz_open_dev$sndctrl(&(0x7f0000000400)='/dev/snd/controlC#\x00', 0x1, 0x1) write$FUSE_ATTR(r1, &(0x7f0000000380)={0x78, 0x0, 0x3, {0x0, 0x4, 0x0, {0x2, 0x0, 0xca, 0x28f0, 0xd7fe, 0x5, 0x7, 0xa, 0xfff, 0x100, 0x0, r3, r4, 0x401, 0x9}}}, 0x78) getsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000000100)={{{@in=@remote, @in=@multicast2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@loopback}, 0x0, @in6=@ipv4={[], [], @loopback}}}, &(0x7f0000000080)=0xe8) openat$vsock(0xffffffffffffff9c, &(0x7f0000000440)='/dev/vsock\x00', 0x802, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000200)={'\x00', r5}) 14:32:38 executing program 1: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f00000000c0)={'\x00', 0x400}) r1 = fcntl$getown(r0, 0x9) sched_setattr(r1, &(0x7f00000001c0)={0x30, 0x0, 0x1, 0x20, 0xf16, 0x7, 0x2, 0x401}, 0x0) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000200)={0x94, &(0x7f0000000140)}) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000140)=@assoc_value, &(0x7f0000000180)=0x8) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000000)={"76657400000000000000000400", 0x43732e5398416f1a}) 14:32:38 executing program 0: r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1, 0x0) write$P9_RLOCK(r1, &(0x7f00000000c0)={0x8}, 0x8) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000740)=ANY=[@ANYBLOB="0021010000000000060000000080"]) 14:32:38 executing program 3: r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/bnep\x00') getsockopt$bt_BT_SNDMTU(r0, 0x112, 0xc, &(0x7f0000000080)=0x3c5, &(0x7f0000000100)=0x2) r1 = socket$inet6(0xa, 0x3, 0x6) r2 = syz_open_procfs(0x0, &(0x7f0000000040)='net/raw6\x00') sendfile(r1, r2, &(0x7f00000000c0)=0x14b, 0x401) [ 999.510850] audit: type=1326 audit(1539268358.094:232): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=9431 comm="syz-executor5" exe="/root/syz-executor5" sig=9 arch=c000003e syscall=228 compat=0 ip=0x45a37a code=0x0 14:32:38 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={&(0x7f0000000000), 0xc, &(0x7f0000000540)={&(0x7f00000003c0)=@newlink={0x28, 0x10, 0x705, 0x0, 0x34000, {}, [@IFLA_OPERSTATE={0x8}]}, 0x28}}, 0x0) 14:32:38 executing program 2: write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000180)={0x20, 0xffffffffffffffda}, 0x20) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x3, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f00000000c0)={'\x00', 0x400}) r1 = accept4$unix(0xffffffffffffff9c, 0x0, &(0x7f0000000240), 0x80800) socketpair$inet6_icmp_raw(0xa, 0x3, 0x3a, &(0x7f0000000280)={0xffffffffffffffff}) connect(r1, &(0x7f00000002c0)=@pppol2tpv3={0x18, 0x1, {0x0, r2, {0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0xa}}, 0x2, 0x1, 0x1, 0x1}}, 0x80) r3 = syz_open_dev$vcsn(&(0x7f0000000140)='/dev/vcs#\x00', 0xc0000, 0x680) ioctl$VHOST_SET_VRING_ENDIAN(r3, 0x4008af13, &(0x7f00000001c0)={0x1, 0xffff}) fchdir(r3) ioctl$TIOCSBRK(r3, 0x5427) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000200)={0x94, &(0x7f0000000140)}) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000000)={"76657400000000000000000400", 0x43732e5398416f1a}) 14:32:38 executing program 1: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f00000000c0)={'\x00', 0x400}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000200)={0x94, &(0x7f0000000140)}) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000001c0)='cpuacct.usage_user\x00', 0x0, 0x0) ioctl$BLKRRPART(r1, 0x125f, 0x0) memfd_create(&(0x7f0000000240)='!{\x00', 0x7) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000140)=@assoc_value, &(0x7f0000000180)=0x8) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000000)={"76657400000000000000000400", 0x43732e5398416f1a}) 14:32:38 executing program 3: sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000100), 0x40001005) setsockopt$packet_int(0xffffffffffffffff, 0x107, 0x8, &(0x7f00000000c0)=0xecbc, 0x4) ioctl$sock_inet_tcp_SIOCATMARK(0xffffffffffffffff, 0x8905, &(0x7f0000000140)) socket$inet_sctp(0x2, 0x203, 0x84) getsockname$inet6(0xffffffffffffffff, &(0x7f0000000180)={0xa, 0x0, 0x0, @mcast2}, &(0x7f00000001c0)=0x278) memfd_create(&(0x7f0000000000)='+\x00', 0x3) 14:32:38 executing program 5: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) prctl$seccomp(0x16, 0x1, &(0x7f0000000040)={0x3f00000000000000}) 14:32:38 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={&(0x7f0000000000), 0xc, &(0x7f0000000540)={&(0x7f00000003c0)=@newlink={0x28, 0x10, 0x705, 0x0, 0xffffff7f, {}, [@IFLA_OPERSTATE={0x8}]}, 0x28}}, 0x0) 14:32:38 executing program 0: r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1, 0x0) write$P9_RLOCK(r1, &(0x7f00000000c0)={0x8}, 0x8) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000740)=ANY=[@ANYBLOB="0000000048000000060000000080"]) 14:32:38 executing program 2: write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000180)={0x20, 0xffffffffffffffda}, 0x10) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) openat$pfkey(0xffffffffffffff9c, &(0x7f0000000080)='/proc/self/net/pfkey\x00', 0x100, 0x0) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f00000000c0)={'\x00', 0x400}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000200)={0x94, &(0x7f0000000140)}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/net/tun\x00', 0x3, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={"76657400000000000000000400", 0x43732e5398416f1a}) 14:32:38 executing program 3: r0 = socket$inet6(0xa, 0x3, 0x6) r1 = syz_open_procfs(0x0, &(0x7f0000000040)='net/raw6\x00') getsockopt$inet_sctp6_SCTP_HMAC_IDENT(r0, 0x84, 0x16, &(0x7f0000000100)=ANY=[@ANYBLOB="aa79a3fd60d714f1a7f61bfe8cd30a567c840be621a1e8cfc9564961d112e1aa5e90a3dfe7d2c94f25d4c5af436bcd8b6de8a011"], &(0x7f0000000080)=0x4) sendfile(r0, r1, &(0x7f00000000c0)=0x14b, 0x401) 14:32:38 executing program 1: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000001c0)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f00000000c0)={'\x00', 0x400}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000200)={0x94, &(0x7f0000000140)}) pipe2(&(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}, 0x800) ioctl$KVM_TPR_ACCESS_REPORTING(r1, 0xc028ae92, &(0x7f0000000480)={0x9, 0xfff}) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, &(0x7f00000003c0)=@assoc_value, &(0x7f0000000180)=0x8) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000000)={"76657400000000000000000400", 0x43732e5398416f1a}) r3 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000280)='/dev/vhci\x00', 0x8000, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffff9c, &(0x7f0000000340)={0x0, 0x18, 0xfa00, {0x1, &(0x7f0000000300)={0xffffffffffffffff}, 0x113, 0x2}}, 0x20) write$RDMA_USER_CM_CMD_DESTROY_ID(r3, &(0x7f0000000380)={0x1, 0x10, 0xfa00, {&(0x7f00000002c0), r4}}, 0x18) linkat(r3, &(0x7f0000000140)='./file0\x00', r3, &(0x7f0000000400)='./file0\x00', 0x1400) ioctl$RNDZAPENTCNT(0xffffffffffffffff, 0x5204, &(0x7f0000000240)=0x9) 14:32:38 executing program 0: r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1, 0x0) write$P9_RLOCK(r1, &(0x7f00000000c0)={0x8}, 0x8) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000740)=ANY=[@ANYBLOB="00000000f6000000060000000080"]) 14:32:38 executing program 3: r0 = socket$inet6(0xa, 0x3, 0x6) r1 = syz_open_procfs(0x0, &(0x7f0000000040)='net/raw6\x00') ioctl$SNDRV_TIMER_IOCTL_TREAD(r1, 0x40045402, &(0x7f0000000180)) sendfile(r0, r1, &(0x7f00000000c0)=0x14b, 0x401) bpf$PROG_LOAD(0x5, &(0x7f0000008000)={0x0, 0x1, &(0x7f0000001fe8)=ANY=[@ANYBLOB="6afec400010000ca7f"], &(0x7f0000003ff6)='syzkaller\x00', 0x0, 0xc3, &(0x7f0000000000)=""/195}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x3, &(0x7f0000001fd8)=@framed={{0xffffffb4, 0x0, 0x4, 0x0, 0x0, 0x2f}}, &(0x7f0000003ff6)='GPL\x00', 0x5, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3f00000000000000]}, 0x48) mount(&(0x7f0000000000)=@sg0='/dev/sg0\x00', &(0x7f0000000080)='./file0\x00', &(0x7f0000000100)='hostfs\x00', 0x800000, &(0x7f0000000140)='cpuset$systemposix_acl_access+md5sum/ð0,trusted*%\x00') [ 1000.340946] audit: type=1326 audit(1539268358.924:233): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=9471 comm="syz-executor5" exe="/root/syz-executor5" sig=9 arch=c000003e syscall=228 compat=0 ip=0x45a37a code=0x0 [ 1000.359673] validate_nla: 16 callbacks suppressed [ 1000.359683] netlink: 'syz-executor4': attribute type 16 has an invalid length. 14:32:39 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={&(0x7f0000000000), 0xc, &(0x7f0000000540)={&(0x7f00000003c0)=@newlink={0x28, 0x10, 0x705, 0x0, 0x6c00, {}, [@IFLA_OPERSTATE={0x8}]}, 0x28}}, 0x0) [ 1000.407594] netlink: 'syz-executor4': attribute type 16 has an invalid length. 14:32:39 executing program 2: write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000180)={0x20, 0xffffffffffffffda}, 0x20) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETLINK(r0, 0x400454cd, 0x307) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f00000000c0)={'\x00', 0x400}) syz_genetlink_get_family_id$fou(&(0x7f00000003c0)='fou\x00') ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000200)={0x94, &(0x7f0000000140)}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) r2 = getegid() r3 = syz_open_dev$mouse(&(0x7f0000000140)='/dev/input/mouse#\x00', 0x6, 0x400040) mount$9p_unix(&(0x7f0000000280)='./file0\x00', &(0x7f00000002c0)='./file0\x00', &(0x7f0000000300)='9p\x00', 0x2020, &(0x7f0000000340)={'trans=unix,', {[{@dfltgid={'dfltgid', 0x3d, r2}}, {@cache_none='cache=none'}], [{@rootcontext={'rootcontext', 0x3d, 'sysadm_u'}}]}}) ioctl$DRM_IOCTL_GEM_FLINK(0xffffffffffffff9c, 0xc008640a, &(0x7f00000001c0)={0x0}) getsockopt$IPT_SO_GET_REVISION_TARGET(r3, 0x0, 0x43, &(0x7f0000000440)={'icmp\x00'}, &(0x7f0000000480)=0x1e) ioctl$DRM_IOCTL_GEM_OPEN(r3, 0xc010640b, &(0x7f0000000240)={0x0, r4, 0x1}) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={"76657400000000000000000400", 0x43732e5398416f1a}) setsockopt$inet_sctp_SCTP_NODELAY(r3, 0x84, 0x3, &(0x7f0000000400)=0x800, 0x4) 14:32:39 executing program 1: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) sendfile(r0, r0, 0xffffffffffffffff, 0xfffffffffffff9e1) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f00000000c0)={'\x00', 0x400}) recvmsg$kcm(0xffffffffffffffff, &(0x7f0000002580)={&(0x7f0000000240)=@pppol2tpv3={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @remote}}}, 0x80, &(0x7f00000001c0)=[{&(0x7f00000002c0)=""/196, 0xc4}, {&(0x7f00000003c0)=""/142, 0x8e}, {&(0x7f0000000480)=""/4096, 0x1000}, {&(0x7f0000001480)=""/230, 0xe6}], 0x4, &(0x7f0000001580)=""/4096, 0x1000, 0x7fffffff}, 0x10063) getsockopt$inet_sctp_SCTP_GET_PEER_ADDR_INFO(0xffffffffffffff9c, 0x84, 0xf, &(0x7f00000025c0)={0x0, @in6={{0xa, 0x4e24, 0x8, @mcast1, 0x7}}, 0x3, 0x3, 0x62e, 0x10000, 0x800}, &(0x7f0000002680)=0x98) setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r1, 0x84, 0x75, &(0x7f00000026c0)={r2}, 0x8) r3 = fcntl$dupfd(r0, 0x0, r0) getsockopt$inet_sctp_SCTP_FRAGMENT_INTERLEAVE(r3, 0x84, 0x12, &(0x7f00000028c0), &(0x7f0000002900)=0x4) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000002800)={0x0, 0x18, 0xfa00, {0x3, &(0x7f0000002700)={0xffffffffffffffff}, 0x13f, 0x7}}, 0x20) write$RDMA_USER_CM_CMD_LISTEN(r3, &(0x7f0000002840)={0x7, 0x95, 0xfa00, {r4, 0x2}}, 0xfffffffffffffe1a) getsockopt$inet_sctp_SCTP_PARTIAL_DELIVERY_POINT(r1, 0x84, 0x13, &(0x7f0000002740)={r2, 0x6}, &(0x7f0000002780)=0x8) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000200)={0x94, &(0x7f0000000140)}) openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000140)=@assoc_value, &(0x7f0000000180)=0x8) write$P9_RCLUNK(r3, &(0x7f0000002880)={0x7, 0x79, 0x2}, 0x7) r5 = openat$tun(0xffffffffffffff9c, &(0x7f00000027c0)='/dev/net/tun\x00', 0x103280, 0x0) ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000000000)={'\x00', 0x43732e5398416f1a}) 14:32:39 executing program 3: r0 = accept4$bt_l2cap(0xffffffffffffffff, &(0x7f0000000080), &(0x7f0000001300)=0xe, 0x80800) fsetxattr$security_capability(r0, &(0x7f0000001340)='security.capability\x00', &(0x7f0000001380)=@v2={0x2000000, [{0x2, 0x9}, {0x7, 0x6}]}, 0x14, 0x1) r1 = socket$inet6(0xa, 0x3, 0x6) r2 = syz_open_procfs(0x0, &(0x7f0000000040)='net/raw6\x00') ioctl$TIOCGPGRP(r2, 0x540f, &(0x7f00000012c0)=0x0) sendmsg$nl_generic(r2, &(0x7f0000001280)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x20000051}, 0xc, &(0x7f0000001240)={&(0x7f0000000100)={0x1134, 0x24, 0x205, 0x70bd27, 0x25dfdbfb, {0x20}, [@nested={0x108, 0x26, [@generic="5a90bf42438d755a8995647bdbbec9c1fb8f3f63ba91c2903668c9ed17aa718af5f458be4c158f1410ba154bba3c2b545d919ad8cea90de843a2ebf15c09a1b3c0ce27f6b3d5dae3618240db04c00046a72405e6c23362852aeb2a7a105d", @typed={0x8, 0x67, @ipv4=@dev={0xac, 0x14, 0x14, 0x1d}}, @typed={0x14, 0x4f, @str='wlan1vmnet0.\\:\x00'}, @typed={0x4, 0x2}, @typed={0x8, 0x8b, @fd=r2}, @generic="7a07ae7cf9a863ad5108285730582a8bee19bbdbad0f3594ad94830e380f3b9be27c2e2ba6aa0d8c63b9b0b0320ffb78a4d84ccde800a4d6d8a2e05aad", @typed={0x8, 0x3b, @pid=r3}, @typed={0x4, 0xa}, @typed={0x34, 0x29, @binary="f301dcb72b115198288944d8c22aa1fa2f89ef7246ee5e31610e4421ad3a3e89d073eb8d11c8914a6c45faff0a"}]}, @typed={0x1004, 0x3d, @binary="be476da0b70f4f1e777818740765c86c23e9a51c71023f8086b6e481df0b16996ce197631149ffb8d1f4e911421a0784cd740a7b4e972ca105cc19f4ad2cca50241192c54b9b69ae80b429a96a312dbc04e8dbb11021b221b4216249e55b26803ec36f20810bd4fcad8afcae840a4eeda46936023822783da4f362b256aacce03447871c887a44be262ed09c55596f9c46c6c483ae8cbaa3973d496f70ce9b342b8e6749ba9914de425e6efff1f0bd467912952c9d74e064c8e4c4eb47516b83cf814875192f3f048680d409df77b4491f1bd27e7f1263e83312e6ab3c87fa9127250e3192b4b05859c0147ebb4a391cdd8b5053085707ee0f8818323abcd299fd52108461679bb0aa2a84817340638196ae05cbfb47cf926204ed72fd9cc94347e2b366170041a23a187974b747d503b11652225906a1bd04e784fe22fd30523e0aa05ed8e0310470afd901375018bbac2eb345861ac25f61558e0d0bed7209c1c5e92158342699e3e884e773d185a0909b1bdb335f1b64631560d67258b7760750ce5a4eb8ee02ffee28eb7f46f6c981529d0786aa27ef915314f6e3f1bc70a72e7f9cd4fd2efa5b819101b609399554263cad6f73dbd24f83fad83c6bf86bc372bbf8daef7c08bbf83cef76366b265f7d907d0ac6c3c313bf9010a5c1f3e274c5c6df0be3cc13996522e224e15f475e0f25b2086a5690b206b0aa0cd5bd95690a9a3221f0ea234ec8ded6ff8f0a442e33f97ed593d1df4a845323d624c88cf2f99daedf283ad16e1930ffc496c5538820a4dd081130ca91ad5e68d3e8a9e347d2c48d60e2d615a892f84c8f6d6a764c3e141690d34c8db8b0b4213b233ad6021acf6a55d5383ad77ac99672d45995f266e15a2398b4ad50c86963f3896af18228ff2d243218ed594c27a3f179dc84eb12cb1cf27a5af4cf19e2d61849961adb1418e9a3f059a7a4bafd7e2810aec15982df8fbd871ee31cbdca775cdd897759c346bdb94470895d4c327fe38a599cd4f974f31b522c21fc1eab93994317a06ee69919f84e84eaf1e45be669145d3aa83949746bc6866350e3d492b0c0158bd6c559e04c1d4899ef2105a19bc91b37a7fe3738a60155b20713b326276a12dac677a812ae159858601f8e329b8a6de8a8c4771dc142116de454c56d86bf27ec7896523691b869898ba52b1ab30c05876f9826cde567d1e69dc1c43209620667c85dc2767e2b84f7b73c3227619ea4d08508e6cab125689b3fc5edc7333c18a077a5ccf85b653aefc5c93d20abc88d1b08d44b5833c6f01dd4de4a49a022cc1b8e8b71a4fc237ecba3a91b1a26300543488e5a9e036650bbfc33c8096b9a196f8642a338c4e42102cca0a43d48e17d1a12759f7a1dd5a9d39fbd23a4d79a0160eca254c3ac0a552c0f24092bda900c98f30bee20c3203d163e05db3fd72684056828d51d729ac0e1e4e2e48b9be9566ab21373c85428f0981ceafa410d9334dea963f71127230a10ab44032a5c9390715756f5b2d972d8ac17f13033f38f6de2ad6ea482018d56abd20636e94ee60785fc9e495ba1e8481c903c5037ef71a16e910aca48becf8b20ae7c97c3c214a7359ac2dc9809500bce7c0a60094b2a2b97c923b6c5f2ecf7d6b46fc4b15ef88fa0c11c83d4098c2fcc9d2432100955acd5eecc62ab3b09db99afcd2adab70a981959a3a2017749b0377c58ca563d6007075d18f9b0743ca02835c6c93adec4300cd5679dc7d0799271cb350497c7b2d2004312a2c3ad35c20220c761151eb41eed73b8be463d07fe2545f2fa227471aae8ad0bf592101cc7e2d13c84035085e7de8847b793a5917ddc9fae5940682561af2ef9d12c0dc5b24de54e69ddcc663009d81e5713645444062f56d89c6d7333ff58f06fed015e5dca9073d79a4851c9151cf6e2104988f0a78ea798e6aa6472dd4b567f9678ea82383d95deec010aa8496dc943714a1382923361a2bf2ed4ee6dac42d58baea2a86cee0a3cfb94b912d45b41407707045adb2b79dd4b7185e508371352158c7316bb72c83ee51d0edc1c6d159947130cf0795b7400343cbd7161771c19202dfb406773ae7f2bf5e2318c0f44e2abd6dcd7dfed238efc76f665a8b2a25ff92c0b68583b0956af6054cddbd58e6ad68a9d5296e16b110137ebcfad78e45cbb6abcd2a2ce600c21537ab4f37607a9f8f861d8c4159945ef9e6af46d202c807b78c6944a7d43eca222e5407425cd73ee01b699510b08f34177cdc71cac2de1031db981542b3981b22c7a0c260a4711330d3f749bd06bb2aec0cc57313df21454aa096ad58a733234d000ce24f1be1ed4be68829f2237d7eb7f36e951ac65da6a9454242dd7368bff53be4545c3a1f5aefd864ebf5d1e3d308b019cc043ffc441055eaf2ce261632b31780be2a7806ef4fdd590a6f8c3002d57bf7d6d26375d57179e2c9ef5f338c248e3f20b2454b4237039cabc72d3b7cb562079fbb0c609d597cdb38b4fb2d5ecf5059726c4357669855cd7057c6d1a60040d29bca7373aa5df653702630c45c80cd00429511ae5d4041bf34efa99b74a825b81120b70b71e3498890e8aded324b4ce76cad4bef450f50a375f7f82dbb454f5e68486c8912024c3b9b9196c1d12f596ba3ad56b741e0a1cdfc647265bf623d762b931ffd92250d52145d8546e0233a7abe079f585b9e628e60984e4b39b5932b0fd1dc2eb2c9971b667ee8b15a451b03fc26f03783fbfd95b5384afd3f97286bd9e36338ff70c5a51de3334b985825416b9b7260f0dcaf5053ed47b480d90a45656382616e7de800dcd3cd6af0138ff08eb3669a8a76b9a31600098b2669636519e4ef9df63c518a6b9c6afcf4c8568f5d53df03e11d9f1a9de042cfd4672db0ece39174b03dd9b184aceba53376fe02996d1407f4eb2d0de9276634082857d317c456a3b13d0448366fd7ac5ac2db3e79156ee1b8dfb0b78763119db491a1a76296c34b7205b5d627269d6323c0922d0bb13f19e1bbe765a9a242a6e55fdc444331e3126dedaddbeae275347af70d8cbd9c1dbf8d183289936de1e440c6d2815cc0cf971fd7f7a72644d7086d6819aa6d5ca90b0ede232c3c170e1cd8c7218ccebef500695f9402e878c066100747fadc8e548669c3681f6214ae5e37952da8554abcb7bba1734ca8fb107af180d5fc8471457fad54f601f300514c12f372151b45111d43cfc8fc708978c970525dc7c154044a7dde913d803d804df5a4d222838d402324370891e8c3f67582fbf7dbdb54fa80b49d96d42100dcee8abf7ed4e4fce2e9897ecdf6ed385af268866788955d0fa8dab4c9b01f53ab5461bcda6af985860c3b35bae97c7290606d14fb1403b5fe39e3d7d3363dee08337374932de77f24e967e80f679bda66af27a2502ed954e04062afacd2cb947df9ec90af2ead74a79fa2c690c362415b242f9dbe3f3ea8a00496607b7d9f2e62824dacb671e2d9e5bb1d4b19bebdc2d8ef3c2232c53a257636f11b1d80775ade8fd85d8d638dec8be6ab67258c6cf76b8e81721fdbaff4a318561e2fe3d4e7365a2094bbd5ce50a0083944605c80dbc1ab813df77e4c1b8c950931657e34cb76a85098ce37bb348cf3bb4383bf20b38918962ae64dbdf5ee40ffc3975c7f3078875e8d316d3f5dc658fe9c9e73b7ee6bccf20aaffd885b976d603311e3f6f6c3815bdbfb716d84faf5d53c4f254c8a40a01cc84c37bec8897729ca5058c9cf4274c78ac5e7f7a52aae77bd9957d329934bba61872c9b0b8729c494e5f88f021e6ed77f8577e33008917d76f7d342a340d8bcb7df28441c56507f538e283673df1fc5c13520d5f1e4221a5c46a2a42c918652dfc9b22321e3c77704b0b3610069ce3f187686071d47d4249ef70862fc8f5976e5da3b0fabac08feddf0b8ea4edbac5554036c9c7f9bb2e04db55628abff93b23a4f1932776baed65c609c738ee89a72a2bac63d411bf5f49d444df6f53196bfa8839ab60fbaf6b72352e5c3cf11c0adc3c34b986abd99e2731040579fab7a182489c5ee84dd73bdf4ae8174093a8ec0742fcb42a968db3d293f926d6fb033e3b9a3bcc561cf78c47679cf62dcc84644feeacfb50efbbdae225c391cc044d570cf56914cf235df3c1e81ba68a0081dfb29366c298df51098828bc330e9f476f53ef81ad4f2d8d34647270736fdf7b2859712d8adca2881862a3cfaaac6d44c24b0e548d6c43bd809ed828490ac50050ae60db121480b5baf866c5c8dc7bf81609f475fdae76daa73c171b2ace0e67bfa160487bfa73b4edf9f9152fa4572fb4a139332154c7432236bcb44749b3e4d4078ac21e3182288f9e01b2e6f5c6e24ccb577e4eba3881d11122dcb98c58509e43d1c118741f6566decafcfdd3f5d9332cdaf63403b7303a81256e5379df9cc0ec3fa48268e8d06b82e513f5d35b4bbbcb7e26bd6cf4e721c92a7645de41810dca1e15ef152658abc48259a82fbe56e613b3ca8c5934feb81458edb7985479362b22c85ff034b247bca9239a8c47d0a18ab16cec7b0eb5543aa7672c9f47b5042e0b065afcff8ae0f857c7391879e147ac1ced1a13731425be672f6b9ed3babc6eaa8ecfdf162a385934555ae23f81a768212a8ccb861cfe0857efb5eac368700e6173a8fd388db116ba4c455edb9a323c94e58941607aaa25dc7c7d6d95538cc7f346924096e9e8e6a0e6f711621812d1a2acf43d6dfa98dba938c3ec91aad4d433b7f022377acac082a80b8282efbffce781bbd235af5345e959a1eb8dbb2e7363a3bd2dbfe63515d688f913731bc064ddd3cbf823d636328cac4be45d0376e778e2fbce2b5331f50e09e699f8ac7b9503ca75eac492cae1f3df96994bc93323486d513833d326e9195d67b14ff5fb7ec781b1acc8709192a4c0642e3533d7e48666978309c288e733cd3e27a285f09e6ad85d77f48bd247954ef4059ddd303659183e09cf4ef64b82f9fc6fec2ac7b1d8be5df23d09ec2075dae05b641e333bcee4c26b1c90a526c58afe543133bb60900ec2d68b6df224872ebb25da04f3a46a1ec12bc979dd4df58629ebb1589f9a1c80b2d5fd1688c00feaf0bd12b2c773adb5c174f228f2fea072153ee4a7b3c849306666fddeb7e2dcac7619e941911f44637c2f8722a94d5b19fdf81a425d68a684f88570e11df1ca1ed2adf847224a27fc044e20b27437e572a112c7a9cecd65c79c334ffd6553d1c7963eea97f04c571c3f95502b7095ddf1b28c727ef50d1a7c7009696d544c586dd6474e10e13b2249e9997d34f276a59a94c079f0ff560b43d38b6a2a8cb25e79ac7fa8af500fb359ed83cfa05054a13d7db35c84f1e401e672720887634f39399250e92255ea7a38af92a584c695441067272b06a9e5a7ba5fd12171ca4c8ef22a450a3661c767ea0bc1606c664aebc047340622b0109184313540ee37457d6125fca56ec64929eb60c9003570bc1669cc303eb91ae99e39804891f03149ee555dd8a655b6143bf22e9ff4aef5722e220b52b31b7e2504cda4dca9324885cad887934ba60950af39c48e6f58c8bed7c13035c50a19c4f71c397248b98d1e70a85e32bd9b7d018556e9d4ae1abde8fcdc49182da993d7ce13ef7444a47059ee7fdc4048a1f258b1d7a92ff09e832bd552804a620f75bf0eed410c70b3667e23f17ef1c3efd778380612ffde9c1f9abc4412a52c244554da2943b2159a81443338d6c87c90a73951521ea5462e717caca0ebe145e4a01c6b2be5770237176b55a93e9c5b03ea2f4b3e3e68"}, @typed={0x14, 0x5b, @ipv6=@dev={0xfe, 0x80, [], 0x12}}]}, 0x1134}, 0x1, 0x0, 0x0, 0x4000}, 0x20000000) sendfile(r1, r2, &(0x7f00000000c0)=0x14b, 0x401) [ 1000.495434] netlink: 'syz-executor4': attribute type 16 has an invalid length. [ 1000.579339] netlink: 'syz-executor4': attribute type 16 has an invalid length. 14:32:39 executing program 5: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) prctl$seccomp(0x16, 0x1, &(0x7f0000000040)={0x600000000000000}) 14:32:39 executing program 0: r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1, 0x0) write$P9_RLOCK(r1, &(0x7f00000000c0)={0x8}, 0x8) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000740)=ANY=[@ANYBLOB="00000001e0000000060000000080"]) 14:32:39 executing program 3: r0 = socket$inet6(0xa, 0x3, 0x6) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000080)) fcntl$getownex(r0, 0x10, &(0x7f0000000180)={0x0, 0x0}) r2 = syz_open_procfs(r1, &(0x7f0000000140)="6e65742ff261733600") sendfile(r0, r2, &(0x7f00000000c0)=0x14b, 0x401) ioctl$UI_DEV_CREATE(r2, 0x5501) ioctl$sock_inet_SIOCSIFPFLAGS(r2, 0x8934, &(0x7f0000000040)={"002020000000000200", 0x5}) 14:32:39 executing program 2: write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000180)={0x20, 0xffffffffffffffda}, 0x20) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000140)={"76ea00009cb65a3200000000bd6800", 0x43732e5398416f1a}) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f00000000c0)={'\x00', 0x400}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000200)={0x94, &(0x7f0000000140)}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={"76657400000000000000000400", 0x43732e5398416f1a}) r2 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000040)='/dev/mixer\x00', 0x10000, 0x0) r3 = syz_genetlink_get_family_id$nbd(&(0x7f0000000240)='nbd\x00') r4 = openat$selinux_commit_pending_bools(0xffffffffffffff9c, &(0x7f0000000280)='/selinux/commit_pending_bools\x00', 0x1, 0x0) r5 = dup(0xffffffffffffffff) r6 = openat$vcs(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/vcs\x00', 0x4000, 0x0) r7 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000300)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) r8 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000340)='/selinux/policy\x00', 0x0, 0x0) r9 = syz_open_dev$dspn(&(0x7f0000000380)='/dev/dsp#\x00', 0x8, 0x20001) r10 = dup2(r0, r0) r11 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f00000003c0)='/selinux/policy\x00', 0x0, 0x0) r12 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000400)='/dev/rtc0\x00', 0x20000, 0x0) r13 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000440)='/dev/vsock\x00', 0x0, 0x0) ioctl$GIO_FONT(r11, 0x4b60, &(0x7f0000000640)=""/255) r14 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000480)='cpuset.effective_mems\x00', 0x0, 0x0) r15 = openat$ipvs(0xffffffffffffff9c, &(0x7f00000004c0)='/proc/sys/net/ipv4/vs/sync_persist_mode\x00', 0x2, 0x0) sendmsg$NBD_CMD_RECONFIGURE(r2, &(0x7f0000000600)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f00000005c0)={&(0x7f0000000500)={0xa0, r3, 0xa00, 0x70bd2d, 0x25dfdbff, {}, [@NBD_ATTR_SOCKETS={0x54, 0x7, [{0x8, 0x1, r4}, {0x8, 0x1, r5}, {0x8, 0x1, r6}, {0x8, 0x1, r7}, {0x8, 0x1, r8}, {0x8, 0x1, r9}, {0x8, 0x1, r10}, {0x8, 0x1, r11}, {0x8, 0x1, r12}, {0x8, 0x1, r13}]}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x7}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x1}, @NBD_ATTR_CLIENT_FLAGS={0xc, 0x6, 0x3}, @NBD_ATTR_SOCKETS={0x14, 0x7, [{0x8, 0x1, r14}, {0x8, 0x1, r15}]}]}, 0xa0}, 0x1, 0x0, 0x0, 0x4000004}, 0x8000) 14:32:39 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={&(0x7f0000000000), 0xc, &(0x7f0000000540)={&(0x7f00000003c0)=@newlink={0x28, 0x10, 0x705, 0x0, 0x6c00000000000000, {}, [@IFLA_OPERSTATE={0x8}]}, 0x28}}, 0x0) 14:32:39 executing program 1: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f00000000c0)={'\x00', 0x400}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000200)={0x94, &(0x7f0000000140)}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000140)=@assoc_value, &(0x7f0000000180)=0x8) socket$l2tp(0x18, 0x1, 0x1) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={"76657400000000000000000400", 0x43732e5398416f1a}) [ 1001.152417] netlink: 'syz-executor4': attribute type 16 has an invalid length. 14:32:39 executing program 3: r0 = socket$inet6(0xa, 0x0, 0x6) r1 = syz_open_procfs(0x0, &(0x7f0000000040)='net/raw6\x00') sendfile(r0, r1, &(0x7f00000000c0)=0x14b, 0x401) 14:32:39 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={&(0x7f0000000000), 0xc, &(0x7f0000000540)={&(0x7f00000003c0)=@newlink={0x28, 0x10, 0x705, 0x0, 0xfffff000, {}, [@IFLA_OPERSTATE={0x8}]}, 0x28}}, 0x0) [ 1001.180455] audit: type=1326 audit(1539268359.764:234): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=9518 comm="syz-executor5" exe="/root/syz-executor5" sig=9 arch=c000003e syscall=228 compat=0 ip=0x45a37a code=0x0 [ 1001.210174] netlink: 'syz-executor4': attribute type 16 has an invalid length. 14:32:39 executing program 0: r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1, 0x0) write$P9_RLOCK(r1, &(0x7f00000000c0)={0x8}, 0x8) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000740)=ANY=[@ANYBLOB="00000000d9000000060000000080"]) 14:32:39 executing program 1: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000001380)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) r1 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f00000001c0)='/selinux/policy\x00', 0x0, 0x0) getsockopt$inet_sctp6_SCTP_GET_PEER_ADDRS(0xffffffffffffffff, 0x84, 0x6c, &(0x7f0000000240)={0x0, 0x1000, "875c90129e47036a48792fcf9f711974ddf651a274465986cecfd92a792a592510ae324f1d9904f24c7f4f4978d52156a207533a3903641035d388b398b6e436c16699a17ba26c2e84718291fb7f956c2a313873b681a60779701d0e207c6373369580bf3a09daf9e42591432f452b05c075e1e91f7de03334f18418c4be4ab7e99b6f314daadbdbcfaa0e4f3ba111c0c972ab12b0981584f48308ea7031d9f591d5fc4e5658f5aed08df15d7bb06da8dd585055bb1cf18453765db0a22324f679e876327506f109a3224e5662ae792ae9aa6ab3ad614815baa28cf413106f8270520bbad8466be048d0557945d0422c794ac3e61bf421c1974db4e871062b48e50120356ef8a18474848bd72813dc9299c43c9a297196a5e6191d7a0cd3e320bbc4cf6fb7e6e3b634cb77dc65ba83470e207625a33e234ae6842fc506b25ad88f7f26c37f63b197aa1f2b91801fd9cb48d57af1efc8d632332e2e966724559d8cef03d2433206785559f82ae47ad9c3bfdd618a200ccd5edbd3d745e1e75e6355f5219d4111b6a672ac73e628deb35c0d35ad71fc1466db6a4d2f04a8caec0519416681e7289f80e17a2753a813966c498f0e4dab12c4b73699a724a359bff34c2959a09b0e2b35382d0c037024200f8795e96488918157c4652f700ca86fd8a73d32baf2de0614e46800607c4a5ca3e259ce3c45ff4d33b8f3f4a51d632195a930f831983ba0b322ae5d0f1f56b718c767082f699504c0137be4909449d9243e13c44b47a83eda4b7653c3db561e23fd06df310e5dcde14774cdb9b25a620eac0f0ab1ec5bee24e072152c70772c6e418922323302d125f36b49f38696276027d9e81839f3331eab63fecd0780983294dd9278189db8d5482f8371553e9fea71f12d7f2325fe1ade2b1c4f1a023d016aa92f5ba1a521eb7afa600c9d0d1574c3a6d728136942ea4decdf2b833d37163751b51d038d3019f1ff8947d00c86cc01ca4e4956860ca9dcc7ddd66acf5e80682d13791e7c426026bc45d1c2bbdc09abf7c7370e646d5101d3b56a111e68384a5250e2530763fb98ec5371915640ed79dea825943aae1dc1a9506f558a0bffedf986b34e8abff42a7f5f0032444c30013e9a7d355a9fa8e361d1473e0d74c3cfa9c671ad90bdf97cd76a67d34ad88e7509c0b777793d16b29cee1289f486dc596ff625a50d1c8671955a86329cc0116f61bf912bd58745a97f4371066329c0256473128ad0981a38c9dd0aa0eaa054f6634d4a5ffc54eda0bf0be92cd886ae0ae716d1bd476fe49e0ef0230275dbcc80906dafbf533ccb0ba58be02b76d95d4a3d98c6f1ea9b76197b83464fd9dbc3063a23f84f09068572e9296ec2a9cf45a962546e5524e5e87db30cbebdc933b4758acb548ad422b40d9aa26eaf7518e93f5968c44b743fd89f31d75e34fd24827ab0d3370af3884476bf40fc8427c38a7c872c533858f2e5b768cef4c9157d5828469a21c279bff7213683cf255353d3c6eaa2230fb7b2640e12d1deefade51b000163b950b3a4a1627d38e7b22fedbae8444506b7c5adf509a6410b75ab892f0d51a18f6146c13f34cfa479dce9b488787790282730969ac08d0fd7bbe08868d3e9b0babac8aae3908b8cb961be0e9e5ad6945ba72cdd9b616d79bd438ee732be1499022dab6b5057b43a619b2ee31c55a3c3a0b1907830375599127752d700363256d1b9250947d917488ac7e80b6fa199b23c9507de4eb5f55b7eac61934037d7e27893533ec3139a0327c1fbca9d5ea5e56dfaabc09dae6da6407cc4eadb9016827c2e8e5f8dc57e5c5b9b6b145bd42fcdd7c43b0c7944ff0710080bf3c454cbd082da4402ceac943f38c42896e6853cc0b89d04dae5b46708458a015cffcb8d22b1877d09b438c37ce3fc58e6306d50e4b7c0b3af3d8eb5eec93ef31d67999069d94166e36e9f5a16979581aa77299305ef19213aebbe94d0d7be281ab6c613f5c682c7d879fb92d44de42fa458119a5b5d4a78c226bbfbf36003394d84a71b8e0cd4e54290384f7f02b2c96a40a2b43a3e104932dde5b23a6dfd5c3f527d1434ef7638d622b07ac6a076a012fd64a945e0a1513f4110b722e974683c02d3eee31138e9f47e0ec0de8757320f9e284ea89fc00338ddd103bd059c9cc74b2ecb54a4c03777cc433a4dd2b75521341928dd7367ca04780848c5ab34772f1a95f8281de0cac07e636e6dc9bad7519d27a93a25a7bf2c7f82b952fd01f7dc0c7050914a8cc0b9e77f57d5b7bba3ea9c5834526d25c755a8e51021b1e020da60e04187efaa49f825fdceb173f1017d9aeec5e4a131334b9ad76d4edfad12d9d3bdc3b4c769d8185c224163f52a12fce0a06836057d352be68ccd71c4fbca4aa4597553ab11ef1924a3f3e3a590f0f436c8ec2146d282db4b37795af5ae3cf9789244439c84d18867ac892c1757b2e4b8ca0e3c5c1f0cd297afbf518181ff08e6e61463ffa94b35d0cd9d7083a8830696d8684a8b3e168556ec877e22153f65cdb3c151d54b2b5390910c65583380b81deff26c06343968ae21dc4cc5248f5658676ffa96997012de9051d38d9340e6d0b44834be24be197674beed1a2a4e1788740922cd79e5833f1986e013f8cc953bb255bd8cf54d5d67542697527ca57e7ab2dab080fb85541b27426bbd1df57caf90ae184c2ab7c33c2404dfb97ee5c6d266bf48bee53302f82e16a6120743f85f0f7d7b52cb43beccc32a87eef78711c86ec21abd8387e964aa08b06d1de1fab7f53e2c135ec02ca8da92bd2298ad588dc632c563acb5f07aa54d11f07659b3220b97345dbdbfbd47fb7c60ea407168aacbc0d5bf23f886ce29840d36b0255719804172ad776b72f0ccc0fd74bdf607adb267741f7180a7bda66b8a31eb80800882ed00611f7d093942cc7962b473d2363124e1e23f0b5b1828e77dc365378cbb01ac509be8d9b12396b33b48f5d043babf975a6da8193d28375346454d3aec3fd61da9e2d0b1c25543d78c7dafc018c40607fa7ec36d19a0a2a2f84fa79ed998a3904e184b00fe5d64edeea0344c1012a7b8cbf817eb3626aa92ce9991cf83ee7ba0e5ef7e12b385b18114a809e45069b0a1c80813842a3e2499e24391e2236afcc0303f84d930cf74cbba908ef842dbf97d2dd75d57e529778c05af2416484652abd3f796f84fc7e8f42dbe03502c71e5c05e9d36d61bdf895f728bfc3d52091301c653f44fde129b9b490901fbcab18ed3ed839d919015e4b0668d64b22ccf9ad4ad46a14cccde370160386de4f8124dc6898433a8e4b5c36fe3d115992b9d456e8001ef12a20bd87a69fec26e1d73d065acf9e71eaa7ec00737e3cbfc661c22092398842d7029afb5755b84b3089f0127f2f40e24415462a82fc0fd68dd07b6720d2eb72c1b3b7def671ddefdf641089d27e8885dde8eae377a81e11b1dc45adc77f0b73061abe598adf9e7a858f7f79e6d5ed50252cc0b92940c749f1f02be6e2dbe5671ec7e64bbeb5fe9105dd644ad412bc5d9f45711e088d7860ba7d28a11c9578e20930a2e56458394eae8ae069b6ab92b99f07ede8f073402fcaf3cee60132ae1f4a3df0a114e69120e05c0cc2dbf49dadeb3881b4b0866eafcb3c0efbbe74c43c93a6ba8a2d2fe3bbd3ff3015f3759fc92c7712c48f1d791210604a981234644f0efdf32235a24427d43f75d1a2da3f975e0cc8fe6b11a2319889eb542132465590f773fbe7bf4dad2aa1983962994182beb179539e661dc04bb8b8d01891271175d8420db0be433d09f0f2b98554c3a12454423fab2cd556bb8f7ed58390fc13a807542ea7f6f5124d5dc5bb4491f0af55898fe2bddfa34d3e82f15a1803e10985895a3971044cd8d632609b8ecf12b70128f215d0a93fdc3a9006693c58c2cc3365844ff80bd23961d4e8b560ae043c5473e9dfcefd75317d8644eeb8ae9cbde1ea1fff237111952655fddb76926af0b33c778ed54df4c36780181fc6d43220aad2754d5dc975e2cd8ac3d1d9244a329f3b1f7ad51f7148403929ed556ce514b59af665a07f427be92ecc4081f5a1d60d0783ea5af5661948757f8246e22f3d8887c67d9efb215eecb1672a2c5b0b5f66ff327a54ce0a607a244ed30ddcae0e40a2218f6725446d51608511686bcba55cc20f404ac217d5f6de47eab9a445edc1d1dbe8cf9753b73de885d9952202e6bb8417c79ce4a6cb840f7e67f4cce4d7b1e084e748761ad3c73e95707958e6352ecba3ed3570dadab94199817e7a31d46ab8f7e887ae991f404b19e8d7b4dea0b52e590be8162d8405a772a0247c211a4702dd74af5d77fab0fd002bc4a5fec1dab2a3393ffacb0385423cd0a75bf989c8a9882644c3df0a90cbdaec328321c1762bf07dcac63a305ff62bd07752165373421083d31e5e1fd320a2d098f816741c9383e6d8f09f1d6fa814cd833004ec03fdb8a8d0fc16466555384b76d4801a661a3c8703fd9afc8aebbd259ee097af0611795faa3879de6faa4a3248ad95ca756376b0acd04754cd9c08a755dcaada935ff444e28ef9ec156cbffac4f93b93fa8ad0370a61c8fc31193cb70bdb77a3de3f8fff76da81d16d1c48e0f1365fa3992b44234d6646669c700eae01906a5c1d60d964ab88bde4cbac0b2ee6321b6628ace8a3155d0544aebf109d79d3d876a8094cf0f2ed386ae1db62c742251b76a3d6f58b44429aa68db247183fb5bf744b34fc244d8cc39135f5edcb9fca02faa2cabf58df74a0099aa7351734f54f65370a6bf889ad0f9c0548ab9c8e7b8e7ac75d11ef71484fdba6181f6b8f25a6086e3c82a767ea85b5636d838b6ffe30c8287b7c8de6c5bf7dd68d64ff1fb9053afceb579a5089e068774ecd8659e91326da258c4e6f1b80ba0799979faf3dc25b657bc9272fef5c307389dc9a9cf7a2a7e2274a4f3a4898425184fef6dce436c42bb0f86f322bc0b5ada8335902073ade9300a9d4bd714afbf5abff56cd9f349055caaaab4881c397d711917719dd45c72e2ca11436b35ea4c30396c4c32c2fed480495b83a6914332d3498b5bf7cba940acfc0d9d599b8cc7a50335784270cdd6728be3e015f2661d51322c06115eade4fff2231a518577ce2df775c45d19e7db3aaa347077883e054a4800cdc13a5f4838006541ea721153387e8d008af95d57d94c1c14ce94300c8a643d4117de780bb1175c2a222fe1b07a03e3ad76977f971a0a1c151c5d05049a1699782418a7b56ed6922608aba405ea32f34d8703c8678faa95f5ccd3b53eaba6a2087c5b1eefee962a217cf0ccbe888575fda91e3b6959ac01b4b509f0da789c075db5d0e9cde58380c6ccd184ba15acdd23999a630e01c60541d374fba963fee37f46369ba03dc7b478b9fe68123dfb8e753b4b7d9171261839330af7411730e5bce0ec01a68184b901a0365454c59eb9481371088c38abf37b4577b15e8c341248dd3da95f8ab4c0b9447b5b2e1e3c13460db71f84f1963ddba530d2328edfe6d8e5147c71a9c5dc8a40cbd32af6541f9e0a49a4dfdd070f941471212e0a64f3af5242639ac63201613e79fc0b30fce7399c0f232c5b735b35f75b43400e57bddf4ea642ac431097135f1df7af77eb8ae9cc1b6b175c2e5e2cf7016cf890a3fadb056eb03e38aea1aa7ac98d17c0a15e9563dce101b7190ca9cad7460296c03c74e0b6a0c221218b6e0fade758b0c88e02ed097fb8835f298865d359f9a6ed117bb5cc080567c6acf7f9df157443ddf8d75c6bedf25dcf3ab36d7c05a1b007"}, &(0x7f0000001280)=0x1008) getsockopt$inet_sctp_SCTP_RESET_STREAMS(r1, 0x84, 0x77, &(0x7f00000012c0)={r2, 0xfffffffffffffffc, 0x4, [0x10000, 0x9, 0x6, 0x9]}, &(0x7f0000001300)=0x10) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f00000000c0)={'\x00', 0x400}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000200)={0x6, &(0x7f0000001340)=[{0x3, 0xe910, 0x900, 0x3}, {0x1, 0x10000, 0x6, 0x7f}, {0x7, 0x4, 0x1f, 0xbf}, {0x7ff, 0x2, 0x7f, 0xcfd}, {0x2, 0x80, 0xd306, 0x10001}, {0xae, 0xff, 0x7fffffff, 0x4}]}) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000140)=@assoc_value, &(0x7f0000000180)=0x8) ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000000)={"76657400000000000000000400", 0x43732e5398416f1a}) 14:32:39 executing program 2: write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000180)={0x20, 0xffffffffffffffda}, 0x20) r0 = eventfd(0x2) r1 = accept4$unix(0xffffffffffffffff, &(0x7f0000000280)=@abs, &(0x7f0000000300)=0x6e, 0x80800) splice(r0, &(0x7f0000000240), r1, &(0x7f0000000340), 0x0, 0xb) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000040)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) r3 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000140)='/dev/rtc0\x00', 0x0, 0x0) setsockopt$SO_TIMESTAMPING(r3, 0x1, 0x25, &(0x7f00000001c0)=0x402, 0x4) ioctl$TUNSETQUEUE(r2, 0x400454d9, &(0x7f00000000c0)={'\x00', 0x400}) ioctl$TUNATTACHFILTER(r2, 0x401054d5, &(0x7f0000000200)={0xb5, &(0x7f0000000380)}) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000000)={"76657400000000000000000400", 0x43732e5398416f1a}) 14:32:39 executing program 0: r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1, 0x0) write$P9_RLOCK(r1, &(0x7f00000000c0)={0x8}, 0x8) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000740)=ANY=[@ANYBLOB="00e8000000000000060000000080"]) [ 1001.306182] netlink: 'syz-executor4': attribute type 16 has an invalid length. [ 1001.330346] netlink: 'syz-executor4': attribute type 16 has an invalid length. 14:32:40 executing program 5: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) prctl$seccomp(0x16, 0x1, &(0x7f0000000040)={0x0}) 14:32:40 executing program 3: r0 = socket$inet6(0xa, 0x3, 0x6) r1 = syz_open_procfs(0x0, &(0x7f0000000040)='net/raw6\x00') fsetxattr$trusted_overlay_opaque(r0, &(0x7f0000000000)='trusted.overlay.opaque\x00', &(0x7f0000000080)='y\x00', 0x2, 0x3) sendfile(r0, r1, &(0x7f0000000100)=0x14e, 0x4000000401) 14:32:40 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={&(0x7f0000000000), 0xc, &(0x7f0000000540)={&(0x7f00000003c0)=@newlink={0x28, 0x10, 0x705, 0x0, 0xf000, {}, [@IFLA_OPERSTATE={0x8}]}, 0x28}}, 0x0) 14:32:40 executing program 0: r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1, 0x0) write$P9_RLOCK(r1, &(0x7f00000000c0)={0x8}, 0x8) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000740)=ANY=[@ANYBLOB="00e2000000000000060000000080"]) 14:32:40 executing program 2: write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000180)={0x20, 0xffffffffffffffda}, 0x20) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) sched_setaffinity(0x0, 0x7, &(0x7f00000000c0)=0x9) renameat2(0xffffffffffffffff, &(0x7f00000002c0)='./file0\x00', 0xffffffffffffffff, &(0x7f0000000340)='./file0\x00', 0x0) ioctl$TUNSETIFINDEX(0xffffffffffffffff, 0x400454da, &(0x7f0000000640)) r1 = open(&(0x7f0000000680)='./file0\x00', 0x4002, 0x104) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(&(0x7f0000000500)=ANY=[@ANYBLOB="a69b3f37b18bf7a0639292505e47591440"], &(0x7f0000000200)='./file0\x00', &(0x7f0000000380)='v7\x00', 0x40000, 0x0) getgroups(0x4, &(0x7f0000000440)=[0xee00, 0xee00, 0xee00, 0xee00]) fchown(0xffffffffffffffff, 0x0, r2) mkdir(&(0x7f0000000280)='./file0\x00', 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX(r1, 0x84, 0x6e, &(0x7f0000001780)=[@in6={0xa, 0x4e24, 0x0, @ipv4={[], [], @remote}, 0xff}, @in={0x2, 0x4e21, @broadcast}, @in={0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x1f}}, @in={0x2, 0x4e23}, @in6={0xa, 0x4e22, 0x0, @empty, 0x800}, @in={0x2, 0x4e22, @dev={0xac, 0x14, 0x14, 0x12}}, @in6={0xa, 0x4e22, 0x8, @empty, 0x1}], 0x94) process_vm_readv(0x0, &(0x7f0000001c00)=[{&(0x7f0000000780)=""/4096, 0x1000}, {&(0x7f00000003c0)=""/117, 0x75}, {&(0x7f0000001a40)=""/75, 0x4b}, {&(0x7f0000001ac0)=""/156, 0x9c}], 0x4, &(0x7f0000000440), 0x0, 0x0) mount(&(0x7f00008deff8), &(0x7f0000000040)='./file0\x00', &(0x7f000015bffc)='nfs\x00', 0x7a00, &(0x7f0000000000)) accept4$inet6(r1, &(0x7f0000000480)={0xa, 0x0, 0x0, @remote}, &(0x7f00000004c0)=0x1c, 0x30a17ef219f78255) r3 = socket$nl_route(0x10, 0x3, 0x0) wait4(0x0, 0x0, 0x0, &(0x7f00000006c0)) sendmsg$nl_route(r3, &(0x7f0000000180)={&(0x7f0000000000), 0xc, &(0x7f0000000140)={&(0x7f00000001c0)=ANY=[@ANYBLOB="2000000020000104000000000000000002000000000000000000080000000000"], 0x20}}, 0x0) pivot_root(&(0x7f0000000240)='./file0\x00', &(0x7f0000000000)='./file0\x00') ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f00000000c0)={'\x00', 0x400}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000200)={0x94, &(0x7f0000000140)}) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000540)='/dev/net/tun\x00', 0x0, 0x0) getsockopt$sock_cred(0xffffffffffffff9c, 0x1, 0x11, &(0x7f0000000140)={0x0, 0x0}, &(0x7f00000001c0)=0xc) fstat(r4, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0}) pipe(&(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000380)={r5, 0xffffffffffffffff, 0x0, 0x3, &(0x7f0000000340)="76657400000000000000000400", 0x0}, 0x1d) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000003c0)={r5, r8, 0x0, 0xd, &(0x7f0000000300)='/dev/net/tun\x00', r9}, 0x30) setreuid(r6, r7) ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000000)={"76657400000000000000000400", 0x43732e5398416f1a}) 14:32:40 executing program 1: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f00000000c0)={'\x00', 0x400}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000200)={0x94, &(0x7f0000000140)}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240)='/dev/net/tun\x00', 0x0, 0x0) getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000140)=@assoc_value, &(0x7f0000000080)=0x8) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={"76657400000000000000000400", 0x43732e5398416f1a}) 14:32:40 executing program 3: r0 = socket$inet6(0xa, 0x3, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000040)='net/raw6\x00') sendfile(r1, r1, &(0x7f00000001c0)=0x800000014b, 0xc3) ioctl$FS_IOC_GETVERSION(r0, 0x80087601, &(0x7f0000000180)) getsockopt$inet_sctp_SCTP_PR_SUPPORTED(r1, 0x84, 0x71, &(0x7f0000000000)={0x0, 0x3}, &(0x7f0000000080)=0x8) r3 = dup(r0) ioctl$TUNATTACHFILTER(r3, 0x401054d5, &(0x7f0000000200)={0x1, &(0x7f00000000c0)=[{0x40, 0xffffffff, 0xfffffffffffffff7, 0x5c}]}) sendfile(r3, r1, &(0x7f0000000240), 0x2) getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r1, 0x84, 0x7c, &(0x7f0000000100)={r2, 0x80000000}, &(0x7f0000000140)=0x8) [ 1002.012291] netlink: 'syz-executor4': attribute type 16 has an invalid length. [ 1002.022772] audit: type=1326 audit(1539268360.604:235): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=9571 comm="syz-executor5" exe="/root/syz-executor5" sig=9 arch=c000003e syscall=228 compat=0 ip=0x45a37a code=0x0 14:32:40 executing program 0: r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1, 0x0) write$P9_RLOCK(r1, &(0x7f00000000c0)={0x8}, 0x8) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000740)=ANY=[@ANYBLOB="00a6000000000000060000000080"]) 14:32:40 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={&(0x7f0000000000), 0xc, &(0x7f0000000540)={&(0x7f00000003c0)=@newlink={0x28, 0x10, 0x705, 0x0, 0x3617, {}, [@IFLA_OPERSTATE={0x8}]}, 0x28}}, 0x0) [ 1002.070230] netlink: 'syz-executor4': attribute type 16 has an invalid length. [ 1002.098600] netlink: 4 bytes leftover after parsing attributes in process `syz-executor2'. 14:32:40 executing program 0: r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1, 0x0) write$P9_RLOCK(r1, &(0x7f00000000c0)={0x8}, 0x8) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000740)=ANY=[@ANYBLOB="000000014e000000060000000080"]) 14:32:40 executing program 2: write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000180)={0x20, 0xffffffffffffffda}, 0x20) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) r1 = add_key$keyring(&(0x7f0000000140)='keyring\x00', &(0x7f00000001c0)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffff8) keyctl$read(0xb, r1, &(0x7f0000000240)=""/4096, 0x1000) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f00000000c0)={'\x00', 0x400}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000200)={0x94, &(0x7f0000000140)}) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000000)={"76657400000000000000000400", 0x43732e5398416f1a}) 14:32:40 executing program 1: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000002c0)={"766574000000000000000000bd6800", 0x6403}) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f00000000c0)={'\x00', 0x400}) r1 = socket(0x11, 0x2, 0x9) syz_open_dev$midi(&(0x7f0000000100)='/dev/midi#\x00', 0x1, 0x88000) fcntl$setstatus(r1, 0x4, 0x2000) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x10, 0xffffffffffffffff, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x244001, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8a, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000e73000/0x2000)=nil, 0x2000, 0x0, 0x8031, 0xffffffffffffffff, 0x0) openat$uinput(0xffffffffffffff9c, &(0x7f0000000040)='/dev/uinput\x00', 0x802, 0x0) mbind(&(0x7f0000012000/0xc00000)=nil, 0xc00000, 0x0, &(0x7f00000000c0)=0xffff, 0x1, 0x2000000000005) r2 = socket$inet_tcp(0x2, 0x1, 0x0) bind(r1, &(0x7f00005a2000)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) ioctl$sock_inet_SIOCSIFFLAGS(r2, 0x8914, &(0x7f0000000000)={'lo\x00'}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000200)={0x94, &(0x7f0000000140)}) mmap(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x2000000, 0x50113, r0, 0x0) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) r4 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ppp\x00', 0x82, 0x0) setsockopt$bt_BT_FLUSHABLE(r4, 0x112, 0x8, &(0x7f0000000340)=0x8, 0x4) getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000140)=@assoc_value, &(0x7f0000000180)=0x8) ioctl$SCSI_IOCTL_TEST_UNIT_READY(r4, 0x2) fcntl$F_GET_RW_HINT(r2, 0x40b, &(0x7f00000001c0)) ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000280)={"7665740000005ceaf1980497cb1c00", 0x4000}) openat$apparmor_task_exec(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/attr/exec\x00', 0x2, 0x0) [ 1002.202042] netlink: 4 bytes leftover after parsing attributes in process `syz-executor2'. [ 1002.369227] device lo left promiscuous mode 14:32:41 executing program 5: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) prctl$seccomp(0x16, 0x1, &(0x7f0000000040)={0x0}) 14:32:41 executing program 3: r0 = socket$inet6(0xa, 0x3, 0x6) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.swap.current\x00', 0x0, 0x0) ioctl$EVIOCGPROP(r1, 0x80404509, &(0x7f0000000200)=""/4096) r2 = syz_open_procfs(0x0, &(0x7f0000000040)='net/raw6\x00') sendfile(r0, r2, &(0x7f00000000c0)=0x14b, 0x401) write$sndseq(r2, &(0x7f0000000100)=[{0x59, 0x100000001, 0x6, 0x6, @time, {0x8001, 0x6}, {0x2, 0x100}, @control={0x2, 0x80000001, 0xd0b}}, {0x9, 0x9, 0x14, 0x8, @tick=0x2, {0x3ff, 0x2}, {0x3, 0x3}, @queue={0xefa2, {0x5}}}, {0x80000001, 0x7, 0x3, 0x8, @time={0x0, 0x989680}, {0x7, 0x9}, {0x81, 0x9}, @quote={{0x6, 0x5}, 0x1f, &(0x7f0000000000)={0x4, 0x1ff, 0x9, 0xe73d, @tick=0x100000001, {0x5b, 0x4}, {0x4, 0x8}, @quote={{0x8f6, 0x4}, 0x3}}}}, {0x2, 0x2, 0x2, 0x5, @tick=0x1, {0x6, 0x80000000}, {0x8, 0x1}, @addr={0x4, 0x3d44}}, {0x2, 0x100, 0x9, 0x8000, @tick=0x7b78, {0x100, 0x9}, {0x9, 0x4}, @time=@time={0x77359400}}], 0xf0) 14:32:41 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={&(0x7f0000000000), 0xc, &(0x7f0000000540)={&(0x7f00000003c0)=@newlink={0x28, 0x10, 0x705, 0x0, 0xf0, {}, [@IFLA_OPERSTATE={0x8}]}, 0x28}}, 0x0) 14:32:41 executing program 0: r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1, 0x0) write$P9_RLOCK(r1, &(0x7f00000000c0)={0x8}, 0x8) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000740)=ANY=[@ANYBLOB="0001790000000000060000000080"]) 14:32:41 executing program 2: write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000180)={0x20, 0xffffffffffffffda}, 0x20) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f00000000c0)={'\x00', 0x400}) r1 = creat(&(0x7f0000000140)='./file0\x00', 0x100) ioctl$SCSI_IOCTL_GET_BUS_NUMBER(r1, 0x5386, &(0x7f00000001c0)) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000200)={0x94, &(0x7f0000000140)}) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000000)={"76657400000000000000000400", 0x43732e5398416f1a}) 14:32:41 executing program 1: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f00000000c0)={'\x00', 0x400}) prctl$setendian(0x14, 0x1) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000200)={0x94, &(0x7f0000000140)}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000140)=@assoc_value, &(0x7f00000001c0)=0x8) r2 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x80000, 0x0) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000240)=0x8) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={"76657400000000000000000400", 0x43732e5398416f1a}) 14:32:41 executing program 3: r0 = socket$inet6(0xa, 0x3, 0x6) r1 = syz_open_procfs(0x0, &(0x7f0000000040)='net/raw6\x00') sendfile(r0, r1, &(0x7f00000000c0)=0x14b, 0x401) write$P9_RUNLINKAT(r1, &(0x7f0000000000)={0x7, 0x4d, 0x1}, 0x7) [ 1002.854009] audit: type=1326 audit(1539268361.434:236): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=9620 comm="syz-executor5" exe="/root/syz-executor5" sig=9 arch=c000003e syscall=228 compat=0 ip=0x45a37a code=0x0 14:32:41 executing program 0: r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1, 0x0) write$P9_RLOCK(r1, &(0x7f00000000c0)={0x8}, 0x8) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000740)=ANY=[@ANYBLOB="0001880000000000060000000080"]) 14:32:41 executing program 2: r0 = openat$rtc(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/rtc0\x00', 0x402000, 0x0) syz_init_net_socket$nfc_llcp(0x27, 0x0, 0x1) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) getsockopt$bt_BT_POWER(r0, 0x112, 0x9, &(0x7f00000000c0)=0x4, &(0x7f0000000340)=0x1) r2 = getpid() sched_setscheduler(r2, 0x5, &(0x7f0000000000)) prctl$intptr(0x59616d61, 0xffffffffffffffff) recvfrom$inet6(r0, &(0x7f0000000240)=""/173, 0xad, 0x10002, &(0x7f0000000300)={0xa, 0x4e23, 0xfab, @empty, 0xffff}, 0x1c) write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000180)={0x20, 0xffffffffffffffda}, 0x20) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000040)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) ioctl$TUNATTACHFILTER(r3, 0x401054d5, &(0x7f0000000200)={0x94, &(0x7f0000000140)}) signalfd(r3, &(0x7f0000000140)={0xff}, 0x8) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000000)={"76657400000000000000000400", 0x43732e5398416f1a}) 14:32:41 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={&(0x7f0000000000), 0xc, &(0x7f0000000540)={&(0x7f00000003c0)=@newlink={0x28, 0x10, 0x705, 0x0, 0x4, {}, [@IFLA_OPERSTATE={0x8}]}, 0x28}}, 0x0) 14:32:41 executing program 1: r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f00000000c0)={'\x00', 0x400}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000200)={0x94, &(0x7f0000000140)}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000140)=@assoc_value, &(0x7f0000000180)=0x8) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={"76657400000000000000000400", 0x43732e5398416f1a}) 14:32:41 executing program 0: r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1, 0x0) write$P9_RLOCK(r1, &(0x7f00000000c0)={0x8}, 0x8) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000740)=ANY=[@ANYBLOB="0000000055000000060000000080"]) 14:32:42 executing program 5: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) prctl$seccomp(0x16, 0x1, &(0x7f0000000040)={0x0}) 14:32:42 executing program 3: r0 = socket$inet6(0xa, 0x3, 0x0) socketpair$inet6_icmp_raw(0xa, 0x3, 0x3a, &(0x7f0000000000)) r1 = syz_open_procfs(0x0, &(0x7f0000000040)='net/raw6\x00') sendfile(r0, r1, &(0x7f00000000c0)=0x14b, 0x401) rt_sigaction(0xd, &(0x7f0000000140)={&(0x7f0000000080)="c4028d28dbc4a251bd1e65dec92665463500100002c48269aee2c40179178b28000000c481ef5c39f2470f4da74a7c000065f10ff7cc", {}, 0x8000000, &(0x7f0000000100)="c442b9b9df64450f1b7e00660ff23836f30f38f6f4c4a3016c251e17000000abc443e96b980000000064f2460f51b18db2e069f30f1ad547ec"}, &(0x7f0000000200)={&(0x7f0000000180)="430f38cd36c44389416e0000f3450f2b03c402d3f7c2c441cd75c6c402150b4bed460f284200c4227d218a67d30000410fbd680064339f7a000000", {}, 0x0, &(0x7f00000001c0)="3e42d96810c4a2993e63073e20ccc423b16b842257000000510f0ec4616ddfe10f01d90fae8503000000c4223d3a420066450f3a20883252c4c32d"}, 0x8, &(0x7f0000000240)) 14:32:42 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={&(0x7f0000000000), 0xc, &(0x7f0000000540)={&(0x7f00000003c0)=@newlink={0x28, 0x10, 