[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   37.570860][   T25] audit: type=1800 audit(1572634148.759:25): pid=7129 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2447 res=0
[   37.620519][   T25] audit: type=1800 audit(1572634148.759:26): pid=7129 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2490 res=0
[   37.642202][   T25] audit: type=1800 audit(1572634148.769:27): pid=7129 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2469 res=0
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.0.166' (ECDSA) to the list of known hosts.
2019/11/01 18:49:19 fuzzer started
2019/11/01 18:49:21 dialing manager at 10.128.0.105:41349
2019/11/01 18:49:22 syscalls: 2540
2019/11/01 18:49:22 code coverage: enabled
2019/11/01 18:49:22 comparison tracing: enabled
2019/11/01 18:49:22 extra coverage: extra coverage is not supported by the kernel
2019/11/01 18:49:22 setuid sandbox: enabled
2019/11/01 18:49:22 namespace sandbox: enabled
2019/11/01 18:49:22 Android sandbox: /sys/fs/selinux/policy does not exist
2019/11/01 18:49:22 fault injection: enabled
2019/11/01 18:49:22 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled
2019/11/01 18:49:22 net packet injection: enabled
2019/11/01 18:49:22 net device setup: enabled
2019/11/01 18:49:22 concurrency sanitizer: enabled
2019/11/01 18:49:28 adding functions to KCSAN blacklist: 'task_dump_owner' 'blk_mq_run_hw_queue' 'update_defense_level' '__nf_conntrack_find_get' 'ktime_get_real_seconds' 'find_get_pages_range_tag' 'rcu_gp_fqs_check_wake' 'run_timer_softirq' 'ext4_free_inode' 'find_next_bit' 'ep_poll' 'generic_fillattr' 'generic_write_end' '__hrtimer_run_queues' 'tcp_add_backlog' '__delete_from_page_cache' 'generic_permission' 'ext4_free_inodes_count' '__ext4_new_inode' 'common_perm_cond' 'pipe_poll' 'tcp_poll' 'mod_timer' 'taskstats_exit' 'blk_mq_get_request' 'do_nanosleep' 'ktime_get_seconds' 'pid_update_inode' 'tomoyo_supervisor' 'tick_do_update_jiffies64' 'tick_sched_do_timer' '__nf_ct_refresh_acct' 
18:49:47 executing program 0:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000000)="2e0000001e000504ed0080648c6394f268315c03100003402c00000001000080000000000300f88000f01700d0bd", 0x2e}], 0x1}, 0x0)

syzkaller login: [   76.955018][ T7301] IPVS: ftp: loaded support on port[0] = 21
18:49:48 executing program 1:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000140)={<r0=>0xffffffffffffffff})
r1 = dup(r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
r2 = socket$inet(0x10, 0x80002, 0x0)
sendmsg(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000080)="24000000210007041dfffd946f610500020000e8fe02080100010800080011000400ff7e280000001100ffffba16a0aa", 0x30}], 0x1}, 0x0)

[   77.068109][ T7301] chnl_net:caif_netlink_parms(): no params data found
[   77.145165][ T7301] bridge0: port 1(bridge_slave_0) entered blocking state
[   77.152314][ T7301] bridge0: port 1(bridge_slave_0) entered disabled state
[   77.160870][ T7301] device bridge_slave_0 entered promiscuous mode
[   77.176999][ T7304] IPVS: ftp: loaded support on port[0] = 21
[   77.184502][ T7301] bridge0: port 2(bridge_slave_1) entered blocking state
[   77.191616][ T7301] bridge0: port 2(bridge_slave_1) entered disabled state
[   77.200287][ T7301] device bridge_slave_1 entered promiscuous mode
[   77.245512][ T7301] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   77.269174][ T7301] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
18:49:48 executing program 2:
r0 = socket$inet6(0xa, 0x2, 0x0)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x14e24}, 0x1c)
recvmmsg(r0, 0x0, 0x0, 0x0, 0x0)
connect$inet6(r0, &(0x7f00000002c0)={0xa, 0x4e24}, 0x1c)
sendmmsg(r0, &(0x7f00000092c0), 0x4ff, 0x0)
ppoll(&(0x7f0000000040)=[{r0, 0x2, 0x3000300}], 0x1, 0x0, 0x0, 0x0)

[   77.293699][ T7301] team0: Port device team_slave_0 added
[   77.300787][ T7301] team0: Port device team_slave_1 added
[   77.366755][ T7301] device hsr_slave_0 entered promiscuous mode
[   77.453817][ T7301] device hsr_slave_1 entered promiscuous mode
[   77.547825][ T7306] IPVS: ftp: loaded support on port[0] = 21
[   77.577542][ T7304] chnl_net:caif_netlink_parms(): no params data found
[   77.649100][ T7301] bridge0: port 2(bridge_slave_1) entered blocking state
[   77.656210][ T7301] bridge0: port 2(bridge_slave_1) entered forwarding state
[   77.663634][ T7301] bridge0: port 1(bridge_slave_0) entered blocking state
[   77.670688][ T7301] bridge0: port 1(bridge_slave_0) entered forwarding state
18:49:49 executing program 3:
set_mempolicy(0x3, &(0x7f00000000c0)=0xfffffffffffffff7, 0x3)
r0 = getpid()
sched_setscheduler(r0, 0x5, &(0x7f0000000380))
r1 = getpid()
sched_setscheduler(r1, 0x5, &(0x7f0000000380))
r2 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0)
perf_event_open(0x0, r1, 0x0, r2, 0x11)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000140)={<r3=>r0, 0xffffffffffffffff, 0x0, 0x4, &(0x7f0000000000)='t\x00\x8c\x00'}, 0x30)
r4 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0xfffffffffffffffd}}, r3, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00', 0x275a, 0x0)
fallocate(0xffffffffffffffff, 0x0, 0x0, 0x0)
fcntl$setstatus(r4, 0x4, 0x42000)
ioctl$EXT4_IOC_MOVE_EXT(0xffffffffffffffff, 0xc028660f, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00', 0x275c, 0x0)
r5 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0)
write$binfmt_aout(r5, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194c871512e2249d01df96"], 0x16)
sendfile(r5, r5, &(0x7f00000001c0), 0x8080fffffffe)
ioctl$PIO_CMAP(r5, 0x4b71, &(0x7f0000000180)={0x20, 0x3, 0x5, 0x9, 0x0, 0xffffffffffffb9de})
syslog(0x4, &(0x7f0000000040)=""/4, 0x4)
syz_open_dev$loop(&(0x7f0000000240)='/dev/loop#\x00', 0x0, 0x0)
r6 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0)
fchdir(r6)
ioctl$BLKTRACESTOP(r6, 0x1275, 0x0)
prctl$PR_MCE_KILL_GET(0x22)
pipe2(&(0x7f0000000100)={0xffffffffffffffff, <r7=>0xffffffffffffffff}, 0x4000)
ioctl$SNDRV_SEQ_IOCTL_PVERSION(r7, 0x80045300, &(0x7f0000000080))

[   77.799314][ T7304] bridge0: port 1(bridge_slave_0) entered blocking state
[   77.829903][ T7304] bridge0: port 1(bridge_slave_0) entered disabled state
[   77.862226][ T7304] device bridge_slave_0 entered promiscuous mode
[   77.904162][ T7304] bridge0: port 2(bridge_slave_1) entered blocking state
[   77.911277][ T7304] bridge0: port 2(bridge_slave_1) entered disabled state
[   77.944593][ T7304] device bridge_slave_1 entered promiscuous mode
[   78.018514][ T7301] 8021q: adding VLAN 0 to HW filter on device bond0
[   78.075056][ T3007] bridge0: port 1(bridge_slave_0) entered disabled state
[   78.083521][ T3007] bridge0: port 2(bridge_slave_1) entered disabled state
[   78.135041][ T3007] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
[   78.225650][ T7304] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   78.246788][ T7304] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   78.331297][ T7301] 8021q: adding VLAN 0 to HW filter on device team0
[   78.352071][ T7335] IPVS: ftp: loaded support on port[0] = 21
[   78.368889][ T3001] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   78.394518][ T3001] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   78.406239][ T7306] chnl_net:caif_netlink_parms(): no params data found
[   78.448458][ T7304] team0: Port device team_slave_0 added
[   78.474511][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   78.503891][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   78.512719][    T5] bridge0: port 1(bridge_slave_0) entered blocking state
[   78.519801][    T5] bridge0: port 1(bridge_slave_0) entered forwarding state
[   78.574185][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   78.583032][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   78.634045][    T5] bridge0: port 2(bridge_slave_1) entered blocking state
[   78.641124][    T5] bridge0: port 2(bridge_slave_1) entered forwarding state
[   78.674229][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[   78.742708][ T7304] team0: Port device team_slave_1 added
[   78.808265][ T7336] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[   78.825133][ T7336] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
18:49:50 executing program 4:
r0 = syz_open_procfs(0x0, &(0x7f00000001c0)='mounts\x00')
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
r2 = dup2(r1, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
sendfile(r0, r0, &(0x7f0000000180)=0x74000000, 0x5)

[   78.864000][ T7336] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   78.884596][ T7336] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[   78.924423][ T7336] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   78.956889][ T7336] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   78.976821][ T7336] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   79.024161][ T7336] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   79.064182][ T7336] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   79.119306][ T7301] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[   79.148627][ T7336] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   79.194497][ T7306] bridge0: port 1(bridge_slave_0) entered blocking state
[   79.201568][ T7306] bridge0: port 1(bridge_slave_0) entered disabled state
[   79.244502][ T7306] device bridge_slave_0 entered promiscuous mode
[   79.274252][ T7306] bridge0: port 2(bridge_slave_1) entered blocking state
[   79.281341][ T7306] bridge0: port 2(bridge_slave_1) entered disabled state
[   79.324522][ T7306] device bridge_slave_1 entered promiscuous mode
[   79.365628][ T7301] 8021q: adding VLAN 0 to HW filter on device batadv0
[   79.426576][ T7304] device hsr_slave_0 entered promiscuous mode
[   79.463883][ T7304] device hsr_slave_1 entered promiscuous mode
[   79.493583][ T7304] debugfs: Directory 'hsr0' with parent '/' already present!
[   79.544357][ T7339] IPVS: ftp: loaded support on port[0] = 21
[   79.614456][ T7306] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   79.680764][ T7306] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   79.858447][ T7306] team0: Port device team_slave_0 added
[   79.967052][ T7306] team0: Port device team_slave_1 added
[   79.982257][ T7369] netlink: 'syz-executor.0': attribute type 3 has an invalid length.
[   80.036175][    C0] hrtimer: interrupt took 34051 ns
[   80.041800][ T7369] netlink: 10 bytes leftover after parsing attributes in process `syz-executor.0'.
[   80.106867][ T7335] chnl_net:caif_netlink_parms(): no params data found
[   80.133926][ T7369] netlink: 'syz-executor.0': attribute type 3 has an invalid length.
[   80.142122][ T7369] netlink: 10 bytes leftover after parsing attributes in process `syz-executor.0'.
[   80.176728][ T7306] device hsr_slave_0 entered promiscuous mode
[   80.213881][ T7306] device hsr_slave_1 entered promiscuous mode
[   80.253653][ T7306] debugfs: Directory 'hsr0' with parent '/' already present!
[   80.270866][ T7304] 8021q: adding VLAN 0 to HW filter on device bond0
[   80.360301][ T7304] 8021q: adding VLAN 0 to HW filter on device team0
[   80.399699][   T44] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   80.424460][   T44] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   80.507786][   T44] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   80.524644][   T44] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   80.556394][   T44] bridge0: port 1(bridge_slave_0) entered blocking state
[   80.563524][   T44] bridge0: port 1(bridge_slave_0) entered forwarding state
[   80.632569][   T44] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   80.703381][   T44] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   80.753879][   T44] bridge0: port 2(bridge_slave_1) entered blocking state
[   80.760992][   T44] bridge0: port 2(bridge_slave_1) entered forwarding state
[   80.834757][ T7339] chnl_net:caif_netlink_parms(): no params data found
[   80.892885][ T7304] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[   80.974378][ T7304] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   81.048353][ T7329] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   81.064248][ T7329] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[   81.114295][ T7329] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[   81.164373][ T7329] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[   81.173256][ T7329] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   81.243304][ T7329] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[   81.285094][ T7329] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   81.324788][ T7329] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   81.377150][ T7329] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   81.407501][ T7329] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   81.457914][ T7329] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   81.498050][ T7335] bridge0: port 1(bridge_slave_0) entered blocking state
[   81.523915][ T7335] bridge0: port 1(bridge_slave_0) entered disabled state
[   81.554535][ T7335] device bridge_slave_0 entered promiscuous mode
[   81.599147][ T7335] bridge0: port 2(bridge_slave_1) entered blocking state
[   81.652438][ T7335] bridge0: port 2(bridge_slave_1) entered disabled state
[   81.687750][ T7335] device bridge_slave_1 entered promiscuous mode
[   81.741766][ T7304] 8021q: adding VLAN 0 to HW filter on device batadv0
[   81.774339][ T3007] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   81.792929][ T3007] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[   81.935925][ T7335] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   82.027542][ T7306] 8021q: adding VLAN 0 to HW filter on device bond0
[   82.056091][ T7335] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   82.114335][ T3007] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   82.123090][ T3007] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   82.169652][ T7339] bridge0: port 1(bridge_slave_0) entered blocking state
[   82.177891][ T7339] bridge0: port 1(bridge_slave_0) entered disabled state
[   82.204529][ T7339] device bridge_slave_0 entered promiscuous mode
[   82.234784][ T7306] 8021q: adding VLAN 0 to HW filter on device team0
[   82.259564][ T7339] bridge0: port 2(bridge_slave_1) entered blocking state
[   82.313595][ T7339] bridge0: port 2(bridge_slave_1) entered disabled state
[   82.354041][ T7339] device bridge_slave_1 entered promiscuous mode
[   82.390674][ T7335] team0: Port device team_slave_0 added
[   82.415711][   T44] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   82.444327][   T44] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   82.452887][   T44] bridge0: port 1(bridge_slave_0) entered blocking state
[   82.460012][   T44] bridge0: port 1(bridge_slave_0) entered forwarding state
[   82.517192][   T44] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   82.532192][   T44] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   82.544231][   T44] bridge0: port 2(bridge_slave_1) entered blocking state
[   82.551341][   T44] bridge0: port 2(bridge_slave_1) entered forwarding state
[   82.577843][ T7329] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   82.609901][ T7335] team0: Port device team_slave_1 added
18:49:53 executing program 5:
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x3, &(0x7f0000000240)=ANY=[@ANYBLOB="85000000130000005d0000000000000095000000000000000a621cf434b9eaafdc0a00e9bfde51afe9c81a9cf05725caf1cae63487d70c028dcde5c0198e4796e2b7185a"], &(0x7f0000000000)='PL \x00L\xf7\xd1*\xf1\x1c\xe9%7\xb5\xe3\x19\x1ef\xde]N\xc1\x8eL-\xf0\x14\x84\xa8mw\x84/bIF\xea\xe3\x10yL\x8c\x96\xff\x14f#.%\x95\x119\xbd\xa5\xd2\x99\x0eR?\x8e\xc3\b\x0f\xfc\x12$\xd8\xdcL\x84\xa9\xc8\xe8\xab1Wh\x06qU#\xfat\x9e\x86\x15\xc6\x10I\xb8\xb1\xbej\xa7t\a\x02\xccZ\xdd', 0x5, 0x487, &(0x7f000000cf3d)=""/195}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r0, 0x0, 0x12, 0x0, &(0x7f0000000380)="263abd030e98ff4dc870bd6688a8640888a8", 0x0, 0x1200}, 0x28)

18:49:53 executing program 0:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000000)="2e0000001e000504ed0080648c6394f268315c03100003402c00000001000080000000000300f88000f01700d0bd", 0x2e}], 0x1}, 0x0)

[   82.623973][ T7339] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   82.748197][ T7339] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   82.761176][ T7411] netlink: 'syz-executor.0': attribute type 3 has an invalid length.
18:49:54 executing program 1:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000140)={<r0=>0xffffffffffffffff})
r1 = dup(r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
r2 = socket$inet(0x10, 0x80002, 0x0)
sendmsg(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000080)="24000000210007041dfffd946f610500020000e8fe02080100010800080011000400ff7e280000001100ffffba16a0aa", 0x30}], 0x1}, 0x0)

[   82.816531][ T7411] netlink: 10 bytes leftover after parsing attributes in process `syz-executor.0'.
[   82.834492][ T3007] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[   82.883972][ T3007] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[   82.893241][ T3007] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[   82.970145][ T3007] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   83.026506][ T3007] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[   83.070277][ T3007] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   83.124146][ T3007] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   83.169293][ T3007] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   83.220756][ T7306] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   83.269006][ T7306] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[   83.339501][ T3007] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   83.405822][ T3007] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   83.454224][ T3007] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   83.471227][ T7306] 8021q: adding VLAN 0 to HW filter on device batadv0
18:49:54 executing program 0:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000000)="2e0000001e000504ed0080648c6394f268315c03100003402c00000001000080000000000300f88000f01700d0bd", 0x2e}], 0x1}, 0x0)

[   83.512347][ T7339] team0: Port device team_slave_0 added
[   83.550603][ T7339] team0: Port device team_slave_1 added
18:49:54 executing program 1:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000140)={<r0=>0xffffffffffffffff})
r1 = dup(r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
r2 = socket$inet(0x10, 0x80002, 0x0)
sendmsg(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000080)="24000000210007041dfffd946f610500020000e8fe02080100010800080011000400ff7e280000001100ffffba16a0aa", 0x30}], 0x1}, 0x0)

[   83.632144][ T7416] IPVS: ftp: loaded support on port[0] = 21
[   83.686583][ T7335] device hsr_slave_0 entered promiscuous mode
[   83.733967][ T7335] device hsr_slave_1 entered promiscuous mode
[   83.783583][ T7335] debugfs: Directory 'hsr0' with parent '/' already present!
[   83.876707][ T7424] netlink: 'syz-executor.0': attribute type 3 has an invalid length.
[   83.936572][ T7339] device hsr_slave_0 entered promiscuous mode
[   83.989165][ T7339] device hsr_slave_1 entered promiscuous mode
[   83.995620][ T7424] netlink: 10 bytes leftover after parsing attributes in process `syz-executor.0'.
[   84.063668][ T7339] debugfs: Directory 'hsr0' with parent '/' already present!
18:49:55 executing program 1:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000140)={<r0=>0xffffffffffffffff})
r1 = dup(r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
r2 = socket$inet(0x10, 0x80002, 0x0)
sendmsg(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000080)="24000000210007041dfffd946f610500020000e8fe02080100010800080011000400ff7e280000001100ffffba16a0aa", 0x30}], 0x1}, 0x0)

18:49:55 executing program 0:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000000)="2e0000001e000504ed0080648c6394f268315c03100003402c00000001000080000000000300f88000f01700d0bd", 0x2e}], 0x1}, 0x0)

[   84.760713][ T7480] netlink: 'syz-executor.0': attribute type 3 has an invalid length.
[   84.813567][ T7480] netlink: 10 bytes leftover after parsing attributes in process `syz-executor.0'.
[   84.921385][ T7416] chnl_net:caif_netlink_parms(): no params data found
[   85.046771][ T7335] 8021q: adding VLAN 0 to HW filter on device bond0
[   85.243301][ T7335] 8021q: adding VLAN 0 to HW filter on device team0
18:49:56 executing program 0:
bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000080)={0x6, 0x4, 0x7ffb, 0x9, 0x0, 0xffffffffffffffff, 0x0, [0x5, 0x0, 0x0, 0x400100]}, 0x3c)

[   85.346417][ T7336] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   85.364362][ T7336] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
18:49:56 executing program 1:
ioctl$PERF_EVENT_IOC_MODIFY_ATTRIBUTES(0xffffffffffffffff, 0x4008240b, &(0x7f0000001980)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x5})
r0 = syz_open_dev$sndtimer(&(0x7f0000000080)='/dev/snd/timer\x00', 0x0, 0xa00)
ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000100)={{0x1}})
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
ioctl$SNDRV_TIMER_IOCTL_PARAMS(r0, 0x40505412, &(0x7f0000000180)={0x5, 0x200000022e})
readv(r0, &(0x7f0000000240)=[{&(0x7f00000013c0)=""/135}, {&(0x7f0000001480)=""/25}, {&(0x7f00000003c0)=""/4096, 0x8}], 0x20000000000002ca)

[   85.487348][ T7416] bridge0: port 1(bridge_slave_0) entered blocking state
[   85.543564][ T7416] bridge0: port 1(bridge_slave_0) entered disabled state
[   85.584414][ T7416] device bridge_slave_0 entered promiscuous mode
[   85.648334][ T3001] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   85.695687][ T3001] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   85.744057][ T3001] bridge0: port 1(bridge_slave_0) entered blocking state
[   85.751147][ T3001] bridge0: port 1(bridge_slave_0) entered forwarding state
[   85.806740][ T3001] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   85.863415][ T3001] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
18:49:57 executing program 2:
r0 = socket$inet6(0xa, 0x2, 0x0)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x14e24}, 0x1c)
recvmmsg(r0, 0x0, 0x0, 0x0, 0x0)
connect$inet6(r0, &(0x7f00000002c0)={0xa, 0x4e24}, 0x1c)
sendmmsg(r0, &(0x7f00000092c0), 0x4ff, 0x0)
ppoll(&(0x7f0000000040)=[{r0, 0x2, 0x3000300}], 0x1, 0x0, 0x0, 0x0)

[   85.916260][ T3001] bridge0: port 2(bridge_slave_1) entered blocking state
[   85.923353][ T3001] bridge0: port 2(bridge_slave_1) entered forwarding state
[   86.036930][ T3001] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[   86.091904][ T3001] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[   86.155371][ T7337] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   86.201003][ T7339] 8021q: adding VLAN 0 to HW filter on device bond0
[   86.231474][ T7416] bridge0: port 2(bridge_slave_1) entered blocking state
[   86.258446][ T7416] bridge0: port 2(bridge_slave_1) entered disabled state
[   86.303279][ T7416] device bridge_slave_1 entered promiscuous mode
[   86.369633][ T7336] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[   86.408884][ T7336] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   86.474686][ T7336] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[   86.531936][ T7336] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   86.590614][ T7336] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   86.659206][ T7336] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   86.752625][ T7335] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   86.811661][ T7335] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[   86.872037][ T7339] 8021q: adding VLAN 0 to HW filter on device team0
[   86.912264][ T7337] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   86.929438][ T7337] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   87.008705][ T7337] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   87.077621][ T7337] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   87.118858][ T7337] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   87.206548][ T7416] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   87.265234][ T7337] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   87.314260][ T7337] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   87.322652][ T7337] bridge0: port 1(bridge_slave_0) entered blocking state
[   87.329749][ T7337] bridge0: port 1(bridge_slave_0) entered forwarding state
[   87.464340][ T7337] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   87.518655][ T7337] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   87.564020][ T7337] bridge0: port 2(bridge_slave_1) entered blocking state
[   87.571114][ T7337] bridge0: port 2(bridge_slave_1) entered forwarding state
[   87.645245][ T7337] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[   87.725191][ T7416] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   87.847890][ T7335] 8021q: adding VLAN 0 to HW filter on device batadv0
[   87.864302][ T3001] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   87.940443][ T7416] team0: Port device team_slave_0 added
[   87.947180][ T3007] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[   88.005171][ T3007] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[   88.044143][ T3007] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   88.072017][ T7339] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[   88.143518][ T7339] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   88.255424][ T7416] team0: Port device team_slave_1 added
[   88.262134][ T3007] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   88.288432][ T3007] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[   88.354557][ T3007] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   88.408785][ T3007] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   88.434405][ T3007] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   88.494644][ T3007] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   88.568453][ T3007] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   88.614395][ T7339] 8021q: adding VLAN 0 to HW filter on device batadv0
[   88.655763][ T3007] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[   88.766661][ T7416] device hsr_slave_0 entered promiscuous mode
[   88.794105][ T7416] device hsr_slave_1 entered promiscuous mode
[   88.843538][ T7416] debugfs: Directory 'hsr0' with parent '/' already present!
[   89.172087][   T25] kauditd_printk_skb: 3 callbacks suppressed
[   89.172141][   T25] audit: type=1804 audit(1572634200.359:31): pid=7531 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name=2F726F6F742F73797A6B616C6C65722D746573746469723234353335393938352F73797A6B616C6C65722E6954494374782F302F7374617409C0D2FEBCF9DF2DEAC8C177FF171248E91193513049F831550D6F7DE66CF637BDBF1311920C8A26EDA4DCC3783F9DB5116B34D31B0512A5608AAFF01E7952340CD6FD dev="sda1" ino=16543 res=1
[   89.617027][ T7416] 8021q: adding VLAN 0 to HW filter on device bond0
[   89.682171][ T7329] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   89.700219][ T7329] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   89.776457][ T7416] 8021q: adding VLAN 0 to HW filter on device team0
[   89.819023][ T7329] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   89.849019][ T7329] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   89.904062][ T7329] bridge0: port 1(bridge_slave_0) entered blocking state
[   89.911159][ T7329] bridge0: port 1(bridge_slave_0) entered forwarding state
[   89.987576][   T44] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   89.996162][   T44] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   90.024673][   T44] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   90.033172][   T44] bridge0: port 2(bridge_slave_1) entered blocking state
[   90.040257][   T44] bridge0: port 2(bridge_slave_1) entered forwarding state
[   90.114431][   T44] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[   90.144457][   T44] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[   90.173978][   T44] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[   90.182783][   T44] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   90.253427][ T7416] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[   90.293864][ T7416] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   90.339766][ T7329] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   90.349086][ T7329] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[   90.377269][ T7329] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   90.414793][ T7329] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   90.453877][ T7329] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   90.462781][ T7329] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   90.518916][ T7329] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   90.583775][ T7416] 8021q: adding VLAN 0 to HW filter on device batadv0
[   90.594395][   T44] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
18:50:03 executing program 3:
set_mempolicy(0x3, &(0x7f00000000c0)=0xfffffffffffffff7, 0x3)
r0 = getpid()
sched_setscheduler(r0, 0x5, &(0x7f0000000380))
r1 = getpid()
sched_setscheduler(r1, 0x5, &(0x7f0000000380))
r2 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0)
perf_event_open(0x0, r1, 0x0, r2, 0x11)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000140)={<r3=>r0, 0xffffffffffffffff, 0x0, 0x4, &(0x7f0000000000)='t\x00\x8c\x00'}, 0x30)
r4 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0xfffffffffffffffd}}, r3, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00', 0x275a, 0x0)
fallocate(0xffffffffffffffff, 0x0, 0x0, 0x0)
fcntl$setstatus(r4, 0x4, 0x42000)
ioctl$EXT4_IOC_MOVE_EXT(0xffffffffffffffff, 0xc028660f, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00', 0x275c, 0x0)
r5 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0)
write$binfmt_aout(r5, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194c871512e2249d01df96"], 0x16)
sendfile(r5, r5, &(0x7f00000001c0), 0x8080fffffffe)
ioctl$PIO_CMAP(r5, 0x4b71, &(0x7f0000000180)={0x20, 0x3, 0x5, 0x9, 0x0, 0xffffffffffffb9de})
syslog(0x4, &(0x7f0000000040)=""/4, 0x4)
syz_open_dev$loop(&(0x7f0000000240)='/dev/loop#\x00', 0x0, 0x0)
r6 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0)
fchdir(r6)
ioctl$BLKTRACESTOP(r6, 0x1275, 0x0)
prctl$PR_MCE_KILL_GET(0x22)
pipe2(&(0x7f0000000100)={0xffffffffffffffff, <r7=>0xffffffffffffffff}, 0x4000)
ioctl$SNDRV_SEQ_IOCTL_PVERSION(r7, 0x80045300, &(0x7f0000000080))

[   92.172986][   T25] audit: type=1804 audit(1572634203.359:32): pid=7535 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name=2F726F6F742F73797A6B616C6C65722D746573746469723234353335393938352F73797A6B616C6C65722E6954494374782F302F7374617409C0D2FEBCF9DF2DEAC8C177FF171248E91193513049F831550D6F7DE66CF637BDBF1311920C8A26EDA4DCC3783F9DB5116B34D31B0512A5608AAFF01E7952340CD6FD dev="sda1" ino=16543 res=1
18:50:03 executing program 1:
ioctl$PERF_EVENT_IOC_MODIFY_ATTRIBUTES(0xffffffffffffffff, 0x4008240b, &(0x7f0000001980)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x5})
r0 = syz_open_dev$sndtimer(&(0x7f0000000080)='/dev/snd/timer\x00', 0x0, 0xa00)
ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000100)={{0x1}})
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
ioctl$SNDRV_TIMER_IOCTL_PARAMS(r0, 0x40505412, &(0x7f0000000180)={0x5, 0x200000022e})
readv(r0, &(0x7f0000000240)=[{&(0x7f00000013c0)=""/135}, {&(0x7f0000001480)=""/25}, {&(0x7f00000003c0)=""/4096, 0x8}], 0x20000000000002ca)

18:50:03 executing program 0:
bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000080)={0x6, 0x4, 0x7ffb, 0x9, 0x0, 0xffffffffffffffff, 0x0, [0x5, 0x0, 0x0, 0x400100]}, 0x3c)

18:50:03 executing program 2:
r0 = socket$inet6(0xa, 0x2, 0x0)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x14e24}, 0x1c)
recvmmsg(r0, 0x0, 0x0, 0x0, 0x0)
connect$inet6(r0, &(0x7f00000002c0)={0xa, 0x4e24}, 0x1c)
sendmmsg(r0, &(0x7f00000092c0), 0x4ff, 0x0)
ppoll(&(0x7f0000000040)=[{r0, 0x2, 0x3000300}], 0x1, 0x0, 0x0, 0x0)

18:50:03 executing program 4:
r0 = syz_open_procfs(0x0, &(0x7f00000001c0)='mounts\x00')
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
r2 = dup2(r1, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
sendfile(r0, r0, &(0x7f0000000180)=0x74000000, 0x5)

18:50:03 executing program 5:
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x3, &(0x7f0000000240)=ANY=[@ANYBLOB="85000000130000005d0000000000000095000000000000000a621cf434b9eaafdc0a00e9bfde51afe9c81a9cf05725caf1cae63487d70c028dcde5c0198e4796e2b7185a"], &(0x7f0000000000)='PL \x00L\xf7\xd1*\xf1\x1c\xe9%7\xb5\xe3\x19\x1ef\xde]N\xc1\x8eL-\xf0\x14\x84\xa8mw\x84/bIF\xea\xe3\x10yL\x8c\x96\xff\x14f#.%\x95\x119\xbd\xa5\xd2\x99\x0eR?\x8e\xc3\b\x0f\xfc\x12$\xd8\xdcL\x84\xa9\xc8\xe8\xab1Wh\x06qU#\xfat\x9e\x86\x15\xc6\x10I\xb8\xb1\xbej\xa7t\a\x02\xccZ\xdd', 0x5, 0x487, &(0x7f000000cf3d)=""/195}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r0, 0x0, 0x12, 0x0, &(0x7f0000000380)="263abd030e98ff4dc870bd6688a8640888a8", 0x0, 0x1200}, 0x28)

18:50:03 executing program 4:
r0 = syz_open_procfs(0x0, &(0x7f00000001c0)='mounts\x00')
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
r2 = dup2(r1, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
sendfile(r0, r0, &(0x7f0000000180)=0x74000000, 0x5)

18:50:03 executing program 5:
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x3, &(0x7f0000000240)=ANY=[@ANYBLOB="85000000130000005d0000000000000095000000000000000a621cf434b9eaafdc0a00e9bfde51afe9c81a9cf05725caf1cae63487d70c028dcde5c0198e4796e2b7185a"], &(0x7f0000000000)='PL \x00L\xf7\xd1*\xf1\x1c\xe9%7\xb5\xe3\x19\x1ef\xde]N\xc1\x8eL-\xf0\x14\x84\xa8mw\x84/bIF\xea\xe3\x10yL\x8c\x96\xff\x14f#.%\x95\x119\xbd\xa5\xd2\x99\x0eR?\x8e\xc3\b\x0f\xfc\x12$\xd8\xdcL\x84\xa9\xc8\xe8\xab1Wh\x06qU#\xfat\x9e\x86\x15\xc6\x10I\xb8\xb1\xbej\xa7t\a\x02\xccZ\xdd', 0x5, 0x487, &(0x7f000000cf3d)=""/195}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r0, 0x0, 0x12, 0x0, &(0x7f0000000380)="263abd030e98ff4dc870bd6688a8640888a8", 0x0, 0x1200}, 0x28)

18:50:03 executing program 1:
ioctl$PERF_EVENT_IOC_MODIFY_ATTRIBUTES(0xffffffffffffffff, 0x4008240b, &(0x7f0000001980)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x5})
r0 = syz_open_dev$sndtimer(&(0x7f0000000080)='/dev/snd/timer\x00', 0x0, 0xa00)
ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000100)={{0x1}})
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
ioctl$SNDRV_TIMER_IOCTL_PARAMS(r0, 0x40505412, &(0x7f0000000180)={0x5, 0x200000022e})
readv(r0, &(0x7f0000000240)=[{&(0x7f00000013c0)=""/135}, {&(0x7f0000001480)=""/25}, {&(0x7f00000003c0)=""/4096, 0x8}], 0x20000000000002ca)

[   92.493442][   T25] audit: type=1804 audit(1572634203.669:33): pid=7599 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name=2F726F6F742F73797A6B616C6C65722D746573746469723234353335393938352F73797A6B616C6C65722E6954494374782F312F7374617409C0D2FEBCF9DF2DEAC8C177FF171248E91193513049F831550D6F7DE66CF637BDBF1311920C8A26EDA4DCC3783F9DB5116B34D31B0512A5608AAFF01E7952340CD6FD dev="sda1" ino=16565 res=1
18:50:03 executing program 0:
bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000080)={0x6, 0x4, 0x7ffb, 0x9, 0x0, 0xffffffffffffffff, 0x0, [0x5, 0x0, 0x0, 0x400100]}, 0x3c)

18:50:04 executing program 5:
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x3, &(0x7f0000000240)=ANY=[@ANYBLOB="85000000130000005d0000000000000095000000000000000a621cf434b9eaafdc0a00e9bfde51afe9c81a9cf05725caf1cae63487d70c028dcde5c0198e4796e2b7185a"], &(0x7f0000000000)='PL \x00L\xf7\xd1*\xf1\x1c\xe9%7\xb5\xe3\x19\x1ef\xde]N\xc1\x8eL-\xf0\x14\x84\xa8mw\x84/bIF\xea\xe3\x10yL\x8c\x96\xff\x14f#.%\x95\x119\xbd\xa5\xd2\x99\x0eR?\x8e\xc3\b\x0f\xfc\x12$\xd8\xdcL\x84\xa9\xc8\xe8\xab1Wh\x06qU#\xfat\x9e\x86\x15\xc6\x10I\xb8\xb1\xbej\xa7t\a\x02\xccZ\xdd', 0x5, 0x487, &(0x7f000000cf3d)=""/195}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r0, 0x0, 0x12, 0x0, &(0x7f0000000380)="263abd030e98ff4dc870bd6688a8640888a8", 0x0, 0x1200}, 0x28)

18:50:04 executing program 4:
r0 = syz_open_procfs(0x0, &(0x7f00000001c0)='mounts\x00')
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
r2 = dup2(r1, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
sendfile(r0, r0, &(0x7f0000000180)=0x74000000, 0x5)

18:50:04 executing program 3:
set_mempolicy(0x3, &(0x7f00000000c0)=0xfffffffffffffff7, 0x3)
r0 = getpid()
sched_setscheduler(r0, 0x5, &(0x7f0000000380))
r1 = getpid()
sched_setscheduler(r1, 0x5, &(0x7f0000000380))
r2 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0)
perf_event_open(0x0, r1, 0x0, r2, 0x11)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000140)={<r3=>r0, 0xffffffffffffffff, 0x0, 0x4, &(0x7f0000000000)='t\x00\x8c\x00'}, 0x30)
r4 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0xfffffffffffffffd}}, r3, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00', 0x275a, 0x0)
fallocate(0xffffffffffffffff, 0x0, 0x0, 0x0)
fcntl$setstatus(r4, 0x4, 0x42000)
ioctl$EXT4_IOC_MOVE_EXT(0xffffffffffffffff, 0xc028660f, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00', 0x275c, 0x0)
r5 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0)
write$binfmt_aout(r5, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194c871512e2249d01df96"], 0x16)
sendfile(r5, r5, &(0x7f00000001c0), 0x8080fffffffe)
ioctl$PIO_CMAP(r5, 0x4b71, &(0x7f0000000180)={0x20, 0x3, 0x5, 0x9, 0x0, 0xffffffffffffb9de})
syslog(0x4, &(0x7f0000000040)=""/4, 0x4)
syz_open_dev$loop(&(0x7f0000000240)='/dev/loop#\x00', 0x0, 0x0)
r6 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0)
fchdir(r6)
ioctl$BLKTRACESTOP(r6, 0x1275, 0x0)
prctl$PR_MCE_KILL_GET(0x22)
pipe2(&(0x7f0000000100)={0xffffffffffffffff, <r7=>0xffffffffffffffff}, 0x4000)
ioctl$SNDRV_SEQ_IOCTL_PVERSION(r7, 0x80045300, &(0x7f0000000080))

18:50:04 executing program 1:
ioctl$PERF_EVENT_IOC_MODIFY_ATTRIBUTES(0xffffffffffffffff, 0x4008240b, &(0x7f0000001980)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x5})
r0 = syz_open_dev$sndtimer(&(0x7f0000000080)='/dev/snd/timer\x00', 0x0, 0xa00)
ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000100)={{0x1}})
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
ioctl$SNDRV_TIMER_IOCTL_PARAMS(r0, 0x40505412, &(0x7f0000000180)={0x5, 0x200000022e})
readv(r0, &(0x7f0000000240)=[{&(0x7f00000013c0)=""/135}, {&(0x7f0000001480)=""/25}, {&(0x7f00000003c0)=""/4096, 0x8}], 0x20000000000002ca)

18:50:04 executing program 0:
bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000080)={0x6, 0x4, 0x7ffb, 0x9, 0x0, 0xffffffffffffffff, 0x0, [0x5, 0x0, 0x0, 0x400100]}, 0x3c)

18:50:04 executing program 4:
set_mempolicy(0x3, &(0x7f00000000c0)=0xfffffffffffffff7, 0x3)
r0 = getpid()
sched_setscheduler(r0, 0x5, &(0x7f0000000380))
r1 = getpid()
sched_setscheduler(r1, 0x5, &(0x7f0000000380))
r2 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0)
perf_event_open(0x0, r1, 0x0, r2, 0x11)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000140)={<r3=>r0, 0xffffffffffffffff, 0x0, 0x4, &(0x7f0000000000)='t\x00\x8c\x00'}, 0x30)
r4 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0xfffffffffffffffd}}, r3, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00', 0x275a, 0x0)
fallocate(0xffffffffffffffff, 0x0, 0x0, 0x0)
fcntl$setstatus(r4, 0x4, 0x42000)
ioctl$EXT4_IOC_MOVE_EXT(0xffffffffffffffff, 0xc028660f, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00', 0x275c, 0x0)
r5 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0)
write$binfmt_aout(r5, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194c871512e2249d01df96"], 0x16)
sendfile(r5, r5, &(0x7f00000001c0), 0x8080fffffffe)
ioctl$PIO_CMAP(r5, 0x4b71, &(0x7f0000000180)={0x20, 0x3, 0x5, 0x9, 0x0, 0xffffffffffffb9de})
syslog(0x4, &(0x7f0000000040)=""/4, 0x4)
syz_open_dev$loop(&(0x7f0000000240)='/dev/loop#\x00', 0x0, 0x0)
r6 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0)
fchdir(r6)
ioctl$BLKTRACESTOP(r6, 0x1275, 0x0)
prctl$PR_MCE_KILL_GET(0x22)
pipe2(&(0x7f0000000100)={0xffffffffffffffff, <r7=>0xffffffffffffffff}, 0x4000)
ioctl$SNDRV_SEQ_IOCTL_PVERSION(r7, 0x80045300, &(0x7f0000000080))

18:50:04 executing program 2:
r0 = socket$inet6(0xa, 0x2, 0x0)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x14e24}, 0x1c)
recvmmsg(r0, 0x0, 0x0, 0x0, 0x0)
connect$inet6(r0, &(0x7f00000002c0)={0xa, 0x4e24}, 0x1c)
sendmmsg(r0, &(0x7f00000092c0), 0x4ff, 0x0)
ppoll(&(0x7f0000000040)=[{r0, 0x2, 0x3000300}], 0x1, 0x0, 0x0, 0x0)

18:50:04 executing program 5:
set_mempolicy(0x3, &(0x7f00000000c0)=0xfffffffffffffff7, 0x3)
r0 = getpid()
sched_setscheduler(r0, 0x5, &(0x7f0000000380))
r1 = getpid()
sched_setscheduler(r1, 0x5, &(0x7f0000000380))
r2 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0)
perf_event_open(0x0, r1, 0x0, r2, 0x11)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000140)={<r3=>r0, 0xffffffffffffffff, 0x0, 0x4, &(0x7f0000000000)='t\x00\x8c\x00'}, 0x30)
r4 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0xfffffffffffffffd}}, r3, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00', 0x275a, 0x0)
fallocate(0xffffffffffffffff, 0x0, 0x0, 0x0)
fcntl$setstatus(r4, 0x4, 0x42000)
ioctl$EXT4_IOC_MOVE_EXT(0xffffffffffffffff, 0xc028660f, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00', 0x275c, 0x0)
r5 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0)
write$binfmt_aout(r5, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194c871512e2249d01df96"], 0x16)
sendfile(r5, r5, &(0x7f00000001c0), 0x8080fffffffe)
ioctl$PIO_CMAP(r5, 0x4b71, &(0x7f0000000180)={0x20, 0x3, 0x5, 0x9, 0x0, 0xffffffffffffb9de})
syslog(0x4, &(0x7f0000000040)=""/4, 0x4)
syz_open_dev$loop(&(0x7f0000000240)='/dev/loop#\x00', 0x0, 0x0)
r6 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0)
fchdir(r6)
ioctl$BLKTRACESTOP(r6, 0x1275, 0x0)
prctl$PR_MCE_KILL_GET(0x22)
pipe2(&(0x7f0000000100)={0xffffffffffffffff, <r7=>0xffffffffffffffff}, 0x4000)
ioctl$SNDRV_SEQ_IOCTL_PVERSION(r7, 0x80045300, &(0x7f0000000080))

[   93.518568][   T25] audit: type=1804 audit(1572634204.709:34): pid=7627 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name=2F726F6F742F73797A6B616C6C65722D746573746469723638373833323333362F73797A6B616C6C65722E6A75527857442F342F7374617409C0D2FEBCF9DF2DEAC8C177FF171248E91193513049F831550D6F7DE66CF637BDBF1311920C8A26EDA4DCC3783F9DB5116B34D31B0512A5608AAFF01E7952340CD6FD dev="sda1" ino=16547 res=1
18:50:04 executing program 0:
set_mempolicy(0x3, &(0x7f00000000c0)=0xfffffffffffffff7, 0x3)
r0 = getpid()
sched_setscheduler(r0, 0x5, &(0x7f0000000380))
r1 = getpid()
sched_setscheduler(r1, 0x5, &(0x7f0000000380))
r2 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0)
perf_event_open(0x0, r1, 0x0, r2, 0x11)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000140)={<r3=>r0, 0xffffffffffffffff, 0x0, 0x4, &(0x7f0000000000)='t\x00\x8c\x00'}, 0x30)
r4 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0xfffffffffffffffd}}, r3, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00', 0x275a, 0x0)
fallocate(0xffffffffffffffff, 0x0, 0x0, 0x0)
fcntl$setstatus(r4, 0x4, 0x42000)
ioctl$EXT4_IOC_MOVE_EXT(0xffffffffffffffff, 0xc028660f, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00', 0x275c, 0x0)
r5 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0)
write$binfmt_aout(r5, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194c871512e2249d01df96"], 0x16)
sendfile(r5, r5, &(0x7f00000001c0), 0x8080fffffffe)
ioctl$PIO_CMAP(r5, 0x4b71, &(0x7f0000000180)={0x20, 0x3, 0x5, 0x9, 0x0, 0xffffffffffffb9de})
syslog(0x4, &(0x7f0000000040)=""/4, 0x4)
syz_open_dev$loop(&(0x7f0000000240)='/dev/loop#\x00', 0x0, 0x0)
r6 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0)
fchdir(r6)
ioctl$BLKTRACESTOP(r6, 0x1275, 0x0)
prctl$PR_MCE_KILL_GET(0x22)
pipe2(&(0x7f0000000100)={0xffffffffffffffff, <r7=>0xffffffffffffffff}, 0x4000)
ioctl$SNDRV_SEQ_IOCTL_PVERSION(r7, 0x80045300, &(0x7f0000000080))

18:50:04 executing program 1:
set_mempolicy(0x3, &(0x7f00000000c0)=0xfffffffffffffff7, 0x3)
r0 = getpid()
sched_setscheduler(r0, 0x5, &(0x7f0000000380))
r1 = getpid()
sched_setscheduler(r1, 0x5, &(0x7f0000000380))
r2 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0)
perf_event_open(0x0, r1, 0x0, r2, 0x11)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000140)={<r3=>r0, 0xffffffffffffffff, 0x0, 0x4, &(0x7f0000000000)='t\x00\x8c\x00'}, 0x30)
r4 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0xfffffffffffffffd}}, r3, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00', 0x275a, 0x0)
fallocate(0xffffffffffffffff, 0x0, 0x0, 0x0)
fcntl$setstatus(r4, 0x4, 0x42000)
ioctl$EXT4_IOC_MOVE_EXT(0xffffffffffffffff, 0xc028660f, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00', 0x275c, 0x0)
r5 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0)
write$binfmt_aout(r5, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194c871512e2249d01df96"], 0x16)
sendfile(r5, r5, &(0x7f00000001c0), 0x8080fffffffe)
ioctl$PIO_CMAP(r5, 0x4b71, &(0x7f0000000180)={0x20, 0x3, 0x5, 0x9, 0x0, 0xffffffffffffb9de})
syslog(0x4, &(0x7f0000000040)=""/4, 0x4)
syz_open_dev$loop(&(0x7f0000000240)='/dev/loop#\x00', 0x0, 0x0)
r6 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0)
fchdir(r6)
ioctl$BLKTRACESTOP(r6, 0x1275, 0x0)
prctl$PR_MCE_KILL_GET(0x22)
pipe2(&(0x7f0000000100)={0xffffffffffffffff, <r7=>0xffffffffffffffff}, 0x4000)
ioctl$SNDRV_SEQ_IOCTL_PVERSION(r7, 0x80045300, &(0x7f0000000080))

[   93.722574][   T25] audit: type=1804 audit(1572634204.879:35): pid=7632 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.4" name=2F726F6F742F73797A6B616C6C65722D746573746469723137313633303238332F73797A6B616C6C65722E776E574D4E462F342F7374617409C0D2FEBCF9DF2DEAC8C177FF171248E91193513049F831550D6F7DE66CF637BDBF1311920C8A26EDA4DCC3783F9DB5116B34D31B0512A5608AAFF01E7952340CD6FD dev="sda1" ino=16563 res=1
[   94.010398][   T25] audit: type=1804 audit(1572634205.029:36): pid=7639 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name=2F726F6F742F73797A6B616C6C65722D746573746469723234353335393938352F73797A6B616C6C65722E6954494374782F322F7374617409C0D2FEBCF9DF2DEAC8C177FF171248E91193513049F831550D6F7DE66CF637BDBF1311920C8A26EDA4DCC3783F9DB5116B34D31B0512A5608AAFF01E7952340CD6FD dev="sda1" ino=16568 res=1
[   94.324757][   T25] audit: type=1804 audit(1572634205.379:37): pid=7645 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name=2F726F6F742F73797A6B616C6C65722D746573746469723636313539303030322F73797A6B616C6C65722E7641797950762F382F7374617409C0D2FEBCF9DF2DEAC8C177FF171248E91193513049F831550D6F7DE66CF637BDBF1311920C8A26EDA4DCC3783F9DB5116B34D31B0512A5608AAFF01E7952340CD6FD dev="sda1" ino=16578 res=1
[   94.569600][   T25] audit: type=1804 audit(1572634205.479:38): pid=7646 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name=2F726F6F742F73797A6B616C6C65722D746573746469723832393635313635312F73797A6B616C6C65722E537A454158452F382F7374617409C0D2FEBCF9DF2DEAC8C177FF171248E91193513049F831550D6F7DE66CF637BDBF1311920C8A26EDA4DCC3783F9DB5116B34D31B0512A5608AAFF01E7952340CD6FD dev="sda1" ino=16577 res=1
18:50:06 executing program 2:
set_mempolicy(0x3, &(0x7f00000000c0)=0xfffffffffffffff7, 0x3)
r0 = getpid()
sched_setscheduler(r0, 0x5, &(0x7f0000000380))
r1 = getpid()
sched_setscheduler(r1, 0x5, &(0x7f0000000380))
r2 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0)
perf_event_open(0x0, r1, 0x0, r2, 0x11)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000140)={<r3=>r0, 0xffffffffffffffff, 0x0, 0x4, &(0x7f0000000000)='t\x00\x8c\x00'}, 0x30)
r4 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0xfffffffffffffffd}}, r3, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00', 0x275a, 0x0)
fallocate(0xffffffffffffffff, 0x0, 0x0, 0x0)
fcntl$setstatus(r4, 0x4, 0x42000)
ioctl$EXT4_IOC_MOVE_EXT(0xffffffffffffffff, 0xc028660f, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00', 0x275c, 0x0)
r5 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0)
write$binfmt_aout(r5, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194c871512e2249d01df96"], 0x16)
sendfile(r5, r5, &(0x7f00000001c0), 0x8080fffffffe)
ioctl$PIO_CMAP(r5, 0x4b71, &(0x7f0000000180)={0x20, 0x3, 0x5, 0x9, 0x0, 0xffffffffffffb9de})
syslog(0x4, &(0x7f0000000040)=""/4, 0x4)
syz_open_dev$loop(&(0x7f0000000240)='/dev/loop#\x00', 0x0, 0x0)
r6 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0)
fchdir(r6)
ioctl$BLKTRACESTOP(r6, 0x1275, 0x0)
prctl$PR_MCE_KILL_GET(0x22)
pipe2(&(0x7f0000000100)={0xffffffffffffffff, <r7=>0xffffffffffffffff}, 0x4000)
ioctl$SNDRV_SEQ_IOCTL_PVERSION(r7, 0x80045300, &(0x7f0000000080))

18:50:06 executing program 0:
set_mempolicy(0x3, &(0x7f00000000c0)=0xfffffffffffffff7, 0x3)
r0 = getpid()
sched_setscheduler(r0, 0x5, &(0x7f0000000380))
r1 = getpid()
sched_setscheduler(r1, 0x5, &(0x7f0000000380))
r2 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0)
perf_event_open(0x0, r1, 0x0, r2, 0x11)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000140)={<r3=>r0, 0xffffffffffffffff, 0x0, 0x4, &(0x7f0000000000)='t\x00\x8c\x00'}, 0x30)
r4 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0xfffffffffffffffd}}, r3, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00', 0x275a, 0x0)
fallocate(0xffffffffffffffff, 0x0, 0x0, 0x0)
fcntl$setstatus(r4, 0x4, 0x42000)
ioctl$EXT4_IOC_MOVE_EXT(0xffffffffffffffff, 0xc028660f, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00', 0x275c, 0x0)
r5 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0)
write$binfmt_aout(r5, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194c871512e2249d01df96"], 0x16)
sendfile(r5, r5, &(0x7f00000001c0), 0x8080fffffffe)
ioctl$PIO_CMAP(r5, 0x4b71, &(0x7f0000000180)={0x20, 0x3, 0x5, 0x9, 0x0, 0xffffffffffffb9de})
syslog(0x4, &(0x7f0000000040)=""/4, 0x4)
syz_open_dev$loop(&(0x7f0000000240)='/dev/loop#\x00', 0x0, 0x0)
r6 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0)
fchdir(r6)
ioctl$BLKTRACESTOP(r6, 0x1275, 0x0)
prctl$PR_MCE_KILL_GET(0x22)
pipe2(&(0x7f0000000100)={0xffffffffffffffff, <r7=>0xffffffffffffffff}, 0x4000)
ioctl$SNDRV_SEQ_IOCTL_PVERSION(r7, 0x80045300, &(0x7f0000000080))

18:50:06 executing program 3:
set_mempolicy(0x3, &(0x7f00000000c0)=0xfffffffffffffff7, 0x3)
r0 = getpid()
sched_setscheduler(r0, 0x5, &(0x7f0000000380))
r1 = getpid()
sched_setscheduler(r1, 0x5, &(0x7f0000000380))
r2 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0)
perf_event_open(0x0, r1, 0x0, r2, 0x11)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000140)={<r3=>r0, 0xffffffffffffffff, 0x0, 0x4, &(0x7f0000000000)='t\x00\x8c\x00'}, 0x30)
r4 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0xfffffffffffffffd}}, r3, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00', 0x275a, 0x0)
fallocate(0xffffffffffffffff, 0x0, 0x0, 0x0)
fcntl$setstatus(r4, 0x4, 0x42000)
ioctl$EXT4_IOC_MOVE_EXT(0xffffffffffffffff, 0xc028660f, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00', 0x275c, 0x0)
r5 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0)
write$binfmt_aout(r5, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194c871512e2249d01df96"], 0x16)
sendfile(r5, r5, &(0x7f00000001c0), 0x8080fffffffe)
ioctl$PIO_CMAP(r5, 0x4b71, &(0x7f0000000180)={0x20, 0x3, 0x5, 0x9, 0x0, 0xffffffffffffb9de})
syslog(0x4, &(0x7f0000000040)=""/4, 0x4)
syz_open_dev$loop(&(0x7f0000000240)='/dev/loop#\x00', 0x0, 0x0)
r6 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0)
fchdir(r6)
ioctl$BLKTRACESTOP(r6, 0x1275, 0x0)
prctl$PR_MCE_KILL_GET(0x22)
pipe2(&(0x7f0000000100)={0xffffffffffffffff, <r7=>0xffffffffffffffff}, 0x4000)
ioctl$SNDRV_SEQ_IOCTL_PVERSION(r7, 0x80045300, &(0x7f0000000080))

[   95.227895][   T25] audit: type=1804 audit(1572634206.419:39): pid=7653 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name=2F726F6F742F73797A6B616C6C65722D746573746469723636313539303030322F73797A6B616C6C65722E7641797950762F392F7374617409C0D2FEBCF9DF2DEAC8C177FF171248E91193513049F831550D6F7DE66CF637BDBF1311920C8A26EDA4DCC3783F9DB5116B34D31B0512A5608AAFF01E7952340CD6FD dev="sda1" ino=16568 res=1
[   95.468520][   T25] audit: type=1804 audit(1572634206.529:40): pid=7656 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name=2F726F6F742F73797A6B616C6C65722D746573746469723236313433383536382F73797A6B616C6C65722E6A64413678352F342F7374617409C0D2FEBCF9DF2DEAC8C177FF171248E91193513049F831550D6F7DE66CF637BDBF1311920C8A26EDA4DCC3783F9DB5116B34D31B0512A5608AAFF01E7952340CD6FD dev="sda1" ino=16570 res=1
[   95.854014][   T25] audit: type=1804 audit(1572634206.879:41): pid=7659 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name=2F726F6F742F73797A6B616C6C65722D746573746469723234353335393938352F73797A6B616C6C65722E6954494374782F332F7374617409C0D2FEBCF9DF2DEAC8C177FF171248E91193513049F831550D6F7DE66CF637BDBF1311920C8A26EDA4DCC3783F9DB5116B34D31B0512A5608AAFF01E7952340CD6FD dev="sda1" ino=16581 res=1
18:50:08 executing program 4:
set_mempolicy(0x3, &(0x7f00000000c0)=0xfffffffffffffff7, 0x3)
r0 = getpid()
sched_setscheduler(r0, 0x5, &(0x7f0000000380))
r1 = getpid()
sched_setscheduler(r1, 0x5, &(0x7f0000000380))
r2 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0)
perf_event_open(0x0, r1, 0x0, r2, 0x11)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000140)={<r3=>r0, 0xffffffffffffffff, 0x0, 0x4, &(0x7f0000000000)='t\x00\x8c\x00'}, 0x30)
r4 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0xfffffffffffffffd}}, r3, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00', 0x275a, 0x0)
fallocate(0xffffffffffffffff, 0x0, 0x0, 0x0)
fcntl$setstatus(r4, 0x4, 0x42000)
ioctl$EXT4_IOC_MOVE_EXT(0xffffffffffffffff, 0xc028660f, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00', 0x275c, 0x0)
r5 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0)
write$binfmt_aout(r5, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194c871512e2249d01df96"], 0x16)
sendfile(r5, r5, &(0x7f00000001c0), 0x8080fffffffe)
ioctl$PIO_CMAP(r5, 0x4b71, &(0x7f0000000180)={0x20, 0x3, 0x5, 0x9, 0x0, 0xffffffffffffb9de})
syslog(0x4, &(0x7f0000000040)=""/4, 0x4)
syz_open_dev$loop(&(0x7f0000000240)='/dev/loop#\x00', 0x0, 0x0)
r6 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0)
fchdir(r6)
ioctl$BLKTRACESTOP(r6, 0x1275, 0x0)
prctl$PR_MCE_KILL_GET(0x22)
pipe2(&(0x7f0000000100)={0xffffffffffffffff, <r7=>0xffffffffffffffff}, 0x4000)
ioctl$SNDRV_SEQ_IOCTL_PVERSION(r7, 0x80045300, &(0x7f0000000080))

18:50:08 executing program 1:
set_mempolicy(0x3, &(0x7f00000000c0)=0xfffffffffffffff7, 0x3)
r0 = getpid()
sched_setscheduler(r0, 0x5, &(0x7f0000000380))
r1 = getpid()
sched_setscheduler(r1, 0x5, &(0x7f0000000380))
r2 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0)
perf_event_open(0x0, r1, 0x0, r2, 0x11)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000140)={<r3=>r0, 0xffffffffffffffff, 0x0, 0x4, &(0x7f0000000000)='t\x00\x8c\x00'}, 0x30)
r4 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0xfffffffffffffffd}}, r3, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00', 0x275a, 0x0)
fallocate(0xffffffffffffffff, 0x0, 0x0, 0x0)
fcntl$setstatus(r4, 0x4, 0x42000)
ioctl$EXT4_IOC_MOVE_EXT(0xffffffffffffffff, 0xc028660f, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00', 0x275c, 0x0)
r5 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0)
write$binfmt_aout(r5, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194c871512e2249d01df96"], 0x16)
sendfile(r5, r5, &(0x7f00000001c0), 0x8080fffffffe)
ioctl$PIO_CMAP(r5, 0x4b71, &(0x7f0000000180)={0x20, 0x3, 0x5, 0x9, 0x0, 0xffffffffffffb9de})
syslog(0x4, &(0x7f0000000040)=""/4, 0x4)
syz_open_dev$loop(&(0x7f0000000240)='/dev/loop#\x00', 0x0, 0x0)
r6 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0)
fchdir(r6)
ioctl$BLKTRACESTOP(r6, 0x1275, 0x0)
prctl$PR_MCE_KILL_GET(0x22)
pipe2(&(0x7f0000000100)={0xffffffffffffffff, <r7=>0xffffffffffffffff}, 0x4000)
ioctl$SNDRV_SEQ_IOCTL_PVERSION(r7, 0x80045300, &(0x7f0000000080))

[   97.590503][   T25] audit: type=1804 audit(1572634208.779:42): pid=7672 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name=2F726F6F742F73797A6B616C6C65722D746573746469723832393635313635312F73797A6B616C6C65722E537A454158452F392F7374617409C0D2FEBCF9DF2DEAC8C177FF171248E91193513049F831550D6F7DE66CF637BDBF1311920C8A26EDA4DCC3783F9DB5116B34D31B0512A5608AAFF01E7952340CD6FD dev="sda1" ino=16583 res=1
[   97.828757][   T25] audit: type=1804 audit(1572634209.019:43): pid=7673 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.4" name=2F726F6F742F73797A6B616C6C65722D746573746469723137313633303238332F73797A6B616C6C65722E776E574D4E462F352F7374617409C0D2FEBCF9DF2DEAC8C177FF171248E91193513049F831550D6F7DE66CF637BDBF1311920C8A26EDA4DCC3783F9DB5116B34D31B0512A5608AAFF01E7952340CD6FD dev="sda1" ino=16574 res=1
18:50:09 executing program 2:
set_mempolicy(0x3, &(0x7f00000000c0)=0xfffffffffffffff7, 0x3)
r0 = getpid()
sched_setscheduler(r0, 0x5, &(0x7f0000000380))
r1 = getpid()
sched_setscheduler(r1, 0x5, &(0x7f0000000380))
r2 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0)
perf_event_open(0x0, r1, 0x0, r2, 0x11)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000140)={<r3=>r0, 0xffffffffffffffff, 0x0, 0x4, &(0x7f0000000000)='t\x00\x8c\x00'}, 0x30)
r4 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0xfffffffffffffffd}}, r3, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00', 0x275a, 0x0)
fallocate(0xffffffffffffffff, 0x0, 0x0, 0x0)
fcntl$setstatus(r4, 0x4, 0x42000)
ioctl$EXT4_IOC_MOVE_EXT(0xffffffffffffffff, 0xc028660f, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00', 0x275c, 0x0)
r5 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0)
write$binfmt_aout(r5, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194c871512e2249d01df96"], 0x16)
sendfile(r5, r5, &(0x7f00000001c0), 0x8080fffffffe)
ioctl$PIO_CMAP(r5, 0x4b71, &(0x7f0000000180)={0x20, 0x3, 0x5, 0x9, 0x0, 0xffffffffffffb9de})
syslog(0x4, &(0x7f0000000040)=""/4, 0x4)
syz_open_dev$loop(&(0x7f0000000240)='/dev/loop#\x00', 0x0, 0x0)
r6 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0)
fchdir(r6)
ioctl$BLKTRACESTOP(r6, 0x1275, 0x0)
prctl$PR_MCE_KILL_GET(0x22)
pipe2(&(0x7f0000000100)={0xffffffffffffffff, <r7=>0xffffffffffffffff}, 0x4000)
ioctl$SNDRV_SEQ_IOCTL_PVERSION(r7, 0x80045300, &(0x7f0000000080))

18:50:09 executing program 5:
set_mempolicy(0x3, &(0x7f00000000c0)=0xfffffffffffffff7, 0x3)
r0 = getpid()
sched_setscheduler(r0, 0x5, &(0x7f0000000380))
r1 = getpid()
sched_setscheduler(r1, 0x5, &(0x7f0000000380))
r2 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0)
perf_event_open(0x0, r1, 0x0, r2, 0x11)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000140)={<r3=>r0, 0xffffffffffffffff, 0x0, 0x4, &(0x7f0000000000)='t\x00\x8c\x00'}, 0x30)
r4 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0xfffffffffffffffd}}, r3, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00', 0x275a, 0x0)
fallocate(0xffffffffffffffff, 0x0, 0x0, 0x0)
fcntl$setstatus(r4, 0x4, 0x42000)
ioctl$EXT4_IOC_MOVE_EXT(0xffffffffffffffff, 0xc028660f, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00', 0x275c, 0x0)
r5 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0)
write$binfmt_aout(r5, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194c871512e2249d01df96"], 0x16)
sendfile(r5, r5, &(0x7f00000001c0), 0x8080fffffffe)
ioctl$PIO_CMAP(r5, 0x4b71, &(0x7f0000000180)={0x20, 0x3, 0x5, 0x9, 0x0, 0xffffffffffffb9de})
syslog(0x4, &(0x7f0000000040)=""/4, 0x4)
syz_open_dev$loop(&(0x7f0000000240)='/dev/loop#\x00', 0x0, 0x0)
r6 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0)
fchdir(r6)
ioctl$BLKTRACESTOP(r6, 0x1275, 0x0)
prctl$PR_MCE_KILL_GET(0x22)
pipe2(&(0x7f0000000100)={0xffffffffffffffff, <r7=>0xffffffffffffffff}, 0x4000)
ioctl$SNDRV_SEQ_IOCTL_PVERSION(r7, 0x80045300, &(0x7f0000000080))

[   98.042959][   T25] audit: type=1804 audit(1572634209.149:44): pid=7667 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.4" name=2F726F6F742F73797A6B616C6C65722D746573746469723137313633303238332F73797A6B616C6C65722E776E574D4E462F352F7374617409C0D2FEBCF9DF2DEAC8C177FF171248E91193513049F831550D6F7DE66CF637BDBF1311920C8A26EDA4DCC3783F9DB5116B34D31B0512A5608AAFF01E7952340CD6FD dev="sda1" ino=16574 res=1
[   98.348380][   T25] audit: type=1804 audit(1572634209.499:45): pid=7682 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name=2F726F6F742F73797A6B616C6C65722D746573746469723236313433383536382F73797A6B616C6C65722E6A64413678352F352F7374617409C0D2FEBCF9DF2DEAC8C177FF171248E91193513049F831550D6F7DE66CF637BDBF1311920C8A26EDA4DCC3783F9DB5116B34D31B0512A5608AAFF01E7952340CD6FD dev="sda1" ino=16547 res=1
18:50:09 executing program 1:
set_mempolicy(0x3, &(0x7f00000000c0)=0xfffffffffffffff7, 0x3)
r0 = getpid()
sched_setscheduler(r0, 0x5, &(0x7f0000000380))
r1 = getpid()
sched_setscheduler(r1, 0x5, &(0x7f0000000380))
r2 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0)
perf_event_open(0x0, r1, 0x0, r2, 0x11)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000140)={<r3=>r0, 0xffffffffffffffff, 0x0, 0x4, &(0x7f0000000000)='t\x00\x8c\x00'}, 0x30)
r4 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0xfffffffffffffffd}}, r3, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00', 0x275a, 0x0)
fallocate(0xffffffffffffffff, 0x0, 0x0, 0x0)
fcntl$setstatus(r4, 0x4, 0x42000)
ioctl$EXT4_IOC_MOVE_EXT(0xffffffffffffffff, 0xc028660f, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00', 0x275c, 0x0)
r5 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0)
write$binfmt_aout(r5, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194c871512e2249d01df96"], 0x16)
sendfile(r5, r5, &(0x7f00000001c0), 0x8080fffffffe)
ioctl$PIO_CMAP(r5, 0x4b71, &(0x7f0000000180)={0x20, 0x3, 0x5, 0x9, 0x0, 0xffffffffffffb9de})
syslog(0x4, &(0x7f0000000040)=""/4, 0x4)
syz_open_dev$loop(&(0x7f0000000240)='/dev/loop#\x00', 0x0, 0x0)
r6 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0)
fchdir(r6)
ioctl$BLKTRACESTOP(r6, 0x1275, 0x0)
prctl$PR_MCE_KILL_GET(0x22)
pipe2(&(0x7f0000000100)={0xffffffffffffffff, <r7=>0xffffffffffffffff}, 0x4000)
ioctl$SNDRV_SEQ_IOCTL_PVERSION(r7, 0x80045300, &(0x7f0000000080))