0x705, 0x0, 0x6000000000000000, {}, [@IFLA_OPERSTATE={0x8}]}, 0x28}}, 0x0) 14:32:42 executing program 0: r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1, 0x0) write$P9_RLOCK(r1, &(0x7f00000000c0)={0x8}, 0x8) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000740)=ANY=[@ANYBLOB="0000580000000000060000000080"]) 14:32:42 executing program 2: write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000180)={0x20, 0xffffffffffffffda}, 0x20) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f00000000c0)={'\x00', 0x400}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000200)={0x94, &(0x7f0000000140)}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) accept4(r0, &(0x7f0000000240)=@pppol2tpin6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @ipv4={[], [], @loopback}}}}, &(0x7f0000000140)=0x80, 0x800) r3 = syz_genetlink_get_family_id$ipvs(&(0x7f00000002c0)='IPVS\x00') sendmsg$IPVS_CMD_SET_INFO(r2, &(0x7f00000003c0)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000380)={&(0x7f0000000300)={0x4c, r3, 0x119, 0x70bd27, 0x25dfdbfc, {}, [@IPVS_CMD_ATTR_DEST={0x38, 0x2, [@IPVS_DEST_ATTR_L_THRESH={0x8, 0x6, 0x8001}, @IPVS_DEST_ATTR_PERSIST_CONNS={0x8, 0x9, 0x5}, @IPVS_DEST_ATTR_ADDR={0x14, 0x1, @ipv6=@loopback}, @IPVS_DEST_ATTR_PERSIST_CONNS={0x8, 0x9, 0x200}, @IPVS_DEST_ATTR_ACTIVE_CONNS={0x8, 0x7, 0x40}]}]}, 0x4c}, 0x1, 0x0, 0x0, 0x4000000}, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={"76657400000000000000000400", 0x43732e5398416f1c}) 14:32:42 executing program 1: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f00000000c0)={'\x00', 0x400}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000200)={0x94, &(0x7f0000000140)}) getsockopt$inet_sctp6_SCTP_MAX_BURST(r0, 0x84, 0x14, &(0x7f00000001c0), &(0x7f0000000240)=0x4) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000140)=@assoc_value, &(0x7f0000000180)=0x8) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={"76657400000000000000000400", 0x43732e5398416f1a}) 14:32:42 executing program 0: r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1, 0x0) write$P9_RLOCK(r1, &(0x7f00000000c0)={0x8}, 0x8) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000740)=ANY=[@ANYBLOB="0001690000000000060000000080"]) [ 1003.697727] audit: type=1326 audit(1539268362.274:237): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=9673 comm="syz-executor5" exe="/root/syz-executor5" sig=9 arch=c000003e syscall=228 compat=0 ip=0x45a37a code=0x0 14:32:42 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={&(0x7f0000000000), 0xc, &(0x7f0000000540)={&(0x7f00000003c0)=@newlink={0x28, 0x10, 0x705, 0x0, 0x5000000, {}, [@IFLA_OPERSTATE={0x8}]}, 0x28}}, 0x0) 14:32:42 executing program 2: write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000180)={0x20, 0xffffffffffffffda}, 0x20) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000040)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) ioctl$TUNSETQUEUE(0xffffffffffffffff, 0x400454d9, &(0x7f00000000c0)={'\x00', 0x400}) ioctl$TUNATTACHFILTER(0xffffffffffffffff, 0x401054d5, &(0x7f0000000200)={0x94, &(0x7f0000000140)}) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={"76657400000000000000000400", 0x43732e5398416f1a}) 14:32:42 executing program 0: r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1, 0x0) write$P9_RLOCK(r1, &(0x7f00000000c0)={0x8}, 0x8) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000740)=ANY=[@ANYBLOB="0000610000000000060000000080"]) 14:32:42 executing program 3: r0 = socket$inet6(0xa, 0x3, 0x6) r1 = syz_open_procfs(0x0, &(0x7f0000000040)='net/raw6\x00') sendfile(r0, r1, &(0x7f0000000080)=0x14b, 0x401) 14:32:42 executing program 1: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f00000000c0)={'\x00', 0x400}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000200)={0x94, &(0x7f0000000140)}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) r2 = getgid() syz_mount_image$f2fs(&(0x7f00000001c0)='f2fs\x00', &(0x7f0000000240)='./file0\x00', 0x14f, 0x1, &(0x7f0000000340)=[{&(0x7f0000000280)="31bc8eea3cd14e639be5051cedf244d876da7dae0b42713b9a515c03a19c736abf3418073b0b94ed30d4957c263623ac9411aa54ffe27803d85d5210ca254f08721ba04ce0403e6e349b4fc53802b24325ffc4e317619bd004b758325a4172f951c4944a9eb0bf73068784e4abd897f49af7df17ed1c479c32c4e2b5d088d8f52f3ad68b7c1beb3702bd7ad9b81ce792046ac35a90", 0x95, 0x69c}], 0x80, &(0x7f0000000380)={[{@jqfmt_vfsold='jqfmt=vfsold'}, {@background_gc_off='background_gc=off'}, {@grpjquota={'grpjquota', 0x3d, '\\:/securityselinuxem1'}}, {@disable_ext_identify='disable_ext_identify'}, {@resgid={'resgid', 0x3d, r2}}, {@inline_xattr_size={'inline_xattr_size', 0x3d, 0x40}}], [{@appraise='appraise'}]}) getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000140)=@assoc_value, &(0x7f0000000180)=0x8) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={"76657400000000000000000400", 0x43732e5398416f1a}) [ 1003.912441] F2FS-fs (loop1): Unable to read 1th superblock [ 1003.927848] F2FS-fs (loop1): Unable to read 2th superblock [ 1003.933677] F2FS-fs (loop1): Unable to read 1th superblock [ 1003.940601] F2FS-fs (loop1): Unable to read 2th superblock [ 1003.989685] F2FS-fs (loop1): Unable to read 1th superblock [ 1003.995561] F2FS-fs (loop1): Unable to read 2th superblock [ 1004.001700] F2FS-fs (loop1): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 1004.009213] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 1004.016804] F2FS-fs (loop1): Unable to read 2th superblock 14:32:43 executing program 5: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) prctl$seccomp(0x16, 0x1, &(0x7f0000000040)={0x0}) 14:32:43 executing program 0: r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1, 0x0) write$P9_RLOCK(r1, &(0x7f00000000c0)={0x8}, 0x8) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000740)=ANY=[@ANYBLOB="007d010000000000060000000080"]) 14:32:43 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={&(0x7f0000000000), 0xc, &(0x7f0000000540)={&(0x7f00000003c0)=@newlink={0x28, 0x10, 0x705, 0x0, 0x68000000, {}, [@IFLA_OPERSTATE={0x8}]}, 0x28}}, 0x0) 14:32:43 executing program 2: write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000180)={0x20, 0xffffffffffffffda}, 0x20) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) r1 = socket$inet(0x2, 0xa, 0x8) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f00000001c0)=[{0x4, 0xff}, {0xf, 0xae7a}, {0xa, 0x7}], 0x3) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f00000000c0)={'\x00', 0x400}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000200)={0x94, &(0x7f0000000140)}) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000000)={"76657400000000000000000400", 0x43732e5398416f1a}) r3 = getpgid(0xffffffffffffffff) perf_event_open(&(0x7f0000000240)={0x0, 0x70, 0x7, 0x0, 0xab, 0xff, 0x0, 0x4, 0x80000, 0x0, 0x1, 0xc760, 0x3, 0x0, 0x2, 0x1ff, 0xfffffffffffffffa, 0xfffffffffffffff8, 0x7ff, 0xd2f9, 0x8, 0x2, 0x7fff, 0x9, 0x2, 0x0, 0x59, 0x100000001, 0x9, 0x3, 0x4, 0xff, 0xc6b2, 0x4, 0x4, 0xfffffffffffffffb, 0x52, 0xff, 0x0, 0x100000001, 0x4, @perf_bp={&(0x7f0000000140), 0x4}, 0x10090, 0x3, 0x100, 0x2, 0x5, 0x9993, 0x6}, r3, 0x3, 0xffffffffffffff9c, 0xb) fgetxattr(r0, &(0x7f00000002c0)=@random={'system.', "76657400000000000000000400"}, &(0x7f0000000300)=""/217, 0xd9) 14:32:43 executing program 3: r0 = socket$inet6(0xa, 0x3, 0x6) fcntl$getownex(r0, 0x10, &(0x7f0000000080)) openat$pfkey(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/net/pfkey\x00', 0x200, 0x0) r1 = gettid() r2 = syz_open_procfs(r1, &(0x7f0000000240)='\x00\x00\x00\x00\x00') ioctl$TUNSETSNDBUF(r2, 0x400454d4, &(0x7f0000000000)=0x845) 14:32:43 executing program 1: ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000040)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) ioctl$TUNSETQUEUE(0xffffffffffffffff, 0x400454d9, &(0x7f00000000c0)={'\x00', 0x400}) msgget(0x1, 0x200) ioctl$TUNATTACHFILTER(0xffffffffffffffff, 0x401054d5, &(0x7f0000000200)={0x94, &(0x7f0000000140)}) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) socketpair$inet_icmp_raw(0x2, 0x3, 0x1, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_FIOGETOWN(r1, 0x8903, &(0x7f0000000240)) getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000140)=@assoc_value, &(0x7f0000000180)=0x8) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={"76657400000000000000000400", 0x43732e5398416f1a}) 14:32:43 executing program 0: r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1, 0x0) write$P9_RLOCK(r1, &(0x7f00000000c0)={0x8}, 0x8) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000740)=ANY=[@ANYBLOB="0090010000000000060000000080"]) 14:32:43 executing program 3: r0 = socket$inet6(0xa, 0x1000000003, 0x6) r1 = syz_open_procfs(0x0, &(0x7f0000000040)='net/raw6\x00') ioctl$ASHMEM_GET_PROT_MASK(r1, 0x7706, &(0x7f0000000000)) sendfile(r0, r1, &(0x7f00000000c0)=0x14b, 0x401) setsockopt$sock_void(r0, 0x1, 0x24, 0x0, 0x0) accept4$vsock_stream(r1, &(0x7f0000000080), 0x10, 0x80000) [ 1004.537166] audit: type=1326 audit(1539268363.114:238): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=9731 comm="syz-executor5" exe="/root/syz-executor5" sig=9 arch=c000003e syscall=228 compat=0 ip=0x45a37a code=0x0 14:32:43 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={&(0x7f0000000000), 0xc, &(0x7f0000000540)={&(0x7f00000003c0)=@newlink={0x28, 0x10, 0x705, 0x0, 0x7000000, {}, [@IFLA_OPERSTATE={0x8}]}, 0x28}}, 0x0) 14:32:43 executing program 1: r0 = syz_open_dev$vcsa(&(0x7f00000002c0)='/dev/vcsa#\x00', 0x80000000, 0x0) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f0000000300)={'bcsf0\x00', 0x400}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) ioctl$TUNSETQUEUE(r1, 0x400454d9, &(0x7f00000000c0)={'\x00', 0x400}) r2 = openat$vcs(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/vcs\x00', 0x200, 0x0) ioctl$SNDRV_CTL_IOCTL_HWDEP_INFO(r2, 0x80dc5521, &(0x7f0000000240)=""/69) ioctl$TUNATTACHFILTER(r1, 0x401054d5, &(0x7f0000000200)={0x94, &(0x7f0000000140)}) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000140)=@assoc_value, &(0x7f0000000180)=0x8) ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000000)={"76657400000000000000000400", 0x43732e5398016f19}) 14:32:43 executing program 2: write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000180)={0x20, 0xffffffffffffffda}, 0x20) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f00000000c0)={'\x00', 0x400}) r1 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/autofs\x00', 0x40, 0x0) ioctl$EVIOCGNAME(r1, 0x80404506, &(0x7f00000003c0)=""/168) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000200)={0x94, &(0x7f0000000140)}) openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={"76657400000000000000000400", 0x43732e5398416f16}) 14:32:43 executing program 0: r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1, 0x0) write$P9_RLOCK(r1, &(0x7f00000000c0)={0x8}, 0x8) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000740)=ANY=[@ANYBLOB="0036000000000000060000000080"]) 14:32:43 executing program 5: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) prctl$seccomp(0x16, 0x1, &(0x7f0000000040)={0x0}) 14:32:43 executing program 2: write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000180)={0x20, 0xffffffffffffffda}, 0x20) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f00000001c0)={0x5, &(0x7f0000000140)=[{0xa4, 0xc03b, 0x3, 0x20}, {0x800, 0x7, 0x7, 0x9}, {0x3f, 0x1ff, 0x2b, 0x4}, {0x1ff, 0x3, 0x1}, {0xc14, 0x3f7, 0xffff, 0xa5}]}) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) ioctl$SIOCGIFHWADDR(r0, 0x8927, &(0x7f0000000240)) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f00000000c0)={'\x00', 0x400}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000200)={0x94, &(0x7f0000000140)}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={"76657400000000000000000400", 0x43732e5398416f1a}) 14:32:43 executing program 3: r0 = socket$inet6(0xa, 0x3, 0x6) r1 = syz_open_procfs(0x0, &(0x7f0000000040)='net/raw6\x00') ioctl$DRM_IOCTL_ADD_MAP(r1, 0xc0286415, &(0x7f0000000000)={&(0x7f0000ffc000/0x3000)=nil, 0x81, 0x3, 0x80, &(0x7f0000ffd000/0x1000)=nil, 0x3}) sendfile(r0, r1, &(0x7f00000000c0)=0x14b, 0x401) 14:32:43 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={&(0x7f0000000000), 0xc, &(0x7f0000000540)={&(0x7f00000003c0)=@newlink={0x28, 0x10, 0x705, 0x0, 0x0, {0x48}, [@IFLA_OPERSTATE={0x8}]}, 0x28}}, 0x0) 14:32:43 executing program 1: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) r1 = creat(&(0x7f0000001500)='./file0\x00', 0x103) ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r1, 0xc0405519, &(0x7f0000001540)={0x6, 0x7, 0x7fffffff, 0xffffffff, 'syz1\x00', 0x97c8}) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f00000000c0)={'\x00', 0x400}) r2 = syz_genetlink_get_family_id$ipvs(&(0x7f0000001400)='IPVS\x00') sendmsg$IPVS_CMD_GET_SERVICE(r1, &(0x7f0000001800)={&(0x7f00000013c0)={0x10, 0x0, 0x0, 0x1000801}, 0xc, &(0x7f00000017c0)={&(0x7f0000001440)={0x58, r2, 0x100, 0x70bd2c, 0x25dfdbfe, {}, [@IPVS_CMD_ATTR_DEST={0x30, 0x2, [@IPVS_DEST_ATTR_L_THRESH={0x8, 0x6, 0x9}, @IPVS_DEST_ATTR_ADDR={0x14, 0x1, @ipv6=@local}, @IPVS_DEST_ATTR_L_THRESH={0x8, 0x6, 0xfffffffffffff94d}, @IPVS_DEST_ATTR_FWD_METHOD={0x8, 0x3, 0x6}]}, @IPVS_CMD_ATTR_DEST={0x4}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0xfffffffffffffffa}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x7fff}]}, 0x58}, 0x1, 0x0, 0x0, 0x8804}, 0x20008000) getsockopt$bt_l2cap_L2CAP_LM(r1, 0x6, 0x3, &(0x7f0000001580), &(0x7f00000015c0)=0x4) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000200)={0x94, &(0x7f0000000140)}) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x800000, 0x0) getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000140)=@assoc_value={0x0}, &(0x7f0000000180)=0x8) r5 = syz_open_dev$mouse(&(0x7f00000001c0)='/dev/input/mouse#\x00', 0x401, 0x101000) getsockopt$inet_sctp6_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001340)={r4, 0x5, 0xb9, 0x6}, &(0x7f0000001380)=0x10) sendmsg$inet_sctp(r5, &(0x7f00000014c0)={&(0x7f0000000240)=@in6={0xa, 0x4e24, 0xffffffff, @ipv4={[], [], @broadcast}}, 0x1c, &(0x7f0000001300)=[{&(0x7f0000000280)="479c78423dff06faf07a65de3c7ba75342aa75afbfda837eb2f71d4884559baa359e478618767966c245f19621fe557574e184239fb77395efc35e6c893b956f82f5d73573708d1d9d5a68650bb6f2b8e016b8933b726724ba83af26a013b794839a099c2936b97a37124505270a85955e72", 0x72}, {&(0x7f0000000300)="00924b6ddd4377340eca98040d960a0d4d5dfcff9bd1b7e9db224674d7ec3410f0a2bde84ce553817381a15976d4770aac1f981e84a412c37687307cad0b70744e2655adc307a6796ff651e3a21e81124405b2589d74c2c0bd3c92370d1cf476ce93425b318d1a108ddf0e355a27da1767b787a6779444a9c81e54bfe1e9defd4d0092ac296c0227c2ccb4122d5f8057919cbe99feff9352808c410fba06377756064206846796b2d1f7ce8a655709c0692e83612afbf5a6d66566cf85a7baa2b8c25aa700b3253170c48e782624aa22649b8bf78b946323e26ef0b1f4ef29f908ba2cce5ccd6eed8f9b9d90780b538b1b8a55400120e1ea83c9871d5c8f38d6ffc13596224a48c2a1e43eb2450589868b5b2259225a7a7019263efb33974d28522773389ae3ff3760f93c2fa1287dbb36e52b2786328540965390c491477781b12da88d819bffe18cf041593e412d751e03b37ac9f7e6fa6b49c1b5ebed916f472b0a6df9c3ba1bfaf06857149a52d6fc57d7bce1bc3963b45a9955f762eabff97f28c982bc8534d102c5eae61bade96664abd5f8e682a96d15a36e41a9dfc346c0cc3827b0ee49399c7d70c2b4a22bb64751a9ab54ed46049a0ba4bd467c698132449d2a8a72ff7e8452ba7cc766d0f7939d620e4370d5f890ac1482a33897d5bb274ff08bb8ecc355b58d29362c29ff02aaa6343b09e995e3dd480527ca2d0e9a3c4d5d4aa436862dff2665e2a8ae5066847b87b96c46181758203768a441f9204ae6b88ee3b60689a833d2680bbeb670c4cda000eeb52919da53e83564f0235a9fafd6add399f72bd62bcd2d70ad3a2c64bbd386c20a67224eb4dd59082e086a7190be402bf4c4034dce4cf6fbdfcc442ba63fb1ad953d41643f4349aa4379ba3f24a2353dace555b410296f6d96df929eac6d9580fcbb027e72f5578ffc10bb126fdd9f60f29fbff8458cc3bb24c9f81969adea71ac85cbd38b8cb62b71bef8a28236c6647a2612d065cc975de42108d8bb326e333b1dd34434a45bc5b3d08a40c6ce106b33a2aca2da7303fbc9339355264f83de39780464709361ad823041092f0dcbeddae1636d439f0fe8345c91fc674852f17b9cedfd84cd1f856070ab0e852fadebdd0ba68f7f44e18b08dc8417d57a1cb1c524f63a9d22fc611378e33e219a0fed7e51c7a9525e3bc0807a789ba1cfb79856637e4932bb0504706f70c287061b4964eea6d493b967df93892ac393ea39b1451b02fe8066991e4d06407cc58a3fe80e8e7a700667c105e128a4e1c6572775d4ff76194558a1f11ec3881f1f486c760cecfc5bbcb323cdae00c336db66c399cb3b6174e3331e320350d466122d67066b9dee23e825df8d28c896b4843f6f2919d4c068c8c8b656576449d15a78b8a2053de3bd2b4f51442b187c6039ad51bad848461be48353c6418900cc7cd73dcd17d5f6752624368c63ca81eab583fb11f275ed072b891c786966a02f26f1bb526f00eea7794c33ef7cf40e0e1cc89f83e36eb8ba11237c7960c403d308613208751ad98364d44f256116238a725ca4f983622e0fae7a2969cf1ab7c5f9ec74ed1e8462a4ae1563b355d6f4ec4a407262617b46c60bfc5da8d9b4d4117c22ceefb7cfc336d1e97158d5bdcb0d1dc678f5122769cd593bccb1283bc853b7732ac16c00d5a1e673c84f2c4b2843f2a50b76de2f3ab03916bb52d5187154f41c92b85dcf882fc0da2ffeff477b7aa6c3dafc43ac012d6631d02207e208ba56b97c1b0e6f88d09137354c36e902f63ef0f9b45e07bc55b382df4e54e62aec3dd80d435998408ca8a83f788f3aa26a796748ea53e3a88102dd50a74b5c6d04217be87538044653d3c2e70099713f5c629525f6704344234cd411e7c00734d5dd2d33d2259011922e141e46adf41929228c3f6c817a7f4917c582d255a31f52983d4a7edae6d071afbe625dc560171e0e4bddf08a0c81e772cd9ac42400e4791bf82b4f6d070ac60bed8766845dcba98b98d49314ae0a6059cd4b85d0b8fbeca82cb4f746d9d0bb2b94fb4c2ca1d769236e0b8024eb49085cec7739bf9c0daf490def6f648403ce69a0f64fdb00dc053e2ecdd8d360cd09965af87c053fc44004e5ace88bbe1d08952836b14babc3ce117e2f511a8488ce2933295410be08213eab6605a05a627908d7508d4f181d05520171d97fba0c24bfc6da42c863a1b597e06db387410691a6e16b7870e110f24390a4014af86c0f1c8a193e65e3439ad41b382a3453016f729e193cff3d686e822ee80c1b6babf51582db60d0adc096006059564177efa66e4e51e69dd68ed4d5934f3cf4c8eefbfacb36cbc466903d10c99e4df079b4fa33a5bd17b8320e0141bb7b0fbd26c21be98866e82b8831d40bbea149aeee316e34a9f3ac9bf4426e484c26375974e87f3655feca66e366d055985c2a048690f71ec09fcd0fb38957f0bc6f51eaab4b0fcac748cf03b01158270c1e84a796969ff307b3ce3ad04de1077ddbbe10f48b764361d95fed13ff7a413c409c51f0266f41f182559f3801fac74a214535db0b9b90c42925a5c16c1221e5b9cfa808eacdfeeec4d98a43de477972ddb160896e6dc37604725a789c67abc0acb370d3c9fe4652d64f2867d9828acdcf9631f1a8b5f251ec6e232929a646907242a45bf7539d54fa6b9a721739fd494aac39eaf8f184bef69c420adbaf50be0988413b1bc2bde2ccd03d04c2f3d335c00e90359c00cf448d7e1fed07eb2f758da19fceb8f13008ce13dd44b254604a2a22c32e374934b77c4850ba46dbac92cb001d2ae5973d99b3c32b7d02741c3389e736866d02c5b984c3cdf42ca4501c0cdd58f47156fd522ecc2dcf5a9cf1fca03232b2f7f06d3e8c838736bcf50ebb742197e0b0b70b3fad0600c47d23e94dbd64879af8835bb92a41f2ade84b08b7b986ca38a9753b8613052582c6aa40efbd8c2f76128028f76bca194e84e32d255b686f7e910495fa284f1d1d47aee6db12c738f9a2f23170a6e70d3189182df1d370f1946ab18c42df3c86402f7ca7b86af2fcb17fb71a7897c3cf3c28ae1a6bfdd1ed3f7b9fd3ef37677e52fd1f40f5bf5380ad4a374cd62131b4809e970e0b5ff46291a40e9ee9808cbc875b8a1a1782a80d4bc4ce740c699ec09ddbb3b5b9a16c9ab3d5a698859d191fde8f1c6efbcec0c90c25e06374657829bcbb123eba807a60ea81a0a883d03df6dcf66d5fcb2bc9031b105bde633b59545ea3655b92464f2064212c9960ea2877caa4044234f2ce958060e70c090a14e96795d3bc4677c2eb18921743fb873af47b05d8087808a3311548733d845617b537dbeeb75f736522c6160588dbc5a59a66308b6108e36b5dfbf4d4656f5915621d9889ea267763b75e69e3e4b4c546200f2c51624f36084bfd30fa75b66885fdf2525162608713fae77f7da6df512106ae84a121f71c5d5b5cad3e16d76191e01abaa9dfeda830274aac9189232649998e032964dda291e50a4696608a57a3b6e62da21a8d592704059f62236e770411d8d7d9fcff65da5693a559658e22df24fa8ee0da77830ffbe4cee3c22f45a27cecaf8e47fec910affcea50e53501f02bfec826e3ed6dcb98bc0d4164ad77189e07b303b086b5097e58ae55e316a83ae3bea550960d3510f87b179d80c0cd3592ebdcb106452dad48591a58d0c8bf552f201f55f514566198a36c45c66c5083e610d3ccea5891a6181ab68343155f4cdb565b3f46d62a7b4b0db20013137559dae04081d6a78bfffeb0e2c59d0ff6b7f3085b34081cd60141f5726c8089bb8d07c39d93401fecb78a0c68a77412a96b708b91b2c77c5f8cdbec6042383e267fae27c8a084f1b4e12ac93dde01300a347a23a6301a384e932650bcd3d840c6dde4e662d45a857f56d983bdb9daba3146403986f144f9d1531ad23278489cf6a0322119ced59acb04bd451c1abae360f9231b83bd9aa7f22ba2530b883a65c2bd778688e33e65967a175d8b814dcd4b37b579ba68bc51f250bd53ff46db802fc81972db134c65cdfe1c1e5c7b12e538f7f24efe1a6c86c08e98c9fac3dba106b531258e7e2120de5a7ca9ff4aa901c5a5e28a752f5f30a8b20a394650e32d3ed716805b9e7439a4c0fbacf4bf0a1d285fc16fb3fdc84e69771791c726c02449ea33f9e163ad11c008168a69b0f0d7a171c4e3b254f2b4850f7da011f1833ab743d1a016f3baabe7bc87d0c0c6b19254899c47b0b3c7fb556b4093ad2193c7762a43a674098051419a90564a328940c5c4cf3637c534e298793e580163982cdb38f4c4dba8e861572cafc710484fa92dd6bbeccaf9bc7ecaf24f6ad7a53de02dfa872644e89b3c39d836e9ea6c13910979a4a529a370978d9a80b6bfaef0c4d25c0f8c53b668222c48e362ad64d5fe5f54c2a753b58bd075c9e3eb011faa5787b4e3a1dc451835976f8a821adff8dd9131b4fa4c726b8eec76168aea64f8201964ad958d26b5153a260bb98f29668c682195bbd0f1abaa4a9d3c1349747fd853ba4b9d21b942f5fbb2d031e998ee7f79790b524ed677037258ab82d02f1c415a878298af9cad845a9d2933235407e287939a2de05dc9e52633ca3ad1d4da27ec2f69ddc9875a53fa541c22594a30897e6a339edb7d265652838f03c2cbbc45cecd876cca78e421992286a600767641974bc38676a32447ed3218100949877529dcfd838d4feb705ff4bb8c49d8d64814a81d2e575f21eacf5f28f2bcc2adda6eed5f067a8428efee661e3d6f9a68220b1296967d98b03975461b15daf500cb9f9176dc76284f56d5330fff05bb030b51abcf665f77ed0b613ac3960b5445bb9b09b83ddd8ad8020903d3a20b37314358cfde67fd4a77a765f77a0a006aaa9654829471cf1d5779a867bb988e5c5ab8d0450849b78d400283947bcbf5c439f535ab9f9ad16ff7555def01abcd7930e2e73c11f8c80fcd553665d67084078245ba9d13f5cb54976ea522dfbffadcf20287ad9f1cda91d5c4ca12e5e448196f7a74b2641401888ee65e690ef8b4b2a25db793b039c1bc2c6a3017c2979783b12d8569ecda79314e0c047503d9d6bbdbdbffc523ae36554a40dc9f8868addca04d73584e9238d7b1628460b573254503729e3e2496ccaf66c1692cbf20a107c7445b00d7723f65f90766240e2b5e299f2ea15a7e41d532a61a48249de6a5439c3006d9d1144ffab326e49723ad031ee54e343faee1e04d22659c89b99350fcfb049f685c311e656ca3f0485a276ed56809ea1729e7265aeecc428c52bdb739b4e16cb3e7e58fd0c3d7720e1695aaeda2ca26eaa5eb0d3dfee3cc7479ec0fc59a4a4694d29f1e7d24087c411e6599ea94eb665059e4e777fee10be135293479b445bcd24ac0d51d87d1769b44ce7c3799e9f38005b2eb788b003f0aecde28d0f4fde4392c60d66e4087075a4ae6ec9e6638c01f96cc3843177540cfafd5aeb0e3c80a68a3ed3591a84594f8c1e1b3de651fb7a6f6290f5e2d03e61464773fe18bd24025aaee0fb0d000e3efd3bf9617495f901e864e1563ade73a7f341875e59fc80b9fde0b90c0a3060f03b1e6bf7b8bb1d82307287470e583850c8adf70b0f8543b93462865093d10ccbbc6282eb91e071736ffdac9ce9fe2ea0b5e341d6fa1089b60f3a00f76b0c300518c5779ba44058c3c1a465c7cdc241135a521eaefa93dd3de278375e53f07e7a01685234109f21924fbcfea96258900f64b1fd04480e86dfac128013ef0a748c77ac3858e31848bc51c", 0x1000}], 0x2, &(0x7f0000001600)=ANY=[@ANYBLOB="20000000000000008400000002000000ffff050007000000ffffffff", @ANYRES32=r4, @ANYBLOB="18000000000000008400000005010000200000000000000030000000000000008400000001000000ffffff7f04000000b3f3ffff000000003f00000044ce000005000000", @ANYRES32=r6, @ANYBLOB="300000000000000084000000010000000400080004820000ffffffff81ffffff0000008000c0bc0052950000", @ANYRES32=r4, @ANYBLOB="20000000000000008400000008000000ff01000000000000000000000000000120c69a5e692d00000000f231cb419450a8f500b90100ffff0c4464b982594a702fb8fbd81fb0bd9ecd4ac22365e66f3dc06a5a9b06dbcc0f9c485941940b4d5ad6cea6713d9e849659d335e91edf227b925136daebc4225b628d730aaa8005ee5e49314397dab1810d1307bcb719cc07321c83a60921967767791f3d287e80a50051c59e2d28b97e48b3bf90b14663bc3c4e3ac3a8ccae97114b727f79548e988e3dbea2edaa0f853c10ada1fe85a9e34024318a75bca0fc9984f7ad27c7c46ee687c5da26", @ANYRES32=r4], 0xd8, 0x8000}, 0x8000) ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000000)={"76657400000000000000000400", 0x43732e5398416f1a}) 14:32:43 executing program 0: r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1, 0x0) write$P9_RLOCK(r1, &(0x7f00000000c0)={0x8}, 0x8) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000740)=ANY=[@ANYBLOB="003f010000000000060000000080"]) [ 1005.361219] validate_nla: 14 callbacks suppressed [ 1005.361229] netlink: 'syz-executor4': attribute type 16 has an invalid length. [ 1005.373951] audit: type=1326 audit(1539268363.954:239): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=9777 comm="syz-executor5" exe="/root/syz-executor5" sig=9 arch=c000003e syscall=228 compat=0 ip=0x45a37a code=0x0 14:32:44 executing program 3: r0 = socket$inet6(0xa, 0xa, 0x5) r1 = syz_open_procfs(0x0, &(0x7f0000000040)='net/raw6\x00') ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000140)={0x10000, 0x10000}) openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000000100)='/selinux/enforce\x00', 0xa02, 0x0) sendfile(r0, r1, &(0x7f00000000c0)=0x14b, 0x401) 14:32:44 executing program 0: r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1, 0x0) write$P9_RLOCK(r1, &(0x7f00000000c0)={0x8}, 0x8) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000740)=ANY=[@ANYBLOB="0058000000000000060000000080"]) 14:32:44 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={&(0x7f0000000000), 0xc, &(0x7f0000000540)={&(0x7f00000003c0)=@newlink={0x28, 0x10, 0x705, 0x0, 0x0, {0xfffffffffffff000}, [@IFLA_OPERSTATE={0x8}]}, 0x28}}, 0x0) [ 1005.419476] netlink: 'syz-executor4': attribute type 16 has an invalid length. 14:32:44 executing program 2: r0 = syz_open_dev$adsp(&(0x7f0000000340)='/dev/adsp#\x00', 0x6, 0x0) recvmsg$kcm(r0, &(0x7f0000001b00)={&(0x7f0000000380)=@llc={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @local}, 0x80, &(0x7f0000001980)=[{&(0x7f0000000400)=""/4096, 0x1000}, {&(0x7f0000001400)=""/206, 0xce}, {&(0x7f0000001500)=""/193, 0xc1}, {&(0x7f0000001600)=""/186, 0xba}, {&(0x7f00000016c0)=""/23, 0x17}, {&(0x7f0000001700)=""/146, 0x92}, {&(0x7f00000017c0)=""/160, 0xa0}, {&(0x7f0000001880)=""/253, 0xfd}], 0x8, &(0x7f0000001a00)=""/207, 0xcf, 0xffffffff}, 0x2020) write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000180)={0xfffffdbf, 0xff7fffffffffffda, 0x3, {0x0, 0xfffffffffffffffc}}, 0x20) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) lsetxattr$trusted_overlay_redirect(&(0x7f0000000140)='./file0\x00', &(0x7f00000001c0)='trusted.overlay.redirect\x00', &(0x7f0000000240)='./file0\x00', 0x8, 0x3) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) ioctl$TUNSETQUEUE(r1, 0x400454d9, &(0x7f00000000c0)={'\x00', 0x400}) ioctl$TUNATTACHFILTER(r1, 0x401054d5, &(0x7f0000000200)={0x94, &(0x7f0000000140)}) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000000)={"76657400000000000000000400", 0x43732e5398416f1a}) 14:32:44 executing program 1: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f00000000c0)={'\x00', 0x400}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000200)={0x94, &(0x7f0000000140)}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000140)=@assoc_value, &(0x7f0000000180)=0x8) r2 = openat$cgroup_ro(r0, &(0x7f00000001c0)='cpu.stat\x00', 0x0, 0x0) socket$nl_xfrm(0x10, 0x3, 0x6) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={"76657400000000000000000400", 0x43732e5398416f1a}) ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r2, 0x408c5333, &(0x7f0000000240)={0x6, 0x101, 0x100000000, 'queue1\x00', 0x3}) 14:32:44 executing program 0: r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1, 0x0) write$P9_RLOCK(r1, &(0x7f00000000c0)={0x8}, 0x8) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000740)=ANY=[@ANYBLOB="00000000c2000000060000000080"]) [ 1005.564126] netlink: 'syz-executor4': attribute type 16 has an invalid length. [ 1005.612090] netlink: 'syz-executor4': attribute type 16 has an invalid length. 14:32:44 executing program 5: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) prctl$seccomp(0x16, 0x1, &(0x7f0000000040)={0x0}) 14:32:44 executing program 2: write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000180)={0x20, 0xffffffffffffffda}, 0x20) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f00000000c0)={'\x00', 0x400}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000200)={0x94, &(0x7f0000000140)}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) r2 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f00000001c0)='/selinux/policy\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_PORT_INFO(r2, 0x40a85323, &(0x7f0000000280)={{0x1, 0x3}, 'port1\x00', 0xb3, 0x1000, 0x9, 0x800, 0xff, 0x6, 0xfffffffffffffffe, 0x0, 0x1, 0x4}) socket$inet_udplite(0x2, 0x2, 0x88) syz_open_dev$amidi(&(0x7f0000000240)='/dev/amidi#\x00', 0x6, 0x0) ioctl$ASHMEM_SET_SIZE(r2, 0x40087703, 0xb) syz_open_dev$sg(&(0x7f0000000140)='/dev/sg#\x00', 0x6, 0x20a080) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000380)={'veth0_to_team\x00', 0x43732e5398416f19}) 14:32:44 executing program 3: r0 = socket$inet6(0xa, 0x3, 0x6) ioctl$sock_SIOCGPGRP(r0, 0x8904, &(0x7f0000000000)) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000380)) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000480)={0x0, 0xffffffffffffffff, 0x0, 0x9, &(0x7f0000000440)='net/raw6\x00', 0xffffffffffffffff}, 0x30) r2 = syz_open_procfs(r1, &(0x7f0000000500)='attr/current\x00') sendfile(r0, r2, &(0x7f00000000c0)=0x14b, 0x401) setsockopt$inet6_group_source_req(r2, 0x29, 0x2c, &(0x7f0000000100)={0x6, {{0xa, 0x4e23, 0x6, @mcast1, 0x40}}, {{0xa, 0x4e20, 0xfffffffffffffffe, @mcast2, 0xfffffffffffffffc}}}, 0x108) 14:32:44 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={&(0x7f0000000000), 0xc, &(0x7f0000000540)={&(0x7f00000003c0)=@newlink={0x28, 0x10, 0x705, 0x0, 0x0, {0xffffff7f00000000}, [@IFLA_OPERSTATE={0x8}]}, 0x28}}, 0x0) 14:32:44 executing program 0: r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1, 0x0) write$P9_RLOCK(r1, &(0x7f00000000c0)={0x8}, 0x8) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000740)=ANY=[@ANYBLOB="00000000c8000000060000000080"]) 14:32:44 executing program 1: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) getsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x11, &(0x7f00000002c0)={{{@in, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@local}, 0x0, @in=@remote}}, &(0x7f00000003c0)=0xe8) bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x5, 0x2, &(0x7f00000001c0)=@raw=[@ldst={0x1, 0x3, 0x6, 0x5, 0x3, 0x50}], &(0x7f0000000240)='GPL\x00', 0x1f, 0x1c, &(0x7f0000000280)=""/28, 0x40f00, 0x1, [], r1, 0x2}, 0x48) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f00000000c0)={'\x00', 0x400}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000200)={0x94, &(0x7f0000000140)}) socket$inet6_udp(0xa, 0x2, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000140)=@assoc_value, &(0x7f0000000180)=0x8) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'rose0\x00'}) 14:32:44 executing program 3: r0 = socket$inet6(0xa, 0x3, 0x6) r1 = syz_open_procfs(0x0, &(0x7f0000000040)='net/raw6\x00') sendfile(r0, r1, &(0x7f00000000c0)=0x14b, 0x2000401) 14:32:44 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={&(0x7f0000000000), 0xc, &(0x7f0000000540)={&(0x7f00000003c0)=@newlink={0x28, 0x10, 0x705, 0x0, 0x0, {0xf0}, [@IFLA_OPERSTATE={0x8}]}, 0x28}}, 0x0) [ 1006.212330] netlink: 'syz-executor4': attribute type 16 has an invalid length. [ 1006.221667] audit: type=1326 audit(1539268364.804:240): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=9825 comm="syz-executor5" exe="/root/syz-executor5" sig=9 arch=c000003e syscall=228 compat=0 ip=0x45a37a code=0x0 [ 1006.249779] netlink: 'syz-executor4': attribute type 16 has an invalid length. 14:32:44 executing program 2: write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000180)={0x20, 0xffffffffffffffda}, 0x20) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f00000000c0)={'\x00', 0x400}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000200)={0x94, &(0x7f0000000140)}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) r2 = openat$selinux_avc_cache_threshold(0xffffffffffffff9c, &(0x7f0000000140)='/selinux/avc/cache_threshold\x00', 0x2, 0x0) getpeername$llc(r2, &(0x7f00000001c0)={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @link_local}, &(0x7f0000000240)=0x10) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={"76657400000000000000000400", 0x43732e5398416f1a}) mknod$loop(&(0x7f0000000280)='./file0\x00', 0x0, 0x1) 14:32:44 executing program 0: r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1, 0x0) write$P9_RLOCK(r1, &(0x7f00000000c0)={0x8}, 0x8) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000740)=ANY=[@ANYBLOB="0000920000000000060000000080"]) 14:32:44 executing program 1: r0 = syz_open_dev$dspn(&(0x7f00000001c0)='/dev/dsp#\x00', 0x4, 0x80000) ioctl$DRM_IOCTL_MODE_SETCRTC(r0, 0xc06864a2, &(0x7f0000000280)={&(0x7f0000000240)=[0xfc, 0xf83b, 0xffffffff, 0x0, 0x2, 0xfa, 0x400, 0x3], 0x8, 0x0, 0xa5b, 0x2, 0x4d, 0x400, {0x1, 0x80, 0xffff, 0x5f70, 0x0, 0x7, 0xa37, 0x3, 0x3, 0xc8, 0x0, 0x200, 0x1, 0xffffffffffffff80, "aeb30a4ce35c266b076a41016950ef82c14afc80f16f3ea55283e33a000546e1"}}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) ioctl$TUNSETQUEUE(r1, 0x400454d9, &(0x7f00000000c0)={'\x00', 0x400}) ioctl$TUNATTACHFILTER(r1, 0x401054d5, &(0x7f0000000200)={0x94, &(0x7f0000000140)}) ioctl$SNDRV_CTL_IOCTL_TLV_COMMAND(r0, 0xc008551c, &(0x7f0000000300)=ANY=[@ANYBLOB="0300000020ffff003f00000005000100080000000400000020000040cf00000001f0ffff00010000"]) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000140)=@assoc_value, &(0x7f0000000180)=0x8) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000000)={"76657400000000000000000400", 0x43732e5398416f1a}) 14:32:44 executing program 3: r0 = socket$inet6(0xa, 0x3, 0x6) r1 = syz_open_procfs(0x0, &(0x7f0000000040)='net/raw6\x00') sendfile(r0, r1, &(0x7f00000000c0)=0x14b, 0x403) [ 1006.331094] netlink: 'syz-executor4': attribute type 16 has an invalid length. [ 1006.361136] netlink: 'syz-executor4': attribute type 16 has an invalid length. 14:32:45 executing program 5: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) prctl$seccomp(0x16, 0x1, &(0x7f0000000040)={0x0}) 14:32:45 executing program 2: write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000180)={0x20, 0xffffffffffffffda}, 0x20) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f00000000c0)={'\x00', 0x400}) r1 = accept$inet6(0xffffffffffffff9c, &(0x7f0000000140), &(0x7f00000001c0)=0x1c) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000240), &(0x7f0000000280)=0xc) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000200)={0x94, &(0x7f0000000140)}) write$binfmt_aout(r0, &(0x7f00000002c0)={{0x107, 0xf6, 0x1c63, 0x222, 0x1cf, 0x101, 0x301, 0x5}, "7a3499196e5549d4", [[], [], []]}, 0x328) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000000)={"76657400000000000000000400", 0x43732e5398416f1a}) 14:32:45 executing program 0: r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1, 0x0) write$P9_RLOCK(r1, &(0x7f00000000c0)={0x8}, 0x8) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000740)=ANY=[@ANYBLOB="000000013e000000060000000080"]) 14:32:45 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={&(0x7f0000000000), 0xc, &(0x7f0000000540)={&(0x7f00000003c0)=@newlink={0x28, 0x10, 0x705, 0x0, 0x0, {0x3617000000000000}, [@IFLA_OPERSTATE={0x8}]}, 0x28}}, 0x0) 14:32:45 executing program 3: r0 = socket$inet6(0xa, 0x3, 0x6) r1 = syz_open_procfs(0x0, &(0x7f0000000040)='net/raw6\x00') setsockopt$IP_VS_SO_SET_DELDEST(r1, 0x0, 0x488, &(0x7f0000000100)={{0x6c, @remote, 0x4e23, 0x2, 'wlc\x00', 0x14, 0x8, 0x43}, {@multicast2, 0x4e22, 0x1, 0x7, 0xabd, 0x39b0640f}}, 0x44) bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000480)={r1, &(0x7f0000000280)="9a724776935363a96085194b6f38a09e178ecd4ba1cb0061742ac098d790c1dddf04261927dfc78723fe7b6e7b394cc914ee19038ec973c588f633e7a7c9604983cfe4b4af97a2cddb882f9fe60322db961c038516841b14aab9ba20ff39b4f7ac83836bee280487a73e1563bae6fd70f97d9ef4bc13d11c086b40ea4a9011ff466df1357a0624d2537fea34d43ed5d14773809b4cdb5c8a6c7ff44de1b8e30653227fa55bcf41f43bedfd468a", &(0x7f0000000200)=""/60}, 0x18) r2 = openat$sequencer2(0xffffffffffffff9c, &(0x7f00000016c0)='/dev/sequencer2\x00', 0x40042, 0x0) epoll_wait(0xffffffffffffffff, &(0x7f00000005c0), 0x0, 0x0) r3 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x25d1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x6}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r2, 0x84, 0x1d, &(0x7f0000000400)=ANY=[@ANYBLOB="0000b12a29fc03e43d22b5174413c97ac7915a3f5f72817009d0745b10443c2434570393d426212fb30000000000000000000059deff46a6dc2d3e4768180fe08687bea486c682515ca8384942ff542ed6edddf21fb96e1ac8358948ec4adca516d25be5fc61221a2af75d497af903c44dda", @ANYRES32=0x0, @ANYRES32=0x0, @ANYRES32=0x0], &(0x7f0000000140)=0x4) fanotify_init(0x4, 0x0) setsockopt$packet_fanout_data(r1, 0x107, 0x16, &(0x7f00000001c0)={0x1, &(0x7f0000000180)=[{0x2, 0xa66, 0x9, 0xffffffff80000001}]}, 0x10) ioctl$EVIOCGABS2F(r2, 0x8018456f, &(0x7f0000000340)=""/169) dup2(r3, r2) bpf$BPF_PROG_GET_NEXT_ID(0xb, &(0x7f00000000c0)=0xba, 0x4) write$P9_RLERRORu(r1, &(0x7f00000004c0)=ANY=[@ANYBLOB="1c0000000702000f005c736563757269747901000000000000000000"], 0x1c) r4 = syz_open_dev$amidi(&(0x7f0000000240)='/dev/amidi#\x00', 0x2, 0x0) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r4, 0x84, 0x9, &(0x7f0000000740)={0x0, @in6={{0xa, 0x0, 0x0, @remote, 0x2}}, 0x1ff, 0x1, 0x0, 0x3}, 0x98) sendfile(r0, r1, &(0x7f00000000c0)=0x14b, 0x401) 14:32:45 executing program 1: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f00000000c0)={'\x00', 0x400}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000200)={0x3, &(0x7f0000000280)=[{0x1ff, 0x7, 0x81, 0x56e3}, {0x3, 0x81, 0x8, 0x40}, {0x4, 0x0, 0x1, 0x8}]}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000140)=@assoc_value={0x0}, &(0x7f0000000180)=0x8) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={"76657400000000000000000400", 0x43732e5398416f1a}) r3 = openat$pfkey(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/self/net/pfkey\x00', 0x200080, 0x0) setsockopt$inet_sctp6_SCTP_RESET_ASSOC(r3, 0x84, 0x78, &(0x7f0000000240)=r2, 0x4) [ 1007.045413] netlink: 'syz-executor4': attribute type 16 has an invalid length. [ 1007.056901] audit: type=1326 audit(1539268365.634:241): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=9874 comm="syz-executor5" exe="/root/syz-executor5" sig=9 arch=c000003e syscall=228 compat=0 ip=0x45a37a code=0x0 14:32:45 executing program 0: r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1, 0x0) write$P9_RLOCK(r1, &(0x7f00000000c0)={0x8}, 0x8) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000740)=ANY=[@ANYBLOB="0000f10000000000060000000080"]) [ 1007.089443] netlink: 'syz-executor4': attribute type 16 has an invalid length. 14:32:45 executing program 2: write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000180)={0x20, 0xffffffffffffffda}, 0x20) r0 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x9, 0x400) write$cgroup_subtree(r0, &(0x7f00000001c0)={[{0x4b2999219f92c587, 'cpu'}, {0x2b, 'rdma'}]}, 0xb) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) ioctl$sock_bt_hidp_HIDPCONNADD(r0, 0x400448c8, &(0x7f0000002640)={r0, r0, 0x3, 0x101, &(0x7f0000001640)="adfd3d3a4dec046bd79e1cd8282145edd5a7bee312afe2af23ec167cd5706d999255b3f005964a7bcfd317f1031e5da538b7ec7de87df8d5d6dff35924d3852d2955491a7541b72b4fa74a3bb4abfb23d49b564aae3fd8f2d318f281216d790e3a163443e80808d39ede712f034ecc7a6373a9a28bcd2ecce92423d866ea86e3d557aa522a1bdb787083c9d1a00413923e217af6dd0229d90dc09952b7dd703e341254c0b821f2e6842003d067e798c112cb541b547243963071fe87156ad41b129c804b1fa24dccdf22a06f01e1b86871048f19f990b6d99afe0c26032c9cd955bc0111d005830e337ad50afc9e7e6c468bae3e015a4cd1b94b8b34a5612f4c1cf42e330f64fe65cf99cd57096a02ba3c84f274cd61f12548c9289b33b60b5ff77d24f5d3d44043932cee06f0a50750cd396cf619196463548e599644494fdc4f430f397f1dabaf33ae3d643d19fd091d10c001b88d65c0940bdc3ab50b53ac08e77299489afec88c93ef981108ef00e3481dc797d0149221d2eea5f818d997bc3816e2d44653d54442ccb266ec0065a9788c5a025f23b43b85fe4e44db11b8357e8f402a8c89cf0cb3906b4a489df0bbbd4cadf654ed0394913c882a1168db39346451f82e2bc5b4ea9304f4251e7829b2f6010377f934bf66e4154f5d09fcb6e644bb4cd8662864cf36687e764388ce467c076512484e76b42aa3ad4881e91b9789afdb8cb15674356ab078bfb584b659753b992be041e492ffcbcc78a6e04bbf76d1e1196ef802d06cf5639fda515868a4216e546b1b6379984e178fa0549ef58c046f92b9e4b537eadec6e91c29ca69dc11d049a6f97bbf4ad354f17dab065a4a0eeebcf93c5fb1e4045bfaf82853c6cb84482a4921b5a310c5097ea281569638225de14ce46639c3f1c356be124ea9b6fe60cc1c29b4379bf186ec1929baf392029bba8b735b85c0b2fa40fee6548bc93d7f037f5de7fe34b1d8c457d707f00135b6ff288be105c040d7f68ccb4fe2d6ef1f27fb15e9d8c3f9ef7b08f4d0d305211ddfef69b78838841962ef471e30dd22be76b274e8fd21ed46eeb4789a2206352857f9cd6e7985918b450994b56fb3de221f23e2c873bd801a4ddbc72036a494dde6f7c064850201ac85e018e4dad9706298f308f60ef670220079300e597a7526f1639e95398494ed95fce7e04d338d5fbb637230406c903ff635391df99dec76ceaf76924916543d57abb92ff9ce1870e0e24206874c17ba665aefa678bb9e59896edd4da4a9006a11cf6fbbc28d513cc244a172bfd0083b13330d565ee2351b0b7c50d7f19cd90a83f536397bf54b90007b1f7f37bf76bd4dec06cec62412d77dcb0bf1d79745bac8c43a1f24b79806cb914a5ed0abb958b08e480466c5aa3672fc4057b68b29e5efe1b26c5d2d088040932aefb5d77c602a1b24c6ad7007ae4845be2779686c36e4df7036e7d0fd8a165b8d5fab02afa3f32143c81ac1ab0c4de4d8cc5b77b2a539c5047a1738a70bd61ab626489b525eb58297ff29962548c9c057d82d7775e6668948768b61e0876f3fd952bfdd31dc6e7f187e6afc0e1a1111d8a89af1e54ff47aeb9293343617561094099215e3cce437f679a6cbaf32ded9e412737db0b794b8b2584b9929f3c4a5d256e5f2c1900b666e6548c7fce4f5a7fad95d9d96f1583cfd77336fb27ec205f80f22c5f0ca882ffb91848ae408893ddad1643c1a71b67640cd994b6d3d219f81af019ca0c45c4a1bd15747157953aff78422c26e0f16c3dcf1ba652677529cb178f2a71115ff199ca6ff5fc9c20bb4efb0b068d1bd5e116fb08feaef0b2ea52dbd5c2b41308dbbe660371d87fdb2a23c931febd9a62fbe71259f0ae1d30862cdb08f55672dad2d96d780385586fb40d23f5ecdb4b44dfda0c7dc4b549cfb3da955f91bbd639bde236b7dc08a38803dae53d8516977e602358731481e2d3df3d94b661a0b322abc9b223627111d0f1674190b93c169adfd1cd052162d4725e7d0f309e3a0b131c4c60bd2c0c01b57623a0bda7ae0568cf246bb98d626b74768d73b45eddc8d27915af6141fe5812d3998412676034876425ef55f9dfac4eacb43621e7cf681cba51db88838a4f7abfeed25590206b294cc06dd5fa984d7bef522b7542afe824224193bd3ef8032f4a373a214ccb2950b3553179b4af0ca3d2b34276f27261ea965df35d5a2c26dd739970454a2e509f5c8db0b18d024538ffd000d3ed9448a3477c3d7eb4a4053cf48b9843cb93b570e609af30589b8961a252f8816db2ddfd072c34d37e4fa9ce1b96522bd6551a2430c140b3c7a4aa0930e9c5a5687f55c9929cb4f49dd556c1215bf35c318bf45f82f37b25ade33e838c63dbdb55df277eb44fc4567785ff6087dbffd6a7ec9063a7a3b526cb2482f5b31b5fae90c574ed5a571b1b8a7f038c91f11722c2a3dd0071324ed2a4b373c91c2422a570943e77f6dbb05c00fcfd99dcfddb6dfce348b397efe6852b22c689c7d54d2181a92121802314ea55b8d797fb8ce7f54eb1c56bf409b4caa866e4337ecb2966804963ac406c6d8a27f52790718fc99638a98dc95ea32788143dfe40c58e998a0f5674153109933532d4a7702868122cfade85b4d11697d3c12c293ef80c0ac2b4dcf3a70aa069953cf4cc44a0ad6dff1e7988bf03f22533827ef28420e77c24dff96df5d2a6d4c28c378fd42d0a1bc452f2e241b0a4f6b592ab05dcee0c64f8b2a456d728e07b8ebaf652e280a059c8a691240748c0bd891bb145a33b1d3b81828e265e55ee5b812f6ebc96c0a848d4b53843d510a2ca3f9d6d52d2ba36b778d385d688da3355a153c68475306dc4ebe1873f0e59c3d0e1bed57f5c06dc2e7997f8066500089d02913ce83cbd7892f4df8701f045fbdca25cc13d5e256f4146d307844e81a36b06c90079c7dcf2ed80c6b4c0d7d23fc26759d433d444b7a1a155a0c6482b2a3bab1253a8ae2f97d429ba7a7fb0d59eef8ddd705086c253ed64dcd2f2b7f674c3d6dbd44b6366323d478dee3da70c3c2a2e443998aef7f324606170642f0d075f8f5fb95c662d912cb6432088ba73935851c4d1607fa42dddf958aba629cdfe23bb69a7e80a588640209c78154ce0d810c41a445805457921b77b749e2b237d943bd8c58f61499d4901e6aca2671f96921335d977ed70964db1540af1d671d5a76804f43e743ebd82e8f4c7d5597c45690394825a00d90c391acb1905f35e1e1a5877be460727f6a2c666386bae08b52f683724329b481d1733ba44746c4751075711504dcf4f3c9203fab0180570c0861fba4cd995ec0fa85e24f53cc7a3828bc364576e10c22025ae94ae545e2801bf56ddd8ed70837cc955c2db9bffd3fa893546a5184c13ba592c26924ee6b1bb4f7c4db017ca2e9fa8bd90f19a8e1369c642137bca0a2ec1895d09ff49c2c2248f63bd4dfa11f4b72b3c1cb745b9b416d89b366c4198e7c65ad8c7ee50874055c1e4d782d6e0166348f50d802f1fed5a7d4db8d68908a2a37830310433a22d58b126bacb49b058b5b218fb4492850de4692e4ab5ad94e78c5a90a4365cb27b789b3a131ac11c7093a6458d5baf0e49e7c41409e764dab122d4efbbff104eb41ba72609cd618114538835549c86b19c54465ed6e3baf33390f1dc6c0e29951f1180a4c47432f7f5f6b56599c138f248d671d9d64eb209f3a0fb99e56403868b84744aa8d3a364ece0a9cda69b036466c5145083c6059ae9167198ecc4dbe1ebb09cd5f673f33dbb65012c33bae0d08a2cb2188cb777e4cd1c206f6261c96cbdd5d1102657401ec1d062df0dd04764fcfddf91b755fc19b9c8e0d5a68c782b58a394a60b86f313ecc53b27bbba9656fc043c9dc922e64d2253aad6e34b272b5c1778b177517580fbd703d9b0a52340a97cd800d007317751857c0549840f062866463dffbb2551c2b575a34c5a601aa09f23f4e1fb2529a2c0c442bd92a88fe65abbee5851ecaa53e2ea40544a2a33cc48577feb992ebb1e5d657ed1f6f396582e677c285ed12b89714245e76dd49b6ab6899598f2e871b588dfba3d7f2aa547a1ea066c305f8b163cbbb6a2eb5751a4a5dcec08eeeadb6b9fb70ff602490c29863d5b74b6514da7f04a3bed51212342f317ae364443427a4d78fbec5bc05191003c6c55565d53f4756a5564af396cef49a935778478124ee77f077d622e6f76bc54bd7a94d68f96732ea3b1428c4c15d1d8eb5b23c316de35e151c9faa158024b807a5dd0ed14dccb114bd87dc94a9512699c2d416ba44275341dd90a67f57538e0955eca29363e7cc188cc8f3dc31cf0f17caa41440d181d9e4d91acd1a07072840b77b8eb4b8cfbc5d1c2dcb285da53a864b4e16a9f5ddc231b5497fc479c7d6f024b35598770d07660c3748bf18ab15cb231d5e3b8b7e411f68c34105013f5f09cb05a1f69156bce6d05dc7d649d0bc5e3edc11b00bdeb1c67b5b33a0b7d4bdbe6a96a6fff3ee3d50b9c7cb3d5606fe5144f3fb994ee99dca63a06e64034d397ec22794c49492fb302cd154e093802ea12bb17505104e00f4fb97825b4e1639442191af96502e8a515a280c695348b0ce873703fbfa6081c0b689d2477fca2a7df5f4e517e7bdf62251caacb3b74c4540d31c5c5ba310d3a83ad91da771066328ff37d502d74b55431ee106f54f354daa7fb5ae3d2ff1f52681534aa9666b1970cf39d6530c253354a0827f3ddb4ad104d2e6e060d9f37c2a91cfa081ead53152fc63a62566651b5e3b087e895c4748e4f198cbcab1cecd5bfe4c27aa467c0ef5c7d5727a67e3d875e40fc5ec0ff47fad297e573c229e9ae8c0fae6c53cf48fa2e45da7b6ef3983b70b1dff70653c4cbb77fd8257e5c9452b70290131c03d7ec0d63106b431620efb4140ea250f6ce6920df1aeaf1c228d9e071e7ca85ab120946430a92768dc0a6a23b00d9ca6abe4f9d20f3e654f4b9e8ab27eb9ce02b71e681aed4cde7bfe034096c99b0776b1450ee13a290dbcbe4cb4e70dd0c6c3bb130b9538f29ba2f9b52af22d70ec9c0b9abaa146b9f9f14e3bcd1941c8fe6015802453cc1da7a562dc313ba9170b0684f9ce220c6a43376b3a50f44a980061935176e1e1b82e2d8a0739b16d6349d2106ef426121eea4db9a7f8eee288d5dcea509dd0932b2fb17de75924f22959795594d89adc1644fb40c7b190b129cdf337343629b732100bdefbb6168c23446b767bdaf0fa079d94b16a38018ae278383c2c716fcc96f964ed305162b8e81addd609a1dd346c9133728176bf8245ec646f75b297afe74005d9085efccff5c57916105f7175e1b40519a285c65651c471636a4f90790f31548d9c58527ebc0fd50008625b16869ac818c966e1042d9f54af2f073575febd9fb7ee78863ced6447f25c3ebc0b3d03e9a3eeb0c17589bf02d550bb4c50dc09287ca096f526aa1b4711e4085b57c71707272392ba0ef097d53101efc3082452002d8d8b1aa1fd504ca7d424933e3d5b3e00334213cf15d45036396e2bfc14f536a2fdc5d9f5d8d70b2994cf537ed05b21a7a468ac6e9b8fc593c66412702f23692f9467340fef0518c53b071d0a180c0388098c85b60d0e199cc8773e97206d03af0fa6407f133ec080201d093a9747c732492f9e89622f97ebccd07750afd4740be86686856f54e0e31d9f30efeb0ade9fc1c859e29531b908b8f4bd192cd0ee89d0aea3c5c6b600bd1fe14d12d1f5fb9ab80c8154af7d4c53c0df9361cbb7fdd6140aa6cb293d0b3b41", 0x87a, 0x8, 0x1, 0x8, 0x0, 0x4, 0x81, "2c55c7065215aff5acd26579fff5a83543160a67ba5c561567481a3fe22aed15e1104ce27598eb67c10b60b36a5d86d9df55f32b256f83bbb1e0eaf1dab4e4f6054471701606a1f339ed8b4ee89c702576befdd8df11c37aa213bf62e8707db3668fa47f89b2cd105199693b1de9d53846970bc1bafae900e01e8890ef895c826d27aaa8fd89c855f029101ef0b1356a48c4ae8b6d22c7e3dc852bc466ac8e94aa143cbd7818af52628c151a465663fff6e9d956d755"}) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={"766574000000000000000000bd6800"}) ioctl$TUNSETQUEUE(r1, 0x400454d9, &(0x7f00000000c0)={'\x00', 0x400}) ioctl$TUNATTACHFILTER(r1, 0x401054d5, &(0x7f0000000200)={0x94, &(0x7f0000000140)}) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000000)={"76657400000000000000000400", 0x43732e5398416f1a}) syz_mount_image$iso9660(&(0x7f0000000240)='iso9660\x00', &(0x7f0000000280)='./file0\x00', 0xfffffffffffffbff, 0x7, &(0x7f0000001540)=[{&(0x7f00000002c0)="d5cd5df199048e3cf3b685d9b8ad693a72be56230052add239a65ea36027bcbffcf226da62ba542f480c25076d1a7a4434078be928d2ac9a10ce72627f39c6216b68613f1135ed3dc354854e7365cdaba44270805226005f34b4d24753f565e016bb01bfaba3a706bc07f89746edd1", 0x6f, 0xd59e}, {&(0x7f0000000340)="d3728ac84f834269f8d6ca1c16a17b87561e4d8a49610113c7d41c27bec80fe6eb25aa266d8cbaa3b22958f620296b260bbafc3bcb26ad65caa59825edd77daf5adaca0fb3dda1bb881bd08920522b05914f4b1c69188e1b3ed3953e7afc7cbd2962b622dd5c2dd9603ff82f0468c372a92e61", 0x73, 0x8}, {&(0x7f00000003c0)="1211061974241a8156cb1ff5d952c9db13036e6428b2a455f214870f5ab2fc86e990dabd28e9030206c2e979b2f09bd2432b0d95248ad86fc553a29e8ab11930db68e522929575278c4d88eac7b52eed752a2749b17e6d46ce160261bc17d4fcbf65661dab1647832f47d016343622199796eab0375cd2aa6c0a89", 0x7b, 0x6}, {&(0x7f0000000440)="d7200f12ab5fac68a6ade95a125fdd5abc4be85214713f3b50fe7d5964a7a0384aa4863f68bf573c10245210e33d21cbeb6b63", 0x33}, {&(0x7f0000000480)="f31117f0d85388e7af8421a69624e72e8a69827035d67c9397a4399f4056f69eaf3f037c4b1936405b75ccdef6562505d044ad9e728b8ecce1cff72fb16d6088cc59cf1f996cacf7b670399f2ea7c6b5eada9032f41b8c3ab28e926fcb2b5491586356b35b5c6675397dc6f17d60fae0455207b59bb3031da121f3c034e0bfb0326985f0f05e1b84adeaa617a3710c88c0d03e29abd28f536e52bbdab1c5f16eb5570c8d3de2aa813e7a617ee28e85d82e19096d014ea15ad331ef0030998142d48b59236c44692457960032d229c985a21e00bb4c8862202c351a197a27acdbb574443a3189f5cd195bb493ab065dbc67df9975dc8e750df90b8edc2524e8b467c2913663212a201f35fce01d14fd4a03f4d1c394805a44eea81c6794678c771b0d97396e133f00076a16c4678fd93907a816ce9862bbb1c8b1941a6940b826189719cac631539db2cdf4a2561efa1a2b7e832815ba96181ec12a36dbf9ce741ab57f2858e2f209e90d685c7f7e09f54de07f273c7caf917acbcc110de67888fb84259cf316af7fdbcb83aae2113ded8a92a97d1ff5c6def757180743e8b79c6f2c4b513ab1eb047889d412a5d0bbcbc17f322091ac47d233e2d053936a9de08b2ba0f2fedb0cca44d734f5c31a1234326f5d9d4f79da8dae3005c68674c85437bb4edc2432abf5b6a25ca76703117491e362b96459d3a74c86a183aaae6719d43bdc59da43ab2124418fbe23f53a1ceb89dc28cc4dd2627df2e069eaa6c4f46f5d8604f66ca069569a08c9cf3b1575d22d6c74942b5e27521bdc5600b88e56936b4fb606e20741f13071ec5679650a37fcd53a95b29cb75240f5a3bf8a67ee2c436f5b7b9da1469d3f68c05bc22758dd9d26b5fed5758aad23aca8b2761cb935505dca4073bc0a0747a9c36732eb49cda923972881e3914fd3fb3518439a094659b243eacced7d4e31f747af0a9da276ff5f406cc7ec9d920af89f3dfa62132e18328e7df721804ff9d34db38d4ae23292e03ba502f9adeb379768d582ca459db7604efb6afe87785447a83793fd882476e4f9aeb3861947717c0e6c5872c7cb9d719f9c0fda1122ad05831130869533dda9dea77c9d7f521341c057a5370fa745ac486d357229f87d25b293b42c66126f19d38d598ccd9f71b382f07c17cbea16679efe8af8778307af885c5d74f5362ce12c447bf0004c7f0c96103e2dccccc932385cc0d2bcec4e2112b8bdd46be3fd0603dcd6e290eeb9a6fc28e73a436675d694c83dd57df5c3e814388baf23624c1ff52dfb2485bc9c611204205804e0e773e9c87c1e955e44755153125dc688ca82c7fd81e50c3f7967d2417d7eb857f628b7225fd0d5abfa67781e47efaff4ae3f6f0b2c899c4b1c0be0332c164567582ed3525582d5796fe17a7a137054d747358044c248f5de915c8b91ef2f6cb470c71faa99b7fea21b8421df28243346febe034be3e10ef3f30198edae1012c0d3cfa7bab346e157860905da6ad96a7f05e2fbc247c3205afe44ac275b086421614b3d05384e436ffb181a8602f0a8af4cd0ccf8d13244fe248b5936c47649301285bb6ff09d1442db3d2f8c4b5b1956a8f1fe862e224faeccb80bb97cb144c86902fd707c40392af68376383e5d0c70d2ea6bbf26652898d219e8ccc6e2428fb10225d8343d15b52e88b88c692a9000b521099c653371d653e735dcbb018a09f725fe659fc7824ba73ac29569d65c557dab268c98ea7ef958a31aee3b002500517880e2c83790e4f5e073131f75e4ee8aef575435e6d1a974a4f9bd141cb7ae8a8a1f4c323f9726d5d80c952e91a56c13b034e696374a099bbbc21b413b534b798d3bfa6d643107c740b425389143a4a10f74a9b3613219eeefdf88a5af7722df54dd66c0cf3b75a1a77b3f24e32cda065af9f18b5296b5ec0a8573f8cabc4621ec6cdcd2e354f103a89c8abd5aa926d9f02c380d70ef28849b95d5c35a035e03f15f34f8581bcdd37f4bc0e5e2c4b4e13d8f56fd4adfaade7973f34f094722d871e8f5b89ee82f485a764541bc186e70de47a1c9348995c2c498f6ba36f65932ee7ec96e2120c0f766a0f2b026e48810fb02d44830b53cf2a462aacfac3cd12b1273646215e041e16cdca59d5f62711f47a57c064df32d4508e4936c2355cb6274b8d373cb44151fc6f80c1bdba581315188a0323e7f118ea81a8914e6e99c94cbd293b76ce2447013d9090bf030018ae898688409af4e12a874e03c7df99cd27461c92b89daa2fa6969f2f8f986bf575f99a0afb6adcdd12d386a6e91979ca2250593a88af5b2390ee9ad972b11bb0524374fbee1d748f39b964b9bcf1b7df681aae07fefc776318976ffaf2ed90940ffb3a7f819b219117fa7a6c94a0325ff1f43c8a540badbc2f9ff76e4f7b993f2a569ba28fc9d0dbba2903bbc8aed2bf42c4e373fde7665d3f251e352d38c9f4b3175acecbed0ed78031f1ca4f5ee4e8b0e6b7f14815aabbf69dca107db1d0fbc97d29aca8aaeb25bca38a388e0ee1474451fd9b91c0321b5fe944ebdfc230bec6b101d07e4a198fd54a2b30da6e59ca72fb72868b489264b513e8360713c6647bb586a7d35663ae88a01140a31f0817a0bca619f15eea52f85bb9456206b838b2ac996b0fc324f47f4277e0eb0a8114977accbdf46dd83a5ddc266fc14fdab4dd60c9ccaf393906dfb2a2ae9eb768a48401fa5b3f0e99e88a7c1ceddde73bc8c6a2a5e41b208b66510111bae2650b95e1e657476348e54c08dbecc89f6250980f910ce1a3cf5a6e5486cf740a13eda7f5f813c9d7deea0b6572c4e9666b0c61c20645ba72e06fa0168c7143e56318f90ab656e05078ba36cc3c305fe68a9d08b1a6568c9f32b3925335c2bab4efef680a48d8a39b3baf60cd210795fa14f5ff3bbe7e90e43b1c5e64ef44e84b45656fa6a347e3e27a598ff9d4753daf22ff698a903ff581df17ccaaefb0d2f9c436879bb20ba7f5d7747a6c4309f736da210c82087d1ae924233ad131927b7acebcef744fe3c62f512521540004359b431d962d218de0a5e586b2cbf67d74de5b092761f69c309ad3704a44705361b19ec0172e1a8a3af633efc46fd88fd4bd67a4631ee3456e81b54031fce02091535e5a818f7be142a24016081f9f72d5d2193c72f868db95810ee2eb5cef50422515c43feb7ae3f1d74c5e13c4ca3c71db1e3a648c700e44b6ea4378477677643175f728e43525e87b8219c23146a8c50028ea9efcee30ba883cfee3224aa412364e2f19ce95fb587d6c175999d0ecc044ccd438b41f226c785a884b7373247211053a2877017213c0e141d9b1fb9eb48c940ba0403281880b3c9b1e5a74f03e94cacffff4b56ea442d10d311df67b98062821755e8f941edb2b4f8324261d624dbb8d73907610521038d0fa7b7f40eea3e50d9081afa80939385a3bc6a43c8488a4cf84dce89e7f86fe7208fa65c0f670c9a660c3d4248b89d096d820291de1db75a0670fa85e4521b6a9cf7474c11babd462f20c5c39e5b07a8a63e445ff4415bcce09d3b2357aceca15c2adff9def099dca4831d5d622f06134d89fd1b81a6916e70117226429653240a489592169d93d0bd90f4b8c992160de229e2e1f482750c0fa3ff9dfe479e2ab4369f1ceae2613f61501d25fc32757677cdc5eca433b413e963f09d9a55cd80aaed7f4c709d53a0e34dedde1d29c8b281e15f25b854f199ccd5696cf20caceceee441d2fb51e7432ca48cd68f9dfe241da62159c75acfc175d23cd108849f779a462690e58a7a32b2426d86a02cc79c8dacee0ace011934e9820c19529e840f5051b87872648cf2c5b46d88094570b78ee5c046d07c0a1c6386940ef0dafad1b6819b29488b0885514b6e37e7d9646d80dcf88aa6c5eb97a90139a4cdfdb373d466a51cadd9f1ed43ff07ff2c04e3f045a32f1615f7dc9b4e852cc10cc66e025a4a12fa665821d79f5e46c80e5eeb5644d84b9fa84b833ce9b54f09e2ed93768edb210f3e15153c3c9630b8f60e35cde0832ba43f3c3ea43e19fe5d4271f757b3c3718d0a56165b5bb164d4e808f905042255f58f88fcc62e27a04b65d54a65d6964bec75bbe39b899bb8741575db9a1f138e83f66033d8df1503425d665f74bdbbb4ee5d1328124db7c563988e2d232fd2796eb2f6dd1cb9225a8fc3af41e437ac66da529742d339ecab249a066736f5f7a1bb62bf118bf1110a58cd375643c86e4c79c632ff21724c80d5fba28ff203f8e3714d2443e0be59ad7459eb67741437d00774e516c49fc3fcba38618257303fa96d653725ea3b1289eff89cec047fecff3e7e219243a88cc87479a9cfdc845cdbf1181eb227489ae42a1b29c9874e8b255d596592b35daf79ed64ea963ab4d33b16519ae2f6da78b98764e3b091f7c07d0a94d818e3285b76618d498545e0b0def2339bc4876dced7a76b3c2d044e9ab56b932359ba5723df69dd7ce32d8fb9773f6feac8f33e8939b7bcb3a090d1be2f7965579f9528fd3b0075d2ddd64183a75821122611753d555fb8660ed711ae1fea0b0596c16aa70177b88c62c2c597d11f2e44310fa9a3599d3046f2561b37ca9d0d49023d2f7ee79af6cc5c73e9eac713d495f474f4af1d895a9b1a2a392a89c9fcc856f5232ce04da02087f42002419e098e1aff47acdd4e58bd71d3a9e8b71cd2f129eb9ea99b933468537be93f32cfbb883ef5c93d9ab94f737b865e1f86247c20a40473b7d1cb04809749644716cc2245fc3bb4965347eb185d6aa05aefe9ef438826f5e177e68c48d3f53526d6920271746769551d8227fc4bdf90f3ab454a547364e6b396e605569371dc99395db716604370a62cc25671f27108b1c9b555852704896f4230c6f1808013fd636eb5a3fcddae275a7e716c29909ab210b1ae386e82c3da123e68b26c13f966a4af7308cbc5e90af2664d03f13858118346da12e0baab61186e130ce1126aa9bac1fd4122e25333c144005540192e9dd82427fca7412cb912b61787be49fcb3983bbfdae510187dbca4fde205bfa087dc94364b6253ecf2d07754c0f366cb4ba419dce37c1bfca90268ca8aab1ce936b9f802bbaab0424a12965bde667e7f4191d449bf01635e202b2bb66bf4ab80354f8bb1390a9cffb1508ca86d708eaa4ac85420152dc3387fd06f83794d53e1346554b394b41df331ca962cf7d9d03c6ce4c364fd7cbcfecadeb210cedee2fd02f693c249c9bdf2ea9491adedaba74544c71a50377b017c43f7a713768377409107f747cd8625392588e8c7f6b20a4079a4444c73bfdb509b817d7a95b6baaeafd237d3cdc322e8c973d0e2303080f2cf51f231a3051f43e419d421b49cb2d199231f199dd64bdf8f333616dd2b819dd5f6fa374e0e1d7e8118cb1d265fd0f81c9da440569b4fb719f5743060a4cb5671a60bd9675a0bf6459001be47170e9d95e8b163df21ac9ae343f83426fe9506b14a8d8df62f9e6060d36c317608a0a9080a8d9c9fb524903e6ecc4b3e6015aec2d35819cb385149dcffa8491a41197662679b454a01cc6dd31205d7d6f53692140421ddf28a7e5a8dea1a0aa87d37efc29161e40801f073cf96e233a717432914ce19d8bf857e5346317fa90b574c02352db65dd85e71e3f42a83f0e76bb89e17230968bb35ef7a56a8b0e513d643fdebbfef99c0d7a68fe78286d40d079353e80c894e331034c9148bca41d5a23931bb85a77758a78f8e8515dfc6a235b0af3408d9c3157a85723a0da5a3406dc633ae87a532a5d0d2", 0x1000, 0xfffffffffffffffa}, {&(0x7f0000001480)="369ccb11ad0c1b8559aa8043782198fddcdab8811eb922056d0fb3a30da05981b85856e6f286c174df5b27434e75402c33dfd6718a35385c577317ebf4f0c005544243ca6781b0cda24ce26baf50fd009d8b570aa37c1e2544", 0x59, 0x7fff}, {&(0x7f0000001500)="7c437fc266fd756f3cdd9083f2df6c4c0c07dc87a2ccc86c2446f8", 0x1b, 0x6}], 0x2, &(0x7f0000001600)={[{@unhide='unhide'}, {@map_normal='map=normal'}, {@hide='hide'}]}) 14:32:45 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={&(0x7f0000000000), 0xc, &(0x7f0000000540)={&(0x7f00000003c0)=@newlink={0x28, 0x10, 0x705, 0x0, 0x0, {0x9effffff00000000}, [@IFLA_OPERSTATE={0x8}]}, 0x28}}, 0x0) 14:32:45 executing program 0: r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1, 0x0) write$P9_RLOCK(r1, &(0x7f00000000c0)={0x8}, 0x8) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000740)=ANY=[@ANYBLOB="0015010000000000060000000080"]) 14:32:45 executing program 1: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f00000000c0)={'\x00', 0x400}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000200)={0x0, &(0x7f0000000240)}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) r2 = add_key(&(0x7f0000000340)="73797a6b616c6c65720087b9f77f5f4c3f42555ef667cd89e7444ce38cc7216f9470e285ee8724ac96cc827b5fbfba19bebbb60160a947b5615cafaf3f153738d54975799eaeb204a64e1d511cf686154131adc397bc896fef31156e00000000000000edcbbcaaeaf02ad9be4e13bf99985c6bf12f454ef9d9fb1f048777dce9c2fffbb5d8ccf3440b061c9e66123eaa7a27c7ab1d202cd73ea3383bdaf4e1917c1864e4e00da87ec409f21fefacc2e17096b370d51e7105bb911f31c765a30e021e0e85d4c6da817ddf6e9104f724c58b32997105f3214d19077c6400000000000000000000000e740c066553d2654e0a60dea7b9c7fa18451082d5fdc5c0390637", &(0x7f0000000480)={'syz', 0x2}, 0x0, 0x7aa7c6c9e4b1b755, 0xfffffffffffffffa) keyctl$restrict_keyring(0x1d, r2, &(0x7f00000002c0)='rxrpc\x00', &(0x7f0000000300)='\x00') getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000140)=@assoc_value, &(0x7f0000000180)=0x8) r3 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/net/tun\x00', 0x800, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={"76657400000000000000000400"}) fcntl$getflags(r3, 0x40a) 14:32:45 executing program 3: r0 = socket$inet6(0xa, 0x3, 0x6) r1 = syz_open_procfs(0x0, &(0x7f0000000040)='net/raw6\x00') sendfile(r0, r1, &(0x7f00000000c0)=0x14b, 0x401) setsockopt$packet_buf(r1, 0x107, 0xf, &(0x7f0000000100)="a1e5b37f5aeb1b3b7b4a4b2b123f8352738b7d09777635a68b26baa1085d214300d73bfcde917434432ffbbbdc978cee00864b05a55d1975c45a6db0e3f997a2210d1fd182465c1658502c2251602ee4cd6735ade35e245827c3764e4bc21b58b4c758934ac49fc72eaf3edc068aca218b7f8ea4f5a6facbd9023d52a72ddc0844ecd9a537e14e0244271b3fde7c4c2fb3f9b1b17492a6ac4130a703bdd1cdaf97fadec53451edb4777716132ed801cbfc55f01ee5c4a538ad00203388bc9a2085371e7390f705e9e9d2ccb4802672bfa472cecafb0d4c4cff4a8fc7193ba5cd72869808465c726d171455a2ea96713b5fca", 0xf2) [ 1007.305995] ISOFS: Unable to identify CD-ROM format. 