[   98.633269][   T25] audit: type=1804 audit(1572634209.629:46): pid=7685 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name=2F726F6F742F73797A6B616C6C65722D746573746469723638373833323333362F73797A6B616C6C65722E6A75527857442F352F7374617409C0D2FEBCF9DF2DEAC8C177FF171248E91193513049F831550D6F7DE66CF637BDBF1311920C8A26EDA4DCC3783F9DB5116B34D31B0512A5608AAFF01E7952340CD6FD dev="sda1" ino=16567 res=1
18:50:10 executing program 4:
set_mempolicy(0x3, &(0x7f00000000c0)=0xfffffffffffffff7, 0x3)
r0 = getpid()
sched_setscheduler(r0, 0x5, &(0x7f0000000380))
r1 = getpid()
sched_setscheduler(r1, 0x5, &(0x7f0000000380))
r2 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0)
perf_event_open(0x0, r1, 0x0, r2, 0x11)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000140)={<r3=>r0, 0xffffffffffffffff, 0x0, 0x4, &(0x7f0000000000)='t\x00\x8c\x00'}, 0x30)
r4 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0xfffffffffffffffd}}, r3, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00', 0x275a, 0x0)
fallocate(0xffffffffffffffff, 0x0, 0x0, 0x0)
fcntl$setstatus(r4, 0x4, 0x42000)
ioctl$EXT4_IOC_MOVE_EXT(0xffffffffffffffff, 0xc028660f, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00', 0x275c, 0x0)
r5 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0)
write$binfmt_aout(r5, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194c871512e2249d01df96"], 0x16)
sendfile(r5, r5, &(0x7f00000001c0), 0x8080fffffffe)
ioctl$PIO_CMAP(r5, 0x4b71, &(0x7f0000000180)={0x20, 0x3, 0x5, 0x9, 0x0, 0xffffffffffffb9de})
syslog(0x4, &(0x7f0000000040)=""/4, 0x4)
syz_open_dev$loop(&(0x7f0000000240)='/dev/loop#\x00', 0x0, 0x0)
r6 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0)
fchdir(r6)
ioctl$BLKTRACESTOP(r6, 0x1275, 0x0)
prctl$PR_MCE_KILL_GET(0x22)
pipe2(&(0x7f0000000100)={0xffffffffffffffff, <r7=>0xffffffffffffffff}, 0x4000)
ioctl$SNDRV_SEQ_IOCTL_PVERSION(r7, 0x80045300, &(0x7f0000000080))

18:50:10 executing program 3:
set_mempolicy(0x3, &(0x7f00000000c0)=0xfffffffffffffff7, 0x3)
r0 = getpid()
sched_setscheduler(r0, 0x5, &(0x7f0000000380))
r1 = getpid()
sched_setscheduler(r1, 0x5, &(0x7f0000000380))
r2 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0)
perf_event_open(0x0, r1, 0x0, r2, 0x11)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000140)={<r3=>r0, 0xffffffffffffffff, 0x0, 0x4, &(0x7f0000000000)='t\x00\x8c\x00'}, 0x30)
r4 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0xfffffffffffffffd}}, r3, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00', 0x275a, 0x0)
fallocate(0xffffffffffffffff, 0x0, 0x0, 0x0)
fcntl$setstatus(r4, 0x4, 0x42000)
ioctl$EXT4_IOC_MOVE_EXT(0xffffffffffffffff, 0xc028660f, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00', 0x275c, 0x0)
r5 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0)
write$binfmt_aout(r5, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194c871512e2249d01df96"], 0x16)
sendfile(r5, r5, &(0x7f00000001c0), 0x8080fffffffe)
ioctl$PIO_CMAP(r5, 0x4b71, &(0x7f0000000180)={0x20, 0x3, 0x5, 0x9, 0x0, 0xffffffffffffb9de})
syslog(0x4, &(0x7f0000000040)=""/4, 0x4)
syz_open_dev$loop(&(0x7f0000000240)='/dev/loop#\x00', 0x0, 0x0)
r6 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0)
fchdir(r6)
ioctl$BLKTRACESTOP(r6, 0x1275, 0x0)
prctl$PR_MCE_KILL_GET(0x22)
pipe2(&(0x7f0000000100)={0xffffffffffffffff, <r7=>0xffffffffffffffff}, 0x4000)
ioctl$SNDRV_SEQ_IOCTL_PVERSION(r7, 0x80045300, &(0x7f0000000080))

[   99.561480][   T25] kauditd_printk_skb: 2 callbacks suppressed
[   99.561533][   T25] audit: type=1804 audit(1572634210.749:49): pid=7693 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.4" name=2F726F6F742F73797A6B616C6C65722D746573746469723137313633303238332F73797A6B616C6C65722E776E574D4E462F362F7374617409C0D2FEBCF9DF2DEAC8C177FF171248E91193513049F831550D6F7DE66CF637BDBF1311920C8A26EDA4DCC3783F9DB5116B34D31B0512A5608AAFF01E7952340CD6FD dev="sda1" ino=16574 res=1
18:50:11 executing program 0:
set_mempolicy(0x3, &(0x7f00000000c0)=0xfffffffffffffff7, 0x3)
r0 = getpid()
sched_setscheduler(r0, 0x5, &(0x7f0000000380))
r1 = getpid()
sched_setscheduler(r1, 0x5, &(0x7f0000000380))
r2 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0)
perf_event_open(0x0, r1, 0x0, r2, 0x11)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000140)={<r3=>r0, 0xffffffffffffffff, 0x0, 0x4, &(0x7f0000000000)='t\x00\x8c\x00'}, 0x30)
r4 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0xfffffffffffffffd}}, r3, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00', 0x275a, 0x0)
fallocate(0xffffffffffffffff, 0x0, 0x0, 0x0)
fcntl$setstatus(r4, 0x4, 0x42000)
ioctl$EXT4_IOC_MOVE_EXT(0xffffffffffffffff, 0xc028660f, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00', 0x275c, 0x0)
r5 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0)
write$binfmt_aout(r5, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194c871512e2249d01df96"], 0x16)
sendfile(r5, r5, &(0x7f00000001c0), 0x8080fffffffe)
ioctl$PIO_CMAP(r5, 0x4b71, &(0x7f0000000180)={0x20, 0x3, 0x5, 0x9, 0x0, 0xffffffffffffb9de})
syslog(0x4, &(0x7f0000000040)=""/4, 0x4)
syz_open_dev$loop(&(0x7f0000000240)='/dev/loop#\x00', 0x0, 0x0)
r6 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0)
fchdir(r6)
ioctl$BLKTRACESTOP(r6, 0x1275, 0x0)
prctl$PR_MCE_KILL_GET(0x22)
pipe2(&(0x7f0000000100)={0xffffffffffffffff, <r7=>0xffffffffffffffff}, 0x4000)
ioctl$SNDRV_SEQ_IOCTL_PVERSION(r7, 0x80045300, &(0x7f0000000080))

[  100.405247][   T25] audit: type=1804 audit(1572634211.599:50): pid=7699 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name=2F726F6F742F73797A6B616C6C65722D746573746469723234353335393938352F73797A6B616C6C65722E6954494374782F342F7374617409C0D2FEBCF9DF2DEAC8C177FF171248E91193513049F831550D6F7DE66CF637BDBF1311920C8A26EDA4DCC3783F9DB5116B34D31B0512A5608AAFF01E7952340CD6FD dev="sda1" ino=16588 res=1
[  100.845262][   T25] audit: type=1804 audit(1572634212.039:51): pid=7703 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name=2F726F6F742F73797A6B616C6C65722D746573746469723636313539303030322F73797A6B616C6C65722E7641797950762F31302F7374617409C0D2FEBCF9DF2DEAC8C177FF171248E91193513049F831550D6F7DE66CF637BDBF1311920C8A26EDA4DCC3783F9DB5116B34D31B0512A5608AAFF01E7952340CD6FD dev="sda1" ino=16587 res=1
18:50:12 executing program 2:
set_mempolicy(0x3, &(0x7f00000000c0)=0xfffffffffffffff7, 0x3)
r0 = getpid()
sched_setscheduler(r0, 0x5, &(0x7f0000000380))
r1 = getpid()
sched_setscheduler(r1, 0x5, &(0x7f0000000380))
r2 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0)
perf_event_open(0x0, r1, 0x0, r2, 0x11)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000140)={<r3=>r0, 0xffffffffffffffff, 0x0, 0x4, &(0x7f0000000000)='t\x00\x8c\x00'}, 0x30)
r4 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0xfffffffffffffffd}}, r3, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00', 0x275a, 0x0)
fallocate(0xffffffffffffffff, 0x0, 0x0, 0x0)
fcntl$setstatus(r4, 0x4, 0x42000)
ioctl$EXT4_IOC_MOVE_EXT(0xffffffffffffffff, 0xc028660f, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00', 0x275c, 0x0)
r5 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0)
write$binfmt_aout(r5, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194c871512e2249d01df96"], 0x16)
sendfile(r5, r5, &(0x7f00000001c0), 0x8080fffffffe)
ioctl$PIO_CMAP(r5, 0x4b71, &(0x7f0000000180)={0x20, 0x3, 0x5, 0x9, 0x0, 0xffffffffffffb9de})
syslog(0x4, &(0x7f0000000040)=""/4, 0x4)
syz_open_dev$loop(&(0x7f0000000240)='/dev/loop#\x00', 0x0, 0x0)
r6 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0)
fchdir(r6)
ioctl$BLKTRACESTOP(r6, 0x1275, 0x0)
prctl$PR_MCE_KILL_GET(0x22)
pipe2(&(0x7f0000000100)={0xffffffffffffffff, <r7=>0xffffffffffffffff}, 0x4000)
ioctl$SNDRV_SEQ_IOCTL_PVERSION(r7, 0x80045300, &(0x7f0000000080))

18:50:12 executing program 5:
set_mempolicy(0x3, &(0x7f00000000c0)=0xfffffffffffffff7, 0x3)
r0 = getpid()
sched_setscheduler(r0, 0x5, &(0x7f0000000380))
r1 = getpid()
sched_setscheduler(r1, 0x5, &(0x7f0000000380))
r2 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0)
perf_event_open(0x0, r1, 0x0, r2, 0x11)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000140)={<r3=>r0, 0xffffffffffffffff, 0x0, 0x4, &(0x7f0000000000)='t\x00\x8c\x00'}, 0x30)
r4 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0xfffffffffffffffd}}, r3, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00', 0x275a, 0x0)
fallocate(0xffffffffffffffff, 0x0, 0x0, 0x0)
fcntl$setstatus(r4, 0x4, 0x42000)
ioctl$EXT4_IOC_MOVE_EXT(0xffffffffffffffff, 0xc028660f, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00', 0x275c, 0x0)
r5 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0)
write$binfmt_aout(r5, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194c871512e2249d01df96"], 0x16)
sendfile(r5, r5, &(0x7f00000001c0), 0x8080fffffffe)
ioctl$PIO_CMAP(r5, 0x4b71, &(0x7f0000000180)={0x20, 0x3, 0x5, 0x9, 0x0, 0xffffffffffffb9de})
syslog(0x4, &(0x7f0000000040)=""/4, 0x4)
syz_open_dev$loop(&(0x7f0000000240)='/dev/loop#\x00', 0x0, 0x0)
r6 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0)
fchdir(r6)
ioctl$BLKTRACESTOP(r6, 0x1275, 0x0)
prctl$PR_MCE_KILL_GET(0x22)
pipe2(&(0x7f0000000100)={0xffffffffffffffff, <r7=>0xffffffffffffffff}, 0x4000)
ioctl$SNDRV_SEQ_IOCTL_PVERSION(r7, 0x80045300, &(0x7f0000000080))

[  101.787571][   T25] audit: type=1804 audit(1572634212.979:52): pid=7709 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name=2F726F6F742F73797A6B616C6C65722D746573746469723236313433383536382F73797A6B616C6C65722E6A64413678352F362F7374617409C0D2FEBCF9DF2DEAC8C177FF171248E91193513049F831550D6F7DE66CF637BDBF1311920C8A26EDA4DCC3783F9DB5116B34D31B0512A5608AAFF01E7952340CD6FD dev="sda1" ino=16461 res=1
18:50:13 executing program 1:
set_mempolicy(0x3, &(0x7f00000000c0)=0xfffffffffffffff7, 0x3)
r0 = getpid()
sched_setscheduler(r0, 0x5, &(0x7f0000000380))
r1 = getpid()
sched_setscheduler(r1, 0x5, &(0x7f0000000380))
r2 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0)
perf_event_open(0x0, r1, 0x0, r2, 0x11)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000140)={<r3=>r0, 0xffffffffffffffff, 0x0, 0x4, &(0x7f0000000000)='t\x00\x8c\x00'}, 0x30)
r4 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0xfffffffffffffffd}}, r3, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00', 0x275a, 0x0)
fallocate(0xffffffffffffffff, 0x0, 0x0, 0x0)
fcntl$setstatus(r4, 0x4, 0x42000)
ioctl$EXT4_IOC_MOVE_EXT(0xffffffffffffffff, 0xc028660f, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00', 0x275c, 0x0)
r5 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0)
write$binfmt_aout(r5, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194c871512e2249d01df96"], 0x16)
sendfile(r5, r5, &(0x7f00000001c0), 0x8080fffffffe)
ioctl$PIO_CMAP(r5, 0x4b71, &(0x7f0000000180)={0x20, 0x3, 0x5, 0x9, 0x0, 0xffffffffffffb9de})
syslog(0x4, &(0x7f0000000040)=""/4, 0x4)
syz_open_dev$loop(&(0x7f0000000240)='/dev/loop#\x00', 0x0, 0x0)
r6 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0)
fchdir(r6)
ioctl$BLKTRACESTOP(r6, 0x1275, 0x0)
prctl$PR_MCE_KILL_GET(0x22)
pipe2(&(0x7f0000000100)={0xffffffffffffffff, <r7=>0xffffffffffffffff}, 0x4000)
ioctl$SNDRV_SEQ_IOCTL_PVERSION(r7, 0x80045300, &(0x7f0000000080))

18:50:13 executing program 4:
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x3, &(0x7f0000000240)=ANY=[@ANYBLOB="85000000130000005d0000000000000095000000000000000a621cf434b9eaafdc0a00e9bfde51afe9c81a9cf05725caf1cae63487d70c028dcde5c0198e4796e2b7185a"], &(0x7f0000000000)='PL \x00L\xf7\xd1*\xf1\x1c\xe9%7\xb5\xe3\x19\x1ef\xde]N\xc1\x8eL-\xf0\x14\x84\xa8mw\x84/bIF\xea\xe3\x10yL\x8c\x96\xff\x14f#.%\x95\x119\xbd\xa5\xd2\x99\x0eR?\x8e\xc3\b\x0f\xfc\x12$\xd8\xdcL\x84\xa9\xc8\xe8\xab1Wh\x06qU#\xfat\x9e\x86\x15\xc6\x10I\xb8\xb1\xbej\xa7t\a\x02\xccZ\xdd', 0x5, 0x487, &(0x7f000000cf3d)=""/195}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r0, 0x0, 0x12, 0x0, &(0x7f0000000380)="263abd030e98ff4dc870bd6688a8640888a8", 0x0, 0x1200}, 0x28)

[  102.447276][   T25] audit: type=1804 audit(1572634213.639:53): pid=7723 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name=2F726F6F742F73797A6B616C6C65722D746573746469723638373833323333362F73797A6B616C6C65722E6A75527857442F362F7374617409C0D2FEBCF9DF2DEAC8C177FF171248E91193513049F831550D6F7DE66CF637BDBF1311920C8A26EDA4DCC3783F9DB5116B34D31B0512A5608AAFF01E7952340CD6FD dev="sda1" ino=16572 res=1
18:50:13 executing program 0:
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x3, &(0x7f0000000240)=ANY=[@ANYBLOB="85000000130000005d0000000000000095000000000000000a621cf434b9eaafdc0a00e9bfde51afe9c81a9cf05725caf1cae63487d70c028dcde5c0198e4796e2b7185a"], &(0x7f0000000000)='PL \x00L\xf7\xd1*\xf1\x1c\xe9%7\xb5\xe3\x19\x1ef\xde]N\xc1\x8eL-\xf0\x14\x84\xa8mw\x84/bIF\xea\xe3\x10yL\x8c\x96\xff\x14f#.%\x95\x119\xbd\xa5\xd2\x99\x0eR?\x8e\xc3\b\x0f\xfc\x12$\xd8\xdcL\x84\xa9\xc8\xe8\xab1Wh\x06qU#\xfat\x9e\x86\x15\xc6\x10I\xb8\xb1\xbej\xa7t\a\x02\xccZ\xdd', 0x5, 0x487, &(0x7f000000cf3d)=""/195}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r0, 0x0, 0x12, 0x0, &(0x7f0000000380)="263abd030e98ff4dc870bd6688a8640888a8", 0x0, 0x1200}, 0x28)

[  102.567811][   T25] audit: type=1804 audit(1572634213.709:54): pid=7719 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.5" name=2F726F6F742F73797A6B616C6C65722D746573746469723638373833323333362F73797A6B616C6C65722E6A75527857442F362F7374617409C0D2FEBCF9DF2DEAC8C177FF171248E91193513049F831550D6F7DE66CF637BDBF1311920C8A26EDA4DCC3783F9DB5116B34D31B0512A5608AAFF01E7952340CD6FD dev="sda1" ino=16572 res=1
18:50:13 executing program 4:
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x3, &(0x7f0000000240)=ANY=[@ANYBLOB="85000000130000005d0000000000000095000000000000000a621cf434b9eaafdc0a00e9bfde51afe9c81a9cf05725caf1cae63487d70c028dcde5c0198e4796e2b7185a"], &(0x7f0000000000)='PL \x00L\xf7\xd1*\xf1\x1c\xe9%7\xb5\xe3\x19\x1ef\xde]N\xc1\x8eL-\xf0\x14\x84\xa8mw\x84/bIF\xea\xe3\x10yL\x8c\x96\xff\x14f#.%\x95\x119\xbd\xa5\xd2\x99\x0eR?\x8e\xc3\b\x0f\xfc\x12$\xd8\xdcL\x84\xa9\xc8\xe8\xab1Wh\x06qU#\xfat\x9e\x86\x15\xc6\x10I\xb8\xb1\xbej\xa7t\a\x02\xccZ\xdd', 0x5, 0x487, &(0x7f000000cf3d)=""/195}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r0, 0x0, 0x12, 0x0, &(0x7f0000000380)="263abd030e98ff4dc870bd6688a8640888a8", 0x0, 0x1200}, 0x28)

[  102.752398][   T25] audit: type=1804 audit(1572634213.859:55): pid=7715 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name=2F726F6F742F73797A6B616C6C65722D746573746469723832393635313635312F73797A6B616C6C65722E537A454158452F31312F7374617409C0D2FEBCF9DF2DEAC8C177FF171248E91193513049F831550D6F7DE66CF637BDBF1311920C8A26EDA4DCC3783F9DB5116B34D31B0512A5608AAFF01E7952340CD6FD dev="sda1" ino=16579 res=1
18:50:14 executing program 3:
set_mempolicy(0x3, &(0x7f00000000c0)=0xfffffffffffffff7, 0x3)
r0 = getpid()
sched_setscheduler(r0, 0x5, &(0x7f0000000380))
r1 = getpid()
sched_setscheduler(r1, 0x5, &(0x7f0000000380))
r2 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0)
perf_event_open(0x0, r1, 0x0, r2, 0x11)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000140)={<r3=>r0, 0xffffffffffffffff, 0x0, 0x4, &(0x7f0000000000)='t\x00\x8c\x00'}, 0x30)
r4 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0xfffffffffffffffd}}, r3, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00', 0x275a, 0x0)
fallocate(0xffffffffffffffff, 0x0, 0x0, 0x0)
fcntl$setstatus(r4, 0x4, 0x42000)
ioctl$EXT4_IOC_MOVE_EXT(0xffffffffffffffff, 0xc028660f, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00', 0x275c, 0x0)
r5 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0)
write$binfmt_aout(r5, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194c871512e2249d01df96"], 0x16)
sendfile(r5, r5, &(0x7f00000001c0), 0x8080fffffffe)
ioctl$PIO_CMAP(r5, 0x4b71, &(0x7f0000000180)={0x20, 0x3, 0x5, 0x9, 0x0, 0xffffffffffffb9de})
syslog(0x4, &(0x7f0000000040)=""/4, 0x4)
syz_open_dev$loop(&(0x7f0000000240)='/dev/loop#\x00', 0x0, 0x0)
r6 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0)
fchdir(r6)
ioctl$BLKTRACESTOP(r6, 0x1275, 0x0)
prctl$PR_MCE_KILL_GET(0x22)
pipe2(&(0x7f0000000100)={0xffffffffffffffff, <r7=>0xffffffffffffffff}, 0x4000)
ioctl$SNDRV_SEQ_IOCTL_PVERSION(r7, 0x80045300, &(0x7f0000000080))

18:50:14 executing program 0:
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x3, &(0x7f0000000240)=ANY=[@ANYBLOB="85000000130000005d0000000000000095000000000000000a621cf434b9eaafdc0a00e9bfde51afe9c81a9cf05725caf1cae63487d70c028dcde5c0198e4796e2b7185a"], &(0x7f0000000000)='PL \x00L\xf7\xd1*\xf1\x1c\xe9%7\xb5\xe3\x19\x1ef\xde]N\xc1\x8eL-\xf0\x14\x84\xa8mw\x84/bIF\xea\xe3\x10yL\x8c\x96\xff\x14f#.%\x95\x119\xbd\xa5\xd2\x99\x0eR?\x8e\xc3\b\x0f\xfc\x12$\xd8\xdcL\x84\xa9\xc8\xe8\xab1Wh\x06qU#\xfat\x9e\x86\x15\xc6\x10I\xb8\xb1\xbej\xa7t\a\x02\xccZ\xdd', 0x5, 0x487, &(0x7f000000cf3d)=""/195}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r0, 0x0, 0x12, 0x0, &(0x7f0000000380)="263abd030e98ff4dc870bd6688a8640888a8", 0x0, 0x1200}, 0x28)

[  103.469581][   T25] audit: type=1804 audit(1572634214.659:56): pid=7739 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name=2F726F6F742F73797A6B616C6C65722D746573746469723234353335393938352F73797A6B616C6C65722E6954494374782F352F7374617409C0D2FEBCF9DF2DEAC8C177FF171248E91193513049F831550D6F7DE66CF637BDBF1311920C8A26EDA4DCC3783F9DB5116B34D31B0512A5608AAFF01E7952340CD6FD dev="sda1" ino=16596 res=1
18:50:15 executing program 0:
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x3, &(0x7f0000000240)=ANY=[@ANYBLOB="85000000130000005d0000000000000095000000000000000a621cf434b9eaafdc0a00e9bfde51afe9c81a9cf05725caf1cae63487d70c028dcde5c0198e4796e2b7185a"], &(0x7f0000000000)='PL \x00L\xf7\xd1*\xf1\x1c\xe9%7\xb5\xe3\x19\x1ef\xde]N\xc1\x8eL-\xf0\x14\x84\xa8mw\x84/bIF\xea\xe3\x10yL\x8c\x96\xff\x14f#.%\x95\x119\xbd\xa5\xd2\x99\x0eR?\x8e\xc3\b\x0f\xfc\x12$\xd8\xdcL\x84\xa9\xc8\xe8\xab1Wh\x06qU#\xfat\x9e\x86\x15\xc6\x10I\xb8\xb1\xbej\xa7t\a\x02\xccZ\xdd', 0x5, 0x487, &(0x7f000000cf3d)=""/195}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r0, 0x0, 0x12, 0x0, &(0x7f0000000380)="263abd030e98ff4dc870bd6688a8640888a8", 0x0, 0x1200}, 0x28)

18:50:15 executing program 4:
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x3, &(0x7f0000000240)=ANY=[@ANYBLOB="85000000130000005d0000000000000095000000000000000a621cf434b9eaafdc0a00e9bfde51afe9c81a9cf05725caf1cae63487d70c028dcde5c0198e4796e2b7185a"], &(0x7f0000000000)='PL \x00L\xf7\xd1*\xf1\x1c\xe9%7\xb5\xe3\x19\x1ef\xde]N\xc1\x8eL-\xf0\x14\x84\xa8mw\x84/bIF\xea\xe3\x10yL\x8c\x96\xff\x14f#.%\x95\x119\xbd\xa5\xd2\x99\x0eR?\x8e\xc3\b\x0f\xfc\x12$\xd8\xdcL\x84\xa9\xc8\xe8\xab1Wh\x06qU#\xfat\x9e\x86\x15\xc6\x10I\xb8\xb1\xbej\xa7t\a\x02\xccZ\xdd', 0x5, 0x487, &(0x7f000000cf3d)=""/195}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r0, 0x0, 0x12, 0x0, &(0x7f0000000380)="263abd030e98ff4dc870bd6688a8640888a8", 0x0, 0x1200}, 0x28)

[  104.042180][   T25] audit: type=1804 audit(1572634215.229:57): pid=7735 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.3" name=2F726F6F742F73797A6B616C6C65722D746573746469723234353335393938352F73797A6B616C6C65722E6954494374782F352F7374617409C0D2FEBCF9DF2DEAC8C177FF171248E91193513049F831550D6F7DE66CF637BDBF1311920C8A26EDA4DCC3783F9DB5116B34D31B0512A5608AAFF01E7952340CD6FD dev="sda1" ino=16596 res=1
18:50:15 executing program 0:
r0 = syz_open_procfs(0x0, &(0x7f00000001c0)='mounts\x00')
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
r2 = dup2(r1, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
sendfile(r0, r0, &(0x7f0000000180)=0x74000000, 0x5)

18:50:15 executing program 2:
ioctl$PERF_EVENT_IOC_MODIFY_ATTRIBUTES(0xffffffffffffffff, 0x4008240b, &(0x7f0000001980)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x5})
r0 = syz_open_dev$sndtimer(&(0x7f0000000080)='/dev/snd/timer\x00', 0x0, 0xa00)
ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000100)={{0x1}})
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
ioctl$SNDRV_TIMER_IOCTL_PARAMS(r0, 0x40505412, &(0x7f0000000180)={0x5, 0x200000022e})
readv(r0, &(0x7f0000000240)=[{&(0x7f00000013c0)=""/135}, {&(0x7f0000001480)=""/25}, {&(0x7f00000003c0)=""/4096, 0x8}], 0x20000000000002ca)

18:50:15 executing program 0:
r0 = syz_open_procfs(0x0, &(0x7f00000001c0)='mounts\x00')
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
r2 = dup2(r1, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
sendfile(r0, r0, &(0x7f0000000180)=0x74000000, 0x5)

18:50:16 executing program 4:
ioctl$PERF_EVENT_IOC_MODIFY_ATTRIBUTES(0xffffffffffffffff, 0x4008240b, &(0x7f0000001980)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x5})
r0 = syz_open_dev$sndtimer(&(0x7f0000000080)='/dev/snd/timer\x00', 0x0, 0xa00)
ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000100)={{0x1}})
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
ioctl$SNDRV_TIMER_IOCTL_PARAMS(r0, 0x40505412, &(0x7f0000000180)={0x5, 0x200000022e})
readv(r0, &(0x7f0000000240)=[{&(0x7f00000013c0)=""/135}, {&(0x7f0000001480)=""/25}, {&(0x7f00000003c0)=""/4096, 0x8}], 0x20000000000002ca)

18:50:16 executing program 1:
set_mempolicy(0x3, &(0x7f00000000c0)=0xfffffffffffffff7, 0x3)
r0 = getpid()
sched_setscheduler(r0, 0x5, &(0x7f0000000380))
r1 = getpid()
sched_setscheduler(r1, 0x5, &(0x7f0000000380))
r2 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0)
perf_event_open(0x0, r1, 0x0, r2, 0x11)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000140)={<r3=>r0, 0xffffffffffffffff, 0x0, 0x4, &(0x7f0000000000)='t\x00\x8c\x00'}, 0x30)
r4 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0xfffffffffffffffd}}, r3, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00', 0x275a, 0x0)
fallocate(0xffffffffffffffff, 0x0, 0x0, 0x0)
fcntl$setstatus(r4, 0x4, 0x42000)
ioctl$EXT4_IOC_MOVE_EXT(0xffffffffffffffff, 0xc028660f, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00', 0x275c, 0x0)
r5 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0)
write$binfmt_aout(r5, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194c871512e2249d01df96"], 0x16)
sendfile(r5, r5, &(0x7f00000001c0), 0x8080fffffffe)
ioctl$PIO_CMAP(r5, 0x4b71, &(0x7f0000000180)={0x20, 0x3, 0x5, 0x9, 0x0, 0xffffffffffffb9de})
syslog(0x4, &(0x7f0000000040)=""/4, 0x4)
syz_open_dev$loop(&(0x7f0000000240)='/dev/loop#\x00', 0x0, 0x0)
r6 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0)
fchdir(r6)
ioctl$BLKTRACESTOP(r6, 0x1275, 0x0)
prctl$PR_MCE_KILL_GET(0x22)
pipe2(&(0x7f0000000100)={0xffffffffffffffff, <r7=>0xffffffffffffffff}, 0x4000)
ioctl$SNDRV_SEQ_IOCTL_PVERSION(r7, 0x80045300, &(0x7f0000000080))

18:50:16 executing program 2:
ioctl$PERF_EVENT_IOC_MODIFY_ATTRIBUTES(0xffffffffffffffff, 0x4008240b, &(0x7f0000001980)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x5})
r0 = syz_open_dev$sndtimer(&(0x7f0000000080)='/dev/snd/timer\x00', 0x0, 0xa00)
ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000100)={{0x1}})
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
ioctl$SNDRV_TIMER_IOCTL_PARAMS(r0, 0x40505412, &(0x7f0000000180)={0x5, 0x200000022e})
readv(r0, &(0x7f0000000240)=[{&(0x7f00000013c0)=""/135}, {&(0x7f0000001480)=""/25}, {&(0x7f00000003c0)=""/4096, 0x8}], 0x20000000000002ca)

18:50:16 executing program 0:
r0 = syz_open_procfs(0x0, &(0x7f00000001c0)='mounts\x00')
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
r2 = dup2(r1, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
sendfile(r0, r0, &(0x7f0000000180)=0x74000000, 0x5)

18:50:16 executing program 3:
set_mempolicy(0x3, &(0x7f00000000c0)=0xfffffffffffffff7, 0x3)
r0 = getpid()
sched_setscheduler(r0, 0x5, &(0x7f0000000380))
r1 = getpid()
sched_setscheduler(r1, 0x5, &(0x7f0000000380))
r2 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0)
perf_event_open(0x0, r1, 0x0, r2, 0x11)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000140)={<r3=>r0, 0xffffffffffffffff, 0x0, 0x4, &(0x7f0000000000)='t\x00\x8c\x00'}, 0x30)
r4 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0xfffffffffffffffd}}, r3, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00', 0x275a, 0x0)
fallocate(0xffffffffffffffff, 0x0, 0x0, 0x0)
fcntl$setstatus(r4, 0x4, 0x42000)
ioctl$EXT4_IOC_MOVE_EXT(0xffffffffffffffff, 0xc028660f, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00', 0x275c, 0x0)
r5 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0)
write$binfmt_aout(r5, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194c871512e2249d01df96"], 0x16)
sendfile(r5, r5, &(0x7f00000001c0), 0x8080fffffffe)
ioctl$PIO_CMAP(r5, 0x4b71, &(0x7f0000000180)={0x20, 0x3, 0x5, 0x9, 0x0, 0xffffffffffffb9de})
syslog(0x4, &(0x7f0000000040)=""/4, 0x4)
syz_open_dev$loop(&(0x7f0000000240)='/dev/loop#\x00', 0x0, 0x0)
r6 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0)
fchdir(r6)
ioctl$BLKTRACESTOP(r6, 0x1275, 0x0)
prctl$PR_MCE_KILL_GET(0x22)
pipe2(&(0x7f0000000100)={0xffffffffffffffff, <r7=>0xffffffffffffffff}, 0x4000)
ioctl$SNDRV_SEQ_IOCTL_PVERSION(r7, 0x80045300, &(0x7f0000000080))

18:50:16 executing program 5:
r0 = socket$inet6(0xa, 0x2, 0x0)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x14e24}, 0x1c)
recvmmsg(r0, 0x0, 0x0, 0x0, 0x0)
connect$inet6(r0, &(0x7f00000002c0)={0xa, 0x4e24}, 0x1c)
sendmmsg(r0, &(0x7f00000092c0), 0x4ff, 0x0)
ppoll(&(0x7f0000000040)=[{r0, 0x2, 0x3000300}], 0x1, 0x0, 0x0, 0x0)

18:50:16 executing program 4:
ioctl$PERF_EVENT_IOC_MODIFY_ATTRIBUTES(0xffffffffffffffff, 0x4008240b, &(0x7f0000001980)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x5})
r0 = syz_open_dev$sndtimer(&(0x7f0000000080)='/dev/snd/timer\x00', 0x0, 0xa00)
ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000100)={{0x1}})
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
ioctl$SNDRV_TIMER_IOCTL_PARAMS(r0, 0x40505412, &(0x7f0000000180)={0x5, 0x200000022e})
readv(r0, &(0x7f0000000240)=[{&(0x7f00000013c0)=""/135}, {&(0x7f0000001480)=""/25}, {&(0x7f00000003c0)=""/4096, 0x8}], 0x20000000000002ca)

18:50:16 executing program 4:
ioctl$PERF_EVENT_IOC_MODIFY_ATTRIBUTES(0xffffffffffffffff, 0x4008240b, &(0x7f0000001980)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x5})
r0 = syz_open_dev$sndtimer(&(0x7f0000000080)='/dev/snd/timer\x00', 0x0, 0xa00)
ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000100)={{0x1}})
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
ioctl$SNDRV_TIMER_IOCTL_PARAMS(r0, 0x40505412, &(0x7f0000000180)={0x5, 0x200000022e})
readv(r0, &(0x7f0000000240)=[{&(0x7f00000013c0)=""/135}, {&(0x7f0000001480)=""/25}, {&(0x7f00000003c0)=""/4096, 0x8}], 0x20000000000002ca)

18:50:16 executing program 2:
ioctl$PERF_EVENT_IOC_MODIFY_ATTRIBUTES(0xffffffffffffffff, 0x4008240b, &(0x7f0000001980)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x5})
r0 = syz_open_dev$sndtimer(&(0x7f0000000080)='/dev/snd/timer\x00', 0x0, 0xa00)
ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000100)={{0x1}})
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
ioctl$SNDRV_TIMER_IOCTL_PARAMS(r0, 0x40505412, &(0x7f0000000180)={0x5, 0x200000022e})
readv(r0, &(0x7f0000000240)=[{&(0x7f00000013c0)=""/135}, {&(0x7f0000001480)=""/25}, {&(0x7f00000003c0)=""/4096, 0x8}], 0x20000000000002ca)

18:50:16 executing program 0:
r0 = socket$inet6(0xa, 0x2, 0x0)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x14e24}, 0x1c)
recvmmsg(r0, 0x0, 0x0, 0x0, 0x0)
connect$inet6(r0, &(0x7f00000002c0)={0xa, 0x4e24}, 0x1c)
sendmmsg(r0, &(0x7f00000092c0), 0x4ff, 0x0)
ppoll(&(0x7f0000000040)=[{r0, 0x2, 0x3000300}], 0x1, 0x0, 0x0, 0x0)

[  105.624739][   T25] audit: type=1804 audit(1572634216.819:58): pid=7776 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name=2F726F6F742F73797A6B616C6C65722D746573746469723234353335393938352F73797A6B616C6C65722E6954494374782F362F7374617409C0D2FEBCF9DF2DEAC8C177FF171248E91193513049F831550D6F7DE66CF637BDBF1311920C8A26EDA4DCC3783F9DB5116B34D31B0512A5608AAFF01E7952340CD6FD dev="sda1" ino=16596 res=1
18:50:17 executing program 4:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$sock_inet_tcp_SIOCINQ(r0, 0x5413, &(0x7f0000000040))

[  105.881602][   T25] audit: type=1804 audit(1572634216.979:59): pid=7782 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name=2F726F6F742F73797A6B616C6C65722D746573746469723832393635313635312F73797A6B616C6C65722E537A454158452F31322F7374617409C0D2FEBCF9DF2DEAC8C177FF171248E91193513049F831550D6F7DE66CF637BDBF1311920C8A26EDA4DCC3783F9DB5116B34D31B0512A5608AAFF01E7952340CD6FD dev="sda1" ino=16597 res=1
18:50:17 executing program 2:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x8914, &(0x7f0000000200)={'lo\x00@\x00', 0x1801})
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
pipe(&(0x7f00000001c0)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0)
ppoll(0x0, 0x0, &(0x7f0000000140), 0x0, 0x0)
r3 = socket(0x10, 0x802, 0x0)
write(r3, &(0x7f0000000000)="fc0000001c000705ab092506090007000aab08000400000002002593210001c000000000000000000000070000039815fa2c1ec28656aaa79bb9d95662070000bc000c00f0036c6c256f1a272fdf0d11512fd633d640007a01007a8934d07302ade01720d3d5bbc91a3e2e80772c05defd5a32e280fc83ab82f605f70cec18444eb29d3ef3d92c83170e5bba4a46143ae4f5566f91cf190201ded815b2ccd243f295ed94e0ad91bd0734babc7c3f2eeb57d43dffff10ded6dfd19cd27b45304dc30083df150c3b880f7f0046a60467b4d57155870258a10000c880ac801fe4af3d0041f0d48f6f0000080548deac270e33429fd31101350000000000", 0xfc)
setsockopt$inet_mreq(r3, 0x0, 0x527a9f31005bc384, 0x0, 0x35a)
lsetxattr$trusted_overlay_upper(0x0, &(0x7f0000000100)='trusted.overlay.upper\x00', 0x0, 0x0, 0x0)
ioctl$sock_SIOCSPGRP(0xffffffffffffffff, 0x8902, 0x0)
write$P9_RREMOVE(r1, 0x0, 0x102af785ef8793bb)
sendto$inet6(r2, 0x0, 0x0, 0x20000001, &(0x7f0000000040)={0xa, 0x2}, 0x1c)
ioctl$PPPIOCSCOMPRESS(0xffffffffffffffff, 0x4010744d)
splice(0xffffffffffffffff, 0x0, r1, 0x0, 0x1000000000000003, 0x0)
inotify_init1(0x0)
setsockopt$inet6_mtu(0xffffffffffffffff, 0x29, 0x17, 0x0, 0xffffffffffffffbd)
ioctl$EXT4_IOC_MOVE_EXT(0xffffffffffffffff, 0xc028660f, 0x0)
sendmsg$inet(0xffffffffffffffff, 0x0, 0x0)
ioctl$RNDGETENTCNT(0xffffffffffffffff, 0x80045200, 0x0)
pipe(&(0x7f0000000100)={<r4=>0xffffffffffffffff})
r5 = syz_open_dev$video(&(0x7f0000000040)='/dev/video#\x00', 0x8447, 0x0)
ioctl$VIDIOC_S_CTRL(r5, 0xc008561c, &(0x7f0000000140)={0x4000000000980912, 0x8})
vmsplice(r5, &(0x7f0000000080)=[{&(0x7f0000000240)='\n', 0x1}], 0x1, 0x2)
ioctl$TIOCGSID(r4, 0x5429, &(0x7f0000000180)=<r6=>0x0)
perf_event_open(0x0, r6, 0xe, 0xffffffffffffffff, 0x0)
ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000080)='/dev/snapshot\x00', 0x1, 0x0)
r7 = socket(0x10, 0x802, 0x0)
write(r7, &(0x7f0000000000)="fc0000001c000705ab092506090007000aab08000400000002002593210001c000000000000000000000070000039815fa2c1ec28656aaa79bb9d95662070000bc000c00f0036c6c256f1a272fdf0d11512fd633d640007a01007a8934d07302ade01720d3d5bbc91a3e2e80772c05defd5a32e280fc83ab82f605f70cec18444eb29d3ef3d92c83170e5bba4a46143ae4f5566f91cf190201ded815b2ccd243f295ed94e0ad91bd0734babc7c3f2eeb57d43dffff10ded6dfd19cd27b45304dc30083df150c3b880f7f0046a60467b4d57155870258a10000c880ac801fe4af3d0041f0d48f6f0000080548deac270e33429fd311", 0xf5)
sendto$packet(r7, &(0x7f0000000340), 0xfffffffffffffe06, 0x57, 0x0, 0x340)
ioctl$sock_inet_SIOCSIFFLAGS(0xffffffffffffffff, 0x8914, &(0x7f0000000000)={'lo\x00'})

[  106.217001][ T7801] netlink: 'syz-executor.2': attribute type 12 has an invalid length.
18:50:17 executing program 4:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$sock_inet_tcp_SIOCINQ(r0, 0x5413, &(0x7f0000000040))

18:50:17 executing program 1:
set_mempolicy(0x3, &(0x7f00000000c0)=0xfffffffffffffff7, 0x3)
r0 = getpid()
sched_setscheduler(r0, 0x5, &(0x7f0000000380))
r1 = getpid()
sched_setscheduler(r1, 0x5, &(0x7f0000000380))
r2 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0)
perf_event_open(0x0, r1, 0x0, r2, 0x11)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000140)={<r3=>r0, 0xffffffffffffffff, 0x0, 0x4, &(0x7f0000000000)='t\x00\x8c\x00'}, 0x30)
r4 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0xfffffffffffffffd}}, r3, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00', 0x275a, 0x0)
fallocate(0xffffffffffffffff, 0x0, 0x0, 0x0)
fcntl$setstatus(r4, 0x4, 0x42000)
ioctl$EXT4_IOC_MOVE_EXT(0xffffffffffffffff, 0xc028660f, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00', 0x275c, 0x0)
r5 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0)
write$binfmt_aout(r5, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194c871512e2249d01df96"], 0x16)
sendfile(r5, r5, &(0x7f00000001c0), 0x8080fffffffe)
ioctl$PIO_CMAP(r5, 0x4b71, &(0x7f0000000180)={0x20, 0x3, 0x5, 0x9, 0x0, 0xffffffffffffb9de})
syslog(0x4, &(0x7f0000000040)=""/4, 0x4)
syz_open_dev$loop(&(0x7f0000000240)='/dev/loop#\x00', 0x0, 0x0)
r6 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0)
fchdir(r6)
ioctl$BLKTRACESTOP(r6, 0x1275, 0x0)
prctl$PR_MCE_KILL_GET(0x22)
pipe2(&(0x7f0000000100)={0xffffffffffffffff, <r7=>0xffffffffffffffff}, 0x4000)
ioctl$SNDRV_SEQ_IOCTL_PVERSION(r7, 0x80045300, &(0x7f0000000080))

18:50:17 executing program 5:
r0 = socket$inet6(0xa, 0x2, 0x0)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x14e24}, 0x1c)
recvmmsg(r0, 0x0, 0x0, 0x0, 0x0)
connect$inet6(r0, &(0x7f00000002c0)={0xa, 0x4e24}, 0x1c)
sendmmsg(r0, &(0x7f00000092c0), 0x4ff, 0x0)
ppoll(&(0x7f0000000040)=[{r0, 0x2, 0x3000300}], 0x1, 0x0, 0x0, 0x0)

18:50:17 executing program 4:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$sock_inet_tcp_SIOCINQ(r0, 0x5413, &(0x7f0000000040))

[  106.799498][ T7801] netlink: 'syz-executor.2': attribute type 12 has an invalid length.
[  107.291235][   T25] audit: type=1804 audit(1572634218.479:60): pid=7818 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name=2F726F6F742F73797A6B616C6C65722D746573746469723832393635313635312F73797A6B616C6C65722E537A454158452F31332F7374617409C0D2FEBCF9DF2DEAC8C177FF171248E91193513049F831550D6F7DE66CF637BDBF1311920C8A26EDA4DCC3783F9DB5116B34D31B0512A5608AAFF01E7952340CD6FD dev="sda1" ino=16553 res=1
18:50:18 executing program 4:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$sock_inet_tcp_SIOCINQ(r0, 0x5413, &(0x7f0000000040))

18:50:18 executing program 0:
r0 = socket$inet6(0xa, 0x2, 0x0)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x14e24}, 0x1c)
recvmmsg(r0, 0x0, 0x0, 0x0, 0x0)
connect$inet6(r0, &(0x7f00000002c0)={0xa, 0x4e24}, 0x1c)
sendmmsg(r0, &(0x7f00000092c0), 0x4ff, 0x0)
ppoll(&(0x7f0000000040)=[{r0, 0x2, 0x3000300}], 0x1, 0x0, 0x0, 0x0)

18:50:18 executing program 2:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x8914, &(0x7f0000000200)={'lo\x00@\x00', 0x1801})
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
pipe(&(0x7f00000001c0)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0)
ppoll(0x0, 0x0, &(0x7f0000000140), 0x0, 0x0)
r3 = socket(0x10, 0x802, 0x0)
write(r3, &(0x7f0000000000)="fc0000001c000705ab092506090007000aab08000400000002002593210001c000000000000000000000070000039815fa2c1ec28656aaa79bb9d95662070000bc000c00f0036c6c256f1a272fdf0d11512fd633d640007a01007a8934d07302ade01720d3d5bbc91a3e2e80772c05defd5a32e280fc83ab82f605f70cec18444eb29d3ef3d92c83170e5bba4a46143ae4f5566f91cf190201ded815b2ccd243f295ed94e0ad91bd0734babc7c3f2eeb57d43dffff10ded6dfd19cd27b45304dc30083df150c3b880f7f0046a60467b4d57155870258a10000c880ac801fe4af3d0041f0d48f6f0000080548deac270e33429fd31101350000000000", 0xfc)
setsockopt$inet_mreq(r3, 0x0, 0x527a9f31005bc384, 0x0, 0x35a)
lsetxattr$trusted_overlay_upper(0x0, &(0x7f0000000100)='trusted.overlay.upper\x00', 0x0, 0x0, 0x0)
ioctl$sock_SIOCSPGRP(0xffffffffffffffff, 0x8902, 0x0)
write$P9_RREMOVE(r1, 0x0, 0x102af785ef8793bb)
sendto$inet6(r2, 0x0, 0x0, 0x20000001, &(0x7f0000000040)={0xa, 0x2}, 0x1c)
ioctl$PPPIOCSCOMPRESS(0xffffffffffffffff, 0x4010744d)
splice(0xffffffffffffffff, 0x0, r1, 0x0, 0x1000000000000003, 0x0)
inotify_init1(0x0)
setsockopt$inet6_mtu(0xffffffffffffffff, 0x29, 0x17, 0x0, 0xffffffffffffffbd)
ioctl$EXT4_IOC_MOVE_EXT(0xffffffffffffffff, 0xc028660f, 0x0)
sendmsg$inet(0xffffffffffffffff, 0x0, 0x0)
ioctl$RNDGETENTCNT(0xffffffffffffffff, 0x80045200, 0x0)
pipe(&(0x7f0000000100)={<r4=>0xffffffffffffffff})
r5 = syz_open_dev$video(&(0x7f0000000040)='/dev/video#\x00', 0x8447, 0x0)
ioctl$VIDIOC_S_CTRL(r5, 0xc008561c, &(0x7f0000000140)={0x4000000000980912, 0x8})
vmsplice(r5, &(0x7f0000000080)=[{&(0x7f0000000240)='\n', 0x1}], 0x1, 0x2)
ioctl$TIOCGSID(r4, 0x5429, &(0x7f0000000180)=<r6=>0x0)
perf_event_open(0x0, r6, 0xe, 0xffffffffffffffff, 0x0)
ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000080)='/dev/snapshot\x00', 0x1, 0x0)
r7 = socket(0x10, 0x802, 0x0)
write(r7, &(0x7f0000000000)="fc0000001c000705ab092506090007000aab08000400000002002593210001c000000000000000000000070000039815fa2c1ec28656aaa79bb9d95662070000bc000c00f0036c6c256f1a272fdf0d11512fd633d640007a01007a8934d07302ade01720d3d5bbc91a3e2e80772c05defd5a32e280fc83ab82f605f70cec18444eb29d3ef3d92c83170e5bba4a46143ae4f5566f91cf190201ded815b2ccd243f295ed94e0ad91bd0734babc7c3f2eeb57d43dffff10ded6dfd19cd27b45304dc30083df150c3b880f7f0046a60467b4d57155870258a10000c880ac801fe4af3d0041f0d48f6f0000080548deac270e33429fd311", 0xf5)
sendto$packet(r7, &(0x7f0000000340), 0xfffffffffffffe06, 0x57, 0x0, 0x340)
ioctl$sock_inet_SIOCSIFFLAGS(0xffffffffffffffff, 0x8914, &(0x7f0000000000)={'lo\x00'})

18:50:18 executing program 5:
r0 = socket$inet6(0xa, 0x2, 0x0)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x14e24}, 0x1c)
recvmmsg(r0, 0x0, 0x0, 0x0, 0x0)
connect$inet6(r0, &(0x7f00000002c0)={0xa, 0x4e24}, 0x1c)
sendmmsg(r0, &(0x7f00000092c0), 0x4ff, 0x0)
ppoll(&(0x7f0000000040)=[{r0, 0x2, 0x3000300}], 0x1, 0x0, 0x0, 0x0)

18:50:18 executing program 3:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x8914, &(0x7f0000000200)={'lo\x00@\x00', 0x1801})
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
pipe(&(0x7f00000001c0)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0)
ppoll(0x0, 0x0, &(0x7f0000000140), 0x0, 0x0)
r3 = socket(0x10, 0x802, 0x0)
write(r3, &(0x7f0000000000)="fc0000001c000705ab092506090007000aab08000400000002002593210001c000000000000000000000070000039815fa2c1ec28656aaa79bb9d95662070000bc000c00f0036c6c256f1a272fdf0d11512fd633d640007a01007a8934d07302ade01720d3d5bbc91a3e2e80772c05defd5a32e280fc83ab82f605f70cec18444eb29d3ef3d92c83170e5bba4a46143ae4f5566f91cf190201ded815b2ccd243f295ed94e0ad91bd0734babc7c3f2eeb57d43dffff10ded6dfd19cd27b45304dc30083df150c3b880f7f0046a60467b4d57155870258a10000c880ac801fe4af3d0041f0d48f6f0000080548deac270e33429fd31101350000000000", 0xfc)
setsockopt$inet_mreq(r3, 0x0, 0x527a9f31005bc384, 0x0, 0x35a)
lsetxattr$trusted_overlay_upper(0x0, &(0x7f0000000100)='trusted.overlay.upper\x00', 0x0, 0x0, 0x0)
ioctl$sock_SIOCSPGRP(0xffffffffffffffff, 0x8902, 0x0)
write$P9_RREMOVE(r1, 0x0, 0x102af785ef8793bb)
sendto$inet6(r2, 0x0, 0x0, 0x20000001, &(0x7f0000000040)={0xa, 0x2}, 0x1c)
ioctl$PPPIOCSCOMPRESS(0xffffffffffffffff, 0x4010744d)
splice(0xffffffffffffffff, 0x0, r1, 0x0, 0x1000000000000003, 0x0)
inotify_init1(0x0)
setsockopt$inet6_mtu(0xffffffffffffffff, 0x29, 0x17, 0x0, 0xffffffffffffffbd)
ioctl$EXT4_IOC_MOVE_EXT(0xffffffffffffffff, 0xc028660f, 0x0)
sendmsg$inet(0xffffffffffffffff, 0x0, 0x0)
ioctl$RNDGETENTCNT(0xffffffffffffffff, 0x80045200, 0x0)
pipe(&(0x7f0000000100)={<r4=>0xffffffffffffffff})
r5 = syz_open_dev$video(&(0x7f0000000040)='/dev/video#\x00', 0x8447, 0x0)
ioctl$VIDIOC_S_CTRL(r5, 0xc008561c, &(0x7f0000000140)={0x4000000000980912, 0x8})
vmsplice(r5, &(0x7f0000000080)=[{&(0x7f0000000240)='\n', 0x1}], 0x1, 0x2)
ioctl$TIOCGSID(r4, 0x5429, &(0x7f0000000180)=<r6=>0x0)
perf_event_open(0x0, r6, 0xe, 0xffffffffffffffff, 0x0)
ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000080)='/dev/snapshot\x00', 0x1, 0x0)
r7 = socket(0x10, 0x802, 0x0)
write(r7, &(0x7f0000000000)="fc0000001c000705ab092506090007000aab08000400000002002593210001c000000000000000000000070000039815fa2c1ec28656aaa79bb9d95662070000bc000c00f0036c6c256f1a272fdf0d11512fd633d640007a01007a8934d07302ade01720d3d5bbc91a3e2e80772c05defd5a32e280fc83ab82f605f70cec18444eb29d3ef3d92c83170e5bba4a46143ae4f5566f91cf190201ded815b2ccd243f295ed94e0ad91bd0734babc7c3f2eeb57d43dffff10ded6dfd19cd27b45304dc30083df150c3b880f7f0046a60467b4d57155870258a10000c880ac801fe4af3d0041f0d48f6f0000080548deac270e33429fd311", 0xf5)
sendto$packet(r7, &(0x7f0000000340), 0xfffffffffffffe06, 0x57, 0x0, 0x340)
ioctl$sock_inet_SIOCSIFFLAGS(0xffffffffffffffff, 0x8914, &(0x7f0000000000)={'lo\x00'})

[  107.844979][ T7829] netlink: 'syz-executor.2': attribute type 12 has an invalid length.
[  107.901847][ T7837] netlink: 'syz-executor.3': attribute type 12 has an invalid length.
18:50:19 executing program 4:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x8914, &(0x7f0000000200)={'lo\x00@\x00', 0x1801})
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
pipe(&(0x7f00000001c0)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0)
ppoll(0x0, 0x0, &(0x7f0000000140), 0x0, 0x0)
r3 = socket(0x10, 0x802, 0x0)
write(r3, &(0x7f0000000000)="fc0000001c000705ab092506090007000aab08000400000002002593210001c000000000000000000000070000039815fa2c1ec28656aaa79bb9d95662070000bc000c00f0036c6c256f1a272fdf0d11512fd633d640007a01007a8934d07302ade01720d3d5bbc91a3e2e80772c05defd5a32e280fc83ab82f605f70cec18444eb29d3ef3d92c83170e5bba4a46143ae4f5566f91cf190201ded815b2ccd243f295ed94e0ad91bd0734babc7c3f2eeb57d43dffff10ded6dfd19cd27b45304dc30083df150c3b880f7f0046a60467b4d57155870258a10000c880ac801fe4af3d0041f0d48f6f0000080548deac270e33429fd31101350000000000", 0xfc)
setsockopt$inet_mreq(r3, 0x0, 0x527a9f31005bc384, 0x0, 0x35a)
lsetxattr$trusted_overlay_upper(0x0, &(0x7f0000000100)='trusted.overlay.upper\x00', 0x0, 0x0, 0x0)
ioctl$sock_SIOCSPGRP(0xffffffffffffffff, 0x8902, 0x0)
write$P9_RREMOVE(r1, 0x0, 0x102af785ef8793bb)
sendto$inet6(r2, 0x0, 0x0, 0x20000001, &(0x7f0000000040)={0xa, 0x2}, 0x1c)
ioctl$PPPIOCSCOMPRESS(0xffffffffffffffff, 0x4010744d)
splice(0xffffffffffffffff, 0x0, r1, 0x0, 0x1000000000000003, 0x0)
inotify_init1(0x0)
setsockopt$inet6_mtu(0xffffffffffffffff, 0x29, 0x17, 0x0, 0xffffffffffffffbd)
ioctl$EXT4_IOC_MOVE_EXT(0xffffffffffffffff, 0xc028660f, 0x0)
sendmsg$inet(0xffffffffffffffff, 0x0, 0x0)
ioctl$RNDGETENTCNT(0xffffffffffffffff, 0x80045200, 0x0)
pipe(&(0x7f0000000100)={<r4=>0xffffffffffffffff})
r5 = syz_open_dev$video(&(0x7f0000000040)='/dev/video#\x00', 0x8447, 0x0)
ioctl$VIDIOC_S_CTRL(r5, 0xc008561c, &(0x7f0000000140)={0x4000000000980912, 0x8})
vmsplice(r5, &(0x7f0000000080)=[{&(0x7f0000000240)='\n', 0x1}], 0x1, 0x2)
ioctl$TIOCGSID(r4, 0x5429, &(0x7f0000000180)=<r6=>0x0)
perf_event_open(0x0, r6, 0xe, 0xffffffffffffffff, 0x0)
ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000080)='/dev/snapshot\x00', 0x1, 0x0)
r7 = socket(0x10, 0x802, 0x0)
write(r7, &(0x7f0000000000)="fc0000001c000705ab092506090007000aab08000400000002002593210001c000000000000000000000070000039815fa2c1ec28656aaa79bb9d95662070000bc000c00f0036c6c256f1a272fdf0d11512fd633d640007a01007a8934d07302ade01720d3d5bbc91a3e2e80772c05defd5a32e280fc83ab82f605f70cec18444eb29d3ef3d92c83170e5bba4a46143ae4f5566f91cf190201ded815b2ccd243f295ed94e0ad91bd0734babc7c3f2eeb57d43dffff10ded6dfd19cd27b45304dc30083df150c3b880f7f0046a60467b4d57155870258a10000c880ac801fe4af3d0041f0d48f6f0000080548deac270e33429fd311", 0xf5)
sendto$packet(r7, &(0x7f0000000340), 0xfffffffffffffe06, 0x57, 0x0, 0x340)
ioctl$sock_inet_SIOCSIFFLAGS(0xffffffffffffffff, 0x8914, &(0x7f0000000000)={'lo\x00'})

[  108.150623][ T7841] netlink: 'syz-executor.4': attribute type 12 has an invalid length.
18:50:19 executing program 1:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x8914, &(0x7f0000000200)={'lo\x00@\x00', 0x1801})
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
pipe(&(0x7f00000001c0)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0)
ppoll(0x0, 0x0, &(0x7f0000000140), 0x0, 0x0)
r3 = socket(0x10, 0x802, 0x0)
write(r3, &(0x7f0000000000)="fc0000001c000705ab092506090007000aab08000400000002002593210001c000000000000000000000070000039815fa2c1ec28656aaa79bb9d95662070000bc000c00f0036c6c256f1a272fdf0d11512fd633d640007a01007a8934d07302ade01720d3d5bbc91a3e2e80772c05defd5a32e280fc83ab82f605f70cec18444eb29d3ef3d92c83170e5bba4a46143ae4f5566f91cf190201ded815b2ccd243f295ed94e0ad91bd0734babc7c3f2eeb57d43dffff10ded6dfd19cd27b45304dc30083df150c3b880f7f0046a60467b4d57155870258a10000c880ac801fe4af3d0041f0d48f6f0000080548deac270e33429fd31101350000000000", 0xfc)
setsockopt$inet_mreq(r3, 0x0, 0x527a9f31005bc384, 0x0, 0x35a)
lsetxattr$trusted_overlay_upper(0x0, &(0x7f0000000100)='trusted.overlay.upper\x00', 0x0, 0x0, 0x0)
ioctl$sock_SIOCSPGRP(0xffffffffffffffff, 0x8902, 0x0)
write$P9_RREMOVE(r1, 0x0, 0x102af785ef8793bb)
sendto$inet6(r2, 0x0, 0x0, 0x20000001, &(0x7f0000000040)={0xa, 0x2}, 0x1c)
ioctl$PPPIOCSCOMPRESS(0xffffffffffffffff, 0x4010744d)
splice(0xffffffffffffffff, 0x0, r1, 0x0, 0x1000000000000003, 0x0)
inotify_init1(0x0)
setsockopt$inet6_mtu(0xffffffffffffffff, 0x29, 0x17, 0x0, 0xffffffffffffffbd)
ioctl$EXT4_IOC_MOVE_EXT(0xffffffffffffffff, 0xc028660f, 0x0)
sendmsg$inet(0xffffffffffffffff, 0x0, 0x0)
ioctl$RNDGETENTCNT(0xffffffffffffffff, 0x80045200, 0x0)
pipe(&(0x7f0000000100)={<r4=>0xffffffffffffffff})
r5 = syz_open_dev$video(&(0x7f0000000040)='/dev/video#\x00', 0x8447, 0x0)
ioctl$VIDIOC_S_CTRL(r5, 0xc008561c, &(0x7f0000000140)={0x4000000000980912, 0x8})
vmsplice(r5, &(0x7f0000000080)=[{&(0x7f0000000240)='\n', 0x1}], 0x1, 0x2)
ioctl$TIOCGSID(r4, 0x5429, &(0x7f0000000180)=<r6=>0x0)
perf_event_open(0x0, r6, 0xe, 0xffffffffffffffff, 0x0)
ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000080)='/dev/snapshot\x00', 0x1, 0x0)
r7 = socket(0x10, 0x802, 0x0)
write(r7, &(0x7f0000000000)="fc0000001c000705ab092506090007000aab08000400000002002593210001c000000000000000000000070000039815fa2c1ec28656aaa79bb9d95662070000bc000c00f0036c6c256f1a272fdf0d11512fd633d640007a01007a8934d07302ade01720d3d5bbc91a3e2e80772c05defd5a32e280fc83ab82f605f70cec18444eb29d3ef3d92c83170e5bba4a46143ae4f5566f91cf190201ded815b2ccd243f295ed94e0ad91bd0734babc7c3f2eeb57d43dffff10ded6dfd19cd27b45304dc30083df150c3b880f7f0046a60467b4d57155870258a10000c880ac801fe4af3d0041f0d48f6f0000080548deac270e33429fd311", 0xf5)
sendto$packet(r7, &(0x7f0000000340), 0xfffffffffffffe06, 0x57, 0x0, 0x340)
ioctl$sock_inet_SIOCSIFFLAGS(0xffffffffffffffff, 0x8914, &(0x7f0000000000)={'lo\x00'})

[  108.469419][ T7845] netlink: 'syz-executor.1': attribute type 12 has an invalid length.
18:50:19 executing program 0:
r0 = socket$inet6(0xa, 0x2, 0x0)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x14e24}, 0x1c)
recvmmsg(r0, 0x0, 0x0, 0x0, 0x0)
connect$inet6(r0, &(0x7f00000002c0)={0xa, 0x4e24}, 0x1c)
sendmmsg(r0, &(0x7f00000092c0), 0x4ff, 0x0)
ppoll(&(0x7f0000000040)=[{r0, 0x2, 0x3000300}], 0x1, 0x0, 0x0, 0x0)

18:50:19 executing program 5:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x8914, &(0x7f0000000200)={'lo\x00@\x00', 0x1801})
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
pipe(&(0x7f00000001c0)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0)
ppoll(0x0, 0x0, &(0x7f0000000140), 0x0, 0x0)
r3 = socket(0x10, 0x802, 0x0)
write(r3, &(0x7f0000000000)="fc0000001c000705ab092506090007000aab08000400000002002593210001c000000000000000000000070000039815fa2c1ec28656aaa79bb9d95662070000bc000c00f0036c6c256f1a272fdf0d11512fd633d640007a01007a8934d07302ade01720d3d5bbc91a3e2e80772c05defd5a32e280fc83ab82f605f70cec18444eb29d3ef3d92c83170e5bba4a46143ae4f5566f91cf190201ded815b2ccd243f295ed94e0ad91bd0734babc7c3f2eeb57d43dffff10ded6dfd19cd27b45304dc30083df150c3b880f7f0046a60467b4d57155870258a10000c880ac801fe4af3d0041f0d48f6f0000080548deac270e33429fd31101350000000000", 0xfc)
setsockopt$inet_mreq(r3, 0x0, 0x527a9f31005bc384, 0x0, 0x35a)
lsetxattr$trusted_overlay_upper(0x0, &(0x7f0000000100)='trusted.overlay.upper\x00', 0x0, 0x0, 0x0)
ioctl$sock_SIOCSPGRP(0xffffffffffffffff, 0x8902, 0x0)
write$P9_RREMOVE(r1, 0x0, 0x102af785ef8793bb)
sendto$inet6(r2, 0x0, 0x0, 0x20000001, &(0x7f0000000040)={0xa, 0x2}, 0x1c)
ioctl$PPPIOCSCOMPRESS(0xffffffffffffffff, 0x4010744d)
splice(0xffffffffffffffff, 0x0, r1, 0x0, 0x1000000000000003, 0x0)
inotify_init1(0x0)
setsockopt$inet6_mtu(0xffffffffffffffff, 0x29, 0x17, 0x0, 0xffffffffffffffbd)
ioctl$EXT4_IOC_MOVE_EXT(0xffffffffffffffff, 0xc028660f, 0x0)
sendmsg$inet(0xffffffffffffffff, 0x0, 0x0)
ioctl$RNDGETENTCNT(0xffffffffffffffff, 0x80045200, 0x0)
pipe(&(0x7f0000000100)={<r4=>0xffffffffffffffff})
r5 = syz_open_dev$video(&(0x7f0000000040)='/dev/video#\x00', 0x8447, 0x0)
ioctl$VIDIOC_S_CTRL(r5, 0xc008561c, &(0x7f0000000140)={0x4000000000980912, 0x8})
vmsplice(r5, &(0x7f0000000080)=[{&(0x7f0000000240)='\n', 0x1}], 0x1, 0x2)
ioctl$TIOCGSID(r4, 0x5429, &(0x7f0000000180)=<r6=>0x0)
perf_event_open(0x0, r6, 0xe, 0xffffffffffffffff, 0x0)
ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000080)='/dev/snapshot\x00', 0x1, 0x0)
r7 = socket(0x10, 0x802, 0x0)
write(r7, &(0x7f0000000000)="fc0000001c000705ab092506090007000aab08000400000002002593210001c000000000000000000000070000039815fa2c1ec28656aaa79bb9d95662070000bc000c00f0036c6c256f1a272fdf0d11512fd633d640007a01007a8934d07302ade01720d3d5bbc91a3e2e80772c05defd5a32e280fc83ab82f605f70cec18444eb29d3ef3d92c83170e5bba4a46143ae4f5566f91cf190201ded815b2ccd243f295ed94e0ad91bd0734babc7c3f2eeb57d43dffff10ded6dfd19cd27b45304dc30083df150c3b880f7f0046a60467b4d57155870258a10000c880ac801fe4af3d0041f0d48f6f0000080548deac270e33429fd311", 0xf5)
sendto$packet(r7, &(0x7f0000000340), 0xfffffffffffffe06, 0x57, 0x0, 0x340)
ioctl$sock_inet_SIOCSIFFLAGS(0xffffffffffffffff, 0x8914, &(0x7f0000000000)={'lo\x00'})