14:32:46 executing program 5: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) prctl$seccomp(0x16, 0x1, &(0x7f0000000040)={0x0}) 14:32:46 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={&(0x7f0000000000), 0xc, &(0x7f0000000540)={&(0x7f00000003c0)=@newlink={0x28, 0x10, 0x705, 0x0, 0x0, {0x4}, [@IFLA_OPERSTATE={0x8}]}, 0x28}}, 0x0) 14:32:46 executing program 0: r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1, 0x0) write$P9_RLOCK(r1, &(0x7f00000000c0)={0x8}, 0x8) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000740)=ANY=[@ANYBLOB="0012000000000000060000000080"]) 14:32:46 executing program 1: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f00000000c0)={'\x00', 0x400}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000200)={0x94, &(0x7f0000000140)}) r1 = openat$selinux_mls(0xffffffffffffff9c, &(0x7f00000001c0)='/selinux/mls\x00', 0x0, 0x0) bind$netlink(r1, &(0x7f0000000240)={0x10, 0x0, 0x25dfdbfc, 0x400}, 0xc) openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000140)=@assoc_value, &(0x7f0000000180)=0x8) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={'sit0\x00', 0x43732e5398416f1a}) 14:32:46 executing program 3: r0 = socket$inet6(0xa, 0x3, 0x6) getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffff9c, 0x0, 0x10, &(0x7f0000000100)={{{@in=@multicast1, @in6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@multicast2}, 0x0, @in6=@ipv4={[], [], @rand_addr}}}, &(0x7f0000000000)=0xe8) setuid(r1) r2 = syz_open_procfs(0x0, &(0x7f0000000040)='net/raw6\x00') sendfile(r0, r2, &(0x7f00000000c0)=0x14b, 0x401) 14:32:46 executing program 2: write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000180)={0x10c, 0xffffffffffffffda}, 0x20) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) r1 = gettid() perf_event_open(&(0x7f00000003c0)={0x0, 0x70, 0xffff, 0x401, 0x8, 0x4, 0x0, 0x5, 0x40000, 0x5, 0x5, 0x89, 0x1, 0x8, 0x5e, 0x668, 0x33, 0x5, 0x6, 0x0, 0x200, 0x6, 0x4, 0xdc, 0x4, 0x100000000, 0x7f, 0x5, 0x4, 0xffff, 0x3, 0x6, 0xcc2d, 0x6, 0xbdc3, 0x4, 0x8, 0x1, 0x0, 0x3f, 0x2, @perf_config_ext={0x6, 0x80000000}, 0x12901, 0x9, 0x80000001, 0x3, 0xf71, 0xffffffffffffffff, 0xffffffffffff191e}, r1, 0x10, 0xffffffffffffffff, 0x1) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) fsetxattr$security_ima(r0, &(0x7f00000000c0)='security.ima\x00', &(0x7f0000000280)=ANY=[@ANYBLOB="020b36e22cec1ac4bf8279d468b2938393dbc8d5157b43fd5ce07148be8af66916782201582800000000000000000200000000000000"], 0x8, 0x1) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f0000000140)={'\x00', 0x400}) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000240)={'ip6tnl0\x00', 0x400}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000200)={0x0, &(0x7f0000000300)=[{0x5f2, 0x9, 0x100002, 0x3}]}) ioctl$EXT4_IOC_RESIZE_FS(r0, 0x40086610, &(0x7f00000001c0)=0x5) r2 = socket$xdp(0x2c, 0x3, 0x0) ioctl$sock_kcm_SIOCKCMCLONE(r0, 0x89e2, &(0x7f00000002c0)={r2}) getsockopt$IP6T_SO_GET_REVISION_TARGET(r3, 0x29, 0x45, &(0x7f0000000340)={'IDLETIMER\x00'}, &(0x7f0000000380)=0x1e) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000000)={"76657400000000000000000400", 0x43732e5398416f1a}) socket$nl_route(0x10, 0x3, 0x0) 14:32:46 executing program 0: r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1, 0x0) write$P9_RLOCK(r1, &(0x7f00000000c0)={0x8}, 0x8) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000740)=ANY=[@ANYBLOB="0067000000000000060000000080"]) [ 1007.900353] audit: type=1326 audit(1539268366.484:242): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=9920 comm="syz-executor5" exe="/root/syz-executor5" sig=9 arch=c000003e syscall=228 compat=0 ip=0x45a37a code=0x0 14:32:46 executing program 3: r0 = socket$inet6(0xa, 0x4, 0x6) r1 = syz_open_procfs(0x0, &(0x7f0000000040)='net/raw6\x00') sendfile(r0, r1, &(0x7f00000000c0)=0x14b, 0x401) 14:32:46 executing program 2: write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000180)={0x20, 0xffffffffffffffda}, 0x20) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) ioctl$EXT4_IOC_MIGRATE(r0, 0x6609) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f00000000c0)={'\x00', 0x400}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000200)={0x200000000000000b, &(0x7f0000000140)}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={"76657400000000000000000400", 0x43732e5398416f1a}) 14:32:46 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={&(0x7f0000000000), 0xc, &(0x7f0000000540)={&(0x7f00000003c0)=@newlink={0x28, 0x10, 0x705, 0x0, 0x0, {0x2000000000000000}, [@IFLA_OPERSTATE={0x8}]}, 0x28}}, 0x0) 14:32:46 executing program 1: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000280)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f00000000c0)={'\x00', 0x400}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000240)={0x0, &(0x7f0000000280)}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) openat$uhid(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/uhid\x00', 0x802, 0x0) getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000140)=@assoc_value, &(0x7f0000000180)=0x8) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={"76657400000000000000000400", 0x43732e5398416f1a}) 14:32:46 executing program 0: r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1, 0x0) write$P9_RLOCK(r1, &(0x7f00000000c0)={0x8}, 0x8) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000740)=ANY=[@ANYBLOB="001b010000000000060000000080"]) 14:32:47 executing program 5: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) prctl$seccomp(0x16, 0x1, &(0x7f0000000040)={0x0}) 14:32:47 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={&(0x7f0000000000), 0xc, &(0x7f0000000540)={&(0x7f00000003c0)=@newlink={0x28, 0x10, 0x705, 0x0, 0x0, {0x5000000}, [@IFLA_OPERSTATE={0x8}]}, 0x28}}, 0x0) 14:32:47 executing program 2: write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000180)={0x20, 0xffffffffffffffda}, 0x20) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f00000000c0)={'\x00', 0x400}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000200)={0x94, &(0x7f0000000140)}) r1 = syz_open_dev$amidi(&(0x7f0000000140)='/dev/amidi#\x00', 0x0, 0x102) getsockopt$inet_sctp6_SCTP_MAX_BURST(0xffffffffffffff9c, 0x84, 0x14, &(0x7f00000001c0)=@assoc_value={0x0}, &(0x7f0000000240)=0x8) setsockopt$inet_sctp_SCTP_ADD_STREAMS(r1, 0x84, 0x79, &(0x7f0000000280)={r2, 0x3}, 0x8) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000000)={"76657400000000000000000400", 0x43732e5398416f1a}) 14:32:47 executing program 0: r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1, 0x0) write$P9_RLOCK(r1, &(0x7f00000000c0)={0x8}, 0x8) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000740)=ANY=[@ANYBLOB="00d9000000000000060000000080"]) 14:32:47 executing program 3: pipe2(&(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}, 0x80000) getsockopt$inet_sctp_SCTP_RECONFIG_SUPPORTED(0xffffffffffffffff, 0x84, 0x75, &(0x7f00000003c0)={0x0, 0x8}, &(0x7f0000000400)=0x8) setsockopt$inet_sctp6_SCTP_ASSOCINFO(r0, 0x84, 0x1, &(0x7f0000000440)={r1, 0x4fbb, 0x5, 0x6, 0x1, 0x100000000}, 0x14) r2 = socket$inet6(0xa, 0x3, 0x6) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) faccessat(r3, &(0x7f0000000100)='./file0\x00', 0x42, 0x100) r5 = syz_open_procfs(0x0, &(0x7f0000000040)='net/raw6\x00') flock(r5, 0x7) r6 = syz_genetlink_get_family_id$nbd(&(0x7f0000000180)='nbd\x00') ioctl$VT_WAITACTIVE(r4, 0x5607) sendmsg$NBD_CMD_CONNECT(r2, &(0x7f0000000280)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x30000}, 0xc, &(0x7f0000000240)={&(0x7f00000001c0)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="18082cbd7000fddbdf25050000001400070008000100", @ANYRES32=r3, @ANYBLOB="08000100", @ANYRES32=r4, @ANYBLOB="0c000400ffffffff0000000008000100000000000800010000000000"], 0x44}, 0x1, 0x0, 0x0, 0x8084}, 0x44040) write$P9_RLERRORu(r3, &(0x7f00000002c0)={0x16, 0x7, 0x2, {{0x9, 'net/raw6\x00'}}}, 0x16) ioctl$KDGKBSENT(r5, 0x4b48, &(0x7f0000000000)={0x2, 0x1dd, 0x17}) ioctl$EVIOCRMFF(r5, 0x40044581, &(0x7f0000000300)=0x1) openat$pfkey(0xffffffffffffff9c, &(0x7f0000000080)='/proc/self/net/pfkey\x00', 0x800, 0x0) sendfile(r2, r5, &(0x7f00000000c0)=0x14b, 0x401) 14:32:47 executing program 1: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f00000000c0)={'\x00', 0x400}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000200)={0x94, &(0x7f0000000140)}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000140)=@assoc_value, &(0x7f0000000180)=0x8) fsetxattr$security_capability(r0, &(0x7f00000001c0)='security.capability\x00', &(0x7f0000000240)=@v2={0x2000000, [{0x2, 0x4}, {0x29, 0x2}]}, 0x14, 0x1) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={"76657400000000000000000400", 0x10}) [ 1008.735725] audit: type=1326 audit(1539268367.314:243): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=9971 comm="syz-executor5" exe="/root/syz-executor5" sig=9 arch=c000003e syscall=228 compat=0 ip=0x45a37a code=0x0 14:32:47 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={&(0x7f0000000000), 0xc, &(0x7f0000000540)={&(0x7f00000003c0)=@newlink={0x28, 0x10, 0x705, 0x0, 0x0, {0x700}, [@IFLA_OPERSTATE={0x8}]}, 0x28}}, 0x0) 14:32:47 executing program 3: r0 = socket$inet6(0xa, 0x3, 0x6) r1 = syz_open_procfs(0x0, &(0x7f0000000040)='net/raw6\x00') ioctl$EVIOCGABS0(r1, 0x80184540, &(0x7f0000000100)=""/4096) sendfile(r0, r1, &(0x7f00000000c0)=0x400000014b, 0x401) ioctl$PIO_FONTRESET(r1, 0x4b6d, 0x0) 14:32:47 executing program 0: r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1, 0x0) write$P9_RLOCK(r1, &(0x7f00000000c0)={0x8}, 0x8) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000740)=ANY=[@ANYBLOB="0077010000000000060000000080"]) 14:32:47 executing program 2: write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000180)={0x20, 0xffffffffffffffda}, 0x20) r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/net/tun\x00', 0x100000080, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f00000000c0)={'\x00', 0x400}) creat(&(0x7f0000000100)='./file0\x00', 0x10) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f00000001c0)={0x36c, &(0x7f0000000140)}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={"76657400000000000000000400", 0x43732e5398416f1a}) ioctl$TUNSETTXFILTER(r0, 0x400454d1, &(0x7f0000000140)=ANY=[@ANYBLOB="01000900000000000000aaaaaaaaaabbffffffffffff0180c2000180c2000002a261140c4e5daaaaaaaaaaaa"]) clock_gettime(0x4, &(0x7f0000000200)) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000240)={'veth1\x00', 0x2}) 14:32:47 executing program 1: r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/net/tun\x00', 0x0, 0x0) r1 = syz_open_dev$sndpcmp(&(0x7f0000000300)='/dev/snd/pcmC#D#p\x00', 0x101, 0x181801) ioctl$SNDRV_TIMER_IOCTL_TREAD(r1, 0x40045402, &(0x7f0000000340)) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f00000000c0)={'\x00', 0x400}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000200)={0x94, &(0x7f0000000140)}) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000140)=@assoc_value, &(0x7f0000000180)=0x8) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000000)={"76657400000000000000000400", 0x43732e5398416f1a}) r3 = accept$inet6(0xffffffffffffff9c, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2}, &(0x7f0000000240)=0x1c) getsockopt$inet_sctp6_SCTP_NODELAY(r3, 0x84, 0x3, &(0x7f0000000280), &(0x7f00000002c0)=0x4) 14:32:47 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={&(0x7f0000000000), 0xc, &(0x7f0000000540)={&(0x7f00000003c0)=@newlink={0x28, 0x10, 0x705, 0x0, 0x0, {0x7a000000}, [@IFLA_OPERSTATE={0x8}]}, 0x28}}, 0x0) 14:32:48 executing program 5: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) prctl$seccomp(0x16, 0x1, &(0x7f0000000040)={0x0}) 14:32:48 executing program 0: r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1, 0x0) write$P9_RLOCK(r1, &(0x7f00000000c0)={0x8}, 0x8) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000740)=ANY=[@ANYBLOB="0001ea0000000000060000000080"]) 14:32:48 executing program 3: r0 = socket$inet6(0xa, 0x3, 0x6) ioctl$sock_FIOGETOWN(r0, 0x8903, &(0x7f0000000080)) r1 = fcntl$getown(r0, 0x9) r2 = syz_open_procfs(r1, &(0x7f0000000000)='fdinfo/3\x00') sendfile(r0, r2, &(0x7f00000000c0)=0x14b, 0x401) 14:32:48 executing program 2: r0 = syz_open_dev$admmidi(&(0x7f0000000140)='/dev/admmidi#\x00', 0xff, 0x111002) ioctl$UI_SET_LEDBIT(r0, 0x40045569, 0xa) write$FUSE_OPEN(0xffffffffffffffff, &(0x7f00000001c0)={0x20, 0xffffffffffffffda}, 0x20) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'lo\x00', 0x43732e5398416f1e}) ioctl$TUNSETQUEUE(r1, 0x400454d9, &(0x7f00000000c0)={'\x00', 0x204}) ioctl$TUNATTACHFILTER(r1, 0x401054d5, &(0x7f0000000200)={0x94, &(0x7f0000000140)}) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000000)={"76657400000000000000000400", 0x43732e5398416f1a}) 14:32:48 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={&(0x7f0000000000), 0xc, &(0x7f0000000540)={&(0x7f00000003c0)=@newlink={0x28, 0x10, 0x705, 0x0, 0x0, {0x6800}, [@IFLA_OPERSTATE={0x8}]}, 0x28}}, 0x0) 14:32:48 executing program 1: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f00000000c0)={'\x00', 0x400}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000200)={0x94, &(0x7f0000000140)}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x8000003, 0x0) getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000140)=@assoc_value, &(0x7f0000000180)=0x8) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={"76657400000000000000000400", 0x43732e5398416f1a}) 14:32:48 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={&(0x7f0000000000), 0xc, &(0x7f0000000540)={&(0x7f00000003c0)=@newlink={0x28, 0x10, 0x705, 0x0, 0x0, {0x3617}, [@IFLA_OPERSTATE={0x8}]}, 0x28}}, 0x0) [ 1009.569602] audit: type=1326 audit(1539268368.154:244): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=10015 comm="syz-executor5" exe="/root/syz-executor5" sig=9 arch=c000003e syscall=228 compat=0 ip=0x45a37a code=0x0 14:32:48 executing program 3: r0 = socket$inet6(0xa, 0x3, 0x6) r1 = syz_open_procfs(0x0, &(0x7f0000000040)="6eb6afae9802766574") sendfile(r0, r0, &(0x7f00000000c0)=0x14d, 0x401) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e22, 0xbb9, @remote}, 0x1c) ioctl$KDSETLED(r1, 0x4b32, 0x4ef) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x0, 0x0) recvfrom$inet6(r1, &(0x7f0000000100)=""/244, 0xf4, 0x20, &(0x7f0000000200)={0xa, 0x6, 0x6, @ipv4={[], [], @rand_addr=0x5}, 0x7}, 0x1c) 14:32:48 executing program 0: r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1, 0x0) write$P9_RLOCK(r1, &(0x7f00000000c0)={0x8}, 0x8) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000740)=ANY=[@ANYBLOB="0000e40000000000060000000080"]) 14:32:48 executing program 2: write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000180)={0x20, 0xffffffffffffffda}, 0x20) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f00000000c0)={'\x00', 0x400}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000200)={0x94, &(0x7f0000000140)}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={"76657400000000000000000400", 0x43732e5398416f1a}) r2 = fcntl$dupfd(r0, 0x406, r0) r3 = syz_genetlink_get_family_id$ipvs(&(0x7f00000001c0)='IPVS\x00') sendmsg$IPVS_CMD_GET_CONFIG(r2, &(0x7f0000000300)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000240)=ANY=[@ANYBLOB='d\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="0c010bbd7000fcdbdf250d00000008000400510000004800030014000600fe8000000000000000000000000000bb080003000200000008000500ffffffff080007004e2000000800010001000000080007004e200000080007004e210000"], 0x64}, 0x1, 0x0, 0x0, 0x80}, 0x4) 14:32:48 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={&(0x7f0000000000), 0xc, &(0x7f0000000540)={&(0x7f00000003c0)=@newlink={0x28, 0x10, 0x705, 0x0, 0x0, {0x74}, [@IFLA_OPERSTATE={0x8}]}, 0x28}}, 0x0) 14:32:48 executing program 1: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f00000000c0)={'\x00', 0x400}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000200)={0x94, &(0x7f0000000140)}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000140)=@assoc_value, &(0x7f0000000180)=0x8) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000001c0)={"726f736530ecffffff0000000000c600", 0x10000400}) 14:32:48 executing program 5: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) prctl$seccomp(0x16, 0x1, &(0x7f0000000040)={0x0}) 14:32:48 executing program 3: r0 = socket$inet6(0xa, 0x3, 0x6) r1 = syz_open_procfs(0x0, &(0x7f0000000040)='net/raw6\x00') ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000140)={0x16, 0x1, 0x400}) setsockopt$sock_int(r0, 0x1, 0xc, &(0x7f0000000000)=0x5, 0x4) sched_yield() sendfile(r0, r1, &(0x7f00000000c0)=0x14b, 0x401) ioctl$RNDADDENTROPY(r1, 0x40085203, &(0x7f0000000180)=ANY=[@ANYBLOB="01000000830000000000b7ffa240f50d8a99cb01cf500a07fe62fc66b506d1b0e4aaac0f94aa370d451212130c29b9baea5610a02cd88f4808b7979f2785e8ec7283a453cfcfb199876d7e6c9ebbd2313c3b25c0c5ee24a2adbf7710677125d24926447606c7bcf344f6fcd7835d40ebafecf6b55665353a49ca"]) getsockopt$inet6_buf(r1, 0x29, 0xef, &(0x7f0000000080)=""/4, &(0x7f0000000100)=0x4) 14:32:48 executing program 0: r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1, 0x0) write$P9_RLOCK(r1, &(0x7f00000000c0)={0x8}, 0x8) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000740)=ANY=[@ANYBLOB="0048000000000000060000000080"]) 14:32:48 executing program 2: write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000180)={0x20, 0xffffffbfffffffda}, 0x20) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x4000000000000000, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) r1 = dup2(r0, r0) write$P9_RLCREATE(r1, &(0x7f0000000240)={0x18, 0xf, 0x2, {{0x0, 0x3, 0x4}, 0x6}}, 0x18) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f00000000c0)={'\x00', 0x400}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000200)={0x94, &(0x7f0000000140)}) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) r3 = openat(0xffffffffffffffff, &(0x7f0000000140)='./file0\x00', 0x100, 0x80) mkdirat(r3, &(0x7f00000001c0)='./file0\x00', 0x41) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000000)={"76657400000000000000000400", 0x43732e5398416f1a}) 14:32:48 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={&(0x7f0000000000), 0xc, &(0x7f0000000540)={&(0x7f00000003c0)=@newlink={0x28, 0x10, 0x705, 0x0, 0x0, {0x200000000000000}, [@IFLA_OPERSTATE={0x8}]}, 0x28}}, 0x0) 14:32:48 executing program 1: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) r1 = openat$selinux_commit_pending_bools(0xffffffffffffff9c, &(0x7f0000000280)='/selinux/commit_pending_bools\x00', 0x1, 0x0) ioctl$EVIOCGNAME(r1, 0x80404506, &(0x7f00000002c0)=""/223) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f00000000c0)={'\x00', 0x400}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000200)={0x94, &(0x7f0000000140)}) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000140)=@assoc_value={0x0}, &(0x7f0000000180)=0x8) r4 = openat$selinux_enforce(0xffffffffffffff9c, &(0x7f00000001c0)='/selinux/enforce\x00', 0x80000, 0x0) setsockopt$inet_sctp_SCTP_ADD_STREAMS(r4, 0x84, 0x79, &(0x7f0000000240)={r3, 0x1000, 0x6}, 0x8) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000000)={"76657400000000000000000400", 0x43732e5398416f1a}) 14:32:49 executing program 3: r0 = socket$inet6(0xa, 0x3, 0x6) r1 = syz_open_procfs(0x0, &(0x7f0000000040)='net/raw6\x00') listen(r1, 0x7f) sendfile(r0, r1, &(0x7f00000000c0)=0x14b, 0x401) [ 1010.414461] audit: type=1326 audit(1539268368.994:245): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=10068 comm="syz-executor5" exe="/root/syz-executor5" sig=9 arch=c000003e syscall=228 compat=0 ip=0x45a37a code=0x0 [ 1010.414974] validate_nla: 18 callbacks suppressed [ 1010.414983] netlink: 'syz-executor4': attribute type 16 has an invalid length. [ 1010.456742] netlink: 'syz-executor4': attribute type 16 has an invalid length. 14:32:49 executing program 2: write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000180)={0x20, 0xffffffffffffffda}, 0x20) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000200)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f00000000c0)={'\x00', 0x400}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f00000001c0)={0xd9, &(0x7f0000000140)=[{0x10001, 0x101, 0x84a, 0xa4}, {0x6, 0x0, 0x9, 0x1}, {0x3, 0x1, 0x1, 0xa5}]}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={"76657400000000000000000400", 0x43732e5398416f1a}) 14:32:49 executing program 0: r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1, 0x0) write$P9_RLOCK(r1, &(0x7f00000000c0)={0x8}, 0x8) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000740)=ANY=[@ANYBLOB="000000014d000000060000000080"]) 14:32:49 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={&(0x7f0000000000), 0xc, &(0x7f0000000540)={&(0x7f00000003c0)=@newlink={0x28, 0x10, 0x705, 0x0, 0x0, {0xf0ffffff00000000}, [@IFLA_OPERSTATE={0x8}]}, 0x28}}, 0x0) 14:32:49 executing program 1: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) fcntl$setstatus(r0, 0x4, 0x40000) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f00000000c0)={'\x00', 0x400}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000200)={0x94, &(0x7f0000000140)}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/net/tun\x00', 0x0, 0x0) pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$RTC_IRQP_SET(r3, 0x4008700c, 0x15a3) write$binfmt_elf32(r1, &(0x7f00000002c0)={{0x7f, 0x45, 0x4c, 0x46, 0x6, 0xcca4, 0xe9000000000000, 0x2, 0xbc, 0x3, 0x3e, 0x4, 0x2d4, 0x38, 0x160, 0x1, 0x1, 0x20, 0x2, 0x4, 0xfff, 0x7fff}, [{0x7, 0xfffffffffffff801, 0x8001, 0xff, 0x7ff, 0x8, 0x1, 0x80}, {0x6474e551, 0x6fc, 0x3, 0x401, 0x1, 0x7e, 0x1, 0xffffffff}], "ee273f8c0bd5b1ef498633789ee92c048d819c3643c9abcab929072a5b798affc0d5d1cce5e1a2fb7b49f481cd2acb5c29b063a54743d54da5732cd78faf5f0f9101f99df451f2f059c56cdc56e3ec3f76e56b40cd77fa54c87000d25d6e84f3a9cea167bf3f3d9c09496b3f0f2ad886ecb42882eeedff4f", [[], [], [], [], [], [], [], [], []]}, 0x9f0) ioctl$KVM_GET_PIT(r2, 0xc048ae65, &(0x7f0000000240)) getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000140)=@assoc_value, &(0x7f0000000180)=0x8) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={"76657400000000000000000400", 0x43732e5398416f1a}) 14:32:49 executing program 3: r0 = socket$inet6(0xa, 0x3, 0x6) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000080)={0x0}, &(0x7f0000000100)=0xc) ioctl$TIOCGSID(0xffffffffffffff9c, 0x5429, &(0x7f0000000140)) r2 = syz_open_procfs(r1, &(0x7f0000000200)='net/udp\x00') sendfile(r0, r2, &(0x7f00000000c0)=0x14b, 0x401) write$FUSE_OPEN(r2, &(0x7f0000000000)={0x20, 0x0, 0x1, {0x0, 0x3}}, 0x20) time(&(0x7f0000000040)) [ 1010.561690] netlink: 'syz-executor4': attribute type 16 has an invalid length. [ 1010.618573] netlink: 'syz-executor4': attribute type 16 has an invalid length. 14:32:49 executing program 5: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) prctl$seccomp(0x16, 0x1, &(0x7f0000000040)={0x0}) 14:32:49 executing program 2: write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000180)={0x20, 0xffffffffffffffda}, 0x20) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) uname(&(0x7f0000000240)=""/185) openat$selinux_context(0xffffffffffffff9c, &(0x7f0000000300)='/selinux/context\x00', 0x2, 0x0) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f00000000c0)={'\x00', 0x400}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000200)={0x94, &(0x7f0000000140)}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) r2 = openat$audio(0xffffffffffffff9c, &(0x7f0000000140)='/dev/audio\x00', 0x0, 0x0) ioctl$KVM_SIGNAL_MSI(r2, 0x4020aea5, &(0x7f00000001c0)={0x0, 0x7000, 0x8, 0x0, 0x6}) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={"76657400000000000000000400", 0x43732e5398416f1a}) 14:32:49 executing program 0: r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1, 0x0) write$P9_RLOCK(r1, &(0x7f00000000c0)={0x8}, 0x8) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000740)=ANY=[@ANYBLOB="0000000141000000060000000080"]) 14:32:49 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={&(0x7f0000000000), 0xc, &(0x7f0000000540)={&(0x7f00000003c0)=@newlink={0x28, 0x10, 0x705, 0x0, 0x0, {0x9effffff}, [@IFLA_OPERSTATE={0x8}]}, 0x28}}, 0x0) 14:32:49 executing program 3: r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/raw6\x00') sendfile(0xffffffffffffffff, r0, &(0x7f00000000c0)=0x14b, 0x401) 14:32:49 executing program 1: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f00000000c0)={'\x00', 0x400}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000200)={0x94, &(0x7f0000000140)}) r1 = openat$sequencer2(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/sequencer2\x00', 0x0, 0x0) bind$vsock_dgram(r1, &(0x7f0000000240)={0x28, 0x0, 0xffffffff, @reserved}, 0x10) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000140)=@assoc_value, &(0x7f0000000180)=0x8) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000000)={"76657400000000000000000400", 0x43732e5398416f1a}) 14:32:49 executing program 3: r0 = socket$inet6(0xa, 0x3, 0x6) r1 = syz_open_procfs(0x0, &(0x7f0000000040)='net/raw6\x00') sendfile(r0, r1, &(0x7f00000000c0)=0x14b, 0x401) getsockopt$inet_sctp_SCTP_DEFAULT_SNDINFO(r1, 0x84, 0x22, &(0x7f0000000000)={0x7, 0x1, 0x5, 0x9, 0x0}, &(0x7f0000000080)=0x10) getsockopt$inet_sctp6_SCTP_LOCAL_AUTH_CHUNKS(r1, 0x84, 0x1b, &(0x7f0000000100)={r2, 0xd9, "ffebfecf961a0bc6d3d25af5576b97ce32312ec174089b70051acd34a2ddeca07965afd1df54c761b3c1272150f1d3d1e7f679914e940667623c9650ed3c989b3686f45ec43ad44d6682f0ae7567a4315cbc7041a040c0071de7ee56a0cb4851909c2a6b02abc70d88ec69363484667a6155e5ca46881048f5c51ba034b0f1298dc38e1f9466c1c8885603a935d0706e8577f88b93744f72f3a25fa3e894599d32183d879f3834221343f45bda002d682e732bd85b9e8fb7d998157459c7ba185dd177b660673987f3fdc10bf3b236515b6996b4d514b5c6b1"}, &(0x7f0000000200)=0xe1) ftruncate(r1, 0x8) 14:32:49 executing program 3: r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/raw6\x00') ioctl$sock_inet_tcp_SIOCOUTQNSD(r0, 0x894b, &(0x7f0000000000)) ioctl$FS_IOC_GETFSLABEL(r0, 0x81009431, &(0x7f0000000100)) sendfile(0xffffffffffffffff, r0, &(0x7f00000000c0)=0x14b, 0x401) [ 1011.258765] netlink: 'syz-executor4': attribute type 16 has an invalid length. [ 1011.271311] audit: type=1326 audit(1539268369.854:246): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=10117 comm="syz-executor5" exe="/root/syz-executor5" sig=9 arch=c000003e syscall=228 compat=0 ip=0x45a37a code=0x0 14:32:49 executing program 0: r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1, 0x0) write$P9_RLOCK(r1, &(0x7f00000000c0)={0x8}, 0x8) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000740)=ANY=[@ANYBLOB="0000000179000000060000000080"]) 14:32:49 executing program 3: r0 = socket$inet6(0xa, 0x3, 0x6) r1 = syz_open_procfs(0x0, &(0x7f0000000040)='net/raw6\x00') ioctl$KVM_CHECK_EXTENSION_VM(r1, 0xae03, 0x100) r2 = syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0xfffffffffffffc01, 0x200000) getsockopt$inet_sctp6_SCTP_DELAYED_SACK(r1, 0x84, 0x10, &(0x7f0000000080)=@assoc_value={0x0, 0xffff}, &(0x7f0000000100)=0x8) setsockopt$inet_sctp6_SCTP_DELAYED_SACK(r2, 0x84, 0x10, &(0x7f0000000140)=@sack_info={r3, 0xfffffffffffffbff, 0x17}, 0xc) sendfile(r0, r1, &(0x7f00000000c0)=0x14b, 0x401) 14:32:49 executing program 2: write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000180)={0x20, 0xffffffffffffffda}, 0x20) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) init_module(&(0x7f0000000140)="76657400000000000000000400", 0xd, &(0x7f00000001c0)='}-{ppp0-wlan0*\x00') ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f00000000c0)={'\x00', 0x400}) r1 = dup3(r0, r0, 0x80000) r2 = syz_genetlink_get_family_id$nbd(&(0x7f0000000280)='nbd\x00') r3 = socket(0x2, 0x802, 0x0) r4 = openat$selinux_checkreqprot(0xffffffffffffff9c, &(0x7f00000002c0)='/selinux/checkreqprot\x00', 0x0, 0x0) r5 = syz_open_dev$sndpcmc(&(0x7f0000000300)='/dev/snd/pcmC#D#c\x00', 0x80, 0x80800) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f0000000400)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f00000003c0)={&(0x7f0000000340)={0x68, r2, 0x110, 0x70bd28, 0x25dfdbfe, {}, [@NBD_ATTR_SOCKETS={0x1c, 0x7, [{0x8, 0x1, r3}, {0x8, 0x1, r4}, {0x8, 0x1, r5}]}, @NBD_ATTR_CLIENT_FLAGS={0xc, 0x6, 0x3}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x8}, @NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x7}, @NBD_ATTR_CLIENT_FLAGS={0xc, 0x6, 0x2}]}, 0x68}, 0x1, 0x0, 0x0, 0x8000}, 0x40000) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000200)={0x94, &(0x7f0000000140)}) r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r6, 0x400454ca, &(0x7f0000000000)={"76657400000000000000000400", 0x43732e5398416f1a}) [ 1011.316943] netlink: 'syz-executor4': attribute type 16 has an invalid length. 14:32:49 executing program 1: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000380)='/dev/net/tun\x00', 0x10000, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f00000000c0)={"00000000000000000000000074f81000", 0x200000000000400}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000200)={0x94, &(0x7f0000000140)}) r1 = syz_open_dev$usb(&(0x7f00000003c0)='/dev/bus/usb/00#/00#\x00', 0x200, 0x200) ioctl$DRM_IOCTL_RES_CTX(r1, 0xc0106426, &(0x7f0000000440)={0x2, &(0x7f0000000400)=[{}, {}]}) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETQUEUE(r2, 0x400454d9, &(0x7f0000000100)={'veth1_to_team\x00', 0x200}) perf_event_open(&(0x7f0000000240)={0x3, 0x70, 0x3, 0x100000001, 0x8, 0xa7, 0x0, 0x9, 0x40, 0x0, 0x7ff, 0x2, 0x80, 0x101, 0x2, 0x101, 0x31e800000, 0xf362, 0x2, 0x6, 0x6, 0x2, 0xffffffffffffeba7, 0x76, 0x0, 0x7fffffff, 0x7, 0x7, 0x4, 0x8, 0x7, 0x2, 0xffff, 0x49344b3a, 0x0, 0x8, 0x4, 0x10000, 0x0, 0x8, 0x0, @perf_bp={&(0x7f00000001c0), 0x6}, 0x30000, 0x7, 0xfffffffffffffffa, 0x1, 0x6, 0xb3, 0x8}, 0x0, 0xf, 0xffffffffffffffff, 0x9) getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000140)=@assoc_value, &(0x7f0000000180)=0x8) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000000)={"76657400000000000000000400", 0x43732e5398416f1a}) getsockopt$inet_IP_IPSEC_POLICY(r1, 0x0, 0x10, &(0x7f0000000480)={{{@in6=@mcast2, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@dev}, 0x0, @in=@dev}}, &(0x7f0000000580)=0xe8) setsockopt$inet_mreqn(r1, 0x0, 0x20, &(0x7f00000005c0)={@multicast1, @dev={0xac, 0x14, 0x14, 0x12}, r3}, 0xc) r4 = openat$selinux_avc_hash_stats(0xffffffffffffff9c, &(0x7f00000002c0)='/selinux/avc/hash_stats\x00', 0x0, 0x0) setsockopt$packet_fanout_data(r4, 0x107, 0x16, &(0x7f0000000340)={0x1, &(0x7f0000000300)=[{0x5, 0x0, 0x5, 0x34}]}, 0x10) 14:32:50 executing program 5: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) prctl$seccomp(0x16, 0x1, &(0x7f0000000040)={0x0}) 14:32:50 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={&(0x7f0000000000), 0xc, &(0x7f0000000540)={&(0x7f00000003c0)=@newlink={0x28, 0x10, 0x705, 0x0, 0x0, {0x4c000000}, [@IFLA_OPERSTATE={0x8}]}, 0x28}}, 0x0) 14:32:50 executing program 0: r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1, 0x0) write$P9_RLOCK(r1, &(0x7f00000000c0)={0x8}, 0x8) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000740)=ANY=[@ANYBLOB="0001160000000000060000000080"]) 14:32:50 executing program 3: r0 = socket$inet6(0xa, 0x3, 0x6) r1 = syz_open_procfs(0x0, &(0x7f0000000000)='gid_map\x00') sendfile(r0, r1, &(0x7f00000000c0)=0x14b, 0x401) 14:32:50 executing program 2: write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000280)={0x20, 0xffffffffffffff9a, 0x6, {0x0, 0x6}}, 0x20) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f00000000c0)={'\x00', 0x400}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000200)={0x0, &(0x7f0000000280)}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) socketpair$inet_dccp(0x2, 0x6, 0x0, &(0x7f0000000000)) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000240)={'ip_vti0\x00', 0x43772e5398416f17}) r2 = syz_open_procfs(0x0, &(0x7f0000000a80)='ns\x00') getsockopt$kcm_KCM_RECV_DISABLE(r2, 0x119, 0x1, &(0x7f0000000ac0), 0x4) r3 = openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000000140)='/selinux/enforce\x00', 0x20000, 0x0) ioctl$KDGKBSENT(r3, 0x4b48, &(0x7f00000001c0)={0xfffffffffffff801, 0x6, 0x4}) 14:32:50 executing program 1: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f00000000c0)={'\x00', 0x400}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000200)={0x94, &(0x7f0000000140)}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) ioctl$NBD_SET_FLAGS(0xffffffffffffffff, 0xab0a, 0x9962) getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000300)=@assoc_value, &(0x7f00000003c0)=0xfffffffffffffef7) socketpair$inet6(0xa, 0x801, 0x7, &(0x7f0000000140)={0xffffffffffffffff}) getsockopt$inet6_tcp_buf(r2, 0x6, 0x0, &(0x7f0000000400)=""/199, &(0x7f0000000180)=0xc7) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={"76657400000000000000000400", 0x43732e5398416f1a}) [ 1012.087601] audit: type=1326 audit(1539268370.664:247): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=10157 comm="syz-executor5" exe="/root/syz-executor5" sig=9 arch=c000003e syscall=228 compat=0 ip=0x45a37a code=0x0 [ 1012.118771] netlink: 'syz-executor4': attribute type 16 has an invalid length. 14:32:50 executing program 3: r0 = socket$inet6(0xa, 0x3, 0x5) ioctl$TIOCGSID(0xffffffffffffff9c, 0x5429, &(0x7f0000000000)=0x0) fsetxattr$trusted_overlay_upper(r0, &(0x7f0000000080)='trusted.overlay.upper\x00', &(0x7f0000000100)={0x0, 0xfb, 0xaa, 0x1, 0x3, "5f56d8b2a0646595d7bff5303c3f865c", "441c1eb4fe794b26f41312e3c4125c3af46847a47938f4af7010932949e6335305a4c76318ca4aa0b7c6fcd19593c5f82e7993f391614d2be7e546f3c5c5ae0b03e5d0fad7a0268704afd29b9dfb08dce3218700744cb7de025c2a9cfdbf8d198910b329824933f6f52d20a753853d274db34dcd932ea7863e95b648e3c3642942c166f47f71bd62bb2b35c9f5d4104225738c99b3"}, 0xaa, 0x2) r2 = syz_open_procfs(r1, &(0x7f0000000040)='net/raw6\x00') sendfile(r0, r2, &(0x7f00000000c0)=0x14b, 0x401) 14:32:50 executing program 0: r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1, 0x0) write$P9_RLOCK(r1, &(0x7f00000000c0)={0x8}, 0x8) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000740)=ANY=[@ANYBLOB="00008c0000000000060000000080"]) 14:32:50 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={&(0x7f0000000000), 0xc, &(0x7f0000000540)={&(0x7f00000003c0)=@newlink={0x28, 0x10, 0x705, 0x0, 0x0, {0x6c00}, [@IFLA_OPERSTATE={0x8}]}, 0x28}}, 0x0) [ 1012.137273] netlink: 'syz-executor4': attribute type 16 has an invalid length. 14:32:50 executing program 2: write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000180)={0x20, 0xffffffffffffffda}, 0x20) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f00000000c0)={'\x00', 0x400}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000200)={0x94, &(0x7f0000000140)}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={"76657400000000000000000400", 0x43732e5398416f1a}) r2 = syz_open_dev$dri(&(0x7f0000000240)='/dev/dri/card#\x00', 0x4, 0x80002) ioctl$DRM_IOCTL_RES_CTX(0xffffffffffffff9c, 0xc0106426, &(0x7f00000002c0)={0x2, &(0x7f0000000280)=[{0x0}, {}]}) ioctl$DRM_IOCTL_RM_CTX(r2, 0xc0086421, &(0x7f0000000300)={r3, 0x2}) pipe(&(0x7f0000000140)={0xffffffffffffffff}) ioctl$PIO_FONT(r4, 0x4b61, &(0x7f00000001c0)="d95208874e13284866a166ce8f98b3e324e32c090104a95bb9530a51434feefd614702773352b5962d7ea5cedb41") 14:32:50 executing program 3: r0 = syz_open_dev$sndpcmp(&(0x7f0000000200)='/dev/snd/pcmC#D#p\x00', 0x80000000, 0x4000) ioctl$VHOST_GET_VRING_BASE(r0, 0xc008af12, &(0x7f00000002c0)) r1 = openat$selinux_mls(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/mls\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_GSTATUS(r1, 0xc0505405, &(0x7f0000000100)={{0x1, 0x3, 0x1ff, 0x3, 0x400}, 0xfff, 0x3f, 0x6}) r2 = socket$inet6(0xa, 0x0, 0x6) r3 = syz_open_procfs(0x0, &(0x7f0000000040)='net/raw6\x00') ioctl$int_in(r3, 0x5452, &(0x7f0000000280)=0x10) r4 = getpgrp(0xffffffffffffffff) ioctl$BLKTRACESETUP(r3, 0xc0481273, &(0x7f0000000180)={[], 0x2, 0x5, 0xfffffffffffffffd, 0x7, 0x300000000000, r4}) setsockopt$inet6_mtu(r1, 0x29, 0x17, &(0x7f0000000080), 0x4) sendfile(r2, r0, &(0x7f00000000c0)=0x1, 0x400) socket(0x2, 0x801, 0x6) 14:32:50 executing program 0: r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1, 0x0) write$P9_RLOCK(r1, &(0x7f00000000c0)={0x8}, 0x8) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000740)=ANY=[@ANYBLOB="00de010000000000060000000080"]) [ 1012.247508] netlink: 'syz-executor4': attribute type 16 has an invalid length. [ 1012.283691] netlink: 'syz-executor4': attribute type 16 has an invalid length. 14:32:51 executing program 5: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) prctl$seccomp(0x16, 0x1, &(0x7f0000000040)={0x0}) 14:32:51 executing program 2: write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000180)={0x20, 0xffffffffffffffda}, 0x20) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) fadvise64(r0, 0x0, 0x3, 0x6) r1 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000140)='/selinux/policy\x00', 0x0, 0x0) write$cgroup_type(0xffffffffffffff9c, &(0x7f0000000280)='threaded\x00', 0x9) fcntl$getownex(r0, 0x10, &(0x7f00000001c0)={0x0, 0x0}) mq_notify(r1, &(0x7f0000000240)={0x0, 0x38, 0x6, @tid=r2}) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f00000000c0)={'\x00', 0x400}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000200)={0x94, &(0x7f0000000140)}) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) write$FUSE_NOTIFY_STORE(r1, &(0x7f00000002c0)={0x2f, 0x4, 0x0, {0x3, 0x2, 0x7, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}, 0x2f) ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000000)={"76657400000000000000000400", 0x43732e5398416f1a}) 14:32:51 executing program 1: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f00000000c0)={'\x00', 0x400}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000200)={0x94, &(0x7f0000000140)}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000140)=@assoc_value, &(0x7f0000000180)=0x8) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={"76657400000000000000000400", 0x43732e5398416f1a}) getresgid(&(0x7f00000001c0)=0x0, &(0x7f0000000240), &(0x7f0000000280)) ioctl$TUNSETGROUP(r0, 0x400454ce, r2) 14:32:51 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={&(0x7f0000000000), 0xc, &(0x7f0000000540)={&(0x7f00000003c0)=@newlink={0x28, 0x10, 0x705, 0x0, 0x0, {0x2}, [@IFLA_OPERSTATE={0x8}]}, 0x28}}, 0x0) 14:32:51 executing program 0: r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1, 0x0) write$P9_RLOCK(r1, &(0x7f00000000c0)={0x8}, 0x8) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000740)=ANY=[@ANYBLOB="0063010000000000060000000080"]) 14:32:51 executing program 3: r0 = socket$inet6(0xa, 0x3, 0xa) r1 = syz_open_procfs(0x0, &(0x7f0000000040)='net/raw6\x00') setsockopt$bt_hci_HCI_DATA_DIR(r1, 0x0, 0x1, &(0x7f0000000000), 0x4) sendfile(r0, r1, &(0x7f00000000c0)=0x14b, 0x401) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_CLIENT(r1, 0xc04c5349, &(0x7f0000000100)={0x5, 0xfffffffffffffffe, 0x100006cee}) 14:32:51 executing program 3: r0 = socket$inet6(0xa, 0x3, 0x6) r1 = syz_open_procfs(0x0, &(0x7f0000000040)='net/raw6\x00') sendfile(r0, r1, &(0x7f00000000c0)=0x14b, 0x401) socket$nl_generic(0x10, 0x3, 0x10) setsockopt$RDS_FREE_MR(r1, 0x114, 0x3, &(0x7f0000000000)={{0x6, 0x4a9}, 0x8}, 0x10) [ 1012.924769] audit: type=1326 audit(1539268371.504:248): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=10214 comm="syz-executor5" exe="/root/syz-executor5" sig=9 arch=c000003e syscall=228 compat=0 ip=0x45a37a code=0x0 14:32:51 executing program 0: r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1, 0x0) write$P9_RLOCK(r1, &(0x7f00000000c0)={0x8}, 0x8) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000740)=ANY=[@ANYBLOB="000000008d000000060000000080"]) 14:32:51 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={&(0x7f0000000000), 0xc, &(0x7f0000000540)={&(0x7f00000003c0)=@newlink={0x28, 0x10, 0x705, 0x0, 0x0, {0x60}, [@IFLA_OPERSTATE={0x8}]}, 0x28}}, 0x0) 14:32:51 executing program 2: write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000180)={0x20, 0xffffffffffffffda}, 0x20) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f0000000440)={'\x00', 0x400}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000200)={0x94, &(0x7f0000000140)}) ioctl$TUNSETVNETHDRSZ(r0, 0x400454d8, &(0x7f00000001c0)=0x200) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) getresuid(&(0x7f0000000000)=0x0, &(0x7f0000000300), &(0x7f0000000340)) lstat(&(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) fchown(r1, r2, r3) r4 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000140)='/dev/fuse\x00', 0x2, 0x0) write$FUSE_STATFS(r4, &(0x7f0000000240)={0x60, 0x0, 0x6, {{0x156, 0x0, 0x2, 0x2, 0x1, 0x4764, 0x7, 0x80000}}}, 0x60) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000002c0)={"76657400000000000000000400", 0x43732e5398416f3a}) 14:32:51 executing program 1: r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/net/tun\x00', 0x3, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f00000000c0)={'\x00', 0x400}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000200)={0x94, &(0x7f0000000140)}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000140)=@assoc_value={0x0}, &(0x7f0000000180)=0x8) syz_open_dev$mice(&(0x7f00000004c0)='/dev/input/mice\x00', 0x0, 0x80000) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={"76657400000000000000000400", 0x43732e5398416f1a}) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000100)={'team_slave_0\x00', 0x101}) r3 = dup(r1) setsockopt$packet_int(r3, 0x107, 0x13, &(0x7f0000000280)=0xf24f, 0x4) r4 = syz_open_procfs(0x0, &(0x7f0000000540)="6e65742f69705f76735f737463747300229df049409db83a32a1e19c4757c384f1c2104ae0f0f785bf495c5b52446b") setsockopt$inet_sctp_SCTP_RTOINFO(r4, 0x84, 0x0, &(0x7f0000000240)={r2, 0x80000000, 0xff, 0xde9}, 0x10) getsockopt$inet_sctp_SCTP_MAXSEG(r4, 0x84, 0xd, &(0x7f00000001c0)=@assoc_value={r2, 0xfd}, &(0x7f0000000500)=0x8) write$UHID_CREATE2(r4, &(0x7f0000000300)={0xb, 'syz1\x00', 'syz0\x00', 'syz1\x00', 0x89, 0x9, 0xffffffff, 0x1, 0xb4c, 0x5, "bb541cf224dea810e52c3afc0f8e9c464bc961bddd855a1d71cc8a72d70c2c818ff04edf9085f35b0353c7627c6613cb6871ae4d40b9e65c1abd5900597a111bcc9401f24b231cd92596d9a815a4ca847e0b32f129bf532f486a36cca25486c2327091fa3ff7b43e053312361c9fed75c646e75e571aa7cf31d8feeb8f67199adadedb036ffb5a114a"}, 0x1a1) 14:32:51 executing program 3: r0 = socket$inet6(0xa, 0x3, 0x6) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x10, &(0x7f0000000000)='vmnet0em1wlan1[\x00'}, 0x30) r2 = syz_open_procfs(r1, &(0x7f0000000040)='net/raw6\x00') getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f00000001c0)={0x0, 0x94, &(0x7f0000000100)=[@in6={0xa, 0x4e23, 0x7, @mcast1, 0x1f}, @in={0x2, 0x4e22, @rand_addr=0x80}, @in6={0xa, 0x4e24, 0x5, @mcast1, 0x7fff}, @in6={0xa, 0x4e23, 0x9, @local, 0x2}, @in={0x2, 0x4e24, @broadcast}, @in={0x2, 0x4e23, @local}, @in={0x2, 0x4e23, @local}]}, &(0x7f0000000200)=0x10) getsockopt$inet_sctp_SCTP_PR_ASSOC_STATUS(r0, 0x84, 0x73, &(0x7f0000000240)={r3, 0x6, 0x30, 0x10000, 0x90}, &(0x7f0000000280)=0x18) sendfile(r0, r2, &(0x7f00000000c0)=0x14b, 0x401) epoll_create(0x4) getrlimit(0x4, &(0x7f00000002c0)) 14:32:52 executing program 5: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) prctl$seccomp(0x16, 0x1, &(0x7f0000000040)={0x0}) 14:32:52 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={&(0x7f0000000000), 0xc, &(0x7f0000000540)={&(0x7f00000003c0)=@newlink={0x28, 0x10, 0x705, 0x0, 0x0, {0x1736}, [@IFLA_OPERSTATE={0x8}]}, 0x28}}, 0x0) 14:32:52 executing program 0: r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1, 0x0) write$P9_RLOCK(r1, &(0x7f00000000c0)={0x8}, 0x8) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000740)=ANY=[@ANYBLOB="00000001ad000000060000000080"]) 14:32:52 executing program 2: syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f0000000500)="8da4363a00000020000000000000004d01000000000000000000000000000000ecf6f2a2299748aeb81e1b00920efd9a000001000000000001000000000000005f42485266535f4d", 0x48, 0x10000}], 0x0, &(0x7f0000000240)) 14:32:52 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f00000ba000)={0x1, 0x5, &(0x7f0000346fc8)=@framed={{}, [@alu={0x8000000201a7f19}]}, &(0x7f0000f6bffb)='GPL\x00', 0xfffffffffffffffc, 0x418, &(0x7f00001a7f05)=""/251}, 0x48) 14:32:52 executing program 1: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f00000000c0)={'\x00', 0x400}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000200)={0x1ffffffffffffcef, &(0x7f0000000380)=[{0x8, 0x7, 0xa72, 0x6}]}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000300)='/dev/net/tun\x00', 0x80, 0x0) getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000140)=@assoc_value, &(0x7f0000000180)=0x8) ioctl$FS_IOC_SETVERSION(r0, 0x40087602, &(0x7f0000000080)=0xbd) r2 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/qat_adf_ctl\x00', 0x1, 0x0) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f0000000340)={'syz_tun\x00'}) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffff9c, &(0x7f0000000280)={0x0, 0x18, 0xfa00, {0x3, &(0x7f0000000240)={0xffffffffffffffff}, 0x13f}}, 0x20) write$RDMA_USER_CM_CMD_RESOLVE_ROUTE(r2, &(0x7f00000002c0)={0x4, 0x8, 0xfa00, {r3, 0x9}}, 0x10) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={"76657400000000000000000400", 0x43732e5398416f1a}) 14:32:52 executing program 3: request_key(&(0x7f00000002c0)='dns_resolver\x00', &(0x7f0000000080)={'sy.'