18:50:20 executing program 3:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x8914, &(0x7f0000000200)={'lo\x00@\x00', 0x1801})
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
pipe(&(0x7f00000001c0)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0)
ppoll(0x0, 0x0, &(0x7f0000000140), 0x0, 0x0)
r3 = socket(0x10, 0x802, 0x0)
write(r3, &(0x7f0000000000)="fc0000001c000705ab092506090007000aab08000400000002002593210001c000000000000000000000070000039815fa2c1ec28656aaa79bb9d95662070000bc000c00f0036c6c256f1a272fdf0d11512fd633d640007a01007a8934d07302ade01720d3d5bbc91a3e2e80772c05defd5a32e280fc83ab82f605f70cec18444eb29d3ef3d92c83170e5bba4a46143ae4f5566f91cf190201ded815b2ccd243f295ed94e0ad91bd0734babc7c3f2eeb57d43dffff10ded6dfd19cd27b45304dc30083df150c3b880f7f0046a60467b4d57155870258a10000c880ac801fe4af3d0041f0d48f6f0000080548deac270e33429fd31101350000000000", 0xfc)
setsockopt$inet_mreq(r3, 0x0, 0x527a9f31005bc384, 0x0, 0x35a)
lsetxattr$trusted_overlay_upper(0x0, &(0x7f0000000100)='trusted.overlay.upper\x00', 0x0, 0x0, 0x0)
ioctl$sock_SIOCSPGRP(0xffffffffffffffff, 0x8902, 0x0)
write$P9_RREMOVE(r1, 0x0, 0x102af785ef8793bb)
sendto$inet6(r2, 0x0, 0x0, 0x20000001, &(0x7f0000000040)={0xa, 0x2}, 0x1c)
ioctl$PPPIOCSCOMPRESS(0xffffffffffffffff, 0x4010744d)
splice(0xffffffffffffffff, 0x0, r1, 0x0, 0x1000000000000003, 0x0)
inotify_init1(0x0)
setsockopt$inet6_mtu(0xffffffffffffffff, 0x29, 0x17, 0x0, 0xffffffffffffffbd)
ioctl$EXT4_IOC_MOVE_EXT(0xffffffffffffffff, 0xc028660f, 0x0)
sendmsg$inet(0xffffffffffffffff, 0x0, 0x0)
ioctl$RNDGETENTCNT(0xffffffffffffffff, 0x80045200, 0x0)
pipe(&(0x7f0000000100)={<r4=>0xffffffffffffffff})
r5 = syz_open_dev$video(&(0x7f0000000040)='/dev/video#\x00', 0x8447, 0x0)
ioctl$VIDIOC_S_CTRL(r5, 0xc008561c, &(0x7f0000000140)={0x4000000000980912, 0x8})
vmsplice(r5, &(0x7f0000000080)=[{&(0x7f0000000240)='\n', 0x1}], 0x1, 0x2)
ioctl$TIOCGSID(r4, 0x5429, &(0x7f0000000180)=<r6=>0x0)
perf_event_open(0x0, r6, 0xe, 0xffffffffffffffff, 0x0)
ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000080)='/dev/snapshot\x00', 0x1, 0x0)
r7 = socket(0x10, 0x802, 0x0)
write(r7, &(0x7f0000000000)="fc0000001c000705ab092506090007000aab08000400000002002593210001c000000000000000000000070000039815fa2c1ec28656aaa79bb9d95662070000bc000c00f0036c6c256f1a272fdf0d11512fd633d640007a01007a8934d07302ade01720d3d5bbc91a3e2e80772c05defd5a32e280fc83ab82f605f70cec18444eb29d3ef3d92c83170e5bba4a46143ae4f5566f91cf190201ded815b2ccd243f295ed94e0ad91bd0734babc7c3f2eeb57d43dffff10ded6dfd19cd27b45304dc30083df150c3b880f7f0046a60467b4d57155870258a10000c880ac801fe4af3d0041f0d48f6f0000080548deac270e33429fd311", 0xf5)
sendto$packet(r7, &(0x7f0000000340), 0xfffffffffffffe06, 0x57, 0x0, 0x340)
ioctl$sock_inet_SIOCSIFFLAGS(0xffffffffffffffff, 0x8914, &(0x7f0000000000)={'lo\x00'})

18:50:20 executing program 2:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x8914, &(0x7f0000000200)={'lo\x00@\x00', 0x1801})
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
pipe(&(0x7f00000001c0)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0)
ppoll(0x0, 0x0, &(0x7f0000000140), 0x0, 0x0)
r3 = socket(0x10, 0x802, 0x0)
write(r3, &(0x7f0000000000)="fc0000001c000705ab092506090007000aab08000400000002002593210001c000000000000000000000070000039815fa2c1ec28656aaa79bb9d95662070000bc000c00f0036c6c256f1a272fdf0d11512fd633d640007a01007a8934d07302ade01720d3d5bbc91a3e2e80772c05defd5a32e280fc83ab82f605f70cec18444eb29d3ef3d92c83170e5bba4a46143ae4f5566f91cf190201ded815b2ccd243f295ed94e0ad91bd0734babc7c3f2eeb57d43dffff10ded6dfd19cd27b45304dc30083df150c3b880f7f0046a60467b4d57155870258a10000c880ac801fe4af3d0041f0d48f6f0000080548deac270e33429fd31101350000000000", 0xfc)
setsockopt$inet_mreq(r3, 0x0, 0x527a9f31005bc384, 0x0, 0x35a)
lsetxattr$trusted_overlay_upper(0x0, &(0x7f0000000100)='trusted.overlay.upper\x00', 0x0, 0x0, 0x0)
ioctl$sock_SIOCSPGRP(0xffffffffffffffff, 0x8902, 0x0)
write$P9_RREMOVE(r1, 0x0, 0x102af785ef8793bb)
sendto$inet6(r2, 0x0, 0x0, 0x20000001, &(0x7f0000000040)={0xa, 0x2}, 0x1c)
ioctl$PPPIOCSCOMPRESS(0xffffffffffffffff, 0x4010744d)
splice(0xffffffffffffffff, 0x0, r1, 0x0, 0x1000000000000003, 0x0)
inotify_init1(0x0)
setsockopt$inet6_mtu(0xffffffffffffffff, 0x29, 0x17, 0x0, 0xffffffffffffffbd)
ioctl$EXT4_IOC_MOVE_EXT(0xffffffffffffffff, 0xc028660f, 0x0)
sendmsg$inet(0xffffffffffffffff, 0x0, 0x0)
ioctl$RNDGETENTCNT(0xffffffffffffffff, 0x80045200, 0x0)
pipe(&(0x7f0000000100)={<r4=>0xffffffffffffffff})
r5 = syz_open_dev$video(&(0x7f0000000040)='/dev/video#\x00', 0x8447, 0x0)
ioctl$VIDIOC_S_CTRL(r5, 0xc008561c, &(0x7f0000000140)={0x4000000000980912, 0x8})
vmsplice(r5, &(0x7f0000000080)=[{&(0x7f0000000240)='\n', 0x1}], 0x1, 0x2)
ioctl$TIOCGSID(r4, 0x5429, &(0x7f0000000180)=<r6=>0x0)
perf_event_open(0x0, r6, 0xe, 0xffffffffffffffff, 0x0)
ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000080)='/dev/snapshot\x00', 0x1, 0x0)
r7 = socket(0x10, 0x802, 0x0)
write(r7, &(0x7f0000000000)="fc0000001c000705ab092506090007000aab08000400000002002593210001c000000000000000000000070000039815fa2c1ec28656aaa79bb9d95662070000bc000c00f0036c6c256f1a272fdf0d11512fd633d640007a01007a8934d07302ade01720d3d5bbc91a3e2e80772c05defd5a32e280fc83ab82f605f70cec18444eb29d3ef3d92c83170e5bba4a46143ae4f5566f91cf190201ded815b2ccd243f295ed94e0ad91bd0734babc7c3f2eeb57d43dffff10ded6dfd19cd27b45304dc30083df150c3b880f7f0046a60467b4d57155870258a10000c880ac801fe4af3d0041f0d48f6f0000080548deac270e33429fd311", 0xf5)
sendto$packet(r7, &(0x7f0000000340), 0xfffffffffffffe06, 0x57, 0x0, 0x340)
ioctl$sock_inet_SIOCSIFFLAGS(0xffffffffffffffff, 0x8914, &(0x7f0000000000)={'lo\x00'})

18:50:20 executing program 1:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x8914, &(0x7f0000000200)={'lo\x00@\x00', 0x1801})
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
pipe(&(0x7f00000001c0)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0)
ppoll(0x0, 0x0, &(0x7f0000000140), 0x0, 0x0)
r3 = socket(0x10, 0x802, 0x0)
write(r3, &(0x7f0000000000)="fc0000001c000705ab092506090007000aab08000400000002002593210001c000000000000000000000070000039815fa2c1ec28656aaa79bb9d95662070000bc000c00f0036c6c256f1a272fdf0d11512fd633d640007a01007a8934d07302ade01720d3d5bbc91a3e2e80772c05defd5a32e280fc83ab82f605f70cec18444eb29d3ef3d92c83170e5bba4a46143ae4f5566f91cf190201ded815b2ccd243f295ed94e0ad91bd0734babc7c3f2eeb57d43dffff10ded6dfd19cd27b45304dc30083df150c3b880f7f0046a60467b4d57155870258a10000c880ac801fe4af3d0041f0d48f6f0000080548deac270e33429fd31101350000000000", 0xfc)
setsockopt$inet_mreq(r3, 0x0, 0x527a9f31005bc384, 0x0, 0x35a)
lsetxattr$trusted_overlay_upper(0x0, &(0x7f0000000100)='trusted.overlay.upper\x00', 0x0, 0x0, 0x0)
ioctl$sock_SIOCSPGRP(0xffffffffffffffff, 0x8902, 0x0)
write$P9_RREMOVE(r1, 0x0, 0x102af785ef8793bb)
sendto$inet6(r2, 0x0, 0x0, 0x20000001, &(0x7f0000000040)={0xa, 0x2}, 0x1c)
ioctl$PPPIOCSCOMPRESS(0xffffffffffffffff, 0x4010744d)
splice(0xffffffffffffffff, 0x0, r1, 0x0, 0x1000000000000003, 0x0)
inotify_init1(0x0)
setsockopt$inet6_mtu(0xffffffffffffffff, 0x29, 0x17, 0x0, 0xffffffffffffffbd)
ioctl$EXT4_IOC_MOVE_EXT(0xffffffffffffffff, 0xc028660f, 0x0)
sendmsg$inet(0xffffffffffffffff, 0x0, 0x0)
ioctl$RNDGETENTCNT(0xffffffffffffffff, 0x80045200, 0x0)
pipe(&(0x7f0000000100)={<r4=>0xffffffffffffffff})
r5 = syz_open_dev$video(&(0x7f0000000040)='/dev/video#\x00', 0x8447, 0x0)
ioctl$VIDIOC_S_CTRL(r5, 0xc008561c, &(0x7f0000000140)={0x4000000000980912, 0x8})
vmsplice(r5, &(0x7f0000000080)=[{&(0x7f0000000240)='\n', 0x1}], 0x1, 0x2)
ioctl$TIOCGSID(r4, 0x5429, &(0x7f0000000180)=<r6=>0x0)
perf_event_open(0x0, r6, 0xe, 0xffffffffffffffff, 0x0)
ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000080)='/dev/snapshot\x00', 0x1, 0x0)
r7 = socket(0x10, 0x802, 0x0)
write(r7, &(0x7f0000000000)="fc0000001c000705ab092506090007000aab08000400000002002593210001c000000000000000000000070000039815fa2c1ec28656aaa79bb9d95662070000bc000c00f0036c6c256f1a272fdf0d11512fd633d640007a01007a8934d07302ade01720d3d5bbc91a3e2e80772c05defd5a32e280fc83ab82f605f70cec18444eb29d3ef3d92c83170e5bba4a46143ae4f5566f91cf190201ded815b2ccd243f295ed94e0ad91bd0734babc7c3f2eeb57d43dffff10ded6dfd19cd27b45304dc30083df150c3b880f7f0046a60467b4d57155870258a10000c880ac801fe4af3d0041f0d48f6f0000080548deac270e33429fd311", 0xf5)
sendto$packet(r7, &(0x7f0000000340), 0xfffffffffffffe06, 0x57, 0x0, 0x340)
ioctl$sock_inet_SIOCSIFFLAGS(0xffffffffffffffff, 0x8914, &(0x7f0000000000)={'lo\x00'})

18:50:20 executing program 4:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x8914, &(0x7f0000000200)={'lo\x00@\x00', 0x1801})
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
pipe(&(0x7f00000001c0)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0)
ppoll(0x0, 0x0, &(0x7f0000000140), 0x0, 0x0)
r3 = socket(0x10, 0x802, 0x0)
write(r3, &(0x7f0000000000)="fc0000001c000705ab092506090007000aab08000400000002002593210001c000000000000000000000070000039815fa2c1ec28656aaa79bb9d95662070000bc000c00f0036c6c256f1a272fdf0d11512fd633d640007a01007a8934d07302ade01720d3d5bbc91a3e2e80772c05defd5a32e280fc83ab82f605f70cec18444eb29d3ef3d92c83170e5bba4a46143ae4f5566f91cf190201ded815b2ccd243f295ed94e0ad91bd0734babc7c3f2eeb57d43dffff10ded6dfd19cd27b45304dc30083df150c3b880f7f0046a60467b4d57155870258a10000c880ac801fe4af3d0041f0d48f6f0000080548deac270e33429fd31101350000000000", 0xfc)
setsockopt$inet_mreq(r3, 0x0, 0x527a9f31005bc384, 0x0, 0x35a)
lsetxattr$trusted_overlay_upper(0x0, &(0x7f0000000100)='trusted.overlay.upper\x00', 0x0, 0x0, 0x0)
ioctl$sock_SIOCSPGRP(0xffffffffffffffff, 0x8902, 0x0)
write$P9_RREMOVE(r1, 0x0, 0x102af785ef8793bb)
sendto$inet6(r2, 0x0, 0x0, 0x20000001, &(0x7f0000000040)={0xa, 0x2}, 0x1c)
ioctl$PPPIOCSCOMPRESS(0xffffffffffffffff, 0x4010744d)
splice(0xffffffffffffffff, 0x0, r1, 0x0, 0x1000000000000003, 0x0)
inotify_init1(0x0)
setsockopt$inet6_mtu(0xffffffffffffffff, 0x29, 0x17, 0x0, 0xffffffffffffffbd)
ioctl$EXT4_IOC_MOVE_EXT(0xffffffffffffffff, 0xc028660f, 0x0)
sendmsg$inet(0xffffffffffffffff, 0x0, 0x0)
ioctl$RNDGETENTCNT(0xffffffffffffffff, 0x80045200, 0x0)
pipe(&(0x7f0000000100)={<r4=>0xffffffffffffffff})
r5 = syz_open_dev$video(&(0x7f0000000040)='/dev/video#\x00', 0x8447, 0x0)
ioctl$VIDIOC_S_CTRL(r5, 0xc008561c, &(0x7f0000000140)={0x4000000000980912, 0x8})
vmsplice(r5, &(0x7f0000000080)=[{&(0x7f0000000240)='\n', 0x1}], 0x1, 0x2)
ioctl$TIOCGSID(r4, 0x5429, &(0x7f0000000180)=<r6=>0x0)
perf_event_open(0x0, r6, 0xe, 0xffffffffffffffff, 0x0)
ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000080)='/dev/snapshot\x00', 0x1, 0x0)
r7 = socket(0x10, 0x802, 0x0)
write(r7, &(0x7f0000000000)="fc0000001c000705ab092506090007000aab08000400000002002593210001c000000000000000000000070000039815fa2c1ec28656aaa79bb9d95662070000bc000c00f0036c6c256f1a272fdf0d11512fd633d640007a01007a8934d07302ade01720d3d5bbc91a3e2e80772c05defd5a32e280fc83ab82f605f70cec18444eb29d3ef3d92c83170e5bba4a46143ae4f5566f91cf190201ded815b2ccd243f295ed94e0ad91bd0734babc7c3f2eeb57d43dffff10ded6dfd19cd27b45304dc30083df150c3b880f7f0046a60467b4d57155870258a10000c880ac801fe4af3d0041f0d48f6f0000080548deac270e33429fd311", 0xf5)
sendto$packet(r7, &(0x7f0000000340), 0xfffffffffffffe06, 0x57, 0x0, 0x340)
ioctl$sock_inet_SIOCSIFFLAGS(0xffffffffffffffff, 0x8914, &(0x7f0000000000)={'lo\x00'})

[  108.951892][ T7853] netlink: 'syz-executor.5': attribute type 12 has an invalid length.
[  109.111188][ T7860] netlink: 'syz-executor.3': attribute type 12 has an invalid length.
[  109.138214][ T7862] netlink: 'syz-executor.4': attribute type 12 has an invalid length.
[  109.195321][ T7870] netlink: 'syz-executor.1': attribute type 12 has an invalid length.
18:50:20 executing program 5:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x8914, &(0x7f0000000200)={'lo\x00@\x00', 0x1801})
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
pipe(&(0x7f00000001c0)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0)
ppoll(0x0, 0x0, &(0x7f0000000140), 0x0, 0x0)
r3 = socket(0x10, 0x802, 0x0)
write(r3, &(0x7f0000000000)="fc0000001c000705ab092506090007000aab08000400000002002593210001c000000000000000000000070000039815fa2c1ec28656aaa79bb9d95662070000bc000c00f0036c6c256f1a272fdf0d11512fd633d640007a01007a8934d07302ade01720d3d5bbc91a3e2e80772c05defd5a32e280fc83ab82f605f70cec18444eb29d3ef3d92c83170e5bba4a46143ae4f5566f91cf190201ded815b2ccd243f295ed94e0ad91bd0734babc7c3f2eeb57d43dffff10ded6dfd19cd27b45304dc30083df150c3b880f7f0046a60467b4d57155870258a10000c880ac801fe4af3d0041f0d48f6f0000080548deac270e33429fd31101350000000000", 0xfc)
setsockopt$inet_mreq(r3, 0x0, 0x527a9f31005bc384, 0x0, 0x35a)
lsetxattr$trusted_overlay_upper(0x0, &(0x7f0000000100)='trusted.overlay.upper\x00', 0x0, 0x0, 0x0)
ioctl$sock_SIOCSPGRP(0xffffffffffffffff, 0x8902, 0x0)
write$P9_RREMOVE(r1, 0x0, 0x102af785ef8793bb)
sendto$inet6(r2, 0x0, 0x0, 0x20000001, &(0x7f0000000040)={0xa, 0x2}, 0x1c)
ioctl$PPPIOCSCOMPRESS(0xffffffffffffffff, 0x4010744d)
splice(0xffffffffffffffff, 0x0, r1, 0x0, 0x1000000000000003, 0x0)
inotify_init1(0x0)
setsockopt$inet6_mtu(0xffffffffffffffff, 0x29, 0x17, 0x0, 0xffffffffffffffbd)
ioctl$EXT4_IOC_MOVE_EXT(0xffffffffffffffff, 0xc028660f, 0x0)
sendmsg$inet(0xffffffffffffffff, 0x0, 0x0)
ioctl$RNDGETENTCNT(0xffffffffffffffff, 0x80045200, 0x0)
pipe(&(0x7f0000000100)={<r4=>0xffffffffffffffff})
r5 = syz_open_dev$video(&(0x7f0000000040)='/dev/video#\x00', 0x8447, 0x0)
ioctl$VIDIOC_S_CTRL(r5, 0xc008561c, &(0x7f0000000140)={0x4000000000980912, 0x8})
vmsplice(r5, &(0x7f0000000080)=[{&(0x7f0000000240)='\n', 0x1}], 0x1, 0x2)
ioctl$TIOCGSID(r4, 0x5429, &(0x7f0000000180)=<r6=>0x0)
perf_event_open(0x0, r6, 0xe, 0xffffffffffffffff, 0x0)
ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000080)='/dev/snapshot\x00', 0x1, 0x0)
r7 = socket(0x10, 0x802, 0x0)
write(r7, &(0x7f0000000000)="fc0000001c000705ab092506090007000aab08000400000002002593210001c000000000000000000000070000039815fa2c1ec28656aaa79bb9d95662070000bc000c00f0036c6c256f1a272fdf0d11512fd633d640007a01007a8934d07302ade01720d3d5bbc91a3e2e80772c05defd5a32e280fc83ab82f605f70cec18444eb29d3ef3d92c83170e5bba4a46143ae4f5566f91cf190201ded815b2ccd243f295ed94e0ad91bd0734babc7c3f2eeb57d43dffff10ded6dfd19cd27b45304dc30083df150c3b880f7f0046a60467b4d57155870258a10000c880ac801fe4af3d0041f0d48f6f0000080548deac270e33429fd311", 0xf5)
sendto$packet(r7, &(0x7f0000000340), 0xfffffffffffffe06, 0x57, 0x0, 0x340)
ioctl$sock_inet_SIOCSIFFLAGS(0xffffffffffffffff, 0x8914, &(0x7f0000000000)={'lo\x00'})

18:50:21 executing program 0:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x8914, &(0x7f0000000200)={'lo\x00@\x00', 0x1801})
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
pipe(&(0x7f00000001c0)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0)
ppoll(0x0, 0x0, &(0x7f0000000140), 0x0, 0x0)
r3 = socket(0x10, 0x802, 0x0)
write(r3, &(0x7f0000000000)="fc0000001c000705ab092506090007000aab08000400000002002593210001c000000000000000000000070000039815fa2c1ec28656aaa79bb9d95662070000bc000c00f0036c6c256f1a272fdf0d11512fd633d640007a01007a8934d07302ade01720d3d5bbc91a3e2e80772c05defd5a32e280fc83ab82f605f70cec18444eb29d3ef3d92c83170e5bba4a46143ae4f5566f91cf190201ded815b2ccd243f295ed94e0ad91bd0734babc7c3f2eeb57d43dffff10ded6dfd19cd27b45304dc30083df150c3b880f7f0046a60467b4d57155870258a10000c880ac801fe4af3d0041f0d48f6f0000080548deac270e33429fd31101350000000000", 0xfc)
setsockopt$inet_mreq(r3, 0x0, 0x527a9f31005bc384, 0x0, 0x35a)
lsetxattr$trusted_overlay_upper(0x0, &(0x7f0000000100)='trusted.overlay.upper\x00', 0x0, 0x0, 0x0)
ioctl$sock_SIOCSPGRP(0xffffffffffffffff, 0x8902, 0x0)
write$P9_RREMOVE(r1, 0x0, 0x102af785ef8793bb)
sendto$inet6(r2, 0x0, 0x0, 0x20000001, &(0x7f0000000040)={0xa, 0x2}, 0x1c)
ioctl$PPPIOCSCOMPRESS(0xffffffffffffffff, 0x4010744d)
splice(0xffffffffffffffff, 0x0, r1, 0x0, 0x1000000000000003, 0x0)
inotify_init1(0x0)
setsockopt$inet6_mtu(0xffffffffffffffff, 0x29, 0x17, 0x0, 0xffffffffffffffbd)
ioctl$EXT4_IOC_MOVE_EXT(0xffffffffffffffff, 0xc028660f, 0x0)
sendmsg$inet(0xffffffffffffffff, 0x0, 0x0)
ioctl$RNDGETENTCNT(0xffffffffffffffff, 0x80045200, 0x0)
pipe(&(0x7f0000000100)={<r4=>0xffffffffffffffff})
r5 = syz_open_dev$video(&(0x7f0000000040)='/dev/video#\x00', 0x8447, 0x0)
ioctl$VIDIOC_S_CTRL(r5, 0xc008561c, &(0x7f0000000140)={0x4000000000980912, 0x8})
vmsplice(r5, &(0x7f0000000080)=[{&(0x7f0000000240)='\n', 0x1}], 0x1, 0x2)
ioctl$TIOCGSID(r4, 0x5429, &(0x7f0000000180)=<r6=>0x0)
perf_event_open(0x0, r6, 0xe, 0xffffffffffffffff, 0x0)
ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000080)='/dev/snapshot\x00', 0x1, 0x0)
r7 = socket(0x10, 0x802, 0x0)
write(r7, &(0x7f0000000000)="fc0000001c000705ab092506090007000aab08000400000002002593210001c000000000000000000000070000039815fa2c1ec28656aaa79bb9d95662070000bc000c00f0036c6c256f1a272fdf0d11512fd633d640007a01007a8934d07302ade01720d3d5bbc91a3e2e80772c05defd5a32e280fc83ab82f605f70cec18444eb29d3ef3d92c83170e5bba4a46143ae4f5566f91cf190201ded815b2ccd243f295ed94e0ad91bd0734babc7c3f2eeb57d43dffff10ded6dfd19cd27b45304dc30083df150c3b880f7f0046a60467b4d57155870258a10000c880ac801fe4af3d0041f0d48f6f0000080548deac270e33429fd311", 0xf5)
sendto$packet(r7, &(0x7f0000000340), 0xfffffffffffffe06, 0x57, 0x0, 0x340)
ioctl$sock_inet_SIOCSIFFLAGS(0xffffffffffffffff, 0x8914, &(0x7f0000000000)={'lo\x00'})

18:50:21 executing program 2:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x8914, &(0x7f0000000200)={'lo\x00@\x00', 0x1801})
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
pipe(&(0x7f00000001c0)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0)
ppoll(0x0, 0x0, &(0x7f0000000140), 0x0, 0x0)
r3 = socket(0x10, 0x802, 0x0)
write(r3, &(0x7f0000000000)="fc0000001c000705ab092506090007000aab08000400000002002593210001c000000000000000000000070000039815fa2c1ec28656aaa79bb9d95662070000bc000c00f0036c6c256f1a272fdf0d11512fd633d640007a01007a8934d07302ade01720d3d5bbc91a3e2e80772c05defd5a32e280fc83ab82f605f70cec18444eb29d3ef3d92c83170e5bba4a46143ae4f5566f91cf190201ded815b2ccd243f295ed94e0ad91bd0734babc7c3f2eeb57d43dffff10ded6dfd19cd27b45304dc30083df150c3b880f7f0046a60467b4d57155870258a10000c880ac801fe4af3d0041f0d48f6f0000080548deac270e33429fd31101350000000000", 0xfc)
setsockopt$inet_mreq(r3, 0x0, 0x527a9f31005bc384, 0x0, 0x35a)
lsetxattr$trusted_overlay_upper(0x0, &(0x7f0000000100)='trusted.overlay.upper\x00', 0x0, 0x0, 0x0)
ioctl$sock_SIOCSPGRP(0xffffffffffffffff, 0x8902, 0x0)
write$P9_RREMOVE(r1, 0x0, 0x102af785ef8793bb)
sendto$inet6(r2, 0x0, 0x0, 0x20000001, &(0x7f0000000040)={0xa, 0x2}, 0x1c)
ioctl$PPPIOCSCOMPRESS(0xffffffffffffffff, 0x4010744d)
splice(0xffffffffffffffff, 0x0, r1, 0x0, 0x1000000000000003, 0x0)
inotify_init1(0x0)
setsockopt$inet6_mtu(0xffffffffffffffff, 0x29, 0x17, 0x0, 0xffffffffffffffbd)
ioctl$EXT4_IOC_MOVE_EXT(0xffffffffffffffff, 0xc028660f, 0x0)
sendmsg$inet(0xffffffffffffffff, 0x0, 0x0)
ioctl$RNDGETENTCNT(0xffffffffffffffff, 0x80045200, 0x0)
pipe(&(0x7f0000000100)={<r4=>0xffffffffffffffff})
r5 = syz_open_dev$video(&(0x7f0000000040)='/dev/video#\x00', 0x8447, 0x0)
ioctl$VIDIOC_S_CTRL(r5, 0xc008561c, &(0x7f0000000140)={0x4000000000980912, 0x8})
vmsplice(r5, &(0x7f0000000080)=[{&(0x7f0000000240)='\n', 0x1}], 0x1, 0x2)
ioctl$TIOCGSID(r4, 0x5429, &(0x7f0000000180)=<r6=>0x0)
perf_event_open(0x0, r6, 0xe, 0xffffffffffffffff, 0x0)
ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000080)='/dev/snapshot\x00', 0x1, 0x0)
r7 = socket(0x10, 0x802, 0x0)
write(r7, &(0x7f0000000000)="fc0000001c000705ab092506090007000aab08000400000002002593210001c000000000000000000000070000039815fa2c1ec28656aaa79bb9d95662070000bc000c00f0036c6c256f1a272fdf0d11512fd633d640007a01007a8934d07302ade01720d3d5bbc91a3e2e80772c05defd5a32e280fc83ab82f605f70cec18444eb29d3ef3d92c83170e5bba4a46143ae4f5566f91cf190201ded815b2ccd243f295ed94e0ad91bd0734babc7c3f2eeb57d43dffff10ded6dfd19cd27b45304dc30083df150c3b880f7f0046a60467b4d57155870258a10000c880ac801fe4af3d0041f0d48f6f0000080548deac270e33429fd311", 0xf5)
sendto$packet(r7, &(0x7f0000000340), 0xfffffffffffffe06, 0x57, 0x0, 0x340)
ioctl$sock_inet_SIOCSIFFLAGS(0xffffffffffffffff, 0x8914, &(0x7f0000000000)={'lo\x00'})

18:50:21 executing program 1:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x8914, &(0x7f0000000200)={'lo\x00@\x00', 0x1801})
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
pipe(&(0x7f00000001c0)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0)
ppoll(0x0, 0x0, &(0x7f0000000140), 0x0, 0x0)
r3 = socket(0x10, 0x802, 0x0)
write(r3, &(0x7f0000000000)="fc0000001c000705ab092506090007000aab08000400000002002593210001c000000000000000000000070000039815fa2c1ec28656aaa79bb9d95662070000bc000c00f0036c6c256f1a272fdf0d11512fd633d640007a01007a8934d07302ade01720d3d5bbc91a3e2e80772c05defd5a32e280fc83ab82f605f70cec18444eb29d3ef3d92c83170e5bba4a46143ae4f5566f91cf190201ded815b2ccd243f295ed94e0ad91bd0734babc7c3f2eeb57d43dffff10ded6dfd19cd27b45304dc30083df150c3b880f7f0046a60467b4d57155870258a10000c880ac801fe4af3d0041f0d48f6f0000080548deac270e33429fd31101350000000000", 0xfc)
setsockopt$inet_mreq(r3, 0x0, 0x527a9f31005bc384, 0x0, 0x35a)
lsetxattr$trusted_overlay_upper(0x0, &(0x7f0000000100)='trusted.overlay.upper\x00', 0x0, 0x0, 0x0)
ioctl$sock_SIOCSPGRP(0xffffffffffffffff, 0x8902, 0x0)
write$P9_RREMOVE(r1, 0x0, 0x102af785ef8793bb)
sendto$inet6(r2, 0x0, 0x0, 0x20000001, &(0x7f0000000040)={0xa, 0x2}, 0x1c)
ioctl$PPPIOCSCOMPRESS(0xffffffffffffffff, 0x4010744d)
splice(0xffffffffffffffff, 0x0, r1, 0x0, 0x1000000000000003, 0x0)
inotify_init1(0x0)
setsockopt$inet6_mtu(0xffffffffffffffff, 0x29, 0x17, 0x0, 0xffffffffffffffbd)
ioctl$EXT4_IOC_MOVE_EXT(0xffffffffffffffff, 0xc028660f, 0x0)
sendmsg$inet(0xffffffffffffffff, 0x0, 0x0)
ioctl$RNDGETENTCNT(0xffffffffffffffff, 0x80045200, 0x0)
pipe(&(0x7f0000000100)={<r4=>0xffffffffffffffff})
r5 = syz_open_dev$video(&(0x7f0000000040)='/dev/video#\x00', 0x8447, 0x0)
ioctl$VIDIOC_S_CTRL(r5, 0xc008561c, &(0x7f0000000140)={0x4000000000980912, 0x8})
vmsplice(r5, &(0x7f0000000080)=[{&(0x7f0000000240)='\n', 0x1}], 0x1, 0x2)
ioctl$TIOCGSID(r4, 0x5429, &(0x7f0000000180)=<r6=>0x0)
perf_event_open(0x0, r6, 0xe, 0xffffffffffffffff, 0x0)
ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000080)='/dev/snapshot\x00', 0x1, 0x0)
r7 = socket(0x10, 0x802, 0x0)
write(r7, &(0x7f0000000000)="fc0000001c000705ab092506090007000aab08000400000002002593210001c000000000000000000000070000039815fa2c1ec28656aaa79bb9d95662070000bc000c00f0036c6c256f1a272fdf0d11512fd633d640007a01007a8934d07302ade01720d3d5bbc91a3e2e80772c05defd5a32e280fc83ab82f605f70cec18444eb29d3ef3d92c83170e5bba4a46143ae4f5566f91cf190201ded815b2ccd243f295ed94e0ad91bd0734babc7c3f2eeb57d43dffff10ded6dfd19cd27b45304dc30083df150c3b880f7f0046a60467b4d57155870258a10000c880ac801fe4af3d0041f0d48f6f0000080548deac270e33429fd311", 0xf5)
sendto$packet(r7, &(0x7f0000000340), 0xfffffffffffffe06, 0x57, 0x0, 0x340)
ioctl$sock_inet_SIOCSIFFLAGS(0xffffffffffffffff, 0x8914, &(0x7f0000000000)={'lo\x00'})