}, &(0x7f0000000300)="7010eda48fbdbb3ce7025b02207703006a726f63ce152e7b6cf96e316b667972694e670000", 0x0) [ 1013.760283] audit: type=1326 audit(1539268372.344:249): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=10266 comm="syz-executor5" exe="/root/syz-executor5" sig=9 arch=c000003e syscall=228 compat=0 ip=0x45a37a code=0x0 14:32:52 executing program 0: r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1, 0x0) write$P9_RLOCK(r1, &(0x7f00000000c0)={0x8}, 0x8) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000740)=ANY=[@ANYBLOB="0000000076000000060000000080"]) 14:32:52 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={&(0x7f0000000000), 0xc, &(0x7f0000000540)={&(0x7f00000003c0)=@newlink={0x28, 0x10, 0x705, 0x0, 0x0, {0x6c00000000000000}, [@IFLA_OPERSTATE={0x8}]}, 0x28}}, 0x0) [ 1013.818867] BTRFS: device fsid ecf6f2a2-2997-48ae-b81e-1b00920efd9a devid 0 transid 0 /dev/loop2 14:32:52 executing program 2: request_key(&(0x7f0000000600)='keyring\x00', &(0x7f0000000640)={'syz', 0x0}, &(0x7f0000000680)=':\x00', 0xfffffffffffffffb) 14:32:52 executing program 1: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f00000000c0)={'\x00', 0x400}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000200)={0x20ee, &(0x7f0000000140)}) r1 = syz_open_dev$mice(&(0x7f00000001c0)='/dev/input/mice\x00', 0x0, 0x800) mkdirat(r1, &(0x7f0000000240)='./file0\x00', 0x104) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000140)=@assoc_value, &(0x7f0000000180)=0x8) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000000)={"76657400000000000000000400", 0x43732e5398416f1a}) 14:32:52 executing program 3: creat(&(0x7f0000000080)='./file0\x00', 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$f2fs(&(0x7f0000000000)='f2fs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, &(0x7f0000000200), 0x0, &(0x7f0000000340)=ANY=[@ANYBLOB='\x00']) [ 1014.020474] F2FS-fs (loop3): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 1014.031195] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 1014.040786] F2FS-fs (loop3): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 1014.048508] F2FS-fs (loop3): Can't find valid F2FS filesystem in 2th superblock [ 1014.056756] F2FS-fs (loop3): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 1014.063955] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 1014.071685] F2FS-fs (loop3): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 1014.079177] F2FS-fs (loop3): Can't find valid F2FS filesystem in 2th superblock [ 1014.130748] F2FS-fs (loop3): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 1014.138078] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock 14:32:53 executing program 5: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) prctl$seccomp(0x16, 0x1, &(0x7f0000000040)={0x0}) 14:32:53 executing program 0: r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1, 0x0) write$P9_RLOCK(r1, &(0x7f00000000c0)={0x8}, 0x8) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000740)=ANY=[@ANYBLOB="0001940000000000060000000080"]) 14:32:53 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={&(0x7f0000000000), 0xc, &(0x7f0000000540)={&(0x7f00000003c0)=@newlink={0x28, 0x10, 0x705, 0x0, 0x0, {0x4000000}, [@IFLA_OPERSTATE={0x8}]}, 0x28}}, 0x0) 14:32:53 executing program 2: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000080)={0x26, 'hash\x00', 0x0, 0x0, 'ghash-clmulni\x00'}, 0x58) r1 = accept4(r0, 0x0, &(0x7f0000000100), 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000200)="ad56b6c50400aeb995298992ea5400c2", 0x10) sendmmsg(r1, &(0x7f0000002100)=[{{&(0x7f0000001ac0)=@can, 0x80, &(0x7f0000001d80)=[{&(0x7f0000001c00)="4b42b00e4a3225c9f78175c59567", 0xe}], 0x1, &(0x7f0000001dc0)=[{0x44, 0x1ff, 0x5, "d68fedc1e46bbf128102de83b5fc3f48f31bddee1203d32afdb0838235edd5360606b7b589a27695ccb5fed23b66d4980d12434b0314"}], 0x44, 0x4000}, 0x2}], 0x1, 0x8000) 14:32:53 executing program 1: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f00000000c0)) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000200)={0x94, &(0x7f0000000140)}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) r2 = syz_open_dev$amidi(&(0x7f0000000280)='/dev/amidi#\x00', 0x3, 0x800) ioctl$VHOST_GET_VRING_ENDIAN(r2, 0x4008af14, &(0x7f00000002c0)={0x3, 0x81}) getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000140)=@assoc_value, &(0x7f0000000180)=0x8) r3 = openat$sequencer(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/sequencer\x00', 0x400040, 0x0) write$cgroup_int(r3, &(0x7f0000000240)=0x6, 0x12) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={"76657400000000000000000400", 0x43732e5398416f1a}) 14:32:53 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000080)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_nopr_sha256\x00'}, 0x58) r1 = dup(r0) r2 = accept4$alg(r1, 0x0, 0x0, 0x0) io_setup(0x2000000000000002, &(0x7f0000000100)=0x0) io_submit(r3, 0x1, &(0x7f000049bfe8)=[&(0x7f00004dbfc0)={0x0, 0x0, 0x0, 0x0, 0x0, r2, &(0x7f0000000000)="0f", 0x1}]) 14:32:53 executing program 2: r0 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r0) socket$kcm(0x2, 0x3, 0x2) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$kcm(0xa, 0x5, 0x0) sendmsg$kcm(r1, &(0x7f0000001c40)={&(0x7f0000000200)=@in6={0xa, 0x0, 0x7fff0000000a, @loopback={0x100000000000000}}, 0x80, &(0x7f00000018c0)=[{&(0x7f0000000280)='C', 0x1}], 0x1, &(0x7f0000001980)}, 0x0) 14:32:53 executing program 0: r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1, 0x0) write$P9_RLOCK(r1, &(0x7f00000000c0)={0x8}, 0x8) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000740)=ANY=[@ANYBLOB="00000001d5000000060000000080"]) [ 1014.588940] audit: type=1326 audit(1539268373.174:250): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=10315 comm="syz-executor5" exe="/root/syz-executor5" sig=9 arch=c000003e syscall=228 compat=0 ip=0x45a37a code=0x0 14:32:53 executing program 0: r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1, 0x0) write$P9_RLOCK(r1, &(0x7f00000000c0)={0x8}, 0x8) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000740)=ANY=[@ANYBLOB="0000840000000000060000000080"]) 14:32:53 executing program 1: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f00000000c0)={'\x00', 0x400}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000200)={0x94, &(0x7f0000000140)}) openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000140)=@assoc_value, &(0x7f0000000180)=0x8) chdir(&(0x7f00000001c0)='./file0\x00') ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'syzkaller1\x00', 0x8101}) socketpair(0x0, 0x4, 0xe07, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$RNDADDTOENTCNT(r1, 0x40045201, &(0x7f0000000280)=0x4) 14:32:53 executing program 0: r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1, 0x0) write$P9_RLOCK(r1, &(0x7f00000000c0)={0x8}, 0x8) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000740)=ANY=[@ANYBLOB="0001860000000000060000000080"]) 14:32:53 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000080)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_nopr_sha256\x00'}, 0x58) r1 = dup(r0) r2 = accept4$alg(r1, 0x0, 0x0, 0x0) io_setup(0x2000000000000002, &(0x7f0000000100)=0x0) io_submit(r3, 0x1, &(0x7f000049bfe8)=[&(0x7f00004dbfc0)={0x0, 0x0, 0x0, 0x0, 0x0, r2, &(0x7f0000000000)="0f", 0x1}]) 14:32:53 executing program 5: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) prctl$seccomp(0x16, 0x1, &(0x7f0000000040)={0x0}) 14:32:53 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={&(0x7f0000000000), 0xc, &(0x7f0000000540)={&(0x7f00000003c0)=@newlink={0x28, 0x10, 0x705, 0x0, 0x0, {0x400000000000000}, [@IFLA_OPERSTATE={0x8}]}, 0x28}}, 0x0) 14:32:53 executing program 0: r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1, 0x0) write$P9_RLOCK(r1, &(0x7f00000000c0)={0x8}, 0x8) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000740)=ANY=[@ANYBLOB="0001050000000000060000000080"]) 14:32:53 executing program 1: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f00000000c0)={'\x00', 0x400}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000200)={0x94, &(0x7f0000000140)}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) r2 = syz_open_dev$sndpcmp(&(0x7f00000001c0)='/dev/snd/pcmC#D#p\x00', 0x5, 0x10000) r3 = syz_genetlink_get_family_id$nbd(&(0x7f0000000280)='nbd\x00') r4 = openat$ipvs(0xffffffffffffff9c, &(0x7f00000002c0)='/proc/sys/net/ipv4/vs/amemthresh\x00', 0x2, 0x0) r5 = socket(0x10, 0x80a, 0x17) r6 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000300)='/dev/snapshot\x00', 0x10000, 0x0) r7 = syz_open_dev$mouse(&(0x7f0000000340)='/dev/input/mouse#\x00', 0x4, 0x2100) r8 = openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f0000000380)='/selinux/avc/cache_stats\x00', 0x0, 0x0) r9 = creat(&(0x7f00000003c0)='./file0\x00', 0x0) r10 = openat$audio(0xffffffffffffff9c, &(0x7f0000000400)='/dev/audio\x00', 0x20000, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f0000000540)='/dev/net/tun\x00', 0x200, 0x0) sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f0000000500)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f00000004c0)={&(0x7f0000000440)={0x78, r3, 0x100, 0x70bd27, 0x25dfdbfc, {}, [@NBD_ATTR_SIZE_BYTES={0xc}, @NBD_ATTR_SOCKETS={0x4c, 0x7, [{0x8, 0x1, r0}, {0x8, 0x1, r4}, {0x8, 0x1, r5}, {0x8, 0x1, r6}, {0x8, 0x1, r7}, {0x8, 0x1, r8}, {0x8, 0x1, r9}, {0x8, 0x1, r1}, {0x8, 0x1, r10}]}, @NBD_ATTR_DEAD_CONN_TIMEOUT={0xc, 0x8, 0x800}]}, 0x78}, 0x1, 0x0, 0x0, 0x40}, 0x40000) getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000140)=@assoc_value, &(0x7f0000000180)=0x8) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={"76657400000000000000000400", 0x43732e5398416f1a}) 14:32:53 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000080)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_nopr_sha256\x00'}, 0x58) r1 = dup(r0) r2 = accept4$alg(r1, 0x0, 0x0, 0x0) io_setup(0x2000000000000002, &(0x7f0000000100)=0x0) io_submit(r3, 0x1, &(0x7f000049bfe8)=[&(0x7f00004dbfc0)={0x0, 0x0, 0x0, 0x0, 0x0, r2, &(0x7f0000000000)="0f", 0x1}]) [ 1015.427122] validate_nla: 10 callbacks suppressed [ 1015.427129] netlink: 'syz-executor4': attribute type 16 has an invalid length. [ 1015.435755] audit: type=1326 audit(1539268374.014:251): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=10365 comm="syz-executor5" exe="/root/syz-executor5" sig=9 arch=c000003e syscall=228 compat=0 ip=0x45a37a code=0x0 14:32:54 executing program 0: r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1, 0x0) write$P9_RLOCK(r1, &(0x7f00000000c0)={0x8}, 0x8) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000740)=ANY=[@ANYBLOB="0000480000000000060000000080"]) 14:32:54 executing program 2: r0 = socket$inet6_udp(0xa, 0x2, 0x0) socket$key(0xf, 0x3, 0x2) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @remote, 0x3}, 0x1c) connect$inet6(r0, &(0x7f0000000080)={0xa, 0x0, 0x0, @ipv4={[], [], @multicast2}}, 0x1c) [ 1015.478710] netlink: 'syz-executor4': attribute type 16 has an invalid length. 14:32:54 executing program 1: r0 = syz_open_dev$vcsn(&(0x7f00000000c0)='/dev/vcs#\x00', 0x40, 0x400000) ioctl$KVM_PPC_GET_PVINFO(r0, 0x4080aea1, &(0x7f0000000240)=""/154) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) ioctl$TUNATTACHFILTER(r1, 0x401054d5, &(0x7f0000000200)={0x94, &(0x7f0000000140)}) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000140)=@assoc_value, &(0x7f0000000180)=0x8) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000000)={"76657400000000000000000400", 0x43732e5398416f1a}) 14:32:54 executing program 0: r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1, 0x0) write$P9_RLOCK(r1, &(0x7f00000000c0)={0x8}, 0x8) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000740)=ANY=[@ANYBLOB="0001a20000000000060000000080"]) 14:32:54 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={&(0x7f0000000000), 0xc, &(0x7f0000000540)={&(0x7f00000003c0)=@newlink={0x28, 0x10, 0x705, 0x0, 0x0, {0x81000000}, [@IFLA_OPERSTATE={0x8}]}, 0x28}}, 0x0) 14:32:54 executing program 0: r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1, 0x0) write$P9_RLOCK(r1, &(0x7f00000000c0)={0x8}, 0x8) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000740)=ANY=[@ANYBLOB="0047010000000000060000000080"]) 14:32:54 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000080)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_nopr_sha256\x00'}, 0x58) r1 = dup(r0) r2 = accept4$alg(r1, 0x0, 0x0, 0x0) io_setup(0x2000000000000002, &(0x7f0000000100)=0x0) io_submit(r3, 0x1, &(0x7f000049bfe8)=[&(0x7f00004dbfc0)={0x0, 0x0, 0x0, 0x0, 0x0, r2, &(0x7f0000000000)="0f", 0x1}]) [ 1015.617025] netlink: 'syz-executor4': attribute type 16 has an invalid length. [ 1015.625852] netlink: 'syz-executor4': attribute type 16 has an invalid length. 14:32:54 executing program 5: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) prctl$seccomp(0x16, 0x1, &(0x7f0000000040)={0x0}) 14:32:54 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={&(0x7f0000000000), 0xc, &(0x7f0000000540)={&(0x7f00000003c0)=@newlink={0x28, 0x10, 0x705, 0x0, 0x0, {0x400300}, [@IFLA_OPERSTATE={0x8}]}, 0x28}}, 0x0) 14:32:54 executing program 2: socketpair$unix(0x1, 0x20000000000002, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) request_key(&(0x7f00000002c0)='dns_resolver\x00', &(0x7f0000000000)={'syz', 0x1}, &(0x7f0000000240)="7010eda48fbdbb3ce7025b02007703006a726f63ce152e7b6c616e316b657972694e670000", 0x0) 14:32:54 executing program 1: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f00000000c0)={'\x00', 0x400}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000200)={0x94, &(0x7f0000000140)}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) r2 = openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000000340)='/selinux/enforce\x00', 0x2280, 0x0) r3 = syz_genetlink_get_family_id$team(&(0x7f00000003c0)='team\x00') getsockopt$inet_pktinfo(0xffffffffffffff9c, 0x0, 0x8, &(0x7f00000004c0)={0x0, @rand_addr, @remote}, &(0x7f0000000500)=0xc) getpeername$packet(0xffffffffffffff9c, &(0x7f0000000540)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @local}, &(0x7f0000000580)=0x14) getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, &(0x7f0000000680)={{{@in=@local, @in6=@loopback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@loopback}, 0x0, @in=@dev}}, &(0x7f0000000780)=0xe8) ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffff9c, 0x8933, &(0x7f00000007c0)={'team0\x00', 0x0}) getsockopt$inet_pktinfo(0xffffffffffffff9c, 0x0, 0x8, &(0x7f0000000800)={0x0, @rand_addr, @remote}, &(0x7f0000000840)=0xc) getsockname$packet(0xffffffffffffff9c, &(0x7f0000003980)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000039c0)=0x14) ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f0000003a00)={'team0\x00', 0x0}) getsockopt$inet_mreqn(0xffffffffffffff9c, 0x0, 0x24, &(0x7f0000003a40)={@rand_addr, @remote, 0x0}, &(0x7f0000003a80)=0xc) getsockopt$inet6_mreq(r1, 0x29, 0x14, &(0x7f0000003ac0)={@remote, 0x0}, &(0x7f0000003b00)=0x14) r13 = accept4$packet(0xffffffffffffffff, &(0x7f0000003b40)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, &(0x7f0000003b80)=0x14, 0x80000) accept4$packet(r0, &(0x7f0000003bc0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @random}, &(0x7f0000003c00)=0x14, 0x0) getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000003c40)={0x0, @broadcast, @local}, &(0x7f0000003c80)=0xc) clock_gettime(0x0, &(0x7f0000005c00)={0x0, 0x0}) recvmmsg(0xffffffffffffffff, &(0x7f0000005b40)=[{{&(0x7f0000003cc0)=@generic, 0x80, &(0x7f0000004040)=[{&(0x7f0000003d40)=""/209, 0xd1}, {&(0x7f0000003e40)=""/37, 0x25}, {&(0x7f0000003e80)=""/131, 0x83}, {&(0x7f0000003f40)}, {&(0x7f0000003f80)=""/176, 0xb0}], 0x5, &(0x7f00000040c0)=""/203, 0xcb, 0x6}, 0x7fffffff}, {{&(0x7f00000041c0)=@hci={0x1f, 0x0}, 0x80, &(0x7f0000004500)=[{&(0x7f0000004240)=""/203, 0xcb}, {&(0x7f0000004340)=""/28, 0x1c}, {&(0x7f0000004380)=""/25, 0x19}, {&(0x7f00000043c0)=""/37, 0x25}, {&(0x7f0000004400)=""/194, 0xc2}], 0x5, &(0x7f0000004580)=""/102, 0x66, 0x9}, 0x2}, {{&(0x7f0000004600)=@pppol2tpin6, 0x80, &(0x7f0000005a00)=[{&(0x7f0000004680)=""/192, 0xc0}, {&(0x7f0000004740)=""/4096, 0x1000}, {&(0x7f0000005740)=""/173, 0xad}, {&(0x7f0000005800)=""/74, 0x4a}, {&(0x7f0000005880)=""/163, 0xa3}, {&(0x7f0000005940)=""/35, 0x23}, {&(0x7f0000005980)=""/5, 0x5}, {&(0x7f00000059c0)=""/63, 0x3f}], 0x8, &(0x7f0000005a80)=""/162, 0xa2, 0x7fff}, 0x3}], 0x3, 0x7180c6c30ae399d0, &(0x7f0000005c40)={r17, r18+30000000}) getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffff9c, 0x29, 0x23, &(0x7f0000008280)={{{@in=@broadcast, @in6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@dev}, 0x0, @in=@loopback}}, &(0x7f0000008380)=0xe8) getsockname$packet(0xffffffffffffffff, &(0x7f00000083c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000008400)=0x14) getsockopt$inet_pktinfo(r13, 0x0, 0x8, &(0x7f0000000400)={0x0, @local, @loopback}, &(0x7f0000008480)=0xc) accept$packet(0xffffffffffffff9c, &(0x7f00000084c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @remote}, &(0x7f0000008500)=0x14) accept$packet(0xffffffffffffffff, &(0x7f0000008540)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @local}, &(0x7f0000008580)=0x14) accept$packet(r0, &(0x7f0000008740)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, &(0x7f0000008780)=0x14) getpeername$packet(0xffffffffffffff9c, &(0x7f00000087c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, &(0x7f0000008800)=0x14) getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffff9c, 0x0, 0x11, &(0x7f0000008840)={{{@in6, @in6=@remote, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@ipv4={[], [], @local}}, 0x0, @in6=@mcast1}}, &(0x7f0000008940)=0xe8) accept4$packet(0xffffffffffffff9c, &(0x7f0000008a40)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @random}, &(0x7f0000008a80)=0x14, 0x80000) getsockopt$inet_mreqn(0xffffffffffffff9c, 0x0, 0x27, &(0x7f0000008ac0)={@multicast2, @multicast2, 0x0}, &(0x7f0000008b00)=0xc) getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000008b40)={0x0, @rand_addr}, &(0x7f0000008b80)=0xc) sendmsg$TEAM_CMD_OPTIONS_SET(r2, &(0x7f0000009600)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f00000095c0)={&(0x7f0000008bc0)={0x9e0, r3, 0x8, 0x70bd27, 0x25dfdbfe, {}, [{{0x8, 0x1, r4}, {0x138, 0x2, [{0x40, 0x1, @lb_hash_stats={{{0x24, 0x1, 'lb_hash_stats\x00'}, {0x8}, {0x8, 0x4, 0x1}}, {0x8}}}, {0x38, 0x1, @notify_peers_count={{0x24, 0x1, 'notify_peers_count\x00'}, {0x8}, {0x8, 0x4, 0x2}}}, {0x3c, 0x1, @user_linkup={{{0x24, 0x1, 'user_linkup\x00'}, {0x8}, {0x4}}, {0x8, 0x6, r5}}}, {0x40, 0x1, @queue_id={{{0x24, 0x1, 'queue_id\x00'}, {0x8}, {0x8, 0x4, 0xff}}, {0x8, 0x6, r6}}}, {0x40, 0x1, @queue_id={{{0x24, 0x1, 'queue_id\x00'}, {0x8}, {0x8, 0x4, 0x7}}, {0x8, 0x6, r7}}}]}}, {{0x8, 0x1, r8}, {0x25c, 0x2, [{0x38, 0x1, @mcast_rejoin_interval={{0x24, 0x1, 'mcast_rejoin_interval\x00'}, {0x8}, {0x8, 0x4, 0x3}}}, {0x4c, 0x1, @lb_tx_method={{0x24, 0x1, 'lb_tx_method\x00'}, {0x8}, {0x1c, 0x4, 'hash_to_port_mapping\x00'}}}, {0x3c, 0x1, @bpf_hash_func={{0x24, 0x1, 'bpf_hash_func\x00'}, {0x8}, {0xc, 0x4, [{0x2, 0x7fff, 0x7, 0x3}]}}}, {0x38, 0x1, @activeport={{0x24, 0x1, 'activeport\x00'}, {0x8}, {0x8, 0x4, r9}}}, {0x38, 0x1, @notify_peers_count={{0x24, 0x1, 'notify_peers_count\x00'}, {0x8}, {0x8, 0x4, 0x292d}}}, {0x40, 0x1, @name={{0x24, 0x1, 'mode\x00'}, {0x8}, {0x10, 0x4, 'loadbalance\x00'}}}, {0x3c, 0x1, @enabled={{{0x24, 0x1, 'enabled\x00'}, {0x8}, {0x4}}, {0x8, 0x6, r10}}}, {0x74, 0x1, @bpf_hash_func={{0x24, 0x1, 'bpf_hash_func\x00'}, {0x8}, {0x44, 0x4, [{0x7ff, 0x20, 0x5, 0x7fffffff}, {0x8, 0x1ff, 0x9, 0xffffffffffffffe1}, {0x80000001, 0x2, 0x7, 0x4}, {0xa86, 0x6, 0x2, 0x7}, {0x10f, 0x7, 0x0, 0x8000}, {0x286, 0x6, 0x1, 0x3}, {0x2d2, 0x2, 0xffffffffffffffff, 0x7fffffff}, {0x3, 0x5, 0x40, 0x1}]}}}, {0x38, 0x1, @mcast_rejoin_interval={{0x24, 0x1, 'mcast_rejoin_interval\x00'}, {0x8}, {0x8, 0x4, 0x3}}}]}}, {{0x8, 0x1, r11}, {0x1a0, 0x2, [{0x40, 0x1, @lb_hash_stats={{{0x24, 0x1, 'lb_hash_stats\x00'}, {0x8}, {0x8, 0x4, 0x2}}, {0x8}}}, {0x38, 0x1, @notify_peers_count={{0x24, 0x1, 'notify_peers_count\x00'}, {0x8}, {0x8, 0x4, 0x7}}}, {0x3c, 0x1, @lb_tx_method={{0x24, 0x1, 'lb_tx_method\x00'}, {0x8}, {0xc, 0x4, 'hash\x00'}}}, {0x38, 0x1, @notify_peers_interval={{0x24, 0x1, 'notify_peers_interval\x00'}, {0x8}, {0x8}}}, {0x40, 0x1, @lb_tx_hash_to_port_mapping={{{0x24, 0x1, 'lb_tx_hash_to_port_mapping\x00'}, {0x8}, {0x8, 0x4, r12}}, {0x8}}}, {0x38, 0x1, @notify_peers_count={{0x24, 0x1, 'notify_peers_count\x00'}, {0x8}, {0x8, 0x4, 0x6}}}, {0x38, 0x1, @activeport={{0x24, 0x1, 'activeport\x00'}, {0x8}, {0x8, 0x4, r14}}}]}}, {{0x8, 0x1, r15}, {0x104, 0x2, [{0x38, 0x1, @lb_stats_refresh_interval={{0x24, 0x1, 'lb_stats_refresh_interval\x00'}, {0x8}, {0x8, 0x4, 0x4}}}, {0x3c, 0x1, @user_linkup={{{0x24, 0x1, 'user_linkup\x00'}, {0x8}, {0x4}}, {0x8, 0x6, r16}}}, {0x4c, 0x1, @lb_tx_method={{0x24, 0x1, 'lb_tx_method\x00'}, {0x8}, {0x1c, 0x4, 'hash_to_port_mapping\x00'}}}, {0x40, 0x1, @lb_port_stats={{{0x24, 0x1, 'lb_port_stats\x00'}, {0x8}, {0x8, 0x4, 0x4}}, {0x8, 0x6, r19}}}]}}, {{0x8, 0x1, r20}, {0xb8, 0x2, [{0x38, 0x1, @mcast_rejoin_count={{0x24, 0x1, 'mcast_rejoin_count\x00'}, {0x8}, {0x8, 0x4, 0x3}}}, {0x3c, 0x1, @user_linkup={{{0x24, 0x1, 'user_linkup\x00'}, {0x8}, {0x4}}, {0x8, 0x6, r21}}}, {0x40, 0x1, @lb_tx_hash_to_port_mapping={{{0x24, 0x1, 'lb_tx_hash_to_port_mapping\x00'}, {0x8}, {0x8, 0x4, r22}}, {0x8}}}]}}, {{0x8, 0x1, r23}, {0x90, 0x2, [{0x40, 0x1, @name={{0x24, 0x1, 'mode\x00'}, {0x8}, {0x10, 0x4, 'loadbalance\x00'}}}, {0x4c, 0x1, @lb_tx_method={{0x24, 0x1, 'lb_tx_method\x00'}, {0x8}, {0x1c, 0x4, 'hash_to_port_mapping\x00'}}}]}}, {{0x8, 0x1, r24}, {0x4}}, {{0x8, 0x1, r25}, {0x40, 0x2, [{0x3c, 0x1, @name={{0x24, 0x1, 'mode\x00'}, {0x8}, {0xc, 0x4, 'random\x00'}}}]}}, {{0x8, 0x1, r26}, {0x90, 0x2, [{0x4c, 0x1, @lb_tx_method={{0x24, 0x1, 'lb_tx_method\x00'}, {0x8}, {0x1c, 0x4, 'hash_to_port_mapping\x00'}}}, {0x40, 0x1, @lb_tx_hash_to_port_mapping={{{0x24, 0x1, 'lb_tx_hash_to_port_mapping\x00'}, {0x8}, {0x8, 0x4, r27}}, {0x8}}}]}}, {{0x8, 0x1, r28}, {0x128, 0x2, [{0x3c, 0x1, @enabled={{{0x24, 0x1, 'enabled\x00'}, {0x8}, {0x4}}, {0x8, 0x6, r29}}}, {0x3c, 0x1, @bpf_hash_func={{0x24, 0x1, 'bpf_hash_func\x00'}, {0x8}, {0xc, 0x4, [{0x3, 0x81, 0x20, 0x9}]}}}, {0x38, 0x1, @notify_peers_interval={{0x24, 0x1, 'notify_peers_interval\x00'}, {0x8}, {0x8}}}, {0x3c, 0x1, @user_linkup_enabled={{{0x24, 0x1, 'user_linkup_enabled\x00'}, {0x8}, {0x4}}, {0x8, 0x6, r30}}}, {0x38, 0x1, @notify_peers_interval={{0x24, 0x1, 'notify_peers_interval\x00'}, {0x8}, {0x8, 0x4, 0xffffffffffff8001}}}]}}]}, 0x9e0}, 0x1, 0x0, 0x0, 0x1}, 0x4055) r31 = syz_open_dev$admmidi(&(0x7f00000001c0)='/dev/admmidi#\x00', 0xce8, 0x111800) ioctl$EVIOCGNAME(r31, 0x80404506, &(0x7f0000000240)=""/207) getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000140)=@assoc_value, &(0x7f0000000180)=0x8) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={"76657400000000000000000400", 0x43732e5398416f1a}) 14:32:54 executing program 0: r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1, 0x0) write$P9_RLOCK(r1, &(0x7f00000000c0)={0x8}, 0x8) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000740)=ANY=[@ANYBLOB="000f010000000000060000000080"]) 14:32:54 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000080)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_nopr_sha256\x00'}, 0x58) r1 = dup(r0) r2 = accept4$alg(r1, 0x0, 0x0, 0x0) io_submit(0x0, 0x1, &(0x7f000049bfe8)=[&(0x7f00004dbfc0)={0x0, 0x0, 0x0, 0x0, 0x0, r2, &(0x7f0000000000)="0f", 0x1}]) [ 1016.268051] audit: type=1326 audit(1539268374.844:252): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=10404 comm="syz-executor5" exe="/root/syz-executor5" sig=9 arch=c000003e syscall=228 compat=0 ip=0x45a37a code=0x0 14:32:54 executing program 2: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070") socket$inet_smc(0x2b, 0x1, 0x0) r1 = socket(0x40000000015, 0x5, 0x0) setsockopt$SO_RDS_TRANSPORT(r1, 0x114, 0x8, &(0x7f00000007c0)=0x800000000000002, 0x4) setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f00006dbffc), 0x4) bind$inet(r1, &(0x7f0000000840)={0x2, 0x4e20, @loopback}, 0x10) sendto$inet(r1, &(0x7f0000000a00)="ba671368d1010000004900000001000000018be49e9301442865319997d0efdb2f54b6a10c7327757482bfce945c2a91fb8dfafc1d3f56bc543ab87321e12cca08a744a2d128b00634bc882151d36809229a96bc3437ef159489384ade077ba295eac2882dbfd3781dd4d4e609c42628dbb709b3eb1fa030009045dd98b9e6d77b6cec9ceb685595d43995e0f04c32260943add79831e661c6a351dedc8b9d220fbf9fb6e44fb6a629ce9a82025124fec9f3ee751f7da0cd7e799be88ddbdac20b48e890ff81d7fa28c2d017d7932f2569038740461accd4582f576e4fdb6150a3399f8266bc19eb943648ad1ad81420ed6c382436e474390c8995e829e4f9df43eed85a60b9ee254e31eb62900857fa134e76cc64880334adbff069a2e5e647d2ed36a96b23834b6f6ca6b8113baf4cf30347fbb7ffc30aea99872cc0dba03b07d3347b2d257edbe2733c26b7337a79962d8ce85469e3bcbe0e4a48a6ae69d13f2d4b5155b390ef67aa714b82b6313ee277cb8986eca5db2e97cb1ae2243bba80274f614ece521baef443394b4c161cb9ae926e21892578b49cfd6efe1cb1572148c10d92218ed73ec116a18de80ac42d2726a4523a764fc6dc356c5fbbf9d2c947ae3bc9a3dc76099f3257c8d5952876151b0326d8cb1d5683ee4ad5ded9a34c00ac1b03f34627ec18a7c2e92c87b7896549cfab5eb55fa85a970994bd4b22b5f0d045e241256d06f485a47b4a55ed389bc1734541232cd41908b5cfa4b8fcfcafce500a0c7ae99767713a98e7927aa69f6ccd7daea62f19ceb82559f41899c9a9aee99113e7e64b5f8b9824be9fdbfa4dd4995673d882bb4daeb64413b334e114965d2ba3cea8051e692508701b9400cb12eae457f8b8549944091b729160939918d8fcae611a5ded665f770db637487a236da1a58ba7566668651a77171fc4fe506496d19059343dbe4f426625d3f2b705f54581372361770bf5a9098a9fafefaf546426b294239ac33e3186e4d58ad2fa995a6ad4dc074e7cca11aead109563b2076c7c6e9f57ec63df960804e2e7f9d8444de9550cca3df7834d864e9777291c2e1f6205de2e43dc995ab8bb1515a365efc2830fa3e7a1dd137f550d6035212bc1f51c3b4ceea430df49ffc9210084ef156ad7e0d219efd6c116693735b44521d389969a3a65617cd2fd6e14060601cee4cd054cf36fe048b57d1d9ee3cad2a73552449926b4a6b03fbe9c0ec68357e1fbe52ed77b67f5870c0aefb7ee8236747e0d67a26725fb515544cbbe8464da94cfd8c0b94bb4e51a263b1749bd0a7cf651931f806d1b928d1f9994f1ad4d50e6a5cd7a8e4e687f8564fdacc864013d095ba9d5709eced3c28eabda476d177a7836400a01e02beeb5a6636d4064fdda344967ad8682d14b87c71727cb66be27d1d39191f4223c545b62fb4860262ba8076a65dbc194cee1df846c584b7bbe9dce6e6895b2cbbb64b03b55548b845cc3de2f939ef918421af9a5e9157e837651245299c03992d0ddee06bd22a31522aca0f309b1feccebc0b1c0ed9d21c19bfd15cd313ff64394fd6a10904890c9f6d646b026f27253e8f584c3ffd20ad67e8b62ed7676706d40bc5c80e376980b81", 0x481, 0x0, &(0x7f000069affb)={0x2, 0x4e20, @loopback}, 0x10) sendto$inet(r1, &(0x7f00004b3fff), 0x0, 0x0, &(0x7f00002b4000)={0x2, 0x4e20, @loopback}, 0x10) recvmmsg(r1, &(0x7f00000017c0)=[{{&(0x7f00000001c0)=@alg, 0x80, &(0x7f0000000580), 0x0, &(0x7f0000000180)=""/6, 0x6}}], 0x1, 0x0, &(0x7f0000000140)) [ 1016.316128] netlink: 'syz-executor4': attribute type 16 has an invalid length. [ 1016.328796] netlink: 'syz-executor4': attribute type 16 has an invalid length. 14:32:54 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000080)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_nopr_sha256\x00'}, 0x58) dup(r0) io_setup(0x2000000000000002, &(0x7f0000000100)=0x0) io_submit(r1, 0x1, &(0x7f000049bfe8)=[&(0x7f00004dbfc0)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000000)="0f", 0x1}]) 14:32:54 executing program 0: r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1, 0x0) write$P9_RLOCK(r1, &(0x7f00000000c0)={0x8}, 0x8) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000740)=ANY=[@ANYBLOB="000000011a000000060000000080"]) 14:32:54 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={&(0x7f0000000000), 0xc, &(0x7f0000000540)={&(0x7f00000003c0)=@newlink={0x28, 0x10, 0x705, 0x0, 0x0, {0x300}, [@IFLA_OPERSTATE={0x8}]}, 0x28}}, 0x0) 14:32:55 executing program 1: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f00000000c0)={'\x00', 0x400}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000200)={0x94, &(0x7f0000000140)}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000140)=@assoc_value, &(0x7f0000000180)=0x8) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={"76657400000000000000000400", 0x43732e5398416f1a}) lookup_dcookie(0x7e4, &(0x7f00000001c0)=""/54, 0x36) 14:32:55 executing program 2: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000dec000)={0x6, 0x4, 0x401, 0x7}, 0x1e) syz_open_dev$mouse(&(0x7f0000000040)='/dev/input/mouse#\x00', 0x3, 0x408800) ioctl$DRM_IOCTL_RES_CTX(0xffffffffffffffff, 0xc0086426, &(0x7f00000000c0)={0x3, &(0x7f0000000080)=[{}, {}, {}]}) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000000)={r0, &(0x7f00000000c0), &(0x7f000089b000)}, 0x18) [ 1016.429041] netlink: 'syz-executor4': attribute type 16 has an invalid length. [ 1016.479913] netlink: 'syz-executor4': attribute type 16 has an invalid length. 14:32:55 executing program 5: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) prctl$seccomp(0x16, 0x1, &(0x7f0000000040)={0x0}) 14:32:55 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={&(0x7f0000000000), 0xc, &(0x7f0000000540)={&(0x7f00000003c0)=@newlink={0x28, 0x10, 0x705, 0x0, 0x0, {0x1000000}, [@IFLA_OPERSTATE={0x8}]}, 0x28}}, 0x0) 14:32:55 executing program 0: r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1, 0x0) write$P9_RLOCK(r1, &(0x7f00000000c0)={0x8}, 0x8) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000740)=ANY=[@ANYBLOB="000000015a000000060000000080"]) 14:32:55 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000080)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_nopr_sha256\x00'}, 0x58) r1 = accept4$alg(0xffffffffffffffff, 0x0, 0x0, 0x0) io_setup(0x2000000000000002, &(0x7f0000000100)=0x0) io_submit(r2, 0x1, &(0x7f000049bfe8)=[&(0x7f00004dbfc0)={0x0, 0x0, 0x0, 0x0, 0x0, r1, &(0x7f0000000000)="0f", 0x1}]) 14:32:55 executing program 1: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f00000000c0)={'\x00', 0x400}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000200)={0x94, &(0x7f0000000140)}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000140)=@assoc_value, &(0x7f0000000180)=0x8) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={"76657400000000000000000400", 0x43732e5398416f1a}) r2 = open(&(0x7f00000001c0)='./file0\x00', 0x10000, 0x4) ioctl$EVIOCGRAB(r2, 0x40044590, &(0x7f0000000240)=0x8) 14:32:55 executing program 2: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r0, &(0x7f0000a88f88), 0xfffffffffffffe6e, 0x20000000, &(0x7f0000e68000)={0x2, 0x4004e23, @local}, 0x10) sendmmsg(r0, &(0x7f00000035c0)=[{{&(0x7f0000002dc0)=@nfc, 0x80, &(0x7f0000002f40), 0x0, &(0x7f0000002f80)=[{0xf4, 0x11f, 0x2c5, "9a1667f1eab249f90a16478eacfd6174e7b733682bf307e2d899161a7028afea98cb8da6252385ad36d16c0fe9158c87d71c83c79f3dc7c8bfdd30a442b88fda50587de0a08527d8dbc66c8254e448ad553db468037ce13be240364acc0e2c7c803d975b0158fb9260700043d50fae89d9829d63a0eb9f26893e63cbd3ef15b009ebf37177c3b7219e30e76631f28680bac7843177d5832a231476dd8a9beffb8a9fa564aece8f947e6b0b37ecfe34c234b8e98dd0990cfe1e539a58613d3427567170e2a5e9bb24f2be80621efe641804b1d8903a2378fb5566a37dad8b483442b207ffa0c2"}], 0xf4, 0x4008000}, 0x9c}], 0x1, 0x10) open(&(0x7f0000000000)='./file0\x00', 0x10000, 0x1b) 14:32:55 executing program 0: r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1, 0x0) write$P9_RLOCK(r1, &(0x7f00000000c0)={0x8}, 0x8) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000740)=ANY=[@ANYBLOB="0000000165000000060000000080"]) 14:32:55 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={&(0x7f0000000000), 0xc, &(0x7f0000000540)={&(0x7f00000003c0)=@newlink={0x28, 0x10, 0x705, 0x0, 0x0, {0x3f00}, [@IFLA_OPERSTATE={0x8}]}, 0x28}}, 0x0) 14:32:55 executing program 0: r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1, 0x0) write$P9_RLOCK(r1, &(0x7f00000000c0)={0x8}, 0x8) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000740)=ANY=[@ANYBLOB="00001b0000000000060000000080"]) 14:32:55 executing program 1: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f00000000c0)={'\x00', 0x400}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000200)={0x94, &(0x7f0000000140)}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) r2 = openat$rtc(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/rtc0\x00', 0x200082, 0x0) getsockopt$inet_sctp6_SCTP_GET_PEER_ADDRS(0xffffffffffffff9c, 0x84, 0x6c, &(0x7f0000000240)=ANY=[@ANYRES32=0x0, @ANYBLOB="360000002eca1796ffdade1eede38222ef5889945492ddce395c28a124a474e8e9bff78fd76645f356085ca6b3d872463ddd3b83b0bedb61da8d"], &(0x7f0000000280)=0x3e) setsockopt$inet_sctp_SCTP_ADD_STREAMS(r2, 0x84, 0x79, &(0x7f00000002c0)={r3, 0x0, 0xc135}, 0x8) getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000140)=@assoc_value, &(0x7f0000000180)=0x8) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={"76657400000000000000000400", 0x43732e5398416f1a}) [ 1017.130775] audit: type=1326 audit(1539268375.714:253): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=10452 comm="syz-executor5" exe="/root/syz-executor5" sig=9 arch=c000003e syscall=228 compat=0 ip=0x45a37a code=0x0 [ 1017.138213] netlink: 'syz-executor4': attribute type 16 has an invalid length. [ 1017.166315] netlink: 'syz-executor4': attribute type 16 has an invalid length. 14:32:55 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) r1 = dup(r0) r2 = accept4$alg(r1, 0x0, 0x0, 0x0) io_setup(0x2000000000000002, &(0x7f0000000100)=0x0) io_submit(r3, 0x1, &(0x7f000049bfe8)=[&(0x7f00004dbfc0)={0x0, 0x0, 0x0, 0x0, 0x0, r2, &(0x7f0000000000)="0f", 0x1}]) 14:32:55 executing program 0: r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1, 0x0) write$P9_RLOCK(r1, &(0x7f00000000c0)={0x8}, 0x8) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000740)=ANY=[@ANYBLOB="0083010000000000060000000080"]) 14:32:56 executing program 0: r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1, 0x0) write$P9_RLOCK(r1, &(0x7f00000000c0)={0x8}, 0x8) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000740)=ANY=[@ANYBLOB="00cb000000000000060000000080"]) 14:32:56 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={&(0x7f0000000000), 0xc, &(0x7f0000000540)={&(0x7f00000003c0)=@newlink={0x28, 0x10, 0x705, 0x0, 0x0, {0x4c}, [@IFLA_OPERSTATE={0x8}]}, 0x28}}, 0x0) 14:32:56 executing program 5: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) prctl$seccomp(0x16, 0x1, &(0x7f0000000040)={0x0}) 14:32:56 executing program 1: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f00000000c0)={'\x00', 0x400}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000200)={0x94, &(0x7f0000000140)}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) r2 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140)='/dev/snapshot\x00', 0x101081, 0x0) fchmodat(r2, &(0x7f0000000240)='./file0\x00', 0x134) getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, &(0x7f00000001c0)=@assoc_value, &(0x7f0000000180)=0x8) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={"76650000000080000000005d00", 0x43732e5398416f1a}) 14:32:56 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bind$alg(0xffffffffffffffff, &(0x7f0000000080)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_nopr_sha256\x00'}, 0x58) r0 = dup(0xffffffffffffffff) r1 = accept4$alg(r0, 0x0, 0x0, 0x0) io_setup(0x2000000000000002, &(0x7f0000000100)=0x0) io_submit(r2, 0x1, &(0x7f000049bfe8)=[&(0x7f00004dbfc0)={0x0, 0x0, 0x0, 0x0, 0x0, r1, &(0x7f0000000000)="0f", 0x1}]) 14:32:56 executing program 2: 14:32:56 executing program 2: 14:32:56 executing program 0: r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1, 0x0) write$P9_RLOCK(r1, &(0x7f00000000c0)={0x8}, 0x8) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000740)=ANY=[@ANYBLOB="0000060000000000060000000080"]) [ 1017.983583] audit: type=1326 audit(1539268376.564:254): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=10499 comm="syz-executor5" exe="/root/syz-executor5" sig=9 arch=c000003e syscall=228 compat=0 ip=0x45a37a code=0x0 14:32:56 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={&(0x7f0000000000), 0xc, &(0x7f0000000540)={&(0x7f00000003c0)=@newlink={0x28, 0x10, 0x705, 0x0, 0x0, {0xf}, [@IFLA_OPERSTATE={0x8}]}, 0x28}}, 0x0) 14:32:56 executing program 2: 14:32:56 executing program 3: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000080)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_nopr_sha256\x00'}, 0x58) r1 = dup(r0) r2 = accept4$alg(r1, 0x0, 0x0, 0x0) io_setup(0x2000000000000002, &(0x7f0000000100)=0x0) io_submit(r3, 0x1, &(0x7f000049bfe8)=[&(0x7f00004dbfc0)={0x0, 0x0, 0x0, 0x0, 0x0, r2, &(0x7f0000000000)="0f", 0x1}]) 14:32:56 executing program 0: r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1, 0x0) write$P9_RLOCK(r1, &(0x7f00000000c0)={0x8}, 0x8) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000740)=ANY=[@ANYBLOB="0000b50000000000060000000080"]) 14:32:56 executing program 2: 14:32:56 executing program 1: set_mempolicy(0x3, &(0x7f00000001c0)=0x81, 0xff) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f00000000c0)={'\x00', 0x400}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000200)={0x94, &(0x7f0000000140)}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000140)=@assoc_value, &(0x7f0000000180)=0x8) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={"76657400000000000000000400", 0x43732e5398416f1a}) 14:32:57 executing program 5: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) prctl$seccomp(0x16, 0x1, &(0x7f0000000040)={0x0}) 14:32:57 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={&(0x7f0000000000), 0xc, &(0x7f0000000540)={&(0x7f00000003c0)=@newlink={0x28, 0x10, 0x705, 0x0, 0x0, {0x100000000000000}, [@IFLA_OPERSTATE={0x8}]}, 0x28}}, 0x0) 14:32:57 executing program 2: socket$key(0xf, 0x3, 0x2) r0 = perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0xfffffffffffffffd, 0xfffffffffffffffe}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socket$inet6(0xa, 0x400000000, 0x7ffffffa) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000140)={0xffffffffffffffff, r0, 0x0, 0x8, &(0x7f0000000100)='syz_tun\x00', 0x0}, 0x30) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000180)=r1, 0x4) sched_setaffinity(0x0, 0x7, &(0x7f00000000c0)=0x9) r2 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0x0, 0xffffffffffffffff, 0x0) fcntl$setflags(r2, 0x2, 0x1) r3 = socket$inet6(0xa, 0x400000000001, 0x0) r4 = dup(r3) restart_syscall() setsockopt$inet6_tcp_int(r4, 0x6, 0x12, &(0x7f0000000000)=0x7f, 0x4) bind$inet6(r3, &(0x7f0000000040)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r3, &(0x7f00000004c0), 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$SO_BINDTODEVICE(r3, 0x1, 0x19, &(0x7f0000000200)='syz_tun\x00', 0x10) r5 = open(&(0x7f0000000440)='./bus\x00', 0x141042, 0x0) ftruncate(r5, 0x2007fff) sendfile(r4, r5, &(0x7f0000d83ff8), 0x8000fffffffe) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200) 14:32:57 executing program 0: r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1, 0x0) write$P9_RLOCK(r1, &(0x7f00000000c0)={0x8}, 0x8) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000740)=ANY=[@ANYBLOB="00e2010000000000060000000080"]) 14:32:57 executing program 3: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000080)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_nopr_sha256\x00'}, 0x58) r1 = dup(r0) r2 = accept4$alg(r1, 0x0, 0x0, 0x0) io_setup(0x2000000000000002, &(0x7f0000000100)=0x0) io_submit(r3, 0x1, &(0x7f000049bfe8)=[&(0x7f00004dbfc0)={0x0, 0x0, 0x0, 0x0, 0x0, r2, &(0x7f0000000000)="0f", 0x1}]) 14:32:57 executing program 1: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280)='/dev/net/tun\x00', 0x1fffc, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/ppp\x00', 0x0, 0x0) ioctl$EVIOCRMFF(r1, 0x40044581, &(0x7f0000000240)=0x8001) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f00000000c0)={'\x00', 0x400}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000200)={0x94, &(0x7f0000000140)}) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000140)=@assoc_value, &(0x7f0000000180)=0x8) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000000)={"76657400000000000000000400", 0x43732e5398416f1a}) r3 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x10000, 0x0) ioctl$KVM_SET_NR_MMU_PAGES(r3, 0xae44, 0x80000000) 14:32:57 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={&(0x7f0000000000), 0xc, &(0x7f0000000540)={&(0x7f00000003c0)=@newlink={0x28, 0x10, 0x705, 0x0, 0x0, {0x2000000}, [@IFLA_OPERSTATE={0x8}]}, 0x28}}, 0x0) [ 1018.793749] audit: type=1326 audit(1539268377.374:255): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=10537 comm="syz-executor5" exe="/root/syz-executor5" sig=9 arch=c000003e syscall=228 compat=0 ip=0x45a37a code=0x0 14:32:57 executing program 0: r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1, 0x0) write$P9_RLOCK(r1, &(0x7f00000000c0)={0x8}, 0x8) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000740)=ANY=[@ANYBLOB="0046000000000000060000000080"]) 14:32:57 executing program 3: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000080)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_nopr_sha256\x00'}, 0x58) r1 = dup(r0) r2 = accept4$alg(r1, 0x0, 0x0, 0x0) io_setup(0x2000000000000002, &(0x7f0000000100)=0x0) io_submit(r3, 0x1, &(0x7f000049bfe8)=[&(0x7f00004dbfc0)={0x0, 0x0, 0x0, 0x0, 0x0, r2, &(0x7f0000000000)="0f", 0x1}]) 14:32:57 executing program 1: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) ioctl$int_in(r0, 0x5452, &(0x7f00000001c0)=0x2) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) getsockopt$sock_cred(0xffffffffffffff9c, 0x1, 0x11, &(0x7f0000000240)={0x0}, &(0x7f0000000280)=0xc) ioctl$SNDRV_CTL_IOCTL_ELEM_REPLACE(r0, 0xc1105518, &(0x7f0000000300)={{0x8, 0x0, 0x100, 0xd70, '\x00', 0x2}, 0x1, 0x20000032, 0x1ff, r1, 0x3, 0x6, 'syz1\x00', &(0x7f0000000440)=['\x00', "766574000000000000000000bd6800", '\x00'], 0x11, [], [0x81, 0x3ff, 0x8, 0x2]}) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f00000000c0)={"62716e6430000000000000000400", 0x400}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000200)={0x94, &(0x7f0000000140)}) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000540)='/dev/net/tun\x00', 0x100000000000004, 0x0) r3 = syz_open_dev$admmidi(&(0x7f00000002c0)='/dev/admmidi#\x00', 0x69ea, 0x1) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(r3, 0x84, 0x6b, &(0x7f00000004c0)=[@in6={0xa, 0x4e21, 0x2, @remote}, @in6={0xa, 0x4e22, 0x200, @empty, 0x80000001}, @in6={0xa, 0x4e22, 0xbb41, @remote, 0x5}, @in={0x2, 0x4e20, @remote}], 0x64) ioctl$KVM_DEASSIGN_PCI_DEVICE(r3, 0x4040ae72, &(0x7f0000000480)={0x7, 0x3, 0x2, 0x0, 0x98d}) getsockopt$inet_sctp_SCTP_MAX_BURST(r3, 0x84, 0x14, &(0x7f0000000140)=@assoc_value, &(0x7f0000000180)=0x289) syz_open_procfs(r1, &(0x7f0000000080)='cpuset\x00') ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000000)={"76657400000000000000000400", 0x43732e5398416f1a}) 14:32:57 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={&(0x7f0000000000), 0xc, &(0x7f0000000540)={&(0x7f00000003c0)=@newlink={0x28, 0x10, 0x705, 0x0, 0x0, {0xf000000}, [@IFLA_OPERSTATE={0x8}]}, 0x28}}, 0x0) 14:32:57 executing program 0: r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1, 0x0) write$P9_RLOCK(r1, &(0x7f00000000c0)={0x8}, 0x8) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000740)=ANY=[@ANYBLOB="0000d90000000000060000000080"]) 14:32:58 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={&(0x7f0000000000), 0xc, &(0x7f0000000540)={&(0x7f00000003c0)=@newlink={0x28, 0x10, 0x705, 0x0, 0x0, {0x4000}, [@IFLA_OPERSTATE={0x8}]}, 0x28}}, 0x0) 14:32:58 executing program 5: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) prctl$seccomp(0x16, 0x1, &(0x7f0000000040)={0x0}) 14:32:58 executing program 3: perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000080)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_nopr_sha256\x00'}, 0x58) r1 = dup(r0) r2 = accept4$alg(r1, 0x0, 0x0, 0x0) io_setup(0x2000000000000002, &(0x7f0000000100)=0x0) io_submit(r3, 0x1, &(0x7f000049bfe8)=[&(0x7f00004dbfc0)={0x0, 0x0, 0x0, 0x0, 0x0, r2, &(0x7f0000000000)="0f", 0x1}]) 14:32:58 executing program 1: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f00000000c0)={'\x00', 0x400}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000200)={0x94, &(0x7f0000000140)}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) r2 = openat$ppp(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/ppp\x00', 0x101400, 0x0) connect$inet6(r2, &(0x7f0000000240)={0xa, 0x4e22, 0x6, @empty, 0xad63}, 0x1c) getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000140)=@assoc_value, &(0x7f0000000180)=0x8) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={"76657400000000000000000400", 0x43732e5398416f1a}) 14:32:58 executing program 0: r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1, 0x0) write$P9_RLOCK(r1, &(0x7f00000000c0)={0x8}, 0x8) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000740)=ANY=[@ANYBLOB="00006c0000000000060000000080"]) 14:32:58 executing program 2: preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000001200)=""/148, 0xffffff6f}], 0x1, 0x0) ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, &(0x7f0000000340)) r0 = getpid() r1 = syz_open_procfs(r0, &(0x7f0000000700)="6e65742f6970365f7461626c65735f6e61a26e3370eaf5eb4f70687b4dfeab26fd3fab1c568edb89fd4dd83067e3e68738c7a0ecc8c7e309e37d65115494be0e3f975d6c87c1ceeae1296dc9cb103948cba9f2303966031955b1200515f4fa073d87949c235e5ae969fca4657464f8f7005f405617dc4da53c09bac9a7fb442a63811ef446b4245df65f83495936c1444857608fe3113d339de210d9d948a91ccdb397a6d273af21f0b55108acd2d6f00b911497e835c5142effc9c7331acb21ed60f2c030d9f75f9aad9b87a5c467fca2689430fc9900517a1ad9b51d1f6eef84cb52c9b64347afb06d4f55fa6594f06d00000000000000000000000000") r2 = openat$tun(0xffffffffffffff9c, &(0x7f00000006c0)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000180)={"00000000000000000000000005000207", 0x4203}) r3 = openat$selinux_commit_pending_bools(0xffffffffffffff9c, &(0x7f0000000380)='/selinux/commit_pending_bools\x00', 0x1, 0x0) setsockopt$sock_linger(r3, 0x1, 0xd, &(0x7f0000000400)={0x1, 0x4000000000000be}, 0x8) sched_setaffinity(r0, 0xfffffecc, &(0x7f00000000c0)=0x20000808000089) epoll_wait(r3, &(0x7f00000002c0)=[{}, {}, {}, {}, {}, {}], 0x6, 0x800000000000000) perf_event_open(&(0x7f00000004c0)={0x2, 0x70, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000100)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$ptmx(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/ptmx\x00', 0x1010000, 0x0) ioctl$sock_SIOCGSKNS(r3, 0x894c, &(0x7f0000000280)) socketpair$unix(0x1, 0x7, 0x0, &(0x7f0000000600)) ioctl$TIOCGSID(r3, 0x5429, &(0x7f0000000200)) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)) sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0x9) ioctl$sock_inet_SIOCGIFADDR(r1, 0x8915, &(0x7f00000003c0)={'irlan0\x00', {0x2, 0x4e20, @broadcast}}) perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$HDIO_GETGEO(0xffffffffffffffff, 0x301, &(0x7f0000000140)) r4 = socket$inet6(0xa, 0x400000000001, 0x0) r5 = dup(r4) ioctl$BLKTRACESTOP(r5, 0x1275, 0x0) setsockopt$inet6_tcp_int(r5, 0x6, 0x12, &(0x7f0000000000)=0x7f, 0x4) bind$inet6(r4, &(0x7f0000000480)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r4, &(0x7f0000e77fff), 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x1, @loopback}, 0x1c) setsockopt$SO_BINDTODEVICE(r4, 0x1, 0x19, &(0x7f0000000180)='syz_tun\x00', 0x10) r6 = open(&(0x7f0000000440)='./bus\x00', 0x141042, 0x0) ftruncate(r6, 0x2007fff) sendfile(r5, r6, &(0x7f0000d83ff8), 0x8000fffffffe) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x400200) [ 1019.626665] audit: type=1326 audit(1539268378.204:256): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=10581 comm="syz-executor5" exe="/root/syz-executor5" sig=9 arch=c000003e syscall=228 compat=0 ip=0x45a37a code=0x0 14:32:58 executing program 0: r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1, 0x0) write$P9_RLOCK(r1, &(0x7f00000000c0)={0x8}, 0x8) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000740)=ANY=[@ANYBLOB="00002b0000000000060000000080"]) 14:32:58 executing program 3: perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000080)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_nopr_sha256\x00'}, 0x58) r1 = dup(r0) r2 = accept4$alg(r1, 0x0, 0x0, 0x0) io_setup(0x2000000000000002, &(0x7f0000000100)=0x0) io_submit(r3, 0x1, &(0x7f000049bfe8)=[&(0x7f00004dbfc0)={0x0, 0x0, 0x0, 0x0, 0x0, r2, &(0x7f0000000000)="0f", 0x1}]) 14:32:58 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={&(0x7f0000000000), 0xc, &(0x7f0000000540)={&(0x7f00000003c0)=@newlink={0x28, 0x10, 0x705, 0x0, 0x0, {0xf00}, [@IFLA_OPERSTATE={0x8}]}, 0x28}}, 0x0) 14:32:58 executing program 1: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'\x00', 0x43732e5398416f1a}) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f00000000c0)={'\x00', 0x400}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000200)={0x94, &(0x7f0000000140)}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000140)=@assoc_value, &(0x7f0000000180)=0x8) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={"76657400000000000000000400", 0x43732e5398416f1a}) 14:32:58 executing program 0: r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1, 0x0) write$P9_RLOCK(r1, &(0x7f00000000c0)={0x8}, 0x8) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000740)=ANY=[@ANYBLOB="0001ac0000000000060000000080"]) 14:32:58 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={&(0x7f0000000000), 0xc, &(0x7f0000000540)={&(0x7f00000003c0)=@newlink={0x28, 0x10, 0x705, 0x0, 0x0, {0x68}, [@IFLA_OPERSTATE={0x8}]}, 0x28}}, 0x0) 14:32:58 executing program 0: r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1, 0x0) write$P9_RLOCK(r1, &(0x7f00000000c0)={0x8}, 0x8) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000740)=ANY=[@ANYBLOB="0000d50000000000060000000080"]) 14:32:58 executing program 3: perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000080)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_nopr_sha256\x00'}, 0x58) r1 = dup(r0) r2 = accept4$alg(r1, 0x0, 0x0, 0x0) io_setup(0x2000000000000002, &(0x7f0000000100)=0x0) io_submit(r3, 0x1, &(0x7f000049bfe8)=[&(0x7f00004dbfc0)={0x0, 0x0, 0x0, 0x0, 0x0, r2, &(0x7f0000000000)="0f", 0x1}]) 14:32:59 executing program 5: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) prctl$seccomp(0x16, 0x1, &(0x7f0000000040)={0x0}) 14:32:59 executing program 0: r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1, 0x0) write$P9_RLOCK(r1, &(0x7f00000000c0)={0x8}, 0x8) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000740)=ANY=[@ANYBLOB="00d7000000000000060000000080"]) 14:32:59 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={&(0x7f0000000000), 0xc, &(0x7f0000000540)={&(0x7f00000003c0)=@newlink={0x28, 0x10, 0x705, 0x0, 0x0, {0xf00000000000000}, [@IFLA_OPERSTATE={0x8}]}, 0x28}}, 0x0) 14:32:59 executing program 1: r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000280)='/dev/audio\x00', 0x40041, 0x0) ioctl$TIOCSTI(r0, 0x5412, 0xff) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) ioctl$TUNSETQUEUE(r1, 0x400454d9, &(0x7f00000000c0)={'\x00', 0x400}) ioctl$TUNATTACHFILTER(r1, 0x401054d5, &(0x7f0000000200)={0x94, &(0x7f0000000140)}) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) connect$inet(r0, &(0x7f00000002c0)={0x2, 0x4e24, @loopback}, 0x10) timer_create(0x6, &(0x7f00000001c0)={0x0, 0x1c, 0x4}, &(0x7f0000000240)=0x0) timer_getoverrun(r3) getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000140)=@assoc_value, &(0x7f0000000180)=0x8) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000000)={"76657400000000000000000400", 0x43732e5398416f1a}) 14:32:59 executing program 2: 14:32:59 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000080)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_nopr_sha256\x00'}, 0x58) r1 = dup(r0) r2 = accept4$alg(r1, 0x0, 0x0, 0x0) io_setup(0x2000000000000002, &(0x7f0000000100)=0x0) io_submit(r3, 0x1, &(0x7f000049bfe8)=[&(0x7f00004dbfc0)={0x0, 0x0, 0x0, 0x0, 0x0, r2, &(0x7f0000000000)="0f", 0x1}]) [ 1020.479030] validate_nla: 18 callbacks suppressed [ 1020.479042] netlink: 'syz-executor4': attribute type 16 has an invalid length. [ 1020.493374] audit: type=1326 audit(1539268379.074:257): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=10630 comm="syz-executor5" exe="/root/syz-executor5" sig=9 arch=c000003e syscall=228 compat=0 ip=0x45a37a code=0x0 [ 1020.520355] netlink: 'syz-executor4': attribute type 16 has an invalid length. 14:32:59 executing program 0: r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1, 0x0) write$P9_RLOCK(r1, &(0x7f00000000c0)={0x8}, 0x8) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000740)=ANY=[@ANYBLOB="008f010000000000060000000080"]) 14:32:59 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={&(0x7f0000000000), 0xc, &(0x7f0000000540)={&(0x7f00000003c0)=@newlink={0x28, 0x10, 0x705, 0x0, 0x0, {0x6c000000}, [@IFLA_OPERSTATE={0x8}]}, 0x28}}, 0x0) 14:32:59 executing program 2: 14:32:59 executing program 0: r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1, 0x0) write$P9_RLOCK(r1, &(0x7f00000000c0)={0x8}, 0x8) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000740)=ANY=[@ANYBLOB="0000000073000000060000000080"]) 14:32:59 executing program 1: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f00000001c0)={0x0, &(0x7f0000000140)}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000140)=@assoc_value, &(0x7f0000000180)=0x8) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={"76657400000000000000000400", 0x43732e5398416f1a}) [ 1020.627460] netlink: 'syz-executor4': attribute type 16 has an invalid length. [ 1020.637182] netlink: 'syz-executor4': attribute type 16 has an invalid length. 14:32:59 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000080)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_nopr_sha256\x00'}, 0x58) r1 = dup(r0) r2 = accept4$alg(r1, 0x0, 0x0, 0x0) io_setup(0x2000000000000002, &(0x7f0000000100)=0x0) io_submit(r3, 0x1, &(0x7f000049bfe8)=[&(0x7f00004dbfc0)={0x0, 0x0, 0x0, 0x0, 0x0, r2, &(0x7f0000000000)="0f", 0x1}]) 14:32:59 executing program 5: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) prctl$seccomp(0x16, 0x1, &(0x7f0000000040)={0x0}) 14:32:59 executing program 2: 14:32:59 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={&(0x7f0000000000), 0xc, &(0x7f0000000540)={&(0x7f00000003c0)=@newlink={0x28, 0x10, 0x705, 0x0, 0x0, {0xf0ffff}, [@IFLA_OPERSTATE={0x8}]}, 0x28}}, 0x0) 14:32:59 executing program 0: r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1, 0x0) write$P9_RLOCK(r1, &(0x7f00000000c0)={0x8}, 0x8) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000740)=ANY=[@ANYBLOB="0000000166000000060000000080"]) 14:32:59 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000080)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_nopr_sha256\x00'}, 0x58) r1 = dup(r0) r2 = accept4$alg(r1, 0x0, 0x0, 0x0) io_setup(0x2000000000000002, &(0x7f0000000100)=0x0) io_submit(r3, 0x1, &(0x7f000049bfe8)=[&(0x7f00004dbfc0)={0x0, 0x0, 0x0, 0x0, 0x0, r2, &(0x7f0000000000)="0f", 0x1}]) 14:32:59 executing program 1: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) r1 = openat$ipvs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/sys/net/ipv4/vs/am_droprate\x00', 0x2, 0x0) write$P9_RXATTRCREATE(r1, &(0x7f0000000240)={0x7, 0x21, 0x2}, 0x7) ioctl$sock_inet_SIOCSIFDSTADDR(r1, 0x8918, &(0x7f0000000280)={'ip6tnl0\x00', {0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x14}}}) ioctl$TUNSETQUEUE(r1, 0x400454d9, &(0x7f00000000c0)={'\x00', 0x400}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000200)={0x94, &(0x7f0000000140)}) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000380)='/dev/net/tun\x00', 0x401, 0x0) socket(0x1f, 0x8000a, 0x100000000) getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000140)=@assoc_value, &(0x7f0000000180)=0x8) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000000)={"76657400000000000000000400", 0x43732e5398416f1a}) 14:32:59 executing program 2: [ 1021.321881] audit: type=1326 audit(1539268379.904:258): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=10671 comm="syz-executor5" exe="/root/syz-executor5" sig=9 arch=c000003e syscall=228 compat=0 ip=0x45a37a code=0x0 [ 1021.354846] netlink: 'syz-executor4': attribute type 16 has an invalid length. 14:32:59 executing program 0: r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1, 0x0) write$P9_RLOCK(r1, &(0x7f00000000c0)={0x8}, 0x8) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000740)=ANY=[@ANYBLOB="00000001df000000060000000080"]) 14:32:59 executing program 2: 14:33:00 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(0xffffffffffffffff, &(0x7f0000000080)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_nopr_sha256\x00'}, 0x58) r1 = dup(r0) r2 = accept4$alg(r1, 0x0, 0x0, 0x0) io_setup(0x2000000000000002, &(0x7f0000000100)=0x0) io_submit(r3, 0x1, &(0x7f000049bfe8)=[&(0x7f00004dbfc0)={0x0, 0x0, 0x0, 0x0, 0x0, r2, &(0x7f0000000000)="0f", 0x1}]) [ 1021.375480] netlink: 'syz-executor4': attribute type 16 has an invalid length. 14:33:00 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={&(0x7f0000000000), 0xc, &(0x7f0000000540)={&(0x7f00000003c0)=@newlink={0x28, 0x10, 0x705, 0x0, 0x0, {0xf0ffffff}, [@IFLA_OPERSTATE={0x8}]}, 0x28}}, 0x0) 14:33:00 executing program 0: r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1, 0x0) write$P9_RLOCK(r1, &(0x7f00000000c0)={0x8}, 0x8) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000740)=ANY=[@ANYBLOB="00000000ff000000060000000080"]) [ 1021.533344] netlink: 'syz-executor4': attribute type 16 has an invalid length. [ 1021.542749] netlink: 'syz-executor4': attribute type 16 has an invalid length. 14:33:00 executing program 5: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) prctl$seccomp(0x16, 0x1, &(0x7f0000000040)={0x0}) 14:33:00 executing program 2: 14:33:00 executing program 1: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f0000000000)={'\x00', 0x404}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000200)={0x94, &(0x7f0000000140)}) getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000140)=@assoc_value, &(0x7f0000000180)=0x8) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000080)={"76657400000000000000000400", 0x43732e5398416f1a}) r1 = dup2(r0, r0) ioctl$NBD_SET_BLKSIZE(r1, 0xab01, 0x5) 14:33:00 executing program 0: r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1, 0x0) write$P9_RLOCK(r1, &(0x7f00000000c0)={0x8}, 0x8) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000740)=ANY=[@ANYBLOB="00000f0000000000060000000080"]) 14:33:00 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={&(0x7f0000000000), 0xc, &(0x7f0000000540)={&(0x7f00000003c0)=@newlink={0x28, 0x10, 0x705, 0x0, 0x0, {0x20000000}, [@IFLA_OPERSTATE={0x8}]}, 0x28}}, 0x0) 14:33:00 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000080)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_nopr_sha256\x00'}, 0x58) r1 = dup(0xffffffffffffffff) r2 = accept4$alg(r1, 0x0, 0x0, 0x0) io_setup(0x2000000000000002, &(0x7f0000000100)=0x0) io_submit(r3, 0x1, &(0x7f000049bfe8)=[&(0x7f00004dbfc0)={0x0, 0x0, 0x0, 0x0, 0x0, r2, &(0x7f0000000000)="0f", 0x1}]) 14:33:00 executing program 2: 14:33:00 executing program 0: r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1, 0x0) write$P9_RLOCK(r1, &(0x7f00000000c0)={0x8}, 0x8) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000740)=ANY=[@ANYBLOB="0000000000000002080000000080"]) [ 1022.156601] netlink: 'syz-executor4': attribute type 16 has an invalid length. [ 1022.166879] audit: type=1326 audit(1539268380.744:259): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=10716 comm="syz-executor5" exe="/root/syz-executor5" sig=9 arch=c000003e syscall=228 compat=0 ip=0x45a37a code=0x0 14:33:00 executing program 0: r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1, 0x0) write$P9_RLOCK(r1, &(0x7f00000000c0)={0x8}, 0x8) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000740)=ANY=[@ANYBLOB="0001980000000000060000000080"]) 14:33:00 executing program 2: 14:33:00 executing program 1: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f0000000240)={'bond_slave_1\x00', 0x400}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000200)={0x94, &(0x7f0000000140)}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000140)=@assoc_value, &(0x7f0000000180)=0x8) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={"76657400000000000000000400", 0x43732e5398416f1a}) 14:33:00 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={&(0x7f0000000000), 0xc, &(0x7f0000000540)={&(0x7f00000003c0)=@newlink={0x28, 0x10, 0x705, 0x0, 0x0, {0x3}, [@IFLA_OPERSTATE={0x8}]}, 0x28}}, 0x0) [ 1022.253057] netlink: 'syz-executor4': attribute type 16 has an invalid length. 14:33:01 executing program 5: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) prctl$seccomp(0x16, 0x1, &(0x7f0000000040)={0x0}) 14:33:01 executing program 2: 14:33:01 executing program 0: r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1, 0x0) write$P9_RLOCK(r1, &(0x7f00000000c0)={0x8}, 0x8) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000740)=ANY=[@ANYBLOB="0001e30000000000060000000080"]) 14:33:01 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={&(0x7f0000000000), 0xc, &(0x7f0000000540)={&(0x7f00000003c0)=@newlink={0x28, 0x10, 0x705, 0x0, 0x0, {0x7}, [@IFLA_OPERSTATE={0x8}]}, 0x28}}, 0x0) 14:33:01 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000080)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_nopr_sha256\x00'}, 0x58) dup(r0) r1 = accept4$alg(0xffffffffffffffff, 0x0, 0x0, 0x0) io_setup(0x2000000000000002, &(0x7f0000000100)=0x0) io_submit(r2, 0x1, &(0x7f000049bfe8)=[&(0x7f00004dbfc0)={0x0, 0x0, 0x0, 0x0, 0x0, r1, &(0x7f0000000000)="0f", 0x1}]) 14:33:01 executing program 1: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f00000000c0)={'\x00', 0x400}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000340)={0x1ffffe9c, &(0x7f0000000300)=[{0x3, 0x594, 0x80000000, 0x4}, {0x284, 0x81, 0x71ae, 0x2}]}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) r2 = openat$ipvs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/sys/net/ipv4/vs/conntrack\x00', 0x2, 0x0) getsockopt$inet_sctp_SCTP_MAX_BURST(r2, 0x84, 0x14, &(0x7f0000000140)=@assoc_value, &(0x7f0000000180)=0x1) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={"76657400000000000000000400", 0x43732e5398416f1a}) [ 1022.993905] audit: type=1326 audit(1539268381.574:260): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=10747 comm="syz-executor5" exe="/root/syz-executor5" sig=9 arch=c000003e syscall=228 compat=0 ip=0x45a37a code=0x0 14:33:01 executing program 2: 14:33:01 executing program 0: r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1, 0x0) write$P9_RLOCK(r1, &(0x7f00000000c0)={0x8}, 0x8) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000740)=ANY=[@ANYBLOB="00004c0000000000060000000080"]) 14:33:01 executing program 2: 14:33:01 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={&(0x7f0000000000), 0xc, &(0x7f0000000540)={&(0x7f00000003c0)=@newlink={0x28, 0x10, 0x705, 0x0, 0x0, {0x500000000000000}, [@IFLA_OPERSTATE={0x8}]}, 0x28}}, 0x0) 14:33:01 executing program 0: r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1, 0x0) write$P9_RLOCK(r1, &(0x7f00000000c0)={0x8}, 0x8) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000740)=ANY=[@ANYBLOB="0000000115000000060000000080"]) 14:33:01 executing program 1: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f0000000240)={'he\a\x00\x00\x00\x00\x00\x00\x00_1\x00', 0x4}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000200)={0x94, &(0x7f0000000140)}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/net/tun\x00', 0x402, 0x0) getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000140)=@assoc_value, &(0x7f0000000180)=0x8) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={"76657400000000000000000400", 0x43732e5398416f1a}) 14:33:02 executing program 5: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) prctl$seccomp(0x16, 0x1, &(0x7f0000000040)={0x0}) 14:33:02 executing program 2: 14:33:02 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000080)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_nopr_sha256\x00'}, 0x58) r1 = dup(r0) r2 = accept4$alg(r1, 0x0, 0x0, 0x0) io_setup(0x0, &(0x7f0000000100)=0x0) io_submit(r3, 0x1, &(0x7f000049bfe8)=[&(0x7f00004dbfc0)={0x0, 0x0, 0x0, 0x0, 0x0, r2, &(0x7f0000000000)="0f", 0x1}]) 14:33:02 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={&(0x7f0000000000), 0xc, &(0x7f0000000540)={&(0x7f00000003c0)=@newlink={0x28, 0x10, 0x705, 0x0, 0x0, {0xfffff000}, [@IFLA_OPERSTATE={0x8}]}, 0x28}}, 0x0) 14:33:02 executing program 0: r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1, 0x0) write$P9_RLOCK(r1, &(0x7f00000000c0)={0x8}, 0x8) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000740)=ANY=[@ANYBLOB="0000000118000000060000000080"]) 14:33:02 executing program 1: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f00000000c0)={'\x00', 0x400}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000200)={0x94, &(0x7f0000000140)}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={"76657400000000000000000400", 0x43732e5398416f1a}) 14:33:02 executing program 2: 14:33:02 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={&(0x7f0000000000), 0xc, &(0x7f0000000540)={&(0x7f00000003c0)=@newlink={0x28, 0x10, 0x705, 0x0, 0x0, {0x60000000}, [@IFLA_OPERSTATE={0x8}]}, 0x28}}, 0x0) 14:33:02 executing program 0: r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1, 0x0) write$P9_RLOCK(r1, &(0x7f00000000c0)={0x8}, 0x8) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000740)=ANY=[@ANYBLOB="0092000000000000060000000080"]) 14:33:02 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000080)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_nopr_sha256\x00'}, 0x58) r1 = dup(r0) r2 = accept4$alg(r1, 0x0, 0x0, 0x0) io_setup(0x2000000000000002, &(0x7f0000000100)) io_submit(0x0, 0x1, &(0x7f000049bfe8)=[&(0x7f00004dbfc0)={0x0, 0x0, 0x0, 0x0, 0x0, r2, &(0x7f0000000000)="0f", 0x1}]) [ 1023.885103] audit: type=1326 audit(1539268382.464:261): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=10792 comm="syz-executor5" exe="/root/syz-executor5" sig=9 arch=c000003e syscall=228 compat=0 ip=0x45a37a code=0x0 14:33:02 executing program 2: 14:33:02 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={&(0x7f0000000000), 0xc, &(0x7f0000000540)={&(0x7f00000003c0)=@newlink={0x28, 0x10, 0x705, 0x0, 0x0, {0x5}, [@IFLA_OPERSTATE={0x8}]}, 0x28}}, 0x0) 14:33:03 executing program 5: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) prctl$seccomp(0x16, 0x1, &(0x7f0000000040)={0x0}) 14:33:03 executing program 1: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f00000000c0)={'\x00', 0x400}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000200)={0x94, &(0x7f0000000140)}) openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/qat_adf_ctl\x00', 0x402000, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000140)=@assoc_value, &(0x7f0000000180)=0x8) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={"76657400000000000000000400", 0x43732e5398416f1a}) 14:33:03 executing program 0: r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1, 0x0) write$P9_RLOCK(r1, &(0x7f00000000c0)={0x8}, 0x8) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000740)=ANY=[@ANYBLOB="00d5010000000000060000000080"]) 14:33:03 executing program 2: 14:33:03 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={&(0x7f0000000000), 0xc, &(0x7f0000000540)={&(0x7f00000003c0)=@newlink={0x28, 0x10, 0x705, 0x0, 0x0, {0x3f000000}, [@IFLA_OPERSTATE={0x8}]}, 0x28}}, 0x0) 14:33:03 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000080)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_nopr_sha256\x00'}, 0x58) r1 = dup(r0) accept4$alg(r1, 0x0, 0x0, 0x0) io_setup(0x2000000000000002, &(0x7f0000000100)=0x0) io_submit(r2, 0x0, &(0x7f000049bfe8)) [ 1024.628911] audit: type=1326 audit(1539268383.204:262): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=10792 comm="syz-executor5" exe="/root/syz-executor5" sig=9 arch=c000003e syscall=228 compat=0 ip=0x45a37a code=0x0 14:33:03 executing program 2: 14:33:03 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={&(0x7f0000000000), 0xc, &(0x7f0000000540)={&(0x7f00000003c0)=@newlink={0x28, 0x10, 0x705, 0x0, 0x0, {0x8100}, [@IFLA_OPERSTATE={0x8}]}, 0x28}}, 0x0) 14:33:03 executing program 0: r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1, 0x0) write$P9_RLOCK(r1, &(0x7f00000000c0)={0x8}, 0x8) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000740)=ANY=[@ANYBLOB="0097000000000000060000000080"]) [ 1024.718725] audit: type=1326 audit(1539268383.304:263): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=10826 comm="syz-executor5" exe="/root/syz-executor5" sig=9 arch=c000003e syscall=228 compat=0 ip=0x45a37a code=0x0 14:33:03 executing program 1: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f00000000c0)={'\x00', 0x400}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000280)={0xffffffffffffff40, &(0x7f0000000240)}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000140)=@assoc_value, &(0x7f0000000180)=0x8) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={"76657400000000000000000400", 0x43732e5398416f1a}) 14:33:03 executing program 2: 14:33:03 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000080)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_nopr_sha256\x00'}, 0x58) r1 = dup(r0) accept4$alg(r1, 0x0, 0x0, 0x0) io_setup(0x2000000000000002, &(0x7f0000000100)=0x0) io_submit(r2, 0x0, &(0x7f000049bfe8)) 14:33:04 executing program 5: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) prctl$seccomp(0x16, 0x1, &(0x7f0000000040)={0x0}) 14:33:04 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={&(0x7f0000000000), 0xc, &(0x7f0000000540)={&(0x7f00000003c0)=@newlink={0x28, 0x10, 0x705, 0x0, 0x0, {0x7a00000000000000}, [@IFLA_OPERSTATE={0x8}]}, 0x28}}, 0x0) 14:33:04 executing program 0: r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1, 0x0) write$P9_RLOCK(r1, &(0x7f00000000c0)={0x8}, 0x8) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000740)=ANY=[@ANYBLOB="0038010000000000060000000080"]) 14:33:04 executing program 2: 14:33:04 executing program 1: ioctl$sock_SIOCGPGRP(0xffffffffffffff9c, 0x8904, &(0x7f0000000140)=0x0) sched_getattr(r0, &(0x7f0000000180), 0x30, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) ioctl$TUNSETQUEUE(r1, 0x400454d9, &(0x7f00000000c0)={'\x00', 0x400}) ioctl$TUNATTACHFILTER(r1, 0x401054d5, &(0x7f0000000200)={0x94, &(0x7f0000000140)}) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000000)={"76657400000000000000000400", 0x43732e5398416f1a}) 14:33:04 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000080)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_nopr_sha256\x00'}, 0x58) r1 = dup(r0) accept4$alg(r1, 0x0, 0x0, 0x0) io_setup(0x2000000000000002, &(0x7f0000000100)=0x0) io_submit(r2, 0x0, &(0x7f000049bfe8)) 14:33:04 executing program 2: [ 1025.506611] audit: type=1326 audit(1539268384.084:264): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=10860 comm="syz-executor5" exe="/root/syz-executor5" sig=9 arch=c000003e syscall=228 compat=0 ip=0x45a37a code=0x0 14:33:04 executing program 0: r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1, 0x0) write$P9_RLOCK(r1, &(0x7f00000000c0)={0x8}, 0x8) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000740)=ANY=[@ANYBLOB="00a4000000000000060000000080"]) 14:33:04 executing program 2: [ 1025.562780] validate_nla: 16 callbacks suppressed [ 1025.562789] netlink: 'syz-executor4': attribute type 16 has an invalid length. [ 1025.599822] netlink: 'syz-executor4': attribute type 16 has an invalid length. 14:33:04 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={&(0x7f0000000000), 0xc, &(0x7f0000000540)={&(0x7f00000003c0)=@newlink={0x28, 0x10, 0x705, 0x0, 0x0, {0x36170000}, [@IFLA_OPERSTATE={0x8}]}, 0x28}}, 0x0) 14:33:04 executing program 0: r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1, 0x0) write$P9_RLOCK(r1, &(0x7f00000000c0)={0x8}, 0x8) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000740)=ANY=[@ANYBLOB="0000000047000000060000000080"]) 14:33:04 executing program 1: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) r1 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/qat_adf_ctl\x00', 0x41, 0x0) getsockopt$inet_sctp_SCTP_AUTH_ACTIVE_KEY(0xffffffffffffffff, 0x84, 0x18, &(0x7f0000000240)={0x0, 0x4}, &(0x7f0000000280)=0x8) setsockopt$inet_sctp_SCTP_ENABLE_STREAM_RESET(r1, 0x84, 0x76, &(0x7f00000002c0)={r2, 0xfffffffffffffff8}, 0x8) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f00000000c0)={'\x00', 0x400}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000200)={0x94, &(0x7f0000000140)}) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000140)=@assoc_value, &(0x7f0000000180)=0x8) ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000000)={"76657400000000000000000400", 0x43732e5398416f1a}) [ 1025.703765] netlink: 'syz-executor4': attribute type 16 has an invalid length. [ 1025.730348] netlink: 'syz-executor4': attribute type 16 has an invalid length. 14:33:04 executing program 5: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) prctl$seccomp(0x16, 0x1, &(0x7f0000000040)={0x0}) 14:33:04 executing program 2: 14:33:04 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000080)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_nopr_sha256\x00'}, 0x58) r1 = dup(r0) accept4$alg(r1, 0x0, 0x0, 0x0) io_setup(0x2000000000000002, &(0x7f0000000100)=0x0) io_submit(r2, 0x1, &(0x7f000049bfe8)=[&(0x7f00004dbfc0)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000000)="0f", 0x1}]) 14:33:04 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={&(0x7f0000000000), 0xc, &(0x7f0000000540)={&(0x7f00000003c0)=@newlink={0x28, 0x10, 0x705, 0x0, 0x0, {0xf000}, [@IFLA_OPERSTATE={0x8}]}, 0x28}}, 0x0) 14:33:04 executing program 0: r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1, 0x0) write$P9_RLOCK(r1, &(0x7f00000000c0)={0x8}, 0x8) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000740)=ANY=[@ANYBLOB="0000000181000000060000000080"]) 14:33:04 executing program 1: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f00000000c0)={'\x00', 0x400}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000200)={0x94, &(0x7f0000000140)}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000140)=@assoc_value, &(0x7f0000000180)=0x8) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={"76657400000000000000000400", 0x43732e5398416f1a}) r2 = dup2(r0, r0) getsockopt$IP6T_SO_GET_ENTRIES(r2, 0x29, 0x41, &(0x7f0000000240)={'filter\x00', 0xa4, "5fd4f64da6009e2b2ee925ea903d6355aea13ba25fd0f87bcba058211893e2e59f759241fbf3db79cecb9f419371d52a5f794d07228d088cb16f4f5ff7ee7a738ed2c436aa51309f136f1184b48a79f1a2ea4d6371adb27e11776168e8e3ab455e9fcccf2e5ca350fbd96f05a7b8929b61cc35be567a7e0b39bd0128a14d80005b4a1f7b77fbe83d6c6fa126d3d728979acae79ba525c02f7515abd9dab687a4cf400ceb"}, &(0x7f00000001c0)=0xc8) 14:33:04 executing program 2: 14:33:04 executing program 0: r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1, 0x0) write$P9_RLOCK(r1, &(0x7f00000000c0)={0x8}, 0x8) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000740)=ANY=[@ANYBLOB="0001a60000000000060000000080"]) [ 1026.329359] audit: type=1326 audit(1539268384.914:265): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=10898 comm="syz-executor5" exe="/root/syz-executor5" sig=9 arch=c000003e syscall=228 compat=0 ip=0x45a37a code=0x0 14:33:05 executing program 2: 14:33:05 executing program 0: r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1, 0x0) write$P9_RLOCK(r1, &(0x7f00000000c0)={0x8}, 0x8) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000740)=ANY=[@ANYBLOB="00000001d7000000060000000080"]) 14:33:05 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={&(0x7f0000000000), 0xc, &(0x7f0000000540)={&(0x7f00000003c0)=@newlink={0x28, 0x10, 0x705, 0x0, 0x0, {0x3000000}, [@IFLA_OPERSTATE={0x8}]}, 0x28}}, 0x0) [ 1026.387445] netlink: 'syz-executor4': attribute type 16 has an invalid length. [ 1026.425795] netlink: 'syz-executor4': attribute type 16 has an invalid length. 14:33:05 executing program 1: r0 = open(&(0x7f00000000c0)='./file0\x00', 0x40, 0x20) r1 = syz_genetlink_get_family_id$nbd(&(0x7f0000000280)='nbd\x00') sendmsg$NBD_CMD_DISCONNECT(r0, &(0x7f0000000380)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x20020210}, 0xc, &(0x7f0000000340)={&(0x7f00000002c0)={0x44, r1, 0x8, 0x70bd27, 0x25dfdbfd, {}, [@NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x10e}, @NBD_ATTR_DEAD_CONN_TIMEOUT={0xc, 0x8, 0x2}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x8}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc}]}, 0x44}, 0x1, 0x0, 0x0, 0x40}, 0x20000840) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) sendfile(r2, r0, &(0x7f00000003c0), 0x2) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000040)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) ioctl$TUNSETQUEUE(r2, 0x400454d9, &(0x7f00000001c0)={'\x00', 0x400}) ioctl$TUNATTACHFILTER(r2, 0x401054d5, &(0x7f0000000200)={0x94, &(0x7f0000000140)}) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000140)=@assoc_value, &(0x7f0000000180)=0x8) ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000000)={"76657400000000000000000400", 0x43732e5398416f1a}) [ 1026.544378] netlink: 'syz-executor4': attribute type 16 has an invalid length. [ 1026.560384] netlink: 'syz-executor4': attribute type 16 has an invalid length. 14:33:05 executing program 5: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) prctl$seccomp(0x16, 0x1, &(0x7f0000000040)={0x0}) 14:33:05 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000080)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_nopr_sha256\x00'}, 0x58) r1 = dup(r0) r2 = accept4$alg(r1, 0x0, 0x0, 0x0) io_setup(0x2000000000000002, &(0x7f0000000100)=0x0) io_submit(r3, 0x1, &(0x7f000049bfe8)=[&(0x7f00004dbfc0)={0x0, 0x0, 0x0, 0x0, 0x0, r2}]) 14:33:05 executing program 2: 14:33:05 executing program 0: r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1, 0x0) write$P9_RLOCK(r1, &(0x7f00000000c0)={0x8}, 0x8) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000740)=ANY=[@ANYBLOB="0001380000000000060000000080"]) 14:33:05 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={&(0x7f0000000000), 0xc, &(0x7f0000000540)={&(0x7f00000003c0)=@newlink={0x28, 0x10, 0x705, 0x0, 0x0, {0xffffff7f}, [@IFLA_OPERSTATE={0x8}]}, 0x28}}, 0x0) 14:33:05 executing program 1: 14:33:05 executing program 2: 14:33:05 executing program 1: [ 1027.170461] audit: type=1326 audit(1539268385.754:266): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=10941 comm="syz-executor5" exe="/root/syz-executor5" sig=9 arch=c000003e syscall=228 compat=0 ip=0x45a37a code=0x0 [ 1027.174581] netlink: 'syz-executor4': attribute type 16 has an invalid length. 14:33:05 executing program 0: r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1, 0x0) write$P9_RLOCK(r1, &(0x7f00000000c0)={0x8}, 0x8) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000740)=ANY=[@ANYBLOB="0000640000000000060000000080"]) 14:33:05 executing program 2: 14:33:05 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={&(0x7f0000000000), 0xc, &(0x7f0000000540)={&(0x7f00000003c0)=@newlink={0x28, 0x10, 0x705, 0x0, 0x0, {0x7a}, [@IFLA_OPERSTATE={0x8}]}, 0x28}}, 0x0) [ 1027.255933] netlink: 'syz-executor4': attribute type 16 has an invalid length. 14:33:05 executing program 2: 14:33:06 executing program 5: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) prctl$seccomp(0x16, 0x1, &(0x7f0000000040)={0x0}) 14:33:06 executing program 1: 14:33:06 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000080)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_nopr_sha256\x00'}, 0x58) r1 = dup(r0) r2 = accept4$alg(r1, 0x0, 0x0, 0x0) io_setup(0x2000000000000002, &(0x7f0000000100)=0x0) io_submit(r3, 0x1, &(0x7f000049bfe8)=[&(0x7f00004dbfc0)={0x0, 0x0, 0x0, 0x0, 0x0, r2}]) 14:33:06 executing program 0: r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1, 0x0) write$P9_RLOCK(r1, &(0x7f00000000c0)={0x8}, 0x8) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000740)=ANY=[@ANYBLOB="00fc000000000000060000000080"]) 14:33:06 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={&(0x7f0000000000), 0xc, &(0x7f0000000540)={&(0x7f00000003c0)=@newlink={0x28, 0x10, 0x705, 0x0, 0x0, {0x34000}, [@IFLA_OPERSTATE={0x8}]}, 0x28}}, 0x0) 14:33:06 executing program 2: 14:33:06 executing program 1: 14:33:06 executing program 0: r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1, 0x0) write$P9_RLOCK(r1, &(0x7f00000000c0)={0x8}, 0x8) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000740)=ANY=[@ANYBLOB="0052010000000000060000000080"]) 14:33:06 executing program 2: [ 1028.033321] audit: type=1326 audit(1539268386.614:267): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=10975 comm="syz-executor5" exe="/root/syz-executor5" sig=9 arch=c000003e syscall=228 compat=0 ip=0x45a37a code=0x0 14:33:06 executing program 1: 14:33:06 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={&(0x7f0000000000), 0xc, &(0x7f0000000540)={&(0x7f00000003c0)=@newlink={0x28, 0x10, 0x705, 0x0, 0x0, {0x4c00000000000000}, [@IFLA_OPERSTATE={0x8}]}, 0x28}}, 0x0) 14:33:06 executing program 2: 14:33:07 executing program 5: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) prctl$seccomp(0x16, 0x1, &(0x7f0000000040)={0x0}) 14:33:07 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000080)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_nopr_sha256\x00'}, 0x58) r1 = dup(r0) r2 = accept4$alg(r1, 0x0, 0x0, 0x0) io_setup(0x2000000000000002, &(0x7f0000000100)=0x0) io_submit(r3, 0x1, &(0x7f000049bfe8)=[&(0x7f00004dbfc0)={0x0, 0x0, 0x0, 0x0, 0x0, r2}]) 14:33:07 executing program 0: r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1, 0x0) write$P9_RLOCK(r1, &(0x7f00000000c0)={0x8}, 0x8) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000740)=ANY=[@ANYBLOB="000c000000000000060000000080"]) 14:33:07 executing program 1: 14:33:07 executing program 2: 14:33:07 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={&(0x7f0000000000), 0xc, &(0x7f0000000540)={&(0x7f00000003c0)=@newlink={0x28, 0x10, 0x705, 0x0, 0x0, {0x7400000000000000}, [@IFLA_OPERSTATE={0x8}]}, 0x28}}, 0x0) 14:33:07 executing program 2: 14:33:07 executing program 1: [ 1028.840560] audit: type=1326 audit(1539268387.424:268): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=11006 comm="syz-executor5" exe="/root/syz-executor5" sig=9 arch=c000003e syscall=228 compat=0 ip=0x45a37a code=0x0 14:33:07 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={&(0x7f0000000000), 0xc, &(0x7f0000000540)={&(0x7f00000003c0)=@newlink={0x28, 0x10, 0x705, 0x0, 0x0, {0x6800000000000000}, [@IFLA_OPERSTATE={0x8}]}, 0x28}}, 0x0) 14:33:07 executing program 1: 14:33:07 executing program 0: r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1, 0x0) write$P9_RLOCK(r1, &(0x7f00000000c0)={0x8}, 0x8) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000740)=ANY=[@ANYBLOB="0000000030000000060000000080"]) 14:33:07 executing program 2: 14:33:08 executing program 5: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) prctl$seccomp(0x16, 0x1, &(0x7f0000000040)={0x0}) 14:33:08 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={&(0x7f0000000000), 0xc, &(0x7f0000000540)={&(0x7f00000003c0)=@newlink={0x28, 0x10, 0x705, 0x0, 0x0, {0x500}, [@IFLA_OPERSTATE={0x8}]}, 0x28}}, 0x0) 14:33:08 executing program 1: 14:33:08 executing program 3: 14:33:08 executing program 2: 14:33:08 executing program 0: r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1, 0x0) write$P9_RLOCK(r1, &(0x7f00000000c0)={0x8}, 0x8) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000740)=ANY=[@ANYBLOB="0000000131000000060000000080"]) 14:33:08 executing program 3: 14:33:08 executing program 1: 14:33:08 executing program 2: request_key(&(0x7f0000000040)='trusted\x00', &(0x7f0000000080)={'syz', 0x0}, &(0x7f00000000c0)='bdev\x00', 0xfffffffffffffffb) [ 1029.679468] audit: type=1326 audit(1539268388.264:269): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=11041 comm="syz-executor5" exe="/root/syz-executor5" sig=9 arch=c000003e syscall=228 compat=0 ip=0x45a37a code=0x0 14:33:08 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={&(0x7f0000000000), 0xc, &(0x7f0000000540)={&(0x7f00000003c0)=@newlink={0x28, 0x10, 0x705, 0x0, 0x0, {0x600}, [@IFLA_OPERSTATE={0x8}]}, 0x28}}, 0x0) 14:33:08 executing program 0: r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1, 0x0) write$P9_RLOCK(r1, &(0x7f00000000c0)={0x8}, 0x8) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000740)=ANY=[@ANYBLOB="0001f50000000000060000000080"]) 14:33:08 executing program 3: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070") bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x18, 0x0, 0x111, 0x0, 0x0, 0xd401}}, &(0x7f0000000180)='GPL\x00', 0x800a, 0x1126, &(0x7f000062b000)=""/4096}, 0x48) 14:33:09 executing program 5: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) prctl$seccomp(0x16, 0x1, &(0x7f0000000040)={0x0}) 14:33:09 executing program 2: syz_open_dev$sndtimer(&(0x7f0000000080)='/dev/snd/timer\x00', 0x0, 0x0) r0 = getpid() r1 = creat(&(0x7f0000000100)='./bus\x00', 0xfffffffffffffffd) write$evdev(r1, &(0x7f0000000600)=[{{}, 0x16, 0x7}, {{}, 0x17, 0xffffffffffffff01}, {{0x0, 0x2710}, 0x2, 0x9, 0x6}, {{0x0, 0x7530}, 0x15, 0x101, 0x237}], 0x60) ioctl(0xffffffffffffffff, 0x2, &(0x7f00000003c0)="49845351012a8ceab12ef720bb01e6417732f491112c83ed244193bb01a9e6647f96a907213e2f71856e4a97679bc73998d6cd87a581917301313393ec7ad86598b6edc5fbbe48d600fbce463aa81e25b6068ee3cb69734fb567116069834756e1edf63a5bb73f73fcbe34bcfeabae770cc4632fec611d5f2e3846239cfb57273a51c2717c52faf08833bfda5f7944cefa0109fc3eac24df115fe82ce58f18c6cee8c0aa2ad2fb0bf8095658b0c6edfd5e3973a9cd387c8f4e3c3b88d02a8545d29981719cf02d25d75ec475ce56b7c6cc65740688b98cf5b6b37b9a226b647236a28baa99d12de24e") getsockopt$inet_sctp6_SCTP_CONTEXT(0xffffffffffffffff, 0x84, 0x11, &(0x7f0000000240)={0x0, 0x42a}, &(0x7f0000000280)=0x8) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) fallocate(r1, 0x0, 0x0, 0x1000f4) r2 = open(&(0x7f0000000180)='./bus\x00', 0x4002, 0x0) lsetxattr$trusted_overlay_opaque(&(0x7f0000000340)='./bus\x00', &(0x7f0000000380)='trusted.overlay.opaque\x00', &(0x7f0000000500)='y\x00', 0x2, 0x0) bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000000300)={r1, &(0x7f00000006c0)="61e27d7ccbd5fb9b86d79486f8eecd1734996c82dd07b924096325f8aa50e8b0fcbac4c2e8a06b0dac4a6eaf24e71caa75950b9a8acdaafadf63d860fe90ccd7b6ed593e48c090492e1e15bddf11313ac70e10affbfa9770b669e39bfc4b5bf3680f2fd0f764fd4d4088cd080ee2d55b80e03ecd9884eccc2e5cb707f3dbe41c13121026bcf8426fa6033548fdc565c07921d10338a8a920abfb89f327bac413e197ffde432352eb0adc5bc108907415212f676e327c6c37259aa0997782100cd98d19f99df5eaea08e08941e9e4d8c42fed28c9698b66aa5b5d28b327307d6eab9d7d3aa96e3c6afca9399a8004afa7e3c58eadc9d5253e5f5fdcde446b31659fbfc73ca9f768ada51d595f4cbc7cc31207c382d46044e085e16ad47b22d076af653371252292003cc213a3030c18bdf65f1d40c2a5dae4db3c4e4557d4037ad3ae4c8eac3768c2e2effe8a6f4e6e8ac0eb496ba49458cd45e71c417442cc2425d0dabeebf8ca0639cf15ed607aea59534016f8a38ecc6b01c2ffbca3d723b4aac07bbaed9cff9784e1c3752ab9785993da03d26f5a17578ccd6e41f13fbcbac64a5e5cb447c4cb8a3dbaba1d5ea02b39ee69240a4e9933004c72bdf9aab68412a592daa5f1da0737d5c46fd8cfe086d8bf3fe65571efc54ded5edbe00eb336c622da1079d2d61e4dd7d168b3a296c8f9bec843f8eced3ac7c3198c0b0f0b0008ebf4da158ddbad73eef34bbef0e3d1551ab676a227615668e24142876cdc35482f0b7b6e841b0582ff2474fa7a1c91f64291b895f06154883726eca1ded99d27a04853a267dd25e61c2f0116a194ea54ebe99cd93adc8be3486fa5ef6570cf6c3d6714419f30dea4da6e1430425900bd9152b8c5a51cd4695fc7c03d482be7131702fe990e9b78b56f7224a4c0829949b55a06889796defa5d41c106f6902e47ed194c92ffa34575a18b4e53227983c9d6f959564cb87a346dd9b7057852083a68be6188089bd9bbce5580a0cf05376550722b5e92be0863efddb74abcecf399e9e6fbdf97e095c882365ca145cf2c58972513b822f3821ad7cbf92377b67860f89d0c674ad7f8162284211c80242c2f705a275782c4014713886acecffcbd5e6e13536b8d126937f1242b275f310b2270f97506d42e7763abb24ca477e9c72e747c3a26d15b5dfec2d2a7f15186bc63b64d1129c7a53c84c3fb736c470633aa1b27929341e782a83da8bb616c2983d630bf3b75857fb6bf0faeea3700b90966f10278db58a659967d02cacc560521463057c4a474f377b504b5caf9a83a56479644073df15978cdf8e7b1107480511a9059bde0ebcde82c91e3ff9120479e53a395e5522152f1494a5a3932efd2a549506162ef55749c9cbb8bf958c483b0f7e10b5fc75e2943ea27640770c31680ce9cbb5556f6ee6d6336c4279c5dff9577b7f3da5b7cee7dbfd591e857c4a3ef66c91ca85a007ed74588e07dcbd30537d1c24a00183189fcd60b82613aae55d47d9d5568c45b52605796cc0439da96f82efd817348dcf37c4f341366ee3a40e286f7b77526140c2220174edeb7fc518fa85791629f0575192b770eb96350185b4e6091cabaf4984f64e9802f283ea271b3e2ab2dc0918b02b5e483a8645391af4cf7a997683cad2e91bd6aa4a9a5f42dc18e84f92b8199d994e405cb6b8d928e4131331d421a7c3dc13c9dd7168043ed8f81a59a5c10ca72c39aa61342eb210430a65c5b8b6ff5bc51110a98825dd7e5bd4b4ffb718bce290c0edf2fb9db5dcd6652e794f75d3c23a02ce86afd01f15e6de7e84e55f93c640fee85174a15e1c96c70104a2613f723eb988d9760aacddd58252aa5b0f5da39a69b09804dd00a6a8744eea992d63aedebb3c2cd1d26a1eebe63993400a5f11ae28df36e490807ee8f54113a963b5e0e531a2d37dea5b3a0db23031ec0fd0d2245a4386a5edb2981ff037fe8e46406bc2db3e2dc895f0d77ca62b3fd57cd5ecf418914a78f594ac5e2ad57b101ee08eead683128204e1ac024c832d069c49aabf163655bf5306257e40ea0aec1d1bd1e9d8f58711372c13caa69c4c65e299c247b69f8ff4440041a1d4ebd1b20dcc789817184dd14fcf487f5321e37b331c88c3a53dcd7ee887f1d161510f46f6502842dc2d8d8d7f431a563aa5a258551d60a1c88ddf9de7d530beec6a4c93922e269f6f3ee163891b4356c0156636b7905406d46d1bf873250162eba871afa249277f531946144d081024b93a4b507bb19241450ba339034a6708b79b8ef2bef135451a7b58fcc499e7ea6832e6cb684b91de3e50285fb8195196af7cc5d1f3ed552ab2522043e6313fb444a0397196e60ddc8b0141c8ade348a151fcb7858aa2db5650e8d4e81255178c36320a08df56a5723c1ce1f636031a0b7db3d58e575e6bac33f421c5847bf0aaf757140b437eae896ab49bbc22bce109c3b347fbbf679010efb98203de6b2b7fdc97c7dacabde7c6e0519e931a5ab407f9fca8773605f5949a4f7857de2b540ac9b0f3c75093f9669338e44666a8373d696c79c3f028f9747b960f479226be28d946101da0394a5049d0631015996e5dcc95ce1d26036575278de541d5e180e627eb5f9a5c94e9e85d4604d3ca29de75533279c1344dfba51fdbbb7358292145873c80ee967532243d7bfffa4ad120aefb6ce5580aea7a4b6707c6330c85eed3e959c7d53f9777cedb4a66fd548ce9a3f32f4956e545b4c918b7d32432ccdf3eeaf54cb1e4ac51043587cd7578814e1ccd49db6dbec03be7251f8acc416000cc4baf9fd56f3982c5ffcaaa1f881c9bf0d2e5d55a4bbf4179c7887d21bcfa3987250398b4c1ac6bb8a23a2287a87ac9564557b7e6cb59a8ce49f2d3a384b66d009b170334b0e0c50bdaf00edb5df3a9a4f4d49d10d3327dc26c1a5a1b628a62ddd9a5d26c6db260a0140b8a4347e3d89314baf81dea18d1616887b1b2df6e08b17fa0010129aec71aa2e4fccdc9c7c2f237272255ea84d7c615ead38426e470191af58adedea4ffb432ef69a35898e81dbfd3d0131cbd04a1532edf79159e27f0c451939cf86ef15ea8830049681de8ca8c6af97a2e5706cad8216eb40564a1a2ee3e8fc5188796f9d4bbf0e66e99d586da79f80ba319f17b7f8e74821f507ba65fb41543b940ae6a374d7f32d592f6b039018193c2c4544528200e8050b7c0d0911c677c30598bcc8b09512b0505ab9b83dc9923679d02bc91871244dcc006ff885f50973d70dbe4db3bf909a69ec1dab470a56a932c8cf9000cb583575eae90fc08dfe08f81cbe876f7c67cd853843691119191d40dd35059a61f68be7363a52adc85b2dbc1dfc1b3072acc1d9365f2be282747072f43616a2b4ccae92dd28ca32aee72f9d3fb6b0efa314a2c5e11d98594c97af7d8297b5a32270bda16b1c153cfe1705c571d4e71c63ee50273ebe486926ec9a05dd418dc8dc4d63ae8f410b5dc05560f084f6410ecf538ede3ea04d567ffb403143ca6c5803f491f9fdf5cc35b588e70e54e2ee76f88cf63400f6713350c103e338c05720d708bc8c476e00a00d6c12b3a833f9f8f2d631d3a6bb40fea734cc1e51294845e3d83e7d4348690d08e7dcfb8a148446efc8ad62adcc44963bd0f576957f10455f84a79b76b1d8a5456049425e28cb3ba1c4dafe34f8186c1632b9fd10b8370e419836711daa94a29d6634e3fb6858a8c2db7e377c9b90ce2c3510c749029b496aabf827a940119b16ce827cc3b2e5169069ace82c2c751404bc1b5779657755905a3c49f2beb8f67f1273d68783d76d4757eefa2a9c67c4beddb892dc875d623791e431b356b9497938878777886fdd94b8e9dfdeb2b37d831efdad6de555ef4712c1d5e0cf4fa6036de5902d86f862f2397e1f7ad8f20936e654b8586915db6e89e6d9b40c3b8b6d1f48f2f8234888256d899a19ef35af37af51832056b50fe4322c7ceed49f28faf9bd458eee7507544ac2dbd6b0ef098dc3197b12410c6c8e11beb41d12c785eb7765ff5d39f3e7398dded6067a42f1be818d8e86b0aacb23a6d0560c3e09dee4d93751b9d869cc20f2e8912bd6e75d35d3e0040fc480c9cc0fa77ea7752085d7a00c1e8696b55bda0515e54454871bf1bf004b4b53b2b16fc5de96d23bec03120db5371500d5f4bc5edf758d5cd0d2109d53500b8d1d3863d23e24357d4a3020eb9ad68ef7b8d00ef96a1b91de383cbdeaaa7bbd8d2a23a9434bc607a8e56265b2bc3c631dd4f804ead7a3f378289c3db3ea6727e22a1bd2afdbe93b9015f1203cacc58c3f8679cabeb12598fc7562770725253386eb24d5881c18db244df50497a0d67a6264856372106a1c3c2b1f233b2a000ffa4679fce543c0d1a2e5a59175d26d5e00b805f98545beab8f461847ef5a9ebfb559cbf0f5192545071a505dd13536c27fa99ca1557976124c3cb113b0f8897b021e4ca55f702cd994e4f04511ce6a18940a70927a72554aeb0c5c56cd17a29d96dc15df81a18b961dfacd7c3a015f73178e53764ac4138feaa80335cc0ac5ef4c0f168cf3cffd1f21ff6d3844814eb96435df14e10ababfc54b776531b3e3d82a41237b0620145ca27a4f0a40676e2ea3a3bb8d552c77f37dbdea1f800935a2db7265524033ca62ab6fa8aeb18a72ebff507273c0a90586a354d3ced8ce884deaa2bd0aaff0647c5146ef9afe8e9cada36380ddbf67facb8fa1d01402450ebbcf52ab972447f03a6ce22e8d09cb5887085c39b37a05be98c3ac1c8ce62d2bd773dc268fdf5ef9cae61bb3388fe153c1083d7e38799032157ab75200af55568c788f8ecfced1684bb27436aad0f58678f0097297683b46dcc99d71b45f8de0ac25009981502e8f681271f7d3bbcc75db907e16a2bd58a805d90eb84e0ac988101de2b2f946a1d05199c98cdc6c1dc49d591930097584fad3077f344018499112392d02efbc60b130e04a2317724f397a8d851b2990ec6569e4be6c0e0b8bb3c2e05513806cecffb3e081d0f7d4b81f3677cf2fc431b5c126327d7f46020296ff0838b445b1e5df83d0d475bf68ae5d8006bab0b775ca8143b58e03d9457a4c2ad8c70dc428866fa3b1f20783d03fa92c90c856956fc73b6963081fe27771f33ab1242fe88e63414eaeb5cc5838acba6b5deca6e54005f6f6404892ba5db515daad2c130755926c566370bce9a185cfb8f1fef200df39eda476d19871d5d10580be6a0658db280ce9c26f2fe686ccebe1642bf91ec60eda1fae2ab9e62e598c2a355c6e0bbce39daf1f296c8a84408c07baba840773bcb31c8d4adc3cd5f699c6bba6be8f79a15e8fb7f7c5450e8261251da9bf7c6111aa9d3c3ca0f02f14ecd056a3659dca1b828263b13aa6106bfeca5134cb5d457f7ce95be3b79c0199a86b468d5c22932ed5e3259fb6c3c750bbfa35e84d964f6ca5a4ce4839a6734c8787c12936b7d7892724bd04994340b3a8efcd935563f1a079ed609b11888d06e1849ff61a96c93929e6d80cb7d16dea5cf28a2397f09294eae4a38283a527c1faa40d1bf755d5a581483c2fe39149fa63b83d2e0ad26e4f5efbf83384be2faf409f0a9c951648d0735986", &(0x7f00000002c0)=""/35}, 0x18) sendfile(r1, r2, &(0x7f0000d83ff8), 0x8000fffffffe) ptrace$getregs(0xc, r0, 0x5, &(0x7f00000004c0)=""/58) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000d83ff8), 0x0) 14:33:09 executing program 1: request_key(&(0x7f00000002c0)='dns_resolver\x00', &(0x7f0000000000)={'syz', 0xffffffffffffffff, 0x500000000000000}, &(0x7f0000000240)="7010eda48fbdbb3ce7025b02007703006a726f63ce152e7b6c616e316b657972694e67d7ab", 0x0) 14:33:09 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={&(0x7f0000000000), 0xc, &(0x7f0000000540)={&(0x7f00000003c0)=@newlink={0x28, 0x10, 0x705, 0x0, 0x0, {0x4000000000000000}, [@IFLA_OPERSTATE={0x8}]}, 0x28}}, 0x0) 14:33:09 executing program 0: r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1, 0x0) write$P9_RLOCK(r1, &(0x7f00000000c0)={0x8}, 0x8) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000740)=ANY=[@ANYBLOB="00000001fb000000060000000080"]) 14:33:09 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_ENABLE_CAP(r1, 0x4068aea3, &(0x7f0000000180)={0x79, 0x0, [0xfffffffffffffffe]}) [ 1030.516899] audit: type=1326 audit(1539268389.094:270): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=11078 comm="syz-executor5" exe="/root/syz-executor5" sig=9 arch=c000003e syscall=228 compat=0 ip=0x45a37a code=0x0 14:33:09 executing program 1: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f00000000c0)={'\x00', 0x400}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000200)={0x94, &(0x7f0000000140)}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) r2 = openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000000340)='/selinux/enforce\x00', 0x2280, 0x0) r3 = syz_genetlink_get_family_id$team(&(0x7f00000003c0)='team\x00') getsockopt$inet_pktinfo(0xffffffffffffff9c, 0x0, 0x8, &(0x7f00000004c0)={0x0, @rand_addr, @remote}, &(0x7f0000000500)=0xc) getpeername$packet(0xffffffffffffff9c, &(0x7f0000000540)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @local}, &(0x7f0000000580)=0x14) getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, &(0x7f0000000680)={{{@in=@local, @in6=@loopback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@loopback}, 0x0, @in=@dev}}, &(0x7f0000000780)=0xe8) ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffff9c, 0x8933, &(0x7f00000007c0)={'team0\x00', 0x0}) getsockopt$inet_pktinfo(0xffffffffffffff9c, 0x0, 0x8, &(0x7f0000000800)={0x0, @rand_addr, @remote}, &(0x7f0000000840)=0xc) getsockname$packet(0xffffffffffffff9c, &(0x7f0000003980)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000039c0)=0x14) ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f0000003a00)={'team0\x00', 0x0}) getsockopt$inet_mreqn(0xffffffffffffff9c, 0x0, 0x24, &(0x7f0000003a40)={@rand_addr, @remote, 0x0}, &(0x7f0000003a80)=0xc) getsockopt$inet6_mreq(r1, 0x29, 0x14, &(0x7f0000003ac0)={@remote, 0x0}, &(0x7f0000003b00)=0x14) r13 = accept4$packet(0xffffffffffffffff, &(0x7f0000003b40)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, &(0x7f0000003b80)=0x14, 0x80000) accept4$packet(r0, &(0x7f0000003bc0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @random}, &(0x7f0000003c00)=0x14, 0x0) getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000003c40)={0x0, @broadcast, @local}, &(0x7f0000003c80)=0xc) clock_gettime(0x0, &(0x7f0000005c00)={0x0, 0x0}) recvmmsg(0xffffffffffffffff, &(0x7f0000005b40)=[{{&(0x7f0000003cc0)=@generic, 0x80, &(0x7f0000004040)=[{&(0x7f0000003d40)=""/209, 0xd1}, {&(0x7f0000003e40)=""/37, 0x25}, {&(0x7f0000003e80)=""/131, 0x83}, {&(0x7f0000003f40)}, {&(0x7f0000003f80)=""/176, 0xb0}], 0x5, &(0x7f00000040c0)=""/203, 0xcb, 0x6}, 0x7fffffff}, {{&(0x7f00000041c0)=@hci={0x1f, 0x0}, 0x80, &(0x7f0000004500)=[{&(0x7f0000004240)=""/203, 0xcb}, {&(0x7f0000004340)=""/28, 0x1c}, {&(0x7f0000004380)=""/25, 0x19}, {&(0x7f00000043c0)=""/37, 0x25}, {&(0x7f0000004400)=""/194, 0xc2}], 0x5, &(0x7f0000004580)=""/102, 0x66, 0x9}, 0x2}, {{&(0x7f0000004600)=@pppol2tpin6, 0x80, &(0x7f0000005a00)=[{&(0x7f0000004680)=""/192, 0xc0}, {&(0x7f0000004740)=""/4096, 0x1000}, {&(0x7f0000005740)=""/173, 0xad}, {&(0x7f0000005800)=""/74, 0x4a}, {&(0x7f0000005880)=""/163, 0xa3}, {&(0x7f0000005940)=""/35, 0x23}, {&(0x7f0000005980)=""/5, 0x5}, {&(0x7f00000059c0)=""/63, 0x3f}], 0x8, &(0x7f0000005a80)=""/162, 0xa2, 0x7fff}, 0x3}], 0x3, 0x7180c6c30ae399d0, &(0x7f0000005c40)={r17, r18+30000000}) getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffff9c, 0x29, 0x23, &(0x7f0000008280)={{{@in=@broadcast, @in6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@dev}, 0x0, @in=@loopback}}, &(0x7f0000008380)=0xe8) getsockname$packet(0xffffffffffffffff, &(0x7f00000083c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000008400)=0x14) getsockopt$inet_pktinfo(r13, 0x0, 0x8, &(0x7f0000000400)={0x0, @local, @loopback}, &(0x7f0000008480)=0xc) accept$packet(0xffffffffffffff9c, &(0x7f00000084c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @remote}, &(0x7f0000008500)=0x14) accept$packet(0xffffffffffffffff, &(0x7f0000008540)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @local}, &(0x7f0000008580)=0x14) accept$packet(r0, &(0x7f0000008740)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, &(0x7f0000008780)=0x14) getpeername$packet(0xffffffffffffff9c, &(0x7f00000087c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, &(0x7f0000008800)=0x14) getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffff9c, 0x0, 0x11, &(0x7f0000008840)={{{@in6, @in6=@remote, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@ipv4={[], [], @local}}, 0x0, @in6=@mcast1}}, &(0x7f0000008940)=0xe8) accept4$packet(0xffffffffffffff9c, &(0x7f0000008a40)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @random}, &(0x7f0000008a80)=0x14, 0x80000) getsockopt$inet_mreqn(0xffffffffffffff9c, 0x0, 0x27, &(0x7f0000008ac0)={@multicast2, @multicast2, 0x0}, &(0x7f0000008b00)=0xc) getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000008b40)={0x0, @rand_addr}, &(0x7f0000008b80)=0xc) sendmsg$TEAM_CMD_OPTIONS_SET(r2, &(0x7f0000009600)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f00000095c0)={&(0x7f0000008bc0)={0x9e0, r3, 0x8, 0x70bd27, 0x25dfdbfe, {}, [{{0x8, 0x1, r4}, {0x138, 0x2, [{0x40, 0x1, @lb_hash_stats={{{0x24, 0x1, 'lb_hash_stats\x00'}, {0x8}, {0x8, 0x4, 0x1}}, {0x8}}}, {0x38, 0x1, @notify_peers_count={{0x24, 0x1, 'notify_peers_count\x00'}, {0x8}, {0x8, 0x4, 0x2}}}, {0x3c, 0x1, @user_linkup={{{0x24, 0x1, 'user_linkup\x00'}, {0x8}, {0x4}}, {0x8, 0x6, r5}}}, {0x40, 0x1, @queue_id={{{0x24, 0x1, 'queue_id\x00'}, {0x8}, {0x8, 0x4, 0xff}}, {0x8, 0x6, r6}}}, {0x40, 0x1, @queue_id={{{0x24, 0x1, 'queue_id\x00'}, {0x8}, {0x8, 0x4, 0x7}}, {0x8, 0x6, r7}}}]}}, {{0x8, 0x1, r8}, {0x25c, 0x2, [{0x38, 0x1, @mcast_rejoin_interval={{0x24, 0x1, 'mcast_rejoin_interval\x00'}, {0x8}, {0x8, 0x4, 0x3}}}, {0x4c, 0x1, @lb_tx_method={{0x24, 0x1, 'lb_tx_method\x00'}, {0x8}, {0x1c, 0x4, 'hash_to_port_mapping\x00'}}}, {0x3c, 0x1, @bpf_hash_func={{0x24, 0x1, 'bpf_hash_func\x00'}, {0x8}, {0xc, 0x4, [{0x2, 0x7fff, 0x7, 0x3}]}}}, {0x38, 0x1, @activeport={{0x24, 0x1, 'activeport\x00'}, {0x8}, {0x8, 0x4, r9}}}, {0x38, 0x1, @notify_peers_count={{0x24, 0x1, 'notify_peers_count\x00'}, {0x8}, {0x8, 0x4, 0x292d}}}, {0x40, 0x1, @name={{0x24, 0x1, 'mode\x00'}, {0x8}, {0x10, 0x4, 'loadbalance\x00'}}}, {0x3c, 0x1, @enabled={{{0x24, 0x1, 'enabled\x00'}, {0x8}, {0x4}}, {0x8, 0x6, r10}}}, {0x74, 0x1, @bpf_hash_func={{0x24, 0x1, 'bpf_hash_func\x00'}, {0x8}, {0x44, 0x4, [{0x7ff, 0x20, 0x5, 0x7fffffff}, {0x8, 0x1ff, 0x9, 0xffffffffffffffe1}, {0x80000001, 0x2, 0x7, 0x4}, {0xa86, 0x6, 0x2, 0x7}, {0x10f, 0x7, 0x0, 0x8000}, {0x286, 0x6, 0x1, 0x3}, {0x2d2, 0x2, 0xffffffffffffffff, 0x7fffffff}, {0x3, 0x5, 0x40, 0x1}]}}}, {0x38, 0x1, @mcast_rejoin_interval={{0x24, 0x1, 'mcast_rejoin_interval\x00'}, {0x8}, {0x8, 0x4, 0x3}}}]}}, {{0x8, 0x1, r11}, {0x1a0, 0x2, [{0x40, 0x1, @lb_hash_stats={{{0x24, 0x1, 'lb_hash_stats\x00'}, {0x8}, {0x8, 0x4, 0x2}}, {0x8}}}, {0x38, 0x1, @notify_peers_count={{0x24, 0x1, 'notify_peers_count\x00'}, {0x8}, {0x8, 0x4, 0x7}}}, {0x3c, 0x1, @lb_tx_method={{0x24, 0x1, 'lb_tx_method\x00'}, {0x8}, {0xc, 0x4, 'hash\x00'}}}, {0x38, 0x1, @notify_peers_interval={{0x24, 0x1, 'notify_peers_interval\x00'}, {0x8}, {0x8}}}, {0x40, 0x1, @lb_tx_hash_to_port_mapping={{{0x24, 0x1, 'lb_tx_hash_to_port_mapping\x00'}, {0x8}, {0x8, 0x4, r12}}, {0x8}}}, {0x38, 0x1, @notify_peers_count={{0x24, 0x1, 'notify_peers_count\x00'}, {0x8}, {0x8, 0x4, 0x6}}}, {0x38, 0x1, @activeport={{0x24, 0x1, 'activeport\x00'}, {0x8}, {0x8, 0x4, r14}}}]}}, {{0x8, 0x1, r15}, {0x104, 0x2, [{0x38, 0x1, @lb_stats_refresh_interval={{0x24, 0x1, 'lb_stats_refresh_interval\x00'}, {0x8}, {0x8, 0x4, 0x4}}}, {0x3c, 0x1, @user_linkup={{{0x24, 0x1, 'user_linkup\x00'}, {0x8}, {0x4}}, {0x8, 0x6, r16}}}, {0x4c, 0x1, @lb_tx_method={{0x24, 0x1, 'lb_tx_method\x00'}, {0x8}, {0x1c, 0x4, 'hash_to_port_mapping\x00'}}}, {0x40, 0x1, @lb_port_stats={{{0x24, 0x1, 'lb_port_stats\x00'}, {0x8}, {0x8, 0x4, 0x4}}, {0x8, 0x6, r19}}}]}}, {{0x8, 0x1, r20}, {0xb8, 0x2, [{0x38, 0x1, @mcast_rejoin_count={{0x24, 0x1, 'mcast_rejoin_count\x00'}, {0x8}, {0x8, 0x4, 0x3}}}, {0x3c, 0x1, @user_linkup={{{0x24, 0x1, 'user_linkup\x00'}, {0x8}, {0x4}}, {0x8, 0x6, r21}}}, {0x40, 0x1, @lb_tx_hash_to_port_mapping={{{0x24, 0x1, 'lb_tx_hash_to_port_mapping\x00'}, {0x8}, {0x8, 