18:50:21 executing program 3:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x8914, &(0x7f0000000200)={'lo\x00@\x00', 0x1801})
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
pipe(&(0x7f00000001c0)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0)
ppoll(0x0, 0x0, &(0x7f0000000140), 0x0, 0x0)
r3 = socket(0x10, 0x802, 0x0)
write(r3, &(0x7f0000000000)="fc0000001c000705ab092506090007000aab08000400000002002593210001c000000000000000000000070000039815fa2c1ec28656aaa79bb9d95662070000bc000c00f0036c6c256f1a272fdf0d11512fd633d640007a01007a8934d07302ade01720d3d5bbc91a3e2e80772c05defd5a32e280fc83ab82f605f70cec18444eb29d3ef3d92c83170e5bba4a46143ae4f5566f91cf190201ded815b2ccd243f295ed94e0ad91bd0734babc7c3f2eeb57d43dffff10ded6dfd19cd27b45304dc30083df150c3b880f7f0046a60467b4d57155870258a10000c880ac801fe4af3d0041f0d48f6f0000080548deac270e33429fd31101350000000000", 0xfc)
setsockopt$inet_mreq(r3, 0x0, 0x527a9f31005bc384, 0x0, 0x35a)
lsetxattr$trusted_overlay_upper(0x0, &(0x7f0000000100)='trusted.overlay.upper\x00', 0x0, 0x0, 0x0)
ioctl$sock_SIOCSPGRP(0xffffffffffffffff, 0x8902, 0x0)
write$P9_RREMOVE(r1, 0x0, 0x102af785ef8793bb)
sendto$inet6(r2, 0x0, 0x0, 0x20000001, &(0x7f0000000040)={0xa, 0x2}, 0x1c)
ioctl$PPPIOCSCOMPRESS(0xffffffffffffffff, 0x4010744d)
splice(0xffffffffffffffff, 0x0, r1, 0x0, 0x1000000000000003, 0x0)
inotify_init1(0x0)
setsockopt$inet6_mtu(0xffffffffffffffff, 0x29, 0x17, 0x0, 0xffffffffffffffbd)
ioctl$EXT4_IOC_MOVE_EXT(0xffffffffffffffff, 0xc028660f, 0x0)
sendmsg$inet(0xffffffffffffffff, 0x0, 0x0)
ioctl$RNDGETENTCNT(0xffffffffffffffff, 0x80045200, 0x0)
pipe(&(0x7f0000000100)={<r4=>0xffffffffffffffff})
r5 = syz_open_dev$video(&(0x7f0000000040)='/dev/video#\x00', 0x8447, 0x0)
ioctl$VIDIOC_S_CTRL(r5, 0xc008561c, &(0x7f0000000140)={0x4000000000980912, 0x8})
vmsplice(r5, &(0x7f0000000080)=[{&(0x7f0000000240)='\n', 0x1}], 0x1, 0x2)
ioctl$TIOCGSID(r4, 0x5429, &(0x7f0000000180)=<r6=>0x0)
perf_event_open(0x0, r6, 0xe, 0xffffffffffffffff, 0x0)
ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000080)='/dev/snapshot\x00', 0x1, 0x0)
r7 = socket(0x10, 0x802, 0x0)
write(r7, &(0x7f0000000000)="fc0000001c000705ab092506090007000aab08000400000002002593210001c000000000000000000000070000039815fa2c1ec28656aaa79bb9d95662070000bc000c00f0036c6c256f1a272fdf0d11512fd633d640007a01007a8934d07302ade01720d3d5bbc91a3e2e80772c05defd5a32e280fc83ab82f605f70cec18444eb29d3ef3d92c83170e5bba4a46143ae4f5566f91cf190201ded815b2ccd243f295ed94e0ad91bd0734babc7c3f2eeb57d43dffff10ded6dfd19cd27b45304dc30083df150c3b880f7f0046a60467b4d57155870258a10000c880ac801fe4af3d0041f0d48f6f0000080548deac270e33429fd311", 0xf5)
sendto$packet(r7, &(0x7f0000000340), 0xfffffffffffffe06, 0x57, 0x0, 0x340)
ioctl$sock_inet_SIOCSIFFLAGS(0xffffffffffffffff, 0x8914, &(0x7f0000000000)={'lo\x00'})

18:50:21 executing program 4:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x8914, &(0x7f0000000200)={'lo\x00@\x00', 0x1801})
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
pipe(&(0x7f00000001c0)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0)
ppoll(0x0, 0x0, &(0x7f0000000140), 0x0, 0x0)
r3 = socket(0x10, 0x802, 0x0)
write(r3, &(0x7f0000000000)="fc0000001c000705ab092506090007000aab08000400000002002593210001c000000000000000000000070000039815fa2c1ec28656aaa79bb9d95662070000bc000c00f0036c6c256f1a272fdf0d11512fd633d640007a01007a8934d07302ade01720d3d5bbc91a3e2e80772c05defd5a32e280fc83ab82f605f70cec18444eb29d3ef3d92c83170e5bba4a46143ae4f5566f91cf190201ded815b2ccd243f295ed94e0ad91bd0734babc7c3f2eeb57d43dffff10ded6dfd19cd27b45304dc30083df150c3b880f7f0046a60467b4d57155870258a10000c880ac801fe4af3d0041f0d48f6f0000080548deac270e33429fd31101350000000000", 0xfc)
setsockopt$inet_mreq(r3, 0x0, 0x527a9f31005bc384, 0x0, 0x35a)
lsetxattr$trusted_overlay_upper(0x0, &(0x7f0000000100)='trusted.overlay.upper\x00', 0x0, 0x0, 0x0)
ioctl$sock_SIOCSPGRP(0xffffffffffffffff, 0x8902, 0x0)
write$P9_RREMOVE(r1, 0x0, 0x102af785ef8793bb)
sendto$inet6(r2, 0x0, 0x0, 0x20000001, &(0x7f0000000040)={0xa, 0x2}, 0x1c)
ioctl$PPPIOCSCOMPRESS(0xffffffffffffffff, 0x4010744d)
splice(0xffffffffffffffff, 0x0, r1, 0x0, 0x1000000000000003, 0x0)
inotify_init1(0x0)
setsockopt$inet6_mtu(0xffffffffffffffff, 0x29, 0x17, 0x0, 0xffffffffffffffbd)
ioctl$EXT4_IOC_MOVE_EXT(0xffffffffffffffff, 0xc028660f, 0x0)
sendmsg$inet(0xffffffffffffffff, 0x0, 0x0)
ioctl$RNDGETENTCNT(0xffffffffffffffff, 0x80045200, 0x0)
pipe(&(0x7f0000000100)={<r4=>0xffffffffffffffff})
r5 = syz_open_dev$video(&(0x7f0000000040)='/dev/video#\x00', 0x8447, 0x0)
ioctl$VIDIOC_S_CTRL(r5, 0xc008561c, &(0x7f0000000140)={0x4000000000980912, 0x8})
vmsplice(r5, &(0x7f0000000080)=[{&(0x7f0000000240)='\n', 0x1}], 0x1, 0x2)
ioctl$TIOCGSID(r4, 0x5429, &(0x7f0000000180)=<r6=>0x0)
perf_event_open(0x0, r6, 0xe, 0xffffffffffffffff, 0x0)
ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000080)='/dev/snapshot\x00', 0x1, 0x0)
r7 = socket(0x10, 0x802, 0x0)
write(r7, &(0x7f0000000000)="fc0000001c000705ab092506090007000aab08000400000002002593210001c000000000000000000000070000039815fa2c1ec28656aaa79bb9d95662070000bc000c00f0036c6c256f1a272fdf0d11512fd633d640007a01007a8934d07302ade01720d3d5bbc91a3e2e80772c05defd5a32e280fc83ab82f605f70cec18444eb29d3ef3d92c83170e5bba4a46143ae4f5566f91cf190201ded815b2ccd243f295ed94e0ad91bd0734babc7c3f2eeb57d43dffff10ded6dfd19cd27b45304dc30083df150c3b880f7f0046a60467b4d57155870258a10000c880ac801fe4af3d0041f0d48f6f0000080548deac270e33429fd311", 0xf5)
sendto$packet(r7, &(0x7f0000000340), 0xfffffffffffffe06, 0x57, 0x0, 0x340)
ioctl$sock_inet_SIOCSIFFLAGS(0xffffffffffffffff, 0x8914, &(0x7f0000000000)={'lo\x00'})

18:50:22 executing program 2:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x8914, &(0x7f0000000200)={'lo\x00@\x00', 0x1801})
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
pipe(&(0x7f00000001c0)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0)
ppoll(0x0, 0x0, &(0x7f0000000140), 0x0, 0x0)
r3 = socket(0x10, 0x802, 0x0)
write(r3, &(0x7f0000000000)="fc0000001c000705ab092506090007000aab08000400000002002593210001c000000000000000000000070000039815fa2c1ec28656aaa79bb9d95662070000bc000c00f0036c6c256f1a272fdf0d11512fd633d640007a01007a8934d07302ade01720d3d5bbc91a3e2e80772c05defd5a32e280fc83ab82f605f70cec18444eb29d3ef3d92c83170e5bba4a46143ae4f5566f91cf190201ded815b2ccd243f295ed94e0ad91bd0734babc7c3f2eeb57d43dffff10ded6dfd19cd27b45304dc30083df150c3b880f7f0046a60467b4d57155870258a10000c880ac801fe4af3d0041f0d48f6f0000080548deac270e33429fd31101350000000000", 0xfc)
setsockopt$inet_mreq(r3, 0x0, 0x527a9f31005bc384, 0x0, 0x35a)
lsetxattr$trusted_overlay_upper(0x0, &(0x7f0000000100)='trusted.overlay.upper\x00', 0x0, 0x0, 0x0)
ioctl$sock_SIOCSPGRP(0xffffffffffffffff, 0x8902, 0x0)
write$P9_RREMOVE(r1, 0x0, 0x102af785ef8793bb)
sendto$inet6(r2, 0x0, 0x0, 0x20000001, &(0x7f0000000040)={0xa, 0x2}, 0x1c)
ioctl$PPPIOCSCOMPRESS(0xffffffffffffffff, 0x4010744d)
splice(0xffffffffffffffff, 0x0, r1, 0x0, 0x1000000000000003, 0x0)
inotify_init1(0x0)
setsockopt$inet6_mtu(0xffffffffffffffff, 0x29, 0x17, 0x0, 0xffffffffffffffbd)
ioctl$EXT4_IOC_MOVE_EXT(0xffffffffffffffff, 0xc028660f, 0x0)
sendmsg$inet(0xffffffffffffffff, 0x0, 0x0)
ioctl$RNDGETENTCNT(0xffffffffffffffff, 0x80045200, 0x0)
pipe(&(0x7f0000000100)={<r4=>0xffffffffffffffff})
r5 = syz_open_dev$video(&(0x7f0000000040)='/dev/video#\x00', 0x8447, 0x0)
ioctl$VIDIOC_S_CTRL(r5, 0xc008561c, &(0x7f0000000140)={0x4000000000980912, 0x8})
vmsplice(r5, &(0x7f0000000080)=[{&(0x7f0000000240)='\n', 0x1}], 0x1, 0x2)
ioctl$TIOCGSID(r4, 0x5429, &(0x7f0000000180)=<r6=>0x0)
perf_event_open(0x0, r6, 0xe, 0xffffffffffffffff, 0x0)
ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000080)='/dev/snapshot\x00', 0x1, 0x0)
r7 = socket(0x10, 0x802, 0x0)
write(r7, &(0x7f0000000000)="fc0000001c000705ab092506090007000aab08000400000002002593210001c000000000000000000000070000039815fa2c1ec28656aaa79bb9d95662070000bc000c00f0036c6c256f1a272fdf0d11512fd633d640007a01007a8934d07302ade01720d3d5bbc91a3e2e80772c05defd5a32e280fc83ab82f605f70cec18444eb29d3ef3d92c83170e5bba4a46143ae4f5566f91cf190201ded815b2ccd243f295ed94e0ad91bd0734babc7c3f2eeb57d43dffff10ded6dfd19cd27b45304dc30083df150c3b880f7f0046a60467b4d57155870258a10000c880ac801fe4af3d0041f0d48f6f0000080548deac270e33429fd311", 0xf5)
sendto$packet(r7, &(0x7f0000000340), 0xfffffffffffffe06, 0x57, 0x0, 0x340)
ioctl$sock_inet_SIOCSIFFLAGS(0xffffffffffffffff, 0x8914, &(0x7f0000000000)={'lo\x00'})

18:50:22 executing program 5:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x8914, &(0x7f0000000200)={'lo\x00@\x00', 0x1801})
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
pipe(&(0x7f00000001c0)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0)
ppoll(0x0, 0x0, &(0x7f0000000140), 0x0, 0x0)
r3 = socket(0x10, 0x802, 0x0)
write(r3, &(0x7f0000000000)="fc0000001c000705ab092506090007000aab08000400000002002593210001c000000000000000000000070000039815fa2c1ec28656aaa79bb9d95662070000bc000c00f0036c6c256f1a272fdf0d11512fd633d640007a01007a8934d07302ade01720d3d5bbc91a3e2e80772c05defd5a32e280fc83ab82f605f70cec18444eb29d3ef3d92c83170e5bba4a46143ae4f5566f91cf190201ded815b2ccd243f295ed94e0ad91bd0734babc7c3f2eeb57d43dffff10ded6dfd19cd27b45304dc30083df150c3b880f7f0046a60467b4d57155870258a10000c880ac801fe4af3d0041f0d48f6f0000080548deac270e33429fd31101350000000000", 0xfc)
setsockopt$inet_mreq(r3, 0x0, 0x527a9f31005bc384, 0x0, 0x35a)
lsetxattr$trusted_overlay_upper(0x0, &(0x7f0000000100)='trusted.overlay.upper\x00', 0x0, 0x0, 0x0)
ioctl$sock_SIOCSPGRP(0xffffffffffffffff, 0x8902, 0x0)
write$P9_RREMOVE(r1, 0x0, 0x102af785ef8793bb)
sendto$inet6(r2, 0x0, 0x0, 0x20000001, &(0x7f0000000040)={0xa, 0x2}, 0x1c)
ioctl$PPPIOCSCOMPRESS(0xffffffffffffffff, 0x4010744d)
splice(0xffffffffffffffff, 0x0, r1, 0x0, 0x1000000000000003, 0x0)
inotify_init1(0x0)
setsockopt$inet6_mtu(0xffffffffffffffff, 0x29, 0x17, 0x0, 0xffffffffffffffbd)
ioctl$EXT4_IOC_MOVE_EXT(0xffffffffffffffff, 0xc028660f, 0x0)
sendmsg$inet(0xffffffffffffffff, 0x0, 0x0)
ioctl$RNDGETENTCNT(0xffffffffffffffff, 0x80045200, 0x0)
pipe(&(0x7f0000000100)={<r4=>0xffffffffffffffff})
r5 = syz_open_dev$video(&(0x7f0000000040)='/dev/video#\x00', 0x8447, 0x0)
ioctl$VIDIOC_S_CTRL(r5, 0xc008561c, &(0x7f0000000140)={0x4000000000980912, 0x8})
vmsplice(r5, &(0x7f0000000080)=[{&(0x7f0000000240)='\n', 0x1}], 0x1, 0x2)
ioctl$TIOCGSID(r4, 0x5429, &(0x7f0000000180)=<r6=>0x0)
perf_event_open(0x0, r6, 0xe, 0xffffffffffffffff, 0x0)
ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000080)='/dev/snapshot\x00', 0x1, 0x0)
r7 = socket(0x10, 0x802, 0x0)
write(r7, &(0x7f0000000000)="fc0000001c000705ab092506090007000aab08000400000002002593210001c000000000000000000000070000039815fa2c1ec28656aaa79bb9d95662070000bc000c00f0036c6c256f1a272fdf0d11512fd633d640007a01007a8934d07302ade01720d3d5bbc91a3e2e80772c05defd5a32e280fc83ab82f605f70cec18444eb29d3ef3d92c83170e5bba4a46143ae4f5566f91cf190201ded815b2ccd243f295ed94e0ad91bd0734babc7c3f2eeb57d43dffff10ded6dfd19cd27b45304dc30083df150c3b880f7f0046a60467b4d57155870258a10000c880ac801fe4af3d0041f0d48f6f0000080548deac270e33429fd311", 0xf5)
sendto$packet(r7, &(0x7f0000000340), 0xfffffffffffffe06, 0x57, 0x0, 0x340)
ioctl$sock_inet_SIOCSIFFLAGS(0xffffffffffffffff, 0x8914, &(0x7f0000000000)={'lo\x00'})

18:50:22 executing program 0:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x8914, &(0x7f0000000200)={'lo\x00@\x00', 0x1801})
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
pipe(&(0x7f00000001c0)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0)
ppoll(0x0, 0x0, &(0x7f0000000140), 0x0, 0x0)
r3 = socket(0x10, 0x802, 0x0)
write(r3, &(0x7f0000000000)="fc0000001c000705ab092506090007000aab08000400000002002593210001c000000000000000000000070000039815fa2c1ec28656aaa79bb9d95662070000bc000c00f0036c6c256f1a272fdf0d11512fd633d640007a01007a8934d07302ade01720d3d5bbc91a3e2e80772c05defd5a32e280fc83ab82f605f70cec18444eb29d3ef3d92c83170e5bba4a46143ae4f5566f91cf190201ded815b2ccd243f295ed94e0ad91bd0734babc7c3f2eeb57d43dffff10ded6dfd19cd27b45304dc30083df150c3b880f7f0046a60467b4d57155870258a10000c880ac801fe4af3d0041f0d48f6f0000080548deac270e33429fd31101350000000000", 0xfc)
setsockopt$inet_mreq(r3, 0x0, 0x527a9f31005bc384, 0x0, 0x35a)
lsetxattr$trusted_overlay_upper(0x0, &(0x7f0000000100)='trusted.overlay.upper\x00', 0x0, 0x0, 0x0)
ioctl$sock_SIOCSPGRP(0xffffffffffffffff, 0x8902, 0x0)
write$P9_RREMOVE(r1, 0x0, 0x102af785ef8793bb)
sendto$inet6(r2, 0x0, 0x0, 0x20000001, &(0x7f0000000040)={0xa, 0x2}, 0x1c)
ioctl$PPPIOCSCOMPRESS(0xffffffffffffffff, 0x4010744d)
splice(0xffffffffffffffff, 0x0, r1, 0x0, 0x1000000000000003, 0x0)
inotify_init1(0x0)
setsockopt$inet6_mtu(0xffffffffffffffff, 0x29, 0x17, 0x0, 0xffffffffffffffbd)
ioctl$EXT4_IOC_MOVE_EXT(0xffffffffffffffff, 0xc028660f, 0x0)
sendmsg$inet(0xffffffffffffffff, 0x0, 0x0)
ioctl$RNDGETENTCNT(0xffffffffffffffff, 0x80045200, 0x0)
pipe(&(0x7f0000000100)={<r4=>0xffffffffffffffff})
r5 = syz_open_dev$video(&(0x7f0000000040)='/dev/video#\x00', 0x8447, 0x0)
ioctl$VIDIOC_S_CTRL(r5, 0xc008561c, &(0x7f0000000140)={0x4000000000980912, 0x8})
vmsplice(r5, &(0x7f0000000080)=[{&(0x7f0000000240)='\n', 0x1}], 0x1, 0x2)
ioctl$TIOCGSID(r4, 0x5429, &(0x7f0000000180)=<r6=>0x0)
perf_event_open(0x0, r6, 0xe, 0xffffffffffffffff, 0x0)
ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000080)='/dev/snapshot\x00', 0x1, 0x0)
r7 = socket(0x10, 0x802, 0x0)
write(r7, &(0x7f0000000000)="fc0000001c000705ab092506090007000aab08000400000002002593210001c000000000000000000000070000039815fa2c1ec28656aaa79bb9d95662070000bc000c00f0036c6c256f1a272fdf0d11512fd633d640007a01007a8934d07302ade01720d3d5bbc91a3e2e80772c05defd5a32e280fc83ab82f605f70cec18444eb29d3ef3d92c83170e5bba4a46143ae4f5566f91cf190201ded815b2ccd243f295ed94e0ad91bd0734babc7c3f2eeb57d43dffff10ded6dfd19cd27b45304dc30083df150c3b880f7f0046a60467b4d57155870258a10000c880ac801fe4af3d0041f0d48f6f0000080548deac270e33429fd311", 0xf5)
sendto$packet(r7, &(0x7f0000000340), 0xfffffffffffffe06, 0x57, 0x0, 0x340)
ioctl$sock_inet_SIOCSIFFLAGS(0xffffffffffffffff, 0x8914, &(0x7f0000000000)={'lo\x00'})

18:50:22 executing program 1:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x8914, &(0x7f0000000200)={'lo\x00@\x00', 0x1801})
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
pipe(&(0x7f00000001c0)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0)
ppoll(0x0, 0x0, &(0x7f0000000140), 0x0, 0x0)
r3 = socket(0x10, 0x802, 0x0)
write(r3, &(0x7f0000000000)="fc0000001c000705ab092506090007000aab08000400000002002593210001c000000000000000000000070000039815fa2c1ec28656aaa79bb9d95662070000bc000c00f0036c6c256f1a272fdf0d11512fd633d640007a01007a8934d07302ade01720d3d5bbc91a3e2e80772c05defd5a32e280fc83ab82f605f70cec18444eb29d3ef3d92c83170e5bba4a46143ae4f5566f91cf190201ded815b2ccd243f295ed94e0ad91bd0734babc7c3f2eeb57d43dffff10ded6dfd19cd27b45304dc30083df150c3b880f7f0046a60467b4d57155870258a10000c880ac801fe4af3d0041f0d48f6f0000080548deac270e33429fd31101350000000000", 0xfc)
setsockopt$inet_mreq(r3, 0x0, 0x527a9f31005bc384, 0x0, 0x35a)
lsetxattr$trusted_overlay_upper(0x0, &(0x7f0000000100)='trusted.overlay.upper\x00', 0x0, 0x0, 0x0)
ioctl$sock_SIOCSPGRP(0xffffffffffffffff, 0x8902, 0x0)
write$P9_RREMOVE(r1, 0x0, 0x102af785ef8793bb)
sendto$inet6(r2, 0x0, 0x0, 0x20000001, &(0x7f0000000040)={0xa, 0x2}, 0x1c)
ioctl$PPPIOCSCOMPRESS(0xffffffffffffffff, 0x4010744d)
splice(0xffffffffffffffff, 0x0, r1, 0x0, 0x1000000000000003, 0x0)
inotify_init1(0x0)
setsockopt$inet6_mtu(0xffffffffffffffff, 0x29, 0x17, 0x0, 0xffffffffffffffbd)
ioctl$EXT4_IOC_MOVE_EXT(0xffffffffffffffff, 0xc028660f, 0x0)
sendmsg$inet(0xffffffffffffffff, 0x0, 0x0)
ioctl$RNDGETENTCNT(0xffffffffffffffff, 0x80045200, 0x0)
pipe(&(0x7f0000000100)={<r4=>0xffffffffffffffff})
r5 = syz_open_dev$video(&(0x7f0000000040)='/dev/video#\x00', 0x8447, 0x0)
ioctl$VIDIOC_S_CTRL(r5, 0xc008561c, &(0x7f0000000140)={0x4000000000980912, 0x8})
vmsplice(r5, &(0x7f0000000080)=[{&(0x7f0000000240)='\n', 0x1}], 0x1, 0x2)
ioctl$TIOCGSID(r4, 0x5429, &(0x7f0000000180)=<r6=>0x0)
perf_event_open(0x0, r6, 0xe, 0xffffffffffffffff, 0x0)
ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000080)='/dev/snapshot\x00', 0x1, 0x0)
r7 = socket(0x10, 0x802, 0x0)
write(r7, &(0x7f0000000000)="fc0000001c000705ab092506090007000aab08000400000002002593210001c000000000000000000000070000039815fa2c1ec28656aaa79bb9d95662070000bc000c00f0036c6c256f1a272fdf0d11512fd633d640007a01007a8934d07302ade01720d3d5bbc91a3e2e80772c05defd5a32e280fc83ab82f605f70cec18444eb29d3ef3d92c83170e5bba4a46143ae4f5566f91cf190201ded815b2ccd243f295ed94e0ad91bd0734babc7c3f2eeb57d43dffff10ded6dfd19cd27b45304dc30083df150c3b880f7f0046a60467b4d57155870258a10000c880ac801fe4af3d0041f0d48f6f0000080548deac270e33429fd311", 0xf5)
sendto$packet(r7, &(0x7f0000000340), 0xfffffffffffffe06, 0x57, 0x0, 0x340)
ioctl$sock_inet_SIOCSIFFLAGS(0xffffffffffffffff, 0x8914, &(0x7f0000000000)={'lo\x00'})

18:50:22 executing program 4:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x8914, &(0x7f0000000200)={'lo\x00@\x00', 0x1801})
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
pipe(&(0x7f00000001c0)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0)
ppoll(0x0, 0x0, &(0x7f0000000140), 0x0, 0x0)
r3 = socket(0x10, 0x802, 0x0)
write(r3, &(0x7f0000000000)="fc0000001c000705ab092506090007000aab08000400000002002593210001c000000000000000000000070000039815fa2c1ec28656aaa79bb9d95662070000bc000c00f0036c6c256f1a272fdf0d11512fd633d640007a01007a8934d07302ade01720d3d5bbc91a3e2e80772c05defd5a32e280fc83ab82f605f70cec18444eb29d3ef3d92c83170e5bba4a46143ae4f5566f91cf190201ded815b2ccd243f295ed94e0ad91bd0734babc7c3f2eeb57d43dffff10ded6dfd19cd27b45304dc30083df150c3b880f7f0046a60467b4d57155870258a10000c880ac801fe4af3d0041f0d48f6f0000080548deac270e33429fd31101350000000000", 0xfc)
setsockopt$inet_mreq(r3, 0x0, 0x527a9f31005bc384, 0x0, 0x35a)
lsetxattr$trusted_overlay_upper(0x0, &(0x7f0000000100)='trusted.overlay.upper\x00', 0x0, 0x0, 0x0)
ioctl$sock_SIOCSPGRP(0xffffffffffffffff, 0x8902, 0x0)
write$P9_RREMOVE(r1, 0x0, 0x102af785ef8793bb)
sendto$inet6(r2, 0x0, 0x0, 0x20000001, &(0x7f0000000040)={0xa, 0x2}, 0x1c)
ioctl$PPPIOCSCOMPRESS(0xffffffffffffffff, 0x4010744d)
splice(0xffffffffffffffff, 0x0, r1, 0x0, 0x1000000000000003, 0x0)
inotify_init1(0x0)
setsockopt$inet6_mtu(0xffffffffffffffff, 0x29, 0x17, 0x0, 0xffffffffffffffbd)
ioctl$EXT4_IOC_MOVE_EXT(0xffffffffffffffff, 0xc028660f, 0x0)
sendmsg$inet(0xffffffffffffffff, 0x0, 0x0)
ioctl$RNDGETENTCNT(0xffffffffffffffff, 0x80045200, 0x0)
pipe(&(0x7f0000000100)={<r4=>0xffffffffffffffff})
r5 = syz_open_dev$video(&(0x7f0000000040)='/dev/video#\x00', 0x8447, 0x0)
ioctl$VIDIOC_S_CTRL(r5, 0xc008561c, &(0x7f0000000140)={0x4000000000980912, 0x8})
vmsplice(r5, &(0x7f0000000080)=[{&(0x7f0000000240)='\n', 0x1}], 0x1, 0x2)
ioctl$TIOCGSID(r4, 0x5429, &(0x7f0000000180)=<r6=>0x0)
perf_event_open(0x0, r6, 0xe, 0xffffffffffffffff, 0x0)
ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000080)='/dev/snapshot\x00', 0x1, 0x0)
r7 = socket(0x10, 0x802, 0x0)
write(r7, &(0x7f0000000000)="fc0000001c000705ab092506090007000aab08000400000002002593210001c000000000000000000000070000039815fa2c1ec28656aaa79bb9d95662070000bc000c00f0036c6c256f1a272fdf0d11512fd633d640007a01007a8934d07302ade01720d3d5bbc91a3e2e80772c05defd5a32e280fc83ab82f605f70cec18444eb29d3ef3d92c83170e5bba4a46143ae4f5566f91cf190201ded815b2ccd243f295ed94e0ad91bd0734babc7c3f2eeb57d43dffff10ded6dfd19cd27b45304dc30083df150c3b880f7f0046a60467b4d57155870258a10000c880ac801fe4af3d0041f0d48f6f0000080548deac270e33429fd311", 0xf5)
sendto$packet(r7, &(0x7f0000000340), 0xfffffffffffffe06, 0x57, 0x0, 0x340)
ioctl$sock_inet_SIOCSIFFLAGS(0xffffffffffffffff, 0x8914, &(0x7f0000000000)={'lo\x00'})

18:50:22 executing program 3:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x8914, &(0x7f0000000200)={'lo\x00@\x00', 0x1801})
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
pipe(&(0x7f00000001c0)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0)
ppoll(0x0, 0x0, &(0x7f0000000140), 0x0, 0x0)
r3 = socket(0x10, 0x802, 0x0)
write(r3, &(0x7f0000000000)="fc0000001c000705ab092506090007000aab08000400000002002593210001c000000000000000000000070000039815fa2c1ec28656aaa79bb9d95662070000bc000c00f0036c6c256f1a272fdf0d11512fd633d640007a01007a8934d07302ade01720d3d5bbc91a3e2e80772c05defd5a32e280fc83ab82f605f70cec18444eb29d3ef3d92c83170e5bba4a46143ae4f5566f91cf190201ded815b2ccd243f295ed94e0ad91bd0734babc7c3f2eeb57d43dffff10ded6dfd19cd27b45304dc30083df150c3b880f7f0046a60467b4d57155870258a10000c880ac801fe4af3d0041f0d48f6f0000080548deac270e33429fd31101350000000000", 0xfc)
setsockopt$inet_mreq(r3, 0x0, 0x527a9f31005bc384, 0x0, 0x35a)
lsetxattr$trusted_overlay_upper(0x0, &(0x7f0000000100)='trusted.overlay.upper\x00', 0x0, 0x0, 0x0)
ioctl$sock_SIOCSPGRP(0xffffffffffffffff, 0x8902, 0x0)
write$P9_RREMOVE(r1, 0x0, 0x102af785ef8793bb)
sendto$inet6(r2, 0x0, 0x0, 0x20000001, &(0x7f0000000040)={0xa, 0x2}, 0x1c)
ioctl$PPPIOCSCOMPRESS(0xffffffffffffffff, 0x4010744d)
splice(0xffffffffffffffff, 0x0, r1, 0x0, 0x1000000000000003, 0x0)
inotify_init1(0x0)
setsockopt$inet6_mtu(0xffffffffffffffff, 0x29, 0x17, 0x0, 0xffffffffffffffbd)
ioctl$EXT4_IOC_MOVE_EXT(0xffffffffffffffff, 0xc028660f, 0x0)
sendmsg$inet(0xffffffffffffffff, 0x0, 0x0)
ioctl$RNDGETENTCNT(0xffffffffffffffff, 0x80045200, 0x0)
pipe(&(0x7f0000000100)={<r4=>0xffffffffffffffff})
r5 = syz_open_dev$video(&(0x7f0000000040)='/dev/video#\x00', 0x8447, 0x0)
ioctl$VIDIOC_S_CTRL(r5, 0xc008561c, &(0x7f0000000140)={0x4000000000980912, 0x8})
vmsplice(r5, &(0x7f0000000080)=[{&(0x7f0000000240)='\n', 0x1}], 0x1, 0x2)
ioctl$TIOCGSID(r4, 0x5429, &(0x7f0000000180)=<r6=>0x0)
perf_event_open(0x0, r6, 0xe, 0xffffffffffffffff, 0x0)
ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000080)='/dev/snapshot\x00', 0x1, 0x0)
r7 = socket(0x10, 0x802, 0x0)
write(r7, &(0x7f0000000000)="fc0000001c000705ab092506090007000aab08000400000002002593210001c000000000000000000000070000039815fa2c1ec28656aaa79bb9d95662070000bc000c00f0036c6c256f1a272fdf0d11512fd633d640007a01007a8934d07302ade01720d3d5bbc91a3e2e80772c05defd5a32e280fc83ab82f605f70cec18444eb29d3ef3d92c83170e5bba4a46143ae4f5566f91cf190201ded815b2ccd243f295ed94e0ad91bd0734babc7c3f2eeb57d43dffff10ded6dfd19cd27b45304dc30083df150c3b880f7f0046a60467b4d57155870258a10000c880ac801fe4af3d0041f0d48f6f0000080548deac270e33429fd311", 0xf5)
sendto$packet(r7, &(0x7f0000000340), 0xfffffffffffffe06, 0x57, 0x0, 0x340)
ioctl$sock_inet_SIOCSIFFLAGS(0xffffffffffffffff, 0x8914, &(0x7f0000000000)={'lo\x00'})