0x4, r22}}, {0x8}}}]}}, {{0x8, 0x1, r23}, {0x90, 0x2, [{0x40, 0x1, @name={{0x24, 0x1, 'mode\x00'}, {0x8}, {0x10, 0x4, 'loadbalance\x00'}}}, {0x4c, 0x1, @lb_tx_method={{0x24, 0x1, 'lb_tx_method\x00'}, {0x8}, {0x1c, 0x4, 'hash_to_port_mapping\x00'}}}]}}, {{0x8, 0x1, r24}, {0x4}}, {{0x8, 0x1, r25}, {0x40, 0x2, [{0x3c, 0x1, @name={{0x24, 0x1, 'mode\x00'}, {0x8}, {0xc, 0x4, 'random\x00'}}}]}}, {{0x8, 0x1, r26}, {0x90, 0x2, [{0x4c, 0x1, @lb_tx_method={{0x24, 0x1, 'lb_tx_method\x00'}, {0x8}, {0x1c, 0x4, 'hash_to_port_mapping\x00'}}}, {0x40, 0x1, @lb_tx_hash_to_port_mapping={{{0x24, 0x1, 'lb_tx_hash_to_port_mapping\x00'}, {0x8}, {0x8, 0x4, r27}}, {0x8}}}]}}, {{0x8, 0x1, r28}, {0x128, 0x2, [{0x3c, 0x1, @enabled={{{0x24, 0x1, 'enabled\x00'}, {0x8}, {0x4}}, {0x8, 0x6, r29}}}, {0x3c, 0x1, @bpf_hash_func={{0x24, 0x1, 'bpf_hash_func\x00'}, {0x8}, {0xc, 0x4, [{0x3, 0x81, 0x20, 0x9}]}}}, {0x38, 0x1, @notify_peers_interval={{0x24, 0x1, 'notify_peers_interval\x00'}, {0x8}, {0x8}}}, {0x3c, 0x1, @user_linkup_enabled={{{0x24, 0x1, 'user_linkup_enabled\x00'}, {0x8}, {0x4}}, {0x8, 0x6, r30}}}, {0x38, 0x1, @notify_peers_interval={{0x24, 0x1, 'notify_peers_interval\x00'}, {0x8}, {0x8, 0x4, 0xffffffffffff8001}}}]}}]}, 0x9e0}, 0x1, 0x0, 0x0, 0x1}, 0x4055) r31 = syz_open_dev$admmidi(&(0x7f00000001c0)='/dev/admmidi#\x00', 0xce8, 0x111800) ioctl$EVIOCGNAME(r31, 0x80404506, &(0x7f0000000240)=""/207) getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000140)=@assoc_value, &(0x7f0000000180)=0x8) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={"76657400000000000000000400", 0x43732e5398416f1a}) 14:33:09 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={&(0x7f0000000000), 0xc, &(0x7f0000000540)={&(0x7f00000003c0)=@newlink={0x28, 0x10, 0x705, 0x0, 0x0, {0x6000000000000000}, [@IFLA_OPERSTATE={0x8}]}, 0x28}}, 0x0) 14:33:09 executing program 3: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f00000000c0)={'\x00', 0x400}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000200)={0x94, &(0x7f0000000140)}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) r2 = openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000000340)='/selinux/enforce\x00', 0x2280, 0x0) r3 = syz_genetlink_get_family_id$team(&(0x7f00000003c0)='team\x00') getsockopt$inet_pktinfo(0xffffffffffffff9c, 0x0, 0x8, &(0x7f00000004c0)={0x0, @rand_addr, @remote}, &(0x7f0000000500)=0xc) getpeername$packet(0xffffffffffffff9c, &(0x7f0000000540)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @local}, &(0x7f0000000580)=0x14) getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, &(0x7f0000000680)={{{@in=@local, @in6=@loopback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@loopback}, 0x0, @in=@dev}}, &(0x7f0000000780)=0xe8) ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffff9c, 0x8933, &(0x7f00000007c0)={'team0\x00', 0x0}) getsockopt$inet_pktinfo(0xffffffffffffff9c, 0x0, 0x8, &(0x7f0000000800)={0x0, @rand_addr, @remote}, &(0x7f0000000840)=0xc) getsockname$packet(0xffffffffffffff9c, &(0x7f0000003980)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000039c0)=0x14) ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f0000003a00)={'team0\x00', 0x0}) getsockopt$inet_mreqn(0xffffffffffffff9c, 0x0, 0x24, &(0x7f0000003a40)={@rand_addr, @remote, 0x0}, &(0x7f0000003a80)=0xc) getsockopt$inet6_mreq(r1, 0x29, 0x14, &(0x7f0000003ac0)={@remote, 0x0}, &(0x7f0000003b00)=0x14) r13 = accept4$packet(0xffffffffffffffff, &(0x7f0000003b40)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, &(0x7f0000003b80)=0x14, 0x80000) accept4$packet(r0, &(0x7f0000003bc0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @random}, &(0x7f0000003c00)=0x14, 0x0) getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000003c40)={0x0, @broadcast, @local}, &(0x7f0000003c80)=0xc) clock_gettime(0x0, &(0x7f0000005c00)={0x0, 0x0}) recvmmsg(0xffffffffffffffff, &(0x7f0000005b40)=[{{&(0x7f0000003cc0)=@generic, 0x80, &(0x7f0000004040)=[{&(0x7f0000003d40)=""/209, 0xd1}, {&(0x7f0000003e40)=""/37, 0x25}, {&(0x7f0000003e80)=""/131, 0x83}, {&(0x7f0000003f40)}, {&(0x7f0000003f80)=""/176, 0xb0}], 0x5, &(0x7f00000040c0)=""/203, 0xcb, 0x6}, 0x7fffffff}, {{&(0x7f00000041c0)=@hci={0x1f, 0x0}, 0x80, &(0x7f0000004500)=[{&(0x7f0000004240)=""/203, 0xcb}, {&(0x7f0000004340)=""/28, 0x1c}, {&(0x7f0000004380)=""/25, 0x19}, {&(0x7f00000043c0)=""/37, 0x25}, {&(0x7f0000004400)=""/194, 0xc2}], 0x5, &(0x7f0000004580)=""/102, 0x66, 0x9}, 0x2}, {{&(0x7f0000004600)=@pppol2tpin6, 0x80, &(0x7f0000005a00)=[{&(0x7f0000004680)=""/192, 0xc0}, {&(0x7f0000004740)=""/4096, 0x1000}, {&(0x7f0000005740)=""/173, 0xad}, {&(0x7f0000005800)=""/74, 0x4a}, {&(0x7f0000005880)=""/163, 0xa3}, {&(0x7f0000005940)=""/35, 0x23}, {&(0x7f0000005980)=""/5, 0x5}, {&(0x7f00000059c0)=""/63, 0x3f}], 0x8, &(0x7f0000005a80)=""/162, 0xa2, 0x7fff}, 0x3}], 0x3, 0x7180c6c30ae399d0, &(0x7f0000005c40)={r17, r18+30000000}) getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffff9c, 0x29, 0x23, &(0x7f0000008280)={{{@in=@broadcast, @in6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@dev}, 0x0, @in=@loopback}}, &(0x7f0000008380)=0xe8) getsockname$packet(0xffffffffffffffff, &(0x7f00000083c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000008400)=0x14) getsockopt$inet_pktinfo(r13, 0x0, 0x8, &(0x7f0000000400)={0x0, @local, @loopback}, &(0x7f0000008480)=0xc) accept$packet(0xffffffffffffff9c, &(0x7f00000084c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @remote}, &(0x7f0000008500)=0x14) accept$packet(0xffffffffffffffff, &(0x7f0000008540)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @local}, &(0x7f0000008580)=0x14) accept$packet(r0, &(0x7f0000008740)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, &(0x7f0000008780)=0x14) getpeername$packet(0xffffffffffffff9c, &(0x7f00000087c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, &(0x7f0000008800)=0x14) getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffff9c, 0x0, 0x11, &(0x7f0000008840)={{{@in6, @in6=@remote, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@ipv4={[], [], @local}}, 0x0, @in6=@mcast1}}, &(0x7f0000008940)=0xe8) accept4$packet(0xffffffffffffff9c, &(0x7f0000008a40)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @random}, &(0x7f0000008a80)=0x14, 0x80000) getsockopt$inet_mreqn(0xffffffffffffff9c, 0x0, 0x27, &(0x7f0000008ac0)={@multicast2, @multicast2, 0x0}, &(0x7f0000008b00)=0xc) getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000008b40)={0x0, @rand_addr}, &(0x7f0000008b80)=0xc) sendmsg$TEAM_CMD_OPTIONS_SET(r2, &(0x7f0000009600)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f00000095c0)={&(0x7f0000008bc0)={0x9e0, r3, 0x8, 0x70bd27, 0x25dfdbfe, {}, [{{0x8, 0x1, r4}, {0x138, 0x2, [{0x40, 0x1, @lb_hash_stats={{{0x24, 0x1, 'lb_hash_stats\x00'}, {0x8}, {0x8, 0x4, 0x1}}, {0x8}}}, {0x38, 0x1, @notify_peers_count={{0x24, 0x1, 'notify_peers_count\x00'}, {0x8}, {0x8, 0x4, 0x2}}}, {0x3c, 0x1, @user_linkup={{{0x24, 0x1, 'user_linkup\x00'}, {0x8}, {0x4}}, {0x8, 0x6, r5}}}, {0x40, 0x1, @queue_id={{{0x24, 0x1, 'queue_id\x00'}, {0x8}, {0x8, 0x4, 0xff}}, {0x8, 0x6, r6}}}, {0x40, 0x1, @queue_id={{{0x24, 0x1, 'queue_id\x00'}, {0x8}, {0x8, 0x4, 0x7}}, {0x8, 0x6, r7}}}]}}, {{0x8, 0x1, r8}, {0x25c, 0x2, [{0x38, 0x1, @mcast_rejoin_interval={{0x24, 0x1, 'mcast_rejoin_interval\x00'}, {0x8}, {0x8, 0x4, 0x3}}}, {0x4c, 0x1, @lb_tx_method={{0x24, 0x1, 'lb_tx_method\x00'}, {0x8}, {0x1c, 0x4, 'hash_to_port_mapping\x00'}}}, {0x3c, 0x1, @bpf_hash_func={{0x24, 0x1, 'bpf_hash_func\x00'}, {0x8}, {0xc, 0x4, [{0x2, 0x7fff, 0x7, 0x3}]}}}, {0x38, 0x1, @activeport={{0x24, 0x1, 'activeport\x00'}, {0x8}, {0x8, 0x4, r9}}}, {0x38, 0x1, @notify_peers_count={{0x24, 0x1, 'notify_peers_count\x00'}, {0x8}, {0x8, 0x4, 0x292d}}}, {0x40, 0x1, @name={{0x24, 0x1, 'mode\x00'}, {0x8}, {0x10, 0x4, 'loadbalance\x00'}}}, {0x3c, 0x1, @enabled={{{0x24, 0x1, 'enabled\x00'}, {0x8}, {0x4}}, {0x8, 0x6, r10}}}, {0x74, 0x1, @bpf_hash_func={{0x24, 0x1, 'bpf_hash_func\x00'}, {0x8}, {0x44, 0x4, [{0x7ff, 0x20, 0x5, 0x7fffffff}, {0x8, 0x1ff, 0x9, 0xffffffffffffffe1}, {0x80000001, 0x2, 0x7, 0x4}, {0xa86, 0x6, 0x2, 0x7}, {0x10f, 0x7, 0x0, 0x8000}, {0x286, 0x6, 0x1, 0x3}, {0x2d2, 0x2, 0xffffffffffffffff, 0x7fffffff}, {0x3, 0x5, 0x40, 0x1}]}}}, {0x38, 0x1, @mcast_rejoin_interval={{0x24, 0x1, 'mcast_rejoin_interval\x00'}, {0x8}, {0x8, 0x4, 0x3}}}]}}, {{0x8, 0x1, r11}, {0x1a0, 0x2, [{0x40, 0x1, @lb_hash_stats={{{0x24, 0x1, 'lb_hash_stats\x00'}, {0x8}, {0x8, 0x4, 0x2}}, {0x8}}}, {0x38, 0x1, @notify_peers_count={{0x24, 0x1, 'notify_peers_count\x00'}, {0x8}, {0x8, 0x4, 0x7}}}, {0x3c, 0x1, @lb_tx_method={{0x24, 0x1, 'lb_tx_method\x00'}, {0x8}, {0xc, 0x4, 'hash\x00'}}}, {0x38, 0x1, @notify_peers_interval={{0x24, 0x1, 'notify_peers_interval\x00'}, {0x8}, {0x8}}}, {0x40, 0x1, @lb_tx_hash_to_port_mapping={{{0x24, 0x1, 'lb_tx_hash_to_port_mapping\x00'}, {0x8}, {0x8, 0x4, r12}}, {0x8}}}, {0x38, 0x1, @notify_peers_count={{0x24, 0x1, 'notify_peers_count\x00'}, {0x8}, {0x8, 0x4, 0x6}}}, {0x38, 0x1, @activeport={{0x24, 0x1, 'activeport\x00'}, {0x8}, {0x8, 0x4, r14}}}]}}, {{0x8, 0x1, r15}, {0x104, 0x2, [{0x38, 0x1, @lb_stats_refresh_interval={{0x24, 0x1, 'lb_stats_refresh_interval\x00'}, {0x8}, {0x8, 0x4, 0x4}}}, {0x3c, 0x1, @user_linkup={{{0x24, 0x1, 'user_linkup\x00'}, {0x8}, {0x4}}, {0x8, 0x6, r16}}}, {0x4c, 0x1, @lb_tx_method={{0x24, 0x1, 'lb_tx_method\x00'}, {0x8}, {0x1c, 0x4, 'hash_to_port_mapping\x00'}}}, {0x40, 0x1, @lb_port_stats={{{0x24, 0x1, 'lb_port_stats\x00'}, {0x8}, {0x8, 0x4, 0x4}}, {0x8, 0x6, r19}}}]}}, {{0x8, 0x1, r20}, {0xb8, 0x2, [{0x38, 0x1, @mcast_rejoin_count={{0x24, 0x1, 'mcast_rejoin_count\x00'}, {0x8}, {0x8, 0x4, 0x3}}}, {0x3c, 0x1, @user_linkup={{{0x24, 0x1, 'user_linkup\x00'}, {0x8}, {0x4}}, {0x8, 0x6, r21}}}, {0x40, 0x1, @lb_tx_hash_to_port_mapping={{{0x24, 0x1, 'lb_tx_hash_to_port_mapping\x00'}, {0x8}, {0x8, 0x4, r22}}, {0x8}}}]}}, {{0x8, 0x1, r23}, {0x90, 0x2, [{0x40, 0x1, @name={{0x24, 0x1, 'mode\x00'}, {0x8}, {0x10, 0x4, 'loadbalance\x00'}}}, {0x4c, 0x1, @lb_tx_method={{0x24, 0x1, 'lb_tx_method\x00'}, {0x8}, {0x1c, 0x4, 'hash_to_port_mapping\x00'}}}]}}, {{0x8, 0x1, r24}, {0x4}}, {{0x8, 0x1, r25}, {0x40, 0x2, [{0x3c, 0x1, @name={{0x24, 0x1, 'mode\x00'}, {0x8}, {0xc, 0x4, 'random\x00'}}}]}}, {{0x8, 0x1, r26}, {0x90, 0x2, [{0x4c, 0x1, @lb_tx_method={{0x24, 0x1, 'lb_tx_method\x00'}, {0x8}, {0x1c, 0x4, 'hash_to_port_mapping\x00'}}}, {0x40, 0x1, @lb_tx_hash_to_port_mapping={{{0x24, 0x1, 'lb_tx_hash_to_port_mapping\x00'}, {0x8}, {0x8, 0x4, r27}}, {0x8}}}]}}, {{0x8, 0x1, r28}, {0x128, 0x2, [{0x3c, 0x1, @enabled={{{0x24, 0x1, 'enabled\x00'}, {0x8}, {0x4}}, {0x8, 0x6, r29}}}, {0x3c, 0x1, @bpf_hash_func={{0x24, 0x1, 'bpf_hash_func\x00'}, {0x8}, {0xc, 0x4, [{0x3, 0x81, 0x20, 0x9}]}}}, {0x38, 0x1, @notify_peers_interval={{0x24, 0x1, 'notify_peers_interval\x00'}, {0x8}, {0x8}}}, {0x3c, 0x1, @user_linkup_enabled={{{0x24, 0x1, 'user_linkup_enabled\x00'}, {0x8}, {0x4}}, {0x8, 0x6, r30}}}, {0x38, 0x1, @notify_peers_interval={{0x24, 0x1, 'notify_peers_interval\x00'}, {0x8}, {0x8, 0x4, 0xffffffffffff8001}}}]}}]}, 0x9e0}, 0x1, 0x0, 0x0, 0x1}, 0x4055) r31 = syz_open_dev$admmidi(&(0x7f00000001c0)='/dev/admmidi#\x00', 0xce8, 0x111800) ioctl$EVIOCGNAME(r31, 0x80404506, &(0x7f0000000240)=""/207) getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000140)=@assoc_value, &(0x7f0000000180)=0x8) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={"76657400000000000000000400", 0x43732e5398416f1a}) 14:33:09 executing program 0: r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1, 0x0) write$P9_RLOCK(r1, &(0x7f00000000c0)={0x8}, 0x8) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000740)=ANY=[@ANYBLOB="0000000050000000060000000080"]) [ 1030.642755] audit: type=1800 audit(1539268389.094:271): pid=11079 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=collect_data cause=failed(directio) comm="syz-executor2" name="bus" dev="sda1" ino=16563 res=0 14:33:09 executing program 0: r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1, 0x0) write$P9_RLOCK(r1, &(0x7f00000000c0)={0x8}, 0x8) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000740)=ANY=[@ANYBLOB="0001970000000000060000000080"]) [ 1030.711933] validate_nla: 16 callbacks suppressed [ 1030.711947] netlink: 'syz-executor4': attribute type 16 has an invalid length. 14:33:09 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={&(0x7f0000000000), 0xc, &(0x7f0000000540)={&(0x7f00000003c0)=@newlink={0x28, 0x10, 0x705, 0x0, 0x0, {0x600000000000000}, [@IFLA_OPERSTATE={0x8}]}, 0x28}}, 0x0) [ 1030.766559] netlink: 'syz-executor4': attribute type 16 has an invalid length. [ 1030.874024] netlink: 'syz-executor4': attribute type 16 has an invalid length. [ 1030.883781] netlink: 'syz-executor4': attribute type 16 has an invalid length. [ 1031.011716] audit: type=1800 audit(1539268389.594:272): pid=11112 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=collect_data cause=failed(directio) comm="syz-executor2" name="bus" dev="sda1" ino=16563 res=0 14:33:09 executing program 5: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) prctl$seccomp(0x16, 0x1, &(0x7f0000000040)={0x0}) 14:33:09 executing program 0: r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1, 0x0) write$P9_RLOCK(r1, &(0x7f00000000c0)={0x8}, 0x8) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000740)=ANY=[@ANYBLOB="00018d0000000000060000000080"]) 14:33:09 executing program 3: r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1, 0x0) write$P9_RLOCK(r1, &(0x7f00000000c0)={0x8}, 0x8) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000740)=ANY=[@ANYBLOB="000f010000000000060000000080"]) 14:33:09 executing program 1: r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1, 0x0) write$P9_RLOCK(r1, &(0x7f00000000c0)={0x8}, 0x8) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000740)=ANY=[@ANYBLOB="000f010000000000060000000080"]) 14:33:09 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={&(0x7f0000000000), 0xc, &(0x7f0000000540)={&(0x7f00000003c0)=@newlink={0x28, 0x10, 0x705, 0x0, 0x0, {0x40030000000000}, [@IFLA_OPERSTATE={0x8}]}, 0x28}}, 0x0) 14:33:09 executing program 2: syz_open_dev$sndtimer(&(0x7f0000000080)='/dev/snd/timer\x00', 0x0, 0x0) r0 = getpid() r1 = creat(&(0x7f0000000100)='./bus\x00', 0xfffffffffffffffd) write$evdev(r1, &(0x7f0000000600)=[{{}, 0x16, 0x7}, {{}, 0x17, 0xffffffffffffff01}, {{0x0, 0x2710}, 0x2, 0x9, 0x6}, {{0x0, 0x7530}, 0x15, 0x101, 0x237}], 0x60) ioctl(0xffffffffffffffff, 0x2, &(0x7f00000003c0)="49845351012a8ceab12ef720bb01e6417732f491112c83ed244193bb01a9e6647f96a907213e2f71856e4a97679bc73998d6cd87a581917301313393ec7ad86598b6edc5fbbe48d600fbce463aa81e25b6068ee3cb69734fb567116069834756e1edf63a5bb73f73fcbe34bcfeabae770cc4632fec611d5f2e3846239cfb57273a51c2717c52faf08833bfda5f7944cefa0109fc3eac24df115fe82ce58f18c6cee8c0aa2ad2fb0bf8095658b0c6edfd5e3973a9cd387c8f4e3c3b88d02a8545d29981719cf02d25d75ec475ce56b7c6cc65740688b98cf5b6b37b9a226b647236a28baa99d12de24e") getsockopt$inet_sctp6_SCTP_CONTEXT(0xffffffffffffffff, 0x84, 0x11, &(0x7f0000000240)={0x0, 0x42a}, &(0x7f0000000280)=0x8) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) fallocate(r1, 0x0, 0x0, 0x1000f4) r2 = open(&(0x7f0000000180)='./bus\x00', 0x4002, 0x0) lsetxattr$trusted_overlay_opaque(&(0x7f0000000340)='./bus\x00', &(0x7f0000000380)='trusted.overlay.opaque\x00', &(0x7f0000000500)='y\x00', 0x2, 0x0) bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000000300)={r1, &(0x7f00000006c0)="61e27d7ccbd5fb9b86d79486f8eecd1734996c82dd07b924096325f8aa50e8b0fcbac4c2e8a06b0dac4a6eaf24e71caa75950b9a8acdaafadf63d860fe90ccd7b6ed593e48c090492e1e15bddf11313ac70e10affbfa9770b669e39bfc4b5bf3680f2fd0f764fd4d4088cd080ee2d55b80e03ecd9884eccc2e5cb707f3dbe41c13121026bcf8426fa6033548fdc565c07921d10338a8a920abfb89f327bac413e197ffde432352eb0adc5bc108907415212f676e327c6c37259aa0997782100cd98d19f99df5eaea08e08941e9e4d8c42fed28c9698b66aa5b5d28b327307d6eab9d7d3aa96e3c6afca9399a8004afa7e3c58eadc9d5253e5f5fdcde446b31659fbfc73ca9f768ada51d595f4cbc7cc31207c382d46044e085e16ad47b22d076af653371252292003cc213a3030c18bdf65f1d40c2a5dae4db3c4e4557d4037ad3ae4c8eac3768c2e2effe8a6f4e6e8ac0eb496ba49458cd45e71c417442cc2425d0dabeebf8ca0639cf15ed607aea59534016f8a38ecc6b01c2ffbca3d723b4aac07bbaed9cff9784e1c3752ab9785993da03d26f5a17578ccd6e41f13fbcbac64a5e5cb447c4cb8a3dbaba1d5ea02b39ee69240a4e9933004c72bdf9aab68412a592daa5f1da0737d5c46fd8cfe086d8bf3fe65571efc54ded5edbe00eb336c622da1079d2d61e4dd7d168b3a296c8f9bec843f8eced3ac7c3198c0b0f0b0008ebf4da158ddbad73eef34bbef0e3d1551ab676a227615668e24142876cdc35482f0b7b6e841b0582ff2474fa7a1c91f64291b895f06154883726eca1ded99d27a04853a267dd25e61c2f0116a194ea54ebe99cd93adc8be3486fa5ef6570cf6c3d6714419f30dea4da6e1430425900bd9152b8c5a51cd4695fc7c03d482be7131702fe990e9b78b56f7224a4c0829949b55a06889796defa5d41c106f6902e47ed194c92ffa34575a18b4e53227983c9d6f959564cb87a346dd9b7057852083a68be6188089bd9bbce5580a0cf05376550722b5e92be0863efddb74abcecf399e9e6fbdf97e095c882365ca145cf2c58972513b822f3821ad7cbf92377b67860f89d0c674ad7f8162284211c80242c2f705a275782c4014713886acecffcbd5e6e13536b8d126937f1242b275f310b2270f97506d42e7763abb24ca477e9c72e747c3a26d15b5dfec2d2a7f15186bc63b64d1129c7a53c84c3fb736c470633aa1b27929341e782a83da8bb616c2983d630bf3b75857fb6bf0faeea3700b90966f10278db58a659967d02cacc560521463057c4a474f377b504b5caf9a83a56479644073df15978cdf8e7b1107480511a9059bde0ebcde82c91e3ff9120479e53a395e5522152f1494a5a3932efd2a549506162ef55749c9cbb8bf958c483b0f7e10b5fc75e2943ea27640770c31680ce9cbb5556f6ee6d6336c4279c5dff9577b7f3da5b7cee7dbfd591e857c4a3ef66c91ca85a007ed74588e07dcbd30537d1c24a00183189fcd60b82613aae55d47d9d5568c45b52605796cc0439da96f82efd817348dcf37c4f341366ee3a40e286f7b77526140c2220174edeb7fc518fa85791629f0575192b770eb96350185b4e6091cabaf4984f64e9802f283ea271b3e2ab2dc0918b02b5e483a8645391af4cf7a997683cad2e91bd6aa4a9a5f42dc18e84f92b8199d994e405cb6b8d928e4131331d421a7c3dc13c9dd7168043ed8f81a59a5c10ca72c39aa61342eb210430a65c5b8b6ff5bc51110a98825dd7e5bd4b4ffb718bce290c0edf2fb9db5dcd6652e794f75d3c23a02ce86afd01f15e6de7e84e55f93c640fee85174a15e1c96c70104a2613f723eb988d9760aacddd58252aa5b0f5da39a69b09804dd00a6a8744eea992d63aedebb3c2cd1d26a1eebe63993400a5f11ae28df36e490807ee8f54113a963b5e0e531a2d37dea5b3a0db23031ec0fd0d2245a4386a5edb2981ff037fe8e46406bc2db3e2dc895f0d77ca62b3fd57cd5ecf418914a78f594ac5e2ad57b101ee08eead683128204e1ac024c832d069c49aabf163655bf5306257e40ea0aec1d1bd1e9d8f58711372c13caa69c4c65e299c247b69f8ff4440041a1d4ebd1b20dcc789817184dd14fcf487f5321e37b331c88c3a53dcd7ee887f1d161510f46f6502842dc2d8d8d7f431a563aa5a258551d60a1c88ddf9de7d530beec6a4c93922e269f6f3ee163891b4356c0156636b7905406d46d1bf873250162eba871afa249277f531946144d081024b93a4b507bb19241450ba339034a6708b79b8ef2bef135451a7b58fcc499e7ea6832e6cb684b91de3e50285fb8195196af7cc5d1f3ed552ab2522043e6313fb444a0397196e60ddc8b0141c8ade348a151fcb7858aa2db5650e8d4e81255178c36320a08df56a5723c1ce1f636031a0b7db3d58e575e6bac33f421c5847bf0aaf757140b437eae896ab49bbc22bce109c3b347fbbf679010efb98203de6b2b7fdc97c7dacabde7c6e0519e931a5ab407f9fca8773605f5949a4f7857de2b540ac9b0f3c75093f9669338e44666a8373d696c79c3f028f9747b960f479226be28d946101da0394a5049d0631015996e5dcc95ce1d26036575278de541d5e180e627eb5f9a5c94e9e85d4604d3ca29de75533279c1344dfba51fdbbb7358292145873c80ee967532243d7bfffa4ad120aefb6ce5580aea7a4b6707c6330c85eed3e959c7d53f9777cedb4a66fd548ce9a3f32f4956e545b4c918b7d32432ccdf3eeaf54cb1e4ac51043587cd7578814e1ccd49db6dbec03be7251f8acc416000cc4baf9fd56f3982c5ffcaaa1f881c9bf0d2e5d55a4bbf4179c7887d21bcfa3987250398b4c1ac6bb8a23a2287a87ac9564557b7e6cb59a8ce49f2d3a384b66d009b170334b0e0c50bdaf00edb5df3a9a4f4d49d10d3327dc26c1a5a1b628a62ddd9a5d26c6db260a0140b8a4347e3d89314baf81dea18d1616887b1b2df6e08b17fa0010129aec71aa2e4fccdc9c7c2f237272255ea84d7c615ead38426e470191af58adedea4ffb432ef69a35898e81dbfd3d0131cbd04a1532edf79159e27f0c451939cf86ef15ea8830049681de8ca8c6af97a2e5706cad8216eb40564a1a2ee3e8fc5188796f9d4bbf0e66e99d586da79f80ba319f17b7f8e74821f507ba65fb41543b940ae6a374d7f32d592f6b039018193c2c4544528200e8050b7c0d0911c677c30598bcc8b09512b0505ab9b83dc9923679d02bc91871244dcc006ff885f50973d70dbe4db3bf909a69ec1dab470a56a932c8cf9000cb583575eae90fc08dfe08f81cbe876f7c67cd853843691119191d40dd35059a61f68be7363a52adc85b2dbc1dfc1b3072acc1d9365f2be282747072f43616a2b4ccae92dd28ca32aee72f9d3fb6b0efa314a2c5e11d98594c97af7d8297b5a32270bda16b1c153cfe1705c571d4e71c63ee50273ebe486926ec9a05dd418dc8dc4d63ae8f410b5dc05560f084f6410ecf538ede3ea04d567ffb403143ca6c5803f491f9fdf5cc35b588e70e54e2ee76f88cf63400f6713350c103e338c05720d708bc8c476e00a00d6c12b3a833f9f8f2d631d3a6bb40fea734cc1e51294845e3d83e7d4348690d08e7dcfb8a148446efc8ad62adcc44963bd0f576957f10455f84a79b76b1d8a5456049425e28cb3ba1c4dafe34f8186c1632b9fd10b8370e419836711daa94a29d6634e3fb6858a8c2db7e377c9b90ce2c3510c749029b496aabf827a940119b16ce827cc3b2e5169069ace82c2c751404bc1b5779657755905a3c49f2beb8f67f1273d68783d76d4757eefa2a9c67c4beddb892dc875d623791e431b356b9497938878777886fdd94b8e9dfdeb2b37d831efdad6de555ef4712c1d5e0cf4fa6036de5902d86f862f2397e1f7ad8f20936e654b8586915db6e89e6d9b40c3b8b6d1f48f2f8234888256d899a19ef35af37af51832056b50fe4322c7ceed49f28faf9bd458eee7507544ac2dbd6b0ef098dc3197b12410c6c8e11beb41d12c785eb7765ff5d39f3e7398dded6067a42f1be818d8e86b0aacb23a6d0560c3e09dee4d93751b9d869cc20f2e8912bd6e75d35d3e0040fc480c9cc0fa77ea7752085d7a00c1e8696b55bda0515e54454871bf1bf004b4b53b2b16fc5de96d23bec03120db5371500d5f4bc5edf758d5cd0d2109d53500b8d1d3863d23e24357d4a3020eb9ad68ef7b8d00ef96a1b91de383cbdeaaa7bbd8d2a23a9434bc607a8e56265b2bc3c631dd4f804ead7a3f378289c3db3ea6727e22a1bd2afdbe93b9015f1203cacc58c3f8679cabeb12598fc7562770725253386eb24d5881c18db244df50497a0d67a6264856372106a1c3c2b1f233b2a000ffa4679fce543c0d1a2e5a59175d26d5e00b805f98545beab8f461847ef5a9ebfb559cbf0f5192545071a505dd13536c27fa99ca1557976124c3cb113b0f8897b021e4ca55f702cd994e4f04511ce6a18940a70927a72554aeb0c5c56cd17a29d96dc15df81a18b961dfacd7c3a015f73178e53764ac4138feaa80335cc0ac5ef4c0f168cf3cffd1f21ff6d3844814eb96435df14e10ababfc54b776531b3e3d82a41237b0620145ca27a4f0a40676e2ea3a3bb8d552c77f37dbdea1f800935a2db7265524033ca62ab6fa8aeb18a72ebff507273c0a90586a354d3ced8ce884deaa2bd0aaff0647c5146ef9afe8e9cada36380ddbf67facb8fa1d01402450ebbcf52ab972447f03a6ce22e8d09cb5887085c39b37a05be98c3ac1c8ce62d2bd773dc268fdf5ef9cae61bb3388fe153c1083d7e38799032157ab75200af55568c788f8ecfced1684bb27436aad0f58678f0097297683b46dcc99d71b45f8de0ac25009981502e8f681271f7d3bbcc75db907e16a2bd58a805d90eb84e0ac988101de2b2f946a1d05199c98cdc6c1dc49d591930097584fad3077f344018499112392d02efbc60b130e04a2317724f397a8d851b2990ec6569e4be6c0e0b8bb3c2e05513806cecffb3e081d0f7d4b81f3677cf2fc431b5c126327d7f46020296ff0838b445b1e5df83d0d475bf68ae5d8006bab0b775ca8143b58e03d9457a4c2ad8c70dc428866fa3b1f20783d03fa92c90c856956fc73b6963081fe27771f33ab1242fe88e63414eaeb5cc5838acba6b5deca6e54005f6f6404892ba5db515daad2c130755926c566370bce9a185cfb8f1fef200df39eda476d19871d5d10580be6a0658db280ce9c26f2fe686ccebe1642bf91ec60eda1fae2ab9e62e598c2a355c6e0bbce39daf1f296c8a84408c07baba840773bcb31c8d4adc3cd5f699c6bba6be8f79a15e8fb7f7c5450e8261251da9bf7c6111aa9d3c3ca0f02f14ecd056a3659dca1b828263b13aa6106bfeca5134cb5d457f7ce95be3b79c0199a86b468d5c22932ed5e3259fb6c3c750bbfa35e84d964f6ca5a4ce4839a6734c8787c12936b7d7892724bd04994340b3a8efcd935563f1a079ed609b11888d06e1849ff61a96c93929e6d80cb7d16dea5cf28a2397f09294eae4a38283a527c1faa40d1bf755d5a581483c2fe39149fa63b83d2e0ad26e4f5efbf83384be2faf409f0a9c951648d0735986", &(0x7f00000002c0)=""/35}, 0x18) sendfile(r1, r2, &(0x7f0000d83ff8), 0x8000fffffffe) ptrace$getregs(0xc, r0, 0x5, &(0x7f00000004c0)=""/58) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000d83ff8), 0x0) [ 1031.343743] audit: type=1326 audit(1539268389.924:273): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=11116 comm="syz-executor5" exe="/root/syz-executor5" sig=9 arch=c000003e syscall=228 compat=0 ip=0x45a37a code=0x0 [ 1031.374112] netlink: 'syz-executor4': attribute type 16 has an invalid length. 14:33:10 executing program 0: r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1, 0x0) write$P9_RLOCK(r1, &(0x7f00000000c0)={0x8}, 0x8) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000740)=ANY=[@ANYBLOB="0001bd0000000000060000000080"]) 14:33:10 executing program 1: r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1, 0x0) write$P9_RLOCK(r1, &(0x7f00000000c0)={0x8}, 0x8) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000740)=ANY=[@ANYBLOB="0001050000000000060000000080"]) 14:33:10 executing program 3: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) prctl$seccomp(0x16, 0x1, &(0x7f0000000040)={0x0}) 14:33:10 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={&(0x7f0000000000), 0xc, &(0x7f0000000540)={&(0x7f00000003c0)=@newlink={0x28, 0x10, 0x705, 0x0, 0x0, {0x6000000}, [@IFLA_OPERSTATE={0x8}]}, 0x28}}, 0x0) [ 1031.411608] audit: type=1800 audit(1539268389.964:274): pid=11127 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=collect_data cause=failed(directio) comm="syz-executor2" name="bus" dev="sda1" ino=16561 res=0 [ 1031.412347] netlink: 'syz-executor4': attribute type 16 has an invalid length. 14:33:10 executing program 1: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000002c0)={"766574000000000000000000bd6800", 0x6403}) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f00000000c0)={'\x00', 0x400}) r1 = socket(0x11, 0x2, 0x9) syz_open_dev$midi(&(0x7f0000000100)='/dev/midi#\x00', 0x1, 0x88000) fcntl$setstatus(r1, 0x4, 0x2000) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x10, 0xffffffffffffffff, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x244001, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8a, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000e73000/0x2000)=nil, 0x2000, 0x0, 0x8031, 0xffffffffffffffff, 0x0) openat$uinput(0xffffffffffffff9c, &(0x7f0000000040)='/dev/uinput\x00', 0x802, 0x0) mbind(&(0x7f0000012000/0xc00000)=nil, 0xc00000, 0x0, &(0x7f00000000c0)=0xffff, 0x1, 0x2000000000005) r2 = socket$inet_tcp(0x2, 0x1, 0x0) bind(r1, &(0x7f00005a2000)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) ioctl$sock_inet_SIOCSIFFLAGS(r2, 0x8914, &(0x7f0000000000)={'lo\x00'}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000200)={0x94, &(0x7f0000000140)}) mmap(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x2000000, 0x50113, r0, 0x0) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) r4 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ppp\x00', 0x82, 0x0) setsockopt$bt_BT_FLUSHABLE(r4, 0x112, 0x8, &(0x7f0000000340)=0x8, 0x4) getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000140)=@assoc_value, &(0x7f0000000180)=0x8) ioctl$SCSI_IOCTL_TEST_UNIT_READY(r4, 0x2) fcntl$F_GET_RW_HINT(r2, 0x40b, &(0x7f00000001c0)) ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000280)={"7665740000005ceaf1980497cb1c00", 0x4000}) openat$apparmor_task_exec(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/attr/exec\x00', 0x2, 0x0) [ 1031.494355] netlink: 'syz-executor4': attribute type 16 has an invalid length. [ 1031.504643] audit: type=1326 audit(1539268390.084:275): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=11135 comm="syz-executor3" exe="/root/syz-executor3" sig=9 arch=c000003e syscall=228 compat=0 ip=0x45a37a code=0x0 [ 1031.506804] netlink: 'syz-executor4': attribute type 16 has an invalid length. 14:33:10 executing program 0: r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1, 0x0) write$P9_RLOCK(r1, &(0x7f00000000c0)={0x8}, 0x8) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000740)=ANY=[@ANYBLOB="0001190000000000060000000080"]) 14:33:10 executing program 5: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) prctl$seccomp(0x16, 0x1, &(0x7f0000000040)={0x0}) 14:33:10 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={&(0x7f0000000000), 0xc, &(0x7f0000000540)={&(0x7f00000003c0)=@newlink={0x28, 0x10, 0x705, 0x0, 0x0, {0x4c00}, [@IFLA_OPERSTATE={0x8}]}, 0x28}}, 0x0) 14:33:10 executing program 0: r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1, 0x0) write$P9_RLOCK(r1, &(0x7f00000000c0)={0x8}, 0x8) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000740)=ANY=[@ANYBLOB="00000001c5000000060000000080"]) 14:33:10 executing program 1: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000002c0)={"766574000000000000000000bd6800", 0x6403}) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f00000000c0)={'\x00', 0x400}) r1 = socket(0x11, 0x2, 0x9) syz_open_dev$midi(&(0x7f0000000100)='/dev/midi#\x00', 0x1, 0x88000) fcntl$setstatus(r1, 0x4, 0x2000) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x10, 0xffffffffffffffff, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x244001, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8a, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000e73000/0x2000)=nil, 0x2000, 0x0, 0x8031, 0xffffffffffffffff, 0x0) openat$uinput(0xffffffffffffff9c, &(0x7f0000000040)='/dev/uinput\x00', 0x802, 0x0) mbind(&(0x7f0000012000/0xc00000)=nil, 0xc00000, 0x0, &(0x7f00000000c0)=0xffff, 0x1, 0x2000000000005) r2 = socket$inet_tcp(0x2, 0x1, 0x0) bind(r1, &(0x7f00005a2000)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) ioctl$sock_inet_SIOCSIFFLAGS(r2, 0x8914, &(0x7f0000000000)={'lo\x00'}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000200)={0x94, &(0x7f0000000140)}) mmap(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x2000000, 0x50113, r0, 0x0) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) r4 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ppp\x00', 0x82, 0x0) setsockopt$bt_BT_FLUSHABLE(r4, 0x112, 0x8, &(0x7f0000000340)=0x8, 0x4) getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000140)=@assoc_value, &(0x7f0000000180)=0x8) ioctl$SCSI_IOCTL_TEST_UNIT_READY(r4, 0x2) fcntl$F_GET_RW_HINT(r2, 0x40b, &(0x7f00000001c0)) ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000280)={"7665740000005ceaf1980497cb1c00", 0x4000}) openat$apparmor_task_exec(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/attr/exec\x00', 0x2, 0x0) 14:33:10 executing program 2: write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000180)={0x20, 0xffffffffffffffda}, 0x20) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) sched_setaffinity(0x0, 0x7, &(0x7f00000000c0)=0x9) renameat2(0xffffffffffffffff, &(0x7f00000002c0)='./file0\x00', 0xffffffffffffffff, &(0x7f0000000340)='./file0\x00', 0x0) ioctl$TUNSETIFINDEX(0xffffffffffffffff, 0x400454da, &(0x7f0000000640)) r1 = open(&(0x7f0000000680)='./file0\x00', 0x4002, 0x104) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(&(0x7f0000000500)=ANY=[@ANYBLOB="a69b3f37b18bf7a0639292505e47591440"], &(0x7f0000000200)='./file0\x00', &(0x7f0000000380)='v7\x00', 0x40000, 0x0) getgroups(0x4, &(0x7f0000000440)=[0xee00, 0xee00, 0xee00, 0xee00]) fchown(0xffffffffffffffff, 0x0, r2) mkdir(&(0x7f0000000280)='./file0\x00', 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX(r1, 0x84, 0x6e, &(0x7f0000001780)=[@in6={0xa, 0x4e24, 0x0, @ipv4={[], [], @remote}, 0xff}, @in={0x2, 0x4e21, @broadcast}, @in={0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x1f}}, @in={0x2, 0x4e23}, @in6={0xa, 0x4e22, 0x0, @empty, 0x800}, @in={0x2, 0x4e22, @dev={0xac, 0x14, 0x14, 0x12}}, @in6={0xa, 0x4e22, 0x8, @empty, 0x1}], 0x94) process_vm_readv(0x0, &(0x7f0000001c00)=[{&(0x7f0000000780)=""/4096, 0x1000}, {&(0x7f00000003c0)=""/117, 0x75}, {&(0x7f0000001a40)=""/75, 0x4b}, {&(0x7f0000001ac0)=""/156, 0x9c}], 0x4, &(0x7f0000000440), 0x0, 0x0) mount(&(0x7f00008deff8), &(0x7f0000000040)='./file0\x00', &(0x7f000015bffc)='nfs\x00', 0x7a00, &(0x7f0000000000)) accept4$inet6(r1, &(0x7f0000000480)={0xa, 0x0, 0x0, @remote}, &(0x7f00000004c0)=0x1c, 0x30a17ef219f78255) r3 = socket$nl_route(0x10, 0x3, 0x0) wait4(0x0, 0x0, 0x0, &(0x7f00000006c0)) sendmsg$nl_route(r3, &(0x7f0000000180)={&(0x7f0000000000), 0xc, &(0x7f0000000140)={&(0x7f00000001c0)=ANY=[@ANYBLOB="2000000020000104000000000000000002000000000000000000080000000000"], 0x20}}, 0x0) pivot_root(&(0x7f0000000240)='./file0\x00', &(0x7f0000000000)='./file0\x00') ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f00000000c0)={'\x00', 0x400}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000200)={0x94, &(0x7f0000000140)}) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000540)='/dev/net/tun\x00', 0x0, 0x0) getsockopt$sock_cred(0xffffffffffffff9c, 0x1, 0x11, &(0x7f0000000140)={0x0, 0x0}, &(0x7f00000001c0)=0xc) fstat(r4, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0}) pipe(&(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000380)={r5, 0xffffffffffffffff, 0x0, 0x3, &(0x7f0000000340)="76657400000000000000000400", 0x0}, 0x1d) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000003c0)={r5, r8, 0x0, 0xd, &(0x7f0000000300)='/dev/net/tun\x00', r9}, 0x30) setreuid(r6, r7) ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000000)={"76657400000000000000000400", 0x43732e5398416f1a}) 14:33:10 executing program 0: r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1, 0x0) write$P9_RLOCK(r1, &(0x7f00000000c0)={0x8}, 0x8) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000740)=ANY=[@ANYBLOB="00000001e7000000060000000080"]) [ 1032.180599] netlink: 'syz-executor4': attribute type 16 has an invalid length. [ 1032.213180] netlink: 'syz-executor4': attribute type 16 has an invalid length. 14:33:10 executing program 0: r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1, 0x0) write$P9_RLOCK(r1, &(0x7f00000000c0)={0x8}, 0x8) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000740)=ANY=[@ANYBLOB="0072000000000000060000000080"]) [ 1032.226683] netlink: 4 bytes leftover after parsing attributes in process `syz-executor2'. 14:33:10 executing program 2: write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000180)={0x20, 0xffffffffffffffda}, 0x20) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) sched_setaffinity(0x0, 0x7, &(0x7f00000000c0)=0x9) renameat2(0xffffffffffffffff, &(0x7f00000002c0)='./file0\x00', 0xffffffffffffffff, &(0x7f0000000340)='./file0\x00', 0x0) ioctl$TUNSETIFINDEX(0xffffffffffffffff, 0x400454da, &(0x7f0000000640)) r1 = open(&(0x7f0000000680)='./file0\x00', 0x4002, 0x104) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(&(0x7f0000000500)=ANY=[@ANYBLOB="a69b3f37b18bf7a0639292505e47591440"], &(0x7f0000000200)='./file0\x00', &(0x7f0000000380)='v7\x00', 0x40000, 0x0) getgroups(0x4, &(0x7f0000000440)=[0xee00, 0xee00, 0xee00, 0xee00]) fchown(0xffffffffffffffff, 0x0, r2) mkdir(&(0x7f0000000280)='./file0\x00', 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX(r1, 0x84, 0x6e, &(0x7f0000001780)=[@in6={0xa, 0x4e24, 0x0, @ipv4={[], [], @remote}, 0xff}, @in={0x2, 0x4e21, @broadcast}, @in={0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x1f}}, @in={0x2, 0x4e23}, @in6={0xa, 0x4e22, 0x0, @empty, 0x800}, @in={0x2, 0x4e22, @dev={0xac, 0x14, 0x14, 0x12}}, @in6={0xa, 0x4e22, 0x8, @empty, 0x1}], 0x94) process_vm_readv(0x0, &(0x7f0000001c00)=[{&(0x7f0000000780)=""/4096, 0x1000}, {&(0x7f00000003c0)=""/117, 0x75}, {&(0x7f0000001a40)=""/75, 0x4b}, {&(0x7f0000001ac0)=""/156, 0x9c}], 0x4, &(0x7f0000000440), 0x0, 0x0) mount(&(0x7f00008deff8), &(0x7f0000000040)='./file0\x00', &(0x7f000015bffc)='nfs\x00', 0x7a00, &(0x7f0000000000)) accept4$inet6(r1, &(0x7f0000000480)={0xa, 0x0, 0x0, @remote}, &(0x7f00000004c0)=0x1c, 0x30a17ef219f78255) r3 = socket$nl_route(0x10, 0x3, 0x0) wait4(0x0, 0x0, 0x0, &(0x7f00000006c0)) sendmsg$nl_route(r3, &(0x7f0000000180)={&(0x7f0000000000), 0xc, &(0x7f0000000140)={&(0x7f00000001c0)=ANY=[@ANYBLOB="2000000020000104000000000000000002000000000000000000080000000000"], 0x20}}, 0x0) pivot_root(&(0x7f0000000240)='./file0\x00', &(0x7f0000000000)='./file0\x00') ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f00000000c0)={'\x00', 0x400}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000200)={0x94, &(0x7f0000000140)}) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000540)='/dev/net/tun\x00', 0x0, 0x0) getsockopt$sock_cred(0xffffffffffffff9c, 0x1, 0x11, &(0x7f0000000140)={0x0, 0x0}, &(0x7f00000001c0)=0xc) fstat(r4, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0}) pipe(&(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000380)={r5, 0xffffffffffffffff, 0x0, 0x3, &(0x7f0000000340)="76657400000000000000000400", 0x0}, 0x1d) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000003c0)={r5, r8, 0x0, 0xd, &(0x7f0000000300)='/dev/net/tun\x00', r9}, 0x30) setreuid(r6, r7) ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000000)={"76657400000000000000000400", 0x43732e5398416f1a}) 14:33:10 executing program 3: r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1, 0x0) write$P9_RLOCK(r1, &(0x7f00000000c0)={0x8}, 0x8) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000740)=ANY=[@ANYBLOB="005a010000000000060000000080"]) 14:33:10 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={&(0x7f0000000000), 0xc, &(0x7f0000000540)={&(0x7f00000003c0)=@newlink={0x28, 0x10, 0x705, 0x0, 0x0, {0x7400}, [@IFLA_OPERSTATE={0x8}]}, 0x28}}, 0x0) 14:33:10 executing program 1: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={&(0x7f0000000000), 0xc, &(0x7f0000000540)={&(0x7f00000003c0)=@newlink={0x28, 0x10, 0x705, 0x0, 0x3000000, {}, [@IFLA_OPERSTATE={0x8}]}, 0x28}}, 0x0) 14:33:10 executing program 0: r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1, 0x0) write$P9_RLOCK(r1, &(0x7f00000000c0)={0x8}, 0x8) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000740)=ANY=[@ANYBLOB="001e000000000000060000000080"]) [ 1032.393336] netlink: 4 bytes leftover after parsing attributes in process `syz-executor2'. 14:33:11 executing program 5: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) prctl$seccomp(0x16, 0x1, &(0x7f0000000040)={0x0}) 14:33:11 executing program 1 (fault-call:6 fault-nth:0): perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000080)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_nopr_sha256\x00'}, 0x58) r1 = dup(r0) r2 = accept4$alg(r1, 0x0, 0x0, 0x0) io_setup(0x2000000000000002, &(0x7f0000000100)=0x0) io_submit(r3, 0x1, &(0x7f000049bfe8)=[&(0x7f00004dbfc0)={0x0, 0x0, 0x0, 0x0, 0x0, r2, &(0x7f0000000000)="0f", 0x1}]) 14:33:11 executing program 2 (fault-call:6 fault-nth:0): syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f00000004c0)='./file0\x00', 0x0, 0x0, &(0x7f0000000500), 0x0, &(0x7f0000000080)=ANY=[]) r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x0, 0x0) mknodat(r0, &(0x7f00000000c0)="2e2f66692e65318c", 0x0, 0x0) r1 = fanotify_init(0x7, 0x0) fanotify_mark(r1, 0x11, 0x40010028, r0, &(0x7f0000000240)="2e2f66692e65318c00") creat(&(0x7f0000000180)='./file0/file0\x00', 0x0) readv(r1, &(0x7f0000000700)=[{&(0x7f0000000080)=""/49, 0x31}], 0x1) 14:33:11 executing program 3 (fault-call:5 fault-nth:0): r0 = socket$inet6(0xa, 0x3, 0x6) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) connect$inet6(r0, &(0x7f0000000180)={0xa, 0x0, 0x0, @loopback}, 0x1c) r2 = syz_open_procfs(0x0, &(0x7f0000000040)='net/raw6\x00') sendfile(r0, r2, &(0x7f00000000c0), 0x401) 14:33:11 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={&(0x7f0000000000), 0xc, &(0x7f0000000540)={&(0x7f00000003c0)=@newlink={0x28, 0x10, 0x705, 0x0, 0x0, {0xffffff9e}, [@IFLA_OPERSTATE={0x8}]}, 0x28}}, 0x0) 14:33:11 executing program 0: r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1, 0x0) write$P9_RLOCK(r1, &(0x7f00000000c0)={0x8}, 0x8) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000740)=ANY=[@ANYBLOB="000000010b000000060000000080"]) [ 1033.011116] FAULT_INJECTION: forcing a failure. [ 1033.011116] name failslab, interval 1, probability 0, space 0, times 0 [ 1033.025504] FAULT_INJECTION: forcing a failure. [ 1033.025504] name failslab, interval 1, probability 0, space 0, times 0 [ 1033.044054] FAT-fs (loop2): bogus number of reserved sectors [ 1033.044472] kauditd_printk_skb: 1 callbacks suppressed [ 1033.044486] audit: type=1326 audit(1539268391.624:277): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=11200 comm="syz-executor5" exe="/root/syz-executor5" sig=9 arch=c000003e syscall=228 compat=0 ip=0x45a37a code=0x0 [ 1033.056376] FAT-fs (loop2): Can't find a valid FAT filesystem [ 1033.097527] CPU: 1 PID: 11201 Comm: syz-executor3 Not tainted 4.19.0-rc7+ #57 14:33:11 executing program 0: r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1, 0x0) write$P9_RLOCK(r1, &(0x7f00000000c0)={0x8}, 0x8) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000740)=ANY=[@ANYBLOB="0000000031000000060000000080"]) [ 1033.104856] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1033.114223] Call Trace: [ 1033.116837] dump_stack+0x1c4/0x2b4 [ 1033.120496] ? dump_stack_print_info.cold.2+0x52/0x52 [ 1033.125728] should_fail.cold.4+0xa/0x17 [ 1033.129808] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 1033.134929] ? perf_trace_lock+0x7a0/0x7a0 [ 1033.139204] ? perf_trace_lock+0x14d/0x7a0 [ 1033.143461] ? avc_has_perm+0x469/0x7e0 [ 1033.147446] ? lock_downgrade+0x900/0x900 [ 1033.151613] ? rcu_read_unlock_special.part.39+0x11f0/0x11f0 [ 1033.157426] ? zap_class+0x640/0x640 [ 1033.161158] ? fs_reclaim_acquire+0x20/0x20 [ 1033.165487] ? lock_downgrade+0x900/0x900 [ 1033.169652] ? ___might_sleep+0x1ed/0x300 [ 1033.173814] ? arch_local_save_flags+0x40/0x40 [ 1033.178411] ? refcount_inc_not_zero_checked+0x1e5/0x2f0 [ 1033.183876] __should_failslab+0x124/0x180 [ 1033.188122] should_failslab+0x9/0x14 [ 1033.191938] kmem_cache_alloc_trace+0x2d7/0x750 [ 1033.196629] alloc_pipe_info+0x16b/0x590 [ 1033.200704] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1033.206256] ? pipe_read+0x940/0x940 [ 1033.209983] ? inode_has_perm.isra.58+0x17a/0x210 [ 1033.214847] ? file_has_perm+0x2c0/0x3d0 [ 1033.218930] ? selinux_file_open+0x5c0/0x5c0 [ 1033.223360] splice_direct_to_actor+0x6fc/0x8f0 [ 1033.228050] ? pipe_to_sendpage+0x400/0x400 [ 1033.232409] ? selinux_file_permission+0x90/0x540 [ 1033.237262] ? do_splice_to+0x190/0x190 [ 1033.241249] ? security_file_permission+0x1c2/0x230 [ 1033.246284] ? rw_verify_area+0x118/0x360 [ 1033.250445] do_splice_direct+0x2d4/0x420 [ 1033.254629] ? splice_direct_to_actor+0x8f0/0x8f0 [ 1033.259494] ? rw_verify_area+0x118/0x360 [ 1033.263658] do_sendfile+0x62a/0xe20 [ 1033.267393] ? do_compat_pwritev64+0x1c0/0x1c0 [ 1033.272342] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1033.277890] ? _copy_from_user+0xdf/0x150 [ 1033.282052] __x64_sys_sendfile64+0x15d/0x250 [ 1033.286559] ? __ia32_sys_sendfile+0x2a0/0x2a0 [ 1033.291160] do_syscall_64+0x1b9/0x820 [ 1033.295062] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 1033.300437] ? syscall_return_slowpath+0x5e0/0x5e0 [ 1033.305377] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1033.310232] ? trace_hardirqs_on_caller+0x310/0x310 [ 1033.315265] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 1033.320295] ? prepare_exit_to_usermode+0x291/0x3b0 [ 1033.325328] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1033.330187] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1033.335380] RIP: 0033:0x457519 [ 1033.338581] Code: 1d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 14:33:11 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={&(0x7f0000000000), 0xc, &(0x7f0000000540)={&(0x7f00000003c0)=@newlink={0x28, 0x10, 0x705, 0x0, 0x0, {0x7000000}, [@IFLA_OPERSTATE={0x8}]}, 0x28}}, 0x0) [ 1033.357518] RSP: 002b:00007f64b1a02c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 1033.365248] RAX: ffffffffffffffda RBX: 00007f64b1a02c90 RCX: 0000000000457519 [ 1033.372550] RDX: 00000000200000c0 RSI: 0000000000000006 RDI: 0000000000000003 [ 1033.379824] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1033.387101] R10: 0000000000000401 R11: 0000000000000246 R12: 00007f64b1a036d4 [ 1033.394375] R13: 00000000004c3483 R14: 00000000004d5238 R15: 0000000000000007 [ 1033.405098] CPU: 0 PID: 11203 Comm: syz-executor1 Not tainted 4.19.0-rc7+ #57 [ 1033.412409] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1033.421779] Call Trace: [ 1033.424426] dump_stack+0x1c4/0x2b4 [ 1033.428089] ? dump_stack_print_info.cold.2+0x52/0x52 [ 1033.433328] should_fail.cold.4+0xa/0x17 [ 1033.437415] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 1033.442545] ? perf_trace_lock+0x7a0/0x7a0 [ 1033.446819] ? perf_trace_run_bpf_submit+0x267/0x330 [ 1033.451946] ? zap_class+0x640/0x640 [ 1033.455707] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1033.461269] ? zap_class+0x640/0x640 [ 1033.465022] ? fs_reclaim_acquire+0x20/0x20 [ 1033.469375] ? lock_downgrade+0x900/0x900 [ 1033.469407] ? ___might_sleep+0x1ed/0x300 [ 1033.478214] ? arch_local_save_flags+0x40/0x40 [ 1033.478231] ? lock_release+0x970/0x970 [ 1033.478251] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1033.478288] __should_failslab+0x124/0x180 [ 1033.496602] should_failslab+0x9/0x14 [ 1033.500430] kmem_cache_alloc+0x2be/0x730 [ 1033.503101] FAULT_INJECTION: forcing a failure. [ 1033.503101] name failslab, interval 1, probability 0, space 0, times 0 [ 1033.504604] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1033.504625] ? _copy_from_user+0xdf/0x150 [ 1033.504721] io_submit_one+0x1a2/0xf80 [ 1033.529847] ? aio_poll+0x1420/0x1420 [ 1033.533683] ? __might_fault+0x12b/0x1e0 [ 1033.537767] ? lock_downgrade+0x900/0x900 [ 1033.541940] ? lock_release+0x970/0x970 [ 1033.545936] ? arch_local_save_flags+0x40/0x40 [ 1033.550931] __x64_sys_io_submit+0x1b7/0x580 [ 1033.555368] ? __ia32_sys_io_destroy+0x580/0x580 [ 1033.560160] ? trace_hardirqs_on+0xbd/0x310 [ 1033.564497] ? __ia32_sys_read+0xb0/0xb0 [ 1033.568583] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1033.573971] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 1033.579475] do_syscall_64+0x1b9/0x820 [ 1033.583381] ? __ia32_sys_io_destroy+0x580/0x580 [ 1033.588153] ? do_syscall_64+0x1b9/0x820 [ 1033.592232] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 1033.597621] ? syscall_return_slowpath+0x5e0/0x5e0 [ 1033.602567] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1033.607433] ? trace_hardirqs_on_caller+0x310/0x310 [ 1033.612473] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 1033.617511] ? prepare_exit_to_usermode+0x291/0x3b0 [ 1033.622561] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1033.627441] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1033.632645] RIP: 0033:0x457519 [ 1033.635853] Code: 1d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1033.654778] RSP: 002b:00007fbdc53fcc78 EFLAGS: 00000246 ORIG_RAX: 00000000000000d1 14:33:12 executing program 3 (fault-call:5 fault-nth:1): r0 = socket$inet6(0xa, 0x3, 0x6) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) connect$inet6(r0, &(0x7f0000000180)={0xa, 0x0, 0x0, @loopback}, 0x1c) r2 = syz_open_procfs(0x0, &(0x7f0000000040)='net/raw6\x00') sendfile(r0, r2, &(0x7f00000000c0), 0x401) 14:33:12 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={&(0x7f0000000000), 0xc, &(0x7f0000000540)={&(0x7f00000003c0)=@newlink={0x28, 0x10, 0x705, 0x0, 0x0, {0x74000000}, [@IFLA_OPERSTATE={0x8}]}, 0x28}}, 0x0) [ 1033.662517] RAX: ffffffffffffffda RBX: 00007fbdc53fcc90 RCX: 0000000000457519 [ 1033.669804] RDX: 000000002049bfe8 RSI: 0000000000000001 RDI: 00007fbdc53dc000 [ 1033.677089] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1033.684375] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fbdc53fd6d4 [ 1033.691665] R13: 00000000004be6e0 R14: 00000000004ce320 R15: 0000000000000007 [ 1033.699041] CPU: 1 PID: 11216 Comm: syz-executor2 Not tainted 4.19.0-rc7+ #57 [ 1033.706339] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1033.715712] Call Trace: [ 1033.718334] dump_stack+0x1c4/0x2b4 [ 1033.721987] ? dump_stack_print_info.cold.2+0x52/0x52 [ 1033.727217] should_fail.cold.4+0xa/0x17 [ 1033.731305] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 1033.736433] ? debug_smp_processor_id+0x1c/0x20 [ 1033.741126] ? perf_trace_lock+0x14d/0x7a0 [ 1033.745375] ? perf_trace_lock_acquire+0x15b/0x800 [ 1033.750324] ? mark_held_locks+0x130/0x130 [ 1033.754576] ? expand_files.part.8+0x571/0x9a0 [ 1033.759171] ? debug_smp_processor_id+0x1c/0x20 [ 1033.763850] ? perf_trace_lock+0x14d/0x7a0 [ 1033.768106] ? zap_class+0x640/0x640 [ 1033.771853] ? fs_reclaim_acquire+0x20/0x20 [ 1033.776187] ? lock_downgrade+0x900/0x900 [ 1033.780351] ? ___might_sleep+0x1ed/0x300 [ 1033.784511] ? arch_local_save_flags+0x40/0x40 [ 1033.789105] ? do_raw_spin_unlock+0xa7/0x2f0 [ 1033.793533] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 1033.798137] __should_failslab+0x124/0x180 [ 1033.802387] should_failslab+0x9/0x14 [ 1033.806198] kmem_cache_alloc+0x2be/0x730 [ 1033.810369] __alloc_file+0xa8/0x470 [ 1033.814094] ? file_free_rcu+0xd0/0xd0 [ 1033.817991] ? zap_class+0x640/0x640 [ 1033.821726] ? fanotify_read+0x40a/0x1290 [ 1033.825890] ? lock_downgrade+0x900/0x900 [ 1033.830051] ? fsnotify_add_event+0x640/0x640 [ 1033.834578] alloc_empty_file+0x72/0x170 [ 1033.838655] dentry_open+0x71/0x1d0 [ 1033.842301] fanotify_read+0x7f0/0x1290 [ 1033.846294] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1033.851860] ? fanotify_write+0x740/0x740 [ 1033.856041] ? __might_sleep+0x95/0x190 [ 1033.860046] ? fsnotify+0x12f0/0x12f0 [ 1033.863865] ? __init_waitqueue_head+0x150/0x150 [ 1033.868654] ? security_file_permission+0x1c2/0x230 [ 1033.873688] ? rw_verify_area+0x118/0x360 [ 1033.877856] do_iter_read+0x4a3/0x650 [ 1033.881691] vfs_readv+0x175/0x1c0 [ 1033.885257] ? compat_rw_copy_check_uvector+0x440/0x440 [ 1033.890633] ? fsnotify+0xaae/0x12f0 [ 1033.894371] ? wait_for_completion+0x8a0/0x8a0 [ 1033.898967] ? lock_release+0x970/0x970 [ 1033.902965] ? fsnotify_first_mark+0x350/0x350 [ 1033.907580] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1033.913136] ? __fdget_pos+0xde/0x200 [ 1033.916953] ? __fdget_raw+0x20/0x20 [ 1033.920683] ? __sb_end_write+0xd9/0x110 [ 1033.924776] do_readv+0x11a/0x310 [ 1033.928253] ? vfs_readv+0x1c0/0x1c0 [ 1033.931983] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 1033.937467] __x64_sys_readv+0x75/0xb0 [ 1033.941377] do_syscall_64+0x1b9/0x820 [ 1033.945280] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 1033.950662] ? syscall_return_slowpath+0x5e0/0x5e0 [ 1033.955636] ? trace_hardirqs_on_caller+0x310/0x310 [ 1033.960673] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 1033.965707] ? recalc_sigpending_tsk+0x180/0x180 [ 1033.970482] ? kasan_check_write+0x14/0x20 [ 1033.974747] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1033.979617] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1033.984824] RIP: 0033:0x457519 [ 1033.988041] Code: 1d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1034.006961] RSP: 002b:00007fbf94ec0c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000013 14:33:12 executing program 0: r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1, 0x0) write$P9_RLOCK(r1, &(0x7f00000000c0)={0x8}, 0x8) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000740)=ANY=[@ANYBLOB="000000017c000000060000000080"]) [ 1034.014695] RAX: ffffffffffffffda RBX: 00007fbf94ec0c90 RCX: 0000000000457519 [ 1034.021976] RDX: 0000000000000001 RSI: 0000000020000700 RDI: 0000000000000006 [ 1034.029263] RBP: 000000000072c040 R08: 0000000000000000 R09: 0000000000000000 [ 1034.036549] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fbf94ec16d4 [ 1034.043831] R13: 00000000004c3057 R14: 00000000004d4cb0 R15: 0000000000000008 14:33:12 executing program 0: r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1, 0x0) write$P9_RLOCK(r1, &(0x7f00000000c0)={0x8}, 0x8) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000740)=ANY=[@ANYBLOB="0000000205000000060000000080"]) [ 1034.096954] FAULT_INJECTION: forcing a failure. [ 1034.096954] name failslab, interval 1, probability 0, space 0, times 0 [ 1034.116629] audit: type=1326 audit(1539268392.694:278): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=11200 comm="syz-executor5" exe="/root/syz-executor5" sig=9 arch=c000003e syscall=228 compat=0 ip=0x45a37a code=0x0 [ 1034.145960] CPU: 0 PID: 11229 Comm: syz-executor3 Not tainted 4.19.0-rc7+ #57 [ 1034.153295] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1034.162653] Call Trace: [ 1034.165238] dump_stack+0x1c4/0x2b4 [ 1034.168867] ? dump_stack_print_info.cold.2+0x52/0x52 [ 1034.174061] should_fail.cold.4+0xa/0x17 [ 1034.178119] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 1034.183224] ? trace_hardirqs_on_caller+0x310/0x310 [ 1034.188245] ? save_stack+0xa9/0xd0 [ 1034.191864] ? native_iret+0x7/0x7 [ 1034.195405] ? error_exit+0xb/0x20 [ 1034.198971] ? zap_class+0x640/0x640 [ 1034.202675] ? fs_reclaim_acquire+0x20/0x20 [ 1034.206987] ? lock_downgrade+0x900/0x900 [ 1034.211131] ? lock_downgrade+0x900/0x900 [ 1034.215268] ? ___might_sleep+0x1ed/0x300 [ 1034.219406] ? ___might_sleep+0x1ed/0x300 [ 1034.223544] ? arch_local_save_flags+0x40/0x40 [ 1034.228118] ? trace_hardirqs_on+0xbd/0x310 [ 1034.232482] __should_failslab+0x124/0x180 [ 1034.236712] should_failslab+0x9/0x14 [ 1034.240508] __kmalloc+0x2d4/0x760 [ 1034.244052] ? kmem_cache_alloc_trace+0x31f/0x750 [ 1034.248905] ? alloc_pipe_info+0x29e/0x590 [ 1034.253137] alloc_pipe_info+0x29e/0x590 [ 1034.257191] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1034.262726] ? pipe_read+0x940/0x940 [ 1034.266434] ? inode_has_perm.isra.58+0x17a/0x210 [ 1034.271289] ? file_has_perm+0x2c0/0x3d0 [ 1034.275355] ? selinux_file_open+0x5c0/0x5c0 [ 1034.279757] splice_direct_to_actor+0x6fc/0x8f0 [ 1034.284426] ? pipe_to_sendpage+0x400/0x400 [ 1034.288753] ? selinux_file_permission+0x90/0x540 [ 1034.293597] ? do_splice_to+0x190/0x190 [ 1034.297577] ? security_file_permission+0x1c2/0x230 [ 1034.302618] ? rw_verify_area+0x118/0x360 [ 1034.306759] do_splice_direct+0x2d4/0x420 [ 1034.310900] ? splice_direct_to_actor+0x8f0/0x8f0 [ 1034.315741] ? rw_verify_area+0x118/0x360 [ 1034.319876] do_sendfile+0x62a/0xe20 [ 1034.323580] ? do_compat_pwritev64+0x1c0/0x1c0 [ 1034.328152] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1034.333676] ? _copy_from_user+0xdf/0x150 [ 1034.337811] __x64_sys_sendfile64+0x15d/0x250 [ 1034.342292] ? __ia32_sys_sendfile+0x2a0/0x2a0 [ 1034.346865] do_syscall_64+0x1b9/0x820 [ 1034.350740] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 1034.356095] ? syscall_return_slowpath+0x5e0/0x5e0 [ 1034.361016] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1034.365863] ? trace_hardirqs_on_caller+0x310/0x310 [ 1034.370882] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 1034.375889] ? prepare_exit_to_usermode+0x291/0x3b0 [ 1034.380897] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1034.385750] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1034.390942] RIP: 0033:0x457519 [ 1034.394123] Code: 1d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1034.413021] RSP: 002b:00007f64b1a02c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 1034.420731] RAX: ffffffffffffffda RBX: 00007f64b1a02c90 RCX: 0000000000457519 [ 1034.427995] RDX: 00000000200000c0 RSI: 0000000000000006 RDI: 0000000000000003 [ 1034.435286] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 14:33:13 executing program 5: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) prctl$seccomp(0x16, 0x1, &(0x7f0000000040)={0x0}) [ 1034.442545] R10: 0000000000000401 R11: 0000000000000246 R12: 00007f64b1a036d4 [ 1034.449802] R13: 00000000004c3483 R14: 00000000004d5238 R15: 0000000000000007 14:33:13 executing program 1 (fault-call:6 fault-nth:1): perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000080)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_nopr_sha256\x00'}, 0x58) r1 = dup(r0) r2 = accept4$alg(r1, 0x0, 0x0, 0x0) io_setup(0x2000000000000002, &(0x7f0000000100)=0x0) io_submit(r3, 0x1, &(0x7f000049bfe8)=[&(0x7f00004dbfc0)={0x0, 0x0, 0x0, 0x0, 0x0, r2, &(0x7f0000000000)="0f", 0x1}]) 14:33:13 executing program 2: syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f00000004c0)='./file0\x00', 0x0, 0x0, &(0x7f0000000500), 0x0, &(0x7f0000000080)=ANY=[]) r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x0, 0x0) mknodat(r0, &(0x7f00000000c0)="2e2f66692e65318c", 0x0, 0x0) r1 = fanotify_init(0x7, 0x0) fanotify_mark(r1, 0x11, 0x40010028, r0, &(0x7f0000000240)="2e2f66692e65318c00") creat(&(0x7f0000000180)='./file0/file0\x00', 0x0) readv(r1, &(0x7f0000000700)=[{&(0x7f0000000080)=""/49, 0x31}], 0x1) 14:33:13 executing program 0: r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1, 0x0) write$P9_RLOCK(r1, &(0x7f00000000c0)={0x8}, 0x8) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000740)=ANY=[@ANYBLOB="0000fc0000000000060000000080"]) 14:33:13 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={&(0x7f0000000000), 0xc, &(0x7f0000000540)={&(0x7f00000003c0)=@newlink={0x28, 0x10, 0x705, 0x0, 0x0, {0x68000000}, [@IFLA_OPERSTATE={0x8}]}, 0x28}}, 0x0) 14:33:13 executing program 3 (fault-call:5 fault-nth:2): r0 = socket$inet6(0xa, 0x3, 0x6) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) connect$inet6(r0, &(0x7f0000000180)={0xa, 0x0, 0x0, @loopback}, 0x1c) r2 = syz_open_procfs(0x0, &(0x7f0000000040)='net/raw6\x00') sendfile(r0, r2, &(0x7f00000000c0), 0x401) [ 1034.561517] audit: type=1326 audit(1539268393.134:279): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=11244 comm="syz-executor5" exe="/root/syz-executor5" sig=9 arch=c000003e syscall=228 compat=0 ip=0x45a37a code=0x0 14:33:13 executing program 0: r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1, 0x0) write$P9_RLOCK(r1, &(0x7f00000000c0)={0x8}, 0x8) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000740)=ANY=[@ANYBLOB="0001e10000000000060000000080"]) [ 1034.614693] FAT-fs (loop2): bogus number of reserved sectors [ 1034.628429] FAT-fs (loop2): Can't find a valid FAT filesystem [ 1034.637356] FAULT_INJECTION: forcing a failure. [ 1034.637356] name failslab, interval 1, probability 0, space 0, times 0 [ 1034.656086] CPU: 0 PID: 11259 Comm: syz-executor3 Not tainted 4.19.0-rc7+ #57 [ 1034.663401] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1034.672768] Call Trace: [ 1034.672799] dump_stack+0x1c4/0x2b4 [ 1034.672822] ? dump_stack_print_info.cold.2+0x52/0x52 [ 1034.672859] should_fail.cold.4+0xa/0x17 [ 1034.684266] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 1034.693429] ? debug_smp_processor_id+0x1c/0x20 [ 1034.698119] ? zap_class+0x640/0x640 [ 1034.701846] ? mark_held_locks+0x130/0x130 [ 1034.706094] ? mark_held_locks+0x130/0x130 [ 1034.710352] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 1034.715470] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1034.721072] ? zap_class+0x640/0x640 [ 1034.724816] ? fs_reclaim_acquire+0x20/0x20 [ 1034.729156] ? lock_downgrade+0x900/0x900 [ 1034.733319] ? ___might_sleep+0x1ed/0x300 [ 1034.737480] ? zap_class+0x640/0x640 [ 1034.741235] ? arch_local_save_flags+0x40/0x40 [ 1034.745823] ? mark_held_locks+0x130/0x130 [ 1034.750074] __should_failslab+0x124/0x180 [ 1034.750089] should_failslab+0x9/0x14 [ 1034.750107] kmem_cache_alloc_node_trace+0x270/0x740 [ 1034.750129] __kmalloc_node+0x33/0x70 [ 1034.767064] kvmalloc_node+0x65/0xf0 [ 1034.770825] iov_iter_get_pages_alloc+0x7d0/0x1530 [ 1034.775779] ? rcu_read_unlock_special.part.39+0x11f0/0x11f0 [ 1034.781594] ? iov_iter_revert+0xaa0/0xaa0 [ 1034.785846] ? rcu_bh_qs+0xc0/0xc0 [ 1034.789395] ? unwind_dump+0x190/0x190 [ 1034.789419] ? is_bpf_text_address+0xd3/0x170 [ 1034.789436] ? kernel_text_address+0x79/0xf0 [ 1034.789454] ? __kernel_text_address+0xd/0x40 [ 1034.797831] ? unwind_get_return_address+0x61/0xa0 [ 1034.797850] ? __save_stack_trace+0x8d/0xf0 [ 1034.797875] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 1034.797896] ? iov_iter_pipe+0xbf/0x2f0 [ 1034.825043] default_file_splice_read+0x1de/0xb20 [ 1034.829898] ? alloc_pipe_info+0x29e/0x590 [ 1034.834139] ? splice_direct_to_actor+0x6fc/0x8f0 [ 1034.838993] ? do_splice_direct+0x2d4/0x420 [ 1034.843348] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1034.848737] ? lock_downgrade+0x900/0x900 [ 1034.852902] ? iter_file_splice_write+0x1050/0x1050 [ 1034.857935] ? rcu_read_unlock_special.part.39+0x11f0/0x11f0 14:33:13 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={&(0x7f0000000000), 0xc, &(0x7f0000000540)={&(0x7f00000003c0)=@newlink={0x28, 0x10, 0x705, 0x0, 0x0, {0x2000}, [@IFLA_OPERSTATE={0x8}]}, 0x28}}, 0x0) 14:33:13 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={&(0x7f0000000000), 0xc, &(0x7f0000000540)={&(0x7f00000003c0)=@newlink={0x28, 0x10, 0x705, 0x0, 0x0, {0x7a00}, [@IFLA_OPERSTATE={0x8}]}, 0x28}}, 0x0) 14:33:13 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={&(0x7f0000000000), 0xc, &(0x7f0000000540)={&(0x7f00000003c0)=@newlink={0x28, 0x10, 0x705, 0x0, 0x0, {0x6}, [@IFLA_OPERSTATE={0x8}]}, 0x28}}, 0x0) 14:33:13 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={&(0x7f0000000000), 0xc, &(0x7f0000000540)={&(0x7f00000003c0)=@newlink={0x28, 0x10, 0x705, 0x0, 0x0, {0xfffffff0}, [@IFLA_OPERSTATE={0x8}]}, 0x28}}, 0x0) 14:33:13 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={&(0x7f0000000000), 0xc, &(0x7f0000000540)={&(0x7f00000003c0)=@newlink={0x28, 0x10, 0x705, 0x0, 0x0, {0x8100000000000000}, [@IFLA_OPERSTATE={0x8}]}, 0x28}}, 0x0) [ 1034.863751] ? zap_class+0x640/0x640 [ 1034.867484] ? fs_reclaim_acquire+0x20/0x20 [ 1034.871832] ? lock_downgrade+0x900/0x900 [ 1034.875997] ? __lockdep_init_map+0x105/0x590 [ 1034.880533] ? __mutex_init+0x1f7/0x290 [ 1034.884520] ? __ia32_sys_membarrier+0x150/0x150 [ 1034.889293] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1034.894847] ? fsnotify+0xaae/0x12f0 [ 1034.898577] ? arch_local_save_flags+0x40/0x40 [ 1034.903180] ? fsnotify_first_mark+0x350/0x350 [ 1034.907782] ? __might_sleep+0x95/0x190 [ 1034.911774] ? fsnotify+0x12f0/0x12f0 [ 1034.915592] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1034.921150] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 1034.926193] ? security_file_permission+0x1c2/0x230 [ 1034.931234] ? iter_file_splice_write+0x1050/0x1050 [ 1034.936269] do_splice_to+0x12e/0x190 [ 1034.940088] splice_direct_to_actor+0x270/0x8f0 [ 1034.944779] ? pipe_to_sendpage+0x400/0x400 [ 1034.949128] ? do_splice_to+0x190/0x190 [ 1034.953124] ? security_file_permission+0x1c2/0x230 [ 1034.958165] ? rw_verify_area+0x118/0x360 [ 1034.962330] do_splice_direct+0x2d4/0x420 [ 1034.966498] ? splice_direct_to_actor+0x8f0/0x8f0 [ 1034.971370] ? rw_verify_area+0x118/0x360 [ 1034.975542] do_sendfile+0x62a/0xe20 [ 1034.979283] ? do_compat_pwritev64+0x1c0/0x1c0 [ 1034.983891] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1034.989434] ? _copy_from_user+0xdf/0x150 [ 1034.993572] __x64_sys_sendfile64+0x15d/0x250 [ 1034.998059] ? __ia32_sys_sendfile+0x2a0/0x2a0 [ 1035.002635] do_syscall_64+0x1b9/0x820 [ 1035.006522] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 1035.011902] ? syscall_return_slowpath+0x5e0/0x5e0 [ 1035.016815] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1035.021646] ? trace_hardirqs_on_caller+0x310/0x310 [ 1035.026650] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 1035.031652] ? prepare_exit_to_usermode+0x291/0x3b0 [ 1035.036658] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1035.041492] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1035.046667] RIP: 0033:0x457519 [ 1035.049861] Code: 1d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1035.068768] RSP: 002b:00007f64b1a02c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 1035.076474] RAX: ffffffffffffffda RBX: 00007f64b1a02c90 RCX: 0000000000457519 [ 1035.083744] RDX: 00000000200000c0 RSI: 0000000000000006 RDI: 0000000000000003 [ 1035.091015] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1035.098282] R10: 0000000000000401 R11: 0000000000000246 R12: 00007f64b1a036d4 [ 1035.105540] R13: 00000000004c3483 R14: 00000000004d5238 R15: 0000000000000007 14:33:13 executing program 5: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) prctl$seccomp(0x16, 0x1, &(0x7f0000000040)={0x0}) 14:33:13 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={&(0x7f0000000000), 0xc, &(0x7f0000000540)={&(0x7f00000003c0)=@newlink={0x28, 0x10, 0x705, 0x0, 0x0, {0x700000000000000}, [@IFLA_OPERSTATE={0x8}]}, 0x28}}, 0x0) 14:33:13 executing program 3 (fault-call:5 fault-nth:3): r0 = socket$inet6(0xa, 0x3, 0x6) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) connect$inet6(r0, &(0x7f0000000180)={0xa, 0x0, 0x0, @loopback}, 0x1c) r2 = syz_open_procfs(0x0, &(0x7f0000000040)='net/raw6\x00') sendfile(r0, r2, &(0x7f00000000c0), 0x401) 14:33:13 executing program 0: r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1, 0x0) write$P9_RLOCK(r1, &(0x7f00000000c0)={0x8}, 0x8) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000740)=ANY=[@ANYBLOB="0025010000000000060000000080"]) 14:33:13 executing program 2: syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f00000004c0)='./file0\x00', 0x0, 0x0, &(0x7f0000000500), 0x0, &(0x7f0000000080)=ANY=[]) r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x0, 0x0) mknodat(r0, &(0x7f00000000c0)="2e2f66692e65318c", 0x0, 0x0) r1 = fanotify_init(0x7, 0x0) fanotify_mark(r1, 0x11, 0x40010028, r0, &(0x7f0000000240)="2e2f66692e65318c00") creat(&(0x7f0000000180)='./file0/file0\x00', 0x0) readv(r1, &(0x7f0000000700)=[{&(0x7f0000000080)=""/49, 0x200000b1}], 0x1) 14:33:13 executing program 1: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000080)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_nopr_sha256\x00'}, 0x58) r1 = dup(r0) r2 = accept4$alg(r1, 0x0, 0x0, 0x0) io_setup(0x2000000000000002, &(0x7f0000000100)=0x0) io_submit(r3, 0x1, &(0x7f000049bfe8)=[&(0x7f00004dbfc0)={0x0, 0x0, 0x0, 0x0, 0x0, r2, &(0x7f0000000000)="0f", 0x1}]) [ 1035.381868] FAULT_INJECTION: forcing a failure. [ 1035.381868] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1035.396902] audit: type=1326 audit(1539268393.974:280): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=11295 comm="syz-executor5" exe="/root/syz-executor5" sig=9 arch=c000003e syscall=228 compat=0 ip=0x45a37a code=0x0 14:33:14 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={&(0x7f0000000000), 0xc, &(0x7f0000000540)={&(0x7f00000003c0)=@newlink={0x28, 0x10, 0x705, 0x0, 0x0, {0x4800000000000000}, [@IFLA_OPERSTATE={0x8}]}, 0x28}}, 0x0) [ 1035.427087] FAT-fs (loop2): bogus number of reserved sectors [ 1035.437268] FAT-fs (loop2): Can't find a valid FAT filesystem [ 1035.451679] CPU: 0 PID: 11301 Comm: syz-executor3 Not tainted 4.19.0-rc7+ #57 [ 1035.458995] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1035.468382] Call Trace: [ 1035.471003] dump_stack+0x1c4/0x2b4 [ 1035.475096] ? dump_stack_print_info.cold.2+0x52/0x52 [ 1035.480307] ? perf_trace_lock+0x14d/0x7a0 [ 1035.484550] ? perf_trace_lock_acquire+0x15b/0x800 [ 1035.489502] should_fail.cold.4+0xa/0x17 [ 1035.493584] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 1035.498698] ? is_bpf_text_address+0xac/0x170 [ 1035.503210] ? lock_downgrade+0x900/0x900 [ 1035.507377] ? rcu_read_unlock_special.part.39+0x11f0/0x11f0 [ 1035.513207] ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160 [ 1035.518505] ? rcu_bh_qs+0xc0/0xc0 [ 1035.522073] ? zap_class+0x640/0x640 [ 1035.525805] ? fs_reclaim_acquire+0x20/0x20 [ 1035.530142] ? lock_downgrade+0x900/0x900 [ 1035.534306] ? ___might_sleep+0x1ed/0x300 [ 1035.538463] ? lock_release+0x970/0x970 [ 1035.542454] ? arch_local_save_flags+0x40/0x40 [ 1035.547128] ? __might_sleep+0x95/0x190 [ 1035.551123] __alloc_pages_nodemask+0x34b/0xde0 [ 1035.555815] ? default_file_splice_read+0x1de/0xb20 [ 1035.560839] ? do_splice_to+0x12e/0x190 [ 1035.564822] ? splice_direct_to_actor+0x270/0x8f0 [ 1035.569683] ? __alloc_pages_slowpath+0x2d80/0x2d80 [ 1035.574713] ? fs_reclaim_acquire+0x20/0x20 [ 1035.579077] ? lock_downgrade+0x900/0x900 [ 1035.583241] ? ___might_sleep+0x1ed/0x300 [ 1035.587413] ? __kmalloc_node+0x33/0x70 [ 1035.591402] ? kasan_unpoison_shadow+0x35/0x50 [ 1035.595996] ? kasan_kmalloc+0xc7/0xe0 [ 1035.599921] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1035.605481] alloc_pages_current+0x10c/0x210 [ 1035.609912] push_pipe+0x3ff/0x7a0 [ 1035.613464] ? __kmalloc_node+0x47/0x70 [ 1035.617457] iov_iter_get_pages_alloc+0x85c/0x1530 [ 1035.622420] ? iov_iter_revert+0xaa0/0xaa0 [ 1035.626675] ? unwind_dump+0x190/0x190 [ 1035.630590] ? is_bpf_text_address+0xd3/0x170 [ 1035.635107] ? kernel_text_address+0x79/0xf0 [ 1035.639532] ? __kernel_text_address+0xd/0x40 [ 1035.644050] ? unwind_get_return_address+0x61/0xa0 [ 1035.648995] ? __save_stack_trace+0x8d/0xf0 [ 1035.653351] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 1035.658378] ? iov_iter_pipe+0xbf/0x2f0 [ 1035.662372] default_file_splice_read+0x1de/0xb20 [ 1035.667228] ? alloc_pipe_info+0x29e/0x590 [ 1035.671483] ? splice_direct_to_actor+0x6fc/0x8f0 [ 1035.676340] ? do_splice_direct+0x2d4/0x420 [ 1035.680677] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1035.686066] ? lock_downgrade+0x900/0x900 [ 1035.690230] ? iter_file_splice_write+0x1050/0x1050 [ 1035.695266] ? rcu_read_unlock_special.part.39+0x11f0/0x11f0 [ 1035.701088] ? zap_class+0x640/0x640 [ 1035.704823] ? fs_reclaim_acquire+0x20/0x20 [ 1035.709166] ? lock_downgrade+0x900/0x900 [ 1035.713323] ? __lockdep_init_map+0x105/0x590 [ 1035.717839] ? __mutex_init+0x1f7/0x290 [ 1035.721835] ? __ia32_sys_membarrier+0x150/0x150 [ 1035.726616] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1035.732176] ? fsnotify+0xaae/0x12f0 [ 1035.735908] ? arch_local_save_flags+0x40/0x40 [ 1035.740526] ? fsnotify_first_mark+0x350/0x350 [ 1035.745129] ? __might_sleep+0x95/0x190 [ 1035.749123] ? fsnotify+0x12f0/0x12f0 [ 1035.752939] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1035.758503] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 1035.763548] ? security_file_permission+0x1c2/0x230 [ 1035.768590] ? iter_file_splice_write+0x1050/0x1050 [ 1035.773628] do_splice_to+0x12e/0x190 [ 1035.777457] splice_direct_to_actor+0x270/0x8f0 [ 1035.782146] ? pipe_to_sendpage+0x400/0x400 [ 1035.786491] ? do_splice_to+0x190/0x190 [ 1035.790481] ? security_file_permission+0x1c2/0x230 [ 1035.795514] ? rw_verify_area+0x118/0x360 [ 1035.799679] do_splice_direct+0x2d4/0x420 [ 1035.803845] ? splice_direct_to_actor+0x8f0/0x8f0 [ 1035.808716] ? rw_verify_area+0x118/0x360 [ 1035.812884] do_sendfile+0x62a/0xe20 [ 1035.816629] ? do_compat_pwritev64+0x1c0/0x1c0 [ 1035.821241] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1035.826799] ? _copy_from_user+0xdf/0x150 [ 1035.830966] __x64_sys_sendfile64+0x15d/0x250 [ 1035.835475] ? __ia32_sys_sendfile+0x2a0/0x2a0 [ 1035.840089] do_syscall_64+0x1b9/0x820 [ 1035.843995] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 1035.849398] ? syscall_return_slowpath+0x5e0/0x5e0 [ 1035.854354] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1035.859224] ? trace_hardirqs_on_caller+0x310/0x310 [ 1035.864266] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 1035.869307] ? prepare_exit_to_usermode+0x291/0x3b0 [ 1035.874353] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1035.879221] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1035.884430] RIP: 0033:0x457519 [ 1035.887635] Code: 1d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1035.906554] RSP: 002b:00007f64b1a02c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 1035.914291] RAX: ffffffffffffffda RBX: 00007f64b1a02c90 RCX: 0000000000457519 [ 1035.921580] RDX: 00000000200000c0 RSI: 0000000000000006 RDI: 0000000000000003 14:33:14 executing program 0: r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1, 0x0) write$P9_RLOCK(r1, &(0x7f00000000c0)={0x8}, 0x8) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000740)=ANY=[@ANYBLOB="00e3000000000000060000000080"]) [ 1035.928862] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1035.936154] R10: 0000000000000401 R11: 0000000000000246 R12: 00007f64b1a036d4 [ 1035.943434] R13: 00000000004c3483 R14: 00000000004d5238 R15: 0000000000000007 14:33:14 executing program 3 (fault-call:5 fault-nth:4): r0 = socket$inet6(0xa, 0x3, 0x6) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) connect$inet6(r0, &(0x7f0000000180)={0xa, 0x0, 0x0, @loopback}, 0x1c) r2 = syz_open_procfs(0x0, &(0x7f0000000040)='net/raw6\x00') sendfile(r0, r2, &(0x7f00000000c0), 0x401) [ 1035.979828] validate_nla: 23 callbacks suppressed [ 1035.979839] netlink: 'syz-executor4': attribute type 16 has an invalid length. 14:33:14 executing program 0: r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1, 0x0) write$P9_RLOCK(r1, &(0x7f00000000c0)={0x8}, 0x8) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000740)=ANY=[@ANYBLOB="0082010000000000060000000080"]) 14:33:14 executing program 1: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000080)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_nopr_sha256\x00'}, 0x58) r1 = dup(r0) r2 = accept4$alg(r1, 0x0, 0x0, 0x0) io_setup(0x2000000000000002, &(0x7f0000000100)=0x0) io_submit(r3, 0x20000001, &(0x7f000049bfe8)=[&(0x7f00004dbfc0)={0x0, 0x0, 0x0, 0x0, 0x0, r2, &(0x7f0000000000)="0f", 0x1}]) [ 1036.023900] netlink: 'syz-executor4': attribute type 16 has an invalid length. [ 1036.050783] FAULT_INJECTION: forcing a failure. [ 1036.050783] name failslab, interval 1, probability 0, space 0, times 0 14:33:14 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={&(0x7f0000000000), 0xc, &(0x7f0000000540)={&(0x7f00000003c0)=@newlink={0x28, 0x10, 0x705, 0x0, 0x0, {0x48000000}, [@IFLA_OPERSTATE={0x8}]}, 0x28}}, 0x0) [ 1036.074650] CPU: 0 PID: 11322 Comm: syz-executor3 Not tainted 4.19.0-rc7+ #57 [ 1036.081985] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1036.091369] Call Trace: [ 1036.093991] dump_stack+0x1c4/0x2b4 [ 1036.097663] ? dump_stack_print_info.cold.2+0x52/0x52 [ 1036.100290] netlink: 'syz-executor4': attribute type 16 has an invalid length. [ 1036.102887] should_fail.cold.4+0xa/0x17 [ 1036.102911] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 1036.102932] ? seq_read+0x71/0x1150 [ 1036.123088] ? mutex_trylock+0x2b0/0x2b0 [ 1036.127200] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 1036.132319] ? is_bpf_text_address+0xac/0x170 [ 1036.136830] ? lock_downgrade+0x900/0x900 [ 1036.140999] ? rcu_read_unlock_special.part.39+0x11f0/0x11f0 [ 1036.146835] ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160 [ 1036.152135] ? zap_class+0x640/0x640 [ 1036.155869] ? fs_reclaim_acquire+0x20/0x20 [ 1036.160207] ? lock_downgrade+0x900/0x900 [ 1036.164382] ? ___might_sleep+0x1ed/0x300 [ 1036.168546] ? arch_local_save_flags+0x40/0x40 [ 1036.173159] __should_failslab+0x124/0x180 [ 1036.177412] should_failslab+0x9/0x14 [ 1036.181228] kmem_cache_alloc_node_trace+0x270/0x740 [ 1036.186344] ? __might_sleep+0x95/0x190 [ 1036.190342] __kmalloc_node+0x33/0x70 [ 1036.194162] kvmalloc_node+0x65/0xf0 [ 1036.197889] seq_read+0x99b/0x1150 [ 1036.201446] ? arch_local_save_flags+0x40/0x40 [ 1036.206061] ? fsnotify_first_mark+0x350/0x350 [ 1036.210684] ? seq_dentry+0x2e0/0x2e0 [ 1036.214500] proc_reg_read+0x2a3/0x3d0 [ 1036.218412] ? proc_reg_unlocked_ioctl+0x3c0/0x3c0 [ 1036.223365] ? security_file_permission+0x1c2/0x230 [ 1036.228401] ? rw_verify_area+0x118/0x360 [ 1036.232568] do_iter_read+0x4a3/0x650 [ 1036.236394] vfs_readv+0x175/0x1c0 [ 1036.239950] ? compat_rw_copy_check_uvector+0x440/0x440 [ 1036.245343] ? kernel_text_address+0x79/0xf0 [ 1036.249769] ? __kernel_text_address+0xd/0x40 [ 1036.254285] ? __save_stack_trace+0x8d/0xf0 [ 1036.258636] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 1036.263677] ? iov_iter_pipe+0xbf/0x2f0 [ 1036.267681] default_file_splice_read+0x53c/0xb20 [ 1036.272545] ? alloc_pipe_info+0x29e/0x590 [ 1036.276792] ? splice_direct_to_actor+0x6fc/0x8f0 [ 1036.281646] ? do_splice_direct+0x2d4/0x420 [ 1036.285992] ? iter_file_splice_write+0x1050/0x1050 [ 1036.291060] ? rcu_read_unlock_special.part.39+0x11f0/0x11f0 [ 1036.296876] ? zap_class+0x640/0x640 [ 1036.300604] ? fs_reclaim_acquire+0x20/0x20 [ 1036.304937] ? __lockdep_init_map+0x105/0x590 [ 1036.309453] ? __mutex_init+0x1f7/0x290 [ 1036.313454] ? __ia32_sys_membarrier+0x150/0x150 [ 1036.318233] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1036.323783] ? fsnotify+0xaae/0x12f0 [ 1036.327507] ? arch_local_save_flags+0x40/0x40 [ 1036.332113] ? fsnotify_first_mark+0x350/0x350 [ 1036.336702] ? __might_sleep+0x95/0x190 [ 1036.340691] ? fsnotify+0x12f0/0x12f0 [ 1036.344509] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1036.350066] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 1036.355102] ? security_file_permission+0x1c2/0x230 [ 1036.360137] ? iter_file_splice_write+0x1050/0x1050 [ 1036.365167] do_splice_to+0x12e/0x190 [ 1036.368982] splice_direct_to_actor+0x270/0x8f0 [ 1036.373671] ? pipe_to_sendpage+0x400/0x400 [ 1036.378017] ? do_splice_to+0x190/0x190 [ 1036.382019] ? security_file_permission+0x1c2/0x230 [ 1036.387069] ? rw_verify_area+0x118/0x360 [ 1036.391229] do_splice_direct+0x2d4/0x420 [ 1036.395391] ? splice_direct_to_actor+0x8f0/0x8f0 [ 1036.400257] ? rw_verify_area+0x118/0x360 [ 1036.404421] do_sendfile+0x62a/0xe20 [ 1036.408155] ? do_compat_pwritev64+0x1c0/0x1c0 [ 1036.412759] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1036.418305] ? _copy_from_user+0xdf/0x150 [ 1036.422465] __x64_sys_sendfile64+0x15d/0x250 [ 1036.426971] ? __ia32_sys_sendfile+0x2a0/0x2a0 [ 1036.431574] do_syscall_64+0x1b9/0x820 [ 1036.435470] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 1036.440848] ? syscall_return_slowpath+0x5e0/0x5e0 [ 1036.445783] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1036.450638] ? trace_hardirqs_on_caller+0x310/0x310 [ 1036.455665] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 1036.460691] ? prepare_exit_to_usermode+0x291/0x3b0 [ 1036.465725] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1036.470591] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1036.475787] RIP: 0033:0x457519 [ 1036.478991] Code: 1d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1036.497915] RSP: 002b:00007f64b1a02c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 1036.505638] RAX: ffffffffffffffda RBX: 00007f64b1a02c90 RCX: 0000000000457519 [ 1036.512918] RDX: 00000000200000c0 RSI: 0000000000000006 RDI: 0000000000000003 [ 1036.520196] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1036.527469] R10: 0000000000000401 R11: 0000000000000246 R12: 00007f64b1a036d4 [ 1036.534741] R13: 00000000004c3483 R14: 00000000004d5238 R15: 0000000000000007 [ 1036.550591] FAT-fs (loop2): Unrecognized mount option "" or missing value 14:33:15 executing program 5: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) prctl$seccomp(0x16, 0x1, &(0x7f0000000040)={0x0}) 14:33:15 executing program 3 (fault-call:5 fault-nth:5): r0 = socket$inet6(0xa, 0x3, 0x6) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) connect$inet6(r0, &(0x7f0000000180)={0xa, 0x0, 0x0, @loopback}, 0x1c) r2 = syz_open_procfs(0x0, &(0x7f0000000040)='net/raw6\x00') sendfile(r0, r2, &(0x7f00000000c0), 0x401) 14:33:15 executing program 2: syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f00000004c0)='./file0\x00', 0x0, 0x0, &(0x7f0000000500), 0x0, &(0x7f0000000080)=ANY=[]) r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x0, 0x0) mknodat(r0, &(0x7f00000000c0)="2e2f66692e65318c", 0x0, 0x0) r1 = fanotify_init(0x7, 0x0) fanotify_mark(r1, 0x11, 0x40010028, r0, &(0x7f0000000240)="2e2f66692e65318c00") creat(&(0x7f0000000180)='./file0/file0\x00', 0x0) readv(r1, &(0x7f0000000700)=[{&(0x7f0000000080)=""/49, 0x7ffff000}], 0x1) 14:33:15 executing program 0: r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1, 0x0) write$P9_RLOCK(r1, &(0x7f00000000c0)={0x8}, 0x8) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000740)=ANY=[@ANYBLOB="000f000000000000060000000080"]) [ 1036.621280] netlink: 'syz-executor4': attribute type 16 has an invalid length. 14:33:15 executing program 1: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000080)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_nopr_sha256\x00'}, 0x58) r1 = dup(r0) r2 = accept4$alg(r1, 0x0, 0x0, 0x0) io_setup(0x2000000000000002, &(0x7f0000000100)=0x0) io_submit(r3, 0x4, &(0x7f000049bfe8)=[&(0x7f00004dbfc0)={0x0, 0x0, 0x0, 0x0, 0x0, r2, &(0x7f0000000000)="0f", 0x1}]) [ 1036.682430] FAULT_INJECTION: forcing a failure. [ 1036.682430] name failslab, interval 1, probability 0, space 0, times 0 [ 1036.700889] audit: type=1326 audit(1539268395.284:281): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=11345 comm="syz-executor5" exe="/root/syz-executor5" sig=9 arch=c000003e syscall=228 compat=0 ip=0x45a37a code=0x0 [ 1036.708002] CPU: 0 PID: 11344 Comm: syz-executor3 Not tainted 4.19.0-rc7+ #57 [ 1036.732086] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1036.732092] Call Trace: [ 1036.732117] dump_stack+0x1c4/0x2b4 [ 1036.732139] ? dump_stack_print_info.cold.2+0x52/0x52 [ 1036.749512] FAT-fs (loop2): bogus number of reserved sectors [ 1036.752980] should_fail.cold.4+0xa/0x17 [ 1036.753003] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 1036.767966] ? rt6_age_exceptions+0x790/0x790 [ 1036.767989] ? mark_held_locks+0x130/0x130 [ 1036.768007] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1036.768044] ? __rt6_find_exception_rcu+0x379/0x510 [ 1036.787320] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1036.792874] ? ip6_hold_safe+0x2e7/0x660 [ 1036.796950] ? zap_class+0x640/0x640 [ 1036.800676] ? fs_reclaim_acquire+0x20/0x20 [ 1036.805006] ? lock_downgrade+0x900/0x900 [ 1036.809186] ? ___might_sleep+0x1ed/0x300 [ 1036.813347] ? arch_local_save_flags+0x40/0x40 [ 1036.817946] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1036.823511] __should_failslab+0x124/0x180 [ 1036.827760] should_failslab+0x9/0x14 [ 1036.831580] kmem_cache_alloc_node+0x26e/0x730 [ 1036.836177] ? zap_class+0x640/0x640 [ 1036.839912] __alloc_skb+0x119/0x770 [ 1036.843639] ? skb_scrub_packet+0x490/0x490 [ 1036.847986] ? mark_held_locks+0x130/0x130 [ 1036.852261] ? mark_held_locks+0x130/0x130 [ 1036.856505] ? zap_class+0x640/0x640 [ 1036.860240] ? zap_class+0x640/0x640 [ 1036.863976] __ip6_append_data.isra.46+0x2738/0x3530 [ 1036.869104] ? lock_downgrade+0x900/0x900 [ 1036.873276] ? rawv6_mh_filter_unregister+0xe0/0xe0 [ 1036.878326] ? ip6_setup_cork+0x1a30/0x1a30 [ 1036.882659] ? dst_output+0x180/0x180 [ 1036.886474] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1036.892028] ? ip6_setup_cork+0x11c3/0x1a30 [ 1036.896378] ? ip6_autoflowlabel.part.47+0x80/0x80 [ 1036.901320] ? zap_class+0x640/0x640 [ 1036.905059] ? lock_acquire+0x1ed/0x520 [ 1036.909050] ? rawv6_sendmsg+0x1520/0x4850 [ 1036.913301] ? trace_hardirqs_on+0xbd/0x310 [ 1036.917629] ? lock_release+0x970/0x970 [ 1036.921614] ? lock_sock_nested+0xe2/0x120 [ 1036.925870] ip6_append_data+0x1bc/0x2d0 [ 1036.929939] ? rawv6_mh_filter_unregister+0xe0/0xe0 [ 1036.934974] ? rawv6_mh_filter_unregister+0xe0/0xe0 [ 1036.940024] rawv6_sendmsg+0x15a3/0x4850 [ 1036.944143] ? rawv6_getsockopt+0x140/0x140 [ 1036.948475] ? zap_class+0x640/0x640 [ 1036.952205] ? avc_has_perm+0x469/0x7e0 [ 1036.956204] ? lock_downgrade+0x900/0x900 [ 1036.960373] ? kasan_check_read+0x11/0x20 [ 1036.964540] ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160 [ 1036.969855] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1036.975412] ? avc_has_perm+0x55f/0x7e0 [ 1036.979406] ? avc_has_perm_noaudit+0x630/0x630 [ 1036.984105] ? save_stack+0xa9/0xd0 [ 1036.987741] ? save_stack+0x43/0xd0 [ 1036.991376] ? __kasan_slab_free+0x102/0x150 [ 1036.995796] ? kasan_slab_free+0xe/0x10 [ 1036.999778] ? kfree+0xcf/0x230 [ 1037.003067] ? kvfree+0x61/0x70 [ 1037.006356] ? default_file_splice_read+0x866/0xb20 [ 1037.011379] ? do_splice_to+0x12e/0x190 [ 1037.015362] ? do_sendfile+0x62a/0xe20 [ 1037.019277] ? kasan_check_write+0x14/0x20 [ 1037.023532] inet_sendmsg+0x1a1/0x690 [ 1037.027343] ? inet_sendmsg+0x1a1/0x690 [ 1037.031329] ? trace_hardirqs_on+0x310/0x310 [ 1037.035753] ? ipip_gro_receive+0x100/0x100 [ 1037.040089] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1037.045638] ? security_socket_sendmsg+0x94/0xc0 [ 1037.050410] ? ipip_gro_receive+0x100/0x100 [ 1037.054746] sock_sendmsg+0xd5/0x120 [ 1037.058471] kernel_sendmsg+0x43/0x50 [ 1037.062286] sock_no_sendpage+0x1ce/0x290 [ 1037.066445] ? sock_kfree_s+0x60/0x60 [ 1037.070256] ? default_file_splice_read+0x87a/0xb20 [ 1037.075278] ? alloc_pipe_info+0x29e/0x590 [ 1037.079521] ? splice_direct_to_actor+0x6fc/0x8f0 [ 1037.084370] ? do_splice_direct+0x2d4/0x420 [ 1037.088720] ? iter_file_splice_write+0x1050/0x1050 [ 1037.093752] kernel_sendpage+0x93/0xf0 [ 1037.097653] ? sock_kfree_s+0x60/0x60 [ 1037.101471] sock_sendpage+0x8c/0xc0 [ 1037.105201] ? kernel_sendpage+0xf0/0xf0 [ 1037.109274] pipe_to_sendpage+0x2d0/0x400 [ 1037.113439] ? generic_pipe_buf_nosteal+0x10/0x10 [ 1037.118294] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1037.123851] ? splice_from_pipe_next.part.10+0x296/0x340 [ 1037.129315] ? __ia32_sys_membarrier+0x150/0x150 [ 1037.134092] __splice_from_pipe+0x38b/0x7c0 [ 1037.138427] ? generic_pipe_buf_nosteal+0x10/0x10 [ 1037.143294] splice_from_pipe+0x1ec/0x340 [ 1037.147453] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1037.153018] ? generic_pipe_buf_nosteal+0x10/0x10 [ 1037.157883] ? splice_shrink_spd+0xd0/0xd0 [ 1037.162144] ? security_file_permission+0x1c2/0x230 [ 1037.167187] generic_splice_sendpage+0x3c/0x50 [ 1037.171785] ? splice_from_pipe+0x340/0x340 [ 1037.176127] direct_splice_actor+0x128/0x190 [ 1037.180555] splice_direct_to_actor+0x318/0x8f0 [ 1037.185247] ? pipe_to_sendpage+0x400/0x400 [ 1037.189591] ? do_splice_to+0x190/0x190 [ 1037.193573] ? security_file_permission+0x1c2/0x230 [ 1037.198607] ? rw_verify_area+0x118/0x360 [ 1037.202774] do_splice_direct+0x2d4/0x420 [ 1037.206940] ? splice_direct_to_actor+0x8f0/0x8f0 [ 1037.211809] ? rw_verify_area+0x118/0x360 [ 1037.215974] do_sendfile+0x62a/0xe20 [ 1037.219719] ? do_compat_pwritev64+0x1c0/0x1c0 [ 1037.224333] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1037.229890] ? _copy_from_user+0xdf/0x150 [ 1037.234076] __x64_sys_sendfile64+0x15d/0x250 [ 1037.238592] ? __ia32_sys_sendfile+0x2a0/0x2a0 [ 1037.243207] do_syscall_64+0x1b9/0x820 [ 1037.247112] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 1037.252498] ? syscall_return_slowpath+0x5e0/0x5e0 [ 1037.257446] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1037.262313] ? trace_hardirqs_on_caller+0x310/0x310 [ 1037.267346] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 1037.272381] ? prepare_exit_to_usermode+0x291/0x3b0 [ 1037.277418] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1037.282286] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1037.287510] RIP: 0033:0x457519 [ 1037.290718] Code: 1d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1037.309634] RSP: 002b:00007f64b1a02c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 1037.317370] RAX: ffffffffffffffda RBX: 00007f64b1a02c90 RCX: 0000000000457519 [ 1037.324655] RDX: 00000000200000c0 RSI: 0000000000000006 RDI: 0000000000000003 14:33:15 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={&(0x7f0000000000), 0xc, &(0x7f0000000540)={&(0x7f00000003c0)=@newlink={0x28, 0x10, 0x705, 0x0, 0x0, {0x4800}, [@IFLA_OPERSTATE={0x8}]}, 0x28}}, 0x0) [ 1037.331935] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1037.339212] R10: 0000000000000401 R11: 0000000000000246 R12: 00007f64b1a036d4 [ 1037.346488] R13: 00000000004c3483 R14: 00000000004d5238 R15: 0000000000000007 [ 1037.367302] FAT-fs (loop2): Can't find a valid FAT filesystem 14:33:16 executing program 0: r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1, 0x0) write$P9_RLOCK(r1, &(0x7f00000000c0)={0x8}, 0x8) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000740)=ANY=[@ANYBLOB="00000000ed000000060000000080"]) 14:33:16 executing program 3 (fault-call:5 fault-nth:6): r0 = socket$inet6(0xa, 0x3, 0x6) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) connect$inet6(r0, &(0x7f0000000180)={0xa, 0x0, 0x0, @loopback}, 0x1c) r2 = syz_open_procfs(0x0, &(0x7f0000000040)='net/raw6\x00') sendfile(r0, r2, &(0x7f00000000c0), 0x401) [ 1037.414965] netlink: 'syz-executor4': attribute type 16 has an invalid length. [ 1037.449205] FAT-fs (loop2): bogus number of reserved sectors [ 1037.455419] FAT-fs (loop2): Can't find a valid FAT filesystem 14:33:16 executing program 5: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) prctl$seccomp(0x16, 0x1, &(0x7f0000000040)={0x0}) 14:33:16 executing program 0: r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1, 0x0) write$P9_RLOCK(r1, &(0x7f00000000c0)={0x8}, 0x8) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000740)=ANY=[@ANYBLOB="0000000037000000060000000080"]) [ 1037.473250] netlink: 'syz-executor4': attribute type 16 has an invalid length. [ 1037.505417] FAULT_INJECTION: forcing a failure. [ 1037.505417] name failslab, interval 1, probability 0, space 0, times 0 14:33:16 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={&(0x7f0000000000), 0xc, &(0x7f0000000540)={&(0x7f00000003c0)=@newlink={0x28, 0x10, 0x705, 0x0, 0x0, {0x6000}, [@IFLA_OPERSTATE={0x8}]}, 0x28}}, 0x0) 14:33:16 executing program 2: syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f00000004c0)='./file0\x00', 0x0, 0x0, &(0x7f0000000500), 0x0, &(0x7f0000000080)=ANY=[]) r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x0, 0x0) mknodat(r0, &(0x7f00000000c0)="2e2f66692e65318c", 0x0, 0x0) r1 = fanotify_init(0x7, 0x0) fanotify_mark(r1, 0x11, 0x40010028, r0, &(0x7f0000000240)="2e2f66692e65318c00") creat(&(0x7f0000000180)='./file0/file0\x00', 0x0) readv(r1, &(0x7f0000000700)=[{&(0x7f0000000080)=""/49, 0x31}], 0x8) 14:33:16 executing program 1: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000080)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_nopr_sha256\x00'}, 0x58) r1 = dup(r0) r2 = accept4$alg(r1, 0x0, 0x0, 0x0) io_setup(0x2000000000000002, &(0x7f0000000100)=0x0) io_submit(r3, 0x600, &(0x7f000049bfe8)=[&(0x7f00004dbfc0)={0x0, 0x0, 0x0, 0x0, 0x0, r2, &(0x7f0000000000)="0f", 0x1}]) [ 1037.551775] audit: type=1326 audit(1539268396.134:282): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=11376 comm="syz-executor5" exe="/root/syz-executor5" sig=9 arch=c000003e syscall=228 compat=0 ip=0x45a37a code=0x0 [ 1037.613631] CPU: 1 PID: 11373 Comm: syz-executor3 Not tainted 4.19.0-rc7+ #57 [ 1037.620958] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1037.630323] Call Trace: [ 1037.630355] dump_stack+0x1c4/0x2b4 [ 1037.630378] ? dump_stack_print_info.cold.2+0x52/0x52 [ 1037.630403] should_fail.cold.4+0xa/0x17 [ 1037.630421] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 1037.630440] ? __save_stack_trace+0x8d/0xf0 [ 1037.630467] ? save_stack+0x43/0xd0 [ 1037.648659] netlink: 'syz-executor4': attribute type 16 has an invalid length. [ 1037.651030] ? kasan_kmalloc+0xc7/0xe0 [ 1037.651044] ? kasan_slab_alloc+0x12/0x20 [ 1037.651061] ? kmem_cache_alloc_node+0x144/0x730 [ 1037.651080] ? __ip6_append_data.isra.46+0x2738/0x3530 [ 1037.651093] ? ip6_append_data+0x1bc/0x2d0 [ 1037.651107] ? rawv6_sendmsg+0x15a3/0x4850 [ 1037.651130] ? inet_sendmsg+0x1a1/0x690 [ 1037.663974] netlink: 'syz-executor4': attribute type 16 has an invalid length. [ 1037.666435] ? sock_sendmsg+0xd5/0x120 [ 1037.666450] ? kernel_sendmsg+0x43/0x50 [ 1037.666468] ? zap_class+0x640/0x640 [ 1037.666489] ? fs_reclaim_acquire+0x20/0x20 [ 1037.720164] ? lock_downgrade+0x900/0x900 [ 1037.720187] ? ___might_sleep+0x1ed/0x300 [ 1037.720204] ? arch_local_save_flags+0x40/0x40 [ 1037.720224] ? lock_downgrade+0x900/0x900 [ 1037.728521] __should_failslab+0x124/0x180 [ 1037.728545] should_failslab+0x9/0x14 [ 1037.728563] kmem_cache_alloc_node_trace+0x270/0x740 [ 1037.728574] ? kasan_unpoison_shadow+0x35/0x50 [ 1037.728587] ? kasan_kmalloc+0xc7/0xe0 [ 1037.728608] __kmalloc_node_track_caller+0x33/0x70 [ 1037.728629] __kmalloc_reserve.isra.39+0x41/0xe0 [ 1037.741358] FAT-fs (loop2): bogus number of reserved sectors [ 1037.741583] __alloc_skb+0x155/0x770 [ 1037.741603] ? skb_scrub_packet+0x490/0x490 [ 1037.745898] netlink: 'syz-executor4': attribute type 16 has an invalid length. [ 1037.750516] ? mark_held_locks+0x130/0x130 [ 1037.750545] ? mark_held_locks+0x130/0x130 [ 1037.750559] ? zap_class+0x640/0x640 [ 1037.750578] ? zap_class+0x640/0x640 [ 1037.750598] __ip6_append_data.isra.46+0x2738/0x3530 [ 1037.750612] ? lock_downgrade+0x900/0x900 [ 1037.750632] ? rawv6_mh_filter_unregister+0xe0/0xe0 [ 1037.750661] ? ip6_setup_cork+0x1a30/0x1a30 [ 1037.763411] FAT-fs (loop2): Can't find a valid FAT filesystem [ 1037.764064] ? dst_output+0x180/0x180 [ 1037.764088] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1037.764111] ? ip6_setup_cork+0x11c3/0x1a30 [ 1037.778901] netlink: 'syz-executor4': attribute type 16 has an invalid length. [ 1037.782683] ? ip6_autoflowlabel.part.47+0x80/0x80 [ 1037.782701] ? zap_class+0x640/0x640 [ 1037.782719] ? lock_acquire+0x1ed/0x520 [ 1037.782738] ? rawv6_sendmsg+0x1520/0x4850 [ 1037.868164] ? trace_hardirqs_on+0xbd/0x310 [ 1037.872506] ? lock_release+0x970/0x970 [ 1037.876506] ? lock_sock_nested+0xe2/0x120 [ 1037.880770] ip6_append_data+0x1bc/0x2d0 [ 1037.884844] ? rawv6_mh_filter_unregister+0xe0/0xe0 [ 1037.889882] ? rawv6_mh_filter_unregister+0xe0/0xe0 [ 1037.894913] rawv6_sendmsg+0x15a3/0x4850 [ 1037.899008] ? rawv6_getsockopt+0x140/0x140 [ 1037.903355] ? zap_class+0x640/0x640 [ 1037.907081] ? avc_has_perm+0x469/0x7e0 [ 1037.911069] ? lock_downgrade+0x900/0x900 [ 1037.915238] ? kasan_check_read+0x11/0x20 [ 1037.919421] ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160 [ 1037.924724] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1037.930275] ? avc_has_perm+0x55f/0x7e0 [ 1037.934270] ? avc_has_perm_noaudit+0x630/0x630 [ 1037.938968] ? save_stack+0xa9/0xd0 [ 1037.942604] ? save_stack+0x43/0xd0 [ 1037.946237] ? __kasan_slab_free+0x102/0x150 [ 1037.950652] ? kasan_slab_free+0xe/0x10 [ 1037.954656] ? kfree+0xcf/0x230 [ 1037.957943] ? kvfree+0x61/0x70 [ 1037.961231] ? default_file_splice_read+0x866/0xb20 [ 1037.966255] ? do_splice_to+0x12e/0x190 [ 1037.970249] ? do_sendfile+0x62a/0xe20 [ 1037.974167] ? kasan_check_write+0x14/0x20 [ 1037.978425] inet_sendmsg+0x1a1/0x690 [ 1037.982236] ? inet_sendmsg+0x1a1/0x690 [ 1037.986221] ? trace_hardirqs_on+0x310/0x310 [ 1037.990649] ? ipip_gro_receive+0x100/0x100 [ 1037.994987] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1038.000554] ? security_socket_sendmsg+0x94/0xc0 [ 1038.005326] ? ipip_gro_receive+0x100/0x100 [ 1038.009666] sock_sendmsg+0xd5/0x120 [ 1038.013397] kernel_sendmsg+0x43/0x50 [ 1038.017218] sock_no_sendpage+0x1ce/0x290 [ 1038.021403] ? sock_kfree_s+0x60/0x60 [ 1038.025219] ? default_file_splice_read+0x87a/0xb20 [ 1038.030251] ? alloc_pipe_info+0x29e/0x590 [ 1038.034498] ? splice_direct_to_actor+0x6fc/0x8f0 [ 1038.039356] ? do_splice_direct+0x2d4/0x420 [ 1038.043705] ? iter_file_splice_write+0x1050/0x1050 [ 1038.048742] kernel_sendpage+0x93/0xf0 [ 1038.052646] ? sock_kfree_s+0x60/0x60 [ 1038.056465] sock_sendpage+0x8c/0xc0 [ 1038.060194] ? kernel_sendpage+0xf0/0xf0 [ 1038.064265] pipe_to_sendpage+0x2d0/0x400 [ 1038.068431] ? generic_pipe_buf_nosteal+0x10/0x10 [ 1038.073283] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1038.078834] ? splice_from_pipe_next.part.10+0x296/0x340 [ 1038.084300] ? __ia32_sys_membarrier+0x150/0x150 [ 1038.089077] __splice_from_pipe+0x38b/0x7c0 [ 1038.093425] ? generic_pipe_buf_nosteal+0x10/0x10 [ 1038.098295] splice_from_pipe+0x1ec/0x340 [ 1038.102460] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1038.108028] ? generic_pipe_buf_nosteal+0x10/0x10 [ 1038.112899] ? splice_shrink_spd+0xd0/0xd0 [ 1038.117168] ? security_file_permission+0x1c2/0x230 [ 1038.122220] generic_splice_sendpage+0x3c/0x50 [ 1038.126824] ? splice_from_pipe+0x340/0x340 [ 1038.131175] direct_splice_actor+0x128/0x190 [ 1038.135610] splice_direct_to_actor+0x318/0x8f0 [ 1038.140305] ? pipe_to_sendpage+0x400/0x400 [ 1038.144654] ? do_splice_to+0x190/0x190 [ 1038.148646] ? security_file_permission+0x1c2/0x230 [ 1038.153693] ? rw_verify_area+0x118/0x360 [ 1038.157875] do_splice_direct+0x2d4/0x420 [ 1038.162062] ? splice_direct_to_actor+0x8f0/0x8f0 [ 1038.166943] ? rw_verify_area+0x118/0x360 [ 1038.171119] do_sendfile+0x62a/0xe20 [ 1038.174872] ? do_compat_pwritev64+0x1c0/0x1c0 [ 1038.179488] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1038.185058] ? _copy_from_user+0xdf/0x150 [ 1038.189235] __x64_sys_sendfile64+0x15d/0x250 [ 1038.193755] ? __ia32_sys_sendfile+0x2a0/0x2a0 [ 1038.198369] do_syscall_64+0x1b9/0x820 [ 1038.202271] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 1038.207654] ? syscall_return_slowpath+0x5e0/0x5e0 [ 1038.212597] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1038.217458] ? trace_hardirqs_on_caller+0x310/0x310 [ 1038.222493] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 1038.227540] ? prepare_exit_to_usermode+0x291/0x3b0 [ 1038.232588] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1038.237462] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1038.242669] RIP: 0033:0x457519 [ 1038.245875] Code: 1d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 14:33:16 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={&(0x7f0000000000), 0xc, &(0x7f0000000540)={&(0x7f00000003c0)=@newlink={0x28, 0x10, 0x705, 0x0, 0x0, {0x6c}, [@IFLA_OPERSTATE={0x8}]}, 0x28}}, 0x0) 14:33:16 executing program 0: r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1, 0x0) write$P9_RLOCK(r1, &(0x7f00000000c0)={0x8}, 0x8) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000740)=ANY=[@ANYBLOB="0016000000000000060000000080"]) [ 1038.264793] RSP: 002b:00007f64b1a02c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 1038.272525] RAX: ffffffffffffffda RBX: 00007f64b1a02c90 RCX: 0000000000457519 [ 1038.279815] RDX: 00000000200000c0 RSI: 0000000000000006 RDI: 0000000000000003 [ 1038.287097] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1038.294394] R10: 0000000000000401 R11: 0000000000000246 R12: 00007f64b1a036d4 [ 1038.301678] R13: 00000000004c3483 R14: 00000000004d5238 R15: 0000000000000007 14:33:16 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={&(0x7f0000000000), 0xc, &(0x7f0000000540)={&(0x7f00000003c0)=@newlink={0x28, 0x10, 0x705, 0x0, 0x0, {0xf0ffffffffffff}, [@IFLA_OPERSTATE={0x8}]}, 0x28}}, 0x0) 14:33:16 executing program 3: r0 = socket$inet6(0xa, 0x3, 0x6) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) connect$inet6(r0, &(0x7f0000000180)={0xa, 0x0, 0x0, @loopback}, 0x1c) r2 = syz_open_procfs(0x0, &(0x7f0000000040)='net/raw6\x00') sendfile(r0, r2, &(0x7f00000000c0), 0x401) 14:33:16 executing program 5: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) prctl$seccomp(0x16, 0x1, &(0x7f0000000040)={0x0}) 14:33:17 executing program 0: r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1, 0x0) write$P9_RLOCK(r1, &(0x7f00000000c0)={0x8}, 0x8) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000740)=ANY=[@ANYBLOB="0021000000000000060000000080"]) [ 1038.388103] FAT-fs (loop2): bogus number of reserved sectors [ 1038.396294] FAT-fs (loop2): Can't find a valid FAT filesystem 14:33:17 executing program 1: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000080)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_nopr_sha256\x00'}, 0x58) r1 = dup(r0) r2 = accept4$alg(r1, 0x0, 0x0, 0x0) io_setup(0x2000000000000002, &(0x7f0000000100)=0x0) io_submit(r3, 0x1, &(0x7f000049bfe8)=[&(0x7f00004dbfc0)={0xdf, 0x0, 0x0, 0x0, 0x0, r2, &(0x7f0000000000)="0f", 0x1}]) 14:33:17 executing program 2: syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f00000004c0)='./file0\x00', 0x0, 0x0, &(0x7f0000000500), 0x0, &(0x7f0000000080)=ANY=[]) r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x0, 0x0) mknodat(r0, &(0x7f00000000c0)="2e2f66692e65318c", 0x0, 0x0) r1 = fanotify_init(0x7, 0x0) fanotify_mark(r1, 0x11, 0x40010028, r0, &(0x7f0000000240)="2e2f66692e65318c00") creat(&(0x7f0000000180)='./file0/file0\x00', 0x0) readv(r1, &(0x7f0000000700)=[{&(0x7f0000000080)=""/49, 0x31}], 0x500) 14:33:17 executing program 3: r0 = socket$inet6(0xa, 0x3, 0x6) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) connect$inet6(r0, &(0x7f0000000180)={0xa, 0x0, 0x0, @loopback}, 0x1c) r2 = syz_open_procfs(0x0, &(0x7f0000000040)='net/raw6\x00') sendfile(r0, r2, &(0x7f00000000c0)=0x300000000000000, 0x401) 14:33:17 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={&(0x7f0000000000), 0xc, &(0x7f0000000540)={&(0x7f00000003c0)=@newlink={0x28, 0x10, 0x705, 0x0, 0x0, {0x300000000000000}, [@IFLA_OPERSTATE={0x8}]}, 0x28}}, 0x0) [ 1038.493682] audit: type=1326 audit(1539268397.054:283): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=11415 comm="syz-executor5" exe="/root/syz-executor5" sig=9 arch=c000003e syscall=228 compat=0 ip=0x45a37a code=0x0 14:33:17 executing program 0: r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1, 0x0) write$P9_RLOCK(r1, &(0x7f00000000c0)={0x8}, 0x8) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000740)=ANY=[@ANYBLOB="00012b0000000000060000000080"]) 14:33:17 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={&(0x7f0000000000), 0xc, &(0x7f0000000540)={&(0x7f00000003c0)=@newlink={0x28, 0x10, 0x705, 0x0, 0x0, {0x3f00000000000000}, [@IFLA_OPERSTATE={0x8}]}, 0x28}}, 0x0) 14:33:17 executing program 3: r0 = socket$inet6(0xa, 0x3, 0x6) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) connect$inet6(r0, &(0x7f0000000180)={0xa, 0x0, 0x0, @loopback}, 0x1c) r2 = syz_open_procfs(0x0, &(0x7f0000000040)='net/raw6\x00') sendfile(r0, r2, &(0x7f00000000c0)=0xb6020000, 0x401) [ 1038.602566] FAT-fs (loop2): bogus number of reserved sectors [ 1038.615408] FAT-fs (loop2): Can't find a valid FAT filesystem 14:33:17 executing program 0: r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1, 0x0) write$P9_RLOCK(r1, &(0x7f00000000c0)={0x8}, 0x8) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000740)=ANY=[@ANYBLOB="0001260000000000060000000080"]) 14:33:17 executing program 1: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000080)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_nopr_sha256\x00'}, 0x58) r1 = dup(r0) r2 = accept4$alg(r1, 0x0, 0x0, 0x0) io_setup(0x2000000000000002, &(0x7f0000000100)=0x0) io_submit(r3, 0x1, &(0x7f000049bfe8)=[&(0x7f00004dbfc0)={0x800000000000000, 0x0, 0x0, 0x0, 0x0, r2, &(0x7f0000000000)="0f", 0x1}]) 14:33:17 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={&(0x7f0000000000), 0xc, &(0x7f0000000540)={&(0x7f00000003c0)=@newlink={0x28, 0x10, 0x705, 0x0, 0x0, {0x40000000}, [@IFLA_OPERSTATE={0x8}]}, 0x28}}, 0x0) 14:33:17 executing program 5: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) prctl$seccomp(0x16, 0x1, &(0x7f0000000040)={0x0}) 14:33:17 executing program 3: r0 = socket$inet6(0xa, 0x3, 0x6) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) connect$inet6(r0, &(0x7f0000000180)={0xa, 0x0, 0x0, @loopback}, 0x1c) r2 = syz_open_procfs(0x0, &(0x7f0000000040)='net/raw6\x00') sendfile(r0, r2, &(0x7f00000000c0)=0x6c00, 0x401) 14:33:17 executing program 0: r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1, 0x0) write$P9_RLOCK(r1, &(0x7f00000000c0)={0x8}, 0x8) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000740)=ANY=[@ANYBLOB="0000d10000000000060000000080"]) [ 1039.305431] audit: type=1326 audit(1539268397.884:284): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=11468 comm="syz-executor5" exe="/root/syz-executor5" sig=9 arch=c000003e syscall=228 compat=0 ip=0x45a37a code=0x0 [ 1039.373271] FAT-fs (loop2): bogus number of reserved sectors [ 1039.379774] FAT-fs (loop2): Can't find a valid FAT filesystem 14:33:18 executing program 2: syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f00000004c0)='./file0\x00', 0x0, 0x0, &(0x7f0000000500), 0x0, &(0x7f0000000080)=ANY=[]) r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x0, 0x0) mknodat(r0, &(0x7f00000000c0)="2e2f66692e65318c", 0x0, 0x0) r1 = fanotify_init(0x7, 0x0) fanotify_mark(r1, 0x11, 0x40010028, r0, &(0x7f0000000240)="2e2f66692e65318c00") creat(&(0x7f0000000180)='./file0/file0\x00', 0x0) readv(r1, &(0x7f0000000700)=[{&(0x7f0000000080)=""/49, 0x31}], 0x2) 14:33:18 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={&(0x7f0000000000), 0xc, &(0x7f0000000540)={&(0x7f00000003c0)=@newlink={0x28, 0x10, 0x705, 0x0, 0x0, {0x0, 0x74}, [@IFLA_OPERSTATE={0x8}]}, 0x28}}, 0x0) 14:33:18 executing program 1: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000080)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_nopr_sha256\x00'}, 0x58) r1 = dup(r0) r2 = accept4$alg(r1, 0x0, 0x0, 0x0) io_setup(0x2000000000000002, &(0x7f0000000100)=0x0) io_submit(r3, 0x1, &(0x7f000049bfe8)=[&(0x7f00004dbfc0)={0x7000000, 0x0, 0x0, 0x0, 0x0, r2, &(0x7f0000000000)="0f", 0x1}]) 14:33:18 executing program 3: r0 = socket$inet6(0xa, 0x3, 0x6) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) connect$inet6(r0, &(0x7f0000000180)={0xa, 