[  111.283192][ T7913] validate_nla: 11 callbacks suppressed
[  111.283308][ T7913] netlink: 'syz-executor.3': attribute type 12 has an invalid length.
[  111.360828][ T7914] netlink: 'syz-executor.0': attribute type 12 has an invalid length.
18:50:23 executing program 2:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x8914, &(0x7f0000000200)={'lo\x00@\x00', 0x1801})
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
pipe(&(0x7f00000001c0)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0)
ppoll(0x0, 0x0, &(0x7f0000000140), 0x0, 0x0)
r3 = socket(0x10, 0x802, 0x0)
write(r3, &(0x7f0000000000)="fc0000001c000705ab092506090007000aab08000400000002002593210001c000000000000000000000070000039815fa2c1ec28656aaa79bb9d95662070000bc000c00f0036c6c256f1a272fdf0d11512fd633d640007a01007a8934d07302ade01720d3d5bbc91a3e2e80772c05defd5a32e280fc83ab82f605f70cec18444eb29d3ef3d92c83170e5bba4a46143ae4f5566f91cf190201ded815b2ccd243f295ed94e0ad91bd0734babc7c3f2eeb57d43dffff10ded6dfd19cd27b45304dc30083df150c3b880f7f0046a60467b4d57155870258a10000c880ac801fe4af3d0041f0d48f6f0000080548deac270e33429fd31101350000000000", 0xfc)
setsockopt$inet_mreq(r3, 0x0, 0x527a9f31005bc384, 0x0, 0x35a)
lsetxattr$trusted_overlay_upper(0x0, &(0x7f0000000100)='trusted.overlay.upper\x00', 0x0, 0x0, 0x0)
ioctl$sock_SIOCSPGRP(0xffffffffffffffff, 0x8902, 0x0)
write$P9_RREMOVE(r1, 0x0, 0x102af785ef8793bb)
sendto$inet6(r2, 0x0, 0x0, 0x20000001, &(0x7f0000000040)={0xa, 0x2}, 0x1c)
ioctl$PPPIOCSCOMPRESS(0xffffffffffffffff, 0x4010744d)
splice(0xffffffffffffffff, 0x0, r1, 0x0, 0x1000000000000003, 0x0)
inotify_init1(0x0)
setsockopt$inet6_mtu(0xffffffffffffffff, 0x29, 0x17, 0x0, 0xffffffffffffffbd)
ioctl$EXT4_IOC_MOVE_EXT(0xffffffffffffffff, 0xc028660f, 0x0)
sendmsg$inet(0xffffffffffffffff, 0x0, 0x0)
ioctl$RNDGETENTCNT(0xffffffffffffffff, 0x80045200, 0x0)
pipe(&(0x7f0000000100)={<r4=>0xffffffffffffffff})
r5 = syz_open_dev$video(&(0x7f0000000040)='/dev/video#\x00', 0x8447, 0x0)
ioctl$VIDIOC_S_CTRL(r5, 0xc008561c, &(0x7f0000000140)={0x4000000000980912, 0x8})
vmsplice(r5, &(0x7f0000000080)=[{&(0x7f0000000240)='\n', 0x1}], 0x1, 0x2)
ioctl$TIOCGSID(r4, 0x5429, &(0x7f0000000180)=<r6=>0x0)
perf_event_open(0x0, r6, 0xe, 0xffffffffffffffff, 0x0)
ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000080)='/dev/snapshot\x00', 0x1, 0x0)
r7 = socket(0x10, 0x802, 0x0)
write(r7, &(0x7f0000000000)="fc0000001c000705ab092506090007000aab08000400000002002593210001c000000000000000000000070000039815fa2c1ec28656aaa79bb9d95662070000bc000c00f0036c6c256f1a272fdf0d11512fd633d640007a01007a8934d07302ade01720d3d5bbc91a3e2e80772c05defd5a32e280fc83ab82f605f70cec18444eb29d3ef3d92c83170e5bba4a46143ae4f5566f91cf190201ded815b2ccd243f295ed94e0ad91bd0734babc7c3f2eeb57d43dffff10ded6dfd19cd27b45304dc30083df150c3b880f7f0046a60467b4d57155870258a10000c880ac801fe4af3d0041f0d48f6f0000080548deac270e33429fd311", 0xf5)
sendto$packet(r7, &(0x7f0000000340), 0xfffffffffffffe06, 0x57, 0x0, 0x340)
ioctl$sock_inet_SIOCSIFFLAGS(0xffffffffffffffff, 0x8914, &(0x7f0000000000)={'lo\x00'})

18:50:23 executing program 5:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x8914, &(0x7f0000000200)={'lo\x00@\x00', 0x1801})
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
pipe(&(0x7f00000001c0)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0)
ppoll(0x0, 0x0, &(0x7f0000000140), 0x0, 0x0)
r3 = socket(0x10, 0x802, 0x0)
write(r3, &(0x7f0000000000)="fc0000001c000705ab092506090007000aab08000400000002002593210001c000000000000000000000070000039815fa2c1ec28656aaa79bb9d95662070000bc000c00f0036c6c256f1a272fdf0d11512fd633d640007a01007a8934d07302ade01720d3d5bbc91a3e2e80772c05defd5a32e280fc83ab82f605f70cec18444eb29d3ef3d92c83170e5bba4a46143ae4f5566f91cf190201ded815b2ccd243f295ed94e0ad91bd0734babc7c3f2eeb57d43dffff10ded6dfd19cd27b45304dc30083df150c3b880f7f0046a60467b4d57155870258a10000c880ac801fe4af3d0041f0d48f6f0000080548deac270e33429fd31101350000000000", 0xfc)
setsockopt$inet_mreq(r3, 0x0, 0x527a9f31005bc384, 0x0, 0x35a)
lsetxattr$trusted_overlay_upper(0x0, &(0x7f0000000100)='trusted.overlay.upper\x00', 0x0, 0x0, 0x0)
ioctl$sock_SIOCSPGRP(0xffffffffffffffff, 0x8902, 0x0)
write$P9_RREMOVE(r1, 0x0, 0x102af785ef8793bb)
sendto$inet6(r2, 0x0, 0x0, 0x20000001, &(0x7f0000000040)={0xa, 0x2}, 0x1c)
ioctl$PPPIOCSCOMPRESS(0xffffffffffffffff, 0x4010744d)
splice(0xffffffffffffffff, 0x0, r1, 0x0, 0x1000000000000003, 0x0)
inotify_init1(0x0)
setsockopt$inet6_mtu(0xffffffffffffffff, 0x29, 0x17, 0x0, 0xffffffffffffffbd)
ioctl$EXT4_IOC_MOVE_EXT(0xffffffffffffffff, 0xc028660f, 0x0)
sendmsg$inet(0xffffffffffffffff, 0x0, 0x0)
ioctl$RNDGETENTCNT(0xffffffffffffffff, 0x80045200, 0x0)
pipe(&(0x7f0000000100)={<r4=>0xffffffffffffffff})
r5 = syz_open_dev$video(&(0x7f0000000040)='/dev/video#\x00', 0x8447, 0x0)
ioctl$VIDIOC_S_CTRL(r5, 0xc008561c, &(0x7f0000000140)={0x4000000000980912, 0x8})
vmsplice(r5, &(0x7f0000000080)=[{&(0x7f0000000240)='\n', 0x1}], 0x1, 0x2)
ioctl$TIOCGSID(r4, 0x5429, &(0x7f0000000180)=<r6=>0x0)
perf_event_open(0x0, r6, 0xe, 0xffffffffffffffff, 0x0)
ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000080)='/dev/snapshot\x00', 0x1, 0x0)
r7 = socket(0x10, 0x802, 0x0)
write(r7, &(0x7f0000000000)="fc0000001c000705ab092506090007000aab08000400000002002593210001c000000000000000000000070000039815fa2c1ec28656aaa79bb9d95662070000bc000c00f0036c6c256f1a272fdf0d11512fd633d640007a01007a8934d07302ade01720d3d5bbc91a3e2e80772c05defd5a32e280fc83ab82f605f70cec18444eb29d3ef3d92c83170e5bba4a46143ae4f5566f91cf190201ded815b2ccd243f295ed94e0ad91bd0734babc7c3f2eeb57d43dffff10ded6dfd19cd27b45304dc30083df150c3b880f7f0046a60467b4d57155870258a10000c880ac801fe4af3d0041f0d48f6f0000080548deac270e33429fd311", 0xf5)
sendto$packet(r7, &(0x7f0000000340), 0xfffffffffffffe06, 0x57, 0x0, 0x340)
ioctl$sock_inet_SIOCSIFFLAGS(0xffffffffffffffff, 0x8914, &(0x7f0000000000)={'lo\x00'})

18:50:23 executing program 0:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x8914, &(0x7f0000000200)={'lo\x00@\x00', 0x1801})
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
pipe(&(0x7f00000001c0)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0)
ppoll(0x0, 0x0, &(0x7f0000000140), 0x0, 0x0)
r3 = socket(0x10, 0x802, 0x0)
write(r3, &(0x7f0000000000)="fc0000001c000705ab092506090007000aab08000400000002002593210001c000000000000000000000070000039815fa2c1ec28656aaa79bb9d95662070000bc000c00f0036c6c256f1a272fdf0d11512fd633d640007a01007a8934d07302ade01720d3d5bbc91a3e2e80772c05defd5a32e280fc83ab82f605f70cec18444eb29d3ef3d92c83170e5bba4a46143ae4f5566f91cf190201ded815b2ccd243f295ed94e0ad91bd0734babc7c3f2eeb57d43dffff10ded6dfd19cd27b45304dc30083df150c3b880f7f0046a60467b4d57155870258a10000c880ac801fe4af3d0041f0d48f6f0000080548deac270e33429fd31101350000000000", 0xfc)
setsockopt$inet_mreq(r3, 0x0, 0x527a9f31005bc384, 0x0, 0x35a)
lsetxattr$trusted_overlay_upper(0x0, &(0x7f0000000100)='trusted.overlay.upper\x00', 0x0, 0x0, 0x0)
ioctl$sock_SIOCSPGRP(0xffffffffffffffff, 0x8902, 0x0)
write$P9_RREMOVE(r1, 0x0, 0x102af785ef8793bb)
sendto$inet6(r2, 0x0, 0x0, 0x20000001, &(0x7f0000000040)={0xa, 0x2}, 0x1c)
ioctl$PPPIOCSCOMPRESS(0xffffffffffffffff, 0x4010744d)
splice(0xffffffffffffffff, 0x0, r1, 0x0, 0x1000000000000003, 0x0)
inotify_init1(0x0)
setsockopt$inet6_mtu(0xffffffffffffffff, 0x29, 0x17, 0x0, 0xffffffffffffffbd)
ioctl$EXT4_IOC_MOVE_EXT(0xffffffffffffffff, 0xc028660f, 0x0)
sendmsg$inet(0xffffffffffffffff, 0x0, 0x0)
ioctl$RNDGETENTCNT(0xffffffffffffffff, 0x80045200, 0x0)
pipe(&(0x7f0000000100)={<r4=>0xffffffffffffffff})
r5 = syz_open_dev$video(&(0x7f0000000040)='/dev/video#\x00', 0x8447, 0x0)
ioctl$VIDIOC_S_CTRL(r5, 0xc008561c, &(0x7f0000000140)={0x4000000000980912, 0x8})
vmsplice(r5, &(0x7f0000000080)=[{&(0x7f0000000240)='\n', 0x1}], 0x1, 0x2)
ioctl$TIOCGSID(r4, 0x5429, &(0x7f0000000180)=<r6=>0x0)
perf_event_open(0x0, r6, 0xe, 0xffffffffffffffff, 0x0)
ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000080)='/dev/snapshot\x00', 0x1, 0x0)
r7 = socket(0x10, 0x802, 0x0)
write(r7, &(0x7f0000000000)="fc0000001c000705ab092506090007000aab08000400000002002593210001c000000000000000000000070000039815fa2c1ec28656aaa79bb9d95662070000bc000c00f0036c6c256f1a272fdf0d11512fd633d640007a01007a8934d07302ade01720d3d5bbc91a3e2e80772c05defd5a32e280fc83ab82f605f70cec18444eb29d3ef3d92c83170e5bba4a46143ae4f5566f91cf190201ded815b2ccd243f295ed94e0ad91bd0734babc7c3f2eeb57d43dffff10ded6dfd19cd27b45304dc30083df150c3b880f7f0046a60467b4d57155870258a10000c880ac801fe4af3d0041f0d48f6f0000080548deac270e33429fd311", 0xf5)
sendto$packet(r7, &(0x7f0000000340), 0xfffffffffffffe06, 0x57, 0x0, 0x340)
ioctl$sock_inet_SIOCSIFFLAGS(0xffffffffffffffff, 0x8914, &(0x7f0000000000)={'lo\x00'})

18:50:23 executing program 1:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x8914, &(0x7f0000000200)={'lo\x00@\x00', 0x1801})
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
pipe(&(0x7f00000001c0)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0)
ppoll(0x0, 0x0, &(0x7f0000000140), 0x0, 0x0)
r3 = socket(0x10, 0x802, 0x0)
write(r3, &(0x7f0000000000)="fc0000001c000705ab092506090007000aab08000400000002002593210001c000000000000000000000070000039815fa2c1ec28656aaa79bb9d95662070000bc000c00f0036c6c256f1a272fdf0d11512fd633d640007a01007a8934d07302ade01720d3d5bbc91a3e2e80772c05defd5a32e280fc83ab82f605f70cec18444eb29d3ef3d92c83170e5bba4a46143ae4f5566f91cf190201ded815b2ccd243f295ed94e0ad91bd0734babc7c3f2eeb57d43dffff10ded6dfd19cd27b45304dc30083df150c3b880f7f0046a60467b4d57155870258a10000c880ac801fe4af3d0041f0d48f6f0000080548deac270e33429fd31101350000000000", 0xfc)
setsockopt$inet_mreq(r3, 0x0, 0x527a9f31005bc384, 0x0, 0x35a)
lsetxattr$trusted_overlay_upper(0x0, &(0x7f0000000100)='trusted.overlay.upper\x00', 0x0, 0x0, 0x0)
ioctl$sock_SIOCSPGRP(0xffffffffffffffff, 0x8902, 0x0)
write$P9_RREMOVE(r1, 0x0, 0x102af785ef8793bb)
sendto$inet6(r2, 0x0, 0x0, 0x20000001, &(0x7f0000000040)={0xa, 0x2}, 0x1c)
ioctl$PPPIOCSCOMPRESS(0xffffffffffffffff, 0x4010744d)
splice(0xffffffffffffffff, 0x0, r1, 0x0, 0x1000000000000003, 0x0)
inotify_init1(0x0)
setsockopt$inet6_mtu(0xffffffffffffffff, 0x29, 0x17, 0x0, 0xffffffffffffffbd)
ioctl$EXT4_IOC_MOVE_EXT(0xffffffffffffffff, 0xc028660f, 0x0)
sendmsg$inet(0xffffffffffffffff, 0x0, 0x0)
ioctl$RNDGETENTCNT(0xffffffffffffffff, 0x80045200, 0x0)
pipe(&(0x7f0000000100)={<r4=>0xffffffffffffffff})
r5 = syz_open_dev$video(&(0x7f0000000040)='/dev/video#\x00', 0x8447, 0x0)
ioctl$VIDIOC_S_CTRL(r5, 0xc008561c, &(0x7f0000000140)={0x4000000000980912, 0x8})
vmsplice(r5, &(0x7f0000000080)=[{&(0x7f0000000240)='\n', 0x1}], 0x1, 0x2)
ioctl$TIOCGSID(r4, 0x5429, &(0x7f0000000180)=<r6=>0x0)
perf_event_open(0x0, r6, 0xe, 0xffffffffffffffff, 0x0)
ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000080)='/dev/snapshot\x00', 0x1, 0x0)
r7 = socket(0x10, 0x802, 0x0)
write(r7, &(0x7f0000000000)="fc0000001c000705ab092506090007000aab08000400000002002593210001c000000000000000000000070000039815fa2c1ec28656aaa79bb9d95662070000bc000c00f0036c6c256f1a272fdf0d11512fd633d640007a01007a8934d07302ade01720d3d5bbc91a3e2e80772c05defd5a32e280fc83ab82f605f70cec18444eb29d3ef3d92c83170e5bba4a46143ae4f5566f91cf190201ded815b2ccd243f295ed94e0ad91bd0734babc7c3f2eeb57d43dffff10ded6dfd19cd27b45304dc30083df150c3b880f7f0046a60467b4d57155870258a10000c880ac801fe4af3d0041f0d48f6f0000080548deac270e33429fd311", 0xf5)
sendto$packet(r7, &(0x7f0000000340), 0xfffffffffffffe06, 0x57, 0x0, 0x340)
ioctl$sock_inet_SIOCSIFFLAGS(0xffffffffffffffff, 0x8914, &(0x7f0000000000)={'lo\x00'})

18:50:23 executing program 3:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x8914, &(0x7f0000000200)={'lo\x00@\x00', 0x1801})
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
pipe(&(0x7f00000001c0)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0)
ppoll(0x0, 0x0, &(0x7f0000000140), 0x0, 0x0)
r3 = socket(0x10, 0x802, 0x0)
write(r3, &(0x7f0000000000)="fc0000001c000705ab092506090007000aab08000400000002002593210001c000000000000000000000070000039815fa2c1ec28656aaa79bb9d95662070000bc000c00f0036c6c256f1a272fdf0d11512fd633d640007a01007a8934d07302ade01720d3d5bbc91a3e2e80772c05defd5a32e280fc83ab82f605f70cec18444eb29d3ef3d92c83170e5bba4a46143ae4f5566f91cf190201ded815b2ccd243f295ed94e0ad91bd0734babc7c3f2eeb57d43dffff10ded6dfd19cd27b45304dc30083df150c3b880f7f0046a60467b4d57155870258a10000c880ac801fe4af3d0041f0d48f6f0000080548deac270e33429fd31101350000000000", 0xfc)
setsockopt$inet_mreq(r3, 0x0, 0x527a9f31005bc384, 0x0, 0x35a)
lsetxattr$trusted_overlay_upper(0x0, &(0x7f0000000100)='trusted.overlay.upper\x00', 0x0, 0x0, 0x0)
ioctl$sock_SIOCSPGRP(0xffffffffffffffff, 0x8902, 0x0)
write$P9_RREMOVE(r1, 0x0, 0x102af785ef8793bb)
sendto$inet6(r2, 0x0, 0x0, 0x20000001, &(0x7f0000000040)={0xa, 0x2}, 0x1c)
ioctl$PPPIOCSCOMPRESS(0xffffffffffffffff, 0x4010744d)
splice(0xffffffffffffffff, 0x0, r1, 0x0, 0x1000000000000003, 0x0)
inotify_init1(0x0)
setsockopt$inet6_mtu(0xffffffffffffffff, 0x29, 0x17, 0x0, 0xffffffffffffffbd)
ioctl$EXT4_IOC_MOVE_EXT(0xffffffffffffffff, 0xc028660f, 0x0)
sendmsg$inet(0xffffffffffffffff, 0x0, 0x0)
ioctl$RNDGETENTCNT(0xffffffffffffffff, 0x80045200, 0x0)
pipe(&(0x7f0000000100)={<r4=>0xffffffffffffffff})
r5 = syz_open_dev$video(&(0x7f0000000040)='/dev/video#\x00', 0x8447, 0x0)
ioctl$VIDIOC_S_CTRL(r5, 0xc008561c, &(0x7f0000000140)={0x4000000000980912, 0x8})
vmsplice(r5, &(0x7f0000000080)=[{&(0x7f0000000240)='\n', 0x1}], 0x1, 0x2)
ioctl$TIOCGSID(r4, 0x5429, &(0x7f0000000180)=<r6=>0x0)
perf_event_open(0x0, r6, 0xe, 0xffffffffffffffff, 0x0)
ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000080)='/dev/snapshot\x00', 0x1, 0x0)
r7 = socket(0x10, 0x802, 0x0)
write(r7, &(0x7f0000000000)="fc0000001c000705ab092506090007000aab08000400000002002593210001c000000000000000000000070000039815fa2c1ec28656aaa79bb9d95662070000bc000c00f0036c6c256f1a272fdf0d11512fd633d640007a01007a8934d07302ade01720d3d5bbc91a3e2e80772c05defd5a32e280fc83ab82f605f70cec18444eb29d3ef3d92c83170e5bba4a46143ae4f5566f91cf190201ded815b2ccd243f295ed94e0ad91bd0734babc7c3f2eeb57d43dffff10ded6dfd19cd27b45304dc30083df150c3b880f7f0046a60467b4d57155870258a10000c880ac801fe4af3d0041f0d48f6f0000080548deac270e33429fd311", 0xf5)
sendto$packet(r7, &(0x7f0000000340), 0xfffffffffffffe06, 0x57, 0x0, 0x340)
ioctl$sock_inet_SIOCSIFFLAGS(0xffffffffffffffff, 0x8914, &(0x7f0000000000)={'lo\x00'})

18:50:23 executing program 4:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x8914, &(0x7f0000000200)={'lo\x00@\x00', 0x1801})
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
pipe(&(0x7f00000001c0)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0)
ppoll(0x0, 0x0, &(0x7f0000000140), 0x0, 0x0)
r3 = socket(0x10, 0x802, 0x0)
write(r3, &(0x7f0000000000)="fc0000001c000705ab092506090007000aab08000400000002002593210001c000000000000000000000070000039815fa2c1ec28656aaa79bb9d95662070000bc000c00f0036c6c256f1a272fdf0d11512fd633d640007a01007a8934d07302ade01720d3d5bbc91a3e2e80772c05defd5a32e280fc83ab82f605f70cec18444eb29d3ef3d92c83170e5bba4a46143ae4f5566f91cf190201ded815b2ccd243f295ed94e0ad91bd0734babc7c3f2eeb57d43dffff10ded6dfd19cd27b45304dc30083df150c3b880f7f0046a60467b4d57155870258a10000c880ac801fe4af3d0041f0d48f6f0000080548deac270e33429fd31101350000000000", 0xfc)
setsockopt$inet_mreq(r3, 0x0, 0x527a9f31005bc384, 0x0, 0x35a)
lsetxattr$trusted_overlay_upper(0x0, &(0x7f0000000100)='trusted.overlay.upper\x00', 0x0, 0x0, 0x0)
ioctl$sock_SIOCSPGRP(0xffffffffffffffff, 0x8902, 0x0)
write$P9_RREMOVE(r1, 0x0, 0x102af785ef8793bb)
sendto$inet6(r2, 0x0, 0x0, 0x20000001, &(0x7f0000000040)={0xa, 0x2}, 0x1c)
ioctl$PPPIOCSCOMPRESS(0xffffffffffffffff, 0x4010744d)
splice(0xffffffffffffffff, 0x0, r1, 0x0, 0x1000000000000003, 0x0)
inotify_init1(0x0)
setsockopt$inet6_mtu(0xffffffffffffffff, 0x29, 0x17, 0x0, 0xffffffffffffffbd)
ioctl$EXT4_IOC_MOVE_EXT(0xffffffffffffffff, 0xc028660f, 0x0)
sendmsg$inet(0xffffffffffffffff, 0x0, 0x0)
ioctl$RNDGETENTCNT(0xffffffffffffffff, 0x80045200, 0x0)
pipe(&(0x7f0000000100)={<r4=>0xffffffffffffffff})
r5 = syz_open_dev$video(&(0x7f0000000040)='/dev/video#\x00', 0x8447, 0x0)
ioctl$VIDIOC_S_CTRL(r5, 0xc008561c, &(0x7f0000000140)={0x4000000000980912, 0x8})
vmsplice(r5, &(0x7f0000000080)=[{&(0x7f0000000240)='\n', 0x1}], 0x1, 0x2)
ioctl$TIOCGSID(r4, 0x5429, &(0x7f0000000180)=<r6=>0x0)
perf_event_open(0x0, r6, 0xe, 0xffffffffffffffff, 0x0)
ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000080)='/dev/snapshot\x00', 0x1, 0x0)
r7 = socket(0x10, 0x802, 0x0)
write(r7, &(0x7f0000000000)="fc0000001c000705ab092506090007000aab08000400000002002593210001c000000000000000000000070000039815fa2c1ec28656aaa79bb9d95662070000bc000c00f0036c6c256f1a272fdf0d11512fd633d640007a01007a8934d07302ade01720d3d5bbc91a3e2e80772c05defd5a32e280fc83ab82f605f70cec18444eb29d3ef3d92c83170e5bba4a46143ae4f5566f91cf190201ded815b2ccd243f295ed94e0ad91bd0734babc7c3f2eeb57d43dffff10ded6dfd19cd27b45304dc30083df150c3b880f7f0046a60467b4d57155870258a10000c880ac801fe4af3d0041f0d48f6f0000080548deac270e33429fd311", 0xf5)
sendto$packet(r7, &(0x7f0000000340), 0xfffffffffffffe06, 0x57, 0x0, 0x340)
ioctl$sock_inet_SIOCSIFFLAGS(0xffffffffffffffff, 0x8914, &(0x7f0000000000)={'lo\x00'})

[  112.061021][ T7922] netlink: 'syz-executor.2': attribute type 12 has an invalid length.
[  112.150198][ T7927] netlink: 'syz-executor.5': attribute type 12 has an invalid length.
[  112.231019][ T7933] netlink: 'syz-executor.1': attribute type 12 has an invalid length.
[  112.261535][ T7936] netlink: 'syz-executor.4': attribute type 12 has an invalid length.
[  112.290267][ T7937] netlink: 'syz-executor.3': attribute type 12 has an invalid length.
[  112.378678][ T7939] netlink: 'syz-executor.0': attribute type 12 has an invalid length.
18:50:24 executing program 2:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x8914, &(0x7f0000000200)={'lo\x00@\x00', 0x1801})
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
pipe(&(0x7f00000001c0)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0)
ppoll(0x0, 0x0, &(0x7f0000000140), 0x0, 0x0)
r3 = socket(0x10, 0x802, 0x0)
write(r3, &(0x7f0000000000)="fc0000001c000705ab092506090007000aab08000400000002002593210001c000000000000000000000070000039815fa2c1ec28656aaa79bb9d95662070000bc000c00f0036c6c256f1a272fdf0d11512fd633d640007a01007a8934d07302ade01720d3d5bbc91a3e2e80772c05defd5a32e280fc83ab82f605f70cec18444eb29d3ef3d92c83170e5bba4a46143ae4f5566f91cf190201ded815b2ccd243f295ed94e0ad91bd0734babc7c3f2eeb57d43dffff10ded6dfd19cd27b45304dc30083df150c3b880f7f0046a60467b4d57155870258a10000c880ac801fe4af3d0041f0d48f6f0000080548deac270e33429fd31101350000000000", 0xfc)
setsockopt$inet_mreq(r3, 0x0, 0x527a9f31005bc384, 0x0, 0x35a)
lsetxattr$trusted_overlay_upper(0x0, &(0x7f0000000100)='trusted.overlay.upper\x00', 0x0, 0x0, 0x0)
ioctl$sock_SIOCSPGRP(0xffffffffffffffff, 0x8902, 0x0)
write$P9_RREMOVE(r1, 0x0, 0x102af785ef8793bb)
sendto$inet6(r2, 0x0, 0x0, 0x20000001, &(0x7f0000000040)={0xa, 0x2}, 0x1c)
ioctl$PPPIOCSCOMPRESS(0xffffffffffffffff, 0x4010744d)
splice(0xffffffffffffffff, 0x0, r1, 0x0, 0x1000000000000003, 0x0)
inotify_init1(0x0)
setsockopt$inet6_mtu(0xffffffffffffffff, 0x29, 0x17, 0x0, 0xffffffffffffffbd)
ioctl$EXT4_IOC_MOVE_EXT(0xffffffffffffffff, 0xc028660f, 0x0)
sendmsg$inet(0xffffffffffffffff, 0x0, 0x0)
ioctl$RNDGETENTCNT(0xffffffffffffffff, 0x80045200, 0x0)
pipe(&(0x7f0000000100)={<r4=>0xffffffffffffffff})
r5 = syz_open_dev$video(&(0x7f0000000040)='/dev/video#\x00', 0x8447, 0x0)
ioctl$VIDIOC_S_CTRL(r5, 0xc008561c, &(0x7f0000000140)={0x4000000000980912, 0x8})
vmsplice(r5, &(0x7f0000000080)=[{&(0x7f0000000240)='\n', 0x1}], 0x1, 0x2)
ioctl$TIOCGSID(r4, 0x5429, &(0x7f0000000180)=<r6=>0x0)
perf_event_open(0x0, r6, 0xe, 0xffffffffffffffff, 0x0)
ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000080)='/dev/snapshot\x00', 0x1, 0x0)
r7 = socket(0x10, 0x802, 0x0)
write(r7, &(0x7f0000000000)="fc0000001c000705ab092506090007000aab08000400000002002593210001c000000000000000000000070000039815fa2c1ec28656aaa79bb9d95662070000bc000c00f0036c6c256f1a272fdf0d11512fd633d640007a01007a8934d07302ade01720d3d5bbc91a3e2e80772c05defd5a32e280fc83ab82f605f70cec18444eb29d3ef3d92c83170e5bba4a46143ae4f5566f91cf190201ded815b2ccd243f295ed94e0ad91bd0734babc7c3f2eeb57d43dffff10ded6dfd19cd27b45304dc30083df150c3b880f7f0046a60467b4d57155870258a10000c880ac801fe4af3d0041f0d48f6f0000080548deac270e33429fd311", 0xf5)
sendto$packet(r7, &(0x7f0000000340), 0xfffffffffffffe06, 0x57, 0x0, 0x340)
ioctl$sock_inet_SIOCSIFFLAGS(0xffffffffffffffff, 0x8914, &(0x7f0000000000)={'lo\x00'})

18:50:24 executing program 4:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x8914, &(0x7f0000000200)={'lo\x00@\x00', 0x1801})
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
pipe(&(0x7f00000001c0)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0)
ppoll(0x0, 0x0, &(0x7f0000000140), 0x0, 0x0)
r3 = socket(0x10, 0x802, 0x0)
write(r3, &(0x7f0000000000)="fc0000001c000705ab092506090007000aab08000400000002002593210001c000000000000000000000070000039815fa2c1ec28656aaa79bb9d95662070000bc000c00f0036c6c256f1a272fdf0d11512fd633d640007a01007a8934d07302ade01720d3d5bbc91a3e2e80772c05defd5a32e280fc83ab82f605f70cec18444eb29d3ef3d92c83170e5bba4a46143ae4f5566f91cf190201ded815b2ccd243f295ed94e0ad91bd0734babc7c3f2eeb57d43dffff10ded6dfd19cd27b45304dc30083df150c3b880f7f0046a60467b4d57155870258a10000c880ac801fe4af3d0041f0d48f6f0000080548deac270e33429fd31101350000000000", 0xfc)
setsockopt$inet_mreq(r3, 0x0, 0x527a9f31005bc384, 0x0, 0x35a)
lsetxattr$trusted_overlay_upper(0x0, &(0x7f0000000100)='trusted.overlay.upper\x00', 0x0, 0x0, 0x0)
ioctl$sock_SIOCSPGRP(0xffffffffffffffff, 0x8902, 0x0)
write$P9_RREMOVE(r1, 0x0, 0x102af785ef8793bb)
sendto$inet6(r2, 0x0, 0x0, 0x20000001, &(0x7f0000000040)={0xa, 0x2}, 0x1c)
ioctl$PPPIOCSCOMPRESS(0xffffffffffffffff, 0x4010744d)
splice(0xffffffffffffffff, 0x0, r1, 0x0, 0x1000000000000003, 0x0)
inotify_init1(0x0)
setsockopt$inet6_mtu(0xffffffffffffffff, 0x29, 0x17, 0x0, 0xffffffffffffffbd)
ioctl$EXT4_IOC_MOVE_EXT(0xffffffffffffffff, 0xc028660f, 0x0)
sendmsg$inet(0xffffffffffffffff, 0x0, 0x0)
ioctl$RNDGETENTCNT(0xffffffffffffffff, 0x80045200, 0x0)
pipe(&(0x7f0000000100)={<r4=>0xffffffffffffffff})
r5 = syz_open_dev$video(&(0x7f0000000040)='/dev/video#\x00', 0x8447, 0x0)
ioctl$VIDIOC_S_CTRL(r5, 0xc008561c, &(0x7f0000000140)={0x4000000000980912, 0x8})
vmsplice(r5, &(0x7f0000000080)=[{&(0x7f0000000240)='\n', 0x1}], 0x1, 0x2)
ioctl$TIOCGSID(r4, 0x5429, &(0x7f0000000180)=<r6=>0x0)
perf_event_open(0x0, r6, 0xe, 0xffffffffffffffff, 0x0)
ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000080)='/dev/snapshot\x00', 0x1, 0x0)
r7 = socket(0x10, 0x802, 0x0)
write(r7, &(0x7f0000000000)="fc0000001c000705ab092506090007000aab08000400000002002593210001c000000000000000000000070000039815fa2c1ec28656aaa79bb9d95662070000bc000c00f0036c6c256f1a272fdf0d11512fd633d640007a01007a8934d07302ade01720d3d5bbc91a3e2e80772c05defd5a32e280fc83ab82f605f70cec18444eb29d3ef3d92c83170e5bba4a46143ae4f5566f91cf190201ded815b2ccd243f295ed94e0ad91bd0734babc7c3f2eeb57d43dffff10ded6dfd19cd27b45304dc30083df150c3b880f7f0046a60467b4d57155870258a10000c880ac801fe4af3d0041f0d48f6f0000080548deac270e33429fd311", 0xf5)
sendto$packet(r7, &(0x7f0000000340), 0xfffffffffffffe06, 0x57, 0x0, 0x340)
ioctl$sock_inet_SIOCSIFFLAGS(0xffffffffffffffff, 0x8914, &(0x7f0000000000)={'lo\x00'})