0x0, 0x0, @loopback}, 0x1c) r2 = syz_open_procfs(0x0, &(0x7f0000000040)='net/raw6\x00') sendfile(r0, r2, &(0x7f00000000c0)=0xfec0, 0x401) 14:33:18 executing program 0: r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1, 0x0) write$P9_RLOCK(r1, &(0x7f00000000c0)={0x8}, 0x8) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000740)=ANY=[@ANYBLOB="00df010000000000060000000080"]) 14:33:18 executing program 0: r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1, 0x0) write$P9_RLOCK(r1, &(0x7f00000000c0)={0x8}, 0x8) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000740)=ANY=[@ANYBLOB="003e000000000000060000000080"]) 14:33:18 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={&(0x7f0000000000), 0xc, &(0x7f0000000540)={&(0x7f00000003c0)=@newlink={0x28, 0x10, 0x705, 0x0, 0x0, {0x0, 0x400000000000000}, [@IFLA_OPERSTATE={0x8}]}, 0x28}}, 0x0) 14:33:18 executing program 3: r0 = socket$inet6(0xa, 0x3, 0x6) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) connect$inet6(r0, &(0x7f0000000180)={0xa, 0x0, 0x0, @loopback}, 0x1c) r2 = syz_open_procfs(0x0, &(0x7f0000000040)='net/raw6\x00') sendfile(r0, r2, &(0x7f00000000c0)=0xa00000000000000, 0x401) [ 1039.506209] FAT-fs (loop2): bogus number of reserved sectors [ 1039.518591] FAT-fs (loop2): Can't find a valid FAT filesystem 14:33:18 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={&(0x7f0000000000), 0xc, &(0x7f0000000540)={&(0x7f00000003c0)=@newlink={0x28, 0x10, 0x705, 0x0, 0x0, {0x0, 0xf0ffff}, [@IFLA_OPERSTATE={0x8}]}, 0x28}}, 0x0) 14:33:18 executing program 5: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) prctl$seccomp(0x16, 0x1, &(0x7f0000000040)={0x0}) 14:33:18 executing program 1: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000080)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_nopr_sha256\x00'}, 0x58) r1 = dup(r0) r2 = accept4$alg(r1, 0x0, 0x0, 0x0) io_setup(0x2000000000000002, &(0x7f0000000100)=0x0) io_submit(r3, 0x1, &(0x7f000049bfe8)=[&(0x7f00004dbfc0)={0xdf00, 0x0, 0x0, 0x0, 0x0, r2, &(0x7f0000000000)="0f", 0x1}]) 14:33:18 executing program 0: r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1, 0x0) write$P9_RLOCK(r1, &(0x7f00000000c0)={0x8}, 0x8) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000740)=ANY=[@ANYBLOB="006a000000000000060000000080"]) [ 1040.125406] audit: type=1326 audit(1539268398.704:285): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=11525 comm="syz-executor5" exe="/root/syz-executor5" sig=9 arch=c000003e syscall=228 compat=0 ip=0x45a37a code=0x0 [ 1040.283332] FAT-fs (loop2): Unrecognized mount option "" or missing value 14:33:18 executing program 2: syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f00000004c0)='./file0\x00', 0x0, 0x0, &(0x7f0000000500), 0x0, &(0x7f0000000080)=ANY=[]) r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)="2e2f66692e65318c00", 0x0, 0x0) mknodat(r0, &(0x7f00000000c0)="2e2f66692e65318c", 0x1000, 0x0) r1 = openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f0000000140)='/selinux/avc/cache_stats\x00', 0x0, 0x0) ioctl$IOC_PR_CLEAR(r1, 0x401070cd, &(0x7f00000001c0)={0x4c4}) r2 = fanotify_init(0x7, 0x4) fanotify_mark(r2, 0x11, 0x40010028, r0, &(0x7f0000000040)="2e2f66692e65318c00") ioctl$KVM_SET_NR_MMU_PAGES(r1, 0xae44, 0x44) creat(&(0x7f0000000180)='./file0/file0\x00', 0x0) readv(r2, &(0x7f0000000700)=[{&(0x7f0000000080)=""/49, 0x31}], 0x1) 14:33:18 executing program 3: r0 = socket$inet6(0xa, 0x3, 0x6) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) connect$inet6(r0, &(0x7f0000000180)={0xa, 0x0, 0x0, @loopback}, 0x1c) r2 = syz_open_procfs(0x0, &(0x7f0000000040)='net/raw6\x00') sendfile(r0, r2, &(0x7f00000000c0)=0x7a000000, 0x401) 14:33:18 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={&(0x7f0000000000), 0xc, &(0x7f0000000540)={&(0x7f00000003c0)=@newlink={0x28, 0x10, 0x705, 0x0, 0x0, {0x0, 0x4000}, [@IFLA_OPERSTATE={0x8}]}, 0x28}}, 0x0) 14:33:18 executing program 0: r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1, 0x0) write$P9_RLOCK(r1, &(0x7f00000000c0)={0x8}, 0x8) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000740)=ANY=[@ANYBLOB="00000000a0000000060000000080"]) 14:33:18 executing program 1: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000080)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_nopr_sha256\x00'}, 0x58) r1 = dup(r0) r2 = accept4$alg(r1, 0x0, 0x0, 0x0) io_setup(0x2000000000000002, &(0x7f0000000100)=0x0) io_submit(r3, 0x1, &(0x7f000049bfe8)=[&(0x7f00004dbfc0)={0x400000000000000, 0x0, 0x0, 0x0, 0x0, r2, &(0x7f0000000000)="0f", 0x1}]) 14:33:18 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={&(0x7f0000000000), 0xc, &(0x7f0000000540)={&(0x7f00000003c0)=@newlink={0x28, 0x10, 0x705, 0x0, 0x0, {0x0, 0x8100}, [@IFLA_OPERSTATE={0x8}]}, 0x28}}, 0x0) 14:33:19 executing program 3: r0 = socket$inet6(0xa, 0x3, 0x6) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) connect$inet6(r0, &(0x7f0000000180)={0xa, 0x0, 0x0, @loopback}, 0x1c) r2 = syz_open_procfs(0x0, &(0x7f0000000040)='net/raw6\x00') sendfile(r0, r2, &(0x7f00000000c0)=0x3, 0x401) [ 1040.379308] FAT-fs (loop2): bogus number of reserved sectors [ 1040.388717] FAT-fs (loop2): Can't find a valid FAT filesystem 14:33:19 executing program 0: r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1, 0x0) write$P9_RLOCK(r1, &(0x7f00000000c0)={0x8}, 0x8) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000740)=ANY=[@ANYBLOB="0000000108000000060000000080"]) 14:33:19 executing program 3: r0 = socket$inet6(0xa, 0x3, 0x6) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) connect$inet6(r0, &(0x7f0000000180)={0xa, 0x0, 0x0, @loopback}, 0x1c) r2 = syz_open_procfs(0x0, &(0x7f0000000040)='net/raw6\x00') sendfile(r0, r2, &(0x7f00000000c0)=0x7, 0x401) [ 1040.470724] FAT-fs (loop2): bogus number of reserved sectors [ 1040.477209] FAT-fs (loop2): Can't find a valid FAT filesystem 14:33:19 executing program 5: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) prctl$seccomp(0x16, 0x1, &(0x7f0000000040)={0x0}) 14:33:19 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={&(0x7f0000000000), 0xc, &(0x7f0000000540)={&(0x7f00000003c0)=@newlink={0x28, 0x10, 0x705, 0x0, 0x0, {0x0, 0xf0ffffff00000000}, [@IFLA_OPERSTATE={0x8}]}, 0x28}}, 0x0) 14:33:19 executing program 1: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000080)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_nopr_sha256\x00'}, 0x58) r1 = dup(r0) r2 = accept4$alg(r1, 0x0, 0x0, 0x0) io_setup(0x2000000000000002, &(0x7f0000000100)=0x0) io_submit(r3, 0x1, &(0x7f000049bfe8)=[&(0x7f00004dbfc0)={0x200000000000000, 0x0, 0x0, 0x0, 0x0, r2, &(0x7f0000000000)="0f", 0x1}]) 14:33:19 executing program 0: r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1, 0x0) write$P9_RLOCK(r1, &(0x7f00000000c0)={0x8}, 0x8) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000740)=ANY=[@ANYBLOB="00000001f3000000060000000080"]) 14:33:19 executing program 2: syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f00000004c0)='./file0\x00', 0x0, 0x0, &(0x7f0000000500), 0x0, &(0x7f0000000080)=ANY=[]) r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x0, 0x0) mknodat(r0, &(0x7f00000000c0)="2e2f66692e65318c", 0x0, 0x0) r1 = fanotify_init(0x7, 0x0) fanotify_mark(r1, 0x11, 0x40010028, r0, &(0x7f0000000240)="2e2f66692e65318c00") creat(&(0x7f0000000180)='./file0/file0\x00', 0x800000000) readv(r1, &(0x7f0000000700)=[{&(0x7f0000000080)=""/49, 0x31}], 0x1) 14:33:19 executing program 3: r0 = socket$inet6(0xa, 0x3, 0x6) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) connect$inet6(r0, &(0x7f0000000180)={0xa, 0x0, 0x0, @loopback}, 0x1c) r2 = syz_open_procfs(0x0, &(0x7f0000000040)='net/raw6\x00') sendfile(r0, r2, &(0x7f00000000c0)=0x600000000000000, 0x401) 14:33:19 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={&(0x7f0000000000), 0xc, &(0x7f0000000540)={&(0x7f00000003c0)=@newlink={0x28, 0x10, 0x705, 0x0, 0x0, {0x0, 0x500000000000000}, [@IFLA_OPERSTATE={0x8}]}, 0x28}}, 0x0) [ 1040.964590] audit: type=1326 audit(1539268399.544:286): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=11582 comm="syz-executor5" exe="/root/syz-executor5" sig=9 arch=c000003e syscall=228 compat=0 ip=0x45a37a code=0x0 14:33:19 executing program 3: r0 = socket$inet6(0xa, 0x3, 0x6) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) connect$inet6(r0, &(0x7f0000000180)={0xa, 0x0, 0x0, @loopback}, 0x1c) r2 = syz_open_procfs(0x0, &(0x7f0000000040)='net/raw6\x00') sendfile(r0, r2, &(0x7f00000000c0)=0x48000000, 0x401) 14:33:19 executing program 0: r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1, 0x0) write$P9_RLOCK(r1, &(0x7f00000000c0)={0x8}, 0x8) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000740)=ANY=[@ANYBLOB="000000014b000000060000000080"]) [ 1041.006629] FAT-fs (loop2): bogus number of reserved sectors [ 1041.012866] FAT-fs (loop2): Can't find a valid FAT filesystem 14:33:19 executing program 3: r0 = socket$inet6(0xa, 0x3, 0x6) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) connect$inet6(r0, &(0x7f0000000180)={0xa, 0x0, 0x0, @loopback}, 0x1c) r2 = syz_open_procfs(0x0, &(0x7f0000000040)='net/raw6\x00') sendfile(r0, r2, &(0x7f00000000c0)=0xdf00, 0x401) [ 1041.068160] validate_nla: 20 callbacks suppressed [ 1041.068217] netlink: 'syz-executor4': attribute type 16 has an invalid length. [ 1041.088240] netlink: 'syz-executor4': attribute type 16 has an invalid length. 14:33:19 executing program 0: r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1, 0x0) write$P9_RLOCK(r1, &(0x7f00000000c0)={0x8}, 0x8) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000740)=ANY=[@ANYBLOB="000000019f000000060000000080"]) 14:33:19 executing program 1: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000080)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_nopr_sha256\x00'}, 0x58) r1 = dup(r0) r2 = accept4$alg(r1, 0x0, 0x0, 0x0) io_setup(0x2000000000000002, &(0x7f0000000100)=0x0) io_submit(r3, 0x1, &(0x7f000049bfe8)=[&(0x7f00004dbfc0)={0x6b6b6b, 0x0, 0x0, 0x0, 0x0, r2, &(0x7f0000000000)="0f", 0x1}]) 14:33:20 executing program 5: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) prctl$seccomp(0x16, 0x1, &(0x7f0000000040)={0x0}) 14:33:20 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={&(0x7f0000000000), 0xc, &(0x7f0000000540)={&(0x7f00000003c0)=@newlink={0x28, 0x10, 0x705, 0x0, 0x0, {0x0, 0x600000000000000}, [@IFLA_OPERSTATE={0x8}]}, 0x28}}, 0x0) 14:33:20 executing program 3: r0 = socket$inet6(0xa, 0x3, 0x6) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) connect$inet6(r0, &(0x7f0000000180)={0xa, 0x0, 0x0, @loopback}, 0x1c) r2 = syz_open_procfs(0x0, &(0x7f0000000040)='net/raw6\x00') sendfile(r0, r2, &(0x7f00000000c0)=0xa00, 0x401) 14:33:20 executing program 0: r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1, 0x0) write$P9_RLOCK(r1, &(0x7f00000000c0)={0x8}, 0x8) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000740)=ANY=[@ANYBLOB="000000001f000000060000000080"]) [ 1041.764753] FAT-fs (loop2): Unrecognized mount option "" or missing value [ 1041.812450] audit: type=1326 audit(1539268400.394:287): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=11632 comm="syz-executor5" exe="/root/syz-executor5" sig=9 arch=c000003e syscall=228 compat=0 ip=0x45a37a code=0x0 [ 1041.842694] netlink: 'syz-executor4': attribute type 16 has an invalid length. 14:33:20 executing program 2: syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f00000004c0)='./file0\x00', 0x0, 0x0, &(0x7f0000000500), 0x0, &(0x7f0000000080)=ANY=[]) r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x0, 0x0) mknodat(r0, &(0x7f00000000c0)="2e2f66692e65318c", 0x0, 0x0) r1 = fanotify_init(0x7, 0x0) fanotify_mark(r1, 0x11, 0x40010028, r0, &(0x7f0000000240)="2e2f66692e65318c00") r2 = creat(&(0x7f0000000180)='./file0/file0\x00', 0x0) ioctl$SG_GET_NUM_WAITING(r2, 0x227d, &(0x7f0000000080)) readv(r1, &(0x7f0000000700)=[{&(0x7f0000000040)=""/49, 0x31}], 0x0) 14:33:20 executing program 1: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000080)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_nopr_sha256\x00'}, 0x58) r1 = dup(r0) r2 = accept4$alg(r1, 0x0, 0x0, 0x0) io_setup(0x2000000000000002, &(0x7f0000000100)=0x0) io_submit(r3, 0x1, &(0x7f000049bfe8)=[&(0x7f00004dbfc0)={0x8, 0x0, 0x0, 0x0, 0x0, r2, &(0x7f0000000000)="0f", 0x1}]) 14:33:20 executing program 3: r0 = socket$inet6(0xa, 0x3, 0x6) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) connect$inet6(r0, &(0x7f0000000180)={0xa, 0x0, 0x0, @loopback}, 0x1c) r2 = syz_open_procfs(0x0, &(0x7f0000000040)='net/raw6\x00') sendfile(r0, r2, &(0x7f00000000c0)=0x6, 0x401) 14:33:20 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={&(0x7f0000000000), 0xc, &(0x7f0000000540)={&(0x7f00000003c0)=@newlink={0x28, 0x10, 0x705, 0x0, 0x0, {0x0, 0x6c00000000000000}, [@IFLA_OPERSTATE={0x8}]}, 0x28}}, 0x0) [ 1041.863563] netlink: 'syz-executor4': attribute type 16 has an invalid length. 14:33:20 executing program 0: r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1, 0x0) write$P9_RLOCK(r1, &(0x7f00000000c0)={0x8}, 0x8) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000740)=ANY=[@ANYBLOB="0000a70000000000060000000080"]) 14:33:20 executing program 3: r0 = socket$inet6(0xa, 0x3, 0x6) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) connect$inet6(r0, &(0x7f0000000180)={0xa, 0x0, 0x0, @loopback}, 0x1c) r2 = syz_open_procfs(0x0, &(0x7f0000000040)='net/raw6\x00') sendfile(r0, r2, &(0x7f00000000c0)=0x10000000000, 0x401) [ 1041.935699] FAT-fs (loop2): bogus number of reserved sectors [ 1041.945263] FAT-fs (loop2): Can't find a valid FAT filesystem [ 1041.967183] netlink: 'syz-executor4': attribute type 16 has an invalid length. 14:33:20 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={&(0x7f0000000000), 0xc, &(0x7f0000000540)={&(0x7f00000003c0)=@newlink={0x28, 0x10, 0x705, 0x0, 0x0, {0x0, 0x4800}, [@IFLA_OPERSTATE={0x8}]}, 0x28}}, 0x0) 14:33:20 executing program 0: r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1, 0x0) write$P9_RLOCK(r1, &(0x7f00000000c0)={0x8}, 0x8) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000740)=ANY=[@ANYBLOB="0000390000000000060000000080"]) [ 1041.991972] netlink: 'syz-executor4': attribute type 16 has an invalid length. [ 1042.086379] netlink: 'syz-executor4': attribute type 16 has an invalid length. [ 1042.098471] netlink: 'syz-executor4': attribute type 16 has an invalid length. 14:33:21 executing program 5: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) prctl$seccomp(0x16, 0x1, &(0x7f0000000040)={0x0}) 14:33:21 executing program 3: r0 = socket$inet6(0xa, 0x3, 0x6) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) connect$inet6(r0, &(0x7f0000000180)={0xa, 0x0, 0x0, @loopback}, 0x1c) r2 = syz_open_procfs(0x0, &(0x7f0000000040)='net/raw6\x00') sendfile(r0, r2, &(0x7f00000000c0)=0x6000000, 0x401) 14:33:21 executing program 1: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000080)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_nopr_sha256\x00'}, 0x58) r1 = dup(r0) r2 = accept4$alg(r1, 0x0, 0x0, 0x0) io_setup(0x2000000000000002, &(0x7f0000000100)=0x0) io_submit(r3, 0x1, &(0x7f000049bfe8)=[&(0x7f00004dbfc0)={0x4000000, 0x0, 0x0, 0x0, 0x0, r2, &(0x7f0000000000)="0f", 0x1}]) 14:33:21 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={&(0x7f0000000000), 0xc, &(0x7f0000000540)={&(0x7f00000003c0)=@newlink={0x28, 0x10, 0x705, 0x0, 0x0, {0x0, 0x6c00}, [@IFLA_OPERSTATE={0x8}]}, 0x28}}, 0x0) [ 1042.639003] audit: type=1326 audit(1539268401.224:288): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=11681 comm="syz-executor5" exe="/root/syz-executor5" sig=9 arch=c000003e syscall=228 compat=0 ip=0x45a37a code=0x0 [ 1042.675279] netlink: 'syz-executor4': attribute type 16 has an invalid length. [ 1042.709328] netlink: 'syz-executor4': attribute type 16 has an invalid length. [ 1042.734725] FAT-fs (loop2): bogus number of reserved sectors [ 1042.741076] FAT-fs (loop2): Can't find a valid FAT filesystem 14:33:21 executing program 2: syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f00000004c0)='./file0\x00', 0x0, 0x0, &(0x7f0000000500), 0x0, &(0x7f0000000080)=ANY=[]) r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x0, 0x0) mknodat(r0, &(0x7f00000000c0)="2e2f66692e65318c", 0x1, 0x0) r1 = fanotify_init(0x7, 0x0) fanotify_mark(r1, 0x11, 0x40010028, r0, &(0x7f0000000240)="2e2f66692e65318c00") creat(&(0x7f0000000180)='./file0/file0\x00', 0x0) readv(r1, &(0x7f0000000700)=[{&(0x7f0000000080)=""/49, 0x31}], 0x1) 14:33:21 executing program 0: r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1, 0x0) write$P9_RLOCK(r1, &(0x7f00000000c0)={0x8}, 0x8) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000740)=ANY=[@ANYBLOB="0000290000000000060000000080"]) 14:33:21 executing program 3: r0 = socket$inet6(0xa, 0x3, 0x6) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) connect$inet6(r0, &(0x7f0000000180)={0xa, 0x0, 0x0, @loopback}, 0x1c) r2 = syz_open_procfs(0x0, &(0x7f0000000040)='net/raw6\x00') sendfile(r0, r2, &(0x7f00000000c0)=0x6c000000, 0x401) 14:33:21 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={&(0x7f0000000000), 0xc, &(0x7f0000000540)={&(0x7f00000003c0)=@newlink={0x28, 0x10, 0x705, 0x0, 0x0, {0x0, 0x7a000000}, [@IFLA_OPERSTATE={0x8}]}, 0x28}}, 0x0) 14:33:21 executing program 1: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000080)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_nopr_sha256\x00'}, 0x58) r1 = dup(r0) r2 = accept4$alg(r1, 0x0, 0x0, 0x0) io_setup(0x2000000000000002, &(0x7f0000000100)=0x0) io_submit(r3, 0x1, &(0x7f000049bfe8)=[&(0x7f00004dbfc0)={0x700, 0x0, 0x0, 0x0, 0x0, r2, &(0x7f0000000000)="0f", 0x1}]) 14:33:21 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={&(0x7f0000000000), 0xc, &(0x7f0000000540)={&(0x7f00000003c0)=@newlink={0x28, 0x10, 0x705, 0x0, 0x0, {0x0, 0xf000000}, [@IFLA_OPERSTATE={0x8}]}, 0x28}}, 0x0) 14:33:21 executing program 3: r0 = socket$inet6(0xa, 0x3, 0x6) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) connect$inet6(r0, &(0x7f0000000180)={0xa, 0x0, 0x0, @loopback}, 0x1c) r2 = syz_open_procfs(0x0, &(0x7f0000000040)='net/raw6\x00') sendfile(r0, r2, &(0x7f00000000c0)=0xfe80, 0x401) 14:33:21 executing program 0: r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1, 0x0) write$P9_RLOCK(r1, &(0x7f00000000c0)={0x8}, 0x8) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000740)=ANY=[@ANYBLOB="006f000000000000060000000080"]) [ 1042.904049] FAT-fs (loop2): bogus number of reserved sectors [ 1042.913111] FAT-fs (loop2): Can't find a valid FAT filesystem 14:33:22 executing program 5: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) prctl$seccomp(0x16, 0x1, &(0x7f0000000040)={0x0}) 14:33:22 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={&(0x7f0000000000), 0xc, &(0x7f0000000540)={&(0x7f00000003c0)=@newlink={0x28, 0x10, 0x705, 0x0, 0x0, {0x0, 0xfffffffffffff000}, [@IFLA_OPERSTATE={0x8}]}, 0x28}}, 0x0) 14:33:22 executing program 0: r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1, 0x0) write$P9_RLOCK(r1, &(0x7f00000000c0)={0x8}, 0x8) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000740)=ANY=[@ANYBLOB="0000000082000000060000000080"]) 14:33:22 executing program 3: r0 = socket$inet6(0xa, 0x3, 0x6) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) connect$inet6(r0, &(0x7f0000000180)={0xa, 0x0, 0x0, @loopback}, 0x1c) r2 = syz_open_procfs(0x0, &(0x7f0000000040)='net/raw6\x00') sendfile(r0, r2, &(0x7f00000000c0)=0x2, 0x401) [ 1043.474979] audit: type=1326 audit(1539268402.054:289): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=11741 comm="syz-executor5" exe="/root/syz-executor5" sig=9 arch=c000003e syscall=228 compat=0 ip=0x45a37a code=0x0 [ 1043.639616] FAT-fs (loop2): Unrecognized mount option "" or missing value 14:33:22 executing program 2: syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f00000004c0)='./file0\x00', 0x0, 0x0, &(0x7f0000000500), 0x0, &(0x7f0000000080)=ANY=[]) open(&(0x7f0000000100)='./file0\x00', 0x701040, 0x60) r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x0, 0x0) mknodat(r0, &(0x7f00000000c0)="2e2f66692e65318c", 0x0, 0x0) r1 = fanotify_init(0x7, 0x40000) fanotify_mark(r1, 0x11, 0x40010028, r0, &(0x7f0000000240)="2e2f66692e65318c00") r2 = creat(&(0x7f0000000180)='./file0/file1\x00', 0x0) ioctl$int_in(r2, 0x5473, &(0x7f0000000040)=0x4) ioctl$BINDER_SET_MAX_THREADS(r2, 0x40046205, 0x8) readv(r1, &(0x7f0000000700)=[{&(0x7f0000000080)=""/49, 0x31}], 0x1) 14:33:22 executing program 1: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000080)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_nopr_sha256\x00'}, 0x58) r1 = dup(r0) r2 = accept4$alg(r1, 0x0, 0x0, 0x0) io_setup(0x2000000000000002, &(0x7f0000000100)=0x0) io_submit(r3, 0x1, &(0x7f000049bfe8)=[&(0x7f00004dbfc0)={0x700000000000000, 0x0, 0x0, 0x0, 0x0, r2, &(0x7f0000000000)="0f", 0x1}]) 14:33:22 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={&(0x7f0000000000), 0xc, &(0x7f0000000540)={&(0x7f00000003c0)=@newlink={0x28, 0x10, 0x705, 0x0, 0x0, {0x0, 0x6000000000000000}, [@IFLA_OPERSTATE={0x8}]}, 0x28}}, 0x0) 14:33:22 executing program 3: r0 = socket$inet6(0xa, 0x3, 0x6) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) connect$inet6(r0, &(0x7f0000000180)={0xa, 0x0, 0x0, @loopback}, 0x1c) r2 = syz_open_procfs(0x0, &(0x7f0000000040)='net/raw6\x00') sendfile(r0, r2, &(0x7f00000000c0)=0xfc00000000000000, 0x401) 14:33:22 executing program 0: r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1, 0x0) write$P9_RLOCK(r1, &(0x7f00000000c0)={0x8}, 0x8) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000740)=ANY=[@ANYBLOB="00000000fe000000060000000080"]) 14:33:22 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={&(0x7f0000000000), 0xc, &(0x7f0000000540)={&(0x7f00000003c0)=@newlink={0x28, 0x10, 0x705, 0x0, 0x0, {0x0, 0x700000000000000}, [@IFLA_OPERSTATE={0x8}]}, 0x28}}, 0x0) 14:33:22 executing program 3: r0 = socket$inet6(0xa, 0x3, 0x6) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) connect$inet6(r0, &(0x7f0000000180)={0xa, 0x0, 0x0, @loopback}, 0x1c) r2 = syz_open_procfs(0x0, &(0x7f0000000040)='net/raw6\x00') sendfile(r0, r2, &(0x7f00000000c0)=0xfeffffff, 0x401) 14:33:22 executing program 0: r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1, 0x0) write$P9_RLOCK(r1, &(0x7f00000000c0)={0x8}, 0x8) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000740)=ANY=[@ANYBLOB="00000001ea000000060000000080"]) [ 1043.759578] FAT-fs (loop2): bogus number of reserved sectors [ 1043.769641] FAT-fs (loop2): Can't find a valid FAT filesystem 14:33:22 executing program 5: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) prctl$seccomp(0x16, 0x1, &(0x7f0000000040)={0x0}) 14:33:22 executing program 3: r0 = socket$inet6(0xa, 0x3, 0x6) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) connect$inet6(r0, &(0x7f0000000180)={0xa, 0x0, 0x0, @loopback}, 0x1c) r2 = syz_open_procfs(0x0, &(0x7f0000000040)='net/raw6\x00') sendfile(r0, r2, &(0x7f00000000c0)=0x6b6b6b, 0x401) 14:33:22 executing program 1: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000080)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_nopr_sha256\x00'}, 0x58) r1 = dup(r0) r2 = accept4$alg(r1, 0x0, 0x0, 0x0) io_setup(0x2000000000000002, &(0x7f0000000100)=0x0) io_submit(r3, 0x1, &(0x7f000049bfe8)=[&(0x7f00004dbfc0)={0x3000000, 0x0, 0x0, 0x0, 0x0, r2, &(0x7f0000000000)="0f", 0x1}]) 14:33:22 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={&(0x7f0000000000), 0xc, &(0x7f0000000540)={&(0x7f00000003c0)=@newlink={0x28, 0x10, 0x705, 0x0, 0x0, {0x0, 0x7a00000000000000}, [@IFLA_OPERSTATE={0x8}]}, 0x28}}, 0x0) [ 1044.301035] audit: type=1326 audit(1539268402.884:290): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=11790 comm="syz-executor5" exe="/root/syz-executor5" sig=9 arch=c000003e syscall=228 compat=0 ip=0x45a37a code=0x0 [ 1044.547252] FAT-fs (loop2): Unrecognized mount option "" or missing value 14:33:23 executing program 3: r0 = socket$inet6(0xa, 0x3, 0x6) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) connect$inet6(r0, &(0x7f0000000180)={0xa, 0x0, 0x0, @loopback}, 0x1c) r2 = syz_open_procfs(0x0, &(0x7f0000000040)='net/raw6\x00') sendfile(r0, r2, &(0x7f00000000c0)=0x7000000, 0x401) 14:33:23 executing program 0: r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1, 0x0) write$P9_RLOCK(r1, &(0x7f00000000c0)={0x8}, 0x8) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000740)=ANY=[@ANYBLOB="00000001ed000000060000000080"]) 14:33:23 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={&(0x7f0000000000), 0xc, &(0x7f0000000540)={&(0x7f00000003c0)=@newlink={0x28, 0x10, 0x705, 0x0, 0x0, {0x0, 0x4c00000000000000}, [@IFLA_OPERSTATE={0x8}]}, 0x28}}, 0x0) 14:33:23 executing program 1: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000080)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_nopr_sha256\x00'}, 0x58) r1 = dup(r0) r2 = accept4$alg(r1, 0x0, 0x0, 0x0) io_setup(0x2000000000000002, &(0x7f0000000100)=0x0) io_submit(r3, 0x1, &(0x7f000049bfe8)=[&(0x7f00004dbfc0)={0x300, 0x0, 0x0, 0x0, 0x0, r2, &(0x7f0000000000)="0f", 0x1}]) 14:33:23 executing program 2: syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f00000004c0)='./file0\x00', 0x0, 0x0, &(0x7f0000000500), 0x0, &(0x7f0000000080)=ANY=[]) r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x0, 0x0) mknodat(r0, &(0x7f00000000c0)="2e2f66692e65318c", 0x0, 0x0) r1 = fanotify_init(0x7, 0x0) fanotify_mark(r1, 0x11, 0x40010028, r0, &(0x7f0000000240)="2e2f66692e65318c00") creat(&(0x7f0000000180)='./file0/file0\x00', 0x0) readv(r1, &(0x7f0000000040), 0x1) 14:33:23 executing program 0: r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1, 0x0) write$P9_RLOCK(r1, &(0x7f00000000c0)={0x8}, 0x8) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000740)=ANY=[@ANYBLOB="0001a40000000000060000000080"]) 14:33:23 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={&(0x7f0000000000), 0xc, &(0x7f0000000540)={&(0x7f00000003c0)=@newlink={0x28, 0x10, 0x705, 0x0, 0x0, {0x0, 0x6000000}, [@IFLA_OPERSTATE={0x8}]}, 0x28}}, 0x0) 14:33:23 executing program 3: r0 = socket$inet6(0xa, 0x3, 0x6) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) connect$inet6(r0, &(0x7f0000000180)={0xa, 0x0, 0x0, @loopback}, 0x1c) r2 = syz_open_procfs(0x0, &(0x7f0000000040)='net/raw6\x00') sendfile(r0, r2, &(0x7f00000000c0)=0x68000000, 0x401) [ 1044.746510] FAT-fs (loop2): bogus number of reserved sectors [ 1044.774377] FAT-fs (loop2): Can't find a valid FAT filesystem 14:33:23 executing program 5: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) prctl$seccomp(0x16, 0x1, &(0x7f0000000040)={0x0}) 14:33:23 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={&(0x7f0000000000), 0xc, &(0x7f0000000540)={&(0x7f00000003c0)=@newlink={0x28, 0x10, 0x705, 0x0, 0x0, {0x0, 0xffffff9e}, [@IFLA_OPERSTATE={0x8}]}, 0x28}}, 0x0) 14:33:23 executing program 0: r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1, 0x0) write$P9_RLOCK(r1, &(0x7f00000000c0)={0x8}, 0x8) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000740)=ANY=[@ANYBLOB="0001710000000000060000000080"]) 14:33:23 executing program 1: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000080)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_nopr_sha256\x00'}, 0x58) r1 = dup(r0) r2 = accept4$alg(r1, 0x0, 0x0, 0x0) io_setup(0x2000000000000002, &(0x7f0000000100)=0x0) io_submit(r3, 0x1, &(0x7f000049bfe8)=[&(0x7f00004dbfc0)={0x7, 0x0, 0x0, 0x0, 0x0, r2, &(0x7f0000000000)="0f", 0x1}]) 14:33:23 executing program 3: r0 = socket$inet6(0xa, 0x3, 0x6) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) connect$inet6(r0, &(0x7f0000000180)={0xa, 0x0, 0x0, @loopback}, 0x1c) r2 = syz_open_procfs(0x0, &(0x7f0000000040)='net/raw6\x00') sendfile(r0, r2, &(0x7f00000000c0)=0x60000000, 0x401) 14:33:23 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={&(0x7f0000000000), 0xc, &(0x7f0000000540)={&(0x7f00000003c0)=@newlink={0x28, 0x10, 0x705, 0x0, 0x0, {0x0, 0x2}, [@IFLA_OPERSTATE={0x8}]}, 0x28}}, 0x0) 14:33:23 executing program 0: r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1, 0x0) write$P9_RLOCK(r1, &(0x7f00000000c0)={0x8}, 0x8) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000740)=ANY=[@ANYBLOB="00f9000000000000060000000080"]) 14:33:23 executing program 3: r0 = socket$inet6(0xa, 0x3, 0x6) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) connect$inet6(r0, &(0x7f0000000180)={0xa, 0x0, 0x0, @loopback}, 0x1c) r2 = syz_open_procfs(0x0, &(0x7f0000000040)='net/raw6\x00') sendfile(r0, r2, &(0x7f00000000c0)=0x5000000, 0x401) [ 1045.148462] audit: type=1326 audit(1539268403.724:291): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=11854 comm="syz-executor5" exe="/root/syz-executor5" sig=9 arch=c000003e syscall=228 compat=0 ip=0x45a37a code=0x0 [ 1045.527359] FAT-fs (loop2): bogus number of reserved sectors [ 1045.533504] FAT-fs (loop2): Can't find a valid FAT filesystem 14:33:24 executing program 2: r0 = openat$selinux_checkreqprot(0xffffffffffffff9c, &(0x7f0000000340)='/selinux/checkreqprot\x00', 0x400000, 0x0) setsockopt$netlink_NETLINK_RX_RING(r0, 0x10e, 0x6, &(0x7f0000000380)={0x6, 0x200, 0xffff, 0x10000}, 0x10) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f00000004c0)='./file0\x00', 0x0, 0x0, &(0x7f0000000500), 0x0, &(0x7f0000000080)=ANY=[]) r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x0, 0x0) mknodat(r1, &(0x7f00000000c0)="2e2f66692e65318c", 0x0, 0x0) socketpair$packet(0x11, 0x3, 0x300, &(0x7f0000000040)={0xffffffffffffffff}) ioctl$sock_inet_SIOCSIFPFLAGS(r2, 0x8934, &(0x7f0000000100)={'vlan0\x00', 0xfffffffffffeffff}) r3 = fanotify_init(0x7, 0x0) clock_gettime(0x0, &(0x7f0000000080)={0x0, 0x0}) nanosleep(&(0x7f0000000400)={r4, r5+30000000}, &(0x7f0000000440)) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000740)=@filter={'filter\x00', 0xe, 0x4, 0x3a8, 0x1f0, 0x108, 0x1f0, 0x0, 0x108, 0x310, 0x310, 0x310, 0x310, 0x310, 0x4, &(0x7f00000003c0), {[{{@ip={@remote, @local, 0xff, 0xffffffff, 'vlan0\x00', 'nr0\x00', {}, {0xff}, 0xff, 0x2, 0x5b}, 0x0, 0xc0, 0x108, 0x0, {}, [@common=@inet=@ecn={0x28, 'ecn\x00', 0x0, {0x1, 0x21, 0x0, 0x7ff}}]}, @common=@unspec=@LED={0x48, 'LED\x00', 0x0, {'syz0\x00', 0x1, 0x7, 0x98d}}}, {{@uncond, 0x0, 0xc0, 0xe8, 0x0, {}, [@common=@ttl={0x28, 'ttl\x00', 0x0, {0x3}}]}, @REJECT={0x28, 'REJECT\x00', 0x0, {0x1}}}, {{@ip={@remote, @loopback, 0xffffffff, 0xffffffff, 'gre0\x00', '\x00', {0xff}, {0xff}, 0x88, 0x2, 0x18}, 0x0, 0xf8, 0x120, 0x0, {}, [@common=@ah={0x30, 'ah\x00', 0x0, {0x709d, 0x10000, 0x1}}, @common=@addrtype={0x30, 'addrtype\x00', 0x0, {0x0, 0x102}}]}, @REJECT={0x28, 'REJECT\x00', 0x0, {0xf}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x408) fanotify_mark(r3, 0x11, 0x40010028, r1, &(0x7f0000000240)="2e2f66692e65318c00") r6 = creat(&(0x7f0000000180)='./file0/file0\x00', 0x0) readv(r3, &(0x7f0000000400), 0x0) r7 = syz_genetlink_get_family_id$nbd(&(0x7f0000000200)='nbd\x00') sendmsg$NBD_CMD_STATUS(r6, &(0x7f0000000300)={&(0x7f00000001c0), 0xc, &(0x7f00000002c0)={&(0x7f0000000280)={0x38, r7, 0x300, 0x70bd2a, 0x25dfdbfd, {}, [@NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x9}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0xa03}, @NBD_ATTR_DEAD_CONN_TIMEOUT={0xc, 0x8, 0xfffffffffffffffb}]}, 0x38}, 0x1, 0x0, 0x0, 0x20008000}, 0x4004) 14:33:24 executing program 0: r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1, 0x0) write$P9_RLOCK(r1, &(0x7f00000000c0)={0x8}, 0x8) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000740)=ANY=[@ANYBLOB="0098000000000000060000000080"]) 14:33:24 executing program 3: r0 = socket$inet6(0xa, 0x3, 0x6) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) connect$inet6(r0, &(0x7f0000000180)={0xa, 0x0, 0x0, @loopback}, 0x1c) r2 = syz_open_procfs(0x0, &(0x7f0000000040)='net/raw6\x00') sendfile(r0, r2, &(0x7f00000000c0)=0x7a, 0x401) 14:33:24 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={&(0x7f0000000000), 0xc, &(0x7f0000000540)={&(0x7f00000003c0)=@newlink={0x28, 0x10, 0x705, 0x0, 0x0, {0x0, 0x6800000000000000}, [@IFLA_OPERSTATE={0x8}]}, 0x28}}, 0x0) [ 1045.619753] FAT-fs (loop2): bogus number of reserved sectors [ 1045.630979] FAT-fs (loop2): Can't find a valid FAT filesystem 14:33:24 executing program 5: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) prctl$seccomp(0x16, 0x1, &(0x7f0000000040)={0x0}) 14:33:24 executing program 1: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000080)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_nopr_sha256\x00'}, 0x58) r1 = dup(r0) r2 = accept4$alg(r1, 0x0, 0x0, 0x0) io_setup(0x2000000000000002, &(0x7f0000000100)=0x0) io_submit(r3, 0x1, &(0x7f000049bfe8)=[&(0x7f00004dbfc0)={0xdf00000000000000, 0x0, 0x0, 0x0, 0x0, r2, &(0x7f0000000000)="0f", 0x1}]) 14:33:24 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={&(0x7f0000000000), 0xc, &(0x7f0000000540)={&(0x7f00000003c0)=@newlink={0x28, 0x10, 0x705, 0x0, 0x0, {0x0, 0x68000000}, [@IFLA_OPERSTATE={0x8}]}, 0x28}}, 0x0) 14:33:24 executing program 3: r0 = socket$inet6(0xa, 0x3, 0x6) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) connect$inet6(r0, &(0x7f0000000180)={0xa, 0x0, 0x0, @loopback}, 0x1c) r2 = syz_open_procfs(0x0, &(0x7f0000000040)='net/raw6\x00') sendfile(r0, r2, &(0x7f00000000c0)=0xfffffffe, 0x401) 14:33:24 executing program 0: r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1, 0x0) write$P9_RLOCK(r1, &(0x7f00000000c0)={0x8}, 0x8) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000740)=ANY=[@ANYBLOB="00bd010000000000060000000080"]) 14:33:24 executing program 3: r0 = socket$inet6(0xa, 0x3, 0x6) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) connect$inet6(r0, &(0x7f0000000180)={0xa, 0x0, 0x0, @loopback}, 0x1c) r2 = syz_open_procfs(0x0, &(0x7f0000000040)='net/raw6\x00') sendfile(r0, r2, &(0x7f00000000c0)=0x6c, 0x401) 14:33:24 executing program 0: r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1, 0x0) write$P9_RLOCK(r1, &(0x7f00000000c0)={0x8}, 0x8) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000740)=ANY=[@ANYBLOB="0086000000000000060000000080"]) 14:33:24 executing program 3: r0 = socket$inet6(0xa, 0x3, 0x6) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) connect$inet6(r0, &(0x7f0000000180)={0xa, 0x0, 0x0, @loopback}, 0x1c) r2 = syz_open_procfs(0x0, &(0x7f0000000040)='net/raw6\x00') sendfile(r0, r2, &(0x7f00000000c0)=0x4800000000000000, 0x401) [ 1045.990224] audit: type=1326 audit(1539268404.574:292): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=11908 comm="syz-executor5" exe="/root/syz-executor5" sig=9 arch=c000003e syscall=228 compat=0 ip=0x45a37a code=0x0 [ 1046.413528] FAT-fs (loop2): Unrecognized mount option "4_¿[" or missing value [ 1191.647945] INFO: task syz-executor2:11892 blocked for more than 140 seconds. [ 1191.655255] Not tainted 4.19.0-rc7+ #57 [ 1191.659810] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 1191.667799] syz-executor2 D23552 11892 5450 0x00000004 [ 1191.673572] Call Trace: [ 1191.676175] __schedule+0x86c/0x1ed0 [ 1191.680478] ? __sched_text_start+0x8/0x8 [ 1191.684636] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 1191.690129] ? kasan_check_write+0x14/0x20 [ 1191.694377] ? do_raw_spin_lock+0xc1/0x200 [ 1191.698652] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 1191.703764] ? prepare_to_wait_event+0x39f/0xa10 [ 1191.708549] ? send_sigio+0x4a0/0x4a0 [ 1191.712361] ? prepare_to_wait_exclusive+0x480/0x480 [ 1191.717457] ? kasan_check_write+0x14/0x20 [ 1191.721744] ? do_raw_spin_lock+0xc1/0x200 [ 1191.725982] schedule+0xfe/0x460 [ 1191.729382] ? __schedule+0x1ed0/0x1ed0 [ 1191.733433] ? ___might_sleep+0x1ed/0x300 [ 1191.737568] ? kasan_check_write+0x14/0x20 [ 1191.741900] ? arch_local_save_flags+0x40/0x40 [ 1191.746494] ? replenish_dl_entity.cold.55+0x36/0x36 [ 1191.751653] ? __might_sleep+0x95/0x190 [ 1191.755634] fanotify_handle_event+0x7fb/0x9a0 [ 1191.760268] ? fanotify_alloc_event+0x480/0x480 [ 1191.764947] ? finish_wait+0x430/0x430 [ 1191.768871] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1191.774413] fsnotify+0x87f/0x12f0 [ 1191.778113] ? fsnotify_first_mark+0x350/0x350 [ 1191.782752] ? selinux_file_open+0x3b6/0x5c0 [ 1191.787181] ? fsnotify+0x12f0/0x12f0 [ 1191.791070] ? __mnt_want_write+0x2ec/0x420 [ 1191.795403] ? may_umount_tree+0x210/0x210 [ 1191.799715] security_file_open+0x16f/0x1b0 [ 1191.804043] ? security_file_open+0x16f/0x1b0 [ 1191.809047] do_dentry_open+0x331/0x1250 [ 1191.813106] ? chown_common+0x730/0x730 [ 1191.817114] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1191.822753] ? security_inode_permission+0xd2/0x100 [ 1191.827819] ? inode_permission+0xb2/0x560 [ 1191.832064] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 1191.837254] vfs_open+0xa0/0xd0 [ 1191.840616] path_openat+0x12bf/0x5160 [ 1191.844580] ? zap_class+0x640/0x640 [ 1191.848356] ? path_lookupat.isra.43+0xc00/0xc00 [ 1191.853123] ? unwind_get_return_address+0x61/0xa0 [ 1191.858100] ? expand_files.part.8+0x571/0x9a0 [ 1191.862688] ? iterate_fd+0x4b0/0x4b0 [ 1191.866583] ? zap_class+0x640/0x640 [ 1191.870380] ? __alloc_fd+0x347/0x6e0 [ 1191.874298] ? lock_downgrade+0x900/0x900 [ 1191.878499] ? getname+0x19/0x20 [ 1191.881874] ? kasan_check_read+0x11/0x20 [ 1191.886008] ? do_raw_spin_unlock+0xa7/0x2f0 [ 1191.890467] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 1191.895060] ? kasan_check_write+0x14/0x20 [ 1191.899406] ? do_raw_spin_lock+0xc1/0x200 [ 1191.903661] ? _raw_spin_unlock+0x2c/0x50 [ 1191.907863] ? __alloc_fd+0x347/0x6e0 [ 1191.911676] do_filp_open+0x255/0x380 [ 1191.915473] ? may_open_dev+0x100/0x100 [ 1191.919631] ? strncpy_from_user+0x3be/0x510 [ 1191.924049] ? digsig_verify+0x1530/0x1530 [ 1191.928334] ? get_unused_fd_flags+0x122/0x1a0 [ 1191.933038] ? getname_flags+0x26e/0x5a0 [ 1191.937094] ? put_timespec64+0x10f/0x1b0 [ 1191.941798] do_sys_open+0x568/0x700 [ 1191.945515] ? filp_open+0x80/0x80 [ 1191.949102] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1191.954481] __x64_sys_creat+0x61/0x80 [ 1191.958412] do_syscall_64+0x1b9/0x820 [ 1191.962379] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 1191.967739] ? syscall_return_slowpath+0x5e0/0x5e0 [ 1191.972822] ? trace_hardirqs_on_caller+0x310/0x310 [ 1191.977893] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 1191.982900] ? recalc_sigpending_tsk+0x180/0x180 [ 1191.987638] ? kasan_check_write+0x14/0x20 [ 1191.991922] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1191.996770] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1192.002156] RIP: 0033:0x457519 [ 1192.005361] Code: 87 0a 8b 0d dd 60 09 01 83 f9 01 0f 85 1c 01 00 00 b9 01 00 00 00 88 0d 19 66 09 01 84 c9 0f 84 fd 00 00 00 b9 01 00 00 00 88 <0d> 02 66 09 01 48 8b 05 9b 71 07 01 48 89 04 24 e8 42 2c fc ff 8b [ 1192.024360] RSP: 002b:00007fbf94ee1c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000055 [ 1192.032104] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 0000000000457519 [ 1192.039420] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000020000180 [ 1192.046699] RBP: 000000000072bfa0 R08: 0000000000000000 R09: 0000000000000000 [ 1192.054016] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fbf94ee26d4 [ 1192.061310] R13: 00000000004bdae2 R14: 00000000004cc628 R15: 00000000ffffffff [ 1192.069106] INFO: task syz-executor2:11897 blocked for more than 140 seconds. [ 1192.076377] Not tainted 4.19.0-rc7+ #57 [ 1192.080918] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 1192.088911] syz-executor2 D25216 11897 5450 0x00000004 [ 1192.094533] Call Trace: [ 1192.097113] __schedule+0x86c/0x1ed0 [ 1192.100880] ? __sched_text_start+0x8/0x8 [ 1192.105028] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 1192.110512] ? kasan_check_write+0x14/0x20 [ 1192.114748] ? do_raw_spin_lock+0xc1/0x200 [ 1192.119018] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 1192.124126] ? prepare_to_wait_event+0x39f/0xa10 [ 1192.128939] ? send_sigio+0x4a0/0x4a0 [ 1192.132753] ? prepare_to_wait_exclusive+0x480/0x480 [ 1192.137895] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1192.143442] ? fanotify_merge+0x20e/0x2b0 [ 1192.147576] schedule+0xfe/0x460 [ 1192.150987] ? __schedule+0x1ed0/0x1ed0 [ 1192.154965] ? ___might_sleep+0x1ed/0x300 [ 1192.159153] ? kasan_check_write+0x14/0x20 [ 1192.163395] ? arch_local_save_flags+0x40/0x40 [ 1192.168041] ? replenish_dl_entity.cold.55+0x36/0x36 [ 1192.173169] ? __might_sleep+0x95/0x190 [ 1192.177130] fanotify_handle_event+0x7fb/0x9a0 [ 1192.181766] ? fanotify_alloc_event+0x480/0x480 [ 1192.186439] ? finish_wait+0x430/0x430 [ 1192.190491] ? zap_class+0x640/0x640 [ 1192.194220] fsnotify+0x87f/0x12f0 [ 1192.197762] ? fsnotify_first_mark+0x350/0x350 [ 1192.202970] ? selinux_file_open+0x3b6/0x5c0 [ 1192.207391] ? fsnotify+0x12f0/0x12f0 [ 1192.211272] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 1192.215865] ? errseq_sample+0xe5/0x130 [ 1192.219909] security_file_open+0x16f/0x1b0 [ 1192.224239] ? security_file_open+0x16f/0x1b0 [ 1192.228795] do_dentry_open+0x331/0x1250 [ 1192.232992] ? selinux_capable+0x40/0x40 [ 1192.237053] ? chown_common+0x730/0x730 [ 1192.241108] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1192.246661] ? security_inode_permission+0xd2/0x100 [ 1192.251751] ? inode_permission+0xb2/0x560 [ 1192.255997] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 1192.261278] vfs_open+0xa0/0xd0 [ 1192.264576] path_openat+0x12bf/0x5160 [ 1192.268505] ? zap_class+0x640/0x640 [ 1192.272229] ? path_lookupat.isra.43+0xc00/0xc00 [ 1192.276973] ? expand_files.part.8+0x571/0x9a0 [ 1192.281629] ? iterate_fd+0x4b0/0x4b0 [ 1192.285433] ? zap_class+0x640/0x640 [ 1192.289422] ? __alloc_fd+0x347/0x6e0 [ 1192.293232] ? lock_downgrade+0x900/0x900 [ 1192.297365] ? getname+0x19/0x20 [ 1192.300950] ? kasan_check_read+0x11/0x20 [ 1192.305112] ? do_raw_spin_unlock+0xa7/0x2f0 [ 1192.309576] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 1192.314180] ? kasan_check_write+0x14/0x20 [ 1192.318514] ? do_raw_spin_lock+0xc1/0x200 [ 1192.322762] ? _raw_spin_unlock+0x2c/0x50 [ 1192.326896] ? __alloc_fd+0x347/0x6e0 [ 1192.331255] do_filp_open+0x255/0x380 [ 1192.335052] ? may_open_dev+0x100/0x100 [ 1192.339073] ? strncpy_from_user+0x3be/0x510 [ 1192.343492] ? digsig_verify+0x1530/0x1530 [ 1192.347721] ? get_unused_fd_flags+0x122/0x1a0 [ 1192.352385] ? getname_flags+0x26e/0x5a0 [ 1192.356456] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1192.362193] do_sys_open+0x568/0x700 [ 1192.365922] ? filp_open+0x80/0x80 [ 1192.369498] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1192.375040] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 1192.380620] __x64_sys_openat+0x9d/0x100 [ 1192.384695] do_syscall_64+0x1b9/0x820 [ 1192.388630] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 1192.394002] ? syscall_return_slowpath+0x5e0/0x5e0 [ 1192.398985] ? trace_hardirqs_on_caller+0x310/0x310 [ 1192.404005] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 1192.409066] ? recalc_sigpending_tsk+0x180/0x180 [ 1192.413825] ? kasan_check_write+0x14/0x20 [ 1192.418115] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1192.423422] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1192.428686] RIP: 0033:0x457519 [ 1192.431889] Code: 87 0a 8b 0d dd 60 09 01 83 f9 01 0f 85 1c 01 00 00 b9 01 00 00 00 88 0d 19 66 09 01 84 c9 0f 84 fd 00 00 00 b9 01 00 00 00 88 <0d> 02 66 09 01 48 8b 05 9b 71 07 01 48 89 04 24 e8 42 2c fc ff 8b [ 1192.451205] RSP: 002b:00007fbf94ec0c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1192.459447] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000457519 [ 1192.466821] RDX: 0000000000000000 RSI: 0000000020000140 RDI: ffffffffffffff9c [ 1192.474806] RBP: 000000000072c040 R08: 0000000000000000 R09: 0000000000000000 [ 1192.482114] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fbf94ec16d4 [ 1192.489444] R13: 00000000004c2b1e R14: 00000000004d4158 R15: 00000000ffffffff [ 1192.496726] INFO: lockdep is turned off. [ 1192.500967] NMI backtrace for cpu 1 [ 1192.504613] CPU: 1 PID: 982 Comm: khungtaskd Not tainted 4.19.0-rc7+ #57 [ 1192.511792] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1192.521491] Call Trace: [ 1192.525023] dump_stack+0x1c4/0x2b4 [ 1192.530493] ? dump_stack_print_info.cold.2+0x52/0x52 [ 1192.536020] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1192.541555] nmi_cpu_backtrace.cold.3+0x63/0xa2 [ 1192.546251] ? lapic_can_unplug_cpu.cold.27+0x3f/0x3f [ 1192.551671] nmi_trigger_cpumask_backtrace+0x1b3/0x1ed [ 1192.556946] arch_trigger_cpumask_backtrace+0x14/0x20 [ 1192.562131] watchdog+0xb3e/0x1050 [ 1192.565677] ? reset_hung_task_detector+0xd0/0xd0 [ 1192.570652] ? __kthread_parkme+0xce/0x1a0 [ 1192.574883] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 1192.579980] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 1192.585186] ? lockdep_hardirqs_on+0x421/0x5c0 [ 1192.589781] ? trace_hardirqs_on+0xbd/0x310 [ 1192.594088] ? kasan_check_read+0x11/0x20 [ 1192.598226] ? __kthread_parkme+0xce/0x1a0 [ 1192.602445] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 1192.607882] ? kasan_check_write+0x14/0x20 [ 1192.612103] ? do_raw_spin_lock+0xc1/0x200 [ 1192.616330] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 1192.621426] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1192.626959] ? __kthread_parkme+0xfb/0x1a0 [ 1192.631188] kthread+0x35a/0x420 [ 1192.634548] ? reset_hung_task_detector+0xd0/0xd0 [ 1192.639377] ? kthread_bind+0x40/0x40 [ 1192.643168] ret_from_fork+0x3a/0x50 [ 1192.647019] Sending NMI from CPU 1 to CPUs 0: [ 1192.652553] NMI backtrace for cpu 0 [ 1192.652560] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 4.19.0-rc7+ #57 [ 1192.652567] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1192.652572] RIP: 0010:rcu_nmi_enter+0x175/0x1e0 [ 1192.652585] Code: 00 48 8b 45 d0 65 48 33 04 25 28 00 00 00 75 72 48 83 c4 68 5b 41 5c 41 5d 41 5e 41 5f 5d c3 e8 91 9b fe ff 41 bc 01 00 00 00 55 ff ff ff 0f 0b e9 3b ff ff ff 4c 89 f7 e8 27 4a 58 00 e9 5c [ 1192.652589] RSP: 0018:ffff8801dae07c20 EFLAGS: 00000096 [ 1192.652599] RAX: 000000000027fb14 RBX: ffff8801dae23980 RCX: ffffffff81689781 [ 1192.652605] RDX: 0000000000000001 RSI: 0000000000000004 RDI: ffff8801dae23990 [ 1192.652611] RBP: ffff8801dae07cb0 R08: ffffed003b5c4733 R09: ffffed003b5c4732 [ 1192.652617] R10: ffffed003b5c4732 R11: ffff8801dae23993 R12: 0000000000000001 [ 1192.652623] R13: 1ffff1003b5c0f85 R14: ffff8801dae23988 R15: 0000000000000000 [ 1192.652630] FS: 0000000000000000(0000) GS:ffff8801dae00000(0000) knlGS:0000000000000000 [ 1192.652635] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 1192.652641] CR2: ffffffffff600400 CR3: 00000001d2977000 CR4: 00000000001406f0 [ 1192.652647] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 1192.652653] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 1192.652656] Call Trace: [ 1192.652659] [ 1192.652663] ? rcu_idle_exit+0x470/0x470 [ 1192.652668] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1192.652673] ? check_preemption_disabled+0x48/0x200 [ 1192.652677] rcu_irq_enter+0xce/0x100 [ 1192.652680] irq_enter+0xa/0xe0 [ 1192.652685] scheduler_ipi+0x3d0/0xad0 [ 1192.652689] ? migration_cpu_stop+0x6a0/0x6a0 [ 1192.652694] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1192.652706] ? check_preemption_disabled+0x48/0x200 [ 1192.652710] ? rcu_nmi_exit+0xdb/0x280 [ 1192.652714] ? rcu_idle_enter+0x4b0/0x4b0 [ 1192.652718] ? kvm_clock_read+0x18/0x30 [ 1192.652723] ? kvm_sched_clock_read+0x9/0x20 [ 1192.652728] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1192.652732] ? check_preemption_disabled+0x48/0x200 [ 1192.652737] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1192.652742] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1192.652747] ? check_preemption_disabled+0x48/0x200 [ 1192.652752] smp_reschedule_interrupt+0x109/0x650 [ 1192.652756] ? smp_thermal_interrupt+0x850/0x850 [ 1192.652760] ? interrupt_entry+0xb5/0xf0 [ 1192.652765] ? trace_hardirqs_off_caller+0xbb/0x310 [ 1192.652770] ? trace_hardirqs_off_caller+0xbb/0x310 [ 1192.652774] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1192.652779] ? trace_hardirqs_on_caller+0x310/0x310 [ 1192.652784] ? trace_hardirqs_on_caller+0x310/0x310 [ 1192.652789] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1192.652794] ? check_preemption_disabled+0x48/0x200 [ 1192.652798] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1192.652803] reschedule_interrupt+0xf/0x20 [ 1192.652806] [ 1192.652810] RIP: 0010:native_safe_halt+0x6/0x10 [ 1192.652823] Code: e9 2c ff ff ff 48 89 c7 48 89 45 d8 e8 63 eb 11 fa 48 8b 45 d8 e9 ca fe ff ff 48 89 df e8 52 eb 11 fa eb 82 55 48 89 e5 fb f4 <5d> c3 0f 1f 84 00 00 00 00 00 55 48 89 e5 f4 5d c3 90 90 90 90 90 [ 1192.652828] RSP: 0018:ffffffff89207bb8 EFLAGS: 00000286 ORIG_RAX: ffffffffffffff02 [ 1192.652838] RAX: dffffc0000000000 RBX: 1ffffffff1240f7b RCX: ffffffff8184e1ca [ 1192.652844] RDX: 1ffffffff1263e54 RSI: ffffffff8184e1e4 RDI: ffffffff8931f2a0 [ 1192.652850] RBP: ffffffff89207bb8 R08: ffffffff89276e40 R09: ffffed003b5c4732 [ 1192.652856] R10: ffffed003b5c4732 R11: ffff8801dae23993 R12: ffffffff89207c78 [ 1192.652862] R13: ffffffff89f3bee0 R14: 0000000000000000 R15: 0000000000000000 [ 1192.652866] ? trace_hardirqs_on+0x9a/0x310 [ 1192.652871] ? trace_hardirqs_on+0xb4/0x310 [ 1192.652875] default_idle+0xbf/0x490 [ 1192.652879] ? rcu_dynticks_eqs_enter+0x4c/0x70 [ 1192.652883] ? __sched_text_end+0x1/0x1 [ 1192.652888] ? rcu_idle_enter+0x329/0x4b0 [ 1192.652892] ? rcu_eqs_special_set+0x1b0/0x1b0 [ 1192.652897] ? tsc_verify_tsc_adjust+0x137/0x460 [ 1192.652902] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 1192.652907] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1192.652912] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1192.652917] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1192.652921] arch_cpu_idle+0x10/0x20 [ 1192.652925] default_idle_call+0x6d/0x90 [ 1192.652929] do_idle+0x3db/0x5b0 [ 1192.652933] ? retint_kernel+0x2d/0x2d [ 1192.652937] ? arch_cpu_idle_exit+0x70/0x70 [ 1192.652942] ? trace_hardirqs_on+0xb4/0x310 [ 1192.652946] cpu_startup_entry+0x10c/0x120 [ 1192.652950] ? cpu_in_idle+0x20/0x20 [ 1192.652954] rest_init+0xe2/0xe5 [ 1192.652958] start_kernel+0x8f4/0x92f [ 1192.652962] ? mem_encrypt_init+0xb/0xb [ 1192.652967] ? early_idt_handler_common+0x3b/0x60 [ 1192.652972] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1192.652976] ? x86_family+0x3e/0x50 [ 1192.652981] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1192.652985] x86_64_start_reservations+0x29/0x2b [ 1192.652989] x86_64_start_kernel+0x76/0x79 [ 1192.652994] secondary_startup_64+0xa4/0xb0 [ 1192.653528] Kernel panic - not syncing: hung_task: blocked tasks [ 1193.135745] CPU: 1 PID: 982 Comm: khungtaskd Not tainted 4.19.0-rc7+ #57 [ 1193.142628] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1193.151972] Call Trace: [ 1193.154673] dump_stack+0x1c4/0x2b4 [ 1193.158415] ? dump_stack_print_info.cold.2+0x52/0x52 [ 1193.163604] panic+0x238/0x4e7 [ 1193.166784] ? add_taint.cold.5+0x16/0x16 [ 1193.170920] ? nmi_trigger_cpumask_backtrace+0x16a/0x1ed [ 1193.176892] ? nmi_trigger_cpumask_backtrace+0x1c4/0x1ed [ 1193.182329] ? nmi_trigger_cpumask_backtrace+0x173/0x1ed [ 1193.187774] ? nmi_trigger_cpumask_backtrace+0x16a/0x1ed [ 1193.193236] watchdog+0xb4f/0x1050 [ 1193.196768] ? reset_hung_task_detector+0xd0/0xd0 [ 1193.201599] ? __kthread_parkme+0xce/0x1a0 [ 1193.205829] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 1193.210922] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 1193.217586] ? lockdep_hardirqs_on+0x421/0x5c0 [ 1193.223534] ? trace_hardirqs_on+0xbd/0x310 [ 1193.228284] ? kasan_check_read+0x11/0x20 [ 1193.232808] ? __kthread_parkme+0xce/0x1a0 [ 1193.238605] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 1193.245863] ? kasan_check_write+0x14/0x20 [ 1193.251533] ? do_raw_spin_lock+0xc1/0x200 [ 1193.255854] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 1193.260959] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1193.266484] ? __kthread_parkme+0xfb/0x1a0 [ 1193.270709] kthread+0x35a/0x420 [ 1193.274063] ? reset_hung_task_detector+0xd0/0xd0 [ 1193.278890] ? kthread_bind+0x40/0x40 [ 1193.282676] ret_from_fork+0x3a/0x50 [ 1193.287518] Kernel Offset: disabled [ 1193.291159] Rebooting in 86400 seconds..