18:50:24 executing program 1:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x8914, &(0x7f0000000200)={'lo\x00@\x00', 0x1801})
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
pipe(&(0x7f00000001c0)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0)
ppoll(0x0, 0x0, &(0x7f0000000140), 0x0, 0x0)
r3 = socket(0x10, 0x802, 0x0)
write(r3, &(0x7f0000000000)="fc0000001c000705ab092506090007000aab08000400000002002593210001c000000000000000000000070000039815fa2c1ec28656aaa79bb9d95662070000bc000c00f0036c6c256f1a272fdf0d11512fd633d640007a01007a8934d07302ade01720d3d5bbc91a3e2e80772c05defd5a32e280fc83ab82f605f70cec18444eb29d3ef3d92c83170e5bba4a46143ae4f5566f91cf190201ded815b2ccd243f295ed94e0ad91bd0734babc7c3f2eeb57d43dffff10ded6dfd19cd27b45304dc30083df150c3b880f7f0046a60467b4d57155870258a10000c880ac801fe4af3d0041f0d48f6f0000080548deac270e33429fd31101350000000000", 0xfc)
setsockopt$inet_mreq(r3, 0x0, 0x527a9f31005bc384, 0x0, 0x35a)
lsetxattr$trusted_overlay_upper(0x0, &(0x7f0000000100)='trusted.overlay.upper\x00', 0x0, 0x0, 0x0)
ioctl$sock_SIOCSPGRP(0xffffffffffffffff, 0x8902, 0x0)
write$P9_RREMOVE(r1, 0x0, 0x102af785ef8793bb)
sendto$inet6(r2, 0x0, 0x0, 0x20000001, &(0x7f0000000040)={0xa, 0x2}, 0x1c)
ioctl$PPPIOCSCOMPRESS(0xffffffffffffffff, 0x4010744d)
splice(0xffffffffffffffff, 0x0, r1, 0x0, 0x1000000000000003, 0x0)
inotify_init1(0x0)
setsockopt$inet6_mtu(0xffffffffffffffff, 0x29, 0x17, 0x0, 0xffffffffffffffbd)
ioctl$EXT4_IOC_MOVE_EXT(0xffffffffffffffff, 0xc028660f, 0x0)
sendmsg$inet(0xffffffffffffffff, 0x0, 0x0)
ioctl$RNDGETENTCNT(0xffffffffffffffff, 0x80045200, 0x0)
pipe(&(0x7f0000000100)={<r4=>0xffffffffffffffff})
r5 = syz_open_dev$video(&(0x7f0000000040)='/dev/video#\x00', 0x8447, 0x0)
ioctl$VIDIOC_S_CTRL(r5, 0xc008561c, &(0x7f0000000140)={0x4000000000980912, 0x8})
vmsplice(r5, &(0x7f0000000080)=[{&(0x7f0000000240)='\n', 0x1}], 0x1, 0x2)
ioctl$TIOCGSID(r4, 0x5429, &(0x7f0000000180)=<r6=>0x0)
perf_event_open(0x0, r6, 0xe, 0xffffffffffffffff, 0x0)
ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000080)='/dev/snapshot\x00', 0x1, 0x0)
r7 = socket(0x10, 0x802, 0x0)
write(r7, &(0x7f0000000000)="fc0000001c000705ab092506090007000aab08000400000002002593210001c000000000000000000000070000039815fa2c1ec28656aaa79bb9d95662070000bc000c00f0036c6c256f1a272fdf0d11512fd633d640007a01007a8934d07302ade01720d3d5bbc91a3e2e80772c05defd5a32e280fc83ab82f605f70cec18444eb29d3ef3d92c83170e5bba4a46143ae4f5566f91cf190201ded815b2ccd243f295ed94e0ad91bd0734babc7c3f2eeb57d43dffff10ded6dfd19cd27b45304dc30083df150c3b880f7f0046a60467b4d57155870258a10000c880ac801fe4af3d0041f0d48f6f0000080548deac270e33429fd311", 0xf5)
sendto$packet(r7, &(0x7f0000000340), 0xfffffffffffffe06, 0x57, 0x0, 0x340)
ioctl$sock_inet_SIOCSIFFLAGS(0xffffffffffffffff, 0x8914, &(0x7f0000000000)={'lo\x00'})

18:50:24 executing program 5:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x8914, &(0x7f0000000200)={'lo\x00@\x00', 0x1801})
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
pipe(&(0x7f00000001c0)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0)
ppoll(0x0, 0x0, &(0x7f0000000140), 0x0, 0x0)
r3 = socket(0x10, 0x802, 0x0)
write(r3, &(0x7f0000000000)="fc0000001c000705ab092506090007000aab08000400000002002593210001c000000000000000000000070000039815fa2c1ec28656aaa79bb9d95662070000bc000c00f0036c6c256f1a272fdf0d11512fd633d640007a01007a8934d07302ade01720d3d5bbc91a3e2e80772c05defd5a32e280fc83ab82f605f70cec18444eb29d3ef3d92c83170e5bba4a46143ae4f5566f91cf190201ded815b2ccd243f295ed94e0ad91bd0734babc7c3f2eeb57d43dffff10ded6dfd19cd27b45304dc30083df150c3b880f7f0046a60467b4d57155870258a10000c880ac801fe4af3d0041f0d48f6f0000080548deac270e33429fd31101350000000000", 0xfc)
setsockopt$inet_mreq(r3, 0x0, 0x527a9f31005bc384, 0x0, 0x35a)
lsetxattr$trusted_overlay_upper(0x0, &(0x7f0000000100)='trusted.overlay.upper\x00', 0x0, 0x0, 0x0)
ioctl$sock_SIOCSPGRP(0xffffffffffffffff, 0x8902, 0x0)
write$P9_RREMOVE(r1, 0x0, 0x102af785ef8793bb)
sendto$inet6(r2, 0x0, 0x0, 0x20000001, &(0x7f0000000040)={0xa, 0x2}, 0x1c)
ioctl$PPPIOCSCOMPRESS(0xffffffffffffffff, 0x4010744d)
splice(0xffffffffffffffff, 0x0, r1, 0x0, 0x1000000000000003, 0x0)
inotify_init1(0x0)
setsockopt$inet6_mtu(0xffffffffffffffff, 0x29, 0x17, 0x0, 0xffffffffffffffbd)
ioctl$EXT4_IOC_MOVE_EXT(0xffffffffffffffff, 0xc028660f, 0x0)
sendmsg$inet(0xffffffffffffffff, 0x0, 0x0)
ioctl$RNDGETENTCNT(0xffffffffffffffff, 0x80045200, 0x0)
pipe(&(0x7f0000000100)={<r4=>0xffffffffffffffff})
r5 = syz_open_dev$video(&(0x7f0000000040)='/dev/video#\x00', 0x8447, 0x0)
ioctl$VIDIOC_S_CTRL(r5, 0xc008561c, &(0x7f0000000140)={0x4000000000980912, 0x8})
vmsplice(r5, &(0x7f0000000080)=[{&(0x7f0000000240)='\n', 0x1}], 0x1, 0x2)
ioctl$TIOCGSID(r4, 0x5429, &(0x7f0000000180)=<r6=>0x0)
perf_event_open(0x0, r6, 0xe, 0xffffffffffffffff, 0x0)
ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000080)='/dev/snapshot\x00', 0x1, 0x0)
r7 = socket(0x10, 0x802, 0x0)
write(r7, &(0x7f0000000000)="fc0000001c000705ab092506090007000aab08000400000002002593210001c000000000000000000000070000039815fa2c1ec28656aaa79bb9d95662070000bc000c00f0036c6c256f1a272fdf0d11512fd633d640007a01007a8934d07302ade01720d3d5bbc91a3e2e80772c05defd5a32e280fc83ab82f605f70cec18444eb29d3ef3d92c83170e5bba4a46143ae4f5566f91cf190201ded815b2ccd243f295ed94e0ad91bd0734babc7c3f2eeb57d43dffff10ded6dfd19cd27b45304dc30083df150c3b880f7f0046a60467b4d57155870258a10000c880ac801fe4af3d0041f0d48f6f0000080548deac270e33429fd311", 0xf5)
sendto$packet(r7, &(0x7f0000000340), 0xfffffffffffffe06, 0x57, 0x0, 0x340)
ioctl$sock_inet_SIOCSIFFLAGS(0xffffffffffffffff, 0x8914, &(0x7f0000000000)={'lo\x00'})

[  112.987445][ T7946] netlink: 'syz-executor.2': attribute type 12 has an invalid length.
18:50:24 executing program 3:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x8914, &(0x7f0000000200)={'lo\x00@\x00', 0x1801})
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
pipe(&(0x7f00000001c0)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0)
ppoll(0x0, 0x0, &(0x7f0000000140), 0x0, 0x0)
r3 = socket(0x10, 0x802, 0x0)
write(r3, &(0x7f0000000000)="fc0000001c000705ab092506090007000aab08000400000002002593210001c000000000000000000000070000039815fa2c1ec28656aaa79bb9d95662070000bc000c00f0036c6c256f1a272fdf0d11512fd633d640007a01007a8934d07302ade01720d3d5bbc91a3e2e80772c05defd5a32e280fc83ab82f605f70cec18444eb29d3ef3d92c83170e5bba4a46143ae4f5566f91cf190201ded815b2ccd243f295ed94e0ad91bd0734babc7c3f2eeb57d43dffff10ded6dfd19cd27b45304dc30083df150c3b880f7f0046a60467b4d57155870258a10000c880ac801fe4af3d0041f0d48f6f0000080548deac270e33429fd31101350000000000", 0xfc)
setsockopt$inet_mreq(r3, 0x0, 0x527a9f31005bc384, 0x0, 0x35a)
lsetxattr$trusted_overlay_upper(0x0, &(0x7f0000000100)='trusted.overlay.upper\x00', 0x0, 0x0, 0x0)
ioctl$sock_SIOCSPGRP(0xffffffffffffffff, 0x8902, 0x0)
write$P9_RREMOVE(r1, 0x0, 0x102af785ef8793bb)
sendto$inet6(r2, 0x0, 0x0, 0x20000001, &(0x7f0000000040)={0xa, 0x2}, 0x1c)
ioctl$PPPIOCSCOMPRESS(0xffffffffffffffff, 0x4010744d)
splice(0xffffffffffffffff, 0x0, r1, 0x0, 0x1000000000000003, 0x0)
inotify_init1(0x0)
setsockopt$inet6_mtu(0xffffffffffffffff, 0x29, 0x17, 0x0, 0xffffffffffffffbd)
ioctl$EXT4_IOC_MOVE_EXT(0xffffffffffffffff, 0xc028660f, 0x0)
sendmsg$inet(0xffffffffffffffff, 0x0, 0x0)
ioctl$RNDGETENTCNT(0xffffffffffffffff, 0x80045200, 0x0)
pipe(&(0x7f0000000100)={<r4=>0xffffffffffffffff})
r5 = syz_open_dev$video(&(0x7f0000000040)='/dev/video#\x00', 0x8447, 0x0)
ioctl$VIDIOC_S_CTRL(r5, 0xc008561c, &(0x7f0000000140)={0x4000000000980912, 0x8})
vmsplice(r5, &(0x7f0000000080)=[{&(0x7f0000000240)='\n', 0x1}], 0x1, 0x2)
ioctl$TIOCGSID(r4, 0x5429, &(0x7f0000000180)=<r6=>0x0)
perf_event_open(0x0, r6, 0xe, 0xffffffffffffffff, 0x0)
ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000080)='/dev/snapshot\x00', 0x1, 0x0)
r7 = socket(0x10, 0x802, 0x0)
write(r7, &(0x7f0000000000)="fc0000001c000705ab092506090007000aab08000400000002002593210001c000000000000000000000070000039815fa2c1ec28656aaa79bb9d95662070000bc000c00f0036c6c256f1a272fdf0d11512fd633d640007a01007a8934d07302ade01720d3d5bbc91a3e2e80772c05defd5a32e280fc83ab82f605f70cec18444eb29d3ef3d92c83170e5bba4a46143ae4f5566f91cf190201ded815b2ccd243f295ed94e0ad91bd0734babc7c3f2eeb57d43dffff10ded6dfd19cd27b45304dc30083df150c3b880f7f0046a60467b4d57155870258a10000c880ac801fe4af3d0041f0d48f6f0000080548deac270e33429fd311", 0xf5)
sendto$packet(r7, &(0x7f0000000340), 0xfffffffffffffe06, 0x57, 0x0, 0x340)
ioctl$sock_inet_SIOCSIFFLAGS(0xffffffffffffffff, 0x8914, &(0x7f0000000000)={'lo\x00'})

18:50:24 executing program 0:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$sock_inet_tcp_SIOCINQ(r0, 0x5413, &(0x7f0000000040))

[  113.201477][ T7953] netlink: 'syz-executor.5': attribute type 12 has an invalid length.
18:50:24 executing program 0:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$sock_inet_tcp_SIOCINQ(r0, 0x5413, &(0x7f0000000040))

18:50:24 executing program 0:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$sock_inet_tcp_SIOCINQ(r0, 0x5413, &(0x7f0000000040))

18:50:24 executing program 0:
openat$ptmx(0xffffffffffffff9c, &(0x7f00003e0000)='/dev/ptmx\x00', 0x0, 0x0)
mbind(&(0x7f0000012000/0xc00000)=nil, 0xc00000, 0x0, 0x0, 0x0, 0x3)
madvise(&(0x7f00000a2000/0x600000)=nil, 0x600000, 0x8)

18:50:25 executing program 0:
openat$ptmx(0xffffffffffffff9c, &(0x7f00003e0000)='/dev/ptmx\x00', 0x0, 0x0)
mbind(&(0x7f0000012000/0xc00000)=nil, 0xc00000, 0x0, 0x0, 0x0, 0x3)
madvise(&(0x7f00000a2000/0x600000)=nil, 0x600000, 0x8)

18:50:25 executing program 5:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x8914, &(0x7f0000000200)={'lo\x00@\x00', 0x1801})
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
pipe(&(0x7f00000001c0)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0)
ppoll(0x0, 0x0, &(0x7f0000000140), 0x0, 0x0)
r3 = socket(0x10, 0x802, 0x0)
write(r3, &(0x7f0000000000)="fc0000001c000705ab092506090007000aab08000400000002002593210001c000000000000000000000070000039815fa2c1ec28656aaa79bb9d95662070000bc000c00f0036c6c256f1a272fdf0d11512fd633d640007a01007a8934d07302ade01720d3d5bbc91a3e2e80772c05defd5a32e280fc83ab82f605f70cec18444eb29d3ef3d92c83170e5bba4a46143ae4f5566f91cf190201ded815b2ccd243f295ed94e0ad91bd0734babc7c3f2eeb57d43dffff10ded6dfd19cd27b45304dc30083df150c3b880f7f0046a60467b4d57155870258a10000c880ac801fe4af3d0041f0d48f6f0000080548deac270e33429fd31101350000000000", 0xfc)
setsockopt$inet_mreq(r3, 0x0, 0x527a9f31005bc384, 0x0, 0x35a)
lsetxattr$trusted_overlay_upper(0x0, &(0x7f0000000100)='trusted.overlay.upper\x00', 0x0, 0x0, 0x0)
ioctl$sock_SIOCSPGRP(0xffffffffffffffff, 0x8902, 0x0)
write$P9_RREMOVE(r1, 0x0, 0x102af785ef8793bb)
sendto$inet6(r2, 0x0, 0x0, 0x20000001, &(0x7f0000000040)={0xa, 0x2}, 0x1c)
ioctl$PPPIOCSCOMPRESS(0xffffffffffffffff, 0x4010744d)
splice(0xffffffffffffffff, 0x0, r1, 0x0, 0x1000000000000003, 0x0)
inotify_init1(0x0)
setsockopt$inet6_mtu(0xffffffffffffffff, 0x29, 0x17, 0x0, 0xffffffffffffffbd)
ioctl$EXT4_IOC_MOVE_EXT(0xffffffffffffffff, 0xc028660f, 0x0)
sendmsg$inet(0xffffffffffffffff, 0x0, 0x0)
ioctl$RNDGETENTCNT(0xffffffffffffffff, 0x80045200, 0x0)
pipe(&(0x7f0000000100)={<r4=>0xffffffffffffffff})
r5 = syz_open_dev$video(&(0x7f0000000040)='/dev/video#\x00', 0x8447, 0x0)
ioctl$VIDIOC_S_CTRL(r5, 0xc008561c, &(0x7f0000000140)={0x4000000000980912, 0x8})
vmsplice(r5, &(0x7f0000000080)=[{&(0x7f0000000240)='\n', 0x1}], 0x1, 0x2)
ioctl$TIOCGSID(r4, 0x5429, &(0x7f0000000180)=<r6=>0x0)
perf_event_open(0x0, r6, 0xe, 0xffffffffffffffff, 0x0)
ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000080)='/dev/snapshot\x00', 0x1, 0x0)
r7 = socket(0x10, 0x802, 0x0)
write(r7, &(0x7f0000000000)="fc0000001c000705ab092506090007000aab08000400000002002593210001c000000000000000000000070000039815fa2c1ec28656aaa79bb9d95662070000bc000c00f0036c6c256f1a272fdf0d11512fd633d640007a01007a8934d07302ade01720d3d5bbc91a3e2e80772c05defd5a32e280fc83ab82f605f70cec18444eb29d3ef3d92c83170e5bba4a46143ae4f5566f91cf190201ded815b2ccd243f295ed94e0ad91bd0734babc7c3f2eeb57d43dffff10ded6dfd19cd27b45304dc30083df150c3b880f7f0046a60467b4d57155870258a10000c880ac801fe4af3d0041f0d48f6f0000080548deac270e33429fd311", 0xf5)
sendto$packet(r7, &(0x7f0000000340), 0xfffffffffffffe06, 0x57, 0x0, 0x340)
ioctl$sock_inet_SIOCSIFFLAGS(0xffffffffffffffff, 0x8914, &(0x7f0000000000)={'lo\x00'})

18:50:25 executing program 2:
openat$ptmx(0xffffffffffffff9c, &(0x7f00003e0000)='/dev/ptmx\x00', 0x0, 0x0)
mbind(&(0x7f0000012000/0xc00000)=nil, 0xc00000, 0x0, 0x0, 0x0, 0x3)
madvise(&(0x7f00000a2000/0x600000)=nil, 0x600000, 0x8)

18:50:25 executing program 3:
openat$ptmx(0xffffffffffffff9c, &(0x7f00003e0000)='/dev/ptmx\x00', 0x0, 0x0)
mbind(&(0x7f0000012000/0xc00000)=nil, 0xc00000, 0x0, 0x0, 0x0, 0x3)
madvise(&(0x7f00000a2000/0x600000)=nil, 0x600000, 0x8)

18:50:25 executing program 4:
r0 = socket$inet6(0xa, 0x6, 0x0)
openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0)
epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e23}, 0x1c)
listen(r0, 0x5eb857)
r1 = socket$inet_dccp(0x2, 0x6, 0x0)
connect$inet(r1, &(0x7f0000000340)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x20}}, 0x10)
r2 = accept4(r0, 0x0, 0x0, 0x0)
sendmmsg(r2, &(0x7f0000000400)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0)
sendmsg$sock(r1, &(0x7f0000000300)={0x0, 0x0, 0x0}, 0x0)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='memory.events\x00', 0x26e1, 0x0)
write$cgroup_int(r3, &(0x7f0000000080), 0x15d4b87)
ioctl$EXT4_IOC_ALLOC_DA_BLKS(r3, 0x660c)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
r5 = dup(r4)
ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='hugetl\x04\x00\x00\x00\x00\x00\x00\x00age_ir_Z\xa2\xf4es\x00', 0x275a, 0x0)
sendmmsg(r2, &(0x7f0000000c00), 0x4000000000001e6, 0x0)

18:50:25 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_IRQFD(r1, 0x4020ae76, &(0x7f0000000040)={0xffffffffffffffff, 0x0, 0x3})

18:50:25 executing program 0:
openat$ptmx(0xffffffffffffff9c, &(0x7f00003e0000)='/dev/ptmx\x00', 0x0, 0x0)
mbind(&(0x7f0000012000/0xc00000)=nil, 0xc00000, 0x0, 0x0, 0x0, 0x3)
madvise(&(0x7f00000a2000/0x600000)=nil, 0x600000, 0x8)

[  114.339725][ T7996] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details.
18:50:25 executing program 3:
openat$ptmx(0xffffffffffffff9c, &(0x7f00003e0000)='/dev/ptmx\x00', 0x0, 0x0)
mbind(&(0x7f0000012000/0xc00000)=nil, 0xc00000, 0x0, 0x0, 0x0, 0x3)
madvise(&(0x7f00000a2000/0x600000)=nil, 0x600000, 0x8)

18:50:25 executing program 2:
openat$ptmx(0xffffffffffffff9c, &(0x7f00003e0000)='/dev/ptmx\x00', 0x0, 0x0)
mbind(&(0x7f0000012000/0xc00000)=nil, 0xc00000, 0x0, 0x0, 0x0, 0x3)
madvise(&(0x7f00000a2000/0x600000)=nil, 0x600000, 0x8)

18:50:25 executing program 0:
openat$ptmx(0xffffffffffffff9c, &(0x7f00003e0000)='/dev/ptmx\x00', 0x0, 0x0)
mbind(&(0x7f0000012000/0xc00000)=nil, 0xc00000, 0x0, 0x0, 0x0, 0x3)
madvise(&(0x7f00000a2000/0x600000)=nil, 0x600000, 0x8)

18:50:26 executing program 3:
openat$ptmx(0xffffffffffffff9c, &(0x7f00003e0000)='/dev/ptmx\x00', 0x0, 0x0)
mbind(&(0x7f0000012000/0xc00000)=nil, 0xc00000, 0x0, 0x0, 0x0, 0x3)
madvise(&(0x7f00000a2000/0x600000)=nil, 0x600000, 0x8)

18:50:26 executing program 2:
openat$ptmx(0xffffffffffffff9c, &(0x7f00003e0000)='/dev/ptmx\x00', 0x0, 0x0)
mbind(&(0x7f0000012000/0xc00000)=nil, 0xc00000, 0x0, 0x0, 0x0, 0x3)
madvise(&(0x7f00000a2000/0x600000)=nil, 0x600000, 0x8)

18:50:26 executing program 0:
syz_open_dev$vbi(0x0, 0x1, 0x2)
r0 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f00000000c0)='ip_vti0\x00', 0x10)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$dlm_monitor(0xffffffffffffff9c, &(0x7f0000000080)='/dev/dlm-monitor\x00', 0xd5c60b10b90e5b1c, 0x0)
connect$inet(r0, &(0x7f0000000100)={0x2, 0x0, @rand_addr=0x7fffffff}, 0x10)
sendmmsg(r0, &(0x7f0000007fc0), 0x400000000000030, 0x0)

18:50:26 executing program 1:
r0 = socket$inet6(0xa, 0x6, 0x0)
openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0)
epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e23}, 0x1c)
listen(r0, 0x5eb857)
r1 = socket$inet_dccp(0x2, 0x6, 0x0)
connect$inet(r1, &(0x7f0000000340)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x20}}, 0x10)
r2 = accept4(r0, 0x0, 0x0, 0x0)
sendmmsg(r2, &(0x7f0000000400)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0)
sendmsg$sock(r1, &(0x7f0000000300)={0x0, 0x0, 0x0}, 0x0)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='memory.events\x00', 0x26e1, 0x0)
write$cgroup_int(r3, &(0x7f0000000080), 0x15d4b87)
ioctl$EXT4_IOC_ALLOC_DA_BLKS(r3, 0x660c)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
r5 = dup(r4)
ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='hugetl\x04\x00\x00\x00\x00\x00\x00\x00age_ir_Z\xa2\xf4es\x00', 0x275a, 0x0)
sendmmsg(r2, &(0x7f0000000c00), 0x4000000000001e6, 0x0)

18:50:26 executing program 3:
r0 = socket$inet6(0xa, 0x6, 0x0)
openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0)
epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e23}, 0x1c)
listen(r0, 0x5eb857)
r1 = socket$inet_dccp(0x2, 0x6, 0x0)
connect$inet(r1, &(0x7f0000000340)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x20}}, 0x10)
r2 = accept4(r0, 0x0, 0x0, 0x0)
sendmmsg(r2, &(0x7f0000000400)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0)
sendmsg$sock(r1, &(0x7f0000000300)={0x0, 0x0, 0x0}, 0x0)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='memory.events\x00', 0x26e1, 0x0)
write$cgroup_int(r3, &(0x7f0000000080), 0x15d4b87)
ioctl$EXT4_IOC_ALLOC_DA_BLKS(r3, 0x660c)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
r5 = dup(r4)
ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='hugetl\x04\x00\x00\x00\x00\x00\x00\x00age_ir_Z\xa2\xf4es\x00', 0x275a, 0x0)
sendmmsg(r2, &(0x7f0000000c00), 0x4000000000001e6, 0x0)

18:50:26 executing program 4:
r0 = socket$inet6(0xa, 0x6, 0x0)
openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0)
epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e23}, 0x1c)
listen(r0, 0x5eb857)
r1 = socket$inet_dccp(0x2, 0x6, 0x0)
connect$inet(r1, &(0x7f0000000340)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x20}}, 0x10)
r2 = accept4(r0, 0x0, 0x0, 0x0)
sendmmsg(r2, &(0x7f0000000400)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0)
sendmsg$sock(r1, &(0x7f0000000300)={0x0, 0x0, 0x0}, 0x0)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='memory.events\x00', 0x26e1, 0x0)
write$cgroup_int(r3, &(0x7f0000000080), 0x15d4b87)
ioctl$EXT4_IOC_ALLOC_DA_BLKS(r3, 0x660c)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
r5 = dup(r4)
ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='hugetl\x04\x00\x00\x00\x00\x00\x00\x00age_ir_Z\xa2\xf4es\x00', 0x275a, 0x0)
sendmmsg(r2, &(0x7f0000000c00), 0x4000000000001e6, 0x0)

18:50:26 executing program 2:
r0 = socket$inet6(0xa, 0x6, 0x0)
openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0)
epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e23}, 0x1c)
listen(r0, 0x5eb857)
r1 = socket$inet_dccp(0x2, 0x6, 0x0)
connect$inet(r1, &(0x7f0000000340)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x20}}, 0x10)
r2 = accept4(r0, 0x0, 0x0, 0x0)
sendmmsg(r2, &(0x7f0000000400)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0)
sendmsg$sock(r1, &(0x7f0000000300)={0x0, 0x0, 0x0}, 0x0)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='memory.events\x00', 0x26e1, 0x0)
write$cgroup_int(r3, &(0x7f0000000080), 0x15d4b87)
ioctl$EXT4_IOC_ALLOC_DA_BLKS(r3, 0x660c)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
r5 = dup(r4)
ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='hugetl\x04\x00\x00\x00\x00\x00\x00\x00age_ir_Z\xa2\xf4es\x00', 0x275a, 0x0)
sendmmsg(r2, &(0x7f0000000c00), 0x4000000000001e6, 0x0)

18:50:26 executing program 5:
r0 = socket$inet6(0xa, 0x6, 0x0)
openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0)
epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e23}, 0x1c)
listen(r0, 0x5eb857)
r1 = socket$inet_dccp(0x2, 0x6, 0x0)
connect$inet(r1, &(0x7f0000000340)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x20}}, 0x10)
r2 = accept4(r0, 0x0, 0x0, 0x0)
sendmmsg(r2, &(0x7f0000000400)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0)
sendmsg$sock(r1, &(0x7f0000000300)={0x0, 0x0, 0x0}, 0x0)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='memory.events\x00', 0x26e1, 0x0)
write$cgroup_int(r3, &(0x7f0000000080), 0x15d4b87)
ioctl$EXT4_IOC_ALLOC_DA_BLKS(r3, 0x660c)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
r5 = dup(r4)
ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='hugetl\x04\x00\x00\x00\x00\x00\x00\x00age_ir_Z\xa2\xf4es\x00', 0x275a, 0x0)
sendmmsg(r2, &(0x7f0000000c00), 0x4000000000001e6, 0x0)

18:50:26 executing program 0:
syz_open_dev$vbi(0x0, 0x1, 0x2)
r0 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f00000000c0)='ip_vti0\x00', 0x10)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$dlm_monitor(0xffffffffffffff9c, &(0x7f0000000080)='/dev/dlm-monitor\x00', 0xd5c60b10b90e5b1c, 0x0)
connect$inet(r0, &(0x7f0000000100)={0x2, 0x0, @rand_addr=0x7fffffff}, 0x10)
sendmmsg(r0, &(0x7f0000007fc0), 0x400000000000030, 0x0)

[  116.020558][ T8024] ==================================================================
[  116.028718][ T8024] BUG: KCSAN: data-race in ext4_nonda_switch / percpu_counter_add_batch
[  116.037041][ T8024] 
[  116.039378][ T8024] write to 0xffff888218774158 of 8 bytes by task 8037 on cpu 0:
[  116.047190][ T8024]  percpu_counter_add_batch+0xca/0x150
[  116.052664][ T8024]  ext4_claim_free_clusters+0x68/0x90
[  116.058049][ T8024]  ext4_da_reserve_space+0x102/0x280
[  116.063349][ T8024]  ext4_da_get_block_prep+0x87f/0xa60
[  116.068730][ T8024]  ext4_block_write_begin+0x33e/0xba0
[  116.074111][ T8024]  ext4_da_write_begin+0x1da/0x7e0
[  116.079232][ T8024]  generic_perform_write+0x136/0x320
[  116.084524][ T8024]  __generic_file_write_iter+0x251/0x380
[  116.090337][ T8024]  ext4_file_write_iter+0x1bd/0xa00
[  116.095553][ T8024]  new_sync_write+0x388/0x4a0
[  116.100246][ T8024]  __vfs_write+0xb1/0xc0
[  116.104506][ T8024]  vfs_write+0x18a/0x390
[  116.108927][ T8024]  ksys_write+0xd5/0x1b0
[  116.113178][ T8024]  __x64_sys_write+0x4c/0x60
[  116.117765][ T8024] 
[  116.120105][ T8024] read to 0xffff888218774158 of 8 bytes by task 8024 on cpu 1:
[  116.127674][ T8024]  ext4_nonda_switch+0x5a/0x140
[  116.132533][ T8024]  ext4_da_write_begin+0xc5/0x7e0
[  116.137572][ T8024]  generic_perform_write+0x136/0x320
[  116.142861][ T8024]  __generic_file_write_iter+0x251/0x380
[  116.148504][ T8024]  ext4_file_write_iter+0x1bd/0xa00
[  116.153823][ T8024]  new_sync_write+0x388/0x4a0
[  116.158505][ T8024]  __vfs_write+0xb1/0xc0
[  116.162752][ T8024]  vfs_write+0x18a/0x390
[  116.167000][ T8024]  ksys_write+0xd5/0x1b0
[  116.171247][ T8024]  __x64_sys_write+0x4c/0x60
[  116.175852][ T8024]  do_syscall_64+0xcc/0x370
[  116.180359][ T8024]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  116.186250][ T8024] 
[  116.188574][ T8024] Reported by Kernel Concurrency Sanitizer on:
[  116.194843][ T8024] CPU: 1 PID: 8024 Comm: syz-executor.3 Not tainted 5.4.0-rc3+ #0
[  116.202647][ T8024] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  116.212850][ T8024] ==================================================================
[  116.220920][ T8024] Kernel panic - not syncing: panic_on_warn set ...
[  116.227518][ T8024] CPU: 1 PID: 8024 Comm: syz-executor.3 Not tainted 5.4.0-rc3+ #0
[  116.235508][ T8024] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  116.245570][ T8024] Call Trace:
[  116.248891][ T8024]  dump_stack+0xf5/0x159
[  116.253151][ T8024]  panic+0x210/0x640
[  116.257064][ T8024]  ? ksys_write+0xd5/0x1b0
[  116.261491][ T8024]  ? vprintk_func+0x8d/0x140
[  116.266094][ T8024]  kcsan_report.cold+0xc/0x10
[  116.270787][ T8024]  __kcsan_setup_watchpoint+0x32e/0x4a0
[  116.276348][ T8024]  __tsan_read8+0x2c/0x30
[  116.280690][ T8024]  ext4_nonda_switch+0x5a/0x140
[  116.285560][ T8024]  ext4_da_write_begin+0xc5/0x7e0
[  116.290736][ T8024]  ? __kcsan_setup_watchpoint+0x6b/0x4a0
[  116.296389][ T8024]  generic_perform_write+0x136/0x320
[  116.301698][ T8024]  __generic_file_write_iter+0x251/0x380
[  116.307352][ T8024]  ext4_file_write_iter+0x1bd/0xa00
[  116.312569][ T8024]  new_sync_write+0x388/0x4a0
[  116.317263][ T8024]  __vfs_write+0xb1/0xc0
[  116.321516][ T8024]  vfs_write+0x18a/0x390
[  116.325775][ T8024]  ksys_write+0xd5/0x1b0
[  116.330035][ T8024]  __x64_sys_write+0x4c/0x60
[  116.334755][ T8024]  do_syscall_64+0xcc/0x370
[  116.339277][ T8024]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  116.345311][ T8024] RIP: 0033:0x459f49
[  116.349227][ T8024] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  116.368844][ T8024] RSP: 002b:00007f81df0e2c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  116.377272][ T8024] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459f49
[  116.385259][ T8024] RDX: 00000000015d4b87 RSI: 0000000020000080 RDI: 0000000000000006
[  116.393381][ T8024] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000
[  116.401365][ T8024] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f81df0e36d4
[  116.409343][ T8024] R13: 00000000004ca630 R14: 00000000004e27a8 R15: 00000000ffffffff
[  116.418926][ T8024] Kernel Offset: disabled
[  116.423465][ T8024] Rebooting in 86400 seconds..